@goscribe/server 1.2.0 → 1.3.1

package/dist/lib/activity_log_service.js

@@ -0,0 +1,276 @@
+import { ActivityLogCategory } from "@prisma/client";
+import { logger } from "./logger.js";
+import { getTrpcPathsMatchingDescriptionSearch } from "./activity_human_description.js";
+const SENSITIVE_KEY_FRAGMENTS = [
+    "password",
+    "token",
+    "secret",
+    "authorization",
+    "cookie",
+    "credit",
+    "card",
+    "cvv",
+    "ssn",
+];
+export function isActivityLogEnabled() {
+    const v = process.env.ACTIVITY_LOG_ENABLED;
+    if (v === undefined || v === "")
+        return true;
+    return v === "1" || v.toLowerCase() === "true";
+}
+function activitySampleRate() {
+    const raw = process.env.ACTIVITY_LOG_SAMPLE_RATE;
+    if (!raw)
+        return 1;
+    const n = Number(raw);
+    if (!Number.isFinite(n) || n <= 0)
+        return 0;
+    if (n > 1)
+        return 1;
+    return n;
+}
+export function shouldSampleActivity() {
+    const rate = activitySampleRate();
+    if (rate >= 1)
+        return true;
+    if (rate <= 0)
+        return false;
+    return Math.random() < rate;
+}
+/** Recursive redaction for JSON-safe metadata (never log raw credentials). */
+export function redactSensitive(value) {
+    if (value === null || value === undefined)
+        return value;
+    if (typeof value === "string") {
+        if (value.length > 2000)
+            return `${value.slice(0, 2000)}…[truncated]`;
+        return value;
+    }
+    if (typeof value !== "object")
+        return value;
+    if (Array.isArray(value)) {
+        return value.map((v) => redactSensitive(v));
+    }
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+        const lower = k.toLowerCase();
+        if (SENSITIVE_KEY_FRAGMENTS.some((f) => lower.includes(f))) {
+            out[k] = "[REDACTED]";
+            continue;
+        }
+        out[k] = redactSensitive(v);
+    }
+    return out;
+}
+export function inferCategoryFromTrpcPath(path) {
+    const p = path.toLowerCase();
+    if (p.startsWith("auth."))
+        return ActivityLogCategory.AUTH;
+    if (p.startsWith("payment."))
+        return ActivityLogCategory.BILLING;
+    if (p.startsWith("admin."))
+        return ActivityLogCategory.ADMIN;
+    if (p.startsWith("workspace.") || p.startsWith("members.") || p.startsWith("member."))
+        return ActivityLogCategory.WORKSPACE;
+    if (p.startsWith("flashcards.") ||
+        p.startsWith("worksheets.") ||
+        p.startsWith("studyguide.") ||
+        p.startsWith("podcast.") ||
+        p.startsWith("annotations.") ||
+        p.startsWith("chat.") ||
+        p.startsWith("copilot."))
+        return ActivityLogCategory.CONTENT;
+    if (p.startsWith("notifications."))
+        return ActivityLogCategory.SYSTEM;
+    return ActivityLogCategory.SYSTEM;
+}
+/** Best-effort workspace id from tRPC input (nested objects included). */
+export function extractWorkspaceIdFromInput(raw) {
+    if (raw === null || raw === undefined)
+        return undefined;
+    if (typeof raw === "object" && !Array.isArray(raw)) {
+        const o = raw;
+        const direct = o.workspaceId ?? o.workspace_id;
+        if (typeof direct === "string" && direct.length > 0)
+            return direct;
+        for (const v of Object.values(o)) {
+            const nested = extractWorkspaceIdFromInput(v);
+            if (nested)
+                return nested;
+        }
+    }
+    if (Array.isArray(raw)) {
+        for (const item of raw) {
+            const nested = extractWorkspaceIdFromInput(item);
+            if (nested)
+                return nested;
+        }
+    }
+    return undefined;
+}
+export function truncateUserAgent(ua, max = 512) {
+    if (!ua)
+        return undefined;
+    return ua.length > max ? ua.slice(0, max) : ua;
+}
+export function getClientIp(req) {
+    const xf = req.headers["x-forwarded-for"];
+    if (typeof xf === "string")
+        return xf.split(",")[0]?.trim();
+    if (Array.isArray(xf))
+        return xf[0]?.split(",")[0]?.trim();
+    const ra = req.socket?.remoteAddress;
+    return ra ?? undefined;
+}
+function buildMetadata(path, rawInput) {
+    if (rawInput === undefined)
+        return undefined;
+    try {
+        const redacted = redactSensitive(rawInput);
+        return { trpcInputPreview: redacted };
+    }
+    catch {
+        return { trpcInputPreview: "[unserializable]" };
+    }
+}
+function buildExplicitMetadata(metadata) {
+    if (metadata === undefined)
+        return undefined;
+    try {
+        return redactSensitive(metadata);
+    }
+    catch {
+        return { metadata: "[unserializable]" };
+    }
+}
+/**
+ * Persists one activity row. Prefer `scheduleRecordActivity` from request path to avoid blocking.
+ */
+export async function recordActivity(input) {
+    if (!isActivityLogEnabled())
+        return;
+    if (!shouldSampleActivity())
+        return;
+    const category = inferCategoryFromTrpcPath(input.path);
+    const workspaceId = extractWorkspaceIdFromInput(input.rawInput) ?? undefined;
+    const action = `trpc.${input.path}`;
+    const metadata = buildMetadata(input.path, input.rawInput);
+    try {
+        await input.db.activityLog.create({
+            data: {
+                actorUserId: input.actorUserId,
+                actorEmailSnapshot: input.actorEmailSnapshot ?? undefined,
+                action,
+                category,
+                trpcPath: input.path,
+                httpMethod: input.httpMethod ?? undefined,
+                status: input.status,
+                errorCode: input.errorCode ?? undefined,
+                durationMs: input.durationMs,
+                workspaceId,
+                ipAddress: input.ipAddress ?? undefined,
+                userAgent: truncateUserAgent(input.userAgent ?? undefined),
+                metadata: metadata ?? undefined,
+            },
+        });
+    }
+    catch (e) {
+        logger.error(`ActivityLog write failed: ${e instanceof Error ? e.message : String(e)}`, "ACTIVITY");
+    }
+}
+export function scheduleRecordActivity(input) {
+    void Promise.resolve()
+        .then(() => recordActivity(input))
+        .catch((e) => logger.error(`ActivityLog async error: ${e instanceof Error ? e.message : String(e)}`, "ACTIVITY"));
+}
+/**
+ * Persists one explicit (non-tRPC) activity row.
+ * This is used for cron jobs, webhooks, and other system-wide background operations.
+ */
+export async function recordExplicitActivity(input) {
+    if (!isActivityLogEnabled())
+        return;
+    if (!input.forceWrite && !shouldSampleActivity())
+        return;
+    const metadata = buildExplicitMetadata(input.metadata);
+    try {
+        await input.db.activityLog.create({
+            data: {
+                actorUserId: input.actorUserId ?? undefined,
+                actorEmailSnapshot: input.actorEmailSnapshot ?? undefined,
+                action: input.action,
+                category: input.category,
+                resourceType: input.resourceType ?? undefined,
+                resourceId: input.resourceId ?? undefined,
+                workspaceId: input.workspaceId ?? undefined,
+                trpcPath: input.trpcPath ?? undefined,
+                httpMethod: input.httpMethod ?? undefined,
+                status: input.status,
+                errorCode: input.errorCode ?? undefined,
+                durationMs: input.durationMs,
+                ipAddress: input.ipAddress ?? undefined,
+                userAgent: truncateUserAgent(input.userAgent ?? undefined),
+                metadata: metadata ?? undefined,
+            },
+        });
+    }
+    catch (e) {
+        logger.error(`ActivityLog explicit write failed: ${e instanceof Error ? e.message : String(e)}`, "ACTIVITY");
+    }
+}
+export function scheduleRecordExplicitActivity(input) {
+    void Promise.resolve()
+        .then(() => recordExplicitActivity(input))
+        .catch((e) => logger.error(`ActivityLog explicit async error: ${e instanceof Error ? e.message : String(e)}`, "ACTIVITY"));
+}
+/** Default retention: 365 days. Override with ACTIVITY_LOG_RETENTION_DAYS. */
+export function getActivityRetentionDays() {
+    const raw = process.env.ACTIVITY_LOG_RETENTION_DAYS;
+    if (!raw)
+        return 365;
+    const n = Number(raw);
+    if (!Number.isFinite(n) || n < 1)
+        return 365;
+    return Math.min(Math.floor(n), 3650);
+}
+export async function deleteActivityLogsOlderThan(db, cutoff) {
+    const result = await db.activityLog.deleteMany({
+        where: { createdAt: { lt: cutoff } },
+    });
+    return { deleted: result.count };
+}
+export function buildActivityLogWhere(filter, options) {
+    const where = {};
+    if (options?.forceActorUserId) {
+        where.actorUserId = options.forceActorUserId;
+    }
+    else if (filter.actorUserId) {
+        where.actorUserId = filter.actorUserId;
+    }
+    if (filter.workspaceId)
+        where.workspaceId = filter.workspaceId;
+    if (filter.category)
+        where.category = filter.category;
+    if (filter.status)
+        where.status = filter.status;
+    if (filter.from || filter.to) {
+        where.createdAt = {};
+        if (filter.from)
+            where.createdAt.gte = filter.from;
+        if (filter.to)
+            where.createdAt.lte = filter.to;
+    }
+    if (filter.search?.trim()) {
+        const s = filter.search.trim();
+        const pathsFromDescription = getTrpcPathsMatchingDescriptionSearch(s);
+        where.OR = [
+            { action: { contains: s, mode: "insensitive" } },
+            { trpcPath: { contains: s, mode: "insensitive" } },
+            { errorCode: { contains: s, mode: "insensitive" } },
+            ...(pathsFromDescription.length > 0
+                ? [{ trpcPath: { in: pathsFromDescription } }]
+                : []),
+        ];
+    }
+    return where;
+}

package/dist/lib/activity_log_service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/lib/activity_log_service.test.js

@@ -0,0 +1,27 @@
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { ActivityLogCategory, ActivityLogStatus } from "@prisma/client";
+import { buildActivityLogWhere, inferCategoryFromTrpcPath, redactSensitive, } from "./activity_log_service.js";
+test("redactSensitive redacts sensitive keys", () => {
+    const out = redactSensitive({
+        email: "a@b.com",
+        password: "secret",
+        nested: { authToken: "t", safe: 1 },
+    });
+    assert.equal(out.password, "[REDACTED]");
+    const nested = out.nested;
+    assert.equal(nested.authToken, "[REDACTED]");
+    assert.equal(nested.safe, 1);
+});
+test("inferCategoryFromTrpcPath maps routers", () => {
+    assert.equal(inferCategoryFromTrpcPath("auth.login"), ActivityLogCategory.AUTH);
+    assert.equal(inferCategoryFromTrpcPath("payment.checkout"), ActivityLogCategory.BILLING);
+    assert.equal(inferCategoryFromTrpcPath("admin.listUsers"), ActivityLogCategory.ADMIN);
+    assert.equal(inferCategoryFromTrpcPath("workspace.list"), ActivityLogCategory.WORKSPACE);
+    assert.equal(inferCategoryFromTrpcPath("flashcards.list"), ActivityLogCategory.CONTENT);
+});
+test("buildActivityLogWhere forces actor for user scope", () => {
+    const w = buildActivityLogWhere({ status: ActivityLogStatus.SUCCESS }, { forceActorUserId: "user-1" });
+    assert.equal(w.actorUserId, "user-1");
+    assert.equal(w.status, ActivityLogStatus.SUCCESS);
+});

package/dist/lib/ai-session.d.ts

@@ -25,8 +25,13 @@ export declare class AISessionService {
     initSession(workspaceId: string, user: string): Promise<AISession>;
     processFile(sessionId: string, user: string, fileUrl: string, fileType: 'image' | 'pdf', maxPages?: number): Promise<ProcessFileResult>;
     generateStudyGuide(sessionId: string, user: string): Promise<string>;
-    generateFlashcardQuestions(sessionId: string, user: string, numQuestions: number, difficulty: 'easy' | 'medium' | 'hard'): Promise<string>;
-    generateWorksheetQuestions(sessionId: string, user: string, numQuestions: number, difficulty: 'EASY' | 'MEDIUM' | 'HARD'): Promise<string>;
+    generateFlashcardQuestions(sessionId: string, user: string, numQuestions: number, difficulty: 'easy' | 'medium' | 'hard', prompt?: string): Promise<string>;
+    generateWorksheetQuestions(sessionId: string, user: string, numQuestions: number, difficulty: 'EASY' | 'MEDIUM' | 'HARD', options?: {
+        mode?: 'practice' | 'quiz';
+        mcqRatio?: number;
+        questionTypes?: string[];
+        prompt?: string;
+    }): Promise<string>;
     checkWorksheetQuestions(sessionId: string, user: string, question: string, answer: string, mark_scheme: MarkScheme): Promise<UserMarkScheme>;
     generatePodcastStructure(sessionId: string, user: string, title: string, description: string, prompt: string, speakers: Array<{
         id: string;
@@ -39,6 +44,14 @@ export declare class AISessionService {
         name?: string;
     }>, voiceId?: string): Promise<any>;
     generatePodcastImage(sessionId: string, user: string, summary: string): Promise<string>;
+    segmentStudyGuide(sessionId: string, user: string, studyGuide: string): Promise<{
+        hint: string;
+        content: string;
+    }[]>;
+    validateSegmentSummary(sessionId: string, user: string, segmentContent: string, studentResponse: string, studyGuide: string): Promise<{
+        valid: boolean;
+        feedback: string;
+    }>;
     getSession(sessionId: string): AISession | undefined;
     getSessionsByUserAndWorkspace(userId: string, workspaceId: string): AISession[];
     deleteSession(sessionId: string): boolean;