pilotswarm-web 0.1.0

package/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "pilotswarm-web",
+  "version": "0.1.0",
+  "private": false,
+  "description": "Browser-native web portal for PilotSwarm with shared controller/state/theme reuse.",
+  "type": "module",
+  "bin": {
+    "pilotswarm-web": "./bin/serve.js"
+  },
+  "main": "./server.js",
+  "exports": {
+    ".": "./server.js"
+  },
+  "bundledDependencies": [
+    "pilotswarm-ui-core",
+    "pilotswarm-ui-react"
+  ],
+  "files": [
+    "auth.js",
+    "auth/**/*",
+    "bin/**/*",
+    "config.js",
+    "dist/**/*",
+    "README.md",
+    "runtime.js",
+    "server.js"
+  ],
+  "scripts": {
+    "build": "vite build",
+    "prepack": "npm run build && node -e \"const fs=require('fs');const cp=(s,d)=>{fs.mkdirSync(d,{recursive:true});for(const e of fs.readdirSync(s,{withFileTypes:true})){const sp=s+'/'+e.name,dp=d+'/'+e.name;e.isDirectory()?cp(sp,dp):fs.copyFileSync(sp,dp)}};for(const p of ['pilotswarm-ui-core','pilotswarm-ui-react']){const src='../'+p.replace('pilotswarm-','');const dst='node_modules/'+p;fs.rmSync(dst,{recursive:true,force:true});fs.mkdirSync(dst,{recursive:true});fs.copyFileSync(src+'/package.json',dst+'/package.json');fs.copyFileSync(src+'/README.md',dst+'/README.md');cp(src+'/src',dst+'/src')}\"",
+    "start": "node server.js",
+    "dev": "vite --host 0.0.0.0",
+    "dev:server": "node server.js",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@azure/msal-browser": "^4.26.1",
+    "express": "^5.1.0",
+    "jose": "^6.2.2",
+    "pilotswarm-cli": "^0.1.15",
+    "pilotswarm-ui-core": "0.1.0",
+    "pilotswarm-ui-react": "0.1.0",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "ws": "^8.18.2"
+  },
+  "devDependencies": {
+    "@vitejs/plugin-react": "^5.1.0",
+    "vite": "^7.2.0"
+  },
+  "author": "Affan Dar",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/affandar/PilotSwarm"
+  },
+  "homepage": "https://github.com/affandar/PilotSwarm",
+  "bugs": {
+    "url": "https://github.com/affandar/PilotSwarm/issues"
+  },
+  "engines": {
+    "node": ">=24.0.0"
+  }
+}

package/runtime.js

@@ -0,0 +1,146 @@
+import { NodeSdkTransport } from "pilotswarm-cli/portal";
+
+function normalizeParams(params) {
+    return params && typeof params === "object" ? params : {};
+}
+
+export class PortalRuntime {
+    constructor({ store, mode }) {
+        this.transport = new NodeSdkTransport({ store, mode });
+        this.mode = mode;
+        this.started = false;
+        this.startPromise = null;
+    }
+
+    async start() {
+        if (this.started) return;
+        if (!this.startPromise) {
+            this.startPromise = this.transport.start()
+                .then(() => {
+                    this.started = true;
+                })
+                .finally(() => {
+                    this.startPromise = null;
+                });
+        }
+        await this.startPromise;
+    }
+
+    async stop() {
+        if (!this.started && !this.startPromise) return;
+        if (this.startPromise) {
+            await this.startPromise.catch(() => {});
+        }
+        if (this.started) {
+            await this.transport.stop();
+            this.started = false;
+        }
+    }
+
+    async getBootstrap() {
+        await this.start();
+        return {
+            mode: this.mode,
+            workerCount: typeof this.transport.getWorkerCount === "function"
+                ? this.transport.getWorkerCount()
+                : null,
+            logConfig: typeof this.transport.getLogConfig === "function"
+                ? this.transport.getLogConfig()
+                : null,
+            defaultModel: typeof this.transport.getDefaultModel === "function"
+                ? this.transport.getDefaultModel()
+                : null,
+            modelsByProvider: typeof this.transport.getModelsByProvider === "function"
+                ? this.transport.getModelsByProvider()
+                : [],
+            creatableAgents: typeof this.transport.listCreatableAgents === "function"
+                ? await this.transport.listCreatableAgents()
+                : [],
+            sessionCreationPolicy: typeof this.transport.getSessionCreationPolicy === "function"
+                ? this.transport.getSessionCreationPolicy()
+                : null,
+        };
+    }
+
+    async call(method, params = {}) {
+        await this.start();
+        const safeParams = normalizeParams(params);
+        switch (method) {
+            case "listSessions":
+                return this.transport.listSessions();
+            case "getSession":
+                return this.transport.getSession(safeParams.sessionId);
+            case "getOrchestrationStats":
+                return this.transport.getOrchestrationStats(safeParams.sessionId);
+            case "getExecutionHistory":
+                return this.transport.getExecutionHistory(safeParams.sessionId, safeParams.executionId);
+            case "createSession":
+                return this.transport.createSession({ model: safeParams.model });
+            case "createSessionForAgent":
+                return this.transport.createSessionForAgent(safeParams.agentName, {
+                    model: safeParams.model,
+                    title: safeParams.title,
+                    splash: safeParams.splash,
+                    initialPrompt: safeParams.initialPrompt,
+                });
+            case "listCreatableAgents":
+                return this.transport.listCreatableAgents();
+            case "getSessionCreationPolicy":
+                return this.transport.getSessionCreationPolicy();
+            case "sendMessage":
+                return this.transport.sendMessage(safeParams.sessionId, safeParams.prompt, safeParams.options);
+            case "sendAnswer":
+                return this.transport.sendAnswer(safeParams.sessionId, safeParams.answer);
+            case "renameSession":
+                return this.transport.renameSession(safeParams.sessionId, safeParams.title);
+            case "cancelSession":
+                return this.transport.cancelSession(safeParams.sessionId);
+            case "completeSession":
+                return this.transport.completeSession(safeParams.sessionId, safeParams.reason);
+            case "deleteSession":
+                return this.transport.deleteSession(safeParams.sessionId);
+            case "listModels":
+                return this.transport.listModels();
+            case "listArtifacts":
+                return this.transport.listArtifacts(safeParams.sessionId);
+            case "downloadArtifact":
+                return this.transport.downloadArtifact(safeParams.sessionId, safeParams.filename);
+            case "uploadArtifact":
+                return this.transport.uploadArtifactContent(
+                    safeParams.sessionId,
+                    safeParams.filename,
+                    safeParams.content,
+                    safeParams.contentType,
+                );
+            case "exportExecutionHistory":
+                return this.transport.exportExecutionHistory(safeParams.sessionId);
+            case "getModelsByProvider":
+                return this.transport.getModelsByProvider();
+            case "getDefaultModel":
+                return this.transport.getDefaultModel();
+            case "getSessionEvents":
+                return this.transport.getSessionEvents(safeParams.sessionId, safeParams.afterSeq, safeParams.limit);
+            case "getSessionEventsBefore":
+                return this.transport.getSessionEventsBefore(safeParams.sessionId, safeParams.beforeSeq, safeParams.limit);
+            case "getLogConfig":
+                return this.transport.getLogConfig();
+            case "getWorkerCount":
+                return this.transport.getWorkerCount();
+            default:
+                throw new Error(`Unsupported portal RPC method: ${method}`);
+        }
+    }
+
+    async downloadArtifact(sessionId, filename) {
+        await this.start();
+        return this.transport.downloadArtifact(sessionId, filename);
+    }
+
+    subscribeSession(sessionId, handler) {
+        return this.transport.subscribeSession(sessionId, handler);
+    }
+
+    startLogTail(handler) {
+        return this.transport.startLogTail(handler);
+    }
+}

package/server.js

@@ -0,0 +1,311 @@
+import express from "express";
+import { WebSocketServer } from "ws";
+import http from "node:http";
+import https from "node:https";
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { getPortalAssetFile, getPortalConfig } from "./config.js";
+import { authenticateRequest, extractToken, getAuthConfig, authenticateToken } from "./auth.js";
+import { getPublicAuthContext } from "./auth/authz/engine.js";
+import { PortalRuntime } from "./runtime.js";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const DIST_DIR = path.join(__dirname, "dist");
+
+function getPortalMode() {
+    const explicitMode = process.env.PORTAL_TUI_MODE || process.env.PORTAL_MODE;
+    if (explicitMode) return explicitMode;
+    return process.env.KUBERNETES_SERVICE_HOST ? "remote" : "local";
+}
+
+function createPortalServer({ app }) {
+    const certPath = process.env.TLS_CERT_PATH;
+    const keyPath = process.env.TLS_KEY_PATH;
+    if (certPath && keyPath && fs.existsSync(certPath) && fs.existsSync(keyPath)) {
+        return {
+            protocol: "https",
+            server: https.createServer({
+                cert: fs.readFileSync(certPath),
+                key: fs.readFileSync(keyPath),
+            }, app),
+        };
+    }
+    return {
+        protocol: "http",
+        server: http.createServer(app),
+    };
+}
+
+function isSafeThemeId(value) {
+    return /^[\w-]+$/u.test(String(value || ""));
+}
+
+function createJsonRpcError(error, status = 500) {
+    return {
+        status,
+        body: {
+            ok: false,
+            error: error?.message || String(error),
+        },
+    };
+}
+
+export async function startServer(opts = {}) {
+    const { port = Number(process.env.PORT) || 3001 } = opts;
+    const portalConfig = getPortalConfig();
+    const mode = getPortalMode();
+    const runtime = new PortalRuntime({
+        store: process.env.DATABASE_URL || "sqlite::memory:",
+        mode,
+    });
+
+    const app = express();
+    app.set("trust proxy", true);
+    app.use(express.json({ limit: "2mb" }));
+
+    const { server, protocol } = createPortalServer({ app });
+
+    async function requireAuth(req, res, next) {
+        const auth = await authenticateRequest(req);
+        if (!auth.ok) {
+            res.status(auth.status).json({ ok: false, error: auth.error || (auth.status === 403 ? "Forbidden" : "Unauthorized") });
+            return;
+        }
+        req.auth = auth;
+        req.authClaims = auth.principal?.rawClaims || null;
+        next();
+    }
+
+    app.get("/api/health", async (_req, res) => {
+        const started = runtime.started;
+        res.json({
+            ok: true,
+            started,
+            mode,
+        });
+    });
+
+    app.get("/api/portal-config", async (req, res) => {
+        try {
+            const auth = await getAuthConfig(req);
+            res.json({
+                ok: true,
+                portal: portalConfig,
+                auth,
+            });
+        } catch (error) {
+            const payload = createJsonRpcError(error, 500);
+            res.status(payload.status).json(payload.body);
+        }
+    });
+
+    app.get("/api/auth-config", async (req, res) => {
+        try {
+            const auth = await getAuthConfig(req);
+            res.json(auth);
+        } catch (error) {
+            const payload = createJsonRpcError(error, 500);
+            res.status(payload.status).json(payload.body);
+        }
+    });
+
+    app.get("/api/auth/me", requireAuth, async (req, res) => {
+        res.json({
+            ok: true,
+            ...getPublicAuthContext(req.auth),
+        });
+    });
+
+    app.get("/api/bootstrap", requireAuth, async (_req, res) => {
+        try {
+            const bootstrap = await runtime.getBootstrap();
+            res.json({
+                ok: true,
+                ...bootstrap,
+                auth: getPublicAuthContext(_req.auth),
+            });
+        } catch (error) {
+            const payload = createJsonRpcError(error, 500);
+            res.status(payload.status).json(payload.body);
+        }
+    });
+
+    app.post("/api/rpc", requireAuth, async (req, res) => {
+        const method = String(req.body?.method || "").trim();
+        if (!method) {
+            res.status(400).json({ ok: false, error: "RPC method is required" });
+            return;
+        }
+        try {
+            const result = await runtime.call(method, req.body?.params || {});
+            res.json({ ok: true, result });
+        } catch (error) {
+            const status = /Unsupported portal RPC method/i.test(String(error?.message || ""))
+                ? 400
+                : 500;
+            const payload = createJsonRpcError(error, status);
+            res.status(payload.status).json(payload.body);
+        }
+    });
+
+    app.get("/api/sessions/:sessionId/artifacts/:filename/download", requireAuth, async (req, res) => {
+        try {
+            const sessionId = req.params.sessionId;
+            const filename = req.params.filename;
+            const content = await runtime.downloadArtifact(sessionId, filename);
+            res.setHeader("content-type", "text/plain; charset=utf-8");
+            res.setHeader("content-disposition", `attachment; filename="${path.basename(filename)}"`);
+            res.send(content);
+        } catch (error) {
+            const payload = createJsonRpcError(error, 404);
+            res.status(payload.status).json(payload.body);
+        }
+    });
+
+    app.get("/api/portal-assets/:assetName", async (req, res) => {
+        const assetFile = getPortalAssetFile(req.params.assetName);
+        if (!assetFile || !fs.existsSync(assetFile)) {
+            res.status(404).end();
+            return;
+        }
+        res.sendFile(assetFile, {
+            maxAge: "1h",
+        });
+    });
+
+    if (fs.existsSync(DIST_DIR)) {
+        app.use(express.static(DIST_DIR));
+        app.get(/^\/(?!api\/).*/, (_req, res) => {
+            res.sendFile(path.join(DIST_DIR, "index.html"));
+        });
+    }
+
+    const wss = new WebSocketServer({ server, path: "/portal-ws" });
+    wss.on("connection", async (ws, req) => {
+        const auth = await authenticateToken(extractToken(req), req);
+        if (!auth.ok) {
+            ws.close(auth.status === 403 ? 4403 : 4401, auth.error || (auth.status === 403 ? "Forbidden" : "Unauthorized"));
+            return;
+        }
+
+        const sessionSubscriptions = new Map();
+        let logUnsubscribe = null;
+
+        const send = (message) => {
+            if (ws.readyState === ws.OPEN) {
+                ws.send(JSON.stringify(message));
+            }
+        };
+
+        send({ type: "ready" });
+
+        ws.on("message", async (raw) => {
+            let message;
+            try {
+                message = JSON.parse(String(raw));
+            } catch {
+                return;
+            }
+
+            const type = String(message?.type || "");
+            if (type === "subscribeSession") {
+                const sessionId = String(message?.sessionId || "").trim();
+                if (!sessionId || sessionSubscriptions.has(sessionId)) return;
+                try {
+                    await runtime.start();
+                    const unsubscribe = runtime.subscribeSession(sessionId, (event) => {
+                        send({ type: "sessionEvent", sessionId, event });
+                    });
+                    sessionSubscriptions.set(sessionId, unsubscribe);
+                    send({ type: "subscribedSession", sessionId });
+                } catch (error) {
+                    send({ type: "error", scope: "session", sessionId, error: error?.message || String(error) });
+                }
+                return;
+            }
+
+            if (type === "unsubscribeSession") {
+                const sessionId = String(message?.sessionId || "").trim();
+                const unsubscribe = sessionSubscriptions.get(sessionId);
+                if (unsubscribe) {
+                    unsubscribe();
+                    sessionSubscriptions.delete(sessionId);
+                }
+                return;
+            }
+
+            if (type === "subscribeLogs") {
+                if (logUnsubscribe) return;
+                try {
+                    await runtime.start();
+                    logUnsubscribe = runtime.startLogTail((entry) => {
+                        send({ type: "logEntry", entry });
+                    });
+                    send({ type: "subscribedLogs" });
+                } catch (error) {
+                    send({ type: "error", scope: "logs", error: error?.message || String(error) });
+                }
+                return;
+            }
+
+            if (type === "unsubscribeLogs") {
+                if (logUnsubscribe) {
+                    logUnsubscribe();
+                    logUnsubscribe = null;
+                }
+                return;
+            }
+
+            if (type === "theme" && isSafeThemeId(message?.themeId)) {
+                send({ type: "themeAck", themeId: message.themeId });
+            }
+        });
+
+        ws.on("close", () => {
+            for (const unsubscribe of sessionSubscriptions.values()) {
+                try {
+                    unsubscribe();
+                } catch {}
+            }
+            sessionSubscriptions.clear();
+            if (logUnsubscribe) {
+                try {
+                    logUnsubscribe();
+                } catch {}
+                logUnsubscribe = null;
+            }
+        });
+    });
+
+    async function shutdown() {
+        for (const client of wss.clients) {
+            try {
+                client.close();
+            } catch {}
+        }
+        await runtime.stop().catch(() => {});
+        server.close();
+    }
+
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+
+    await new Promise((resolve, reject) => {
+        server.once("error", reject);
+        server.listen(port, () => {
+            server.off("error", reject);
+            resolve();
+        });
+    });
+    console.log(`[portal] PilotSwarm Web at ${protocol}://localhost:${port}`);
+
+    return server;
+}
+
+if (process.argv[1]?.endsWith("server.js") || import.meta.url === `file://${process.argv[1]}`) {
+    startServer().catch((error) => {
+        console.error("[portal] Failed to start:", error);
+        process.exitCode = 1;
+    });
+}