aegis-bridge 0.1.0

package/dashboard/dist/index.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en" class="dark">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Aegis Dashboard</title>
+    <link rel="icon" type="image/svg+xml" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🛡️</text></svg>" />
+    <script type="module" crossorigin src="/dashboard/assets/index-C61BkKH-.js"></script>
+    <link rel="stylesheet" crossorigin href="/dashboard/assets/index-BoZwGLAx.css">
+  </head>
+  <body class="bg-[#0a0a0f] text-gray-200 antialiased">
+    <div id="root"></div>
+  </body>
+</html>

package/dist/api-contracts.d.ts

@@ -0,0 +1,229 @@
+/**
+ * api-contracts.ts — Shared API contract types for backend and dashboard.
+ *
+ * Keep this file runtime-free (types only) so both packages can import it
+ * without bundling backend implementation code into the frontend.
+ */
+export type UIState = 'idle' | 'working' | 'compacting' | 'context_warning' | 'waiting_for_input' | 'permission_prompt' | 'plan_mode' | 'ask_question' | 'bash_approval' | 'settings' | 'error' | 'unknown';
+export type SessionStatusFilter = 'all' | UIState;
+export interface SessionInfo {
+    id: string;
+    windowId: string;
+    windowName: string;
+    workDir: string;
+    claudeSessionId?: string;
+    jsonlPath?: string;
+    byteOffset: number;
+    monitorOffset: number;
+    status: UIState;
+    createdAt: number;
+    lastActivity: number;
+    stallThresholdMs: number;
+    permissionMode: string;
+    autoApprove?: boolean;
+    settingsPatched?: boolean;
+    promptDelivery?: {
+        delivered: boolean;
+        attempts: number;
+    };
+    actionHints?: Record<string, {
+        method: string;
+        url: string;
+        description: string;
+    }>;
+}
+export interface SessionHealth {
+    alive: boolean;
+    windowExists: boolean;
+    claudeRunning: boolean;
+    paneCommand: string | null;
+    status: UIState;
+    hasTranscript: boolean;
+    lastActivity: number;
+    lastActivityAgo: number;
+    sessionAge: number;
+    details: string;
+    actionHints?: Record<string, {
+        method: string;
+        url: string;
+        description: string;
+    }>;
+}
+export interface HealthResponse {
+    status: string;
+    version: string;
+    platform: NodeJS.Platform;
+    uptime: number;
+    sessions: {
+        active: number;
+        total: number;
+    };
+    timestamp: string;
+}
+export interface ParsedEntry {
+    role: 'user' | 'assistant' | 'system';
+    contentType: 'text' | 'thinking' | 'tool_use' | 'tool_result' | 'tool_error' | 'permission_request' | 'progress';
+    text: string;
+    toolName?: string;
+    toolUseId?: string;
+    timestamp?: string;
+}
+export interface MessagesResponse {
+    messages: ParsedEntry[];
+    status: UIState;
+    statusText: string | null;
+    interactiveContent: string | null;
+}
+export interface SessionMetrics {
+    durationSec: number;
+    messages: number;
+    toolCalls: number;
+    approvals: number;
+    autoApprovals: number;
+    statusChanges: string[];
+    /** Issue #488: Cumulative token usage and estimated cost. Present once tokens are first observed. */
+    tokenUsage?: {
+        inputTokens: number;
+        outputTokens: number;
+        cacheCreationTokens: number;
+        cacheReadTokens: number;
+        estimatedCostUsd: number;
+    };
+}
+export interface LatencySummaryStat {
+    min: number | null;
+    max: number | null;
+    avg: number | null;
+    count: number;
+}
+export interface SessionLatency {
+    sessionId: string;
+    realtime: {
+        hook_latency_ms: number | null;
+        state_change_detection_ms: number | null;
+        permission_response_ms: number | null;
+    } | null;
+    aggregated: {
+        hook_latency_ms: LatencySummaryStat;
+        state_change_detection_ms: LatencySummaryStat;
+        permission_response_ms: LatencySummaryStat;
+        channel_delivery_ms: LatencySummaryStat;
+    } | null;
+}
+export interface GlobalMetrics {
+    uptime: number;
+    sessions: {
+        total_created: number;
+        currently_active: number;
+        completed: number;
+        failed: number;
+        avg_duration_sec: number;
+        avg_messages_per_session: number;
+    };
+    auto_approvals: number;
+    webhooks_sent: number;
+    webhooks_failed: number;
+    screenshots_taken: number;
+    pipelines_created: number;
+    batches_created: number;
+    prompt_delivery: {
+        sent: number;
+        delivered: number;
+        failed: number;
+        success_rate: number | null;
+    };
+    latency: {
+        hook_latency_ms: LatencySummaryStat;
+        state_change_detection_ms: LatencySummaryStat;
+        permission_response_ms: LatencySummaryStat;
+        channel_delivery_ms: LatencySummaryStat;
+    };
+}
+export type SSEEventType = 'status' | 'message' | 'approval' | 'ended' | 'heartbeat' | 'stall' | 'dead' | 'system' | 'hook' | 'subagent_start' | 'subagent_stop' | 'verification' | 'permission_denied';
+export interface SessionSSEEvent {
+    event: SSEEventType;
+    sessionId: string;
+    timestamp: string;
+    emittedAt?: number;
+    id?: number;
+    data: Record<string, unknown>;
+}
+export type GlobalSSEEventType = 'session_status_change' | 'session_message' | 'session_approval' | 'session_ended' | 'session_created' | 'session_stall' | 'session_dead' | 'session_subagent_start' | 'session_subagent_stop' | 'session_verification';
+export interface GlobalSSEEvent {
+    event: GlobalSSEEventType;
+    sessionId: string;
+    timestamp: string;
+    id?: number;
+    data: Record<string, unknown>;
+}
+export interface CreateSessionRequest {
+    workDir: string;
+    name?: string;
+    prompt?: string;
+    prd?: string;
+    resumeSessionId?: string;
+    claudeCommand?: string;
+    env?: Record<string, string>;
+    stallThresholdMs?: number;
+    permissionMode?: string;
+    autoApprove?: boolean;
+    parentId?: string;
+    memoryKeys?: string[];
+}
+export interface PaneResponse {
+    pane: string;
+}
+export interface SessionSummary {
+    sessionId: string;
+    windowName: string;
+    status: UIState;
+    totalMessages: number;
+    messages: Array<{
+        role: string;
+        contentType: string;
+        text: string;
+    }>;
+    createdAt: number;
+    lastActivity: number;
+    permissionMode: string;
+    prd?: string;
+}
+export interface OkResponse {
+    ok: boolean;
+}
+export interface SendResponse extends OkResponse {
+    delivered: boolean;
+    attempts: number;
+}
+export interface ApiError {
+    error: string;
+}
+export interface SessionsListResponse {
+    sessions: SessionInfo[];
+    pagination: {
+        page: number;
+        limit: number;
+        total: number;
+        totalPages: number;
+    };
+}
+export type SessionStatusCounts = Record<SessionStatusFilter, number>;
+/** Issue #754: Aggregated session statistics. */
+export interface SessionStats {
+    active: number;
+    byStatus: Partial<Record<UIState, number>>;
+    totalCreated: number;
+    totalCompleted: number;
+    totalFailed: number;
+}
+/** Issue #754: Bulk-delete request body. */
+export interface BatchDeleteRequest {
+    ids?: string[];
+    status?: UIState;
+}
+/** Issue #754: Bulk-delete response. */
+export interface BatchDeleteResponse {
+    deleted: number;
+    notFound: string[];
+    errors: string[];
+}

package/dist/api-contracts.js

@@ -0,0 +1,7 @@
+/**
+ * api-contracts.ts — Shared API contract types for backend and dashboard.
+ *
+ * Keep this file runtime-free (types only) so both packages can import it
+ * without bundling backend implementation code into the frontend.
+ */
+export {};

package/dist/api-contracts.typecheck.d.ts

@@ -0,0 +1,14 @@
+import type { SessionInfo as InternalSessionInfo, SessionManager } from './session.js';
+import type { MetricsCollector, SessionLatencySummary } from './metrics.js';
+import type { SessionSSEEvent as InternalSessionSSEEvent, GlobalSSEEvent as InternalGlobalSSEEvent } from './events.js';
+import type { SessionInfo, MessagesResponse, SessionSummary, SessionMetrics, SessionLatency, GlobalMetrics, SessionSSEEvent, GlobalSSEEvent } from './api-contracts.js';
+type Assert<T extends true> = T;
+export type SessionInfoContractCompat = Assert<InternalSessionInfo extends SessionInfo ? true : false>;
+export type SessionReadMessagesContractCompat = Assert<Awaited<ReturnType<SessionManager['readMessages']>> extends MessagesResponse ? true : false>;
+export type SessionSummaryContractCompat = Assert<Awaited<ReturnType<SessionManager['getSummary']>> extends SessionSummary ? true : false>;
+export type SessionMetricsContractCompat = Assert<NonNullable<ReturnType<MetricsCollector['getSessionMetrics']>> extends SessionMetrics ? true : false>;
+export type SessionLatencySummaryContractCompat = Assert<SessionLatencySummary extends NonNullable<SessionLatency['aggregated']> ? true : false>;
+export type GlobalMetricsContractCompat = Assert<ReturnType<MetricsCollector['getGlobalMetrics']> extends GlobalMetrics ? true : false>;
+export type SessionSSEContractCompat = Assert<InternalSessionSSEEvent extends SessionSSEEvent ? true : false>;
+export type GlobalSSEContractCompat = Assert<InternalGlobalSSEEvent extends GlobalSSEEvent ? true : false>;
+export {};

package/dist/api-contracts.typecheck.js

@@ -0,0 +1 @@
+export {};

package/dist/api-error-envelope.d.ts

@@ -0,0 +1,15 @@
+export interface ApiErrorEnvelope {
+    code: string;
+    message: string;
+    details?: unknown;
+    requestId: string;
+    error: string;
+}
+interface NormalizeApiErrorInput {
+    payload: unknown;
+    statusCode: number;
+    requestId: string;
+    contentType?: string;
+}
+export declare function normalizeApiErrorPayload(input: NormalizeApiErrorInput): unknown;
+export {};

package/dist/api-error-envelope.js

@@ -0,0 +1,80 @@
+function defaultErrorMessage(statusCode) {
+    if (statusCode >= 500)
+        return 'Internal server error';
+    if (statusCode === 404)
+        return 'Not found';
+    if (statusCode === 401)
+        return 'Unauthorized';
+    if (statusCode === 403)
+        return 'Forbidden';
+    if (statusCode === 429)
+        return 'Rate limit exceeded';
+    return 'Request failed';
+}
+function mapStatusToCode(statusCode) {
+    if (statusCode === 400)
+        return 'VALIDATION_ERROR';
+    if (statusCode === 401)
+        return 'UNAUTHORIZED';
+    if (statusCode === 403)
+        return 'FORBIDDEN';
+    if (statusCode === 404)
+        return 'NOT_FOUND';
+    if (statusCode === 409)
+        return 'CONFLICT';
+    if (statusCode === 429)
+        return 'RATE_LIMITED';
+    if (statusCode === 501)
+        return 'NOT_IMPLEMENTED';
+    if (statusCode >= 500)
+        return 'INTERNAL_ERROR';
+    return `HTTP_${statusCode}`;
+}
+function parseJsonObjectString(payload) {
+    try {
+        const parsed = JSON.parse(payload);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+            return parsed;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function isJsonContentType(contentType) {
+    return typeof contentType === 'string' && contentType.toLowerCase().includes('application/json');
+}
+export function normalizeApiErrorPayload(input) {
+    const { payload, statusCode, requestId, contentType } = input;
+    if (statusCode < 400)
+        return payload;
+    if (typeof contentType === 'string' && contentType.includes('text/event-stream'))
+        return payload;
+    let source = null;
+    if (payload && typeof payload === 'object' && !Array.isArray(payload) && !(payload instanceof Buffer)) {
+        source = payload;
+    }
+    else if (typeof payload === 'string' && isJsonContentType(contentType)) {
+        source = parseJsonObjectString(payload);
+    }
+    if (!source)
+        return payload;
+    const legacyError = typeof source.error === 'string' ? source.error : undefined;
+    const sourceMessage = typeof source.message === 'string' ? source.message : undefined;
+    const message = sourceMessage ?? legacyError ?? defaultErrorMessage(statusCode);
+    const code = typeof source.code === 'string' ? source.code : mapStatusToCode(statusCode);
+    const envelope = {
+        code,
+        message,
+        requestId,
+        error: legacyError ?? message,
+    };
+    if (source.details !== undefined) {
+        envelope.details = source.details;
+    }
+    if (typeof payload === 'string') {
+        return JSON.stringify(envelope);
+    }
+    return envelope;
+}

package/dist/auth.d.ts

@@ -0,0 +1,87 @@
+/**
+ * auth.ts — API key management and authentication middleware.
+ *
+ * Issue #39: Multi-key auth with rate limiting.
+ * Keys are hashed with SHA-256 (no bcrypt dependency needed).
+ * Backward compatible with single authToken from config.
+ */
+export interface ApiKey {
+    id: string;
+    name: string;
+    hash: string;
+    createdAt: number;
+    lastUsedAt: number;
+    rateLimit: number;
+}
+export interface ApiKeyStore {
+    keys: ApiKey[];
+}
+/** Route-level auth policy for bearer tokens. */
+export declare function classifyBearerTokenForRoute(token: string, isSSERoute: boolean): 'bearer' | 'sse' | 'reject';
+export declare class AuthManager {
+    private keysFile;
+    private store;
+    private rateLimits;
+    private masterToken;
+    /** #297: Short-lived SSE tokens. Keyed by token string for O(1) lookup. */
+    private sseTokens;
+    /** Track how many SSE tokens each bearer key has outstanding. */
+    private sseTokenCounts;
+    /** #414: Mutex to prevent concurrent SSE token generation from exceeding per-key limits. */
+    private sseMutex;
+    /** #583: Last batch creation timestamp per key ID. */
+    private batchRateLimits;
+    constructor(keysFile: string, masterToken?: string);
+    /** Load keys from disk. */
+    load(): Promise<void>;
+    /** Save keys to disk. */
+    save(): Promise<void>;
+    /** Create a new API key. Returns the plaintext key (only shown once). */
+    createKey(name: string, rateLimit?: number): Promise<{
+        id: string;
+        key: string;
+        name: string;
+    }>;
+    /** List keys (without hashes). */
+    listKeys(): Array<Omit<ApiKey, 'hash'>>;
+    /** Revoke a key by ID. */
+    revokeKey(id: string): Promise<boolean>;
+    /**
+     * Validate a bearer token.
+     * Returns { valid, keyId, rateLimited } or null if no auth configured.
+     */
+    validate(token: string): {
+        valid: boolean;
+        keyId: string | null;
+        rateLimited: boolean;
+    };
+    /** Hash a key with SHA-256. */
+    static hashKey(key: string): string;
+    /** Constant-time equality check for secret strings. */
+    private static timingSafeStringEqual;
+    /** #583: Check and update batch rate limit for a key. Returns true if rate-limited. */
+    checkBatchRateLimit(keyId: string | null): boolean;
+    /** #398: Sweep stale rate limit buckets. Prune entries with expired windows. */
+    sweepStaleRateLimits(): void;
+    /** Check if auth is enabled (master token or any keys). */
+    get authEnabled(): boolean;
+    /**
+     * Generate a short-lived, single-use SSE token.
+     * The caller must already be authenticated (validated via bearer token).
+     * Returns the token string and its expiry timestamp.
+     * #414: Async with mutex to prevent concurrent calls from exceeding per-key limits.
+     */
+    generateSSEToken(keyId: string): Promise<{
+        token: string;
+        expiresAt: number;
+    }>;
+    /**
+     * Validate and consume a short-lived SSE token.
+     * Returns true if valid (and marks it as used), false otherwise.
+     * #826: Async with mutex to prevent concurrent validation/generation from
+     * racing on shared state (sseTokens, sseTokenCounts).
+     */
+    validateSSEToken(token: string): Promise<boolean>;
+    /** Remove expired SSE tokens and recount per-key outstanding. */
+    private cleanExpiredSSETokens;
+}