@nordbyte/nordrelay 0.8.0 → 0.8.2

package/dist/{peer-server.js → peers/peer-server.js}

@@ -1,14 +1,15 @@
 import { createServer as createHttpServer } from "node:http";
 import { createServer as createHttpsServer } from "node:https";
 import { URL } from "node:url";
-import { friendlyErrorText } from "./error-messages.js";
+import { friendlyErrorText } from "../core/error-messages.js";
 import { createPairingSignaturePayload, createSharedSecret, ensurePeerTlsFiles, fingerprintForPublicKey, loadOrCreatePeerIdentity, verifyPeerPayload, } from "./peer-identity.js";
 import { header, PeerNonceCache, verifyPeerRequest } from "./peer-auth.js";
+import { checkPeerIdentityEndpoint } from "./peer-client.js";
 import { peerRuntimeContextKey } from "./peer-context.js";
 import { PeerStore } from "./peer-store.js";
 import { PeerRuntimeService, peerError } from "./peer-runtime-service.js";
 import { PEER_PROTOCOL_VERSION, } from "./peer-types.js";
-import { RelayRuntime } from "./relay-runtime.js";
+import { RelayRuntime } from "../runtime/relay-runtime.js";
 export async function startPeerServer(options) {
     const { config, runtime } = options;
     if (!config.peerEnabled) {
@@ -78,7 +79,7 @@ export async function startPeerServer(options) {
             if (req.method === "POST" && url.pathname === "/peer/pair") {
                 const bodyText = await readBody(req, 128 * 1024);
                 const body = parseJson(bodyText);
-                const response = handlePair(body);
+                const response = await handlePair(body);
                 sendJson(res, 201, response);
                 return;
             }
@@ -123,7 +124,7 @@ export async function startPeerServer(options) {
             sendJson(res, status, { error: friendlyErrorText(error) });
         }
     }
-    function handlePair(body) {
+    async function handlePair(body) {
         if (!body?.identity?.nodeId || !body.identity.publicKey || !body.code || !body.signature || !body.timestamp) {
             throw new Error("Invalid peer pairing request.");
         }
@@ -140,17 +141,21 @@ export async function startPeerServer(options) {
         if (!verifyPeerPayload(body.identity.publicKey, signaturePayload, body.signature)) {
             throw new Error("Invalid peer pairing signature.");
         }
+        const publicUrl = body.publicUrl?.trim() || undefined;
+        const publicUrlTlsFingerprint = publicUrl ? await verifyPairingPublicUrl(publicUrl, body.identity) : undefined;
         const invitation = store.consumeInvitation(body.code, body.identity.nodeId);
         const secret = createSharedSecret();
         const peer = store.upsertPeer({
             name: body.name?.trim() || body.identity.name || invitation.name,
-            url: body.publicUrl,
+            group: invitation.group,
+            url: publicUrl,
             nodeId: body.identity.nodeId,
             publicKey: body.identity.publicKey,
             fingerprint: body.identity.fingerprint,
+            tlsFingerprint: publicUrl ? publicUrlTlsFingerprint ?? null : undefined,
             secret,
             enabled: true,
-            direction: body.publicUrl ? "bidirectional" : "inbound",
+            direction: publicUrl ? "bidirectional" : "inbound",
             scopes: invitation.scopes,
             allowedAgents: invitation.allowedAgents,
             allowedWorkspaceRoots: invitation.allowedWorkspaceRoots,
@@ -167,6 +172,18 @@ export async function startPeerServer(options) {
             workspaceAliases: peer.workspaceAliases,
         };
     }
+    async function verifyPairingPublicUrl(publicUrl, expectedIdentity) {
+        const probe = await checkPeerIdentityEndpoint(publicUrl, { timeoutMs: 4_000 });
+        if (!probe.ok || !probe.identity) {
+            throw new Error(`Peer public URL is not reachable or does not expose a valid NordRelay identity: ${probe.detail}`);
+        }
+        if (probe.identity.nodeId !== expectedIdentity.nodeId ||
+            probe.identity.publicKey !== expectedIdentity.publicKey ||
+            probe.identity.fingerprint !== expectedIdentity.fingerprint) {
+            throw new Error("Peer public URL identity does not match the pairing identity.");
+        }
+        return probe.tlsFingerprint;
+    }
     function authenticate(req, method, pathname, body) {
         const peerId = header(req, "x-nordrelay-peer-id");
         const peer = peerId ? store.get(peerId) : null;

package/dist/{peer-store.js → peers/peer-store.js}

@@ -2,13 +2,14 @@ import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypt
 import { mkdirSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
-import { ALL_PERMISSIONS } from "./access-control.js";
-import { AGENT_IDS, isAgentId } from "./agent.js";
-import { readJsonFileWithBackup, writeJsonFileAtomic } from "./persistence.js";
+import { ALL_PERMISSIONS } from "../access/access-control.js";
+import { AGENT_IDS, isAgentId } from "../agents/shared/agent.js";
+import { readJsonFileWithBackup, writeJsonFileAtomic } from "../state/persistence.js";
 import { DEFAULT_PEER_SCOPES, publicInvitation, publicPeer, } from "./peer-types.js";
 const DEFAULT_HOME = path.join(os.homedir(), ".nordrelay");
 const INVITE_CODE_BYTES = 18;
 const MAX_INVITATION_TTL_MS = 24 * 60 * 60 * 1000;
+const MAX_HEALTH_HISTORY = 20;
 export class PeerStore {
     filePath;
     constructor(home = process.env.NORDRELAY_HOME || DEFAULT_HOME) {
@@ -22,6 +23,7 @@ export class PeerStore {
             listenUrl: options.listenUrl,
             requireTls: options.requireTls,
             readiness: options.readiness,
+            groups: listGroups(payload),
             peers: payload.peers.map(publicPeer),
             invitations: payload.invitations.map(publicInvitation),
         };
@@ -44,6 +46,7 @@ export class PeerStore {
         const invitation = {
             id: randomUUID().replace(/-/g, "").slice(0, 12),
             name: options.name?.trim() || "NordRelay peer",
+            group: normalizeGroup(options.group),
             codeHash: hashSecret(code),
             createdAt: now.toISOString(),
             expiresAt: expiresAt.toISOString(),
@@ -88,10 +91,13 @@ export class PeerStore {
             const existing = payload.peers.find((peer) => peer.nodeId === input.nodeId || (input.id && peer.id === input.id));
             if (existing) {
                 existing.name = input.name.trim() || existing.name;
+                existing.group = normalizeGroup(input.group) ?? existing.group;
                 existing.url = input.url ?? existing.url;
                 existing.publicKey = input.publicKey;
                 existing.fingerprint = input.fingerprint;
-                existing.tlsFingerprint = input.tlsFingerprint ?? existing.tlsFingerprint;
+                if (input.tlsFingerprint !== undefined) {
+                    existing.tlsFingerprint = input.tlsFingerprint || undefined;
+                }
                 existing.secret = input.secret;
                 existing.enabled = input.enabled ?? existing.enabled;
                 existing.direction = mergeDirection(existing.direction, input.direction ?? existing.direction);
@@ -107,11 +113,12 @@ export class PeerStore {
             const record = {
                 id: input.id ?? randomUUID().replace(/-/g, "").slice(0, 12),
                 name: input.name.trim() || "NordRelay peer",
+                group: normalizeGroup(input.group),
                 url: input.url,
                 nodeId: input.nodeId,
                 publicKey: input.publicKey,
                 fingerprint: input.fingerprint,
-                tlsFingerprint: input.tlsFingerprint,
+                tlsFingerprint: input.tlsFingerprint || undefined,
                 secret: input.secret,
                 enabled: input.enabled ?? true,
                 direction: input.direction ?? "outbound",
@@ -121,6 +128,7 @@ export class PeerStore {
                 workspaceAliases: normalizeWorkspaceAliases(input.workspaceAliases ?? {}),
                 createdAt: now,
                 updatedAt: now,
+                healthHistory: [],
             };
             payload.peers.push(record);
             next = clonePeer(record);
@@ -139,6 +147,8 @@ export class PeerStore {
             }
             if (patch.name !== undefined)
                 peer.name = patch.name.trim() || peer.name;
+            if (patch.group !== undefined)
+                peer.group = normalizeGroup(patch.group);
             if (patch.url !== undefined)
                 peer.url = patch.url.trim() || undefined;
             if (patch.enabled !== undefined)
@@ -159,18 +169,53 @@ export class PeerStore {
         }
         return next;
     }
+    updatePeerTlsFingerprint(id, tlsFingerprint) {
+        let next = null;
+        this.mutatePayload((payload) => {
+            const peer = payload.peers.find((candidate) => candidate.id === id || candidate.nodeId === id);
+            if (!peer) {
+                throw new Error("Peer not found.");
+            }
+            peer.tlsFingerprint = tlsFingerprint || undefined;
+            peer.updatedAt = new Date().toISOString();
+            next = clonePeer(peer);
+        });
+        if (!next) {
+            throw new Error("Peer not found.");
+        }
+        return next;
+    }
     markSeen(id, patch = {}) {
-        this.patchPeer(id, {
-            lastSeenAt: new Date().toISOString(),
-            lastCheckedAt: new Date().toISOString(),
+        const checkedAt = new Date().toISOString();
+        this.patchPeer(id, (peer) => ({
+            lastSeenAt: checkedAt,
+            lastCheckedAt: checkedAt,
             lastLatencyMs: patch.latencyMs,
             remoteVersion: patch.remoteVersion,
             remoteStatus: patch.remoteStatus ?? "online",
             lastError: undefined,
-        });
+            healthHistory: appendHealthSample(peer.healthHistory, {
+                checkedAt,
+                status: "online",
+                latencyMs: patch.latencyMs,
+                remoteVersion: patch.remoteVersion,
+                remoteStatus: patch.remoteStatus ?? "online",
+            }),
+        }));
     }
     markError(id, error) {
-        this.patchPeer(id, { lastError: error, remoteStatus: "offline", lastCheckedAt: new Date().toISOString(), updatedAt: new Date().toISOString() });
+        const checkedAt = new Date().toISOString();
+        this.patchPeer(id, (peer) => ({
+            lastError: error,
+            remoteStatus: "offline",
+            lastCheckedAt: checkedAt,
+            updatedAt: checkedAt,
+            healthHistory: appendHealthSample(peer.healthHistory, {
+                checkedAt,
+                status: "offline",
+                error,
+            }),
+        }));
     }
     revokePeer(id) {
         let removed = false;
@@ -198,7 +243,7 @@ export class PeerStore {
             const peer = payload.peers.find((candidate) => candidate.id === id || candidate.nodeId === id);
             if (!peer)
                 return;
-            Object.assign(peer, patch);
+            Object.assign(peer, typeof patch === "function" ? patch(peer) : patch);
         });
     }
     mutatePayload(mutator) {
@@ -217,13 +262,16 @@ export class PeerStore {
             version: 1,
             peers: payload.peers.filter(isPeerRecord).map((peer) => ({
                 ...peer,
+                group: normalizeGroup(peer.group),
                 scopes: normalizeScopes(peer.scopes),
                 allowedAgents: normalizeAgents(peer.allowedAgents),
                 allowedWorkspaceRoots: normalizeWorkspaceRoots(peer.allowedWorkspaceRoots),
                 workspaceAliases: normalizeWorkspaceAliases(peer.workspaceAliases ?? {}),
+                healthHistory: normalizeHealthHistory(peer.healthHistory),
             })),
             invitations: payload.invitations.filter(isInvitationRecord).map((invitation) => ({
                 ...invitation,
+                group: normalizeGroup(invitation.group),
                 scopes: normalizeScopes(invitation.scopes),
                 allowedAgents: normalizeAgents(invitation.allowedAgents),
                 allowedWorkspaceRoots: normalizeWorkspaceRoots(invitation.allowedWorkspaceRoots),
@@ -270,6 +318,30 @@ function normalizeWorkspaceAliases(value) {
     }
     return aliases;
 }
+function normalizeGroup(value) {
+    const group = typeof value === "string" ? value.trim() : "";
+    return group ? group.slice(0, 80) : undefined;
+}
+function normalizeHealthHistory(value) {
+    if (!Array.isArray(value)) {
+        return [];
+    }
+    return value
+        .filter((item) => {
+        if (!item || typeof item !== "object" || Array.isArray(item))
+            return false;
+        const record = item;
+        return typeof record.checkedAt === "string" && (record.status === "online" || record.status === "offline");
+    })
+        .slice(-MAX_HEALTH_HISTORY)
+        .map((item) => ({ ...item }));
+}
+function appendHealthSample(history, sample) {
+    return [...normalizeHealthHistory(history), sample].slice(-MAX_HEALTH_HISTORY);
+}
+function listGroups(payload) {
+    return [...new Set(payload.peers.map((peer) => normalizeGroup(peer.group)).filter((group) => Boolean(group)))].sort();
+}
 function clonePeer(peer) {
     return {
         ...peer,
@@ -277,6 +349,7 @@ function clonePeer(peer) {
         allowedAgents: [...peer.allowedAgents],
         allowedWorkspaceRoots: [...peer.allowedWorkspaceRoots],
         workspaceAliases: { ...peer.workspaceAliases },
+        healthHistory: normalizeHealthHistory(peer.healthHistory),
     };
 }
 function mergeDirection(left, right) {

package/dist/{peer-types.js → peers/peer-types.js}

@@ -16,6 +16,7 @@ export function publicPeer(record) {
     return {
         id: record.id,
         name: record.name,
+        group: record.group,
         url: record.url,
         nodeId: record.nodeId,
         fingerprint: record.fingerprint,
@@ -34,12 +35,20 @@ export function publicPeer(record) {
         remoteVersion: record.remoteVersion,
         remoteStatus: record.remoteStatus,
         lastError: record.lastError,
+        healthHistory: record.healthHistory?.map((sample) => ({ ...sample })),
+        effectiveAccess: {
+            scopes: [...record.scopes],
+            allowedAgents: [...record.allowedAgents],
+            allowedWorkspaceRoots: [...record.allowedWorkspaceRoots],
+            workspaceAliases: { ...record.workspaceAliases },
+        },
     };
 }
 export function publicInvitation(record) {
     return {
         id: record.id,
         name: record.name,
+        group: record.group,
         expiresAt: record.expiresAt,
         createdAt: record.createdAt,
         scopes: [...record.scopes],

package/dist/peers/peer-web-proxy-contract.js

@@ -0,0 +1,127 @@
+import { WEB_API_ROUTE_DEFINITIONS } from "../web/web-api-contract.js";
+const LOCAL_ONLY_ROUTE_PATHS = new Set([
+    "/api/auth/me",
+    "/api/dashboard/logout",
+    "/api/permissions",
+    "/api/settings",
+    "/api/settings/wizard/test",
+    "/api/peers",
+    "/api/peers/invite",
+    "/api/peers/pair",
+    "/api/peers/probe",
+    "/api/peers/discover",
+    "/api/peers/discovery-jobs",
+    "/api/peers/discovery-jobs/:id",
+    "/api/peers/discovery-jobs/:id/cancel",
+    "/api/peers/discovery-jobs/:id/log",
+    "/api/peers/identity/backup",
+    "/api/peers/identity/restore",
+    "/api/peers/invitations/:id",
+    "/api/peers/:id",
+    "/api/peers/:id/repin",
+    "/api/peers/:id/health",
+    "/api/peers/:id/proxy",
+    "/api/peers/:id/events",
+    "/api/peers/global-sessions",
+    "/api/users",
+    "/api/users/:id",
+    "/api/users/:id/password",
+    "/api/users/:id/sessions",
+    "/api/users/:id/sessions/:sessionId",
+    "/api/users/:id/telegram",
+    "/api/users/:id/telegram/:identityId",
+    "/api/users/:id/discord",
+    "/api/users/:id/discord/:identityId",
+    "/api/users/:id/slack",
+    "/api/users/:id/slack/:identityId",
+    "/api/groups",
+    "/api/groups/:id",
+    "/api/telegram-chats",
+    "/api/telegram-chats/:id",
+    "/api/discord-channels",
+    "/api/discord-channels/:id",
+    "/api/slack-channels",
+    "/api/slack-channels/:id",
+    "/api/audit",
+]);
+const IMPLEMENTED_ROUTE_PATHS = new Set([
+    "/api/bootstrap",
+    "/api/health",
+    "/api/snapshot",
+    "/api/tasks",
+    "/api/progress",
+    "/api/metrics",
+    "/api/jobs",
+    "/api/jobs/:id/log",
+    "/api/jobs/:id/action",
+    "/api/active-sessions",
+    "/api/version",
+    "/api/update",
+    "/api/agent-updates",
+    "/api/agent-update",
+    "/api/agent-update/:id/log",
+    "/api/agent-update/:id/input",
+    "/api/agent-update/:id/cancel",
+    "/api/adapters/health",
+    "/api/adapters/conformance",
+    "/api/locks",
+    "/api/auth/status",
+    "/api/auth/login",
+    "/api/auth/logout",
+    "/api/control-options",
+    "/api/sessions",
+    "/api/sessions/new",
+    "/api/sessions/switch",
+    "/api/sessions/attach",
+    "/api/sessions/detail",
+    "/api/agent",
+    "/api/models",
+    "/api/session/model",
+    "/api/session/reasoning",
+    "/api/session/fast",
+    "/api/session/launch",
+    "/api/prompt",
+    "/api/prompt/upload",
+    "/api/abort",
+    "/api/stop",
+    "/api/handback",
+    "/api/retry",
+    "/api/sync",
+    "/api/queue",
+    "/api/chat/history",
+    "/api/chat/mirror",
+    "/api/activity",
+    "/api/artifacts",
+    "/api/artifacts/bulk",
+    "/api/artifacts/zip",
+    "/api/artifacts/file",
+    "/api/artifacts/preview",
+    "/api/logs",
+    "/api/logs/clear",
+    "/api/diagnostics",
+    "/api/diagnostics/bundle",
+    "/api/runtime/restart",
+]);
+export function peerProxyCoverage() {
+    const implemented = [];
+    const localOnly = [];
+    const missing = [];
+    for (const route of WEB_API_ROUTE_DEFINITIONS) {
+        for (const method of route.methods) {
+            const key = { method, path: route.path };
+            if (IMPLEMENTED_ROUTE_PATHS.has(route.path)) {
+                implemented.push(key);
+            }
+            else if (LOCAL_ONLY_ROUTE_PATHS.has(route.path)) {
+                localOnly.push(key);
+            }
+            else {
+                missing.push(key);
+            }
+        }
+    }
+    return { implemented, localOnly, missing };
+}
+export function isPeerProxyLocalOnlyPath(path) {
+    return LOCAL_ONLY_ROUTE_PATHS.has(path);
+}

package/dist/{metrics.js → runtime/metrics.js}

@@ -1,7 +1,8 @@
 import { monitorEventLoopDelay } from "node:perf_hooks";
-import { getDiscordRateLimitMetrics } from "./discord-rate-limit.js";
-import { getSlackRateLimitMetrics } from "./slack-rate-limit.js";
-import { getTelegramRateLimitMetrics } from "./telegram-rate-limit.js";
+import { getDiscordRateLimitMetrics } from "../channels/discord/discord-rate-limit.js";
+import { getSlackRateLimitMetrics } from "../channels/slack/slack-rate-limit.js";
+import { getTelegramRateLimitMetrics } from "../channels/telegram/telegram-rate-limit.js";
+import { getWebApiPerformanceMetrics } from "../web/web-performance.js";
 const startedAt = Date.now();
 const eventLoopDelay = monitorEventLoopDelay({ resolution: 20 });
 eventLoopDelay.enable();
@@ -38,6 +39,7 @@ export function buildRuntimeMetrics(input) {
             discord: getDiscordRateLimitMetrics(),
             slack: getSlackRateLimitMetrics(),
         },
+        web: getWebApiPerformanceMetrics(),
     };
 }
 function processMetrics() {

package/dist/{relay-artifact-service.js → runtime/relay-artifact-service.js}

@@ -1,6 +1,6 @@
 import { readFile } from "node:fs/promises";
 import path from "node:path";
-import { collectRecentWorkspaceArtifacts, createArtifactZipBundle, getArtifactTurnReport, listRecentArtifactReports, persistWorkspaceArtifactReport, removeArtifactTurn, totalArtifactSize, } from "./artifacts.js";
+import { collectRecentWorkspaceArtifacts, createArtifactZipBundle, getArtifactTurnReport, listRecentArtifactReports, persistWorkspaceArtifactReport, removeArtifactTurn, totalArtifactSize, } from "../artifacts/artifacts.js";
 const MAX_TEXT_PREVIEW_BYTES = 256 * 1024;
 export class RelayArtifactService {
     config;

package/dist/runtime/relay-auth-service.js

@@ -0,0 +1,63 @@
+import { checkClaudeCodeAuthStatus, startClaudeCodeLogin, startClaudeCodeLogout } from "../agents/claude-code/claude-code-auth.js";
+import { checkAuthStatus, startLogin as startCodexLogin, startLogout as startCodexLogout } from "../agents/codex/codex-auth.js";
+import { checkHermesAuthStatus, startHermesLogin, startHermesLogout } from "../agents/hermes/hermes-auth.js";
+import { checkOpenClawAuthStatus } from "../agents/openclaw/openclaw-auth.js";
+import { checkPiAuthStatus } from "../agents/pi/pi-auth.js";
+export class RelayAuthService {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    async check(info) {
+        if (info.agentId === "pi") {
+            return checkPiAuthStatus(info.model);
+        }
+        if (info.agentId === "hermes") {
+            return checkHermesAuthStatus({
+                baseUrl: this.config.hermesApiBaseUrl,
+                apiKey: this.config.hermesApiKey,
+            });
+        }
+        if (info.agentId === "openclaw") {
+            return checkOpenClawAuthStatus({
+                gatewayUrl: this.config.openClawGatewayUrl,
+                token: this.config.openClawGatewayToken,
+                password: this.config.openClawGatewayPassword,
+            });
+        }
+        if (info.agentId === "claude-code") {
+            return checkClaudeCodeAuthStatus(this.config.claudeCodeCliPath);
+        }
+        return checkAuthStatus(this.config.codexApiKey);
+    }
+    async startLogin(info) {
+        if (info.agentId === "hermes") {
+            return startHermesLogin(this.config.hermesCliPath);
+        }
+        if (info.agentId === "claude-code") {
+            return startClaudeCodeLogin(this.config.claudeCodeCliPath);
+        }
+        if (info.agentId === "codex") {
+            return startCodexLogin();
+        }
+        return {
+            success: false,
+            message: `${info.agentLabel} login is not managed by NordRelay. Run the agent login flow on the host.`,
+        };
+    }
+    async startLogout(info) {
+        if (info.agentId === "hermes") {
+            return startHermesLogout(this.config.hermesCliPath);
+        }
+        if (info.agentId === "claude-code") {
+            return startClaudeCodeLogout(this.config.claudeCodeCliPath);
+        }
+        if (info.agentId === "codex") {
+            return startCodexLogout();
+        }
+        return {
+            success: false,
+            message: `${info.agentLabel} logout is not managed by NordRelay. Run the agent logout flow on the host.`,
+        };
+    }
+}

package/dist/runtime/relay-dashboard-service.js

@@ -0,0 +1,139 @@
+import { enabledAgents } from "../agents/shared/agent-factory.js";
+import { listAgentAdapterDescriptors } from "../agents/shared/agent-adapter.js";
+import { friendlyErrorText } from "../core/error-messages.js";
+import { getAgentDiagnostics } from "../agents/shared/agent-activity.js";
+import { getConnectorHealth, getVersionChecks, readConnectorState } from "../support/operations.js";
+import { collectSlackDiagnostics } from "../channels/slack/slack-diagnostics.js";
+import { getSlackRateLimitMetrics } from "../channels/slack/slack-rate-limit.js";
+import { cliHealthForAgent, versionCheckForAgent } from "./relay-runtime-helpers.js";
+export class RelayDashboardService {
+    options;
+    keys = ["version", "adapterHealth", "diagnostics"];
+    warmTimer;
+    constructor(options) {
+        this.options = options;
+        options.cache.register("version", () => this.produceVersion());
+        options.cache.register("adapterHealth", () => this.produceAdapterHealth());
+        options.cache.register("diagnostics", () => this.produceDiagnostics());
+    }
+    startBackgroundRefresh() {
+        this.options.cache.warm(this.keys);
+        const ttlMs = this.options.config.dashboardCacheTtlMs;
+        if (ttlMs <= 0 || this.warmTimer) {
+            return;
+        }
+        const intervalMs = Math.max(5_000, ttlMs);
+        this.warmTimer = setInterval(() => this.options.cache.warm(this.keys), intervalMs);
+        this.warmTimer.unref?.();
+    }
+    stopBackgroundRefresh() {
+        if (!this.warmTimer) {
+            return;
+        }
+        clearInterval(this.warmTimer);
+        this.warmTimer = undefined;
+    }
+    async version() {
+        return this.cached("version");
+    }
+    async diagnostics() {
+        return this.cached("diagnostics");
+    }
+    async adapterHealth() {
+        return this.cached("adapterHealth");
+    }
+    invalidate(key) {
+        this.options.cache.invalidate(key);
+        if (key) {
+            this.options.cache.warm([key]);
+            return;
+        }
+        this.options.cache.warm(this.keys);
+    }
+    async cached(key) {
+        return (await this.options.cache.get(key, this.options.config.dashboardCacheTtlMs)).value;
+    }
+    async produceVersion() {
+        const cliOptions = this.options.cliPathOptions();
+        const [health, state, versionChecks] = await Promise.all([
+            getConnectorHealth(cliOptions),
+            readConnectorState(),
+            getVersionChecks(cliOptions),
+        ]);
+        return {
+            health,
+            state,
+            versionChecks,
+        };
+    }
+    async produceDiagnostics() {
+        const cliOptions = this.options.cliPathOptions();
+        const [health, versionChecks, snapshot, session] = await Promise.all([
+            getConnectorHealth(cliOptions),
+            getVersionChecks(cliOptions),
+            this.options.snapshot(),
+            this.options.getSession(),
+        ]);
+        return {
+            health,
+            versionChecks,
+            snapshot,
+            runtime: {
+                stateBackend: this.options.config.stateBackend,
+                sourceWorkspace: this.options.config.workspace,
+                queuePaused: this.options.queuePaused(),
+                externalMirror: this.options.externalMirror(),
+                agentDiagnostics: getAgentDiagnostics(session, this.options.config),
+                slackDiagnostics: await collectSlackDiagnostics({
+                    config: this.options.config,
+                    timeoutMs: 2_500,
+                    rateLimit: getSlackRateLimitMetrics(),
+                }),
+            },
+        };
+    }
+    async produceAdapterHealth() {
+        const cliOptions = this.options.cliPathOptions();
+        const [health, versions] = await Promise.all([
+            getConnectorHealth(cliOptions),
+            getVersionChecks(cliOptions),
+        ]);
+        return Promise.all(listAgentAdapterDescriptors().map(async (descriptor) => {
+            const enabled = enabledAgents(this.options.config).includes(descriptor.id);
+            const auth = descriptor.capabilities.auth && enabled
+                ? await this.options.authStatus(descriptor.id).catch((error) => ({
+                    agentId: descriptor.id,
+                    agentLabel: descriptor.label,
+                    supported: descriptor.capabilities.auth,
+                    authenticated: false,
+                    detail: friendlyErrorText(error),
+                    loginSupported: descriptor.capabilities.login,
+                    logoutSupported: descriptor.capabilities.logout,
+                }))
+                : null;
+            const cli = cliHealthForAgent(descriptor.id, health);
+            const version = versionCheckForAgent(descriptor.id, versions);
+            return {
+                id: descriptor.id,
+                label: descriptor.label,
+                enabled,
+                status: descriptor.status === "available" ? (enabled ? "enabled" : "disabled") : "planned",
+                auth: {
+                    supported: descriptor.capabilities.auth,
+                    authenticated: auth ? auth.authenticated : null,
+                    method: auth?.method,
+                    detail: auth?.detail,
+                },
+                cli,
+                version: {
+                    installed: version.installedLabel,
+                    latest: version.latestVersion,
+                    status: version.status,
+                    detail: version.detail,
+                },
+                capabilities: descriptor.capabilities,
+                notes: descriptor.notes,
+            };
+        }));
+    }
+}