auramaxx 0.0.1

package/server/routes/heartbeat.ts

@@ -0,0 +1,375 @@
+import { Router, Request, Response } from 'express';
+import type { Prisma, HumanAction, SyncState } from '@prisma/client';
+import { prisma } from '../lib/db';
+import {
+  createCredential,
+  listCredentials,
+  readCredentialSecrets,
+  updateCredential,
+} from '../lib/credentials';
+import { listVaults, DAILY_LOGS_VAULT_NAME, AGENT_VAULT_NAME } from '../lib/cold';
+import {
+  appendDiaryEntry,
+  countDiaryEntries,
+  formatDiaryEntry,
+  getDiaryCredentialName,
+  getLegacyDiaryCredentialName,
+  resolveDiaryDate,
+} from '../lib/diary';
+import { listTokensFromDb } from '../lib/sessions';
+import { getErrorMessage } from '../lib/error';
+import { requireWalletAuth } from '../middleware/auth';
+import { hasAnyPermission, buildPermissionDenied } from '../lib/permissions';
+import type { CredentialField } from '../types';
+import {
+  normalizeCredentialFieldsForType,
+  NOTE_CONTENT_KEY,
+} from '../../shared/credential-field-schema';
+
+const router = Router();
+
+type ParsedEventData = Record<string, unknown> | string;
+
+function parseSince(value: unknown): Date | null {
+  if (typeof value !== 'string' || !value.trim()) return null;
+  const numeric = Number(value);
+  const date = Number.isFinite(numeric) ? new Date(numeric) : new Date(value);
+  if (Number.isNaN(date.getTime())) return null;
+  return date;
+}
+
+function parseEventData(data: string): ParsedEventData {
+  try {
+    const parsed = JSON.parse(data) as unknown;
+    if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+      return parsed as Record<string, unknown>;
+    }
+    return data;
+  } catch {
+    return data;
+  }
+}
+
+/**
+ * Resolve the vault for diary entries with fallback chain:
+ *   1. daily-logs vault (dedicated diary storage)
+ *   2. agent vault (general agent storage)
+ *   3. primary vault (last resort)
+ */
+function resolveDiaryVaultId(explicitVaultId: unknown): string {
+  if (typeof explicitVaultId === 'string' && explicitVaultId.trim()) {
+    return explicitVaultId.trim();
+  }
+
+  try {
+    const vaults = listVaults();
+    const dailyLogsVault = vaults.find((vault) => vault.name === DAILY_LOGS_VAULT_NAME);
+    if (dailyLogsVault) return dailyLogsVault.id;
+    const agentVault = vaults.find((vault) => vault.name === AGENT_VAULT_NAME);
+    if (agentVault) return agentVault.id;
+    return 'primary';
+  } catch {
+    return 'primary';
+  }
+}
+
+function mergeDiaryTags(meta: Record<string, unknown>): string[] {
+  const existing = Array.isArray(meta.tags)
+    ? meta.tags.filter((tag): tag is string => typeof tag === 'string')
+    : [];
+  const merged = new Set([...existing, 'diary', 'heartbeat']);
+  return [...merged];
+}
+
+function formatUtcTime(timestampIso: string): string {
+  const date = new Date(timestampIso);
+  return date.toISOString().slice(11, 16);
+}
+
+function pluralize(word: string, count: number): string {
+  return `${word}${count === 1 ? '' : 's'}`;
+}
+
+function buildHumanActionHighlights(actions: HumanAction[]): string[] {
+  const highlights: string[] = [];
+  const pending = actions.filter((action) => action.status === 'pending');
+  const approved = actions.filter((action) => action.status === 'approved');
+  const rejected = actions.filter((action) => action.status === 'rejected');
+
+  highlights.push(
+    `${pending.length} pending ${pluralize('request', pending.length)} waiting`,
+    `${approved.length} approved ${pluralize('request', approved.length)} recently`,
+    `${rejected.length} rejected ${pluralize('request', rejected.length)} recently`,
+  );
+
+  const latestApproved = approved[0];
+  if (latestApproved) {
+    highlights.push(
+      `Human approved ${latestApproved.type} request #${latestApproved.id.slice(0, 8)}`,
+    );
+  }
+
+  const latestRejected = rejected[0];
+  if (latestRejected) {
+    highlights.push(
+      `Human rejected ${latestRejected.type} request #${latestRejected.id.slice(0, 8)}`,
+    );
+  }
+
+  return highlights;
+}
+
+function buildSyncHighlights(syncRows: SyncState[]): string[] {
+  const highlights: string[] = [];
+  for (const row of syncRows) {
+    if (row.lastError) {
+      highlights.push(`Sync issue on ${row.chain}: ${row.lastError}`);
+      continue;
+    }
+    if (row.lastSyncStatus !== 'ok' && row.lastSyncStatus !== 'idle') {
+      highlights.push(`Sync status on ${row.chain}: ${row.lastSyncStatus}`);
+    }
+  }
+  return highlights;
+}
+
+function buildCredentialEventHighlights(events: Array<{
+  type: string;
+  timestamp: string;
+  data: ParsedEventData;
+}>): string[] {
+  const highlights: string[] = [];
+
+  for (const event of events) {
+    if (!event.data || typeof event.data !== 'object' || Array.isArray(event.data)) {
+      continue;
+    }
+    const data = event.data as Record<string, unknown>;
+
+    if (event.type === 'secret:accessed') {
+      const agentId = typeof data.agentId === 'string' ? data.agentId : 'agent';
+      const credName = typeof data.credentialName === 'string' ? data.credentialName : 'secret';
+      const surface = typeof data.surface === 'string' ? data.surface : 'unknown';
+      const envVar = typeof data.envVar === 'string' ? ` into ${data.envVar}` : '';
+      const verb = surface === 'inject_secret' ? `injected "${credName}"${envVar}` : `read secret "${credName}"`;
+      highlights.push(
+        `Agent ${agentId} ${verb} at ${formatUtcTime(event.timestamp)} UTC`,
+      );
+    }
+
+    if (event.type === 'credential:accessed' && data.allowed === true) {
+      const agentId = typeof data.agentId === 'string' ? data.agentId : 'agent';
+      const credentialId = typeof data.credentialId === 'string' ? data.credentialId : 'credential';
+      highlights.push(
+        `Agent ${agentId} read credential ${credentialId} at ${formatUtcTime(event.timestamp)} UTC`,
+      );
+    }
+
+    if (event.type === 'credential:changed') {
+      const credentialId = typeof data.credentialId === 'string' ? data.credentialId : 'credential';
+      const change = typeof data.change === 'string' ? data.change.replaceAll('_', ' ') : 'updated';
+      highlights.push(`Credential ${credentialId} was ${change}`);
+    }
+
+    if (highlights.length >= 6) break;
+  }
+
+  return highlights;
+}
+
+function buildHeartbeatEndpoints() {
+  const today = new Date().toISOString().slice(0, 10);
+  return {
+    heartbeat: {
+      method: 'GET',
+      path: '/what_is_happening',
+      auth: 'none',
+      query: ['since', 'agentId', 'limit'],
+    },
+    diaryWrite: {
+      method: 'POST',
+      path: '/what_is_happening/diary',
+      auth: 'Bearer token with secret:write or admin:*',
+      body: {
+        entry: 'string (required)',
+        date: 'YYYY-MM-DD (optional, UTC today default)',
+        vaultId: 'string (optional, defaults to daily-logs vault, falls back to agent vault, then primary)',
+      },
+      noteNamePattern: '{YYYY-MM-DD}_LOGS',
+      todayExample: `${today}_LOGS`,
+    },
+  };
+}
+
+// POST /what_is_happening/diary - non-MCP diary writer for HTTP agents
+router.post('/diary', requireWalletAuth, async (req: Request, res: Response) => {
+  try {
+    if (!req.auth || !hasAnyPermission(req.auth.token.permissions, ['secret:write'])) {
+      res.status(403).json({ success: false, ...buildPermissionDenied('secret:write permission required', ['secret:write'], req.auth?.token.permissions) });
+      return;
+    }
+
+    const entry = typeof req.body?.entry === 'string' ? req.body.entry.trim() : '';
+    if (!entry) {
+      res.status(400).json({ success: false, error: 'entry is required' });
+      return;
+    }
+
+    const date = typeof req.body?.date === 'string' ? req.body.date : undefined;
+    const resolvedDate = resolveDiaryDate(date);
+    if (!resolvedDate) {
+      res.status(400).json({ success: false, error: 'date must be YYYY-MM-DD' });
+      return;
+    }
+
+    const vaultId = resolveDiaryVaultId(req.body?.vaultId);
+    const diaryName = getDiaryCredentialName(resolvedDate);
+    const legacyDiaryName = getLegacyDiaryCredentialName(resolvedDate);
+    const entryBlock = formatDiaryEntry(entry);
+
+    const candidates = listCredentials({ vaultId, type: 'note', query: resolvedDate });
+    const existing = candidates.find((credential) => credential.name === diaryName)
+      || candidates.find((credential) => credential.name === legacyDiaryName);
+
+    if (!existing) {
+      const created = createCredential(
+        vaultId,
+        'note',
+        diaryName,
+        { tags: ['diary', 'heartbeat'] },
+        [{ key: NOTE_CONTENT_KEY, value: entryBlock, type: 'secret', sensitive: true }],
+      );
+
+      res.json({
+        success: true,
+        date: resolvedDate,
+        name: diaryName,
+        entryCount: 1,
+        credentialId: created.id,
+        vaultId,
+      });
+      return;
+    }
+
+    const secrets = normalizeCredentialFieldsForType('note', readCredentialSecrets(existing.id));
+    const contentIndex = secrets.findIndex((field) => field.key === NOTE_CONTENT_KEY);
+    const currentText = contentIndex >= 0 ? secrets[contentIndex].value : '';
+    const nextText = appendDiaryEntry(currentText, entryBlock);
+
+    const contentField: CredentialField = { key: NOTE_CONTENT_KEY, value: nextText, type: 'secret', sensitive: true };
+    const nextSecrets = contentIndex >= 0
+      ? secrets.map((field, index) => (index === contentIndex ? contentField : field))
+      : [contentField, ...secrets];
+
+    const existingMeta = existing.meta && typeof existing.meta === 'object' && !Array.isArray(existing.meta)
+      ? existing.meta as Record<string, unknown>
+      : {};
+
+    const updated = updateCredential(existing.id, {
+      name: diaryName,
+      meta: {
+        ...existingMeta,
+        tags: mergeDiaryTags(existingMeta),
+      },
+      sensitiveFields: nextSecrets,
+    });
+
+    res.json({
+      success: true,
+      date: resolvedDate,
+      name: updated.name,
+      entryCount: countDiaryEntries(nextText),
+      credentialId: updated.id,
+      vaultId: updated.vaultId,
+    });
+  } catch (error) {
+    res.status(400).json({ success: false, error: getErrorMessage(error) });
+  }
+});
+
+// GET /what_is_happening - consolidated, no-auth status endpoint for heartbeat checks
+router.get('/', async (req: Request, res: Response) => {
+  try {
+    const agentId = typeof req.query.agentId === 'string' ? req.query.agentId.trim() : '';
+    const sinceQuery = req.query.since;
+    const since = sinceQuery !== undefined ? parseSince(sinceQuery) : null;
+    if (sinceQuery !== undefined && !since) {
+      res.status(400).json({ success: false, error: 'Invalid since timestamp' });
+      return;
+    }
+
+    const requestedLimit = Number.parseInt(String(req.query.limit ?? ''), 10);
+    const eventLimit = Number.isFinite(requestedLimit) && requestedLimit > 0
+      ? Math.min(requestedLimit, 50)
+      : 20;
+
+    const humanWhere: Prisma.HumanActionWhereInput = {
+      NOT: { type: 'strategy:message' },
+      ...(agentId ? { metadata: { contains: `"agentId":"${agentId}"` } } : {}),
+      ...(since ? { createdAt: { gte: since } } : {}),
+    };
+
+    const eventWhere: Prisma.EventWhereInput = {
+      ...(agentId ? { data: { contains: `"agentId":"${agentId}"` } } : {}),
+      ...(since ? { timestamp: { gte: since } } : {}),
+    };
+
+    const [humanActions, allTokens, eventsRaw, syncRows] = await Promise.all([
+      prisma.humanAction.findMany({
+        where: humanWhere,
+        orderBy: { createdAt: 'desc' },
+        take: 100,
+      }),
+      listTokensFromDb(),
+      prisma.event.findMany({
+        where: eventWhere,
+        orderBy: { timestamp: 'desc' },
+        take: eventLimit,
+      }),
+      prisma.syncState.findMany({
+        orderBy: { chain: 'asc' },
+      }),
+    ]);
+
+    const activeTokens = allTokens
+      .filter((token) => token.agentId !== 'admin' && token.isActive)
+      .filter((token) => !since || token.createdAt >= since.getTime());
+
+    const recentEvents = eventsRaw.map((event) => ({
+      id: event.id,
+      type: event.type,
+      source: event.source,
+      timestamp: event.timestamp.toISOString(),
+      data: parseEventData(event.data),
+    }));
+
+    const syncHealth = Object.fromEntries(
+      syncRows.map((row) => [row.chain, {
+        status: row.lastSyncStatus,
+        lastSync: row.lastSyncAt ? row.lastSyncAt.toISOString() : null,
+        lastBlock: row.lastBlock,
+        lastError: row.lastError,
+      }]),
+    );
+
+    const highlights = [
+      ...buildHumanActionHighlights(humanActions),
+      ...buildSyncHighlights(syncRows),
+      ...buildCredentialEventHighlights(recentEvents),
+    ].slice(0, 12);
+
+    res.json({
+      success: true,
+      humanActions,
+      activeTokens,
+      recentEvents,
+      syncHealth,
+      highlights,
+      endpoints: buildHeartbeatEndpoints(),
+    });
+  } catch (error) {
+    res.status(500).json({ success: false, error: getErrorMessage(error) });
+  }
+});
+
+export default router;