@auxiora/social 1.0.0

package/dist/user-resolver.js

@@ -0,0 +1,70 @@
+import { getLogger } from '@auxiora/logger';
+const logger = getLogger('social:user-resolver');
+/**
+ * Resolves channel senders to Auxiora user identities.
+ * Maps channel IDs (Discord, Telegram, Slack, etc.) to users.
+ */
+export class UserResolver {
+    userManager;
+    constructor(userManager) {
+        this.userManager = userManager;
+    }
+    /**
+     * Resolve a channel sender to a user identity.
+     * Returns undefined if no user is mapped to this sender.
+     */
+    async resolveUser(channelType, senderId) {
+        const user = await this.userManager.authenticateUser(channelType, senderId);
+        if (user) {
+            logger.debug('Resolved user', { channelType, senderId, userId: user.id });
+        }
+        return user;
+    }
+    /**
+     * Resolve or create a default user for a channel sender.
+     * Creates a new viewer user if none is mapped.
+     */
+    async resolveOrCreate(channelType, senderId, defaultName) {
+        const existing = await this.resolveUser(channelType, senderId);
+        if (existing)
+            return existing;
+        const name = defaultName ?? `${channelType}:${senderId}`;
+        const user = await this.userManager.createUser(name, 'viewer', {
+            channels: [{ channelType, senderId }],
+        });
+        logger.debug('Auto-created user for channel sender', {
+            channelType,
+            senderId,
+            userId: user.id,
+        });
+        return user;
+    }
+    /**
+     * Map a channel sender to an existing user.
+     */
+    async mapChannel(userId, channelType, senderId) {
+        const user = await this.userManager.getUser(userId);
+        if (!user)
+            return false;
+        const existing = user.channels.find(c => c.channelType === channelType && c.senderId === senderId);
+        if (existing)
+            return true;
+        const channels = [...user.channels, { channelType, senderId }];
+        const updated = await this.userManager.updateUser(userId, { channels });
+        return updated !== undefined;
+    }
+    /**
+     * Remove a channel mapping from a user.
+     */
+    async unmapChannel(userId, channelType, senderId) {
+        const user = await this.userManager.getUser(userId);
+        if (!user)
+            return false;
+        const channels = user.channels.filter(c => !(c.channelType === channelType && c.senderId === senderId));
+        if (channels.length === user.channels.length)
+            return false;
+        const updated = await this.userManager.updateUser(userId, { channels });
+        return updated !== undefined;
+    }
+}
+//# sourceMappingURL=user-resolver.js.map

package/dist/user-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-resolver.js","sourceRoot":"","sources":["../src/user-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAI5C,MAAM,MAAM,GAAG,SAAS,CAAC,sBAAsB,CAAC,CAAC;AAEjD;;;GAGG;AACH,MAAM,OAAO,YAAY;IACH;IAApB,YAAoB,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAEhD;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,WAAmB,EACnB,QAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAE5E,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CACnB,WAAmB,EACnB,QAAgB,EAChB,WAAoB;QAEpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAC/D,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,IAAI,GAAG,WAAW,IAAI,GAAG,WAAW,IAAI,QAAQ,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE;YAC7D,QAAQ,EAAE,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;SACtC,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE;YACnD,WAAW;YACX,QAAQ;YACR,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,MAAc,EACd,WAAmB,EACnB,QAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAC9D,CAAC;QACF,IAAI,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxE,OAAO,OAAO,KAAK,SAAS,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,MAAc,EACd,WAAmB,EACnB,QAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,KAAK,WAAW,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CACjE,CAAC;QAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE3D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxE,OAAO,OAAO,KAAK,SAAS,CAAC;IAC/B,CAAC;CACF"}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@auxiora/social",
+  "version": "1.0.0",
+  "description": "Multi-user identity, roles, and permissions management",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "@auxiora/audit": "1.0.0",
+    "@auxiora/core": "1.0.0",
+    "@auxiora/logger": "1.0.0"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist",
+    "typecheck": "tsc --noEmit"
+  }
+}

package/src/index.ts

@@ -0,0 +1,11 @@
+export type {
+  PermissionScope,
+  Role,
+  UserIdentity,
+  UserChannelMapping,
+  TeamConfig,
+} from './types.js';
+export { BUILT_IN_ROLES } from './types.js';
+export { UserManager } from './user-manager.js';
+export { RoleManager } from './role-manager.js';
+export { UserResolver } from './user-resolver.js';

package/src/role-manager.ts

@@ -0,0 +1,123 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as crypto from 'node:crypto';
+import { getLogger } from '@auxiora/logger';
+import { audit } from '@auxiora/audit';
+import { getAuxioraDir } from '@auxiora/core';
+import type { Role, PermissionScope } from './types.js';
+import { BUILT_IN_ROLES } from './types.js';
+import type { UserManager } from './user-manager.js';
+
+const logger = getLogger('social:role-manager');
+
+export class RoleManager {
+  private filePath: string;
+  private userManager: UserManager;
+
+  constructor(userManager: UserManager, options?: { dir?: string }) {
+    const dir = options?.dir ?? path.join(getAuxioraDir(), 'social');
+    this.filePath = path.join(dir, 'roles.json');
+    this.userManager = userManager;
+  }
+
+  async createRole(name: string, permissions: PermissionScope[]): Promise<Role> {
+    const roles = await this.readFile();
+
+    if (roles.some(r => r.name === name)) {
+      throw new Error(`Role already exists: ${name}`);
+    }
+
+    const role: Role = {
+      id: `role-${crypto.randomUUID().slice(0, 8)}`,
+      name,
+      permissions,
+      builtIn: false,
+      createdAt: Date.now(),
+    };
+
+    roles.push(role);
+    await this.writeFile(roles);
+    void audit('social.role_created', { id: role.id, name });
+    logger.debug('Created role', { id: role.id, name });
+    return role;
+  }
+
+  async getRole(id: string): Promise<Role | undefined> {
+    const builtIn = BUILT_IN_ROLES.find(r => r.id === id);
+    if (builtIn) return builtIn;
+
+    const roles = await this.readFile();
+    return roles.find(r => r.id === id);
+  }
+
+  async getRoleByName(name: string): Promise<Role | undefined> {
+    const builtIn = BUILT_IN_ROLES.find(r => r.name === name || r.id === name);
+    if (builtIn) return builtIn;
+
+    const roles = await this.readFile();
+    return roles.find(r => r.name === name);
+  }
+
+  async listRoles(): Promise<Role[]> {
+    const custom = await this.readFile();
+    return [...BUILT_IN_ROLES, ...custom];
+  }
+
+  async deleteRole(id: string): Promise<boolean> {
+    const builtIn = BUILT_IN_ROLES.find(r => r.id === id);
+    if (builtIn) {
+      throw new Error('Cannot delete built-in role');
+    }
+
+    const roles = await this.readFile();
+    const filtered = roles.filter(r => r.id !== id);
+    if (filtered.length === roles.length) return false;
+
+    await this.writeFile(filtered);
+    void audit('social.role_deleted', { id });
+    logger.debug('Deleted role', { id });
+    return true;
+  }
+
+  async assignRole(userId: string, roleId: string): Promise<boolean> {
+    const role = await this.getRole(roleId);
+    if (!role) return false;
+
+    const user = await this.userManager.updateUser(userId, { role: roleId });
+    if (!user) return false;
+
+    void audit('social.role_assigned', { userId, roleId });
+    return true;
+  }
+
+  async checkPermission(userId: string, scope: PermissionScope): Promise<boolean> {
+    const user = await this.userManager.getUser(userId);
+    if (!user) return false;
+
+    const role = await this.getRole(user.role);
+    if (!role) return false;
+
+    // Admin role has all permissions
+    if (role.permissions.includes('admin')) return true;
+
+    return role.permissions.includes(scope);
+  }
+
+  private async readFile(): Promise<Role[]> {
+    try {
+      const content = await fs.readFile(this.filePath, 'utf-8');
+      return JSON.parse(content) as Role[];
+    } catch (error) {
+      if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+        return [];
+      }
+      throw error;
+    }
+  }
+
+  private async writeFile(roles: Role[]): Promise<void> {
+    const dir = path.dirname(this.filePath);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(this.filePath, JSON.stringify(roles, null, 2), 'utf-8');
+  }
+}

package/src/types.ts

@@ -0,0 +1,104 @@
+/** Permission scopes for role-based access control. */
+export type PermissionScope =
+  | 'memory:read'
+  | 'memory:write'
+  | 'memory:delete'
+  | 'sessions:read'
+  | 'sessions:write'
+  | 'behaviors:read'
+  | 'behaviors:write'
+  | 'behaviors:delete'
+  | 'vault:read'
+  | 'vault:write'
+  | 'trust:read'
+  | 'trust:write'
+  | 'plugins:manage'
+  | 'webhooks:manage'
+  | 'users:read'
+  | 'users:write'
+  | 'users:delete'
+  | 'workflows:read'
+  | 'workflows:write'
+  | 'workflows:approve'
+  | 'agent-protocol:send'
+  | 'agent-protocol:receive'
+  | 'admin';
+
+/** A named role with associated permissions. */
+export interface Role {
+  id: string;
+  name: string;
+  permissions: PermissionScope[];
+  builtIn: boolean;
+  createdAt: number;
+}
+
+/** A user identity within the system. */
+export interface UserIdentity {
+  id: string;
+  name: string;
+  role: string;
+  channels: UserChannelMapping[];
+  trustOverrides: Record<string, number>;
+  memoryPartition: string;
+  personalityRelationship: string;
+  createdAt: number;
+  updatedAt: number;
+  lastActiveAt: number;
+}
+
+/** Maps an external channel sender to this user. */
+export interface UserChannelMapping {
+  channelType: string;
+  senderId: string;
+}
+
+/** Configuration for a team of users. */
+export interface TeamConfig {
+  name: string;
+  ownerId: string;
+  memberIds: string[];
+  sharedMemoryPartition: string;
+  createdAt: number;
+}
+
+/** Built-in role definitions. */
+export const BUILT_IN_ROLES: Role[] = [
+  {
+    id: 'admin',
+    name: 'Admin',
+    permissions: ['admin'],
+    builtIn: true,
+    createdAt: 0,
+  },
+  {
+    id: 'member',
+    name: 'Member',
+    permissions: [
+      'memory:read',
+      'memory:write',
+      'sessions:read',
+      'sessions:write',
+      'behaviors:read',
+      'workflows:read',
+      'workflows:write',
+      'workflows:approve',
+      'agent-protocol:send',
+      'agent-protocol:receive',
+    ],
+    builtIn: true,
+    createdAt: 0,
+  },
+  {
+    id: 'viewer',
+    name: 'Viewer',
+    permissions: [
+      'memory:read',
+      'sessions:read',
+      'behaviors:read',
+      'workflows:read',
+    ],
+    builtIn: true,
+    createdAt: 0,
+  },
+];

package/src/user-manager.ts

@@ -0,0 +1,155 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as crypto from 'node:crypto';
+import { getLogger } from '@auxiora/logger';
+import { audit } from '@auxiora/audit';
+import { getAuxioraDir } from '@auxiora/core';
+import type { UserIdentity, UserChannelMapping } from './types.js';
+
+const logger = getLogger('social:user-manager');
+
+export class UserManager {
+  private filePath: string;
+
+  constructor(options?: { dir?: string }) {
+    const dir = options?.dir ?? path.join(getAuxioraDir(), 'social');
+    this.filePath = path.join(dir, 'users.json');
+  }
+
+  async createUser(
+    name: string,
+    role: string,
+    options?: {
+      channels?: UserChannelMapping[];
+      memoryPartition?: string;
+      personalityRelationship?: string;
+    },
+  ): Promise<UserIdentity> {
+    const users = await this.readFile();
+
+    const id = `user-${crypto.randomUUID().slice(0, 8)}`;
+    const now = Date.now();
+
+    const user: UserIdentity = {
+      id,
+      name,
+      role,
+      channels: options?.channels ?? [],
+      trustOverrides: {},
+      memoryPartition: options?.memoryPartition ?? `private:${id}`,
+      personalityRelationship: options?.personalityRelationship ?? 'default',
+      createdAt: now,
+      updatedAt: now,
+      lastActiveAt: now,
+    };
+
+    users.push(user);
+    await this.writeFile(users);
+    void audit('social.user_created', { id, name, role });
+    logger.debug('Created user', { id, name });
+    return user;
+  }
+
+  async getUser(id: string): Promise<UserIdentity | undefined> {
+    const users = await this.readFile();
+    return users.find(u => u.id === id);
+  }
+
+  async getUserByName(name: string): Promise<UserIdentity | undefined> {
+    const users = await this.readFile();
+    return users.find(u => u.name === name);
+  }
+
+  async updateUser(
+    id: string,
+    updates: Partial<Pick<UserIdentity, 'name' | 'role' | 'channels' | 'trustOverrides' | 'memoryPartition' | 'personalityRelationship'>>,
+  ): Promise<UserIdentity | undefined> {
+    const users = await this.readFile();
+    const user = users.find(u => u.id === id);
+    if (!user) return undefined;
+
+    if (updates.name !== undefined) user.name = updates.name;
+    if (updates.role !== undefined) user.role = updates.role;
+    if (updates.channels !== undefined) user.channels = updates.channels;
+    if (updates.trustOverrides !== undefined) user.trustOverrides = updates.trustOverrides;
+    if (updates.memoryPartition !== undefined) user.memoryPartition = updates.memoryPartition;
+    if (updates.personalityRelationship !== undefined) user.personalityRelationship = updates.personalityRelationship;
+    user.updatedAt = Date.now();
+
+    await this.writeFile(users);
+    void audit('social.user_updated', { id, updates: Object.keys(updates) });
+    logger.debug('Updated user', { id });
+    return user;
+  }
+
+  async deleteUser(id: string): Promise<boolean> {
+    const users = await this.readFile();
+    const filtered = users.filter(u => u.id !== id);
+    if (filtered.length === users.length) return false;
+
+    await this.writeFile(filtered);
+    void audit('social.user_deleted', { id });
+    logger.debug('Deleted user', { id });
+    return true;
+  }
+
+  async listUsers(): Promise<UserIdentity[]> {
+    return this.readFile();
+  }
+
+  async authenticateUser(channelType: string, senderId: string): Promise<UserIdentity | undefined> {
+    const users = await this.readFile();
+    const user = users.find(u =>
+      u.channels.some(c => c.channelType === channelType && c.senderId === senderId),
+    );
+
+    if (user) {
+      user.lastActiveAt = Date.now();
+      await this.writeFile(users);
+    }
+
+    return user;
+  }
+
+  async switchUser(userId: string, channelType: string, senderId: string): Promise<UserIdentity | undefined> {
+    const users = await this.readFile();
+    const user = users.find(u => u.id === userId);
+    if (!user) return undefined;
+
+    // Remove this channel mapping from any other user
+    for (const u of users) {
+      u.channels = u.channels.filter(
+        c => !(c.channelType === channelType && c.senderId === senderId),
+      );
+    }
+
+    // Add mapping to the target user
+    if (!user.channels.some(c => c.channelType === channelType && c.senderId === senderId)) {
+      user.channels.push({ channelType, senderId });
+    }
+    user.lastActiveAt = Date.now();
+    user.updatedAt = Date.now();
+
+    await this.writeFile(users);
+    void audit('social.user_switched', { userId, channelType, senderId });
+    return user;
+  }
+
+  private async readFile(): Promise<UserIdentity[]> {
+    try {
+      const content = await fs.readFile(this.filePath, 'utf-8');
+      return JSON.parse(content) as UserIdentity[];
+    } catch (error) {
+      if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
+        return [];
+      }
+      throw error;
+    }
+  }
+
+  private async writeFile(users: UserIdentity[]): Promise<void> {
+    const dir = path.dirname(this.filePath);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(this.filePath, JSON.stringify(users, null, 2), 'utf-8');
+  }
+}

package/src/user-resolver.ts

@@ -0,0 +1,98 @@
+import { getLogger } from '@auxiora/logger';
+import type { UserIdentity } from './types.js';
+import type { UserManager } from './user-manager.js';
+
+const logger = getLogger('social:user-resolver');
+
+/**
+ * Resolves channel senders to Auxiora user identities.
+ * Maps channel IDs (Discord, Telegram, Slack, etc.) to users.
+ */
+export class UserResolver {
+  constructor(private userManager: UserManager) {}
+
+  /**
+   * Resolve a channel sender to a user identity.
+   * Returns undefined if no user is mapped to this sender.
+   */
+  async resolveUser(
+    channelType: string,
+    senderId: string,
+  ): Promise<UserIdentity | undefined> {
+    const user = await this.userManager.authenticateUser(channelType, senderId);
+
+    if (user) {
+      logger.debug('Resolved user', { channelType, senderId, userId: user.id });
+    }
+
+    return user;
+  }
+
+  /**
+   * Resolve or create a default user for a channel sender.
+   * Creates a new viewer user if none is mapped.
+   */
+  async resolveOrCreate(
+    channelType: string,
+    senderId: string,
+    defaultName?: string,
+  ): Promise<UserIdentity> {
+    const existing = await this.resolveUser(channelType, senderId);
+    if (existing) return existing;
+
+    const name = defaultName ?? `${channelType}:${senderId}`;
+    const user = await this.userManager.createUser(name, 'viewer', {
+      channels: [{ channelType, senderId }],
+    });
+
+    logger.debug('Auto-created user for channel sender', {
+      channelType,
+      senderId,
+      userId: user.id,
+    });
+
+    return user;
+  }
+
+  /**
+   * Map a channel sender to an existing user.
+   */
+  async mapChannel(
+    userId: string,
+    channelType: string,
+    senderId: string,
+  ): Promise<boolean> {
+    const user = await this.userManager.getUser(userId);
+    if (!user) return false;
+
+    const existing = user.channels.find(
+      c => c.channelType === channelType && c.senderId === senderId,
+    );
+    if (existing) return true;
+
+    const channels = [...user.channels, { channelType, senderId }];
+    const updated = await this.userManager.updateUser(userId, { channels });
+    return updated !== undefined;
+  }
+
+  /**
+   * Remove a channel mapping from a user.
+   */
+  async unmapChannel(
+    userId: string,
+    channelType: string,
+    senderId: string,
+  ): Promise<boolean> {
+    const user = await this.userManager.getUser(userId);
+    if (!user) return false;
+
+    const channels = user.channels.filter(
+      c => !(c.channelType === channelType && c.senderId === senderId),
+    );
+
+    if (channels.length === user.channels.length) return false;
+
+    const updated = await this.userManager.updateUser(userId, { channels });
+    return updated !== undefined;
+  }
+}