Release: configuration management CRUD UI

.github/workflows/ci.yml

@@ -24,9 +24,15 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
-      - name: Build
+      - name: Install web dependencies
+        run: cd web && npm ci
+
+      - name: Build backend
         run: npm run build
 
+      - name: Build frontend
+        run: npm run build:web
+
       - name: Run typecheck
         run: npm run typecheck
 

.gitignore

@@ -3,6 +3,7 @@ node_modules/
 
 # Build output
 dist/
+*.tsbuildinfo
 
 # Coverage
 coverage/
@@ -25,11 +26,12 @@ Thumbs.db
 # Logs
 *.log
 npm-debug.log*
-logs/
+/logs/
 
 # Temp
 /tmp/
 *.tmp
+tmp-*.ts
 
 # Local agent workspace (repos, logs)
 workspace/

package.json

@@ -5,7 +5,7 @@
 	"type": "module",
 	"main": "dist/index.js",
 	"scripts": {
-		"dev": "tsx watch src/index.ts",
+		"dev": "node --env-file=.env --import tsx/esm --watch src/index.ts",
 		"dev:web": "cd web && npx vite",
 		"build": "tsc",
 		"build:web": "cd web && npm run build",

src/api/router.ts

@@ -1,4 +1,8 @@
+import { agentConfigsRouter } from './routers/agentConfigs.js';
 import { authRouter } from './routers/auth.js';
+import { credentialsRouter } from './routers/credentials.js';
+import { defaultsRouter } from './routers/defaults.js';
+import { organizationRouter } from './routers/organization.js';
 import { projectsRouter } from './routers/projects.js';
 import { runsRouter } from './routers/runs.js';
 import { router } from './trpc.js';
@@ -7,6 +11,10 @@ export const appRouter = router({
 	auth: authRouter,
 	runs: runsRouter,
 	projects: projectsRouter,
+	organization: organizationRouter,
+	defaults: defaultsRouter,
+	credentials: credentialsRouter,
+	agentConfigs: agentConfigsRouter,
 });
 
 export type AppRouter = typeof appRouter;

src/api/routers/agentConfigs.ts

@@ -0,0 +1,134 @@
+import { TRPCError } from '@trpc/server';
+import { eq } from 'drizzle-orm';
+import { z } from 'zod';
+import { getDb } from '../../db/client.js';
+import {
+	createAgentConfig,
+	deleteAgentConfig,
+	listAgentConfigs,
+	updateAgentConfig,
+} from '../../db/repositories/settingsRepository.js';
+import { agentConfigs, projects } from '../../db/schema/index.js';
+import { protectedProcedure, router } from '../trpc.js';
+
+export const agentConfigsRouter = router({
+	list: protectedProcedure
+		.input(z.object({ projectId: z.string().optional() }).optional())
+		.query(async ({ ctx, input }) => {
+			if (input?.projectId) {
+				// Verify project belongs to org
+				const db = getDb();
+				const [project] = await db
+					.select({ orgId: projects.orgId })
+					.from(projects)
+					.where(eq(projects.id, input.projectId));
+				if (!project || project.orgId !== ctx.user.orgId) {
+					throw new TRPCError({ code: 'NOT_FOUND' });
+				}
+				return listAgentConfigs({ projectId: input.projectId });
+			}
+			return listAgentConfigs({ orgId: ctx.user.orgId });
+		}),
+
+	create: protectedProcedure
+		.input(
+			z.object({
+				orgId: z.string().nullish(),
+				projectId: z.string().nullish(),
+				agentType: z.string().min(1),
+				model: z.string().nullish(),
+				maxIterations: z.number().int().positive().nullish(),
+				agentBackend: z.string().nullish(),
+				prompt: z.string().nullish(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			// If projectId given, verify ownership
+			if (input.projectId) {
+				const db = getDb();
+				const [project] = await db
+					.select({ orgId: projects.orgId })
+					.from(projects)
+					.where(eq(projects.id, input.projectId));
+				if (!project || project.orgId !== ctx.user.orgId) {
+					throw new TRPCError({ code: 'NOT_FOUND' });
+				}
+			}
+			return createAgentConfig({
+				orgId: input.orgId ?? ctx.user.orgId,
+				projectId: input.projectId,
+				agentType: input.agentType,
+				model: input.model,
+				maxIterations: input.maxIterations,
+				agentBackend: input.agentBackend,
+				prompt: input.prompt,
+			});
+		}),
+
+	update: protectedProcedure
+		.input(
+			z.object({
+				id: z.number(),
+				agentType: z.string().min(1).optional(),
+				model: z.string().nullish(),
+				maxIterations: z.number().int().positive().nullish(),
+				agentBackend: z.string().nullish(),
+				prompt: z.string().nullish(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			// Verify ownership
+			const db = getDb();
+			const [config] = await db
+				.select({ orgId: agentConfigs.orgId, projectId: agentConfigs.projectId })
+				.from(agentConfigs)
+				.where(eq(agentConfigs.id, input.id));
+			if (!config) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+			// Check org-scoped configs belong to user's org
+			if (config.orgId && config.orgId !== ctx.user.orgId) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+			// Check project-scoped configs belong to user's org
+			if (config.projectId) {
+				const [project] = await db
+					.select({ orgId: projects.orgId })
+					.from(projects)
+					.where(eq(projects.id, config.projectId));
+				if (!project || project.orgId !== ctx.user.orgId) {
+					throw new TRPCError({ code: 'NOT_FOUND' });
+				}
+			}
+
+			const { id, ...updates } = input;
+			await updateAgentConfig(id, updates);
+		}),
+
+	delete: protectedProcedure
+		.input(z.object({ id: z.number() }))
+		.mutation(async ({ ctx, input }) => {
+			const db = getDb();
+			const [config] = await db
+				.select({ orgId: agentConfigs.orgId, projectId: agentConfigs.projectId })
+				.from(agentConfigs)
+				.where(eq(agentConfigs.id, input.id));
+			if (!config) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+			if (config.orgId && config.orgId !== ctx.user.orgId) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+			if (config.projectId) {
+				const [project] = await db
+					.select({ orgId: projects.orgId })
+					.from(projects)
+					.where(eq(projects.id, config.projectId));
+				if (!project || project.orgId !== ctx.user.orgId) {
+					throw new TRPCError({ code: 'NOT_FOUND' });
+				}
+			}
+
+			await deleteAgentConfig(input.id);
+		}),
+});

src/api/routers/credentials.ts

@@ -0,0 +1,89 @@
+import { TRPCError } from '@trpc/server';
+import { eq } from 'drizzle-orm';
+import { z } from 'zod';
+import { getDb } from '../../db/client.js';
+import {
+	createCredential,
+	deleteCredential,
+	listOrgCredentials,
+	updateCredential,
+} from '../../db/repositories/credentialsRepository.js';
+import { credentials } from '../../db/schema/index.js';
+import { protectedProcedure, router } from '../trpc.js';
+
+function maskValue(value: string): string {
+	if (value.length <= 4) return '****';
+	return `****${value.slice(-4)}`;
+}
+
+export const credentialsRouter = router({
+	list: protectedProcedure.query(async ({ ctx }) => {
+		const rows = await listOrgCredentials(ctx.user.orgId);
+		return rows.map((row) => ({
+			...row,
+			value: maskValue(row.value),
+		}));
+	}),
+
+	create: protectedProcedure
+		.input(
+			z.object({
+				name: z.string().min(1),
+				envVarKey: z.string().regex(/^[A-Z_][A-Z0-9_]*$/),
+				value: z.string().min(1),
+				description: z.string().optional(),
+				isDefault: z.boolean().optional(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			return createCredential({
+				orgId: ctx.user.orgId,
+				name: input.name,
+				envVarKey: input.envVarKey,
+				value: input.value,
+				description: input.description,
+				isDefault: input.isDefault,
+			});
+		}),
+
+	update: protectedProcedure
+		.input(
+			z.object({
+				id: z.number(),
+				name: z.string().min(1).optional(),
+				value: z.string().min(1).optional(),
+				description: z.string().optional(),
+				isDefault: z.boolean().optional(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			// Verify ownership
+			const db = getDb();
+			const [cred] = await db
+				.select({ orgId: credentials.orgId })
+				.from(credentials)
+				.where(eq(credentials.id, input.id));
+			if (!cred || cred.orgId !== ctx.user.orgId) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+
+			const { id, ...updates } = input;
+			await updateCredential(id, updates);
+		}),
+
+	delete: protectedProcedure
+		.input(z.object({ id: z.number() }))
+		.mutation(async ({ ctx, input }) => {
+			// Verify ownership
+			const db = getDb();
+			const [cred] = await db
+				.select({ orgId: credentials.orgId })
+				.from(credentials)
+				.where(eq(credentials.id, input.id));
+			if (!cred || cred.orgId !== ctx.user.orgId) {
+				throw new TRPCError({ code: 'NOT_FOUND' });
+			}
+
+			await deleteCredential(input.id);
+		}),
+});

src/api/routers/defaults.ts

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+import {
+	getCascadeDefaults,
+	upsertCascadeDefaults,
+} from '../../db/repositories/settingsRepository.js';
+import { protectedProcedure, router } from '../trpc.js';
+
+export const defaultsRouter = router({
+	get: protectedProcedure.query(async ({ ctx }) => {
+		return getCascadeDefaults(ctx.user.orgId);
+	}),
+
+	upsert: protectedProcedure
+		.input(
+			z.object({
+				model: z.string().nullish(),
+				maxIterations: z.number().int().positive().nullish(),
+				freshMachineTimeoutMs: z.number().int().positive().nullish(),
+				watchdogTimeoutMs: z.number().int().positive().nullish(),
+				postJobGracePeriodMs: z.number().int().positive().nullish(),
+				cardBudgetUsd: z.string().nullish(),
+				agentBackend: z.string().nullish(),
+				progressModel: z.string().nullish(),
+				progressIntervalMinutes: z.string().nullish(),
+			}),
+		)
+		.mutation(async ({ ctx, input }) => {
+			await upsertCascadeDefaults(ctx.user.orgId, input);
+		}),
+});

src/api/routers/organization.ts

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+import { getOrganization, updateOrganization } from '../../db/repositories/settingsRepository.js';
+import { protectedProcedure, router } from '../trpc.js';
+
+export const organizationRouter = router({
+	get: protectedProcedure.query(async ({ ctx }) => {
+		return getOrganization(ctx.user.orgId);
+	}),
+
+	update: protectedProcedure
+		.input(z.object({ name: z.string().min(1) }))
+		.mutation(async ({ ctx, input }) => {
+			await updateOrganization(ctx.user.orgId, { name: input.name });
+		}),
+});