@swarmclawai/swarmclaw 0.5.2 → 0.5.3

package/src/lib/server/create-notification.ts

@@ -0,0 +1,30 @@
+import { genId } from '@/lib/id'
+import { saveNotification } from '@/lib/server/storage'
+import { notify } from '@/lib/server/ws-hub'
+import type { AppNotification } from '@/types'
+
+/**
+ * Create and persist a notification, then push a WS invalidation.
+ */
+export function createNotification(opts: {
+  type: AppNotification['type']
+  title: string
+  message?: string
+  entityType?: string
+  entityId?: string
+}) {
+  const id = genId()
+  const notification: AppNotification = {
+    id,
+    type: opts.type,
+    title: opts.title,
+    message: opts.message,
+    entityType: opts.entityType,
+    entityId: opts.entityId,
+    read: false,
+    createdAt: Date.now(),
+  }
+  saveNotification(id, notification)
+  notify('notifications')
+  return notification
+}

package/src/lib/server/daemon-state.ts

@@ -17,6 +17,7 @@ import { enqueueSessionRun } from './session-run-manager'
 import { WORKSPACE_DIR } from './data-dir'
 import { genId } from '@/lib/id'
 import type { WebhookRetryEntry } from '@/types'
+import { createNotification } from '@/lib/server/create-notification'
 
 const QUEUE_CHECK_INTERVAL = 30_000 // 30 seconds
 const BROWSER_SWEEP_INTERVAL = 60_000 // 60 seconds
@@ -254,6 +255,13 @@ async function runConnectorHealthChecks(now: number) {
       connectors[connector.id] = connector
       saveConnectors(connectors)
       ds.connectorRestartState.delete(connector.id)
+      createNotification({
+        type: 'error',
+        title: `Connector "${connector.name}" failed`,
+        message: `Auto-restart gave up after ${MAX_WAKE_ATTEMPTS} consecutive failures.`,
+        entityType: 'connector',
+        entityId: connector.id,
+      })
       continue
     }
 

package/src/lib/server/storage.ts

@@ -51,6 +51,7 @@ const COLLECTIONS = [
   'projects',
   'activity',
   'webhook_retry_queue',
+  'notifications',
 ] as const
 
 for (const table of COLLECTIONS) {
@@ -775,6 +776,32 @@ export function deleteWebhookRetry(id: string) {
   deleteCollectionItem('webhook_retry_queue', id)
 }
 
+// --- Notifications ---
+export function loadNotifications(): Record<string, unknown> {
+  return loadCollection('notifications')
+}
+
+export function saveNotification(id: string, data: unknown) {
+  upsertCollectionItem('notifications', id, data)
+}
+
+export function deleteNotification(id: string) {
+  deleteCollectionItem('notifications', id)
+}
+
+export function markNotificationRead(id: string) {
+  const raw = getCollectionRawCache('notifications')
+  const json = raw.get(id)
+  if (!json) return
+  try {
+    const notification = JSON.parse(json) as Record<string, unknown>
+    notification.read = true
+    upsertCollectionItem('notifications', id, notification)
+  } catch {
+    // ignore malformed
+  }
+}
+
 export function getSessionMessages(sessionId: string): Message[] {
   const stmt = db.prepare('SELECT data FROM sessions WHERE id = ?')
   const row = stmt.get(sessionId) as { data: string } | undefined

package/src/proxy.ts

@@ -1,9 +1,52 @@
 import { NextResponse } from 'next/server'
 import type { NextRequest } from 'next/server'
 
-/** Simple access key auth proxy.
+/* ------------------------------------------------------------------ */
+/*  Rate-limit state — HMR-safe via globalThis                        */
+/* ------------------------------------------------------------------ */
+
+interface RateLimitEntry {
+  count: number
+  lockedUntil: number
+}
+
+const rateLimitMap = (
+  (globalThis as Record<string, unknown>).__swarmclaw_rate_limit__ ??= new Map()
+) as Map<string, RateLimitEntry>
+
+const MAX_ATTEMPTS = 5
+const LOCKOUT_MS = 15 * 60 * 1000 // 15 minutes
+const PRUNE_THRESHOLD = 1000
+
+/** Prune expired entries when the map grows too large. */
+function pruneRateLimitMap() {
+  if (rateLimitMap.size <= PRUNE_THRESHOLD) return
+  const now = Date.now()
+  rateLimitMap.forEach((entry, ip) => {
+    if (entry.lockedUntil < now && entry.count < MAX_ATTEMPTS) {
+      rateLimitMap.delete(ip)
+    }
+  })
+}
+
+/** Extract client IP from the request. */
+function getClientIp(request: NextRequest): string {
+  const forwarded = request.headers.get('x-forwarded-for')
+  if (forwarded) {
+    const first = forwarded.split(',')[0]?.trim()
+    if (first) return first
+  }
+  return (request as unknown as { ip?: string }).ip ?? 'unknown'
+}
+
+/* ------------------------------------------------------------------ */
+/*  Proxy                                                              */
+/* ------------------------------------------------------------------ */
+
+/** Access key auth proxy with brute-force rate limiting.
  *  Checks X-Access-Key header or ?key= param on all /api/ routes except /api/auth.
  *  The key is validated against the ACCESS_KEY env var.
+ *  After 5 failed attempts from a single IP the client is locked out for 15 minutes.
  */
 export function proxy(request: NextRequest) {
   const { pathname } = request.nextUrl
@@ -29,13 +72,47 @@ export function proxy(request: NextRequest) {
     return NextResponse.next()
   }
 
+  // --- Rate-limit housekeeping ---
+  pruneRateLimitMap()
+
+  const clientIp = getClientIp(request)
+  const entry = rateLimitMap.get(clientIp)
+
+  // Check lockout before even validating the key
+  if (entry && entry.lockedUntil > Date.now()) {
+    const retryAfter = Math.ceil((entry.lockedUntil - Date.now()) / 1000)
+    return NextResponse.json(
+      { error: 'Too many failed attempts. Try again later.', retryAfter },
+      { status: 429, headers: { 'Retry-After': String(retryAfter) } },
+    )
+  }
+
   const providedKey =
     request.headers.get('x-access-key')
     || request.nextUrl.searchParams.get('key')
     || ''
 
   if (providedKey !== accessKey) {
-    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    // Record the failed attempt
+    const current = rateLimitMap.get(clientIp) ?? { count: 0, lockedUntil: 0 }
+    current.count += 1
+
+    if (current.count >= MAX_ATTEMPTS) {
+      current.lockedUntil = Date.now() + LOCKOUT_MS
+    }
+
+    rateLimitMap.set(clientIp, current)
+
+    const remaining = Math.max(0, MAX_ATTEMPTS - current.count)
+    return NextResponse.json(
+      { error: 'Unauthorized' },
+      { status: 401, headers: { 'X-RateLimit-Remaining': String(remaining) } },
+    )
+  }
+
+  // Successful auth — clear any prior failed-attempt tracking for this IP
+  if (entry) {
+    rateLimitMap.delete(clientIp)
   }
 
   return NextResponse.next()

package/src/stores/use-app-store.ts

@@ -1,7 +1,7 @@
 'use client'
 
 import { create } from 'zustand'
-import type { Sessions, Session, NetworkInfo, Directory, ProviderInfo, Credentials, Agent, Schedule, AppView, BoardTask, AppSettings, OrchestratorSecret, ProviderConfig, Skill, Connector, Webhook, McpServerConfig, PluginMeta, Project, FleetFilter, ActivityEntry } from '../types'
+import type { Sessions, Session, NetworkInfo, Directory, ProviderInfo, Credentials, Agent, Schedule, AppView, BoardTask, AppSettings, OrchestratorSecret, ProviderConfig, Skill, Connector, Webhook, McpServerConfig, PluginMeta, Project, FleetFilter, ActivityEntry, AppNotification } from '../types'
 import { fetchSessions, fetchDirs, fetchProviders, fetchCredentials } from '../lib/sessions'
 import { fetchAgents } from '../lib/agents'
 import { fetchSchedules } from '../lib/schedules'
@@ -184,6 +184,14 @@ interface AppState {
   activityEntries: ActivityEntry[]
   loadActivity: (filters?: { entityType?: string; limit?: number }) => Promise<void>
 
+  // Notifications
+  notifications: AppNotification[]
+  unreadNotificationCount: number
+  loadNotifications: () => Promise<void>
+  markNotificationRead: (id: string) => Promise<void>
+  markAllNotificationsRead: () => Promise<void>
+  clearReadNotifications: () => Promise<void>
+
 }
 
 export const useAppStore = create<AppState>((set, get) => ({
@@ -591,4 +599,53 @@ export const useAppStore = create<AppState>((set, get) => ({
     }
   },
 
+  // Notifications
+  notifications: [],
+  unreadNotificationCount: 0,
+  loadNotifications: async () => {
+    try {
+      const notifications = await api<AppNotification[]>('GET', '/notifications')
+      set({
+        notifications,
+        unreadNotificationCount: notifications.filter((n) => !n.read).length,
+      })
+    } catch {
+      // ignore
+    }
+  },
+  markNotificationRead: async (id) => {
+    const notifications = get().notifications.map((n) =>
+      n.id === id ? { ...n, read: true } : n,
+    )
+    set({
+      notifications,
+      unreadNotificationCount: notifications.filter((n) => !n.read).length,
+    })
+    try {
+      await api('PUT', `/notifications/${id}`, { read: true })
+    } catch {
+      // ignore
+    }
+  },
+  markAllNotificationsRead: async () => {
+    const notifications = get().notifications.map((n) => ({ ...n, read: true }))
+    set({ notifications, unreadNotificationCount: 0 })
+    try {
+      await Promise.all(
+        get().notifications.filter((n) => !n.read).map((n) => api('PUT', `/notifications/${n.id}`, { read: true })),
+      )
+    } catch {
+      // ignore
+    }
+  },
+  clearReadNotifications: async () => {
+    const notifications = get().notifications.filter((n) => !n.read)
+    set({ notifications, unreadNotificationCount: notifications.length })
+    try {
+      await api('DELETE', '/notifications')
+    } catch {
+      // ignore
+    }
+  },
+
 }))

package/src/types/index.ts

@@ -375,6 +375,19 @@ export interface Project {
   updatedAt: number
 }
 
+// --- Notifications ---
+
+export interface AppNotification {
+  id: string
+  type: 'info' | 'success' | 'warning' | 'error'
+  title: string
+  message?: string
+  entityType?: string
+  entityId?: string
+  read: boolean
+  createdAt: number
+}
+
 // --- Session Runs ---
 
 export type SessionRunStatus = 'queued' | 'running' | 'completed' | 'failed' | 'cancelled'