@equilateral_ai/mindmeld 3.3.1 → 3.5.0

package/src/handlers/company/companyUsersGet.js

@@ -0,0 +1,90 @@
+/**
+ * Company Users List Handler
+ * Lists all users (entitlements) for a company
+ *
+ * GET /api/company/users?company_id=xxx
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * List company users
+ * Requires member access to the company
+ */
+async function listCompanyUsers({ queryStringParameters: queryParams = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const companyId = queryParams.company_id;
+
+        if (!email) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!companyId) {
+            return createErrorResponse(400, 'company_id query parameter is required');
+        }
+
+        // Verify caller has access to this company
+        const accessQuery = `
+            SELECT admin, member
+            FROM rapport.user_entitlements
+            WHERE email_address = $1 AND company_id = $2
+        `;
+        const accessCheck = await executeQuery(accessQuery, [email, companyId]);
+
+        if (accessCheck.rowCount === 0) {
+            return createErrorResponse(403, 'You do not have access to this company');
+        }
+
+        // Get all users for the company
+        const query = `
+            SELECT
+                ue.email_address,
+                ue.admin,
+                ue.member,
+                ue.client_id,
+                ue.company_id,
+                ue.billing_type,
+                u.first_name,
+                u.last_name,
+                u.user_status,
+                u.create_date,
+                u.last_updated
+            FROM rapport.user_entitlements ue
+            LEFT JOIN rapport.users u ON u.email_address = ue.email_address
+            WHERE ue.company_id = $1
+            ORDER BY ue.admin DESC, u.create_date ASC
+        `;
+        const result = await executeQuery(query, [companyId]);
+
+        const users = result.rows.map(row => ({
+            email: row.email_address,
+            display_name: [row.first_name, row.last_name].filter(Boolean).join(' ') || null,
+            role: row.admin ? 'admin' : 'member',
+            status: row.user_status || 'active',
+            billing_type: row.billing_type || 'self_paid',
+            created_at: row.create_date,
+            last_active: row.last_updated,
+            client_id: row.client_id,
+            company_id: row.company_id,
+        }));
+
+        return createSuccessResponse(
+            { Records: users },
+            `Found ${users.length} user(s)`,
+            {
+                Total_Records: users.length,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(listCompanyUsers);

package/src/handlers/company/companyUsersPost.js

@@ -0,0 +1,267 @@
+/**
+ * Company Users Invite Handler
+ * Invites a user to a company by creating an entitlement and sending an invite email
+ * Supports two billing modes: self_pays (invitee pays) or admin_pays (license on admin's subscription)
+ *
+ * POST /api/company/users
+ * Body: { company_id, email, role, billing }
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, getTierConfig } = require('./helpers');
+const { SESClient, SendEmailCommand } = require('@aws-sdk/client-ses');
+const Stripe = require('stripe');
+
+const ses = new SESClient({ region: process.env.AWS_REGION || 'us-east-2' });
+const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
+
+/**
+ * Invite user to company
+ * Requires admin access to the company
+ */
+async function inviteCompanyUser({ body: requestBody = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const callerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { company_id, email, role, billing = 'self_pays' } = requestBody;
+
+        if (!callerEmail) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!company_id || !email) {
+            return createErrorResponse(400, 'company_id and email are required');
+        }
+
+        if (!['admin_pays', 'self_pays'].includes(billing)) {
+            return createErrorResponse(400, 'billing must be admin_pays or self_pays');
+        }
+
+        // Verify caller is admin of this company
+        const adminQuery = `
+            SELECT ue.admin, ue.client_id, u.first_name, u.last_name
+            FROM rapport.user_entitlements ue
+            LEFT JOIN rapport.users u ON u.email_address = ue.email_address
+            WHERE ue.email_address = $1 AND ue.company_id = $2
+        `;
+        const adminCheck = await executeQuery(adminQuery, [callerEmail, company_id]);
+
+        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
+            return createErrorResponse(403, 'Admin access required to invite users');
+        }
+
+        const clientId = adminCheck.rows[0].client_id;
+        const inviterName = [adminCheck.rows[0].first_name, adminCheck.rows[0].last_name].filter(Boolean).join(' ') || callerEmail;
+
+        // Get client details for seat limits and Stripe info
+        const clientQuery = `
+            SELECT subscription_tier, seat_count, client_name, stripe_subscription_id, license_count
+            FROM rapport.clients WHERE client_id = $1
+        `;
+        const clientResult = await executeQuery(clientQuery, [clientId]);
+        const clientRecord = clientResult.rows[0];
+        const tierConfig = getTierConfig(clientRecord?.subscription_tier || 'free');
+        const maxCollaborators = tierConfig?.maxCollaborators;
+        const teamName = clientRecord?.client_name || 'their team';
+        const inviterTier = clientRecord?.subscription_tier || 'team';
+
+        // Check seat limits before allowing invite
+        if (maxCollaborators !== null) {
+            const countQuery = `
+                SELECT COUNT(*) as current_count
+                FROM rapport.user_entitlements WHERE company_id = $1
+            `;
+            const countResult = await executeQuery(countQuery, [company_id]);
+            const currentCount = parseInt(countResult.rows[0].current_count) || 0;
+
+            if (currentCount >= maxCollaborators) {
+                return createErrorResponse(403, `Seat limit reached (${currentCount}/${maxCollaborators}). Upgrade your plan to add more team members.`);
+            }
+        }
+
+        // For admin_pays, verify admin has an active Stripe subscription
+        if (billing === 'admin_pays' && !clientRecord?.stripe_subscription_id) {
+            return createErrorResponse(400, 'You need an active subscription to add licensed users. Subscribe first, then invite with "Add to my subscription".');
+        }
+
+        // Ensure invited user exists in users table (create pending record if not)
+        await executeQuery(`
+            INSERT INTO rapport.users (email_address, user_status, active, create_date)
+            VALUES ($1, 'Pending', true, NOW())
+            ON CONFLICT (email_address) DO NOTHING
+        `, [email]);
+
+        // Create entitlement for invited user
+        const isAdmin = role === 'admin';
+        const billingType = billing === 'admin_pays' ? 'admin_paid' : 'self_paid';
+        const insertQuery = `
+            INSERT INTO rapport.user_entitlements (
+                email_address, client_id, company_id, admin, member, billing_type
+            ) VALUES ($1, $2, $3, $4, true, $5)
+            ON CONFLICT (email_address, company_id) DO UPDATE SET
+                admin = EXCLUDED.admin,
+                member = true,
+                billing_type = EXCLUDED.billing_type
+            RETURNING email_address, admin, member, billing_type
+        `;
+        const result = await executeQuery(insertQuery, [email, clientId, company_id, isAdmin, billingType]);
+
+        // If admin_pays, update license count and Stripe subscription quantity
+        let stripeUpdated = false;
+        if (billing === 'admin_pays') {
+            // Increment license_count
+            const updateResult = await executeQuery(`
+                UPDATE rapport.clients
+                SET license_count = COALESCE(license_count, 1) + 1, last_updated = CURRENT_TIMESTAMP
+                WHERE client_id = $1
+                RETURNING license_count
+            `, [clientId]);
+            const newLicenseCount = updateResult.rows[0].license_count;
+
+            // Update Stripe subscription quantity
+            try {
+                const subscription = await stripe.subscriptions.retrieve(clientRecord.stripe_subscription_id);
+                const item = subscription.items.data[0];
+                if (item) {
+                    await stripe.subscriptions.update(clientRecord.stripe_subscription_id, {
+                        items: [{ id: item.id, quantity: newLicenseCount }],
+                        proration_behavior: 'none'
+                    });
+                    stripeUpdated = true;
+                    console.log(`[License] Updated Stripe quantity to ${newLicenseCount} for ${clientId}`);
+                }
+            } catch (stripeError) {
+                console.error('[License] Stripe update failed:', stripeError.message);
+                // Revert license_count since Stripe failed
+                await executeQuery(`
+                    UPDATE rapport.clients
+                    SET license_count = COALESCE(license_count, 2) - 1, last_updated = CURRENT_TIMESTAMP
+                    WHERE client_id = $1
+                `, [clientId]);
+                return createErrorResponse(500, 'Failed to update subscription. Please try again or contact support.');
+            }
+        }
+
+        // Send invite email
+        const appUrl = process.env.APP_URL || 'https://app.mindmeld.dev';
+        // Admin-paid users don't need to go through checkout, so no ?tier= param
+        const signupUrl = billing === 'admin_pays'
+            ? `${appUrl}/signup`
+            : `${appUrl}/signup?tier=${inviterTier}`;
+        let emailSent = false;
+
+        // Customize email message based on billing type
+        const billingNote = billing === 'admin_pays'
+            ? 'Your subscription is covered — just sign up and start using MindMeld.'
+            : 'MindMeld brings intelligent standards and patterns directly into your AI coding sessions — helping your team write better code, faster.';
+
+        const emailParams = {
+            Source: process.env.EMAIL_FROM || 'noreply@mindmeld.dev',
+            Destination: {
+                ToAddresses: [email]
+            },
+            Message: {
+                Subject: {
+                    Data: `${inviterName} invited you to join ${teamName} on MindMeld`,
+                    Charset: 'UTF-8'
+                },
+                Body: {
+                    Html: {
+                        Data: `
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; }
+        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+        .header { text-align: center; margin-bottom: 30px; }
+        .logo { font-size: 24px; font-weight: bold; color: #2563eb; }
+        .content { background: #f8fafc; border-radius: 8px; padding: 30px; margin-bottom: 20px; }
+        .button { display: inline-block; background: #2563eb; color: white; padding: 12px 24px; border-radius: 6px; text-decoration: none; font-weight: 500; }
+        .footer { text-align: center; color: #64748b; font-size: 14px; }
+        .role-badge { display: inline-block; background: #e0e7ff; color: #3730a3; padding: 4px 12px; border-radius: 20px; font-size: 14px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <div class="logo">MindMeld</div>
+        </div>
+        <div class="content">
+            <p>Hi there,</p>
+            <p><strong>${inviterName}</strong> has invited you to join <strong>${teamName}</strong> on MindMeld.</p>
+            <p>Your role: <span class="role-badge">${isAdmin ? 'Admin' : 'Member'}</span></p>
+            <p>${billingNote}</p>
+            <p style="margin-top: 30px;">
+                <a href="${signupUrl}" class="button">Get Started</a>
+            </p>
+            <p style="margin-top: 20px; font-size: 14px; color: #64748b;">
+                Already have an account? <a href="${appUrl}" style="color: #2563eb;">Sign in</a> — your team access will be ready.
+            </p>
+        </div>
+        <div class="footer">
+            <p>MindMeld - Intelligent standards for AI coding</p>
+            <p>Powered by Equilateral AI</p>
+        </div>
+    </div>
+</body>
+</html>
+                        `,
+                        Charset: 'UTF-8'
+                    },
+                    Text: {
+                        Data: `${inviterName} has invited you to join ${teamName} on MindMeld.
+
+Your role: ${isAdmin ? 'Admin' : 'Member'}
+
+${billingNote}
+
+Get started: ${signupUrl}
+
+Already have an account? Sign in at ${appUrl} — your team access will be ready.
+
+---
+MindMeld - Intelligent standards for AI coding
+Powered by Equilateral AI
+                        `,
+                        Charset: 'UTF-8'
+                    }
+                }
+            }
+        };
+
+        try {
+            await ses.send(new SendEmailCommand(emailParams));
+            emailSent = true;
+        } catch (sesError) {
+            console.error('SES Error sending invite:', sesError);
+        }
+
+        const responseRecords = result.rows.map(r => ({
+            ...r,
+            email_sent: emailSent,
+            stripe_updated: stripeUpdated
+        }));
+
+        const message = billing === 'admin_pays'
+            ? `${email} added to your subscription (license ${stripeUpdated ? 'updated' : 'pending'})`
+            : emailSent ? `Invitation sent to ${email}` : `User ${email} added to team (email delivery failed — share the link manually)`;
+
+        return createSuccessResponse(
+            { Records: responseRecords },
+            message,
+            {
+                Total_Records: result.rowCount,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(inviteCompanyUser);

package/src/handlers/company/companyUsersPut.js

@@ -0,0 +1,76 @@
+/**
+ * Company Users Update Handler
+ * Updates a user's role within a company
+ *
+ * PUT /api/company/users
+ * Body: { company_id, email, role }
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+
+/**
+ * Update user role in company
+ * Requires admin access to the company
+ */
+async function updateCompanyUser({ body: requestBody = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        const callerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+        const { company_id, email, role } = requestBody;
+
+        if (!callerEmail) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        if (!company_id || !email || !role) {
+            return createErrorResponse(400, 'company_id, email, and role are required');
+        }
+
+        // Verify caller is admin of this company
+        const adminQuery = `
+            SELECT admin FROM rapport.user_entitlements
+            WHERE email_address = $1 AND company_id = $2
+        `;
+        const adminCheck = await executeQuery(adminQuery, [callerEmail, company_id]);
+
+        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
+            return createErrorResponse(403, 'Admin access required to update user roles');
+        }
+
+        // Prevent self-demotion from admin
+        if (email === callerEmail && role !== 'admin') {
+            return createErrorResponse(400, 'Cannot remove your own admin role');
+        }
+
+        // Update the entitlement
+        const isAdmin = role === 'admin';
+        const updateQuery = `
+            UPDATE rapport.user_entitlements
+            SET admin = $1
+            WHERE email_address = $2 AND company_id = $3
+            RETURNING email_address, admin, member
+        `;
+        const result = await executeQuery(updateQuery, [isAdmin, email, company_id]);
+
+        if (result.rowCount === 0) {
+            return createErrorResponse(404, `User ${email} not found in this company`);
+        }
+
+        return createSuccessResponse(
+            { Records: result.rows },
+            `User ${email} role updated to ${role}`,
+            {
+                Total_Records: result.rowCount,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(updateCompanyUser);

package/src/handlers/correlations/correlationsDeveloperGet.js

@@ -39,12 +39,12 @@ exports.handler = wrapHandler(async (event, context) => {
     if (!isSelf) {
         // Verify requesting user is admin in a shared company
         const accessResult = await executeQuery(`
-            SELECT DISTINCT ue1."Company_ID"
-            FROM "UserEntitlements" ue1
-            JOIN "UserEntitlements" ue2 ON ue1."Company_ID" = ue2."Company_ID"
-            WHERE ue1."Email_Address" = $1
-            AND ue2."Email_Address" = $2
-            AND (ue1."Admin" = true OR ue1."Manager" = true)
+            SELECT DISTINCT ue1.company_id
+            FROM rapport.user_entitlements ue1
+            JOIN rapport.user_entitlements ue2 ON ue1.company_id = ue2.company_id
+            WHERE ue1.email_address = $1
+            AND ue2.email_address = $2
+            AND (ue1.admin = true OR ue1.manager = true)
         `, [requestingEmail, targetEmail]);
 
         if (accessResult.rows.length === 0) {
@@ -55,12 +55,12 @@ exports.handler = wrapHandler(async (event, context) => {
     // Get developer info
     const developerResult = await executeQuery(`
         SELECT
-            u."Email_Address" as email,
-            u."User_Display_Name" as display_name,
-            u."First_Name" as first_name,
-            u."Last_Name" as last_name
-        FROM "Users" u
-        WHERE u."Email_Address" = $1
+            u.email_address as email,
+            CONCAT(u.first_name, ' ', u.last_name) as display_name,
+            u.first_name,
+            u.last_name
+        FROM rapport.users u
+        WHERE u.email_address = $1
     `, [targetEmail]);
 
     if (developerResult.rows.length === 0) {

package/src/handlers/correlations/correlationsGet.js

@@ -28,9 +28,9 @@ exports.handler = wrapHandler(async (event, context) => {
 
     // Get user's company
     const companyResult = await executeQuery(`
-        SELECT ue."Company_ID"
-        FROM "UserEntitlements" ue
-        WHERE ue."Email_Address" = $1
+        SELECT ue.company_id
+        FROM rapport.user_entitlements ue
+        WHERE ue.email_address = $1
         LIMIT 1
     `, [email]);
 
@@ -38,7 +38,7 @@ exports.handler = wrapHandler(async (event, context) => {
         return createErrorResponse(403, 'User not associated with any company');
     }
 
-    const companyId = companyResult.rows[0].Company_ID;
+    const companyId = companyResult.rows[0].company_id;
 
     // Initialize analyzer
     const analyzer = new CorrelationAnalyzer();
@@ -83,11 +83,11 @@ exports.handler = wrapHandler(async (event, context) => {
  */
 async function checkIsAdmin(email, companyId) {
     const result = await executeQuery(`
-        SELECT "Admin", "Manager"
-        FROM "UserEntitlements"
-        WHERE "Email_Address" = $1 AND "Company_ID" = $2
+        SELECT admin, manager
+        FROM rapport.user_entitlements
+        WHERE email_address = $1 AND company_id = $2
     `, [email, companyId]);
 
     if (result.rows.length === 0) return false;
-    return result.rows[0].Admin || result.rows[0].Manager;
+    return result.rows[0].admin || result.rows[0].manager;
 }

package/src/handlers/correlations/correlationsProjectGet.js

@@ -83,7 +83,7 @@ async function getDeveloperBreakdown(projectId, lookbackDays) {
     const query = `
         SELECT
             sc.email_address,
-            u."User_Display_Name" as display_name,
+            CONCAT(u.first_name, ' ', u.last_name) as display_name,
             COUNT(*) as total_sessions,
             COUNT(*) FILTER (WHERE sc.has_commits = true) as productive_sessions,
             ROUND(
@@ -97,10 +97,10 @@ async function getDeveloperBreakdown(projectId, lookbackDays) {
             ROUND(AVG(sc.session_duration_seconds) / 60, 0) as avg_session_minutes,
             MAX(sc.session_started_at) as last_session
         FROM rapport.session_correlations sc
-        JOIN "Users" u ON sc.email_address = u."Email_Address"
+        JOIN rapport.users u ON sc.email_address = u.email_address
         WHERE sc.project_id = $1
         AND sc.session_started_at > NOW() - $2 * INTERVAL '1 day'
-        GROUP BY sc.email_address, u."User_Display_Name"
+        GROUP BY sc.email_address, u.first_name, u.last_name
         ORDER BY total_commits DESC NULLS LAST
     `;
 
@@ -128,7 +128,7 @@ async function getRecentCorrelations(projectId, limit) {
         SELECT
             sc.session_id,
             sc.email_address,
-            u."User_Display_Name" as display_name,
+            CONCAT(u.first_name, ' ', u.last_name) as display_name,
             sc.session_started_at,
             sc.session_duration_seconds,
             sc.has_commits,
@@ -138,7 +138,7 @@ async function getRecentCorrelations(projectId, limit) {
             sc.correlation_type,
             sc.correlation_score
         FROM rapport.session_correlations sc
-        JOIN "Users" u ON sc.email_address = u."Email_Address"
+        JOIN rapport.users u ON sc.email_address = u.email_address
         WHERE sc.project_id = $1
         ORDER BY sc.session_started_at DESC
         LIMIT $2