feat(agent): implement Agent Bridge for secure diagnostics

GEMINI.md

@@ -67,8 +67,13 @@ I am an interactive CLI agent assisting with software engineering tasks for One
 ## Current To-Do List
 
 1. **Docker Environment Insight Improvements (Priority: High)**: Implement methods/endpoints to give the agent more insight into the actual Docker runtime environment.
-2. **Security - Field Allowlists (Priority: High)**: Finish populating `searchable_fields` for all remaining object definitions.
+2. **Security - Field Allowlists (Priority: Done)**: Finished populating `searchable_fields` for all object definitions (Core, CMS, Events, Membership, Orders, Other).
 3. **Refactoring - Modularize `db_sql.py` (Priority: Done/Low)**: Successfully implemented a facade pattern, moving search builders and Redis helpers to modular files. This reduced `db_sql.py` by nearly 500 lines while preserving stability. Further modularization of core CRUD should only be attempted if stability risks are mitigated.
 4. **Specialized Endpoints (Priority: Medium)**: Plan modernization of custom logic (importing, websockets) to match V3 patterns.
 5. **Security - Authentication (Priority: High)**: Continue refining and enforcing JWT-based authentication across all V3 endpoints.
 
+### Workflow & Collaboration
+- **`GEMINI.md` Strategy:** The user is creating `GEMINI.md` files in key project directories. Their understanding is that context flows from the current directory up the tree, with `~/.gemini/GEMINI.md` serving as a global catch-all for general memories.
+- **Agents Sync (rsync):** Shared documentation, notes, and architectural updates are pushed to the `agents_sync` directory using `rsync`. This allows real-time coordination between different specialized agents (e.g., FastAPI backend and Svelte frontend agents).
+- **Home Server:** The user self-hosts a Proxmox server for services like Nextcloud.
+

app/main.py

@@ -16,7 +16,7 @@ import logging
 import app.log
 
 # Import the routers here first:
-from app.routers import ae_obj, aether_cfg, api_crud, api_crud_v2, api_crud_v3, api, importing, sql, account, activity_log, address, archive, archive_content, contact, data_store, event, event_abstract, event_badge, event_badge_importing, event_badge_template, event_device, event_exhibit, event_exhibit_tracking, event_file, event_importing, event_location, event_person, event_person_detail, event_person_tracking, event_presentation, event_presenter, event_registration, event_session, flask_cfg, fundraising, grant, hosted_file, journal, journal_entry, log_client_viewing, lookup, membership_cfg, membership_group, membership_person_group, membership_person, membership_person_profile, membership_type, membership_person_type, order, order_v3, order_line, order_cart, organization, page, person, person_user, post, post_comment, product, qr, site, site_domain, user, util_email, websockets_redis, e_confex, e_cvent, c_idaa, e_impexium, e_stripe
+from app.routers import ae_obj, aether_cfg, api_crud, api_crud_v2, api_crud_v3, agent_bridge, api, importing, sql, account, activity_log, address, archive, archive_content, contact, data_store, event, event_abstract, event_badge, event_badge_importing, event_badge_template, event_device, event_exhibit, event_exhibit_tracking, event_file, event_importing, event_location, event_person, event_person_detail, event_person_tracking, event_presentation, event_presenter, event_registration, event_session, flask_cfg, fundraising, grant, hosted_file, journal, journal_entry, log_client_viewing, lookup, membership_cfg, membership_group, membership_person_group, membership_person, membership_person_profile, membership_type, membership_person_type, order, order_v3, order_line, order_cart, organization, page, person, person_user, post, post_comment, product, qr, site, site_domain, user, util_email, websockets_redis, e_confex, e_cvent, c_idaa, e_impexium, e_stripe
 # cont_edu_cert, cont_edu_cert_person, 
 
 # from app.routers import aether_cfg, sql
@@ -120,6 +120,11 @@ app.include_router(
     prefix='/v3/crud',
     tags=['CRUD v3'],
 )
+app.include_router(
+    agent_bridge.router,
+    prefix='/agent',
+    tags=['Agent Bridge'],
+)
 app.include_router(
     api.router,
     prefix='/api',

app/routers/agent_bridge.py

@@ -0,0 +1,60 @@
+from fastapi import APIRouter, Depends, HTTPException
+import os
+import platform
+import json
+from typing import Dict, Any
+
+from app.lib_general_v3 import AccountContext, get_account_context
+from app.models.response_models import Resp_Body_Base, mk_resp
+
+router = APIRouter()
+
+@router.get("/status", response_model=Resp_Body_Base, tags=["Agent Bridge"])
+async def get_container_status(
+    account: AccountContext = Depends(get_account_context)
+):
+    """
+    Returns diagnostic information about the container environment.
+    Only accessible to administrators/managers via existing hierarchy.
+    """
+    # Simple check for administrative access
+    if not getattr(account, "administrator", False) and not getattr(account, "manager", False):
+        raise HTTPException(status_code=403, detail="Administrative access required.")
+
+    status_data = {
+        "os": platform.system(),
+        "release": platform.release(),
+        "python_version": platform.python_version(),
+        "hostname": platform.node(),
+        "cpu_count": os.cpu_count(),
+        "environment_vars": {k: v for k, v in os.environ.items() if "PASSWORD" not in k.upper() and "KEY" not in k.upper() and "SECRET" not in k.upper()},
+        "cwd": os.getcwd(),
+        "container": os.path.exists('/.dockerenv')
+    }
+
+    return mk_resp(data=status_data)
+
+@router.get("/logs", response_model=Resp_Body_Base, tags=["Agent Bridge"])
+async def get_latest_logs(
+    lines: int = 50,
+    account: AccountContext = Depends(get_account_context)
+):
+    """
+    Returns the last N lines of the application log.
+    """
+    if not getattr(account, "administrator", False) and not getattr(account, "manager", False):
+        raise HTTPException(status_code=403, detail="Administrative access required.")
+
+    from app.config import settings
+    log_path = settings.LOG_PATH.get('app', '/logs/aether_api.log')
+    
+    if not os.path.exists(log_path):
+        return mk_resp(data=False, status_message=f"Log file not found at {log_path}")
+
+    try:
+        with open(log_path, 'r') as f:
+            log_lines = f.readlines()
+            latest = log_lines[-lines:] if len(log_lines) > lines else log_lines
+            return mk_resp(data="".join(latest))
+    except Exception as e:
+        return mk_resp(data=False, status_message=str(e))