@hogsend/engine 0.0.1

package/src/routes/admin/alerts.ts

@@ -0,0 +1,347 @@
+import { alertHistory, alertRules } from "@hogsend/db";
+import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
+import { and, count, desc, eq, gte, lte } from "drizzle-orm";
+import type { AppEnv } from "../../app.js";
+import { errorSchema } from "../../lib/schemas.js";
+
+const alertRuleSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  type: z.string(),
+  threshold: z.record(z.string(), z.number()),
+  channel: z.string(),
+  channelConfig: z.record(z.string(), z.string()),
+  enabled: z.boolean(),
+  cooldownMinutes: z.number(),
+  lastFiredAt: z.string().nullable(),
+  createdAt: z.string(),
+  updatedAt: z.string(),
+});
+
+const alertHistorySchema = z.object({
+  id: z.string(),
+  alertRuleId: z.string(),
+  payload: z.record(z.string(), z.unknown()).nullable(),
+  deliveryStatus: z.string(),
+  error: z.string().nullable(),
+  createdAt: z.string(),
+});
+
+const listRulesRoute = createRoute({
+  method: "get",
+  path: "/rules",
+  tags: ["Admin — Alerts"],
+  summary: "List alert rules",
+  request: {
+    query: z.object({
+      limit: z.coerce.number().min(1).max(100).default(50),
+      offset: z.coerce.number().min(0).default(0),
+    }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            rules: z.array(alertRuleSchema),
+            total: z.number(),
+            limit: z.number(),
+            offset: z.number(),
+          }),
+        },
+      },
+      description: "Paginated alert rules list",
+    },
+  },
+});
+
+const createRuleRoute = createRoute({
+  method: "post",
+  path: "/rules",
+  tags: ["Admin — Alerts"],
+  summary: "Create an alert rule",
+  request: {
+    body: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            name: z.string().min(1),
+            type: z.enum([
+              "bounce_rate_exceeded",
+              "journey_failure_spike",
+              "delivery_issue",
+              "high_complaint_rate",
+            ]),
+            threshold: z.record(z.string(), z.number()),
+            channel: z.enum(["webhook", "slack", "email"]),
+            channelConfig: z.record(z.string(), z.string()),
+            cooldownMinutes: z.number().min(1).default(60),
+          }),
+        },
+      },
+    },
+  },
+  responses: {
+    201: {
+      content: {
+        "application/json": {
+          schema: z.object({ rule: alertRuleSchema }),
+        },
+      },
+      description: "Alert rule created",
+    },
+  },
+});
+
+const updateRuleRoute = createRoute({
+  method: "patch",
+  path: "/rules/{id}",
+  tags: ["Admin — Alerts"],
+  summary: "Update an alert rule",
+  request: {
+    params: z.object({ id: z.string().uuid() }),
+    body: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            name: z.string().optional(),
+            threshold: z.record(z.string(), z.number()).optional(),
+            channelConfig: z.record(z.string(), z.string()).optional(),
+            enabled: z.boolean().optional(),
+            cooldownMinutes: z.number().min(1).optional(),
+          }),
+        },
+      },
+    },
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({ rule: alertRuleSchema }),
+        },
+      },
+      description: "Alert rule updated",
+    },
+    404: {
+      content: { "application/json": { schema: errorSchema } },
+      description: "Alert rule not found",
+    },
+  },
+});
+
+const deleteRuleRoute = createRoute({
+  method: "delete",
+  path: "/rules/{id}",
+  tags: ["Admin — Alerts"],
+  summary: "Delete an alert rule",
+  request: {
+    params: z.object({ id: z.string().uuid() }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({ deleted: z.boolean() }),
+        },
+      },
+      description: "Alert rule deleted",
+    },
+    404: {
+      content: { "application/json": { schema: errorSchema } },
+      description: "Alert rule not found",
+    },
+  },
+});
+
+const listHistoryRoute = createRoute({
+  method: "get",
+  path: "/history",
+  tags: ["Admin — Alerts"],
+  summary: "List alert history",
+  request: {
+    query: z.object({
+      limit: z.coerce.number().min(1).max(100).default(50),
+      offset: z.coerce.number().min(0).default(0),
+      ruleId: z.string().uuid().optional(),
+      from: z.string().datetime().optional(),
+      to: z.string().datetime().optional(),
+    }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            history: z.array(alertHistorySchema),
+            total: z.number(),
+            limit: z.number(),
+            offset: z.number(),
+          }),
+        },
+      },
+      description: "Paginated alert history",
+    },
+  },
+});
+
+function serializeRule(row: typeof alertRules.$inferSelect) {
+  return {
+    id: row.id,
+    name: row.name,
+    type: row.type,
+    threshold: row.threshold as Record<string, number>,
+    channel: row.channel,
+    channelConfig: row.channelConfig as Record<string, string>,
+    enabled: row.enabled,
+    cooldownMinutes: row.cooldownMinutes,
+    lastFiredAt: row.lastFiredAt?.toISOString() ?? null,
+    createdAt: row.createdAt.toISOString(),
+    updatedAt: row.updatedAt.toISOString(),
+  };
+}
+
+export const alertsRouter = new OpenAPIHono<AppEnv>()
+  .openapi(listRulesRoute, async (c) => {
+    const { db } = c.get("container");
+    const { limit, offset } = c.req.valid("query");
+
+    const [rows, totalRows] = await Promise.all([
+      db
+        .select()
+        .from(alertRules)
+        .orderBy(desc(alertRules.createdAt))
+        .limit(limit)
+        .offset(offset),
+      db.select({ count: count() }).from(alertRules),
+    ]);
+
+    return c.json(
+      {
+        rules: rows.map(serializeRule),
+        total: totalRows[0]?.count ?? 0,
+        limit,
+        offset,
+      },
+      200,
+    );
+  })
+  .openapi(createRuleRoute, async (c) => {
+    const { db } = c.get("container");
+    const body = c.req.valid("json");
+
+    const [created] = await db
+      .insert(alertRules)
+      .values({
+        name: body.name,
+        type: body.type,
+        threshold: body.threshold,
+        channel: body.channel,
+        channelConfig: body.channelConfig,
+        cooldownMinutes: body.cooldownMinutes,
+      })
+      .returning();
+
+    if (!created) throw new Error("Failed to create alert rule");
+
+    return c.json({ rule: serializeRule(created) }, 201);
+  })
+  .openapi(updateRuleRoute, async (c) => {
+    const { db } = c.get("container");
+    const { id } = c.req.valid("param");
+    const body = c.req.valid("json");
+
+    const rows = await db
+      .select()
+      .from(alertRules)
+      .where(eq(alertRules.id, id))
+      .limit(1);
+
+    if (!rows[0]) {
+      return c.json({ error: "Alert rule not found" }, 404);
+    }
+
+    const [updated] = await db
+      .update(alertRules)
+      .set({
+        ...(body.name !== undefined ? { name: body.name } : {}),
+        ...(body.threshold !== undefined ? { threshold: body.threshold } : {}),
+        ...(body.channelConfig !== undefined
+          ? { channelConfig: body.channelConfig }
+          : {}),
+        ...(body.enabled !== undefined ? { enabled: body.enabled } : {}),
+        ...(body.cooldownMinutes !== undefined
+          ? { cooldownMinutes: body.cooldownMinutes }
+          : {}),
+        updatedAt: new Date(),
+      })
+      .where(eq(alertRules.id, id))
+      .returning();
+
+    if (!updated) throw new Error("Failed to update alert rule");
+
+    return c.json({ rule: serializeRule(updated) }, 200);
+  })
+  .openapi(deleteRuleRoute, async (c) => {
+    const { db } = c.get("container");
+    const { id } = c.req.valid("param");
+
+    const rows = await db
+      .select()
+      .from(alertRules)
+      .where(eq(alertRules.id, id))
+      .limit(1);
+
+    if (!rows[0]) {
+      return c.json({ error: "Alert rule not found" }, 404);
+    }
+
+    await db.delete(alertRules).where(eq(alertRules.id, id));
+
+    return c.json({ deleted: true }, 200);
+  })
+  .openapi(listHistoryRoute, async (c) => {
+    const { db } = c.get("container");
+    const { limit, offset, ruleId, from, to } = c.req.valid("query");
+
+    const conditions = [];
+    if (ruleId) {
+      conditions.push(eq(alertHistory.alertRuleId, ruleId));
+    }
+    if (from) {
+      conditions.push(gte(alertHistory.createdAt, new Date(from)));
+    }
+    if (to) {
+      conditions.push(lte(alertHistory.createdAt, new Date(to)));
+    }
+
+    const where = conditions.length > 0 ? and(...conditions) : undefined;
+
+    const [rows, totalRows] = await Promise.all([
+      db
+        .select()
+        .from(alertHistory)
+        .where(where)
+        .orderBy(desc(alertHistory.createdAt))
+        .limit(limit)
+        .offset(offset),
+      db.select({ count: count() }).from(alertHistory).where(where),
+    ]);
+
+    return c.json(
+      {
+        history: rows.map((row) => ({
+          id: row.id,
+          alertRuleId: row.alertRuleId,
+          payload: (row.payload ?? null) as Record<string, unknown> | null,
+          deliveryStatus: row.deliveryStatus,
+          error: row.error,
+          createdAt: row.createdAt.toISOString(),
+        })),
+        total: totalRows[0]?.count ?? 0,
+        limit,
+        offset,
+      },
+      200,
+    );
+  });

package/src/routes/admin/api-keys.ts

@@ -0,0 +1,211 @@
+import { apiKeys } from "@hogsend/db";
+import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
+import { and, count, desc, eq, isNull } from "drizzle-orm";
+import type { AppEnv } from "../../app.js";
+import { generateApiKey } from "../../lib/api-key-hash.js";
+import { errorSchema } from "../../lib/schemas.js";
+
+const apiKeySchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  keyPrefix: z.string(),
+  scopes: z.array(z.string()),
+  createdBy: z.string().nullable(),
+  lastUsedAt: z.string().nullable(),
+  revokedAt: z.string().nullable(),
+  expiresAt: z.string().nullable(),
+  createdAt: z.string(),
+});
+
+const listRoute = createRoute({
+  method: "get",
+  path: "/",
+  tags: ["Admin — API Keys"],
+  summary: "List API keys",
+  request: {
+    query: z.object({
+      limit: z.coerce.number().min(1).max(100).default(50),
+      offset: z.coerce.number().min(0).default(0),
+      includeRevoked: z.enum(["true", "false"]).default("false"),
+    }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            keys: z.array(apiKeySchema),
+            total: z.number(),
+            limit: z.number(),
+            offset: z.number(),
+          }),
+        },
+      },
+      description: "Paginated API key list",
+    },
+  },
+});
+
+const createKeyRoute = createRoute({
+  method: "post",
+  path: "/",
+  tags: ["Admin — API Keys"],
+  summary: "Create a new API key",
+  request: {
+    body: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            name: z.string().min(1).max(100),
+            scopes: z
+              .array(z.enum(["read", "journey-admin", "full-admin"]))
+              .min(1)
+              .default(["read"]),
+            expiresAt: z.string().datetime().optional(),
+          }),
+        },
+      },
+    },
+  },
+  responses: {
+    201: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            id: z.string(),
+            name: z.string(),
+            key: z.string(),
+            keyPrefix: z.string(),
+            scopes: z.array(z.string()),
+            expiresAt: z.string().nullable(),
+            createdAt: z.string(),
+          }),
+        },
+      },
+      description: "API key created — key is shown only once",
+    },
+  },
+});
+
+const revokeRoute = createRoute({
+  method: "delete",
+  path: "/{id}",
+  tags: ["Admin — API Keys"],
+  summary: "Revoke an API key",
+  request: {
+    params: z.object({ id: z.string().uuid() }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({ revoked: z.boolean() }),
+        },
+      },
+      description: "API key revoked",
+    },
+    404: {
+      content: { "application/json": { schema: errorSchema } },
+      description: "API key not found",
+    },
+  },
+});
+
+function serializeKey(row: typeof apiKeys.$inferSelect) {
+  return {
+    id: row.id,
+    name: row.name,
+    keyPrefix: row.keyPrefix,
+    scopes: row.scopes as string[],
+    createdBy: row.createdBy,
+    lastUsedAt: row.lastUsedAt?.toISOString() ?? null,
+    revokedAt: row.revokedAt?.toISOString() ?? null,
+    expiresAt: row.expiresAt?.toISOString() ?? null,
+    createdAt: row.createdAt.toISOString(),
+  };
+}
+
+export const apiKeysRouter = new OpenAPIHono<AppEnv>()
+  .openapi(listRoute, async (c) => {
+    const { db } = c.get("container");
+    const { limit, offset, includeRevoked } = c.req.valid("query");
+
+    const where =
+      includeRevoked === "true" ? undefined : isNull(apiKeys.revokedAt);
+
+    const [rows, totalRows] = await Promise.all([
+      db
+        .select()
+        .from(apiKeys)
+        .where(where)
+        .orderBy(desc(apiKeys.createdAt))
+        .limit(limit)
+        .offset(offset),
+      db.select({ count: count() }).from(apiKeys).where(where),
+    ]);
+
+    return c.json(
+      {
+        keys: rows.map(serializeKey),
+        total: totalRows[0]?.count ?? 0,
+        limit,
+        offset,
+      },
+      200,
+    );
+  })
+  .openapi(createKeyRoute, async (c) => {
+    const { db } = c.get("container");
+    const body = c.req.valid("json");
+    const actor = c.get("apiKey");
+
+    const { key, prefix, hash } = generateApiKey();
+
+    const [created] = await db
+      .insert(apiKeys)
+      .values({
+        name: body.name,
+        keyPrefix: prefix,
+        keyHash: hash,
+        scopes: body.scopes,
+        createdBy: actor?.name ?? null,
+        expiresAt: body.expiresAt ? new Date(body.expiresAt) : null,
+      })
+      .returning();
+
+    if (!created) throw new Error("Failed to create API key");
+
+    return c.json(
+      {
+        id: created.id,
+        name: created.name,
+        key,
+        keyPrefix: prefix,
+        scopes: created.scopes as string[],
+        expiresAt: created.expiresAt?.toISOString() ?? null,
+        createdAt: created.createdAt.toISOString(),
+      },
+      201,
+    );
+  })
+  .openapi(revokeRoute, async (c) => {
+    const { db } = c.get("container");
+    const { id } = c.req.valid("param");
+
+    const rows = await db
+      .select()
+      .from(apiKeys)
+      .where(and(eq(apiKeys.id, id), isNull(apiKeys.revokedAt)))
+      .limit(1);
+
+    if (!rows[0]) {
+      return c.json({ error: "API key not found or already revoked" }, 404);
+    }
+
+    await db
+      .update(apiKeys)
+      .set({ revokedAt: new Date(), updatedAt: new Date() })
+      .where(eq(apiKeys.id, id));
+
+    return c.json({ revoked: true }, 200);
+  });

package/src/routes/admin/audit-logs.ts

@@ -0,0 +1,102 @@
+import { auditLogs } from "@hogsend/db";
+import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
+import { and, count, desc, eq, gte, lte } from "drizzle-orm";
+import type { AppEnv } from "../../app.js";
+
+const auditLogSchema = z.object({
+  id: z.string(),
+  actor: z.string(),
+  actorKeyId: z.string().nullable(),
+  action: z.string(),
+  resource: z.string(),
+  resourceId: z.string().nullable(),
+  detail: z.record(z.string(), z.unknown()).nullable(),
+  ipAddress: z.string().nullable(),
+  createdAt: z.string(),
+});
+
+const listRoute = createRoute({
+  method: "get",
+  path: "/",
+  tags: ["Admin — Audit"],
+  summary: "List audit logs",
+  request: {
+    query: z.object({
+      limit: z.coerce.number().min(1).max(100).default(50),
+      offset: z.coerce.number().min(0).default(0),
+      actor: z.string().optional(),
+      resource: z.string().optional(),
+      action: z.string().optional(),
+      from: z.string().datetime().optional(),
+      to: z.string().datetime().optional(),
+    }),
+  },
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z.object({
+            logs: z.array(auditLogSchema),
+            total: z.number(),
+            limit: z.number(),
+            offset: z.number(),
+          }),
+        },
+      },
+      description: "Paginated audit log list",
+    },
+  },
+});
+
+function serializeLog(row: typeof auditLogs.$inferSelect) {
+  return {
+    id: row.id,
+    actor: row.actor,
+    actorKeyId: row.actorKeyId,
+    action: row.action,
+    resource: row.resource,
+    resourceId: row.resourceId,
+    detail: (row.detail ?? null) as Record<string, unknown> | null,
+    ipAddress: row.ipAddress,
+    createdAt: row.createdAt.toISOString(),
+  };
+}
+
+export const auditLogsRouter = new OpenAPIHono<AppEnv>().openapi(
+  listRoute,
+  async (c) => {
+    const { db } = c.get("container");
+    const { limit, offset, actor, resource, action, from, to } =
+      c.req.valid("query");
+
+    const conditions = [];
+    if (actor) conditions.push(eq(auditLogs.actor, actor));
+    if (resource) conditions.push(eq(auditLogs.resource, resource));
+    if (action) conditions.push(eq(auditLogs.action, action));
+    if (from) conditions.push(gte(auditLogs.createdAt, new Date(from)));
+    if (to) conditions.push(lte(auditLogs.createdAt, new Date(to)));
+
+    const where = conditions.length > 0 ? and(...conditions) : undefined;
+
+    const [rows, totalRows] = await Promise.all([
+      db
+        .select()
+        .from(auditLogs)
+        .where(where)
+        .orderBy(desc(auditLogs.createdAt))
+        .limit(limit)
+        .offset(offset),
+      db.select({ count: count() }).from(auditLogs).where(where),
+    ]);
+
+    return c.json(
+      {
+        logs: rows.map(serializeLog),
+        total: totalRows[0]?.count ?? 0,
+        limit,
+        offset,
+      },
+      200,
+    );
+  },
+);