nolo-cli 0.1.13 → 0.1.15

package/database/server/agentDelegation.ts

@@ -0,0 +1,124 @@
+import type { AccessAction } from "./resourceAccess";
+import serverDb from "./db";
+
+export type AgentDelegation = {
+  principalUserId: string;
+  agentId: string;
+  scopes?: string[];
+  spaceIds?: string[];
+  resourcePrefixes?: string[];
+  expiresAt?: string | number | null;
+  revokedAt?: string | number | null;
+};
+
+export const agentDelegationKey = (
+  principalUserId: string,
+  agentId: string
+) => `agent-delegation-${principalUserId}-${agentId}`;
+
+export const scopeForAction = (
+  action: AccessAction,
+  resource?: { dbKey?: string; record?: any }
+): string => {
+  const dbKey = resource?.dbKey || resource?.record?.dbKey || "";
+  if (dbKey.startsWith("email-") || resource?.record?.type === "email") {
+    switch (action) {
+      case "read":
+        return "email:read";
+      case "write":
+        return "email:send";
+      case "delete":
+        return "email:delete";
+      case "manage":
+        return "email:manage";
+    }
+  }
+
+  switch (action) {
+    case "read":
+      return "db:read";
+    case "write":
+      return "db:write";
+    case "delete":
+      return "db:delete";
+    case "manage":
+      return "db:write";
+  }
+};
+
+const normalizeSpaceId = (spaceId?: unknown): string | null => {
+  if (typeof spaceId !== "string") return null;
+  const trimmed = spaceId.trim();
+  if (!trimmed) return null;
+  return trimmed.startsWith("space-") ? trimmed.slice("space-".length) : trimmed;
+};
+
+const isPast = (value?: string | number | null): boolean => {
+  if (value == null) return false;
+  const timestamp =
+    typeof value === "number" ? value : new Date(value).getTime();
+  return Number.isFinite(timestamp) && Date.now() > timestamp;
+};
+
+export async function loadAgentDelegation(
+  principalUserId: string,
+  agentId: string
+): Promise<AgentDelegation | null> {
+  if (!principalUserId || !agentId) return null;
+  try {
+    const delegation = await serverDb.get(
+      agentDelegationKey(principalUserId, agentId)
+    );
+    return delegation || null;
+  } catch {
+    return null;
+  }
+}
+
+export function validateAgentDelegation({
+  delegation,
+  action,
+  dbKey,
+  record,
+  spaceId,
+}: {
+  delegation: AgentDelegation | null;
+  action: AccessAction;
+  dbKey: string;
+  record?: any;
+  spaceId?: string | null;
+}): { allowed: boolean; reason?: string } {
+  if (!delegation) return { allowed: false, reason: "missing_delegation" };
+  if (delegation.revokedAt != null) {
+    return { allowed: false, reason: "delegation_revoked" };
+  }
+  if (isPast(delegation.expiresAt)) {
+    return { allowed: false, reason: "delegation_expired" };
+  }
+
+  const scopes = Array.isArray(delegation.scopes) ? delegation.scopes : [];
+  if (!scopes.includes(scopeForAction(action, { dbKey, record }))) {
+    return { allowed: false, reason: "delegation_scope_denied" };
+  }
+
+  const prefixes = Array.isArray(delegation.resourcePrefixes)
+    ? delegation.resourcePrefixes
+    : [];
+  const hasPrefixAccess = prefixes.some(
+    (prefix) => typeof prefix === "string" && dbKey.startsWith(prefix)
+  );
+
+  const normalizedSpaceId = normalizeSpaceId(spaceId);
+  const spaceIds = Array.isArray(delegation.spaceIds)
+    ? delegation.spaceIds.map(normalizeSpaceId).filter(Boolean)
+    : [];
+  const hasSpaceAccess = Boolean(
+    normalizedSpaceId && spaceIds.includes(normalizedSpaceId)
+  );
+
+  if (!hasPrefixAccess && !hasSpaceAccess) {
+    return { allowed: false, reason: "delegation_resource_denied" };
+  }
+
+  return { allowed: true };
+}

package/database/server/coreDataOwnership.ts

@@ -0,0 +1,13 @@
+const CORE_PREFIXES = [
+  "space-",
+  "space-member-",
+  "user-pref-",
+  "agent-",
+  "agent-pub-",
+];
+
+export function classifyCoreDataKey(dbKey: string): { owner: "core" | "overlay" } {
+  return CORE_PREFIXES.some((prefix) => dbKey.startsWith(prefix))
+    ? { owner: "core" }
+    : { owner: "overlay" };
+}

package/database/server/coreDataProxy.ts

@@ -0,0 +1,76 @@
+import { classifyCoreDataKey } from "./coreDataOwnership";
+
+const normalizeOrigin = (value: string | URL | null | undefined): string => {
+  try {
+    const raw = typeof value === "string" ? value : value?.toString() ?? "";
+    return new URL(raw).origin.replace(/\/+$/, "");
+  } catch {
+    return "";
+  }
+};
+
+const getDbKeyForOperation = (args: {
+  operation: string;
+  pathname: string;
+  req: { body?: Record<string, any> };
+}): string | null => {
+  const { operation, pathname, req } = args;
+  switch (operation) {
+    case "read":
+    case "delete":
+    case "patch": {
+      const prefix = `/api/v1/db/${operation}/`;
+      return decodeURIComponent(pathname.slice(prefix.length));
+    }
+    case "write":
+      return typeof req.body?.customKey === "string" ? req.body.customKey : null;
+    default:
+      return null;
+  }
+};
+
+export async function maybeProxyDatabaseRequestToCore(args: {
+  req: {
+    method?: string;
+    url?: string | URL;
+    headers?: Headers;
+    body?: Record<string, any>;
+  };
+  pathname: string;
+  search: string;
+  coreBaseUrl?: string | null;
+  fetchImpl?: typeof fetch;
+}): Promise<Response | null> {
+  const { req, pathname, search, fetchImpl = fetch } = args;
+  const coreBaseUrl = normalizeOrigin(args.coreBaseUrl);
+  if (!coreBaseUrl) {
+    return null;
+  }
+
+  const requestOrigin = normalizeOrigin(req.url);
+  if (requestOrigin && requestOrigin === coreBaseUrl) {
+    return null;
+  }
+
+  const operation = pathname.slice("/api/v1/db/".length).split("/")[0] ?? "";
+  const dbKey = getDbKeyForOperation({ operation, pathname, req });
+  if (!dbKey) {
+    return null;
+  }
+
+  if (classifyCoreDataKey(dbKey).owner !== "core") {
+    return null;
+  }
+
+  const headers = new Headers(req.headers ?? {});
+  const init: RequestInit = {
+    method: req.method ?? "GET",
+    headers,
+  };
+
+  if (req.method && !["GET", "HEAD"].includes(req.method.toUpperCase())) {
+    init.body = JSON.stringify(req.body ?? {});
+  }
+
+  return fetchImpl(`${coreBaseUrl}${pathname}${search}`, init);
+}

package/database/server/cybotReadonly.ts

@@ -0,0 +1,18 @@
+import { DataType } from "create/types";
+
+export const CYBOT_READONLY_MESSAGE =
+  "Cybot data is read-only and cannot be modified. Please use agent data instead.";
+
+export const isCybotKey = (dbKey: unknown): boolean =>
+  typeof dbKey === "string" &&
+  dbKey.startsWith(`${DataType.CYBOT}-`) &&
+  dbKey.length > `${DataType.CYBOT}-`.length;
+
+export const isCybotReadOnlyMutation = (config: {
+  dbKey?: unknown;
+  dataType?: unknown;
+  existingType?: unknown;
+}): boolean =>
+  isCybotKey(config.dbKey) ||
+  config.dataType === DataType.CYBOT ||
+  config.existingType === DataType.CYBOT;

package/database/server/dataHandlers.ts

@@ -0,0 +1,111 @@
+import { pino } from "pino";
+import serverDb from "./db";
+
+const logger = pino({ name: "dataHandlers" });
+
+// 依赖注入：扣费函数类型，由调用方传入，避免 database → auth 循环依赖
+type DeductBalanceFn = (userId: string, amount: number, reason: string, txId?: string) => Promise<{ success: boolean; error?: string }>;
+
+export const handleToken = async (
+  data: any,
+  res: any,
+  userId?: string,
+  customKey?: string,
+  actionUserId?: string,
+  deductBalance?: DeductBalanceFn,
+) => {
+  const isStatsKey = customKey.includes("token-stats");
+  await serverDb.put(customKey, data);
+
+  if (!isStatsKey && data.cost && data.cost > 0 && deductBalance) {
+    try {
+      //must change
+      const txId = `token-${customKey}`;
+      logger.info({
+        event: "token_deduct_start",
+        userId: data.userId,
+        cost: data.cost,
+        txId,
+      });
+      const deductResult = await deductBalance(
+        data.userId,
+        data.cost,
+        `Token generation cost: ${customKey}`,
+        txId
+      );
+      logger.info({
+        event: "token_deduct_result",
+        userId: data.userId,
+        cost: data.cost,
+        txId,
+        deductResult,
+      });
+
+      if (!deductResult.success) {
+        logger.warn({
+          event: "token_deduct_failed",
+          error: deductResult.error,
+          userId: data.userId,
+          cost: data.cost,
+          txId,
+        });
+        // next todo fix it
+        return res.status(402).json({
+          message: "Token usage recorded but payment failed",
+          error: deductResult.error,
+        });
+      }
+    } catch (error) {
+      logger.error({
+        event: "token_deduct_error",
+        error: error.message,
+        userId: data.userId,
+        dbKey: customKey,
+      });
+
+      return res.status(500).json({
+        message: "Token usage recorded but payment system error",
+        error: "Internal server error",
+      });
+    }
+  }
+
+  return res.status(200).json({
+    message: "Token usage recorded successfully",
+    id: customKey,
+    dbKey: customKey,
+    ...data,
+  });
+};
+
+export const handleCybot = async (data: any, res: any, customKey: string) => {
+  try {
+    await serverDb.put(customKey, data);
+    const savedData = await serverDb.get(customKey);
+
+    const isDataMatch = JSON.stringify(data) === JSON.stringify(savedData);
+    if (!isDataMatch) {
+      logger.error({
+        event: "cybot_data_mismatch",
+        dbKey: customKey,
+        name: data.name,
+      });
+      throw new Error("Data validation failed");
+    }
+
+    return res.status(200).json({
+      message: "Data written successfully",
+      id: customKey,
+      dbKey: customKey,
+      ...data,
+    });
+  } catch (error) {
+    logger.error({
+      event: "cybot_save_failed",
+      error: error.message,
+      dbKey: customKey,
+      name: data.name,
+    });
+    throw error;
+  }
+};

package/database/server/db.ts

@@ -0,0 +1,118 @@
+// 文件路径: packages/database/server/db.ts
+
+import { Level } from "level";
+import path from "path";
+import fs from "fs";
+import { ensureDbOpen } from "./ensureDbOpen";
+import { resolveServerDbPath } from "./dbPath";
+
+const DB_PATH = resolveServerDbPath();
+
+// 确保目录存在
+if (!fs.existsSync(path.dirname(DB_PATH))) {
+  fs.mkdirSync(path.dirname(DB_PATH), { recursive: true });
+}
+
+console.log("数据库配置:");
+console.log("- 当前工作目录:", process.cwd());
+console.log("- 数据库路径:", DB_PATH);
+
+// 安全 JSON 编码：解码失败时返回 null 而非抛异常，防止损坏记录导致进程崩溃
+const safeJsonEncoding = {
+  name: "safe-json",
+  format: "utf8" as const,
+  encode: (data: any) => JSON.stringify(data),
+  decode: (data: string) => {
+    try {
+      return JSON.parse(data);
+    } catch {
+      console.warn("[LevelDB] Corrupted value:", data?.substring?.(0, 60));
+      return null;
+    }
+  },
+};
+
+export function isServerDbLockError(error: unknown): boolean {
+  const queue: unknown[] = [error];
+  const seen = new Set<unknown>();
+
+  while (queue.length > 0) {
+    const current = queue.shift();
+    if (!current || seen.has(current)) continue;
+    seen.add(current);
+
+    const text = `${(current as any)?.code ?? ""} ${(current as any)?.message ?? current}`;
+    if (/LEVEL_LOCKED|Resource temporarily unavailable|\/LOCK|LOCK:/.test(text)) {
+      return true;
+    }
+
+    if ((current as any)?.cause) queue.push((current as any).cause);
+    if (Array.isArray((current as any)?.errors)) {
+      queue.push(...(current as any).errors);
+    }
+  }
+
+  return false;
+}
+
+// 单例实例：挂在 globalThis 上，--hot 模式下模块重新求值时复用同一实例，避免 LevelDB 锁冲突
+if (!(globalThis as any).__serverDb) {
+  (globalThis as any).__serverDb = new Level<string, any>(DB_PATH, {
+    valueEncoding: safeJsonEncoding,
+  });
+}
+const serverDb: Level<string, any> = (globalThis as any).__serverDb;
+
+console.log("- LevelDB实际路径:", serverDb.location);
+
+// ✅ 保留默认导出：兼容现有的 import serverDb from "./db"
+export default serverDb;
+
+// 具名导出：需要的时候可以引用
+export { serverDb };
+
+/**
+ * 确保数据库处于 open 状态。
+ * - 已 open / opening：直接返回
+ * - 其他状态：尝试 open，一旦失败抛错
+ */
+export async function ensureServerDbOpen() {
+  const status = (serverDb as any).status;
+  if (status === "open") return;
+
+  try {
+    await ensureDbOpen(serverDb);
+    if (status !== "opening") {
+      console.log("✅ LevelDB 已打开");
+    }
+  } catch (err) {
+    if (isServerDbLockError(err)) {
+      console.error("❌ 打开 LevelDB 失败: 数据库已被其他进程占用");
+    } else {
+      console.error("❌ 打开 LevelDB 失败:", err);
+    }
+    throw err;
+  }
+}
+
+/**
+ * 兼容入口调用：启动时显式 open 一次
+ */
+export async function openServerDb() {
+  return ensureServerDbOpen();
+}
+
+/**
+ * 优雅关机时关闭 DB
+ */
+export async function closeServerDb() {
+  const status = (serverDb as any).status;
+  if (status !== "open") return;
+
+  try {
+    await serverDb.close();
+    console.log("✅ LevelDB 已关闭");
+  } catch (err) {
+    console.error("❌ 关闭 LevelDB 失败:", err);
+  }
+}

package/database/server/dbPath.ts

@@ -0,0 +1,20 @@
+import { homedir } from "node:os";
+import path from "node:path";
+
+type EnvLike = Record<string, string | undefined>;
+
+export type ResolveServerDbPathOptions = {
+  env?: EnvLike;
+  homeDir?: string;
+  cwd?: string;
+};
+
+export function resolveServerDbPath(options: ResolveServerDbPathOptions = {}) {
+  const env = options.env ?? process.env;
+  return env.NOLO_SERVER_DB_PATH?.trim() || path.join(options.cwd ?? process.cwd(), "data", "leveldb");
+}
+
+export function resolveNoloHome(options: ResolveServerDbPathOptions = {}) {
+  const env = options.env ?? process.env;
+  return env.NOLO_HOME?.trim() || path.join(options.homeDir ?? homedir(), ".nolo");
+}