@intranefr/superbackend 1.5.1 → 1.5.2

package/.env.example

@@ -27,6 +27,16 @@ STRIPE_WEBHOOK_SECRET=whsec_...
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=change-me-in-production
 
+# Internal Cron Basic Auth (for internal APIs)
+INTERNAL_CRON_USERNAME=admin
+INTERNAL_CRON_PASSWORD=change-me-in-production
+
+# Alternative Basic Auth variables (fallbacks)
+BASIC_AUTH_USERNAME=admin
+BASIC_AUTH_PASSWORD=change-me-in-production
+BASIC_AUTH_USER=admin
+BASIC_AUTH_PASS=change-me-in-production
+
 # Emailing
 RESEND_API_KEY=
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intranefr/superbackend",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "description": "Node.js middleware that gives your project backend superpowers",
   "main": "index.js",
   "scripts": {
@@ -63,6 +63,7 @@
   },
   "jest": {
     "testEnvironment": "node",
+    "testTimeout": 15000,
     "collectCoverageFrom": [
       "src/**/*.js",
       "!src/**/*.test.js"

package/src/controllers/admin.controller.js

@@ -10,6 +10,7 @@ const FormSubmission = require('../models/FormSubmission');
 const asyncHandler = require('../utils/asyncHandler');
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
 const { generateAccessToken, generateRefreshToken } = require('../utils/jwt');
 const { retryFailedWebhooks, processWebhookEvent } = require('../utils/webhookRetry');
@@ -458,6 +459,71 @@ async function cleanupUserData(userId) {
   }
 }
 
+const generateTokenForEmail = asyncHandler(async (req, res) => {
+  const { email } = req.body;
+  
+  if (!email) {
+    return res.status(400).json({ error: 'Email is required' });
+  }
+
+  // Find or create user
+  let user = await User.findOne({ email: email.toLowerCase() });
+  
+  if (!user) {
+    // Generate random password
+    const randomPassword = crypto.randomBytes(16).toString('hex');
+    
+    // Create user with admin role
+    user = new User({
+      email: email.toLowerCase(),
+      passwordHash: randomPassword,
+      name: email,
+      role: 'admin'  // All auto-created users get admin role
+    });
+    
+    await user.save();
+    
+    // Create default organization automatically
+    const defaultOrgSlug = process.env.POLYBOT_DEFAULT_ORG_SLUG || 'polybot';
+    const defaultOrgName = process.env.POLYBOT_DEFAULT_ORG_NAME || 'Polybot';
+    
+    let org = await Organization.findOne({ slug: defaultOrgSlug });
+    if (!org) {
+      org = new Organization({
+        name: defaultOrgName,
+        slug: defaultOrgSlug,
+        ownerUserId: user._id
+      });
+      await org.save();
+    }
+    
+    // Add user to organization
+    const existingMember = await OrganizationMember.findOne({
+      userId: user._id,
+      orgId: org._id
+    });
+    
+    if (!existingMember) {
+      const member = new OrganizationMember({
+        userId: user._id,
+        orgId: org._id,
+        role: 'admin'
+      });
+      await member.save();
+    }
+  }
+
+  // Generate tokens with 1 second expiry for access, 2 hours for refresh
+  const token = generateAccessToken(user._id, user.role);
+  const refreshToken = generateRefreshToken(user._id);
+
+  res.json({ 
+    token, 
+    refreshToken, 
+    user: user.toJSON() 
+  });
+});
+
 module.exports = {
   getUsers,
   registerUser,
@@ -467,10 +533,11 @@ module.exports = {
   deleteUser,
   reconcileUser,
   generateToken,
+  generateTokenForEmail,
   getWebhookEvents,
   getWebhookEvent,
   retryFailedWebhookEvents,
   retrySingleWebhookEvent,
   getWebhookStats,
-  provisionCoolifyDeploy
+  provisionCoolifyDeploy,
 };

package/src/controllers/adminExperiments.controller.js

@@ -0,0 +1,200 @@
+const mongoose = require('mongoose');
+
+const Experiment = require('../models/Experiment');
+const ExperimentMetricBucket = require('../models/ExperimentMetricBucket');
+
+const experimentsService = require('../services/experiments.service');
+
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'CONFLICT') return { status: 409, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+
+function isValidObjectId(id) {
+  return id && mongoose.Types.ObjectId.isValid(String(id));
+}
+
+function normalizeVariant(v) {
+  const key = String(v?.key || '').trim();
+  const weight = Number(v?.weight || 0) || 0;
+  const configSlug = String(v?.configSlug || '').trim();
+  if (!key) return null;
+  return { key, weight, configSlug };
+}
+
+function normalizeMetric(d) {
+  const key = String(d?.key || '').trim();
+  const kind = String(d?.kind || '').trim() || 'count';
+  if (!key) return null;
+  return {
+    key,
+    kind,
+    numeratorEventKey: String(d?.numeratorEventKey || '').trim(),
+    denominatorEventKey: String(d?.denominatorEventKey || '').trim(),
+    objective: String(d?.objective || 'maximize').trim() === 'minimize' ? 'minimize' : 'maximize',
+  };
+}
+
+exports.list = async (req, res) => {
+  try {
+    const orgId = req.query.orgId || null;
+    const q = {};
+    if (orgId) q.organizationId = orgId;
+
+    const items = await Experiment.find(q).sort({ updatedAt: -1 }).lean();
+    return res.json({ items });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.get = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const doc = await Experiment.findById(id).lean();
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    return res.json({ item: doc });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.create = async (req, res) => {
+  try {
+    const p = req.body || {};
+
+    const orgId = p.organizationId === null || p.organizationId === '' ? null : p.organizationId;
+    if (orgId && !isValidObjectId(orgId)) {
+      return res.status(400).json({ error: 'Invalid organizationId' });
+    }
+
+    const code = String(p.code || '').trim();
+    if (!code) return res.status(400).json({ error: 'code is required' });
+
+    const variants = (Array.isArray(p.variants) ? p.variants : []).map(normalizeVariant).filter(Boolean);
+    const primaryMetric = normalizeMetric(p.primaryMetric);
+    if (!primaryMetric) return res.status(400).json({ error: 'primaryMetric is required' });
+
+    const doc = await Experiment.create({
+      organizationId: orgId || null,
+      code,
+      name: String(p.name || '').trim(),
+      description: String(p.description || '').trim(),
+      status: String(p.status || 'draft'),
+      startedAt: p.startedAt ? new Date(p.startedAt) : null,
+      endsAt: p.endsAt ? new Date(p.endsAt) : null,
+      assignment: { unit: 'subjectId', sticky: p.assignment?.sticky !== false, salt: String(p.assignment?.salt || '').trim() },
+      variants,
+      primaryMetric,
+      secondaryMetrics: (Array.isArray(p.secondaryMetrics) ? p.secondaryMetrics : []).map(normalizeMetric).filter(Boolean),
+      winnerPolicy: {
+        mode: String(p.winnerPolicy?.mode || 'manual') === 'automatic' ? 'automatic' : 'manual',
+        pickAfterMs: Number(p.winnerPolicy?.pickAfterMs || 0) || 0,
+        minAssignments: Number(p.winnerPolicy?.minAssignments || 0) || 0,
+        minExposures: Number(p.winnerPolicy?.minExposures || 0) || 0,
+        minConversions: Number(p.winnerPolicy?.minConversions || 0) || 0,
+        statMethod: String(p.winnerPolicy?.statMethod || 'simple_rate'),
+        overrideWinnerVariantKey: String(p.winnerPolicy?.overrideWinnerVariantKey || '').trim(),
+      },
+      createdByUserId: req.user?._id || null,
+      updatedByUserId: req.user?._id || null,
+    });
+
+    await experimentsService.clearExperimentCaches(doc._id);
+
+    return res.status(201).json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.update = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const p = req.body || {};
+
+    const doc = await Experiment.findById(id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+
+    if (p.name !== undefined) doc.name = String(p.name || '').trim();
+    if (p.description !== undefined) doc.description = String(p.description || '').trim();
+    if (p.status !== undefined) doc.status = String(p.status);
+    if (p.startedAt !== undefined) doc.startedAt = p.startedAt ? new Date(p.startedAt) : null;
+    if (p.endsAt !== undefined) doc.endsAt = p.endsAt ? new Date(p.endsAt) : null;
+
+    if (p.variants !== undefined) {
+      doc.variants = (Array.isArray(p.variants) ? p.variants : []).map(normalizeVariant).filter(Boolean);
+    }
+
+    if (p.primaryMetric !== undefined) {
+      const m = normalizeMetric(p.primaryMetric);
+      if (!m) return res.status(400).json({ error: 'primaryMetric is required' });
+      doc.primaryMetric = m;
+    }
+
+    if (p.secondaryMetrics !== undefined) {
+      doc.secondaryMetrics = (Array.isArray(p.secondaryMetrics) ? p.secondaryMetrics : []).map(normalizeMetric).filter(Boolean);
+    }
+
+    if (p.winnerPolicy !== undefined) {
+      doc.winnerPolicy = {
+        ...(doc.winnerPolicy?.toObject ? doc.winnerPolicy.toObject() : doc.winnerPolicy),
+        ...(p.winnerPolicy || {}),
+      };
+    }
+
+    doc.updatedByUserId = req.user?._id || null;
+
+    await doc.save();
+    await experimentsService.clearExperimentCaches(doc._id);
+
+    return res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.remove = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const doc = await Experiment.findById(id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+
+    await doc.deleteOne();
+    await experimentsService.clearExperimentCaches(id);
+
+    return res.json({ success: true });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.getMetrics = async (req, res) => {
+  try {
+    const experimentId = req.params.id;
+    const start = req.query.start ? new Date(req.query.start) : null;
+    const end = req.query.end ? new Date(req.query.end) : null;
+
+    const q = { experimentId };
+    if (start || end) {
+      q.bucketStart = {};
+      if (start) q.bucketStart.$gte = start;
+      if (end) q.bucketStart.$lte = end;
+    }
+
+    const buckets = await ExperimentMetricBucket.find(q).sort({ bucketStart: 1 }).lean();
+    return res.json({ buckets });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminScripts.controller.js

@@ -1,5 +1,6 @@
 const ScriptDefinition = require('../models/ScriptDefinition');
 const ScriptRun = require('../models/ScriptRun');
+const { basicAuth } = require('../middleware/auth');
 const { startRun, getRunBus } = require('../services/scriptsRunner.service');
 const { logAuditSync } = require('../services/auditLogger');
 
@@ -12,19 +13,6 @@ function toSafeJsonError(error) {
   return { status: 500, body: { error: msg } };
 }
 
-function audit(req, event) {
-  logAuditSync({
-    req,
-    action: event.action,
-    outcome: event.outcome,
-    entityType: 'ScriptDefinition',
-    entityId: event.entityId ? String(event.entityId) : null,
-    before: event.before || null,
-    after: event.after || null,
-    details: event.details || undefined,
-  });
-}
-
 function normalizeEnv(env) {
   const items = Array.isArray(env) ? env : [];
   const out = [];
@@ -37,6 +25,35 @@ function normalizeEnv(env) {
   return out;
 }
 
+// Helper functions for base64 handling
+function isBase64(str) {
+  try {
+    return Buffer.from(str, 'base64').toString('base64') === str;
+  } catch (err) {
+    return false;
+  }
+}
+
+function isValidBase64(str) {
+  try {
+    Buffer.from(str, 'base64');
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
+function decodeScriptContent(script, format) {
+  if (format === 'base64') {
+    try {
+      return Buffer.from(script, 'base64').toString('utf8');
+    } catch (err) {
+      throw new Error('Failed to decode base64 script content');
+    }
+  }
+  return script;
+}
+
 exports.listScripts = async (req, res) => {
   try {
     const items = await ScriptDefinition.find().sort({ updatedAt: -1 }).lean();
@@ -61,41 +78,74 @@ exports.getScript = async (req, res) => {
 exports.createScript = async (req, res) => {
   let created = null;
   try {
+    console.log('[createScript] Starting script creation...');
+    console.log('[createScript] Request body keys:', Object.keys(req.body || {}));
+    
     const payload = req.body || {};
+    console.log('[createScript] Payload name:', payload.name);
+    console.log('[createScript] Payload type:', payload.type);
+    console.log('[createScript] Payload runner:', payload.runner);
+    console.log('[createScript] Script length:', (payload.script || '').length);
+    console.log('[createScript] Script format:', payload.scriptFormat);
+
+    // Handle script content encoding
+    let scriptContent = String(payload.script || '');
+    let scriptFormat = payload.scriptFormat || 'string';
+
+    // Auto-detect base64 if not specified and content looks like base64
+    if (scriptFormat === 'string' && isBase64(scriptContent)) {
+      scriptFormat = 'base64';
+      console.log('[createScript] Auto-detected base64 format');
+    }
+
+    // Validate base64 content if format is base64
+    if (scriptFormat === 'base64' && !isValidBase64(scriptContent)) {
+      console.log('[createScript] Invalid base64 content detected');
+      throw new Error('Invalid base64 script content');
+    }
 
+    console.log('[createScript] About to create ScriptDefinition...');
     const doc = await ScriptDefinition.create({
       name: String(payload.name || '').trim(),
       codeIdentifier: String(payload.codeIdentifier || '').trim(),
       description: String(payload.description || ''),
       type: String(payload.type || '').trim(),
       runner: String(payload.runner || '').trim(),
-      script: String(payload.script || ''),
+      script: scriptContent,
+      scriptFormat: scriptFormat,
       defaultWorkingDirectory: String(payload.defaultWorkingDirectory || ''),
       env: normalizeEnv(payload.env),
       timeoutMs: payload.timeoutMs === undefined ? undefined : Number(payload.timeoutMs),
       enabled: payload.enabled === undefined ? true : Boolean(payload.enabled),
     });
+    
+    console.log('[createScript] ScriptDefinition created successfully');
 
     created = doc.toObject();
-    audit(req, {
+    console.log('[createScript] About to create audit entry...');
+    console.log('[createScript] Script created successfully:', { name: created.name, id: created._id });
+    
+    logAuditSync({
+      req,
       action: 'scripts.create',
       outcome: 'success',
-      entityId: doc._id,
-      before: null,
-      after: created,
+      entityType: 'ScriptDefinition',
+      entityId: created._id,
+      data: { name: created.name },
     });
-
+    
+    console.log('[createScript] About to send response...');
     res.status(201).json({ item: doc.toObject() });
+    console.log('[createScript] Response sent successfully');
   } catch (err) {
-    audit(req, {
-      action: 'scripts.create',
-      outcome: 'failure',
-      entityId: created?._id,
-      before: null,
-      after: created,
-      details: { error: err?.message || 'Operation failed' },
-    });
+    console.log('[createScript] ERROR occurred:', err);
+    console.log('[createScript] ERROR stack:', err.stack);
+    console.log('[createScript] ERROR message:', err.message);
+    console.log('[createScript] ERROR code:', err.code);
+    
+    console.log('[createScript] Script creation failed:', { error: err?.message || 'Operation failed' });
     const safe = toSafeJsonError(err);
+    console.log('[createScript] Safe error:', safe);
     res.status(safe.status).json(safe.body);
   }
 };
@@ -111,12 +161,30 @@ exports.updateScript = async (req, res) => {
 
     before = doc.toObject();
 
+    // Handle script content encoding
+    if (payload.script !== undefined) {
+      let scriptContent = String(payload.script || '');
+      let scriptFormat = payload.scriptFormat || doc.scriptFormat || 'string';
+
+      // Auto-detect base64 if not specified and content looks like base64
+      if (scriptFormat === 'string' && isBase64(scriptContent)) {
+        scriptFormat = 'base64';
+      }
+
+      // Validate base64 content if format is base64
+      if (scriptFormat === 'base64' && !isValidBase64(scriptContent)) {
+        throw new Error('Invalid base64 script content');
+      }
+
+      doc.script = scriptContent;
+      doc.scriptFormat = scriptFormat;
+    }
+
     if (payload.name !== undefined) doc.name = String(payload.name || '').trim();
     if (payload.codeIdentifier !== undefined) doc.codeIdentifier = String(payload.codeIdentifier || '').trim();
     if (payload.description !== undefined) doc.description = String(payload.description || '');
     if (payload.type !== undefined) doc.type = String(payload.type || '').trim();
     if (payload.runner !== undefined) doc.runner = String(payload.runner || '').trim();
-    if (payload.script !== undefined) doc.script = String(payload.script || '');
     if (payload.defaultWorkingDirectory !== undefined) {
       doc.defaultWorkingDirectory = String(payload.defaultWorkingDirectory || '');
     }
@@ -126,23 +194,11 @@ exports.updateScript = async (req, res) => {
 
     await doc.save();
     after = doc.toObject();
-    audit(req, {
-      action: 'scripts.update',
-      outcome: 'success',
-      entityId: doc._id,
-      before,
-      after,
-    });
+    console.log('[updateScript] Script updated successfully:', { name: after.name, id: after._id });
     res.json({ item: doc.toObject() });
   } catch (err) {
-    audit(req, {
-      action: 'scripts.update',
-      outcome: 'failure',
-      entityId: req.params?.id,
-      before,
-      after,
-      details: { error: err?.message || 'Operation failed' },
-    });
+    console.log('[updateScript] ERROR occurred:', err);
+    console.log('[updateScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }
@@ -156,23 +212,11 @@ exports.deleteScript = async (req, res) => {
     before = doc.toObject();
     await doc.deleteOne();
 
-    audit(req, {
-      action: 'scripts.delete',
-      outcome: 'success',
-      entityId: doc._id,
-      before,
-      after: null,
-    });
+    console.log('[deleteScript] Script deleted successfully:', { name: before.name, id: before._id });
     res.json({ ok: true });
   } catch (err) {
-    audit(req, {
-      action: 'scripts.delete',
-      outcome: 'failure',
-      entityId: req.params?.id,
-      before,
-      after: null,
-      details: { error: err?.message || 'Operation failed' },
-    });
+    console.log('[deleteScript] ERROR occurred:', err);
+    console.log('[deleteScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }
@@ -189,25 +233,12 @@ exports.runScript = async (req, res) => {
 
     const runDoc = await startRun(doc, { trigger: 'manual', meta: { actorType: 'basicAuth' } });
 
-    audit(req, {
-      action: 'scripts.run',
-      outcome: 'success',
-      entityId: doc._id,
-      before: null,
-      after: null,
-      details: { runId: String(runDoc._id) },
-    });
+    console.log('[runScript] Script executed successfully:', { name: script.name, runId: runDoc._id });
 
     res.json({ runId: String(runDoc._id) });
   } catch (err) {
-    audit(req, {
-      action: 'scripts.run',
-      outcome: 'failure',
-      entityId: req.params?.id,
-      before: script,
-      after: null,
-      details: { error: err?.message || 'Operation failed' },
-    });
+    console.log('[runScript] ERROR occurred:', err);
+    console.log('[runScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }

package/src/controllers/experiments.controller.js

@@ -0,0 +1,85 @@
+const experimentsService = require('../services/experiments.service');
+
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'CONFLICT') return { status: 409, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+
+exports.getAssignment = async (req, res) => {
+  try {
+    const orgId = req.headers['x-org-id'] || req.query.orgId || req.body?.orgId;
+    const subjectId = req.query.subjectId || req.body?.subjectId;
+
+    const context = req.body?.context && typeof req.body.context === 'object' ? req.body.context : {};
+
+    const { experiment, assignment } = await experimentsService.getOrCreateAssignment({
+      orgId,
+      experimentCode: req.params.code,
+      subjectId,
+      context,
+    });
+
+    const variant = (experiment.variants || []).find((v) => String(v?.key || '') === String(assignment.variantKey));
+    const config = await experimentsService.resolveVariantConfig(variant);
+
+    const { snapshot } = await experimentsService.getWinnerSnapshot({ orgId, experimentCode: req.params.code });
+
+    return res.json({
+      experimentCode: experiment.code,
+      variantKey: assignment.variantKey,
+      assignedAt: assignment.assignedAt,
+      config,
+      winner: {
+        winnerVariantKey: snapshot.winnerVariantKey,
+        decidedAt: snapshot.winnerDecidedAt,
+        reason: snapshot.winnerReason,
+        status: snapshot.status,
+      },
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.postEvents = async (req, res) => {
+  try {
+    const orgId = req.headers['x-org-id'] || req.query.orgId || req.body?.orgId;
+    const subjectId = req.query.subjectId || req.body?.subjectId;
+
+    const payload = req.body || {};
+    const events = Array.isArray(payload.events) ? payload.events : [payload];
+
+    const result = await experimentsService.ingestEvents({
+      orgId,
+      experimentCode: req.params.code,
+      subjectId,
+      events,
+    });
+
+    return res.status(201).json(result);
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.getWinner = async (req, res) => {
+  try {
+    const orgId = req.headers['x-org-id'] || req.query.orgId || req.body?.orgId;
+    const { snapshot } = await experimentsService.getWinnerSnapshot({ orgId, experimentCode: req.params.code });
+    return res.json({
+      status: snapshot.status,
+      winnerVariantKey: snapshot.winnerVariantKey,
+      decidedAt: snapshot.winnerDecidedAt,
+      reason: snapshot.winnerReason,
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/internalExperiments.controller.js

@@ -0,0 +1,17 @@
+const experimentsAggregation = require('../services/experimentsAggregation.service');
+const experimentsRetention = require('../services/experimentsRetention.service');
+
+exports.runAggregation = async (req, res) => {
+  const body = req.body || {};
+  const bucketMs = body.bucketMs;
+  const start = body.start;
+  const end = body.end;
+
+  const data = await experimentsAggregation.runAggregationAndWinner({ bucketMs, start, end });
+  return res.json(data);
+};
+
+exports.runRetention = async (_req, res) => {
+  const data = await experimentsRetention.runRetentionCleanup();
+  return res.json(data);
+};