@equilateral_ai/mindmeld 3.5.3 → 4.0.2

package/src/handlers/user/apiTokenCreate.js

@@ -1,71 +0,0 @@
-/**
- * API Token Create Handler
- *
- * Creates a new MCP API token for the authenticated user.
- * Token plaintext is returned ONCE — only the SHA-256 hash is stored.
- *
- * POST /api/user/api-tokens
- * Auth: Cognito JWT required
- * Body: { name?: string }
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
-const crypto = require('crypto');
-
-async function apiTokenCreate({ body, requestContext }) {
-    const email = requestContext.authorizer?.claims?.email
-        || requestContext.authorizer?.jwt?.claims?.email;
-
-    if (!email) {
-        return createErrorResponse(401, 'Authentication required');
-    }
-
-    const tokenName = body.name || 'Default';
-
-    // Look up user's client and company
-    const userResult = await executeQuery(`
-        SELECT u.client_id, ue.company_id
-        FROM rapport.users u
-        LEFT JOIN rapport.user_entitlements ue ON u.email_address = ue.email_address
-        WHERE u.email_address = $1
-        LIMIT 1
-    `, [email]);
-
-    if (userResult.rows.length === 0) {
-        return createErrorResponse(404, 'User not found');
-    }
-
-    const { client_id, company_id } = userResult.rows[0];
-
-    // Verify active subscription
-    const clientResult = await executeQuery(
-        'SELECT subscription_tier FROM rapport.clients WHERE client_id = $1',
-        [client_id]
-    );
-
-    if (clientResult.rows.length === 0 || !clientResult.rows[0].subscription_tier || clientResult.rows[0].subscription_tier === 'free') {
-        return createErrorResponse(403, 'Active MindMeld subscription required to create API tokens');
-    }
-
-    // Generate token: mm_live_ + 40 random hex chars
-    const tokenId = crypto.randomUUID();
-    const tokenRandom = crypto.randomBytes(20).toString('hex');
-    const plaintext = `mm_live_${tokenRandom}`;
-    const tokenPrefix = plaintext.substring(0, 12);
-    const tokenHash = crypto.createHash('sha256').update(plaintext).digest('hex');
-
-    await executeQuery(`
-        INSERT INTO rapport.api_tokens (token_id, token_hash, token_prefix, email_address, client_id, company_id, token_name)
-        VALUES ($1, $2, $3, $4, $5, $6, $7)
-    `, [tokenId, tokenHash, tokenPrefix, email, client_id, company_id || null, tokenName]);
-
-    return createSuccessResponse({
-        token_id: tokenId,
-        token: plaintext,
-        token_prefix: tokenPrefix,
-        name: tokenName,
-        message: 'Save this token — it will not be shown again.'
-    }, 'API token created');
-}
-
-exports.handler = wrapHandler(apiTokenCreate);

package/src/handlers/user/apiTokenList.js

@@ -1,64 +0,0 @@
-/**
- * API Token List/Revoke Handler
- *
- * GET /api/user/api-tokens — List tokens (prefix only, never plaintext)
- * DELETE /api/user/api-tokens?token_id=xxx — Revoke a token
- *
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse } = require('./helpers');
-
-async function apiTokenList({ body, queryParams, requestContext, httpMethod }) {
-    const email = requestContext.authorizer?.claims?.email
-        || requestContext.authorizer?.jwt?.claims?.email;
-
-    if (!email) {
-        return createErrorResponse(401, 'Authentication required');
-    }
-
-    // DELETE — revoke a token
-    if (httpMethod === 'DELETE') {
-        const tokenId = queryParams.token_id || body.token_id;
-        if (!tokenId) {
-            return createErrorResponse(400, 'token_id is required');
-        }
-
-        const result = await executeQuery(`
-            UPDATE rapport.api_tokens
-            SET status = 'revoked', revoked_at = NOW()
-            WHERE token_id = $1 AND email_address = $2 AND status = 'active'
-            RETURNING token_id
-        `, [tokenId, email]);
-
-        if (result.rows.length === 0) {
-            return createErrorResponse(404, 'Token not found or already revoked');
-        }
-
-        return createSuccessResponse({ token_id: tokenId }, 'Token revoked');
-    }
-
-    // GET — list tokens
-    const result = await executeQuery(`
-        SELECT token_id, token_prefix, token_name, status,
-               last_used_at, request_count, created_at, revoked_at
-        FROM rapport.api_tokens
-        WHERE email_address = $1
-        ORDER BY created_at DESC
-    `, [email]);
-
-    return createSuccessResponse({
-        tokens: result.rows.map(r => ({
-            token_id: r.token_id,
-            prefix: r.token_prefix,
-            name: r.token_name,
-            status: r.status,
-            last_used: r.last_used_at,
-            request_count: r.request_count,
-            created_at: r.created_at,
-            revoked_at: r.revoked_at
-        }))
-    }, `${result.rows.length} token(s) found`);
-}
-
-exports.handler = wrapHandler(apiTokenList);

package/src/handlers/user/userSplashAck.js

@@ -1,91 +0,0 @@
-/**
- * User Splash Acknowledge Handler
- * Records that the user has dismissed the weekly splash screen
- *
- * POST /api/user/splash/acknowledge
- * Auth: Cognito JWT required
- *
- * Body: { week_start: "2026-01-27" }
- * Records acknowledgment so splash does not show again this week
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-async function acknowledgeUserSplash({ requestContext, body }) {
-    const Request_ID = requestContext.requestId;
-    const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-    if (!email) {
-        return createErrorResponse(401, 'Authentication required');
-    }
-
-    const weekStart = body?.week_start;
-    if (!weekStart) {
-        return createErrorResponse(400, 'week_start is required');
-    }
-
-    // Validate week_start format (YYYY-MM-DD)
-    const dateRegex = /^\d{4}-\d{2}-\d{2}$/;
-    if (!dateRegex.test(weekStart)) {
-        return createErrorResponse(400, 'week_start must be in YYYY-MM-DD format');
-    }
-
-    // Attempt to insert acknowledgment into dedicated table
-    try {
-        await executeQuery(`
-            INSERT INTO rapport.user_splash_acknowledgments (email_address, week_start, acknowledged_at)
-            VALUES ($1, $2, NOW())
-            ON CONFLICT (email_address, week_start) DO NOTHING
-        `, [email, weekStart]);
-
-        return createSuccessResponse(
-            { acknowledged: true, week_start: weekStart },
-            'Splash acknowledged',
-            { Request_ID, Timestamp: new Date().toISOString() }
-        );
-    } catch (tableErr) {
-        // If the dedicated table does not exist, fall back to storing
-        // acknowledgment as metadata in the patterns table
-        console.log('[SplashAck] Dedicated table not available, using fallback:', tableErr.message);
-
-        try {
-            await executeQuery(`
-                INSERT INTO rapport.patterns (
-                    pattern_type,
-                    pattern_key,
-                    pattern_value,
-                    created_by,
-                    created_at,
-                    metadata
-                )
-                VALUES (
-                    'splash_ack',
-                    $1,
-                    $2,
-                    $3,
-                    NOW(),
-                    $4
-                )
-                ON CONFLICT (pattern_type, pattern_key) WHERE pattern_type = 'splash_ack'
-                DO UPDATE SET
-                    pattern_value = EXCLUDED.pattern_value,
-                    created_at = NOW()
-            `, [
-                `splash_ack:${email}:${weekStart}`,
-                weekStart,
-                email,
-                JSON.stringify({ type: 'splash_acknowledgment', week_start: weekStart })
-            ]);
-
-            return createSuccessResponse(
-                { acknowledged: true, week_start: weekStart, fallback: true },
-                'Splash acknowledged (fallback)',
-                { Request_ID, Timestamp: new Date().toISOString() }
-            );
-        } catch (fallbackErr) {
-            return handleError(fallbackErr);
-        }
-    }
-}
-
-exports.handler = wrapHandler(acknowledgeUserSplash);

package/src/handlers/user/userSplashGet.js

@@ -1,211 +0,0 @@
-/**
- * User Splash Get Handler
- * Returns weekly activity summary for the splash screen overlay
- *
- * GET /api/user/splash
- * Auth: Cognito JWT required
- *
- * Returns:
- * - show_splash: whether to display the splash (false if already acknowledged this week)
- * - summary: weekly activity metrics from sessions + session_standards
- * - is_greenfield: true if user has < 7 days of session history
- * - tips: getting-started tips for greenfield users
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-async function getUserSplash({ requestContext }) {
-    const Request_ID = requestContext.requestId;
-    const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-    if (!email) {
-        return createErrorResponse(401, 'Authentication required');
-    }
-
-    // Calculate current week boundaries (Monday to Sunday UTC)
-    const now = new Date();
-    const dayOfWeek = now.getUTCDay();
-    const mondayOffset = dayOfWeek === 0 ? -6 : 1 - dayOfWeek;
-    const weekStart = new Date(now);
-    weekStart.setUTCDate(now.getUTCDate() + mondayOffset);
-    weekStart.setUTCHours(0, 0, 0, 0);
-
-    const weekEnd = new Date(weekStart);
-    weekEnd.setUTCDate(weekStart.getUTCDate() + 6);
-    weekEnd.setUTCHours(23, 59, 59, 999);
-
-    const weekStartStr = weekStart.toISOString().split('T')[0];
-    const weekEndStr = weekEnd.toISOString().split('T')[0];
-
-    // Check if user has already acknowledged the splash this week
-    let alreadyAcknowledged = false;
-    try {
-        const ackResult = await executeQuery(`
-            SELECT 1
-            FROM rapport.user_splash_acknowledgments
-            WHERE email_address = $1
-            AND week_start = $2
-            LIMIT 1
-        `, [email, weekStartStr]);
-
-        alreadyAcknowledged = ackResult.rowCount > 0;
-    } catch (err) {
-        // Table may not exist yet; treat as not acknowledged
-        console.log('[Splash] Acknowledgment table not found, continuing:', err.message);
-    }
-
-    if (alreadyAcknowledged) {
-        return createSuccessResponse(
-            { show_splash: false },
-            'Splash already acknowledged this week',
-            { Request_ID, Timestamp: new Date().toISOString() }
-        );
-    }
-
-    // Determine if user is greenfield (< 7 days of session history)
-    let isGreenfield = true;
-    try {
-        const activityCheck = await executeQuery(`
-            SELECT MIN(started_at) as first_session
-            FROM rapport.sessions
-            WHERE email_address = $1
-        `, [email]);
-
-        if (activityCheck.rowCount > 0 && activityCheck.rows[0].first_session) {
-            const firstSession = new Date(activityCheck.rows[0].first_session);
-            const daysSinceFirst = Math.floor((now.getTime() - firstSession.getTime()) / (1000 * 60 * 60 * 24));
-            isGreenfield = daysSinceFirst < 7;
-        }
-    } catch (err) {
-        console.log('[Splash] Could not determine greenfield status:', err.message);
-    }
-
-    // Aggregate weekly metrics from sessions + session_standards
-    const weekStartISO = weekStart.toISOString();
-    const weekEndISO = weekEnd.toISOString();
-
-    // Session stats (count, duration, projects)
-    let sessionsCount = 0;
-    let totalDurationMinutes = 0;
-    let activeProjects = 0;
-    try {
-        const sessionResult = await executeQuery(`
-            SELECT
-                COUNT(*) as session_count,
-                COALESCE(ROUND(SUM(duration_seconds) / 60.0), 0) as total_minutes,
-                COUNT(DISTINCT project_id) as project_count
-            FROM rapport.sessions
-            WHERE email_address = $1
-            AND started_at >= $2
-            AND started_at <= $3
-        `, [email, weekStartISO, weekEndISO]);
-
-        if (sessionResult.rowCount > 0) {
-            sessionsCount = parseInt(sessionResult.rows[0].session_count, 10) || 0;
-            totalDurationMinutes = parseInt(sessionResult.rows[0].total_minutes, 10) || 0;
-            activeProjects = parseInt(sessionResult.rows[0].project_count, 10) || 0;
-        }
-    } catch (err) {
-        console.log('[Splash] Session stats query failed:', err.message);
-    }
-
-    // Standards stats (injected, followed, violated)
-    let standardsInjected = 0;
-    let standardsFollowed = 0;
-    let violationsDetected = 0;
-    try {
-        const standardsResult = await executeQuery(`
-            SELECT
-                COUNT(*) as total_injected,
-                COUNT(*) FILTER (WHERE ss.followed = true) as total_followed,
-                COUNT(*) FILTER (WHERE ss.violated = true) as total_violated
-            FROM rapport.session_standards ss
-            JOIN rapport.sessions s ON s.session_id = ss.session_id
-            WHERE s.email_address = $1
-            AND s.started_at >= $2
-            AND s.started_at <= $3
-        `, [email, weekStartISO, weekEndISO]);
-
-        if (standardsResult.rowCount > 0) {
-            standardsInjected = parseInt(standardsResult.rows[0].total_injected, 10) || 0;
-            standardsFollowed = parseInt(standardsResult.rows[0].total_followed, 10) || 0;
-            violationsDetected = parseInt(standardsResult.rows[0].total_violated, 10) || 0;
-        }
-    } catch (err) {
-        console.log('[Splash] Standards stats query failed:', err.message);
-    }
-
-    // Patterns harvested (keep existing query — patterns table exists)
-    let patternsHarvested = 0;
-    try {
-        const patternsResult = await executeQuery(`
-            SELECT COUNT(*) as count
-            FROM rapport.patterns
-            WHERE created_by = $1
-            AND created_at >= $2
-            AND created_at <= $3
-        `, [email, weekStartISO, weekEndISO]);
-
-        patternsHarvested = parseInt(patternsResult.rows[0].count, 10) || 0;
-    } catch (err) {
-        console.log('[Splash] Patterns query failed:', err.message);
-    }
-
-    // Recent category distribution (what the user has been working on)
-    let recentCategories = {};
-    try {
-        const categoryResult = await executeQuery(`
-            SELECT sp.category, COUNT(*) as usage_count
-            FROM rapport.session_standards ss
-            JOIN rapport.sessions s ON s.session_id = ss.session_id
-            JOIN rapport.standards_patterns sp ON sp.pattern_id = ss.standard_id
-            WHERE s.email_address = $1
-                AND s.started_at >= $2
-                AND s.started_at <= $3
-            GROUP BY sp.category
-            ORDER BY usage_count DESC
-            LIMIT 5
-        `, [email, weekStartISO, weekEndISO]);
-
-        for (const row of categoryResult.rows) {
-            recentCategories[row.category] = parseInt(row.usage_count, 10);
-        }
-    } catch (err) {
-        console.log('[Splash] Recent categories query failed:', err.message);
-    }
-
-    // Build tips for greenfield users
-    const tips = isGreenfield ? [
-        'MindMeld automatically injects relevant standards into your AI coding sessions.',
-        'Use /mm-load <domain> to pre-load standards before starting work (e.g., /mm-load Frontend).',
-        'Use /mm-workflows to see available step-by-step procedures.',
-        'Patterns discovered in your code can be promoted to team-wide standards.',
-        'Use /mm-status to check your system health and API connectivity.'
-    ] : [];
-
-    const summary = {
-        sessions_count: sessionsCount,
-        total_duration_minutes: totalDurationMinutes,
-        standards_injected: standardsInjected,
-        standards_followed: standardsFollowed,
-        violations_detected: violationsDetected,
-        active_projects: activeProjects,
-        recent_categories: recentCategories,
-        patterns_harvested: patternsHarvested,
-        week_start: weekStartStr,
-        week_end: weekEndStr
-    };
-
-    return createSuccessResponse(
-        {
-            show_splash: true,
-            summary,
-            is_greenfield: isGreenfield,
-            tips
-        },
-        'Splash data retrieved',
-        { Request_ID, Timestamp: new Date().toISOString() }
-    );
-}
-
-exports.handler = wrapHandler(getUserSplash);

package/src/handlers/users/cognitoPostConfirmation.js

@@ -1,186 +0,0 @@
-/**
- * Cognito Post-Confirmation Handler
- * Creates user record and personal workspace after email verification
- *
- * Triggered by: Cognito User Pool post-confirmation trigger
- * Following: cognito_authentication_standards.md
- */
-
-const { executeQuery } = require('./helpers');
-
-/**
- * Handle post-confirmation trigger
- * Creates user, personal client, personal company, and entitlement
- */
-async function handler(event, context) {
-    console.log('Post-confirmation trigger:', JSON.stringify(event, null, 2));
-
-    // Only process SignUp confirmations
-    if (event.triggerSource !== 'PostConfirmation_ConfirmSignUp') {
-        console.log('Skipping trigger source:', event.triggerSource);
-        return event;
-    }
-
-    const { userName, request } = event;
-    const { userAttributes } = request;
-
-    const email = userAttributes.email;
-    const cognitoSub = userAttributes.sub;
-    const firstName = userAttributes.given_name || '';
-    const lastName = userAttributes.family_name || '';
-
-    try {
-        await executeQuery('BEGIN');
-
-        try {
-            // 1. Create user record
-            const userQuery = `
-                INSERT INTO rapport.users (
-                    email_address,
-                    cognito_sub,
-                    first_name,
-                    last_name,
-                    client_id,
-                    user_status,
-                    active
-                )
-                VALUES ($1, $2, $3, $4, $5, 'Active', true)
-                ON CONFLICT (email_address) DO UPDATE SET
-                    cognito_sub = EXCLUDED.cognito_sub,
-                    first_name = EXCLUDED.first_name,
-                    last_name = EXCLUDED.last_name,
-                    last_updated = CURRENT_TIMESTAMP
-                RETURNING email_address
-            `;
-
-            // Personal client ID based on email (sanitized)
-            const personalClientId = `personal_${email.replace(/[^a-zA-Z0-9]/g, '_').toLowerCase()}`;
-
-            await executeQuery(userQuery, [
-                email,
-                cognitoSub,
-                firstName,
-                lastName,
-                personalClientId
-            ]);
-
-            console.log('User created/updated:', email);
-
-            // 2. Create personal client (free tier)
-            const clientQuery = `
-                INSERT INTO rapport.clients (
-                    client_id,
-                    client_name,
-                    client_type,
-                    client_status,
-                    subscription_tier,
-                    subscription_status
-                )
-                VALUES ($1, $2, 'PERSONAL', 'Active', 'free', 'active')
-                ON CONFLICT (client_id) DO NOTHING
-                RETURNING client_id
-            `;
-
-            const clientName = firstName && lastName
-                ? `${firstName} ${lastName}'s Workspace`
-                : `${email.split('@')[0]}'s Workspace`;
-
-            await executeQuery(clientQuery, [personalClientId, clientName]);
-
-            console.log('Personal client created:', personalClientId);
-
-            // 3. Create personal company
-            const companyId = `${personalClientId}_main`;
-            const companyQuery = `
-                INSERT INTO rapport.companies (
-                    company_id,
-                    client_id,
-                    company_name,
-                    company_status
-                )
-                VALUES ($1, $2, $3, 'Active')
-                ON CONFLICT (company_id) DO NOTHING
-                RETURNING company_id
-            `;
-
-            await executeQuery(companyQuery, [
-                companyId,
-                personalClientId,
-                'Personal Projects'
-            ]);
-
-            console.log('Personal company created:', companyId);
-
-            // 4. Create admin entitlement for personal workspace
-            const entitlementQuery = `
-                INSERT INTO rapport.user_entitlements (
-                    email_address,
-                    client_id,
-                    company_id,
-                    admin,
-                    member
-                )
-                VALUES ($1, $2, $3, true, true)
-                ON CONFLICT (email_address, company_id) DO NOTHING
-            `;
-
-            await executeQuery(entitlementQuery, [email, personalClientId, companyId]);
-
-            console.log('Entitlement created for:', email);
-
-            // 5. Check for and accept pending enterprise invitations
-            const pendingInvites = await executeQuery(`
-                SELECT invitation_id, client_id, company_id, role
-                FROM rapport.enterprise_invitations
-                WHERE email = $1 AND status = 'pending'
-            `, [email.toLowerCase()]);
-
-            if (pendingInvites.rows.length > 0) {
-                console.log(`Found ${pendingInvites.rows.length} pending enterprise invitation(s)`);
-
-                for (const invite of pendingInvites.rows) {
-                    // Create entitlement for the enterprise company
-                    const isAdmin = invite.role === 'admin';
-                    await executeQuery(`
-                        INSERT INTO rapport.user_entitlements (
-                            email_address,
-                            client_id,
-                            company_id,
-                            admin,
-                            member
-                        )
-                        VALUES ($1, $2, $3, $4, true)
-                        ON CONFLICT (email_address, company_id) DO NOTHING
-                    `, [email, invite.client_id, invite.company_id, isAdmin]);
-
-                    // Mark invitation as accepted
-                    await executeQuery(`
-                        UPDATE rapport.enterprise_invitations
-                        SET status = 'accepted', accepted_at = NOW()
-                        WHERE invitation_id = $1
-                    `, [invite.invitation_id]);
-
-                    console.log(`Accepted enterprise invitation for company: ${invite.company_id} (role: ${invite.role})`);
-                }
-            }
-
-            await executeQuery('COMMIT');
-
-            console.log('Post-confirmation complete for:', email);
-
-        } catch (error) {
-            await executeQuery('ROLLBACK');
-            throw error;
-        }
-
-    } catch (error) {
-        console.error('Post-confirmation error:', error);
-        // Don't throw - this would prevent user creation in Cognito
-        // Log the error and continue
-    }
-
-    // Must return the event for Cognito to proceed
-    return event;
-}
-
-module.exports = { handler };