aios-management-web 0.1.0

package/server/src/db/index.js

@@ -0,0 +1,501 @@
+import fs from "node:fs";
+import path from "node:path";
+import { DatabaseSync } from "node:sqlite";
+import crypto from "node:crypto";
+
+import { loadEnv } from "../config/env.js";
+import { hashPassword } from "../utils/security.js";
+
+const env = loadEnv();
+const SCHEMA_VERSION = 1;
+const DEFAULT_ACCESS_TOKEN = "sk-1234567890qwertyuiop";
+const DEFAULT_PORTAL_NAME = "AIOS 管理控制台";
+const DEFAULT_BRAND_SUBTITLE = "Your Company Name";
+const DEFAULT_THEME_COLOR = "#07c160";
+const DEFAULT_ADMIN_USERNAME = "aios";
+const DEFAULT_ADMIN_DISPLAY_NAME = "AIOS 管理员";
+const DEFAULT_ADMIN_PASSWORD = "123456";
+
+if (!fs.existsSync(env.dataDir)) {
+  fs.mkdirSync(env.dataDir, { recursive: true });
+}
+
+const dbPath = path.join(env.dataDir, "management-console.db");
+const db = new DatabaseSync(dbPath);
+db.exec("PRAGMA foreign_keys = ON;");
+db.exec("PRAGMA journal_mode = WAL;");
+
+export function jsonStringify(value, fallback = []) {
+  return JSON.stringify(value ?? fallback);
+}
+
+export function jsonParse(value, fallback = []) {
+  if (!value) {
+    return fallback;
+  }
+
+  try {
+    return JSON.parse(value);
+  } catch {
+    return fallback;
+  }
+}
+
+export function withTransaction(fn) {
+  db.exec("BEGIN");
+  try {
+    const result = fn();
+    db.exec("COMMIT");
+    return result;
+  } catch (error) {
+    db.exec("ROLLBACK");
+    throw error;
+  }
+}
+
+const TRANSACTION_QUEUE = Symbol.for("aios.management.transactionQueue");
+
+export async function withSerializedTransaction(database, fn) {
+  const previous = database[TRANSACTION_QUEUE] || Promise.resolve();
+  let releaseCurrent;
+  const current = new Promise((resolve) => {
+    releaseCurrent = resolve;
+  });
+
+  database[TRANSACTION_QUEUE] = previous.catch(() => {}).then(() => current);
+  await previous.catch(() => {});
+
+  database.exec("BEGIN");
+  try {
+    const result = fn();
+    database.exec("COMMIT");
+    return result;
+  } catch (error) {
+    try {
+      database.exec("ROLLBACK");
+    } catch {
+      // Ignore rollback failures if SQLite already aborted the transaction.
+    }
+    throw error;
+  } finally {
+    releaseCurrent();
+  }
+}
+
+export function newAccessToken() {
+  return `sk-${crypto.randomBytes(18).toString("base64url")}`;
+}
+
+function currentSchemaVersion() {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS schema_meta (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    );
+  `);
+
+  const row = db.prepare("SELECT value FROM schema_meta WHERE key = 'schema_version'").get();
+  return row ? Number(row.value) : 0;
+}
+
+function setSchemaVersion(version) {
+  db.prepare(`
+    INSERT INTO schema_meta (key, value)
+    VALUES ('schema_version', ?)
+    ON CONFLICT(key) DO UPDATE SET value = excluded.value
+  `).run(String(version));
+}
+
+function quoteIdentifier(name) {
+  return `"${String(name).replaceAll("\"", "\"\"")}"`;
+}
+
+function resetSchema() {
+  const objects = db.prepare(`
+    SELECT type, name
+    FROM sqlite_master
+    WHERE name NOT LIKE 'sqlite_%'
+      AND name <> 'schema_meta'
+      AND type IN ('table', 'view')
+    ORDER BY CASE WHEN type = 'view' THEN 0 ELSE 1 END, name
+  `).all();
+
+  for (const object of objects) {
+    db.exec(`DROP ${object.type.toUpperCase()} IF EXISTS ${quoteIdentifier(object.name)};`);
+  }
+}
+
+function createStateTable(name) {
+  return `
+    CREATE TABLE ${name} (
+      id INTEGER PRIMARY KEY CHECK (id = 1),
+      status TEXT NOT NULL DEFAULT 'idle',
+      trigger_source TEXT,
+      started_at TEXT,
+      finished_at TEXT,
+      last_success_at TEXT,
+      error_message TEXT,
+      summary_json TEXT NOT NULL DEFAULT '{}',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+  `;
+}
+
+function createSchema() {
+  db.exec(`
+    CREATE TABLE settings (
+      id INTEGER PRIMARY KEY CHECK (id = 1),
+      portal_name TEXT NOT NULL,
+      brand_subtitle TEXT NOT NULL,
+      theme_color TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE access_tokens (
+      token TEXT PRIMARY KEY,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    ${createStateTable("usage_refresh_state")}
+    ${createStateTable("agent_sync_state")}
+    ${createStateTable("skill_sync_state")}
+    ${createStateTable("template_sync_state")}
+    ${createStateTable("system_sync_state")}
+
+    CREATE TABLE users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      role TEXT NOT NULL CHECK (role IN ('aios-admin')),
+      username TEXT NOT NULL UNIQUE,
+      display_name TEXT NOT NULL,
+      status TEXT NOT NULL CHECK (status IN ('active', 'disabled')),
+      password_hash TEXT NOT NULL DEFAULT '',
+      must_change_password INTEGER NOT NULL DEFAULT 0,
+      is_builtin INTEGER NOT NULL DEFAULT 0,
+      tags_json TEXT NOT NULL DEFAULT '[]',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE sessions (
+      token TEXT PRIMARY KEY,
+      user_id INTEGER NOT NULL,
+      expires_at TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE aios_users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      username TEXT NOT NULL UNIQUE,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE agents (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      slug TEXT NOT NULL UNIQUE,
+      agent_name TEXT NOT NULL,
+      description TEXT NOT NULL,
+      docs_content TEXT NOT NULL DEFAULT '',
+      template_name TEXT NOT NULL DEFAULT 'default',
+      status TEXT NOT NULL CHECK (status IN ('normal', 'disabled', 'overlimit')),
+      tags_json TEXT NOT NULL DEFAULT '[]',
+      daily_limit INTEGER NOT NULL,
+      usage_snapshot_json TEXT NOT NULL DEFAULT '{}',
+      remote_state_json TEXT NOT NULL DEFAULT '{}',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL
+    );
+
+    CREATE TABLE external_sessions (
+      session_id TEXT PRIMARY KEY,
+      aios_user_id INTEGER NOT NULL,
+      agent_id INTEGER NOT NULL,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      UNIQUE (aios_user_id, agent_id),
+      FOREIGN KEY (aios_user_id) REFERENCES aios_users(id) ON DELETE CASCADE,
+      FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE external_session_cookies (
+      session_id TEXT NOT NULL,
+      provider TEXT NOT NULL CHECK (provider IN ('hzg', 'phx')),
+      cookie TEXT NOT NULL CHECK (length(cookie) <= 16384),
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      PRIMARY KEY (session_id, provider),
+      FOREIGN KEY (session_id) REFERENCES external_sessions(session_id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE artifacts (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      kind TEXT NOT NULL,
+      bucket TEXT NOT NULL,
+      object_key TEXT NOT NULL,
+      original_name TEXT NOT NULL,
+      mime_type TEXT NOT NULL,
+      byte_size INTEGER NOT NULL,
+      created_by INTEGER,
+      created_at TEXT NOT NULL,
+      FOREIGN KEY (created_by) REFERENCES users(id) ON DELETE SET NULL
+    );
+
+    CREATE TABLE agent_templates (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      template_name TEXT NOT NULL UNIQUE,
+      description TEXT NOT NULL,
+      artifact_id INTEGER NOT NULL,
+      remote_status TEXT NOT NULL DEFAULT 'pending',
+      remote_result_json TEXT,
+      is_builtin INTEGER NOT NULL DEFAULT 0,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      FOREIGN KEY (artifact_id) REFERENCES artifacts(id) ON DELETE RESTRICT
+    );
+
+    CREATE TABLE skills (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      slug TEXT NOT NULL UNIQUE,
+      description TEXT NOT NULL,
+      artifact_id INTEGER,
+      remote_status TEXT NOT NULL DEFAULT 'cataloged',
+      is_builtin INTEGER NOT NULL DEFAULT 0,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      FOREIGN KEY (artifact_id) REFERENCES artifacts(id) ON DELETE SET NULL
+    );
+
+    CREATE TABLE agent_permissions (
+      agent_id INTEGER NOT NULL,
+      aios_user_id INTEGER NOT NULL,
+      PRIMARY KEY (agent_id, aios_user_id),
+      FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE CASCADE,
+      FOREIGN KEY (aios_user_id) REFERENCES aios_users(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE agent_skill_bindings (
+      agent_id INTEGER NOT NULL,
+      skill_id INTEGER NOT NULL,
+      PRIMARY KEY (agent_id, skill_id),
+      FOREIGN KEY (agent_id) REFERENCES agents(id) ON DELETE CASCADE,
+      FOREIGN KEY (skill_id) REFERENCES skills(id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE business_systems (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      provider TEXT NOT NULL CHECK (provider IN ('hzg', 'phx')),
+      application_name TEXT NOT NULL UNIQUE,
+      description TEXT NOT NULL,
+      ontology_artifact_id INTEGER,
+      scheme TEXT NOT NULL CHECK (scheme IN ('http', 'https')),
+      host TEXT NOT NULL,
+      port INTEGER NOT NULL,
+      status TEXT NOT NULL CHECK (status IN ('active', 'disabled')),
+      last_connectivity_test_status TEXT NOT NULL DEFAULT 'unknown',
+      last_connectivity_test_result_json TEXT NOT NULL DEFAULT '{}',
+      is_builtin INTEGER NOT NULL DEFAULT 0,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      FOREIGN KEY (ontology_artifact_id) REFERENCES artifacts(id) ON DELETE SET NULL
+    );
+
+    CREATE TABLE audit_logs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      user_id INTEGER,
+      username TEXT NOT NULL,
+      action TEXT NOT NULL,
+      detail TEXT NOT NULL,
+      created_at TEXT NOT NULL,
+      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL
+    );
+
+    CREATE TABLE system_invocation_logs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      trace_id TEXT NOT NULL UNIQUE,
+      agent_slug TEXT,
+      session_id TEXT,
+      provider TEXT NOT NULL,
+      application_name TEXT NOT NULL,
+      command_name TEXT NOT NULL,
+      request_payload_json TEXT NOT NULL,
+      response_payload_json TEXT NOT NULL,
+      response_time_ms INTEGER NOT NULL,
+      success INTEGER NOT NULL,
+      error_message TEXT,
+      created_at TEXT NOT NULL
+    );
+
+    CREATE INDEX idx_system_invocation_logs_session_id
+      ON system_invocation_logs(session_id);
+
+    CREATE TABLE management_requests (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      request_id TEXT NOT NULL UNIQUE,
+      action TEXT NOT NULL,
+      params_json TEXT NOT NULL,
+      ok INTEGER,
+      result_json TEXT,
+      error_json TEXT,
+      created_at TEXT NOT NULL,
+      completed_at TEXT
+    );
+  `);
+}
+
+function seedStateRow(tableName, now) {
+  db.prepare(`
+    INSERT INTO ${tableName} (
+      id, status, trigger_source, started_at, finished_at, last_success_at,
+      error_message, summary_json, created_at, updated_at
+    ) VALUES (1, 'idle', NULL, NULL, NULL, NULL, NULL, '{}', ?, ?)
+  `).run(now, now);
+}
+
+function seed() {
+  const now = new Date().toISOString();
+
+  db.prepare(`
+    INSERT INTO settings (
+      id, portal_name, brand_subtitle, theme_color, created_at, updated_at
+    ) VALUES (1, ?, ?, ?, ?, ?)
+  `).run(
+    DEFAULT_PORTAL_NAME,
+    DEFAULT_BRAND_SUBTITLE,
+    DEFAULT_THEME_COLOR,
+    now,
+    now
+  );
+
+  db.prepare(`
+    INSERT INTO access_tokens (
+      token, created_at, updated_at
+    ) VALUES (?, ?, ?)
+  `).run(DEFAULT_ACCESS_TOKEN, now, now);
+
+  for (const tableName of [
+    "usage_refresh_state",
+    "agent_sync_state",
+    "skill_sync_state",
+    "template_sync_state",
+    "system_sync_state"
+  ]) {
+    seedStateRow(tableName, now);
+  }
+
+  db.prepare(`
+    INSERT INTO users (
+      role, username, display_name, status, password_hash,
+      must_change_password, is_builtin, tags_json, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    "aios-admin",
+    DEFAULT_ADMIN_USERNAME,
+    DEFAULT_ADMIN_DISPLAY_NAME,
+    "active",
+    hashPassword(DEFAULT_ADMIN_PASSWORD),
+    1,
+    1,
+    jsonStringify(["builtin", "ops"]),
+    now,
+    now
+  );
+}
+
+function ensureCoreRows() {
+  const now = new Date().toISOString();
+
+  db.prepare(`
+    INSERT INTO settings (
+      id, portal_name, brand_subtitle, theme_color, created_at, updated_at
+    ) VALUES (1, ?, ?, ?, ?, ?)
+    ON CONFLICT(id) DO NOTHING
+  `).run(
+    DEFAULT_PORTAL_NAME,
+    DEFAULT_BRAND_SUBTITLE,
+    DEFAULT_THEME_COLOR,
+    now,
+    now
+  );
+
+  const accessTokenCount = Number(
+    db.prepare("SELECT COUNT(*) AS count FROM access_tokens").get()?.count || 0
+  );
+  if (accessTokenCount === 0) {
+    db.prepare(`
+      INSERT INTO access_tokens (
+        token, created_at, updated_at
+      ) VALUES (?, ?, ?)
+    `).run(DEFAULT_ACCESS_TOKEN, now, now);
+  }
+
+  for (const tableName of [
+    "usage_refresh_state",
+    "agent_sync_state",
+    "skill_sync_state",
+    "template_sync_state",
+    "system_sync_state"
+  ]) {
+    db.prepare(`
+      INSERT INTO ${tableName} (
+        id, status, trigger_source, started_at, finished_at, last_success_at,
+        error_message, summary_json, created_at, updated_at
+      ) VALUES (1, 'idle', NULL, NULL, NULL, NULL, NULL, '{}', ?, ?)
+      ON CONFLICT(id) DO NOTHING
+    `).run(now, now);
+  }
+
+  db.prepare(`
+    INSERT INTO users (
+      role, username, display_name, status, password_hash,
+      must_change_password, is_builtin, tags_json, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    ON CONFLICT(username) DO UPDATE SET
+      role = 'aios-admin',
+      display_name = COALESCE(NULLIF(users.display_name, ''), excluded.display_name),
+      status = 'active',
+      is_builtin = 1,
+      updated_at = excluded.updated_at
+  `).run(
+    "aios-admin",
+    DEFAULT_ADMIN_USERNAME,
+    DEFAULT_ADMIN_DISPLAY_NAME,
+    "active",
+    hashPassword(DEFAULT_ADMIN_PASSWORD),
+    1,
+    1,
+    jsonStringify(["builtin", "ops"]),
+    now,
+    now
+  );
+}
+
+function migrate() {
+  const version = currentSchemaVersion();
+
+  if (version !== SCHEMA_VERSION) {
+    db.exec("PRAGMA foreign_keys = OFF;");
+    db.exec("BEGIN");
+    try {
+      resetSchema();
+      createSchema();
+      seed();
+      setSchemaVersion(SCHEMA_VERSION);
+      db.exec("COMMIT");
+    } catch (error) {
+      db.exec("ROLLBACK");
+      throw error;
+    } finally {
+      db.exec("PRAGMA foreign_keys = ON;");
+    }
+  }
+
+  ensureCoreRows();
+}
+
+migrate();
+
+export { db, dbPath };

package/server/src/infra/mqtt/management-rpc-client.js

@@ -0,0 +1,213 @@
+import { randomUUID } from "node:crypto";
+import { EventEmitter } from "node:events";
+
+import mqtt from "mqtt";
+
+import { serviceUnavailable } from "../../utils/errors.js";
+
+export class ManagementRpcClient extends EventEmitter {
+  constructor({ env, db, mqttFactory = mqtt }) {
+    super();
+    this.env = env;
+    this.db = db;
+    this.mqttFactory = mqttFactory;
+    this.client = null;
+    this.pending = new Map();
+  }
+
+  isConfigured() {
+    return Boolean(
+      this.env.mqtt.brokerUrl &&
+        this.env.mqtt.adminInboundTopic &&
+        this.env.mqtt.adminOutboundTopic
+    );
+  }
+
+  async start() {
+    if (!this.isConfigured()) {
+      return;
+    }
+
+    if (this.client) {
+      return;
+    }
+
+    const connect = this.mqttFactory.connect || this.mqttFactory;
+    this.client = connect(this.env.mqtt.brokerUrl, {
+      clientId: `aios-web-admin-${randomUUID().slice(0, 8)}`,
+      username: this.env.mqtt.username || undefined,
+      password: this.env.mqtt.password || undefined,
+      clean: true,
+      reconnectPeriod: 2000
+    });
+
+    await new Promise((resolve, reject) => {
+      const cleanup = () => {
+        this.client?.off("connect", onConnect);
+        this.client?.off("error", onError);
+      };
+
+      const onConnect = () => {
+        cleanup();
+        resolve();
+      };
+
+      const onError = (error) => {
+        cleanup();
+        reject(error);
+      };
+
+      this.client.once("connect", onConnect);
+      this.client.once("error", onError);
+    });
+
+    await new Promise((resolve, reject) => {
+      this.client.subscribe(this.env.mqtt.adminOutboundTopic, { qos: 1 }, (error) => {
+        if (error) {
+          reject(error);
+          return;
+        }
+
+        resolve();
+      });
+    });
+
+    this.client.on("message", (_topic, payload) => {
+      try {
+        const message = JSON.parse(payload.toString("utf8"));
+        this.emit("outbound_raw_message", message);
+        if (!message?.requestId) {
+          return;
+        }
+
+        const pending = this.pending.get(message.requestId);
+        if (!pending) {
+          return;
+        }
+
+        clearTimeout(pending.timer);
+        this.pending.delete(message.requestId);
+        this.emit("outbound_message", {
+          ...message,
+          request: {
+            action: pending.action,
+            params: pending.params
+          }
+        });
+        this.finishLog(message);
+        if (message.ok) {
+          pending.resolve(message.result);
+          return;
+        }
+
+        pending.reject(
+          serviceUnavailable(message.error?.message || "Management CLI returned an error", message.error)
+        );
+      } catch (error) {
+        console.error("Failed to process management response", error);
+      }
+    });
+  }
+
+  async stop() {
+    if (!this.client) {
+      return;
+    }
+
+    for (const [requestId, pending] of this.pending.entries()) {
+      clearTimeout(pending.timer);
+      this.failLog(requestId, { message: "管理 RPC 客户端已停止" });
+      pending.reject(serviceUnavailable("管理 RPC 客户端已停止"));
+    }
+    this.pending.clear();
+
+    await new Promise((resolve) => {
+      this.client.end(false, {}, () => resolve());
+    });
+    this.client = null;
+  }
+
+  recordRequest(requestId, action, params) {
+    this.db.prepare(`
+      INSERT INTO management_requests (
+        request_id, action, params_json, created_at
+      ) VALUES (?, ?, ?, ?)
+    `).run(requestId, action, JSON.stringify(params ?? {}), new Date().toISOString());
+  }
+
+  finishLog(response) {
+    this.db.prepare(`
+      UPDATE management_requests
+      SET ok = ?, result_json = ?, error_json = ?, completed_at = ?
+      WHERE request_id = ?
+    `).run(
+      response.ok ? 1 : 0,
+      response.result === undefined ? null : JSON.stringify(response.result),
+      response.error === undefined ? null : JSON.stringify(response.error),
+      new Date().toISOString(),
+      response.requestId
+    );
+  }
+
+  failLog(requestId, error) {
+    this.db.prepare(`
+      UPDATE management_requests
+      SET ok = 0, error_json = ?, completed_at = ?
+      WHERE request_id = ?
+    `).run(
+      JSON.stringify(error ?? { message: "Management RPC failed" }),
+      new Date().toISOString(),
+      requestId
+    );
+  }
+
+  async call(action, params = {}, timeoutMs = this.env.managementTimeoutMs || 120000) {
+    if (!this.client || !this.isConfigured()) {
+      throw serviceUnavailable("管理端 MQTT 桥接未配置");
+    }
+
+    const requestId = randomUUID();
+    const message = {
+      requestId,
+      action,
+      params
+    };
+
+    this.recordRequest(requestId, action, params);
+
+    const resultPromise = new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        this.pending.delete(requestId);
+        this.failLog(requestId, { message: `管理动作超时：${action}`, timeout: true, action });
+        reject(serviceUnavailable(`管理动作超时：${action}`, { timeout: true, action }));
+      }, timeoutMs);
+
+      this.pending.set(requestId, { resolve, reject, timer, action, params });
+    });
+    resultPromise.catch(() => {});
+
+    await new Promise((resolve, reject) => {
+      this.client.publish(
+        this.env.mqtt.adminInboundTopic,
+        JSON.stringify(message),
+        { qos: 1, retain: false },
+        (error) => {
+          if (error) {
+            const pending = this.pending.get(requestId);
+            if (pending) {
+              clearTimeout(pending.timer);
+              this.pending.delete(requestId);
+            }
+            this.failLog(requestId, { message: error.message || "管理请求发布失败" });
+            reject(serviceUnavailable("发布管理请求失败", error));
+            return;
+          }
+
+          resolve();
+        }
+      );
+    });
+
+    return resultPromise;
+  }
+}