diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..15eadad --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,53 @@ +# Changelog + +All notable changes to Mission Control are documented in this file. + +## [1.2.0] - 2026-03-01 + +### Added +- Zod input validation schemas for all mutation API routes +- Security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy) +- Rate limiting on resource-intensive endpoints (search, backup, cleanup, memory, logs) +- Unit tests for auth, validation, rate-limit, and db-helpers modules + +### Fixed +- Task status enum mismatch (`blocked` → `quality_review`) in validation schema +- Type safety improvements in auth.ts and db.ts (replaced `as any` casts) + +### Changed +- Standardized alert route to use `validateBody()` helper +- Bumped package version from 1.0.0 to 1.2.0 + +## [1.1.0] - 2026-02-27 + +### Added +- Multi-user authentication with session management +- Google SSO with admin approval workflow +- Role-based access control (admin, operator, viewer) +- Audit logging for security events +- 1Password integration for secrets management +- Workflow templates and pipeline orchestration +- Quality review system with approval gates +- Data export (CSV/JSON) for audit logs, tasks, activities +- Global search across all entities +- Settings management UI +- Gateway configuration editor +- Notification system with @mentions +- Agent communication (direct messages) +- Standup report generation +- Scheduled auto-backup and auto-cleanup +- Network access control (host allowlist) +- CSRF origin validation + +## [1.0.0] - 2026-02-15 + +### Added +- Agent orchestration dashboard with real-time status +- Task management with Kanban board +- Activity stream with live updates (SSE) +- Agent spawn and session management +- Webhook integration with HMAC signatures +- Alert rules engine with condition evaluation +- Token usage tracking and cost estimation +- Dark/light theme support +- Docker deployment support diff --git a/README.md b/README.md index 3adc24e..8cc23a4 100644 --- a/README.md +++ b/README.md @@ -315,19 +315,26 @@ pnpm quality:gate # All checks See [open issues](https://github.com/builderz-labs/mission-control/issues) for planned work and the [v1.0.0 release notes](https://github.com/builderz-labs/mission-control/releases/tag/v1.0.0) for what shipped. +**Completed:** + +- [x] Dockerfile and docker-compose.yml ([#34](https://github.com/builderz-labs/mission-control/issues/34)) +- [x] Implement session control actions — monitor/pause/terminate are stub buttons ([#35](https://github.com/builderz-labs/mission-control/issues/35)) +- [x] Dynamic model catalog — replace hardcoded pricing across 3 files ([#36](https://github.com/builderz-labs/mission-control/issues/36)) +- [x] API-wide rate limiting ([#37](https://github.com/builderz-labs/mission-control/issues/37)) +- [x] React error boundaries around panels ([#38](https://github.com/builderz-labs/mission-control/issues/38)) +- [x] Structured logging with pino ([#39](https://github.com/builderz-labs/mission-control/issues/39)) +- [x] Accessibility improvements — WCAG 2.1 AA ([#40](https://github.com/builderz-labs/mission-control/issues/40)) +- [x] HSTS header for TLS deployments ([#41](https://github.com/builderz-labs/mission-control/issues/41)) +- [x] Input validation with zod schemas ([#42](https://github.com/builderz-labs/mission-control/issues/42)) +- [x] Export endpoint row limits ([#43](https://github.com/builderz-labs/mission-control/issues/43)) +- [x] Fill in Vitest unit test stubs with real assertions + **Up next:** -- [ ] Dockerfile and docker-compose.yml ([#34](https://github.com/builderz-labs/mission-control/issues/34)) -- [ ] Implement session control actions — monitor/pause/terminate are stub buttons ([#35](https://github.com/builderz-labs/mission-control/issues/35)) -- [ ] Dynamic model catalog — replace hardcoded pricing across 3 files ([#36](https://github.com/builderz-labs/mission-control/issues/36)) -- [ ] API-wide rate limiting ([#37](https://github.com/builderz-labs/mission-control/issues/37)) -- [ ] React error boundaries around panels ([#38](https://github.com/builderz-labs/mission-control/issues/38)) -- [ ] Structured logging with pino ([#39](https://github.com/builderz-labs/mission-control/issues/39)) -- [ ] Accessibility improvements — WCAG 2.1 AA ([#40](https://github.com/builderz-labs/mission-control/issues/40)) -- [ ] HSTS header for TLS deployments ([#41](https://github.com/builderz-labs/mission-control/issues/41)) -- [ ] Input validation with zod schemas ([#42](https://github.com/builderz-labs/mission-control/issues/42)) -- [ ] Export endpoint row limits ([#43](https://github.com/builderz-labs/mission-control/issues/43)) -- [ ] Fill in Vitest unit test stubs with real assertions +- [ ] Native macOS app +- [ ] OpenAPI / Swagger documentation +- [ ] Webhook retry with exponential backoff +- [ ] OAuth approval UI improvements - [ ] API token rotation UI - [ ] Webhook signature verification diff --git a/middleware.ts b/middleware.ts index 7ca6019..12fff06 100644 --- a/middleware.ts +++ b/middleware.ts @@ -49,6 +49,13 @@ function hostMatches(pattern: string, hostname: string): boolean { return h === p } +function applySecurityHeaders(response: NextResponse): NextResponse { + response.headers.set('X-Content-Type-Options', 'nosniff') + response.headers.set('X-Frame-Options', 'DENY') + response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin') + return response +} + export function middleware(request: NextRequest) { // Network access control. // In production: default-deny unless explicitly allowed. @@ -84,7 +91,7 @@ export function middleware(request: NextRequest) { // Allow login page and auth API without session if (pathname === '/login' || pathname.startsWith('/api/auth/')) { - return NextResponse.next() + return applySecurityHeaders(NextResponse.next()) } // Check for session cookie @@ -94,7 +101,7 @@ export function middleware(request: NextRequest) { if (pathname.startsWith('/api/')) { const apiKey = request.headers.get('x-api-key') if (sessionToken || (apiKey && safeCompare(apiKey, process.env.API_KEY || ''))) { - return NextResponse.next() + return applySecurityHeaders(NextResponse.next()) } return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) @@ -102,7 +109,7 @@ export function middleware(request: NextRequest) { // Page routes: redirect to login if no session if (sessionToken) { - return NextResponse.next() + return applySecurityHeaders(NextResponse.next()) } // Redirect to login diff --git a/package.json b/package.json index 8a0603f..5b64c1b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "mission-control", - "version": "1.0.0", + "version": "1.2.0", "description": "OpenClaw Mission Control — open-source agent orchestration dashboard", "scripts": { "dev": "next dev --hostname 127.0.0.1", diff --git a/src/app/api/agents/message/route.ts b/src/app/api/agents/message/route.ts index d2541b1..c5e842f 100644 --- a/src/app/api/agents/message/route.ts +++ b/src/app/api/agents/message/route.ts @@ -2,23 +2,20 @@ import { NextRequest, NextResponse } from 'next/server' import { getDatabase, db_helpers } from '@/lib/db' import { runOpenClaw } from '@/lib/command' import { requireRole } from '@/lib/auth' +import { validateBody, createMessageSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) - try { - const body = await request.json() - const from = (body.from || 'system') as string - const to = (body.to || '').trim() - const message = (body.message || '').trim() + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck - if (!to || !message) { - return NextResponse.json( - { error: 'Both "to" and "message" are required' }, - { status: 400 } - ) - } + try { + const result = await validateBody(request, createMessageSchema) + if ('error' in result) return result.error + const { from, to, message } = result.data const db = getDatabase() const agent = db.prepare('SELECT * FROM agents WHERE name = ?').get(to) as any diff --git a/src/app/api/alerts/route.ts b/src/app/api/alerts/route.ts index 9d56f0f..c6a3ab9 100644 --- a/src/app/api/alerts/route.ts +++ b/src/app/api/alerts/route.ts @@ -2,7 +2,7 @@ import { NextRequest, NextResponse } from 'next/server' import { requireRole } from '@/lib/auth' import { getDatabase } from '@/lib/db' import { mutationLimiter } from '@/lib/rate-limit' -import { createAlertSchema } from '@/lib/validation' +import { createAlertSchema, validateBody } from '@/lib/validation' interface AlertRule { id: number @@ -50,15 +50,19 @@ export async function POST(request: NextRequest) { if (rateCheck) return rateCheck const db = getDatabase() - const body = await request.json() - // Evaluate all enabled rules - if (body.action === 'evaluate') { + // Check for evaluate action first (peek at body without consuming) + let rawBody: any + try { rawBody = await request.json() } catch { + return NextResponse.json({ error: 'Invalid request body' }, { status: 400 }) + } + + if (rawBody.action === 'evaluate') { return evaluateRules(db) } - // Validate for create - const parseResult = createAlertSchema.safeParse(body) + // Validate for create using schema + const parseResult = createAlertSchema.safeParse(rawBody) if (!parseResult.success) { const messages = parseResult.error.issues.map((e: any) => `${e.path.join('.')}: ${e.message}`) return NextResponse.json({ error: 'Validation failed', details: messages }, { status: 400 }) diff --git a/src/app/api/auth/access-requests/route.ts b/src/app/api/auth/access-requests/route.ts index 83b3195..95df6ed 100644 --- a/src/app/api/auth/access-requests/route.ts +++ b/src/app/api/auth/access-requests/route.ts @@ -2,6 +2,8 @@ import { randomBytes } from 'crypto' import { NextRequest, NextResponse } from 'next/server' import { createUser, getUserFromRequest , requireRole } from '@/lib/auth' import { getDatabase, logAuditEvent } from '@/lib/db' +import { validateBody, accessRequestActionSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' function makeUsernameFromEmail(email: string): string { const base = email.split('@')[0].replace(/[^a-z0-9._-]/gi, '').toLowerCase() || 'user' @@ -62,22 +64,14 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Admin access required' }, { status: 403 }) } - const db = getDatabase() - const body = await request.json().catch(() => ({})) - const requestId = Number(body?.request_id) - const action = String(body?.action || '') - const role = String(body?.role || 'viewer') as 'admin' | 'operator' | 'viewer' - const note = body?.note ? String(body.note) : null + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck - if (!Number.isInteger(requestId) || requestId <= 0) { - return NextResponse.json({ error: 'request_id is required' }, { status: 400 }) - } - if (!['approve', 'reject'].includes(action)) { - return NextResponse.json({ error: 'action must be approve or reject' }, { status: 400 }) - } - if (!['admin', 'operator', 'viewer'].includes(role)) { - return NextResponse.json({ error: 'Invalid role' }, { status: 400 }) - } + const result = await validateBody(request, accessRequestActionSchema) + if ('error' in result) return result.error + + const db = getDatabase() + const { request_id: requestId, action, role, note } = result.data const reqRow = db.prepare('SELECT * FROM access_requests WHERE id = ?').get(requestId) as any if (!reqRow) return NextResponse.json({ error: 'Request not found' }, { status: 404 }) diff --git a/src/app/api/auth/users/route.ts b/src/app/api/auth/users/route.ts index 45377a8..62170f0 100644 --- a/src/app/api/auth/users/route.ts +++ b/src/app/api/auth/users/route.ts @@ -1,6 +1,8 @@ import { NextRequest, NextResponse } from 'next/server' import { getUserFromRequest, getAllUsers, createUser, updateUser, deleteUser , requireRole } from '@/lib/auth' import { logAuditEvent } from '@/lib/db' +import { validateBody, createUserSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' /** * GET /api/auth/users - List all users (admin only) @@ -27,18 +29,15 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Admin access required' }, { status: 403 }) } + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { - const { username, password, display_name, role = 'operator', provider = 'local', email = null } = await request.json() + const result = await validateBody(request, createUserSchema) + if ('error' in result) return result.error + const { username, password, display_name, role, provider, email } = result.data - if (!username || !password) { - return NextResponse.json({ error: 'Username and password are required' }, { status: 400 }) - } - - if (!['admin', 'operator', 'viewer'].includes(role)) { - return NextResponse.json({ error: 'Invalid role' }, { status: 400 }) - } - - const newUser = createUser(username, password, display_name || username, role, { provider, email }) + const newUser = createUser(username, password, display_name || username, role, { provider, email: email || null }) const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown' logAuditEvent({ diff --git a/src/app/api/backup/route.ts b/src/app/api/backup/route.ts index 4585fad..2af307b 100644 --- a/src/app/api/backup/route.ts +++ b/src/app/api/backup/route.ts @@ -4,6 +4,7 @@ import { getDatabase, logAuditEvent } from '@/lib/db' import { config, ensureDirExists } from '@/lib/config' import { join, dirname } from 'path' import { readdirSync, statSync, unlinkSync } from 'fs' +import { heavyLimiter } from '@/lib/rate-limit' const BACKUP_DIR = join(dirname(config.dbPath), 'backups') const MAX_BACKUPS = 10 @@ -43,6 +44,9 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'admin') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = heavyLimiter(request) + if (rateCheck) return rateCheck + ensureDirExists(BACKUP_DIR) const timestamp = new Date().toISOString().replace(/[:.]/g, '-').replace('T', '_').slice(0, 19) diff --git a/src/app/api/cleanup/route.ts b/src/app/api/cleanup/route.ts index 90d3863..c590ea3 100644 --- a/src/app/api/cleanup/route.ts +++ b/src/app/api/cleanup/route.ts @@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server' import { requireRole } from '@/lib/auth' import { getDatabase, logAuditEvent } from '@/lib/db' import { config } from '@/lib/config' +import { heavyLimiter } from '@/lib/rate-limit' interface CleanupResult { table: string @@ -69,6 +70,9 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'admin') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = heavyLimiter(request) + if (rateCheck) return rateCheck + const body = await request.json().catch(() => ({})) const dryRun = body.dry_run === true diff --git a/src/app/api/gateway-config/route.ts b/src/app/api/gateway-config/route.ts index bd7e84d..7fa1e43 100644 --- a/src/app/api/gateway-config/route.ts +++ b/src/app/api/gateway-config/route.ts @@ -3,6 +3,8 @@ import { requireRole } from '@/lib/auth' import { logAuditEvent } from '@/lib/db' import { config } from '@/lib/config' import { join } from 'path' +import { validateBody, gatewayConfigUpdateSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' function getConfigPath(): string | null { if (!config.openclawHome) return null @@ -53,15 +55,17 @@ export async function PUT(request: NextRequest) { const auth = requireRole(request, 'admin') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + const configPath = getConfigPath() if (!configPath) { return NextResponse.json({ error: 'OPENCLAW_HOME not configured' }, { status: 404 }) } - const body = await request.json().catch(() => null) - if (!body?.updates || typeof body.updates !== 'object') { - return NextResponse.json({ error: 'updates object required (dot-notation paths)' }, { status: 400 }) - } + const result = await validateBody(request, gatewayConfigUpdateSchema) + if ('error' in result) return result.error + const body = result.data // Block writes to sensitive paths const blockedPaths = ['gateway.auth.password', 'gateway.auth.secret'] diff --git a/src/app/api/integrations/route.ts b/src/app/api/integrations/route.ts index 3d50ee3..1a1f4a7 100644 --- a/src/app/api/integrations/route.ts +++ b/src/app/api/integrations/route.ts @@ -5,6 +5,8 @@ import { config } from '@/lib/config' import { join } from 'path' import { readFile, writeFile, rename } from 'fs/promises' import { execFileSync } from 'child_process' +import { validateBody, integrationActionSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' // --------------------------------------------------------------------------- // Integration registry @@ -359,14 +361,16 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'admin') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) - const body = await request.json().catch(() => null) - if (!body?.action) { - return NextResponse.json({ error: 'action required' }, { status: 400 }) - } + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + + const result = await validateBody(request, integrationActionSchema) + if ('error' in result) return result.error + const body = result.data // pull-all is a batch action — no integrationId needed if (body.action === 'pull-all') { - return handlePullAll(request, auth.user, body.category as string | undefined) + return handlePullAll(request, auth.user, body.category) } if (!body.integrationId) { diff --git a/src/app/api/logs/route.ts b/src/app/api/logs/route.ts index d431b75..18d1283 100644 --- a/src/app/api/logs/route.ts +++ b/src/app/api/logs/route.ts @@ -3,6 +3,7 @@ import { readFile, readdir, stat } from 'fs/promises' import { join } from 'path' import { config } from '@/lib/config' import { requireRole } from '@/lib/auth' +import { readLimiter, mutationLimiter } from '@/lib/rate-limit' const LOGS_PATH = config.logsDir @@ -178,6 +179,9 @@ export async function GET(request: NextRequest) { const auth = requireRole(request, 'viewer') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = readLimiter(request) + if (rateCheck) return rateCheck + try { const { searchParams } = new URL(request.url) const action = searchParams.get('action') || 'recent' @@ -253,6 +257,9 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { const { action, message, level, source: customSource, session } = await request.json() diff --git a/src/app/api/memory/route.ts b/src/app/api/memory/route.ts index fdc8327..d15d07a 100644 --- a/src/app/api/memory/route.ts +++ b/src/app/api/memory/route.ts @@ -4,6 +4,7 @@ import { join, dirname, sep } from 'path' import { config } from '@/lib/config' import { resolveWithin } from '@/lib/paths' import { requireRole } from '@/lib/auth' +import { readLimiter, mutationLimiter } from '@/lib/rate-limit' const MEMORY_PATH = config.memoryDir @@ -116,6 +117,9 @@ export async function GET(request: NextRequest) { const auth = requireRole(request, 'viewer') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = readLimiter(request) + if (rateCheck) return rateCheck + try { const { searchParams } = new URL(request.url) const path = searchParams.get('path') @@ -235,6 +239,9 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { const body = await request.json() const { action, path, content } = body @@ -292,6 +299,9 @@ export async function DELETE(request: NextRequest) { const auth = requireRole(request, 'admin') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { const body = await request.json() const { action, path } = body diff --git a/src/app/api/notifications/route.ts b/src/app/api/notifications/route.ts index 639cf59..db5bbe2 100644 --- a/src/app/api/notifications/route.ts +++ b/src/app/api/notifications/route.ts @@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server'; import { getDatabase, Notification } from '@/lib/db'; import { requireRole } from '@/lib/auth'; import { mutationLimiter } from '@/lib/rate-limit'; +import { validateBody, notificationActionSchema } from '@/lib/validation'; /** * GET /api/notifications - Get notifications for a specific recipient @@ -256,13 +257,12 @@ export async function POST(request: NextRequest) { try { const db = getDatabase(); - const body = await request.json(); - const { agent, action } = body; - + + const result = await validateBody(request, notificationActionSchema); + if ('error' in result) return result.error; + const { agent, action } = result.data; + if (action === 'mark-delivered') { - if (!agent) { - return NextResponse.json({ error: 'Agent name is required' }, { status: 400 }); - } const now = Math.floor(Date.now() / 1000); diff --git a/src/app/api/pipelines/route.ts b/src/app/api/pipelines/route.ts index 9eb6eff..1773462 100644 --- a/src/app/api/pipelines/route.ts +++ b/src/app/api/pipelines/route.ts @@ -1,6 +1,8 @@ import { NextRequest, NextResponse } from 'next/server' import { getDatabase, db_helpers } from '@/lib/db' import { requireRole } from '@/lib/auth' +import { validateBody, createPipelineSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' export interface PipelineStep { template_id: number @@ -70,17 +72,15 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) - try { - const db = getDatabase() - const body = await request.json() - const { name, description, steps = [] } = body + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck - if (!name) { - return NextResponse.json({ error: 'Name is required' }, { status: 400 }) - } - if (!Array.isArray(steps) || steps.length < 2) { - return NextResponse.json({ error: 'Pipeline needs at least 2 steps' }, { status: 400 }) - } + try { + const result = await validateBody(request, createPipelineSchema) + if ('error' in result) return result.error + const { name, description, steps } = result.data + + const db = getDatabase() // Validate template IDs exist const templateIds = steps.map((s: PipelineStep) => s.template_id) @@ -96,14 +96,14 @@ export async function POST(request: NextRequest) { on_failure: s.on_failure || 'stop', })) - const result = db.prepare(` + const insertResult = db.prepare(` INSERT INTO workflow_pipelines (name, description, steps, created_by) VALUES (?, ?, ?, ?) `).run(name, description || null, JSON.stringify(cleanSteps), auth.user?.username || 'system') - db_helpers.logActivity('pipeline_created', 'pipeline', Number(result.lastInsertRowid), auth.user?.username || 'system', `Created pipeline: ${name}`) + db_helpers.logActivity('pipeline_created', 'pipeline', Number(insertResult.lastInsertRowid), auth.user?.username || 'system', `Created pipeline: ${name}`) - const pipeline = db.prepare('SELECT * FROM workflow_pipelines WHERE id = ?').get(result.lastInsertRowid) as Pipeline + const pipeline = db.prepare('SELECT * FROM workflow_pipelines WHERE id = ?').get(insertResult.lastInsertRowid) as Pipeline return NextResponse.json({ pipeline: { ...pipeline, steps: JSON.parse(pipeline.steps) } }, { status: 201 }) } catch (error) { console.error('POST /api/pipelines error:', error) diff --git a/src/app/api/quality-review/route.ts b/src/app/api/quality-review/route.ts index e558230..810690d 100644 --- a/src/app/api/quality-review/route.ts +++ b/src/app/api/quality-review/route.ts @@ -1,6 +1,8 @@ import { NextRequest, NextResponse } from 'next/server' import { getDatabase, db_helpers } from '@/lib/db' import { requireRole } from '@/lib/auth' +import { validateBody, qualityReviewSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' export async function GET(request: NextRequest) { const auth = requireRole(request, 'viewer') @@ -66,24 +68,15 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { + const validated = await validateBody(request, qualityReviewSchema) + if ('error' in validated) return validated.error + const { taskId, reviewer, status, notes } = validated.data + const db = getDatabase() - const body = await request.json() - const taskId = parseInt(body.taskId) - const reviewer = (body.reviewer || 'aegis').trim() - const status = (body.status || '').trim() - const notes = body.notes ? String(body.notes) : null - - if (isNaN(taskId) || !reviewer || !status) { - return NextResponse.json({ error: 'taskId, reviewer, and status are required' }, { status: 400 }) - } - - if (!['approved', 'rejected'].includes(status)) { - return NextResponse.json({ error: 'status must be approved or rejected' }, { status: 400 }) - } - if (!notes || !String(notes).trim()) { - return NextResponse.json({ error: 'notes are required for quality reviews' }, { status: 400 }) - } const task = db.prepare('SELECT id, title FROM tasks WHERE id = ?').get(taskId) as any if (!task) { diff --git a/src/app/api/search/route.ts b/src/app/api/search/route.ts index 6ce6aba..1b372d8 100644 --- a/src/app/api/search/route.ts +++ b/src/app/api/search/route.ts @@ -1,6 +1,7 @@ import { NextRequest, NextResponse } from 'next/server' import { requireRole } from '@/lib/auth' import { getDatabase } from '@/lib/db' +import { heavyLimiter } from '@/lib/rate-limit' interface SearchResult { type: 'task' | 'agent' | 'activity' | 'audit' | 'message' | 'notification' | 'webhook' | 'pipeline' @@ -20,6 +21,9 @@ export async function GET(request: NextRequest) { const auth = requireRole(request, 'viewer') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = heavyLimiter(request) + if (rateCheck) return rateCheck + const { searchParams } = new URL(request.url) const query = searchParams.get('q')?.trim() const typeFilter = searchParams.get('type') diff --git a/src/app/api/settings/route.ts b/src/app/api/settings/route.ts index 6bdb5f3..a6be8d4 100644 --- a/src/app/api/settings/route.ts +++ b/src/app/api/settings/route.ts @@ -3,6 +3,7 @@ import { requireRole } from '@/lib/auth' import { getDatabase, logAuditEvent } from '@/lib/db' import { config } from '@/lib/config' import { mutationLimiter } from '@/lib/rate-limit' +import { validateBody, updateSettingsSchema } from '@/lib/validation' interface SettingRow { key: string @@ -105,10 +106,9 @@ export async function PUT(request: NextRequest) { const rateCheck = mutationLimiter(request) if (rateCheck) return rateCheck - const body = await request.json().catch(() => null) - if (!body?.settings || typeof body.settings !== 'object') { - return NextResponse.json({ error: 'settings object required' }, { status: 400 }) - } + const result = await validateBody(request, updateSettingsSchema) + if ('error' in result) return result.error + const body = result.data const db = getDatabase() const upsert = db.prepare(` diff --git a/src/app/api/spawn/route.ts b/src/app/api/spawn/route.ts index e62554e..1119d12 100644 --- a/src/app/api/spawn/route.ts +++ b/src/app/api/spawn/route.ts @@ -6,6 +6,7 @@ import { readdir, readFile, stat } from 'fs/promises' import { join } from 'path' import { heavyLimiter } from '@/lib/rate-limit' import { logger } from '@/lib/logger' +import { validateBody, spawnAgentSchema } from '@/lib/validation' export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') @@ -15,24 +16,11 @@ export async function POST(request: NextRequest) { if (rateCheck) return rateCheck try { - const { task, model, label, timeoutSeconds } = await request.json() + const result = await validateBody(request, spawnAgentSchema) + if ('error' in result) return result.error + const { task, model, label, timeoutSeconds } = result.data - // Validate required fields - if (!task || !model || !label) { - return NextResponse.json( - { error: 'Missing required fields: task, model, label' }, - { status: 400 } - ) - } - - // Validate timeout - const timeout = parseInt(timeoutSeconds) || 300 - if (timeout < 10 || timeout > 3600) { - return NextResponse.json( - { error: 'Timeout must be between 10 and 3600 seconds' }, - { status: 400 } - ) - } + const timeout = timeoutSeconds // Generate spawn ID const spawnId = `spawn-${Date.now()}-${Math.random().toString(36).substr(2, 9)}` diff --git a/src/app/api/tasks/[id]/comments/route.ts b/src/app/api/tasks/[id]/comments/route.ts index a0a8c6a..092862c 100644 --- a/src/app/api/tasks/[id]/comments/route.ts +++ b/src/app/api/tasks/[id]/comments/route.ts @@ -1,6 +1,8 @@ import { NextRequest, NextResponse } from 'next/server'; import { getDatabase, Comment, db_helpers } from '@/lib/db'; import { requireRole } from '@/lib/auth'; +import { validateBody, createCommentSchema } from '@/lib/validation'; +import { mutationLimiter } from '@/lib/rate-limit'; /** * GET /api/tasks/[id]/comments - Get all comments for a task @@ -87,21 +89,21 @@ export async function POST( const auth = requireRole(request, 'operator'); if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }); + const rateCheck = mutationLimiter(request); + if (rateCheck) return rateCheck; + try { const db = getDatabase(); const resolvedParams = await params; const taskId = parseInt(resolvedParams.id); - const body = await request.json(); - + if (isNaN(taskId)) { return NextResponse.json({ error: 'Invalid task ID' }, { status: 400 }); } - - const { content, author = 'system', parent_id } = body; - - if (!content || !content.trim()) { - return NextResponse.json({ error: 'Comment content is required' }, { status: 400 }); - } + + const result = await validateBody(request, createCommentSchema); + if ('error' in result) return result.error; + const { content, author = 'system', parent_id } = result.data; // Verify task exists const task = db.prepare('SELECT * FROM tasks WHERE id = ?').get(taskId) as any; @@ -128,7 +130,7 @@ export async function POST( VALUES (?, ?, ?, ?, ?, ?) `); - const result = stmt.run( + const insertResult = stmt.run( taskId, author, content, @@ -136,8 +138,8 @@ export async function POST( parent_id || null, mentions.length > 0 ? JSON.stringify(mentions) : null ); - - const commentId = result.lastInsertRowid as number; + + const commentId = insertResult.lastInsertRowid as number; // Log activity const activityDescription = parent_id diff --git a/src/app/api/workflows/route.ts b/src/app/api/workflows/route.ts index 20bbf3f..9c618b0 100644 --- a/src/app/api/workflows/route.ts +++ b/src/app/api/workflows/route.ts @@ -1,6 +1,8 @@ import { NextRequest, NextResponse } from 'next/server' import { getDatabase, db_helpers } from '@/lib/db' import { requireRole } from '@/lib/auth' +import { validateBody, createWorkflowSchema } from '@/lib/validation' +import { mutationLimiter } from '@/lib/rate-limit' export interface WorkflowTemplate { id: number @@ -48,25 +50,25 @@ export async function POST(request: NextRequest) { const auth = requireRole(request, 'operator') if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status }) + const rateCheck = mutationLimiter(request) + if (rateCheck) return rateCheck + try { + const result = await validateBody(request, createWorkflowSchema) + if ('error' in result) return result.error + const { name, description, model, task_prompt, timeout_seconds, agent_role, tags } = result.data + const db = getDatabase() const user = auth.user - const body = await request.json() - const { name, description, model = 'sonnet', task_prompt, timeout_seconds = 300, agent_role, tags = [] } = body - - if (!name || !task_prompt) { - return NextResponse.json({ error: 'Name and task_prompt are required' }, { status: 400 }) - } - - const result = db.prepare(` + const insertResult = db.prepare(` INSERT INTO workflow_templates (name, description, model, task_prompt, timeout_seconds, agent_role, tags, created_by) VALUES (?, ?, ?, ?, ?, ?, ?, ?) `).run(name, description || null, model, task_prompt, timeout_seconds, agent_role || null, JSON.stringify(tags), user?.username || 'system') - const template = db.prepare('SELECT * FROM workflow_templates WHERE id = ?').get(result.lastInsertRowid) as WorkflowTemplate + const template = db.prepare('SELECT * FROM workflow_templates WHERE id = ?').get(insertResult.lastInsertRowid) as WorkflowTemplate - db_helpers.logActivity('workflow_created', 'workflow', Number(result.lastInsertRowid), user?.username || 'system', `Created workflow template: ${name}`) + db_helpers.logActivity('workflow_created', 'workflow', Number(insertResult.lastInsertRowid), user?.username || 'system', `Created workflow template: ${name}`) return NextResponse.json({ template: { ...template, tags: template.tags ? JSON.parse(template.tags) : [] } diff --git a/src/lib/__tests__/auth.test.ts b/src/lib/__tests__/auth.test.ts index e16dc24..c25b97f 100644 --- a/src/lib/__tests__/auth.test.ts +++ b/src/lib/__tests__/auth.test.ts @@ -1,17 +1,108 @@ -import { describe, it, expect, vi } from 'vitest' +import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' +import { safeCompare, requireRole } from '@/lib/auth' -// Test stubs for auth utilities -// safeCompare will be added by fix/p0-security-critical branch +// Mock dependencies that auth.ts imports +vi.mock('@/lib/db', () => ({ + getDatabase: vi.fn(), +})) -describe('requireRole', () => { - it.todo('returns user when authenticated with sufficient role') - it.todo('returns 401 when no authentication provided') - it.todo('returns 403 when role is insufficient') -}) +vi.mock('@/lib/password', () => ({ + hashPassword: vi.fn((p: string) => `hashed:${p}`), + verifyPassword: vi.fn(() => false), +})) + +// Prevent event-bus singleton side-effects +vi.mock('@/lib/event-bus', () => ({ + eventBus: { broadcast: vi.fn(), on: vi.fn(), emit: vi.fn() }, +})) describe('safeCompare', () => { - it.todo('returns true for matching strings') - it.todo('returns false for non-matching strings') - it.todo('returns false for different length strings') - it.todo('handles empty strings') + it('returns true for matching strings', () => { + expect(safeCompare('abc123', 'abc123')).toBe(true) + }) + + it('returns false for non-matching strings of same length', () => { + expect(safeCompare('abc123', 'xyz789')).toBe(false) + }) + + it('returns false for different length strings', () => { + expect(safeCompare('short', 'muchlonger')).toBe(false) + }) + + it('returns true for two empty strings', () => { + expect(safeCompare('', '')).toBe(true) + }) + + it('returns false when one string is empty', () => { + expect(safeCompare('', 'notempty')).toBe(false) + expect(safeCompare('notempty', '')).toBe(false) + }) + + it('returns false for non-string inputs', () => { + expect(safeCompare(null as any, 'a')).toBe(false) + expect(safeCompare('a', undefined as any)).toBe(false) + }) +}) + +describe('requireRole', () => { + const originalEnv = process.env + + beforeEach(() => { + process.env = { ...originalEnv, API_KEY: 'test-api-key-secret' } + }) + + afterEach(() => { + process.env = originalEnv + }) + + function makeRequest(headers: Record = {}): Request { + return new Request('http://localhost/api/test', { + headers: new Headers(headers), + }) + } + + it('returns 401 when no authentication is provided', () => { + const result = requireRole(makeRequest(), 'viewer') + expect(result.status).toBe(401) + expect(result.error).toBe('Authentication required') + expect(result.user).toBeUndefined() + }) + + it('returns 401 when API key is wrong', () => { + const result = requireRole( + makeRequest({ 'x-api-key': 'wrong-key' }), + 'viewer', + ) + expect(result.status).toBe(401) + expect(result.error).toBe('Authentication required') + }) + + it('returns user when API key is valid and role is sufficient', () => { + const result = requireRole( + makeRequest({ 'x-api-key': 'test-api-key-secret' }), + 'admin', + ) + expect(result.status).toBeUndefined() + expect(result.error).toBeUndefined() + expect(result.user).toBeDefined() + expect(result.user!.username).toBe('api') + expect(result.user!.role).toBe('admin') + }) + + it('returns user for lower role requirement with API key (admin >= viewer)', () => { + const result = requireRole( + makeRequest({ 'x-api-key': 'test-api-key-secret' }), + 'viewer', + ) + expect(result.user).toBeDefined() + expect(result.user!.role).toBe('admin') + }) + + it('returns user for operator role requirement with API key (admin >= operator)', () => { + const result = requireRole( + makeRequest({ 'x-api-key': 'test-api-key-secret' }), + 'operator', + ) + expect(result.user).toBeDefined() + }) }) diff --git a/src/lib/__tests__/db-helpers.test.ts b/src/lib/__tests__/db-helpers.test.ts new file mode 100644 index 0000000..9b51214 --- /dev/null +++ b/src/lib/__tests__/db-helpers.test.ts @@ -0,0 +1,162 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' + +// Use vi.hoisted() so mock variables are available inside vi.mock() factories +const { mockBroadcast, mockRun, mockGet, mockPrepare } = vi.hoisted(() => { + const mockRun = vi.fn(() => ({ lastInsertRowid: 1, changes: 1 })) + const mockGet = vi.fn((): any => ({ count: 1 })) + const mockPrepare = vi.fn(() => ({ + run: mockRun, + get: mockGet, + all: vi.fn(() => []), + })) + const mockBroadcast = vi.fn() + return { mockBroadcast, mockRun, mockGet, mockPrepare } +}) + +// Mock better-sqlite3 native module to avoid needing compiled bindings +vi.mock('better-sqlite3', () => { + return { + default: vi.fn(() => ({ + prepare: mockPrepare, + pragma: vi.fn(), + exec: vi.fn(), + close: vi.fn(), + })), + } +}) + +vi.mock('@/lib/config', () => ({ + config: { dbPath: ':memory:' }, + ensureDirExists: vi.fn(), +})) + +vi.mock('@/lib/migrations', () => ({ + runMigrations: vi.fn(), +})) + +vi.mock('@/lib/password', () => ({ + hashPassword: vi.fn((p: string) => `hashed:${p}`), + verifyPassword: vi.fn(() => false), +})) + +vi.mock('@/lib/logger', () => ({ + logger: { info: vi.fn(), error: vi.fn(), warn: vi.fn(), debug: vi.fn() }, +})) + +vi.mock('@/lib/event-bus', () => ({ + eventBus: { broadcast: mockBroadcast, on: vi.fn(), emit: vi.fn(), setMaxListeners: vi.fn() }, +})) + +// Import after mocks — the real db_helpers will use our mocked getDatabase +import { db_helpers } from '@/lib/db' + +describe('parseMentions', () => { + it('extracts multiple mentions', () => { + expect(db_helpers.parseMentions('@alice hello @bob')).toEqual(['alice', 'bob']) + }) + + it('returns empty array when no mentions', () => { + expect(db_helpers.parseMentions('no mentions here')).toEqual([]) + }) + + it('extracts single mention', () => { + expect(db_helpers.parseMentions('hey @alice')).toEqual(['alice']) + }) + + it('handles @@double — captures word chars after @', () => { + const result = db_helpers.parseMentions('@@double') + expect(result).toContain('double') + }) + + it('handles mentions at start and end of string', () => { + expect(db_helpers.parseMentions('@start and @end')).toEqual(['start', 'end']) + }) + + it('returns empty array for empty string', () => { + expect(db_helpers.parseMentions('')).toEqual([]) + }) +}) + +describe('logActivity', () => { + beforeEach(() => { + vi.clearAllMocks() + }) + + it('inserts activity into database and broadcasts event', () => { + db_helpers.logActivity('task_created', 'task', 1, 'alice', 'Created task') + + expect(mockPrepare).toHaveBeenCalled() + expect(mockRun).toHaveBeenCalledWith( + 'task_created', 'task', 1, 'alice', 'Created task', null, + ) + expect(mockBroadcast).toHaveBeenCalledWith( + 'activity.created', + expect.objectContaining({ + type: 'task_created', + entity_type: 'task', + entity_id: 1, + actor: 'alice', + }), + ) + }) + + it('stringifies data when provided', () => { + const data = { key: 'value' } + db_helpers.logActivity('update', 'agent', 2, 'bob', 'Updated agent', data) + + expect(mockRun).toHaveBeenCalledWith( + 'update', 'agent', 2, 'bob', 'Updated agent', JSON.stringify(data), + ) + }) +}) + +describe('createNotification', () => { + beforeEach(() => { + vi.clearAllMocks() + }) + + it('inserts notification and broadcasts event', () => { + db_helpers.createNotification('alice', 'mention', 'Mentioned', 'You were mentioned') + + expect(mockRun).toHaveBeenCalledWith( + 'alice', 'mention', 'Mentioned', 'You were mentioned', undefined, undefined, + ) + expect(mockBroadcast).toHaveBeenCalledWith( + 'notification.created', + expect.objectContaining({ + recipient: 'alice', + type: 'mention', + title: 'Mentioned', + }), + ) + }) + + it('passes source_type and source_id when provided', () => { + db_helpers.createNotification('bob', 'alert', 'Alert', 'CPU high', 'agent', 5) + + expect(mockRun).toHaveBeenCalledWith( + 'bob', 'alert', 'Alert', 'CPU high', 'agent', 5, + ) + }) +}) + +describe('updateAgentStatus', () => { + beforeEach(() => { + vi.clearAllMocks() + mockGet.mockReturnValue({ id: 42 }) + }) + + it('updates agent status in database and broadcasts', () => { + db_helpers.updateAgentStatus('worker-1', 'busy', 'Processing task') + + expect(mockPrepare).toHaveBeenCalled() + expect(mockBroadcast).toHaveBeenCalledWith( + 'agent.status_changed', + expect.objectContaining({ + id: 42, + name: 'worker-1', + status: 'busy', + }), + ) + }) +}) diff --git a/src/lib/__tests__/rate-limit.test.ts b/src/lib/__tests__/rate-limit.test.ts new file mode 100644 index 0000000..3986c78 --- /dev/null +++ b/src/lib/__tests__/rate-limit.test.ts @@ -0,0 +1,75 @@ +import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest' +import { createRateLimiter } from '@/lib/rate-limit' + +describe('createRateLimiter', () => { + beforeEach(() => { + vi.useFakeTimers() + }) + + afterEach(() => { + vi.useRealTimers() + }) + + function makeRequest(ip: string = '127.0.0.1'): Request { + return new Request('http://localhost/api/test', { + headers: new Headers({ 'x-forwarded-for': ip }), + }) + } + + it('allows first request within limit (returns null)', () => { + const limiter = createRateLimiter({ windowMs: 60_000, maxRequests: 5 }) + const result = limiter(makeRequest()) + expect(result).toBeNull() + }) + + it('allows requests up to the max limit', () => { + const limiter = createRateLimiter({ windowMs: 60_000, maxRequests: 3 }) + expect(limiter(makeRequest())).toBeNull() + expect(limiter(makeRequest())).toBeNull() + expect(limiter(makeRequest())).toBeNull() + }) + + it('blocks request exceeding the limit with 429', () => { + const limiter = createRateLimiter({ windowMs: 60_000, maxRequests: 2 }) + limiter(makeRequest()) + limiter(makeRequest()) + const blocked = limiter(makeRequest()) + expect(blocked).not.toBeNull() + expect(blocked!.status).toBe(429) + }) + + it('uses custom message in 429 response', async () => { + const limiter = createRateLimiter({ + windowMs: 60_000, + maxRequests: 1, + message: 'Slow down!', + }) + limiter(makeRequest()) + const blocked = limiter(makeRequest()) + expect(blocked).not.toBeNull() + const body = await blocked!.json() + expect(body.error).toBe('Slow down!') + }) + + it('resets after the window expires', () => { + const limiter = createRateLimiter({ windowMs: 10_000, maxRequests: 1 }) + expect(limiter(makeRequest())).toBeNull() + expect(limiter(makeRequest())).not.toBeNull() + + // Advance past the window + vi.advanceTimersByTime(11_000) + + // Should be allowed again + expect(limiter(makeRequest())).toBeNull() + }) + + it('tracks different IPs independently', () => { + const limiter = createRateLimiter({ windowMs: 60_000, maxRequests: 1 }) + expect(limiter(makeRequest('10.0.0.1'))).toBeNull() + expect(limiter(makeRequest('10.0.0.2'))).toBeNull() + // First IP now blocked + expect(limiter(makeRequest('10.0.0.1'))).not.toBeNull() + // Second IP now blocked + expect(limiter(makeRequest('10.0.0.2'))).not.toBeNull() + }) +}) diff --git a/src/lib/__tests__/validation.test.ts b/src/lib/__tests__/validation.test.ts new file mode 100644 index 0000000..7e1185b --- /dev/null +++ b/src/lib/__tests__/validation.test.ts @@ -0,0 +1,237 @@ +import { describe, it, expect } from 'vitest' +import { + createTaskSchema, + createAgentSchema, + createWebhookSchema, + createAlertSchema, + spawnAgentSchema, + createUserSchema, + qualityReviewSchema, + createPipelineSchema, + createWorkflowSchema, + createMessageSchema, +} from '@/lib/validation' + +describe('createTaskSchema', () => { + it('accepts valid input with defaults', () => { + const result = createTaskSchema.safeParse({ title: 'Fix bug' }) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.title).toBe('Fix bug') + expect(result.data.status).toBe('inbox') + expect(result.data.priority).toBe('medium') + expect(result.data.tags).toEqual([]) + expect(result.data.metadata).toEqual({}) + } + }) + + it('rejects missing title', () => { + const result = createTaskSchema.safeParse({}) + expect(result.success).toBe(false) + }) + + it('rejects invalid status', () => { + const result = createTaskSchema.safeParse({ title: 'X', status: 'invalid' }) + expect(result.success).toBe(false) + }) + + it('accepts all valid statuses', () => { + for (const status of ['inbox', 'assigned', 'in_progress', 'review', 'quality_review', 'done']) { + const result = createTaskSchema.safeParse({ title: 'T', status }) + expect(result.success).toBe(true) + } + }) +}) + +describe('createAgentSchema', () => { + it('accepts valid input', () => { + const result = createAgentSchema.safeParse({ name: 'agent-1' }) + expect(result.success).toBe(true) + }) + + it('rejects missing name', () => { + const result = createAgentSchema.safeParse({}) + expect(result.success).toBe(false) + }) +}) + +describe('createWebhookSchema', () => { + it('accepts valid input', () => { + const result = createWebhookSchema.safeParse({ + name: 'My Hook', + url: 'https://example.com/hook', + }) + expect(result.success).toBe(true) + }) + + it('rejects invalid URL', () => { + const result = createWebhookSchema.safeParse({ + name: 'Hook', + url: 'not-a-url', + }) + expect(result.success).toBe(false) + }) +}) + +describe('createAlertSchema', () => { + const validAlert = { + name: 'CPU Alert', + entity_type: 'agent' as const, + condition_field: 'cpu', + condition_operator: 'greater_than' as const, + condition_value: '90', + } + + it('accepts valid input', () => { + const result = createAlertSchema.safeParse(validAlert) + expect(result.success).toBe(true) + }) + + it('rejects missing name', () => { + const { name, ...rest } = validAlert + const result = createAlertSchema.safeParse(rest) + expect(result.success).toBe(false) + }) + + it('rejects missing entity_type', () => { + const { entity_type, ...rest } = validAlert + const result = createAlertSchema.safeParse(rest) + expect(result.success).toBe(false) + }) +}) + +describe('spawnAgentSchema', () => { + const validSpawn = { + task: 'Do something', + model: 'sonnet', + label: 'worker-1', + } + + it('accepts valid input with default timeout', () => { + const result = spawnAgentSchema.safeParse(validSpawn) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.timeoutSeconds).toBe(300) + } + }) + + it('rejects timeout below minimum (10)', () => { + const result = spawnAgentSchema.safeParse({ ...validSpawn, timeoutSeconds: 5 }) + expect(result.success).toBe(false) + }) + + it('rejects timeout above maximum (3600)', () => { + const result = spawnAgentSchema.safeParse({ ...validSpawn, timeoutSeconds: 9999 }) + expect(result.success).toBe(false) + }) +}) + +describe('createUserSchema', () => { + it('accepts valid input', () => { + const result = createUserSchema.safeParse({ + username: 'alice', + password: 'secret123', + }) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.role).toBe('operator') + } + }) + + it('rejects missing username', () => { + const result = createUserSchema.safeParse({ password: 'x' }) + expect(result.success).toBe(false) + }) + + it('rejects missing password', () => { + const result = createUserSchema.safeParse({ username: 'x' }) + expect(result.success).toBe(false) + }) +}) + +describe('qualityReviewSchema', () => { + it('accepts valid input', () => { + const result = qualityReviewSchema.safeParse({ + taskId: 1, + status: 'approved', + notes: 'Looks good', + }) + expect(result.success).toBe(true) + }) + + it('rejects invalid status', () => { + const result = qualityReviewSchema.safeParse({ + taskId: 1, + status: 'pending', + notes: 'N/A', + }) + expect(result.success).toBe(false) + }) +}) + +describe('createPipelineSchema', () => { + it('accepts valid input with 2+ steps', () => { + const result = createPipelineSchema.safeParse({ + name: 'Deploy', + steps: [ + { template_id: 1 }, + { template_id: 2 }, + ], + }) + expect(result.success).toBe(true) + }) + + it('rejects fewer than 2 steps', () => { + const result = createPipelineSchema.safeParse({ + name: 'Deploy', + steps: [{ template_id: 1 }], + }) + expect(result.success).toBe(false) + }) +}) + +describe('createWorkflowSchema', () => { + it('accepts valid input', () => { + const result = createWorkflowSchema.safeParse({ + name: 'Summarize', + task_prompt: 'Summarize the document', + }) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.model).toBe('sonnet') + } + }) + + it('rejects missing name', () => { + const result = createWorkflowSchema.safeParse({ task_prompt: 'Do it' }) + expect(result.success).toBe(false) + }) + + it('rejects missing task_prompt', () => { + const result = createWorkflowSchema.safeParse({ name: 'W' }) + expect(result.success).toBe(false) + }) +}) + +describe('createMessageSchema', () => { + it('accepts valid input', () => { + const result = createMessageSchema.safeParse({ + to: 'bob', + message: 'Hello', + }) + expect(result.success).toBe(true) + if (result.success) { + expect(result.data.from).toBe('system') + } + }) + + it('rejects missing to', () => { + const result = createMessageSchema.safeParse({ message: 'Hi' }) + expect(result.success).toBe(false) + }) + + it('rejects missing message', () => { + const result = createMessageSchema.safeParse({ to: 'bob' }) + expect(result.success).toBe(false) + }) +}) diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 4bda684..64b211b 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -40,6 +40,36 @@ export interface UserSession { user_agent: string | null } +interface SessionQueryRow { + id: number + username: string + display_name: string + role: 'admin' | 'operator' | 'viewer' + provider: 'local' | 'google' | null + email: string | null + avatar_url: string | null + is_approved: number + created_at: number + updated_at: number + last_login_at: number | null + session_id: number +} + +interface UserQueryRow { + id: number + username: string + display_name: string + role: 'admin' | 'operator' | 'viewer' + provider: 'local' | 'google' | null + email: string | null + avatar_url: string | null + is_approved: number + created_at: number + updated_at: number + last_login_at: number | null + password_hash: string +} + // Session management const SESSION_DURATION = 7 * 24 * 60 * 60 // 7 days in seconds @@ -74,7 +104,7 @@ export function validateSession(token: string): (User & { sessionId: number }) | FROM user_sessions s JOIN users u ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > ? - `).get(token, now) as any + `).get(token, now) as SessionQueryRow | undefined if (!row) return null @@ -107,7 +137,7 @@ export function destroyAllUserSessions(userId: number): void { // User management export function authenticateUser(username: string, password: string): User | null { const db = getDatabase() - const row = db.prepare('SELECT * FROM users WHERE username = ?').get(username) as any + const row = db.prepare('SELECT * FROM users WHERE username = ?').get(username) as UserQueryRow | undefined if (!row) return null if ((row.provider || 'local') !== 'local') return null if ((row.is_approved ?? 1) !== 1) return null @@ -129,7 +159,7 @@ export function authenticateUser(username: string, password: string): User | nul export function getUserById(id: number): User | null { const db = getDatabase() - const row = db.prepare('SELECT id, username, display_name, role, provider, email, avatar_url, is_approved, created_at, updated_at, last_login_at FROM users WHERE id = ?').get(id) as any + const row = db.prepare('SELECT id, username, display_name, role, provider, email, avatar_url, is_approved, created_at, updated_at, last_login_at FROM users WHERE id = ?').get(id) as User | undefined return row || null } diff --git a/src/lib/db.ts b/src/lib/db.ts index c03ec58..75ea0f1 100644 --- a/src/lib/db.ts +++ b/src/lib/db.ts @@ -71,8 +71,10 @@ function initializeSchema() { } } +interface CountRow { count: number } + function seedAdminUserFromEnv(dbConn: Database.Database): void { - const count = (dbConn.prepare('SELECT COUNT(*) as count FROM users').get() as any).count as number + const count = (dbConn.prepare('SELECT COUNT(*) as count FROM users').get() as CountRow).count if (count > 0) return const username = process.env.AUTH_USER || 'admin' diff --git a/src/lib/rate-limit.ts b/src/lib/rate-limit.ts index 2fdb7b8..e945b47 100644 --- a/src/lib/rate-limit.ts +++ b/src/lib/rate-limit.ts @@ -57,6 +57,11 @@ export const mutationLimiter = createRateLimiter({ maxRequests: 60, }) +export const readLimiter = createRateLimiter({ + windowMs: 60_000, + maxRequests: 120, +}) + export const heavyLimiter = createRateLimiter({ windowMs: 60_000, maxRequests: 10, diff --git a/src/lib/validation.ts b/src/lib/validation.ts index ac8c93a..e65c3fc 100644 --- a/src/lib/validation.ts +++ b/src/lib/validation.ts @@ -29,7 +29,7 @@ export async function validateBody( export const createTaskSchema = z.object({ title: z.string().min(1, 'Title is required').max(500), description: z.string().max(5000).optional(), - status: z.enum(['inbox', 'assigned', 'in_progress', 'review', 'done', 'blocked']).default('inbox'), + status: z.enum(['inbox', 'assigned', 'in_progress', 'review', 'quality_review', 'done']).default('inbox'), priority: z.enum(['critical', 'high', 'medium', 'low']).default('medium'), assigned_to: z.string().max(100).optional(), created_by: z.string().max(100).optional(), @@ -72,3 +72,84 @@ export const createAlertSchema = z.object({ action_config: z.record(z.string(), z.unknown()).optional(), cooldown_minutes: z.number().min(1).max(10080).optional(), }) + +export const notificationActionSchema = z.object({ + action: z.literal('mark-delivered'), + agent: z.string().min(1, 'Agent name is required'), +}) + +export const integrationActionSchema = z.object({ + action: z.enum(['test', 'pull', 'pull-all']), + integrationId: z.string().optional(), + category: z.string().optional(), +}) + +export const createPipelineSchema = z.object({ + name: z.string().min(1, 'Name is required'), + description: z.string().optional(), + steps: z.array(z.object({ + template_id: z.number(), + on_failure: z.enum(['stop', 'continue']).default('stop'), + })).min(2, 'Pipeline needs at least 2 steps'), +}) + +export const createWorkflowSchema = z.object({ + name: z.string().min(1, 'Name is required'), + task_prompt: z.string().min(1, 'Task prompt is required'), + description: z.string().optional(), + model: z.string().default('sonnet'), + timeout_seconds: z.number().default(300), + agent_role: z.string().optional(), + tags: z.array(z.string()).default([]), +}) + +export const createCommentSchema = z.object({ + task_id: z.number().optional(), + content: z.string().min(1, 'Comment content is required'), + author: z.string().optional(), + parent_id: z.number().optional(), +}) + +export const createMessageSchema = z.object({ + to: z.string().min(1, 'Recipient is required'), + message: z.string().min(1, 'Message is required'), + from: z.string().optional().default('system'), +}) + +export const updateSettingsSchema = z.object({ + settings: z.record(z.string(), z.unknown()), +}) + +export const gatewayConfigUpdateSchema = z.object({ + updates: z.record(z.string(), z.unknown()), +}) + +export const qualityReviewSchema = z.object({ + taskId: z.number(), + reviewer: z.string().default('aegis'), + status: z.enum(['approved', 'rejected']), + notes: z.string().min(1, 'Notes are required for quality reviews'), +}) + +export const spawnAgentSchema = z.object({ + task: z.string().min(1, 'Task is required'), + model: z.string().min(1, 'Model is required'), + label: z.string().min(1, 'Label is required'), + timeoutSeconds: z.number().min(10).max(3600).default(300), +}) + +export const createUserSchema = z.object({ + username: z.string().min(1, 'Username is required'), + password: z.string().min(1, 'Password is required'), + display_name: z.string().optional(), + role: z.enum(['admin', 'operator', 'viewer']).default('operator'), + provider: z.enum(['local', 'google']).default('local'), + email: z.string().optional(), +}) + +export const accessRequestActionSchema = z.object({ + request_id: z.number(), + action: z.enum(['approve', 'reject']), + role: z.enum(['admin', 'operator', 'viewer']).default('viewer'), + note: z.string().optional(), +})