npm - agent-relay-server - Versions diffs - 0.3.11 → 0.4.0 - Mend

agent-relay-server 0.3.11 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +237 -22
package/bin/agent-relay-codex.ts +79 -6
package/codex/README.md +18 -3
package/codex/hooks/session-start.ts +2 -2
package/codex/live-sidecar.ts +2 -0
package/codex/plugin/.codex-plugin/plugin.json +1 -1
package/codex/plugin/skills/agent-relay/SKILL.md +1 -0
package/codex/relay.ts +8 -3
package/examples/integrations/github-issue.ts +54 -0
package/examples/integrations/ops-alert.sh +27 -0
package/examples/integrations/prometheus-alertmanager.ts +61 -0
package/examples/integrations/support-ticket.sh +28 -0
package/package.json +5 -4
package/public/dashboard.js +701 -0
package/public/index.html +143 -504
package/src/cli.ts +217 -0
package/src/config.ts +38 -0
package/src/daemon.ts +453 -0
package/src/db.ts +442 -16
package/src/index.ts +96 -70
package/src/routes.ts +334 -17
package/src/security.ts +103 -0
package/src/setup.ts +187 -0
package/src/sse.ts +18 -2
package/src/types.ts +67 -1

package/src/security.ts ADDED Viewed

@@ -0,0 +1,103 @@
+import { AUTH_TOKEN, CORS_ORIGINS, getIntegrationTokens, type IntegrationTokenConfig } from "./config";
+const LOOPBACK_HOSTS = new Set(["127.0.0.1", "::1", "localhost"]);
+export function isLoopbackHost(hostname: string): boolean {
+  return LOOPBACK_HOSTS.has(hostname.toLowerCase());
+}
+export function assertSafeNetworkConfig(host: string): void {
+  if (authToken() || process.env.AGENT_RELAY_ALLOW_UNAUTH === "1") return;
+  if (isLoopbackHost(host)) return;
+  throw new Error(
+    `Refusing to bind unauthenticated relay on ${host}. Set AGENT_RELAY_TOKEN or AGENT_RELAY_ALLOW_UNAUTH=1.`,
+  );
+}
+export function isOriginAllowed(req: Request): boolean {
+  const origin = req.headers.get("origin");
+  if (!origin) return true;
+  const origins = corsOrigins();
+  if (origins.includes("*")) return true;
+  const url = new URL(req.url);
+  const sameOrigin = `${url.protocol}//${url.host}`;
+  return origin === sameOrigin || origins.includes(origin);
+}
+export function applyCors(req: Request, response: Response): Response {
+  const origin = req.headers.get("origin");
+  if (!origin || !isOriginAllowed(req)) return response;
+  response.headers.set(
+    "Access-Control-Allow-Origin",
+    corsOrigins().includes("*") ? "*" : origin,
+  );
+  response.headers.set("Vary", "Origin");
+  return response;
+}
+export function corsPreflight(req: Request): Response {
+  if (!isOriginAllowed(req)) {
+    return Response.json({ error: "origin not allowed" }, { status: 403 });
+  }
+  const response = new Response(null, {
+    headers: {
+      "Access-Control-Allow-Methods": "GET, POST, PATCH, DELETE, OPTIONS",
+      "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Agent-Relay-Token",
+      "Access-Control-Max-Age": "600",
+    },
+  });
+  return applyCors(req, response);
+}
+export function isAuthorized(req: Request): boolean {
+  const token = authToken();
+  if (!token) return true;
+  return extractToken(req) === token;
+}
+type IntegrationAuth = IntegrationTokenConfig;
+export function getIntegrationAuth(req: Request): IntegrationAuth | null {
+  const token = extractToken(req);
+  if (!token) return null;
+  return getIntegrationTokens().find((integration) => integration.token === token) ?? null;
+}
+export function hasIntegrationScope(auth: IntegrationAuth, scope: string): boolean {
+  return auth.scopes.includes(scope) || auth.scopes.includes("*");
+}
+export function isIntegrationAllowed(
+  auth: IntegrationAuth,
+  opts: { target?: string; channel?: string },
+): boolean {
+  if (auth.targets?.length && opts.target && !auth.targets.includes(opts.target)) return false;
+  if (auth.channels?.length && opts.channel && !auth.channels.includes(opts.channel)) return false;
+  return true;
+}
+export function unauthorized(req: Request): Response {
+  const response = Response.json({ error: "unauthorized" }, { status: 401 });
+  response.headers.set("WWW-Authenticate", "Bearer");
+  return applyCors(req, response);
+}
+function authToken(): string {
+  return process.env.AGENT_RELAY_TOKEN || AUTH_TOKEN;
+}
+function extractToken(req: Request): string | null {
+  const auth = req.headers.get("authorization") ?? "";
+  const bearer = auth.match(/^Bearer\s+(.+)$/i)?.[1];
+  return bearer ?? req.headers.get("x-agent-relay-token") ?? new URL(req.url).searchParams.get("token");
+}
+function corsOrigins(): string[] {
+  const raw = process.env.AGENT_RELAY_CORS_ORIGINS;
+  if (raw === undefined) return CORS_ORIGINS;
+  return raw.split(",").map((origin) => origin.trim()).filter(Boolean);
+}

package/src/setup.ts ADDED Viewed

@@ -0,0 +1,187 @@
+import { randomBytes } from "node:crypto";
+import { access, mkdir, readFile, writeFile } from "node:fs/promises";
+import { constants } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join, resolve } from "node:path";
+const SETUP_MARKER = "agent-relay-managed-env";
+export const DEFAULT_PORT = 4850;
+export const DEFAULT_HOST = "127.0.0.1";
+export type SetupOptions = {
+  envFile?: string;
+  host?: string;
+  port?: number;
+  dbPath?: string;
+  token?: string;
+  generateToken?: boolean;
+  force?: boolean;
+};
+export type SetupEnvironment = {
+  platform?: NodeJS.Platform;
+  homeDir?: string;
+  xdgConfigHome?: string;
+  xdgStateHome?: string;
+};
+export type SetupPlan = {
+  envFile: string;
+  configDir: string;
+  stateDir: string;
+  logDir: string;
+  values: Record<string, string>;
+  content: string;
+  warnings: string[];
+};
+export function defaultConfigDir(env: SetupEnvironment = {}): string {
+  const home = env.homeDir ?? homedir();
+  const platform = env.platform ?? process.platform;
+  if (platform === "darwin") return join(home, "Library", "Application Support", "agent-relay");
+  return join(env.xdgConfigHome ?? join(home, ".config"), "agent-relay");
+}
+export function defaultStateDir(env: SetupEnvironment = {}): string {
+  const home = env.homeDir ?? homedir();
+  const platform = env.platform ?? process.platform;
+  if (platform === "darwin") return join(home, "Library", "Application Support", "agent-relay");
+  return join(env.xdgStateHome ?? join(home, ".local", "state"), "agent-relay");
+}
+export function defaultLogDir(env: SetupEnvironment = {}): string {
+  const home = env.homeDir ?? homedir();
+  const platform = env.platform ?? process.platform;
+  if (platform === "darwin") return join(home, "Library", "Logs", "agent-relay");
+  return join(defaultStateDir(env), "logs");
+}
+export function defaultEnvFile(env: SetupEnvironment = {}): string {
+  return join(defaultConfigDir(env), "env");
+}
+export function generateToken(): string {
+  return randomBytes(24).toString("hex");
+}
+export function createSetupPlan(
+  options: SetupOptions = {},
+  env: SetupEnvironment = {},
+): SetupPlan {
+  const configDir = defaultConfigDir(env);
+  const stateDir = defaultStateDir(env);
+  const logDir = defaultLogDir(env);
+  const envFile = resolve(options.envFile ?? join(configDir, "env"));
+  const host = options.host ?? DEFAULT_HOST;
+  const port = normalizePort(options.port);
+  const token = options.token ?? (options.generateToken === false ? "" : generateToken());
+  const dbPath = resolve(options.dbPath ?? join(stateDir, "agent-relay.db"));
+  const warnings: string[] = [];
+  if (host !== DEFAULT_HOST && !token) {
+    warnings.push("Remote binds should set AGENT_RELAY_TOKEN; setup will not create an unauthenticated remote relay.");
+  }
+  const values: Record<string, string> = {
+    PORT: String(port),
+    HOST: host,
+    DB_PATH: dbPath,
+    RETENTION_DAYS: "30",
+  };
+  if (token) values.AGENT_RELAY_TOKEN = token;
+  return {
+    envFile,
+    configDir: dirname(envFile),
+    stateDir,
+    logDir,
+    values,
+    content: renderEnvFile(values),
+    warnings,
+  };
+}
+export async function executeSetupPlan(
+  plan: SetupPlan,
+  options: { dryRun?: boolean; force?: boolean } = {},
+): Promise<string> {
+  if (options.dryRun) return formatSetupPlan(plan);
+  const existing = await readIfExists(plan.envFile);
+  if (existing && !existing.includes(SETUP_MARKER) && !options.force) {
+    throw new Error(`Refusing to overwrite unmanaged env file: ${plan.envFile}`);
+  }
+  await mkdir(plan.configDir, { recursive: true });
+  await mkdir(plan.stateDir, { recursive: true });
+  await mkdir(plan.logDir, { recursive: true });
+  await writeFile(plan.envFile, plan.content, "utf-8");
+  return [
+    `Wrote ${plan.envFile}`,
+    `State: ${plan.stateDir}`,
+    `Logs: ${plan.logDir}`,
+    `URL: http://${plan.values.HOST}:${plan.values.PORT}`,
+  ].join("\n");
+}
+export function formatSetupPlan(plan: SetupPlan): string {
+  const lines = [
+    "Agent Relay setup plan",
+    `Env file: ${plan.envFile}`,
+    `State: ${plan.stateDir}`,
+    `Logs: ${plan.logDir}`,
+    `URL: http://${plan.values.HOST}:${plan.values.PORT}`,
+  ];
+  if (plan.warnings.length > 0) {
+    lines.push("", "Warnings:");
+    for (const warning of plan.warnings) lines.push(`- ${warning}`);
+  }
+  lines.push("", `Would write ${plan.envFile}:`, redactEnv(plan.content).trimEnd());
+  return lines.join("\n");
+}
+export function renderEnvFile(values: Record<string, string>): string {
+  const lines = [
+    `# ${SETUP_MARKER}`,
+    "# Managed by `agent-relay setup`. Edit carefully; daemon services source this file.",
+  ];
+  for (const key of Object.keys(values).sort()) {
+    lines.push(`${key}=${shellQuote(values[key]!)}`);
+  }
+  lines.push("");
+  return lines.join("\n");
+}
+export async function pathExists(path: string): Promise<boolean> {
+  try {
+    await access(path, constants.F_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function readIfExists(path: string): Promise<string | undefined> {
+  try {
+    return await readFile(path, "utf-8");
+  } catch {
+    return undefined;
+  }
+}
+function normalizePort(port: number | undefined): number {
+  const value = port ?? DEFAULT_PORT;
+  if (!Number.isInteger(value) || value < 1 || value > 65535) {
+    throw new Error("--port must be an integer from 1 to 65535");
+  }
+  return value;
+}
+function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function redactEnv(content: string): string {
+  return content.replace(/^(AGENT_RELAY_TOKEN=).+$/m, "$1'<generated-token>'");
+}

package/src/sse.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { getAgent } from "./db";
-import type { Message } from "./types";
+import type { Message, Task } from "./types";
 interface Connection {
   id: string;
@@ -38,7 +38,6 @@ export function createSSEStream(agentId: string | null): Response {
       "Content-Type": "text/event-stream",
       "Cache-Control": "no-cache",
       "Connection": "keep-alive",
-      "Access-Control-Allow-Origin": "*",
     },
   });
 }
@@ -110,6 +109,23 @@ export function emitMessageDeleted(messageId: number) {
   }
 }
+export function emitTaskChanged(task: Task, eventType = "task.updated") {
+  for (const conn of connections.values()) {
+    if (conn.agentId && !targetMatchesAgent(task.target, conn.agentId)) continue;
+    send(conn, eventType, task);
+  }
+}
 export function getConnectionCount(): number {
   return connections.size;
 }
+function targetMatchesAgent(target: string, agentId: string): boolean {
+  const agent = getAgent(agentId);
+  if (!agent) return false;
+  if (target === agentId || target === "broadcast") return true;
+  if (target.startsWith("tag:") && agent.tags.includes(target.slice(4))) return true;
+  if (target.startsWith("cap:") && agent.capabilities.includes(target.slice(4))) return true;
+  if (target.startsWith("label:") && agent.label === target.slice(6)) return true;
+  return false;
+}

package/src/types.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface PollQuery {
 export interface RegisterAgentInput {
   id: string;
   name: string;
-  label?: string;
+  label?: string | null;
   tags?: string[];
   machine?: string;
   rig?: string;
@@ -66,3 +66,69 @@ export interface RegisterAgentInput {
   status?: AgentCard["status"];
   meta?: Record<string, unknown>;
 }
+export type TaskSeverity = "info" | "warning" | "critical";
+export type TaskStatus =
+  | "open"
+  | "claimed"
+  | "in_progress"
+  | "blocked"
+  | "done"
+  | "failed"
+  | "canceled";
+export interface Task {
+  id: number;
+  source: string;
+  title: string;
+  body: string;
+  severity: TaskSeverity;
+  status: TaskStatus;
+  target: string;
+  channel?: string;
+  dedupeKey?: string;
+  externalUrl?: string;
+  occurrenceCount: number;
+  claimedBy?: string;
+  claimedAt?: number;
+  messageId?: number;
+  result?: string;
+  metadata: Record<string, unknown>;
+  createdAt: number;
+  updatedAt: number;
+  lastSeenAt: number;
+}
+export interface TaskEvent {
+  id: number;
+  taskId: number;
+  source: string;
+  type: string;
+  severity: TaskSeverity;
+  title: string;
+  body: string;
+  metadata: Record<string, unknown>;
+  createdAt: number;
+}
+export interface IntegrationEventInput {
+  source?: string;
+  type?: string;
+  severity?: TaskSeverity;
+  status?: TaskStatus | "resolved";
+  title: string;
+  body: string;
+  target: string;
+  channel?: string;
+  dedupeKey?: string;
+  externalUrl?: string;
+  metadata?: Record<string, unknown>;
+}
+export interface TaskStatusInput {
+  status: TaskStatus;
+  agentId?: string;
+  result?: string;
+  body?: string;
+  metadata?: Record<string, unknown>;
+}