@tokenbuddy/tb-admin 1.0.14 → 1.0.27

package/src/ui-command.ts

@@ -0,0 +1,39 @@
+import { Command } from "commander";
+import { ConfigManager } from "./config.js";
+import { startAdminUiServer } from "./ui-server.js";
+
+export function bindAdminUiCommand(program: Command, configManager: ConfigManager): void {
+  program
+    .command("ui")
+    .description("Start the local TokenBuddy admin UI")
+    .option("--host <host>", "Local bind host", "127.0.0.1")
+    .option("--port <port>", "Local bind port", parsePort, 17822)
+    .option("--no-open", "Do not open a browser")
+    .action(async (options) => {
+      try {
+        const rootOptions = program.opts();
+        const started = await startAdminUiServer({
+          host: options.host,
+          port: options.port,
+          openBrowser: Boolean(options.open),
+          configManager,
+          configPath: rootOptions.config,
+          profile: rootOptions.profile || process.env.TOKENBUDDY_ADMIN_PROFILE || "bootstrap",
+          url: rootOptions.url || process.env.TOKENBUDDY_ADMIN_URL,
+          token: rootOptions.token || process.env.TOKENBUDDY_ADMIN_TOKEN
+        });
+        console.log(`TokenBuddy admin UI listening on ${started.url}`);
+      } catch (err: any) {
+        console.error("Error:", err.message);
+        process.exit(1);
+      }
+    });
+}
+
+function parsePort(value: string): number {
+  const parsed = Number(value);
+  if (!Number.isInteger(parsed)) {
+    throw new Error("port must be an integer");
+  }
+  return parsed;
+}

package/src/ui-server.ts

@@ -0,0 +1,322 @@
+import * as http from "http";
+import { randomBytes } from "crypto";
+import { URL } from "url";
+import { ConfigManager } from "./config.js";
+import { AdminUiState } from "./ui-state.js";
+import { UiActions, type CreateSellerRequest, type UiActionProgressEvent, type UiActionResult } from "./ui-actions.js";
+import { adminUiHtml } from "./ui-static.js";
+
+export interface AdminUiServerOptions {
+  host: string;
+  port: number;
+  openBrowser: boolean;
+  configManager: ConfigManager;
+  configPath?: string;
+  profile?: string;
+  url?: string;
+  token?: string;
+  fetchJson?: (url: string, init?: RequestInit) => Promise<unknown>;
+  balanceFetch?: typeof fetch;
+  commandRunner?: (args: string[], timeoutMs: number) => Promise<UiActionResult>;
+}
+
+export interface StartedAdminUiServer {
+  server: http.Server;
+  url: string;
+}
+
+type UiJobStatus = "running" | "succeeded" | "failed";
+
+interface UiJob {
+  id: string;
+  kind: "create_seller";
+  status: UiJobStatus;
+  startedAt: string;
+  updatedAt: string;
+  title: string;
+  events: UiActionProgressEvent[];
+  result?: unknown;
+  error?: string;
+}
+
+export async function startAdminUiServer(options: AdminUiServerOptions): Promise<StartedAdminUiServer> {
+  assertSafeHost(options.host);
+  assertSafePort(options.port);
+
+  const state = new AdminUiState(options);
+  const actions = new UiActions(options);
+  const jobs = new Map<string, UiJob>();
+  const server = http.createServer(async (req, res) => {
+    try {
+      await routeRequest(req, res, state, actions, jobs);
+    } catch (err: any) {
+      sendJson(res, 500, { error: err.message || "internal error" });
+    }
+  });
+
+  await new Promise<void>((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(options.port, options.host, () => {
+      server.off("error", reject);
+      resolve();
+    });
+  });
+
+  const address = server.address();
+  const actualPort = typeof address === "object" && address ? address.port : options.port;
+  const url = `http://${options.host}:${actualPort}/`;
+  if (options.openBrowser) {
+    openLocalBrowser(url).catch(() => undefined);
+  }
+  return { server, url };
+}
+
+async function routeRequest(
+  req: http.IncomingMessage,
+  res: http.ServerResponse,
+  state: AdminUiState,
+  actions: UiActions,
+  jobs: Map<string, UiJob>
+): Promise<void> {
+  const parsed = new URL(req.url || "/", "http://127.0.0.1");
+  if (req.method === "GET" && parsed.pathname === "/") {
+    sendHtml(res, adminUiHtml());
+    return;
+  }
+  if (req.method === "GET" && parsed.pathname === "/favicon.ico") {
+    res.writeHead(204, { "Cache-Control": "no-store" });
+    res.end();
+    return;
+  }
+  if (parsed.pathname.startsWith("/api/") && !isValidUiOrigin(req)) {
+    sendJson(res, 403, { error: "invalid UI origin" });
+    return;
+  }
+
+  if (req.method === "GET" && parsed.pathname === "/api/bootstrap") {
+    sendJson(res, 200, await state.bootstrap());
+    return;
+  }
+  if (req.method === "GET" && parsed.pathname === "/api/bootstrap/config") {
+    sendJson(res, 200, await state.bootstrapConfig());
+    return;
+  }
+  if (req.method === "GET" && parsed.pathname === "/api/sellers") {
+    sendJson(res, 200, await state.sellers());
+    return;
+  }
+  if (req.method === "POST" && parsed.pathname === "/api/sellers") {
+    const body = await readJson(req) as CreateSellerRequest;
+    const job = startCreateSellerJob(jobs, actions, body);
+    sendJson(res, 202, { jobId: job.id, job });
+    return;
+  }
+
+  const jobMatch = parsed.pathname.match(/^\/api\/jobs\/([^/]+)$/);
+  if (req.method === "GET" && jobMatch) {
+    const job = jobs.get(decodeURIComponent(jobMatch[1]));
+    if (!job) {
+      sendJson(res, 404, { error: "job not found" });
+      return;
+    }
+    sendJson(res, 200, job);
+    return;
+  }
+
+  const sellerMatch = parsed.pathname.match(/^\/api\/sellers\/([^/]+)(?:\/([^/]+))?$/);
+  if (sellerMatch) {
+    const id = decodeURIComponent(sellerMatch[1]);
+    const subroute = sellerMatch[2];
+    if (req.method === "GET" && !subroute) {
+      sendJson(res, 200, await state.sellerDetail(id));
+      return;
+    }
+    if (req.method === "GET" && subroute === "models") {
+      const detail = await state.sellerDetail(id);
+      sendJson(res, 200, detail.models);
+      return;
+    }
+    if (req.method === "PUT" && subroute === "config") {
+      sendJson(res, 200, await actions.updateSellerConfig(id, await readJson(req) as Record<string, unknown>));
+      return;
+    }
+    if (req.method === "POST" && (subroute === "offline" || subroute === "drain" || subroute === "activate")) {
+      const status = subroute === "drain" ? "draining" : subroute === "activate" ? "active" : "offline";
+      sendJson(res, 200, await actions.setRegistryStatus(id, status));
+      return;
+    }
+    if (req.method === "DELETE" && subroute === "deployment") {
+      const body = await readJson(req).catch(() => ({})) as { confirm?: boolean };
+      sendJson(res, 200, await actions.deleteDeployment(id, Boolean(body.confirm)));
+      return;
+    }
+  }
+
+  sendJson(res, 404, { error: "not found" });
+}
+
+function startCreateSellerJob(jobs: Map<string, UiJob>, actions: UiActions, request: CreateSellerRequest): UiJob {
+  const now = new Date().toISOString();
+  const job: UiJob = {
+    id: randomBytes(12).toString("hex"),
+    kind: "create_seller",
+    status: "running",
+    startedAt: now,
+    updatedAt: now,
+    title: `Create seller ${request.sellerName || ""}`.trim(),
+    events: []
+  };
+  jobs.set(job.id, job);
+  actions.createSeller(request, (event) => {
+    const safeEvent = sanitizeProgressEvent(event);
+    job.events = [...job.events.filter((item) => item.stepId !== safeEvent.stepId), safeEvent];
+    job.updatedAt = new Date().toISOString();
+  }).then((result) => {
+    job.status = result.result.ok
+      && (!result.readiness || result.readiness.ok)
+      && (!result.configPut || result.configPut.ok)
+      && (!result.modelsRefresh || result.modelsRefresh.ok)
+      && (!result.registryPublish || result.registryPublish.ok)
+      ? "succeeded"
+      : "failed";
+    job.result = sanitizeJobResult(result);
+    job.updatedAt = new Date().toISOString();
+  }).catch((err: any) => {
+    job.status = "failed";
+    job.error = redactSensitive(err.message || "create seller failed");
+    job.updatedAt = new Date().toISOString();
+  });
+  pruneJobs(jobs);
+  return job;
+}
+
+function sanitizeProgressEvent(event: UiActionProgressEvent): UiActionProgressEvent {
+  return {
+    ...event,
+    message: event.message ? redactSensitive(event.message) : undefined,
+    result: event.result ? sanitizeActionResult(event.result) : undefined
+  };
+}
+
+function sanitizeJobResult(value: unknown): unknown {
+  if (!value || typeof value !== "object") {
+    return value;
+  }
+  const input = value as Record<string, unknown>;
+  return Object.fromEntries(Object.entries(input).map(([key, entry]) => {
+    if (entry && typeof entry === "object" && "command" in entry) {
+      return [key, sanitizeActionResult(entry as unknown as UiActionResult)];
+    }
+    if (entry && typeof entry === "object") {
+      return [key, sanitizeJobResult(entry)];
+    }
+    return [key, typeof entry === "string" ? redactSensitive(entry) : entry];
+  }));
+}
+
+function sanitizeActionResult(result: UiActionResult): UiActionResult {
+  return {
+    ok: result.ok,
+    stdout: redactSensitive(result.stdout),
+    stderr: redactSensitive(result.stderr),
+    command: redactCommand(result.command)
+  };
+}
+
+function redactCommand(command: string[]): string[] {
+  return command.map((part, index) => {
+    const prev = command[index - 1];
+    if (prev === "--operator-secret" || prev === "--token" || prev === "--api-key") {
+      return "********";
+    }
+    return redactSensitive(part);
+  });
+}
+
+function redactSensitive(value: string): string {
+  return value.replace(/(sk-[A-Za-z0-9_-]+)/g, "********")
+    .replace(/(operatorSecret|upstreamApiKey|token|apiKey|sm4KeyBase64|clawtipSm4KeyBase64)["'=:\s]+([^"',\s]+)/gi, "$1=********");
+}
+
+function pruneJobs(jobs: Map<string, UiJob>): void {
+  const maxJobs = 20;
+  if (jobs.size <= maxJobs) {
+    return;
+  }
+  const stale = Array.from(jobs.values()).sort((a, b) => a.updatedAt.localeCompare(b.updatedAt));
+  for (const job of stale.slice(0, jobs.size - maxJobs)) {
+    jobs.delete(job.id);
+  }
+}
+
+function isValidUiOrigin(req: http.IncomingMessage): boolean {
+  const origin = headerValue(req.headers.origin);
+  if (!origin) {
+    return true;
+  }
+  const host = headerValue(req.headers.host);
+  if (!host) {
+    return false;
+  }
+  try {
+    const parsed = new URL(origin);
+    return parsed.protocol === "http:" && parsed.host === host;
+  } catch {
+    return false;
+  }
+}
+
+function headerValue(value: string | string[] | undefined): string | undefined {
+  return Array.isArray(value) ? value[0] : value;
+}
+
+function sendHtml(res: http.ServerResponse, html: string): void {
+  res.writeHead(200, {
+    "Content-Type": "text/html; charset=utf-8",
+    "Cache-Control": "no-store"
+  });
+  res.end(html);
+}
+
+function sendJson(res: http.ServerResponse, status: number, body: unknown): void {
+  res.writeHead(status, {
+    "Content-Type": "application/json; charset=utf-8",
+    "Cache-Control": "no-store"
+  });
+  res.end(JSON.stringify(body));
+}
+
+async function readJson(req: http.IncomingMessage): Promise<unknown> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of req) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  const raw = Buffer.concat(chunks).toString("utf8").trim();
+  return raw ? JSON.parse(raw) : {};
+}
+
+function assertSafeHost(host: string): void {
+  if (host !== "127.0.0.1" && host !== "localhost" && host !== "::1") {
+    throw new Error("tb-admin ui only supports loopback hosts");
+  }
+}
+
+function assertSafePort(port: number): void {
+  if (!Number.isInteger(port) || port < 0 || port > 65535) {
+    throw new Error("port must be between 0 and 65535");
+  }
+  if (port === 12571 || port === 15721 || port === 17820 || port === 17821) {
+    throw new Error(`port ${port} is reserved`);
+  }
+}
+
+async function openLocalBrowser(url: string): Promise<void> {
+  const { spawn } = await import("child_process");
+  const command = process.platform === "darwin"
+    ? "open"
+    : process.platform === "win32"
+      ? "cmd"
+      : "xdg-open";
+  const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
+  spawn(command, args, { shell: false, stdio: "ignore", detached: true }).unref();
+}