agentdev-webui 1.0.0

package/lib/agent-api.js

@@ -0,0 +1,530 @@
+const { EventEmitter } = require('events');
+const deviceFlow = require('./device-flow');
+const db = require('./database');
+const redisLogs = require('./redis-logs');
+const encryption = require('./encryption');
+
+// Event emitter for notifying server.js about completions (SSE broadcast)
+const events = new EventEmitter();
+
+/**
+ * Middleware to verify agent JWT token
+ */
+async function verifyAgentAuth(req) {
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return { error: 'Missing or invalid Authorization header', status: 401 };
+  }
+
+  const token = authHeader.substring(7);
+  const decoded = deviceFlow.verifyAgentToken(token);
+
+  if (!decoded) {
+    return { error: 'Invalid or expired token', status: 401 };
+  }
+
+  // Verify agent exists
+  const agent = await db.getAgentById(decoded.agent_id);
+  if (!agent) {
+    return { error: 'Agent not found', status: 404 };
+  }
+
+  // Verify token hash matches (prevent token reuse after regeneration)
+  const tokenHash = deviceFlow.hashToken(token);
+  if (agent.access_token_hash !== tokenHash) {
+    return { error: 'Token has been revoked', status: 401 };
+  }
+
+  return { agent, user: { id: decoded.user_id } };
+}
+
+/**
+ * POST /api/agent/device/code
+ * Request device authorization code
+ */
+async function handleDeviceCodeRequest(req, res) {
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { agent_name, capabilities } = JSON.parse(body);
+
+      if (!agent_name) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'agent_name is required' }));
+        return;
+      }
+
+      const result = await deviceFlow.requestDeviceCode(agent_name, capabilities || {});
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(result));
+    } catch (error) {
+      console.error('Device code request error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * POST /api/agent/device/token
+ * Poll for device authorization token
+ */
+async function handleDeviceTokenPoll(req, res) {
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { device_code } = JSON.parse(body);
+
+      if (!device_code) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'device_code is required' }));
+        return;
+      }
+
+      const result = await deviceFlow.pollDeviceToken(device_code);
+
+      if (result.error) {
+        const statusCode = result.error === 'authorization_pending' ? 428 : 400;
+        res.writeHead(statusCode, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(result));
+      } else {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(result));
+      }
+    } catch (error) {
+      console.error('Device token poll error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * POST /api/agent/heartbeat
+ * Agent heartbeat to update status
+ */
+async function handleHeartbeat(req, res) {
+  // Verify token but allow missing agent (will auto-create)
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    res.writeHead(401, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'Missing or invalid Authorization header' }));
+    return;
+  }
+
+  const token = authHeader.substring(7);
+  const decoded = deviceFlow.verifyAgentToken(token);
+
+  if (!decoded) {
+    res.writeHead(401, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'Invalid or expired token' }));
+    return;
+  }
+
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { status, current_ticket, instance } = JSON.parse(body);
+
+      // Support multi-agent: instance suffix creates separate agent rows
+      const effectiveId = instance
+        ? `${decoded.agent_id}-${instance}`
+        : decoded.agent_id;
+
+      // Check if agent exists, if not create it
+      const tokenHash = deviceFlow.hashToken(token);
+      let agent = await db.getAgentById(effectiveId);
+      if (!agent) {
+        // For instances, inherit project_id from the parent agent
+        let projectId = decoded.project_id || null;
+        if (instance && !projectId) {
+          const parentAgent = await db.getAgentById(decoded.agent_id);
+          if (parentAgent) projectId = parentAgent.project_id;
+        }
+
+        // Auto-create agent (or sub-instance) from token info
+        await db.createAgent({
+          id: effectiveId,
+          userId: decoded.user_id,
+          name: effectiveId,
+          hostname: null,
+          capabilities: {},
+          accessTokenHash: tokenHash,
+          projectId
+        });
+      } else if (agent.access_token_hash !== tokenHash) {
+        // Sync token hash (fixes auth for other endpoints after token regeneration)
+        await db.updateAgentTokenHash(effectiveId, tokenHash);
+      }
+
+      // Update agent heartbeat
+      await db.updateAgentHeartbeat(
+        effectiveId,
+        status || 'idle',
+        current_ticket || null
+      );
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true }));
+    } catch (error) {
+      console.error('Heartbeat error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * GET /api/agent/work
+ * Claim next available ticket
+ */
+async function handleWorkRequest(req, res) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  try {
+    // Support multi-agent: use instance ID if provided
+    const urlObj = new URL(req.url, `http://${req.headers.host}`);
+    const instance = urlObj.searchParams.get('instance');
+    const decoded = deviceFlow.verifyAgentToken(
+      req.headers.authorization.substring(7)
+    );
+    const effectiveId = instance
+      ? `${decoded.agent_id}-${instance}`
+      : auth.agent.id;
+
+    // Get next available ticket scoped to agent's project
+    const ticket = await db.getAvailableTicket(auth.agent.project_id);
+
+    if (!ticket) {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ticket: null }));
+      return;
+    }
+
+    // Assign ticket to agent (atomic operation)
+    const assigned = await db.assignTicket(ticket.id, effectiveId);
+
+    if (!assigned) {
+      // Another agent claimed it first
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ticket: null }));
+      return;
+    }
+
+    // Update agent status to busy
+    await db.updateAgentHeartbeat(effectiveId, 'busy', ticket.id);
+
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ticket: assigned }));
+  } catch (error) {
+    console.error('Work request error:', error);
+    res.writeHead(500, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: error.message }));
+  }
+}
+
+/**
+ * POST /api/agent/logs
+ * Stream log batch from agent
+ */
+async function handleLogUpload(req, res) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { logs, ticket_id, instance } = JSON.parse(body);
+
+      if (!Array.isArray(logs)) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'logs must be an array' }));
+        return;
+      }
+
+      // Support multi-agent: use instance ID if provided
+      const decoded = deviceFlow.verifyAgentToken(
+        req.headers.authorization.substring(7)
+      );
+      const effectiveId = instance
+        ? `${decoded.agent_id}-${instance}`
+        : auth.agent.id;
+
+      // Process each log entry
+      for (const log of logs) {
+        const content = typeof log === 'string' ? log : log.content;
+        const level = typeof log === 'object' ? log.level : 'INFO';
+
+        // Store in database
+        await db.insertLog(effectiveId, ticket_id, content, level);
+
+        // Publish to Redis for real-time streaming
+        await redisLogs.publishLog(effectiveId, {
+          content,
+          level,
+          timestamp: new Date().toISOString()
+        });
+      }
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true, count: logs.length }));
+    } catch (error) {
+      console.error('Log upload error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * POST /api/agent/complete
+ * Mark ticket as complete
+ */
+async function handleWorkComplete(req, res, onComplete) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { ticket_id, success, error_message, instance } = JSON.parse(body);
+
+      if (!ticket_id) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'ticket_id is required' }));
+        return;
+      }
+
+      // Support multi-agent: use instance ID if provided
+      const decoded = deviceFlow.verifyAgentToken(
+        req.headers.authorization.substring(7)
+      );
+      const effectiveId = instance
+        ? `${decoded.agent_id}-${instance}`
+        : auth.agent.id;
+
+      // Update ticket status
+      const status = success ? 'completed' : 'failed';
+      const updatedTicket = await db.updateTicketStatus(ticket_id, status, error_message);
+      const issueNum = updatedTicket?.github_issue_number || ticket_id;
+
+      // Set agent back to idle
+      await db.updateAgentHeartbeat(effectiveId, 'idle', null);
+
+      // Persist notification in DB
+      try {
+        const notifTitle = success
+          ? `Ticket #${issueNum} completed`
+          : `Ticket #${issueNum} failed`;
+        await db.createNotification(
+          auth.user.id,
+          'ticket-completed',
+          notifTitle,
+          `Agent ${effectiveId} ${success ? 'completed' : 'failed'} ticket #${issueNum}`,
+          { ticket_id, agent_id: effectiveId, success }
+        );
+      } catch (err) {
+        console.error('Failed to persist notification:', err.message);
+      }
+
+      // Notify frontend of completion via SSE
+      const completionData = {
+        id: effectiveId,
+        ticket: issueNum,
+        title: effectiveId,
+        success,
+        status,
+        user_id: auth.user.id
+      };
+      events.emit('ticket-completed', completionData);
+      if (onComplete) onComplete(completionData);
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ success: true }));
+    } catch (error) {
+      console.error('Work complete error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * GET /api/agent/oauth
+ * Get user's GitHub token for agent use
+ */
+async function handleOAuthRequest(req, res) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  try {
+    // Look up GitHub OAuth provider from unified table
+    const oauthProvider = await db.getOAuthProvider(auth.user.id, 'github');
+
+    if (!oauthProvider || !oauthProvider.access_token) {
+      // Fallback: check legacy github_token_encrypted column
+      const user = await db.getUserById(auth.user.id);
+      if (user && user.github_token_encrypted) {
+        const githubToken = encryption.decrypt(user.github_token_encrypted);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+          github: { token: githubToken }
+        }));
+        return;
+      }
+
+      res.writeHead(404, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'GitHub token not configured. Add it in your profile.' }));
+      return;
+    }
+
+    // Decrypt token from unified OAuth table
+    const githubToken = encryption.decrypt(oauthProvider.access_token);
+
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+      github: {
+        token: githubToken,
+        provider_key: oauthProvider.provider_key
+      }
+    }));
+  } catch (error) {
+    console.error('OAuth request error:', error);
+    res.writeHead(500, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: error.message }));
+  }
+}
+
+/**
+ * POST /api/agent/ensure-ticket
+ * Upsert a ticket by github_repo + github_issue_number, return real DB id.
+ * Used by agents resuming leftover tickets found on the project board.
+ */
+async function handleEnsureTicket(req, res) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  let body = '';
+  req.on('data', chunk => body += chunk);
+  req.on('end', async () => {
+    try {
+      const { github_repo, github_issue_number, github_project_item_id, instance } = JSON.parse(body);
+
+      if (!github_repo || !github_issue_number) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'github_repo and github_issue_number are required' }));
+        return;
+      }
+
+      // Support multi-agent: use instance ID if provided
+      const decoded = deviceFlow.verifyAgentToken(
+        req.headers.authorization.substring(7)
+      );
+      const effectiveId = instance
+        ? `${decoded.agent_id}-${instance}`
+        : auth.agent.id;
+
+      const ticket = await db.createTicket({
+        issueNumber: github_issue_number,
+        repo: github_repo,
+        projectItemId: github_project_item_id || null,
+        priority: 5,
+        projectId: auth.agent.project_id || null
+      });
+
+      // Try to claim atomically — returns null if another agent already has it
+      let assigned = await db.assignTicket(ticket.id, effectiveId);
+
+      if (!assigned) {
+        // If the assigned agent is stale (no heartbeat in 2 min), reclaim
+        assigned = await db.reassignStaleTicket(ticket.id, effectiveId, 2);
+        if (!assigned) {
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ ticket, claimed: false }));
+          return;
+        }
+      }
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ticket: assigned, claimed: true }));
+    } catch (error) {
+      console.error('Ensure ticket error:', error);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+}
+
+/**
+ * GET /api/agent/should-stop?ticket_id=X
+ * Check if a stop was requested for a ticket
+ */
+async function handleShouldStop(req, res) {
+  const auth = await verifyAgentAuth(req);
+  if (auth.error) {
+    res.writeHead(auth.status, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: auth.error }));
+    return;
+  }
+
+  const urlObj = new URL(req.url, `http://${req.headers.host}`);
+  const ticketId = urlObj.searchParams.get('ticket_id');
+
+  if (!ticketId) {
+    res.writeHead(400, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'ticket_id is required' }));
+    return;
+  }
+
+  try {
+    const stopSignal = await redisLogs.get(`agentdev:stop:${ticketId}`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ should_stop: !!stopSignal }));
+  } catch (error) {
+    console.error('Should-stop check error:', error);
+    res.writeHead(500, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: error.message }));
+  }
+}
+
+module.exports = {
+  events,
+  verifyAgentAuth,
+  handleDeviceCodeRequest,
+  handleDeviceTokenPoll,
+  handleHeartbeat,
+  handleWorkRequest,
+  handleLogUpload,
+  handleWorkComplete,
+  handleOAuthRequest,
+  handleShouldStop,
+  handleEnsureTicket
+};

package/lib/auth.js

@@ -0,0 +1,127 @@
+const crypto = require('crypto');
+const config = require('./config');
+const db = require('./database');
+
+// In-memory session store
+const sessions = new Map();
+
+function generateSessionId() {
+  return crypto.randomBytes(32).toString('hex');
+}
+
+function hashPassword(password) {
+  return crypto.createHash('sha256').update(password).digest('hex');
+}
+
+function createSession(userId, email) {
+  const sessionId = generateSessionId();
+  const session = {
+    userId,
+    email,
+    createdAt: Date.now(),
+    expiresAt: Date.now() + config.AUTH.SESSION_TTL
+  };
+  sessions.set(sessionId, session);
+  return sessionId;
+}
+
+function validateSession(sessionId) {
+  if (!sessionId) return false;
+  const session = sessions.get(sessionId);
+  if (!session) return false;
+  if (Date.now() > session.expiresAt) {
+    sessions.delete(sessionId);
+    return false;
+  }
+  return true;
+}
+
+function getSession(sessionId) {
+  return sessions.get(sessionId);
+}
+
+function destroySession(sessionId) {
+  sessions.delete(sessionId);
+}
+
+async function validateCredentials(email, password) {
+  try {
+    const passwordHash = hashPassword(password);
+    const user = await db.getUserByEmail(email);
+
+    if (!user) {
+      return null;
+    }
+
+    if (user.password_hash === passwordHash) {
+      return user;
+    }
+
+    return null;
+  } catch (error) {
+    console.error('Error validating credentials:', error);
+    return null;
+  }
+}
+
+function parseCookies(cookieHeader) {
+  const cookies = {};
+  if (!cookieHeader) return cookies;
+  cookieHeader.split(';').forEach(cookie => {
+    const [name, ...rest] = cookie.trim().split('=');
+    if (name && rest.length) {
+      cookies[name] = rest.join('=');
+    }
+  });
+  return cookies;
+}
+
+function getSessionFromRequest(req) {
+  const cookies = parseCookies(req.headers.cookie);
+  return cookies.session;
+}
+
+function isAuthenticated(req) {
+  const sessionId = getSessionFromRequest(req);
+  return validateSession(sessionId);
+}
+
+// Public paths that don't require authentication
+const PUBLIC_PATHS = ['/login', '/login.html', '/register', '/register.html', '/reset-password', '/reset-password.html', '/verify-email', '/verify-email.html', '/docs', '/docs.html', '/docs.md', '/css/styles.css', '/manifest.json', '/sw.js', '/icon-192.png', '/icon-512.png', '/favicon.svg', '/favicon.ico'];
+
+function requireAuth(req, res) {
+  const url = req.url.split('?')[0];
+
+  // Allow public paths
+  if (PUBLIC_PATHS.includes(url)) {
+    return false; // Don't require auth
+  }
+
+  // Check if authenticated
+  if (isAuthenticated(req)) {
+    return false; // Don't require auth (already authenticated)
+  }
+
+  // Redirect to login for HTML requests, return 401 for API requests
+  if (req.headers.accept && req.headers.accept.includes('text/html')) {
+    res.writeHead(302, { 'Location': '/login' });
+    res.end();
+  } else {
+    res.writeHead(401, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'Unauthorized' }));
+  }
+
+  return true; // Auth required but not authenticated
+}
+
+module.exports = {
+  createSession,
+  validateSession,
+  getSession,
+  destroySession,
+  validateCredentials,
+  getSessionFromRequest,
+  isAuthenticated,
+  requireAuth,
+  hashPassword
+};

package/lib/config.js

@@ -0,0 +1,53 @@
+const path = require('path');
+const crypto = require('crypto');
+
+module.exports = {
+  PORT: process.env.PORT || 3847,
+  LOG_FILE: '/var/log/auto-ticket.log',
+  AGENT_LOGS_DIR: path.join(__dirname, '..', 'agent-logs'),
+  HISTORY_FILE: path.join(__dirname, '..', 'agent-history.json'),
+  MAX_HISTORY: 100,
+  CACHE_TTL: 60000, // 1 minute
+
+  // Redis configuration (dedicated instance)
+  REDIS_HOST: process.env.REDIS_HOST || 'localhost',
+  REDIS_PORT: parseInt(process.env.REDIS_PORT || '6379'),
+  REDIS_DB: parseInt(process.env.REDIS_DB || '0'),
+
+  // PostgreSQL configuration
+  DATABASE_URL: process.env.DATABASE_URL || 'postgresql://agentdev:agentdev_secure_password_change_me@localhost:6432/agentdev',
+
+  // JWT configuration for agent tokens
+  JWT_SECRET: process.env.JWT_SECRET || crypto.randomBytes(32).toString('hex'),
+  JWT_EXPIRES_IN: '90d', // Agent tokens valid for 90 days
+
+  // Encryption key for OAuth secrets
+  ENCRYPTION_KEY: process.env.ENCRYPTION_SECRET_KEY || crypto.randomBytes(32).toString('hex'),
+
+  // GitHub project configuration
+  GITHUB_ORG: 'data-tamer',
+  PROJECT_NUMBER: 1,
+  PROJECT_ID: 'PVT_kwDOCJIWbs4AnuSZ',
+  STATUS_FIELD_ID: 'PVTSSF_lADOCJIWbs4AnuSZzgfaWGs',
+  STATUS_OPTIONS: {
+    TODO: 'f75ad846',
+    IN_PROGRESS: '47fc9ee4',
+    TEST: 'c48bc058',
+    DONE: '98236657'
+  },
+
+  // Authentication configuration
+  AUTH: {
+    USERNAME: 'riccardo.ravaro@datatamer.ai',
+    PASSWORD: 'Nettuno1999',
+    SESSION_SECRET: crypto.randomBytes(32).toString('hex'),
+    SESSION_TTL: 24 * 60 * 60 * 1000 // 24 hours
+  },
+
+  // Device flow configuration
+  DEVICE_CODE_TTL: 600, // 10 minutes
+  DEVICE_CODE_POLL_INTERVAL: 5, // 5 seconds
+
+  // Base URL for device authorization
+  BASE_URL: process.env.BASE_URL || 'http://localhost:3847'
+};