@equilateral_ai/mindmeld 3.5.3 → 4.0.1

package/src/handlers/enterprise/controlTowerGet.js

@@ -1,224 +0,0 @@
-/**
- * Control Tower Handler
- * Unified org health dashboard for enterprise tier
- *
- * GET /api/enterprise/control-tower
- * Auth: Cognito JWT required, Enterprise tier
- *
- * Aggregates cross-project health metrics:
- * - Organization health score
- * - Standards compliance across projects
- * - Risk indicators (stale devs, violations, coverage gaps)
- * - Governance activity (audit events, knowledge items)
- * - Project-level breakdown
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
-
-async function getControlTower({ requestContext, queryStringParameters }) {
-    const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-    if (!email) {
-        return createErrorResponse(401, 'Authentication required');
-    }
-
-    // Verify enterprise admin/manager access
-    const accessCheck = await executeQuery(`
-        SELECT ue.company_id, ue.admin, ue.manager, c.subscription_tier, co.company_name
-        FROM rapport.user_entitlements ue
-        JOIN rapport.clients c ON ue.client_id = c.client_id
-        JOIN rapport.companies co ON ue.company_id = co.company_id
-        WHERE ue.email_address = $1
-        AND (ue.admin = true OR ue.manager = true)
-        LIMIT 1
-    `, [email]);
-
-    if (accessCheck.rows.length === 0) {
-        return createErrorResponse(403, 'Admin or Manager access required for Control Tower');
-    }
-
-    const { company_id: companyId, company_name: companyName } = accessCheck.rows[0];
-    const periodDays = 30;
-    const periodStart = new Date();
-    periodStart.setDate(periodStart.getDate() - periodDays);
-
-    // 1. Team health metrics
-    let teamHealth = { total: 0, active: 0, stale: 0, very_stale: 0, no_sessions: 0 };
-    try {
-        const teamResult = await executeQuery(`
-            SELECT
-                COUNT(DISTINCT ue.email_address) as total,
-                COUNT(DISTINCT CASE WHEN mda.sessions_last_30d > 0 AND mda.commits_last_30d > 0 THEN ue.email_address END) as active,
-                COUNT(DISTINCT CASE WHEN mda.days_since_last_commit BETWEEN 8 AND 14 THEN ue.email_address END) as stale,
-                COUNT(DISTINCT CASE WHEN mda.days_since_last_commit > 14 THEN ue.email_address END) as very_stale,
-                COUNT(DISTINCT CASE WHEN mda.sessions_last_30d = 0 OR mda.sessions_last_30d IS NULL THEN ue.email_address END) as no_sessions
-            FROM rapport.user_entitlements ue
-            LEFT JOIN rapport.mv_developer_activity mda ON ue.email_address = mda.email_address
-            WHERE ue.company_id = $1
-        `, [companyId]);
-        if (teamResult.rows[0]) {
-            teamHealth = {
-                total: parseInt(teamResult.rows[0].total) || 0,
-                active: parseInt(teamResult.rows[0].active) || 0,
-                stale: parseInt(teamResult.rows[0].stale) || 0,
-                very_stale: parseInt(teamResult.rows[0].very_stale) || 0,
-                no_sessions: parseInt(teamResult.rows[0].no_sessions) || 0
-            };
-        }
-    } catch (e) {
-        console.log('[ControlTower] Team health query failed:', e.message);
-    }
-
-    // 2. Project coverage
-    let projects = [];
-    try {
-        const projectResult = await executeQuery(`
-            SELECT
-                p.project_id,
-                p.project_name,
-                p.repo_url,
-                COUNT(DISTINCT s.session_id) as sessions_30d,
-                COUNT(DISTINCT ss.standard_id) as standards_used,
-                MAX(s.started_at) as last_session
-            FROM rapport.projects p
-            LEFT JOIN rapport.sessions s ON p.project_id = s.project_id AND s.started_at >= $2
-            LEFT JOIN rapport.session_standards ss ON s.session_id = ss.session_id AND ss.created_at >= $2
-            WHERE p.company_id = $1
-            GROUP BY p.project_id, p.project_name, p.repo_url
-            ORDER BY sessions_30d DESC
-        `, [companyId, periodStart]);
-        projects = projectResult.rows.map(row => ({
-            project_id: row.project_id,
-            project_name: row.project_name,
-            repo_connected: !!row.repo_url,
-            sessions_30d: parseInt(row.sessions_30d) || 0,
-            standards_used: parseInt(row.standards_used) || 0,
-            last_session: row.last_session,
-            status: parseInt(row.sessions_30d) > 0 ? 'active' : 'inactive'
-        }));
-    } catch (e) {
-        console.log('[ControlTower] Projects query failed:', e.message);
-    }
-
-    // 3. Standards coverage (how many unique standards used across org)
-    let standardsCoverage = { total_injections: 0, unique_standards: 0, sessions_with_standards: 0 };
-    try {
-        const stdResult = await executeQuery(`
-            SELECT
-                COUNT(*) as total_injections,
-                COUNT(DISTINCT ss.standard_id) as unique_standards,
-                COUNT(DISTINCT ss.session_id) as sessions_with_standards
-            FROM rapport.session_standards ss
-            JOIN rapport.sessions s ON ss.session_id = s.session_id
-            JOIN rapport.projects p ON s.project_id = p.project_id
-            WHERE p.company_id = $1
-            AND ss.created_at >= $2
-        `, [companyId, periodStart]);
-        if (stdResult.rows[0]) {
-            standardsCoverage = {
-                total_injections: parseInt(stdResult.rows[0].total_injections) || 0,
-                unique_standards: parseInt(stdResult.rows[0].unique_standards) || 0,
-                sessions_with_standards: parseInt(stdResult.rows[0].sessions_with_standards) || 0
-            };
-        }
-    } catch (e) {
-        console.log('[ControlTower] Standards coverage query failed:', e.message);
-    }
-
-    // 4. Governance activity (audit events, knowledge items)
-    let governance = { audit_events_30d: 0, knowledge_items: 0, published_knowledge: 0 };
-    try {
-        const auditResult = await executeQuery(`
-            SELECT COUNT(*) as count
-            FROM rapport.unified_audit_log
-            WHERE client_id = (
-                SELECT client_id FROM rapport.user_entitlements WHERE company_id = $1 LIMIT 1
-            )
-            AND created_at >= $2
-        `, [companyId, periodStart]);
-        governance.audit_events_30d = parseInt(auditResult.rows[0]?.count) || 0;
-    } catch (e) {
-        console.log('[ControlTower] Audit events query failed:', e.message);
-    }
-
-    try {
-        const knowledgeResult = await executeQuery(`
-            SELECT
-                COUNT(*) as total,
-                COUNT(CASE WHEN status = 'published' THEN 1 END) as published
-            FROM rapport.curated_knowledge
-            WHERE client_id = (
-                SELECT client_id FROM rapport.user_entitlements WHERE company_id = $1 LIMIT 1
-            )
-        `, [companyId]);
-        governance.knowledge_items = parseInt(knowledgeResult.rows[0]?.total) || 0;
-        governance.published_knowledge = parseInt(knowledgeResult.rows[0]?.published) || 0;
-    } catch (e) {
-        console.log('[ControlTower] Knowledge query failed:', e.message);
-    }
-
-    // 5. Risk indicators
-    const risks = [];
-    if (teamHealth.very_stale > 0) {
-        risks.push({
-            severity: 'high',
-            category: 'team',
-            message: `${teamHealth.very_stale} developer${teamHealth.very_stale > 1 ? 's' : ''} inactive for 14+ days`
-        });
-    }
-    if (teamHealth.no_sessions > teamHealth.total * 0.3 && teamHealth.total > 1) {
-        risks.push({
-            severity: 'medium',
-            category: 'adoption',
-            message: `${teamHealth.no_sessions} of ${teamHealth.total} developers have no AI sessions in 30 days`
-        });
-    }
-    const projectsWithoutStandards = projects.filter(p => p.sessions_30d > 0 && p.standards_used === 0);
-    if (projectsWithoutStandards.length > 0) {
-        risks.push({
-            severity: 'medium',
-            category: 'coverage',
-            message: `${projectsWithoutStandards.length} active project${projectsWithoutStandards.length > 1 ? 's' : ''} with no standards injection`
-        });
-    }
-    const inactiveProjects = projects.filter(p => p.status === 'inactive');
-    if (inactiveProjects.length > projects.length * 0.5 && projects.length > 1) {
-        risks.push({
-            severity: 'low',
-            category: 'projects',
-            message: `${inactiveProjects.length} of ${projects.length} projects had no sessions in 30 days`
-        });
-    }
-
-    // 6. Calculate org health score (0-100)
-    let healthScore = 50; // baseline
-    if (teamHealth.total > 0) {
-        const activeRate = teamHealth.active / teamHealth.total;
-        healthScore = Math.round(activeRate * 40); // up to 40 points for team activity
-    }
-    if (projects.length > 0) {
-        const coveredProjects = projects.filter(p => p.sessions_30d > 0).length;
-        healthScore += Math.round((coveredProjects / projects.length) * 30); // up to 30 for project coverage
-    }
-    if (standardsCoverage.unique_standards > 0) {
-        healthScore += Math.min(standardsCoverage.unique_standards * 2, 20); // up to 20 for standards breadth
-    }
-    if (governance.published_knowledge > 0) {
-        healthScore += Math.min(governance.published_knowledge, 10); // up to 10 for knowledge curation
-    }
-    healthScore = Math.min(healthScore, 100);
-
-    return createSuccessResponse({
-        company_name: companyName,
-        health_score: healthScore,
-        team: teamHealth,
-        projects,
-        standards_coverage: standardsCoverage,
-        governance,
-        risks,
-        period_days: periodDays,
-        period_start: periodStart.toISOString()
-    }, 'Control Tower data retrieved');
-}
-
-exports.handler = wrapHandler(getControlTower);

package/src/handlers/enterprise/enterpriseAuditGet.js

@@ -1,108 +0,0 @@
-/**
- * Enterprise Audit Log Get Handler
- *
- * GET /api/enterprise/audit?page=&pageSize=&action=&resourceType=&startDate=&endDate=
- * Returns: { Records: AuditLogEntry[] } + meta { Total_Records, Page, Page_Size, Request_ID, Timestamp }
- * Auth: Cognito JWT required, enterprise tier only
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-async function getEnterpriseAudit({ queryStringParameters, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        // Look up client_id and verify enterprise tier
-        const userResult = await executeQuery(
-            `SELECT u.client_id, c.subscription_tier
-             FROM rapport.users u
-             JOIN rapport.clients c ON c.client_id = u.client_id
-             WHERE u.email_address = $1 LIMIT 1`,
-            [email]
-        );
-        if (!userResult.rows.length) {
-            return createErrorResponse(403, 'User not found');
-        }
-        if (userResult.rows[0].subscription_tier !== 'enterprise') {
-            return createErrorResponse(403, 'Enterprise subscription required');
-        }
-        const clientId = userResult.rows[0].client_id;
-
-        const params = queryStringParameters || {};
-        const page = Math.max(1, parseInt(params.page) || 1);
-        const pageSize = Math.min(100, Math.max(1, parseInt(params.pageSize) || 20));
-        const offset = (page - 1) * pageSize;
-
-        // Build WHERE clause
-        const conditions = ['client_id = $1'];
-        const values = [clientId];
-        let paramIndex = 2;
-
-        if (params.action) {
-            conditions.push(`event_type = $${paramIndex}`);
-            values.push(params.action);
-            paramIndex++;
-        }
-
-        if (params.resourceType) {
-            conditions.push(`entity_type = $${paramIndex}`);
-            values.push(params.resourceType);
-            paramIndex++;
-        }
-
-        if (params.startDate) {
-            conditions.push(`created_at >= $${paramIndex}`);
-            values.push(params.startDate);
-            paramIndex++;
-        }
-
-        if (params.endDate) {
-            conditions.push(`created_at <= $${paramIndex}`);
-            values.push(params.endDate);
-            paramIndex++;
-        }
-
-        const whereClause = conditions.join(' AND ');
-
-        // Get total count
-        const countResult = await executeQuery(
-            `SELECT COUNT(*) as total FROM rapport.unified_audit_log WHERE ${whereClause}`,
-            values
-        );
-        const total = parseInt(countResult.rows[0].total);
-
-        // Get paginated records, mapping columns to frontend AuditLogEntry type
-        const dataResult = await executeQuery(
-            `SELECT
-                audit_id,
-                client_id,
-                actor_email,
-                event_type as action,
-                entity_type as resource_type,
-                entity_id as resource_id,
-                before_state as old_value,
-                after_state as new_value,
-                created_at
-            FROM rapport.unified_audit_log
-            WHERE ${whereClause}
-            ORDER BY created_at DESC
-            LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`,
-            [...values, pageSize, offset]
-        );
-
-        return createSuccessResponse(
-            { Records: dataResult.rows },
-            'Audit log retrieved',
-            { Total_Records: total, Page: page, Page_Size: pageSize, Request_ID, Timestamp: new Date().toISOString() }
-        );
-
-    } catch (error) {
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getEnterpriseAudit);

package/src/handlers/enterprise/enterpriseContributorsGet.js

@@ -1,85 +0,0 @@
-/**
- * Enterprise Contributors Get Handler
- *
- * GET /api/enterprise/contributors?period=
- * Returns: { Records: [contributor stats] } + meta
- * Auth: Cognito JWT required, enterprise tier only
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-async function getEnterpriseContributors({ queryStringParameters, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        const userResult = await executeQuery(
-            `SELECT u.client_id, c.subscription_tier
-             FROM rapport.users u
-             JOIN rapport.clients c ON c.client_id = u.client_id
-             WHERE u.email_address = $1 LIMIT 1`,
-            [email]
-        );
-        if (!userResult.rows.length) {
-            return createErrorResponse(403, 'User not found');
-        }
-        if (userResult.rows[0].subscription_tier !== 'enterprise') {
-            return createErrorResponse(403, 'Enterprise subscription required');
-        }
-        const clientId = userResult.rows[0].client_id;
-
-        const params = queryStringParameters || {};
-        const period = params.period || '30d';
-
-        // Calculate date filter
-        let intervalDays;
-        switch (period) {
-            case '7d': intervalDays = 7; break;
-            case '90d': intervalDays = 90; break;
-            case '30d':
-            default: intervalDays = 30; break;
-        }
-
-        // Aggregate contributions across audit trail and knowledge curation
-        const result = await executeQuery(
-            `WITH audit_activity AS (
-                SELECT
-                    actor_email as contributor_email,
-                    COUNT(*) FILTER (WHERE event_type = 'DATA_CREATE' AND entity_type = 'STANDARD') as discoveries,
-                    COUNT(*) FILTER (WHERE event_type = 'DATA_UPDATE' AND entity_type = 'STANDARD') as refinements,
-                    COUNT(*) FILTER (WHERE event_type = 'DATA_UPDATE' AND entity_type = 'STANDARD'
-                        AND (after_state->>'status') = 'approved') as verifications,
-                    COUNT(*) FILTER (WHERE event_type = 'DATA_CREATE' AND entity_type = 'KNOWLEDGE') as curations
-                FROM rapport.unified_audit_log
-                WHERE client_id = $1
-                    AND created_at >= NOW() - ($2 || ' days')::interval
-                    AND actor_email IS NOT NULL
-                GROUP BY actor_email
-            )
-            SELECT
-                contributor_email,
-                COALESCE(discoveries, 0) as discoveries,
-                COALESCE(refinements, 0) as refinements,
-                COALESCE(verifications, 0) as verifications,
-                COALESCE(curations, 0) as curations,
-                COALESCE(discoveries * 3 + refinements * 2 + verifications * 2 + curations * 4, 0) as total_weight
-            FROM audit_activity
-            ORDER BY total_weight DESC`,
-            [clientId, String(intervalDays)]
-        );
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            'Contributors retrieved',
-            { Total_Records: result.rowCount, Request_ID, Timestamp: new Date().toISOString() }
-        );
-
-    } catch (error) {
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getEnterpriseContributors);

package/src/handlers/enterprise/enterpriseKnowledgeCategoriesGet.js

@@ -1,53 +0,0 @@
-/**
- * Enterprise Knowledge Categories Get Handler
- *
- * GET /api/enterprise/knowledge/categories
- * Returns: { Records: [{ category_id, name, description }] } + meta
- * Auth: Cognito JWT required, enterprise tier only
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-async function getEnterpriseKnowledgeCategories({ requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        const userResult = await executeQuery(
-            `SELECT u.client_id, c.subscription_tier
-             FROM rapport.users u
-             JOIN rapport.clients c ON c.client_id = u.client_id
-             WHERE u.email_address = $1 LIMIT 1`,
-            [email]
-        );
-        if (!userResult.rows.length) {
-            return createErrorResponse(403, 'User not found');
-        }
-        if (userResult.rows[0].subscription_tier !== 'enterprise') {
-            return createErrorResponse(403, 'Enterprise subscription required');
-        }
-        const clientId = userResult.rows[0].client_id;
-
-        const result = await executeQuery(
-            `SELECT category_id, name, description
-            FROM rapport.knowledge_categories
-            WHERE client_id = $1
-            ORDER BY name`,
-            [clientId]
-        );
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            'Categories retrieved',
-            { Total_Records: result.rowCount, Request_ID, Timestamp: new Date().toISOString() }
-        );
-
-    } catch (error) {
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getEnterpriseKnowledgeCategories);

package/src/handlers/enterprise/enterpriseKnowledgeCreate.js

@@ -1,77 +0,0 @@
-/**
- * Enterprise Knowledge Create Handler
- *
- * POST /api/enterprise/knowledge
- * Body: { title, content, category?, tags?, invariant_id? }
- * Returns: { Records: [CuratedKnowledge] } + meta
- * Auth: Cognito JWT required, enterprise tier only
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, logModificationEvent, AuditEventType, EntityType } = require('./helpers');
-
-async function createEnterpriseKnowledge({ body, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        const userResult = await executeQuery(
-            `SELECT u.client_id, c.subscription_tier
-             FROM rapport.users u
-             JOIN rapport.clients c ON c.client_id = u.client_id
-             WHERE u.email_address = $1 LIMIT 1`,
-            [email]
-        );
-        if (!userResult.rows.length) {
-            return createErrorResponse(403, 'User not found');
-        }
-        if (userResult.rows[0].subscription_tier !== 'enterprise') {
-            return createErrorResponse(403, 'Enterprise subscription required');
-        }
-        const clientId = userResult.rows[0].client_id;
-
-        const requestBody = body || {};
-        const { title, content, category, tags, invariant_id } = requestBody;
-
-        if (!title || !content) {
-            return createErrorResponse(400, 'title and content are required');
-        }
-
-        const result = await executeQuery(
-            `INSERT INTO rapport.curated_knowledge
-                (client_id, invariant_id, title, content, category, tags, curator_email, status)
-            VALUES ($1, $2, $3, $4, $5, $6, $7, 'draft')
-            RETURNING *`,
-            [
-                clientId,
-                invariant_id || null,
-                title,
-                content,
-                category || null,
-                tags || [],
-                email,
-            ]
-        );
-
-        const created = result.rows[0];
-
-        await logModificationEvent(AuditEventType.DATA_CREATE, EntityType.KNOWLEDGE, String(created.knowledge_id), {
-            requestContext,
-            client_id: clientId,
-            after_state: { title, category, status: 'draft' },
-        });
-
-        return createSuccessResponse(
-            { Records: [created] },
-            'Knowledge item created',
-            { Total_Records: 1, Request_ID, Timestamp: new Date().toISOString() }
-        );
-
-    } catch (error) {
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(createEnterpriseKnowledge);

package/src/handlers/enterprise/enterpriseKnowledgeDelete.js

@@ -1,71 +0,0 @@
-/**
- * Enterprise Knowledge Delete Handler
- *
- * DELETE /api/enterprise/knowledge?knowledge_id=xxx
- * Returns: { Records: [] } + meta
- * Auth: Cognito JWT required, enterprise tier only
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, logModificationEvent, AuditEventType, EntityType } = require('./helpers');
-
-async function deleteEnterpriseKnowledge({ queryStringParameters, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        const userResult = await executeQuery(
-            `SELECT u.client_id, c.subscription_tier
-             FROM rapport.users u
-             JOIN rapport.clients c ON c.client_id = u.client_id
-             WHERE u.email_address = $1 LIMIT 1`,
-            [email]
-        );
-        if (!userResult.rows.length) {
-            return createErrorResponse(403, 'User not found');
-        }
-        if (userResult.rows[0].subscription_tier !== 'enterprise') {
-            return createErrorResponse(403, 'Enterprise subscription required');
-        }
-        const clientId = userResult.rows[0].client_id;
-
-        const knowledgeId = (queryStringParameters || {}).knowledge_id;
-        if (!knowledgeId) {
-            return createErrorResponse(400, 'knowledge_id is required');
-        }
-
-        // Fetch current state for audit trail
-        const current = await executeQuery(
-            'SELECT * FROM rapport.curated_knowledge WHERE knowledge_id = $1 AND client_id = $2',
-            [knowledgeId, clientId]
-        );
-        if (!current.rows.length) {
-            return createErrorResponse(404, 'Knowledge item not found');
-        }
-        const beforeState = current.rows[0];
-
-        await executeQuery(
-            'DELETE FROM rapport.curated_knowledge WHERE knowledge_id = $1 AND client_id = $2',
-            [knowledgeId, clientId]
-        );
-
-        await logModificationEvent(AuditEventType.DATA_DELETE, EntityType.KNOWLEDGE, String(knowledgeId), {
-            requestContext,
-            client_id: clientId,
-            before_state: { title: beforeState.title, status: beforeState.status },
-        });
-
-        return createSuccessResponse(
-            { Records: [] },
-            'Knowledge item deleted',
-            { Total_Records: 0, Request_ID, Timestamp: new Date().toISOString() }
-        );
-
-    } catch (error) {
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(deleteEnterpriseKnowledge);