@assistkick/create 1.0.0

package/templates/product-system/packages/backend/src/services/init.ts

@@ -0,0 +1,80 @@
+/**
+ * Service initialization — creates pipeline, claude service, and related instances.
+ * Deferred until VERBOSE flag is set at startup.
+ */
+
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { existsSync } from 'node:fs';
+import { createClaudeService } from '@interview-system/shared/lib/claude-service.js';
+import { Pipeline } from '@interview-system/shared/lib/pipeline.js';
+import { PipelineStateStore } from '@interview-system/shared/lib/pipeline-state-store.js';
+import { PromptBuilder } from '@interview-system/shared/lib/prompt_builder.js';
+import { GitWorkflow } from '@interview-system/shared/lib/git_workflow.js';
+import { getDb } from '@interview-system/shared/lib/db.js';
+import { getKanbanEntry, saveKanbanEntry } from '@interview-system/shared/lib/kanban.js';
+import { getNode } from '@interview-system/shared/lib/graph.js';
+import { WorkSummaryParser } from '@interview-system/shared/lib/work_summary_parser.js';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+// Navigate from packages/backend/src/services/ up to product-system/
+const SKILL_ROOT = join(__dirname, '..', '..', '..', '..');
+const SHARED_DIR = join(SKILL_ROOT, 'packages', 'shared');
+
+const IS_DEV = import.meta.url.endsWith('.ts');
+const TOOL_EXT = IS_DEV ? '.ts' : '.js';
+const TOOL_RUNNER = IS_DEV ? 'tsx' : 'node';
+const TOOLS_DIR = IS_DEV ? join(SHARED_DIR, 'tools') : join(__dirname, '..', '..', '..', 'shared', 'build', 'tools');
+const DATA_DIR = SHARED_DIR;
+const PROJECT_ROOT = join(SKILL_ROOT, '..');
+const SKILLS_DIR = join(PROJECT_ROOT, '.claude', 'skills');
+const WORKTREES_DIR = join(PROJECT_ROOT, '.worktrees');
+const DEVELOPER_SKILL_PATH = join(SKILLS_DIR, 'product-developer', 'SKILL.md');
+const REVIEWER_SKILL_PATH = join(SKILLS_DIR, 'product-code-reviewer', 'SKILL.md');
+const DEBUGGER_SKILL_PATH = join(SKILLS_DIR, 'product-debugger', 'SKILL.md');
+
+export const log = (tag: string, ...args: any[]) => {
+  const ts = new Date().toISOString().slice(11, 23);
+  console.log(`[${ts}] [${tag}]`, ...args);
+};
+
+export let claudeService: any;
+export let pipeline: any;
+export let pipelineStateStore: any;
+
+export const paths = {
+  projectRoot: PROJECT_ROOT,
+  worktreesDir: WORKTREES_DIR,
+  skillsDir: SKILLS_DIR,
+  toolsDir: TOOLS_DIR,
+  dataDir: DATA_DIR,
+  developerSkillPath: DEVELOPER_SKILL_PATH,
+  reviewerSkillPath: REVIEWER_SKILL_PATH,
+  debuggerSkillPath: DEBUGGER_SKILL_PATH,
+  toolExt: TOOL_EXT,
+  toolRunner: TOOL_RUNNER,
+};
+
+export const initServices = (verbose: boolean) => {
+  claudeService = createClaudeService({ verbose, log });
+  pipelineStateStore = new PipelineStateStore({ getDb });
+  const promptBuilder = new PromptBuilder({ paths, log });
+  const gitWorkflow = new GitWorkflow({ claudeService, projectRoot: PROJECT_ROOT, worktreesDir: WORKTREES_DIR, log });
+  const workSummaryParser = new WorkSummaryParser();
+  pipeline = new Pipeline({
+    promptBuilder,
+    gitWorkflow,
+    claudeService,
+    kanban: { getKanbanEntry, saveKanbanEntry },
+    paths,
+    log,
+    stateStore: pipelineStateStore,
+    workSummaryParser,
+    getNode,
+  });
+
+  // Mark any active pipeline states as interrupted (server restart recovery)
+  pipelineStateStore.markInterrupted().catch((err: any) => {
+    log('STARTUP', `Failed to mark interrupted pipelines: ${err.message}`);
+  });
+};

package/templates/product-system/packages/backend/src/services/invitation_service.test.ts

@@ -0,0 +1,235 @@
+import { describe, it, mock, beforeEach } from 'node:test';
+import assert from 'node:assert/strict';
+import { InvitationService } from './invitation_service.ts';
+
+const createMockDb = () => {
+  const state = {
+    insertedInvitations: [] as any[],
+    insertedUsers: [] as any[],
+    updatedInvitations: [] as any[],
+  };
+
+  let selectResults: any[][] = [];
+  let selectCallIndex = 0;
+
+  const db = {
+    select: mock.fn(() => ({
+      from: mock.fn(() => ({
+        where: mock.fn(() => {
+          const result = selectResults[selectCallIndex] || [];
+          selectCallIndex++;
+          return result;
+        }),
+      })),
+    })),
+    insert: mock.fn((table: any) => ({
+      values: mock.fn((vals: any) => {
+        if (vals.tokenHash) state.insertedInvitations.push(vals);
+        if (vals.passwordHash) state.insertedUsers.push(vals);
+      }),
+    })),
+    update: mock.fn(() => ({
+      set: mock.fn((vals: any) => ({
+        where: mock.fn(() => {
+          if (vals.acceptedAt) state.updatedInvitations.push(vals);
+        }),
+      })),
+    })),
+    _state: state,
+    _setSelectResults: (results: any[][]) => {
+      selectResults = results;
+      selectCallIndex = 0;
+    },
+  };
+
+  return db;
+};
+
+const createMockEmailService = () => ({
+  sendInvitationEmail: mock.fn(async () => {}),
+  sendPasswordResetEmail: mock.fn(async () => {}),
+});
+
+const createMockAuthService = () => ({
+  hashPassword: mock.fn(async (pw: string) => `hashed_${pw}`),
+  verifyPassword: mock.fn(async () => false),
+  generateAccessToken: mock.fn(async () => 'token'),
+  generateRefreshToken: mock.fn(async () => 'refresh'),
+  verifyToken: mock.fn(async () => ({ sub: '1' })),
+  setAuthCookies: mock.fn(),
+  clearAuthCookies: mock.fn(),
+});
+
+const noop = () => {};
+
+describe('InvitationService', () => {
+  describe('sendInvitation', () => {
+    it('sends invitation email for new user', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      // First select: no existing user; Second select: no existing invitations
+      mockDb._setSelectResults([[], []]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await service.sendInvitation('new@example.com', 'admin-1');
+
+      assert.equal(emailService.sendInvitationEmail.mock.calls.length, 1);
+      assert.equal(mockDb.insert.mock.calls.length, 1);
+      const emailCall = emailService.sendInvitationEmail.mock.calls[0];
+      assert.equal(emailCall.arguments[0], 'new@example.com');
+      assert.ok(emailCall.arguments[1].includes('/accept-invitation?token='));
+      assert.ok(emailCall.arguments[1].includes('email=new%40example.com'));
+    });
+
+    it('throws when user already exists', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      // First select: existing user found
+      mockDb._setSelectResults([[{ id: 'user-1' }]]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.sendInvitation('existing@example.com', 'admin-1'),
+        { message: 'A user with this email already exists' },
+      );
+
+      assert.equal(emailService.sendInvitationEmail.mock.calls.length, 0);
+    });
+
+    it('throws when active invitation exists', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      const futureDate = new Date(Date.now() + 86400000).toISOString();
+      // First select: no user; Second select: active invitation
+      mockDb._setSelectResults([
+        [],
+        [{ id: 'inv-1', expiresAt: futureDate, acceptedAt: null }],
+      ]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.sendInvitation('pending@example.com', 'admin-1'),
+        { message: 'An active invitation already exists for this email' },
+      );
+    });
+
+    it('throws when email service fails', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      emailService.sendInvitationEmail = mock.fn(async () => {
+        throw new Error('SMTP failed');
+      });
+
+      mockDb._setSelectResults([[], []]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.sendInvitation('new@example.com', 'admin-1'),
+        { message: 'Failed to send invitation email' },
+      );
+    });
+  });
+
+  describe('validateToken', () => {
+    it('returns valid:false when no matching invitation', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      mockDb._setSelectResults([[]]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      const result = await service.validateToken('bad-token', 'test@example.com');
+      assert.deepEqual(result, { valid: false });
+    });
+  });
+
+  describe('acceptInvitation', () => {
+    it('throws when user already exists', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      // First select: user exists
+      mockDb._setSelectResults([[{ id: 'user-1' }]]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.acceptInvitation('token', 'existing@example.com', 'password123'),
+        { message: 'A user with this email already exists' },
+      );
+    });
+
+    it('throws when no matching invitation token', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      // First select: no user; Second select: no invitations
+      mockDb._setSelectResults([[], []]);
+
+      const service = new InvitationService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.acceptInvitation('bad-token', 'new@example.com', 'password123'),
+        { message: 'Invalid or expired invitation token' },
+      );
+    });
+  });
+});

package/templates/product-system/packages/backend/src/services/invitation_service.ts

@@ -0,0 +1,193 @@
+/**
+ * Invitation service — handles inviting new users by email.
+ * Only admins can send invitations. Invited users click a link and set a password.
+ */
+
+import { randomBytes, randomUUID } from 'node:crypto';
+import { hash, compare } from 'bcryptjs';
+import { eq } from 'drizzle-orm';
+import { users, invitations } from '@interview-system/shared/db/schema.js';
+import type { EmailService } from './email_service.js';
+import type { AuthService } from './auth_service.js';
+
+const TOKEN_EXPIRY_MS = 48 * 60 * 60 * 1000; // 48 hours
+const SALT_ROUNDS = 12;
+
+interface InvitationServiceDeps {
+  getDb: () => any;
+  emailService: EmailService;
+  authService: AuthService;
+  appBaseUrl: string;
+  log: (tag: string, ...args: any[]) => void;
+}
+
+export class InvitationService {
+  private readonly getDb: () => any;
+  private readonly emailService: EmailService;
+  private readonly authService: AuthService;
+  private readonly appBaseUrl: string;
+  private readonly log: (tag: string, ...args: any[]) => void;
+
+  constructor({ getDb, emailService, authService, appBaseUrl, log }: InvitationServiceDeps) {
+    this.getDb = getDb;
+    this.emailService = emailService;
+    this.authService = authService;
+    this.appBaseUrl = appBaseUrl;
+    this.log = log;
+  }
+
+  /**
+   * Send an invitation email. Only callable by admins.
+   * Throws if the email is already registered or has a pending invitation.
+   */
+  sendInvitation = async (email: string, invitedByUserId: string): Promise<void> => {
+    const db = this.getDb();
+    const normalizedEmail = email.toLowerCase();
+
+    // Check if user already exists
+    const [existingUser] = await db
+      .select({ id: users.id })
+      .from(users)
+      .where(eq(users.email, normalizedEmail));
+
+    if (existingUser) {
+      throw new Error('A user with this email already exists');
+    }
+
+    // Check for pending (non-expired, non-accepted) invitation
+    const existingInvitations = await db
+      .select({ id: invitations.id, expiresAt: invitations.expiresAt, acceptedAt: invitations.acceptedAt })
+      .from(invitations)
+      .where(eq(invitations.email, normalizedEmail));
+
+    const hasPending = existingInvitations.some(
+      (inv: any) => !inv.acceptedAt && new Date(inv.expiresAt) > new Date(),
+    );
+
+    if (hasPending) {
+      throw new Error('An active invitation already exists for this email');
+    }
+
+    // Generate secure token
+    const rawToken = randomBytes(32).toString('hex');
+    const tokenHash = await hash(rawToken, SALT_ROUNDS);
+    const now = new Date().toISOString();
+    const expiresAt = new Date(Date.now() + TOKEN_EXPIRY_MS).toISOString();
+
+    await db.insert(invitations).values({
+      id: randomUUID(),
+      email: normalizedEmail,
+      tokenHash,
+      invitedBy: invitedByUserId,
+      expiresAt,
+      createdAt: now,
+    });
+
+    const invitationUrl = `${this.appBaseUrl}/accept-invitation?token=${rawToken}&email=${encodeURIComponent(normalizedEmail)}`;
+
+    try {
+      await this.emailService.sendInvitationEmail(normalizedEmail, invitationUrl);
+      this.log('INVITE', `Invitation sent to ${normalizedEmail}`);
+    } catch (err: any) {
+      this.log('INVITE', `Failed to send invitation email: ${err.message}`);
+      throw new Error('Failed to send invitation email');
+    }
+  };
+
+  /**
+   * Validate an invitation token. Returns the invitation email if valid.
+   */
+  validateToken = async (token: string, email: string): Promise<{ valid: boolean }> => {
+    const db = this.getDb();
+    const normalizedEmail = email.toLowerCase();
+
+    const candidates = await db
+      .select({
+        id: invitations.id,
+        tokenHash: invitations.tokenHash,
+        expiresAt: invitations.expiresAt,
+        acceptedAt: invitations.acceptedAt,
+      })
+      .from(invitations)
+      .where(eq(invitations.email, normalizedEmail));
+
+    for (const candidate of candidates) {
+      if (candidate.acceptedAt) continue;
+      if (new Date(candidate.expiresAt) < new Date()) continue;
+
+      const matches = await compare(token, candidate.tokenHash);
+      if (matches) return { valid: true };
+    }
+
+    return { valid: false };
+  };
+
+  /**
+   * Accept an invitation — validate token, create user, mark invitation as accepted.
+   */
+  acceptInvitation = async (token: string, email: string, password: string): Promise<{ userId: string; email: string }> => {
+    const db = this.getDb();
+    const normalizedEmail = email.toLowerCase();
+    const now = new Date().toISOString();
+
+    // Check if user already exists (race condition guard)
+    const [existingUser] = await db
+      .select({ id: users.id })
+      .from(users)
+      .where(eq(users.email, normalizedEmail));
+
+    if (existingUser) {
+      throw new Error('A user with this email already exists');
+    }
+
+    // Find matching valid invitation
+    const candidates = await db
+      .select({
+        id: invitations.id,
+        tokenHash: invitations.tokenHash,
+        expiresAt: invitations.expiresAt,
+        acceptedAt: invitations.acceptedAt,
+      })
+      .from(invitations)
+      .where(eq(invitations.email, normalizedEmail));
+
+    let matchedInvitation: { id: string } | null = null;
+    for (const candidate of candidates) {
+      if (candidate.acceptedAt) continue;
+      if (new Date(candidate.expiresAt) < new Date()) continue;
+
+      const matches = await compare(token, candidate.tokenHash);
+      if (matches) {
+        matchedInvitation = { id: candidate.id };
+        break;
+      }
+    }
+
+    if (!matchedInvitation) {
+      throw new Error('Invalid or expired invitation token');
+    }
+
+    // Mark invitation as accepted
+    await db
+      .update(invitations)
+      .set({ acceptedAt: now })
+      .where(eq(invitations.id, matchedInvitation.id));
+
+    // Create the user
+    const userId = randomUUID();
+    const passwordHash = await this.authService.hashPassword(password);
+
+    await db.insert(users).values({
+      id: userId,
+      email: normalizedEmail,
+      passwordHash,
+      role: 'user',
+      createdAt: now,
+      updatedAt: now,
+    });
+
+    this.log('INVITE', `Invitation accepted, user created: ${normalizedEmail}`);
+
+    return { userId, email: normalizedEmail };
+  };
+}

package/templates/product-system/packages/backend/src/services/password_reset_service.test.ts

@@ -0,0 +1,151 @@
+import { describe, it, mock, beforeEach } from 'node:test';
+import assert from 'node:assert/strict';
+import { PasswordResetService } from './password_reset_service.ts';
+
+// Mock DB builder — returns a mock Drizzle-like object
+const createMockDb = () => {
+  const state = {
+    insertedTokens: [] as any[],
+    updatedTokens: [] as any[],
+    updatedUsers: [] as any[],
+    usersData: [] as any[],
+    tokensData: [] as any[],
+  };
+
+  const db = {
+    select: mock.fn(() => ({
+      from: mock.fn(() => ({
+        where: mock.fn(() => {
+          // Return users or tokens depending on context
+          return state._nextResult || [];
+        }),
+      })),
+    })),
+    insert: mock.fn(() => ({
+      values: mock.fn((vals: any) => {
+        state.insertedTokens.push(vals);
+      }),
+    })),
+    update: mock.fn(() => ({
+      set: mock.fn((vals: any) => ({
+        where: mock.fn(() => {
+          if (vals.usedAt) state.updatedTokens.push(vals);
+          if (vals.passwordHash) state.updatedUsers.push(vals);
+        }),
+      })),
+    })),
+    _state: state,
+    _nextResult: [] as any[],
+    _setNextResult: (result: any[]) => { db._nextResult = result; },
+  };
+
+  return db;
+};
+
+const createMockEmailService = () => ({
+  sendPasswordResetEmail: mock.fn(async () => {}),
+});
+
+const createMockAuthService = () => ({
+  hashPassword: mock.fn(async (pw: string) => `hashed_${pw}`),
+  verifyPassword: mock.fn(async () => false),
+  generateAccessToken: mock.fn(async () => 'token'),
+  generateRefreshToken: mock.fn(async () => 'refresh'),
+  verifyToken: mock.fn(async () => ({ sub: '1' })),
+  setAuthCookies: mock.fn(),
+  clearAuthCookies: mock.fn(),
+});
+
+const noop = () => {};
+
+describe('PasswordResetService', () => {
+  describe('requestReset', () => {
+    it('sends email when user exists', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      // First call returns user, second returns tokens
+      let callCount = 0;
+      mockDb.select = mock.fn(() => ({
+        from: mock.fn(() => ({
+          where: mock.fn(() => {
+            callCount++;
+            if (callCount === 1) return [{ id: 'user-1', email: 'test@example.com' }];
+            return [];
+          }),
+        })),
+      }));
+
+      const service = new PasswordResetService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await service.requestReset('test@example.com');
+
+      assert.equal(emailService.sendPasswordResetEmail.mock.calls.length, 1);
+      assert.equal(mockDb.insert.mock.calls.length, 1);
+      const emailCall = emailService.sendPasswordResetEmail.mock.calls[0];
+      assert.equal(emailCall.arguments[0], 'test@example.com');
+      assert.ok(emailCall.arguments[1].startsWith('http://localhost:3000/reset-password?token='));
+    });
+
+    it('silently succeeds when user does not exist', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      mockDb.select = mock.fn(() => ({
+        from: mock.fn(() => ({
+          where: mock.fn(() => []),
+        })),
+      }));
+
+      const service = new PasswordResetService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await service.requestReset('nonexistent@example.com');
+
+      assert.equal(emailService.sendPasswordResetEmail.mock.calls.length, 0);
+      assert.equal(mockDb.insert.mock.calls.length, 0);
+    });
+
+    it('throws when email service fails', async () => {
+      const mockDb = createMockDb();
+      const emailService = createMockEmailService();
+      const authService = createMockAuthService();
+
+      emailService.sendPasswordResetEmail = mock.fn(async () => {
+        throw new Error('SMTP failed');
+      });
+
+      mockDb.select = mock.fn(() => ({
+        from: mock.fn(() => ({
+          where: mock.fn(() => [{ id: 'user-1', email: 'test@example.com' }]),
+        })),
+      }));
+
+      const service = new PasswordResetService({
+        getDb: () => mockDb,
+        emailService: emailService as any,
+        authService: authService as any,
+        appBaseUrl: 'http://localhost:3000',
+        log: noop,
+      });
+
+      await assert.rejects(
+        () => service.requestReset('test@example.com'),
+        { message: 'Failed to send reset email' },
+      );
+    });
+  });
+});