npm - @sleep2agi/commhub-server - Versions diffs - 0.5.0-preview.11 → 0.5.0-preview.13 - Mend

@sleep2agi/commhub-server 0.5.0-preview.11 → 0.5.0-preview.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.5.0-preview.11",
+  "version": "0.5.0-preview.13",
   "description": "CommHub MCP Server — AI Agent communication hub with SSE push, MCP protocol, and REST API",
   "type": "module",
   "main": "src/index.ts",

package/src/db.ts CHANGED Viewed

@@ -201,6 +201,26 @@ db.exec(`
   CREATE INDEX IF NOT EXISTS idx_tokens_user ON api_tokens(user_id);
 `);
+// ── V3: audit_log table ──
+db.exec(`
+  CREATE TABLE IF NOT EXISTS audit_log (
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id       TEXT,
+    username      TEXT,
+    action        TEXT NOT NULL,
+    target_type   TEXT,
+    target_id     TEXT,
+    detail        TEXT,
+    ip            TEXT,
+    network_id    TEXT,
+    created_at    TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_audit_created ON audit_log(created_at DESC);
+  CREATE INDEX IF NOT EXISTS idx_audit_user ON audit_log(user_id);
+  CREATE INDEX IF NOT EXISTS idx_audit_network ON audit_log(network_id);
+`);
 // ── V3: add network_id to existing tables ──
 for (const table of ["sessions", "nodes", "tasks", "inbox", "task_events"]) {
   try { db.exec(`ALTER TABLE ${table} ADD COLUMN network_id TEXT`); } catch {}
@@ -230,6 +250,15 @@ export function generateToken(): string {
   return `atok_${crypto.randomUUID().replace(/-/g, "")}`;
 }
+export function logAudit(userId: string | null, username: string | null, action: string, targetType?: string, targetId?: string, detail?: string, ip?: string, networkId?: string) {
+  try {
+    db.run(
+      "INSERT INTO audit_log (user_id, username, action, target_type, target_id, detail, ip, network_id) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)",
+      [userId, username, action, targetType ?? null, targetId ?? null, detail ?? null, ip ?? null, networkId ?? null]
+    );
+  } catch {}
+}
 export function logTaskEvent(taskId: string, fromStatus: string | null, toStatus: string, actor: string, detail?: string) {
   try {
     db.run(

package/src/index.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { z } from "zod/v4";
 import { registerTools } from "./tools.js";
-import { db, logTaskEvent } from "./db.js";
+import { db, logTaskEvent, logAudit } from "./db.js";
 import { createSSEStream, pushEvent, pushBroadcast, getSSEStats } from "./push.js";
 import { register, login, resolveToken, getUserNetworks, createNetwork, type AuthUser } from "./auth.js";
@@ -146,6 +146,7 @@ Bun.serve({
       try {
         const body = await req.json() as any;
         const result = register(body.username, body.password, body.email, body.display_name);
+        if (result.ok) logAudit(result.user!.user_id, body.username, "register", "user", result.user!.user_id);
         return withCors(req, Response.json(result, { status: result.ok ? 200 : 400 }));
       } catch (e: any) {
         return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
@@ -156,6 +157,8 @@ Bun.serve({
       try {
         const body = await req.json() as any;
         const result = login(body.username, body.password);
+        if (result.ok) logAudit(result.user!.user_id, body.username, "login", "user", result.user!.user_id);
+        else logAudit(null, body.username, "login_failed", "user", null, "invalid credentials");
         return withCors(req, Response.json(result, { status: result.ok ? 200 : 401 }));
       } catch (e: any) {
         return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
@@ -274,7 +277,11 @@ Bun.serve({
     if (url.pathname === "/api/status") {
       const cutoff = new Date(Date.now() - 10 * 60 * 1000).toISOString().replace("T", " ").slice(0, 19);
       db.run("UPDATE sessions SET status = 'offline' WHERE updated_at < ?1 AND status != 'offline'", [cutoff]);
-      const sessions = db.query("SELECT * FROM sessions ORDER BY updated_at DESC").all();
+      const netFilter = url.searchParams.get("network_id");
+      const sql = netFilter
+        ? "SELECT * FROM sessions WHERE network_id = ?1 ORDER BY updated_at DESC"
+        : "SELECT * FROM sessions ORDER BY updated_at DESC";
+      const sessions = netFilter ? db.query(sql).all(netFilter) : db.query(sql).all();
       return withCors(req, Response.json({ ok: true, sessions }));
     }
@@ -398,15 +405,18 @@ Bun.serve({
     // ── REST: stats summary ──
     if (url.pathname === "/api/stats") {
-      const taskStats = db.query<any, []>("SELECT status, COUNT(*) as count FROM tasks GROUP BY status").all();
-      const sessionStats = db.query<any, []>("SELECT status, COUNT(*) as count FROM sessions GROUP BY status").all();
-      const totalTasks = db.query<{ cnt: number }, []>("SELECT COUNT(*) as cnt FROM tasks").get();
-      const totalNodes = db.query<{ cnt: number }, []>("SELECT COUNT(*) as cnt FROM nodes").get();
+      const n = url.searchParams.get("network_id");
+      const nw = n ? ` WHERE network_id = '${n}'` : "";
+      const taskStats = db.query<any, []>(`SELECT status, COUNT(*) as count FROM tasks${nw} GROUP BY status`).all();
+      const sessionStats = db.query<any, []>(`SELECT status, COUNT(*) as count FROM sessions${nw} GROUP BY status`).all();
+      const totalTasks = db.query<{ cnt: number }, []>(`SELECT COUNT(*) as cnt FROM tasks${nw}`).get();
+      const totalNodes = db.query<{ cnt: number }, []>(`SELECT COUNT(*) as cnt FROM nodes${nw}`).get();
       const recentTasks = db.query<any, []>(
-        "SELECT task_id, from_name, to_name, status, created_at FROM tasks ORDER BY created_at DESC LIMIT 5"
+        `SELECT task_id, from_name, to_name, status, created_at FROM tasks${nw} ORDER BY created_at DESC LIMIT 5`
       ).all();
       return withCors(req, Response.json({
         ok: true,
+        network_id: n || null,
         tasks: { total: totalTasks?.cnt || 0, by_status: taskStats },
         sessions: { by_status: sessionStats },
         nodes: { total: totalNodes?.cnt || 0 },
@@ -414,6 +424,27 @@ Bun.serve({
       }));
     }
+    // ── REST: audit log (V3) ──
+    if (url.pathname === "/api/audit-log") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "") || url.searchParams.get("token");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      const limit = Math.min(Number(url.searchParams.get("limit")) || 50, 200);
+      const action = url.searchParams.get("action");
+      const userId = url.searchParams.get("user_id");
+      let sql = "SELECT * FROM audit_log WHERE 1=1";
+      const params: any[] = [];
+      // Non-admin can only see own logs
+      if (resolved.user.role !== "admin") { sql += ` AND user_id = ?${params.length + 1}`; params.push(resolved.user.user_id); }
+      if (action) { sql += ` AND action = ?${params.length + 1}`; params.push(action); }
+      if (userId && resolved.user.role === "admin") { sql += ` AND user_id = ?${params.length + 1}`; params.push(userId); }
+      sql += ` ORDER BY created_at DESC LIMIT ?${params.length + 1}`;
+      params.push(limit);
+      const logs = db.query(sql).all(...params);
+      return withCors(req, Response.json({ ok: true, logs, count: logs.length }));
+    }
     // ── REST: task events (V2 Sprint 2) ──
     if (url.pathname === "/api/task_events") {
       const taskId = url.searchParams.get("task_id");
@@ -431,8 +462,10 @@ Bun.serve({
     if (url.pathname === "/api/nodes") {
       const nodeId = url.searchParams.get("node_id");
       const alias = url.searchParams.get("alias");
+      const netFilter = url.searchParams.get("network_id");
       let sql = "SELECT * FROM nodes WHERE 1=1";
       const params: any[] = [];
+      if (netFilter) { sql += ` AND network_id = ?${params.length + 1}`; params.push(netFilter); }
       if (nodeId) { sql += ` AND node_id = ?${params.length + 1}`; params.push(nodeId); }
       if (alias) { sql += ` AND alias = ?${params.length + 1}`; params.push(alias); }
       sql += " ORDER BY updated_at DESC";
@@ -446,10 +479,12 @@ Bun.serve({
       const status = url.searchParams.get("status");
       const toName = url.searchParams.get("to_name");
       const fromName = url.searchParams.get("from_name");
+      const netFilter = url.searchParams.get("network_id");
       const limit = Math.min(Number(url.searchParams.get("limit")) || 50, 200);
       let sql = "SELECT * FROM tasks WHERE 1=1";
       const params: any[] = [];
+      if (netFilter) { sql += ` AND network_id = ?${params.length + 1}`; params.push(netFilter); }
       if (taskId) { sql += ` AND task_id = ?${params.length + 1}`; params.push(taskId); }
       if (status) { sql += ` AND status = ?${params.length + 1}`; params.push(status); }
       if (toName) { sql += ` AND to_name = ?${params.length + 1}`; params.push(toName); }
@@ -458,7 +493,8 @@ Bun.serve({
       params.push(limit);
       const rows = db.query(sql).all(...params);
-      const stats = db.query<any, []>("SELECT status, COUNT(*) as count FROM tasks GROUP BY status").all();
+      const statsFilter = netFilter ? ` WHERE network_id = '${netFilter}'` : "";
+      const stats = db.query<any, []>(`SELECT status, COUNT(*) as count FROM tasks${statsFilter} GROUP BY status`).all();
       return withCors(req, Response.json({ ok: true, tasks: rows, count: rows.length, stats }));
     }