npm - slackhive - Versions diffs - 0.1.37 → 0.1.39 - Mend

slackhive 0.1.37 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (542) hide show

package/apps/web/src/app/api/auth/me/route.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * @fileoverview Current user API — returns session info from cookie.
+ *
+ * GET /api/auth/me
+ *
+ * @module web/api/auth/me
+ */
+import { NextResponse } from 'next/server';
+import { getSessionFromRequest } from '@/lib/auth';
+/**
+ * Returns the current user's username and role from the session cookie.
+ *
+ * @param {Request} req - Incoming request.
+ * @returns {Promise<NextResponse>} JSON with user info or 401.
+ */
+export async function GET(req: Request): Promise<NextResponse> {
+  const session = getSessionFromRequest(req);
+  if (!session) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+  return NextResponse.json({ username: session.username, role: session.role });
+}

package/apps/web/src/app/api/auth/users/[id]/route.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * @fileoverview User management API — delete and update role.
+ *
+ * DELETE /api/auth/users/[id] — Delete a user (admin only)
+ * PATCH  /api/auth/users/[id] — Update a user's role (admin only)
+ *
+ * @module web/api/auth/users/[id]
+ */
+import { NextResponse } from 'next/server';
+import { requireRole } from '@/lib/auth';
+import { deleteUser, updateUserRole } from '@/lib/db';
+const VALID_ROLES = ['admin', 'editor', 'viewer'];
+/**
+ * Deletes a user by ID (admin only).
+ */
+export async function DELETE(req: Request, { params }: { params: Promise<{ id: string }> }): Promise<NextResponse> {
+  try {
+    requireRole(req, 'admin');
+  } catch {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+  const { id } = await params;
+  await deleteUser(id);
+  return new NextResponse(null, { status: 204 });
+}
+/**
+ * Updates a user's role (admin only).
+ * Body: { role: 'admin' | 'editor' | 'viewer' }
+ */
+export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }): Promise<NextResponse> {
+  try {
+    requireRole(req, 'admin');
+  } catch {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+  const { id } = await params;
+  const body = await req.json().catch(() => ({}));
+  const { role } = body;
+  if (!role || !VALID_ROLES.includes(role)) {
+    return NextResponse.json({ error: `Invalid role. Must be one of: ${VALID_ROLES.join(', ')}` }, { status: 400 });
+  }
+  await updateUserRole(id, role);
+  return NextResponse.json({ id, role });
+}

package/apps/web/src/app/api/auth/users/route.ts ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * @fileoverview User management API — list and create users.
+ *
+ * GET  /api/auth/users — list all users (admin only).
+ * POST /api/auth/users — create a user `{ username, password, role }` (admin only).
+ *
+ * @module web/api/auth/users
+ */
+import { NextResponse } from 'next/server';
+import { requireRole, hashPassword } from '@/lib/auth';
+import { getAllUsers, createUser } from '@/lib/db';
+/**
+ * Lists all platform users (excluding password hashes).
+ *
+ * @param {Request} req - Incoming request.
+ * @returns {Promise<NextResponse>} JSON array of users.
+ */
+export async function GET(req: Request): Promise<NextResponse> {
+  try {
+    requireRole(req, 'admin');
+  } catch {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+  const users = await getAllUsers();
+  return NextResponse.json(users);
+}
+/**
+ * Creates a new platform user.
+ *
+ * @param {Request} req - JSON body with `username`, `password`, `role`.
+ * @returns {Promise<NextResponse>} Created user JSON.
+ */
+export async function POST(req: Request): Promise<NextResponse> {
+  try {
+    requireRole(req, 'admin');
+  } catch {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+  }
+  const { username, password, role } = await req.json();
+  if (!username || !password) {
+    return NextResponse.json({ error: 'username and password required' }, { status: 400 });
+  }
+  if (role && !['admin', 'editor', 'viewer'].includes(role)) {
+    return NextResponse.json({ error: 'role must be admin, editor, or viewer' }, { status: 400 });
+  }
+  try {
+    const hash = await hashPassword(password);
+    const user = await createUser(username, hash, role || 'viewer');
+    return NextResponse.json(user, { status: 201 });
+  } catch (e: unknown) {
+    const msg = e instanceof Error ? e.message : 'Unknown error';
+    if (msg.includes('unique') || msg.includes('duplicate')) {
+      return NextResponse.json({ error: 'Username already exists' }, { status: 409 });
+    }
+    return NextResponse.json({ error: msg }, { status: 500 });
+  }
+}

package/apps/web/src/app/api/env-vars/[key]/route.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * @fileoverview REST API for a single env var entry.
+ *
+ * PUT    /api/env-vars/[key] — Update value and/or description
+ * DELETE /api/env-vars/[key] — Remove the env var
+ *
+ * @module web/api/env-vars/[key]
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { setEnvVar, updateEnvVarDescription, deleteEnvVar } from '@/lib/db';
+import { guardAdmin } from '@/lib/api-guard';
+/**
+ * PUT /api/env-vars/[key]
+ * Updates an env var. Supply value to replace it, description to update label.
+ * At least one of value or description must be provided.
+ *
+ * @param {NextRequest} request - Body: { value?: string, description?: string }
+ * @param {{ params: { key: string } }} context - Route params.
+ * @returns {Promise<NextResponse>}
+ */
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ key: string }> }
+): Promise<NextResponse> {
+  const denied = guardAdmin(request);
+  if (denied) return denied;
+  try {
+    const { key } = await params;
+    const body = (await request.json()) as { value?: string; description?: string };
+    if (body.value !== undefined) {
+      await setEnvVar(key, body.value, body.description);
+    } else if (body.description !== undefined) {
+      await updateEnvVarDescription(key, body.description);
+    } else {
+      return NextResponse.json({ error: 'value or description required' }, { status: 400 });
+    }
+    return NextResponse.json({ key });
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}
+/**
+ * DELETE /api/env-vars/[key]
+ * Removes an env var from the store.
+ *
+ * @param {NextRequest} request - Incoming request.
+ * @param {{ params: { key: string } }} context - Route params.
+ * @returns {Promise<NextResponse>}
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ key: string }> }
+): Promise<NextResponse> {
+  const denied = guardAdmin(request);
+  if (denied) return denied;
+  try {
+    const { key } = await params;
+    await deleteEnvVar(key);
+    return NextResponse.json({ ok: true });
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}

package/apps/web/src/app/api/env-vars/route.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * @fileoverview REST API for the platform env vars store.
+ *
+ * GET  /api/env-vars — List all env var keys + metadata (values never returned)
+ * POST /api/env-vars — Create or update an env var
+ *
+ * @module web/api/env-vars
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { getAllEnvVars, setEnvVar } from '@/lib/db';
+import { guardAdmin } from '@/lib/api-guard';
+/**
+ * GET /api/env-vars
+ * Returns all env var keys and descriptions. Values are never included.
+ *
+ * @returns {Promise<NextResponse>} JSON array of { key, description, updatedAt }.
+ */
+export async function GET(): Promise<NextResponse> {
+  try {
+    const vars = await getAllEnvVars();
+    return NextResponse.json(vars);
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}
+/**
+ * POST /api/env-vars
+ * Creates or updates an env var. Requires editor role or above.
+ *
+ * @param {NextRequest} request - Body: { key: string, value: string, description?: string }
+ * @returns {Promise<NextResponse>} 201 on success.
+ */
+export async function POST(request: NextRequest): Promise<NextResponse> {
+  const denied = guardAdmin(request);
+  if (denied) return denied;
+  try {
+    const { key, value, description } = (await request.json()) as {
+      key: string;
+      value: string;
+      description?: string;
+    };
+    if (!key || !value) {
+      return NextResponse.json({ error: 'key and value are required' }, { status: 400 });
+    }
+    if (!/^[A-Z_][A-Z0-9_]*$/.test(key)) {
+      return NextResponse.json(
+        { error: 'key must be uppercase letters, digits, and underscores (e.g. DATABASE_URL)' },
+        { status: 400 }
+      );
+    }
+    await setEnvVar(key, value, description);
+    return NextResponse.json({ key }, { status: 201 });
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}

package/apps/web/src/app/api/jobs/[id]/route.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * @fileoverview Single job API — get, update, delete.
+ *
+ * GET    /api/jobs/[id] — get a job.
+ * PATCH  /api/jobs/[id] — update a job.
+ * DELETE /api/jobs/[id] — delete a job.
+ *
+ * @module web/api/jobs/[id]
+ */
+import { NextResponse } from 'next/server';
+import { guardAdmin } from '@/lib/api-guard';
+import { getJobById, updateJob, deleteJob, publishAgentEvent } from '@/lib/db';
+type Ctx = { params: Promise<{ id: string }> };
+/**
+ * Returns a single job by ID.
+ */
+export async function GET(_req: Request, { params }: Ctx): Promise<NextResponse> {
+  const { id } = await params;
+  const job = await getJobById(id);
+  if (!job) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+  return NextResponse.json(job);
+}
+/**
+ * Updates a scheduled job.
+ */
+export async function PATCH(req: Request, { params }: Ctx): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  const { id } = await params;
+  const body = await req.json();
+  const job = await updateJob(id, body);
+  if (!job) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+  await publishAgentEvent({ type: 'reload-jobs' });
+  return NextResponse.json(job);
+}
+/**
+ * Deletes a scheduled job.
+ */
+export async function DELETE(req: Request, { params }: Ctx): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  const { id } = await params;
+  await deleteJob(id);
+  await publishAgentEvent({ type: 'reload-jobs' });
+  return new NextResponse(null, { status: 204 });
+}

package/apps/web/src/app/api/jobs/[id]/runs/route.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * @fileoverview Job runs API — execution history for a scheduled job.
+ *
+ * GET /api/jobs/[id]/runs — paginated run history.
+ *
+ * @module web/api/jobs/[id]/runs
+ */
+import { NextResponse } from 'next/server';
+import { getJobRuns } from '@/lib/db';
+type Ctx = { params: Promise<{ id: string }> };
+/**
+ * Returns paginated run history for a job.
+ */
+export async function GET(req: Request, { params }: Ctx): Promise<NextResponse> {
+  const { id } = await params;
+  const url = new URL(req.url);
+  const limit = parseInt(url.searchParams.get('limit') || '20', 10);
+  const offset = parseInt(url.searchParams.get('offset') || '0', 10);
+  const runs = await getJobRuns(id, limit, offset);
+  return NextResponse.json(runs);
+}

package/apps/web/src/app/api/jobs/route.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * @fileoverview Scheduled jobs API — list and create jobs.
+ *
+ * GET  /api/jobs — list all jobs with last run info.
+ * POST /api/jobs — create a new scheduled job.
+ *
+ * @module web/api/jobs
+ */
+import { NextResponse } from 'next/server';
+import { guardAdmin } from '@/lib/api-guard';
+import { getAllJobs, createJob, publishAgentEvent } from '@/lib/db';
+/**
+ * Lists all scheduled jobs with their most recent run.
+ *
+ * @returns {Promise<NextResponse>} JSON array of jobs.
+ */
+export async function GET(): Promise<NextResponse> {
+  const jobs = await getAllJobs();
+  return NextResponse.json(jobs);
+}
+/**
+ * Creates a new scheduled job.
+ *
+ * @param {Request} req - JSON body with job fields.
+ * @returns {Promise<NextResponse>} Created job.
+ */
+export async function POST(req: Request): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  const body = await req.json();
+  if (!body.name || !body.prompt || !body.cronSchedule || !body.targetId || !body.agentId) {
+    return NextResponse.json({ error: 'agentId, name, prompt, cronSchedule, and targetId are required' }, { status: 400 });
+  }
+  const job = await createJob(body);
+  await publishAgentEvent({ type: 'reload-jobs' });
+  return NextResponse.json(job, { status: 201 });
+}

package/apps/web/src/app/api/mcps/[id]/route.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview REST API route for a single MCP server resource.
+ *
+ * GET    /api/mcps/[id] — Get a specific MCP server
+ * PATCH  /api/mcps/[id] — Update an MCP server
+ * DELETE /api/mcps/[id] — Remove an MCP server from the catalog
+ *
+ * @module web/api/mcps/[id]
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { getMcpServerById, updateMcpServer, deleteMcpServer } from '@/lib/db';
+import type { UpsertMcpServerRequest } from '@slackhive/shared';
+import { guardAdmin } from '@/lib/api-guard';
+import { maskMcpServer, mergeMcpConfig } from '@/lib/mcp-mask';
+type RouteParams = { params: Promise<{ id: string }> };
+export async function GET(_req: NextRequest, { params }: RouteParams): Promise<NextResponse> {
+  try {
+    const { id } = await params;
+    const server = await getMcpServerById(id);
+    if (!server) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+    return NextResponse.json(maskMcpServer(server));
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}
+export async function PATCH(req: NextRequest, { params }: RouteParams): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  try {
+    const { id } = await params;
+    const body = (await req.json()) as Partial<UpsertMcpServerRequest>;
+    // If config is being updated, merge masked values with existing secrets
+    if (body.config) {
+      const existing = await getMcpServerById(id);
+      if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+      body.config = mergeMcpConfig(existing.config, body.config);
+    }
+    const updated = await updateMcpServer(id, body);
+    if (!updated) return NextResponse.json({ error: 'Not found' }, { status: 404 });
+    return NextResponse.json(maskMcpServer(updated));
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}
+export async function DELETE(req: NextRequest, { params }: RouteParams): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  try {
+    const { id } = await params;
+    await deleteMcpServer(id);
+    return new NextResponse(null, { status: 204 });
+  } catch (err) {
+    return NextResponse.json({ error: (err as Error).message }, { status: 500 });
+  }
+}

package/apps/web/src/app/api/mcps/[id]/test/route.ts ADDED Viewed

@@ -0,0 +1,195 @@
+/**
+ * @fileoverview MCP server connectivity test endpoint.
+ *
+ * POST /api/mcps/[id]/test
+ *
+ * For stdio MCPs: spawns the process, sends an MCP initialize request over
+ * stdin/stdout, and verifies the server responds with a valid JSON-RPC result.
+ * Times out after 10 seconds.
+ *
+ * For SSE/HTTP MCPs: sends a GET request to the configured URL and checks
+ * for a 2xx response.
+ *
+ * @module web/api/mcps/[id]/test
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import { getMcpServerById, getEnvVarValues } from '@/lib/db';
+import { guardAdmin } from '@/lib/api-guard';
+import { spawn } from 'child_process';
+import { writeFile, unlink, mkdir } from 'fs/promises';
+import { tmpdir } from 'os';
+import { join } from 'path';
+import type { McpStdioConfig, McpSseConfig } from '@slackhive/shared';
+type RouteParams = { params: Promise<{ id: string }> };
+const TIMEOUT_MS = 30_000;
+/**
+ * POST /api/mcps/[id]/test
+ * Runs a quick connectivity check against the MCP server.
+ *
+ * @returns {Promise<NextResponse>} { ok: true, message } or { ok: false, error }
+ */
+export async function POST(req: NextRequest, { params }: RouteParams): Promise<NextResponse> {
+  const denied = guardAdmin(req);
+  if (denied) return denied;
+  const { id } = await params;
+  const server = await getMcpServerById(id);
+  if (!server) {
+    return NextResponse.json({ error: 'MCP server not found' }, { status: 404 });
+  }
+  try {
+    if (server.type === 'stdio') {
+      const result = await testStdioMcp(server.config as McpStdioConfig, server.name);
+      return NextResponse.json(result);
+    }
+    // SSE / HTTP — just check the URL is reachable
+    const cfg = server.config as McpSseConfig & { envRefs?: Record<string, string> };
+    const headers: Record<string, string> = { ...(cfg.headers ?? {}) };
+    if (cfg.envRefs && Object.keys(cfg.envRefs).length > 0) {
+      try {
+        const envVarValues = await getEnvVarValues();
+        for (const [headerKey, storeKey] of Object.entries(cfg.envRefs)) {
+          const val = envVarValues[storeKey];
+          if (val) headers[headerKey] = headers[headerKey] ? `${headers[headerKey]}${val}` : val;
+        }
+      } catch { /* skip if env vars unavailable */ }
+    }
+    const res = await fetch(cfg.url, {
+      method: 'GET',
+      headers,
+      signal: AbortSignal.timeout(TIMEOUT_MS),
+    });
+    if (res.ok || res.status === 405) {
+      // 405 Method Not Allowed is fine — the endpoint exists
+      return NextResponse.json({ ok: true, message: `Reachable (HTTP ${res.status})` });
+    }
+    return NextResponse.json({ ok: false, error: `HTTP ${res.status}: ${res.statusText}` });
+  } catch (err) {
+    return NextResponse.json({ ok: false, error: (err as Error).message });
+  }
+}
+/**
+ * Spawns a stdio MCP process, sends an MCP initialize request, and verifies
+ * the response. Resolves envRefs from the env_vars store before spawning.
+ */
+async function testStdioMcp(
+  cfg: McpStdioConfig,
+  name: string
+): Promise<{ ok: boolean; message?: string; error?: string; tools?: string[] }> {
+  const resolvedEnv: Record<string, string> = { ...(cfg.env ?? {}) };
+  if (cfg.envRefs && Object.keys(cfg.envRefs).length > 0) {
+    try {
+      const envVarValues = await getEnvVarValues();
+      for (const [subKey, storeKey] of Object.entries(cfg.envRefs)) {
+        if (envVarValues[storeKey] !== undefined) resolvedEnv[subKey] = envVarValues[storeKey];
+      }
+    } catch { /* ENV_SECRET_KEY not set — skip */ }
+  }
+  let command: string;
+  let args: string[];
+  let tmpScript: string | null = null;
+  if (cfg.tsSource) {
+    const dir = join(tmpdir(), 'slackhive-mcp-test');
+    await mkdir(dir, { recursive: true });
+    tmpScript = join(dir, `test-${Date.now()}.ts`);
+    await writeFile(tmpScript, cfg.tsSource, 'utf8');
+    command = 'tsx';
+    args = [tmpScript];
+  } else {
+    command = cfg.command;
+    args = cfg.args ?? [];
+  }
+  const cleanup = () => { if (tmpScript) unlink(tmpScript).catch(() => {}); };
+  return new Promise((resolve) => {
+    let stdout = '';
+    let stderr = '';
+    let settled = false;
+    const timer = setTimeout(() => {
+      if (!settled) {
+        settled = true;
+        proc.kill();
+        cleanup();
+        resolve({ ok: false, error: `Timed out after ${TIMEOUT_MS / 1000}s — process did not respond` });
+      }
+    }, TIMEOUT_MS);
+    const proc = spawn(command, args, {
+      env: { ...process.env, NODE_PATH: '/app/node_modules', ...resolvedEnv },
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    proc.stderr.on('data', (d: Buffer) => { stderr += d.toString(); });
+    const initRequest = JSON.stringify({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'initialize',
+      params: {
+        protocolVersion: '2024-11-05',
+        capabilities: {},
+        clientInfo: { name: 'slackhive-test', version: '1.0.0' },
+      },
+    }) + '\n';
+    proc.stdin.write(initRequest);
+    proc.stdout.on('data', (d: Buffer) => {
+      stdout += d.toString();
+      const lines = stdout.split('\n').filter(l => l.trim());
+      for (const line of lines) {
+        try {
+          const msg = JSON.parse(line) as { id?: number; result?: { serverInfo?: { name?: string }; capabilities?: { tools?: unknown } }; error?: { message?: string } };
+          if (msg.id === 1) {
+            clearTimeout(timer);
+            if (!settled) {
+              settled = true;
+              proc.kill();
+              cleanup();
+              if (msg.error) {
+                resolve({ ok: false, error: msg.error.message ?? 'MCP error' });
+              } else {
+                const serverName = msg.result?.serverInfo?.name ?? name;
+                resolve({ ok: true, message: `Connected to "${serverName}" successfully` });
+              }
+            }
+          }
+        } catch {
+          // incomplete line, keep buffering
+        }
+      }
+    });
+    proc.on('error', (err) => {
+      clearTimeout(timer);
+      if (!settled) {
+        settled = true;
+        cleanup();
+        resolve({ ok: false, error: `Failed to start: ${err.message}${stderr ? ` — ${stderr.trim()}` : ''}` });
+      }
+    });
+    proc.on('exit', (code) => {
+      clearTimeout(timer);
+      if (!settled) {
+        settled = true;
+        cleanup();
+        resolve({
+          ok: false,
+          error: `Process exited with code ${code}${stderr ? ` — ${stderr.trim()}` : ''}`,
+        });
+      }
+    });
+  });
+}