@apart-tech/intelligence-core 1.11.4 → 1.11.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/ability.d.ts +148 -0
- package/dist/auth/ability.d.ts.map +1 -0
- package/dist/auth/ability.js +291 -0
- package/dist/auth/ability.js.map +1 -0
- package/dist/auth/ability.test.d.ts +2 -0
- package/dist/auth/ability.test.d.ts.map +1 -0
- package/dist/auth/ability.test.js +693 -0
- package/dist/auth/ability.test.js.map +1 -0
- package/dist/auth/delegation-jwt.d.ts +167 -0
- package/dist/auth/delegation-jwt.d.ts.map +1 -0
- package/dist/auth/delegation-jwt.js +237 -0
- package/dist/auth/delegation-jwt.js.map +1 -0
- package/dist/auth/delegation-jwt.test.d.ts +2 -0
- package/dist/auth/delegation-jwt.test.d.ts.map +1 -0
- package/dist/auth/delegation-jwt.test.js +283 -0
- package/dist/auth/delegation-jwt.test.js.map +1 -0
- package/dist/auth/principal.d.ts +94 -0
- package/dist/auth/principal.d.ts.map +1 -0
- package/dist/auth/principal.js +33 -0
- package/dist/auth/principal.js.map +1 -0
- package/dist/config/config.test.d.ts +2 -0
- package/dist/config/config.test.d.ts.map +1 -0
- package/dist/config/config.test.js +57 -0
- package/dist/config/config.test.js.map +1 -0
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +22 -1
- package/dist/config/index.js.map +1 -1
- package/dist/db/tenant.d.ts.map +1 -1
- package/dist/db/tenant.js +8 -0
- package/dist/db/tenant.js.map +1 -1
- package/dist/index.d.ts +19 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -0
- package/dist/index.js.map +1 -1
- package/dist/lib/__tests__/jwt.test.d.ts +2 -0
- package/dist/lib/__tests__/jwt.test.d.ts.map +1 -0
- package/dist/lib/__tests__/jwt.test.js +97 -0
- package/dist/lib/__tests__/jwt.test.js.map +1 -0
- package/dist/lib/jwt.d.ts +20 -0
- package/dist/lib/jwt.d.ts.map +1 -1
- package/dist/lib/jwt.js +56 -3
- package/dist/lib/jwt.js.map +1 -1
- package/dist/services/__tests__/chunk-service.test.d.ts +2 -0
- package/dist/services/__tests__/chunk-service.test.d.ts.map +1 -0
- package/dist/services/__tests__/chunk-service.test.js +111 -0
- package/dist/services/__tests__/chunk-service.test.js.map +1 -0
- package/dist/services/__tests__/chunker.test.d.ts +2 -0
- package/dist/services/__tests__/chunker.test.d.ts.map +1 -0
- package/dist/services/__tests__/chunker.test.js +113 -0
- package/dist/services/__tests__/chunker.test.js.map +1 -0
- package/dist/services/__tests__/delegation-cleanup-service.test.d.ts +2 -0
- package/dist/services/__tests__/delegation-cleanup-service.test.d.ts.map +1 -0
- package/dist/services/__tests__/delegation-cleanup-service.test.js +211 -0
- package/dist/services/__tests__/delegation-cleanup-service.test.js.map +1 -0
- package/dist/services/__tests__/node-service.test.d.ts +2 -0
- package/dist/services/__tests__/node-service.test.d.ts.map +1 -0
- package/dist/services/__tests__/node-service.test.js +207 -0
- package/dist/services/__tests__/node-service.test.js.map +1 -0
- package/dist/services/__tests__/pii-detector-service.test.js +51 -0
- package/dist/services/__tests__/pii-detector-service.test.js.map +1 -1
- package/dist/services/__tests__/pii-encryption-service.test.js +37 -0
- package/dist/services/__tests__/pii-encryption-service.test.js.map +1 -1
- package/dist/services/__tests__/search-service.test.d.ts +2 -0
- package/dist/services/__tests__/search-service.test.d.ts.map +1 -0
- package/dist/services/__tests__/search-service.test.js +163 -0
- package/dist/services/__tests__/search-service.test.js.map +1 -0
- package/dist/services/agent-run-service.d.ts +44 -7
- package/dist/services/agent-run-service.d.ts.map +1 -1
- package/dist/services/agent-run-service.js +14 -0
- package/dist/services/agent-run-service.js.map +1 -1
- package/dist/services/agent-schedule-service.d.ts +21 -0
- package/dist/services/agent-schedule-service.d.ts.map +1 -1
- package/dist/services/agent-schedule-service.js +12 -0
- package/dist/services/agent-schedule-service.js.map +1 -1
- package/dist/services/audit-event-service.d.ts +76 -0
- package/dist/services/audit-event-service.d.ts.map +1 -0
- package/dist/services/audit-event-service.js +48 -0
- package/dist/services/audit-event-service.js.map +1 -0
- package/dist/services/backfill-chunks.d.ts +30 -0
- package/dist/services/backfill-chunks.d.ts.map +1 -0
- package/dist/services/backfill-chunks.js +55 -0
- package/dist/services/backfill-chunks.js.map +1 -0
- package/dist/services/chunk-service.d.ts +45 -0
- package/dist/services/chunk-service.d.ts.map +1 -0
- package/dist/services/chunk-service.js +111 -0
- package/dist/services/chunk-service.js.map +1 -0
- package/dist/services/chunker.d.ts +32 -0
- package/dist/services/chunker.d.ts.map +1 -0
- package/dist/services/chunker.js +289 -0
- package/dist/services/chunker.js.map +1 -0
- package/dist/services/context-service.d.ts +3 -1
- package/dist/services/context-service.d.ts.map +1 -1
- package/dist/services/context-service.js +17 -1
- package/dist/services/context-service.js.map +1 -1
- package/dist/services/delegation-cleanup-service.d.ts +133 -0
- package/dist/services/delegation-cleanup-service.d.ts.map +1 -0
- package/dist/services/delegation-cleanup-service.js +111 -0
- package/dist/services/delegation-cleanup-service.js.map +1 -0
- package/dist/services/edge-service.d.ts.map +1 -1
- package/dist/services/edge-service.js +3 -0
- package/dist/services/edge-service.js.map +1 -1
- package/dist/services/node-service.d.ts +12 -1
- package/dist/services/node-service.d.ts.map +1 -1
- package/dist/services/node-service.js +54 -11
- package/dist/services/node-service.js.map +1 -1
- package/dist/services/org-agent-type-service.d.ts +15 -0
- package/dist/services/org-agent-type-service.d.ts.map +1 -1
- package/dist/services/org-agent-type-service.js +2 -0
- package/dist/services/org-agent-type-service.js.map +1 -1
- package/dist/services/pii-detector-service.d.ts +1 -0
- package/dist/services/pii-detector-service.d.ts.map +1 -1
- package/dist/services/pii-detector-service.js +95 -2
- package/dist/services/pii-detector-service.js.map +1 -1
- package/dist/services/pii-encryption-service.d.ts +10 -0
- package/dist/services/pii-encryption-service.d.ts.map +1 -1
- package/dist/services/pii-encryption-service.js +32 -0
- package/dist/services/pii-encryption-service.js.map +1 -1
- package/dist/services/search-service.d.ts +30 -1
- package/dist/services/search-service.d.ts.map +1 -1
- package/dist/services/search-service.js +262 -45
- package/dist/services/search-service.js.map +1 -1
- package/dist/services/tag-service.d.ts +78 -0
- package/dist/services/tag-service.d.ts.map +1 -0
- package/dist/services/tag-service.js +639 -0
- package/dist/services/tag-service.js.map +1 -0
- package/dist/services/tag-service.test.d.ts +2 -0
- package/dist/services/tag-service.test.d.ts.map +1 -0
- package/dist/services/tag-service.test.js +448 -0
- package/dist/services/tag-service.test.js.map +1 -0
- package/dist/services/usage-service.d.ts +48 -0
- package/dist/services/usage-service.d.ts.map +1 -0
- package/dist/services/usage-service.js +116 -0
- package/dist/services/usage-service.js.map +1 -0
- package/dist/services/user-service.d.ts.map +1 -1
- package/dist/services/user-service.js +24 -6
- package/dist/services/user-service.js.map +1 -1
- package/dist/services/user-service.test.d.ts +2 -0
- package/dist/services/user-service.test.d.ts.map +1 -0
- package/dist/services/user-service.test.js +86 -0
- package/dist/services/user-service.test.js.map +1 -0
- package/dist/services/workspace-service.d.ts +2 -0
- package/dist/services/workspace-service.d.ts.map +1 -1
- package/dist/services/workspace-service.js +7 -1
- package/dist/services/workspace-service.js.map +1 -1
- package/dist/types/index.d.ts +80 -2
- package/dist/types/index.d.ts.map +1 -1
- package/package.json +3 -2
- package/prisma/schema.prisma +335 -82
- package/dist/db/schema.d.ts +0 -507
- package/dist/db/schema.d.ts.map +0 -1
- package/dist/db/schema.js +0 -77
- package/dist/db/schema.js.map +0 -1
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
import { describe, it, expect, vi, beforeEach } from "vitest";
|
|
2
|
+
import { SearchService } from "../search-service.js";
|
|
3
|
+
import { PiiDetectorService } from "../pii-detector-service.js";
|
|
4
|
+
import { PiiEncryptionService } from "../pii-encryption-service.js";
|
|
5
|
+
function createMockDb() {
|
|
6
|
+
return {
|
|
7
|
+
$queryRaw: vi.fn().mockResolvedValue([]),
|
|
8
|
+
$executeRaw: vi.fn().mockResolvedValue(1),
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
function createMockEmbeddings() {
|
|
12
|
+
return {
|
|
13
|
+
embed: vi.fn(async () => [0.1, 0.2, 0.3]),
|
|
14
|
+
embedBatch: vi.fn(async (texts) => texts.map(() => [0.1, 0.2, 0.3])),
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
const testConfig = {
|
|
18
|
+
database: { url: "postgresql://localhost/test" },
|
|
19
|
+
embeddings: { provider: "mock", model: "mock", dimensions: 3 },
|
|
20
|
+
search: {
|
|
21
|
+
defaultLimit: 10,
|
|
22
|
+
includeDrafts: true,
|
|
23
|
+
semanticWeight: 1,
|
|
24
|
+
keywordWeight: 1,
|
|
25
|
+
substringWeight: 0.5,
|
|
26
|
+
trigramWeight: 0.3,
|
|
27
|
+
trigramThreshold: 0.3,
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
describe("SearchService", () => {
|
|
31
|
+
const detector = new PiiDetectorService();
|
|
32
|
+
const piiEncryption = new PiiEncryptionService(detector);
|
|
33
|
+
const tenantCtx = { organizationId: "org-1" };
|
|
34
|
+
describe("PII stripping in search", () => {
|
|
35
|
+
let db;
|
|
36
|
+
let embeddings;
|
|
37
|
+
beforeEach(() => {
|
|
38
|
+
db = createMockDb();
|
|
39
|
+
embeddings = createMockEmbeddings();
|
|
40
|
+
});
|
|
41
|
+
it("strips email from query before embed() in encrypt mode", async () => {
|
|
42
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx, piiEncryption, { mode: "encrypt", orgKey: Buffer.alloc(32) });
|
|
43
|
+
await service.search({ query: "find john@example.com" });
|
|
44
|
+
expect(embeddings.embed).toHaveBeenCalledWith(expect.stringContaining("[EMAIL]"), expect.anything());
|
|
45
|
+
expect(embeddings.embed).toHaveBeenCalledWith(expect.not.stringContaining("john@example.com"), expect.anything());
|
|
46
|
+
});
|
|
47
|
+
it("does not strip when mode is disabled", async () => {
|
|
48
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx, piiEncryption, { mode: "disabled" });
|
|
49
|
+
await service.search({ query: "find john@example.com" });
|
|
50
|
+
expect(embeddings.embed).toHaveBeenCalledWith(expect.stringContaining("john@example.com"), expect.anything());
|
|
51
|
+
});
|
|
52
|
+
it("logs PII query to pii_query_logs on PII detection", async () => {
|
|
53
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx, piiEncryption, { mode: "encrypt", orgKey: Buffer.alloc(32) });
|
|
54
|
+
await service.search({ query: "find john@example.com" });
|
|
55
|
+
// Allow time for fire-and-forget
|
|
56
|
+
await new Promise((r) => setTimeout(r, 50));
|
|
57
|
+
expect(db.$executeRaw).toHaveBeenCalled();
|
|
58
|
+
// Verify audit log INSERT was called (look for pii_query_logs in the SQL)
|
|
59
|
+
const execCalls = db.$executeRaw.mock.calls;
|
|
60
|
+
const auditCall = execCalls.find((call) => {
|
|
61
|
+
const tpl = call[0];
|
|
62
|
+
return tpl.raw.join("").includes("pii_query_logs");
|
|
63
|
+
});
|
|
64
|
+
expect(auditCall).toBeDefined();
|
|
65
|
+
});
|
|
66
|
+
it("does not log audit when query has no PII", async () => {
|
|
67
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx, piiEncryption, { mode: "encrypt", orgKey: Buffer.alloc(32) });
|
|
68
|
+
await service.search({ query: "normal search query" });
|
|
69
|
+
// Allow time for fire-and-forget
|
|
70
|
+
await new Promise((r) => setTimeout(r, 50));
|
|
71
|
+
const execCalls = db.$executeRaw.mock.calls;
|
|
72
|
+
const auditCall = execCalls.find((call) => {
|
|
73
|
+
const tpl = call[0];
|
|
74
|
+
return tpl.raw.join("").includes("pii_query_logs");
|
|
75
|
+
});
|
|
76
|
+
expect(auditCall).toBeUndefined();
|
|
77
|
+
});
|
|
78
|
+
});
|
|
79
|
+
describe("chunk-level search and snippet propagation", () => {
|
|
80
|
+
let db;
|
|
81
|
+
let embeddings;
|
|
82
|
+
beforeEach(() => {
|
|
83
|
+
db = createMockDb();
|
|
84
|
+
embeddings = createMockEmbeddings();
|
|
85
|
+
});
|
|
86
|
+
it("runs chunk semantic search in parallel with node-level search", async () => {
|
|
87
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx);
|
|
88
|
+
await service.search({ query: "test query" });
|
|
89
|
+
// embed() should be called twice: once for chunk search, once for node fallback
|
|
90
|
+
expect(embeddings.embed).toHaveBeenCalledTimes(2);
|
|
91
|
+
});
|
|
92
|
+
it("returns snippet from chunk semantic results", async () => {
|
|
93
|
+
// Mock chunk search to return results with snippets
|
|
94
|
+
const mockChunkResult = {
|
|
95
|
+
id: "node-1",
|
|
96
|
+
type: "note",
|
|
97
|
+
title: "Test",
|
|
98
|
+
content: "Full content",
|
|
99
|
+
metadata: {},
|
|
100
|
+
status: "approved",
|
|
101
|
+
created_by: "test",
|
|
102
|
+
created_at: new Date(),
|
|
103
|
+
updated_at: new Date(),
|
|
104
|
+
version: 1,
|
|
105
|
+
domain_id: null,
|
|
106
|
+
organization_id: "org-1",
|
|
107
|
+
has_pii: false,
|
|
108
|
+
embedding_pii_mode: null,
|
|
109
|
+
similarity: 0.95,
|
|
110
|
+
chunk_content: "Relevant chunk text",
|
|
111
|
+
chunk_index: 2,
|
|
112
|
+
};
|
|
113
|
+
db.$queryRaw = vi.fn().mockResolvedValue([mockChunkResult]);
|
|
114
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx);
|
|
115
|
+
const results = await service.search({ query: "test query" });
|
|
116
|
+
// The result should carry the snippet
|
|
117
|
+
const nodeResult = results.find((r) => r.node.id === "node-1");
|
|
118
|
+
if (nodeResult) {
|
|
119
|
+
expect(nodeResult.snippet).toBe("Relevant chunk text");
|
|
120
|
+
expect(nodeResult.snippetChunkIndex).toBe(2);
|
|
121
|
+
}
|
|
122
|
+
});
|
|
123
|
+
it("preserves snippet through RRF when merging results", async () => {
|
|
124
|
+
// Test the RRF function directly by exercising the search method
|
|
125
|
+
// with all queries returning the same node — chunk query with snippet, keyword without
|
|
126
|
+
const mockNode = {
|
|
127
|
+
id: "node-1",
|
|
128
|
+
type: "note",
|
|
129
|
+
title: "Test",
|
|
130
|
+
content: "Full content",
|
|
131
|
+
metadata: {},
|
|
132
|
+
status: "approved",
|
|
133
|
+
created_by: "test",
|
|
134
|
+
created_at: new Date(),
|
|
135
|
+
updated_at: new Date(),
|
|
136
|
+
version: 1,
|
|
137
|
+
domain_id: null,
|
|
138
|
+
organization_id: "org-1",
|
|
139
|
+
has_pii: false,
|
|
140
|
+
embedding_pii_mode: null,
|
|
141
|
+
};
|
|
142
|
+
// All $queryRaw calls return the same node with chunk data
|
|
143
|
+
// (the chunk search result includes chunk_content and chunk_index)
|
|
144
|
+
db.$queryRaw = vi.fn().mockResolvedValue([{
|
|
145
|
+
...mockNode,
|
|
146
|
+
similarity: 0.95,
|
|
147
|
+
chunk_content: "Best chunk",
|
|
148
|
+
chunk_index: 1,
|
|
149
|
+
rank: 0.8,
|
|
150
|
+
match_score: 1.0,
|
|
151
|
+
trgm_score: 0.5,
|
|
152
|
+
}]);
|
|
153
|
+
const service = new SearchService(db, embeddings, testConfig, tenantCtx);
|
|
154
|
+
const results = await service.search({ query: "test query" });
|
|
155
|
+
// Node should appear in results (from multiple lists → hybrid)
|
|
156
|
+
const result = results.find((r) => r.node.id === "node-1");
|
|
157
|
+
expect(result).toBeDefined();
|
|
158
|
+
// Snippet should be preserved from the chunk semantic result
|
|
159
|
+
expect(result.snippet).toBe("Best chunk");
|
|
160
|
+
});
|
|
161
|
+
});
|
|
162
|
+
});
|
|
163
|
+
//# sourceMappingURL=search-service.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"search-service.test.js","sourceRoot":"","sources":["../../../src/services/__tests__/search-service.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAIpE,SAAS,YAAY;IACnB,OAAO;QACL,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxC,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC;KACf,CAAC;AAC/B,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO;QACL,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QACzC,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,KAAe,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;KAC/E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAgB;IAC9B,QAAQ,EAAE,EAAE,GAAG,EAAE,6BAA6B,EAAE;IAChD,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,EAAE;IAC9D,MAAM,EAAE;QACN,YAAY,EAAE,EAAE;QAChB,aAAa,EAAE,IAAI;QACnB,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,CAAC;QAChB,eAAe,EAAE,GAAG;QACpB,aAAa,EAAE,GAAG;QAClB,gBAAgB,EAAE,GAAG;KACtB;CACa,CAAC;AAEjB,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,MAAM,QAAQ,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;IAE9C,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,IAAI,EAAmC,CAAC;QACxC,IAAI,UAAmD,CAAC;QAExD,UAAU,CAAC,GAAG,EAAE;YACd,EAAE,GAAG,YAAY,EAAE,CAAC;YACpB,UAAU,GAAG,oBAAoB,EAAE,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;YACtE,MAAM,OAAO,GAAG,IAAI,aAAa,CAC/B,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EACrC,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAC7D,CAAC;YAEF,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAEzD,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAC3C,MAAM,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAClC,MAAM,CAAC,QAAQ,EAAE,CAClB,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAC3C,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,EAC/C,MAAM,CAAC,QAAQ,EAAE,CAClB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,OAAO,GAAG,IAAI,aAAa,CAC/B,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EACrC,aAAa,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CACpC,CAAC;YAEF,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAEzD,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAC3C,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,EAC3C,MAAM,CAAC,QAAQ,EAAE,CAClB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YACjE,MAAM,OAAO,GAAG,IAAI,aAAa,CAC/B,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EACrC,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAC7D,CAAC;YAEF,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAEzD,iCAAiC;YACjC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAE5C,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAC1C,0EAA0E;YAC1E,MAAM,SAAS,GAAI,EAAE,CAAC,WAAwC,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1E,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACxC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA+B,CAAC;gBAClD,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YACrD,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,OAAO,GAAG,IAAI,aAAa,CAC/B,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EACrC,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAC7D,CAAC;YAEF,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAEvD,iCAAiC;YACjC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAE5C,MAAM,SAAS,GAAI,EAAE,CAAC,WAAwC,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1E,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACxC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA+B,CAAC;gBAClD,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YACrD,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,SAAS,CAAC,CAAC,aAAa,EAAE,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4CAA4C,EAAE,GAAG,EAAE;QAC1D,IAAI,EAAmC,CAAC;QACxC,IAAI,UAAmD,CAAC;QAExD,UAAU,CAAC,GAAG,EAAE;YACd,EAAE,GAAG,YAAY,EAAE,CAAC;YACpB,UAAU,GAAG,oBAAoB,EAAE,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;YAC7E,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAEzE,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;YAE9C,gFAAgF;YAChF,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,oDAAoD;YACpD,MAAM,eAAe,GAAG;gBACtB,EAAE,EAAE,QAAQ;gBACZ,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,cAAc;gBACvB,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,UAAU;gBAClB,UAAU,EAAE,MAAM;gBAClB,UAAU,EAAE,IAAI,IAAI,EAAE;gBACtB,UAAU,EAAE,IAAI,IAAI,EAAE;gBACtB,OAAO,EAAE,CAAC;gBACV,SAAS,EAAE,IAAI;gBACf,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,KAAK;gBACd,kBAAkB,EAAE,IAAI;gBACxB,UAAU,EAAE,IAAI;gBAChB,aAAa,EAAE,qBAAqB;gBACpC,WAAW,EAAE,CAAC;aACf,CAAC;YACF,EAAE,CAAC,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;YAE5D,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YACzE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;YAE9D,sCAAsC;YACtC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;YAC/D,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;gBACvD,MAAM,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,iEAAiE;YACjE,uFAAuF;YACvF,MAAM,QAAQ,GAAG;gBACf,EAAE,EAAE,QAAQ;gBACZ,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,cAAc;gBACvB,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,UAAU;gBAClB,UAAU,EAAE,MAAM;gBAClB,UAAU,EAAE,IAAI,IAAI,EAAE;gBACtB,UAAU,EAAE,IAAI,IAAI,EAAE;gBACtB,OAAO,EAAE,CAAC;gBACV,SAAS,EAAE,IAAI;gBACf,eAAe,EAAE,OAAO;gBACxB,OAAO,EAAE,KAAK;gBACd,kBAAkB,EAAE,IAAI;aACzB,CAAC;YAEF,2DAA2D;YAC3D,mEAAmE;YACnE,EAAE,CAAC,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;oBACxC,GAAG,QAAQ;oBACX,UAAU,EAAE,IAAI;oBAChB,aAAa,EAAE,YAAY;oBAC3B,WAAW,EAAE,CAAC;oBACd,IAAI,EAAE,GAAG;oBACT,WAAW,EAAE,GAAG;oBAChB,UAAU,EAAE,GAAG;iBAChB,CAAC,CAAC,CAAC;YAEJ,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YACzE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;YAE9D,+DAA+D;YAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7B,6DAA6D;YAC7D,MAAM,CAAC,MAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -12,17 +12,54 @@ export interface AgentRun {
|
|
|
12
12
|
completedAt: Date | null;
|
|
13
13
|
createdBy: string;
|
|
14
14
|
scheduleId: string | null;
|
|
15
|
+
/**
|
|
16
|
+
* FK to `OrgAgentType.id`. Populated by the Phase 1d spawn path for
|
|
17
|
+
* runs whose agent type resolves to a DB-backed row. Built-in agent
|
|
18
|
+
* types that have no org-level row stay `null`.
|
|
19
|
+
*/
|
|
20
|
+
agentId: string | null;
|
|
21
|
+
/**
|
|
22
|
+
* FK to `User.id`. Populated by the Phase 1d spawn path whenever a
|
|
23
|
+
* run is spawned from a user-authenticated request. API-key-authored
|
|
24
|
+
* runs stay `null` because there is no owning user.
|
|
25
|
+
*/
|
|
26
|
+
invokedByUserId: string | null;
|
|
27
|
+
/**
|
|
28
|
+
* The intersected rule set captured at spawn time (Phase 1d). The
|
|
29
|
+
* middleware rehydrates this into a `DelegatedAgentPrincipal` ability
|
|
30
|
+
* on every sandbox callback — see `buildAbility` in core/auth. Stored
|
|
31
|
+
* as `Json?`; surfaced here as `unknown` so callers must narrow it
|
|
32
|
+
* before use.
|
|
33
|
+
*/
|
|
34
|
+
capturedAbility: unknown;
|
|
35
|
+
}
|
|
36
|
+
export interface AgentRunCreateInput {
|
|
37
|
+
prompt: string;
|
|
38
|
+
type?: string;
|
|
39
|
+
model: string;
|
|
40
|
+
createdBy: string;
|
|
41
|
+
scheduleId?: string;
|
|
42
|
+
/**
|
|
43
|
+
* FK to `OrgAgentType.id` — only set when the agent type is a DB-
|
|
44
|
+
* backed row. Built-in types without an org override leave this unset.
|
|
45
|
+
*/
|
|
46
|
+
agentId?: string | null;
|
|
47
|
+
/**
|
|
48
|
+
* FK to `User.id` — only set for user-authenticated spawn paths.
|
|
49
|
+
*/
|
|
50
|
+
invokedByUserId?: string | null;
|
|
51
|
+
/**
|
|
52
|
+
* The captured CASL rule set, i.e. `intersect(userAbility,
|
|
53
|
+
* orgAgentType.intrinsicPolicy)`. Only set for user-authenticated
|
|
54
|
+
* spawn paths. API-key-authored runs leave this null and the legacy
|
|
55
|
+
* `OrgAgentPrincipal` path in the middleware grants `manage all`.
|
|
56
|
+
*/
|
|
57
|
+
capturedAbility?: unknown;
|
|
15
58
|
}
|
|
16
59
|
export declare class AgentRunService {
|
|
17
60
|
private db;
|
|
18
61
|
constructor(db: PrismaClient);
|
|
19
|
-
create(organizationId: string, input:
|
|
20
|
-
prompt: string;
|
|
21
|
-
type?: string;
|
|
22
|
-
model: string;
|
|
23
|
-
createdBy: string;
|
|
24
|
-
scheduleId?: string;
|
|
25
|
-
}): Promise<AgentRun>;
|
|
62
|
+
create(organizationId: string, input: AgentRunCreateInput): Promise<AgentRun>;
|
|
26
63
|
updateStatus(id: string, organizationId: string, update: {
|
|
27
64
|
status: string;
|
|
28
65
|
result?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-run-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-run-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-run-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-run-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B;;;;OAIG;IACH,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;;OAIG;IACH,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B;;;;;;OAMG;IACH,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,mBAAmB,GACzB,OAAO,CAAC,QAAQ,CAAC;IA2Bd,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE;QACN,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,IAAI,CAAC;KACpB,GACA,OAAO,CAAC,QAAQ,CAAC;IAcd,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAQrE,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GACxD,OAAO,CAAC,QAAQ,EAAE,CAAC;IAatB,OAAO,CAAC,UAAU;CAmBnB"}
|
|
@@ -13,6 +13,17 @@ export class AgentRunService {
|
|
|
13
13
|
status: "pending",
|
|
14
14
|
createdBy: input.createdBy,
|
|
15
15
|
scheduleId: input.scheduleId ?? null,
|
|
16
|
+
agentId: input.agentId ?? null,
|
|
17
|
+
invokedByUserId: input.invokedByUserId ?? null,
|
|
18
|
+
// Prisma's typed `Json?` wants `undefined` to leave the column
|
|
19
|
+
// as its default (null) and a concrete object/array to write a
|
|
20
|
+
// value. `null` and `undefined` both collapse to "don't write
|
|
21
|
+
// anything" here; API-key spawn paths leave this unset and the
|
|
22
|
+
// resulting row has capturedAbility = null, which is the correct
|
|
23
|
+
// shape for legacy runs.
|
|
24
|
+
capturedAbility: input.capturedAbility == null
|
|
25
|
+
? undefined
|
|
26
|
+
: input.capturedAbility,
|
|
16
27
|
},
|
|
17
28
|
});
|
|
18
29
|
return this.toAgentRun(run);
|
|
@@ -64,6 +75,9 @@ export class AgentRunService {
|
|
|
64
75
|
completedAt: run.completedAt,
|
|
65
76
|
createdBy: run.createdBy,
|
|
66
77
|
scheduleId: run.scheduleId,
|
|
78
|
+
agentId: run.agentId ?? null,
|
|
79
|
+
invokedByUserId: run.invokedByUserId ?? null,
|
|
80
|
+
capturedAbility: run.capturedAbility ?? null,
|
|
67
81
|
};
|
|
68
82
|
}
|
|
69
83
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-run-service.js","sourceRoot":"","sources":["../../src/services/agent-run-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"agent-run-service.js","sourceRoot":"","sources":["../../src/services/agent-run-service.ts"],"names":[],"mappings":"AA6DA,MAAM,OAAO,eAAe;IACN;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA0B;QAE1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YACxC,IAAI,EAAE;gBACJ,cAAc;gBACd,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,YAAY;gBAChC,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;gBACpC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;gBAC9B,eAAe,EAAE,KAAK,CAAC,eAAe,IAAI,IAAI;gBAC9C,+DAA+D;gBAC/D,+DAA+D;gBAC/D,8DAA8D;gBAC9D,+DAA+D;gBAC/D,iEAAiE;gBACjE,yBAAyB;gBACzB,eAAe,EACb,KAAK,CAAC,eAAe,IAAI,IAAI;oBAC3B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAE,KAAK,CAAC,eAA0B;aACxC;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,EAAU,EACV,cAAsB,EACtB,MAMC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;aAChC;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,cAAsB;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAAyD;QAEzD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC3C,KAAK,EAAE;gBACL,cAAc;gBACd,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3C;YACD,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;YAC9B,IAAI,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;SACxB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;IAEO,UAAU,CAAC,GAAQ;QACzB,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,IAAI;YAC5B,eAAe,EAAE,GAAG,CAAC,eAAe,IAAI,IAAI;YAC5C,eAAe,EAAE,GAAG,CAAC,eAAe,IAAI,IAAI;SAC7C,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -16,6 +16,19 @@ export interface AgentScheduleRecord {
|
|
|
16
16
|
createdBy: string;
|
|
17
17
|
createdAt: Date;
|
|
18
18
|
updatedAt: Date;
|
|
19
|
+
/** Phase 1d follow-up (story 663c97e3): populated for OAuth-created
|
|
20
|
+
* schedules that participate in the delegation flow. The trigger
|
|
21
|
+
* route uses this presence check to shape-switch between the legacy
|
|
22
|
+
* api-key path and the scheduled-delegated AgentAuth variant. */
|
|
23
|
+
agentId: string | null;
|
|
24
|
+
scheduledByUserId: string | null;
|
|
25
|
+
/** Frozen CASL rule set computed at schedule-creation time via
|
|
26
|
+
* `intersect(userAbility, orgAgentType.intrinsicPolicy)`. Null for
|
|
27
|
+
* api-key-authored schedules and for any schedule created before
|
|
28
|
+
* story 663c97e3 shipped. `unknown` rather than `AppRawRule[]` here
|
|
29
|
+
* because the Principal module deliberately avoids importing CASL
|
|
30
|
+
* types — the orchestrator narrows at the read site. */
|
|
31
|
+
capturedAbility: unknown;
|
|
19
32
|
}
|
|
20
33
|
export interface CreateAgentScheduleInput {
|
|
21
34
|
name: string;
|
|
@@ -26,6 +39,14 @@ export interface CreateAgentScheduleInput {
|
|
|
26
39
|
prompt: string;
|
|
27
40
|
model?: string;
|
|
28
41
|
workspace?: string;
|
|
42
|
+
/** Phase 1d follow-up: set together for OAuth-created schedules that
|
|
43
|
+
* should fire as delegated agents. All three must be provided in the
|
|
44
|
+
* same call; the service does not enforce the tri-state because the
|
|
45
|
+
* route handler is the only caller that knows whether the request
|
|
46
|
+
* came from a user or an API key. */
|
|
47
|
+
scheduledByUserId?: string;
|
|
48
|
+
agentId?: string | null;
|
|
49
|
+
capturedAbility?: unknown;
|
|
29
50
|
}
|
|
30
51
|
export interface UpdateAgentScheduleInput {
|
|
31
52
|
name?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAU,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiB3D,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB;;;sEAGkE;IAClE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC;;;;;6DAKyD;IACzD,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;0CAIsC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,oBAAoB;IACnB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,EAC/B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,mBAAmB,CAAC;IA8BzB,MAAM,CACV,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAsBhC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW5D,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAQhF,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,GAC3B,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAW3B,UAAU,CACd,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAYhC,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAUV,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASpF,OAAO,CAAC,QAAQ;CAuBjB"}
|
|
@@ -30,6 +30,15 @@ export class AgentScheduleService {
|
|
|
30
30
|
apiKeyEncrypted: encrypt(rawApiKey),
|
|
31
31
|
apiKeyHash: hashApiKey(rawApiKey),
|
|
32
32
|
createdBy,
|
|
33
|
+
// Phase 1d follow-up columns. All three default to null — only
|
|
34
|
+
// OAuth-created schedules populated by the route handler carry
|
|
35
|
+
// them. Prisma's typed null handling: pass `undefined` to leave
|
|
36
|
+
// the column unset, a concrete value to write.
|
|
37
|
+
scheduledByUserId: input.scheduledByUserId,
|
|
38
|
+
agentId: input.agentId ?? undefined,
|
|
39
|
+
capturedAbility: input.capturedAbility === undefined
|
|
40
|
+
? undefined
|
|
41
|
+
: input.capturedAbility,
|
|
33
42
|
},
|
|
34
43
|
});
|
|
35
44
|
return this.toRecord(schedule);
|
|
@@ -139,6 +148,9 @@ export class AgentScheduleService {
|
|
|
139
148
|
createdBy: schedule.createdBy,
|
|
140
149
|
createdAt: schedule.createdAt,
|
|
141
150
|
updatedAt: schedule.updatedAt,
|
|
151
|
+
agentId: schedule.agentId ?? null,
|
|
152
|
+
scheduledByUserId: schedule.scheduledByUserId ?? null,
|
|
153
|
+
capturedAbility: schedule.capturedAbility ?? null,
|
|
142
154
|
};
|
|
143
155
|
}
|
|
144
156
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,CAAC;AAgED,MAAM,OAAO,oBAAoB;IACX;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA+B,EAC/B,SAAiB,EACjB,SAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YAClD,IAAI,EAAE;gBACJ,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;gBACpC,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,KAAK;gBACjC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,YAAY;gBAC1C,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,QAAQ;gBAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,eAAe,EAAE,OAAO,CAAC,SAAS,CAAC;gBACnC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;gBACjC,SAAS;gBACT,+DAA+D;gBAC/D,+DAA+D;gBAC/D,gEAAgE;gBAChE,+CAA+C;gBAC/C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;gBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,SAAS;gBACnC,eAAe,EACb,KAAK,CAAC,eAAe,KAAK,SAAS;oBACjC,CAAC,CAAC,SAAS;oBACX,CAAC,CAAE,KAAK,CAAC,eAAyC;aACvD;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,EAAU,EACV,cAAsB,EACtB,KAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE;oBACJ,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzD,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9E,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvF,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrE,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/D,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB;aACF,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,cAAsB;QAC7C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;aAC9B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,cAAsB;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA4B;QAE5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;YACrD,KAAK,EAAE;gBACL,cAAc;gBACd,GAAG,CAAC,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClE;YACD,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC/B,CAAC,CAAC;QACH,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,EAAU,EACV,cAAsB,EACtB,OAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;aACzC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,UAAkB;QAElB,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,KAAa;QAEb,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE;gBACJ,eAAe,EAAE,IAAI,IAAI,EAAE;gBAC3B,SAAS,EAAE,KAAK;aACjB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU,EAAE,cAAsB;QACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;IAEO,QAAQ,CAAC,QAAa;QAC5B,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,IAAI;YACjC,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,IAAI,IAAI;YACrD,eAAe,EAAE,QAAQ,CAAC,eAAe,IAAI,IAAI;SAClD,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import type { PrismaClient } from "@prisma/client";
|
|
2
|
+
/**
|
|
3
|
+
* Minimal audit-event writer (Phase 1d).
|
|
4
|
+
*
|
|
5
|
+
* The `audit_events` table was added in Phase 1c but no code path
|
|
6
|
+
* populated it. Phase 1d is the first sub-phase that writes rows: the
|
|
7
|
+
* spawn path records `delegation.mint` on every agent run that is
|
|
8
|
+
* created, and the execution-side middleware (sub-commit 4) records
|
|
9
|
+
* `delegation.verify` on every delegation-token authorization check.
|
|
10
|
+
*
|
|
11
|
+
* Why a dedicated service rather than raw `db.auditEvent.create`:
|
|
12
|
+
* - Central place to coerce the `effectiveAbility` JSON field (which
|
|
13
|
+
* accepts `unknown` at the call site) into the shape Prisma expects.
|
|
14
|
+
* - Single typed vocabulary for `action` and `result` so spawn-path
|
|
15
|
+
* and middleware stay aligned on what the audit log looks like.
|
|
16
|
+
* - Single place to add downstream fanout (e.g. ship to an external
|
|
17
|
+
* audit sink) without revisiting every call site.
|
|
18
|
+
*
|
|
19
|
+
* This service is intentionally thin. It is not a query API — read
|
|
20
|
+
* access to `audit_events` is not exposed through a service in Phase
|
|
21
|
+
* 1d because no code path reads it yet. When a read path is added
|
|
22
|
+
* (e.g. a per-org audit log UI), extend this service rather than
|
|
23
|
+
* sprinkling `db.auditEvent.findMany` across packages.
|
|
24
|
+
*/
|
|
25
|
+
/**
|
|
26
|
+
* Typed discriminant for the `action` column. Keep this list in sync
|
|
27
|
+
* with the call sites — adding a new action to the schema without
|
|
28
|
+
* adding it here means the call site is stringly-typed.
|
|
29
|
+
*/
|
|
30
|
+
export type AuditAction = "delegation.mint" | "delegation.verify" | "delegation.revoke";
|
|
31
|
+
/**
|
|
32
|
+
* Typed discriminant for the `result` column. `allow` and `deny` are
|
|
33
|
+
* the two normal outcomes; `error` is reserved for failures inside
|
|
34
|
+
* the check itself (e.g. DB lookup failed) that are neither an
|
|
35
|
+
* intentional deny nor a successful allow.
|
|
36
|
+
*/
|
|
37
|
+
export type AuditResult = "allow" | "deny" | "error";
|
|
38
|
+
/**
|
|
39
|
+
* Input shape for `AuditEventService.record`. Fields map one-to-one
|
|
40
|
+
* to `audit_events` columns. `effectiveAbility` is typed `unknown`
|
|
41
|
+
* because the captured rule set comes from `AppRawRule[]` on one side
|
|
42
|
+
* and from arbitrary JSON-from-DB on the other; callers should pass
|
|
43
|
+
* whatever they have and trust the service to coerce.
|
|
44
|
+
*/
|
|
45
|
+
export interface RecordAuditEventInput {
|
|
46
|
+
agentRunId?: string | null;
|
|
47
|
+
principalType: string;
|
|
48
|
+
principalId: string;
|
|
49
|
+
organizationId: string;
|
|
50
|
+
action: AuditAction;
|
|
51
|
+
subjectType?: string | null;
|
|
52
|
+
subjectId?: string | null;
|
|
53
|
+
effectiveAbility?: unknown;
|
|
54
|
+
result: AuditResult;
|
|
55
|
+
}
|
|
56
|
+
export declare class AuditEventService {
|
|
57
|
+
private db;
|
|
58
|
+
constructor(db: PrismaClient);
|
|
59
|
+
/**
|
|
60
|
+
* Insert one row into `audit_events`. Never throws for a
|
|
61
|
+
* non-present Prisma connection — audit writes must not break the
|
|
62
|
+
* hot path. If the insert fails, the error is swallowed and logged;
|
|
63
|
+
* the caller's main operation still succeeds.
|
|
64
|
+
*
|
|
65
|
+
* The rationale for fire-and-forget is that audit events are a
|
|
66
|
+
* side-channel, not a correctness guarantee. A missing audit row is
|
|
67
|
+
* a visibility problem, not a security hole — the security
|
|
68
|
+
* guarantee comes from the actual authorization check, not from the
|
|
69
|
+
* audit log that records its outcome. Making the hot path depend on
|
|
70
|
+
* a successful audit write would add a failure mode that matters
|
|
71
|
+
* more than the visibility signal it provides. Phase 1g's audit-
|
|
72
|
+
* pipeline work can revisit this tradeoff.
|
|
73
|
+
*/
|
|
74
|
+
record(input: RecordAuditEventInput): Promise<void>;
|
|
75
|
+
}
|
|
76
|
+
//# sourceMappingURL=audit-event-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-event-service.d.ts","sourceRoot":"","sources":["../../src/services/audit-event-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH;;;;GAIG;AACH,MAAM,MAAM,WAAW,GACnB,iBAAiB,GACjB,mBAAmB,GACnB,mBAAmB,CAAC;AAExB;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAErD;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,qBAAa,iBAAiB;IAChB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAEpC;;;;;;;;;;;;;;OAcG;IACG,MAAM,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;CA0B1D"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
export class AuditEventService {
|
|
2
|
+
db;
|
|
3
|
+
constructor(db) {
|
|
4
|
+
this.db = db;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Insert one row into `audit_events`. Never throws for a
|
|
8
|
+
* non-present Prisma connection — audit writes must not break the
|
|
9
|
+
* hot path. If the insert fails, the error is swallowed and logged;
|
|
10
|
+
* the caller's main operation still succeeds.
|
|
11
|
+
*
|
|
12
|
+
* The rationale for fire-and-forget is that audit events are a
|
|
13
|
+
* side-channel, not a correctness guarantee. A missing audit row is
|
|
14
|
+
* a visibility problem, not a security hole — the security
|
|
15
|
+
* guarantee comes from the actual authorization check, not from the
|
|
16
|
+
* audit log that records its outcome. Making the hot path depend on
|
|
17
|
+
* a successful audit write would add a failure mode that matters
|
|
18
|
+
* more than the visibility signal it provides. Phase 1g's audit-
|
|
19
|
+
* pipeline work can revisit this tradeoff.
|
|
20
|
+
*/
|
|
21
|
+
async record(input) {
|
|
22
|
+
try {
|
|
23
|
+
await this.db.auditEvent.create({
|
|
24
|
+
data: {
|
|
25
|
+
agentRunId: input.agentRunId ?? null,
|
|
26
|
+
principalType: input.principalType,
|
|
27
|
+
principalId: input.principalId,
|
|
28
|
+
organizationId: input.organizationId,
|
|
29
|
+
action: input.action,
|
|
30
|
+
subjectType: input.subjectType ?? null,
|
|
31
|
+
subjectId: input.subjectId ?? null,
|
|
32
|
+
// Prisma's Json? accepts a plain object or array; `unknown`
|
|
33
|
+
// needs to be coerced to something Prisma recognizes. If the
|
|
34
|
+
// caller passed nothing, default to `{}` to match the column
|
|
35
|
+
// default.
|
|
36
|
+
effectiveAbility: input.effectiveAbility ?? {},
|
|
37
|
+
result: input.result,
|
|
38
|
+
},
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
catch (err) {
|
|
42
|
+
// Intentionally swallow. See docstring above for rationale.
|
|
43
|
+
// eslint-disable-next-line no-console
|
|
44
|
+
console.error("[audit] failed to record event:", err);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=audit-event-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-event-service.js","sourceRoot":"","sources":["../../src/services/audit-event-service.ts"],"names":[],"mappings":"AA+DA,MAAM,OAAO,iBAAiB;IACR;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,MAAM,CAAC,KAA4B;QACvC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;gBAC9B,IAAI,EAAE;oBACJ,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;oBACpC,aAAa,EAAE,KAAK,CAAC,aAAa;oBAClC,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,cAAc,EAAE,KAAK,CAAC,cAAc;oBACpC,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;oBACtC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;oBAClC,4DAA4D;oBAC5D,6DAA6D;oBAC7D,6DAA6D;oBAC7D,WAAW;oBACX,gBAAgB,EACb,KAAK,CAAC,gBAA8C,IAAI,EAAE;oBAC7D,MAAM,EAAE,KAAK,CAAC,MAAM;iBACrB;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,4DAA4D;YAC5D,sCAAsC;YACtC,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { PrismaClient } from "@prisma/client";
|
|
2
|
+
import type { EmbeddingProvider } from "../types/index.js";
|
|
3
|
+
import type { TenantContext } from "../db/tenant.js";
|
|
4
|
+
import type { PiiEncryptionService } from "./pii-encryption-service.js";
|
|
5
|
+
import type { PiiEncryptionOptions } from "./pii-encryption-service.js";
|
|
6
|
+
export interface BackfillProgress {
|
|
7
|
+
completed: number;
|
|
8
|
+
total: number;
|
|
9
|
+
errors: number;
|
|
10
|
+
}
|
|
11
|
+
export interface BackfillOptions {
|
|
12
|
+
/** Skip nodes that already have chunks (default: true) */
|
|
13
|
+
skipExisting?: boolean;
|
|
14
|
+
/** Batch size for cursor pagination (default: 50) */
|
|
15
|
+
batchSize?: number;
|
|
16
|
+
/** AbortSignal for cancellation */
|
|
17
|
+
signal?: AbortSignal;
|
|
18
|
+
/** Progress callback */
|
|
19
|
+
onProgress?: (progress: BackfillProgress) => void;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Backfill chunks for all existing nodes that don't have them.
|
|
23
|
+
* Cursor-based pagination, per-node error handling (logs + continues).
|
|
24
|
+
*/
|
|
25
|
+
export declare function backfillChunks(db: PrismaClient, embeddings: EmbeddingProvider, tenantCtx: TenantContext, piiEncryption?: PiiEncryptionService, piiOptions?: PiiEncryptionOptions, options?: BackfillOptions): Promise<{
|
|
26
|
+
processed: number;
|
|
27
|
+
skipped: number;
|
|
28
|
+
errors: number;
|
|
29
|
+
}>;
|
|
30
|
+
//# sourceMappingURL=backfill-chunks.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"backfill-chunks.d.ts","sourceRoot":"","sources":["../../src/services/backfill-chunks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAGxE,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,wBAAwB;IACxB,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,gBAAgB,KAAK,IAAI,CAAC;CACnD;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,EAAE,EAAE,YAAY,EAChB,UAAU,EAAE,iBAAiB,EAC7B,SAAS,EAAE,aAAa,EACxB,aAAa,CAAC,EAAE,oBAAoB,EACpC,UAAU,CAAC,EAAE,oBAAoB,EACjC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAsDjE"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import { ChunkService } from "./chunk-service.js";
|
|
2
|
+
/**
|
|
3
|
+
* Backfill chunks for all existing nodes that don't have them.
|
|
4
|
+
* Cursor-based pagination, per-node error handling (logs + continues).
|
|
5
|
+
*/
|
|
6
|
+
export async function backfillChunks(db, embeddings, tenantCtx, piiEncryption, piiOptions, options) {
|
|
7
|
+
const skipExisting = options?.skipExisting ?? true;
|
|
8
|
+
const batchSize = options?.batchSize ?? 50;
|
|
9
|
+
const chunkService = new ChunkService(db, embeddings, tenantCtx, piiEncryption, piiOptions);
|
|
10
|
+
let processed = 0;
|
|
11
|
+
let skipped = 0;
|
|
12
|
+
let errors = 0;
|
|
13
|
+
let cursor;
|
|
14
|
+
// Count total for progress reporting
|
|
15
|
+
const totalCount = await db.node.count();
|
|
16
|
+
while (true) {
|
|
17
|
+
if (options?.signal?.aborted)
|
|
18
|
+
break;
|
|
19
|
+
const nodes = await db.node.findMany({
|
|
20
|
+
take: batchSize,
|
|
21
|
+
...(cursor ? { skip: 1, cursor: { id: cursor } } : {}),
|
|
22
|
+
orderBy: { id: "asc" },
|
|
23
|
+
select: { id: true, title: true, content: true },
|
|
24
|
+
});
|
|
25
|
+
if (nodes.length === 0)
|
|
26
|
+
break;
|
|
27
|
+
cursor = nodes[nodes.length - 1].id;
|
|
28
|
+
for (const node of nodes) {
|
|
29
|
+
if (options?.signal?.aborted)
|
|
30
|
+
break;
|
|
31
|
+
if (skipExisting) {
|
|
32
|
+
const existingChunks = await chunkService.getByNodeId(node.id);
|
|
33
|
+
if (existingChunks.length > 0) {
|
|
34
|
+
skipped++;
|
|
35
|
+
continue;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
try {
|
|
39
|
+
await chunkService.chunkAndEmbed(node.id, node.title, node.content);
|
|
40
|
+
processed++;
|
|
41
|
+
}
|
|
42
|
+
catch (err) {
|
|
43
|
+
errors++;
|
|
44
|
+
console.error(`[backfill-chunks] Failed to chunk node ${node.id}:`, err);
|
|
45
|
+
}
|
|
46
|
+
options?.onProgress?.({
|
|
47
|
+
completed: processed + skipped + errors,
|
|
48
|
+
total: totalCount,
|
|
49
|
+
errors,
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
return { processed, skipped, errors };
|
|
54
|
+
}
|
|
55
|
+
//# sourceMappingURL=backfill-chunks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"backfill-chunks.js","sourceRoot":"","sources":["../../src/services/backfill-chunks.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAmBlD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,EAAgB,EAChB,UAA6B,EAC7B,SAAwB,EACxB,aAAoC,EACpC,UAAiC,EACjC,OAAyB;IAEzB,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,CAAC;IACnD,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,EAAE,CAAC;IAC3C,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IAE5F,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,MAA0B,CAAC;IAE/B,qCAAqC;IACrC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IAEzC,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,OAAO,EAAE,MAAM,EAAE,OAAO;YAAE,MAAM;QAEpC,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;YACnC,IAAI,EAAE,SAAS;YACf,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;YACtB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;SACjD,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM;QAC9B,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAEpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,OAAO,EAAE,MAAM,EAAE,OAAO;gBAAE,MAAM;YAEpC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC/D,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,EAAE,CAAC;oBACV,SAAS;gBACX,CAAC;YACH,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpE,SAAS,EAAE,CAAC;YACd,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC;gBACT,OAAO,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3E,CAAC;YAED,OAAO,EAAE,UAAU,EAAE,CAAC;gBACpB,SAAS,EAAE,SAAS,GAAG,OAAO,GAAG,MAAM;gBACvC,KAAK,EAAE,UAAU;gBACjB,MAAM;aACP,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC"}
|