@cgh567/agent 2.4.1 → 2.4.3

package/daemon/lib/blast-radius-analyzer.js

@@ -1,75 +0,0 @@
-'use strict';
-
-const { execFile } = require('child_process');
-const { promisify } = require('util');
-const execFileAsync = promisify(execFile);
-
-/**
- * BlastRadiusAnalyzer — measures the impact of a HED operation's execution.
- * Compares declared target vs actual changes (git diff + Memgraph diff).
- */
-
-class BlastRadiusAnalyzer {
-  constructor(mg, repoPath) {
-    this._mg = mg;
-    this._repoPath = repoPath || process.cwd();
-  }
-
-  async analyze(opId, operation, executionLockedAt, completedAt) {
-    const [filesChanged, nodesAffected] = await Promise.allSettled([
-      this._getChangedFiles(operation.target),
-      this._getChangedNodes(executionLockedAt, completedAt)
-    ]);
-
-    const changedFiles = filesChanged.status === 'fulfilled' ? filesChanged.value : [];
-    const changedNodes = nodesAffected.status === 'fulfilled' ? nodesAffected.value : [];
-
-    const outsideTarget = changedFiles.filter(f => !f.includes(operation.target || ''));
-    const severity = this._computeSeverity(outsideTarget, changedNodes);
-
-    return {
-      filesChanged: outsideTarget,
-      allFilesChanged: changedFiles,
-      nodesAffected: changedNodes,
-      severity,
-      opId
-    };
-  }
-
-  async _getChangedFiles(declaredTarget) {
-    try {
-      const { stdout } = await execFileAsync('git', ['diff', '--name-only', 'HEAD~1'], {
-        cwd: this._repoPath,
-        windowsHide: true
-      });
-      return stdout.trim().split('\n').filter(Boolean);
-    } catch {
-      return [];
-    }
-  }
-
-  async _getChangedNodes(executionLockedAt, completedAt) {
-    if (!executionLockedAt || !completedAt) return [];
-    try {
-      const rows = await this._mg(
-        `MATCH (n) WHERE n.updatedAt >= $from AND n.updatedAt <= $to
-         RETURN DISTINCT labels(n)[0] AS label, count(n) AS count LIMIT 20`,
-        { from: executionLockedAt, to: completedAt }
-      );
-      return (rows || []).map(r => `${r.label}(${r.count})`);
-    } catch {
-      return [];
-    }
-  }
-
-  _computeSeverity(outsideFiles, changedNodes) {
-    const score = outsideFiles.length * 2 + changedNodes.length;
-    if (score === 0) return 'none';
-    if (score <= 2) return 'low';
-    if (score <= 6) return 'medium';
-    if (score <= 12) return 'high';
-    return 'critical';
-  }
-}
-
-module.exports = { BlastRadiusAnalyzer };

package/daemon/lib/domain-bootstrap-orchestrator.js

@@ -1,267 +0,0 @@
-'use strict';
-/**
- * DomainBootstrapOrchestrator — drives DomainBootstrapJob through all stages.
- *
- * Stage machine:
- *   domain_search → domain_candidates_generated → domain_selected [HITL]
- *   → domain_registered [HITL] → resend_provisioned → dns_configured
- *   → dns_verified → forwarding_configured → email_channel_created → complete
- *
- * HITL gates at domain_selected (human picks domain) and domain_registered
- * (human confirms purchase). Both create Approval nodes that surface in
- * the Inbox → Approvals tab.
- *
- * Inbound: Porkbun email forwarding (company@domain → founder's personal inbox)
- * Outbound: Resend (sends FROM company@domain)
- */
-
-const STAGES = [
-  'domain_search',
-  'domain_candidates_generated',
-  'domain_selected',       // HITL gate
-  'domain_registered',     // HITL gate (money)
-  'resend_provisioned',
-  'dns_configured',
-  'dns_verified',
-  'forwarding_configured',
-  'email_channel_created',
-  'complete',
-];
-
-class DomainBootstrapOrchestrator {
-  constructor(mgQuery, companyId, log) {
-    this._mg = mgQuery;
-    this._companyId = companyId;
-    this._log = log || ((level, msg, meta) => console.log(`[domain-bootstrap] ${msg}`, meta || ''));
-  }
-
-  /**
-   * Called every N ticks. Finds pending jobs for this company and advances them.
-   */
-  async checkPendingJobs() {
-    let EmailInfraStore, PorkbunApiClient, ResendApiClient, generateDomainCandidates, pollDnsRecord;
-    try {
-      EmailInfraStore = require('../lib/email-infrastructure-store').EmailInfraStore;
-      PorkbunApiClient = require('../lib/porkbun-api').PorkbunApiClient;
-      ResendApiClient = require('../lib/resend-api').ResendApiClient;
-      generateDomainCandidates = require('../lib/domain-candidate-generator').generateDomainCandidates;
-      pollDnsRecord = require('../lib/dns-propagation').pollDnsRecord;
-    } catch (e) {
-      this._log('warn', `domain-bootstrap: missing dependency — ${e.message}`);
-      return;
-    }
-
-    const store = new EmailInfraStore(this._mg);
-    const jobs = await store.getBootstrapJobs(this._companyId, 'pending').catch(() => []);
-
-    for (const job of jobs) {
-      try {
-        await this._advanceJob(job, store, { PorkbunApiClient, ResendApiClient, generateDomainCandidates, pollDnsRecord });
-      } catch (err) {
-        this._log('error', `domain-bootstrap: job ${job.id} failed at stage ${job.currentStage}: ${err.message}`);
-        await store.updateBootstrapJob(job.id, { lastError: err.message, errorAt: new Date().toISOString() }).catch(() => {});
-      }
-    }
-  }
-
-  async _advanceJob(job, store, deps) {
-    const { PorkbunApiClient, ResendApiClient, generateDomainCandidates, pollDnsRecord } = deps;
-
-    switch (job.currentStage) {
-      case 'domain_search': {
-        // Generate domain candidates from company name
-        const companyRow = await this._mg(
-          `MATCH (c:Company {id: $cid}) RETURN c.name AS name`, { cid: this._companyId }
-        );
-        const companyName = companyRow?.rows?.[0]?.[0] || this._companyId;
-        const candidates = generateDomainCandidates(companyName, { tlds: ['.com', '.io', '.co'], maxCandidates: 15 });
-
-        // Check availability via Porkbun (if key available, else skip availability check)
-        let enrichedCandidates = candidates;
-        if (process.env.PORKBUN_API_KEY) {
-          const porkbun = new PorkbunApiClient();
-          enrichedCandidates = await Promise.allSettled(
-            candidates.map(async c => ({
-              domain: c,
-              available: await porkbun.checkDomain(c).then(r => r.status === 'AVAILABLE').catch(() => null),
-              price: await porkbun.getPricing([c.split('.').pop()]).then(r => r[0]?.registration || null).catch(() => null),
-            }))
-          ).then(results => results.filter(r => r.status === 'fulfilled').map(r => r.value));
-        } else {
-          enrichedCandidates = candidates.map(c => ({ domain: c, available: null, price: null }));
-          this._log('warn', 'domain-bootstrap: PORKBUN_API_KEY not set — skipping availability check');
-        }
-
-        await store.updateBootstrapJob(job.id, {
-          currentStage: 'domain_candidates_generated',
-          domainCandidates: JSON.stringify(enrichedCandidates),
-        });
-
-        // Create HITL Approval for domain selection
-        const approvalId = `approval:domain-select:${job.id}`;
-        await this._mg(
-          `MERGE (a:Approval {id: $aid})
-           ON CREATE SET
-             a.companyId = $cid, a.type = 'domain_selection', a.status = 'pending',
-             a.jobId = $jobId, a.candidates = $candidates,
-             a.message = 'Choose a domain for your company email',
-             a.createdAt = localdatetime()`,
-          { aid: approvalId, cid: this._companyId, jobId: job.id, candidates: JSON.stringify(enrichedCandidates.slice(0, 8)) }
-        );
-        this._log('info', `domain-bootstrap: ${enrichedCandidates.length} candidates generated, HITL approval created`);
-        break;
-      }
-
-      case 'domain_candidates_generated': {
-        // Wait for HITL approval (domain selection)
-        const approval = await this._mg(
-          `MATCH (a:Approval {type: 'domain_selection', jobId: $jobId}) RETURN a.status, a.selectedDomain LIMIT 1`,
-          { jobId: job.id }
-        );
-        const status = approval?.rows?.[0]?.[0];
-        const selectedDomain = approval?.rows?.[0]?.[1];
-        if (status === 'approved' && selectedDomain) {
-          await store.updateBootstrapJob(job.id, { currentStage: 'domain_selected', selectedDomain });
-
-          // Create HITL Approval for purchase confirmation
-          const purchaseApprovalId = `approval:domain-purchase:${job.id}`;
-          await this._mg(
-            `MERGE (a:Approval {id: $aid})
-             ON CREATE SET
-               a.companyId = $cid, a.type = 'domain_purchase', a.status = 'pending',
-               a.jobId = $jobId, a.domain = $domain,
-               a.message = $msg, a.createdAt = localdatetime()`,
-            { aid: purchaseApprovalId, cid: this._companyId, jobId: job.id, domain: selectedDomain,
-              msg: `Confirm purchase of ${selectedDomain} for your company email. This will charge your Porkbun account.` }
-          );
-          this._log('info', `domain-bootstrap: domain ${selectedDomain} selected, purchase confirmation requested`);
-        }
-        break;
-      }
-
-      case 'domain_selected': {
-        // Wait for purchase HITL approval
-        const approval = await this._mg(
-          `MATCH (a:Approval {type: 'domain_purchase', jobId: $jobId}) RETURN a.status LIMIT 1`,
-          { jobId: job.id }
-        );
-        const status = approval?.rows?.[0]?.[0];
-        if (status === 'approved') {
-          if (!process.env.PORKBUN_API_KEY) {
-            this._log('warn', 'domain-bootstrap: PORKBUN_API_KEY not set — cannot register domain');
-            break;
-          }
-          const porkbun = new PorkbunApiClient();
-          await porkbun.registerDomain(job.selectedDomain, 1, false);
-          await store.updateBootstrapJob(job.id, { currentStage: 'domain_registered' });
-          this._log('info', `domain-bootstrap: domain ${job.selectedDomain} registered`);
-        }
-        break;
-      }
-
-      case 'domain_registered': {
-        if (!process.env.RESEND_API_KEY) {
-          this._log('warn', 'domain-bootstrap: RESEND_API_KEY not set — cannot provision outbound email');
-          break;
-        }
-        const resend = new ResendApiClient();
-        const resendDomain = await resend.addDomain(job.selectedDomain);
-        const dnsRecords = await resend.getDomainDnsRecords(resendDomain.id);
-        await store.updateBootstrapJob(job.id, {
-          currentStage: 'resend_provisioned',
-          resendDomainId: resendDomain.id,
-          resendDnsRecords: JSON.stringify(dnsRecords),
-        });
-        this._log('info', `domain-bootstrap: Resend provisioned, ${dnsRecords.length} DNS records needed`);
-        break;
-      }
-
-      case 'resend_provisioned': {
-        if (!process.env.PORKBUN_API_KEY) break;
-        const porkbun = new PorkbunApiClient();
-        const dnsRecords = JSON.parse(job.resendDnsRecords || '[]');
-        for (const record of dnsRecords) {
-          await porkbun.createDnsRecord(job.selectedDomain, record).catch(e =>
-            this._log('warn', `domain-bootstrap: DNS record creation failed: ${e.message}`)
-          );
-        }
-        await store.updateBootstrapJob(job.id, { currentStage: 'dns_configured' });
-        this._log('info', `domain-bootstrap: DNS records configured, waiting for propagation`);
-        break;
-      }
-
-      case 'dns_configured': {
-        // Poll for DNS propagation (non-blocking — will be re-checked next tick)
-        const verified = await pollDnsRecord(job.selectedDomain, 'MX', { maxAttempts: 3, intervalMs: 5000 }).catch(() => false);
-        if (verified) {
-          if (process.env.RESEND_API_KEY) {
-            const resend = new ResendApiClient();
-            await resend.verifyDomain(job.resendDomainId).catch(() => {});
-          }
-          await store.updateBootstrapJob(job.id, { currentStage: 'dns_verified' });
-          this._log('info', `domain-bootstrap: DNS verified for ${job.selectedDomain}`);
-        }
-        break;
-      }
-
-      case 'dns_verified': {
-        // Set up email forwarding: company@domain → founder's personal inbox
-        // Get the company's EmailAccount to find the forwarding target
-        const accounts = await this._mg(
-          `MATCH (c:Company {id: $cid})-[:HAS_EMAIL_ACCOUNT]->(a:EmailAccount) RETURN a.email LIMIT 1`,
-          { cid: this._companyId }
-        );
-        const forwardTo = accounts?.rows?.[0]?.[0];
-        if (forwardTo && process.env.PORKBUN_API_KEY) {
-          const porkbun = new PorkbunApiClient();
-          const infoAlias = `info@${job.selectedDomain}`;
-          await porkbun.createEmailForward(job.selectedDomain, 'info', forwardTo).catch(e =>
-            this._log('warn', `domain-bootstrap: email forward creation failed: ${e.message}`)
-          );
-          await store.updateBootstrapJob(job.id, { currentStage: 'forwarding_configured', companyEmail: infoAlias });
-          this._log('info', `domain-bootstrap: ${infoAlias} → ${forwardTo} forwarding configured`);
-        } else {
-          // No forwarding target — skip to channel creation
-          const companyEmail = `info@${job.selectedDomain}`;
-          await store.updateBootstrapJob(job.id, { currentStage: 'forwarding_configured', companyEmail });
-        }
-        break;
-      }
-
-      case 'forwarding_configured': {
-        // Create EmailAccount node + EmailChannel
-        const accountSlug = job.companyEmail.replace('@', '-at-').replace(/\./g, '-');
-        const accountId = `acct:${this._companyId}:${accountSlug}`;
-        await this._mg(
-          `MERGE (a:EmailAccount {id: $aid})
-           ON CREATE SET
-             a.companyId = $cid, a.email = $email, a.provider = 'resend',
-             a.authMethod = 'resend-api', a.enabled = true,
-             a.domain = $domain, a.resendDomainId = $resendId,
-             a.createdAt = localdatetime()
-           WITH a
-           MATCH (c:Company {id: $cid})
-           MERGE (c)-[:HAS_EMAIL_ACCOUNT]->(a)`,
-          { aid: accountId, cid: this._companyId, email: job.companyEmail,
-            domain: job.selectedDomain, resendId: job.resendDomainId || null }
-        );
-        await store.updateBootstrapJob(job.id, { currentStage: 'email_channel_created', emailAccountId: accountId });
-        // Broadcast SSE so wizard/frontend knows setup is complete
-        this._log('info', `domain-bootstrap: EmailAccount ${accountId} created`);
-        break;
-      }
-
-      case 'email_channel_created': {
-        await store.updateBootstrapJob(job.id, { currentStage: 'complete', completedAt: new Date().toISOString() });
-        this._log('info', `domain-bootstrap: job ${job.id} complete — ${job.companyEmail} ready`);
-        break;
-      }
-
-      default:
-        // Job is at complete or unknown stage — nothing to do
-        break;
-    }
-  }
-}
-
-module.exports = { DomainBootstrapOrchestrator, STAGES };

package/daemon/lib/forensic-log.js

@@ -1,113 +0,0 @@
-/**
- * forensic-log.js — Pino-based request/response logger for helios-api.js
- *
- * Usage:
- *   const { forensicLog, createRequestLogger } = require('./lib/forensic-log');
- *
- *   // In the route() function, at the top:
- *   const reqLog = createRequestLogger(req);
- *   reqLog.info('request received');
- *
- *   // At the end:
- *   reqLog.info({ statusCode: 200, durationMs: Date.now() - startMs }, 'response sent');
- *
- * Environment variables:
- *   HELIOS_TRACE_REQUESTS=1   — log every HTTP request + response duration
- *   HELIOS_TRACE_SSE=1        — log every SSE event broadcast
- *   HELIOS_LOG_LEVEL          — pino log level (default: 'info')
- *   LOG_LEVEL                 — fallback log level
- */
-'use strict';
-
-let pino;
-try {
-  pino = require('pino');
-} catch {
-  // Fallback if pino not installed — use the daemon's existing log format
-  pino = null;
-}
-
-const LOG_LEVEL = process.env.HELIOS_LOG_LEVEL || process.env.LOG_LEVEL || 'info';
-
-// Base forensic logger — writes to stderr so it doesn't pollute daemon stdout JSONL
-const forensicLog = pino
-  ? pino(
-      {
-        level: LOG_LEVEL,
-        name: 'helios-api',
-        timestamp: pino.stdTimeFunctions.isoTime,
-        // Redact auth tokens from logs
-        redact: {
-          paths: [
-            'req.headers.authorization',
-            'headers.authorization',
-            'token',
-            'apiToken',
-          ],
-          censor: '[REDACTED]',
-        },
-        // Remove pid/hostname to keep logs lean
-        base: null,
-      },
-      // fd 2 = stderr — daemon stdout is reserved for JSONL agent events
-      pino.destination({ dest: 2, sync: false })
-    )
-  : {
-      // Minimal fallback when pino is unavailable
-      info: (obj, msg) =>
-        process.stderr.write(
-          JSON.stringify({ ts: new Date().toISOString(), level: 'info', ...(typeof obj === 'string' ? { msg: obj } : obj), ...(msg ? { msg } : {}) }) + '\n'
-        ),
-      warn: (obj, msg) =>
-        process.stderr.write(
-          JSON.stringify({ ts: new Date().toISOString(), level: 'warn', ...(typeof obj === 'string' ? { msg: obj } : obj), ...(msg ? { msg } : {}) }) + '\n'
-        ),
-      error: (obj, msg) =>
-        process.stderr.write(
-          JSON.stringify({ ts: new Date().toISOString(), level: 'error', ...(typeof obj === 'string' ? { msg: obj } : obj), ...(msg ? { msg } : {}) }) + '\n'
-        ),
-      debug: () => {},
-      child(ctx) {
-        const parent = this;
-        return {
-          ...parent,
-          info:  (obj, msg) => parent.info({ ...ctx, ...(typeof obj === 'string' ? { msg: obj } : obj) }, msg),
-          warn:  (obj, msg) => parent.warn({ ...ctx, ...(typeof obj === 'string' ? { msg: obj } : obj) }, msg),
-          error: (obj, msg) => parent.error({ ...ctx, ...(typeof obj === 'string' ? { msg: obj } : obj) }, msg),
-          debug: () => {},
-        };
-      },
-    };
-
-let _reqCounter = 0;
-
-/**
- * Create a child logger bound to a specific HTTP request.
- * Every log line from this child includes method, url, requestId.
- */
-function createRequestLogger(req) {
-  const requestId =
-    req.headers['x-request-id'] || `req-${(++_reqCounter).toString().padStart(6, '0')}`;
-  return forensicLog.child({
-    requestId,
-    method: req.method,
-    url: req.url,
-    remoteAddr: req.socket && req.socket.remoteAddress,
-  });
-}
-
-/**
- * Log an SSE connection lifecycle event.
- */
-function logSseEvent(event, data) {
-  forensicLog.info({ sseEvent: event, ...data }, `[sse] ${event}`);
-}
-
-/**
- * Log a task dispatch event (agent → daemon).
- */
-function logTaskDispatch(event, data) {
-  forensicLog.info({ dispatchEvent: event, ...data }, `[dispatch] ${event}`);
-}
-
-module.exports = { forensicLog, createRequestLogger, logSseEvent, logTaskDispatch };