@swarmai/local-agent 0.1.0

package/src/config.js

@@ -0,0 +1,98 @@
+/**
+ * Configuration management
+ * Reads/writes ~/.swarmai/config.json
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const CONFIG_DIR = path.join(os.homedir(), '.swarmai');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+
+const DEFAULT_SERVER = 'https://agents.northpeak.app';
+
+function ensureConfigDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  }
+}
+
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      const raw = fs.readFileSync(CONFIG_FILE, 'utf-8');
+      return JSON.parse(raw);
+    }
+  } catch (e) {
+    // Corrupt config, start fresh
+  }
+  return {};
+}
+
+function saveConfig(config) {
+  ensureConfigDir();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), {
+    encoding: 'utf-8',
+    mode: 0o600,
+  });
+
+  // On Windows, mode 0o600 is ignored. Try to restrict ACLs via icacls.
+  if (os.platform() === 'win32') {
+    try {
+      const { execSync } = require('child_process');
+      const username = os.userInfo().username;
+      execSync(`icacls "${CONFIG_FILE}" /inheritance:r /grant:r "${username}:(R,W)" /deny "Everyone:(R)"`, {
+        stdio: 'pipe', timeout: 5000,
+      });
+    } catch { /* non-critical — icacls might fail on some Windows editions */ }
+  }
+}
+
+function getServer(opts) {
+  const config = loadConfig();
+  return opts?.server || config.server || DEFAULT_SERVER;
+}
+
+function isConfigured() {
+  const config = loadConfig();
+  return !!(config.apiKey && config.server);
+}
+
+/**
+ * Get security config with defaults
+ */
+function getSecurityDefaults() {
+  return {
+    shellBlocklist: [],     // Additional patterns beyond built-in defaults
+    fileRootPaths: [],      // Empty = allow all. Set paths to restrict file access.
+    requireApprovalFor: ['cliSession', 'clipboard'],  // Phase 5.4: sensitive commands need approval. capture is handled by allowCapture gate instead (type-aware).
+    allowCapture: false,    // Phase 5.4: camera/mic disabled by default, must opt-in
+  };
+}
+
+/**
+ * Get workspace config with OS-aware defaults.
+ * Users can override in ~/.swarmai/config.json under "workspace" key.
+ */
+function getWorkspaceDefaults() {
+  const platform = os.platform();
+  return {
+    rootPath: platform === 'win32' ? 'C:/SwarmAI' : path.join(os.homedir(), 'SwarmAI'),
+    cleanupIntervalMs: 60 * 60 * 1000,           // 1 hour
+    tempMaxAgeMs: 24 * 60 * 60 * 1000,           // 24 hours
+    downloadsMaxAgeMs: 7 * 24 * 60 * 60 * 1000,  // 7 days
+  };
+}
+
+module.exports = {
+  CONFIG_DIR,
+  CONFIG_FILE,
+  DEFAULT_SERVER,
+  loadConfig,
+  saveConfig,
+  getServer,
+  isConfigured,
+  getSecurityDefaults,
+  getWorkspaceDefaults,
+};

package/src/connection.js

@@ -0,0 +1,470 @@
+/**
+ * WebSocket connection management for Local Agent
+ *
+ * Connects to SwarmAI server via Socket.io /local-agent namespace.
+ * Handles heartbeat, command dispatch, and reconnection.
+ */
+
+const os = require('os');
+const { executeCommand, getCapabilities, setConnectionContext, setSocket } = require('./commands');
+const { scanTools, scanToolsAsync } = require('./toolScanner');
+const { loadConfig, getWorkspaceDefaults } = require('./config');
+const { initWorkspaceManager, getWorkspaceManager } = require('./workspace');
+
+const HEARTBEAT_INTERVAL_MS = 15 * 1000; // Send heartbeat every 15s
+
+// Rate limiting: max commands per window to prevent DoS
+const RATE_LIMIT_WINDOW_MS = 10000;  // 10-second window
+const RATE_LIMIT_MAX_COMMANDS = 20;  // max 20 commands per window (2/sec avg)
+
+class AgentConnection {
+  constructor(serverUrl, apiKey, options = {}) {
+    this._serverUrl = serverUrl;
+    this._apiKey = apiKey;
+    this._socket = null;
+    this._heartbeatInterval = null;
+    this._onStatusChange = options.onStatusChange || (() => {});
+    this._onLog = options.onLog || console.log;
+    this._connected = false;
+    this._prevCpuTimes = null; // For CPU usage delta calculation
+    this._mcpStarting = false; // Prevent double MCP init
+    this._activeProcesses = new Map(); // Track running processes for cleanup
+    this._commandTimestamps = []; // Rate limiting
+    this._auditLog = []; // Command audit log (last 1000 entries)
+  }
+
+  /**
+   * Connect to server
+   */
+  async connect() {
+    if (this._socket) {
+      throw new Error('Already connected. Call disconnect() first.');
+    }
+
+    const { io } = require('socket.io-client');
+
+    this._onLog('Connecting to server...');
+
+    this._socket = io(`${this._serverUrl}/local-agent`, {
+      auth: { apiKey: this._apiKey },
+      transports: ['websocket', 'polling'],
+      reconnection: true,
+      reconnectionDelay: 2000,
+      reconnectionDelayMax: 30000,
+      reconnectionAttempts: Infinity,
+      maxHttpBufferSize: 20 * 1024 * 1024, // 20MB — match server config for large payloads (screenshots, file transfers)
+      pingTimeout: 60000,                   // 60s — allow large payloads to finish transmitting
+    });
+
+    // Connection events
+    this._socket.on('connect', async () => {
+      this._connected = true;
+      this._onStatusChange('connected');
+      this._onLog('Connected to SwarmAI server');
+
+      // Pass server context to commands module for HTTP file uploads
+      setConnectionContext(this._serverUrl, this._apiKey);
+
+      // Pass socket reference for streaming output
+      setSocket(this._socket);
+
+      // Send system info on connect (includes tool registry + MCP tools)
+      // Uses async parallel scanning for faster startup
+      let toolRegistry = {};
+      try {
+        this._onLog('Scanning installed tools...');
+        toolRegistry = await scanToolsAsync().catch(() => scanTools()); // async with sync fallback
+        const installed = Object.entries(toolRegistry).filter(([k, v]) => k !== '_docker' && v.installed).map(([k]) => k);
+        this._onLog(`Found tools: ${installed.join(', ') || 'none'}`);
+        if (toolRegistry._docker?.available) {
+          this._onLog(`Docker: ${toolRegistry._docker.containers.length} running containers, ${toolRegistry._docker.images} images`);
+        }
+      } catch (e) {
+        this._onLog(`Tool scan failed: ${e.message}`);
+      }
+
+      // Start MCP servers (async, non-blocking for initial connect)
+      // Guard with _mcpStarting flag to prevent double-init on rapid reconnect
+      let mcpTools = [];
+      const startMcp = async () => {
+        if (this._mcpStarting) {
+          this._onLog('MCP startup already in progress, skipping');
+          return;
+        }
+        this._mcpStarting = true;
+        try {
+          const { loadConfig } = require('./config');
+          const config = loadConfig();
+          if (config.mcpServers && Object.keys(config.mcpServers).length > 0) {
+            this._onLog('Starting MCP servers...');
+            const { getMcpManager } = require('./mcpManager');
+            const mcpManager = getMcpManager();
+            mcpManager.setLogger(this._onLog);
+            await mcpManager.startAll(config.mcpServers);
+            mcpTools = mcpManager.getAllTools();
+            const servers = mcpManager.getConnectedServers();
+            this._onLog(`MCP: ${servers.length} server(s) active, ${mcpTools.length} tool(s) available`);
+
+            // Send updated system-info with MCP tools
+            if (this._socket && this._connected) {
+              this._socket.emit('system-info', {
+                hostname: os.hostname(),
+                os: os.platform(),
+                osVersion: os.release(),
+                capabilities: getCapabilities(),
+                toolRegistry,
+                mcpTools,
+              });
+            }
+          }
+        } catch (e) {
+          this._onLog(`MCP startup failed: ${e.message}`);
+        } finally {
+          this._mcpStarting = false;
+        }
+      };
+
+      // Emit initial system-info immediately (without MCP tools)
+      this._socket.emit('system-info', {
+        hostname: os.hostname(),
+        os: os.platform(),
+        osVersion: os.release(),
+        capabilities: getCapabilities(),
+        toolRegistry,
+        mcpTools: [],
+      });
+
+      // Start MCP servers in background (will re-emit system-info when ready)
+      startMcp();
+
+      // Scan for local AI providers (Ollama, LM Studio) — async, non-blocking
+      const scanAiServices = async () => {
+        try {
+          const { scanAiProviders } = require('./aiProviderScanner');
+          const aiProviders = await scanAiProviders();
+          if (aiProviders.length > 0 && this._socket && this._connected) {
+            this._socket.emit('ai-providers', { providers: aiProviders });
+            const summary = aiProviders.map(p => `${p.type}(${p.models.length} models)`).join(', ');
+            this._onLog(`AI providers: ${summary}`);
+          }
+        } catch (e) {
+          this._onLog(`AI provider scan failed: ${e.message}`);
+        }
+      };
+      scanAiServices();
+
+      // Initialize workspace shared dirs (temp, downloads)
+      // Use getWorkspaceManager() to avoid re-creating instance on reconnect
+      try {
+        const config = loadConfig();
+        const wsConfig = { ...getWorkspaceDefaults(), ...(config.workspace || {}) };
+        const wm = getWorkspaceManager() || initWorkspaceManager(wsConfig);
+        const shared = wm.initSharedDirs();
+        this._onLog(`Workspace root: ${shared.rootPath}`);
+        // Report workspace paths to server
+        this._socket.emit('workspace:info', shared);
+      } catch (e) {
+        this._onLog(`Workspace init failed: ${e.message}`);
+      }
+
+      // Start periodic cleanup of temp/downloads (clear previous interval on reconnect)
+      if (this._cleanupInterval) {
+        clearInterval(this._cleanupInterval);
+        this._cleanupInterval = null;
+      }
+      const cleanupMs = getWorkspaceDefaults().cleanupIntervalMs;
+      this._cleanupInterval = setInterval(() => {
+        const wm = getWorkspaceManager();
+        if (wm) {
+          const tempDeleted = wm.cleanupTemp();
+          const dlDeleted = wm.cleanupDownloads();
+          if (tempDeleted || dlDeleted) {
+            this._onLog(`Workspace cleanup: ${tempDeleted} temp, ${dlDeleted} downloads removed`);
+          }
+        }
+      }, cleanupMs);
+
+      // Start heartbeat
+      this._startHeartbeat();
+    });
+
+    this._socket.on('disconnect', (reason) => {
+      this._connected = false;
+      this._onStatusChange('disconnected');
+      this._onLog(`Disconnected: ${reason}`);
+      this._stopHeartbeat();
+
+      // Kill any running processes spawned by commands (cliSession, shell, etc.)
+      if (this._activeProcesses.size > 0) {
+        this._onLog(`Cleaning up ${this._activeProcesses.size} running process(es)...`);
+        for (const [pid, info] of this._activeProcesses) {
+          try { process.kill(pid, 'SIGTERM'); } catch { /* already dead */ }
+          this._onLog(`Killed process ${pid} (${info.command})`);
+        }
+        this._activeProcesses.clear();
+      }
+    });
+
+    this._socket.on('connect_error', (error) => {
+      this._onStatusChange('error');
+      this._onLog(`Connection error: ${error.message}`);
+    });
+
+    // Listen for profile workspace requests from server (lazy per-profile init)
+    // Registered outside 'connect' handler to avoid duplicate listeners on reconnect
+    this._socket.on('workspace:init', (data) => {
+      try {
+        const { profileName, systemPrompt } = data || {};
+        const wm = getWorkspaceManager();
+        if (!wm || !profileName) return;
+        const wsPath = wm.ensureProfileWorkspace(profileName, { systemPrompt });
+        this._socket.emit('workspace:ready', { profileName, workspacePath: wsPath });
+        this._onLog(`Profile workspace ready: ${wsPath}`);
+      } catch (e) {
+        this._onLog(`Workspace init for profile failed: ${e.message}`);
+      }
+    });
+
+    // Command handling with rate limiting and audit logging
+    this._socket.on('command', async (data) => {
+      const { commandId, command, params } = data;
+      const startTime = Date.now();
+
+      // Rate limiting
+      const now = Date.now();
+      this._commandTimestamps = this._commandTimestamps.filter(t => now - t < RATE_LIMIT_WINDOW_MS);
+      if (this._commandTimestamps.length >= RATE_LIMIT_MAX_COMMANDS) {
+        this._onLog(`Rate limit exceeded: ${command} (${this._commandTimestamps.length} commands in ${RATE_LIMIT_WINDOW_MS / 1000}s)`);
+        this._socket.emit('command:result', {
+          commandId,
+          error: `Rate limit exceeded: max ${RATE_LIMIT_MAX_COMMANDS} commands per ${RATE_LIMIT_WINDOW_MS / 1000}s. Retry later.`,
+        });
+        return;
+      }
+      this._commandTimestamps.push(now);
+
+      this._onLog(`Received command: ${command}`);
+
+      try {
+        const result = await executeCommand(command, params, commandId);
+        this._socket.emit('command:result', { commandId, result });
+        const duration = Date.now() - startTime;
+        this._onLog(`Command ${command} completed (${duration}ms)`);
+        this._appendAuditEntry(command, params, 'success', duration);
+      } catch (error) {
+        this._socket.emit('command:result', {
+          commandId,
+          error: error.message,
+        });
+        const duration = Date.now() - startTime;
+        this._onLog(`Command ${command} failed: ${error.message}`);
+        this._appendAuditEntry(command, params, 'error', duration, error.message);
+      }
+    });
+
+    // Heartbeat ack
+    this._socket.on('heartbeat:ack', () => {
+      // Server acknowledged heartbeat
+    });
+
+    // Config update from server (e.g., security config changed via frontend)
+    this._socket.on('config:update', (data) => {
+      try {
+        const { security } = data || {};
+        if (security) {
+          const config = loadConfig();
+          config.security = { ...(config.security || {}), ...security };
+          const { saveConfig } = require('./config');
+          saveConfig(config);
+          this._onLog(`Security config updated from server: ${JSON.stringify(security)}`);
+        }
+      } catch (e) {
+        this._onLog(`Config update failed: ${e.message}`);
+      }
+    });
+
+    // Revocation
+    this._socket.on('revoked', (data) => {
+      this._onLog(`Agent revoked: ${data?.reason || 'Access revoked'}`);
+      this.disconnect();
+      process.exit(1);
+    });
+
+    // Wait for initial connection with retry tolerance.
+    // Don't reject on the first connect_error — let Socket.io retry.
+    // Only give up after MAX_INITIAL_RETRIES consecutive failures.
+    const MAX_INITIAL_RETRIES = 10;
+    const INITIAL_TIMEOUT_MS = 60000; // 60s total window for initial connect
+
+    return new Promise((resolve, reject) => {
+      let retryCount = 0;
+
+      const timeout = setTimeout(() => {
+        cleanup();
+        reject(new Error(`Connection timeout after ${INITIAL_TIMEOUT_MS / 1000}s (${retryCount} retries)`));
+      }, INITIAL_TIMEOUT_MS);
+
+      const onConnect = () => {
+        cleanup();
+        resolve();
+      };
+
+      const onError = (err) => {
+        retryCount++;
+        this._onLog(`Connection attempt ${retryCount}/${MAX_INITIAL_RETRIES} failed: ${err.message}`);
+
+        if (retryCount >= MAX_INITIAL_RETRIES) {
+          cleanup();
+          reject(new Error(`${err.message} (after ${retryCount} retries)`));
+        }
+        // Otherwise let Socket.io reconnect automatically
+      };
+
+      const cleanup = () => {
+        clearTimeout(timeout);
+        this._socket.off('connect', onConnect);
+        this._socket.off('connect_error', onError);
+      };
+
+      this._socket.on('connect', onConnect);
+      this._socket.on('connect_error', onError);
+    });
+  }
+
+  /**
+   * Disconnect from server
+   */
+  disconnect() {
+    this._stopHeartbeat();
+
+    // Stop workspace cleanup interval
+    if (this._cleanupInterval) {
+      clearInterval(this._cleanupInterval);
+      this._cleanupInterval = null;
+    }
+
+    // Shutdown MCP servers
+    try {
+      const { getMcpManager } = require('./mcpManager');
+      getMcpManager().disconnectAll();
+    } catch { /* ignore if MCP not loaded */ }
+
+    if (this._socket) {
+      this._socket.disconnect();
+      this._socket = null;
+    }
+    this._connected = false;
+  }
+
+  /**
+   * Check if connected
+   */
+  isConnected() {
+    return this._connected;
+  }
+
+  _startHeartbeat() {
+    this._stopHeartbeat();
+    this._heartbeatInterval = setInterval(() => {
+      if (this._socket && this._connected) {
+        // Enrich heartbeat with system metrics (#9 Health Dashboard)
+        const totalMem = os.totalmem();
+        const freeMem = os.freemem();
+        const cpus = os.cpus();
+
+        // Calculate CPU usage from delta between consecutive heartbeats
+        let cpuUsage = 0;
+        if (cpus.length > 0) {
+          const current = {};
+          for (const cpu of cpus) {
+            for (const type in cpu.times) {
+              current[type] = (current[type] || 0) + cpu.times[type];
+            }
+          }
+
+          if (this._prevCpuTimes) {
+            const idleDelta = current.idle - this._prevCpuTimes.idle;
+            let totalDelta = 0;
+            for (const type in current) {
+              totalDelta += (current[type] - (this._prevCpuTimes[type] || 0));
+            }
+            if (totalDelta > 0) {
+              cpuUsage = Math.round(100 - (idleDelta / totalDelta * 100));
+              cpuUsage = Math.max(0, Math.min(100, cpuUsage));
+            }
+          }
+          this._prevCpuTimes = current;
+        }
+
+        this._socket.emit('heartbeat', {
+          timestamp: Date.now(),
+          metrics: {
+            cpu: { usage: cpuUsage, cores: cpus.length },
+            memory: {
+              used: Math.round((totalMem - freeMem) / (1024 * 1024)),
+              total: Math.round(totalMem / (1024 * 1024)),
+              unit: 'MB',
+            },
+            uptime: Math.round(os.uptime()),
+            loadAvg: os.loadavg().map(v => Math.round(v * 100) / 100),
+          },
+        });
+      }
+    }, HEARTBEAT_INTERVAL_MS);
+  }
+
+  _stopHeartbeat() {
+    if (this._heartbeatInterval) {
+      clearInterval(this._heartbeatInterval);
+      this._heartbeatInterval = null;
+    }
+  }
+
+  /**
+   * Append command audit entry to in-memory log and persist to file.
+   * Keeps last 1000 entries in memory, writes all to disk for forensics.
+   */
+  _appendAuditEntry(command, params, status, durationMs, error) {
+    const entry = {
+      ts: new Date().toISOString(),
+      command,
+      params: _sanitizeAuditParams(params),
+      status,
+      durationMs,
+      ...(error ? { error: error.substring(0, 200) } : {}),
+    };
+
+    // In-memory ring buffer (last 1000)
+    this._auditLog.push(entry);
+    if (this._auditLog.length > 1000) this._auditLog.shift();
+
+    // Persist to disk (append, non-blocking)
+    try {
+      const { CONFIG_DIR } = require('./config');
+      const fs = require('fs');
+      const logPath = require('path').join(CONFIG_DIR, 'command-audit.log');
+      const line = JSON.stringify(entry) + '\n';
+      fs.appendFile(logPath, line, () => {}); // fire-and-forget
+    } catch { /* non-critical */ }
+  }
+}
+
+/**
+ * Sanitize params for audit log — redact sensitive fields, truncate large values.
+ */
+function _sanitizeAuditParams(params) {
+  if (!params || typeof params !== 'object') return params;
+  const sanitized = {};
+  for (const [key, value] of Object.entries(params)) {
+    if (/password|secret|token|apiKey|key/i.test(key)) {
+      sanitized[key] = '[REDACTED]';
+    } else if (typeof value === 'string' && value.length > 200) {
+      sanitized[key] = value.substring(0, 200) + '...(truncated)';
+    } else {
+      sanitized[key] = value;
+    }
+  }
+  return sanitized;
+}
+
+module.exports = { AgentConnection };