@fatagnus/convex-feedback 0.2.6 → 0.2.8

package/src/convex/apiKeys.ts

@@ -0,0 +1,223 @@
+import { v } from "convex/values";
+import { mutation, query, internalQuery } from "./_generated/server";
+
+/**
+ * Generate a secure random API key
+ * Format: fb_<32 random hex chars> = 35 chars total
+ */
+function generateApiKey(): string {
+  const randomBytes = new Uint8Array(16);
+  crypto.getRandomValues(randomBytes);
+  const hex = Array.from(randomBytes)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+  return `fb_${hex}`;
+}
+
+/**
+ * Hash an API key using SHA-256
+ */
+async function hashApiKey(key: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(key);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+/**
+ * Create a new API key.
+ * Returns the full key - this is the only time it will be visible!
+ */
+export const create = mutation({
+  args: {
+    name: v.string(),
+    expiresAt: v.optional(v.number()),
+  },
+  returns: v.object({
+    key: v.string(),
+    keyPrefix: v.string(),
+    name: v.string(),
+    expiresAt: v.union(v.number(), v.null()),
+    createdAt: v.number(),
+  }),
+  handler: async (ctx, args) => {
+    const key = generateApiKey();
+    const keyHash = await hashApiKey(key);
+    const keyPrefix = key.slice(0, 11); // "fb_" + first 8 chars
+    const now = Date.now();
+
+    await ctx.db.insert("apiKeys", {
+      keyHash,
+      keyPrefix,
+      name: args.name,
+      expiresAt: args.expiresAt,
+      isRevoked: false,
+      createdAt: now,
+    });
+
+    return {
+      key, // Full key - only returned on creation!
+      keyPrefix,
+      name: args.name,
+      expiresAt: args.expiresAt ?? null,
+      createdAt: now,
+    };
+  },
+});
+
+/**
+ * List all API keys (without the actual key values).
+ */
+export const list = query({
+  args: {},
+  returns: v.array(
+    v.object({
+      _id: v.id("apiKeys"),
+      keyPrefix: v.string(),
+      name: v.string(),
+      expiresAt: v.union(v.number(), v.null()),
+      isRevoked: v.boolean(),
+      revokedAt: v.union(v.number(), v.null()),
+      createdAt: v.number(),
+      isExpired: v.boolean(),
+    })
+  ),
+  handler: async (ctx) => {
+    const keys = await ctx.db.query("apiKeys").collect();
+    const now = Date.now();
+
+    return keys.map((k) => ({
+      _id: k._id,
+      keyPrefix: k.keyPrefix,
+      name: k.name,
+      expiresAt: k.expiresAt ?? null,
+      isRevoked: k.isRevoked,
+      revokedAt: k.revokedAt ?? null,
+      createdAt: k.createdAt,
+      isExpired: k.expiresAt !== undefined && k.expiresAt < now,
+    }));
+  },
+});
+
+/**
+ * Revoke an API key by its prefix.
+ */
+export const revoke = mutation({
+  args: {
+    keyPrefix: v.string(),
+  },
+  returns: v.boolean(),
+  handler: async (ctx, args) => {
+    const key = await ctx.db
+      .query("apiKeys")
+      .withIndex("by_key_prefix", (q) => q.eq("keyPrefix", args.keyPrefix))
+      .unique();
+
+    if (!key) {
+      return false;
+    }
+
+    await ctx.db.patch(key._id, {
+      isRevoked: true,
+      revokedAt: Date.now(),
+    });
+
+    return true;
+  },
+});
+
+/**
+ * Rotate an API key - revokes the old key and creates a new one.
+ * Returns the new key (only time it will be visible!).
+ */
+export const rotate = mutation({
+  args: {
+    keyPrefix: v.string(),
+    name: v.optional(v.string()),
+    expiresAt: v.optional(v.number()),
+  },
+  returns: v.union(
+    v.object({
+      key: v.string(),
+      keyPrefix: v.string(),
+      name: v.string(),
+      expiresAt: v.union(v.number(), v.null()),
+      createdAt: v.number(),
+    }),
+    v.null()
+  ),
+  handler: async (ctx, args) => {
+    // Find and revoke the old key
+    const oldKey = await ctx.db
+      .query("apiKeys")
+      .withIndex("by_key_prefix", (q) => q.eq("keyPrefix", args.keyPrefix))
+      .unique();
+
+    if (!oldKey) {
+      return null;
+    }
+
+    // Revoke old key
+    await ctx.db.patch(oldKey._id, {
+      isRevoked: true,
+      revokedAt: Date.now(),
+    });
+
+    // Create new key
+    const newKey = generateApiKey();
+    const keyHash = await hashApiKey(newKey);
+    const keyPrefix = newKey.slice(0, 11);
+    const now = Date.now();
+    const name = args.name ?? oldKey.name;
+
+    await ctx.db.insert("apiKeys", {
+      keyHash,
+      keyPrefix,
+      name,
+      expiresAt: args.expiresAt,
+      isRevoked: false,
+      createdAt: now,
+    });
+
+    return {
+      key: newKey,
+      keyPrefix,
+      name,
+      expiresAt: args.expiresAt ?? null,
+      createdAt: now,
+    };
+  },
+});
+
+/**
+ * Validate an API key (internal use for HTTP endpoint).
+ * Returns true if valid and not expired/revoked.
+ */
+export const validateKey = internalQuery({
+  args: {
+    key: v.string(),
+  },
+  returns: v.boolean(),
+  handler: async (ctx, args) => {
+    const keyHash = await hashApiKey(args.key);
+    const apiKey = await ctx.db
+      .query("apiKeys")
+      .withIndex("by_key_hash", (q) => q.eq("keyHash", keyHash))
+      .unique();
+
+    if (!apiKey) {
+      return false;
+    }
+
+    if (apiKey.isRevoked) {
+      return false;
+    }
+
+    if (apiKey.expiresAt !== undefined && apiKey.expiresAt < Date.now()) {
+      return false;
+    }
+
+    return true;
+  },
+});

package/src/convex/bugReports.ts

@@ -1,5 +1,5 @@
 import { v } from "convex/values";
-import { mutation, query, internalMutation } from "./_generated/server";
+import { mutation, query, internalMutation, internalQuery } from "./_generated/server";
 import { internal } from "./_generated/api";
 import {
   bugSeverityValidator,
@@ -41,6 +41,7 @@ const bugReportReturnValidator = v.object({
   aiAnalyzedAt: v.optional(v.number()),
   aiThreadId: v.optional(v.string()),
   notificationsSentAt: v.optional(v.number()),
+  ticketNumber: v.optional(v.string()),
 });
 
 /**
@@ -66,11 +67,39 @@ export const create = mutation({
     viewportWidth: v.number(),
     viewportHeight: v.number(),
     networkState: v.string(),
+    // When true, skip auto-scheduling of AI analysis/email notifications
+    // Use this when the parent app will handle processing with its own API keys
+    skipAutoProcess: v.optional(v.boolean()),
+    // Optional API keys - pass from parent app since components don't inherit env vars
+    openRouterApiKey: v.optional(v.string()),
+    resendApiKey: v.optional(v.string()),
+    resendFromEmail: v.optional(v.string()),
   },
   returns: v.id("bugReports"),
   handler: async (ctx, args) => {
     const now = Date.now();
 
+    // Generate ticket number
+    const year = new Date().getFullYear();
+    const counter = await ctx.db
+      .query("ticketCounters")
+      .withIndex("by_type_year", (q) => q.eq("type", "bug").eq("year", year))
+      .unique();
+
+    let nextNumber: number;
+    if (counter) {
+      nextNumber = counter.nextNumber;
+      await ctx.db.patch(counter._id, { nextNumber: nextNumber + 1 });
+    } else {
+      nextNumber = 1;
+      await ctx.db.insert("ticketCounters", {
+        type: "bug",
+        year,
+        nextNumber: 2,
+      });
+    }
+    const ticketNumber = `BUG-${year}-${nextNumber.toString().padStart(4, "0")}`;
+
     const reportId = await ctx.db.insert("bugReports", {
       title: args.title,
       description: args.description,
@@ -88,19 +117,27 @@ export const create = mutation({
       viewportWidth: args.viewportWidth,
       viewportHeight: args.viewportHeight,
       networkState: args.networkState,
+      ticketNumber,
       createdAt: now,
       updatedAt: now,
     });
 
     // Schedule AI analysis and email notifications (runs immediately)
-    // This uses a try-catch to gracefully handle if agents aren't configured
-    try {
-      await ctx.scheduler.runAfter(0, internal.agents.bugReportAgent.processBugReport, {
-        bugReportId: reportId,
-      });
-    } catch {
-      // AI agent not available, continue without analysis
-      console.log("AI agent not configured, skipping analysis");
+    // Skip if parent app will handle processing with its own API keys
+    if (!args.skipAutoProcess) {
+      // This uses a try-catch to gracefully handle if agents aren't configured
+      try {
+        await ctx.scheduler.runAfter(0, internal.agents.bugReportAgent.processBugReport, {
+          bugReportId: reportId,
+          // Forward API keys from parent app (components don't inherit env vars)
+          openRouterApiKey: args.openRouterApiKey,
+          resendApiKey: args.resendApiKey,
+          resendFromEmail: args.resendFromEmail,
+        });
+      } catch {
+        // AI agent not available, continue without analysis
+        console.log("AI agent not configured, skipping analysis");
+      }
     }
 
     return reportId;
@@ -332,6 +369,108 @@ export const updateWithAnalysis = internalMutation({
   },
 });
 
+/**
+ * Internal query to list bug reports (for HTTP API).
+ */
+export const listInternal = internalQuery({
+  args: {
+    status: v.optional(bugStatusValidator),
+    severity: v.optional(bugSeverityValidator),
+    includeArchived: v.optional(v.boolean()),
+    limit: v.optional(v.number()),
+  },
+  returns: v.array(bugReportReturnValidator),
+  handler: async (ctx, args) => {
+    const limit = args.limit ?? 50;
+    const includeArchived = args.includeArchived ?? false;
+
+    let reports;
+    if (args.status) {
+      const status = args.status;
+      reports = await ctx.db
+        .query("bugReports")
+        .withIndex("by_status", (q) => q.eq("status", status))
+        .order("desc")
+        .take(limit * 2);
+    } else if (args.severity) {
+      const severity = args.severity;
+      reports = await ctx.db
+        .query("bugReports")
+        .withIndex("by_severity", (q) => q.eq("severity", severity))
+        .order("desc")
+        .take(limit * 2);
+    } else {
+      reports = await ctx.db
+        .query("bugReports")
+        .withIndex("by_created")
+        .order("desc")
+        .take(limit * 2);
+    }
+
+    if (!includeArchived) {
+      reports = reports.filter((r) => !r.isArchived);
+    }
+
+    return reports.slice(0, limit);
+  },
+});
+
+/**
+ * Internal mutation to update bug report status by ticket number (for HTTP API).
+ */
+export const updateStatusByTicketNumber = internalMutation({
+  args: {
+    ticketNumber: v.string(),
+    status: bugStatusValidator,
+  },
+  returns: v.union(v.object({ success: v.boolean(), ticketNumber: v.string() }), v.null()),
+  handler: async (ctx, args) => {
+    const report = await ctx.db
+      .query("bugReports")
+      .withIndex("by_ticket_number", (q) => q.eq("ticketNumber", args.ticketNumber))
+      .unique();
+
+    if (!report) {
+      return null;
+    }
+
+    await ctx.db.patch(report._id, {
+      status: args.status,
+      updatedAt: Date.now(),
+    });
+
+    return { success: true, ticketNumber: args.ticketNumber };
+  },
+});
+
+/**
+ * Internal mutation to archive/unarchive bug report by ticket number (for HTTP API).
+ */
+export const setArchivedByTicketNumber = internalMutation({
+  args: {
+    ticketNumber: v.string(),
+    isArchived: v.boolean(),
+  },
+  returns: v.union(v.object({ success: v.boolean(), ticketNumber: v.string(), isArchived: v.boolean() }), v.null()),
+  handler: async (ctx, args) => {
+    const report = await ctx.db
+      .query("bugReports")
+      .withIndex("by_ticket_number", (q) => q.eq("ticketNumber", args.ticketNumber))
+      .unique();
+
+    if (!report) {
+      return null;
+    }
+
+    await ctx.db.patch(report._id, {
+      isArchived: args.isArchived,
+      updatedAt: Date.now(),
+    });
+
+    return { success: true, ticketNumber: args.ticketNumber, isArchived: args.isArchived };
+  },
+});
+
 /**
  * Internal mutation to mark notifications as sent
  */

package/src/convex/emails/bugReportEmails.ts

@@ -347,6 +347,9 @@ export const sendBugReportNotifications = internalAction({
       }),
       v.null()
     ),
+    // Optional API keys - passed from parent app since components don't inherit env vars
+    resendApiKey: v.optional(v.string()),
+    resendFromEmail: v.optional(v.string()),
   },
   returns: v.object({
     success: v.boolean(),
@@ -363,8 +366,8 @@ export const sendBugReportNotifications = internalAction({
     teamEmailsSent: number;
     error?: string;
   }> => {
-    // Check for Resend API key
-    const resendApiKey = process.env.RESEND_API_KEY;
+    // Check for Resend API key - prefer args (from parent app), fallback to env
+    const resendApiKey = args.resendApiKey || process.env.RESEND_API_KEY;
     if (!resendApiKey) {
       console.warn("RESEND_API_KEY not configured. Skipping email notifications.");
       return {
@@ -376,7 +379,7 @@ export const sendBugReportNotifications = internalAction({
     }
 
     const resend = new Resend(resendApiKey);
-    const fromEmail = process.env.RESEND_FROM_EMAIL || "bugs@resend.dev";
+    const fromEmail = args.resendFromEmail || process.env.RESEND_FROM_EMAIL || "bugs@resend.dev";
 
     // Get bug report data
     const report = await ctx.runQuery(

package/src/convex/emails/feedbackEmails.ts

@@ -328,6 +328,9 @@ export const sendFeedbackNotifications = internalAction({
       }),
       v.null()
     ),
+    // Optional API keys - passed from parent app since components don't inherit env vars
+    resendApiKey: v.optional(v.string()),
+    resendFromEmail: v.optional(v.string()),
   },
   returns: v.object({
     success: v.boolean(),
@@ -344,8 +347,8 @@ export const sendFeedbackNotifications = internalAction({
     teamEmailsSent: number;
     error?: string;
   }> => {
-    // Check for Resend API key
-    const resendApiKey = process.env.RESEND_API_KEY;
+    // Check for Resend API key - prefer args (from parent app), fallback to env
+    const resendApiKey = args.resendApiKey || process.env.RESEND_API_KEY;
     if (!resendApiKey) {
       console.warn("RESEND_API_KEY not configured. Skipping email notifications.");
       return {
@@ -357,7 +360,7 @@ export const sendFeedbackNotifications = internalAction({
     }
 
     const resend = new Resend(resendApiKey);
-    const fromEmail = process.env.RESEND_FROM_EMAIL || "feedback@resend.dev";
+    const fromEmail = args.resendFromEmail || process.env.RESEND_FROM_EMAIL || "feedback@resend.dev";
 
     // Get feedback data
     const feedback = await ctx.runQuery(internal.emails.feedbackEmails.getFeedbackForEmail, {

package/src/convex/feedback.ts

@@ -1,5 +1,5 @@
 import { v } from "convex/values";
-import { mutation, query, internalMutation } from "./_generated/server";
+import { mutation, query, internalMutation, internalQuery } from "./_generated/server";
 import { internal } from "./_generated/api";
 import {
   feedbackTypeValidator,
@@ -42,6 +42,7 @@ const feedbackReturnValidator = v.object({
   aiAnalyzedAt: v.optional(v.number()),
   aiThreadId: v.optional(v.string()),
   notificationsSentAt: v.optional(v.number()),
+  ticketNumber: v.optional(v.string()),
 });
 
 /**
@@ -68,11 +69,39 @@ export const create = mutation({
     viewportWidth: v.number(),
     viewportHeight: v.number(),
     networkState: v.string(),
+    // When true, skip auto-scheduling of AI analysis/email notifications
+    // Use this when the parent app will handle processing with its own API keys
+    skipAutoProcess: v.optional(v.boolean()),
+    // Optional API keys - pass from parent app since components don't inherit env vars
+    openRouterApiKey: v.optional(v.string()),
+    resendApiKey: v.optional(v.string()),
+    resendFromEmail: v.optional(v.string()),
   },
   returns: v.id("feedback"),
   handler: async (ctx, args) => {
     const now = Date.now();
 
+    // Generate ticket number
+    const year = new Date().getFullYear();
+    const counter = await ctx.db
+      .query("ticketCounters")
+      .withIndex("by_type_year", (q) => q.eq("type", "feedback").eq("year", year))
+      .unique();
+
+    let nextNumber: number;
+    if (counter) {
+      nextNumber = counter.nextNumber;
+      await ctx.db.patch(counter._id, { nextNumber: nextNumber + 1 });
+    } else {
+      nextNumber = 1;
+      await ctx.db.insert("ticketCounters", {
+        type: "feedback",
+        year,
+        nextNumber: 2,
+      });
+    }
+    const ticketNumber = `FB-${year}-${nextNumber.toString().padStart(4, "0")}`;
+
     const feedbackId = await ctx.db.insert("feedback", {
       type: args.type,
       title: args.title,
@@ -91,18 +120,26 @@ export const create = mutation({
       viewportWidth: args.viewportWidth,
       viewportHeight: args.viewportHeight,
       networkState: args.networkState,
+      ticketNumber,
       createdAt: now,
       updatedAt: now,
     });
 
     // Schedule AI analysis and email notifications (runs immediately)
-    try {
-      await ctx.scheduler.runAfter(0, internal.agents.feedbackAgent.processFeedback, {
-        feedbackId,
-      });
-    } catch {
-      // AI agent not available, continue without analysis
-      console.log("AI agent not configured, skipping analysis");
+    // Skip if parent app will handle processing with its own API keys
+    if (!args.skipAutoProcess) {
+      try {
+        await ctx.scheduler.runAfter(0, internal.agents.feedbackAgent.processFeedback, {
+          feedbackId,
+          // Forward API keys from parent app (components don't inherit env vars)
+          openRouterApiKey: args.openRouterApiKey,
+          resendApiKey: args.resendApiKey,
+          resendFromEmail: args.resendFromEmail,
+        });
+      } catch {
+        // AI agent not available, continue without analysis
+        console.log("AI agent not configured, skipping analysis");
+      }
     }
 
     return feedbackId;
@@ -354,3 +391,113 @@ export const markNotificationsSent = internalMutation({
     return null;
   },
 });
+
+/**
+ * Internal query to list feedback (for HTTP API).
+ */
+export const listInternal = internalQuery({
+  args: {
+    status: v.optional(feedbackStatusValidator),
+    type: v.optional(feedbackTypeValidator),
+    priority: v.optional(feedbackPriorityValidator),
+    includeArchived: v.optional(v.boolean()),
+    limit: v.optional(v.number()),
+  },
+  returns: v.array(feedbackReturnValidator),
+  handler: async (ctx, args) => {
+    const limit = args.limit ?? 50;
+    const includeArchived = args.includeArchived ?? false;
+
+    let results;
+    if (args.status) {
+      const status = args.status;
+      results = await ctx.db
+        .query("feedback")
+        .withIndex("by_status", (q) => q.eq("status", status))
+        .order("desc")
+        .take(limit * 2);
+    } else if (args.type) {
+      const type = args.type;
+      results = await ctx.db
+        .query("feedback")
+        .withIndex("by_type", (q) => q.eq("type", type))
+        .order("desc")
+        .take(limit * 2);
+    } else if (args.priority) {
+      const priority = args.priority;
+      results = await ctx.db
+        .query("feedback")
+        .withIndex("by_priority", (q) => q.eq("priority", priority))
+        .order("desc")
+        .take(limit * 2);
+    } else {
+      results = await ctx.db
+        .query("feedback")
+        .withIndex("by_created")
+        .order("desc")
+        .take(limit * 2);
+    }
+
+    if (!includeArchived) {
+      results = results.filter((r) => !r.isArchived);
+    }
+
+    return results.slice(0, limit);
+  },
+});
+
+/**
+ * Internal mutation to archive/unarchive feedback by ticket number (for HTTP API).
+ */
+export const setArchivedByTicketNumber = internalMutation({
+  args: {
+    ticketNumber: v.string(),
+    isArchived: v.boolean(),
+  },
+  returns: v.union(v.object({ success: v.boolean(), ticketNumber: v.string(), isArchived: v.boolean() }), v.null()),
+  handler: async (ctx, args) => {
+    const feedback = await ctx.db
+      .query("feedback")
+      .withIndex("by_ticket_number", (q) => q.eq("ticketNumber", args.ticketNumber))
+      .unique();
+
+    if (!feedback) {
+      return null;
+    }
+
+    await ctx.db.patch(feedback._id, {
+      isArchived: args.isArchived,
+      updatedAt: Date.now(),
+    });
+
+    return { success: true, ticketNumber: args.ticketNumber, isArchived: args.isArchived };
+  },
+});
+
+/**
+ * Internal mutation to update feedback status by ticket number (for HTTP API).
+ */
+export const updateStatusByTicketNumber = internalMutation({
+  args: {
+    ticketNumber: v.string(),
+    status: feedbackStatusValidator,
+  },
+  returns: v.union(v.object({ success: v.boolean(), ticketNumber: v.string() }), v.null()),
+  handler: async (ctx, args) => {
+    const feedback = await ctx.db
+      .query("feedback")
+      .withIndex("by_ticket_number", (q) => q.eq("ticketNumber", args.ticketNumber))
+      .unique();
+
+    if (!feedback) {
+      return null;
+    }
+
+    await ctx.db.patch(feedback._id, {
+      status: args.status,
+      updatedAt: Date.now(),
+    });
+
+    return { success: true, ticketNumber: args.ticketNumber };
+  },
+});