@sleep2agi/commhub-server 0.8.1-preview.2 → 0.8.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.8.1-preview.2",
+  "version": "0.8.1",
   "description": "CommHub Server — AI Agent communication hub with MCP protocol, multi-network isolation, user auth, and 17 MCP tools.",
   "type": "module",
   "main": "src/index.ts",

package/src/db.ts

@@ -19,6 +19,11 @@ db.exec(`
     output        TEXT,
     progress      INTEGER DEFAULT 0,
     score         REAL,
+    cpu_load_1min REAL,
+    cpu_cores     INTEGER,
+    mem_total_gb  REAL,
+    mem_used_gb   REAL,
+    mem_avail_gb  REAL,
     network_id    TEXT NOT NULL DEFAULT 'default',
     registered_at TEXT NOT NULL DEFAULT (datetime('now')),
     updated_at    TEXT NOT NULL DEFAULT (datetime('now')),
@@ -55,7 +60,7 @@ db.exec(`
 
 // ── V2 schema migration (ALTER TABLE, safe to re-run) ──
 
-// sessions: add node_id, session_id, config_path, channels, last_seen_at, model
+// sessions: add node_id, session_id, config_path, channels, last_seen_at, model, host telemetry
 for (const col of [
   { name: "node_id", def: "TEXT" },
   { name: "session_id", def: "TEXT" },
@@ -63,6 +68,11 @@ for (const col of [
   { name: "channels", def: "TEXT" },
   { name: "last_seen_at", def: "TEXT" },
   { name: "model", def: "TEXT" },
+  { name: "cpu_load_1min", def: "REAL" },
+  { name: "cpu_cores", def: "INTEGER" },
+  { name: "mem_total_gb", def: "REAL" },
+  { name: "mem_used_gb", def: "REAL" },
+  { name: "mem_avail_gb", def: "REAL" },
 ]) {
   try { db.exec(`ALTER TABLE sessions ADD COLUMN ${col.name} ${col.def}`); } catch {}
 }
@@ -376,6 +386,12 @@ function migrateSessionsNetworkAliasUnique() {
         config_path   TEXT,
         channels      TEXT,
         last_seen_at  TEXT,
+        model         TEXT,
+        cpu_load_1min REAL,
+        cpu_cores     INTEGER,
+        mem_total_gb  REAL,
+        mem_used_gb   REAL,
+        mem_avail_gb  REAL,
         network_id    TEXT NOT NULL DEFAULT 'default',
         UNIQUE (network_id, alias)
       )
@@ -384,12 +400,14 @@ function migrateSessionsNetworkAliasUnique() {
       INSERT OR REPLACE INTO sessions_migrated (
         resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version,
         status, task, output, progress, score, registered_at, updated_at, node_id,
-        session_id, config_path, channels, last_seen_at, network_id
+        session_id, config_path, channels, last_seen_at, model, cpu_load_1min,
+        cpu_cores, mem_total_gb, mem_used_gb, mem_avail_gb, network_id
       )
       SELECT
         resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version,
         status, task, output, progress, score, registered_at, updated_at, node_id,
-        session_id, config_path, channels, last_seen_at,
+        session_id, config_path, channels, last_seen_at, model, cpu_load_1min,
+        cpu_cores, mem_total_gb, mem_used_gb, mem_avail_gb,
         COALESCE(NULLIF(network_id, ''), 'default')
       FROM sessions
       ORDER BY updated_at

package/src/index.ts

@@ -266,7 +266,7 @@ function corsHeaders(req: Request): Record<string, string> {
   const allowed = CORS_ORIGINS.includes(origin) ? origin : "";
   return {
     "Access-Control-Allow-Origin": allowed,
-    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
     "Access-Control-Allow-Headers": "Content-Type, Authorization",
     "Access-Control-Max-Age": "86400",
   };
@@ -841,6 +841,59 @@ Bun.serve({
       return withCors(req, Response.json({ ok: true, sessions, summary }));
     }
 
+    // ── REST: aggregate agents by physical server ──
+    if (url.pathname === "/api/servers") {
+      const cutoff = new Date(Date.now() - 10 * 60 * 1000).toISOString().replace("T", " ").slice(0, 19);
+      const staleParams: any[] = [cutoff];
+      let staleSql = "UPDATE sessions SET status = 'offline' WHERE updated_at < ?1 AND status != 'offline'";
+      staleSql = addNetworkScope(staleSql, staleParams, restScope);
+      db.run(staleSql, staleParams);
+
+      const params: any[] = [];
+      let sql = `
+        SELECT hostname, ip, cpu_load_1min, cpu_cores, mem_avail_gb, mem_used_gb,
+               COALESCE(last_seen_at, updated_at) AS last_seen
+        FROM sessions
+        WHERE 1=1
+      `;
+      sql = addNetworkScope(sql, params, restScope);
+      sql += " ORDER BY COALESCE(last_seen_at, updated_at) DESC";
+
+      const grouped = new Map<string, {
+        hostname: string;
+        ip: string;
+        agent_count: number;
+        cpu_load_1min: number | null;
+        cpu_cores: number | null;
+        mem_avail_gb: number | null;
+        mem_used_gb: number | null;
+        last_seen: string | null;
+      }>();
+
+      for (const row of db.all<any>(sql, ...params)) {
+        const hostname = row.hostname || "unknown";
+        const ip = row.ip || "unknown";
+        const key = `${hostname}\u0000${ip}`;
+        const existing = grouped.get(key);
+        if (existing) {
+          existing.agent_count += 1;
+          continue;
+        }
+        grouped.set(key, {
+          hostname,
+          ip,
+          agent_count: 1,
+          cpu_load_1min: row.cpu_load_1min ?? null,
+          cpu_cores: row.cpu_cores ?? null,
+          mem_avail_gb: row.mem_avail_gb ?? null,
+          mem_used_gb: row.mem_used_gb ?? null,
+          last_seen: row.last_seen ?? null,
+        });
+      }
+
+      return withCors(req, Response.json(Array.from(grouped.values())));
+    }
+
     // ── REST: send task ──
     if (url.pathname === "/api/task" && req.method === "POST") {
       let raw: unknown;
@@ -1109,6 +1162,52 @@ Bun.serve({
       return withCors(req, Response.json({ ok: true, events: rows, count: rows.length }));
     }
 
+    // ── REST: delete node (Dashboard/CLI remote cleanup) ──
+    const nodeDeleteMatch = url.pathname.match(/^\/api\/nodes\/([^/]+)$/);
+    if (nodeDeleteMatch && req.method === "DELETE") {
+      const ref = decodeURIComponent(nodeDeleteMatch[1]);
+      const params: any[] = [ref, ref, ref];
+      let sql = "SELECT * FROM nodes WHERE (node_id = ?1 OR node_name = ?2 OR alias = ?3)";
+      sql = addNetworkScope(sql, params, restScope);
+      sql += " ORDER BY updated_at DESC LIMIT 1";
+      const node = db.get<any>(sql, ...params);
+      if (!node) return withCors(req, Response.json({ ok: false, error: "node not found" }, { status: 404 }));
+
+      const nodeNetId = node.network_id ?? singleNetworkId(restScope);
+      if (!canRestWriteNetwork(restAuth, nodeNetId, isAdmin)) {
+        return withCors(req, Response.json({ ok: false, error: "permission_denied" }, { status: 403 }));
+      }
+
+      db.transaction(() => {
+        db.run("DELETE FROM nodes WHERE node_id = ?1", [node.node_id]);
+        if (node.alias) {
+          db.run(
+            "DELETE FROM sessions WHERE alias = ?1 AND (network_id = ?2 OR (?2 IS NULL AND network_id IS NULL))",
+            [node.alias, node.network_id ?? null]
+          );
+        }
+      });
+
+      if (node.alias) {
+        pushEvent(node.alias, {
+          type: "node_deleted",
+          node_id: node.node_id,
+          node_name: node.node_name,
+          alias: node.alias,
+          network_id: node.network_id ?? null,
+        }, node.network_id ?? null);
+      }
+
+      return withCors(req, Response.json({
+        ok: true,
+        deleted: true,
+        node_id: node.node_id,
+        node_name: node.node_name,
+        alias: node.alias,
+        network_id: node.network_id ?? null,
+      }));
+    }
+
     // ── REST: nodes table (V2 Sprint 2) ──
     if (url.pathname === "/api/nodes") {
       const nodeId = url.searchParams.get("node_id");

package/src/tools.ts

@@ -29,6 +29,16 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     return !!role && role !== "viewer"; // owner/admin/member can write
   };
 
+  const writeDeniedReply = (effectiveNetworkId?: string | null, action = "write") => {
+    const netId = enforceNetworkId ?? effectiveNetworkId ?? null;
+    const message = !netId
+      ? "network_id required (utok current_network is null; pass explicit network_id from /api/auth/me networks[0].network_id)"
+      : action === "send_task"
+        ? "Viewer role cannot send tasks"
+        : "Viewer role cannot write to this network";
+    return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied", message }) }] };
+  };
+
   const addScope = (sql: string, params: any[], networkId?: string | null, column = "network_id"): string => {
     if (!networkId) return sql;
     sql += ` AND ${column} = ?${params.length + 1}`;
@@ -109,25 +119,41 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       model: z.string().max(200).optional().describe("AI model name"),
       node_name: z.string().max(200).optional().describe("Stable node display name (may differ from alias)"),
       network_id: z.string().max(200).optional().describe("Network this agent belongs to"),
+      host: z.object({
+        hostname: z.string().max(200).optional(),
+        ip: z.string().max(200).optional(),
+        cpu_load_1min: z.number().nullable().optional(),
+        cpu_cores: z.number().nullable().optional(),
+        mem_total_gb: z.number().nullable().optional(),
+        mem_used_gb: z.number().nullable().optional(),
+        mem_avail_gb: z.number().nullable().optional(),
+      }).optional().describe("Host telemetry reported by agent-node"),
     },
-    async ({ resume_id, alias, status, task, output, score, progress, server: srv, hostname: hn, agent: ag, project_dir: pd, version: ver, tmux_name: tmux, node_id, session_id, config_path, channels, model: mdl, node_name: nn, network_id: netId }) => {
+    async ({ resume_id, alias, status, task, output, score, progress, server: srv, hostname: hn, agent: ag, project_dir: pd, version: ver, tmux_name: tmux, node_id, session_id, config_path, channels, model: mdl, node_name: nn, network_id: netId, host }) => {
       const effectiveNetId = getNetworkId(netId);
       const sessionNetId = effectiveNetId ?? "default";
       if (!callerTokenIsNetwork || !enforceNetworkId) {
         return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "network_token_required" }) }] };
       }
       if (!canWrite(effectiveNetId)) {
-        return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+        return writeDeniedReply(effectiveNetId);
       }
       console.log(`[${ts()}] ${alias} (${resume_id.slice(0, 8)}) → report_status: ${status}${task ? " | " + task.slice(0, 60) : ""}${effectiveNetId ? " [net]" : ""}`);
       const trimmedOutput = output?.slice(0, 4000);
+      const hostHostname = host?.hostname || hn || null;
+      const hostIp = host?.ip || clientIP || null;
+      const cpuLoad1m = typeof host?.cpu_load_1min === "number" ? host.cpu_load_1min : null;
+      const cpuCores = typeof host?.cpu_cores === "number" ? host.cpu_cores : null;
+      const memTotalGb = typeof host?.mem_total_gb === "number" ? host.mem_total_gb : null;
+      const memUsedGb = typeof host?.mem_used_gb === "number" ? host.mem_used_gb : null;
+      const memAvailGb = typeof host?.mem_avail_gb === "number" ? host.mem_avail_gb : null;
 
       db.transaction(() => {
         // Only delete same-alias sessions within the same network
         db.run("DELETE FROM sessions WHERE alias = ?1 AND resume_id != ?2 AND network_id = ?3", [alias, resume_id, sessionNetId]);
         db.run(
-          `INSERT INTO sessions (resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version, status, task, output, progress, score, node_id, session_id, config_path, channels, network_id, model, last_seen_at, updated_at)
-           VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19, ?20, datetime('now'), datetime('now'))
+          `INSERT INTO sessions (resume_id, alias, tmux_name, server, ip, hostname, agent, project_dir, version, status, task, output, progress, score, node_id, session_id, config_path, channels, network_id, model, cpu_load_1min, cpu_cores, mem_total_gb, mem_used_gb, mem_avail_gb, last_seen_at, updated_at)
+           VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16, ?17, ?18, ?19, ?20, ?21, ?22, ?23, ?24, ?25, datetime('now'), datetime('now'))
            ON CONFLICT(resume_id) DO UPDATE SET
              alias = COALESCE(?2, sessions.alias), tmux_name = COALESCE(?3, sessions.tmux_name),
              server = COALESCE(?4, sessions.server), ip = COALESCE(?5, sessions.ip),
@@ -139,8 +165,13 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
              session_id = COALESCE(?16, sessions.session_id), config_path = COALESCE(?17, sessions.config_path),
              channels = COALESCE(?18, sessions.channels), network_id = COALESCE(?19, sessions.network_id),
              model = COALESCE(?20, sessions.model),
+             cpu_load_1min = COALESCE(?21, sessions.cpu_load_1min),
+             cpu_cores = COALESCE(?22, sessions.cpu_cores),
+             mem_total_gb = COALESCE(?23, sessions.mem_total_gb),
+             mem_used_gb = COALESCE(?24, sessions.mem_used_gb),
+             mem_avail_gb = COALESCE(?25, sessions.mem_avail_gb),
              last_seen_at = datetime('now'), updated_at = datetime('now')`,
-          [resume_id, alias, tmux ?? null, srv ?? null, clientIP ?? null, hn ?? null, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, sessionNetId, mdl ?? null]
+          [resume_id, alias, tmux ?? null, srv ?? null, hostIp, hostHostname, ag ?? null, pd ?? null, ver ?? null, status, task ?? null, trimmedOutput ?? null, progress ?? null, score ?? null, node_id ?? null, session_id ?? null, config_path ?? null, channels ?? null, sessionNetId, mdl ?? null, cpuLoad1m, cpuCores, memTotalGb, memUsedGb, memAvailGb]
         );
       });
 
@@ -225,7 +256,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     async ({ alias, task, result, artifacts, score, duration_minutes, network_id: netId }) => {
       const effectiveNetId = getNetworkId(netId);
       if (!canWrite(effectiveNetId)) {
-        return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+        return writeDeniedReply(effectiveNetId);
       }
       console.log(`[${ts()}] ${alias} → report_completion: ${task.slice(0, 60)}${effectiveNetId ? " [net]" : ""}`);
       const id = uuidv4();
@@ -337,7 +368,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ alias, message_id, response }) => {
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${alias} → ack_inbox: ${message_id.slice(0, 8)}`);
       const ackParams: any[] = [message_id, alias];
       let ackSql = "UPDATE inbox SET acked = 1 WHERE id = ?1 AND session_name = ?2";
@@ -478,7 +509,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
 
       // Role check: viewer cannot send tasks
       if (!canWrite(effectiveNetId)) {
-        return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied", message: "Viewer role cannot send tasks" }) }] };
+        return writeDeniedReply(effectiveNetId, "send_task");
       }
 
       // License check
@@ -557,7 +588,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ alias, message, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → send_message → ${alias}: ${message.slice(0, 60)}`);
       const id = uuidv4();
       db.run(
@@ -598,7 +629,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ alias, text, in_reply_to, status: replyStatus, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → send_reply (${replyStatus}) → ${alias}: ${text.slice(0, 60)}`);
       const id = uuidv4();
       const replyLogged = db.transaction(() => {
@@ -673,7 +704,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ task_id, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → send_ack → task ${task_id.slice(0, 8)}`);
       const updateParams: any[] = [task_id];
       let updateSql = "UPDATE tasks SET status = 'acked' WHERE task_id = ?1 AND status IN ('created', 'delivered')";
@@ -699,7 +730,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ task_id, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → retry_task → ${task_id.slice(0, 8)}`);
       // Find the original task
       const taskParams: any[] = [task_id];
@@ -810,7 +841,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ task_id, reason, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → cancel_task → ${task_id.slice(0, 8)}`);
       const updateParams: any[] = [reason || "cancelled by " + from_session, task_id];
       let updateSql = `UPDATE tasks SET status = 'cancelled', result = ?1, completed_at = datetime('now')
@@ -842,7 +873,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ task_id, new_alias, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] ${from_session} → reassign_task → ${task_id.slice(0, 8)} → ${new_alias}`);
       const taskParams: any[] = [task_id];
       let taskSql = "SELECT * FROM tasks WHERE task_id = ?1";
@@ -886,7 +917,7 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     },
     async ({ message, filter_server, filter_status, network_id: netId }) => {
       const effectiveNetId = getNetworkId(netId);
-      if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
+      if (!canWrite(effectiveNetId)) return writeDeniedReply(effectiveNetId);
       console.log(`[${ts()}] hub → broadcast: ${message.slice(0, 60)}${effectiveNetId ? " [net=" + effectiveNetId.slice(0, 12) + "]" : ""}`);
       let sql = "SELECT alias, network_id FROM sessions WHERE alias IS NOT NULL";
       const params: any[] = [];