@plosson/agentio 0.4.4 → 0.5.2

package/src/gateway/daemon.ts

@@ -1,10 +1,8 @@
 import { join } from 'path';
-import { readFile, writeFile, unlink } from 'fs/promises';
-import { existsSync, openSync, closeSync, constants } from 'fs';
-import { spawn } from 'child_process';
-import type { ServiceName } from '../types/config';
-import type { GatewayConfig, DaemonState, DEFAULT_GATEWAY_CONFIG } from './types';
-import { CONFIG_DIR, loadConfig } from '../config/config-manager';
+import { randomBytes } from 'crypto';
+import type { ServiceName, Config } from '../types/config';
+import type { GatewayConfig } from './types';
+import { CONFIG_DIR, loadConfig, saveConfig } from '../config/config-manager';
 import { getCredentials } from '../auth/token-store';
 import { initDatabase, closeDatabase, insertInboxMessage, inboxMessageExists, getPendingOutboxMessages, updateOutboxStatus, cleanupInbox, cleanupOutbox } from './store';
 import { startApiServer, stopApiServer } from './api';
@@ -15,10 +13,8 @@ import { WhatsAppAdapter } from './adapters/whatsapp';
 import type { TelegramCredentials } from '../types/telegram';
 import type { WhatsAppCredentials } from '../types/whatsapp';
 
-const PID_FILE = join(CONFIG_DIR, 'gateway.pid');
 const LOG_FILE = join(CONFIG_DIR, 'gateway.log');
 
-let isRunning = false;
 let shutdownRequested = false;
 let adapters: Map<ServiceName, ServiceAdapter> = new Map();
 let outboxInterval: ReturnType<typeof setInterval> | null = null;
@@ -32,46 +28,6 @@ export async function getGatewayConfig(): Promise<GatewayConfig> {
   return (config as unknown as { gateway?: GatewayConfig }).gateway ?? {};
 }
 
-/**
- * Check if daemon is running
- */
-export async function isDaemonRunning(): Promise<{ running: boolean; pid?: number }> {
-  if (!existsSync(PID_FILE)) {
-    return { running: false };
-  }
-
-  try {
-    const pidStr = await readFile(PID_FILE, 'utf-8');
-    const pid = parseInt(pidStr.trim(), 10);
-
-    // Check if process is still running
-    try {
-      process.kill(pid, 0); // Doesn't kill, just checks
-      return { running: true, pid };
-    } catch {
-      // Process not running, clean up stale PID file
-      await unlink(PID_FILE).catch(() => {});
-      return { running: false };
-    }
-  } catch {
-    return { running: false };
-  }
-}
-
-/**
- * Write PID file
- */
-async function writePidFile(): Promise<void> {
-  await writeFile(PID_FILE, process.pid.toString(), { mode: 0o600 });
-}
-
-/**
- * Remove PID file
- */
-async function removePidFile(): Promise<void> {
-  await unlink(PID_FILE).catch(() => {});
-}
-
 /**
  * Handle inbound message from adapter
  */
@@ -191,16 +147,17 @@ async function initializeAdapters(): Promise<void> {
       handleInboundMessage('telegram', profile, message);
     };
 
-    for (const profile of telegramProfiles) {
+    for (const entry of telegramProfiles) {
+      const profileName = typeof entry === 'string' ? entry : entry.name;
       try {
-        const credentials = await getCredentials<TelegramCredentials>('telegram', profile);
+        const credentials = await getCredentials<TelegramCredentials>('telegram', profileName);
         if (credentials) {
-          await telegramAdapter.connect(profile, credentials);
+          await telegramAdapter.connect(profileName, credentials);
         } else {
-          console.error(`[telegram] No credentials for profile: ${profile}`);
+          console.error(`[telegram] No credentials for profile: ${profileName}`);
         }
       } catch (error) {
-        console.error(`[telegram] Failed to connect ${profile}:`, error instanceof Error ? error.message : error);
+        console.error(`[telegram] Failed to connect ${profileName}:`, error instanceof Error ? error.message : error);
       }
     }
 
@@ -215,16 +172,17 @@ async function initializeAdapters(): Promise<void> {
       handleInboundMessage('whatsapp', profile, message);
     };
 
-    for (const profile of whatsappProfiles) {
+    for (const entry of whatsappProfiles) {
+      const profileName = typeof entry === 'string' ? entry : entry.name;
       try {
-        const credentials = await getCredentials<WhatsAppCredentials>('whatsapp', profile);
+        const credentials = await getCredentials<WhatsAppCredentials>('whatsapp', profileName);
         if (credentials) {
-          await whatsappAdapter.connect(profile, credentials);
+          await whatsappAdapter.connect(profileName, credentials);
         } else {
-          console.error(`[whatsapp] No credentials for profile: ${profile}`);
+          console.error(`[whatsapp] No credentials for profile: ${profileName}`);
         }
       } catch (error) {
-        console.error(`[whatsapp] Failed to connect ${profile}:`, error instanceof Error ? error.message : error);
+        console.error(`[whatsapp] Failed to connect ${profileName}:`, error instanceof Error ? error.message : error);
       }
     }
 
@@ -248,52 +206,10 @@ async function shutdownAdapters(): Promise<void> {
 }
 
 /**
- * Start the gateway daemon
+ * Start the gateway server (runs in foreground, managed by systemd)
  */
-export async function startDaemon(options: { foreground?: boolean } = {}): Promise<void> {
-  // Check if already running
-  const status = await isDaemonRunning();
-  if (status.running) {
-    throw new Error(`Gateway already running (PID ${status.pid})`);
-  }
-
-  if (!options.foreground) {
-    // Fork to background
-    // Find the script path from argv or use import.meta to get current file location
-    let scriptPath: string;
-
-    // import.meta.path gives us the current file path, navigate to index.ts
-    const currentFile = import.meta.path || import.meta.url.replace('file://', '');
-    const srcDir = join(currentFile, '..', '..');
-    scriptPath = join(srcDir, 'index.ts');
-
-    // Verify the path exists, fallback to cwd-based path
-    if (!existsSync(scriptPath)) {
-      scriptPath = join(process.cwd(), 'src', 'index.ts');
-    }
-
-    // Open log file for appending - child writes directly to file
-    const logFd = openSync(LOG_FILE, constants.O_WRONLY | constants.O_CREAT | constants.O_APPEND, 0o644);
-
-    const child = spawn(process.execPath, [scriptPath, 'gateway', 'start', '--foreground'], {
-      detached: true,
-      stdio: ['ignore', logFd, logFd],
-      env: process.env,
-    });
-
-    child.unref();
-
-    // Close the fd in parent - child has its own copy
-    closeSync(logFd);
-
-    console.log(`Gateway started in background (PID ${child.pid})`);
-    console.log(`Logs: ${LOG_FILE}`);
-    return;
-  }
-
-  // Running in foreground
-  isRunning = true;
-  console.log(`Gateway starting (PID ${process.pid})`);
+export async function startGateway(): Promise<void> {
+  console.log(`agentio-gateway starting (PID ${process.pid})`);
 
   // Handle shutdown signals
   const shutdown = async (signal: string) => {
@@ -319,9 +235,6 @@ export async function startDaemon(options: { foreground?: boolean } = {}): Promi
     // Close database
     closeDatabase();
 
-    // Remove PID file
-    await removePidFile();
-
     console.log('Gateway stopped');
     process.exit(0);
   };
@@ -330,11 +243,20 @@ export async function startDaemon(options: { foreground?: boolean } = {}): Promi
   process.on('SIGTERM', () => shutdown('SIGTERM'));
 
   try {
-    // Write PID file
-    await writePidFile();
-
-    // Load config
-    const gatewayConfig = await getGatewayConfig();
+    // Load config and auto-generate API key on first run
+    const config = await loadConfig() as Config;
+    let gatewayConfig = config.gateway ?? {};
+
+    if (!gatewayConfig.apiKey) {
+      const generatedKey = `gw_${randomBytes(24).toString('base64url')}`;
+      gatewayConfig = {
+        ...gatewayConfig,
+        apiKey: generatedKey,
+      };
+      config.gateway = gatewayConfig;
+      await saveConfig(config);
+      console.log(`First run - generated API key: ${generatedKey}`);
+    }
 
     // Initialize database
     await initDatabase();
@@ -350,7 +272,7 @@ export async function startDaemon(options: { foreground?: boolean } = {}): Promi
     await initializeAdapters();
 
     // Start API server
-    startApiServer(gatewayConfig.api, adapters);
+    startApiServer(gatewayConfig, adapters);
 
     // Start outbox processor (every 2 seconds)
     outboxInterval = setInterval(processOutbox, 2000);
@@ -364,98 +286,8 @@ export async function startDaemon(options: { foreground?: boolean } = {}): Promi
     await new Promise(() => {}); // Wait forever
   } catch (error) {
     console.error('Gateway error:', error instanceof Error ? error.message : error);
-    await removePidFile();
     process.exit(1);
   }
 }
 
-/**
- * Stop the gateway daemon
- */
-export async function stopDaemon(): Promise<void> {
-  const status = await isDaemonRunning();
-  if (!status.running || !status.pid) {
-    console.log('Gateway is not running');
-    return;
-  }
-
-  try {
-    process.kill(status.pid, 'SIGTERM');
-    console.log(`Sent SIGTERM to gateway (PID ${status.pid})`);
-
-    // Wait for process to stop
-    for (let i = 0; i < 30; i++) {
-      await new Promise((resolve) => setTimeout(resolve, 100));
-      try {
-        process.kill(status.pid, 0);
-      } catch {
-        console.log('Gateway stopped');
-        return;
-      }
-    }
-
-    // Force kill if still running
-    try {
-      process.kill(status.pid, 'SIGKILL');
-      console.log('Gateway force killed');
-    } catch {
-      console.log('Gateway stopped');
-    }
-  } catch (error) {
-    console.error('Failed to stop gateway:', error instanceof Error ? error.message : error);
-  }
-}
-
-/**
- * Get daemon status
- */
-export async function getDaemonStatus(): Promise<{
-  running: boolean;
-  pid?: number;
-  adapters?: { service: string; profile: string; connected: boolean }[];
-}> {
-  const status = await isDaemonRunning();
-  if (!status.running) {
-    return { running: false };
-  }
-
-  // Try to get status from API
-  const gatewayConfig = await getGatewayConfig();
-  const port = gatewayConfig.api?.port ?? 7890;
-  const host = gatewayConfig.api?.host ?? '127.0.0.1';
-
-  try {
-    const response = await fetch(`http://${host}:${port}/status`, {
-      headers: gatewayConfig.api?.secret ? { Authorization: `Bearer ${gatewayConfig.api.secret}` } : {},
-    });
-
-    if (response.ok) {
-      const data = await response.json() as { adapters: { service: string; profile: string; connected: boolean }[] };
-      return {
-        running: true,
-        pid: status.pid,
-        adapters: data.adapters,
-      };
-    }
-  } catch {
-    // API not responding, but process exists
-  }
-
-  return { running: true, pid: status.pid };
-}
-
-/**
- * Reload daemon configuration
- */
-export async function reloadDaemon(): Promise<void> {
-  const status = await isDaemonRunning();
-  if (!status.running || !status.pid) {
-    throw new Error('Gateway is not running');
-  }
-
-  // Send SIGHUP to trigger reload
-  process.kill(status.pid, 'SIGHUP');
-  console.log(`Sent reload signal to gateway (PID ${status.pid})`);
-}
-
-export { PID_FILE, LOG_FILE };
+export { LOG_FILE };

package/src/gateway/types.ts

@@ -59,11 +59,11 @@ export type OutboxStatus = 'pending' | 'sending' | 'sent' | 'failed';
 
 export const DEFAULT_GATEWAY_CONFIG: Required<GatewayConfig> = {
   name: '',
-  secret: '',
-  api: {
+  apiUrl: '',
+  apiKey: '',
+  server: {
     port: 7890,
-    host: '127.0.0.1',
-    secret: '',
+    host: '0.0.0.0',  // Bind to all interfaces by default for server
   },
   webhook: {
     url: '',

package/src/services/gdrive/client.ts

@@ -132,15 +132,25 @@ export class GDriveClient implements ServiceClient {
       }
 
       const q = queryParts.join(' and ') || undefined;
-
-      const response = await this.drive.files.list({
-        pageSize: Math.min(limit, 100),
-        q,
-        fields: 'files(id,name,mimeType,size,createdTime,modifiedTime,owners,parents,webViewLink,webContentLink,starred,trashed,shared,description)',
-        orderBy,
-      });
-
-      return (response.data.files || []).map(this.parseFile);
+      const allFiles: GDriveFile[] = [];
+      let pageToken: string | undefined;
+
+      // Paginate through results until we have enough or no more pages
+      do {
+        const response = await this.drive.files.list({
+          pageSize: Math.min(limit - allFiles.length, 100),
+          pageToken,
+          q,
+          fields: 'nextPageToken,files(id,name,mimeType,size,createdTime,modifiedTime,owners,parents,webViewLink,webContentLink,starred,trashed,shared,description)',
+          orderBy,
+        });
+
+        const files = (response.data.files || []).map(this.parseFile);
+        allFiles.push(...files);
+        pageToken = response.data.nextPageToken || undefined;
+      } while (pageToken && allFiles.length < limit);
+
+      return allFiles.slice(0, limit);
     } catch (err) {
       this.throwApiError(err, 'list files');
     }

package/src/types/config.ts

@@ -1,7 +1,7 @@
-export interface GatewayApiConfig {
-  port?: number;
-  host?: string;
-  secret?: string;
+export interface GatewayServerConfig {
+  // Server binding (for running a gateway daemon)
+  port?: number;          // Port to bind (default: 7890)
+  host?: string;          // Host to bind (default: 0.0.0.0 for server)
 }
 
 export interface GatewayWebhookConfig {
@@ -21,30 +21,39 @@ export interface GatewayRetentionConfig {
 }
 
 export interface GatewayConfig {
-  name?: string;           // Gateway identity name
-  secret?: string;         // Shared secret for API auth and teleport
-  api?: GatewayApiConfig;
+  name?: string;           // Gateway identity name (for local server identification)
+  apiUrl?: string;         // Gateway URL (e.g., "https://gateway.example.com:7890")
+  apiKey?: string;         // API key for authentication
+  server?: GatewayServerConfig;  // Server binding settings (for running daemon)
   webhook?: GatewayWebhookConfig;
   media?: GatewayMediaConfig;
   retention?: GatewayRetentionConfig;
 }
 
+export interface ProfileEntry {
+  name: string;
+  readOnly?: boolean;
+}
+
+// Helper type for backward compatibility during migration
+export type ProfileValue = string | ProfileEntry;
+
 export interface Config {
   profiles: {
-    gdocs?: string[];
-    gdrive?: string[];
-    gmail?: string[];
-    gcal?: string[];
-    gtasks?: string[];
-    gchat?: string[];
-    gsheets?: string[];
-    github?: string[];
-    jira?: string[];
-    slack?: string[];
-    telegram?: string[];
-    whatsapp?: string[];
-    discourse?: string[];
-    sql?: string[];
+    gdocs?: ProfileValue[];
+    gdrive?: ProfileValue[];
+    gmail?: ProfileValue[];
+    gcal?: ProfileValue[];
+    gtasks?: ProfileValue[];
+    gchat?: ProfileValue[];
+    gsheets?: ProfileValue[];
+    github?: ProfileValue[];
+    jira?: ProfileValue[];
+    slack?: ProfileValue[];
+    telegram?: ProfileValue[];
+    whatsapp?: ProfileValue[];
+    discourse?: ProfileValue[];
+    sql?: ProfileValue[];
   };
   env?: Record<string, string>;
   gateway?: GatewayConfig;

package/src/utils/output.ts

@@ -515,22 +515,15 @@ export function printGDriveFileList(files: GDriveFile[], title: string = 'Files'
 
   console.log(`${title} (${files.length})\n`);
 
-  for (let i = 0; i < files.length; i++) {
-    const file = files[i];
+  for (const file of files) {
     const isFolder = file.mimeType === 'application/vnd.google-apps.folder';
-    const typeIndicator = isFolder ? '[folder]' : `[${getShortMimeType(file.mimeType)}]`;
-    const flags: string[] = [];
-    if (file.starred) flags.push('*');
-    if (file.shared) flags.push('shared');
-    const flagStr = flags.length > 0 ? ` (${flags.join(', ')})` : '';
-
-    console.log(`[${i + 1}] ${file.name} ${typeIndicator}${flagStr}`);
-    console.log(`    ID: ${file.id}`);
-    if (file.size) console.log(`    Size: ${formatBytes(file.size)}`);
-    if (file.owners?.length) console.log(`    Owner: ${file.owners[0]}`);
-    if (file.modifiedTime) console.log(`    Modified: ${file.modifiedTime}`);
-    if (file.webViewLink) console.log(`    Link: ${file.webViewLink}`);
-    console.log('');
+    const type = getShortMimeType(file.mimeType).padEnd(7);
+    const size = file.size ? formatBytes(file.size).padStart(8) : '       -';
+    const date = file.modifiedTime ? file.modifiedTime.slice(0, 10) : '          ';
+    const flags = (file.starred ? '*' : '') + (file.shared ? '⇄' : '');
+    const name = isFolder ? `${file.name}/` : file.name;
+    console.log(`${type} ${size}  ${date}  ${flags.padEnd(2)} ${name}`);
+    console.log(`  ${file.id}`);
   }
 }
 

package/src/utils/profile-commands.ts

@@ -1,7 +1,7 @@
 import { Command } from 'commander';
-import { listProfiles, removeProfile } from '../config/config-manager';
+import { listProfiles, removeProfile, setProfileReadOnly } from '../config/config-manager';
 import { removeCredentials, getCredentials } from '../auth/token-store';
-import { handleError } from './errors';
+import { handleError, CliError } from './errors';
 import type { ServiceName } from '../types/config';
 
 export interface ProfileCommandsOptions<T> {
@@ -31,10 +31,11 @@ export function createProfileCommands<T>(
         if (profiles.length === 0) {
           console.log('No profiles configured');
         } else {
-          for (const name of profiles) {
-            const credentials = await getCredentials<T>(service, name);
+          for (const entry of profiles) {
+            const credentials = await getCredentials<T>(service, entry.name);
             const extraInfo = getExtraInfo ? getExtraInfo(credentials) : '';
-            console.log(`${name}${extraInfo}`);
+            const readOnlyIndicator = entry.readOnly ? ' [read-only]' : '';
+            console.log(`${entry.name}${readOnlyIndicator}${extraInfo}`);
           }
         }
       } catch (error) {
@@ -42,6 +43,36 @@ export function createProfileCommands<T>(
       }
     });
 
+  profile
+    .command('update')
+    .description(`Update a ${displayName} profile`)
+    .requiredOption('--profile <name>', 'Profile name')
+    .option('--read-only', 'Set profile as read-only')
+    .option('--no-read-only', 'Remove read-only restriction')
+    .action(async (opts) => {
+      try {
+        const profileName = opts.profile;
+
+        // Check if read-only flag is explicitly set or unset
+        if (opts.readOnly === undefined) {
+          throw new CliError('INVALID_PARAMS', 'No update specified', 'Use --read-only or --no-read-only');
+        }
+
+        const updated = await setProfileReadOnly(service, profileName, opts.readOnly);
+        if (!updated) {
+          throw new CliError('PROFILE_NOT_FOUND', `Profile "${profileName}" not found`);
+        }
+
+        if (opts.readOnly) {
+          console.log(`Profile "${profileName}" is now read-only`);
+        } else {
+          console.log(`Profile "${profileName}" read-only restriction removed`);
+        }
+      } catch (error) {
+        handleError(error);
+      }
+    });
+
   profile
     .command('remove')
     .description(`Remove a ${displayName} profile`)

package/src/utils/read-only.ts

@@ -0,0 +1,22 @@
+import { CliError } from './errors';
+import { isProfileReadOnly } from '../config/config-manager';
+import type { ServiceName } from '../types/config';
+
+/**
+ * Enforce that a profile has write access for a given operation.
+ * Throws a CliError if the profile is read-only.
+ */
+export async function enforceWriteAccess(
+  service: ServiceName,
+  profile: string,
+  operation: string
+): Promise<void> {
+  const readOnly = await isProfileReadOnly(service, profile);
+  if (readOnly) {
+    throw new CliError(
+      'PERMISSION_DENIED',
+      `Cannot ${operation}: profile "${profile}" is read-only`,
+      `To modify this profile's access: agentio ${service} profile update --profile ${profile} --no-read-only`
+    );
+  }
+}