agentgate 0.4.0 → 0.5.0

package/README.md

@@ -135,6 +135,108 @@ agentgate can notify your agent when queue items are completed, failed, or rejec
 
 Compatible with OpenClaw's `/hooks/wake` endpoint. See [OpenClaw webhook docs](https://docs.openclaw.ai/automation/webhook).
 
+## Service Access Control
+
+Control which agents can access specific services. Each service/account can be configured with one of three access modes:
+
+- **All** (default) - All agents can access
+- **Allowlist** - Only listed agents can access
+- **Denylist** - All agents except listed ones can access
+
+**Setup in Admin UI:**
+1. Go to **Services** in the admin navigation
+2. Click on a service to configure access
+3. Set access mode and add/remove agents from the list
+
+**API Endpoint:**
+```bash
+# Check your access to services
+GET /api/services
+Authorization: Bearer rms_your_key
+
+# Response shows only services you can access
+{ "services": [{ "service": "github", "account_name": "monteslu", "access_mode": "all" }, ...] }
+```
+
+When an agent lacks access to a service, API calls return `403 Forbidden` with a clear error message.
+
+## Auth Bypass (Trusted Agents)
+
+For highly trusted agents, you can bypass the write queue entirely. Agents with `bypass_auth` enabled execute write operations immediately without human approval.
+
+> ⚠️ **Use with extreme caution.** Only enable for agents you completely trust with unsupervised write access.
+
+**Setup in Admin UI:**
+1. Go to **API Keys**
+2. Click **Configure** next to the agent
+3. Enable **Auth Bypass**
+
+**Behavior:**
+- All write operations (POST/PUT/DELETE) execute immediately
+- No queue entries are created
+- The agent is effectively operating unsupervised
+- Reads work the same as before
+
+This is useful for automation agents that need to perform routine operations without human bottlenecks.
+
+## GitHub Webhooks
+
+agentgate can receive GitHub webhook events and forward them to agent webhooks, enabling reactive workflows.
+
+**Setup:**
+1. In GitHub repo settings, add a webhook:
+   - URL: `https://your-agentgate.com/webhooks/github`
+   - Content type: `application/json`
+   - Secret: (configure in agentgate settings)
+   - Events: Choose which events to receive
+
+2. Configure webhook forwarding in agentgate Admin UI under **Settings**
+
+**Supported Events:**
+- Push events
+- Pull request events (opened, closed, merged, review requested)
+- Issue events
+- Workflow run events
+
+Agents receive webhooks in the same format as other notifications, enabling them to react to repository changes in real-time.
+
+## Agent Avatars
+
+Agents can have custom avatars displayed in the admin UI for easy identification.
+
+**Setup in Admin UI:**
+1. Go to **API Keys**
+2. Click the avatar placeholder next to an agent name
+3. Upload an image (PNG, JPG, GIF, WebP supported)
+
+Avatars are stored locally and displayed throughout the UI wherever the agent is referenced.
+
+## Memento (Agent Memory)
+
+Durable memory storage for agents. Store and retrieve memory snapshots tagged with keywords for long-term context preservation.
+
+📖 **[See full documentation](docs/memento.md)** (coming soon)
+
+**Key Features:**
+- **Append-only** - Mementos are immutable once stored
+- **Keyword tagging** - Each memento has 1-10 keywords (stemmed for matching)
+- **Two-step retrieval** - Search returns metadata, fetch returns full content
+
+**Quick API Overview:**
+```bash
+# Store a memento
+POST /api/agents/memento
+{ "content": "Your memory...", "keywords": ["project", "decision"] }
+
+# Search by keyword
+GET /api/agents/memento/search?keywords=project&limit=10
+
+# Fetch full content
+GET /api/agents/memento/42,38,15
+```
+
+Each agent sees only their own mementos. Maximum 12KB per memento.
+
 ## Inter-Agent Messaging
 
 Agents can communicate with each other through agentgate, with optional human oversight.
@@ -146,14 +248,30 @@ Agents can communicate with each other through agentgate, with optional human ov
 - Configure agent webhooks in Admin UI under **API Keys > Configure**
 - Endpoints: `/api/agents/messageable`, `/api/agents/message`, `/api/agents/messages`, `/api/agents/status`
 
+### Broadcasts
+
+Send messages to all agents at once:
+
+```bash
+POST /api/agents/broadcast
+{ "message": "Team announcement: deployment starting" }
+
+# Response
+{ "delivered": ["Agent1", "Agent2"], "failed": [], "total": 2 }
+```
+
+Broadcasts are stored in the database and appear in each agent's message history. View broadcast history in the Admin UI under **Messages → Broadcast**.
+
 ## Agent Registry
 
 Manage your agents in the admin UI at `/ui/keys`. Each agent has:
 
 - **Name** - Unique identifier (case-insensitive)
 - **API Key** - Bearer token for agent → agentgate authentication (shown once at creation)
+- **Avatar** - Optional image for visual identification
 - **Webhook URL** (optional) - Endpoint for agentgate → agent notifications
 - **Webhook Token** (optional) - Bearer token for webhook authentication
+- **Auth Bypass** (optional) - Skip write queue for trusted agents
 
 When an agent's webhook is configured, agentgate will POST notifications for:
 - Queue item status changes (approved/rejected/completed/failed)
@@ -291,12 +409,8 @@ BASE_URL=https://agentgate.yourdomain.com npm start
 
 ## TODO
 
-- [ ] Per-agent service access control - different agents can access different services/accounts
 - [ ] Fine-grained endpoint control per service - whitelist/blacklist individual endpoints (even for read operations)
 
 ## License
 
 ISC
-
-
-

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgate",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "type": "module",
   "description": "API gateway for AI agents with human-in-the-loop write approval",
   "main": "src/index.js",
@@ -52,7 +52,8 @@
     "express": "^4.18.2",
     "hsync": "^0.33.0",
     "nanoid": "^5.0.0",
-    "socket.io": "^4.8.3"
+    "socket.io": "^4.8.3",
+    "stemmer": "^2.0.1"
   },
   "devDependencies": {
     "eslint": "^9.0.0",

package/public/mobile.css

@@ -0,0 +1,178 @@
+/* Mobile Responsive Styles for agentgate */
+/* Issue #39 */
+
+/* Tablet breakpoint */
+@media (max-width: 768px) {
+  body {
+    padding: 20px;
+  }
+
+  h1 {
+    font-size: 1.75rem;
+  }
+
+  .card {
+    padding: 20px;
+    margin: 16px 0;
+  }
+
+  /* Nav buttons wrap */
+  [style*="display: flex"][style*="gap: 12px"] {
+    flex-wrap: wrap;
+  }
+
+  .nav-btn {
+    padding: 12px 16px;
+    font-size: 14px;
+  }
+
+  /* Tables scroll horizontally */
+  table {
+    display: block;
+    overflow-x: auto;
+    white-space: nowrap;
+  }
+
+  /* Full width inputs */
+  input[type="text"],
+  input[type="password"],
+  input[type="url"],
+  textarea {
+    width: 100% !important;
+    min-width: 0;
+  }
+
+  /* Stack filter bar */
+  .filter-bar {
+    flex-direction: column;
+    align-items: stretch;
+    gap: 12px;
+  }
+
+  .filter-bar .clear-section {
+    margin-left: 0;
+    margin-top: 8px;
+  }
+}
+
+/* Mobile breakpoint */
+@media (max-width: 480px) {
+  body {
+    padding: 12px;
+  }
+
+  h1 {
+    font-size: 1.4rem;
+  }
+
+  h2 {
+    font-size: 1.1rem;
+  }
+
+  .card {
+    padding: 16px;
+    margin: 12px 0;
+    border-radius: 12px;
+  }
+
+  /* Header stacks vertically */
+  [style*="display: flex"][style*="justify-content: space-between"] {
+    flex-direction: column;
+    gap: 16px;
+    align-items: stretch;
+  }
+
+  /* Nav buttons full width */
+  .nav-btn {
+    width: 100%;
+    justify-content: center;
+  }
+
+  /* Touch-friendly buttons */
+  button,
+  .btn-primary,
+  .btn-secondary,
+  .btn-danger,
+  input[type="submit"] {
+    min-height: 44px;
+    padding: 12px 20px;
+  }
+
+  .btn-sm {
+    min-height: 40px;
+    padding: 10px 16px;
+  }
+
+  /* Form actions stack */
+  .queue-actions,
+  .message-actions {
+    flex-direction: column;
+    gap: 12px;
+  }
+
+  .queue-actions input,
+  .message-actions input {
+    width: 100% !important;
+  }
+
+  .queue-actions button,
+  .message-actions button {
+    width: 100%;
+  }
+
+  /* Copyable text wraps */
+  .copyable {
+    flex-wrap: wrap;
+    word-break: break-all;
+  }
+
+  pre {
+    padding: 16px;
+    font-size: 12px;
+  }
+
+  code {
+    font-size: 12px;
+    word-break: break-all;
+  }
+
+  /* Hide nav divider on mobile */
+  .nav-divider {
+    display: none;
+  }
+
+  /* Badge position adjustment */
+  .badge {
+    top: -6px;
+    right: -6px;
+    width: 20px;
+    height: 20px;
+    font-size: 10px;
+  }
+
+  /* Account items stack */
+  .account-item {
+    flex-direction: column;
+    align-items: flex-start;
+    gap: 8px;
+  }
+
+  /* Login card */
+  .login-card {
+    margin: 40px auto;
+  }
+}
+
+/* Prevent horizontal scroll */
+html, body {
+  overflow-x: hidden;
+}
+
+/* Safe area padding for notched devices */
+@media (max-width: 480px) {
+  body {
+    padding-left: env(safe-area-inset-left, 12px);
+    padding-right: env(safe-area-inset-right, 12px);
+    padding-bottom: env(safe-area-inset-bottom, 12px);
+  }
+}

package/public/style.css

@@ -258,6 +258,7 @@ button, input[type="submit"] {
   display: inline-flex;
   align-items: center;
   gap: 8px;
+  white-space: nowrap;
 }
 
 .nav-btn-default {
@@ -285,6 +286,19 @@ button, input[type="submit"] {
   transform: translateY(-2px);
 }
 
+.nav-btn-danger {
+  background: rgba(239, 68, 68, 0.1);
+  color: #f87171;
+  border: 1px solid rgba(239, 68, 68, 0.3);
+}
+
+.nav-btn-danger:hover {
+  background: rgba(239, 68, 68, 0.2);
+  color: #fca5a5;
+  border-color: rgba(239, 68, 68, 0.5);
+  transform: translateY(-2px);
+}
+
 .account-item {
   display: flex;
   justify-content: space-between;
@@ -557,6 +571,40 @@ body > p:first-of-type {
   margin: 0 8px;
 }
 
+/* Status badges for account auth state */
+.badge-success {
+  display: inline-block;
+  padding: 2px 8px;
+  border-radius: 4px;
+  font-size: 12px;
+  font-weight: 500;
+  background: rgba(16, 185, 129, 0.15);
+  color: #34d399;
+  border: 1px solid rgba(16, 185, 129, 0.3);
+}
+
+.badge-error {
+  display: inline-block;
+  padding: 2px 8px;
+  border-radius: 4px;
+  font-size: 12px;
+  font-weight: 500;
+  background: rgba(239, 68, 68, 0.15);
+  color: #f87171;
+  border: 1px solid rgba(239, 68, 68, 0.3);
+}
+
+.badge-warning {
+  display: inline-block;
+  padding: 2px 8px;
+  border-radius: 4px;
+  font-size: 12px;
+  font-weight: 500;
+  background: rgba(245, 158, 11, 0.15);
+  color: #fbbf24;
+  border: 1px solid rgba(245, 158, 11, 0.3);
+}
+
 /* Scrollbar styling */
 ::-webkit-scrollbar {
   width: 8px;
@@ -591,3 +639,84 @@ body > p:first-of-type {
   border-radius: 8px;
   border: 1px solid rgba(16, 185, 129, 0.3);
 }
+
+/* Avatar component */
+.avatar {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 50%;
+  overflow: hidden;
+  flex-shrink: 0;
+  position: relative;
+}
+
+.avatar img {
+  width: 100%;
+  height: 100%;
+  object-fit: cover;
+}
+
+.avatar-initials {
+  color: white;
+  font-weight: 600;
+  font-size: 0.875em;
+  text-transform: uppercase;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 100%;
+  height: 100%;
+}
+
+.avatar-sm {
+  width: 24px;
+  height: 24px;
+}
+
+.avatar-md {
+  width: 32px;
+  height: 32px;
+}
+
+.avatar-lg {
+  width: 48px;
+  height: 48px;
+}
+
+/* Agent name with avatar */
+.agent-with-avatar {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+}
+
+/* Small and extra-small buttons */
+.btn-xs {
+  padding: 2px 8px;
+  font-size: 11px;
+  border-radius: 4px;
+  background: rgba(99, 102, 241, 0.15);
+  color: #818cf8;
+  border: 1px solid rgba(99, 102, 241, 0.3);
+  cursor: pointer;
+  transition: all 0.2s;
+}
+
+.btn-xs:hover {
+  background: rgba(99, 102, 241, 0.25);
+}
+
+.btn-danger {
+  background: rgba(239, 68, 68, 0.15);
+  color: #f87171;
+  border: 1px solid rgba(239, 68, 68, 0.3);
+  padding: 8px 16px;
+  border-radius: 6px;
+  cursor: pointer;
+  transition: all 0.2s;
+}
+
+.btn-danger:hover {
+  background: rgba(239, 68, 68, 0.25);
+}