agentgate 0.4.0 → 0.5.0

package/src/routes/ui/shared.js

@@ -21,6 +21,30 @@ export function renderMarkdownLinks(str) {
   return escaped;
 }
 
+// Generate a consistent color from a string (for avatar fallback)
+export function stringToColor(str) {
+  if (!str) return '#6b7280';
+  let hash = 0;
+  for (let i = 0; i < str.length; i++) {
+    hash = str.charCodeAt(i) + ((hash << 5) - hash);
+  }
+  const hue = Math.abs(hash % 360);
+  return `hsl(${hue}, 60%, 45%)`;
+}
+
+// Render agent avatar with fallback to initials
+export function renderAvatar(agentName, { size = 32, className = '' } = {}) {
+  if (!agentName) return '';
+  const safeName = escapeHtml(agentName);
+  const initial = agentName.charAt(0).toUpperCase();
+  const color = stringToColor(agentName);
+  
+  return `<span class="avatar ${className}" style="width: ${size}px; height: ${size}px; background-color: ${color};" data-agent="${safeName}">
+    <img src="/ui/keys/avatar/${encodeURIComponent(agentName)}" alt="" onerror="this.style.display='none'; this.nextElementSibling.style.display='flex';">
+    <span class="avatar-initials" style="display: none;">${initial}</span>
+  </span>`;
+}
+
 // Status badge HTML
 export function statusBadge(status) {
   const colors = {
@@ -30,16 +54,34 @@ export function statusBadge(status) {
     completed: 'background: rgba(16, 185, 129, 0.15); color: #34d399; border: 1px solid rgba(16, 185, 129, 0.3);',
     failed: 'background: rgba(239, 68, 68, 0.15); color: #f87171; border: 1px solid rgba(239, 68, 68, 0.3);',
     rejected: 'background: rgba(156, 163, 175, 0.15); color: #9ca3af; border: 1px solid rgba(156, 163, 175, 0.3);',
+    withdrawn: 'background: rgba(168, 85, 247, 0.15); color: #c084fc; border: 1px solid rgba(168, 85, 247, 0.3);',
     delivered: 'background: rgba(16, 185, 129, 0.15); color: #34d399; border: 1px solid rgba(16, 185, 129, 0.3);'
   };
   return `<span class="status" style="${colors[status] || ''}">${status}</span>`;
 }
 
-// Format date for display
+// Format date for display - outputs span with data-utc for client-side localization
 export function formatDate(dateStr) {
   if (!dateStr) return '';
-  const d = new Date(dateStr);
-  return d.toLocaleString();
+  // Return span with UTC timestamp - client JS will localize
+  return `<span class="local-time" data-utc="${dateStr}"></span>`;
+}
+
+// Client-side script to localize all dates to browser timezone
+export function localizeScript() {
+  return `
+  <script>
+    document.addEventListener('DOMContentLoaded', function() {
+      document.querySelectorAll('.local-time[data-utc]').forEach(function(el) {
+        const utc = el.getAttribute('data-utc');
+        if (utc) {
+          const d = new Date(utc);
+          el.textContent = d.toLocaleString();
+          el.title = utc + ' UTC';
+        }
+      });
+    });
+  </script>`;
 }
 
 // Shared HTML head with common styles/scripts
@@ -48,13 +90,15 @@ export function htmlHead(title, { includeSocket = false } = {}) {
 <html>
 <head>
   <title>agentgate - ${title}</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="icon" type="image/svg+xml" href="/public/favicon.svg">
   <link rel="stylesheet" href="/public/style.css">
+  <link rel="stylesheet" href="/public/mobile.css">
   ${includeSocket ? '<script src="/socket.io/socket.io.js"></script>' : ''}
 </head>`;
 }
 
-// Navigation header
+// Navigation header with real-time badge support
 export function navHeader({ pendingQueueCount = 0, pendingMessagesCount = 0, messagingMode = 'off' } = {}) {
   return `
   <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 16px;">
@@ -63,18 +107,21 @@ export function navHeader({ pendingQueueCount = 0, pendingMessagesCount = 0, mes
       <h1 style="margin: 0;">agentgate</h1>
     </div>
     <div style="display: flex; gap: 12px; align-items: center;">
-      <a href="/ui/keys" class="nav-btn nav-btn-default">API Keys</a>
+      <a href="/ui/keys" class="nav-btn nav-btn-default">Agents</a>
+      <a href="/ui/access" class="nav-btn nav-btn-default">Access</a>
       <a href="/ui/queue" class="nav-btn nav-btn-default" style="position: relative;">
-        Write Queue
+        Queue
         <span id="queue-badge" class="badge" ${pendingQueueCount > 0 ? '' : 'style="display:none"'}>${pendingQueueCount}</span>
       </a>
+      <a href="/ui/mementos" class="nav-btn nav-btn-default">Mementos</a>
       <a href="/ui/messages" id="messages-nav" class="nav-btn nav-btn-default" style="position: relative;${messagingMode === 'off' ? ' display:none;' : ''}">
         Messages
         <span id="messages-badge" class="badge" ${pendingMessagesCount > 0 ? '' : 'style="display:none"'}>${pendingMessagesCount}</span>
       </a>
       <div class="nav-divider"></div>
+      <a href="/ui#settings" class="nav-btn nav-btn-default" title="Settings">⚙️</a>
       <form method="POST" action="/ui/logout" style="margin: 0;">
-        <button type="submit" class="nav-btn nav-btn-default" style="color: #f87171;">Logout</button>
+        <button type="submit" class="nav-btn nav-btn-danger">Logout</button>
       </form>
     </div>
   </div>`;
@@ -137,3 +184,86 @@ export function copyScript() {
     }
   </script>`;
 }
+
+// Styled error page for OAuth callbacks and other errors
+export function renderErrorPage(title, message, { backUrl = '/ui', backText = 'Back to Settings' } = {}) {
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <title>agentgate - ${escapeHtml(title)}</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="icon" type="image/svg+xml" href="/public/favicon.svg">
+  <link rel="stylesheet" href="/public/style.css">
+  <style>
+    .error-container {
+      max-width: 500px;
+      margin: 80px auto;
+      padding: 32px;
+      text-align: center;
+    }
+    .error-icon {
+      font-size: 64px;
+      margin-bottom: 16px;
+    }
+    .error-title {
+      color: #f87171;
+      margin-bottom: 16px;
+    }
+    .error-message {
+      color: #9ca3af;
+      margin-bottom: 24px;
+      line-height: 1.6;
+      word-break: break-word;
+    }
+    .error-actions {
+      display: flex;
+      gap: 12px;
+      justify-content: center;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="error-container">
+      <div class="error-icon">⚠️</div>
+      <h1 class="error-title">${escapeHtml(title)}</h1>
+      <p class="error-message">${escapeHtml(message)}</p>
+      <div class="error-actions">
+        <a href="${escapeHtml(backUrl)}" class="btn btn-primary">${escapeHtml(backText)}</a>
+      </div>
+    </div>
+  </div>
+</body>
+</html>`;
+}
+
+// Simple navigation header for sub-pages (includes badge elements for socket.io updates)
+export function simpleNavHeader({ pendingQueueCount = 0, pendingMessagesCount = 0, messagingMode = 'off' } = {}) {
+  return `
+  <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 16px;">
+    <div style="display: flex; align-items: center; gap: 12px;">
+      <a href="/ui" style="display: flex; align-items: center; gap: 12px; text-decoration: none; color: inherit;">
+        <img src="/public/favicon.svg" alt="agentgate" style="height: 48px;">
+        <h1 style="margin: 0;">agentgate</h1>
+      </a>
+    </div>
+    <div style="display: flex; gap: 12px; align-items: center;">
+      <a href="/ui/keys" class="nav-btn nav-btn-default">Agents</a>
+      <a href="/ui/access" class="nav-btn nav-btn-default">Access</a>
+      <a href="/ui/queue" class="nav-btn nav-btn-default" style="position: relative;">
+        Queue
+        <span id="queue-badge" class="badge" ${pendingQueueCount > 0 ? '' : 'style="display:none"'}>${pendingQueueCount}</span>
+      </a>
+      <a href="/ui/mementos" class="nav-btn nav-btn-default">Mementos</a>
+      <a href="/ui/messages" id="messages-nav" class="nav-btn nav-btn-default" style="position: relative;${messagingMode === 'off' ? ' display:none;' : ''}">
+        Messages
+        <span id="messages-badge" class="badge" ${pendingMessagesCount > 0 ? '' : 'style="display:none"'}>${pendingMessagesCount}</span>
+      </a>
+      <div class="nav-divider"></div>
+      <a href="/ui#settings" class="nav-btn nav-btn-default" title="Settings">⚙️</a>
+      <form method="POST" action="/ui/logout" style="margin: 0;">
+        <button type="submit" class="nav-btn nav-btn-danger">Logout</button>
+      </form>
+    </div>
+  </div>`;
+}

package/src/routes/ui/youtube.js

@@ -1,4 +1,5 @@
 import { setAccountCredentials, deleteAccount, getAccountCredentials } from '../../lib/db.js';
+import { renderErrorPage } from './shared.js';
 
 export function registerRoutes(router, baseUrl) {
   router.post('/youtube/setup', (req, res) => {
@@ -22,14 +23,19 @@ export function registerRoutes(router, baseUrl) {
 
   router.get('/youtube/callback', async (req, res) => {
     const { code, error, state } = req.query;
+    const accountName = state?.replace('agentgate_youtube_', '') || 'default';
+    
     if (error) {
-      return res.status(400).send(`YouTube OAuth error: ${error}`);
+      const creds = getAccountCredentials('youtube', accountName);
+      if (creds) {
+        setAccountCredentials('youtube', accountName, { ...creds, authStatus: 'failed', authError: error });
+      }
+      return res.status(400).send(renderErrorPage('YouTube OAuth Error', `YouTube returned an error: ${error}`));
     }
 
-    const accountName = state?.replace('agentgate_youtube_', '') || 'default';
     const creds = getAccountCredentials('youtube', accountName);
     if (!creds) {
-      return res.status(400).send('YouTube account not found. Please try setup again.');
+      return res.status(400).send(renderErrorPage('Setup Error', 'YouTube account not found. Please try setup again.'));
     }
 
     try {
@@ -51,19 +57,22 @@ export function registerRoutes(router, baseUrl) {
 
       const tokens = await response.json();
       if (tokens.error) {
-        return res.status(400).send(`YouTube token error: ${tokens.error}`);
+        setAccountCredentials('youtube', accountName, { ...creds, authStatus: 'failed', authError: tokens.error });
+        return res.status(400).send(renderErrorPage('Token Error', `YouTube token exchange failed: ${tokens.error}`));
       }
 
       setAccountCredentials('youtube', accountName, {
         ...creds,
         accessToken: tokens.access_token,
         refreshToken: tokens.refresh_token,
-        expiresAt: Date.now() + (tokens.expires_in * 1000) - 60000
+        expiresAt: Date.now() + (tokens.expires_in * 1000) - 60000,
+        authStatus: 'success'
       });
 
       res.redirect('/ui');
     } catch (err) {
-      res.status(500).send(`YouTube OAuth failed: ${err.message}`);
+      setAccountCredentials('youtube', accountName, { ...creds, authStatus: 'failed', authError: err.message });
+      res.status(500).send(renderErrorPage('Connection Error', `YouTube OAuth failed: ${err.message}`));
     }
   });
 
@@ -72,6 +81,25 @@ export function registerRoutes(router, baseUrl) {
     deleteAccount('youtube', accountName);
     res.redirect('/ui');
   });
+
+  router.post('/youtube/retry', (req, res) => {
+    const { accountName } = req.body;
+    const creds = getAccountCredentials('youtube', accountName);
+    if (!creds || !creds.clientId || !creds.clientSecret) {
+      return res.status(400).send(renderErrorPage('Retry Error', 'Account credentials not found. Please set up the account again.'));
+    }
+
+    const redirectUri = `${baseUrl}/ui/youtube/callback`;
+    const scope = 'https://www.googleapis.com/auth/youtube.readonly';
+    const state = `agentgate_youtube_${accountName}`;
+
+    const authUrl = 'https://accounts.google.com/o/oauth2/v2/auth?' +
+      `client_id=${creds.clientId}&response_type=code&` +
+      `state=${encodeURIComponent(state)}&redirect_uri=${encodeURIComponent(redirectUri)}&` +
+      `scope=${encodeURIComponent(scope)}&access_type=offline&prompt=consent`;
+
+    res.redirect(authUrl);
+  });
 }
 
 export function renderCard(accounts, baseUrl) {
@@ -79,15 +107,36 @@ export function renderCard(accounts, baseUrl) {
 
   const renderAccounts = () => {
     if (serviceAccounts.length === 0) return '';
-    return serviceAccounts.map(acc => `
-      <div class="account-item">
-        <span><strong>${acc.name}</strong></span>
-        <form method="POST" action="/ui/youtube/delete" style="margin:0;">
+    return serviceAccounts.map(acc => {
+      const { hasToken, hasCredentials, authStatus } = acc.status || {};
+      
+      let statusBadge = '';
+      if (hasToken) {
+        statusBadge = '<span class="badge-success" style="margin-left: 8px;">✓ Connected</span>';
+      } else if (authStatus === 'failed') {
+        statusBadge = '<span class="badge-error" style="margin-left: 8px;">✗ Auth Failed</span>';
+      } else if (hasCredentials) {
+        statusBadge = '<span class="badge-warning" style="margin-left: 8px;">⏳ Pending</span>';
+      }
+      
+      const retryBtn = (!hasToken && hasCredentials) ? `
+        <form method="POST" action="/ui/youtube/retry" style="margin:0;">
           <input type="hidden" name="accountName" value="${acc.name}">
-          <button type="submit" class="btn-sm btn-danger">Remove</button>
-        </form>
-      </div>
-    `).join('');
+          <button type="submit" class="btn-sm btn-primary">Retry Auth</button>
+        </form>` : '';
+      
+      return `
+      <div class="account-item">
+        <span><strong>${acc.name}</strong>${statusBadge}</span>
+        <div style="display: flex; gap: 8px;">
+          ${retryBtn}
+          <form method="POST" action="/ui/youtube/delete" style="margin:0;">
+            <input type="hidden" name="accountName" value="${acc.name}">
+            <button type="submit" class="btn-sm btn-danger">Remove</button>
+          </form>
+        </div>
+      </div>`;
+    }).join('');
   };
 
   return `

package/src/routes/webhooks.js

@@ -0,0 +1,247 @@
+import { Router } from 'express';
+import crypto from 'crypto';
+import { getWebhookSecret, listApiKeys } from '../lib/db.js';
+
+const router = Router();
+
+/**
+ * Verify GitHub webhook signature (HMAC SHA256)
+ * @param {string} payload - Raw request body
+ * @param {string} signature - X-Hub-Signature-256 header
+ * @param {string} secret - Webhook secret
+ * @returns {boolean}
+ */
+function verifyGitHubSignature(payload, signature, secret) {
+  if (!signature || !secret) return false;
+
+  const expected = 'sha256=' + crypto
+    .createHmac('sha256', secret)
+    .update(payload)
+    .digest('hex');
+
+  try {
+    return crypto.timingSafeEqual(
+      Buffer.from(signature),
+      Buffer.from(expected)
+    );
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Parse GitHub event into normalized format
+ */
+function parseGitHubEvent(eventType, payload) {
+  const base = {
+    service: 'github',
+    event: eventType,
+    received_at: new Date().toISOString()
+  };
+
+  if (payload.repository) {
+    base.repo = payload.repository.full_name;
+  }
+
+  switch (eventType) {
+  case 'push':
+    return {
+      ...base,
+      data: {
+        ref: payload.ref,
+        commits: payload.commits?.length || 0,
+        pusher: payload.pusher?.name,
+        compare_url: payload.compare
+      }
+    };
+
+  case 'pull_request':
+    return {
+      ...base,
+      event: `pull_request.${payload.action}`,
+      data: {
+        number: payload.pull_request?.number,
+        title: payload.pull_request?.title,
+        action: payload.action,
+        url: payload.pull_request?.html_url,
+        user: payload.pull_request?.user?.login,
+        merged: payload.pull_request?.merged || false
+      }
+    };
+
+  case 'issues':
+    return {
+      ...base,
+      event: `issues.${payload.action}`,
+      data: {
+        number: payload.issue?.number,
+        title: payload.issue?.title,
+        action: payload.action,
+        url: payload.issue?.html_url,
+        user: payload.issue?.user?.login
+      }
+    };
+
+  case 'issue_comment':
+    return {
+      ...base,
+      event: `issue_comment.${payload.action}`,
+      data: {
+        issue_number: payload.issue?.number,
+        issue_title: payload.issue?.title,
+        comment_id: payload.comment?.id,
+        action: payload.action,
+        url: payload.comment?.html_url,
+        user: payload.comment?.user?.login,
+        is_pr: !!payload.issue?.pull_request
+      }
+    };
+
+  case 'check_suite':
+    return {
+      ...base,
+      event: `check_suite.${payload.action}`,
+      data: {
+        status: payload.check_suite?.status,
+        conclusion: payload.check_suite?.conclusion,
+        head_sha: payload.check_suite?.head_sha?.substring(0, 7)
+      }
+    };
+
+  case 'check_run':
+    return {
+      ...base,
+      event: `check_run.${payload.action}`,
+      data: {
+        name: payload.check_run?.name,
+        status: payload.check_run?.status,
+        conclusion: payload.check_run?.conclusion,
+        head_sha: payload.check_run?.head_sha?.substring(0, 7)
+      }
+    };
+
+  case 'release':
+    return {
+      ...base,
+      event: `release.${payload.action}`,
+      data: {
+        tag: payload.release?.tag_name,
+        name: payload.release?.name,
+        url: payload.release?.html_url,
+        prerelease: payload.release?.prerelease
+      }
+    };
+
+  case 'workflow_run':
+    return {
+      ...base,
+      event: `workflow_run.${payload.action}`,
+      data: {
+        name: payload.workflow_run?.name,
+        status: payload.workflow_run?.status,
+        conclusion: payload.workflow_run?.conclusion,
+        head_sha: payload.workflow_run?.head_sha?.substring(0, 7),
+        url: payload.workflow_run?.html_url
+      }
+    };
+
+  default:
+    return {
+      ...base,
+      data: { action: payload.action }
+    };
+  }
+}
+
+/**
+ * Broadcast webhook event to all agents with webhooks configured
+ */
+async function broadcastToAgents(event) {
+  const agents = listApiKeys();
+  const results = { delivered: [], failed: [] };
+
+  for (const agent of agents) {
+    if (!agent.webhook_url) continue;
+
+    try {
+      const response = await fetch(agent.webhook_url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(agent.webhook_token ? { 'Authorization': `Bearer ${agent.webhook_token}` } : {})
+        },
+        body: JSON.stringify({
+          type: 'service_webhook',
+          ...event
+        })
+      });
+
+      if (response.ok) {
+        results.delivered.push(agent.name);
+      } else {
+        results.failed.push({ name: agent.name, status: response.status });
+      }
+    } catch (err) {
+      results.failed.push({ name: agent.name, error: err.message });
+    }
+  }
+
+  return results;
+}
+
+// POST /webhooks/github - Receive GitHub webhooks
+// NOTE: This route does NOT use apiKeyAuth - it uses signature verification instead
+router.post('/github', async (req, res) => {
+  const signature = req.headers['x-hub-signature-256'];
+  const eventType = req.headers['x-github-event'];
+  const deliveryId = req.headers['x-github-delivery'];
+
+  if (!eventType) {
+    return res.status(400).json({ error: 'Missing X-GitHub-Event header' });
+  }
+
+  // Get stored webhook secret
+  const secret = getWebhookSecret('github');
+
+  // Verify signature if secret is configured
+  if (secret) {
+    // Use raw body captured by express.json verify callback
+    const rawBody = req.rawBody;
+    if (!rawBody) {
+      console.error('GitHub webhook missing raw body - cannot verify signature');
+      return res.status(500).json({ error: 'Internal error: raw body not captured' });
+    }
+    if (!verifyGitHubSignature(rawBody, signature, secret)) {
+      console.error('GitHub webhook signature verification failed');
+      return res.status(401).json({ error: 'Invalid signature' });
+    }
+  }
+
+  // Handle ping event (GitHub sends this when webhook is first configured)
+  if (eventType === 'ping') {
+    console.log('GitHub webhook ping received:', req.body.zen);
+    return res.json({ ok: true, message: 'pong', zen: req.body.zen });
+  }
+
+  // Parse event
+  const event = parseGitHubEvent(eventType, req.body);
+  console.log('GitHub webhook received:', event.event, event.repo || '');
+
+  // Broadcast to agents
+  const results = await broadcastToAgents(event);
+  console.log('Webhook broadcast:', results.delivered.length, 'delivered,', results.failed.length, 'failed');
+
+  return res.json({
+    ok: true,
+    delivery_id: deliveryId,
+    event: event.event,
+    repo: event.repo,
+    broadcast: {
+      delivered: results.delivered.length,
+      failed: results.failed.length
+    }
+  });
+});
+
+export default router;
+