vibeoscore 1.0.2

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "vibeoscore",
+  "version": "1.0.2",
+  "description": "vibeOS backend core: API server, MCP server, web dashboard, and API client",
+  "type": "module",
+  "exports": {
+    "./client": "./client.js",
+    "./mcp-server": "./mcp-server.js",
+    "./server": "./server.js"
+  },
+  "scripts": {
+    "start": "node server.js",
+    "start:all": "node scripts/start-all.mjs",
+    "dev": "node --watch server.js",
+    "seed": "node scripts/seed-master-token.js",
+    "deploy": "bash scripts/deploy.sh",
+    "release": "node scripts/release.mjs",
+    "release:patch": "node scripts/release.mjs patch --yes",
+    "release:minor": "node scripts/release.mjs minor --yes",
+    "release:major": "node scripts/release.mjs major --yes",
+    "build:dashboard": "cd dashboard && npm install && npm run build",
+    "dev:dashboard": "cd dashboard && npm run dev",
+    "dashboard:serve": "node scripts/dashboard-server.mjs",
+    "typecheck": "tsc --noEmit",
+    "test": "node --test tests/*.test.js tests/*.test.mjs"
+  },
+  "dependencies": {
+    "@fastify/cors": "^11.2.0",
+    "better-sqlite3": "^11.7.0",
+    "fastify": "^5.2.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.30",
+    "typescript": "^5.9.3"
+  },
+  "files": [
+    "client.js",
+    "client.ts",
+    "mcp-server.js",
+    "mcp-server.ts",
+    "server.js",
+    "lib/",
+    "middleware/",
+    "routes/",
+    "dashboard/dist/",
+    "scripts/",
+    "nginx-vibetheog-api.conf",
+    "vibeos-api.service",
+    ".env.example"
+  ],
+  "keywords": [
+    "vibeos",
+    "api",
+    "opencode",
+    "mcp"
+  ],
+  "author": "vibeOS",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/DrunkkToys/vibeOScore.git"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}

package/routes/admin.js

@@ -0,0 +1,93 @@
+import { getDb } from "../lib/db.js";
+import { randomBytes } from "node:crypto";
+function generateToken() {
+    return "vos_" + randomBytes(32).toString("hex");
+}
+export async function adminRoutes(fastify) {
+    fastify.post("/admin/seats", async (request, reply) => {
+        const { name, email } = request.body || {};
+        if (!name) {
+            return reply.code(400).send({ error: "name is required" });
+        }
+        const db = getDb();
+        const result = db.prepare("INSERT INTO seats (name, email) VALUES (?, ?)").run(name, email || null);
+        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(result.lastInsertRowid);
+        return { ok: true, seat };
+    });
+    fastify.get("/admin/seats", async (request, reply) => {
+        const db = getDb();
+        const seats = db.prepare("SELECT * FROM seats ORDER BY created_at DESC").all();
+        return { seats, count: seats.length };
+    });
+    fastify.patch("/admin/seats/:id", async (request, reply) => {
+        const { id } = request.params;
+        const { status } = request.body || {};
+        if (!status || !["active", "suspended", "cancelled"].includes(status)) {
+            return reply.code(400).send({ error: "valid status is required (active, suspended, cancelled)" });
+        }
+        const db = getDb();
+        const result = db.prepare("UPDATE seats SET status = ?, updated_at = datetime('now') WHERE id = ?").run(status, id);
+        if (result.changes === 0) {
+            return reply.code(404).send({ error: "seat not found" });
+        }
+        if (status !== "active") {
+            db.prepare("UPDATE api_tokens SET status = 'revoked', revoked_at = datetime('now') WHERE seat_id = ? AND status = 'active'").run(id);
+        }
+        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(id);
+        return { ok: true, seat };
+    });
+    fastify.post("/admin/tokens", async (request, reply) => {
+        const { seat_id, label, expires_at } = request.body || {};
+        if (!seat_id) {
+            return reply.code(400).send({ error: "seat_id is required" });
+        }
+        const db = getDb();
+        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(seat_id);
+        if (!seat) {
+            return reply.code(404).send({ error: "seat not found" });
+        }
+        const token = generateToken();
+        const result = db.prepare("INSERT INTO api_tokens (token, seat_id, label, expires_at) VALUES (?, ?, ?, ?)").run(token, seat_id, label || null, expires_at || null);
+        const tokenRow = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(result.lastInsertRowid);
+        return { ok: true, token: tokenRow };
+    });
+    fastify.get("/admin/tokens", async (request, reply) => {
+        const db = getDb();
+        const tokens = db.prepare(`
+      SELECT t.*, s.name as seat_name, s.email as seat_email, s.status as seat_status
+      FROM api_tokens t
+      JOIN seats s ON t.seat_id = s.id
+      ORDER BY t.created_at DESC
+    `).all();
+        return { tokens, count: tokens.length };
+    });
+    fastify.patch("/admin/tokens/:id", async (request, reply) => {
+        const { id } = request.params;
+        const { status } = request.body || {};
+        if (!status || !["active", "revoked", "expired"].includes(status)) {
+            return reply.code(400).send({ error: "valid status is required (active, revoked, expired)" });
+        }
+        const db = getDb();
+        const update = status === "revoked"
+            ? "UPDATE api_tokens SET status = ?, revoked_at = datetime('now') WHERE id = ?"
+            : "UPDATE api_tokens SET status = ? WHERE id = ?";
+        const result = db.prepare(update).run(status, id);
+        if (result.changes === 0) {
+            return reply.code(404).send({ error: "token not found" });
+        }
+        const token = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(id);
+        return { ok: true, token };
+    });
+    fastify.get("/admin/usage", async (request, reply) => {
+        const { days: daysRaw } = request.query || {};
+        const days = Number(daysRaw);
+        if (daysRaw !== undefined && (isNaN(days) || !Number.isFinite(days) || !Number.isInteger(days) || days < 1 || days > 365)) {
+            return reply.code(400).send({ error: "days must be a positive integer between 1 and 365" });
+        }
+        const effectiveDays = days || 30;
+        const db = getDb();
+        const sql = "SELECT t.token, t.label, s.name as seat_name, COUNT(*) as request_count, AVG(l.latency_ms) as avg_latency_ms, MIN(l.created_at) as first_used, MAX(l.created_at) as last_used FROM usage_log l JOIN api_tokens t ON l.token_id = t.id JOIN seats s ON t.seat_id = s.id WHERE l.created_at >= datetime('now', ?) GROUP BY t.id ORDER BY request_count DESC";
+        const usage = db.prepare(sql).all("-" + effectiveDays + " days");
+        return { usage, count: usage.length, days: effectiveDays };
+    });
+}

package/routes/admin.ts

@@ -0,0 +1,107 @@
+import { getDb } from "../lib/db.js"
+import { randomBytes } from "node:crypto"
+
+function generateToken() {
+  return "vos_" + randomBytes(32).toString("hex")
+}
+
+export async function adminRoutes(fastify: any) {
+  fastify.post("/admin/seats", async (request: any, reply: any) => {
+    const { name, email } = request.body || {}
+    if (!name) {
+      return reply.code(400).send({ error: "name is required" })
+    }
+    const db = getDb()
+    const result = db.prepare("INSERT INTO seats (name, email) VALUES (?, ?)").run(name, email || null)
+    const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(result.lastInsertRowid)
+    return { ok: true, seat }
+  })
+
+  fastify.get("/admin/seats", async (request: any, reply: any) => {
+    const db = getDb()
+    const seats = db.prepare("SELECT * FROM seats ORDER BY created_at DESC").all()
+    return { seats, count: seats.length }
+  })
+
+  fastify.patch("/admin/seats/:id", async (request: any, reply: any) => {
+    const { id } = request.params
+    const { status } = request.body || {}
+    if (!status || !["active", "suspended", "cancelled"].includes(status)) {
+      return reply.code(400).send({ error: "valid status is required (active, suspended, cancelled)" })
+    }
+    const db = getDb()
+    const result = db.prepare("UPDATE seats SET status = ?, updated_at = datetime('now') WHERE id = ?").run(status, id)
+    if (result.changes === 0) {
+      return reply.code(404).send({ error: "seat not found" })
+    }
+
+    if (status !== "active") {
+      db.prepare("UPDATE api_tokens SET status = 'revoked', revoked_at = datetime('now') WHERE seat_id = ? AND status = 'active'").run(id)
+    }
+
+    const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(id)
+    return { ok: true, seat }
+  })
+
+  fastify.post("/admin/tokens", async (request: any, reply: any) => {
+    const { seat_id, label, expires_at } = request.body || {}
+    if (!seat_id) {
+      return reply.code(400).send({ error: "seat_id is required" })
+    }
+    const db = getDb()
+    const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(seat_id)
+    if (!seat) {
+      return reply.code(404).send({ error: "seat not found" })
+    }
+
+    const token = generateToken()
+    const result = db.prepare(
+      "INSERT INTO api_tokens (token, seat_id, label, expires_at) VALUES (?, ?, ?, ?)"
+    ).run(token, seat_id, label || null, expires_at || null)
+
+    const tokenRow = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(result.lastInsertRowid)
+    return { ok: true, token: tokenRow }
+  })
+
+  fastify.get("/admin/tokens", async (request: any, reply: any) => {
+    const db = getDb()
+    const tokens = db.prepare(`
+      SELECT t.*, s.name as seat_name, s.email as seat_email, s.status as seat_status
+      FROM api_tokens t
+      JOIN seats s ON t.seat_id = s.id
+      ORDER BY t.created_at DESC
+    `).all()
+    return { tokens, count: tokens.length }
+  })
+
+  fastify.patch("/admin/tokens/:id", async (request: any, reply: any) => {
+    const { id } = request.params
+    const { status } = request.body || {}
+    if (!status || !["active", "revoked", "expired"].includes(status)) {
+      return reply.code(400).send({ error: "valid status is required (active, revoked, expired)" })
+    }
+    const db = getDb()
+    const update = status === "revoked"
+      ? "UPDATE api_tokens SET status = ?, revoked_at = datetime('now') WHERE id = ?"
+      : "UPDATE api_tokens SET status = ? WHERE id = ?"
+    const result = db.prepare(update).run(status, id)
+    if (result.changes === 0) {
+      return reply.code(404).send({ error: "token not found" })
+    }
+    const token = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(id)
+    return { ok: true, token }
+  })
+
+  fastify.get("/admin/usage", async (request: any, reply: any) => {
+    const { days: daysRaw } = request.query || {}
+    const days = Number(daysRaw)
+    if (daysRaw !== undefined && (isNaN(days) || !Number.isFinite(days) || !Number.isInteger(days) || days < 1 || days > 365)) {
+      return reply.code(400).send({ error: "days must be a positive integer between 1 and 365" })
+    }
+    const effectiveDays = days || 30
+    const db = getDb()
+    const sql = "SELECT t.token, t.label, s.name as seat_name, COUNT(*) as request_count, AVG(l.latency_ms) as avg_latency_ms, MIN(l.created_at) as first_used, MAX(l.created_at) as last_used FROM usage_log l JOIN api_tokens t ON l.token_id = t.id JOIN seats s ON t.seat_id = s.id WHERE l.created_at >= datetime('now', ?) GROUP BY t.id ORDER BY request_count DESC"
+    const usage = db.prepare(sql).all("-" + effectiveDays + " days")
+    return { usage, count: usage.length, days: effectiveDays }
+  })
+}