neoagent 1.0.0

package/server/routes/settings.js

@@ -0,0 +1,98 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db/database');
+const { requireAuth } = require('../middleware/auth');
+
+router.use(requireAuth);
+
+// Get supported models metadata
+router.get('/meta/models', (req, res) => {
+  const { SUPPORTED_MODELS } = require('../services/ai/models');
+  res.json({ models: SUPPORTED_MODELS });
+});
+
+// Get all settings
+router.get('/', (req, res) => {
+  const rows = db.prepare('SELECT key, value FROM user_settings WHERE user_id = ?').all(req.session.userId);
+  const settings = {};
+  for (const row of rows) {
+    try {
+      settings[row.key] = JSON.parse(row.value);
+    } catch (e) {
+      if (typeof row.value === 'string' && (row.value.trim().startsWith('{') || row.value.trim().startsWith('['))) {
+        console.warn(`[Settings] Failed to parse '${row.key}' as JSON, treating as raw string. Error:`, e.message);
+      }
+      settings[row.key] = row.value;
+    }
+  }
+  res.json(settings);
+});
+
+// Update settings (batch)
+router.put('/', (req, res) => {
+  const userId = req.session.userId;
+  const upsert = db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value');
+
+  const tx = db.transaction((entries) => {
+    for (const [key, value] of entries) {
+      const v = typeof value === 'string' ? value : JSON.stringify(value);
+      upsert.run(userId, key, v);
+    }
+  });
+
+  tx(Object.entries(req.body));
+
+  // Apply headless toggle immediately without restarting
+  if ('headless_browser' in req.body) {
+    const bc = req.app.locals.browserController;
+    if (bc) bc.setHeadless(req.body.headless_browser).catch(() => { });
+  }
+
+  res.json({ success: true });
+});
+
+// Get single setting
+router.get('/:key', (req, res) => {
+  const row = db.prepare('SELECT value FROM user_settings WHERE user_id = ? AND key = ?').get(req.session.userId, req.params.key);
+  if (!row) return res.json({ value: null });
+  try {
+    res.json({ value: JSON.parse(row.value) });
+  } catch (e) {
+    if (typeof row.value === 'string' && (row.value.trim().startsWith('{') || row.value.trim().startsWith('['))) {
+      console.warn(`[Settings] Failed to parse '${req.params.key}' as JSON, returning as raw string. Error:`, e.message);
+    }
+    res.json({ value: row.value });
+  }
+});
+
+// Set single setting
+router.put('/:key', (req, res) => {
+  const v = typeof req.body.value === 'string' ? req.body.value : JSON.stringify(req.body.value);
+  db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value')
+    .run(req.session.userId, req.params.key, v);
+  res.json({ success: true });
+});
+
+// Delete setting
+router.delete('/:key', (req, res) => {
+  db.prepare('DELETE FROM user_settings WHERE user_id = ? AND key = ?').run(req.session.userId, req.params.key);
+  res.json({ success: true });
+});
+
+// Trigger auto-update script
+router.post('/update', (req, res) => {
+  const { spawn } = require('child_process');
+  console.log('[Settings] Triggering neoagent update...');
+
+  // Spawn the update command in detached mode so it survives the node process exiting
+  const child = spawn(process.execPath, ['bin/neoagent.js', 'update'], {
+    detached: true,
+    stdio: 'ignore',
+    cwd: process.cwd()
+  });
+
+  child.unref();
+  res.json({ success: true, message: 'Update triggered' });
+});
+
+module.exports = router;

package/server/routes/skills.js

@@ -0,0 +1,107 @@
+const express = require('express');
+const router = express.Router();
+const fs = require('fs');
+const path = require('path');
+const { requireAuth } = require('../middleware/auth');
+
+const SKILLS_DIR = path.join(__dirname, '../../agent-data/skills');
+
+/**
+ * Resolve a client-supplied filename to an absolute path inside SKILLS_DIR.
+ * Returns null if the resolved path escapes the directory (path traversal attempt).
+ */
+function safeSkillPath(filename) {
+  if (!filename || typeof filename !== 'string') return null;
+  // Strip any directory components – only the basename is allowed
+  const base = path.basename(filename);
+  if (!base || base === '.' || base === '..') return null;
+  const resolved = path.resolve(SKILLS_DIR, base);
+  // Ensure the resolved path stays inside SKILLS_DIR
+  if (!resolved.startsWith(SKILLS_DIR + path.sep) && resolved !== SKILLS_DIR) return null;
+  return resolved;
+}
+
+router.use(requireAuth);
+
+// List all skills
+router.get('/', (req, res) => {
+  if (!fs.existsSync(SKILLS_DIR)) fs.mkdirSync(SKILLS_DIR, { recursive: true });
+
+  const files = fs.readdirSync(SKILLS_DIR).filter(f => f.endsWith('.md'));
+  const skills = files.map(f => {
+    const content = fs.readFileSync(path.join(SKILLS_DIR, f), 'utf-8');
+    const meta = parseSkillMeta(content);
+    return {
+      filename: f,
+      name: meta.name || f.replace('.md', ''),
+      description: meta.description || '',
+      trigger: meta.trigger || '',
+      enabled: meta.enabled !== false,
+      category: meta.category || 'general'
+    };
+  });
+
+  res.json(skills);
+});
+
+// Get a specific skill
+router.get('/:filename', (req, res) => {
+  const fp = safeSkillPath(req.params.filename);
+  if (!fp || !fs.existsSync(fp)) return res.status(404).json({ error: 'Skill not found' });
+
+  const content = fs.readFileSync(fp, 'utf-8');
+  res.json({ filename: req.params.filename, content, meta: parseSkillMeta(content) });
+});
+
+// Create a new skill
+router.post('/', (req, res) => {
+  const { filename, content } = req.body;
+  if (!filename || !content) return res.status(400).json({ error: 'filename and content required' });
+
+  const baseName = filename.replace(/\.md$/i, '').replace(/[^a-zA-Z0-9_.-]/g, '');
+  const safeName = baseName + '.md';
+  const fp = path.join(SKILLS_DIR, safeName);
+
+  if (!fs.existsSync(SKILLS_DIR)) fs.mkdirSync(SKILLS_DIR, { recursive: true });
+
+  fs.writeFileSync(fp, content, 'utf-8');
+  res.status(201).json({ filename: safeName, meta: parseSkillMeta(content) });
+});
+
+// Update a skill
+router.put('/:filename', (req, res) => {
+  const fp = safeSkillPath(req.params.filename);
+  if (!fp || !fs.existsSync(fp)) return res.status(404).json({ error: 'Skill not found' });
+
+  fs.writeFileSync(fp, req.body.content, 'utf-8');
+  res.json({ filename: path.basename(fp), meta: parseSkillMeta(req.body.content) });
+});
+
+// Delete a skill
+router.delete('/:filename', (req, res) => {
+  const fp = safeSkillPath(req.params.filename);
+  if (!fp || !fs.existsSync(fp)) return res.status(404).json({ error: 'Skill not found' });
+
+  fs.unlinkSync(fp);
+  res.json({ success: true });
+});
+
+function parseSkillMeta(content) {
+  const meta = {};
+  const match = content.match(/^---\n([\s\S]*?)\n---/);
+  if (!match) return meta;
+
+  const lines = match[1].split('\n');
+  for (const line of lines) {
+    const colon = line.indexOf(':');
+    if (colon === -1) continue;
+    const key = line.slice(0, colon).trim();
+    let val = line.slice(colon + 1).trim();
+    if (val === 'true') val = true;
+    else if (val === 'false') val = false;
+    meta[key] = val;
+  }
+  return meta;
+}
+
+module.exports = router;