@equilateral_ai/mindmeld 3.0.0

package/src/handlers/collaborators/collaboratorInvite.js

@@ -0,0 +1,218 @@
+/**
+ * Collaborator Invite Handler
+ * Sends invitation email to a collaborator
+ *
+ * POST /api/projects/{projectId}/collaborators/{collaboratorEmail}/invite
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+const { SESClient, SendEmailCommand } = require('@aws-sdk/client-ses');
+
+const ses = new SESClient({ region: process.env.AWS_REGION || 'us-east-2' });
+
+/**
+ * Send invitation email to collaborator
+ * Requires owner or admin role on project
+ */
+async function inviteCollaborator({ pathParameters = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const inviterEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { projectId, collaboratorEmail } = pathParameters;
+
+        if (!inviterEmail) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!projectId || !collaboratorEmail) {
+            return createErrorResponse(400, 'projectId and collaboratorEmail are required');
+        }
+
+        const targetEmail = decodeURIComponent(collaboratorEmail);
+
+        // Check inviter has permission and get project details
+        const accessQuery = `
+            SELECT
+                pc.role as inviter_role,
+                p.project_name,
+                p.description,
+                tc.email_address as target_email,
+                tc.role as target_role,
+                tc.invited_at,
+                tc.accepted_at,
+                u.full_name as inviter_name
+            FROM rapport.projects p
+            JOIN rapport.project_collaborators pc
+                ON p.project_id = pc.project_id
+                AND pc.email_address = $1
+            JOIN rapport.project_collaborators tc
+                ON p.project_id = tc.project_id
+                AND tc.email_address = $3
+            LEFT JOIN rapport.users u ON u.email_address = $1
+            WHERE p.project_id = $2
+        `;
+        const accessCheck = await executeQuery(accessQuery, [inviterEmail, projectId, targetEmail]);
+
+        if (accessCheck.rowCount === 0) {
+            return createErrorResponse(404, 'Project or collaborator not found');
+        }
+
+        const data = accessCheck.rows[0];
+
+        // Check permissions
+        if (data.inviter_role !== 'owner' && data.inviter_role !== 'admin') {
+            return createErrorResponse(403, 'Only project owners and admins can send invites');
+        }
+
+        // Check if already accepted
+        if (data.accepted_at) {
+            return createErrorResponse(400, 'Collaborator has already accepted the invitation');
+        }
+
+        // Generate invite token (simple UUID-based token)
+        const inviteToken = `inv_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
+
+        // Store invite token
+        await executeQuery(`
+            UPDATE rapport.project_collaborators
+            SET invite_token = $1, invited_at = NOW()
+            WHERE project_id = $2 AND email_address = $3
+        `, [inviteToken, projectId, targetEmail]);
+
+        // Build invite URL
+        const appUrl = process.env.APP_URL || 'https://mindmeld.dev';
+        const inviteUrl = `${appUrl}/invite/accept?token=${inviteToken}`;
+
+        // Send email
+        const inviterName = data.inviter_name || inviterEmail;
+        const emailParams = {
+            Source: process.env.EMAIL_FROM || 'noreply@mindmeld.dev',
+            Destination: {
+                ToAddresses: [targetEmail]
+            },
+            Message: {
+                Subject: {
+                    Data: `You've been invited to collaborate on ${data.project_name}`,
+                    Charset: 'UTF-8'
+                },
+                Body: {
+                    Html: {
+                        Data: `
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; }
+        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+        .header { text-align: center; margin-bottom: 30px; }
+        .logo { font-size: 24px; font-weight: bold; color: #2563eb; }
+        .content { background: #f8fafc; border-radius: 8px; padding: 30px; margin-bottom: 20px; }
+        .button { display: inline-block; background: #2563eb; color: white; padding: 12px 24px; border-radius: 6px; text-decoration: none; font-weight: 500; }
+        .button:hover { background: #1d4ed8; }
+        .footer { text-align: center; color: #64748b; font-size: 14px; }
+        .project-name { font-size: 20px; font-weight: 600; color: #1e293b; }
+        .role-badge { display: inline-block; background: #e0e7ff; color: #3730a3; padding: 4px 12px; border-radius: 20px; font-size: 14px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <div class="logo">MindMeld</div>
+        </div>
+        <div class="content">
+            <p>Hi there,</p>
+            <p><strong>${inviterName}</strong> has invited you to collaborate on a project:</p>
+            <p class="project-name">${data.project_name}</p>
+            ${data.description ? `<p style="color: #64748b;">${data.description}</p>` : ''}
+            <p>Your role: <span class="role-badge">${data.target_role}</span></p>
+            <p style="margin-top: 30px;">
+                <a href="${inviteUrl}" class="button">Accept Invitation</a>
+            </p>
+            <p style="margin-top: 20px; font-size: 14px; color: #64748b;">
+                Or copy this link: ${inviteUrl}
+            </p>
+        </div>
+        <div class="footer">
+            <p>MindMeld - Collaboration memory that compounds</p>
+            <p>Powered by Equilateral AI</p>
+        </div>
+    </div>
+</body>
+</html>
+                        `,
+                        Charset: 'UTF-8'
+                    },
+                    Text: {
+                        Data: `
+You've been invited to collaborate on ${data.project_name}
+
+${inviterName} has invited you to join their project on MindMeld.
+
+Project: ${data.project_name}
+${data.description ? `Description: ${data.description}` : ''}
+Your role: ${data.target_role}
+
+Accept the invitation: ${inviteUrl}
+
+---
+MindMeld - Collaboration memory that compounds
+Powered by Equilateral AI
+                        `,
+                        Charset: 'UTF-8'
+                    }
+                }
+            }
+        };
+
+        try {
+            await ses.send(new SendEmailCommand(emailParams));
+        } catch (sesError) {
+            console.error('SES Error:', sesError);
+            // Don't fail the request, just note that email failed
+            return createSuccessResponse(
+                {
+                    Records: [{
+                        email: targetEmail,
+                        project_id: projectId,
+                        invite_url: inviteUrl,
+                        email_sent: false,
+                        email_error: 'Failed to send email. Share the invite link manually.'
+                    }]
+                },
+                'Invite created but email failed to send',
+                {
+                    Total_Records: 1,
+                    Request_ID,
+                    Timestamp: new Date().toISOString()
+                }
+            );
+        }
+
+        return createSuccessResponse(
+            {
+                Records: [{
+                    email: targetEmail,
+                    project_id: projectId,
+                    project_name: data.project_name,
+                    role: data.target_role,
+                    invite_url: inviteUrl,
+                    email_sent: true
+                }]
+            },
+            'Invitation sent successfully',
+            {
+                Total_Records: 1,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(inviteCollaborator);

package/src/handlers/collaborators/collaboratorList.js

@@ -0,0 +1,88 @@
+/**
+ * Collaborator List Handler
+ * Lists all collaborators for a project
+ *
+ * GET /api/projects/{projectId}/collaborators
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * List project collaborators
+ * Requires collaborator access to project
+ */
+async function listCollaborators({ pathParameters = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { projectId } = pathParameters;
+
+        if (!email) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!projectId) {
+            return createErrorResponse(400, 'projectId is required');
+        }
+
+        // Check user has access to project
+        const accessQuery = `
+            SELECT pc.role
+            FROM rapport.project_collaborators pc
+            WHERE pc.project_id = $1 AND pc.email_address = $2
+        `;
+        const accessCheck = await executeQuery(accessQuery, [projectId, email]);
+
+        if (accessCheck.rowCount === 0) {
+            return createErrorResponse(403, 'You do not have access to this project');
+        }
+
+        // Get all collaborators
+        const query = `
+            SELECT
+                pc.email_address,
+                pc.role,
+                pc.invited_by,
+                pc.invited_at,
+                pc.accepted_at,
+                pc.is_external,
+                u.full_name,
+                CASE
+                    WHEN pc.accepted_at IS NOT NULL THEN 'active'
+                    WHEN pc.invited_at IS NOT NULL THEN 'pending'
+                    ELSE 'unknown'
+                END as status
+            FROM rapport.project_collaborators pc
+            LEFT JOIN rapport.users u ON u.email_address = pc.email_address
+            WHERE pc.project_id = $1
+            ORDER BY
+                CASE pc.role
+                    WHEN 'owner' THEN 1
+                    WHEN 'admin' THEN 2
+                    WHEN 'collaborator' THEN 3
+                    WHEN 'viewer' THEN 4
+                    ELSE 5
+                END,
+                pc.invited_at ASC
+        `;
+
+        const result = await executeQuery(query, [projectId]);
+
+        return createSuccessResponse(
+            { Records: result.rows },
+            'Collaborators retrieved',
+            {
+                Total_Records: result.rowCount,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(listCollaborators);

package/src/handlers/collaborators/collaboratorRemove.js

@@ -0,0 +1,127 @@
+/**
+ * Collaborator Remove Handler
+ * Removes a collaborator from a project
+ *
+ * DELETE /api/projects/{projectId}/collaborators/{collaboratorEmail}
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * Remove collaborator from project
+ * Requires owner or admin role on project
+ * Owners cannot be removed (must transfer ownership first)
+ */
+async function removeCollaborator({ pathParameters = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const removerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { projectId, collaboratorEmail } = pathParameters;
+
+        if (!removerEmail) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!projectId) {
+            return createErrorResponse(400, 'projectId is required');
+        }
+
+        if (!collaboratorEmail) {
+            return createErrorResponse(400, 'collaboratorEmail is required');
+        }
+
+        // Decode email from URL (may be URL encoded)
+        const targetEmail = decodeURIComponent(collaboratorEmail);
+
+        // Check remover has permission and get billing info
+        const accessQuery = `
+            SELECT
+                pc.role,
+                c.client_id,
+                c.billing_type
+            FROM rapport.project_collaborators pc
+            JOIN rapport.projects p ON pc.project_id = p.project_id
+            JOIN rapport.clients c ON p.company_id = c.client_id
+            WHERE pc.project_id = $1 AND pc.email_address = $2
+        `;
+        const accessCheck = await executeQuery(accessQuery, [projectId, removerEmail]);
+
+        if (accessCheck.rowCount === 0) {
+            return createErrorResponse(403, 'You do not have access to this project');
+        }
+
+        const { role: removerRole, client_id, billing_type } = accessCheck.rows[0];
+        const isSelfRemoval = removerEmail.toLowerCase() === targetEmail.toLowerCase();
+
+        // Allow self-removal for anyone except owner
+        // Only owner/admin can remove others
+        if (!isSelfRemoval && removerRole !== 'owner' && removerRole !== 'admin') {
+            return createErrorResponse(403, 'Only project owners and admins can remove collaborators');
+        }
+
+        // Check target collaborator exists and get their role
+        const targetQuery = `
+            SELECT role FROM rapport.project_collaborators
+            WHERE project_id = $1 AND email_address = $2
+        `;
+        const targetCheck = await executeQuery(targetQuery, [projectId, targetEmail]);
+
+        if (targetCheck.rowCount === 0) {
+            return createErrorResponse(404, 'Collaborator not found on this project');
+        }
+
+        const targetRole = targetCheck.rows[0].role;
+
+        // Prevent removing owner
+        if (targetRole === 'owner') {
+            return createErrorResponse(400, 'Cannot remove project owner. Transfer ownership first.');
+        }
+
+        // Prevent admin from removing another admin (only owner can)
+        if (targetRole === 'admin' && removerRole !== 'owner') {
+            return createErrorResponse(403, 'Only project owner can remove admins');
+        }
+
+        // Remove collaborator
+        const deleteQuery = `
+            DELETE FROM rapport.project_collaborators
+            WHERE project_id = $1 AND email_address = $2
+            RETURNING project_id, email_address, role
+        `;
+
+        const result = await executeQuery(deleteQuery, [projectId, targetEmail]);
+
+        // For enterprise invoice billing, decrement billable_users count
+        if (billing_type === 'invoice' && client_id) {
+            await executeQuery(`
+                UPDATE rapport.clients
+                SET billable_users = GREATEST(COALESCE(billable_users, 0) - 1, 0),
+                    last_updated = NOW()
+                WHERE client_id = $1
+            `, [client_id]);
+        }
+
+        return createSuccessResponse(
+            {
+                Records: [{
+                    ...result.rows[0],
+                    removed_by: removerEmail,
+                    removed_at: new Date().toISOString()
+                }]
+            },
+            isSelfRemoval ? 'You have left the project' : 'Collaborator removed',
+            {
+                Total_Records: 1,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(removeCollaborator);

package/src/handlers/collaborators/inviteAccept.js

@@ -0,0 +1,122 @@
+/**
+ * Invite Accept Handler
+ * Accepts a collaboration invitation via token
+ *
+ * POST /api/invites/accept
+ * Body: { token }
+ * Auth: Cognito JWT required (user must be logged in)
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * Accept collaboration invitation
+ * User must be authenticated and email must match invite
+ */
+async function acceptInvite({ body: requestBody = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const userEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { token } = requestBody;
+
+        if (!userEmail) {
+            return createErrorResponse(401, 'Authentication required. Please sign in first.');
+        }
+
+        if (!token) {
+            return createErrorResponse(400, 'Invite token is required');
+        }
+
+        // Find invite by token
+        const inviteQuery = `
+            SELECT
+                pc.project_id,
+                pc.email_address,
+                pc.role,
+                pc.invited_by,
+                pc.invited_at,
+                pc.accepted_at,
+                p.project_name,
+                p.description,
+                p.company_id
+            FROM rapport.project_collaborators pc
+            JOIN rapport.projects p ON p.project_id = pc.project_id
+            WHERE pc.invite_token = $1
+        `;
+        const inviteCheck = await executeQuery(inviteQuery, [token]);
+
+        if (inviteCheck.rowCount === 0) {
+            return createErrorResponse(404, 'Invalid or expired invite token');
+        }
+
+        const invite = inviteCheck.rows[0];
+
+        // Check if already accepted
+        if (invite.accepted_at) {
+            return createErrorResponse(400, 'This invitation has already been accepted');
+        }
+
+        // Verify email matches (case insensitive)
+        if (invite.email_address.toLowerCase() !== userEmail.toLowerCase()) {
+            return createErrorResponse(403,
+                'This invitation was sent to a different email address. ' +
+                'Please sign in with the email the invite was sent to.'
+            );
+        }
+
+        // Check if invite is expired (7 days)
+        const invitedAt = new Date(invite.invited_at);
+        const now = new Date();
+        const daysSinceInvite = (now - invitedAt) / (1000 * 60 * 60 * 24);
+
+        if (daysSinceInvite > 7) {
+            return createErrorResponse(410, 'This invitation has expired. Please ask for a new invite.');
+        }
+
+        // Accept the invite
+        const acceptQuery = `
+            UPDATE rapport.project_collaborators
+            SET
+                accepted_at = NOW(),
+                invite_token = NULL,
+                is_external = false
+            WHERE project_id = $1 AND email_address = $2
+            RETURNING project_id, email_address, role, accepted_at
+        `;
+        const acceptResult = await executeQuery(acceptQuery, [invite.project_id, invite.email_address]);
+
+        // Ensure user exists in users table
+        await executeQuery(`
+            INSERT INTO rapport.users (email_address, client_id, active, created_at)
+            VALUES ($1, $2, true, NOW())
+            ON CONFLICT (email_address) DO UPDATE SET
+                active = true,
+                updated_at = NOW()
+        `, [userEmail, invite.company_id]);
+
+        return createSuccessResponse(
+            {
+                Records: [{
+                    project_id: invite.project_id,
+                    project_name: invite.project_name,
+                    description: invite.description,
+                    role: invite.role,
+                    accepted_at: acceptResult.rows[0].accepted_at,
+                    invited_by: invite.invited_by
+                }]
+            },
+            `Welcome to ${invite.project_name}!`,
+            {
+                Total_Records: 1,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(acceptInvite);

package/src/handlers/context/contextGet.js

@@ -0,0 +1,57 @@
+/**
+ * Context Get Handler
+ * Retrieves full user context for a scope (invariants, purpose, notes, loops)
+ * Used by mobile/iOS apps for session injection
+ *
+ * GET /api/context?scope=jarvis
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
+
+/**
+ * Get user context for mobile injection
+ */
+async function getContext({ queryStringParameters: queryParams = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+        if (!email) {
+            return createErrorResponse(401, 'Unauthorized');
+        }
+
+        // Gate to super admins only (internal/beta endpoint)
+        await checkSuperAdmin.requireSuperAdmin(email);
+
+        const scope = queryParams.scope || 'jarvis';
+
+        // Use the database function for efficient retrieval
+        const query = `SELECT rapport.get_user_context($1, $2) as context`;
+        const result = await executeQuery(query, [email, scope]);
+
+        const context = result.rows[0]?.context || {
+            invariants: { agent_level: [], relationship_level: [] },
+            purpose: null,
+            recent_notes: [],
+            active_loops: []
+        };
+
+        return createSuccessResponse(
+            {
+                scope,
+                ...context
+            },
+            'Context retrieved successfully',
+            {
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(getContext);

package/src/handlers/context/invariantsGet.js

@@ -0,0 +1,74 @@
+/**
+ * Invariants Get Handler
+ * Retrieves user invariants for a scope
+ *
+ * GET /api/context/invariants?scope=jarvis
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
+
+/**
+ * Get user invariants
+ */
+async function getInvariants({ queryStringParameters: queryParams = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+        if (!email) {
+            return createErrorResponse(401, 'Unauthorized');
+        }
+
+        // Gate to super admins only (internal/beta endpoint)
+        await checkSuperAdmin.requireSuperAdmin(email);
+
+        const scope = queryParams.scope || 'global';
+
+        // Get agent-level invariants (global only)
+        const agentQuery = `
+            SELECT invariant_text as text, maturity, tier
+            FROM rapport.user_invariants
+            WHERE email_address = $1
+              AND scope = 'global'
+              AND level = 'agent'
+              AND archived_at IS NULL
+            ORDER BY
+                CASE tier WHEN 'critical' THEN 1 WHEN 'important' THEN 2 ELSE 3 END,
+                created_at
+        `;
+        const agentResult = await executeQuery(agentQuery, [email]);
+
+        // Get relationship-level invariants (scope-specific)
+        const relationshipQuery = `
+            SELECT invariant_text as text, maturity, tier
+            FROM rapport.user_invariants
+            WHERE email_address = $1
+              AND scope = $2
+              AND level = 'relationship'
+              AND archived_at IS NULL
+            ORDER BY
+                CASE tier WHEN 'critical' THEN 1 WHEN 'important' THEN 2 ELSE 3 END,
+                created_at
+        `;
+        const relationshipResult = await executeQuery(relationshipQuery, [email, scope]);
+
+        return createSuccessResponse(
+            {
+                scope,
+                agent_level: agentResult.rows,
+                relationship_level: relationshipResult.rows
+            },
+            `${agentResult.rowCount} agent + ${relationshipResult.rowCount} relationship invariants`,
+            {
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(getInvariants);