178a38357e
Two changes developed together in one session; they share the same module
structure (db/mod.rs, the core lib root) and only compile together, so they
land as one commit.
## UserManager + per-user encryption (§9/§11)
New `users::UserManager`: owns the system.db pool plus a map
`userid -> SqlitePool` of unlocked databases. The pool *is* the unlock token —
its connect options carry the DEK as SQLCipher's raw key, so an open pool means
the key is in RAM until restart and dropping it re-locks (§9). Knows nothing
about cookies.
New `crypto` module: envelope encryption. A random 256-bit DEK encrypts
`{userid}.db`; `users.database_password` holds it sealed with AES-256-GCM under
`Argon2id(password, salt)`. The AEAD tag is the password verifier — one
derivation both authenticates and yields the key, so encrypted users store no
second hash. Cleartext users store the Argon2id output directly, compared in
constant time. Argon2 runs in spawn_blocking behind a 2-permit semaphore
(256 MiB per derivation).
- SQLCipher via `libsqlite3-sys` `bundled-sqlcipher-vendored-openssl`, pinned
<0.38 so it unifies with the one sqlx-sqlite links (a newer copy would apply
the feature to a SQLite sqlx never uses). OpenSSL is vendored and static, so
the binary stays self-contained.
- Schema split into `create_registry_tables` (instance-wide, no user key) and
`create_owner_tables` (one owner's content, identical in every file). No FK in
the owner bucket may reach the registry — enforced by a standalone test.
Dropped `chat_history.model_db_id` (write-only, and the only registry-crossing
key); moved `projects`/`project_tickets` into the owner bucket.
- Provisioning invariant: the file is written before the row, deleted after it,
so a crash leaves an orphan file, never a user without a database. `open_db`
never creates: a missing file is an error, not a silent empty database.
Not consumed yet: no login, call sites still use the shared system.db pool.
## Extract crates/skald-core
The headless core moves out of `src/` into its own crate; `skald` (server) and
the coming `skald-setup` are shells around it. Two dependencies on the shell
were inverted rather than dragged along, so the core names neither Tauri nor any
concrete plugin:
- `Plugin::tools(self: Arc<Self>)` — plugins contribute tools through this hook
(sibling of `http_router`), so the core no longer downcasts to
`MobileConnectorPlugin`.
- `tools::restart::set_restart_handler` — the desktop shell installs its
teardown-and-respawn; the core defaults to the supervisor exit code. The core
loses its `desktop` feature.
- `boot`'s stdout formatter moves to the binary (`src/boot_format.rs`); the core
only emits tracing events.
All 79 core tests pass; the binary boots and serves in a clean directory, and
the mobile-connector tools still register through the new hook.
138 lines
4.7 KiB
Rust
138 lines
4.7 KiB
Rust
use axum::{
|
|
Json,
|
|
extract::{Path, State},
|
|
http::StatusCode,
|
|
};
|
|
use serde::Deserialize;
|
|
|
|
use skald_core::db::{scheduled_jobs, job_runs};
|
|
use std::sync::Arc;
|
|
use skald_core::skald::Skald;
|
|
use super::ApiError;
|
|
|
|
#[derive(serde::Serialize)]
|
|
pub struct JobResponse {
|
|
pub id: i64,
|
|
pub title: String,
|
|
pub description: String,
|
|
pub cron: String,
|
|
pub prompt: String,
|
|
pub agent_id: String,
|
|
pub enabled: bool,
|
|
pub single_run: bool,
|
|
pub kind: String,
|
|
pub last_run_at: Option<String>,
|
|
pub next_run_at: Option<String>,
|
|
pub created_at: String,
|
|
pub run_context: Option<String>,
|
|
pub running_session_id: Option<i64>,
|
|
pub running_since: Option<String>,
|
|
}
|
|
|
|
pub async fn list(State(skald): State<Arc<Skald>>) -> Result<Json<Vec<JobResponse>>, ApiError> {
|
|
let jobs = scheduled_jobs::list(skald.db()).await?;
|
|
Ok(Json(jobs.into_iter().map(|j| JobResponse {
|
|
id: j.id,
|
|
title: j.title,
|
|
description: j.description,
|
|
cron: j.cron,
|
|
prompt: j.prompt,
|
|
agent_id: j.agent_id,
|
|
enabled: j.enabled,
|
|
single_run: j.single_run,
|
|
kind: j.kind,
|
|
last_run_at: j.last_run_at,
|
|
next_run_at: j.next_run_at,
|
|
created_at: j.created_at,
|
|
run_context: j.run_context,
|
|
running_session_id: j.running_session_id,
|
|
running_since: j.running_since,
|
|
}).collect()))
|
|
}
|
|
|
|
pub async fn delete_job(
|
|
Path(id): Path<i64>,
|
|
State(skald): State<Arc<Skald>>,
|
|
) -> Result<(), ApiError> {
|
|
let found = scheduled_jobs::delete(skald.db(), id).await?;
|
|
if found { Ok(()) } else { Err(ApiError::not_found(format!("job {id} not found"))) }
|
|
}
|
|
|
|
pub async fn toggle(
|
|
Path(id): Path<i64>,
|
|
State(skald): State<Arc<Skald>>,
|
|
Json(body): Json<serde_json::Value>,
|
|
) -> Result<(), ApiError> {
|
|
let enabled = body["enabled"]
|
|
.as_bool()
|
|
.ok_or_else(|| ApiError::bad_request("'enabled' boolean required"))?;
|
|
let found = scheduled_jobs::set_enabled(skald.db(), id, enabled).await?;
|
|
if found { Ok(()) } else { Err(ApiError::not_found(format!("job {id} not found"))) }
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct SetRunContextBody {
|
|
pub security_group: Option<String>,
|
|
}
|
|
|
|
pub async fn set_run_context(
|
|
Path(id): Path<i64>,
|
|
State(skald): State<Arc<Skald>>,
|
|
Json(body): Json<SetRunContextBody>,
|
|
) -> Result<(), ApiError> {
|
|
use skald_core::run_context::RunContext;
|
|
let json = body.security_group.as_ref().map(|sg| {
|
|
RunContext::with_security_group(Some(sg.clone())).to_db()
|
|
});
|
|
let found = scheduled_jobs::set_run_context(skald.db(), id, json.as_deref()).await?;
|
|
if found { Ok(()) } else { Err(ApiError::not_found(format!("job {id} not found"))) }
|
|
}
|
|
|
|
#[derive(serde::Serialize)]
|
|
pub struct JobRunResponse {
|
|
pub id: i64,
|
|
pub job_id: i64,
|
|
pub job_title: Option<String>,
|
|
pub agent_id: Option<String>,
|
|
pub kind: Option<String>,
|
|
pub session_id: Option<i64>,
|
|
pub started_at: String,
|
|
pub completed_at: Option<String>,
|
|
pub duration_ms: Option<i64>,
|
|
pub status: String,
|
|
pub final_response: Option<String>,
|
|
pub error: Option<String>,
|
|
pub created_at: String,
|
|
}
|
|
|
|
pub async fn kill_job(
|
|
Path(id): Path<i64>,
|
|
State(skald): State<Arc<Skald>>,
|
|
) -> Result<StatusCode, ApiError> {
|
|
let job = scheduled_jobs::get_by_id(skald.db(), id).await?
|
|
.ok_or_else(|| ApiError::not_found(format!("job {id} not found")))?;
|
|
let session_id = job.running_session_id
|
|
.ok_or_else(|| ApiError::bad_request("job is not currently running"))?;
|
|
skald.system_bus().send(core_api::system_bus::SystemEvent::SessionCancelled { session_id });
|
|
Ok(StatusCode::ACCEPTED)
|
|
}
|
|
|
|
pub async fn list_runs(State(skald): State<Arc<Skald>>) -> Result<Json<Vec<JobRunResponse>>, ApiError> {
|
|
let runs = job_runs::list_all(skald.db(), 200).await?;
|
|
Ok(Json(runs.into_iter().map(|r| JobRunResponse {
|
|
id: r.id,
|
|
job_id: r.job_id,
|
|
job_title: r.job_title,
|
|
agent_id: r.agent_id,
|
|
kind: r.kind,
|
|
session_id: r.session_id,
|
|
started_at: r.started_at,
|
|
completed_at: r.completed_at,
|
|
duration_ms: r.duration_ms,
|
|
status: r.status,
|
|
final_response: r.final_response,
|
|
error: r.error,
|
|
created_at: r.created_at,
|
|
}).collect()))
|
|
}
|