@versdotsh/reef 0.1.2

package/services/services/index.ts

@@ -0,0 +1,165 @@
+/**
+ * Services manager module — runtime management of service modules.
+ *
+ * This is the service that manages all other services. It's loaded by the
+ * same discovery scan as everything else, but uses the enriched ServiceContext
+ * to add, update, and remove modules at runtime.
+ *
+ *   GET    /services               — list loaded modules
+ *   POST   /services/reload        — re-scan directory, load new & update changed
+ *   POST   /services/reload/:name  — reload a specific module
+ *   DELETE /services/:name         — unload a module
+ */
+
+import { readdirSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { Hono } from "hono";
+import type { ServiceModule, ServiceContext } from "../src/core/types.js";
+
+let ctx: ServiceContext;
+
+const routes = new Hono();
+
+// List all loaded modules
+routes.get("/", (c) => {
+  const modules = ctx.getModules().map((m) => ({
+    name: m.name,
+    description: m.description,
+    hasRoutes: !!m.routes,
+    hasTools: !!m.registerTools,
+    hasBehaviors: !!m.registerBehaviors,
+    hasWidget: !!m.widget,
+    mountAtRoot: !!m.mountAtRoot,
+    dependencies: m.dependencies ?? [],
+  }));
+  return c.json({ modules, count: modules.length });
+});
+
+// Reload all — re-scan directory, add new, update changed, remove deleted
+routes.post("/reload", async (c) => {
+  const servicesDir = ctx.servicesDir;
+
+  if (!existsSync(servicesDir)) {
+    return c.json({ error: `Services directory not found: ${servicesDir}` }, 400);
+  }
+
+  const entries = readdirSync(servicesDir, { withFileTypes: true });
+  const results: Array<{ name: string; action: string }> = [];
+  const errors: Array<{ dir: string; error: string }> = [];
+
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    if (!existsSync(join(servicesDir, entry.name, "index.ts"))) continue;
+
+    try {
+      const result = await ctx.loadModule(entry.name);
+      results.push(result);
+      console.log(`  [reload] /${result.name} — ${result.action}`);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      errors.push({ dir: entry.name, error: msg });
+      console.error(`  [reload] services/${entry.name}: ${msg}`);
+    }
+  }
+
+  // Remove modules whose directories no longer exist
+  const currentDirs = new Set(
+    entries.filter((e) => e.isDirectory()).map((e) => e.name),
+  );
+  for (const mod of ctx.getModules()) {
+    // Don't remove modules that still have a directory
+    if (currentDirs.has(mod.name)) continue;
+    // Don't let the services manager remove itself
+    if (mod.name === "services") continue;
+
+    await ctx.unloadModule(mod.name);
+    results.push({ name: mod.name, action: "removed" });
+    console.log(`  [reload] /${mod.name} — removed`);
+  }
+
+  return c.json({ results, errors });
+});
+
+// Reload a specific module by name
+routes.post("/reload/:name", async (c) => {
+  const name = c.req.param("name");
+
+  // Check if it exists as a directory
+  const dirPath = join(ctx.servicesDir, name);
+  if (!existsSync(join(dirPath, "index.ts"))) {
+    return c.json({ error: `No service directory "${name}" with index.ts found` }, 404);
+  }
+
+  try {
+    const result = await ctx.loadModule(name);
+    console.log(`  [reload] /${result.name} — ${result.action}`);
+    return c.json(result);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return c.json({ error: msg }, 400);
+  }
+});
+
+// Export a module as a tarball
+routes.get("/export/:name", async (c) => {
+  const name = c.req.param("name");
+  const mod = ctx.getModule(name);
+
+  if (!mod) {
+    return c.json({ error: `Module "${name}" not found` }, 404);
+  }
+
+  const dirPath = join(ctx.servicesDir, name);
+  if (!existsSync(dirPath)) {
+    return c.json({ error: `Service directory "${name}" not found on disk` }, 404);
+  }
+
+  try {
+    const { execSync } = await import("node:child_process");
+    const tarball = execSync(`tar -czf - -C "${ctx.servicesDir}" "${name}"`, {
+      maxBuffer: 50 * 1024 * 1024, // 50MB
+    });
+
+    return new Response(tarball, {
+      headers: {
+        "Content-Type": "application/gzip",
+        "Content-Disposition": `attachment; filename="${name}.tar.gz"`,
+        "X-Service-Name": mod.name,
+        "X-Service-Description": mod.description || "",
+      },
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return c.json({ error: `Failed to export: ${msg}` }, 500);
+  }
+});
+
+// Unload a module
+routes.delete("/:name", async (c) => {
+  const name = c.req.param("name");
+
+  if (name === "services") {
+    return c.json({ error: "Cannot unload the services manager" }, 400);
+  }
+
+  const mod = ctx.getModule(name);
+  if (!mod) {
+    return c.json({ error: `Module "${name}" not found` }, 404);
+  }
+
+  await ctx.unloadModule(name);
+  console.log(`  [unload] /${name} — removed`);
+  return c.json({ name, action: "removed" });
+});
+
+const services: ServiceModule = {
+  name: "services",
+  description: "Service module manager",
+  routes,
+
+  init(serviceCtx: ServiceContext) {
+    ctx = serviceCtx;
+  },
+};
+
+export default services;

package/services/ui/auth.ts

@@ -0,0 +1,61 @@
+/**
+ * Magic link auth for the web UI.
+ *
+ * Flow: agent generates a magic link via POST /auth/magic-link (bearer auth),
+ * user opens it in browser, gets a session cookie, UI proxies API calls.
+ */
+
+import { ulid } from "ulid";
+
+interface MagicLink {
+  token: string;
+  expiresAt: string;
+}
+
+interface Session {
+  id: string;
+  createdAt: string;
+  expiresAt: string;
+}
+
+const magicLinks = new Map<string, MagicLink>();
+const sessions = new Map<string, Session>();
+
+const LINK_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const SESSION_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+
+export function createMagicLink(): MagicLink {
+  const token = ulid();
+  const expiresAt = new Date(Date.now() + LINK_TTL_MS).toISOString();
+  const link: MagicLink = { token, expiresAt };
+  magicLinks.set(token, link);
+  return link;
+}
+
+export function consumeMagicLink(token: string): boolean {
+  const link = magicLinks.get(token);
+  if (!link) return false;
+  magicLinks.delete(token);
+  return new Date(link.expiresAt).getTime() > Date.now();
+}
+
+export function createSession(): Session {
+  const session: Session = {
+    id: ulid(),
+    createdAt: new Date().toISOString(),
+    expiresAt: new Date(Date.now() + SESSION_TTL_MS).toISOString(),
+  };
+  sessions.set(session.id, session);
+  return session;
+}
+
+export function validateSession(sessionId: string | undefined): boolean {
+  if (!sessionId) return false;
+  const session = sessions.get(sessionId);
+  if (!session) return false;
+  if (new Date(session.expiresAt).getTime() < Date.now()) {
+    sessions.delete(sessionId);
+    return false;
+  }
+  return true;
+}

package/services/ui/index.ts

@@ -0,0 +1,16 @@
+/**
+ * UI service module — web dashboard with magic link auth and API proxy.
+ */
+
+import type { ServiceModule } from "../src/core/types.js";
+import { createRoutes } from "./routes.js";
+
+const ui: ServiceModule = {
+  name: "ui",
+  description: "Web dashboard",
+  routes: createRoutes(),
+  mountAtRoot: true, // Serves at /ui/*, /auth/* — handles its own session auth
+  requiresAuth: false,
+};
+
+export default ui;

package/services/ui/routes.ts

@@ -0,0 +1,160 @@
+/**
+ * UI routes — serves the dashboard, handles magic link auth, proxies API calls.
+ */
+
+import { Hono } from "hono";
+import { createMagicLink, consumeMagicLink, createSession, validateSession } from "./auth.js";
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+
+const AUTH_TOKEN = process.env.VERS_AUTH_TOKEN || "test-token";
+
+function getStaticDir(): string {
+  return join(import.meta.dir, "static");
+}
+
+function getSessionId(c: any): string | undefined {
+  const cookie = c.req.header("cookie") || "";
+  const match = cookie.match(/(?:^|;\s*)session=([^;]+)/);
+  return match?.[1];
+}
+
+function hasBearerAuth(c: any): boolean {
+  const auth = c.req.header("authorization") || "";
+  return auth === `Bearer ${AUTH_TOKEN}`;
+}
+
+export function createRoutes(): Hono {
+  const routes = new Hono();
+
+  // --- Auth ---
+
+  // Generate magic link (requires bearer auth)
+  routes.post("/auth/magic-link", (c) => {
+    if (!hasBearerAuth(c)) return c.json({ error: "Unauthorized" }, 401);
+
+    const link = createMagicLink();
+    const host = c.req.header("host") || "localhost:3000";
+    const proto = c.req.header("x-forwarded-proto") || "https";
+    const url = `${proto}://${host}/ui/login?token=${link.token}`;
+    return c.json({ url, expiresAt: link.expiresAt });
+  });
+
+  // Login page / magic link consumer
+  routes.get("/ui/login", (c) => {
+    const token = c.req.query("token");
+
+    if (token) {
+      const valid = consumeMagicLink(token);
+      if (valid) {
+        const session = createSession();
+        return c.html(
+          `<html><head><meta http-equiv="refresh" content="0;url=/ui/"></head></html>`,
+          200,
+          { "Set-Cookie": `session=${session.id}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400` },
+        );
+      }
+      return c.html(`
+        <html><body style="background:#0a0a0a;color:#f55;font-family:monospace;padding:2em">
+          <h2>Invalid or expired link</h2>
+          <p>Request a new magic link from the API.</p>
+        </body></html>
+      `, 401);
+    }
+
+    return c.html(`
+      <html><body style="background:#0a0a0a;color:#888;font-family:monospace;padding:2em">
+        <h2>Fleet Services Dashboard</h2>
+        <p>Access requires a magic link. Generate one via:</p>
+        <pre style="color:#4f9">POST /auth/magic-link</pre>
+      </body></html>
+    `);
+  });
+
+  // --- Session-protected UI routes ---
+
+  routes.use("/ui/*", async (c, next) => {
+    const path = new URL(c.req.url).pathname;
+    if (path === "/ui/login" || path.startsWith("/ui/static/")) return next();
+
+    // In dev mode (no auth token set), skip session check
+    if (!process.env.VERS_AUTH_TOKEN) return next();
+
+    const sessionId = getSessionId(c);
+    if (!validateSession(sessionId)) return c.redirect("/ui/login");
+    return next();
+  });
+
+  // Dashboard
+  routes.get("/ui/", (c) => {
+    try {
+      const html = readFileSync(join(getStaticDir(), "index.html"), "utf-8");
+      return c.html(html);
+    } catch {
+      return c.text("Dashboard files not found", 500);
+    }
+  });
+
+  // Static files
+  routes.get("/ui/static/:file", (c) => {
+    const file = c.req.param("file");
+    if (file.includes("..") || file.includes("/")) return c.text("Not found", 404);
+
+    try {
+      const content = readFileSync(join(getStaticDir(), file), "utf-8");
+      const ext = file.split(".").pop();
+      const contentType =
+        ext === "css" ? "text/css" :
+        ext === "js" ? "application/javascript" :
+        "text/plain";
+      return c.body(content, 200, { "Content-Type": contentType });
+    } catch {
+      return c.text("Not found", 404);
+    }
+  });
+
+  // --- API proxy (injects bearer token so browser never needs it) ---
+
+  routes.all("/ui/api/*", async (c) => {
+    const url = new URL(c.req.url);
+    const apiPath = url.pathname.replace(/^\/ui\/api/, "");
+    const queryString = url.search;
+
+    const port = process.env.PORT || "3000";
+    const internalUrl = `http://127.0.0.1:${port}${apiPath}${queryString}`;
+
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${AUTH_TOKEN}`,
+    };
+    const contentType = c.req.header("content-type");
+    if (contentType) headers["Content-Type"] = contentType;
+
+    const method = c.req.method;
+    const body = method !== "GET" && method !== "HEAD" ? await c.req.text() : undefined;
+
+    try {
+      const resp = await fetch(internalUrl, { method, headers, body });
+
+      // SSE passthrough
+      if (resp.headers.get("content-type")?.includes("text/event-stream")) {
+        return new Response(resp.body, {
+          status: resp.status,
+          headers: {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+          },
+        });
+      }
+
+      const text = await resp.text();
+      return c.body(text, resp.status as any, {
+        "Content-Type": resp.headers.get("content-type") || "application/json",
+      });
+    } catch (e) {
+      return c.json({ error: "Proxy error", details: String(e) }, 502);
+    }
+  });
+
+  return routes;
+}