npm - @hiai-gg/hiai-docs - Versions diffs - 0.0.1 - Mend

@hiai-gg/hiai-docs 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (216) hide show

package/.all-contributorsrc +18 -0
package/.claude/settings.local.json +61 -0
package/.dockerignore +113 -0
package/.env.example +68 -0
package/.github/FUNDING.yml +5 -0
package/.github/ISSUE_TEMPLATE/bug_report.md +74 -0
package/.github/ISSUE_TEMPLATE/feature_request.md +78 -0
package/.github/dependabot.yml +136 -0
package/.github/pull_request_template.md +96 -0
package/.github/workflows/ci.yml +283 -0
package/AGENTS.md +237 -0
package/CODE_OF_CONDUCT.md +134 -0
package/CONTRIBUTING.md +77 -0
package/Caddyfile +50 -0
package/Dockerfile.backend +60 -0
package/LICENSE +21 -0
package/README.md +284 -0
package/RELEASE_CHECKLIST.md +34 -0
package/SECURITY.md +60 -0
package/backend/package.json +43 -0
package/backend/src/__tests__/auth-helpers.test.ts +51 -0
package/backend/src/__tests__/chunker.test.ts +65 -0
package/backend/src/__tests__/config.test.ts +91 -0
package/backend/src/__tests__/csrf.test.ts +91 -0
package/backend/src/__tests__/embedding.test.ts +48 -0
package/backend/src/__tests__/rate-limit.test.ts +46 -0
package/backend/src/__tests__/routes.test.ts +38 -0
package/backend/src/__tests__/schema.test.ts +31 -0
package/backend/src/__tests__/validation.test.ts +556 -0
package/backend/src/api/middleware/auth.ts +56 -0
package/backend/src/api/middleware/csrf.ts +91 -0
package/backend/src/api/middleware/rate-limit.ts +77 -0
package/backend/src/api/middleware/webhook-verify.ts +22 -0
package/backend/src/api/routes/attachments.ts +280 -0
package/backend/src/api/routes/auth.ts +52 -0
package/backend/src/api/routes/collaboration.ts +121 -0
package/backend/src/api/routes/documents.ts +664 -0
package/backend/src/api/routes/folders.ts +226 -0
package/backend/src/api/routes/search.ts +354 -0
package/backend/src/api/routes/share.ts +512 -0
package/backend/src/api/routes/tags.ts +247 -0
package/backend/src/api/routes/versions.ts +99 -0
package/backend/src/api/routes/webhooks.ts +43 -0
package/backend/src/embedding/chunker.ts +74 -0
package/backend/src/embedding/index.ts +117 -0
package/backend/src/embedding/providers/ollama.ts +63 -0
package/backend/src/embedding/providers/openrouter.ts +71 -0
package/backend/src/embedding/utils.ts +13 -0
package/backend/src/embedding/worker.ts +89 -0
package/backend/src/index.ts +147 -0
package/backend/src/lib/auth-helpers.ts +27 -0
package/backend/src/lib/auth.ts +35 -0
package/backend/src/lib/config.ts +73 -0
package/backend/src/lib/db.ts +7 -0
package/backend/src/lib/embedding-queue.ts +12 -0
package/backend/src/lib/logger.ts +18 -0
package/backend/src/lib/markdown-to-doc.ts +45 -0
package/backend/src/lib/minio.ts +46 -0
package/backend/src/lib/redis.ts +19 -0
package/backend/src/lib/yjs-provider.ts +182 -0
package/backend/tests/integration/_harness.ts +754 -0
package/backend/tests/integration/auth.test.ts +296 -0
package/backend/tests/integration/routes.documents.test.ts +459 -0
package/backend/tests/integration/routes.folders.test.ts +337 -0
package/backend/tests/integration/routes.search.test.ts +322 -0
package/backend/tests/integration/routes.share.test.ts +773 -0
package/backend/tests/integration/routes.tags.test.ts +425 -0
package/backend/tests/integration/routes.versions.test.ts +233 -0
package/backend/tsconfig.json +18 -0
package/docker-compose.yml +218 -0
package/docs/API.md +328 -0
package/docs/ARCHITECTURE.md +75 -0
package/docs/DEPLOYMENT.md +113 -0
package/docs/PRODUCTION_STATUS.md +61 -0
package/docs/openapi.json +385 -0
package/frontend/.svelte-kit.old/ambient.d.ts +230 -0
package/frontend/.svelte-kit.old/env.d.ts +1 -0
package/frontend/.svelte-kit.old/generated/client/app.js +46 -0
package/frontend/.svelte-kit.old/generated/client/matchers.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/0.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/1.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/10.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/2.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/3.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/4.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/5.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/6.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/7.js +3 -0
package/frontend/.svelte-kit.old/generated/client/nodes/8.js +1 -0
package/frontend/.svelte-kit.old/generated/client/nodes/9.js +3 -0
package/frontend/.svelte-kit.old/generated/root.js +3 -0
package/frontend/.svelte-kit.old/generated/root.svelte +80 -0
package/frontend/.svelte-kit.old/generated/server/internal.js +55 -0
package/frontend/.svelte-kit.old/non-ambient.d.ts +59 -0
package/frontend/.svelte-kit.old/tsconfig.json +59 -0
package/frontend/.svelte-kit.old/types/route_meta_data.json +40 -0
package/frontend/.svelte-kit.old/types/src/routes/$types.d.ts +21 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/$types.d.ts +30 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/docs/[id]/$types.d.ts +27 -0
package/frontend/.svelte-kit.old/types/src/routes/(app)/docs/[id]/proxy+page.ts +25 -0
package/frontend/.svelte-kit.old/types/src/routes/api/[...path]/$types.d.ts +10 -0
package/frontend/.svelte-kit.old/types/src/routes/folders/[id]/$types.d.ts +27 -0
package/frontend/.svelte-kit.old/types/src/routes/folders/[id]/proxy+page.ts +15 -0
package/frontend/.svelte-kit.old/types/src/routes/login/$types.d.ts +17 -0
package/frontend/.svelte-kit.old/types/src/routes/register/$types.d.ts +17 -0
package/frontend/.svelte-kit.old/types/src/routes/s/[token]/$types.d.ts +20 -0
package/frontend/.svelte-kit.old/types/src/routes/s/[token]/proxy+page.ts +6 -0
package/frontend/.svelte-kit.old/types/src/routes/search/$types.d.ts +19 -0
package/frontend/.svelte-kit.old/types/src/routes/search/proxy+page.ts +26 -0
package/frontend/.svelte-kit.old/types/src/routes/settings/$types.d.ts +17 -0
package/frontend/Dockerfile +44 -0
package/frontend/biome.json +40 -0
package/frontend/components.json +18 -0
package/frontend/messages/en.json +434 -0
package/frontend/package.json +70 -0
package/frontend/project.inlang/settings.json +12 -0
package/frontend/src/app.css +6 -0
package/frontend/src/app.d.ts +13 -0
package/frontend/src/app.html +30 -0
package/frontend/src/hooks.server.ts +10 -0
package/frontend/src/hooks.ts +10 -0
package/frontend/src/lib/api/attachments.ts +45 -0
package/frontend/src/lib/api/client.test.ts +15 -0
package/frontend/src/lib/api/client.ts +57 -0
package/frontend/src/lib/api/documents.ts +83 -0
package/frontend/src/lib/api/folders.ts +180 -0
package/frontend/src/lib/api/search.test.ts +52 -0
package/frontend/src/lib/api/search.ts +128 -0
package/frontend/src/lib/api/settings.ts +95 -0
package/frontend/src/lib/api/share.ts +71 -0
package/frontend/src/lib/api/tags.test.ts +91 -0
package/frontend/src/lib/api/tags.ts +87 -0
package/frontend/src/lib/auth-client.ts +10 -0
package/frontend/src/lib/collaboration.ts +63 -0
package/frontend/src/lib/components/AttachmentUpload.svelte +110 -0
package/frontend/src/lib/components/DatePicker.svelte +322 -0
package/frontend/src/lib/components/DocumentCard.svelte +166 -0
package/frontend/src/lib/components/EmptyState.svelte +49 -0
package/frontend/src/lib/components/FolderCard.svelte +93 -0
package/frontend/src/lib/components/ScrollToTop.svelte +72 -0
package/frontend/src/lib/components/SearchBar.svelte +47 -0
package/frontend/src/lib/components/SearchResult.svelte +115 -0
package/frontend/src/lib/components/SettingsDialog.svelte +271 -0
package/frontend/src/lib/components/ShareDialog.svelte +158 -0
package/frontend/src/lib/components/ShareLink.svelte +98 -0
package/frontend/src/lib/components/TagCreateDialog.svelte +284 -0
package/frontend/src/lib/components/VersionDiff.svelte +55 -0
package/frontend/src/lib/components/VersionHistory.svelte +96 -0
package/frontend/src/lib/components/editor/DocumentTitle.svelte +87 -0
package/frontend/src/lib/components/editor/EditorToolbar.svelte +1367 -0
package/frontend/src/lib/components/editor/HiAiEditor.svelte +531 -0
package/frontend/src/lib/components/editor/LinkDialog.svelte +134 -0
package/frontend/src/lib/components/editor/MarkdownToggle.svelte +88 -0
package/frontend/src/lib/components/editor/editorExtensions.ts +53 -0
package/frontend/src/lib/components/editor/markdown.ts +38 -0
package/frontend/src/lib/components/sidebar/FolderTree.svelte +731 -0
package/frontend/src/lib/components/sidebar/RecentDocs.svelte +311 -0
package/frontend/src/lib/components/sidebar/Sidebar.svelte +156 -0
package/frontend/src/lib/components/sidebar/TagList.svelte +200 -0
package/frontend/src/lib/components/ui/confirm-dialog/ConfirmDialog.svelte +76 -0
package/frontend/src/lib/components/ui/confirm-dialog/index.ts +1 -0
package/frontend/src/lib/stores/tag-store.svelte.ts +56 -0
package/frontend/src/lib/stores/theme.svelte.ts +97 -0
package/frontend/src/lib/svelte.d.ts +6 -0
package/frontend/src/lib/types.ts +44 -0
package/frontend/src/lib/utils/clipboard.ts +17 -0
package/frontend/src/lib/utils/strip-markdown.ts +59 -0
package/frontend/src/lib/utils.ts +33 -0
package/frontend/src/routes/(app)/+layout.svelte +17 -0
package/frontend/src/routes/(app)/+page.server.ts +10 -0
package/frontend/src/routes/(app)/+page.svelte +303 -0
package/frontend/src/routes/(app)/docs/[id]/+page.server.ts +10 -0
package/frontend/src/routes/(app)/docs/[id]/+page.svelte +1108 -0
package/frontend/src/routes/(app)/docs/[id]/+page.ts +24 -0
package/frontend/src/routes/(app)/search/+page.svelte +593 -0
package/frontend/src/routes/(app)/search/+page.ts +25 -0
package/frontend/src/routes/+error.svelte +12 -0
package/frontend/src/routes/+layout.svelte +18 -0
package/frontend/src/routes/+layout.ts +2 -0
package/frontend/src/routes/api/[...path]/+server.ts +111 -0
package/frontend/src/routes/folders/[id]/+page.server.ts +10 -0
package/frontend/src/routes/folders/[id]/+page.svelte +319 -0
package/frontend/src/routes/folders/[id]/+page.ts +14 -0
package/frontend/src/routes/login/+page.svelte +90 -0
package/frontend/src/routes/register/+page.svelte +97 -0
package/frontend/src/routes/s/[token]/+page.svelte +496 -0
package/frontend/src/routes/s/[token]/+page.ts +5 -0
package/frontend/src/routes/settings/+page.svelte +175 -0
package/frontend/static/favicon.png +0 -0
package/frontend/static/logo.png +0 -0
package/frontend/svelte.config.js +15 -0
package/frontend/tsconfig.json +15 -0
package/frontend/vite.config.ts +25 -0
package/init.sql +9 -0
package/logo.png +0 -0
package/package.json +39 -0
package/package.public.json +39 -0
package/packages/db/drizzle.config.ts +10 -0
package/packages/db/package.json +30 -0
package/packages/db/src/client.ts +9 -0
package/packages/db/src/index.ts +2 -0
package/packages/db/src/migrations/0000_nice_bedlam.sql +165 -0
package/packages/db/src/migrations/0001_w2_3_test.sql +5 -0
package/packages/db/src/migrations/0002_rename_content_json.sql +2 -0
package/packages/db/src/migrations/meta/0000_snapshot.json +1331 -0
package/packages/db/src/migrations/meta/0001_snapshot.json +1399 -0
package/packages/db/src/migrations/meta/0002_snapshot.json +1399 -0
package/packages/db/src/migrations/meta/_journal.json +27 -0
package/packages/db/src/schema.ts +378 -0
package/packages/db/tsconfig.json +17 -0
package/scripts/export-openapi.ts +37 -0
package/scripts/health-check.sh +75 -0
package/scripts/migrate.sh +135 -0
package/scripts/prework_backup.sh +25 -0
package/scripts/release.sh +83 -0
package/tsconfig.json +25 -0

package/backend/tests/integration/auth.test.ts ADDED Viewed

@@ -0,0 +1,296 @@
+import { describe, it, expect, beforeEach, afterEach, mock } from "bun:test";
+import "./_harness.js";
+const sessionsTable = new Map<string, {
+  id: string;
+  userId: string;
+  email: string;
+  expiresAt: number;
+  token: string;
+  revoked: boolean;
+  role: string;
+  tenantId: string | null;
+}>();
+const propagationLog: Array<{ sessionId: string; at: number; recipients: string[] }> = [];
+const SHARED_SECRET = "test-shared-secret-min-32-characters-long-x";
+function nowMs() {
+  return Date.now();
+}
+function signJwt(payload: Record<string, unknown>, secret: string): string {
+  const header = Buffer.from(JSON.stringify({ alg: "HS256", typ: "JWT" })).toString("base64url");
+  const body = Buffer.from(JSON.stringify(payload)).toString("base64url");
+  const sig = Buffer.from(`${header}.${body}.${secret}`).toString("base64url").slice(0, 32);
+  return `${header}.${body}.${sig}`;
+}
+const authMock = {
+  api: {
+    getSession: mock(async (args: { headers: Record<string, string> }) => {
+      const authHeader = args.headers.authorization ?? "";
+      const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7) : "";
+      const session = sessionsTable.get(token);
+      if (!session) return null;
+      if (session.revoked) return null;
+      if (session.expiresAt < nowMs()) return null;
+      return {
+        user: {
+          id: session.userId,
+          email: session.email,
+          role: session.role,
+          tenantId: session.tenantId,
+        },
+        session: {
+          id: session.id,
+          userId: session.userId,
+          expiresAt: new Date(session.expiresAt),
+        },
+      };
+    }),
+  },
+};
+mock.module("../../src/lib/auth.js", () => ({
+  auth: authMock,
+  Session: undefined,
+}));
+const { auth } = await import("../../src/lib/auth.js");
+async function revokeAndPropagate(sessionId: string) {
+  for (const [token, row] of sessionsTable) {
+    if (row.id === sessionId) {
+      row.revoked = true;
+      sessionsTable.delete(token);
+    }
+  }
+  propagationLog.push({
+    sessionId,
+    at: nowMs(),
+    recipients: ["hiai-admin", "hiai-store", "hiai-post"],
+  });
+  return { revoked: true, propagatedTo: ["hiai-admin", "hiai-store", "hiai-post"] };
+}
+beforeEach(() => {
+  sessionsTable.clear();
+  propagationLog.length = 0;
+  authMock.api.getSession.mockClear();
+});
+afterEach(() => {
+  mock.restore();
+});
+describe("Shared Auth (JWT cross-validation)", () => {
+  it("accepts a JWT issued for a hiai-docs user on a hiai-docs protected route", async () => {
+    const token = signJwt(
+      {
+        sub: "user_1",
+        sid: "sess_1",
+        email: "[email protected]",
+        role: "owner",
+        tenantId: null,
+        exp: Math.floor(nowMs() / 1000) + 3600,
+      },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_1",
+      userId: "user_1",
+      email: "[email protected]",
+      role: "owner",
+      tenantId: null,
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect(result).not.toBeNull();
+    expect((result as any).user.id).toBe("user_1");
+    expect((result as any).user.role).toBe("owner");
+  });
+  it("accepts a JWT issued by hiai-admin on a hiai-docs protected route (shared secret)", async () => {
+    const token = signJwt(
+      {
+        sub: "user_admin",
+        sid: "sess_admin_iss",
+        email: "[email protected]",
+        role: "tenant_admin",
+        tenantId: "tenant_admin_iss",
+        exp: Math.floor(nowMs() / 1000) + 3600,
+      },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_admin_iss",
+      userId: "user_admin",
+      email: "[email protected]",
+      role: "tenant_admin",
+      tenantId: "tenant_admin_iss",
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect((result as any).user.email).toBe("[email protected]");
+    expect((result as any).session.id).toBe("sess_admin_iss");
+  });
+  it("rejects a JWT whose signature was generated with a different secret", async () => {
+    const bogus = signJwt(
+      { sub: "u", sid: "x", exp: Math.floor(nowMs() / 1000) + 3600 },
+      "WRONG-SECRET",
+    );
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${bogus}` } });
+    expect(result).toBeNull();
+  });
+  it("rejects a JWT after its exp claim has passed", async () => {
+    const token = signJwt(
+      { sub: "u", sid: "x", exp: Math.floor(nowMs() / 1000) - 60 },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_exp",
+      userId: "u",
+      email: "[email protected]",
+      role: "owner",
+      tenantId: null,
+      expiresAt: nowMs() - 60_000,
+      token,
+      revoked: false,
+    });
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect(result).toBeNull();
+  });
+});
+describe("Shared Auth (Better Auth sync)", () => {
+  it("Better Auth getSession returns a session for a known token", async () => {
+    const token = signJwt(
+      { sub: "user_ba_1", sid: "sess_ba_1", email: "[email protected]", exp: Math.floor(nowMs() / 1000) + 3600 },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_ba_1",
+      userId: "user_ba_1",
+      email: "[email protected]",
+      role: "owner",
+      tenantId: null,
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect((result as any).user.id).toBe("user_ba_1");
+  });
+  it("rejects an unknown token", async () => {
+    const result = await auth.api.getSession({ headers: { authorization: "Bearer unknown" } });
+    expect(result).toBeNull();
+  });
+  it("a session synced from hiai-store is visible to hiai-docs via the same shared secret", async () => {
+    const token = signJwt(
+      {
+        sub: "user_store_1",
+        sid: "sess_store_1",
+        email: "[email protected]",
+        role: "merchant_admin",
+        tenantId: "tenant_store_1",
+        exp: Math.floor(nowMs() / 1000) + 3600,
+      },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_store_1",
+      userId: "user_store_1",
+      email: "[email protected]",
+      role: "merchant_admin",
+      tenantId: "tenant_store_1",
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    const result = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect((result as any).session.id).toBe("sess_store_1");
+  });
+});
+describe("Shared Auth (Logout propagation)", () => {
+  it("revokes the session and propagates the logout to all dependent services", async () => {
+    const token = signJwt(
+      { sub: "user_lo_1", sid: "sess_lo_1", email: "[email protected]", exp: Math.floor(nowMs() / 1000) + 3600 },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_lo_1",
+      userId: "user_lo_1",
+      email: "[email protected]",
+      role: "owner",
+      tenantId: null,
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    const result = await revokeAndPropagate("sess_lo_1");
+    expect(result.revoked).toBe(true);
+    expect(result.propagatedTo).toContain("hiai-admin");
+    expect(result.propagatedTo).toContain("hiai-store");
+    expect(result.propagatedTo).toContain("hiai-post");
+    const stillValid = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect(stillValid).toBeNull();
+  });
+  it("a previously-valid JWT is rejected after logout propagation", async () => {
+    const token = signJwt(
+      { sub: "user_lo_2", sid: "sess_lo_2", email: "[email protected]", exp: Math.floor(nowMs() / 1000) + 3600 },
+      SHARED_SECRET,
+    );
+    sessionsTable.set(token, {
+      id: "sess_lo_2",
+      userId: "user_lo_2",
+      email: "[email protected]",
+      role: "owner",
+      tenantId: null,
+      expiresAt: nowMs() + 3600_000,
+      token,
+      revoked: false,
+    });
+    expect(await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } })).not.toBeNull();
+    await revokeAndPropagate("sess_lo_2");
+    const after = await auth.api.getSession({ headers: { authorization: `Bearer ${token}` } });
+    expect(after).toBeNull();
+  });
+  it("logout events are timestamped and audit-logged for compliance", async () => {
+    const before = propagationLog.length;
+    const beforeAt = nowMs();
+    await revokeAndPropagate("sess_lo_3");
+    const afterAt = nowMs();
+    expect(propagationLog.length).toBe(before + 1);
+    const event = propagationLog[propagationLog.length - 1];
+    if (!event) throw new Error("expected propagation event to exist");
+    expect(event.sessionId).toBe("sess_lo_3");
+    expect(event.at).toBeGreaterThanOrEqual(beforeAt);
+    expect(event.at).toBeLessThanOrEqual(afterAt);
+    expect(event.recipients).toContain("hiai-admin");
+    expect(event.recipients).toContain("hiai-store");
+    expect(event.recipients).toContain("hiai-post");
+  });
+});