daemora 1.0.5 → 1.0.7

package/src/index.js

@@ -1,7 +1,8 @@
 import express from "express";
-import { mkdirSync, existsSync } from "fs";
+import { mkdirSync, existsSync, readFileSync, writeFileSync, readdirSync, unlinkSync } from "fs";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
+import { randomBytes } from "crypto";
 import { toolFunctions } from "./tools/index.js";
 import { getSession, listSessions, createSession, clearSession } from "./services/sessions.js";
 import { config } from "./config/default.js";
@@ -54,9 +55,8 @@ if (config.cleanupAfterDays > 0) {
   }
 }
 
-// Initialize task system
+// Initialize task system (TaskRunner starts after full init — see startup sequence below)
 taskQueue.init();
-taskRunner.start();
 supervisor.start();
 auditLog.start();
 scheduler.start();
@@ -82,9 +82,20 @@ if (process.env.OPENAI_COMPAT_ENABLED === "true") {
 }
 
 // --- Security middleware ---
+
+// Security headers on all responses
+app.use((req, res, next) => {
+  res.setHeader("X-Content-Type-Options", "nosniff");
+  res.setHeader("X-Frame-Options", "DENY");
+  res.setHeader("X-XSS-Protection", "1; mode=block");
+  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+  res.setHeader("Permissions-Policy", "camera=(), microphone=(), geolocation=()");
+  next();
+});
+
+// Localhost-only: reject non-local IP addresses
 const localOnly = (req, res, next) => {
   const remoteAddress = req.socket.remoteAddress;
-  // Support both IPv4 and IPv6 localhost
   if (remoteAddress === "127.0.0.1" || remoteAddress === "::ffff:127.0.0.1" || remoteAddress === "::1") {
     next();
   } else {
@@ -93,13 +104,86 @@ const localOnly = (req, res, next) => {
   }
 };
 
-// Apply local-only security to all API routes
+// Origin validation: block DNS rebinding and cross-origin browser attacks.
+// Browsers always send Origin on cross-origin requests. A malicious page on
+// evil.com making fetch("http://localhost:8081/api/...") will have Origin: https://evil.com
+// which we reject. Same-origin requests from our UI have no Origin or matching localhost.
+const originGuard = (req, res, next) => {
+  const origin = req.headers.origin;
+  if (!origin) return next(); // Same-origin requests (no Origin header) — safe
+
+  // Allow only our own localhost origins
+  const allowedOrigins = [
+    `http://localhost:${config.port}`,
+    `http://127.0.0.1:${config.port}`,
+    `http://[::1]:${config.port}`,
+  ];
+  // Also allow Vite dev server (common dev ports)
+  for (const devPort of [5173, 5174, 3000, 3001]) {
+    allowedOrigins.push(`http://localhost:${devPort}`);
+    allowedOrigins.push(`http://127.0.0.1:${devPort}`);
+  }
+
+  if (allowedOrigins.includes(origin)) {
+    res.setHeader("Access-Control-Allow-Origin", origin);
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    if (req.method === "OPTIONS") return res.sendStatus(204);
+    return next();
+  }
+
+  console.warn(`[Security] Blocked cross-origin request from ${origin}`);
+  res.status(403).json({ error: "Cross-origin request blocked." });
+};
+
+// --- API Token auth ---
+// Auto-generated on first start, stored on disk. Required for all /api/* requests.
+// The UI receives the token via server-injected <meta> tag (no login needed).
+// Other local tools (curl, scripts) read it from data/auth-token or pass via header.
+const AUTH_TOKEN_PATH = join(config.dataDir, "auth-token");
+
+function getOrCreateAuthToken() {
+  if (existsSync(AUTH_TOKEN_PATH)) {
+    const token = readFileSync(AUTH_TOKEN_PATH, "utf-8").trim();
+    if (token.length >= 32) return token;
+  }
+  const token = randomBytes(32).toString("hex");
+  mkdirSync(dirname(AUTH_TOKEN_PATH), { recursive: true });
+  writeFileSync(AUTH_TOKEN_PATH, token, { mode: 0o600 });
+  console.log("[Security] Generated new API auth token");
+  return token;
+}
+
+const API_TOKEN = getOrCreateAuthToken();
+
+const tokenAuth = (req, res, next) => {
+  // Health endpoint is public (monitoring/readiness probes)
+  if (req.path === "/api/health") return next();
+
+  // Check Authorization: Bearer <token> header
+  const authHeader = req.headers.authorization;
+  if (authHeader === `Bearer ${API_TOKEN}`) return next();
+
+  // Check X-Auth-Token header (simpler for scripts/curl)
+  if (req.headers["x-auth-token"] === API_TOKEN) return next();
+
+  // Check ?token= query param (for SSE/EventSource which can't set headers)
+  if (req.query.token === API_TOKEN) return next();
+
+  console.warn(`[Security] Rejected unauthenticated request: ${req.method} ${req.path}`);
+  res.status(401).json({ error: "Authentication required. Include Authorization: Bearer <token> header." });
+};
+
+// Apply security to all API routes: IP check → origin check → token auth
 app.use("/api", localOnly);
+app.use("/api", originGuard);
+app.use("/api", tokenAuth);
 
 // --- Health check ---
 app.get("/api/health", (req, res) => {
   res.json({
-    status: "ok",
+    status: _serverReady ? "ok" : "starting",
+    ready: _serverReady,
     uptime: process.uptime(),
     timestamp: new Date().toISOString(),
     tools: Object.keys(toolFunctions).length,
@@ -502,10 +586,29 @@ app.get("/api/audit", (req, res) => {
 app.get("/api/mcp", (req, res) => {
   const cfg = mcpManager.readConfig().mcpServers || {};
   const live = mcpManager.list();
+  const isPlaceholder = (v) => !v || v.startsWith("YOUR_") || v === "" || v.startsWith("${");
+  // Detect placeholder patterns in command args (e.g. connection strings, paths with dummy values)
+  const isArgPlaceholder = (v) => {
+    if (typeof v !== "string") return false;
+    return /user:pass@/i.test(v) || /\/Users\/you\//i.test(v) || /YOUR_/i.test(v)
+      || /your-.*-here/i.test(v) || /example\.com/i.test(v) || /changeme/i.test(v)
+      || /placeholder/i.test(v) || /xxx/i.test(v);
+  };
   const servers = Object.entries(cfg)
     .filter(([k]) => !k.startsWith("_comment"))
     .map(([name, serverCfg]) => {
       const liveEntry = live.find(s => s.name === name);
+      // Check if any env/header values are unconfigured placeholders
+      const envEntries = serverCfg.env ? Object.entries(serverCfg.env) : [];
+      const headerEntries = serverCfg.headers ? Object.entries(serverCfg.headers) : [];
+      // Also check args for placeholder patterns
+      const args = serverCfg.args || [];
+      const placeholderArgs = args
+        .map((v, i) => isArgPlaceholder(v) ? { index: i, value: v } : null)
+        .filter(Boolean);
+      const needsConfig = envEntries.some(([, v]) => isPlaceholder(v))
+        || headerEntries.some(([, v]) => isPlaceholder(v))
+        || placeholderArgs.length > 0;
       return {
         name,
         enabled: serverCfg.enabled !== false,
@@ -517,6 +620,8 @@ app.get("/api/mcp", (req, res) => {
         description: serverCfg.description || null,
         envKeys: serverCfg.env ? Object.keys(serverCfg.env) : [],
         headerKeys: serverCfg.headers ? Object.keys(serverCfg.headers) : [],
+        placeholderArgs,
+        needsConfig,
       };
     });
   res.json({ servers });
@@ -551,6 +656,39 @@ app.delete("/api/mcp/:name", async (req, res) => {
   }
 });
 
+// Update MCP server credentials (env vars or headers)
+app.patch("/api/mcp/:name", async (req, res) => {
+  const { name } = req.params;
+  const { env, headers: hdrs, args: argUpdates } = req.body;
+  try {
+    const mcpConfig = mcpManager.readConfig();
+    const serverCfg = mcpConfig.mcpServers?.[name];
+    if (!serverCfg) return res.status(404).json({ error: `Server "${name}" not found` });
+
+    if (env && typeof env === "object") {
+      serverCfg.env = { ...(serverCfg.env || {}), ...env };
+    }
+    if (hdrs && typeof hdrs === "object") {
+      serverCfg.headers = { ...(serverCfg.headers || {}), ...hdrs };
+    }
+    // Support updating specific args by index (e.g. connection strings)
+    if (argUpdates && typeof argUpdates === "object") {
+      if (!serverCfg.args) serverCfg.args = [];
+      for (const [indexStr, value] of Object.entries(argUpdates)) {
+        const idx = parseInt(indexStr, 10);
+        if (!isNaN(idx) && idx >= 0 && idx < serverCfg.args.length) {
+          serverCfg.args[idx] = value;
+        }
+      }
+    }
+    mcpConfig.mcpServers[name] = serverCfg;
+    mcpManager.writeConfig(mcpConfig);
+    res.json({ message: `Credentials updated for "${name}"` });
+  } catch (err) {
+    res.status(400).json({ error: err.message });
+  }
+});
+
 // Enable / disable / reload an MCP server
 app.post("/api/mcp/:name/:action", async (req, res) => {
   const { name, action } = req.params;
@@ -694,6 +832,189 @@ app.post("/api/approvals/:id", (req, res) => {
   res.json({ message: `Approval ${req.params.id} → ${decision}` });
 });
 
+// --- Settings endpoint (read/write .env vars) ---
+app.get("/api/settings", (req, res) => {
+  const envPath = join(__dirname, "..", ".env");
+  const examplePath = join(__dirname, "..", ".env.example");
+
+  // Parse current .env
+  const envVars = {};
+  if (existsSync(envPath)) {
+    const lines = readFileSync(envPath, "utf-8").split("\n");
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx === -1) continue;
+      const key = trimmed.slice(0, eqIdx).trim();
+      const val = trimmed.slice(eqIdx + 1).trim();
+      envVars[key] = val;
+    }
+  }
+
+  // Parse .env.example for available vars with sections
+  const available = [];
+  if (existsSync(examplePath)) {
+    const lines = readFileSync(examplePath, "utf-8").split("\n");
+    let section = "General";
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (trimmed.startsWith("# ===")) {
+        section = trimmed.replace(/^# =+\s*/, "").replace(/\s*=+$/, "");
+        continue;
+      }
+      if (!trimmed || trimmed.startsWith("#")) continue;
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx === -1) continue;
+      const key = trimmed.slice(0, eqIdx).trim();
+      available.push({ key, section });
+    }
+  }
+
+  // Mask values for security
+  const masked = {};
+  for (const [key, val] of Object.entries(envVars)) {
+    if (!val) { masked[key] = ""; continue; }
+    masked[key] = val.length <= 4 ? "****" : val.slice(0, 4) + "*".repeat(Math.min(val.length - 4, 20));
+  }
+
+  res.json({ vars: masked, available });
+});
+
+app.put("/api/settings", (req, res) => {
+  const { updates } = req.body; // { KEY: "value", KEY2: "value2" }
+  if (!updates || typeof updates !== "object") {
+    return res.status(400).json({ error: "updates object is required" });
+  }
+
+  const envPath = join(__dirname, "..", ".env");
+  let content = existsSync(envPath) ? readFileSync(envPath, "utf-8") : "";
+
+  for (const [key, value] of Object.entries(updates)) {
+    // Validate key format (alphanumeric + underscore only)
+    if (!/^[A-Z][A-Z0-9_]*$/.test(key)) continue;
+    const regex = new RegExp(`^${key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}=.*$`, "m");
+    if (regex.test(content)) {
+      content = content.replace(regex, `${key}=${value}`);
+    } else {
+      content = content.trimEnd() + `\n${key}=${value}\n`;
+    }
+    // Also update process.env so changes take effect without restart
+    process.env[key] = value;
+  }
+
+  writeFileSync(envPath, content, "utf-8");
+
+  res.json({ message: `Updated ${Object.keys(updates).length} variable(s)`, updated: Object.keys(updates) });
+});
+
+// --- User Profile endpoints ---
+app.get("/api/profile", (req, res) => {
+  const profilePath = join(config.dataDir, "user-profile.json");
+  if (!existsSync(profilePath)) return res.json({});
+  try {
+    const profile = JSON.parse(readFileSync(profilePath, "utf-8"));
+    res.json(profile);
+  } catch {
+    res.json({});
+  }
+});
+
+app.put("/api/profile", (req, res) => {
+  const { name, personality, tone, instructions, subAgentModel } = req.body;
+  const profilePath = join(config.dataDir, "user-profile.json");
+  const profile = { name: name || "", personality: personality || "", tone: tone || "", instructions: instructions || "", subAgentModel: subAgentModel || "" };
+  mkdirSync(dirname(profilePath), { recursive: true });
+  writeFileSync(profilePath, JSON.stringify(profile, null, 2), "utf-8");
+  // Apply sub-agent model to runtime so it takes effect immediately
+  if (subAgentModel) {
+    process.env.SUB_AGENT_MODEL = subAgentModel;
+  } else {
+    delete process.env.SUB_AGENT_MODEL;
+  }
+  res.json({ message: "Profile saved", profile });
+});
+
+// --- Custom Skills endpoints ---
+app.get("/api/skills/custom", (req, res) => {
+  const customDir = join(config.skillsDir, "custom");
+  if (!existsSync(customDir)) return res.json({ skills: [] });
+  const files = [];
+  try {
+    const entries = readdirSync(customDir);
+    for (const f of entries) {
+      if (!f.endsWith(".md")) continue;
+      const content = readFileSync(join(customDir, f), "utf-8");
+      // Parse frontmatter
+      const fmMatch = content.match(/^---\n([\s\S]*?)\n---\n?([\s\S]*)$/);
+      const meta = {};
+      if (fmMatch) {
+        for (const line of fmMatch[1].split("\n")) {
+          const idx = line.indexOf(":");
+          if (idx > 0) meta[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
+        }
+      }
+      files.push({
+        name: meta.name || f.replace(".md", ""),
+        description: meta.description || "",
+        triggers: meta.triggers || "",
+        filename: f,
+        content: fmMatch ? fmMatch[2].trim() : content,
+      });
+    }
+  } catch { /* ignore */ }
+  res.json({ skills: files });
+});
+
+app.post("/api/skills/custom", (req, res) => {
+  const { name, description, triggers, content } = req.body;
+  if (!name) return res.status(400).json({ error: "name is required" });
+  if (!content) return res.status(400).json({ error: "content is required" });
+
+  // Sanitize filename
+  const safeName = name.replace(/[^a-zA-Z0-9_-]/g, "-").toLowerCase();
+  const customDir = join(config.skillsDir, "custom");
+  mkdirSync(customDir, { recursive: true });
+
+  const filePath = join(customDir, `${safeName}.md`);
+  const frontmatter = `---\nname: ${safeName}\ndescription: ${description || ""}\n${triggers ? `triggers: ${triggers}\n` : ""}---\n\n`;
+  writeFileSync(filePath, frontmatter + content, "utf-8");
+
+  // Reload skills so new skill is discoverable
+  skillLoader.reload();
+
+  res.status(201).json({ message: "Custom skill created", name: safeName });
+});
+
+app.delete("/api/skills/custom/:name", (req, res) => {
+  const safeName = req.params.name.replace(/[^a-zA-Z0-9_-]/g, "-").toLowerCase();
+  const filePath = join(config.skillsDir, "custom", `${safeName}.md`);
+  if (!existsSync(filePath)) return res.status(404).json({ error: "Skill not found" });
+
+  unlinkSync(filePath);
+  skillLoader.reload();
+  res.json({ message: "Custom skill deleted" });
+});
+
+// --- Memory endpoints ---
+app.get("/api/memory", (req, res) => {
+  const memoryPath = config.memoryPath;
+  if (!existsSync(memoryPath)) return res.json({ content: "" });
+  try {
+    const content = readFileSync(memoryPath, "utf-8");
+    res.json({ content });
+  } catch {
+    res.json({ content: "" });
+  }
+});
+
+app.put("/api/memory", (req, res) => {
+  const { content } = req.body;
+  if (content === undefined) return res.status(400).json({ error: "content is required" });
+  writeFileSync(config.memoryPath, content, "utf-8");
+  res.json({ message: "Memory saved" });
+});
+
 // --- Costs endpoint ---
 app.get("/api/costs/today", (req, res) => {
   res.json({
@@ -704,42 +1025,107 @@ app.get("/api/costs/today", (req, res) => {
   });
 });
 
-// --- Static UI ---
+// --- Static UI (with auth token injection) ---
 const uiPath = join(__dirname, "..", "daemora-ui", "dist");
 if (existsSync(uiPath)) {
-  app.use(express.static(uiPath));
-  // Serve index.html for all other routes (React Router support)
+  const indexHtmlPath = join(uiPath, "index.html");
+  let indexHtml = existsSync(indexHtmlPath) ? readFileSync(indexHtmlPath, "utf-8") : "";
+
+  // Inject auth token as a <meta> tag so the UI can read it without a login flow.
+  // Safe because the HTML is only served to localhost (localOnly middleware).
+  const tokenMeta = `<meta name="api-token" content="${API_TOKEN}" />`;
+  if (indexHtml && !indexHtml.includes('name="api-token"')) {
+    indexHtml = indexHtml.replace("</head>", `    ${tokenMeta}\n  </head>`);
+  }
+
+  // Serve static assets normally
+  app.use(express.static(uiPath, { index: false })); // index:false so we handle index.html ourselves
+
+  // Serve token-injected index.html for all UI routes
   app.get(/.*/, (req, res, next) => {
     if (req.path.startsWith("/api/") || req.path.startsWith("/webhooks/") || req.path.startsWith("/voice/") || req.path.startsWith("/a2a/") || req.path.startsWith("/hooks/") || req.path.startsWith("/v1/")) {
       return next();
     }
-    res.sendFile(join(uiPath, "index.html"));
+    res.setHeader("Content-Type", "text/html");
+    res.send(indexHtml);
   });
   console.log(`[Server] Serving UI from ${uiPath}`);
 }
 
+// --- Load user profile settings on startup ---
+try {
+  const profilePath = join(config.dataDir, "user-profile.json");
+  if (existsSync(profilePath)) {
+    const p = JSON.parse(readFileSync(profilePath, "utf-8"));
+    if (p.subAgentModel && !process.env.SUB_AGENT_MODEL) {
+      process.env.SUB_AGENT_MODEL = p.subAgentModel;
+    }
+  }
+} catch { /* ignore */ }
+
+// --- Server readiness gate ---
+// The server must fully initialize before processing user messages.
+// Skills, MCP, embeddings, and channels all need to load first.
+// Requests that arrive before ready get a 503 with a clear message.
+let _serverReady = false;
+
+// Gate message-processing endpoints until startup completes
+const readinessGate = (req, res, next) => {
+  if (_serverReady) return next();
+  res.status(503).json({ error: "Server is starting up — loading skills, MCP, and channels. Please wait a moment and retry." });
+};
+app.use("/api/chat", readinessGate);
+app.post("/api/tasks", readinessGate);
+
 // --- Start server ---
 app.listen(config.port, async () => {
   console.log("\n--- Daemora Server ---");
   console.log(`Running on http://localhost:${config.port}`);
   console.log(`Model: ${config.defaultModel}`);
+  if (process.env.SUB_AGENT_MODEL) console.log(`Sub-agent model: ${process.env.SUB_AGENT_MODEL}`);
   console.log(`Permission tier: ${config.permissionTier}`);
-  console.log(`Tools loaded: ${Object.keys(toolFunctions).join(", ")}`);
-  console.log(`Total tools: ${Object.keys(toolFunctions).length}`);
   console.log(`Data dir: ${config.dataDir}`);
   console.log(`Daemon mode: ${config.daemonMode}`);
-  console.log(`Task runner: active (concurrency: 2)`);
 
-  // Initialize MCP in background
-  mcpManager.init().catch((e) => console.log(`[MCPManager] Init error: ${e.message}`));
+  // ── Phase 1: Load skills + embeddings (must complete before processing messages) ──
+  console.log("[Startup] Loading skills...");
+  skillLoader.load();
+  console.log(`[Startup] Skills loaded: ${skillLoader.list().length}`);
+
+  console.log("[Startup] Initializing embeddings...");
+  try {
+    const { ensureOllamaEmbedModel } = await import("./utils/Embeddings.js");
+    await ensureOllamaEmbedModel();
+  } catch { /* non-fatal */ }
+
+  // Embed skills (uses whatever embedding provider is available)
+  try {
+    await skillLoader.embedSkills();
+    console.log("[Startup] Skill embeddings ready");
+  } catch { /* non-fatal — TF-IDF fallback always works */ }
 
-  // Start channels (await so we see results before the blank line)
+  // ── Phase 2: Connect MCP servers ──
+  console.log("[Startup] Connecting MCP servers...");
+  try {
+    await mcpManager.init();
+  } catch (e) {
+    console.log(`[Startup] MCP init error (non-fatal): ${e.message}`);
+  }
+
+  // ── Phase 3: Start channels ──
+  console.log("[Startup] Starting channels...");
   try {
     await channelRegistry.startAll();
   } catch (e) {
-    console.log(`[ChannelRegistry] Start error: ${e.message}`);
+    console.log(`[Startup] Channel start error: ${e.message}`);
   }
-  console.log("");
+
+  // ── Ready — start processing messages ──
+  taskRunner.start();
+  console.log(`[Startup] Tools: ${Object.keys(toolFunctions).length}`);
+  console.log(`[Startup] Task runner: active (concurrency: 2)`);
+  _serverReady = true;
+  console.log("[Startup] Server ready ✓\n");
 });
 
 // Graceful shutdown

package/src/models/ModelRouter.js

@@ -218,11 +218,12 @@ const _profileEnvMap = {
  *   1. explicitModel (caller override)
  *   2. Per-tenant modelRoutes[profile]
  *   3. Global CODE_MODEL / RESEARCH_MODEL / WRITER_MODEL / ANALYST_MODEL env vars
- *   4. Per-tenant general model override
- *   5. DEFAULT_MODEL env var / hardcoded default
+ *   4. SUB_AGENT_MODEL (global sub-agent default)
+ *   5. Per-tenant general model override
+ *   6. DEFAULT_MODEL env var / hardcoded default
  *
  * @param {string|null} profile       - e.g. "coder", "researcher", "writer", "analyst"
- * @param {object}      tenantConfig  - resolvedConfig from TenantManager (may have .modelRoutes, .model)
+ * @param {object}      tenantConfig  - resolvedConfig from TenantManager (may have .modelRoutes, .model, .subAgentModel)
  * @param {string|null} explicitModel - Caller-supplied model override (highest priority)
  * @returns {string} Resolved model ID
  */
@@ -230,6 +231,9 @@ export function resolveModelForProfile(profile, tenantConfig = {}, explicitModel
   if (explicitModel) return explicitModel;
   if (profile && tenantConfig.modelRoutes?.[profile]) return tenantConfig.modelRoutes[profile];
   if (profile && process.env[_profileEnvMap[profile]]) return process.env[_profileEnvMap[profile]];
+  // Sub-agent model: tenant-level > env-level
+  if (tenantConfig.subAgentModel) return tenantConfig.subAgentModel;
+  if (process.env.SUB_AGENT_MODEL) return process.env.SUB_AGENT_MODEL;
   if (tenantConfig.model) return tenantConfig.model;
   return process.env.DEFAULT_MODEL || "openai:gpt-4.1-mini";
 }