@equilateral_ai/mindmeld 3.5.3 → 4.0.1

package/src/handlers/patterns/patternViolationPost.js

@@ -1,185 +0,0 @@
-/**
- * Pattern Violation Handler
- * Records standards violations detected during Claude Code sessions
- *
- * POST /api/patterns/violations
- * Body: { pattern, violations[], session_id, user_id, project_id, timestamp }
- *
- * Called by: pre-compact.js hook (recordViolation method)
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Record pattern violation
- * Stores violation for compliance tracking and team learning
- */
-async function recordPatternViolation({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext?.requestId || 'unknown';
-
-        const {
-            pattern,
-            violations = [],
-            session_id,
-            user_id,
-            project_id,
-            timestamp
-        } = requestBody;
-
-        // Validate required fields
-        if (!pattern || !pattern.element) {
-            return createErrorResponse(400, 'pattern.element is required');
-        }
-
-        if (!violations || violations.length === 0) {
-            return createErrorResponse(400, 'violations array is required');
-        }
-
-        if (!session_id) {
-            return createErrorResponse(400, 'session_id is required');
-        }
-
-        // Generate pattern_id from element if not provided
-        const patternId = pattern.pattern_id || `pat_${pattern.element.toLowerCase().replace(/\s+/g, '_').substring(0, 50)}`;
-
-        // If no project_id, we can't create a pattern record (FK constraint)
-        // Return success anyway - hooks should not fail
-        if (!project_id) {
-            console.log('[patternViolationPost] No project_id provided, skipping violation record');
-            return createSuccessResponse(
-                {
-                    Records: [{
-                        pattern_id: patternId,
-                        violation_count: violations.length,
-                        recorded: false,
-                        reason: 'no_project_id',
-                        message: 'Violation logged but not recorded (no project context)'
-                    }]
-                },
-                'Violation acknowledged (no project context)',
-                {
-                    Total_Records: 0,
-                    Request_ID,
-                    Timestamp: new Date().toISOString()
-                }
-            );
-        }
-
-        // Ensure the pattern exists (upsert with violation count)
-        const upsertPatternQuery = `
-            INSERT INTO rapport.patterns (
-                pattern_id,
-                project_id,
-                intent,
-                constraints,
-                outcome_criteria,
-                maturity,
-                handoff_count,
-                successful_handoffs,
-                failed_handoffs,
-                discovered_by,
-                discovered_at,
-                last_used,
-                pattern_data
-            ) VALUES (
-                $1, $2, $3, $4, $5, 'provisional', 1, 0, 1, $6, NOW(), NOW(), $7
-            )
-            ON CONFLICT (pattern_id) DO UPDATE SET
-                handoff_count = rapport.patterns.handoff_count + 1,
-                failed_handoffs = rapport.patterns.failed_handoffs + 1,
-                last_used = NOW()
-            RETURNING pattern_id
-        `;
-
-        await executeQuery(upsertPatternQuery, [
-            patternId,
-            project_id || null,
-            pattern.intent || pattern.element,
-            JSON.stringify(pattern.constraints || []),
-            JSON.stringify(pattern.outcome_criteria || []),
-            user_id || 'anonymous',
-            JSON.stringify({
-                type: pattern.type,
-                category: pattern.category,
-                file: pattern.file
-            })
-        ]);
-
-        // Record each violation
-        const violationRecords = [];
-        for (const violation of violations) {
-            const violationQuery = `
-                INSERT INTO rapport.pattern_usage (
-                    pattern_id,
-                    email_address,
-                    session_id,
-                    success,
-                    context,
-                    used_at
-                ) VALUES (
-                    $1, $2, $3, false, $4, $5
-                )
-                RETURNING usage_id
-            `;
-
-            const result = await executeQuery(violationQuery, [
-                patternId,
-                user_id || 'anonymous',
-                session_id,
-                JSON.stringify({
-                    violation: true,
-                    standard_id: violation.standard_id,
-                    rule: violation.rule,
-                    description: violation.description,
-                    file: pattern.file,
-                    category: pattern.category
-                }),
-                timestamp ? new Date(timestamp) : new Date()
-            ]);
-
-            violationRecords.push({
-                usage_id: result.rows[0]?.usage_id,
-                standard_id: violation.standard_id,
-                rule: violation.rule
-            });
-        }
-
-        // Also record in session_standards if tracking standards shown
-        // Update to mark standard as violated
-        const updateStandardsQuery = `
-            UPDATE rapport.session_standards
-            SET violated = true
-            WHERE session_id = $1
-                AND pattern_id = ANY($2::varchar[])
-        `;
-
-        const standardIds = violations.map(v => v.standard_id).filter(Boolean);
-        if (standardIds.length > 0) {
-            await executeQuery(updateStandardsQuery, [session_id, standardIds]);
-        }
-
-        return createSuccessResponse(
-            {
-                Records: [{
-                    pattern_id: patternId,
-                    violation_count: violationRecords.length,
-                    violations: violationRecords,
-                    recorded: true
-                }]
-            },
-            `Recorded ${violationRecords.length} violation(s)`,
-            {
-                Total_Records: violationRecords.length,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(recordPatternViolation);

package/src/handlers/projects/projectCreate.js

@@ -1,248 +0,0 @@
-/**
- * Project Create Handler
- * Creates new project for a company
- *
- * POST /api/projects
- * Body: { Company_ID, project_name, description, private }
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, checkSubscriptionLimits } = require('./helpers');
-const crypto = require('crypto');
-const https = require('https');
-
-/**
- * Create project
- * Requires Admin access to company
- */
-async function createProject({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        // REST API: requestContext.authorizer.claims.email
-        // HTTP API: requestContext.authorizer.jwt.claims.email
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const { Company_ID, project_name, description, private: isPrivate, repo_url } = requestBody;
-
-        // Validate required fields
-        if (!Company_ID || !project_name) {
-            return createErrorResponse(400, 'Company_ID and project_name are required');
-        }
-
-        // Check user has admin access to company
-        const adminQuery = `
-            SELECT ue.admin, c.company_name
-            FROM rapport.user_entitlements ue
-            JOIN rapport.companies c ON ue.company_id = c.company_id
-            WHERE ue.email_address = $1
-            AND ue.company_id = $2
-        `;
-        const adminCheck = await executeQuery(adminQuery, [email, Company_ID]);
-
-        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
-            return createErrorResponse(403, 'Admin access required to create projects');
-        }
-
-        // Check project limit for subscription tier
-        const clientQuery = `
-            SELECT c.subscription_tier
-            FROM rapport.clients c
-            JOIN rapport.user_entitlements ue ON c.client_id = ue.client_id
-            WHERE ue.email_address = $1 AND ue.company_id = $2
-        `;
-        const clientResult = await executeQuery(clientQuery, [email, Company_ID]);
-        const subscriptionTier = clientResult.rows[0]?.subscription_tier || 'free';
-
-        const countQuery = `
-            SELECT COUNT(*) as project_count
-            FROM rapport.projects
-            WHERE company_id = $1
-        `;
-        const countResult = await executeQuery(countQuery, [Company_ID]);
-        const projectCount = parseInt(countResult.rows[0]?.project_count || '0');
-
-        const limitCheck = checkSubscriptionLimits(
-            { subscription_tier: subscriptionTier },
-            'create_project',
-            { projects: projectCount }
-        );
-        if (!limitCheck.allowed) {
-            return createErrorResponse(402, limitCheck.message);
-        }
-
-        // Generate business-scoped project ID
-        // Format: prj_COMPANYID_timestamp
-        const timestamp = Date.now();
-        const project_id = `prj_${Company_ID}_${timestamp}`.toLowerCase().replace(/\s/g, '_');
-
-        // Create project
-        const query = `
-            INSERT INTO rapport.projects (
-                project_id,
-                company_id,
-                project_name,
-                description,
-                private,
-                repo_url
-            )
-            VALUES ($1, $2, $3, $4, $5, $6)
-            RETURNING
-                project_id,
-                company_id,
-                project_name,
-                description,
-                private,
-                repo_url,
-                created_at
-        `;
-
-        const result = await executeQuery(query, [
-            project_id,
-            Company_ID,
-            project_name,
-            description || null,
-            isPrivate || false,
-            repo_url || null
-        ]);
-
-        // Add creator as owner
-        const collabQuery = `
-            INSERT INTO rapport.project_collaborators (
-                project_id,
-                email_address,
-                role
-            )
-            VALUES ($1, $2, 'owner')
-        `;
-        await executeQuery(collabQuery, [project_id, email]);
-
-        // Auto-create GitHub webhook if repo_url is a GitHub URL
-        let webhookCreated = false;
-        if (repo_url && repo_url.includes('github.com')) {
-            try {
-                webhookCreated = await createGitHubWebhook(email, repo_url, Company_ID);
-            } catch (webhookErr) {
-                console.warn('Webhook creation failed (non-blocking):', webhookErr.message);
-            }
-        }
-
-        return createSuccessResponse(
-            { Records: result.rows, webhook_created: webhookCreated },
-            'Project created successfully',
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        if (error.code === '23505') {
-            return createErrorResponse(409, 'Project already exists');
-        }
-        return handleError(error);
-    }
-}
-
-/**
- * Create GitHub webhook on a repo when a project is connected
- * Uses the customer's stored GitHub OAuth token and a per-repo secret
- */
-async function createGitHubWebhook(email, repoUrl, companyId) {
-    // Extract owner/repo from URL
-    const match = repoUrl.match(/github\.com[/:]([^/]+)\/([^/.]+)/);
-    if (!match) {
-        console.log('Could not parse GitHub owner/repo from:', repoUrl);
-        return false;
-    }
-    const [, owner, repo] = match;
-
-    // Get the user's GitHub token
-    const connResult = await executeQuery(`
-        SELECT access_token_encrypted FROM rapport.github_connections
-        WHERE email_address = $1 AND revoked = FALSE
-    `, [email]);
-
-    if (connResult.rowCount === 0) {
-        console.log('No GitHub connection for', email);
-        return false;
-    }
-
-    const encryptionKey = process.env.GITHUB_TOKEN_ENCRYPTION_KEY;
-    if (!encryptionKey) return false;
-
-    const accessToken = decryptToken(connResult.rows[0].access_token_encrypted, encryptionKey);
-
-    // Generate per-repo webhook secret
-    const webhookSecret = crypto.randomBytes(32).toString('hex');
-    const webhookUrl = process.env.WEBHOOK_URL || 'https://api.mindmeld.dev/api/webhooks/github';
-
-    // Create webhook via GitHub API
-    const payload = JSON.stringify({
-        name: 'web',
-        active: true,
-        events: ['push', 'pull_request'],
-        config: {
-            url: webhookUrl,
-            content_type: 'json',
-            secret: webhookSecret,
-            insecure_ssl: '0'
-        }
-    });
-
-    const response = await new Promise((resolve, reject) => {
-        const req = https.request({
-            hostname: 'api.github.com',
-            path: `/repos/${owner}/${repo}/hooks`,
-            method: 'POST',
-            headers: {
-                'Authorization': `Bearer ${accessToken}`,
-                'User-Agent': 'MindMeld-App',
-                'Accept': 'application/vnd.github+json',
-                'Content-Type': 'application/json',
-                'Content-Length': Buffer.byteLength(payload)
-            }
-        }, (res) => {
-            let data = '';
-            res.on('data', chunk => data += chunk);
-            res.on('end', () => {
-                try { resolve({ statusCode: res.statusCode, body: JSON.parse(data) }); }
-                catch (e) { resolve({ statusCode: res.statusCode, body: data }); }
-            });
-        });
-        req.on('error', reject);
-        req.write(payload);
-        req.end();
-    });
-
-    if (response.statusCode !== 201) {
-        console.warn(`GitHub webhook creation returned ${response.statusCode}:`, JSON.stringify(response.body).substring(0, 200));
-        return false;
-    }
-
-    const githubWebhookId = response.body.id;
-
-    // Register repo in git_repositories with per-repo webhook secret
-    // Unique constraint is on (company_id, repo_url)
-    await executeQuery(`
-        INSERT INTO rapport.git_repositories (
-            repo_id, repo_name, repo_url, company_id, webhook_secret, created_at, updated_at
-        ) VALUES (gen_random_uuid(), $1, $2, $3, $4, NOW(), NOW())
-        ON CONFLICT (company_id, repo_url) DO UPDATE SET
-            webhook_secret = EXCLUDED.webhook_secret,
-            updated_at = NOW()
-    `, [`${owner}/${repo}`, repoUrl, companyId, webhookSecret]);
-
-    console.log(`Created GitHub webhook ${githubWebhookId} on ${owner}/${repo}`);
-    return true;
-}
-
-function decryptToken(encryptedData, key) {
-    const [ivHex, encrypted] = encryptedData.split(':');
-    const iv = Buffer.from(ivHex, 'hex');
-    const decipher = crypto.createDecipheriv('aes-256-cbc', Buffer.from(key, 'hex'), iv);
-    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
-    decrypted += decipher.final('utf8');
-    return decrypted;
-}
-
-exports.handler = wrapHandler(createProject);

package/src/handlers/projects/projectDelete.js

@@ -1,82 +0,0 @@
-/**
- * Project Delete Handler
- * Archives (soft deletes) a project
- *
- * DELETE /api/projects?project_id=xxx
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Archive project (soft delete)
- * Requires owner role or company admin
- */
-async function deleteProject({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        // REST API: requestContext.authorizer.claims.email
-        // HTTP API: requestContext.authorizer.jwt.claims.email
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const projectId = queryParams.project_id;
-
-        if (!projectId) {
-            return createErrorResponse(400, 'projectId is required');
-        }
-
-        // Check user has access to project
-        const accessQuery = `
-            SELECT
-                p.project_id,
-                p.company_id,
-                pc.role,
-                ue.admin as company_admin
-            FROM rapport.projects p
-            LEFT JOIN rapport.project_collaborators pc
-                ON p.project_id = pc.project_id
-                AND pc.email_address = $1
-            LEFT JOIN rapport.user_entitlements ue
-                ON ue.email_address = $1
-                AND ue.company_id = p.company_id
-            WHERE p.project_id = $2
-        `;
-        const accessCheck = await executeQuery(accessQuery, [email, projectId]);
-
-        if (accessCheck.rowCount === 0) {
-            return createErrorResponse(404, 'Project not found');
-        }
-
-        const access = accessCheck.rows[0];
-
-        // Check permissions (only owner or company admin can delete)
-        const canDelete = access.role === 'owner' || access.company_admin === true;
-        if (!canDelete) {
-            return createErrorResponse(403, 'Only project owner or company admin can delete project');
-        }
-
-        // Archive project (soft delete)
-        const query = `
-            UPDATE rapport.projects
-            SET archived = true, updated_at = NOW()
-            WHERE project_id = $1
-            RETURNING project_id, project_name, archived
-        `;
-
-        const result = await executeQuery(query, [projectId]);
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            'Project archived successfully',
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(deleteProject);

package/src/handlers/projects/projectGet.js

@@ -1,95 +0,0 @@
-/**
- * Project Get Handler
- * Retrieves projects for a company with collaborator access check
- *
- * GET /api/projects?Company_ID=xxx
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Get projects
- * Returns all projects user has access to (via company entitlements or direct collaboration)
- */
-async function getProjects({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        // REST API: requestContext.authorizer.claims.email
-        // HTTP API: requestContext.authorizer.jwt.claims.email
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        // Get user's company access
-        const entitlementQuery = `
-            SELECT ue.company_id, ue.admin, c.company_name
-            FROM rapport.user_entitlements ue
-            JOIN rapport.companies c ON ue.company_id = c.company_id
-            WHERE ue.email_address = $1
-        `;
-        const entitlements = await executeQuery(entitlementQuery, [email]);
-
-        if (entitlements.rowCount === 0) {
-            return createErrorResponse(403, 'No company access');
-        }
-
-        const companyIds = entitlements.rows.map(e => e.company_id);
-
-        // Optional filter by specific company
-        let targetCompanyIds = companyIds;
-        if (queryParams.Company_ID) {
-            if (!companyIds.includes(queryParams.Company_ID)) {
-                return createErrorResponse(403, 'No access to specified company');
-            }
-            targetCompanyIds = [queryParams.Company_ID];
-        }
-
-        // Get projects for user's companies
-        const query = `
-            SELECT
-                p.project_id,
-                p.company_id,
-                p.project_name,
-                p.description,
-                p.private,
-                p.created_at,
-                p.last_active,
-                p.archived,
-                c.company_name,
-                COUNT(DISTINCT pc.email_address) as collaborator_count,
-                COALESCE(
-                    json_agg(
-                        json_build_object(
-                            'email', pc.email_address,
-                            'role', pc.role,
-                            'is_external', pc.is_external
-                        )
-                    ) FILTER (WHERE pc.email_address IS NOT NULL),
-                    '[]'
-                ) as collaborators
-            FROM rapport.projects p
-            JOIN rapport.companies c ON p.company_id = c.company_id
-            LEFT JOIN rapport.project_collaborators pc ON p.project_id = pc.project_id
-            WHERE p.company_id = ANY($1::varchar[])
-            AND p.archived = false
-            GROUP BY p.project_id, c.company_name
-            ORDER BY p.last_active DESC NULLS LAST, p.created_at DESC
-        `;
-
-        const result = await executeQuery(query, [targetCompanyIds]);
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            'Projects retrieved successfully',
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(getProjects);