tanuki-telemetry 1.1.0

package/src/api-keys.ts

@@ -0,0 +1,97 @@
+import crypto from "crypto";
+import { Router } from "express";
+import { getDb } from "./db.js";
+import { dashboardAuthMiddleware } from "./middleware.js";
+import type { User } from "./auth.js";
+
+export interface ApiKey {
+  id: string;
+  user_id: string;
+  label: string;
+  last_used_at: string | null;
+  created_at: string;
+  // key_hash is never returned
+}
+
+function hashKey(rawKey: string): string {
+  return crypto.createHash("sha256").update(rawKey).digest("hex");
+}
+
+export function generateApiKey(userId: string, label: string = "default"): string {
+  const d = getDb();
+  const rawKey = "tlm_" + crypto.randomBytes(32).toString("hex");
+  const keyHash = hashKey(rawKey);
+  const id = crypto.randomUUID();
+
+  d.prepare(
+    "INSERT INTO api_keys (id, user_id, key_hash, label) VALUES (?, ?, ?, ?)"
+  ).run(id, userId, keyHash, label);
+
+  return rawKey;
+}
+
+export interface ApiKeyValidation {
+  user_id: string;
+  email: string;
+}
+
+export function validateApiKey(rawKey: string): ApiKeyValidation | null {
+  const d = getDb();
+  const keyHash = hashKey(rawKey);
+  const row = d
+    .prepare("SELECT ak.user_id, u.email FROM api_keys ak JOIN users u ON ak.user_id = u.id WHERE ak.key_hash = ?")
+    .get(keyHash) as { user_id: string; email: string } | undefined;
+
+  if (!row) return null;
+
+  // Update last_used_at
+  d.prepare("UPDATE api_keys SET last_used_at = datetime('now') WHERE key_hash = ?").run(keyHash);
+  return { user_id: row.user_id, email: row.email };
+}
+
+export function listApiKeys(userId: string): ApiKey[] {
+  const d = getDb();
+  return d
+    .prepare("SELECT id, user_id, label, last_used_at, created_at FROM api_keys WHERE user_id = ? ORDER BY created_at DESC")
+    .all(userId) as ApiKey[];
+}
+
+export function revokeApiKey(keyId: string, userId: string): boolean {
+  const d = getDb();
+  const result = d
+    .prepare("DELETE FROM api_keys WHERE id = ? AND user_id = ?")
+    .run(keyId, userId);
+  return result.changes > 0;
+}
+
+export function createApiKeyRouter(): Router {
+  const router = Router();
+
+  // All routes require dashboard auth
+  router.use(dashboardAuthMiddleware);
+
+  router.get("/", (req, res) => {
+    const user = req.user as User;
+    const keys = listApiKeys(user.id);
+    res.json(keys);
+  });
+
+  router.post("/", (req, res) => {
+    const user = req.user as User;
+    const label = (req.body?.label as string) || "default";
+    const rawKey = generateApiKey(user.id, label);
+    res.json({ key: rawKey, label });
+  });
+
+  router.delete("/:id", (req, res) => {
+    const user = req.user as User;
+    const deleted = revokeApiKey(req.params.id, user.id);
+    if (deleted) {
+      res.json({ ok: true });
+    } else {
+      res.status(404).json({ error: "Key not found" });
+    }
+  });
+
+  return router;
+}

package/src/auth.ts

@@ -0,0 +1,165 @@
+import { Router } from "express";
+import passport from "passport";
+import { Strategy as GoogleStrategy } from "passport-google-oauth20";
+import { getDb } from "./db.js";
+
+export interface User {
+  id: string;
+  google_id: string;
+  email: string;
+  name: string;
+  avatar_url: string | null;
+}
+
+// Ensure users table exists
+export function initAuthTables(): void {
+  const d = getDb();
+
+  d.exec(`
+    CREATE TABLE IF NOT EXISTS users (
+      id TEXT PRIMARY KEY,
+      google_id TEXT UNIQUE NOT NULL,
+      email TEXT UNIQUE NOT NULL,
+      name TEXT NOT NULL,
+      avatar_url TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS api_keys (
+      id TEXT PRIMARY KEY,
+      user_id TEXT NOT NULL REFERENCES users(id),
+      key_hash TEXT UNIQUE NOT NULL,
+      label TEXT NOT NULL DEFAULT 'default',
+      last_used_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_api_keys_user ON api_keys(user_id);
+    CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);
+    CREATE INDEX IF NOT EXISTS idx_user_sessions_expired ON user_sessions(expired_at);
+  `);
+}
+
+function findOrCreateUser(profile: {
+  id: string;
+  email: string;
+  displayName: string;
+  photos?: Array<{ value: string }>;
+}): User {
+  const d = getDb();
+
+  const existing = d
+    .prepare("SELECT * FROM users WHERE google_id = ?")
+    .get(profile.id) as User | undefined;
+
+  if (existing) {
+    // Update name/avatar on each login
+    d.prepare("UPDATE users SET name = ?, avatar_url = ? WHERE id = ?").run(
+      profile.displayName,
+      profile.photos?.[0]?.value ?? null,
+      existing.id
+    );
+    return { ...existing, name: profile.displayName, avatar_url: profile.photos?.[0]?.value ?? null };
+  }
+
+  const id = crypto.randomUUID();
+  d.prepare(
+    "INSERT INTO users (id, google_id, email, name, avatar_url) VALUES (?, ?, ?, ?, ?)"
+  ).run(id, profile.id, profile.email, profile.displayName, profile.photos?.[0]?.value ?? null);
+
+  return { id, google_id: profile.id, email: profile.email, name: profile.displayName, avatar_url: profile.photos?.[0]?.value ?? null };
+}
+
+export function setupPassport(): void {
+  const clientID = process.env.GOOGLE_CLIENT_ID;
+  const clientSecret = process.env.GOOGLE_CLIENT_SECRET;
+  const callbackURL = process.env.GOOGLE_CALLBACK_URL || "/auth/google/callback";
+
+  if (!clientID || !clientSecret) return;
+
+  passport.serializeUser((user, done) => {
+    done(null, (user as User).id);
+  });
+
+  passport.deserializeUser((id: string, done) => {
+    const d = getDb();
+    const user = d.prepare("SELECT * FROM users WHERE id = ?").get(id) as User | undefined;
+    done(null, user || null);
+  });
+
+  passport.use(
+    new GoogleStrategy(
+      { clientID, clientSecret, callbackURL },
+      (_accessToken, _refreshToken, profile, done) => {
+        try {
+          const email = profile.emails?.[0]?.value;
+          if (!email) {
+            return done(new Error("No email in Google profile"));
+          }
+
+          // Check allowed emails
+          const allowedEmails = process.env.ALLOWED_EMAILS;
+          if (allowedEmails) {
+            const allowed = allowedEmails.split(",").map((e) => e.trim().toLowerCase());
+            if (!allowed.includes(email.toLowerCase())) {
+              return done(new Error("Email not authorized"));
+            }
+          }
+
+          const user = findOrCreateUser({
+            id: profile.id,
+            email,
+            displayName: profile.displayName,
+            photos: profile.photos,
+          });
+
+          return done(null, user);
+        } catch (err) {
+          return done(err as Error);
+        }
+      }
+    )
+  );
+}
+
+export function createAuthRouter(): Router {
+  const router = Router();
+  const baseUrl = process.env.BASE_URL || "";
+
+  router.get("/google", passport.authenticate("google", { scope: ["profile", "email"] }));
+
+  router.get(
+    "/google/callback",
+    passport.authenticate("google", { failureRedirect: "/auth/login-failed" }),
+    (_req, res) => {
+      res.redirect(baseUrl ? "/" : "/");
+    }
+  );
+
+  router.get("/login-failed", (_req, res) => {
+    res.status(403).type("html").send(`<!DOCTYPE html>
+<html><head><title>Access Denied</title></head>
+<body style="background:#0a0a0a;color:#ff4444;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;flex-direction:column;">
+<h2>ACCESS DENIED</h2>
+<p style="color:#666;">Your email is not authorized to access this dashboard.</p>
+<a href="/auth/google" style="color:#00ff88;margin-top:20px;">Try another account</a>
+</body></html>`);
+  });
+
+  router.get("/logout", (req, res) => {
+    req.logout(() => {
+      res.redirect("/");
+    });
+  });
+
+  router.get("/me", (req, res) => {
+    if (req.isAuthenticated()) {
+      const user = req.user as User;
+      res.json({ id: user.id, email: user.email, name: user.name, avatar_url: user.avatar_url });
+    } else {
+      res.status(401).json({ error: "Not authenticated" });
+    }
+  });
+
+  return router;
+}

package/src/coordinator.ts

@@ -0,0 +1,136 @@
+import { getDb } from "./db.js";
+
+export interface WorkspaceState {
+  name: string;
+  status: "idle" | "working" | "done" | "failed" | "paused";
+  last_task?: string;
+  pending?: string[];
+  session_id?: string;
+  last_updated?: string;
+}
+
+export interface CoordinatorState {
+  session_id: string;
+  started_at: string;
+  last_updated: string;
+  workspaces: Record<string, WorkspaceState>;
+  pending_tasks: string[];
+  decisions: string[];
+  notes: string;
+}
+
+export interface ContextSnapshot {
+  timestamp: string;
+  summary: string;
+  key_decisions: string[];
+  workspace_states: Record<string, WorkspaceState>;
+  pending_work: string[];
+}
+
+export function saveCoordinatorState(
+  sessionId: string,
+  partialState: Partial<Omit<CoordinatorState, "session_id">>
+): CoordinatorState {
+  const d = getDb();
+  const existing = getCoordinatorState(sessionId);
+  const now = new Date().toISOString();
+
+  const merged: CoordinatorState = existing
+    ? {
+        ...existing,
+        last_updated: now,
+        workspaces: { ...existing.workspaces, ...(partialState.workspaces || {}) },
+        pending_tasks: partialState.pending_tasks ?? existing.pending_tasks,
+        decisions: partialState.decisions
+          ? [...existing.decisions, ...partialState.decisions.filter(d => !existing.decisions.includes(d))]
+          : existing.decisions,
+        notes: partialState.notes ?? existing.notes,
+      }
+    : {
+        session_id: sessionId,
+        started_at: now,
+        last_updated: now,
+        workspaces: partialState.workspaces || {},
+        pending_tasks: partialState.pending_tasks || [],
+        decisions: partialState.decisions || [],
+        notes: partialState.notes || "",
+      };
+
+  const stateJson = JSON.stringify(merged);
+
+  if (existing) {
+    d.prepare(`
+      UPDATE coordinator_state SET state = ?, updated_at = datetime('now') WHERE session_id = ?
+    `).run(stateJson, sessionId);
+  } else {
+    d.prepare(`
+      INSERT INTO coordinator_state (session_id, state) VALUES (?, ?)
+    `).run(sessionId, stateJson);
+  }
+
+  return merged;
+}
+
+export function getCoordinatorState(sessionId: string): CoordinatorState | null {
+  const d = getDb();
+  const row = d.prepare("SELECT state FROM coordinator_state WHERE session_id = ?").get(sessionId) as { state: string } | undefined;
+  if (!row) return null;
+  try {
+    return JSON.parse(row.state) as CoordinatorState;
+  } catch {
+    return null;
+  }
+}
+
+export function getLatestCoordinatorSession(): CoordinatorState | null {
+  const d = getDb();
+  const row = d.prepare("SELECT state FROM coordinator_state ORDER BY updated_at DESC LIMIT 1").get() as { state: string } | undefined;
+  if (!row) return null;
+  try {
+    return JSON.parse(row.state) as CoordinatorState;
+  } catch {
+    return null;
+  }
+}
+
+export function listCoordinatorSessions(limit: number = 5): CoordinatorState[] {
+  const d = getDb();
+  const rows = d.prepare(
+    "SELECT state FROM coordinator_state ORDER BY updated_at DESC LIMIT ?"
+  ).all(limit) as Array<{ state: string }>;
+
+  return rows
+    .map(r => {
+      try { return JSON.parse(r.state) as CoordinatorState; }
+      catch { return null; }
+    })
+    .filter(Boolean) as CoordinatorState[];
+}
+
+export function compactCoordinatorContext(
+  sessionId: string,
+  context: ContextSnapshot
+): void {
+  const d = getDb();
+  const entry: ContextSnapshot = {
+    ...context,
+    timestamp: new Date().toISOString(),
+  };
+  d.prepare(`
+    INSERT INTO coordinator_history (session_id, snapshot) VALUES (?, ?)
+  `).run(sessionId, JSON.stringify(entry));
+}
+
+export function getCoordinatorHistory(sessionId: string): ContextSnapshot[] {
+  const d = getDb();
+  const rows = d.prepare(
+    "SELECT snapshot FROM coordinator_history WHERE session_id = ? ORDER BY created_at ASC"
+  ).all(sessionId) as Array<{ snapshot: string }>;
+
+  return rows
+    .map(r => {
+      try { return JSON.parse(r.snapshot) as ContextSnapshot; }
+      catch { return null; }
+    })
+    .filter(Boolean) as ContextSnapshot[];
+}

package/src/dashboard-server.ts

@@ -0,0 +1,5 @@
+import { startDashboard } from "./dashboard.js";
+
+// Standalone dashboard entry point — runs as a persistent container
+startDashboard();
+console.log("Dashboard running at http://localhost:3333");