@equilateral_ai/mindmeld 3.5.3 → 4.0.1

package/src/handlers/company/companyUsersPost.js

@@ -1,267 +0,0 @@
-/**
- * Company Users Invite Handler
- * Invites a user to a company by creating an entitlement and sending an invite email
- * Supports two billing modes: self_pays (invitee pays) or admin_pays (license on admin's subscription)
- *
- * POST /api/company/users
- * Body: { company_id, email, role, billing }
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, getTierConfig } = require('./helpers');
-const { SESClient, SendEmailCommand } = require('@aws-sdk/client-ses');
-const Stripe = require('stripe');
-
-const ses = new SESClient({ region: process.env.AWS_REGION || 'us-east-2' });
-const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
-
-/**
- * Invite user to company
- * Requires admin access to the company
- */
-async function inviteCompanyUser({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const callerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const { company_id, email, role, billing = 'self_pays' } = requestBody;
-
-        if (!callerEmail) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        if (!company_id || !email) {
-            return createErrorResponse(400, 'company_id and email are required');
-        }
-
-        if (!['admin_pays', 'self_pays'].includes(billing)) {
-            return createErrorResponse(400, 'billing must be admin_pays or self_pays');
-        }
-
-        // Verify caller is admin of this company
-        const adminQuery = `
-            SELECT ue.admin, ue.client_id, u.first_name, u.last_name
-            FROM rapport.user_entitlements ue
-            LEFT JOIN rapport.users u ON u.email_address = ue.email_address
-            WHERE ue.email_address = $1 AND ue.company_id = $2
-        `;
-        const adminCheck = await executeQuery(adminQuery, [callerEmail, company_id]);
-
-        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
-            return createErrorResponse(403, 'Admin access required to invite users');
-        }
-
-        const clientId = adminCheck.rows[0].client_id;
-        const inviterName = [adminCheck.rows[0].first_name, adminCheck.rows[0].last_name].filter(Boolean).join(' ') || callerEmail;
-
-        // Get client details for seat limits and Stripe info
-        const clientQuery = `
-            SELECT subscription_tier, seat_count, client_name, stripe_subscription_id, license_count
-            FROM rapport.clients WHERE client_id = $1
-        `;
-        const clientResult = await executeQuery(clientQuery, [clientId]);
-        const clientRecord = clientResult.rows[0];
-        const tierConfig = getTierConfig(clientRecord?.subscription_tier || 'free');
-        const maxCollaborators = tierConfig?.maxCollaborators;
-        const teamName = clientRecord?.client_name || 'their team';
-        const inviterTier = clientRecord?.subscription_tier || 'team';
-
-        // Check seat limits before allowing invite
-        if (maxCollaborators !== null) {
-            const countQuery = `
-                SELECT COUNT(*) as current_count
-                FROM rapport.user_entitlements WHERE company_id = $1
-            `;
-            const countResult = await executeQuery(countQuery, [company_id]);
-            const currentCount = parseInt(countResult.rows[0].current_count) || 0;
-
-            if (currentCount >= maxCollaborators) {
-                return createErrorResponse(403, `Seat limit reached (${currentCount}/${maxCollaborators}). Upgrade your plan to add more team members.`);
-            }
-        }
-
-        // For admin_pays, verify admin has an active Stripe subscription
-        if (billing === 'admin_pays' && !clientRecord?.stripe_subscription_id) {
-            return createErrorResponse(400, 'You need an active subscription to add licensed users. Subscribe first, then invite with "Add to my subscription".');
-        }
-
-        // Ensure invited user exists in users table (create pending record if not)
-        await executeQuery(`
-            INSERT INTO rapport.users (email_address, user_status, active, create_date)
-            VALUES ($1, 'Pending', true, NOW())
-            ON CONFLICT (email_address) DO NOTHING
-        `, [email]);
-
-        // Create entitlement for invited user
-        const isAdmin = role === 'admin';
-        const billingType = billing === 'admin_pays' ? 'admin_paid' : 'self_paid';
-        const insertQuery = `
-            INSERT INTO rapport.user_entitlements (
-                email_address, client_id, company_id, admin, member, billing_type
-            ) VALUES ($1, $2, $3, $4, true, $5)
-            ON CONFLICT (email_address, company_id) DO UPDATE SET
-                admin = EXCLUDED.admin,
-                member = true,
-                billing_type = EXCLUDED.billing_type
-            RETURNING email_address, admin, member, billing_type
-        `;
-        const result = await executeQuery(insertQuery, [email, clientId, company_id, isAdmin, billingType]);
-
-        // If admin_pays, update license count and Stripe subscription quantity
-        let stripeUpdated = false;
-        if (billing === 'admin_pays') {
-            // Increment license_count
-            const updateResult = await executeQuery(`
-                UPDATE rapport.clients
-                SET license_count = COALESCE(license_count, 1) + 1, last_updated = CURRENT_TIMESTAMP
-                WHERE client_id = $1
-                RETURNING license_count
-            `, [clientId]);
-            const newLicenseCount = updateResult.rows[0].license_count;
-
-            // Update Stripe subscription quantity
-            try {
-                const subscription = await stripe.subscriptions.retrieve(clientRecord.stripe_subscription_id);
-                const item = subscription.items.data[0];
-                if (item) {
-                    await stripe.subscriptions.update(clientRecord.stripe_subscription_id, {
-                        items: [{ id: item.id, quantity: newLicenseCount }],
-                        proration_behavior: 'none'
-                    });
-                    stripeUpdated = true;
-                    console.log(`[License] Updated Stripe quantity to ${newLicenseCount} for ${clientId}`);
-                }
-            } catch (stripeError) {
-                console.error('[License] Stripe update failed:', stripeError.message);
-                // Revert license_count since Stripe failed
-                await executeQuery(`
-                    UPDATE rapport.clients
-                    SET license_count = COALESCE(license_count, 2) - 1, last_updated = CURRENT_TIMESTAMP
-                    WHERE client_id = $1
-                `, [clientId]);
-                return createErrorResponse(500, 'Failed to update subscription. Please try again or contact support.');
-            }
-        }
-
-        // Send invite email
-        const appUrl = process.env.APP_URL || 'https://app.mindmeld.dev';
-        // Admin-paid users don't need to go through checkout, so no ?tier= param
-        const signupUrl = billing === 'admin_pays'
-            ? `${appUrl}/signup`
-            : `${appUrl}/signup?tier=${inviterTier}`;
-        let emailSent = false;
-
-        // Customize email message based on billing type
-        const billingNote = billing === 'admin_pays'
-            ? 'Your subscription is covered — just sign up and start using MindMeld.'
-            : 'MindMeld brings intelligent standards and patterns directly into your AI coding sessions — helping your team write better code, faster.';
-
-        const emailParams = {
-            Source: process.env.EMAIL_FROM || 'noreply@mindmeld.dev',
-            Destination: {
-                ToAddresses: [email]
-            },
-            Message: {
-                Subject: {
-                    Data: `${inviterName} invited you to join ${teamName} on MindMeld`,
-                    Charset: 'UTF-8'
-                },
-                Body: {
-                    Html: {
-                        Data: `
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="utf-8">
-    <style>
-        body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; }
-        .container { max-width: 600px; margin: 0 auto; padding: 20px; }
-        .header { text-align: center; margin-bottom: 30px; }
-        .logo { font-size: 24px; font-weight: bold; color: #2563eb; }
-        .content { background: #f8fafc; border-radius: 8px; padding: 30px; margin-bottom: 20px; }
-        .button { display: inline-block; background: #2563eb; color: white; padding: 12px 24px; border-radius: 6px; text-decoration: none; font-weight: 500; }
-        .footer { text-align: center; color: #64748b; font-size: 14px; }
-        .role-badge { display: inline-block; background: #e0e7ff; color: #3730a3; padding: 4px 12px; border-radius: 20px; font-size: 14px; }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="header">
-            <div class="logo">MindMeld</div>
-        </div>
-        <div class="content">
-            <p>Hi there,</p>
-            <p><strong>${inviterName}</strong> has invited you to join <strong>${teamName}</strong> on MindMeld.</p>
-            <p>Your role: <span class="role-badge">${isAdmin ? 'Admin' : 'Member'}</span></p>
-            <p>${billingNote}</p>
-            <p style="margin-top: 30px;">
-                <a href="${signupUrl}" class="button">Get Started</a>
-            </p>
-            <p style="margin-top: 20px; font-size: 14px; color: #64748b;">
-                Already have an account? <a href="${appUrl}" style="color: #2563eb;">Sign in</a> — your team access will be ready.
-            </p>
-        </div>
-        <div class="footer">
-            <p>MindMeld - Intelligent standards for AI coding</p>
-            <p>Powered by Equilateral AI</p>
-        </div>
-    </div>
-</body>
-</html>
-                        `,
-                        Charset: 'UTF-8'
-                    },
-                    Text: {
-                        Data: `${inviterName} has invited you to join ${teamName} on MindMeld.
-
-Your role: ${isAdmin ? 'Admin' : 'Member'}
-
-${billingNote}
-
-Get started: ${signupUrl}
-
-Already have an account? Sign in at ${appUrl} — your team access will be ready.
-
----
-MindMeld - Intelligent standards for AI coding
-Powered by Equilateral AI
-                        `,
-                        Charset: 'UTF-8'
-                    }
-                }
-            }
-        };
-
-        try {
-            await ses.send(new SendEmailCommand(emailParams));
-            emailSent = true;
-        } catch (sesError) {
-            console.error('SES Error sending invite:', sesError);
-        }
-
-        const responseRecords = result.rows.map(r => ({
-            ...r,
-            email_sent: emailSent,
-            stripe_updated: stripeUpdated
-        }));
-
-        const message = billing === 'admin_pays'
-            ? `${email} added to your subscription (license ${stripeUpdated ? 'updated' : 'pending'})`
-            : emailSent ? `Invitation sent to ${email}` : `User ${email} added to team (email delivery failed — share the link manually)`;
-
-        return createSuccessResponse(
-            { Records: responseRecords },
-            message,
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(inviteCompanyUser);

package/src/handlers/company/companyUsersPut.js

@@ -1,76 +0,0 @@
-/**
- * Company Users Update Handler
- * Updates a user's role within a company
- *
- * PUT /api/company/users
- * Body: { company_id, email, role }
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Update user role in company
- * Requires admin access to the company
- */
-async function updateCompanyUser({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const callerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const { company_id, email, role } = requestBody;
-
-        if (!callerEmail) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        if (!company_id || !email || !role) {
-            return createErrorResponse(400, 'company_id, email, and role are required');
-        }
-
-        // Verify caller is admin of this company
-        const adminQuery = `
-            SELECT admin FROM rapport.user_entitlements
-            WHERE email_address = $1 AND company_id = $2
-        `;
-        const adminCheck = await executeQuery(adminQuery, [callerEmail, company_id]);
-
-        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
-            return createErrorResponse(403, 'Admin access required to update user roles');
-        }
-
-        // Prevent self-demotion from admin
-        if (email === callerEmail && role !== 'admin') {
-            return createErrorResponse(400, 'Cannot remove your own admin role');
-        }
-
-        // Update the entitlement
-        const isAdmin = role === 'admin';
-        const updateQuery = `
-            UPDATE rapport.user_entitlements
-            SET admin = $1
-            WHERE email_address = $2 AND company_id = $3
-            RETURNING email_address, admin, member
-        `;
-        const result = await executeQuery(updateQuery, [isAdmin, email, company_id]);
-
-        if (result.rowCount === 0) {
-            return createErrorResponse(404, `User ${email} not found in this company`);
-        }
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            `User ${email} role updated to ${role}`,
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(updateCompanyUser);

package/src/handlers/context/contextGet.js

@@ -1,57 +0,0 @@
-/**
- * Context Get Handler
- * Retrieves full user context for a scope (invariants, purpose, notes, loops)
- * Used by mobile/iOS apps for session injection
- *
- * GET /api/context?scope=jarvis
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
-
-/**
- * Get user context for mobile injection
- */
-async function getContext({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        if (!email) {
-            return createErrorResponse(401, 'Unauthorized');
-        }
-
-        // Gate to super admins only (internal/beta endpoint)
-        await checkSuperAdmin.requireSuperAdmin(email);
-
-        const scope = queryParams.scope || 'jarvis';
-
-        // Use the database function for efficient retrieval
-        const query = `SELECT rapport.get_user_context($1, $2) as context`;
-        const result = await executeQuery(query, [email, scope]);
-
-        const context = result.rows[0]?.context || {
-            invariants: { agent_level: [], relationship_level: [] },
-            purpose: null,
-            recent_notes: [],
-            active_loops: []
-        };
-
-        return createSuccessResponse(
-            {
-                scope,
-                ...context
-            },
-            'Context retrieved successfully',
-            {
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getContext);

package/src/handlers/context/invariantsGet.js

@@ -1,74 +0,0 @@
-/**
- * Invariants Get Handler
- * Retrieves user invariants for a scope
- *
- * GET /api/context/invariants?scope=jarvis
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
-
-/**
- * Get user invariants
- */
-async function getInvariants({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        if (!email) {
-            return createErrorResponse(401, 'Unauthorized');
-        }
-
-        // Gate to super admins only (internal/beta endpoint)
-        await checkSuperAdmin.requireSuperAdmin(email);
-
-        const scope = queryParams.scope || 'global';
-
-        // Get agent-level invariants (global only)
-        const agentQuery = `
-            SELECT invariant_text as text, maturity, tier
-            FROM rapport.user_invariants
-            WHERE email_address = $1
-              AND scope = 'global'
-              AND level = 'agent'
-              AND archived_at IS NULL
-            ORDER BY
-                CASE tier WHEN 'critical' THEN 1 WHEN 'important' THEN 2 ELSE 3 END,
-                created_at
-        `;
-        const agentResult = await executeQuery(agentQuery, [email]);
-
-        // Get relationship-level invariants (scope-specific)
-        const relationshipQuery = `
-            SELECT invariant_text as text, maturity, tier
-            FROM rapport.user_invariants
-            WHERE email_address = $1
-              AND scope = $2
-              AND level = 'relationship'
-              AND archived_at IS NULL
-            ORDER BY
-                CASE tier WHEN 'critical' THEN 1 WHEN 'important' THEN 2 ELSE 3 END,
-                created_at
-        `;
-        const relationshipResult = await executeQuery(relationshipQuery, [email, scope]);
-
-        return createSuccessResponse(
-            {
-                scope,
-                agent_level: agentResult.rows,
-                relationship_level: relationshipResult.rows
-            },
-            `${agentResult.rowCount} agent + ${relationshipResult.rowCount} relationship invariants`,
-            {
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getInvariants);

package/src/handlers/context/loopsGet.js

@@ -1,82 +0,0 @@
-/**
- * Loops Get Handler
- * Retrieves active loops for a user
- *
- * GET /api/context/loops
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
-
-/**
- * Get active loops
- */
-async function getLoops({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        if (!email) {
-            return createErrorResponse(401, 'Unauthorized');
-        }
-
-        // Gate to super admins only (internal/beta endpoint)
-        await checkSuperAdmin.requireSuperAdmin(email);
-
-        const includeCompleted = queryParams.include_completed === 'true';
-
-        let query = `
-            SELECT
-                loop_id,
-                project_scope,
-                task_description,
-                completion_promise,
-                max_iterations,
-                current_iteration,
-                status,
-                promise_found,
-                started_at,
-                updated_at,
-                completed_at
-            FROM rapport.active_loops
-            WHERE email_address = $1
-        `;
-
-        if (!includeCompleted) {
-            query += ` AND status = 'active'`;
-        }
-
-        query += ` ORDER BY started_at DESC LIMIT 20`;
-
-        const result = await executeQuery(query, [email]);
-
-        return createSuccessResponse(
-            {
-                loops: result.rows.map(row => ({
-                    id: row.loop_id,
-                    scope: row.project_scope,
-                    task: row.task_description,
-                    promise: row.completion_promise,
-                    iteration: row.current_iteration,
-                    max_iterations: row.max_iterations,
-                    status: row.status,
-                    promise_found: row.promise_found,
-                    started_at: row.started_at,
-                    updated_at: row.updated_at,
-                    completed_at: row.completed_at
-                })),
-                count: result.rowCount
-            },
-            `${result.rowCount} loops`,
-            {
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getLoops);

package/src/handlers/context/notesCreate.js

@@ -1,74 +0,0 @@
-/**
- * Notes Create Handler
- * Creates a new context note from mobile/iOS
- *
- * POST /api/context/notes
- * Body: { content: "...", scope: "jarvis", tags: ["mobile"] }
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSuperAdmin } = require('./helpers');
-
-/**
- * Create context note
- */
-async function createNote({ body, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        if (!email) {
-            return createErrorResponse(401, 'Unauthorized');
-        }
-
-        // Gate to super admins only (internal/beta endpoint)
-        await checkSuperAdmin.requireSuperAdmin(email);
-
-        const data = typeof body === 'string' ? JSON.parse(body) : body;
-
-        if (!data.content || data.content.trim() === '') {
-            return createErrorResponse(400, 'Content is required');
-        }
-
-        const scope = data.scope || 'global';
-        const tags = data.tags || [];
-        const source = data.source || 'mobile';
-        const metadata = data.metadata || {};
-
-        const query = `
-            INSERT INTO rapport.context_notes
-                (email_address, scope, content, tags, source, metadata)
-            VALUES ($1, $2, $3, $4, $5, $6)
-            RETURNING note_id, created_at
-        `;
-
-        const result = await executeQuery(query, [
-            email,
-            scope,
-            data.content.trim(),
-            JSON.stringify(tags),
-            source,
-            JSON.stringify(metadata)
-        ]);
-
-        const note = result.rows[0];
-
-        return createSuccessResponse(
-            {
-                note_id: note.note_id,
-                scope,
-                created_at: note.created_at
-            },
-            `Note created: ${note.note_id}`,
-            {
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(createNote);