@equilateral_ai/mindmeld 3.0.0

package/src/handlers/users/cognitoPostConfirmation.js

@@ -0,0 +1,150 @@
+/**
+ * Cognito Post-Confirmation Handler
+ * Creates user record and personal workspace after email verification
+ *
+ * Triggered by: Cognito User Pool post-confirmation trigger
+ * Following: cognito_authentication_standards.md
+ */
+
+const { executeQuery } = require('./helpers');
+
+/**
+ * Handle post-confirmation trigger
+ * Creates user, personal client, personal company, and entitlement
+ */
+async function handler(event, context) {
+    console.log('Post-confirmation trigger:', JSON.stringify(event, null, 2));
+
+    // Only process SignUp confirmations
+    if (event.triggerSource !== 'PostConfirmation_ConfirmSignUp') {
+        console.log('Skipping trigger source:', event.triggerSource);
+        return event;
+    }
+
+    const { userName, request } = event;
+    const { userAttributes } = request;
+
+    const email = userAttributes.email;
+    const cognitoSub = userAttributes.sub;
+    const firstName = userAttributes.given_name || '';
+    const lastName = userAttributes.family_name || '';
+
+    try {
+        await executeQuery('BEGIN');
+
+        try {
+            // 1. Create user record
+            const userQuery = `
+                INSERT INTO rapport.users (
+                    email_address,
+                    cognito_sub,
+                    first_name,
+                    last_name,
+                    client_id,
+                    user_status,
+                    active
+                )
+                VALUES ($1, $2, $3, $4, $5, 'Active', true)
+                ON CONFLICT (email_address) DO UPDATE SET
+                    cognito_sub = EXCLUDED.cognito_sub,
+                    first_name = EXCLUDED.first_name,
+                    last_name = EXCLUDED.last_name,
+                    last_updated = CURRENT_TIMESTAMP
+                RETURNING email_address
+            `;
+
+            // Personal client ID based on email (sanitized)
+            const personalClientId = `personal_${email.replace(/[^a-zA-Z0-9]/g, '_').toLowerCase()}`;
+
+            await executeQuery(userQuery, [
+                email,
+                cognitoSub,
+                firstName,
+                lastName,
+                personalClientId
+            ]);
+
+            console.log('User created/updated:', email);
+
+            // 2. Create personal client (free tier)
+            const clientQuery = `
+                INSERT INTO rapport.clients (
+                    client_id,
+                    client_name,
+                    client_type,
+                    client_status,
+                    subscription_tier,
+                    subscription_status
+                )
+                VALUES ($1, $2, 'PERSONAL', 'Active', 'free', 'active')
+                ON CONFLICT (client_id) DO NOTHING
+                RETURNING client_id
+            `;
+
+            const clientName = firstName && lastName
+                ? `${firstName} ${lastName}'s Workspace`
+                : `${email.split('@')[0]}'s Workspace`;
+
+            await executeQuery(clientQuery, [personalClientId, clientName]);
+
+            console.log('Personal client created:', personalClientId);
+
+            // 3. Create personal company
+            const companyId = `${personalClientId}_main`;
+            const companyQuery = `
+                INSERT INTO rapport.companies (
+                    company_id,
+                    client_id,
+                    company_name,
+                    company_status
+                )
+                VALUES ($1, $2, $3, 'Active')
+                ON CONFLICT (company_id) DO NOTHING
+                RETURNING company_id
+            `;
+
+            await executeQuery(companyQuery, [
+                companyId,
+                personalClientId,
+                'Personal Projects'
+            ]);
+
+            console.log('Personal company created:', companyId);
+
+            // 4. Create admin entitlement
+            const entitlementQuery = `
+                INSERT INTO rapport.user_entitlements (
+                    email_address,
+                    client_id,
+                    company_id,
+                    admin,
+                    member
+                )
+                VALUES ($1, $2, $3, true, true)
+                ON CONFLICT (email_address, company_id) DO NOTHING
+            `;
+
+            await executeQuery(entitlementQuery, [email, personalClientId, companyId]);
+
+            console.log('Entitlement created for:', email);
+
+            await executeQuery('COMMIT');
+
+            console.log('Post-confirmation complete for:', email);
+
+        } catch (error) {
+            await executeQuery('ROLLBACK');
+            throw error;
+        }
+
+    } catch (error) {
+        console.error('Post-confirmation error:', error);
+        // Don't throw - this would prevent user creation in Cognito
+        // Log the error and continue
+    }
+
+    // Must return the event for Cognito to proceed
+    return event;
+}
+
+module.exports = { handler };

package/src/handlers/users/userEntitlementsGet.js

@@ -0,0 +1,89 @@
+/**
+ * User Entitlements Get Handler
+ * Retrieves user's company/project access rights
+ *
+ * GET /api/users/entitlements
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * Get current user's entitlements
+ */
+async function getEntitlements({ requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        // REST API: requestContext.authorizer.claims.email
+        // HTTP API: requestContext.authorizer.jwt.claims.email
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+        if (!email) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        // Get all entitlements with company and client details
+        const query = `
+            SELECT
+                ue.email_address,
+                ue.client_id,
+                c.client_name,
+                c.subscription_tier,
+                ue.company_id,
+                co.company_name,
+                ue.admin,
+                ue.member,
+                ue.create_date
+            FROM rapport.user_entitlements ue
+            JOIN rapport.clients c ON ue.client_id = c.client_id
+            JOIN rapport.companies co ON ue.company_id = co.company_id
+            WHERE ue.email_address = $1
+            AND c.active = true
+            AND co.active = true
+            ORDER BY c.client_name, co.company_name
+        `;
+
+        const result = await executeQuery(query, [email]);
+
+        // Group by client
+        const clientMap = {};
+        for (const row of result.rows) {
+            if (!clientMap[row.client_id]) {
+                clientMap[row.client_id] = {
+                    client_id: row.client_id,
+                    client_name: row.client_name,
+                    subscription_tier: row.subscription_tier,
+                    companies: []
+                };
+            }
+            clientMap[row.client_id].companies.push({
+                company_id: row.company_id,
+                company_name: row.company_name,
+                admin: row.admin,
+                member: row.member,
+                since: row.create_date
+            });
+        }
+
+        const clients = Object.values(clientMap);
+
+        return createSuccessResponse(
+            {
+                Records: clients
+            },
+            'Entitlements retrieved',
+            {
+                Total_Records: clients.length,
+                Total_Companies: result.rowCount,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(getEntitlements);

package/src/handlers/users/userGet.js

@@ -0,0 +1,114 @@
+/**
+ * User Get Handler
+ * Retrieves user profile and subscription info
+ *
+ * GET /api/users/me
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, getTierConfig } = require('./helpers');
+
+/**
+ * Get current user's profile
+ */
+async function getUser({ requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        // REST API: requestContext.authorizer.claims.email
+        // HTTP API: requestContext.authorizer.jwt.claims.email
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+        if (!email) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        // Get user with their primary client subscription
+        const query = `
+            SELECT
+                u.email_address,
+                u.first_name,
+                u.last_name,
+                u.client_id,
+                u.user_status,
+                u.create_date,
+                c.client_name,
+                c.subscription_tier,
+                c.subscription_status,
+                c.subscription_ends_at,
+                c.stripe_customer_id
+            FROM rapport.users u
+            LEFT JOIN rapport.clients c ON u.client_id = c.client_id
+            WHERE u.email_address = $1
+            AND u.active = true
+        `;
+
+        const result = await executeQuery(query, [email]);
+
+        if (result.rowCount === 0) {
+            return createErrorResponse(404, 'User not found');
+        }
+
+        const user = result.rows[0];
+        const tierConfig = getTierConfig(user.subscription_tier || 'free');
+
+        // Get usage counts
+        const usageQuery = `
+            SELECT
+                (SELECT COUNT(*) FROM rapport.user_entitlements WHERE client_id = $1) as collaborators,
+                (SELECT COUNT(*) FROM rapport.projects p
+                 JOIN rapport.companies co ON p.company_id = co.company_id
+                 WHERE co.client_id = $1 AND p.archived = false) as projects,
+                (SELECT COUNT(*) FROM rapport.invariants i
+                 JOIN rapport.projects p ON i.project_id = p.project_id
+                 JOIN rapport.companies co ON p.company_id = co.company_id
+                 WHERE co.client_id = $1) as invariants
+        `;
+
+        const usageResult = await executeQuery(usageQuery, [user.client_id]);
+        const usage = usageResult.rows[0];
+
+        return createSuccessResponse(
+            {
+                Records: [{
+                    email_address: user.email_address,
+                    first_name: user.first_name,
+                    last_name: user.last_name,
+                    client_id: user.client_id,
+                    client_name: user.client_name,
+                    user_status: user.user_status,
+                    member_since: user.create_date,
+                    subscription: {
+                        tier: user.subscription_tier || 'free',
+                        tier_name: tierConfig?.displayName || 'Free',
+                        status: user.subscription_status || 'active',
+                        ends_at: user.subscription_ends_at,
+                        has_stripe: !!user.stripe_customer_id,
+                        features: tierConfig?.features || []
+                    },
+                    usage: {
+                        collaborators: parseInt(usage.collaborators) || 0,
+                        projects: parseInt(usage.projects) || 0,
+                        invariants: parseInt(usage.invariants) || 0
+                    },
+                    limits: {
+                        max_collaborators: tierConfig?.maxCollaborators || 1,
+                        max_projects: tierConfig?.maxProjects || 3,
+                        max_invariants: tierConfig?.maxInvariants || 10
+                    }
+                }]
+            },
+            'User profile retrieved',
+            {
+                Total_Records: 1,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(getUser);

package/src/handlers/webhooks/githubWebhook.js

@@ -0,0 +1,223 @@
+/**
+ * GitHub Webhook Handler
+ * Receives push and pull_request events to track commits and PRs
+ *
+ * POST /api/webhooks/github
+ * Auth: GitHub webhook signature verification (no Cognito)
+ */
+
+const crypto = require('crypto');
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
+
+exports.handler = wrapHandler(async ({ body, headers }) => {
+    // Verify webhook signature
+    const signature = headers['x-hub-signature-256'] || headers['X-Hub-Signature-256'];
+    const secret = process.env.GITHUB_WEBHOOK_SECRET;
+
+    if (!secret) {
+        console.error('GITHUB_WEBHOOK_SECRET not configured');
+        return createErrorResponse(500, 'Webhook not configured');
+    }
+
+    if (!verifySignature(JSON.stringify(body), signature, secret)) {
+        return createErrorResponse(401, 'Invalid signature');
+    }
+
+    const eventType = headers['x-github-event'] || headers['X-GitHub-Event'];
+
+    if (eventType === 'push') {
+        await handlePushEvent(body);
+    } else if (eventType === 'pull_request') {
+        await handlePREvent(body);
+    } else if (eventType === 'ping') {
+        // GitHub sends ping when webhook is first configured
+        return createSuccessResponse({ received: true }, 'Webhook configured');
+    }
+
+    return createSuccessResponse(
+        { received: true, event: eventType },
+        'Webhook processed'
+    );
+});
+
+function verifySignature(payload, signature, secret) {
+    if (!signature) return false;
+
+    const expectedSignature = 'sha256=' + crypto
+        .createHmac('sha256', secret)
+        .update(payload)
+        .digest('hex');
+
+    return crypto.timingSafeEqual(
+        Buffer.from(signature),
+        Buffer.from(expectedSignature)
+    );
+}
+
+async function handlePushEvent(payload) {
+    const repoFullName = payload.repository?.full_name;
+    if (!repoFullName) return;
+
+    // Find project by repo URL
+    const projectResult = await executeQuery(`
+        SELECT project_id FROM rapport.projects
+        WHERE repo_url LIKE $1
+    `, [`%${repoFullName}%`]);
+
+    if (projectResult.rowCount === 0) {
+        console.log(`Project not found for repo: ${repoFullName}`);
+        return;
+    }
+
+    const projectId = projectResult.rows[0].project_id;
+    const branch = payload.ref?.replace('refs/heads/', '') || 'unknown';
+
+    for (const commit of (payload.commits || [])) {
+        await recordCommit(commit, projectId, branch);
+    }
+}
+
+async function recordCommit(commit, projectId, branch) {
+    const authorEmail = commit.author?.email;
+    if (!authorEmail) return;
+
+    // Find user by email
+    const userResult = await executeQuery(`
+        SELECT "Email_Address" FROM "Users"
+        WHERE "Email_Address" = $1 AND active = true
+    `, [authorEmail]);
+
+    if (userResult.rowCount === 0) {
+        console.log(`User not found for email: ${authorEmail}`);
+        return;
+    }
+
+    const email = userResult.rows[0].Email_Address;
+
+    // Find recent session for correlation
+    const sessionResult = await executeQuery(`
+        SELECT session_id, ended_at, started_at
+        FROM rapport.sessions
+        WHERE email_address = $1
+        AND project_id = $2
+        ORDER BY started_at DESC
+        LIMIT 1
+    `, [email, projectId]);
+
+    let sessionId = null;
+    let withinSession = false;
+    let timeSinceSession = null;
+
+    if (sessionResult.rowCount > 0) {
+        const session = sessionResult.rows[0];
+        const commitTime = new Date(commit.timestamp);
+        const sessionEnd = session.ended_at ? new Date(session.ended_at) : new Date();
+        const sessionStart = new Date(session.started_at);
+
+        // Commit within session if after start and before/during end
+        withinSession = commitTime >= sessionStart && (!session.ended_at || commitTime <= sessionEnd);
+
+        if (!withinSession && session.ended_at) {
+            timeSinceSession = Math.round((commitTime - sessionEnd) / (1000 * 60));
+        }
+
+        sessionId = session.session_id;
+    }
+
+    // Insert commit
+    await executeQuery(`
+        INSERT INTO rapport.commits (
+            commit_hash, project_id, email_address, branch, message,
+            committed_at, files_changed,
+            session_id, within_session, time_since_session_minutes
+        ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
+        ON CONFLICT (commit_hash) DO NOTHING
+    `, [
+        commit.id,
+        projectId,
+        email,
+        branch,
+        commit.message?.substring(0, 500), // Truncate long messages
+        commit.timestamp,
+        (commit.added?.length || 0) + (commit.modified?.length || 0) + (commit.removed?.length || 0),
+        sessionId,
+        withinSession,
+        timeSinceSession
+    ]);
+
+    console.log(`Recorded commit ${commit.id} for ${email}`);
+}
+
+async function handlePREvent(payload) {
+    const pr = payload.pull_request;
+    const repoFullName = payload.repository?.full_name;
+    if (!pr || !repoFullName) return;
+
+    // Find project by repo URL
+    const projectResult = await executeQuery(`
+        SELECT project_id FROM rapport.projects
+        WHERE repo_url LIKE $1
+    `, [`%${repoFullName}%`]);
+
+    if (projectResult.rowCount === 0) {
+        console.log(`Project not found for repo: ${repoFullName}`);
+        return;
+    }
+
+    const projectId = projectResult.rows[0].project_id;
+    const prId = `github:${repoFullName}:${pr.number}`;
+
+    // Try to find user by email or login
+    const authorEmail = pr.user?.email || `${pr.user?.login}@users.noreply.github.com`;
+    const userResult = await executeQuery(`
+        SELECT "Email_Address" FROM "Users"
+        WHERE "Email_Address" = $1 AND active = true
+    `, [authorEmail]);
+
+    if (userResult.rowCount === 0) {
+        console.log(`User not found for: ${authorEmail}`);
+        return;
+    }
+
+    const email = userResult.rows[0].Email_Address;
+
+    // Calculate review time if merged
+    let reviewTimeHours = null;
+    if (pr.merged_at && pr.created_at) {
+        const created = new Date(pr.created_at);
+        const merged = new Date(pr.merged_at);
+        reviewTimeHours = (merged - created) / (1000 * 60 * 60);
+    }
+
+    // Upsert PR
+    await executeQuery(`
+        INSERT INTO rapport.pull_requests (
+            pr_id, project_id, email_address, title, branch, base_branch,
+            status, opened_at, merged_at, closed_at,
+            commits_count, files_changed, additions, deletions, review_time_hours
+        ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15)
+        ON CONFLICT (pr_id) DO UPDATE SET
+            status = EXCLUDED.status,
+            merged_at = EXCLUDED.merged_at,
+            closed_at = EXCLUDED.closed_at,
+            review_time_hours = EXCLUDED.review_time_hours
+    `, [
+        prId,
+        projectId,
+        email,
+        pr.title?.substring(0, 500),
+        pr.head?.ref,
+        pr.base?.ref,
+        pr.merged ? 'merged' : pr.state,
+        pr.created_at,
+        pr.merged_at,
+        pr.closed_at,
+        pr.commits,
+        pr.changed_files,
+        pr.additions,
+        pr.deletions,
+        reviewTimeHours
+    ]);
+
+    console.log(`Recorded PR ${prId} for ${email}`);
+}