npm - @equilateral_ai/mindmeld - Versions diffs - 3.3.1 → 3.5.0 - Mend

@equilateral_ai/mindmeld 3.3.1 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

package/README.md +1 -10
package/hooks/pre-compact.js +213 -25
package/hooks/session-end.js +112 -3
package/hooks/session-start.js +635 -41
package/hooks/subagent-start.js +150 -0
package/hooks/subagent-stop.js +184 -0
package/package.json +8 -7
package/scripts/init-project.js +74 -33
package/scripts/mcp-bridge.js +220 -0
package/src/core/CorrelationAnalyzer.js +157 -0
package/src/core/LLMPatternDetector.js +198 -0
package/src/core/RelevanceDetector.js +123 -36
package/src/core/StandardsIngestion.js +119 -18
package/src/handlers/activity/activityGetMe.js +1 -1
package/src/handlers/activity/activityGetTeam.js +100 -55
package/src/handlers/admin/adminSetup.js +216 -0
package/src/handlers/alerts/alertsAcknowledge.js +6 -6
package/src/handlers/alerts/alertsGet.js +11 -11
package/src/handlers/analytics/activitySummaryGet.js +34 -35
package/src/handlers/analytics/coachingGet.js +11 -11
package/src/handlers/analytics/convergenceGet.js +236 -0
package/src/handlers/analytics/developerScoreGet.js +41 -111
package/src/handlers/collaborators/collaboratorInvite.js +1 -1
package/src/handlers/company/companyUsersDelete.js +141 -0
package/src/handlers/company/companyUsersGet.js +90 -0
package/src/handlers/company/companyUsersPost.js +267 -0
package/src/handlers/company/companyUsersPut.js +76 -0
package/src/handlers/correlations/correlationsDeveloperGet.js +12 -12
package/src/handlers/correlations/correlationsGet.js +8 -8
package/src/handlers/correlations/correlationsProjectGet.js +5 -5
package/src/handlers/enterprise/controlTowerGet.js +224 -0
package/src/handlers/enterprise/enterpriseOnboardingSetup.js +48 -9
package/src/handlers/enterprise/enterpriseOnboardingStatus.js +1 -3
package/src/handlers/github/githubConnectionStatus.js +1 -1
package/src/handlers/github/githubDiscoverPatterns.js +4 -2
package/src/handlers/github/githubPatternsReview.js +7 -36
package/src/handlers/health/healthGet.js +55 -0
package/src/handlers/helpers/checkSuperAdmin.js +13 -14
package/src/handlers/helpers/mindmeldMcpCore.js +594 -0
package/src/handlers/helpers/subscriptionTiers.js +27 -27
package/src/handlers/mcp/mcpHandler.js +569 -0
package/src/handlers/mcp/mindmeldMcpHandler.js +124 -0
package/src/handlers/mcp/mindmeldMcpStreamHandler.js +243 -0
package/src/handlers/notifications/sendNotification.js +18 -18
package/src/handlers/patterns/patternEvaluatePromotionPost.js +173 -0
package/src/handlers/projects/projectCreate.js +124 -10
package/src/handlers/projects/projectDelete.js +4 -4
package/src/handlers/projects/projectGet.js +8 -8
package/src/handlers/projects/projectUpdate.js +4 -4
package/src/handlers/reports/aiLeverage.js +34 -30
package/src/handlers/reports/engineeringInvestment.js +16 -16
package/src/handlers/reports/riskForecast.js +41 -21
package/src/handlers/reports/standardsRoi.js +101 -9
package/src/handlers/scheduled/maturityUpdateJob.js +166 -0
package/src/handlers/sessions/sessionStandardsPost.js +43 -7
package/src/handlers/standards/discoveriesGet.js +93 -0
package/src/handlers/standards/projectStandardsGet.js +2 -2
package/src/handlers/standards/projectStandardsPut.js +2 -2
package/src/handlers/standards/standardsRelevantPost.js +107 -12
package/src/handlers/standards/standardsTransition.js +112 -15
package/src/handlers/stripe/billingPortalPost.js +1 -1
package/src/handlers/stripe/enterpriseCheckoutPost.js +2 -2
package/src/handlers/stripe/subscriptionCreatePost.js +2 -2
package/src/handlers/stripe/webhookPost.js +42 -14
package/src/handlers/user/apiTokenCreate.js +71 -0
package/src/handlers/user/apiTokenList.js +64 -0
package/src/handlers/user/userSplashGet.js +90 -73
package/src/handlers/users/cognitoPostConfirmation.js +37 -1
package/src/handlers/users/cognitoPreSignUp.js +114 -0
package/src/handlers/users/userGet.js +15 -11
package/src/handlers/webhooks/githubWebhook.js +117 -125
package/src/index.js +8 -5

package/src/handlers/mcp/mindmeldMcpStreamHandler.js ADDED Viewed

@@ -0,0 +1,243 @@
+/**
+ * MindMeld MCP Streaming Handler — Lambda Function URL (RESPONSE_STREAM)
+ *
+ * Implements MCP Streamable HTTP transport (protocol version 2025-03-26):
+ * - POST: JSON-RPC messages, responds with JSON or SSE stream
+ * - GET:  Legacy SSE handshake (endpoint event + close)
+ * - DELETE: Session close
+ * - OPTIONS: CORS preflight
+ *
+ * Auth: X-MindMeld-Token header OR Authorization: Bearer token
+ *
+ * Uses awslambda.streamifyResponse() for Lambda Function URL streaming.
+ * The `awslambda` global is provided by the Lambda Node.js runtime.
+ */
+const { validateApiToken, handleJsonRpc, CORS_HEADERS } = require('./mindmeldMcpCore');
+const crypto = require('crypto');
+/**
+ * Write an SSE event to the response stream
+ */
+function writeSSE(stream, data, eventType) {
+    if (eventType) {
+        stream.write(`event: ${eventType}\n`);
+    }
+    stream.write(`data: ${JSON.stringify(data)}\n\n`);
+}
+/**
+ * Parse Lambda Function URL event (different format from API Gateway)
+ */
+function parseRequest(event) {
+    const http = event.requestContext?.http || {};
+    return {
+        method: http.method || 'GET',
+        path: http.path || '/',
+        headers: event.headers || {},
+        body: event.body || '',
+        isBase64Encoded: event.isBase64Encoded || false,
+    };
+}
+/**
+ * Create a response stream with headers
+ */
+function createStream(responseStream, statusCode, headers) {
+    return awslambda.HttpResponseStream.from(responseStream, {
+        statusCode,
+        headers: { ...CORS_HEADERS, ...headers },
+    });
+}
+// Lambda Function URL streaming handler
+const streamHandler = async (event, responseStream, _context) => {
+    const { method, headers, body, isBase64Encoded } = parseRequest(event);
+    // === OPTIONS: CORS preflight ===
+    if (method === 'OPTIONS') {
+        const stream = createStream(responseStream, 200, {
+            'Access-Control-Max-Age': '86400',
+        });
+        stream.end();
+        return;
+    }
+    // === DELETE: Session close ===
+    if (method === 'DELETE') {
+        const stream = createStream(responseStream, 200, {
+            'Content-Type': 'application/json',
+        });
+        stream.end();
+        return;
+    }
+    // === GET: Legacy SSE handshake ===
+    if (method === 'GET') {
+        const authResult = await validateApiToken(headers);
+        if (authResult.error) {
+            const stream = createStream(responseStream, 401, {
+                'Content-Type': 'application/json',
+            });
+            stream.write(JSON.stringify({ error: authResult.message }));
+            stream.end();
+            return;
+        }
+        const sessionId = crypto.randomUUID();
+        const stream = createStream(responseStream, 200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Connection': 'keep-alive',
+            'Mcp-Session-Id': sessionId,
+        });
+        // Send endpoint event — legacy SSE clients expect this
+        stream.write(`event: endpoint\ndata: ${parseRequest(event).path}\n\n`);
+        // For Streamable HTTP clients probing via GET: close after endpoint event.
+        // The client will then POST to us for actual JSON-RPC messages.
+        stream.end();
+        return;
+    }
+    // === POST: Streamable HTTP JSON-RPC ===
+    if (method !== 'POST') {
+        const stream = createStream(responseStream, 405, {
+            'Content-Type': 'application/json',
+        });
+        stream.write(JSON.stringify({ error: 'Method not allowed' }));
+        stream.end();
+        return;
+    }
+    // Auth
+    const authResult = await validateApiToken(headers);
+    if (authResult.error) {
+        const stream = createStream(responseStream, 200, {
+            'Content-Type': 'application/json',
+        });
+        stream.write(JSON.stringify({
+            jsonrpc: '2.0',
+            error: { code: -32000, message: authResult.message },
+            id: null,
+        }));
+        stream.end();
+        return;
+    }
+    // Parse body (Function URL may base64-encode it)
+    let parsedBody;
+    try {
+        const raw = isBase64Encoded ? Buffer.from(body, 'base64').toString() : body;
+        parsedBody = JSON.parse(raw);
+    } catch (e) {
+        const stream = createStream(responseStream, 400, {
+            'Content-Type': 'application/json',
+        });
+        stream.write(JSON.stringify({
+            jsonrpc: '2.0',
+            error: { code: -32700, message: 'Parse error: invalid JSON' },
+            id: null,
+        }));
+        stream.end();
+        return;
+    }
+    // Session ID management
+    const sessionId = headers['mcp-session-id'] || crypto.randomUUID();
+    // Check if client wants SSE response
+    const acceptHeader = headers['accept'] || '';
+    const wantsSSE = acceptHeader.includes('text/event-stream');
+    if (wantsSSE) {
+        // === SSE streaming response ===
+        const stream = createStream(responseStream, 200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Mcp-Session-Id': sessionId,
+        });
+        if (Array.isArray(parsedBody)) {
+            for (const msg of parsedBody) {
+                const response = await handleJsonRpc(msg, authResult.user);
+                if (response) {
+                    writeSSE(stream, response, 'message');
+                }
+            }
+        } else {
+            const response = await handleJsonRpc(parsedBody, authResult.user);
+            if (response) {
+                writeSSE(stream, response, 'message');
+            }
+        }
+        stream.end();
+    } else {
+        // === Standard JSON response ===
+        const responseHeaders = {
+            'Content-Type': 'application/json',
+            'Mcp-Session-Id': sessionId,
+        };
+        if (Array.isArray(parsedBody)) {
+            const responses = [];
+            for (const msg of parsedBody) {
+                const response = await handleJsonRpc(msg, authResult.user);
+                if (response) responses.push(response);
+            }
+            const stream = createStream(responseStream,
+                responses.length > 0 ? 200 : 202, responseHeaders);
+            if (responses.length > 0) {
+                stream.write(JSON.stringify(responses));
+            }
+            stream.end();
+        } else {
+            const response = await handleJsonRpc(parsedBody, authResult.user);
+            if (!response) {
+                const stream = createStream(responseStream, 202, responseHeaders);
+                stream.end();
+            } else {
+                const stream = createStream(responseStream, 200, responseHeaders);
+                stream.write(JSON.stringify(response));
+                stream.end();
+            }
+        }
+    }
+};
+// awslambda is a global provided by the Lambda Node.js runtime.
+// In local/test environments it won't exist — export the raw handler for testing.
+if (typeof awslambda !== 'undefined') {
+    exports.handler = awslambda.streamifyResponse(streamHandler);
+} else {
+    // Fallback for local testing: wrap as standard async handler
+    exports.handler = async (event) => {
+        let result = { statusCode: 200, headers: {}, body: '' };
+        const mockStream = {
+            _headers: {},
+            _statusCode: 200,
+            _chunks: [],
+            write(chunk) { this._chunks.push(chunk); },
+            end() {},
+        };
+        // Mock awslambda.HttpResponseStream.from
+        const originalFrom = mockStream;
+        const createMockStream = (_rs, meta) => {
+            mockStream._statusCode = meta.statusCode;
+            mockStream._headers = meta.headers;
+            return mockStream;
+        };
+        global.awslambda = {
+            HttpResponseStream: { from: createMockStream },
+        };
+        await streamHandler(event, mockStream, {});
+        delete global.awslambda;
+        return {
+            statusCode: mockStream._statusCode,
+            headers: mockStream._headers,
+            body: mockStream._chunks.join(''),
+        };
+    };
+}

package/src/handlers/notifications/sendNotification.js CHANGED Viewed

@@ -52,13 +52,13 @@ exports.handler = wrapHandler(async ({ requestContext, body }) => {
     // Check authorization (only admins and managers can send notifications)
     const authCheck = await executeQuery(`
         SELECT
-            ue."Admin",
-            ue."Manager",
-            u."Super_Admin",
-            ue."Company_ID"
-        FROM "UserEntitlements" ue
-        JOIN "Users" u ON ue."Email_Address" = u."Email_Address"
-        WHERE ue."Email_Address" = $1
+            ue.admin,
+            ue.manager,
+            u.super_admin,
+            ue.company_id
+        FROM rapport.user_entitlements ue
+        JOIN rapport.users u ON ue.email_address = u.email_address
+        WHERE ue.email_address = $1
     `, [email]);
     if (authCheck.rowCount === 0) {
@@ -66,7 +66,7 @@ exports.handler = wrapHandler(async ({ requestContext, body }) => {
     }
     const userRole = authCheck.rows[0];
-    const isAuthorized = userRole.Super_Admin || userRole.Admin || userRole.Manager;
+    const isAuthorized = userRole.super_admin || userRole.admin || userRole.manager;
     if (!isAuthorized) {
         return createErrorResponse(403, 'Only admins and managers can send notifications');
@@ -89,18 +89,18 @@ exports.handler = wrapHandler(async ({ requestContext, body }) => {
     } else if (recipients === 'all_admins') {
         // All company admins
         const admins = await executeQuery(`
-            SELECT ue."Email_Address" as email_address
-            FROM "UserEntitlements" ue
-            WHERE ue."Company_ID" = $1 AND ue."Admin" = true
-        `, [userRole.Company_ID]);
+            SELECT ue.email_address
+            FROM rapport.user_entitlements ue
+            WHERE ue.company_id = $1 AND ue.admin = true
+        `, [userRole.company_id]);
         recipientEmails = admins.rows.map(r => r.email_address);
     } else if (recipients === 'all_managers') {
         // All company managers
         const managers = await executeQuery(`
-            SELECT ue."Email_Address" as email_address
-            FROM "UserEntitlements" ue
-            WHERE ue."Company_ID" = $1 AND (ue."Manager" = true OR ue."Admin" = true)
-        `, [userRole.Company_ID]);
+            SELECT ue.email_address
+            FROM rapport.user_entitlements ue
+            WHERE ue.company_id = $1 AND (ue.manager = true OR ue.admin = true)
+        `, [userRole.company_id]);
         recipientEmails = managers.rows.map(r => r.email_address);
     } else {
         return createErrorResponse(400, 'Invalid recipients format');
@@ -118,8 +118,8 @@ exports.handler = wrapHandler(async ({ requestContext, body }) => {
     // Get preferences for all recipients
     const prefsQuery = await executeQuery(`
         SELECT email_address, rapport.get_notification_preferences(email_address) as preferences
-        FROM "Users"
-        WHERE "Email_Address" = ANY($1)
+        FROM rapport.users
+        WHERE email_address = ANY($1)
     `, [recipientEmails]);
     const prefsMap = new Map(prefsQuery.rows.map(r => [r.email_address, r.preferences]));

package/src/handlers/patterns/patternEvaluatePromotionPost.js ADDED Viewed

@@ -0,0 +1,173 @@
+/**
+ * Pattern Evaluate Promotion Handler
+ * Checks if a pattern meets promotion thresholds for becoming a standard
+ *
+ * POST /api/patterns/evaluate-promotion
+ * Body: { pattern, project_id, evaluate_only }
+ *
+ * Called by: pre-compact.js hook (evaluateForPromotion method)
+ *
+ * Promotion Criteria:
+ * - handoff_count >= 10 (used 10+ times)
+ * - success_rate >= 0.70 (70% success)
+ * - developer_count >= 3 (used by 3+ developers)
+ */
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+/**
+ * Evaluate pattern for promotion to standard
+ */
+async function evaluatePatternPromotion({ body: requestBody = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext?.requestId || 'unknown';
+        const {
+            pattern,
+            project_id,
+            evaluate_only = true
+        } = requestBody;
+        // Validate required fields
+        if (!pattern || !pattern.element) {
+            return createErrorResponse(400, 'pattern.element is required');
+        }
+        // Generate pattern_id from element
+        const patternId = pattern.pattern_id || `pat_${pattern.element.toLowerCase().replace(/\s+/g, '_').substring(0, 50)}`;
+        // Look up pattern in rapport.patterns
+        const patternQuery = `
+            SELECT
+                p.pattern_id,
+                p.intent,
+                p.maturity,
+                p.handoff_count,
+                p.successful_handoffs,
+                p.failed_handoffs,
+                p.discovered_at,
+                p.last_used
+            FROM rapport.patterns p
+            WHERE p.pattern_id = $1
+        `;
+        const patternResult = await executeQuery(patternQuery, [patternId]);
+        if (patternResult.rows.length === 0) {
+            return createSuccessResponse(
+                {
+                    Records: [{
+                        pattern_id: patternId,
+                        eligible: false,
+                        reason: 'not_found',
+                        message: 'Pattern not found in patterns table'
+                    }]
+                },
+                'Pattern not found',
+                { Total_Records: 0, Request_ID, Timestamp: new Date().toISOString() }
+            );
+        }
+        const pat = patternResult.rows[0];
+        // Query usage metrics
+        const metricsQuery = `
+            SELECT
+                COUNT(DISTINCT pu.email_address) as developer_count,
+                COUNT(DISTINCT pu.session_id) as session_count,
+                COUNT(*) FILTER (WHERE pu.success = true) as successes,
+                COUNT(*) as total_uses
+            FROM rapport.pattern_usage pu
+            WHERE pu.pattern_id = $1
+        `;
+        const metricsResult = await executeQuery(metricsQuery, [patternId]);
+        const metrics = metricsResult.rows[0];
+        const handoffCount = parseInt(pat.handoff_count) || 0;
+        const successRate = handoffCount > 0
+            ? (parseInt(pat.successful_handoffs) || 0) / handoffCount
+            : 0;
+        const developerCount = parseInt(metrics.developer_count) || 0;
+        const sessionCount = parseInt(metrics.session_count) || 0;
+        // Check promotion thresholds
+        const eligible =
+            handoffCount >= 10 &&
+            successRate >= 0.70 &&
+            developerCount >= 3;
+        const response = {
+            pattern_id: patternId,
+            eligible: eligible,
+            metrics: {
+                handoff_count: handoffCount,
+                success_rate: parseFloat(successRate.toFixed(3)),
+                developer_count: developerCount,
+                session_count: sessionCount,
+                maturity: pat.maturity,
+                success_correlation: parseFloat(successRate.toFixed(3))
+            },
+            thresholds: {
+                min_handoffs: 10,
+                min_success_rate: 0.70,
+                min_developers: 3
+            },
+            proposed_category: pattern.category || null
+        };
+        // If eligible and not evaluate_only, create curation candidate
+        if (eligible && !evaluate_only) {
+            const candidateQuery = `
+                INSERT INTO rapport.curation_candidates (
+                    pattern_id,
+                    proposed_category,
+                    evidence,
+                    status,
+                    created_at
+                ) VALUES ($1, $2, $3, 'pending', NOW())
+                ON CONFLICT (pattern_id) WHERE status = 'pending'
+                DO UPDATE SET
+                    evidence = EXCLUDED.evidence,
+                    created_at = NOW()
+                RETURNING candidate_id
+            `;
+            const evidence = {
+                handoff_count: handoffCount,
+                success_rate: successRate,
+                developer_count: developerCount,
+                session_count: sessionCount,
+                maturity: pat.maturity,
+                evaluated_at: new Date().toISOString()
+            };
+            try {
+                const candidateResult = await executeQuery(candidateQuery, [
+                    patternId,
+                    pattern.category || 'uncategorized',
+                    JSON.stringify(evidence)
+                ]);
+                if (candidateResult.rows.length > 0) {
+                    response.candidate_id = candidateResult.rows[0].candidate_id;
+                }
+            } catch (candidateError) {
+                // Candidate creation failed — still return eligibility result
+                console.error('[patternEvaluatePromotionPost] Candidate creation failed:', candidateError.message);
+            }
+        }
+        return createSuccessResponse(
+            { Records: [response] },
+            eligible ? 'Pattern eligible for promotion' : 'Pattern does not meet promotion criteria',
+            { Total_Records: 1, Request_ID, Timestamp: new Date().toISOString() }
+        );
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+exports.handler = wrapHandler(evaluatePatternPromotion);

package/src/handlers/projects/projectCreate.js CHANGED Viewed

@@ -7,6 +7,8 @@
  */
 const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSubscriptionLimits } = require('./helpers');
+const crypto = require('crypto');
+const https = require('https');
 /**
  * Create project
@@ -27,24 +29,24 @@ async function createProject({ body: requestBody = {}, requestContext }) {
         // Check user has admin access to company
         const adminQuery = `
-            SELECT ue."Admin", c."Company_Name"
-            FROM "UserEntitlements" ue
-            JOIN "Company" c ON ue."Company_ID" = c."Company_ID"
-            WHERE ue."Email_Address" = $1
-            AND ue."Company_ID" = $2
+            SELECT ue.admin, c.company_name
+            FROM rapport.user_entitlements ue
+            JOIN rapport.companies c ON ue.company_id = c.company_id
+            WHERE ue.email_address = $1
+            AND ue.company_id = $2
         `;
         const adminCheck = await executeQuery(adminQuery, [email, Company_ID]);
-        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].Admin) {
+        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
             return createErrorResponse(403, 'Admin access required to create projects');
         }
         // Check project limit for subscription tier
         const clientQuery = `
             SELECT c.subscription_tier
-            FROM "Client" c
-            JOIN "UserEntitlements" ue ON c."Client_ID" = ue."Client_ID"
-            WHERE ue."Email_Address" = $1 AND ue."Company_ID" = $2
+            FROM rapport.clients c
+            JOIN rapport.user_entitlements ue ON c.client_id = ue.client_id
+            WHERE ue.email_address = $1 AND ue.company_id = $2
         `;
         const clientResult = await executeQuery(clientQuery, [email, Company_ID]);
         const subscriptionTier = clientResult.rows[0]?.subscription_tier || 'free';
@@ -112,8 +114,18 @@ async function createProject({ body: requestBody = {}, requestContext }) {
         `;
         await executeQuery(collabQuery, [project_id, email]);
+        // Auto-create GitHub webhook if repo_url is a GitHub URL
+        let webhookCreated = false;
+        if (repo_url && repo_url.includes('github.com')) {
+            try {
+                webhookCreated = await createGitHubWebhook(email, repo_url, Company_ID);
+            } catch (webhookErr) {
+                console.warn('Webhook creation failed (non-blocking):', webhookErr.message);
+            }
+        }
         return createSuccessResponse(
-            { Records: result.rows },
+            { Records: result.rows, webhook_created: webhookCreated },
             'Project created successfully',
             {
                 Total_Records: result.rowCount,
@@ -131,4 +143,106 @@ async function createProject({ body: requestBody = {}, requestContext }) {
     }
 }
+/**
+ * Create GitHub webhook on a repo when a project is connected
+ * Uses the customer's stored GitHub OAuth token and a per-repo secret
+ */
+async function createGitHubWebhook(email, repoUrl, companyId) {
+    // Extract owner/repo from URL
+    const match = repoUrl.match(/github\.com[/:]([^/]+)\/([^/.]+)/);
+    if (!match) {
+        console.log('Could not parse GitHub owner/repo from:', repoUrl);
+        return false;
+    }
+    const [, owner, repo] = match;
+    // Get the user's GitHub token
+    const connResult = await executeQuery(`
+        SELECT access_token_encrypted FROM rapport.github_connections
+        WHERE email_address = $1 AND revoked = FALSE
+    `, [email]);
+    if (connResult.rowCount === 0) {
+        console.log('No GitHub connection for', email);
+        return false;
+    }
+    const encryptionKey = process.env.GITHUB_TOKEN_ENCRYPTION_KEY;
+    if (!encryptionKey) return false;
+    const accessToken = decryptToken(connResult.rows[0].access_token_encrypted, encryptionKey);
+    // Generate per-repo webhook secret
+    const webhookSecret = crypto.randomBytes(32).toString('hex');
+    const webhookUrl = process.env.WEBHOOK_URL || 'https://api.mindmeld.dev/api/webhooks/github';
+    // Create webhook via GitHub API
+    const payload = JSON.stringify({
+        name: 'web',
+        active: true,
+        events: ['push', 'pull_request'],
+        config: {
+            url: webhookUrl,
+            content_type: 'json',
+            secret: webhookSecret,
+            insecure_ssl: '0'
+        }
+    });
+    const response = await new Promise((resolve, reject) => {
+        const req = https.request({
+            hostname: 'api.github.com',
+            path: `/repos/${owner}/${repo}/hooks`,
+            method: 'POST',
+            headers: {
+                'Authorization': `Bearer ${accessToken}`,
+                'User-Agent': 'MindMeld-App',
+                'Accept': 'application/vnd.github+json',
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(payload)
+            }
+        }, (res) => {
+            let data = '';
+            res.on('data', chunk => data += chunk);
+            res.on('end', () => {
+                try { resolve({ statusCode: res.statusCode, body: JSON.parse(data) }); }
+                catch (e) { resolve({ statusCode: res.statusCode, body: data }); }
+            });
+        });
+        req.on('error', reject);
+        req.write(payload);
+        req.end();
+    });
+    if (response.statusCode !== 201) {
+        console.warn(`GitHub webhook creation returned ${response.statusCode}:`, JSON.stringify(response.body).substring(0, 200));
+        return false;
+    }
+    const githubWebhookId = response.body.id;
+    // Register repo in git_repositories with per-repo webhook secret
+    // Unique constraint is on (company_id, repo_url)
+    await executeQuery(`
+        INSERT INTO rapport.git_repositories (
+            repo_id, repo_name, repo_url, company_id, webhook_secret, created_at, updated_at
+        ) VALUES (gen_random_uuid(), $1, $2, $3, $4, NOW(), NOW())
+        ON CONFLICT (company_id, repo_url) DO UPDATE SET
+            webhook_secret = EXCLUDED.webhook_secret,
+            updated_at = NOW()
+    `, [`${owner}/${repo}`, repoUrl, companyId, webhookSecret]);
+    console.log(`Created GitHub webhook ${githubWebhookId} on ${owner}/${repo}`);
+    return true;
+}
+function decryptToken(encryptedData, key) {
+    const [ivHex, encrypted] = encryptedData.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(key, 'hex'), iv);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
 exports.handler = wrapHandler(createProject);

package/src/handlers/projects/projectDelete.js CHANGED Viewed

@@ -29,14 +29,14 @@ async function deleteProject({ queryStringParameters: queryParams = {}, requestC
                 p.project_id,
                 p.company_id,
                 pc.role,
-                ue."Admin" as company_admin
+                ue.admin as company_admin
             FROM rapport.projects p
             LEFT JOIN rapport.project_collaborators pc
                 ON p.project_id = pc.project_id
                 AND pc.email_address = $1
-            LEFT JOIN "UserEntitlements" ue
-                ON ue."Email_Address" = $1
-                AND ue."Company_ID" = p.company_id
+            LEFT JOIN rapport.user_entitlements ue
+                ON ue.email_address = $1
+                AND ue.company_id = p.company_id
             WHERE p.project_id = $2
         `;
         const accessCheck = await executeQuery(accessQuery, [email, projectId]);