@eduardbar/drift 1.2.0 → 1.4.0

package/src/saas/organization.ts

@@ -0,0 +1,99 @@
+import { resolve } from 'node:path'
+import type {
+  ChangeOrganizationPlanOptions,
+  SaasOrganizationUsageSnapshot,
+  SaasPlanChange,
+  SaasPlanChangeQueryOptions,
+  SaasUsageQueryOptions,
+} from './types.js'
+import { assertPermissionInStore, defaultSaasStorePath, loadStoreInternal, saveStore } from './store.js'
+import { monthKey, normalizePlan, workspaceKey } from './helpers.js'
+import { appendPlanChange } from './plan-change.js'
+
+export function changeOrganizationPlan(options: ChangeOrganizationPlanOptions): SaasPlanChange {
+  const storeFile = resolve(options.storeFile ?? defaultSaasStorePath())
+  const store = loadStoreInternal(storeFile, options.policy)
+  const nowIso = new Date().toISOString()
+
+  const organization = store.organizations[options.organizationId]
+  if (!organization) throw new Error(`Organization '${options.organizationId}' does not exist.`)
+
+  assertPermissionInStore(store, {
+    operation: 'billing:write',
+    organizationId: options.organizationId,
+    actorUserId: options.actorUserId,
+  })
+
+  const nextPlan = normalizePlan(options.newPlan)
+  if (organization.plan === nextPlan) {
+    const unchanged = appendPlanChange(store, {
+      organizationId: organization.id,
+      fromPlan: organization.plan,
+      toPlan: nextPlan,
+      changedAt: nowIso,
+      changedByUserId: options.actorUserId,
+      reason: options.reason,
+    })
+    saveStore(storeFile, store)
+    return unchanged
+  }
+
+  const previousPlan = organization.plan
+  organization.plan = nextPlan
+  organization.lastSeenAt = nowIso
+  const change = appendPlanChange(store, {
+    organizationId: organization.id,
+    fromPlan: previousPlan,
+    toPlan: nextPlan,
+    changedAt: nowIso,
+    changedByUserId: options.actorUserId,
+    reason: options.reason,
+  })
+  saveStore(storeFile, store)
+  return change
+}
+
+export function listOrganizationPlanChanges(options: SaasPlanChangeQueryOptions): SaasPlanChange[] {
+  const storeFile = resolve(options.storeFile ?? defaultSaasStorePath())
+  const store = loadStoreInternal(storeFile, options.policy)
+
+  assertPermissionInStore(store, {
+    operation: 'billing:read',
+    organizationId: options.organizationId,
+    actorUserId: options.actorUserId,
+  })
+
+  return store.planChanges
+    .filter((change) => change.organizationId === options.organizationId)
+    .sort((a, b) => b.changedAt.localeCompare(a.changedAt))
+}
+
+export function getOrganizationUsageSnapshot(options: SaasUsageQueryOptions): SaasOrganizationUsageSnapshot {
+  const storeFile = resolve(options.storeFile ?? defaultSaasStorePath())
+  const store = loadStoreInternal(storeFile, options.policy)
+
+  assertPermissionInStore(store, {
+    operation: 'billing:read',
+    organizationId: options.organizationId,
+    actorUserId: options.actorUserId,
+  })
+
+  const organization = store.organizations[options.organizationId]
+  if (!organization) throw new Error(`Organization '${options.organizationId}' does not exist.`)
+
+  const month = options.month ?? monthKey(new Date().toISOString())
+  const organizationRunSnapshots = store.snapshots.filter((snapshot) => snapshot.organizationId === options.organizationId)
+
+  return {
+    organizationId: options.organizationId,
+    plan: organization.plan,
+    capturedAt: new Date().toISOString(),
+    workspaceCount: organization.workspaceIds.length,
+    repoCount: organization.workspaceIds
+      .map((workspaceId) => store.workspaces[workspaceKey(options.organizationId, workspaceId)])
+      .filter((workspace) => Boolean(workspace))
+      .reduce((count, workspace) => count + workspace.repoIds.length, 0),
+    runCount: organizationRunSnapshots.length,
+    runCountThisMonth: organizationRunSnapshots.filter((snapshot) => monthKey(snapshot.createdAt) === month).length,
+  }
+}

package/src/saas/plan-change.ts

@@ -0,0 +1,19 @@
+import type { SaasPlan, SaasPlanChange, SaasStore } from './types.js'
+import { createRandomId } from './constants.js'
+
+export function appendPlanChange(
+  store: SaasStore,
+  input: { organizationId: string; fromPlan: SaasPlan; toPlan: SaasPlan; changedByUserId: string; reason?: string; changedAt: string },
+): SaasPlanChange {
+  const change: SaasPlanChange = {
+    id: createRandomId(input.changedAt),
+    organizationId: input.organizationId,
+    fromPlan: input.fromPlan,
+    toPlan: input.toPlan,
+    changedAt: input.changedAt,
+    changedByUserId: input.changedByUserId,
+    reason: input.reason,
+  }
+  store.planChanges.push(change)
+  return change
+}

package/src/saas/store.ts

@@ -0,0 +1,172 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { dirname, resolve } from 'node:path'
+import type { SaasEffectiveLimits, SaasOperation, SaasPermissionContext, SaasPermissionResult, SaasPlan, SaasPolicyOverrides, SaasRole, SaasStore, SaasWorkspace } from './types.js'
+import { DEFAULT_ORGANIZATION_ID, REQUIRED_ROLE_BY_OPERATION, ROLE_PRIORITY, STORE_VERSION } from './constants.js'
+import { SaasActorRequiredError, SaasPermissionError } from './errors.js'
+import { hasRoleAtLeast, membershipKey, mergePolicy, normalizePlan, resolveSaasPolicy } from './helpers.js'
+
+const HOURS_PER_DAY = 24
+const MINUTES_PER_HOUR = 60
+const SECONDS_PER_MINUTE = 60
+const MILLISECONDS_PER_SECOND = 1000
+
+export function defaultSaasStorePath(root = '.'): string {
+  return resolve(root, '.drift-cloud', 'store.json')
+}
+
+function createEmptyStore(policy?: SaasPolicyOverrides): SaasStore {
+  return {
+    version: STORE_VERSION,
+    policy: resolveSaasPolicy(policy),
+    users: {},
+    organizations: {},
+    workspaces: {},
+    memberships: {},
+    repos: {},
+    snapshots: [],
+    planChanges: [],
+  }
+}
+
+function ensureStoreFile(storeFile: string, policy?: SaasPolicyOverrides): void {
+  const dir = dirname(storeFile)
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+  if (!existsSync(storeFile)) {
+    const initial = createEmptyStore(policy)
+    writeFileSync(storeFile, JSON.stringify(initial, null, 2), 'utf8')
+  }
+}
+
+function applyStoreEntityDefaults(store: SaasStore): void {
+  for (const workspace of Object.values(store.workspaces)) {
+    if (!workspace.organizationId) workspace.organizationId = DEFAULT_ORGANIZATION_ID
+  }
+  for (const repo of Object.values(store.repos)) {
+    if (!repo.organizationId) repo.organizationId = DEFAULT_ORGANIZATION_ID
+  }
+  for (const snapshot of store.snapshots) {
+    if (!snapshot.organizationId) snapshot.organizationId = DEFAULT_ORGANIZATION_ID
+    if (!snapshot.plan) snapshot.plan = 'free'
+    if (!snapshot.role) snapshot.role = 'member'
+  }
+}
+
+function ensureOrganizationFromWorkspace(store: SaasStore, workspace: SaasWorkspace): void {
+  const orgId = workspace.organizationId
+  const existingOrg = store.organizations[orgId]
+
+  if (!existingOrg) {
+    store.organizations[orgId] = {
+      id: orgId,
+      plan: 'free',
+      createdAt: workspace.createdAt,
+      lastSeenAt: workspace.lastSeenAt,
+      workspaceIds: [workspace.id],
+    }
+    return
+  }
+
+  if (!existingOrg.workspaceIds.includes(workspace.id)) existingOrg.workspaceIds.push(workspace.id)
+  if (workspace.lastSeenAt > existingOrg.lastSeenAt) existingOrg.lastSeenAt = workspace.lastSeenAt
+}
+
+function hydrateOrganizationsFromWorkspaces(store: SaasStore): void {
+  for (const workspace of Object.values(store.workspaces)) {
+    ensureOrganizationFromWorkspace(store, workspace)
+  }
+}
+
+export function applyRetentionPolicy(store: SaasStore): void {
+  const millisecondsPerDay = HOURS_PER_DAY * MINUTES_PER_HOUR * SECONDS_PER_MINUTE * MILLISECONDS_PER_SECOND
+  const cutoff = Date.now() - store.policy.retentionDays * millisecondsPerDay
+  store.snapshots = store.snapshots.filter((snapshot) => new Date(snapshot.createdAt).getTime() >= cutoff)
+}
+
+export function saveStore(storeFile: string, store: SaasStore): void {
+  writeFileSync(storeFile, JSON.stringify(store, null, 2), 'utf8')
+}
+
+export function loadStoreInternal(storeFile: string, policy?: SaasPolicyOverrides): SaasStore {
+  ensureStoreFile(storeFile, policy)
+  const raw = readFileSync(storeFile, 'utf8')
+  const parsed = JSON.parse(raw) as Partial<SaasStore>
+
+  const merged = createEmptyStore(parsed.policy)
+  merged.version = parsed.version ?? STORE_VERSION
+  merged.users = parsed.users ?? {}
+  merged.organizations = parsed.organizations ?? {}
+  merged.workspaces = parsed.workspaces ?? {}
+  merged.memberships = parsed.memberships ?? {}
+  merged.repos = parsed.repos ?? {}
+  merged.snapshots = parsed.snapshots ?? []
+  merged.planChanges = parsed.planChanges ?? []
+  merged.policy = mergePolicy(policy, merged.policy)
+
+  applyStoreEntityDefaults(merged)
+  hydrateOrganizationsFromWorkspaces(merged)
+  applyRetentionPolicy(merged)
+
+  return merged
+}
+
+function resolveActorRole(store: SaasStore, organizationId: string, actorUserId: string, workspaceId?: string): SaasRole | undefined {
+  if (workspaceId) {
+    const scopedMembershipId = membershipKey(organizationId, workspaceId, actorUserId)
+    return store.memberships[scopedMembershipId]?.role
+  }
+
+  let highestRole: SaasRole | undefined
+  for (const membership of Object.values(store.memberships)) {
+    if (membership.organizationId !== organizationId) continue
+    if (membership.userId !== actorUserId) continue
+    if (!highestRole || ROLE_PRIORITY[membership.role] > ROLE_PRIORITY[highestRole]) highestRole = membership.role
+    if (highestRole === 'owner') break
+  }
+  return highestRole
+}
+
+export function assertPermissionInStore(store: SaasStore, context: SaasPermissionContext): SaasPermissionResult {
+  const requiredRole = REQUIRED_ROLE_BY_OPERATION[context.operation]
+  if (!context.actorUserId) {
+    if (store.policy.strictActorEnforcement) throw new SaasActorRequiredError(context)
+    return { requiredRole }
+  }
+
+  const actorRole = resolveActorRole(store, context.organizationId, context.actorUserId, context.workspaceId)
+  if (!hasRoleAtLeast(actorRole, requiredRole)) {
+    throw new SaasPermissionError(context, requiredRole, actorRole)
+  }
+
+  return { requiredRole, actorRole }
+}
+
+export function getRequiredRoleForOperation(operation: SaasOperation): SaasRole {
+  return REQUIRED_ROLE_BY_OPERATION[operation]
+}
+
+export function assertSaasPermission(
+  context: SaasPermissionContext & { storeFile?: string; policy?: SaasPolicyOverrides },
+): SaasPermissionResult {
+  const storeFile = resolve(context.storeFile ?? defaultSaasStorePath())
+  const store = loadStoreInternal(storeFile, context.policy)
+  return assertPermissionInStore(store, context)
+}
+
+export function getSaasEffectiveLimits(input: { plan: SaasPlan; policy?: SaasPolicyOverrides }): SaasEffectiveLimits {
+  const policy = resolveSaasPolicy(input.policy)
+  const plan = normalizePlan(input.plan)
+  return {
+    plan,
+    maxWorkspaces: policy.maxWorkspacesPerOrganizationByPlan[plan],
+    maxReposPerWorkspace: policy.maxReposPerWorkspace,
+    maxRunsPerWorkspacePerMonth: policy.maxRunsPerWorkspacePerMonth,
+    retentionDays: policy.retentionDays,
+  }
+}
+
+export function getOrganizationEffectiveLimits(options: { organizationId: string; storeFile?: string; policy?: SaasPolicyOverrides }): SaasEffectiveLimits {
+  const storeFile = resolve(options.storeFile ?? defaultSaasStorePath())
+  const store = loadStoreInternal(storeFile, options.policy)
+  const plan = normalizePlan(store.organizations[options.organizationId]?.plan)
+  return getSaasEffectiveLimits({ plan, policy: store.policy })
+}

package/src/saas/types.ts

@@ -0,0 +1,216 @@
+import type { DriftConfig, DriftReport } from '../types.js'
+
+export interface SaasPolicy {
+  freeUserThreshold: number
+  maxRunsPerWorkspacePerMonth: number
+  maxReposPerWorkspace: number
+  retentionDays: number
+  strictActorEnforcement: boolean
+  maxWorkspacesPerOrganizationByPlan: Record<SaasPlan, number>
+}
+
+export type SaasRole = 'owner' | 'member' | 'viewer'
+export type SaasPlan = 'free' | 'sponsor' | 'team' | 'business'
+
+export interface SaasUser {
+  id: string
+  createdAt: string
+  lastSeenAt: string
+}
+
+export interface SaasOrganization {
+  id: string
+  plan: SaasPlan
+  createdAt: string
+  lastSeenAt: string
+  workspaceIds: string[]
+}
+
+export interface SaasWorkspace {
+  id: string
+  organizationId: string
+  createdAt: string
+  lastSeenAt: string
+  userIds: string[]
+  repoIds: string[]
+}
+
+export interface SaasRepo {
+  id: string
+  organizationId: string
+  workspaceId: string
+  name: string
+  createdAt: string
+  lastSeenAt: string
+}
+
+export interface SaasMembership {
+  id: string
+  organizationId: string
+  workspaceId: string
+  userId: string
+  role: SaasRole
+  createdAt: string
+  lastSeenAt: string
+}
+
+export interface SaasPlanChange {
+  id: string
+  organizationId: string
+  fromPlan: SaasPlan
+  toPlan: SaasPlan
+  changedAt: string
+  changedByUserId: string
+  reason?: string
+}
+
+export interface SaasSnapshot {
+  id: string
+  createdAt: string
+  scannedAt: string
+  organizationId: string
+  workspaceId: string
+  userId: string
+  role: SaasRole
+  plan: SaasPlan
+  repoId: string
+  repoName: string
+  targetPath: string
+  totalScore: number
+  totalIssues: number
+  totalFiles: number
+  summary: {
+    errors: number
+    warnings: number
+    infos: number
+  }
+}
+
+export interface SaasStore {
+  version: number
+  policy: SaasPolicy
+  users: Record<string, SaasUser>
+  organizations: Record<string, SaasOrganization>
+  workspaces: Record<string, SaasWorkspace>
+  memberships: Record<string, SaasMembership>
+  repos: Record<string, SaasRepo>
+  snapshots: SaasSnapshot[]
+  planChanges: SaasPlanChange[]
+}
+
+export type SaasOperation = 'snapshot:write' | 'snapshot:read' | 'summary:read' | 'billing:write' | 'billing:read'
+
+export interface SaasPermissionContext {
+  operation: SaasOperation
+  organizationId: string
+  workspaceId?: string
+  actorUserId?: string
+}
+
+export interface SaasPermissionResult {
+  actorRole?: SaasRole
+  requiredRole: SaasRole
+}
+
+export interface SaasEffectiveLimits {
+  plan: SaasPlan
+  maxWorkspaces: number
+  maxReposPerWorkspace: number
+  maxRunsPerWorkspacePerMonth: number
+  retentionDays: number
+}
+
+export interface SaasOrganizationUsageSnapshot {
+  organizationId: string
+  plan: SaasPlan
+  capturedAt: string
+  workspaceCount: number
+  repoCount: number
+  runCount: number
+  runCountThisMonth: number
+}
+
+export interface ChangeOrganizationPlanOptions {
+  organizationId: string
+  actorUserId: string
+  newPlan: SaasPlan
+  reason?: string
+  storeFile?: string
+  policy?: SaasPolicyOverrides
+}
+
+export interface SaasUsageQueryOptions {
+  organizationId: string
+  month?: string
+  storeFile?: string
+  policy?: SaasPolicyOverrides
+  actorUserId?: string
+}
+
+export interface SaasPlanChangeQueryOptions {
+  organizationId: string
+  storeFile?: string
+  policy?: SaasPolicyOverrides
+  actorUserId?: string
+}
+
+export interface SaasSummary {
+  policy: SaasPolicy
+  usersRegistered: number
+  workspacesActive: number
+  reposActive: number
+  runsPerMonth: Record<string, number>
+  totalSnapshots: number
+  phase: 'free' | 'paid'
+  thresholdReached: boolean
+  freeUsersRemaining: number
+}
+
+export interface SaasPolicyOverrides {
+  freeUserThreshold?: number
+  maxRunsPerWorkspacePerMonth?: number
+  maxReposPerWorkspace?: number
+  retentionDays?: number
+  strictActorEnforcement?: boolean
+  maxWorkspacesPerOrganizationByPlan?: Partial<Record<SaasPlan, number>>
+}
+
+export interface SaasQueryOptions {
+  storeFile?: string
+  policy?: SaasPolicyOverrides
+  organizationId?: string
+  workspaceId?: string
+  actorUserId?: string
+}
+
+export interface IngestOptions {
+  organizationId?: string
+  workspaceId: string
+  userId: string
+  role?: SaasRole
+  plan?: SaasPlan
+  repoName?: string
+  actorUserId?: string
+  storeFile?: string
+  policy?: SaasPolicyOverrides
+}
+
+export interface ScopedIdentity {
+  organizationId: string
+  workspaceId: string
+  workspaceKey: string
+  repoName: string
+  repoId: string
+}
+
+export interface IngestMutationContext {
+  store: SaasStore
+  scoped: ScopedIdentity
+  options: IngestOptions
+  nowIso: string
+  requestedPlan: SaasPlan
+}
+
+export type SaasPolicyInput = SaasPolicyOverrides | DriftConfig['saas'] | undefined
+
+export type DriftReportInput = DriftReport