station-kit 1.0.8 → 1.1.0

package/src/server/auth/keys.ts

@@ -1,5 +1,17 @@
 import crypto from "node:crypto";
-import Database from "better-sqlite3";
+import {
+  closeSync,
+  existsSync,
+  fsyncSync,
+  mkdirSync,
+  openSync,
+  readFileSync,
+  renameSync,
+  writeFileSync,
+  writeSync,
+} from "node:fs";
+import { createRequire } from "node:module";
+import { dirname } from "node:path";
 
 export interface ApiKey {
   id: string;
@@ -13,14 +25,188 @@ export interface ApiKey {
   revoked: boolean;
 }
 
-export class KeyStore {
-  private db: Database.Database;
+export type ApiKeyPublic = Omit<ApiKey, "keyHash">;
+
+/**
+ * Pluggable storage backend for API keys. Implementations only persist and
+ * query records — hashing, key generation, and verification logic live in
+ * the KeyStore. May be sync or async; the KeyStore awaits all results.
+ */
+export interface ApiKeyStorageAdapter {
+  insert(record: ApiKey): Promise<void> | void;
+  findByHash(keyHash: string): Promise<ApiKey | null> | ApiKey | null;
+  list(): Promise<ApiKeyPublic[]> | ApiKeyPublic[];
+  touch(id: string, lastUsedIso: string): Promise<void> | void;
+  revoke(id: string): Promise<boolean> | boolean;
+  close?(): Promise<void> | void;
+}
+
+// ─── JSON file default ──────────────────────────────────────────────
+
+export interface FileKeyStorageOptions {
+  filePath: string;
+}
+
+/**
+ * Default ApiKeyStorageAdapter backed by a JSON file. Used by the Station
+ * server when no `keyStorage` is configured. Has no native dependencies —
+ * works on any Node 18+ install without compiling bindings.
+ *
+ * Crash-safety: writes go through a fsync'd tmp-file + rename, with a
+ * second fsync on the parent directory so the rename itself survives
+ * power loss. The keys file is created with `0o600` and the parent dir
+ * with `0o700` so a default umask doesn't expose key metadata.
+ *
+ * Single-process only: do not point two `createStation` instances at
+ * the same file or last-rename-wins will silently clobber writes. For
+ * multi-process or high-volume deployments, implement
+ * `ApiKeyStorageAdapter` against Postgres / MySQL / Redis.
+ */
+export class FileKeyStorage implements ApiKeyStorageAdapter {
+  private filePath: string;
+  private records = new Map<string, ApiKey>();
+
+  constructor(options: FileKeyStorageOptions) {
+    this.filePath = options.filePath;
+    mkdirSync(dirname(this.filePath), { recursive: true, mode: 0o700 });
+    this.load();
+  }
+
+  private load(): void {
+    if (!existsSync(this.filePath)) return;
+    try {
+      const raw = readFileSync(this.filePath, "utf8");
+      const data = JSON.parse(raw) as ApiKey[];
+      if (Array.isArray(data)) {
+        for (const r of data) this.records.set(r.id, r);
+      }
+    } catch {
+      // Corrupt or unreadable file — start fresh rather than throwing.
+    }
+  }
+
+  private flush(): void {
+    const tmp = `${this.filePath}.tmp`;
+    const body = JSON.stringify(Array.from(this.records.values()), null, 2);
+    // Write tmp file with fsync so its bytes are durable before rename.
+    const fd = openSync(tmp, "w", 0o600);
+    try {
+      writeSync(fd, body);
+      fsyncSync(fd);
+    } finally {
+      closeSync(fd);
+    }
+    renameSync(tmp, this.filePath);
+    // fsync the parent directory so the rename's directory entry survives
+    // a crash. Best-effort: opening a directory for fsync isn't supported
+    // on every platform (notably Windows), so swallow errors.
+    try {
+      const dirFd = openSync(dirname(this.filePath), "r");
+      try {
+        fsyncSync(dirFd);
+      } finally {
+        closeSync(dirFd);
+      }
+    } catch {
+      // Platform doesn't support directory fsync; rename + tmp fsync
+      // already give us most of the durability we can offer.
+    }
+  }
+
+  insert(record: ApiKey): void {
+    this.records.set(record.id, { ...record });
+    this.flush();
+  }
+
+  findByHash(keyHash: string): ApiKey | null {
+    for (const r of this.records.values()) {
+      if (r.keyHash === keyHash) return { ...r };
+    }
+    return null;
+  }
+
+  list(): ApiKeyPublic[] {
+    return Array.from(this.records.values())
+      .sort((a, b) => b.createdAt.localeCompare(a.createdAt))
+      .map((r) => {
+        const { keyHash: _h, ...rest } = r;
+        return rest;
+      });
+  }
+
+  touch(id: string, lastUsedIso: string): void {
+    const r = this.records.get(id);
+    if (!r) return;
+    r.lastUsed = lastUsedIso;
+    this.flush();
+  }
+
+  revoke(id: string): boolean {
+    const r = this.records.get(id);
+    if (!r) return false;
+    r.revoked = true;
+    this.flush();
+    return true;
+  }
+}
+
+// ─── SQLite (optional) ──────────────────────────────────────────────
 
-  constructor(dbPath: string) {
-    this.db = new Database(dbPath);
+export interface SqliteKeyStorageOptions {
+  dbPath: string;
+  /** Override the table name (default: "api_keys"). */
+  tableName?: string;
+}
+
+// Loaded lazily from `better-sqlite3` so the package isn't required at
+// install time. Users who don't construct SqliteKeyStorage never pay for it.
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type BetterSqlite3Module = any;
+let cachedBetterSqlite3: BetterSqlite3Module | null = null;
+
+function loadBetterSqlite3(): BetterSqlite3Module {
+  if (cachedBetterSqlite3) return cachedBetterSqlite3;
+  try {
+    const requireFn = createRequire(import.meta.url);
+    cachedBetterSqlite3 = requireFn("better-sqlite3");
+    return cachedBetterSqlite3;
+  } catch (err) {
+    const reason = err instanceof Error ? err.message : String(err);
+    throw new Error(
+      `SqliteKeyStorage requires the optional 'better-sqlite3' package, ` +
+        `which isn't installed. Install it with:\n` +
+        `  npm install better-sqlite3\n` +
+        `Or use FileKeyStorage (default) / MemoryKeyStorage instead.\n` +
+        `Underlying error: ${reason}`,
+    );
+  }
+}
+
+/**
+ * Optional ApiKeyStorageAdapter backed by better-sqlite3. Requires the
+ * `better-sqlite3` package to be installed separately — Station Kit no
+ * longer ships it as a hard dependency.
+ *
+ * Prefer `FileKeyStorage` (the default) unless you specifically need
+ * sqlite features (concurrent reads from multiple processes, large
+ * key catalogs, etc.).
+ */
+export class SqliteKeyStorage implements ApiKeyStorageAdapter {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  private db: any;
+  private table: string;
+
+  constructor(options: SqliteKeyStorageOptions) {
+    const tableName = options.tableName ?? "api_keys";
+    if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(tableName)) {
+      throw new Error(`Invalid table name "${tableName}"`);
+    }
+    this.table = tableName;
+    const Database = loadBetterSqlite3();
+    this.db = new Database(options.dbPath);
     this.db.pragma("journal_mode = WAL");
     this.db.exec(`
-      CREATE TABLE IF NOT EXISTS api_keys (
+      CREATE TABLE IF NOT EXISTS ${this.table} (
         id          TEXT PRIMARY KEY,
         name        TEXT NOT NULL,
         key_hash    TEXT NOT NULL UNIQUE,
@@ -34,79 +220,183 @@ export class KeyStore {
     `);
   }
 
+  insert(record: ApiKey): void {
+    this.db.prepare(`
+      INSERT INTO ${this.table}
+        (id, name, key_hash, key_prefix, scopes, created_at, last_used, expires_at, revoked)
+      VALUES
+        (@id, @name, @key_hash, @key_prefix, @scopes, @created_at, @last_used, @expires_at, @revoked)
+    `).run({
+      id: record.id,
+      name: record.name,
+      key_hash: record.keyHash,
+      key_prefix: record.keyPrefix,
+      scopes: JSON.stringify(record.scopes),
+      created_at: record.createdAt,
+      last_used: record.lastUsed,
+      expires_at: record.expiresAt,
+      revoked: record.revoked ? 1 : 0,
+    });
+  }
+
+  findByHash(keyHash: string): ApiKey | null {
+    const row = this.db
+      .prepare(`SELECT id, name, key_hash, key_prefix, scopes, created_at, last_used, expires_at, revoked
+                FROM ${this.table} WHERE key_hash = ?`)
+      .get(keyHash) as Record<string, unknown> | undefined;
+    return row ? rowToApiKey(row) : null;
+  }
+
+  list(): ApiKeyPublic[] {
+    const rows = this.db
+      .prepare(`SELECT id, name, key_prefix, scopes, created_at, last_used, expires_at, revoked
+                FROM ${this.table} ORDER BY created_at DESC`)
+      .all() as Record<string, unknown>[];
+    return rows.map((row) => ({
+      id: row.id as string,
+      name: row.name as string,
+      keyPrefix: row.key_prefix as string,
+      scopes: JSON.parse(row.scopes as string),
+      createdAt: row.created_at as string,
+      lastUsed: (row.last_used as string | null) ?? null,
+      expiresAt: (row.expires_at as string | null) ?? null,
+      revoked: Boolean(row.revoked),
+    }));
+  }
+
+  touch(id: string, lastUsedIso: string): void {
+    this.db.prepare(`UPDATE ${this.table} SET last_used = ? WHERE id = ?`).run(lastUsedIso, id);
+  }
+
+  revoke(id: string): boolean {
+    const result = this.db.prepare(`UPDATE ${this.table} SET revoked = 1 WHERE id = ?`).run(id);
+    return result.changes > 0;
+  }
+
+  close(): void {
+    this.db.close();
+  }
+}
+
+function rowToApiKey(row: Record<string, unknown>): ApiKey {
+  return {
+    id: row.id as string,
+    name: row.name as string,
+    keyHash: row.key_hash as string,
+    keyPrefix: row.key_prefix as string,
+    scopes: JSON.parse(row.scopes as string),
+    createdAt: row.created_at as string,
+    lastUsed: (row.last_used as string | null) ?? null,
+    expiresAt: (row.expires_at as string | null) ?? null,
+    revoked: Boolean(row.revoked),
+  };
+}
+
+// ─── In-memory storage for tests / ephemeral deployments ────────────
+
+export class MemoryKeyStorage implements ApiKeyStorageAdapter {
+  private records = new Map<string, ApiKey>();
+
+  insert(record: ApiKey): void {
+    this.records.set(record.id, { ...record });
+  }
+
+  findByHash(keyHash: string): ApiKey | null {
+    for (const r of this.records.values()) {
+      if (r.keyHash === keyHash) return { ...r };
+    }
+    return null;
+  }
+
+  list(): ApiKeyPublic[] {
+    return Array.from(this.records.values())
+      .sort((a, b) => b.createdAt.localeCompare(a.createdAt))
+      .map((r) => {
+        const { keyHash: _h, ...rest } = r;
+        return rest;
+      });
+  }
+
+  touch(id: string, lastUsedIso: string): void {
+    const r = this.records.get(id);
+    if (r) r.lastUsed = lastUsedIso;
+  }
+
+  revoke(id: string): boolean {
+    const r = this.records.get(id);
+    if (!r) return false;
+    r.revoked = true;
+    return true;
+  }
+}
+
+// ─── KeyStore — owns crypto, delegates persistence ──────────────────
+
+export class KeyStore {
+  private storage: ApiKeyStorageAdapter;
+
+  /**
+   * Pass an `ApiKeyStorageAdapter` for any backend. The string overload is
+   * retained for backwards compatibility — it constructs a FileKeyStorage
+   * at the given path. (Previously this returned a SqliteKeyStorage; SQLite
+   * is now opt-in to avoid native build dependencies.)
+   */
+  constructor(storageOrPath: ApiKeyStorageAdapter | string) {
+    if (typeof storageOrPath === "string") {
+      const filePath = storageOrPath.endsWith(".db")
+        ? storageOrPath.replace(/\.db$/, ".json")
+        : storageOrPath;
+      this.storage = new FileKeyStorage({ filePath });
+    } else {
+      this.storage = storageOrPath;
+    }
+  }
+
   /** Generate a new API key. Returns the full key (only shown once) and the stored record. */
-  create(name: string, scopes: string[] = ["trigger", "read"]): { key: string; record: ApiKey } {
+  async create(name: string, scopes: string[] = ["trigger", "read"]): Promise<{ key: string; record: ApiKey }> {
     const id = crypto.randomUUID();
     const rawKey = `sk_live_${crypto.randomBytes(16).toString("hex")}`;
     const keyHash = crypto.createHash("sha256").update(rawKey).digest("hex");
     const keyPrefix = rawKey.slice(0, 12);
     const createdAt = new Date().toISOString();
 
-    this.db.prepare(`
-      INSERT INTO api_keys (id, name, key_hash, key_prefix, scopes, created_at)
-      VALUES (?, ?, ?, ?, ?, ?)
-    `).run(id, name, keyHash, keyPrefix, JSON.stringify(scopes), createdAt);
-
-    return {
-      key: rawKey,
-      record: { id, name, keyHash, keyPrefix, scopes, createdAt, lastUsed: null, expiresAt: null, revoked: false },
+    const record: ApiKey = {
+      id, name, keyHash, keyPrefix, scopes, createdAt,
+      lastUsed: null, expiresAt: null, revoked: false,
     };
+    await this.storage.insert(record);
+    return { key: rawKey, record };
   }
 
   /** Verify an API key. Returns the key record if valid, null otherwise. */
-  verify(rawKey: string): ApiKey | null {
+  async verify(rawKey: string): Promise<ApiKey | null> {
     const keyHash = crypto.createHash("sha256").update(rawKey).digest("hex");
-    const row = this.db.prepare(`
-      SELECT id, name, key_hash, key_prefix, scopes, created_at, last_used, expires_at, revoked
-      FROM api_keys WHERE key_hash = ?
-    `).get(keyHash) as Record<string, unknown> | undefined;
+    const record = await this.storage.findByHash(keyHash);
+    if (!record) return null;
+    if (record.revoked) return null;
+    if (record.expiresAt && new Date(record.expiresAt) < new Date()) return null;
 
-    if (!row) return null;
-    if (row.revoked) return null;
-    if (row.expires_at && new Date(row.expires_at as string) < new Date()) return null;
+    // Touch is best-effort — don't block verification on the write. Wrap in
+    // an explicit deferred so a synchronous throw from a sync `touch()` is
+    // also swallowed, matching the async case.
+    Promise.resolve()
+      .then(() => this.storage.touch(record.id, new Date().toISOString()))
+      .catch(() => {});
 
-    // Update last_used
-    this.db.prepare("UPDATE api_keys SET last_used = ? WHERE id = ?").run(new Date().toISOString(), row.id);
-
-    return {
-      id: row.id as string,
-      name: row.name as string,
-      keyHash: row.key_hash as string,
-      keyPrefix: row.key_prefix as string,
-      scopes: JSON.parse(row.scopes as string),
-      createdAt: row.created_at as string,
-      lastUsed: row.last_used as string | null,
-      expiresAt: row.expires_at as string | null,
-      revoked: Boolean(row.revoked),
-    };
+    return record;
   }
 
   /** List all keys (without hashes). */
-  list(): Omit<ApiKey, "keyHash">[] {
-    const rows = this.db.prepare(`
-      SELECT id, name, key_prefix, scopes, created_at, last_used, expires_at, revoked
-      FROM api_keys ORDER BY created_at DESC
-    `).all() as Record<string, unknown>[];
-
-    return rows.map((row) => ({
-      id: row.id as string,
-      name: row.name as string,
-      keyPrefix: row.key_prefix as string,
-      scopes: JSON.parse(row.scopes as string),
-      createdAt: row.created_at as string,
-      lastUsed: row.last_used as string | null,
-      expiresAt: row.expires_at as string | null,
-      revoked: Boolean(row.revoked),
-    }));
+  async list(): Promise<ApiKeyPublic[]> {
+    return this.storage.list();
   }
 
   /** Revoke a key by ID. */
-  revoke(id: string): boolean {
-    const result = this.db.prepare("UPDATE api_keys SET revoked = 1 WHERE id = ?").run(id);
-    return result.changes > 0;
+  async revoke(id: string): Promise<boolean> {
+    return this.storage.revoke(id);
   }
 
-  close(): void {
-    this.db.close();
+  async close(): Promise<void> {
+    if (this.storage.close) await this.storage.close();
   }
 }

package/src/server/index.ts

@@ -4,22 +4,27 @@ import { serve } from "@hono/node-server";
 import { resolve } from "node:path";
 import { existsSync } from "node:fs";
 import type { Server } from "node:http";
-import { SignalRunner, MemoryAdapter } from "station-signal";
+import { SignalRunner, MemoryAdapter, parseInterval } from "station-signal";
 import { BroadcastRunner, BroadcastMemoryAdapter } from "station-broadcast";
 import type { SignalQueueAdapter } from "station-signal";
 import type { BroadcastQueueAdapter } from "station-broadcast";
+import {
+  ScheduleReconciler,
+  type Schedule,
+  type ScheduleAdapter,
+} from "station-schedules";
 import type { StationConfig } from "../config/schema.js";
 import { ensureStationDir } from "../station-dir.js";
 import { WebSocketHub } from "./ws.js";
 import { SSEHub } from "./sse.js";
 import { LogBuffer } from "./log-buffer.js";
-import { LogStore } from "./log-store.js";
+import { LogStore, FileLogStorage } from "./log-store.js";
 import { StationSignalSubscriber, StationBroadcastSubscriber } from "./subscriber.js";
 import { healthRoutes } from "./routes/health.js";
 import { signalRoutes } from "./routes/signals.js";
 import { runRoutes } from "./routes/runs.js";
 import { broadcastRoutes } from "./routes/broadcasts.js";
-import { KeyStore } from "./auth/keys.js";
+import { KeyStore, FileKeyStorage } from "./auth/keys.js";
 import { verifySessionToken, verifyCredentials, createSessionToken, type SessionConfig } from "./auth/session.js";
 import { authResolver } from "./middleware/auth.js";
 import { requireScope } from "./middleware/scope-guard.js";
@@ -32,9 +37,33 @@ import { v1TriggerRoutes } from "./routes/v1/trigger.js";
 import { v1KeyRoutes } from "./routes/v1/keys.js";
 import { v1AuthRoutes } from "./routes/v1/auth.js";
 import { v1EventRoutes } from "./routes/v1/events.js";
-
-export { KeyStore } from "./auth/keys.js";
-export type { ApiKey } from "./auth/keys.js";
+import { v1DefinitionRoutes, v1DefinitionReadRoutes } from "./routes/v1/definitions.js";
+import { v1ScheduleRoutes, v1ScheduleReadRoutes } from "./routes/v1/schedules.js";
+import { v1ExpressionRoutes } from "./routes/v1/expressions.js";
+
+export {
+  KeyStore,
+  FileKeyStorage,
+  SqliteKeyStorage,
+  MemoryKeyStorage,
+} from "./auth/keys.js";
+export type {
+  ApiKey,
+  ApiKeyPublic,
+  ApiKeyStorageAdapter,
+  FileKeyStorageOptions,
+  SqliteKeyStorageOptions,
+} from "./auth/keys.js";
+export {
+  LogStore,
+  FileLogStorage,
+  MemoryLogStorage,
+} from "./log-store.js";
+export type {
+  LogStorageAdapter,
+  FileLogStorageOptions,
+} from "./log-store.js";
+export type { LogEntry } from "./log-buffer.js";
 
 export interface StationInstance {
   start(): Promise<void>;
@@ -52,17 +81,26 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
 
   const { dataDir } = ensureStationDir(cwd, config.stationDir);
 
+  warnIfLegacySqliteFiles(dataDir);
+
   const wsHub = new WebSocketHub();
   const sseHub = new SSEHub();
   const logBuffer = new LogBuffer();
-  const logStore = new LogStore(resolve(dataDir, "station-logs.db"));
+  const logStore = new LogStore(
+    config.logStorage ?? new FileLogStorage({
+      filePath: resolve(dataDir, "station-logs.jsonl"),
+      onError: (err) => console.error("[station] log write failed:", err),
+    }),
+  );
 
   // Auth: create KeyStore and SessionConfig if auth is configured
   let keyStore: KeyStore | undefined;
   let sessionConfig: SessionConfig | undefined;
 
   if (config.auth) {
-    keyStore = new KeyStore(resolve(dataDir, "station-keys.db"));
+    const storage = config.auth.keyStorage
+      ?? new FileKeyStorage({ filePath: resolve(dataDir, "station-keys.json") });
+    keyStore = new KeyStore(storage);
     sessionConfig = {
       username: config.auth.username,
       password: config.auth.password,
@@ -94,8 +132,23 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
   // Create runners if enabled
   let signalRunner: SignalRunner | undefined;
   let broadcastRunner: BroadcastRunner | undefined;
+  const scheduleAdapter: ScheduleAdapter | undefined = config.scheduleAdapter;
 
   if (config.runRunners) {
+    // Build schedule reconcilers up front. Each reconciler handles only the
+    // kinds it's responsible for; the runner ticks it once per loop.
+    const signalScheduleReconciler = scheduleAdapter
+      ? new ScheduleReconciler({
+          adapter: scheduleAdapter,
+          kinds: ["signal"],
+          parseInterval,
+          triggerFn: (s: Schedule) => signalRunner!.triggerSignal(s.target, s.input ?? {}),
+          hasPendingOrRunning: (s: Schedule) =>
+            signalRunner!.hasPendingOrRunningForSignal(s.target),
+          onError: (err) => console.error("[station] Signal schedule reconciler:", err),
+        })
+      : undefined;
+
     signalRunner = new SignalRunner({
       signalsDir,
       adapter: signalAdapter,
@@ -104,15 +157,29 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
       maxAttempts: config.runner.maxAttempts,
       retryBackoffMs: config.runner.retryBackoffMs,
       subscribers: [stationSignalSub],
+      scheduleReconciler: signalScheduleReconciler,
     });
 
     if (broadcastsDir || broadcastAdapter) {
+      const broadcastScheduleReconciler = scheduleAdapter
+        ? new ScheduleReconciler({
+            adapter: scheduleAdapter,
+            kinds: ["broadcast-static", "broadcast-dynamic"],
+            parseInterval,
+            triggerFn: (s: Schedule) => broadcastRunner!.trigger(s.target, s.input ?? {}),
+            hasPendingOrRunning: (s: Schedule) =>
+              broadcastRunner!.hasPendingOrRunningForBroadcast(s.target),
+            onError: (err) => console.error("[station] Broadcast schedule reconciler:", err),
+          })
+        : undefined;
+
       broadcastRunner = new BroadcastRunner({
         signalRunner,
         broadcastsDir,
         adapter: broadcastAdapter ?? new BroadcastMemoryAdapter(),
         pollIntervalMs: config.broadcastRunner.pollIntervalMs,
         subscribers: [stationBroadcastSub],
+        scheduleReconciler: broadcastScheduleReconciler,
       });
     }
   }
@@ -204,6 +271,15 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
   readRoutes.route("/", v1RunRoutes({ signalRunner, signalAdapter, logBuffer, logStore }));
   readRoutes.route("/", v1BroadcastRoutes({ broadcastRunner, broadcastAdapter, broadcastSubscriber: stationBroadcastSub }));
   readRoutes.route("/", v1EventRoutes({ sseHub }));
+  readRoutes.route("/", v1ExpressionRoutes());
+  // Schedule GET + preview are read-scoped; mutating routes are mounted under admin below.
+  readRoutes.route("/", v1ScheduleReadRoutes({ scheduleAdapter }));
+  readRoutes.route("/", v1DefinitionReadRoutes({
+    broadcastRunner,
+    broadcastAdapter,
+    signalRunner,
+    signalSubscriber: stationSignalSub,
+  }));
   v1.route("/", readRoutes);
 
   // Trigger-scope routes
@@ -239,10 +315,17 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
   });
   v1.route("/", cancelRoutes);
 
-  // Admin-scope routes
+  // Admin-scope routes — destructive / mutating endpoints
   const adminRoutes = new Hono();
   adminRoutes.use("/*", requireScope("admin"));
   adminRoutes.route("/", v1KeyRoutes({ keyStore }));
+  adminRoutes.route("/", v1DefinitionRoutes({
+    broadcastRunner,
+    broadcastAdapter,
+    signalRunner,
+    signalSubscriber: stationSignalSub,
+  }));
+  adminRoutes.route("/", v1ScheduleRoutes({ scheduleAdapter }));
   v1.route("/", adminRoutes);
 
   app.route("/api/v1", v1);
@@ -337,11 +420,35 @@ export async function createStation(config: StationConfig, cwd: string, nextPort
       }
       wsHub.close();
       sseHub.close();
-      logStore.close();
-      keyStore?.close();
+      await logStore.close();
+      await keyStore?.close();
       if (httpServer) {
         httpServer.close();
       }
     },
   };
 }
+
+// Existing deployments that ran older Station versions persisted keys
+// to `station-keys.db` (SQLite) and run logs to `station-logs.db`. The
+// new defaults are `station-keys.json` and `station-logs.jsonl`; the
+// legacy files are NOT auto-migrated. Emit a one-time warning so an
+// upgrade doesn't silently appear to wipe a user's API keys.
+function warnIfLegacySqliteFiles(dataDir: string): void {
+  const legacy: { file: string; replacement: string }[] = [
+    { file: "station-keys.db", replacement: "station-keys.json" },
+    { file: "station-logs.db", replacement: "station-logs.jsonl" },
+  ];
+  for (const { file, replacement } of legacy) {
+    const legacyPath = resolve(dataDir, file);
+    if (!existsSync(legacyPath)) continue;
+    const replacementPath = resolve(dataDir, replacement);
+    if (existsSync(replacementPath)) continue;
+    console.warn(
+      `[station] Legacy ${file} detected at ${legacyPath} but no ${replacement} found. ` +
+      `Station no longer reads SQLite-backed defaults; data in ${file} will not be loaded. ` +
+      `If you need the contents, export them with the better-sqlite3 CLI before upgrading. ` +
+      `To suppress this warning, delete or rename ${file}.`,
+    );
+  }
+}