steroids-api 0.2.7

package/dist/utils/validation.js

@@ -0,0 +1,51 @@
+/**
+ * Path validation utilities for API security
+ */
+import { existsSync, realpathSync } from 'node:fs';
+import { join } from 'node:path';
+/**
+ * Validate that a path is safe and points to a valid Steroids project
+ *
+ * @param path - Path to validate
+ * @returns True if path is valid and safe
+ */
+export function isValidProjectPath(path) {
+    try {
+        const realPath = realpathSync(path);
+        // Must contain .steroids directory with database
+        const steroidsDb = join(realPath, '.steroids', 'steroids.db');
+        if (!existsSync(steroidsDb)) {
+            return false;
+        }
+        // Must not be system directories
+        const forbidden = ['/etc', '/var', '/usr', '/bin', '/sbin'];
+        if (forbidden.some((f) => realPath.startsWith(f)) ||
+            (realPath.startsWith('/System') && !realPath.startsWith('/System/Volumes/Data'))) {
+            return false;
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Validate request body for path-based operations
+ *
+ * @param body - Request body
+ * @returns Validation result with error message if invalid
+ */
+export function validatePathRequest(body) {
+    if (!body || typeof body !== 'object') {
+        return { valid: false, error: 'Request body must be an object' };
+    }
+    const { path } = body;
+    if (!path || typeof path !== 'string') {
+        return { valid: false, error: 'Request body must contain a "path" string field' };
+    }
+    if (path.trim().length === 0) {
+        return { valid: false, error: 'Path cannot be empty' };
+    }
+    return { valid: true, path };
+}
+//# sourceMappingURL=validation.js.map

package/dist/utils/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAEpC,iDAAiD;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC9D,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,iCAAiC;QACjC,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,IACE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7C,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC,EAChF,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAa;IAC/C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;IACnE,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,IAA0B,CAAC;IAE5C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,iDAAiD,EAAE,CAAC;IACpF,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;IACzD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC/B,CAAC"}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "steroids-api",
+  "version": "0.2.7",
+  "description": "REST API for Steroids multi-project monitoring",
+  "main": "dist/index.js",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/API/src/index.js",
+    "dev": "tsx watch src/index.ts",
+    "test": "jest"
+  },
+  "keywords": [
+    "api",
+    "rest",
+    "steroids",
+    "monitoring"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "@types/tail": "^2.2.3",
+    "better-sqlite3": "^11.0.0",
+    "cors": "^2.8.5",
+    "express": "^4.18.2",
+    "tail": "^2.2.6"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.10.0",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,199 @@
+/**
+ * Steroids API Server
+ * REST API for multi-project monitoring and management
+ */
+
+import express from 'express';
+import cors from 'cors';
+import { execSync } from 'node:child_process';
+import { realpathSync, readFileSync, existsSync } from 'node:fs';
+import { resolve, join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+// Load API keys from .zshrc if not already set in the environment.
+// The API server is a daemon and may not inherit interactive shell env vars.
+(function loadEnvFromZshrc() {
+  const vars = ['STEROIDS_ANTHROPIC', 'STEROIDS_GOOGLE', 'STEROIDS_MISTRAL', 'STEROIDS_OPENAI'];
+  const missing = vars.filter((v) => !process.env[v]);
+  if (missing.length === 0) return;
+  try {
+    const exports = missing.map((v) => `printf "${v}=%s\\n" "$${v}"`).join('; ');
+    const out = execSync(
+      `zsh -c 'source ~/.zshrc 2>/dev/null; ${exports}'`,
+      { encoding: 'utf-8', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] }
+    ).trim();
+    for (const line of out.split('\n')) {
+      const eq = line.indexOf('=');
+      if (eq === -1) continue;
+      const key = line.slice(0, eq);
+      const val = line.slice(eq + 1).trim();
+      if (val && !process.env[key]) process.env[key] = val;
+    }
+  } catch {
+    // .zshrc not accessible or vars not defined there — continue without them
+  }
+}());
+import projectsRouter from './routes/projects.js';
+import storageRouter from './routes/storage.js';
+import activityRouter from './routes/activity.js';
+import runnersRouter from './routes/runners.js';
+import tasksRouter from './routes/tasks.js';
+import configRouter from './routes/config.js';
+import healthRouter from './routes/health.js';
+import incidentsRouter from './routes/incidents.js';
+import skillsRouter from './routes/skills.js';
+import { creditAlertRoutes } from './routes/credit-alerts.js';
+
+const PORT = process.env.PORT || 3501;
+const HOST = process.env.HOST || '0.0.0.0';
+
+// Get version from package.json
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+function getVersion(): string {
+  const paths = [
+    join(__dirname, '..', 'package.json'),       // From src/
+    join(__dirname, '..', '..', 'package.json'), // From dist/
+  ];
+  for (const p of paths) {
+    try {
+      if (existsSync(p)) {
+        return JSON.parse(readFileSync(p, 'utf-8')).version;
+      }
+    } catch { /* continue */ }
+  }
+  return 'unknown';
+}
+
+const version = getVersion();
+
+export function createApp(): express.Express {
+  const app = express();
+
+  // Middleware - CORS allowing all origins for local network access
+  app.use(cors({
+    origin: true, // Allow all origins
+    credentials: true,
+  }));
+  app.use(express.json());
+
+  // Request logging (keep test output clean)
+  if (process.env.NODE_ENV !== 'test') {
+    app.use((req, res, next) => {
+      console.log(`${new Date().toISOString()} ${req.method} ${req.path}`);
+      next();
+    });
+  }
+
+  // Routes
+  app.use('/api', projectsRouter);
+  app.use('/api', storageRouter);
+  app.use('/api', activityRouter);
+  app.use('/api', runnersRouter);
+  app.use('/api', tasksRouter);
+  app.use('/api', configRouter);
+  app.use('/api', healthRouter);
+  app.use('/api', incidentsRouter);
+  app.use('/api', skillsRouter);
+  app.use('/api/credit-alerts', creditAlertRoutes);
+
+  // Health check
+  app.get('/health', (req, res) => {
+    res.json({
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+      version,
+    });
+  });
+
+  // Root endpoint
+  app.get('/', (req, res) => {
+    res.json({
+      name: 'Steroids API',
+      version,
+      endpoints: [
+        'GET /health',
+        'GET /api/projects',
+        'GET /api/projects/status?path=<path>',
+        'GET /api/projects/storage?path=<path>',
+        'GET /api/projects/<path>/tasks?status=<status>&section=<id>&issue=<failed_retries|stale>&hours=<hours>',
+        'GET /api/projects/<path>/sections',
+        'POST /api/projects',
+        'POST /api/projects/remove',
+        'POST /api/projects/enable',
+        'POST /api/projects/disable',
+        'POST /api/projects/prune',
+        'GET /api/activity?hours=<hours>&project=<path>',
+        'GET /api/runners',
+        'GET /api/runners/active-tasks',
+        'GET /api/tasks/<taskId>?project=<path>',
+        'GET /api/tasks/<taskId>/logs?project=<path>',
+        'GET /api/config/schema',
+        'GET /api/config/schema/<category>',
+        'GET /api/config?scope=global|project|merged&project=<path>',
+        'PUT /api/config',
+        'GET /api/health?project=<path>',
+        'GET /api/incidents?project=<path>&limit=<n>&task=<prefix>&unresolved=<true|false>',
+        'GET /api/ai/providers',
+        'GET /api/ai/models/<provider>',
+        'GET /api/credit-alerts?project=<path>',
+        'POST /api/credit-alerts/<id>/dismiss',
+        'POST /api/credit-alerts/<id>/retry',
+      ],
+    });
+  });
+
+  // 404 handler
+  app.use((req, res) => {
+    res.status(404).json({
+      success: false,
+      error: 'Not found',
+      path: req.path,
+    });
+  });
+
+  // Error handler
+  app.use((err: Error, req: express.Request, res: express.Response, next: express.NextFunction) => {
+    console.error('Unhandled error:', err);
+    res.status(500).json({
+      success: false,
+      error: 'Internal server error',
+      message: err.message,
+    });
+  });
+
+  return app;
+}
+
+const app = createApp();
+
+export function startServer(): void {
+  // Start server on all interfaces
+  app.listen(Number(PORT), HOST, () => {
+    console.log(`Steroids API server listening on ${HOST}:${PORT}`);
+    console.log(`Health check: http://localhost:${PORT}/health`);
+    console.log(`API docs: http://localhost:${PORT}/`);
+  });
+}
+
+function normalizePath(p: string): string {
+  try {
+    return realpathSync(p);
+  } catch {
+    return resolve(p);
+  }
+}
+
+// Only start listening when executed as the entrypoint (safe to import in tests).
+// This works for `node dist/.../index.js` and `tsx watch src/index.ts` (tsx keeps the entry file in argv).
+const shouldAutoStart = (() => {
+  if (process.env.NODE_ENV === 'test') return false;
+  const thisPath = normalizePath(fileURLToPath(import.meta.url));
+  const argvPaths = process.argv.slice(1).map((a) => normalizePath(a));
+  return argvPaths.includes(thisPath);
+})();
+
+if (shouldAutoStart) startServer();
+
+export default app;

package/src/routes/activity.ts

@@ -0,0 +1,302 @@
+/**
+ * Activity API routes
+ * Exposes activity log statistics for the dashboard
+ */
+
+import { Router, Request, Response } from 'express';
+import { execSync } from 'node:child_process';
+import {
+  getActivityStatsByProject,
+  getActivityFiltered,
+  ProjectActivityStats,
+  ActivityStatus,
+  ActivityLogEntry,
+} from '../../../dist/runners/activity-log.js';
+
+/**
+ * Get GitHub URL from git remote for a project
+ */
+function getGitHubUrl(projectPath: string): string | null {
+  try {
+    const remoteUrl = execSync('git remote get-url origin', {
+      cwd: projectPath,
+      encoding: 'utf-8',
+    }).trim();
+
+    // Convert SSH or HTTPS URL to web URL
+    if (remoteUrl.startsWith('git@github.com:')) {
+      const path = remoteUrl.replace('git@github.com:', '').replace(/\.git$/, '');
+      return `https://github.com/${path}`;
+    } else if (remoteUrl.includes('github.com')) {
+      return remoteUrl.replace(/\.git$/, '');
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+interface ActivityListEntry extends ActivityLogEntry {
+  github_url: string | null;
+}
+
+const router = Router();
+
+interface ActivityStatsResponse {
+  project_path: string;
+  project_name: string | null;
+  completed: number;
+  failed: number;
+  skipped: number;
+  partial: number;
+  disputed: number;
+  total: number;
+  first_activity: string | null;
+  last_activity: string | null;
+  tasks_per_hour: number;
+  success_rate: number;
+}
+
+/**
+ * GET /api/activity
+ * Get activity statistics for a time range
+ * Query params:
+ *   - hours: number (default: 24) - hours to look back
+ *   - project: string (optional) - filter by project path
+ */
+router.get('/activity', (req: Request, res: Response) => {
+  try {
+    const hoursParam = req.query.hours;
+    const projectPath = req.query.project as string | undefined;
+
+    // Parse hours parameter (default: 24)
+    let hours = 24;
+    if (hoursParam !== undefined) {
+      const parsed = parseInt(hoursParam as string, 10);
+      if (isNaN(parsed) || parsed <= 0) {
+        res.status(400).json({
+          success: false,
+          error: 'Invalid hours parameter - must be a positive integer',
+        });
+        return;
+      }
+      hours = parsed;
+    }
+
+    // Get stats from the activity log
+    const stats: ProjectActivityStats[] = getActivityStatsByProject(hours);
+
+    // Filter by project if specified
+    const filteredStats = projectPath
+      ? stats.filter((s) => s.project_path === projectPath)
+      : stats;
+
+    // Calculate derived metrics for each project
+    const enrichedStats: ActivityStatsResponse[] = filteredStats.map((s) => {
+      // Calculate hours between first and last activity for rate
+      let tasksPerHour = 0;
+      if (s.first_activity && s.last_activity && s.total > 0) {
+        const firstTime = new Date(s.first_activity).getTime();
+        const lastTime = new Date(s.last_activity).getTime();
+        const hoursDiff = Math.max((lastTime - firstTime) / (1000 * 60 * 60), 1);
+        tasksPerHour = Math.round((s.total / hoursDiff) * 100) / 100;
+      }
+
+      // Calculate success rate (completed / total)
+      const successRate =
+        s.total > 0 ? Math.round((s.completed / s.total) * 1000) / 10 : 0;
+
+      return {
+        project_path: s.project_path,
+        project_name: s.project_name,
+        completed: s.completed,
+        failed: s.failed,
+        skipped: s.skipped,
+        partial: s.partial,
+        disputed: s.disputed,
+        total: s.total,
+        first_activity: s.first_activity,
+        last_activity: s.last_activity,
+        tasks_per_hour: tasksPerHour,
+        success_rate: successRate,
+      };
+    });
+
+    // If filtering by a single project, return just that project's stats
+    // Otherwise return all projects
+    if (projectPath) {
+      const projectStats = enrichedStats[0] || {
+        project_path: projectPath,
+        project_name: null,
+        completed: 0,
+        failed: 0,
+        skipped: 0,
+        partial: 0,
+        disputed: 0,
+        total: 0,
+        first_activity: null,
+        last_activity: null,
+        tasks_per_hour: 0,
+        success_rate: 0,
+      };
+
+      res.json({
+        success: true,
+        hours,
+        stats: projectStats,
+      });
+    } else {
+      // Aggregate all projects for global stats
+      const totals = enrichedStats.reduce(
+        (acc, s) => ({
+          completed: acc.completed + s.completed,
+          failed: acc.failed + s.failed,
+          skipped: acc.skipped + s.skipped,
+          partial: acc.partial + s.partial,
+          disputed: acc.disputed + s.disputed,
+          total: acc.total + s.total,
+        }),
+        { completed: 0, failed: 0, skipped: 0, partial: 0, disputed: 0, total: 0 }
+      );
+
+      // Find the earliest first_activity and latest last_activity across all projects
+      let globalFirstActivity: string | null = null;
+      let globalLastActivity: string | null = null;
+      for (const s of enrichedStats) {
+        if (s.first_activity) {
+          if (!globalFirstActivity || s.first_activity < globalFirstActivity) {
+            globalFirstActivity = s.first_activity;
+          }
+        }
+        if (s.last_activity) {
+          if (!globalLastActivity || s.last_activity > globalLastActivity) {
+            globalLastActivity = s.last_activity;
+          }
+        }
+      }
+
+      // Calculate global metrics based on actual activity timespan
+      const globalSuccessRate =
+        totals.total > 0
+          ? Math.round((totals.completed / totals.total) * 1000) / 10
+          : 0;
+
+      // Calculate tasks per hour based on actual time between first and last activity
+      let globalTasksPerHour = 0;
+      if (globalFirstActivity && globalLastActivity && totals.total > 0) {
+        const firstTime = new Date(globalFirstActivity).getTime();
+        const lastTime = new Date(globalLastActivity).getTime();
+        const hoursDiff = Math.max((lastTime - firstTime) / (1000 * 60 * 60), 1);
+        globalTasksPerHour = Math.round((totals.total / hoursDiff) * 100) / 100;
+      }
+
+      res.json({
+        success: true,
+        hours,
+        stats: {
+          ...totals,
+          first_activity: globalFirstActivity,
+          last_activity: globalLastActivity,
+          tasks_per_hour: globalTasksPerHour,
+          success_rate: globalSuccessRate,
+        },
+        by_project: enrichedStats,
+      });
+    }
+  } catch (error) {
+    console.error('Error getting activity stats:', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to get activity stats',
+      message: error instanceof Error ? error.message : 'Unknown error',
+    });
+  }
+});
+
+/**
+ * GET /api/activity/list
+ * Get activity log entries with optional filters
+ * Query params:
+ *   - hours: number (default: 24) - hours to look back
+ *   - status: string (optional) - filter by status (completed, failed, skipped, partial, disputed)
+ *   - project: string (optional) - filter by project path
+ *   - limit: number (optional) - max entries to return
+ */
+router.get('/activity/list', (req: Request, res: Response) => {
+  try {
+    const hoursParam = req.query.hours;
+    const statusParam = req.query.status as string | undefined;
+    const projectPath = req.query.project as string | undefined;
+    const limitParam = req.query.limit;
+
+    // Parse hours parameter (default: 24)
+    let hours = 24;
+    if (hoursParam !== undefined) {
+      const parsed = parseInt(hoursParam as string, 10);
+      if (isNaN(parsed) || parsed <= 0) {
+        res.status(400).json({
+          success: false,
+          error: 'Invalid hours parameter - must be a positive integer',
+        });
+        return;
+      }
+      hours = parsed;
+    }
+
+    // Validate status if provided
+    const validStatuses: ActivityStatus[] = ['completed', 'failed', 'skipped', 'partial', 'disputed'];
+    if (statusParam && !validStatuses.includes(statusParam as ActivityStatus)) {
+      res.status(400).json({
+        success: false,
+        error: `Invalid status - must be one of: ${validStatuses.join(', ')}`,
+      });
+      return;
+    }
+
+    // Parse limit
+    let limit: number | undefined;
+    if (limitParam !== undefined) {
+      const parsed = parseInt(limitParam as string, 10);
+      if (!isNaN(parsed) && parsed > 0) {
+        limit = parsed;
+      }
+    }
+
+    const rawEntries = getActivityFiltered({
+      hoursAgo: hours,
+      status: statusParam as ActivityStatus | undefined,
+      projectPath,
+      limit,
+    });
+
+    // Cache GitHub URLs by project path to avoid repeated git calls
+    const githubUrlCache = new Map<string, string | null>();
+
+    const entries: ActivityListEntry[] = rawEntries.map((entry) => {
+      if (!githubUrlCache.has(entry.project_path)) {
+        githubUrlCache.set(entry.project_path, getGitHubUrl(entry.project_path));
+      }
+      return {
+        ...entry,
+        github_url: githubUrlCache.get(entry.project_path) ?? null,
+      };
+    });
+
+    res.json({
+      success: true,
+      hours,
+      status: statusParam || 'all',
+      entries,
+      count: entries.length,
+    });
+  } catch (error) {
+    console.error('Error getting activity list:', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to get activity list',
+      message: error instanceof Error ? error.message : 'Unknown error',
+    });
+  }
+});
+
+export default router;