npm - @hiai-gg/hiai-docs - Versions diffs - 0.0.1 - Mend

@hiai-gg/hiai-docs 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (216) hide show

package/.all-contributorsrc +18 -0
package/.claude/settings.local.json +61 -0
package/.dockerignore +113 -0
package/.env.example +68 -0
package/.github/FUNDING.yml +5 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +74 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +78 -0
package/.github/dependabot.yml +136 -0
package/.github/pull_request_template.md +96 -0
package/.github/workflows/ci.yml +283 -0
package/AGENTS.md +237 -0
package/CODE_OF_CONDUCT.md +134 -0
package/CONTRIBUTING.md +77 -0
package/Caddyfile +50 -0
package/Dockerfile.backend +60 -0
package/LICENSE +21 -0
package/README.md +284 -0
package/RELEASE_CHECKLIST.md +34 -0
package/SECURITY.md +60 -0
package/backend/package.json +43 -0
package/backend/src/__tests__/auth-helpers.test.ts +51 -0
package/backend/src/__tests__/chunker.test.ts +65 -0
package/backend/src/__tests__/config.test.ts +91 -0
package/backend/src/__tests__/csrf.test.ts +91 -0
package/backend/src/__tests__/embedding.test.ts +48 -0
package/backend/src/__tests__/rate-limit.test.ts +46 -0
package/backend/src/__tests__/routes.test.ts +38 -0
package/backend/src/__tests__/schema.test.ts +31 -0
package/backend/src/__tests__/validation.test.ts +556 -0
package/backend/src/api/middleware/auth.ts +56 -0
package/backend/src/api/middleware/csrf.ts +91 -0
package/backend/src/api/middleware/rate-limit.ts +77 -0
package/backend/src/api/middleware/webhook-verify.ts +22 -0
package/backend/src/api/routes/attachments.ts +280 -0
package/backend/src/api/routes/auth.ts +52 -0
package/backend/src/api/routes/collaboration.ts +121 -0
package/backend/src/api/routes/documents.ts +664 -0
package/backend/src/api/routes/folders.ts +226 -0
package/backend/src/api/routes/search.ts +354 -0
package/backend/src/api/routes/share.ts +512 -0
package/backend/src/api/routes/tags.ts +247 -0
package/backend/src/api/routes/versions.ts +99 -0
package/backend/src/api/routes/webhooks.ts +43 -0
package/backend/src/embedding/chunker.ts +74 -0
package/backend/src/embedding/index.ts +117 -0
package/backend/src/embedding/providers/ollama.ts +63 -0
package/backend/src/embedding/providers/openrouter.ts +71 -0
package/backend/src/embedding/utils.ts +13 -0
package/backend/src/embedding/worker.ts +89 -0
package/backend/src/index.ts +147 -0
package/backend/src/lib/auth-helpers.ts +27 -0
package/backend/src/lib/auth.ts +35 -0
package/backend/src/lib/config.ts +73 -0
package/backend/src/lib/db.ts +7 -0
package/backend/src/lib/embedding-queue.ts +12 -0
package/backend/src/lib/logger.ts +18 -0
package/backend/src/lib/markdown-to-doc.ts +45 -0
package/backend/src/lib/minio.ts +46 -0
package/backend/src/lib/redis.ts +19 -0
package/backend/src/lib/yjs-provider.ts +182 -0
package/backend/tests/integration/_harness.ts +754 -0
package/backend/tests/integration/auth.test.ts +296 -0
package/backend/tests/integration/routes.documents.test.ts +459 -0
package/backend/tests/integration/routes.folders.test.ts +337 -0
package/backend/tests/integration/routes.search.test.ts +322 -0
package/backend/tests/integration/routes.share.test.ts +773 -0
package/backend/tests/integration/routes.tags.test.ts +425 -0
package/backend/tests/integration/routes.versions.test.ts +233 -0
package/backend/tsconfig.json +18 -0
package/docker-compose.yml +218 -0
package/docs/API.md +328 -0
package/docs/ARCHITECTURE.md +75 -0
package/docs/DEPLOYMENT.md +113 -0
package/docs/PRODUCTION_STATUS.md +61 -0
package/docs/openapi.json +385 -0
package/frontend/.svelte-kit.old/ambient.d.ts +230 -0
package/frontend/.svelte-kit.old/env.d.ts +1 -0
package/frontend/.svelte-kit.old/generated/client/app.js +46 -0
package/frontend/.svelte-kit.old/generated/client/matchers.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/0.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/1.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/10.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/2.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/3.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/4.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/5.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/6.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/7.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/8.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/9.js +3 -0
package/frontend/.svelte-kit.old/generated/root.js +3 -0
package/frontend/.svelte-kit.old/generated/root.svelte +80 -0
package/frontend/.svelte-kit.old/generated/server/internal.js +55 -0
package/frontend/.svelte-kit.old/non-ambient.d.ts +59 -0
package/frontend/.svelte-kit.old/tsconfig.json +59 -0
package/frontend/.svelte-kit.old/types/route_meta_data.json +40 -0
package/frontend/.svelte-kit.old/types/src/routes/$types.d.ts +21 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/$types.d.ts +30 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/docs/[id]/$types.d.ts +27 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/docs/[id]/proxy+page.ts +25 -0
package/frontend/.svelte-kit.old/types/src/routes/api/[...path]/$types.d.ts +10 -0
package/frontend/.svelte-kit.old/types/src/routes/folders/[id]/$types.d.ts +27 -0
package/frontend/.svelte-kit.old/types/src/routes/folders/[id]/proxy+page.ts +15 -0
package/frontend/.svelte-kit.old/types/src/routes/login/$types.d.ts +17 -0
package/frontend/.svelte-kit.old/types/src/routes/register/$types.d.ts +17 -0
package/frontend/.svelte-kit.old/types/src/routes/s/[token]/$types.d.ts +20 -0
package/frontend/.svelte-kit.old/types/src/routes/s/[token]/proxy+page.ts +6 -0
package/frontend/.svelte-kit.old/types/src/routes/search/$types.d.ts +19 -0
package/frontend/.svelte-kit.old/types/src/routes/search/proxy+page.ts +26 -0
package/frontend/.svelte-kit.old/types/src/routes/settings/$types.d.ts +17 -0
package/frontend/Dockerfile +44 -0
package/frontend/biome.json +40 -0
package/frontend/components.json +18 -0
package/frontend/messages/en.json +434 -0
package/frontend/package.json +70 -0
package/frontend/project.inlang/settings.json +12 -0
package/frontend/src/app.css +6 -0
package/frontend/src/app.d.ts +13 -0
package/frontend/src/app.html +30 -0
package/frontend/src/hooks.server.ts +10 -0
package/frontend/src/hooks.ts +10 -0
package/frontend/src/lib/api/attachments.ts +45 -0
package/frontend/src/lib/api/client.test.ts +15 -0
package/frontend/src/lib/api/client.ts +57 -0
package/frontend/src/lib/api/documents.ts +83 -0
package/frontend/src/lib/api/folders.ts +180 -0
package/frontend/src/lib/api/search.test.ts +52 -0
package/frontend/src/lib/api/search.ts +128 -0
package/frontend/src/lib/api/settings.ts +95 -0
package/frontend/src/lib/api/share.ts +71 -0
package/frontend/src/lib/api/tags.test.ts +91 -0
package/frontend/src/lib/api/tags.ts +87 -0
package/frontend/src/lib/auth-client.ts +10 -0
package/frontend/src/lib/collaboration.ts +63 -0
package/frontend/src/lib/components/AttachmentUpload.svelte +110 -0
package/frontend/src/lib/components/DatePicker.svelte +322 -0
package/frontend/src/lib/components/DocumentCard.svelte +166 -0
package/frontend/src/lib/components/EmptyState.svelte +49 -0
package/frontend/src/lib/components/FolderCard.svelte +93 -0
package/frontend/src/lib/components/ScrollToTop.svelte +72 -0
package/frontend/src/lib/components/SearchBar.svelte +47 -0
package/frontend/src/lib/components/SearchResult.svelte +115 -0
package/frontend/src/lib/components/SettingsDialog.svelte +271 -0
package/frontend/src/lib/components/ShareDialog.svelte +158 -0
package/frontend/src/lib/components/ShareLink.svelte +98 -0
package/frontend/src/lib/components/TagCreateDialog.svelte +284 -0
package/frontend/src/lib/components/VersionDiff.svelte +55 -0
package/frontend/src/lib/components/VersionHistory.svelte +96 -0
package/frontend/src/lib/components/editor/DocumentTitle.svelte +87 -0
package/frontend/src/lib/components/editor/EditorToolbar.svelte +1367 -0
package/frontend/src/lib/components/editor/HiAiEditor.svelte +531 -0
package/frontend/src/lib/components/editor/LinkDialog.svelte +134 -0
package/frontend/src/lib/components/editor/MarkdownToggle.svelte +88 -0
package/frontend/src/lib/components/editor/editorExtensions.ts +53 -0
package/frontend/src/lib/components/editor/markdown.ts +38 -0
package/frontend/src/lib/components/sidebar/FolderTree.svelte +731 -0
package/frontend/src/lib/components/sidebar/RecentDocs.svelte +311 -0
package/frontend/src/lib/components/sidebar/Sidebar.svelte +156 -0
package/frontend/src/lib/components/sidebar/TagList.svelte +200 -0
package/frontend/src/lib/components/ui/confirm-dialog/ConfirmDialog.svelte +76 -0
package/frontend/src/lib/components/ui/confirm-dialog/index.ts +1 -0
package/frontend/src/lib/stores/tag-store.svelte.ts +56 -0
package/frontend/src/lib/stores/theme.svelte.ts +97 -0
package/frontend/src/lib/svelte.d.ts +6 -0
package/frontend/src/lib/types.ts +44 -0
package/frontend/src/lib/utils/clipboard.ts +17 -0
package/frontend/src/lib/utils/strip-markdown.ts +59 -0
package/frontend/src/lib/utils.ts +33 -0
package/frontend/src/routes/(app)/+layout.svelte +17 -0
package/frontend/src/routes/(app)/+page.server.ts +10 -0
package/frontend/src/routes/(app)/+page.svelte +303 -0
package/frontend/src/routes/(app)/docs/[id]/+page.server.ts +10 -0
package/frontend/src/routes/(app)/docs/[id]/+page.svelte +1108 -0
package/frontend/src/routes/(app)/docs/[id]/+page.ts +24 -0
package/frontend/src/routes/(app)/search/+page.svelte +593 -0
package/frontend/src/routes/(app)/search/+page.ts +25 -0
package/frontend/src/routes/+error.svelte +12 -0
package/frontend/src/routes/+layout.svelte +18 -0
package/frontend/src/routes/+layout.ts +2 -0
package/frontend/src/routes/api/[...path]/+server.ts +111 -0
package/frontend/src/routes/folders/[id]/+page.server.ts +10 -0
package/frontend/src/routes/folders/[id]/+page.svelte +319 -0
package/frontend/src/routes/folders/[id]/+page.ts +14 -0
package/frontend/src/routes/login/+page.svelte +90 -0
package/frontend/src/routes/register/+page.svelte +97 -0
package/frontend/src/routes/s/[token]/+page.svelte +496 -0
package/frontend/src/routes/s/[token]/+page.ts +5 -0
package/frontend/src/routes/settings/+page.svelte +175 -0
package/frontend/static/favicon.png +0 -0
package/frontend/static/logo.png +0 -0
package/frontend/svelte.config.js +15 -0
package/frontend/tsconfig.json +15 -0
package/frontend/vite.config.ts +25 -0
package/init.sql +9 -0
package/logo.png +0 -0
package/package.json +39 -0
package/package.public.json +39 -0
package/packages/db/drizzle.config.ts +10 -0
package/packages/db/package.json +30 -0
package/packages/db/src/client.ts +9 -0
package/packages/db/src/index.ts +2 -0
package/packages/db/src/migrations/0000_nice_bedlam.sql +165 -0
package/packages/db/src/migrations/0001_w2_3_test.sql +5 -0
package/packages/db/src/migrations/0002_rename_content_json.sql +2 -0
package/packages/db/src/migrations/meta/0000_snapshot.json +1331 -0
package/packages/db/src/migrations/meta/0001_snapshot.json +1399 -0
package/packages/db/src/migrations/meta/0002_snapshot.json +1399 -0
package/packages/db/src/migrations/meta/_journal.json +27 -0
package/packages/db/src/schema.ts +378 -0
package/packages/db/tsconfig.json +17 -0
package/scripts/export-openapi.ts +37 -0
package/scripts/health-check.sh +75 -0
package/scripts/migrate.sh +135 -0
package/scripts/prework_backup.sh +25 -0
package/scripts/release.sh +83 -0
package/tsconfig.json +25 -0

package/backend/src/embedding/providers/openrouter.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * OpenRouter embedding provider.
+ * POST to https://openrouter.ai/api/v1/embeddings using OPENROUTER_API_KEY.
+ */
+import { logger } from "../../lib/logger";
+import { normalizeDimensions } from "../utils";
+const EMBEDDING_DIMENSIONS = 1024;
+const TIMEOUT_MS = 30_000;
+const OPENROUTER_URL = "https://openrouter.ai/api/v1/embeddings";
+interface OpenRouterEmbeddingResponse {
+	data: Array<{ embedding: number[] }>;
+}
+/**
+ * Get an embedding vector from OpenRouter.
+ * @param text - Text to embed
+ * @param model - Model name (default: openai/text-embedding-3-small)
+ * @param apiKey - OpenRouter API key
+ * @returns number[] of length 1024
+ */
+export async function getOpenRouterEmbedding(
+	text: string,
+	model: string,
+	apiKey: string,
+): Promise<number[]> {
+	if (!apiKey) {
+		throw new Error("OPENROUTER_API_KEY is required for OpenRouter embeddings");
+	}
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+	try {
+		const response = await fetch(OPENROUTER_URL, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${apiKey}`,
+			},
+			body: JSON.stringify({ model, input: text }),
+			signal: controller.signal,
+		});
+		if (!response.ok) {
+			const body = await response.text().catch(() => "unknown");
+			throw new Error(
+				`OpenRouter embedding failed: ${response.status} ${body}`,
+			);
+		}
+		const data = (await response.json()) as OpenRouterEmbeddingResponse;
+		const embedding = data.data?.[0]?.embedding;
+		if (!Array.isArray(embedding) || embedding.length === 0) {
+			throw new Error("OpenRouter returned empty or invalid embedding");
+		}
+		return normalizeDimensions(embedding, EMBEDDING_DIMENSIONS);
+	} catch (err) {
+		if (err instanceof Error && err.name === "AbortError") {
+			logger.error({ model }, "OpenRouter embedding request timed out");
+			throw new Error(`OpenRouter embedding timed out after ${TIMEOUT_MS}ms`);
+		}
+		throw err;
+	} finally {
+		clearTimeout(timeout);
+	}
+}

package/backend/src/embedding/utils.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Shared embedding utilities.
+ */
+/**
+ * Pad or truncate a vector to exactly `dims` dimensions.
+ */
+export function normalizeDimensions(vec: number[], dims: number): number[] {
+	if (vec.length === dims) return vec;
+	if (vec.length > dims) return vec.slice(0, dims);
+	// Pad with zeros
+	return [...vec, ...new Array(dims - vec.length).fill(0)];
+}

package/backend/src/embedding/worker.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { documentEmbeddings, documents } from "@hiai-docs/db/schema";
+import { eq } from "drizzle-orm";
+import { db } from "../lib/db";
+import { logger } from "../lib/logger";
+import { redis } from "../lib/redis";
+import { embedDocument } from "./index";
+const QUEUE_KEY = "hiai-docs:embedding-queue";
+export function startEmbeddingWorker(): void {
+	logger.info("Embedding worker started");
+	const processLoop = async (): Promise<void> => {
+		while (true) {
+			try {
+				const result = await redis.brpop(QUEUE_KEY, 1);
+				if (!result) continue;
+				const documentId = result[1];
+				await processDocument(documentId);
+			} catch (err) {
+				logger.error({ err }, "Embedding worker error");
+			}
+		}
+	};
+	processLoop();
+}
+async function processDocument(documentId: string): Promise<void> {
+	logger.info({ documentId }, "Processing embedding for document");
+	try {
+		const doc = await db.query.documents.findFirst({
+			where: eq(documents.id, documentId),
+			columns: {
+				id: true,
+				title: true,
+				content: true,
+			},
+		});
+		if (!doc) {
+			logger.warn({ documentId }, "Document not found, skipping embedding");
+			return;
+		}
+		const content = doc.content ?? "";
+		if (!content && doc.title === "Untitled") {
+			logger.debug(
+				{ documentId },
+				"Document has no content, skipping embedding",
+			);
+			return;
+		}
+		const embeddings = await embedDocument(doc.title, content);
+		if (embeddings.length === 0) {
+			logger.warn({ documentId }, "No embeddings produced for document");
+			return;
+		}
+		await db.transaction(async (tx) => {
+			await tx
+				.delete(documentEmbeddings)
+				.where(eq(documentEmbeddings.documentId, documentId));
+			const rows = embeddings.map((embedding, index) => ({
+				documentId,
+				chunkIndex: index,
+				chunkText: "",
+				embedding,
+			}));
+			await tx.insert(documentEmbeddings).values(rows);
+		});
+		logger.info(
+			{
+				documentId,
+				chunks: embeddings.length,
+				dimensions: embeddings[0]?.length,
+			},
+			"All chunk embeddings stored for document",
+		);
+	} catch (err) {
+		logger.error({ err, documentId }, "Failed to process document embedding");
+	}
+}

package/backend/src/index.ts ADDED Viewed

@@ -0,0 +1,147 @@
+import { cors } from "@elysiajs/cors";
+import { swagger } from "@elysiajs/swagger";
+import { Elysia } from "elysia";
+import { authMiddleware } from "./api/middleware/auth";
+import { csrfMiddleware } from "./api/middleware/csrf";
+import {
+	healthRateLimiter,
+	rateLimitHeaders,
+} from "./api/middleware/rate-limit";
+import { attachmentRoutes } from "./api/routes/attachments";
+import { authRoutes } from "./api/routes/auth";
+import { collaborationRoutes } from "./api/routes/collaboration";
+import { documentRoutes } from "./api/routes/documents";
+import { folderRoutes } from "./api/routes/folders";
+import { searchRoutes } from "./api/routes/search";
+import { shareRoutes } from "./api/routes/share";
+import { tagRoutes } from "./api/routes/tags";
+import { versionRoutes } from "./api/routes/versions";
+import { webhookRoutes } from "./api/routes/webhooks";
+import { config } from "./lib/config";
+import { startEmbeddingWorker } from "./lib/embedding-queue";
+import { logger } from "./lib/logger";
+import { BUCKET, ensureBucket, minio } from "./lib/minio";
+// Start background embedding worker
+startEmbeddingWorker();
+ensureBucket(minio, BUCKET).catch((err) => {
+	logger.error({ err }, "Failed to ensure MinIO bucket");
+});
+const MAX_BODY_SIZE_BYTES = 10 * 1024 * 1024;
+const CSP_POLICY = [
+	"default-src 'self'",
+	"script-src 'self' 'unsafe-inline'",
+	"style-src 'self' 'unsafe-inline'",
+	"img-src 'self' data: blob: http://localhost:9020 http://localhost:9000 http://minio:9000",
+	"connect-src 'self' http://localhost:50700 ws://localhost:50700",
+	"font-src 'self' data:",
+	"frame-ancestors 'none'",
+	"form-action 'self'",
+].join("; ");
+const HSTS_POLICY = "max-age=31536000; includeSubDomains";
+const bodySizeLimit = new Elysia().onBeforeHandle(({ request, set }) => {
+	const contentLength = request.headers.get("content-length");
+	if (contentLength !== null) {
+		const length = Number(contentLength);
+		if (Number.isFinite(length) && length > MAX_BODY_SIZE_BYTES) {
+			set.status = 413;
+			set.headers["X-Content-Type-Options"] = "nosniff";
+			set.headers["X-Frame-Options"] = "DENY";
+			return { error: "Request body too large (max 10MB)" };
+		}
+	}
+});
+const securityHeaders = new Elysia().onAfterHandle(({ set }) => {
+	set.headers["Content-Security-Policy"] = CSP_POLICY;
+	set.headers["Strict-Transport-Security"] = HSTS_POLICY;
+	set.headers["X-Content-Type-Options"] = "nosniff";
+	set.headers["X-Frame-Options"] = "DENY";
+});
+const swaggerConfig = {
+	path: "/api/docs",
+	documentation: {
+		info: {
+			title: "hiai-docs API",
+			version: "0.1.0",
+			description:
+				"Self-hosted AI-first documentation platform. Full-text + semantic search, version history, sharing, and folder organization.",
+			contact: { name: "hiai-gg", url: "https://github.com/hiai-gg/hiai-docs" },
+			license: { name: "MIT", url: "https://opensource.org/licenses/MIT" },
+		},
+		tags: [
+			{ name: "Auth", description: "Authentication endpoints" },
+			{ name: "Documents", description: "Document CRUD and search" },
+			{ name: "Folders", description: "Folder management" },
+			{ name: "Tags", description: "Tag management" },
+			{ name: "Versions", description: "Document version history" },
+			{ name: "Share", description: "Sharing and guest access" },
+			{ name: "Search", description: "Hybrid full-text + semantic search" },
+		],
+	},
+};
+const app = new Elysia()
+	.use(bodySizeLimit)
+	.use(securityHeaders)
+	.use(
+		cors({
+			origin: config.CORS_ORIGINS?.split(",") ?? [config.BETTER_AUTH_URL],
+			credentials: true,
+			maxAge: 86400,
+		}),
+	)
+	.use(
+		config.NODE_ENV !== "production"
+			? swagger(swaggerConfig)
+			: (e: Elysia) => e,
+	)
+	.get("/api/health", async ({ request }) => {
+		const ip =
+			request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ??
+			request.headers.get("x-real-ip") ??
+			"unknown";
+		const rl = await healthRateLimiter(ip);
+		const headers = rateLimitHeaders(rl.remaining, rl.retryAfter);
+		return Object.assign(
+			{
+				status: "ok",
+				service: "hiai-docs",
+				timestamp: new Date().toISOString(),
+			},
+			headers,
+		);
+	})
+	.use(csrfMiddleware)
+	.use(authMiddleware)
+	.use(authRoutes)
+	.use(tagRoutes)
+	.use(attachmentRoutes)
+	.use(shareRoutes)
+	.use(searchRoutes)
+	.use(documentRoutes)
+	.use(folderRoutes)
+	.use(versionRoutes)
+	.use(webhookRoutes)
+	.use(collaborationRoutes)
+	.listen(config.API_PORT);
+logger.info({ port: config.API_PORT }, "hiai-docs API started");
+// Graceful shutdown
+const shutdown = async () => {
+	logger.info("Shutting down...");
+	app.stop();
+	process.exit(0);
+};
+process.on("SIGTERM", shutdown);
+process.on("SIGINT", shutdown);
+export type App = typeof app;

package/backend/src/lib/auth-helpers.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { auth } from "./auth";
+import { config } from "./config";
+/**
+ * Extract user ID from request headers.
+ * Checks API key first (Bearer token), then falls back to Better Auth session.
+ * Returns null if no valid session.
+ */
+export async function getSessionUserId(
+	headers: Headers,
+): Promise<string | null> {
+	// Check API key first
+	const apiKey = config.HIAI_DOCS_API_KEY;
+	if (apiKey) {
+		const authHeader = headers.get("authorization");
+		if (authHeader?.startsWith("Bearer ")) {
+			const token = authHeader.slice(7);
+			if (token === apiKey) {
+				return config.OWNER_ID;
+			}
+		}
+	}
+	// Fall back to Better Auth session check
+	const session = await auth.api.getSession({ headers });
+	return session?.user?.id ?? null;
+}

package/backend/src/lib/auth.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { db } from "@hiai-docs/db";
+import { accounts, sessions, users, verifications } from "@hiai-docs/db/schema";
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { config } from "./config";
+export const auth = betterAuth({
+	database: drizzleAdapter(db, {
+		provider: "pg",
+		schema: {
+			user: users,
+			session: sessions,
+			account: accounts,
+			verification: verifications,
+		},
+	}),
+	secret: config.BETTER_AUTH_SECRET,
+	baseURL: config.BETTER_AUTH_URL,
+	trustedOrigins: process.env.TRUSTED_ORIGINS
+		? process.env.TRUSTED_ORIGINS.split(",").map((s) => s.trim())
+		: ["http://localhost:50701", "http://127.0.0.1:50701"],
+	emailAndPassword: {
+		enabled: true,
+	},
+	session: {
+		expiresIn: 60 * 60 * 24 * 7, // 7 days
+		updateAge: 60 * 60 * 24, // 1 day
+	},
+	advanced: {
+		database: {
+			generateId: false,
+		},
+		disableCSRFCheck: true,
+	},
+});

package/backend/src/lib/config.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { z } from "zod";
+import { logger } from "./logger";
+const envSchema = z.object({
+	DATABASE_URL: z
+		.string()
+		.default("postgresql://aiuser:aipassword@localhost:5433/hiai_docs"),
+	REDIS_URL: z.string().default("redis://localhost:6380"),
+	MINIO_ENDPOINT: z.string().default("localhost"),
+	MINIO_PORT: z.coerce.number().default(9010),
+	MINIO_PUBLIC_ENDPOINT: z.string().default("localhost"),
+	MINIO_PUBLIC_PORT: z.coerce.number().default(9020),
+	MINIO_ACCESS_KEY: z.string().default("minioadmin"),
+	MINIO_SECRET_KEY: z.string().default("change-me-to-random-32-chars"),
+	MINIO_BUCKET: z.string().default("hiai-docs"),
+	BETTER_AUTH_SECRET: z
+		.string()
+		.default("change-me-to-random-32-chars")
+		.refine(
+			(val) =>
+				process.env.NODE_ENV !== "production" ||
+				val !== "change-me-to-random-32-chars",
+			"BETTER_AUTH_SECRET must be set in production",
+		),
+	// CSRF: dedicated signing key — must NOT equal BETTER_AUTH_SECRET
+	CSRF_SECRET: z.string().default("change-me-to-random-32-chars"),
+	// Webhook: dedicated HMAC key — must NOT equal MINIO_SECRET_KEY
+	WEBHOOK_SECRET: z.string().default("change-me-to-random-32-chars"),
+	BETTER_AUTH_URL: z.string().default("http://localhost:50700"),
+	CORS_ORIGINS: z.string().optional(),
+	EMBEDDING_PROVIDER: z
+		.enum(["ollama", "openrouter", "voyage"])
+		.default("ollama"),
+	EMBEDDING_MODEL: z.string().default("nomic-embed-text"),
+	EMBEDDING_OLLAMA_URL: z.string().default("http://localhost:11434"),
+	EMBEDDING_FALLBACK_PROVIDER: z.string().default("openrouter"),
+	EMBEDDING_FALLBACK_MODEL: z.string().default("openai/text-embedding-3-small"),
+	OPENROUTER_API_KEY: z.string().optional(),
+	API_PORT: z.coerce.number().default(50700),
+	NODE_ENV: z
+		.enum(["development", "production", "test"])
+		.default("development"),
+	LOG_LEVEL: z
+		.enum(["trace", "debug", "info", "warn", "error", "fatal"])
+		.default("info"),
+	HIAI_DOCS_API_KEY: z.string().optional(),
+	OWNER_ID: z.string().default("api-key-user"),
+});
+let config: z.infer<typeof envSchema>;
+try {
+	config = envSchema.parse(process.env);
+} catch (err) {
+	logger.error({ err }, "FATAL: Invalid environment configuration");
+	process.exit(1);
+}
+if (config.NODE_ENV !== "production") {
+	if (!process.env.CSRF_SECRET) {
+		logger.warn(
+			"[config] CSRF_SECRET is not set — using insecure dev fallback. " +
+				"Set CSRF_SECRET in .env for any non-development environment.",
+		);
+	}
+	if (!process.env.WEBHOOK_SECRET) {
+		logger.warn(
+			"[config] WEBHOOK_SECRET is not set — using insecure dev fallback. " +
+				"Set WEBHOOK_SECRET in .env for any non-development environment.",
+		);
+	}
+}
+export { config };

package/backend/src/lib/db.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import * as schema from "@hiai-docs/db/schema";
+import { drizzle } from "drizzle-orm/postgres-js";
+import postgres from "postgres";
+import { config } from "./config";
+const client = postgres(config.DATABASE_URL);
+export const db = drizzle(client, { schema });

package/backend/src/lib/embedding-queue.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { logger } from "./logger";
+import { redis } from "./redis";
+const QUEUE_KEY = "hiai-docs:embedding-queue";
+export function enqueueEmbedding(documentId: string): void {
+	redis.lpush(QUEUE_KEY, documentId).catch((err) => {
+		logger.error({ err, documentId }, "Failed to enqueue embedding job");
+	});
+}
+export { startEmbeddingWorker } from "../embedding/worker";

package/backend/src/lib/logger.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import pino from "pino";
+// Read env directly to avoid circular dependency with config.ts
+const level = (process.env.LOG_LEVEL ?? "info") as
+	| "trace"
+	| "debug"
+	| "info"
+	| "warn"
+	| "error"
+	| "fatal";
+const isDev = process.env.NODE_ENV === "development";
+export const logger = pino({
+	level,
+	transport: isDev
+		? { target: "pino-pretty", options: { colorize: true } }
+		: undefined,
+});

package/backend/src/lib/markdown-to-doc.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import Highlight from "@tiptap/extension-highlight";
+import Image from "@tiptap/extension-image";
+import Link from "@tiptap/extension-link";
+import { generateJSON } from "@tiptap/html/server";
+import StarterKit from "@tiptap/starter-kit";
+import { marked } from "marked";
+import { logger } from "./logger";
+/**
+ * TipTap extension set used by the editor on the frontend
+ * (see frontend/src/lib/components/editor/HiAiEditor.svelte).
+ * Mirrored here so imported `.md`/`.txt`/`.markdown` files produce
+ * ProseMirror JSON the editor renders with full formatting.
+ *
+ * Excludes extensions that have no markdown equivalent or that need
+ * runtime resources the backend does not load (Collaboration, CodeBlockLowlight).
+ */
+const editorExtensions = [
+	StarterKit.configure({
+		heading: { levels: [1, 2, 3] },
+		codeBlock: false,
+		link: false,
+	}),
+	Link.configure({ openOnClick: false }),
+	Image.configure({ inline: false, allowBase64: false }),
+	Highlight.configure({ multicolor: true }),
+];
+/**
+ * Convert raw markdown text to TipTap/ProseMirror JSON that the editor
+ * accepts as `contentJson`. Returns `null` for empty input or on failure
+ * so the import handler can fall back to storing the raw text only.
+ */
+export async function markdownToDocJson(
+	markdown: string,
+): Promise<unknown | null> {
+	if (!markdown.trim()) return null;
+	try {
+		const html = await marked.parse(markdown, { async: true });
+		return generateJSON(html, editorExtensions);
+	} catch (err) {
+		logger.error({ err }, "markdownToDocJson failed");
+		return null;
+	}
+}

package/backend/src/lib/minio.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { Client } from "minio";
+import { config } from "./config";
+import { logger } from "./logger";
+export const minio = new Client({
+	endPoint: config.MINIO_ENDPOINT,
+	port: config.MINIO_PORT,
+	useSSL: false,
+	accessKey: config.MINIO_ACCESS_KEY,
+	secretKey: config.MINIO_SECRET_KEY,
+	region: "us-east-1",
+});
+/**
+ * Public-facing MinIO client used to sign presigned URLs.
+ *
+ * MinIO validates the URL signature against the Host header at request time,
+ * so a URL signed for the Docker-internal `minio:9000` endpoint is rejected
+ * (403) when the browser fetches it via `localhost:9020`. This client signs
+ * against the browser-resolvable host/port instead.
+ *
+ * Note: `region` is required explicitly. Without it, minio-js issues a HEAD
+ * request for region auto-detection, which fail with ECONNREFUSED inside the
+ * container because the public host/port (localhost:9020) is unreachable.
+ */
+export const minioPublic = new Client({
+	endPoint: config.MINIO_PUBLIC_ENDPOINT,
+	port: config.MINIO_PUBLIC_PORT,
+	useSSL: false,
+	accessKey: config.MINIO_ACCESS_KEY,
+	secretKey: config.MINIO_SECRET_KEY,
+	region: "us-east-1",
+});
+export const BUCKET = config.MINIO_BUCKET;
+export async function ensureBucket(
+	client: Client,
+	bucket: string,
+): Promise<void> {
+	const exists = await client.bucketExists(bucket);
+	if (!exists) {
+		await client.makeBucket(bucket, "us-east-1");
+		logger.info({ bucket }, "Created MinIO bucket");
+	}
+}

package/backend/src/lib/redis.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import Redis from "ioredis";
+import { config } from "./config";
+import { logger } from "./logger";
+export const redis = new Redis(config.REDIS_URL, {
+	maxRetriesPerRequest: 3,
+	retryStrategy(times) {
+		const delay = Math.min(times * 200, 2000);
+		return delay;
+	},
+});
+redis.on("error", (err) => {
+	logger.error({ err }, "Redis connection error");
+});
+redis.on("connect", () => {
+	logger.info("Redis connected");
+});