aios-management-web 0.1.0

package/server/src/api/routes/index.js

@@ -0,0 +1,677 @@
+import express from "express";
+import multer from "multer";
+
+import { createAuthMiddleware } from "../middleware/auth.js";
+import { createInternalAuthMiddleware, createServiceApiAuthMiddleware } from "../middleware/internal.js";
+import { badRequest } from "../../utils/errors.js";
+
+const upload = multer({
+  storage: multer.memoryStorage(),
+  limits: {
+    fileSize: 50 * 1024 * 1024
+  }
+});
+
+function asyncRoute(handler) {
+  return (req, res, next) => Promise.resolve(handler(req, res, next)).catch(next);
+}
+
+function writeAuditLog(services, req, action, detail) {
+  services.auditLogService.write({
+    userId: req.currentUser?.id,
+    username: req.currentUser?.username || "",
+    action,
+    detail
+  });
+}
+
+function formatAuditTarget({ id, name, fallback = "-" }) {
+  const normalizedId = id === undefined || id === null || String(id).trim() === ""
+    ? fallback
+    : String(id).trim();
+  const normalizedName = name === undefined || name === null || String(name).trim() === ""
+    ? fallback
+    : String(name).trim();
+
+  return `ID=${normalizedId}，名称=${normalizedName}`;
+}
+
+function hasOwnValue(payload, key) {
+  return Boolean(payload) && Object.prototype.hasOwnProperty.call(payload, key);
+}
+
+function normalizeAuditUsernames(values) {
+  if (!Array.isArray(values)) {
+    return [];
+  }
+
+  return [...new Set(values.map((item) => String(item || "").trim()).filter(Boolean))].sort();
+}
+
+function resolveAuditPermissionUsernames(payload) {
+  return normalizeAuditUsernames(
+    hasOwnValue(payload, "permission_usernames")
+      ? payload.permission_usernames
+      : payload.users
+  );
+}
+
+function formatUsernameList(usernames) {
+  return usernames.length > 0 ? usernames.join("、") : "无";
+}
+
+export function buildAgentUpdateAudit(current, updated, payload) {
+  const target = formatAuditTarget({
+    id: updated.id,
+    name: updated.slug
+  });
+
+  if (!hasOwnValue(payload, "permission_usernames") && !hasOwnValue(payload, "users")) {
+    return {
+      action: "编辑数字员工",
+      detail: `编辑数字员工：${target}`
+    };
+  }
+
+  const previousUsernames = normalizeAuditUsernames(
+    (current?.permissions || []).map((item) => item.username)
+  );
+  const nextUsernames = resolveAuditPermissionUsernames(payload);
+  const previousSet = new Set(previousUsernames);
+  const nextSet = new Set(nextUsernames);
+  const addedUsernames = nextUsernames.filter((username) => !previousSet.has(username));
+  const removedUsernames = previousUsernames.filter((username) => !nextSet.has(username));
+  const currentComparable = {
+    agent_name: current?.agent_name || "",
+    status: current?.status || "",
+    daily_limit: Number(current?.daily_limit ?? -1)
+  };
+  const updatedComparable = {
+    agent_name: updated?.agent_name || "",
+    status: updated?.status || "",
+    daily_limit: Number(updated?.daily_limit ?? -1)
+  };
+  const agentChanged = JSON.stringify(currentComparable) !== JSON.stringify(updatedComparable);
+  const assignmentsChanged = addedUsernames.length > 0 || removedUsernames.length > 0;
+
+  if (!agentChanged && assignmentsChanged) {
+    return {
+      action: "编辑数字员工人员分配",
+      detail: `编辑数字员工人员分配：${target}；添加：${formatUsernameList(addedUsernames)}；移除：${formatUsernameList(removedUsernames)}`
+    };
+  }
+
+  if (!agentChanged && !assignmentsChanged) {
+    return {
+      action: "编辑数字员工人员分配",
+      detail: `编辑数字员工人员分配：${target}；添加：无；移除：无`
+    };
+  }
+
+  return {
+    action: "编辑数字员工",
+    detail: `编辑数字员工：${target}；人员分配添加：${formatUsernameList(addedUsernames)}；人员分配移除：${formatUsernameList(removedUsernames)}`
+  };
+}
+
+export function createRoutes(services) {
+  const router = express.Router();
+  const requireManagementAuth = createAuthMiddleware(services.authService);
+  const requireServiceApiAuth = createServiceApiAuthMiddleware(services.portalService);
+  const requireInternal = createInternalAuthMiddleware(services.portalService);
+
+  router.post("/auth/login", asyncRoute(async (req, res) => {
+    const result = services.authService.login(req.body);
+    services.auditLogService.write({
+      userId: result.user?.id,
+      username: result.user?.username || req.body?.username || "",
+      action: "登录",
+      detail: `用户 ${result.user?.username || req.body?.username || ""} 登录系统`
+    });
+    res.json(result);
+  }));
+
+  router.get("/internal/app-invoke/system", requireInternal, asyncRoute(async (req, res) => {
+    const provider = String(req.query.provider || "");
+    const applicationName = String(req.query.applicationName || "");
+    if (!provider || !applicationName) {
+      throw badRequest("缺少 provider 或 applicationName 参数");
+    }
+
+    const system = services.systemService.findSystemForInvocation(provider, applicationName);
+    if (!system) {
+      res.status(404).json({
+        code: "not_found",
+        message: `未找到业务系统：${provider}/${applicationName}`
+      });
+      return;
+    }
+
+    res.json(system);
+  }));
+
+  router.get("/internal/app-invoke/base-url", requireInternal, asyncRoute(async (req, res) => {
+    const applicationName = String(req.query.applicationName || "");
+    if (!applicationName) {
+      throw badRequest("缺少 applicationName 参数");
+    }
+
+    res.json(services.systemService.getInvocationBaseUrlByApplicationName(applicationName));
+  }));
+
+  router.post("/internal/app-invoke/logs", requireInternal, asyncRoute(async (req, res) => {
+    await services.systemService.recordInvocation(req.body);
+    res.status(201).json({ ok: true });
+  }));
+
+  router.get("/external/cookie", requireServiceApiAuth, asyncRoute(async (req, res) => {
+    const result = await services.externalService.getCookie(
+      req.query.sessionId,
+      req.query.provider,
+      req.query.applicationName
+    );
+    res.json(result);
+  }));
+
+  router.post("/external/invoke/logging", requireServiceApiAuth, asyncRoute(async (req, res) => {
+    await services.externalService.recordInvocation(req.body);
+    res.status(204).end();
+  }));
+
+  router.get("/external/agents", requireServiceApiAuth, asyncRoute(async (req, res) => {
+    res.json({
+      items: await services.externalService.listAgentsForUser(req.query.userName)
+    });
+  }));
+
+  router.get("/external/session", requireServiceApiAuth, asyncRoute(async (req, res) => {
+    const result = await services.externalService.getOrCreateSession({
+      userName: req.query.userName,
+      agentId: req.query.agentId,
+      cookie: req.query.cookie
+    });
+    res.json(result);
+  }));
+
+  router.get("/external/context", requireServiceApiAuth, asyncRoute(async (req, res) => {
+    const result = await services.externalService.getContext(req.query.sessionId);
+    res.json(result);
+  }));
+
+  router.get("/internal/cui/agents", requireInternal, asyncRoute(async (_req, res) => {
+    res.json({
+      items: await services.agentService.listActiveAgentDirectory()
+    });
+  }));
+
+  router.use(requireManagementAuth);
+
+  router.post("/auth/logout", asyncRoute(async (req, res) => {
+    writeAuditLog(services, req, "退出登录", `用户 ${req.currentUser.username} 退出登录`);
+    services.authService.logout(req.authToken);
+    res.status(204).end();
+  }));
+
+  router.get("/auth/me", asyncRoute(async (req, res) => {
+    res.json(req.currentUser);
+  }));
+
+  router.post("/auth/change-password", asyncRoute(async (req, res) => {
+    const result = services.authService.changePassword(req.currentUser.id, req.body);
+    writeAuditLog(services, req, "修改密码", `用户 ${req.currentUser.username} 修改了登录密码`);
+    res.json(result);
+  }));
+
+  router.get("/bootstrap", asyncRoute(async (req, res) => {
+    res.json({
+      current_user: req.currentUser,
+      settings: services.portalService.getSettings(),
+      access_tokens: services.portalService.listAccessTokens(),
+      agent_sync: services.catalogSyncService.getAgentSyncStatus(),
+      skill_sync: services.catalogSyncService.getSkillSyncStatus(),
+      template_sync: services.catalogSyncService.getTemplateSyncStatus(),
+      system_sync: services.catalogSyncService.getSystemSyncStatus(),
+      usage_refresh: services.catalogSyncService.getUsageRefreshStatus(),
+      env_config: {
+        admin_inbound_topic: services.env?.mqtt?.adminInboundTopic || ""
+      }
+    });
+  }));
+
+  router.get("/dashboard", asyncRoute(async (_req, res) => {
+    res.json(services.portalService.getDashboard());
+  }));
+
+  router.get("/audit-logs", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    res.json(services.auditLogService.list({
+      page: req.query.page || 1,
+      pageSize: req.query.pageSize || 50
+    }));
+  }));
+
+  router.get("/users", asyncRoute(async (req, res) => {
+    res.json(services.portalService.listUsers(req.query.role || ""));
+  }));
+
+  router.post("/users", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.portalService.createUser(req.body);
+    writeAuditLog(services, req, "新增用户", `新增用户：${formatAuditTarget({
+      id: result.id,
+      name: result.username
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.put("/users/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.portalService.updateUser(Number(req.params.id), req.body);
+    writeAuditLog(services, req, "编辑用户", `编辑用户：${formatAuditTarget({
+      id: result.id,
+      name: result.username
+    })}`);
+    res.json(result);
+  }));
+
+  router.delete("/users/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const users = services.portalService.listUsers("");
+    const target = users.find((item) => Number(item.id) === Number(req.params.id));
+    services.portalService.deleteUser(Number(req.params.id), req.currentUser.id);
+    writeAuditLog(services, req, "删除用户", `删除用户：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.username
+    })}`);
+    res.status(204).end();
+  }));
+
+  router.post("/users/:id/reset-password", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const password = req.body.password || "123456";
+    const result = services.authService.resetPassword(Number(req.params.id), password);
+    const users = services.portalService.listUsers("");
+    const target = users.find((item) => Number(item.id) === Number(req.params.id));
+    writeAuditLog(services, req, "重置用户密码", `重置用户密码：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.username
+    })}`);
+    res.json(result);
+  }));
+
+  router.get("/templates", asyncRoute(async (_req, res) => {
+    res.json(services.portalService.listTemplates());
+  }));
+
+  router.post("/templates", upload.single("artifact"), asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    if (!req.file) {
+      throw badRequest("请上传模板文件");
+    }
+    const result = await services.portalService.createTemplate({
+      templateName: req.body.template_name,
+      description: req.body.description || "",
+      file: req.file,
+      createdBy: req.currentUser.id
+    });
+    writeAuditLog(services, req, "上传模板", `上传模板：${formatAuditTarget({
+      id: result.id,
+      name: result.template_name
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.delete("/templates/:templateName", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const templates = services.portalService.listTemplates();
+    const target = templates.find((item) => item.template_name === req.params.templateName);
+    const result = await services.portalService.deleteTemplate(req.params.templateName);
+    writeAuditLog(services, req, "删除模板", `删除模板：${formatAuditTarget({
+      id: target?.id,
+      name: target?.template_name || req.params.templateName
+    })}`);
+    res.json(result);
+  }));
+
+  router.get("/skills", asyncRoute(async (_req, res) => {
+    res.json(services.portalService.listSkills());
+  }));
+
+  router.post("/skills", upload.single("artifact"), asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    if (!req.file) {
+      throw badRequest("请上传技能文件");
+    }
+    const payload = {
+      slug: req.body.slug,
+      description: req.body.description || ""
+    };
+    const result = await services.portalService.createSkill({
+      payload,
+      file: req.file || null,
+      createdBy: req.currentUser.id
+    });
+    writeAuditLog(services, req, "新增技能", `新增技能：${formatAuditTarget({
+      id: result.id,
+      name: result.slug
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.put("/skills/:id", upload.single("artifact"), asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    if (!req.file) {
+      throw badRequest("请上传技能文件");
+    }
+    const payload = {
+      description: req.body.description || ""
+    };
+    const result = await services.portalService.updateSkill(Number(req.params.id), {
+      payload,
+      file: req.file,
+      createdBy: req.currentUser.id
+    });
+    writeAuditLog(services, req, "编辑技能", `编辑技能：${formatAuditTarget({
+      id: result.id,
+      name: result.slug
+    })}`);
+    res.json(result);
+  }));
+
+  router.delete("/skills/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const skills = services.portalService.listSkills();
+    const target = skills.find((item) => Number(item.id) === Number(req.params.id));
+    const result = await services.portalService.deleteSkill(Number(req.params.id));
+    writeAuditLog(services, req, "删除技能", `删除技能：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.slug
+    })}`);
+    res.json(result);
+  }));
+
+  router.get("/agents", asyncRoute(async (_req, res) => {
+    res.json(await services.agentService.listAgents());
+  }));
+
+  router.get("/agents/by-slug/:slug", asyncRoute(async (req, res) => {
+    res.json(await services.agentService.getAgentBySlug(req.params.slug));
+  }));
+
+  router.post("/topics/admin/ping", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.topicPingService.pingAdmin();
+    writeAuditLog(
+      services,
+      req,
+      "探测管理主题",
+      `管理入站主题探测${result.ok ? "成功" : "失败"}，耗时 ${result.responseTimeMs} ms`
+    );
+    res.json(result);
+  }));
+
+  router.post("/agents/:slug/ping", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.topicPingService.pingAgent(req.params.slug);
+    writeAuditLog(
+      services,
+      req,
+      "探测数字员工主题",
+      `数字员工 ${req.params.slug} 入站主题探测${result.ok ? "成功" : "失败"}，耗时 ${result.responseTimeMs} ms`
+    );
+    res.json(result);
+  }));
+
+  router.get("/aios-users", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const limit = Math.max(1, Math.min(200, Number(req.query.limit) || 50));
+    const page = Math.max(1, Number(req.query.page) || 1);
+    const offset = (page - 1) * limit;
+    const query = req.query.q || "";
+    res.json({
+      items: services.agentService.listAiosUsersWithUsage(query, limit, offset),
+      total: services.agentService.countAiosUsers(query),
+      page,
+      pageSize: limit
+    });
+  }));
+
+  router.post("/aios-users", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.agentService.createAiosUser(req.body.username);
+    writeAuditLog(services, req, "新增AIOS用户", `新增AIOS用户：${result.username}`);
+    res.status(201).json(result);
+  }));
+
+  router.post("/aios-users/import", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.agentService.importAiosUsers(req.body.content);
+    writeAuditLog(services, req, "批量导入AIOS用户", `批量导入AIOS用户：${result.total} 条`);
+    res.json(result);
+  }));
+
+  router.delete("/aios-users/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.agentService.deleteAiosUser(Number(req.params.id));
+    writeAuditLog(services, req, "删除AIOS用户", `删除AIOS用户：${result.username}`);
+    res.json(result);
+  }));
+
+  router.post("/agents", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.agentService.createAgent(req.body);
+    writeAuditLog(services, req, "新增数字员工", `新增数字员工：${formatAuditTarget({
+      id: result.id,
+      name: result.slug
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.put("/agents/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const agents = await services.agentService.listAgents();
+    const current = agents.find((item) => Number(item.id) === Number(req.params.id));
+    const result = await services.agentService.updateAgent(Number(req.params.id), req.body);
+    const audit = buildAgentUpdateAudit(current, result, req.body);
+    writeAuditLog(services, req, audit.action, audit.detail);
+    res.json(result);
+  }));
+
+  router.delete("/agents/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const agents = await services.agentService.listAgents();
+    const target = agents.find((item) => Number(item.id) === Number(req.params.id));
+    const result = await services.agentService.deleteAgent(Number(req.params.id));
+    writeAuditLog(services, req, "删除数字员工", `删除数字员工：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.slug
+    })}`);
+    res.json(result);
+  }));
+
+  router.get("/systems", asyncRoute(async (_req, res) => {
+    res.json(services.systemService.listSystems());
+  }));
+
+  router.post("/systems", upload.single("ontology"), asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const payload = {
+      provider: req.body.provider,
+      application_name: req.body.application_name,
+      description: req.body.description,
+      scheme: req.body.scheme,
+      host: req.body.host,
+      port: req.body.port,
+      status: req.body.status
+    };
+    const result = await services.systemService.createSystem({
+      payload,
+      file: req.file || null,
+      createdBy: req.currentUser.id
+    });
+    writeAuditLog(services, req, "新增业务系统", `新增业务系统：${formatAuditTarget({
+      id: result.system?.id,
+      name: result.system?.application_name || payload.application_name
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.put("/systems/:id", upload.single("ontology"), asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.systemService.updateSystem(Number(req.params.id), {
+      payload: req.body,
+      file: req.file || null,
+      createdBy: req.currentUser.id
+    });
+    writeAuditLog(services, req, "编辑业务系统", `编辑业务系统：${formatAuditTarget({
+      id: result.system?.id || req.params.id,
+      name: result.system?.application_name
+    })}`);
+    res.json(result);
+  }));
+
+  router.post("/systems/:id/test", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const target = services.systemService.getSystemById(Number(req.params.id));
+    const result = await services.systemService.testConnectivity(Number(req.params.id));
+    writeAuditLog(services, req, "测试业务系统连通性", `测试业务系统：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.application_name
+    })}`);
+    res.json(result);
+  }));
+
+  router.post("/systems/:id/status", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.systemService.setSystemStatus(Number(req.params.id), req.body.status);
+    writeAuditLog(services, req, "切换业务系统状态", `业务系统 ID ${req.params.id} 状态切换为：${req.body.status}`);
+    res.json(result);
+  }));
+
+  router.delete("/systems/:id", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const target = services.systemService.getSystemById(Number(req.params.id));
+    const result = await services.systemService.deleteSystem(Number(req.params.id));
+    writeAuditLog(services, req, "删除业务系统", `删除业务系统：${formatAuditTarget({
+      id: req.params.id,
+      name: target?.application_name
+    })}`);
+    res.json(result);
+  }));
+
+  router.get("/systems/logs", asyncRoute(async (req, res) => {
+    res.json(services.systemService.listLogs({
+      applicationName: req.query.application_name || "",
+      agentSlug: req.query.agent_slug || ""
+    }));
+  }));
+
+  router.get("/systems/stats", asyncRoute(async (req, res) => {
+    res.json(services.systemService.listStats({
+      applicationName: req.query.application_name || "",
+      agentSlug: req.query.agent_slug || ""
+    }));
+  }));
+
+  router.get("/kernel/logs", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    res.json(services.portalService.listManagementRequests({
+      page: req.query.page || 1,
+      pageSize: req.query.pageSize || 50
+    }));
+  }));
+
+  router.get("/settings", asyncRoute(async (_req, res) => {
+    res.json(services.portalService.getSettings());
+  }));
+
+  router.put("/settings", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.portalService.updateSettings(req.body);
+    writeAuditLog(services, req, "保存系统设置", "更新了系统设置");
+    res.json(result);
+  }));
+
+  router.get("/settings/access-tokens", asyncRoute(async (_req, res) => {
+    res.json(services.portalService.listAccessTokens());
+  }));
+
+  router.post("/settings/access-tokens", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = services.portalService.createAccessToken();
+    writeAuditLog(services, req, "新增管理员令牌", `新增管理员令牌：${formatAuditTarget({
+      id: result.token,
+      name: req.currentUser.username
+    })}`);
+    res.status(201).json(result);
+  }));
+
+  router.delete("/settings/access-tokens/:token", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const token = decodeURIComponent(req.params.token || "");
+    const result = services.portalService.deleteAccessToken(token);
+    writeAuditLog(services, req, "删除管理员令牌", `删除管理员令牌：${formatAuditTarget({
+      id: token,
+      name: req.currentUser.username
+    })}`);
+    res.json(result);
+  }));
+
+  router.post("/settings/agent-sync", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.catalogSyncService.syncAgentsTask({ trigger: "manual" });
+    writeAuditLog(services, req, "同步数字员工", "手动触发数字员工同步");
+    res.json(result);
+  }));
+
+  router.post("/settings/skill-sync", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.catalogSyncService.syncSkillsTask({ trigger: "manual" });
+    writeAuditLog(services, req, "同步技能", "手动触发技能同步");
+    res.json(result);
+  }));
+
+  router.post("/settings/template-sync", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.catalogSyncService.syncTemplatesTask({ trigger: "manual" });
+    writeAuditLog(services, req, "同步模板", "手动触发模板同步");
+    res.json(result);
+  }));
+
+  router.post("/settings/system-sync", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.catalogSyncService.syncSystemsTask({ trigger: "manual" });
+    writeAuditLog(services, req, "同步业务系统", "手动触发业务系统同步");
+    res.json(result);
+  }));
+
+  router.post("/settings/usage-refresh", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.catalogSyncService.refreshAgentUsage({ trigger: "manual" });
+    writeAuditLog(services, req, "同步员工用量", "手动触发数字员工用量同步");
+    res.json(result);
+  }));
+
+  router.post("/settings/server-status", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.rpcClient.call("gateway.status", {});
+    writeAuditLog(services, req, "查询服务器状态", "手动触发 gateway.status");
+    res.json({ result });
+  }));
+
+  router.post("/settings/server-restart", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.rpcClient.call("gateway.restart", {});
+    writeAuditLog(services, req, "重启服务", "手动触发 gateway.restart");
+    res.json({ result });
+  }));
+
+  router.post("/settings/server-diagnostics", asyncRoute(async (req, res) => {
+    services.authService.assertAdmin(req.currentUser);
+    const result = await services.rpcClient.call("diagnostics.run", {}, 180000);
+    writeAuditLog(services, req, "服务器诊断", "手动触发 diagnostics.run");
+    res.json({ result });
+  }));
+
+  return router;
+}