@sleep2agi/commhub-server 0.8.0 → 0.8.1-preview.1

package/README.md

@@ -1,8 +1,8 @@
 # @sleep2agi/commhub-server
 
-CommHub: MCP Streamable HTTP + SSE push + REST API for an AI agent network. Single-process Bun server, SQLite-backed, zero config.
+CommHub: MCP Streamable HTTP + SSE push + REST API for an AI agent network. Single-process Bun server, SQLite-backed, zero config when launched through `anet`.
 
-The supported path is to install the `anet` CLI (`@sleep2agi/agent-network` 2.1.0) and run `anet hub start`, which wires up port, the server token, the default account, and local config for you.
+The supported path is to install the `anet` CLI (`@sleep2agi/agent-network` 2.1.7) and run `anet hub start`, which wires up the port, default admin account, recovery admin `utok_`, and local config for you.
 
 ## Quick start (verified)
 
@@ -15,11 +15,11 @@ anet hub start
 #   • Default admin account auto-created: admin / anethub
 #   • Reset hint printed in the launch banner
 
-# Or directly via bunx (Bun required)
-bunx @sleep2agi/commhub-server
+# Or directly via bunx (Bun required). Direct runs need explicit auth or dev-open.
+bunx @sleep2agi/commhub-server --dev-open
 
-# With custom port / auth token
-PORT=9200 COMMHUB_AUTH_TOKEN=your-secret bunx @sleep2agi/commhub-server
+# With custom port / legacy master token (soft-deprecated; prefer user/ntok auth)
+bunx @sleep2agi/commhub-server --port 9200 --token your-secret
 ```
 
 Once running:
@@ -35,11 +35,11 @@ Once running:
 
 | Package | Version |
 |---|---|
-| [`@sleep2agi/agent-network`](https://www.npmjs.com/package/@sleep2agi/agent-network) | 2.1.0 |
-| [`@sleep2agi/agent-network-dashboard`](https://www.npmjs.com/package/@sleep2agi/agent-network-dashboard) | 0.3.0 |
+| [`@sleep2agi/agent-network`](https://www.npmjs.com/package/@sleep2agi/agent-network) | 2.1.7 |
+| [`@sleep2agi/agent-network-dashboard`](https://www.npmjs.com/package/@sleep2agi/agent-network-dashboard) | 0.4.2 |
 | [`@sleep2agi/agent-node`](https://www.npmjs.com/package/@sleep2agi/agent-node) | 2.3.0 |
 
-## MCP tools (18)
+## MCP tools (17)
 
 ### Agent-side
 | Tool | Description |
@@ -87,7 +87,7 @@ The server exposes ~33 endpoints across health, auth, networks, and observabilit
 | GET | `/api/stats` | Aggregate stats |
 | GET | `/api/audit-log` | Audit trail |
 
-Network-management endpoints (`/api/networks…`) are present and used by the current CLI. `/api/license[…]` is present but remains a placeholder.
+Network-management endpoints (`/api/networks…`) are present and used by the current CLI. `/api/license[…]` is present as an experimental legacy trial/pro-license surface.
 
 Auth: `Authorization: Bearer <token>` header, or `?token=<token>` query.
 
@@ -107,7 +107,7 @@ Auto-created on first run.
 | `networks` | Workspaces |
 | `api_tokens` | `utok_` / `ntok_` / `atok_` tokens |
 | `audit_log` | Operation audit |
-| `licenses` | License placeholder |
+| `licenses` | Experimental trial/pro-license state |
 | `network_members` | Workspace membership |
 | `network_invites` | Invite codes |
 
@@ -121,9 +121,11 @@ delivered → expired (5min watchdog)
 delivered/acked/running → reassign → delivered (new agent)
 ```
 
-## PostgreSQL (experimental)
+## PostgreSQL (community extension point — not on the maintained roadmap)
 
-Set `DATABASE_URL` to switch to PostgreSQL — the SQL layer auto-translates SQLite-isms (datetime, parameter placeholders) so application code is unchanged. Requires `bun add pg`. PostgreSQL remains experimental.
+> v0.8+ product direction is **SQLite only** (see [docs/v3-postgresql-design.md banner](https://github.com/sleep2agi/agent-network/blob/main/docs/v3-postgresql-design.md)). The PostgreSQL adapter interface is preserved as a community extension point — no E2E coverage on the current stable line; **not recommended for mainline production**.
+
+Set `DATABASE_URL` to switch to PostgreSQL — the SQL layer auto-translates SQLite-isms (datetime, parameter placeholders) so application code is unchanged. Requires `bun add pg`.
 
 ```bash
 DATABASE_URL=postgres://user:pass@host:5432/commhub bunx @sleep2agi/commhub-server
@@ -148,10 +150,10 @@ DATABASE_URL=postgres://user:pass@host:5432/commhub bunx @sleep2agi/commhub-serv
 
 ## Not verified
 
-- `/api/license*` — placeholder for a future paid tier.
+- `/api/license*` — experimental legacy trial/pro-license endpoints.
 - PostgreSQL backend — translation layer exists, no E2E run.
 - Telegram / WeChat / Feishu channel endpoints — channel code exists, but only Telegram-oriented agent-node paths are actively exercised.
 
 ## License
 
-MIT
+Apache-2.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.8.0",
-  "description": "CommHub Server — AI Agent communication hub with MCP protocol, multi-network isolation, user auth, and 18 MCP tools.",
+  "version": "0.8.1-preview.1",
+  "description": "CommHub Server — AI Agent communication hub with MCP protocol, multi-network isolation, user auth, and 17 MCP tools.",
   "type": "module",
   "main": "src/index.ts",
   "bin": {

package/src/auth-tokens.test.ts

@@ -0,0 +1,132 @@
+// UT-01 — server/src/db.ts token generation + hashing pure functions
+// L0 unit test, code view.
+//
+// Importing ./db.js triggers schema bootstrap (db.exec(CREATE TABLE ...) at
+// module load). To avoid touching real state, run with:
+//   COMMHUB_DB=/tmp/qa-ut-01.db bun test src/auth-tokens.test.ts
+// (Dockerfile / qa.sh set this env.)
+import { describe, expect, it } from "bun:test";
+import {
+  uuidv4,
+  generateId,
+  generateToken,
+  generateUserToken,
+  generateNetworkToken,
+  hashToken,
+  hashPassword,
+} from "./db.js";
+
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/;
+const HEX_RE = (n: number) => new RegExp(`^[0-9a-f]{${n}}$`);
+
+describe("uuidv4", () => {
+  it("returns RFC 4122 v4 UUID", () => {
+    for (let i = 0; i < 50; i++) {
+      expect(uuidv4()).toMatch(UUID_RE);
+    }
+  });
+  it("returns unique values across 1000 invocations", () => {
+    const s = new Set<string>();
+    for (let i = 0; i < 1000; i++) s.add(uuidv4());
+    expect(s.size).toBe(1000);
+  });
+});
+
+describe("generateId(prefix)", () => {
+  it("returns `<prefix>_<12 hex>`", () => {
+    const id = generateId("tok");
+    expect(id).toMatch(/^tok_[0-9a-f]{12}$/);
+  });
+  it("respects arbitrary prefix", () => {
+    expect(generateId("u")).toMatch(/^u_[0-9a-f]{12}$/);
+    expect(generateId("net")).toMatch(/^net_[0-9a-f]{12}$/);
+  });
+});
+
+describe("token generators — prefix + length contract", () => {
+  // ALL THREE strip UUID dashes → 32 hex chars after prefix.
+  // If you ever change crypto.randomUUID() implementation, this asserts the
+  // shape stays the same — SDK regexes parse these.
+  it("atok_<32hex>", () => {
+    expect(generateToken()).toMatch(/^atok_[0-9a-f]{32}$/);
+  });
+  it("utok_<32hex>", () => {
+    expect(generateUserToken()).toMatch(/^utok_[0-9a-f]{32}$/);
+  });
+  it("ntok_<32hex>", () => {
+    expect(generateNetworkToken()).toMatch(/^ntok_[0-9a-f]{32}$/);
+  });
+});
+
+describe("token generators — prefixes are distinct", () => {
+  // Pin the three-way discrimination that resolveToken / SDK clients rely on.
+  it("utok / ntok / atok prefixes never collide", () => {
+    const u = generateUserToken();
+    const n = generateNetworkToken();
+    const a = generateToken();
+    expect(u.startsWith("utok_")).toBe(true);
+    expect(n.startsWith("ntok_")).toBe(true);
+    expect(a.startsWith("atok_")).toBe(true);
+    expect(u.startsWith("ntok_")).toBe(false);
+    expect(n.startsWith("utok_")).toBe(false);
+  });
+});
+
+describe("token uniqueness (no collisions over 1000)", () => {
+  for (const [name, gen] of [
+    ["generateToken", generateToken],
+    ["generateUserToken", generateUserToken],
+    ["generateNetworkToken", generateNetworkToken],
+  ] as const) {
+    it(`${name} — 1000 invocations unique`, () => {
+      const s = new Set<string>();
+      for (let i = 0; i < 1000; i++) s.add(gen());
+      expect(s.size).toBe(1000);
+    });
+  }
+});
+
+describe("hashToken — deterministic sha256", () => {
+  it("returns 64-char lowercase hex", () => {
+    expect(hashToken("anything")).toMatch(HEX_RE(64));
+  });
+  it("deterministic — same input same output", () => {
+    expect(hashToken("utok_abc")).toBe(hashToken("utok_abc"));
+  });
+  it("similar inputs produce DIFFERENT hashes (no truncation/collision)", () => {
+    expect(hashToken("utok_abc")).not.toBe(hashToken("ntok_abc"));
+    expect(hashToken("a")).not.toBe(hashToken("b"));
+  });
+  it("known fixture — sha256('test') = 9f86...", () => {
+    expect(hashToken("test")).toBe(
+      "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
+    );
+  });
+});
+
+describe("hashPassword — sha256('anet:' + password)", () => {
+  it("returns 64-char lowercase hex", () => {
+    expect(hashPassword("StrongPassw0rd")).toMatch(HEX_RE(64));
+  });
+  it("deterministic", () => {
+    expect(hashPassword("foo")).toBe(hashPassword("foo"));
+  });
+  it("uses 'anet:' salt → different from hashToken on same input", () => {
+    // This pins the 'anet:' prefix — if someone drops it, this fails,
+    // and existing user password hashes will silently stop matching.
+    expect(hashPassword("foo")).not.toBe(hashToken("foo"));
+    expect(hashPassword("foo")).toBe(hashToken("anet:foo"));
+  });
+});
+
+describe("safety — full-token vs prefix-only hash", () => {
+  // If somewhere we ever hashed only the prefix or only the body, resolveToken
+  // would return the wrong user. Pin "hashToken takes the WHOLE string".
+  it("hashToken(prefix) != hashToken(full)", () => {
+    const utok = generateUserToken();
+    const prefix = "utok_";
+    const body = utok.slice(5);
+    expect(hashToken(utok)).not.toBe(hashToken(prefix));
+    expect(hashToken(utok)).not.toBe(hashToken(body));
+  });
+});

package/src/auth-validate.test.ts

@@ -0,0 +1,145 @@
+// UT-03 — server/src/auth.ts password + username validation in register()
+// L0 unit test, code view. Tests validatePasswordStrength indirectly via the
+// user-facing register() contract (it's not exported on its own).
+//
+// Run with COMMHUB_DB=/tmp/qa-l0-auth-validate.db so the schema bootstrap
+// at db.ts load time lands in a throwaway file. Each test uses a unique
+// username, so cross-test DB state doesn't matter.
+import { describe, expect, it, beforeAll } from "bun:test";
+import { register } from "./auth.js";
+
+// First user gets RELAXED rules (admin bootstrap allows 4-char "anethub" etc.)
+// To test full-strength rules, seed a dummy admin first.
+beforeAll(() => {
+  // Idempotent: if DB file already has users (from a previous run on the
+  // same temp path), this errors with "username already taken" → that's
+  // fine, the goal is just "ensure at least one user exists so subsequent
+  // registers hit the strict path".
+  register("_seed_admin", "BootstrapPw1", undefined, "seed");
+});
+
+describe("register — username rules", () => {
+  it("rejects empty username", () => {
+    const r = register("", "AnyValidPw123");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("username must be at least 2 characters");
+  });
+
+  it("rejects 1-char username", () => {
+    expect(register("a", "AnyValidPw123").ok).toBe(false);
+  });
+
+  it("accepts 2-char username", () => {
+    const r = register("u2", "StrongPw1234");
+    expect(r.ok).toBe(true);
+  });
+
+  it("rejects 51-char username", () => {
+    const long = "u".repeat(51);
+    const r = register(long, "StrongPw1234");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("too long");
+  });
+
+  it("rejects username with space", () => {
+    expect(register("bad name", "StrongPw1234").error).toContain("invalid characters");
+  });
+
+  it("rejects username with '@'", () => {
+    expect(register("foo@bar", "StrongPw1234").error).toContain("invalid characters");
+  });
+
+  it("accepts Chinese username (CJK range)", () => {
+    // Regex includes 一-鿿 per auth.ts L34
+    const r = register("通信测试马", "StrongPw1234");
+    expect(r.ok).toBe(true);
+  });
+
+  it("rejects duplicate username", () => {
+    register("dup_u", "StrongPw1234");
+    const r = register("dup_u", "DifferentPw1");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("already taken");
+  });
+});
+
+describe("register — password length", () => {
+  it("rejects empty password (post-admin)", () => {
+    const r = register("pw_empty", "");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("8 characters");
+  });
+
+  it("rejects 7-char password", () => {
+    expect(register("pw_7", "Abc1234").error).toContain("8 characters");
+  });
+
+  it("accepts 8-char strong password", () => {
+    expect(register("pw_8ok", "StrongP1").ok).toBe(true);
+  });
+});
+
+describe("register — weak-password dictionary (post-admin strict path)", () => {
+  // Each of these is exactly 8+ chars but in WEAK_PASSWORDS dict.
+  // Pins: validatePasswordStrength rejects by dict AFTER length check.
+  const dictMatches = ["password", "passw0rd", "letmein1", "iloveyou"];
+  // Note: "letmein1" — is that in dict? letmein is. password{N} family
+  // generates "letmein1"? No — that's password{N} only. Let me just use
+  // ones I know:
+  const reallyInDict = ["password", "passw0rd", "iloveyou", "password1", "qwerty12"];
+  // qwerty12 — is it? qwerty{N} family covers 0..999 so qwerty12 is in.
+  for (const pw of reallyInDict) {
+    it(`rejects "${pw}" as too common`, () => {
+      const r = register(`pw_dict_${pw}`, pw);
+      expect(r.ok).toBe(false);
+      expect(r.error).toContain("too common");
+    });
+  }
+});
+
+describe("register — case-insensitive dict lookup", () => {
+  // auth.ts L26 calls WEAK_PASSWORDS.has(password.toLowerCase()).
+  // Pins that uppercase weak password is still rejected.
+  it("rejects 'PASSWORD' (uppercase)", () => {
+    const r = register("pw_uc", "PASSWORD");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("too common");
+  });
+  it("rejects 'Password1' (mixed)", () => {
+    const r = register("pw_mix", "Password1");
+    expect(r.ok).toBe(false);
+  });
+});
+
+describe("register — strong passwords accepted", () => {
+  // None of these should be in the dict. All ≥ 8 chars.
+  const strong = [
+    "Tr0ub4dor&3",
+    "correct-horse-battery",
+    "X9!kLm@PqVx",
+    "MyDog'sName2026",
+  ];
+  for (const pw of strong) {
+    it(`accepts strong "${pw}"`, () => {
+      // unique username per pw
+      const u = "ok_" + pw.replace(/[^a-zA-Z0-9]/g, "").slice(0, 12);
+      const r = register(u, pw);
+      expect(r.ok).toBe(true);
+    });
+  }
+});
+
+describe("register — admin bootstrap relaxed rules", () => {
+  // Test that the FIRST user gets the relaxed validator. Can't directly
+  // test this here (the beforeAll already seeded an admin in this DB), but
+  // we pin the CONTRACT: if no users exist, password >= 4 chars suffices.
+  //
+  // This is asserted by checking that AFTER the seed admin exists,
+  // a 4-char password is REJECTED for normal users — which proves the
+  // strict path is hit.
+  it("4-char password rejected for non-first user", () => {
+    const r = register("short_pw_user", "abcd");
+    expect(r.ok).toBe(false);
+    expect(r.error).toContain("8 characters");
+  });
+});

package/src/db.ts

@@ -55,13 +55,14 @@ db.exec(`
 
 // ── V2 schema migration (ALTER TABLE, safe to re-run) ──
 
-// sessions: add node_id, session_id, config_path, channels, last_seen_at
+// sessions: add node_id, session_id, config_path, channels, last_seen_at, model
 for (const col of [
   { name: "node_id", def: "TEXT" },
   { name: "session_id", def: "TEXT" },
   { name: "config_path", def: "TEXT" },
   { name: "channels", def: "TEXT" },
   { name: "last_seen_at", def: "TEXT" },
+  { name: "model", def: "TEXT" },
 ]) {
   try { db.exec(`ALTER TABLE sessions ADD COLUMN ${col.name} ${col.def}`); } catch {}
 }
@@ -272,6 +273,29 @@ db.exec(`
   );
 `);
 
+// ── #84: node rename — rename_txn table (RFC-010 §4) ──
+// Single isolated table holding the rename 2PC transaction state. It doubles
+// as the alias_rename_log (RFC §4 risk #5): the audit log of completed renames
+// is just `SELECT * FROM rename_txn WHERE status = 'committed'`. Kept out of
+// the sessions table so a prepared (in-flight) new-alias never shows up in
+// get_all_status / node listings. status: prepared → committed | aborted.
+db.exec(`
+  CREATE TABLE IF NOT EXISTS rename_txn (
+    txn_id        TEXT PRIMARY KEY,
+    network_id    TEXT NOT NULL,
+    old_alias     TEXT NOT NULL,
+    new_alias     TEXT NOT NULL,
+    status        TEXT NOT NULL DEFAULT 'prepared',
+    prepared_at   TEXT NOT NULL DEFAULT (datetime('now')),
+    committed_at  TEXT,
+    aborted_at    TEXT
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_rename_txn_new ON rename_txn(network_id, new_alias);
+  CREATE INDEX IF NOT EXISTS idx_rename_txn_old ON rename_txn(network_id, old_alias);
+  CREATE INDEX IF NOT EXISTS idx_rename_txn_status ON rename_txn(status);
+`);
+
 // ── V3.13: networks visibility + max_members ──
 try { db.exec("ALTER TABLE networks ADD COLUMN visibility TEXT DEFAULT 'private'"); } catch {}
 try { db.exec("ALTER TABLE networks ADD COLUMN max_members INTEGER DEFAULT 50"); } catch {}

package/src/index.ts

@@ -5,6 +5,7 @@ import { registerTools } from "./tools.js";
 import { db, logTaskEvent, logAudit } from "./db.js";
 import { createSSEStream, pushEvent, getSSEStats } from "./push.js";
 import { register, login, resolveToken, getUserNetworks, getUserAllNetworks, createNetwork, deleteNetwork, renameNetwork, changePassword, issueUserToken, listTokens, createToken, revokeToken, getNetworkMembers, getUserNetworkRole, addNetworkMember, updateMemberRole, removeNetworkMember, createInvite, joinByInvite, createNetworkTokenForNode, type AuthUser } from "./auth.js";
+import { prepareRename, commitRename, abortRename } from "./rename.js";
 
 const PORT = Number(process.env.PORT) || 9200;
 const HOST = process.env.HOST || "127.0.0.1";
@@ -131,6 +132,18 @@ function isLocalhostIP(ip: string): boolean {
   return ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1" || ip === "localhost";
 }
 
+// Normalize the raw `agent` field into a canonical runtime identifier for the
+// dashboard's Runtime badge. Returns null for unknown/absent agents so the
+// frontend can fall back to a placeholder.
+function normalizeRuntime(agent: unknown): string | null {
+  if (typeof agent !== "string" || agent.length === 0) return null;
+  if (agent === "claude-code") return "claude-code-cli";
+  if (agent.startsWith("agent-node:codex")) return "codex-sdk";
+  if (agent.startsWith("agent-node:claude")) return "claude-agent-sdk";
+  if (agent === "http-api" || agent === "http" || agent === "api") return "http-api";
+  return null;
+}
+
 function isTmuxAllowedIP(ip: string): boolean {
   return isLocalhostIP(ip) || TMUX_ALLOWLIST.has(ip);
 }
@@ -246,10 +259,11 @@ const CORS_ORIGINS = process.env.COMMHUB_CORS_ORIGINS
 
 function corsHeaders(req: Request): Record<string, string> {
   const origin = req.headers.get("Origin") || "";
-  const allowed = CORS_ORIGINS.includes(origin)
-    || origin === "https://agent-network.vansin.me"
-    || origin === "https://agent-network-dashboard.vercel.app"
-    ? origin : "";
+  // CORS allowlist is driven entirely by COMMHUB_CORS_ORIGINS env (comma-separated).
+  // Default (env unset) allows localhost dev origins only — see CORS_ORIGINS above.
+  // No author-specific domains are hardcoded; production deployments must set
+  // COMMHUB_CORS_ORIGINS explicitly. See docs/concepts/security.md "CORS 配置".
+  const allowed = CORS_ORIGINS.includes(origin) ? origin : "";
   return {
     "Access-Control-Allow-Origin": allowed,
     "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
@@ -513,6 +527,59 @@ Bun.serve({
       }
     }
 
+    // ── #84: node rename 2PC — Server surface (RFC-010 §4) ──
+    // The CLI orchestrates the 2PC; these endpoints are the Server steps:
+    // prepare = PHASE 1 P3, commit = PHASE 2 C1, abort = PHASE 1 rollback.
+    if (url.pathname === "/api/node-rename/prepare" && req.method === "POST") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      try {
+        const body = await req.json() as any;
+        if (!body.network_id || !body.old_alias || !body.new_alias) {
+          return withCors(req, Response.json({ ok: false, error: "network_id, old_alias, new_alias required" }, { status: 400 }));
+        }
+        const result = prepareRename(resolved.user.user_id, body.network_id, body.old_alias, body.new_alias);
+        if (result.ok) logAudit(resolved.user.user_id, resolved.user.username, "node_rename_prepared", "node", body.old_alias, body.new_alias);
+        return withCors(req, Response.json(result, { status: result.ok ? 200 : 400 }));
+      } catch (e: any) {
+        return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
+      }
+    }
+
+    if (url.pathname === "/api/node-rename/commit" && req.method === "POST") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      try {
+        const body = await req.json() as any;
+        if (!body.txn_id) return withCors(req, Response.json({ ok: false, error: "txn_id required" }, { status: 400 }));
+        const result = commitRename(resolved.user.user_id, body.txn_id);
+        if (result.ok) logAudit(resolved.user.user_id, resolved.user.username, "node_rename_committed", "node", body.txn_id);
+        return withCors(req, Response.json(result, { status: result.ok ? 200 : 400 }));
+      } catch (e: any) {
+        return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
+      }
+    }
+
+    if (url.pathname === "/api/node-rename/abort" && req.method === "POST") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      try {
+        const body = await req.json() as any;
+        if (!body.txn_id) return withCors(req, Response.json({ ok: false, error: "txn_id required" }, { status: 400 }));
+        const result = abortRename(resolved.user.user_id, body.txn_id);
+        if (result.ok) logAudit(resolved.user.user_id, resolved.user.username, "node_rename_aborted", "node", body.txn_id);
+        return withCors(req, Response.json(result, { status: result.ok ? 200 : 400 }));
+      } catch (e: any) {
+        return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
+      }
+    }
+
     // ── V3: Token management ──
     if (url.pathname === "/api/auth/tokens" && req.method === "GET") {
       const token = req.headers.get("Authorization")?.replace("Bearer ", "");
@@ -756,7 +823,14 @@ Bun.serve({
       let sql = "SELECT * FROM sessions WHERE 1=1";
       sql = addNetworkScope(sql, params, restScope);
       sql += " ORDER BY updated_at DESC";
-      const sessions = db.all(sql, ...params);
+      // `model` comes straight from the sessions row (SELECT *); `runtime` is
+      // derived from the raw `agent` field. Both default to null for old nodes
+      // that never reported a model — the dashboard falls back to a placeholder.
+      const sessions = db.all(sql, ...params).map((s: any) => ({
+        ...s,
+        model: s.model ?? null,
+        runtime: normalizeRuntime(s.agent),
+      }));
       const summary = sessions.reduce((acc: any, session: any) => {
         const raw = String(session.status || "").toLowerCase();
         if (raw === "offline") acc.offline++;

package/src/password-dict.test.ts

@@ -0,0 +1,68 @@
+// UT-02 — server/src/password-dict.ts
+// L0 unit test, code view. Pure data + computed set; no I/O, no network.
+// Runs via `bun test` (~ms).
+import { describe, expect, it } from "bun:test";
+import { WEAK_PASSWORDS } from "./password-dict.js";
+
+const has = (p: string) => WEAK_PASSWORDS.has(p.toLowerCase());
+
+describe("WEAK_PASSWORDS — common entries", () => {
+  for (const p of ["123456", "password", "qwerty", "admin", "letmein", "iloveyou", "passw0rd"]) {
+    it(`contains "${p}"`, () => expect(has(p)).toBe(true));
+  }
+});
+
+describe("WEAK_PASSWORDS — generated families", () => {
+  it("contains 6-digit zero-padded numbers 000000..000999", () => {
+    expect(has("000000")).toBe(true);
+    expect(has("000042")).toBe(true);
+    expect(has("000999")).toBe(true);
+  });
+
+  it("contains passwordN family for N=0..999", () => {
+    expect(has("password0")).toBe(true);
+    expect(has("password42")).toBe(true);
+    expect(has("password999")).toBe(true);
+  });
+
+  it("contains qwertyN family for N=0..999", () => {
+    expect(has("qwerty0")).toBe(true);
+    expect(has("qwerty999")).toBe(true);
+  });
+});
+
+describe("WEAK_PASSWORDS — case insensitive contract (storage is lowercase)", () => {
+  // The Set itself stores only lowercase. Consumers (auth.ts L26) call
+  // `WEAK_PASSWORDS.has(password.toLowerCase())`. This test pins both sides
+  // of the contract so a future refactor that changes either side fails fast.
+  it("lowercase lookup matches", () => expect(WEAK_PASSWORDS.has("password")).toBe(true));
+  it("uppercase lookup misses (must be lowercased by caller)", () => {
+    expect(WEAK_PASSWORDS.has("PASSWORD")).toBe(false);
+    expect(has("PASSWORD")).toBe(true); // via our wrapper that mirrors auth.ts
+  });
+});
+
+describe("WEAK_PASSWORDS — strong passwords stay out", () => {
+  const strong = [
+    "StrongPassw0rd",         // mixed case + digit
+    "correct horse battery",  // multi-word
+    "Tr0ub4dor&3",            // mixed everything
+    "a1b2c3d4e5f6g7",         // random-looking
+    "j!K8sLm@PqVx",           // symbols
+  ];
+  for (const p of strong) {
+    it(`does NOT contain "${p}"`, () => expect(has(p)).toBe(false));
+  }
+});
+
+describe("WEAK_PASSWORDS — size sanity", () => {
+  it("has > 100 base entries plus families (>= 3100 total)", () => {
+    // 89 literals (trimmed) + 1000 padded numbers + 1000 password{N} + 1000 qwerty{N}
+    // = 3089 base; some may overlap (e.g. "123456" appears in both literals and 6-digit family if range matched)
+    expect(WEAK_PASSWORDS.size).toBeGreaterThan(3000);
+  });
+
+  it("contains '000123' (padding implementation correct)", () => {
+    expect(WEAK_PASSWORDS.has("000123")).toBe(true);
+  });
+});

package/src/rename.ts

@@ -0,0 +1,131 @@
+// ── #84: node rename — Server surface (RFC-010 §4) ──
+//
+// The server side of the rename 2PC. PHASE 1 (prepare) reserves the new alias
+// in the isolated rename_txn table without touching the sessions registry, so
+// it is fully rollback-safe (abort just marks the row aborted). PHASE 2
+// (commit) atomically switches sessions.alias + nodes.alias old→new and is the
+// non-rollbackable point — past commit, recovery is forward-fix only.
+//
+// Step 1 spec resolution (通信龙-confirmed, #84): the rename_txn row IS the
+// audit log (RFC §4 risk #5 alias_rename_log = `WHERE status='committed'`),
+// and rename touches api_tokens only cosmetically — the token binds
+// user_id+network_id, never the alias, so there is no per-alias binding to
+// migrate. This corrects RFC-010 §4 P3's draft "copy utok/ntok binding" line.
+
+import { randomUUID } from "crypto";
+import { db } from "./db";
+import { getUserNetworkRole } from "./auth";
+import { pushEvent } from "./push";
+
+export interface RenameResult {
+  ok: boolean;
+  txn_id?: string;
+  error?: string;
+}
+
+function hasWriteAccess(userId: string, networkId: string): boolean {
+  const role = getUserNetworkRole(userId, networkId);
+  return !!role && role !== "viewer";
+}
+
+// PHASE 1 P3 — create a prepared rename_txn row reserving new_alias.
+// CAS guard (RFC §4 risk #3 TOCTOU): new_alias must be free both in the
+// sessions registry AND among in-flight prepared rename_txn rows.
+export function prepareRename(
+  userId: string, networkId: string, oldAlias: string, newAlias: string,
+): RenameResult {
+  if (!hasWriteAccess(userId, networkId)) return { ok: false, error: "no write access to this network" };
+  if (!oldAlias || !newAlias) return { ok: false, error: "old and new alias required" };
+  if (oldAlias === newAlias) return { ok: false, error: "old and new alias are identical" };
+
+  // old-alias must exist as a session in this network
+  const oldSession = db.get<any>(
+    "SELECT 1 FROM sessions WHERE network_id = ?1 AND alias = ?2", networkId, oldAlias);
+  if (!oldSession) return { ok: false, error: `node "${oldAlias}" not found in this network` };
+
+  // new-alias must not be taken — in sessions OR reserved by another prepared txn
+  const newInSessions = db.get<any>(
+    "SELECT 1 FROM sessions WHERE network_id = ?1 AND alias = ?2", networkId, newAlias);
+  if (newInSessions) return { ok: false, error: `alias "${newAlias}" already in use` };
+  const newPrepared = db.get<any>(
+    "SELECT txn_id FROM rename_txn WHERE network_id = ?1 AND new_alias = ?2 AND status = 'prepared'",
+    networkId, newAlias);
+  if (newPrepared) return { ok: false, error: `alias "${newAlias}" already reserved by an in-flight rename` };
+
+  const txnId = `rtxn_${randomUUID().replace(/-/g, "")}`;
+  db.run(
+    "INSERT INTO rename_txn (txn_id, network_id, old_alias, new_alias, status) VALUES (?1, ?2, ?3, ?4, 'prepared')",
+    [txnId, networkId, oldAlias, newAlias]);
+  return { ok: true, txn_id: txnId };
+}
+
+// PHASE 2 C1 — atomically switch sessions.alias + nodes.alias old→new, mark
+// the txn committed. Cosmetic: api_tokens.name label node:<old>→node:<new>
+// (idempotent, NOT rollback-critical — the token binds user_id+network_id).
+// inbox/tasks/completions keep the old alias (RFC §4 risk #5 — history is
+// immutable; queries join rename_txn to show "old → now new").
+export function commitRename(userId: string, txnId: string): RenameResult {
+  const txn = db.get<any>("SELECT * FROM rename_txn WHERE txn_id = ?1", txnId);
+  if (!txn) return { ok: false, error: "rename transaction not found" };
+  if (txn.status === "committed") return { ok: true, txn_id: txnId }; // idempotent
+  if (txn.status === "aborted") return { ok: false, error: "rename transaction was aborted" };
+  if (!hasWriteAccess(userId, txn.network_id)) return { ok: false, error: "no write access to this network" };
+
+  // Defense-in-depth: new-alias still free in sessions (prepare already CAS'd,
+  // but a parallel direct registration could have raced in).
+  const conflict = db.get<any>(
+    "SELECT 1 FROM sessions WHERE network_id = ?1 AND alias = ?2", txn.network_id, txn.new_alias);
+  if (conflict) return { ok: false, error: `alias "${txn.new_alias}" was taken since prepare` };
+
+  db.run(
+    "UPDATE sessions SET alias = ?1, updated_at = datetime('now') WHERE network_id = ?2 AND alias = ?3",
+    [txn.new_alias, txn.network_id, txn.old_alias]);
+  db.run(
+    "UPDATE nodes SET alias = ?1, updated_at = datetime('now') WHERE network_id = ?2 AND alias = ?3",
+    [txn.new_alias, txn.network_id, txn.old_alias]);
+  db.run(
+    "UPDATE api_tokens SET name = ?1 WHERE network_id = ?2 AND name = ?3",
+    [`node:${txn.new_alias}`, txn.network_id, `node:${txn.old_alias}`]);
+  db.run(
+    "UPDATE rename_txn SET status = 'committed', committed_at = datetime('now') WHERE txn_id = ?1",
+    [txnId]);
+
+  // RFC-010 §4.2.1 C4 — broadcast node.renamed SSE. (#84 实施补漏: the Server
+  // surface originally missed C4; N站马's dashboard slice needs this event.)
+  // Envelope per RFC §3.4: alias = NEW (the post-event truth); data carries
+  // old/new + surfaces + history_policy. `type` is also set for consumers that
+  // switch on .type (the existing SSE convention). Pushed to both the old- and
+  // new-alias streams since the SSE layer is per-session-name (no network-wide
+  // broadcast primitive) — whoever watched either name gets the rename.
+  const renamedEvent: Record<string, unknown> = {
+    type: "node.renamed",
+    event: "node.renamed",
+    txn_id: txnId,
+    alias: txn.new_alias,
+    network_id: txn.network_id,
+    data: {
+      old_alias: txn.old_alias,
+      new_alias: txn.new_alias,
+      surfaces_updated: ["config", "tmux", "commhub", "dashboard", "batch_prefix", "session_resume"],
+      history_policy: "preserve",
+    },
+  };
+  pushEvent(txn.old_alias, renamedEvent, txn.network_id);
+  pushEvent(txn.new_alias, renamedEvent, txn.network_id);
+
+  return { ok: true, txn_id: txnId };
+}
+
+// PHASE 1 rollback — mark a prepared rename_txn aborted, freeing new_alias.
+// Idempotent; refuses to abort an already-committed txn.
+export function abortRename(userId: string, txnId: string): RenameResult {
+  const txn = db.get<any>("SELECT * FROM rename_txn WHERE txn_id = ?1", txnId);
+  if (!txn) return { ok: false, error: "rename transaction not found" };
+  if (txn.status === "committed") return { ok: false, error: "rename already committed, cannot abort" };
+  if (txn.status === "aborted") return { ok: true, txn_id: txnId }; // idempotent
+  if (!hasWriteAccess(userId, txn.network_id)) return { ok: false, error: "no write access to this network" };
+  db.run(
+    "UPDATE rename_txn SET status = 'aborted', aborted_at = datetime('now') WHERE txn_id = ?1",
+    [txnId]);
+  return { ok: true, txn_id: txnId };
+}

package/src/tools.ts

@@ -126,8 +126,8 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
         // Only delete same-alias sessions within the same network
         db.run("DELETE FROM sessions WHERE alias = ?1 AND resume_id != ?2 AND network_id = ?3", [alias, resume_id, sessionNetId]);
         db.run(
-          `INSERT INTO sessions (resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version, status, task, output, progress, score, node_id, session_id, config_path, channels, network_id, last_seen_at, updated_at)
-           VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19, datetime('now'), datetime('now'))
+          `INSERT INTO sessions (resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version, status, task, output, progress, score, node_id, session_id, config_path, channels, network_id, model, last_seen_at, updated_at)
+           VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19, ?20, datetime('now'), datetime('now'))
            ON CONFLICT(resume_id) DO UPDATE SET
              alias = COALESCE(?2, sessions.alias), tmux_name = COALESCE(?3, sessions.tmux_name),
              server = COALESCE(?4, sessions.server), ip = COALESCE(?5, sessions.ip),
@@ -138,8 +138,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
              score = COALESCE(?14, sessions.score), node_id = COALESCE(?15, sessions.node_id),
              session_id = COALESCE(?16, sessions.session_id), config_path = COALESCE(?17, sessions.config_path),
              channels = COALESCE(?18, sessions.channels), network_id = COALESCE(?19, sessions.network_id),
+             model = COALESCE(?20, sessions.model),
              last_seen_at = datetime('now'), updated_at = datetime('now')`,
-          [resume_id, alias, tmux ?? null, srv ?? null, clientIP ?? null, hn ?? null, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, sessionNetId]
+          [resume_id, alias, tmux ?? null, srv ?? null, clientIP ?? null, hn ?? null, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, sessionNetId, mdl ?? null]
         );
       });