@equilateral_ai/mindmeld 3.5.0 → 3.5.2

package/scripts/auth-login.js

@@ -6,7 +6,9 @@
  * when no auth token is found. Opens browser for Cognito PKCE login,
  * waits for callback, saves tokens to ~/.mindmeld/auth.json.
  *
- * Reads .myworld.json from CWD to detect dev vs prod Cognito pool.
+ * Uses .mindmeld/config.json or .myworld.json (consumer projects only) for
+ * Cognito config. When running inside the MindMeld source repo, skips
+ * .myworld.json dev config and uses production defaults.
  *
  * Usage:
  *   node scripts/auth-login.js
@@ -19,23 +21,58 @@ const path = require('path');
 const { AuthManager } = require('../src/core/AuthManager');
 
 /**
- * Load Cognito config from .myworld.json if present
+ * Detect if we're running inside the MindMeld source repository
  */
-function loadCognitoConfig() {
+function isMindMeldSourceRepo() {
     try {
         const configPath = path.join(process.cwd(), '.myworld.json');
         const content = fs.readFileSync(configPath, 'utf-8');
         const config = JSON.parse(content);
-        const auth = config.deployments?.backend?.auth;
-        if (auth?.domain && auth?.client_id) {
+        return (config.project?.product || '').toLowerCase() === 'mindmeld';
+    } catch (error) {
+        return false;
+    }
+}
+
+/**
+ * Load Cognito config — .mindmeld/config.json first, then .myworld.json
+ * for consumer projects only. MindMeld source repo uses production defaults.
+ */
+function loadCognitoConfig() {
+    // 1. Explicit project config (always wins)
+    try {
+        const mindmeldConfigPath = path.join(process.cwd(), '.mindmeld', 'config.json');
+        const content = fs.readFileSync(mindmeldConfigPath, 'utf-8');
+        const config = JSON.parse(content);
+        if (config.auth?.cognitoDomain && config.auth?.cognitoClientId) {
             return {
-                cognitoDomain: `${auth.domain}.auth.us-east-2.amazoncognito.com`,
-                cognitoClientId: auth.client_id
+                cognitoDomain: config.auth.cognitoDomain,
+                cognitoClientId: config.auth.cognitoClientId
             };
         }
     } catch (error) {
-        // No .myworld.json — use production defaults
+        // No .mindmeld/config.json or no auth section
     }
+
+    // 2. .myworld.json — only for consumer projects
+    if (!isMindMeldSourceRepo()) {
+        try {
+            const configPath = path.join(process.cwd(), '.myworld.json');
+            const content = fs.readFileSync(configPath, 'utf-8');
+            const config = JSON.parse(content);
+            const auth = config.deployments?.backend?.auth;
+            if (auth?.domain && auth?.client_id) {
+                return {
+                    cognitoDomain: `${auth.domain}.auth.us-east-2.amazoncognito.com`,
+                    cognitoClientId: auth.client_id
+                };
+            }
+        } catch (error) {
+            // No .myworld.json
+        }
+    }
+
+    // 3. Production defaults (AuthManager has these built-in)
     return {};
 }
 

package/src/core/StandardsIngestion.js

@@ -921,7 +921,9 @@ class StandardsIngestion {
             examples = EXCLUDED.examples,
             cost_impact = EXCLUDED.cost_impact,
             keywords = EXCLUDED.keywords,
-            last_updated = NOW()
+            last_updated = NOW(),
+            last_seen_at = NOW(),
+            occurrence_count = COALESCE(rapport.standards_patterns.occurrence_count, 0) + 1
         `, [
           pattern.pattern_id,
           pattern.file_name,

package/src/handlers/collaborators/collaboratorList.js

@@ -6,7 +6,7 @@
  * Auth: Cognito JWT required
  */
 
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, verifyProjectAccess } = require('./helpers');
 
 /**
  * List project collaborators
@@ -26,15 +26,9 @@ async function listCollaborators({ queryStringParameters: queryParams = {}, requ
             return createErrorResponse(400, 'projectId is required');
         }
 
-        // Check user has access to project
-        const accessQuery = `
-            SELECT pc.role
-            FROM rapport.project_collaborators pc
-            WHERE pc.project_id = $1 AND pc.email_address = $2
-        `;
-        const accessCheck = await executeQuery(accessQuery, [projectId, email]);
-
-        if (accessCheck.rowCount === 0) {
+        // Verify user has access to project (collaborator or company member)
+        const projectAccess = await verifyProjectAccess(projectId, email);
+        if (!projectAccess) {
             return createErrorResponse(403, 'You do not have access to this project');
         }
 

package/src/handlers/correlations/correlationsProjectGet.js

@@ -13,7 +13,7 @@
  *   - Pattern effectiveness for project
  */
 
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, verifyProjectAccess } = require('./helpers');
 const { CorrelationAnalyzer } = require('./core/CorrelationAnalyzer');
 
 exports.handler = wrapHandler(async (event, context) => {
@@ -33,21 +33,12 @@ exports.handler = wrapHandler(async (event, context) => {
     const queryParams = event.queryStringParameters || {};
     const lookbackDays = parseInt(queryParams.lookbackDays) || 30;
 
-    // Verify user has access to this project
-    const accessResult = await executeQuery(`
-        SELECT p.project_id, p.project_name, p.company_id
-        FROM rapport.projects p
-        JOIN rapport.project_collaborators pc ON p.project_id = pc.project_id
-        WHERE p.project_id = $1
-        AND pc.email_address = $2
-    `, [projectId, email]);
-
-    if (accessResult.rows.length === 0) {
+    // Verify user has access to this project (collaborator or company member)
+    const project = await verifyProjectAccess(projectId, email);
+    if (!project) {
         return createErrorResponse(403, 'Access denied to this project');
     }
 
-    const project = accessResult.rows[0];
-
     // Initialize analyzer
     const analyzer = new CorrelationAnalyzer();
 

package/src/handlers/github/githubDiscoverPatterns.js

@@ -12,7 +12,7 @@
  * - Maps tech stack to relevant YAML standards categories
  */
 
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, verifyProjectAccess } = require('./helpers');
 const { LLMPatternDetector } = require('./core/LLMPatternDetector');
 const crypto = require('crypto');
 const https = require('https');
@@ -247,13 +247,9 @@ async function githubDiscoverPatterns({ body, requestContext }) {
 
         const targetBranch = branch || 'main';
 
-        // Verify user has access to project
-        const accessResult = await executeQuery(`
-            SELECT role FROM rapport.project_collaborators
-            WHERE project_id = $1 AND email_address = $2
-        `, [project_id, email]);
-
-        if (accessResult.rowCount === 0) {
+        // Verify user has access to project (collaborator or company member)
+        const projectAccess = await verifyProjectAccess(project_id, email);
+        if (!projectAccess) {
             return createErrorResponse(403, 'Access denied to project');
         }
 

package/src/handlers/github/githubPatternsReview.js

@@ -6,7 +6,7 @@
  * Body: { project_id, approvals: [{ discovery_id, approved }] }
  */
 
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, verifyProjectAccess } = require('./helpers');
 
 async function githubPatternsReview({ body, requestContext }) {
     try {
@@ -21,13 +21,9 @@ async function githubPatternsReview({ body, requestContext }) {
             return createErrorResponse(400, 'project_id and approvals array are required');
         }
 
-        // Verify user has access to project
-        const accessResult = await executeQuery(`
-            SELECT role FROM rapport.project_collaborators
-            WHERE project_id = $1 AND email_address = $2
-        `, [project_id, email]);
-
-        if (accessResult.rowCount === 0) {
+        // Verify user has access to project (collaborator or company member)
+        const projectAccess = await verifyProjectAccess(project_id, email);
+        if (!projectAccess) {
             return createErrorResponse(403, 'Access denied to project');
         }
 

package/src/handlers/helpers/decisionFrames.js

@@ -0,0 +1,29 @@
+const { executeQuery } = require('./index');
+
+async function createFrame({ projectId, sessionId, standardIds, confidence, context }) {
+    const result = await executeQuery(`
+        INSERT INTO rapport.decision_frames (project_id, session_id, standard_ids, confidence, context)
+        VALUES ($1, $2, $3, $4, $5)
+        RETURNING frame_id, created_at
+    `, [projectId, sessionId || null, standardIds, confidence || 0, JSON.stringify(context || {})]);
+    return result.rows[0];
+}
+
+async function getFrame(frameId) {
+    const result = await executeQuery(`
+        SELECT * FROM rapport.decision_frames WHERE frame_id = $1
+    `, [frameId]);
+    return result.rows[0] || null;
+}
+
+async function getProjectFrames(projectId, limit = 20) {
+    const result = await executeQuery(`
+        SELECT * FROM rapport.decision_frames
+        WHERE project_id = $1
+        ORDER BY created_at DESC
+        LIMIT $2
+    `, [projectId, limit]);
+    return result.rows;
+}
+
+module.exports = { createFrame, getFrame, getProjectFrames };

package/src/handlers/helpers/index.js

@@ -44,6 +44,9 @@ const {
     getAddonPriceId
 } = require('./subscriptionTiers');
 const checkSuperAdmin = require('./checkSuperAdmin');
+const { verifyProjectAccess, verifyProjectRole } = require('./projectAccess');
+const { getPredictedStandards, logStandardsActivation } = require('./predictiveCache');
+const { createFrame, getFrame, getProjectFrames } = require('./decisionFrames');
 const {
     AuditEventType,
     EntityType,
@@ -112,6 +115,17 @@ module.exports = {
 
     // Authorization
     checkSuperAdmin,
+    verifyProjectAccess,
+    verifyProjectRole,
+
+    // Predictive standards caching
+    getPredictedStandards,
+    logStandardsActivation,
+
+    // Decision frames
+    createFrame,
+    getFrame,
+    getProjectFrames,
 
     // Audit logging
     AuditEventType,