@intx/hub-api 0.1.2

package/src/middleware/tenant.ts

@@ -0,0 +1,101 @@
+import { eq, and } from "drizzle-orm";
+import type { Context, MiddlewareHandler, Next } from "hono";
+
+import { tenant, principal } from "@intx/db/schema";
+import type { DB } from "@intx/db";
+import { getLogger } from "@intx/log";
+
+import type { AppEnv, TenantEnv } from "../context";
+
+const log = getLogger(["hub", "middleware", "tenant"]);
+
+export async function requireAuth(c: Context<AppEnv>, next: Next) {
+  const user = c.get("user");
+  if (!user) {
+    return c.json(
+      { error: { code: "unauthorized", message: "Authentication required" } },
+      401,
+    );
+  }
+  await next();
+}
+
+export type CreateResolveTenantDeps = {
+  db: DB["db"];
+};
+
+export function createResolveTenant({
+  db,
+}: CreateResolveTenantDeps): MiddlewareHandler<TenantEnv> {
+  return async (c, next) => {
+    if (c.get("principal") && c.get("tenant")) return await next();
+
+    const user = c.get("user");
+    if (!user) {
+      return c.json(
+        { error: { code: "unauthorized", message: "Authentication required" } },
+        401,
+      );
+    }
+
+    const tenantId = c.req.param("tenantId");
+    if (!tenantId) {
+      return c.json(
+        { error: { code: "bad_request", message: "Missing tenantId" } },
+        400,
+      );
+    }
+
+    const tenantRow = await db.query.tenant.findFirst({
+      where: eq(tenant.id, tenantId),
+    });
+
+    if (!tenantRow) {
+      return c.json(
+        { error: { code: "not_found", message: "Tenant not found" } },
+        404,
+      );
+    }
+
+    const principalRow = await db.query.principal.findFirst({
+      where: and(
+        eq(principal.tenantId, tenantId),
+        eq(principal.kind, "user"),
+        eq(principal.refId, user.id),
+      ),
+    });
+
+    if (!principalRow) {
+      return c.json(
+        {
+          error: {
+            code: "forbidden",
+            message: "Not a member of this tenant",
+          },
+        },
+        403,
+      );
+    }
+
+    if (principalRow.status !== "active") {
+      log.info("Principal {principalId} has status {status}, denying access", {
+        principalId: principalRow.id,
+        status: principalRow.status,
+      });
+      return c.json(
+        {
+          error: {
+            code: "forbidden",
+            message: "Your membership in this tenant is not active",
+          },
+        },
+        403,
+      );
+    }
+
+    c.set("tenant", tenantRow);
+    c.set("principal", principalRow);
+
+    await next();
+  };
+}

package/src/openapi.ts

@@ -0,0 +1,66 @@
+import {
+  resolver as baseResolver,
+  describeRoute,
+  validator,
+} from "hono-openapi";
+import type { OpenAPIV3_1 } from "openapi-types";
+import * as allTypes from "@intx/types";
+
+type ArkTypeValue = {
+  expression: string;
+  toJsonSchema: () => Record<string, unknown>;
+};
+
+function isArkType(v: unknown): v is ArkTypeValue {
+  if (v == null) return false;
+  if (typeof v !== "object" && typeof v !== "function") return false;
+  return (
+    "expression" in v &&
+    typeof (v as Record<string, unknown>)["expression"] === "string" &&
+    "toJsonSchema" in v &&
+    typeof (v as Record<string, unknown>)["toJsonSchema"] === "function"
+  );
+}
+
+const typeNames = new Map<unknown, string>();
+for (const [name, value] of Object.entries(allTypes)) {
+  if (isArkType(value)) {
+    typeNames.set(value, name);
+  }
+}
+
+type ResolverResult = ReturnType<typeof baseResolver>;
+
+/**
+ * Wraps hono-openapi's resolver to register known @intx/types
+ * exports as named components in the OpenAPI spec. Types not found in
+ * the registry fall through to the default inline behavior.
+ */
+export function resolver(
+  schema: Parameters<typeof baseResolver>[0],
+): ResolverResult {
+  const base = baseResolver(schema);
+  const name = typeNames.get(schema);
+  if (!name) return base;
+
+  return {
+    ...base,
+    async toOpenAPISchema(options?: Record<string, unknown>): Promise<{
+      schema: OpenAPIV3_1.SchemaObject;
+      components: OpenAPIV3_1.ComponentsObject | undefined;
+    }> {
+      const result = await base.toOpenAPISchema(options);
+      return {
+        // $ref objects are valid SchemaObjects per OpenAPI 3.1 but the
+        // openapi-types definition doesn't model the $ref-only form.
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- openapi-types SchemaObject doesn't model $ref-only form; valid per OpenAPI 3.1
+        schema: {
+          $ref: `#/components/schemas/${name}`,
+        } as unknown as OpenAPIV3_1.SchemaObject,
+        components: { schemas: { [name]: result.schema } },
+      };
+    },
+  } as ResolverResult;
+}
+
+export { describeRoute, validator };

package/src/pagination.ts

@@ -0,0 +1,117 @@
+import {
+  type SQL,
+  type SQLWrapper,
+  and,
+  desc,
+  lt,
+  eq,
+  or,
+  sql,
+} from "drizzle-orm";
+import { type } from "arktype";
+
+const DEFAULT_LIMIT = 50;
+const MAX_LIMIT = 100;
+
+const CursorData = type({
+  t: /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/,
+  id: "string",
+});
+type CursorData = typeof CursorData.infer;
+
+function encodeCursor(createdAt: Date, id: string): string {
+  const data: CursorData = { t: createdAt.toISOString(), id };
+  return Buffer.from(JSON.stringify(data)).toString("base64url");
+}
+
+function decodeCursor(cursor: string): CursorData | null {
+  try {
+    const json = Buffer.from(cursor, "base64url").toString();
+    const parsed: unknown = JSON.parse(json);
+    const data = CursorData(parsed);
+    if (data instanceof type.errors) return null;
+    return data;
+  } catch {
+    return null;
+  }
+}
+
+export function parsePageParams(query: {
+  cursor: string | undefined;
+  limit: string | undefined;
+}): {
+  limit: number;
+  cursor: CursorData | null;
+} {
+  const raw = query.limit ? Number(query.limit) : DEFAULT_LIMIT;
+  const limit = Number.isNaN(raw)
+    ? DEFAULT_LIMIT
+    : Math.min(Math.max(1, raw), MAX_LIMIT);
+
+  const cursor = query.cursor ? decodeCursor(query.cursor) : null;
+  return { limit, cursor };
+}
+
+/**
+ * Builds the WHERE clause fragment for cursor-based keyset pagination.
+ * Ordering is createdAt DESC, id DESC (newest first).
+ *
+ * The cursor condition is: (createdAt < cursor.t) OR (createdAt = cursor.t AND id < cursor.id)
+ */
+export function cursorCondition(
+  createdAtCol: SQLWrapper,
+  idCol: SQLWrapper,
+  cursor: CursorData,
+): SQL {
+  // Both branches always produce valid SQL, so or() never returns undefined
+  return (
+    or(
+      lt(createdAtCol, new Date(cursor.t)),
+      and(eq(createdAtCol, new Date(cursor.t)), lt(idCol, cursor.id)),
+    ) ?? sql`false`
+  );
+}
+
+/**
+ * Returns the ORDER BY clause for pagination: createdAt DESC, id DESC.
+ */
+export function pageOrder(createdAtCol: SQLWrapper, idCol: SQLWrapper): SQL[] {
+  return [desc(createdAtCol), desc(idCol)];
+}
+
+/**
+ * Wraps a list of formatted items into a paginated response envelope.
+ * Accepts the raw DB rows (with createdAt and id) alongside the
+ * formatted items so it can derive the next cursor.
+ */
+export function paginatedResponse<T>(
+  items: T[],
+  rows: { createdAt: Date; id: string }[],
+  limit: number,
+): { data: T[]; nextCursor: string | null } {
+  const hasMore = items.length === limit;
+  const lastRow = hasMore ? rows[rows.length - 1] : undefined;
+  return {
+    data: items,
+    nextCursor: lastRow ? encodeCursor(lastRow.createdAt, lastRow.id) : null,
+  };
+}
+
+/**
+ * OpenAPI parameter definitions for cursor-based pagination.
+ * Spread these into the `parameters` array of `describeRoute`.
+ */
+export const pageParameters = [
+  {
+    name: "cursor",
+    in: "query" as const,
+    description: "Opaque pagination cursor from a previous response",
+    schema: { type: "string" as const },
+  },
+  {
+    name: "limit",
+    in: "query" as const,
+    description: "Maximum number of results (1-100, default 50)",
+    schema: { type: "integer" as const, minimum: 1, maximum: 100 },
+  },
+];

package/src/routes/agent-data.ts

@@ -0,0 +1,179 @@
+import { Hono } from "hono";
+import { describeRoute, resolver } from "hono-openapi";
+import {
+  FileEntry,
+  FileContent,
+  HistoryEntry,
+  CommitDetail,
+  BranchInfo,
+  ErrorResponse,
+} from "@intx/types";
+
+import type { AppEnv } from "../context";
+
+export function createAgentDataRoutes(): Hono<AppEnv> {
+  const app = new Hono<AppEnv>();
+
+  app.get(
+    "/data",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "List files in agent working directory",
+      responses: {
+        200: {
+          description: "File listing",
+          content: {
+            "application/json": {
+              schema: resolver(FileEntry.array()),
+            },
+          },
+        },
+        404: {
+          description: "Agent not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  app.get(
+    "/data/*",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "Read a file from agent storage",
+      description: "Reads a file by path from the agent's local storage.",
+      responses: {
+        200: {
+          description: "File content",
+          content: {
+            "application/json": { schema: resolver(FileContent) },
+          },
+        },
+        404: {
+          description: "File or agent not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  app.get(
+    "/history",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "List commits and checkpoints",
+      description:
+        "Returns the agent's change history with commit messages and timestamps.",
+      responses: {
+        200: {
+          description: "History entries",
+          content: {
+            "application/json": {
+              schema: resolver(HistoryEntry.array()),
+            },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  app.get(
+    "/history/:ref",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "Show changes in a commit",
+      description:
+        "Returns the files changed in a specific commit with additions/deletions counts.",
+      responses: {
+        200: {
+          description: "Commit details",
+          content: {
+            "application/json": { schema: resolver(CommitDetail) },
+          },
+        },
+        404: {
+          description: "Commit not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  app.get(
+    "/branches",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "List branches",
+      description: "Lists branches in the agent's data repository.",
+      responses: {
+        200: {
+          description: "List of branches",
+          content: {
+            "application/json": {
+              schema: resolver(BranchInfo.array()),
+            },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  app.post(
+    "/history/:ref/restore",
+    describeRoute({
+      tags: ["Agent Data"],
+      summary: "Restore agent data to a previous state",
+      description:
+        "Restores the agent's working directory to the state at the specified commit.",
+      responses: {
+        204: {
+          description: "Data restored",
+        },
+        404: {
+          description: "Commit not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    (c) =>
+      c.json(
+        { error: { code: "not_implemented", message: "Not implemented" } },
+        501,
+      ),
+  );
+
+  return app;
+}