feat(frontend): metrics-sdk support and devbox implement

[mlhiter]

No description provided.

[pull-request-size]

Whoa! Easy there, Partner!

This PR is too big. Please break it up into smaller PRs.

[Copilot]

Pull request overview

This PR introduces a new TypeScript SDK package (sealos-metrics-sdk) for querying Prometheus/Victoria Metrics directly from Next.js applications. The SDK provides built-in Kubernetes authentication and type-safe interfaces for querying metrics across launchpad applications, databases, and MinIO storage.

Changes:

• New metrics-sdk package with TypeScript client for Prometheus/Victoria Metrics queries
• Authentication service using @kubernetes/client-node for K8s permission validation
• Service modules for launchpad, database, MinIO, and raw metric queries with PromQL builders
• Rollup build configuration for dual-format output (ESM and CJS)
• Comprehensive documentation and test utilities

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 20 comments.

Show a summary per file

File	Description
frontend/pnpm-lock.yaml	Added dependencies for new metrics-sdk package including axios, dayjs, rollup plugins, and esbuild 0.27.2
frontend/packages/metrics-sdk/package.json	Package configuration with dual exports (ESM/CJS), peer dependency on @kubernetes/client-node
frontend/packages/metrics-sdk/tsconfig.json	TypeScript configuration with ES2017 target and strict mode enabled
frontend/packages/metrics-sdk/rollup.config.js	Build configuration for bundling TypeScript with dual output formats
frontend/packages/metrics-sdk/src/client.ts	Main SDK client exposing launchpad, database, minio, and raw query services
frontend/packages/metrics-sdk/src/auth/auth.ts	Kubernetes authentication service with kubeconfig parsing and permission validation
frontend/packages/metrics-sdk/src/services/*.ts	Service implementations for different metric types with PromQL query builders
frontend/packages/metrics-sdk/src/types/*.ts	TypeScript type definitions for query parameters and responses
frontend/packages/metrics-sdk/src/constants/promql.ts	PromQL query templates for various metric types and databases
frontend/packages/metrics-sdk/src/utils/time.ts	Utility functions for timestamp formatting and conversion
frontend/packages/metrics-sdk/test/index.ts	Manual test script for SDK validation
frontend/packages/metrics-sdk/README.md	Comprehensive documentation with usage examples and API reference

Files not reviewed (1)

• frontend/pnpm-lock.yaml: Language not supported

[Copilot]

Debug logging statements should be removed before production. These console.log calls will execute on every query and expose sensitive information like query parameters and results. Consider using a configurable logger or removing these debug statements entirely.

[Copilot]

The README states the SDK "Replaces" three Go services (launchpad-monitor, database-monitor, minio-monitor), but this is misleading in a PR description. This new SDK provides an alternative client-side implementation but does not actually remove those services. Consider rephrasing to "Provides alternative to" or "Can replace" to avoid confusion.

Suggested change

	```
	**Replaces:**
	```
	**Can replace / provides alternative to:**

[Copilot]

Error handling issue: When kubeconfig is empty, the code continues execution and will fail later with less clear error messages. It would be better to throw an error immediately with a descriptive message rather than exiting the process, allowing the calling code to handle the error appropriately.

Suggested change

	console.error('❌ KUBECONFIG environment variable not set');
	process.exit(1);
	throw new Error('❌ KUBECONFIG environment variable not set');

[Copilot]

API design inconsistency: The MinioQueryParams interface requires both 'query' (typed as MinioMetric enum) and 'type' (hardcoded as literal 'minio'). The 'type' field seems redundant since the service is already minio-specific. This differs from other services where 'type' has semantic meaning. Consider removing the 'type' field or making it optional.

Suggested change

	type: 'minio';
	type?: 'minio';

[Copilot]

Security: The kubeconfig string is stored in memory and passed around. If this contains sensitive tokens or certificates, it could be exposed through error messages, logs, or memory dumps. Consider using more secure credential handling patterns, such as extracting only the necessary auth tokens and discarding the full kubeconfig after initial parsing.

[Copilot]

Inconsistent timestamp handling: The toSeconds function checks if the absolute value is greater than 1e12 to determine if it's in milliseconds, but this approach could fail for timestamps far in the future or past. A more reliable approach would be to check the actual magnitude or require explicit units. Additionally, using Math.abs could cause issues with negative timestamps (before epoch).

Suggested change

	return Math.abs(num) > 1e12 ? Math.floor(num / 1000) : Math.floor(num);
	if (!Number.isFinite(num)) {
	return NaN;
	}
	// Infer unit based on proximity to current time in seconds vs milliseconds.
	// This avoids misclassifying far-future timestamps purely by magnitude.
	const nowMs = Date.now();
	const nowSec = Math.floor(nowMs / 1000);
	const tenYearsInSeconds = 10 * 365 * 24 * 60 * 60;
	const tenYearsInMs = tenYearsInSeconds * 1000;
	// If it's close to the current seconds-based timestamp, treat as seconds.
	if (Math.abs(num - nowSec) <= tenYearsInSeconds) {
	return Math.floor(num);
	}
	// If it's close to the current milliseconds-based timestamp, treat as milliseconds.
	if (Math.abs(num - nowMs) <= tenYearsInMs) {
	return Math.floor(num / 1000);
	}
	// Fallback: treat as seconds to avoid misclassifying extreme values as milliseconds.
	return Math.floor(num);

[Copilot]

The 'any' type annotation reduces type safety. Consider using a more specific type for the authService parameter. Based on the BaseMetricsService constructor, this should be typed as 'AuthService' instead of 'any'.

Suggested change

	constructor(baseURL: string, authService: any, minioInstance?: string) {
	constructor(
	baseURL: string,
	authService: ConstructorParameters<typeof BaseMetricsService>[1],
	minioInstance?: string
	) {

[Copilot]

Missing error handling for environment variable access. If OBJECT_STORAGE_INSTANCE is not set and minioInstance is not provided, this will default to an empty string which could lead to incorrect query construction. Consider throwing an error or documenting this behavior clearly.

Suggested change

	this.minioInstance = minioInstance || process.env.OBJECT_STORAGE_INSTANCE || '';
	const resolvedInstance = minioInstance ?? process.env.OBJECT_STORAGE_INSTANCE;
	if (!resolvedInstance) {
	throw new Error(
	'MinIO instance is not configured. Provide a minioInstance argument or set the OBJECT_STORAGE_INSTANCE environment variable.'
	);
	}
	this.minioInstance = resolvedInstance;

[Copilot]

Security concern: The test file contains hardcoded credential expectations via environment variables. While using environment variables is better than hardcoding values, the test file should include clear warnings about not committing .env files with actual credentials. Consider adding a .env.example file and documenting this in comments.

Suggested change

	const __dirname = dirname(fileURLToPath(import.meta.url));
	const __dirname = dirname(fileURLToPath(import.meta.url));
	// NOTE: This test expects configuration via environment variables loaded from a local `.env` file.
	// - Do NOT commit any `.env` files containing real credentials or kubeconfig information.
	// - Instead, add a `.env.example` file (with non-sensitive placeholder values) to version control
	// and copy it to `.env` locally when running this test.
	// - Ensure `.env` is listed in `.gitignore` (or equivalent ignore configuration).

[Copilot]

Type safety issue: The type assertion 'as const' on line 11 creates a readonly tuple type, but the actual LAUNCHPAD_QUERIES object uses string keys like 'cpu', 'memory', etc. This mismatch means the LaunchpadMetric enum values must exactly match these keys. Consider adding a type constraint to ensure the enum and query keys stay in sync, or document this requirement clearly.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.86%. Comparing base (c7661b4) to head (47fb04d).
⚠️ Report is 39 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6613   +/-   ##
=======================================
  Coverage   61.86%   61.86%           
=======================================
  Files           8        8           
  Lines         653      653           
=======================================
  Hits          404      404           
  Misses        202      202           
  Partials       47       47           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.