@equilateral_ai/mindmeld 3.3.1 → 3.5.0

package/src/handlers/enterprise/controlTowerGet.js

@@ -0,0 +1,224 @@
+/**
+ * Control Tower Handler
+ * Unified org health dashboard for enterprise tier
+ *
+ * GET /api/enterprise/control-tower
+ * Auth: Cognito JWT required, Enterprise tier
+ *
+ * Aggregates cross-project health metrics:
+ * - Organization health score
+ * - Standards compliance across projects
+ * - Risk indicators (stale devs, violations, coverage gaps)
+ * - Governance activity (audit events, knowledge items)
+ * - Project-level breakdown
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
+
+async function getControlTower({ requestContext, queryStringParameters }) {
+    const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+    if (!email) {
+        return createErrorResponse(401, 'Authentication required');
+    }
+
+    // Verify enterprise admin/manager access
+    const accessCheck = await executeQuery(`
+        SELECT ue.company_id, ue.admin, ue.manager, c.subscription_tier, co.company_name
+        FROM rapport.user_entitlements ue
+        JOIN rapport.clients c ON ue.client_id = c.client_id
+        JOIN rapport.companies co ON ue.company_id = co.company_id
+        WHERE ue.email_address = $1
+        AND (ue.admin = true OR ue.manager = true)
+        LIMIT 1
+    `, [email]);
+
+    if (accessCheck.rows.length === 0) {
+        return createErrorResponse(403, 'Admin or Manager access required for Control Tower');
+    }
+
+    const { company_id: companyId, company_name: companyName } = accessCheck.rows[0];
+    const periodDays = 30;
+    const periodStart = new Date();
+    periodStart.setDate(periodStart.getDate() - periodDays);
+
+    // 1. Team health metrics
+    let teamHealth = { total: 0, active: 0, stale: 0, very_stale: 0, no_sessions: 0 };
+    try {
+        const teamResult = await executeQuery(`
+            SELECT
+                COUNT(DISTINCT ue.email_address) as total,
+                COUNT(DISTINCT CASE WHEN mda.sessions_last_30d > 0 AND mda.commits_last_30d > 0 THEN ue.email_address END) as active,
+                COUNT(DISTINCT CASE WHEN mda.days_since_last_commit BETWEEN 8 AND 14 THEN ue.email_address END) as stale,
+                COUNT(DISTINCT CASE WHEN mda.days_since_last_commit > 14 THEN ue.email_address END) as very_stale,
+                COUNT(DISTINCT CASE WHEN mda.sessions_last_30d = 0 OR mda.sessions_last_30d IS NULL THEN ue.email_address END) as no_sessions
+            FROM rapport.user_entitlements ue
+            LEFT JOIN rapport.mv_developer_activity mda ON ue.email_address = mda.email_address
+            WHERE ue.company_id = $1
+        `, [companyId]);
+        if (teamResult.rows[0]) {
+            teamHealth = {
+                total: parseInt(teamResult.rows[0].total) || 0,
+                active: parseInt(teamResult.rows[0].active) || 0,
+                stale: parseInt(teamResult.rows[0].stale) || 0,
+                very_stale: parseInt(teamResult.rows[0].very_stale) || 0,
+                no_sessions: parseInt(teamResult.rows[0].no_sessions) || 0
+            };
+        }
+    } catch (e) {
+        console.log('[ControlTower] Team health query failed:', e.message);
+    }
+
+    // 2. Project coverage
+    let projects = [];
+    try {
+        const projectResult = await executeQuery(`
+            SELECT
+                p.project_id,
+                p.project_name,
+                p.repo_url,
+                COUNT(DISTINCT s.session_id) as sessions_30d,
+                COUNT(DISTINCT ss.standard_id) as standards_used,
+                MAX(s.started_at) as last_session
+            FROM rapport.projects p
+            LEFT JOIN rapport.sessions s ON p.project_id = s.project_id AND s.started_at >= $2
+            LEFT JOIN rapport.session_standards ss ON s.session_id = ss.session_id AND ss.created_at >= $2
+            WHERE p.company_id = $1
+            GROUP BY p.project_id, p.project_name, p.repo_url
+            ORDER BY sessions_30d DESC
+        `, [companyId, periodStart]);
+        projects = projectResult.rows.map(row => ({
+            project_id: row.project_id,
+            project_name: row.project_name,
+            repo_connected: !!row.repo_url,
+            sessions_30d: parseInt(row.sessions_30d) || 0,
+            standards_used: parseInt(row.standards_used) || 0,
+            last_session: row.last_session,
+            status: parseInt(row.sessions_30d) > 0 ? 'active' : 'inactive'
+        }));
+    } catch (e) {
+        console.log('[ControlTower] Projects query failed:', e.message);
+    }
+
+    // 3. Standards coverage (how many unique standards used across org)
+    let standardsCoverage = { total_injections: 0, unique_standards: 0, sessions_with_standards: 0 };
+    try {
+        const stdResult = await executeQuery(`
+            SELECT
+                COUNT(*) as total_injections,
+                COUNT(DISTINCT ss.standard_id) as unique_standards,
+                COUNT(DISTINCT ss.session_id) as sessions_with_standards
+            FROM rapport.session_standards ss
+            JOIN rapport.sessions s ON ss.session_id = s.session_id
+            JOIN rapport.projects p ON s.project_id = p.project_id
+            WHERE p.company_id = $1
+            AND ss.created_at >= $2
+        `, [companyId, periodStart]);
+        if (stdResult.rows[0]) {
+            standardsCoverage = {
+                total_injections: parseInt(stdResult.rows[0].total_injections) || 0,
+                unique_standards: parseInt(stdResult.rows[0].unique_standards) || 0,
+                sessions_with_standards: parseInt(stdResult.rows[0].sessions_with_standards) || 0
+            };
+        }
+    } catch (e) {
+        console.log('[ControlTower] Standards coverage query failed:', e.message);
+    }
+
+    // 4. Governance activity (audit events, knowledge items)
+    let governance = { audit_events_30d: 0, knowledge_items: 0, published_knowledge: 0 };
+    try {
+        const auditResult = await executeQuery(`
+            SELECT COUNT(*) as count
+            FROM rapport.unified_audit_log
+            WHERE client_id = (
+                SELECT client_id FROM rapport.user_entitlements WHERE company_id = $1 LIMIT 1
+            )
+            AND created_at >= $2
+        `, [companyId, periodStart]);
+        governance.audit_events_30d = parseInt(auditResult.rows[0]?.count) || 0;
+    } catch (e) {
+        console.log('[ControlTower] Audit events query failed:', e.message);
+    }
+
+    try {
+        const knowledgeResult = await executeQuery(`
+            SELECT
+                COUNT(*) as total,
+                COUNT(CASE WHEN status = 'published' THEN 1 END) as published
+            FROM rapport.curated_knowledge
+            WHERE client_id = (
+                SELECT client_id FROM rapport.user_entitlements WHERE company_id = $1 LIMIT 1
+            )
+        `, [companyId]);
+        governance.knowledge_items = parseInt(knowledgeResult.rows[0]?.total) || 0;
+        governance.published_knowledge = parseInt(knowledgeResult.rows[0]?.published) || 0;
+    } catch (e) {
+        console.log('[ControlTower] Knowledge query failed:', e.message);
+    }
+
+    // 5. Risk indicators
+    const risks = [];
+    if (teamHealth.very_stale > 0) {
+        risks.push({
+            severity: 'high',
+            category: 'team',
+            message: `${teamHealth.very_stale} developer${teamHealth.very_stale > 1 ? 's' : ''} inactive for 14+ days`
+        });
+    }
+    if (teamHealth.no_sessions > teamHealth.total * 0.3 && teamHealth.total > 1) {
+        risks.push({
+            severity: 'medium',
+            category: 'adoption',
+            message: `${teamHealth.no_sessions} of ${teamHealth.total} developers have no AI sessions in 30 days`
+        });
+    }
+    const projectsWithoutStandards = projects.filter(p => p.sessions_30d > 0 && p.standards_used === 0);
+    if (projectsWithoutStandards.length > 0) {
+        risks.push({
+            severity: 'medium',
+            category: 'coverage',
+            message: `${projectsWithoutStandards.length} active project${projectsWithoutStandards.length > 1 ? 's' : ''} with no standards injection`
+        });
+    }
+    const inactiveProjects = projects.filter(p => p.status === 'inactive');
+    if (inactiveProjects.length > projects.length * 0.5 && projects.length > 1) {
+        risks.push({
+            severity: 'low',
+            category: 'projects',
+            message: `${inactiveProjects.length} of ${projects.length} projects had no sessions in 30 days`
+        });
+    }
+
+    // 6. Calculate org health score (0-100)
+    let healthScore = 50; // baseline
+    if (teamHealth.total > 0) {
+        const activeRate = teamHealth.active / teamHealth.total;
+        healthScore = Math.round(activeRate * 40); // up to 40 points for team activity
+    }
+    if (projects.length > 0) {
+        const coveredProjects = projects.filter(p => p.sessions_30d > 0).length;
+        healthScore += Math.round((coveredProjects / projects.length) * 30); // up to 30 for project coverage
+    }
+    if (standardsCoverage.unique_standards > 0) {
+        healthScore += Math.min(standardsCoverage.unique_standards * 2, 20); // up to 20 for standards breadth
+    }
+    if (governance.published_knowledge > 0) {
+        healthScore += Math.min(governance.published_knowledge, 10); // up to 10 for knowledge curation
+    }
+    healthScore = Math.min(healthScore, 100);
+
+    return createSuccessResponse({
+        company_name: companyName,
+        health_score: healthScore,
+        team: teamHealth,
+        projects,
+        standards_coverage: standardsCoverage,
+        governance,
+        risks,
+        period_days: periodDays,
+        period_start: periodStart.toISOString()
+    }, 'Control Tower data retrieved');
+}
+
+exports.handler = wrapHandler(getControlTower);

package/src/handlers/enterprise/enterpriseOnboardingSetup.js

@@ -31,8 +31,8 @@ async function enterpriseOnboardingSetup({ requestContext, body }) {
             return createErrorResponse(403, 'User not found or no company assigned');
         }
 
-        const { client_id, company_id } = userResult.rows[0];
-        if (!company_id) {
+        const { client_id, company_id: currentCompanyId } = userResult.rows[0];
+        if (!currentCompanyId) {
             return createErrorResponse(400, 'No company associated with this account');
         }
 
@@ -55,13 +55,52 @@ async function enterpriseOnboardingSetup({ requestContext, body }) {
         const industry = body?.industry || null;
         const companySize = body?.company_size || null;
 
-        // Update company profile
-        await executeQuery(
-            `UPDATE rapport.companies
-             SET company_name = $1, domain = $2, industry = $3, company_size = $4, last_updated = NOW()
-             WHERE company_id = $5`,
-            [companyName, domain, industry, companySize, company_id]
-        );
+        // Generate a proper enterprise company_id from company name
+        const enterpriseCompanyId = `${companyName.replace(/[^a-zA-Z0-9]/g, '_').toUpperCase()}_MAIN`;
+        let company_id = currentCompanyId;
+
+        if (enterpriseCompanyId !== currentCompanyId) {
+            // Create the enterprise company (or update if it already exists)
+            await executeQuery(
+                `INSERT INTO rapport.companies (company_id, client_id, company_name, company_status, domain, industry, company_size)
+                 VALUES ($1, $2, $3, 'Active', $4, $5, $6)
+                 ON CONFLICT (company_id) DO UPDATE SET
+                    company_name = $3, domain = $4, industry = $5, company_size = $6, last_updated = NOW()`,
+                [enterpriseCompanyId, client_id, companyName, domain, industry, companySize]
+            );
+
+            // Migrate user entitlement from personal to enterprise company
+            await executeQuery(
+                `UPDATE rapport.user_entitlements
+                 SET company_id = $1
+                 WHERE email_address = $2 AND company_id = $3`,
+                [enterpriseCompanyId, email, currentCompanyId]
+            );
+
+            // Clean up orphaned personal company if nothing else references it
+            await executeQuery(
+                `DELETE FROM rapport.companies
+                 WHERE company_id = $1
+                 AND NOT EXISTS (
+                     SELECT 1 FROM rapport.user_entitlements WHERE company_id = $1
+                 )
+                 AND NOT EXISTS (
+                     SELECT 1 FROM rapport.projects WHERE company_id = $1
+                 )`,
+                [currentCompanyId]
+            );
+
+            company_id = enterpriseCompanyId;
+            console.log(`Migrated company: ${currentCompanyId} -> ${enterpriseCompanyId}`);
+        } else {
+            // Same company_id, just update profile
+            await executeQuery(
+                `UPDATE rapport.companies
+                 SET company_name = $1, domain = $2, industry = $3, company_size = $4, last_updated = NOW()
+                 WHERE company_id = $5`,
+                [companyName, domain, industry, companySize, company_id]
+            );
+        }
 
         // Upsert onboarding status
         await executeQuery(

package/src/handlers/enterprise/enterpriseOnboardingStatus.js

@@ -59,9 +59,7 @@ async function getEnterpriseOnboardingStatus({ requestContext }) {
 
         // Get onboarding status
         const statusResult = await executeQuery(
-            `SELECT step_completed, org_configured, invites_sent,
-                    standards_configured, repo_connected, completed,
-                    started_at, completed_at, completed_by
+            `SELECT *
              FROM rapport.enterprise_onboarding_status
              WHERE company_id = $1`,
             [company_id]

package/src/handlers/github/githubConnectionStatus.js

@@ -30,7 +30,7 @@ async function githubConnectionStatus({ requestContext }) {
             SELECT COUNT(*) as count FROM rapport.projects p
             JOIN rapport.project_collaborators pc ON p.project_id = pc.project_id
             WHERE pc.email_address = $1
-            AND p.github_owner IS NOT NULL
+            AND p.repo_url IS NOT NULL
             AND p.archived = FALSE
         `, [email]);
 

package/src/handlers/github/githubDiscoverPatterns.js

@@ -585,18 +585,20 @@ async function githubDiscoverPatterns({ body, requestContext }) {
             WHERE project_id = $3
         `, [owner, repo, project_id]);
 
-        // Save discoveries to DB
+        // Save discoveries to DB and capture generated IDs
         for (const discovery of validDiscoveries) {
-            await executeQuery(`
+            const insertResult = await executeQuery(`
                 INSERT INTO rapport.onboarding_discoveries (
                     project_id, email_address, discovery_type, pattern_name,
                     pattern_description, confidence, evidence
                 ) VALUES ($1, $2, $3, $4, $5, $6, $7)
+                RETURNING discovery_id
             `, [
                 project_id, email, discovery.discovery_type, discovery.pattern_name,
                 discovery.pattern_description, discovery.confidence,
                 JSON.stringify(discovery.evidence)
             ]);
+            discovery.discovery_id = insertResult.rows[0]?.discovery_id;
         }
 
         return createSuccessResponse({

package/src/handlers/github/githubPatternsReview.js

@@ -36,46 +36,17 @@ async function githubPatternsReview({ body, requestContext }) {
 
         for (const { discovery_id, approved } of approvals) {
             if (!discovery_id) continue;
+            // Skip frontend-generated placeholder IDs (disc_0, disc_1, etc.)
+            // These occur when the discover endpoint didn't return DB-generated UUIDs
+            if (discovery_id.startsWith('disc_')) continue;
 
             if (approved) {
-                // Get discovery details
-                const discoveryResult = await executeQuery(`
-                    SELECT discovery_type, pattern_name, pattern_description, evidence
-                    FROM rapport.onboarding_discoveries
-                    WHERE discovery_id = $1 AND project_id = $2
-                `, [discovery_id, project_id]);
-
-                if (discoveryResult.rowCount === 0) continue;
-
-                const discovery = discoveryResult.rows[0];
-
-                // Create pattern entry
-                const patternId = `pat_${project_id}_${Date.now()}_${patterns_created}`;
-                await executeQuery(`
-                    INSERT INTO rapport.patterns (
-                        pattern_id, project_id, intent, constraints, outcome_criteria,
-                        maturity, discovered_by, pattern_data
-                    ) VALUES ($1, $2, $3, $4, $5, 'provisional', $6, $7)
-                `, [
-                    patternId,
-                    project_id,
-                    discovery.pattern_name,
-                    JSON.stringify([discovery.pattern_description || '']),
-                    JSON.stringify([`Discovered via GitHub onboarding: ${discovery.discovery_type}`]),
-                    email,
-                    JSON.stringify({
-                        source: 'github_onboarding',
-                        discovery_type: discovery.discovery_type,
-                        evidence: discovery.evidence
-                    })
-                ]);
-
-                // Update discovery status
+                // Update discovery status to approved
                 await executeQuery(`
                     UPDATE rapport.onboarding_discoveries
-                    SET status = 'approved', reviewed_at = NOW(), pattern_id = $1
-                    WHERE discovery_id = $2
-                `, [patternId, discovery_id]);
+                    SET status = 'approved', reviewed_at = NOW()
+                    WHERE discovery_id = $1 AND project_id = $2
+                `, [discovery_id, project_id]);
 
                 patterns_created++;
             } else {

package/src/handlers/health/healthGet.js

@@ -0,0 +1,55 @@
+/**
+ * Health Check Handler
+ * Returns system health status for monitoring
+ *
+ * GET /api/health
+ * Auth: None (public endpoint for external monitors)
+ */
+
+const { executeQuery } = require('./helpers');
+
+exports.handler = async (event) => {
+    const headers = {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Methods': 'GET,OPTIONS',
+        'Access-Control-Allow-Headers': 'Content-Type'
+    };
+
+    const result = {
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        version: process.env.STACK_VERSION || '1.0.0',
+        checks: {}
+    };
+
+    // Database connectivity
+    try {
+        const start = Date.now();
+        await executeQuery('SELECT 1 AS ok');
+        result.checks.database = {
+            status: 'ok',
+            latency_ms: Date.now() - start
+        };
+    } catch (err) {
+        result.status = 'degraded';
+        result.checks.database = {
+            status: 'error',
+            message: 'Database connection failed'
+        };
+        console.error('[Health] Database check failed:', err.message);
+    }
+
+    // Stripe configuration
+    result.checks.stripe = {
+        status: process.env.STRIPE_SECRET_KEY ? 'configured' : 'not_configured'
+    };
+
+    const statusCode = result.status === 'ok' ? 200 : 503;
+
+    return {
+        statusCode,
+        headers,
+        body: JSON.stringify(result)
+    };
+};

package/src/handlers/helpers/checkSuperAdmin.js

@@ -1,6 +1,5 @@
 /**
  * Super Admin Check Helper
- * Follows Tim-Combo pattern: simple boolean flag in Users table
  */
 
 const { executeQuery } = require('./dbOperations');
@@ -12,12 +11,12 @@ const { executeQuery } = require('./dbOperations');
  */
 async function isSuperAdmin(email) {
     const query = `
-        SELECT "Super_Admin"
-        FROM "Users"
-        WHERE "Email_Address" = $1
+        SELECT super_admin
+        FROM rapport.users
+        WHERE email_address = $1
     `;
     const result = await executeQuery(query, [email]);
-    return result.rows.length > 0 && result.rows[0].Super_Admin === true;
+    return result.rows.length > 0 && result.rows[0].super_admin === true;
 }
 
 /**
@@ -42,15 +41,15 @@ async function requireSuperAdmin(email) {
 async function getUserWithSuperAdminStatus(email) {
     const query = `
         SELECT
-            "Email_Address",
-            "Client_ID",
-            "User_Display_Name",
-            "First_Name",
-            "Last_Name",
-            "Super_Admin",
-            "User_Status"
-        FROM "Users"
-        WHERE "Email_Address" = $1
+            email_address,
+            client_id,
+            CONCAT(first_name, ' ', last_name) as user_display_name,
+            first_name,
+            last_name,
+            super_admin,
+            user_status
+        FROM rapport.users
+        WHERE email_address = $1
     `;
     const result = await executeQuery(query, [email]);
     return result.rows.length > 0 ? result.rows[0] : null;