neoagent 1.0.0

package/server/public/login.html

@@ -0,0 +1,313 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>NeoAgent — Login</title>
+  <link rel="icon" type="image/svg+xml" href="/favicon.svg">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link rel="stylesheet" href="/css/styles.css">
+  <style>
+    body {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      min-height: 100vh;
+      background: var(--bg-primary);
+      overflow: hidden;
+    }
+
+    .login-bg {
+      position: fixed;
+      inset: 0;
+      overflow: hidden;
+      z-index: 0;
+    }
+
+    .login-bg .orb {
+      position: absolute;
+      border-radius: 50%;
+      filter: blur(120px);
+      opacity: 0.15;
+      animation: float 20s ease-in-out infinite;
+    }
+
+    .login-bg .orb-1 {
+      width: 500px; height: 500px;
+      background: var(--accent);
+      top: -100px; left: -100px;
+      animation-delay: 0s;
+    }
+
+    .login-bg .orb-2 {
+      width: 400px; height: 400px;
+      background: #8b5cf6;
+      bottom: -80px; right: -80px;
+      animation-delay: -7s;
+    }
+
+    .login-bg .orb-3 {
+      width: 300px; height: 300px;
+      background: #06b6d4;
+      top: 50%; left: 60%;
+      animation-delay: -14s;
+    }
+
+    @keyframes float {
+      0%, 100% { transform: translate(0, 0) scale(1); }
+      33% { transform: translate(30px, -30px) scale(1.05); }
+      66% { transform: translate(-20px, 20px) scale(0.95); }
+    }
+
+    .login-card {
+      position: relative; z-index: 1;
+      width: 100%; max-width: 400px;
+      background: rgba(12,12,24,.92);
+      backdrop-filter: blur(24px) saturate(1.4);
+      -webkit-backdrop-filter: blur(24px) saturate(1.4);
+      border: 1px solid rgba(255,255,255,.1);
+      border-radius: 20px; padding: 40px;
+      box-shadow: 0 20px 60px rgba(0,0,0,.6);
+      animation: cardIn 400ms cubic-bezier(.16,1,.3,1) both;
+    }
+    @keyframes cardIn {
+      from { opacity: 0; transform: translateY(20px) scale(.97); }
+      to   { opacity: 1; transform: translateY(0) scale(1); }
+    }
+
+    .login-logo {
+      text-align: center;
+      margin-bottom: 32px;
+    }
+
+    .login-logo .logo-icon {
+      width: 52px; height: 52px;
+      background: linear-gradient(135deg, var(--accent), #8b5cf6);
+      border-radius: 14px;
+      display: inline-flex; align-items: center; justify-content: center;
+      margin-bottom: 16px;
+      box-shadow: 0 4px 24px rgba(99,102,241,.45);
+    }
+
+    .login-logo .logo-icon svg {
+      width: 28px;
+      height: 28px;
+      stroke: white;
+    }
+
+    .login-logo h1 {
+      font-size: 24px;
+      font-weight: 700;
+      margin-bottom: 4px;
+    }
+
+    .login-logo p {
+      color: var(--text-secondary);
+      font-size: 14px;
+    }
+
+    .login-tabs {
+      display: flex;
+      margin-bottom: 24px;
+      background: var(--bg-primary);
+      border-radius: var(--radius);
+      padding: 3px;
+    }
+
+    .login-tab {
+      flex: 1;
+      text-align: center;
+      padding: 8px;
+      cursor: pointer;
+      border-radius: 6px;
+      font-weight: 500;
+      font-size: 13px;
+      color: var(--text-secondary);
+      transition: all var(--transition);
+    }
+
+    .login-tab.active {
+      background: var(--accent);
+      color: white;
+    }
+
+    .login-form { display: none; }
+    .login-form.active { display: block; }
+
+    .login-form .btn {
+      width: 100%;
+      justify-content: center;
+      padding: 12px;
+      margin-top: 8px;
+      font-size: 14px;
+    }
+
+    .login-error {
+      background: rgba(239, 68, 68, 0.1);
+      border: 1px solid rgba(239, 68, 68, 0.3);
+      color: var(--error);
+      padding: 10px 14px;
+      border-radius: var(--radius);
+      font-size: 13px;
+      margin-bottom: 16px;
+      display: none;
+    }
+
+    .login-error.show { display: block; }
+  </style>
+</head>
+<body>
+  <div class="login-bg">
+    <div class="orb orb-1"></div>
+    <div class="orb orb-2"></div>
+    <div class="orb orb-3"></div>
+  </div>
+
+  <div class="login-card">
+    <div class="login-logo">
+      <div class="logo-icon">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke-linecap="round" stroke-linejoin="round">
+          <polygon points="12,2 2,7 12,12 22,7" fill="white" stroke="none"/>
+          <polyline points="2,17 12,22 22,17" fill="none" stroke="white" stroke-width="2"/>
+          <polyline points="2,12 12,17 22,12" fill="none" stroke="white" stroke-width="2"/>
+        </svg>
+      </div>
+      <h1>NeoAgent</h1>
+      <p>Your proactive AI agent</p>
+    </div>
+
+    <div class="login-tabs" id="tabBar" style="display:none">
+      <div class="login-tab active" data-tab="login">Sign In</div>
+      <div class="login-tab" data-tab="register" id="registerTab" style="display:none">Setup</div>
+    </div>
+
+    <div class="login-error" id="error"></div>
+
+    <form class="login-form active" id="loginForm" data-tab="login">
+      <div class="form-group">
+        <label class="form-label">Username</label>
+        <input type="text" class="input" name="username" autocomplete="username" required autofocus>
+      </div>
+      <div class="form-group">
+        <label class="form-label">Password</label>
+        <input type="password" class="input" name="password" autocomplete="current-password" required>
+      </div>
+      <button type="submit" class="btn btn-primary">Sign In</button>
+    </form>
+
+    <form class="login-form" id="registerForm" data-tab="register">
+      <div class="form-group">
+        <label class="form-label">Username</label>
+        <input type="text" class="input" name="username" autocomplete="username" required minlength="3">
+      </div>
+      <div class="form-group">
+        <label class="form-label">Password</label>
+        <input type="password" class="input" name="password" autocomplete="new-password" required minlength="8">
+      </div>
+      <div class="form-group">
+        <label class="form-label">Confirm Password</label>
+        <input type="password" class="input" name="confirmPassword" autocomplete="new-password" required>
+      </div>
+      <button type="submit" class="btn btn-primary">Create Account</button>
+    </form>
+  </div>
+
+  <script>
+    const tabs = document.querySelectorAll('.login-tab');
+    const forms = document.querySelectorAll('.login-form');
+    const errorEl = document.getElementById('error');
+
+    function switchTab(target) {
+      tabs.forEach(t => t.classList.toggle('active', t.dataset.tab === target));
+      forms.forEach(f => f.classList.toggle('active', f.dataset.tab === target));
+      errorEl.classList.remove('show');
+    }
+
+    tabs.forEach(tab => tab.addEventListener('click', () => switchTab(tab.dataset.tab)));
+
+    // Show tab bar + setup tab only if no user exists yet; otherwise hide the whole bar
+    fetch('/api/auth/status', { credentials: 'include' }).then(r => r.json()).then(data => {
+      if (!data.hasUser) {
+        document.getElementById('registerTab').style.display = '';
+        document.getElementById('tabBar').style.display = '';
+        switchTab('register');
+      }
+    });
+
+    function showError(msg) {
+      errorEl.textContent = msg;
+      errorEl.classList.add('show');
+    }
+
+    document.getElementById('loginForm').addEventListener('submit', async (e) => {
+      e.preventDefault();
+      const form = e.target;
+      const btn = form.querySelector('button');
+      btn.disabled = true;
+      btn.textContent = 'Signing in...';
+      errorEl.classList.remove('show');
+
+      try {
+        const res = await fetch('/api/auth/login', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          credentials: 'include',
+          body: JSON.stringify({
+            username: form.username.value,
+            password: form.password.value
+          })
+        });
+        const data = await res.json();
+        if (res.ok) {
+          window.location.href = data.redirect || '/app';
+        } else {
+          showError(data.error || 'Login failed');
+        }
+      } catch (err) {
+        showError('Connection error');
+      } finally {
+        btn.disabled = false;
+        btn.textContent = 'Sign In';
+      }
+    });
+
+    document.getElementById('registerForm').addEventListener('submit', async (e) => {
+      e.preventDefault();
+      const form = e.target;
+      const btn = form.querySelector('button');
+
+      if (form.password.value !== form.confirmPassword.value) {
+        return showError('Passwords do not match');
+      }
+
+      btn.disabled = true;
+      btn.textContent = 'Creating account...';
+      errorEl.classList.remove('show');
+
+      try {
+        const res = await fetch('/api/auth/register', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          credentials: 'include',
+          body: JSON.stringify({
+            username: form.username.value,
+            password: form.password.value
+          })
+        });
+        const data = await res.json();
+        if (res.ok) {
+          window.location.href = data.redirect || '/app';
+        } else {
+          showError(data.error || 'Setup failed');
+        }
+      } catch (err) {
+        showError('Connection error');
+      } finally {
+        btn.disabled = false;
+        btn.textContent = 'Create Account';
+      }
+    });
+  </script>
+</body>
+</html>

package/server/routes/agents.js

@@ -0,0 +1,125 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db/database');
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// List agent runs
+router.get('/', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 50, 200);
+  const offset = parseInt(req.query.offset) || 0;
+  const runs = db.prepare('SELECT * FROM agent_runs WHERE user_id = ? ORDER BY created_at DESC LIMIT ? OFFSET ?')
+    .all(req.session.userId, limit, offset);
+  const total = db.prepare('SELECT COUNT(*) as count FROM agent_runs WHERE user_id = ?').get(req.session.userId).count;
+  res.json({ runs, total, limit, offset });
+});
+
+// Chat history (web + social messages merged)
+router.get('/chat-history', (req, res) => {
+  const limit = Math.min(parseInt(req.query.limit) || 100, 500);
+  const userId = req.session.userId;
+
+  const webMsgs = db.prepare(`
+    SELECT id, role, content, 'web' AS platform, NULL AS sender_name, created_at, agent_run_id AS run_id
+    FROM conversation_history WHERE user_id = ? ORDER BY created_at DESC LIMIT ?
+  `).all(userId, limit);
+
+  const socialMsgs = db.prepare(`
+    SELECT id, role, content, platform,
+      json_extract(metadata, '$.senderName') AS sender_name, created_at, run_id
+    FROM messages WHERE user_id = ? AND platform != 'web'
+    ORDER BY created_at DESC LIMIT ?
+  `).all(userId, limit);
+
+  // Normalize SQL datetime ('YYYY-MM-DD HH:MM:SS', treated as local) and ISO-Z strings to ms
+  const toMs = (s) => {
+    if (!s) return 0;
+    const normalized = s.includes('T') ? s : s.replace(' ', 'T') + 'Z';
+    return new Date(normalized).getTime();
+  };
+
+  const all = [...webMsgs, ...socialMsgs]
+    .sort((a, b) => toMs(a.created_at) - toMs(b.created_at))
+    .slice(-limit);
+
+  res.json({ messages: all });
+});
+
+// Create new agent run
+router.post('/', async (req, res) => {
+  try {
+    const { task, options } = req.body;
+    if (!task || typeof task !== 'string') return res.status(400).json({ error: 'Task must be a non-empty string' });
+    if (task.length > 50000) return res.status(400).json({ error: 'Task exceeds maximum length of 50,000 characters' });
+
+    const engine = req.app.locals.agentEngine;
+    const result = await engine.run(req.session.userId, task, options || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Get specific run
+router.get('/:id', (req, res) => {
+  const run = db.prepare('SELECT * FROM agent_runs WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!run) return res.status(404).json({ error: 'Run not found' });
+
+  const steps = db.prepare('SELECT * FROM agent_steps WHERE run_id = ? ORDER BY step_index ASC').all(run.id);
+  const history = db.prepare('SELECT * FROM conversation_history WHERE agent_run_id = ? ORDER BY created_at ASC').all(run.id);
+
+  res.json({ run, steps, history });
+});
+
+// Get detailed steps for a run (for activity history replay)
+router.get('/:id/steps', (req, res) => {
+  const run = db.prepare('SELECT * FROM agent_runs WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!run) return res.status(404).json({ error: 'Run not found' });
+
+  const steps = db.prepare('SELECT * FROM agent_steps WHERE run_id = ? ORDER BY step_index ASC').all(run.id);
+  const response = db.prepare(
+    `SELECT content FROM conversation_history WHERE user_id = ? AND agent_run_id = ? AND role = 'assistant' ORDER BY created_at DESC LIMIT 1`
+  ).get(req.session.userId, run.id);
+
+  res.json({ run, steps, response: response?.content || null });
+});
+
+// Abort a run
+router.post('/:id/abort', (req, res) => {
+  try {
+    const engine = req.app.locals.agentEngine;
+    engine.abort(req.params.id);
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Delete a run
+router.delete('/:id', (req, res) => {
+  const run = db.prepare('SELECT id FROM agent_runs WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!run) return res.status(404).json({ error: 'Run not found' });
+
+  db.prepare('DELETE FROM agent_steps WHERE run_id = ?').run(run.id);
+  db.prepare('DELETE FROM conversation_history WHERE agent_run_id = ?').run(run.id);
+  db.prepare('DELETE FROM agent_runs WHERE id = ?').run(run.id);
+  res.json({ success: true });
+});
+
+// Multi-step task
+router.post('/multi-step', async (req, res) => {
+  try {
+    const { task, steps, options } = req.body;
+    if (!task) return res.status(400).json({ error: 'Task is required' });
+
+    const multiStep = req.app.locals.multiStep;
+    const result = await multiStep.create(req.session.userId, task, steps || [], options || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+module.exports = router;

package/server/routes/auth.js

@@ -0,0 +1,105 @@
+const express = require('express');
+const router = express.Router();
+const bcrypt = require('bcrypt');
+const rateLimit = require('express-rate-limit');
+const db = require('../db/database');
+const { requireNoAuth } = require('../middleware/auth');
+
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 20,
+  message: { error: 'Too many attempts, try again later' },
+  standardHeaders: true,
+  legacyHeaders: false
+});
+
+router.get('/api/auth/status', (req, res) => {
+  const count = db.prepare('SELECT COUNT(*) as count FROM users').get();
+  res.json({ hasUser: count.count > 0 });
+});
+
+router.post('/api/auth/register', authLimiter, async (req, res) => {
+  try {
+    const userCount = db.prepare('SELECT COUNT(*) as count FROM users').get();
+    if (userCount.count > 0) {
+      return res.status(403).json({ error: 'Registration is closed' });
+    }
+
+    const { username, password } = req.body;
+    if (!username || !password) {
+      return res.status(400).json({ error: 'Username and password required' });
+    }
+    if (username.length < 3 || password.length < 8) {
+      return res.status(400).json({ error: 'Username min 3 chars, password min 8' });
+    }
+
+    const hash = await bcrypt.hash(password, 12);
+    const result = db.prepare('INSERT INTO users (username, password) VALUES (?, ?)').run(username, hash);
+
+    req.session.regenerate((err) => {
+      if (err) return res.status(500).json({ error: 'Session error' });
+      req.session.userId = result.lastInsertRowid;
+      req.session.username = username;
+      req.session.save((err) => {
+        if (err) return res.status(500).json({ error: 'Session save error' });
+        res.json({ success: true, redirect: '/app', user: { id: result.lastInsertRowid, username } });
+      });
+    });
+  } catch (err) {
+    console.error('Register error:', err);
+    res.status(500).json({ error: 'Registration failed' });
+  }
+});
+
+router.post('/api/auth/login', authLimiter, async (req, res) => {
+  try {
+    const { username, password } = req.body;
+    if (!username || !password) {
+      return res.status(400).json({ error: 'Username and password required' });
+    }
+
+    const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username);
+    if (!user) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    const match = await bcrypt.compare(password, user.password);
+    if (!match) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    db.prepare('UPDATE users SET last_login = datetime(\'now\') WHERE id = ?').run(user.id);
+
+    req.session.regenerate((err) => {
+      if (err) return res.status(500).json({ error: 'Session error' });
+      req.session.userId = user.id;
+      req.session.username = user.username;
+      req.session.save((err) => {
+        if (err) return res.status(500).json({ error: 'Session save error' });
+        res.json({ success: true, redirect: '/app', user: { id: user.id, username: user.username } });
+      });
+    });
+  } catch (err) {
+    console.error('Login error:', err);
+    res.status(500).json({ error: 'Login failed' });
+  }
+});
+
+router.post('/api/auth/logout', (req, res) => {
+  req.session.destroy((err) => {
+    if (err) return res.status(500).json({ error: 'Logout failed' });
+    res.clearCookie('neoagent.sid');
+    res.json({ success: true });
+  });
+});
+
+router.get('/api/auth/me', (req, res) => {
+  if (!req.session || !req.session.userId) {
+    return res.status(401).json({ error: 'Not authenticated' });
+  }
+  const user = db.prepare('SELECT id, username, email, created_at, last_login FROM users WHERE id = ?').get(req.session.userId);
+  if (!user) return res.status(401).json({ error: 'User not found' });
+  res.json({ user });
+});
+
+module.exports = router;

package/server/routes/browser.js

@@ -0,0 +1,116 @@
+const express = require('express');
+const router = express.Router();
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// Get browser status
+router.get('/status', (req, res) => {
+  const bc = req.app.locals.browserController;
+  res.json({
+    launched: bc.isLaunched(),
+    pages: bc.getPageCount(),
+    headless: bc.headless
+  });
+});
+
+// Launch browser
+router.post('/launch', async (req, res) => {
+  try {
+    const bc = req.app.locals.browserController;
+    await bc.launch(req.body || {});
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Navigate to URL
+router.post('/navigate', async (req, res) => {
+  try {
+    const { url, waitFor } = req.body;
+    if (!url) return res.status(400).json({ error: 'url required' });
+
+    const bc = req.app.locals.browserController;
+    const result = await bc.navigate(url, { waitUntil: waitFor || 'domcontentloaded' });
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Take screenshot
+router.post('/screenshot', async (req, res) => {
+  try {
+    const bc = req.app.locals.browserController;
+    const result = await bc.screenshot(req.body || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Click element
+router.post('/click', async (req, res) => {
+  try {
+    const { selector, text } = req.body;
+    const bc = req.app.locals.browserController;
+    const result = await bc.click(selector, { text });
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Fill form field
+router.post('/fill', async (req, res) => {
+  try {
+    const { selector, value } = req.body;
+    if (!selector || value === undefined) return res.status(400).json({ error: 'selector and value required' });
+
+    const bc = req.app.locals.browserController;
+    const result = await bc.fill(selector, value);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Extract content
+router.post('/extract', async (req, res) => {
+  try {
+    const bc = req.app.locals.browserController;
+    const result = await bc.extractContent(req.body || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Execute JavaScript
+router.post('/execute', async (req, res) => {
+  try {
+    const { code } = req.body;
+    if (!code) return res.status(400).json({ error: 'code required' });
+
+    const bc = req.app.locals.browserController;
+    const result = await bc.executeJS(code);
+    res.json({ result });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Close browser
+router.post('/close', async (req, res) => {
+  try {
+    const bc = req.app.locals.browserController;
+    await bc.closeBrowser();
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+module.exports = router;