npm - @intx/hub-api - Versions diffs - 0.1.2 - Mend

@intx/hub-api 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/README.md +29 -0
package/package.json +28 -0
package/src/app.test.ts +225 -0
package/src/app.ts +382 -0
package/src/auth.ts +21 -0
package/src/context.ts +38 -0
package/src/format.ts +9 -0
package/src/git-http/advertise-refs.test.ts +459 -0
package/src/git-http/advertise-refs.ts +226 -0
package/src/git-http/pkt-line.test.ts +220 -0
package/src/git-http/pkt-line.ts +235 -0
package/src/git-http/receive-pack.test.ts +397 -0
package/src/git-http/receive-pack.ts +261 -0
package/src/git-http/side-band-64k.test.ts +181 -0
package/src/git-http/side-band-64k.ts +134 -0
package/src/git-http/upload-pack.test.ts +545 -0
package/src/git-http/upload-pack.ts +396 -0
package/src/index.ts +23 -0
package/src/middleware/git-token-auth.test.ts +587 -0
package/src/middleware/git-token-auth.ts +315 -0
package/src/middleware/grant.ts +106 -0
package/src/middleware/session.ts +13 -0
package/src/middleware/tenant.test.ts +192 -0
package/src/middleware/tenant.ts +101 -0
package/src/openapi.ts +66 -0
package/src/pagination.ts +117 -0
package/src/routes/agent-data.ts +179 -0
package/src/routes/agent-state-git.ts +562 -0
package/src/routes/agents.test.ts +337 -0
package/src/routes/agents.ts +704 -0
package/src/routes/approvals.ts +130 -0
package/src/routes/assets.test.ts +567 -0
package/src/routes/assets.ts +592 -0
package/src/routes/credentials.ts +435 -0
package/src/routes/git-tokens.test.ts +709 -0
package/src/routes/git-tokens.ts +771 -0
package/src/routes/grants.ts +509 -0
package/src/routes/instances.test.ts +1103 -0
package/src/routes/instances.ts +1797 -0
package/src/routes/me.ts +405 -0
package/src/routes/oauth-clients.ts +349 -0
package/src/routes/observability.ts +146 -0
package/src/routes/offerings.ts +382 -0
package/src/routes/principals.ts +515 -0
package/src/routes/providers.ts +351 -0
package/src/routes/roles.ts +452 -0
package/src/routes/sidecars.ts +221 -0
package/src/routes/tenant-federation.ts +225 -0
package/src/routes/tenants.ts +369 -0
package/src/routes/wallets.ts +370 -0
package/src/session.ts +44 -0
package/src/timeline-reconstruction.test.ts +786 -0
package/src/timeline-reconstruction.ts +383 -0
package/tsconfig.json +4 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/routes/tenant-federation.ts ADDED Viewed

@@ -0,0 +1,225 @@
+import { eq, and } from "drizzle-orm";
+import { Hono } from "hono";
+import { describeRoute, resolver, validator } from "hono-openapi";
+import { federationTrust, tenant } from "@intx/db/schema";
+import type { DB } from "@intx/db";
+import {
+  FederationTrust,
+  CreateFederationTrust,
+  ErrorResponse,
+  paginatedSchema,
+} from "@intx/types";
+import type { TenantEnv } from "../context";
+import { ts } from "../format";
+import { generateId } from "@intx/hub-common";
+import {
+  parsePageParams,
+  cursorCondition,
+  pageOrder,
+  paginatedResponse,
+  pageParameters,
+} from "../pagination";
+export type CreateTenantFederationRoutesDeps = {
+  db: DB["db"];
+};
+export function createTenantFederationRoutes({
+  db,
+}: CreateTenantFederationRoutesDeps): Hono<TenantEnv> {
+  const app = new Hono<TenantEnv>();
+  app.get(
+    "/",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "List federation trust relationships",
+      parameters: [...pageParameters],
+      responses: {
+        200: {
+          description: "Federation trusts",
+          content: {
+            "application/json": {
+              schema: resolver(paginatedSchema(FederationTrust)),
+            },
+          },
+        },
+      },
+    }),
+    async (c) => {
+      const tenantCtx = c.get("tenant");
+      const { limit, cursor } = parsePageParams({
+        cursor: c.req.query("cursor"),
+        limit: c.req.query("limit"),
+      });
+      const conditions = [eq(federationTrust.tenantId, tenantCtx.id)];
+      if (cursor) {
+        conditions.push(
+          cursorCondition(
+            federationTrust.createdAt,
+            federationTrust.id,
+            cursor,
+          ),
+        );
+      }
+      const rows = await db.query.federationTrust.findMany({
+        where: and(...conditions),
+        orderBy: pageOrder(federationTrust.createdAt, federationTrust.id),
+        limit,
+      });
+      const targetIds = rows.map((t) => t.targetTenantId);
+      const tenants =
+        targetIds.length > 0
+          ? await db.query.tenant.findMany({
+              where: (t, { inArray }) => inArray(t.id, targetIds),
+            })
+          : [];
+      const tenantMap = new Map(tenants.map((t) => [t.id, t]));
+      const items = rows.map((trust) => {
+        const target = tenantMap.get(trust.targetTenantId);
+        return {
+          tenantId: trust.targetTenantId,
+          tenantName: target?.name ?? "Unknown",
+          tenantDomain: target?.domain ?? "unknown",
+          direction: trust.direction,
+          createdAt: ts(trust.createdAt),
+        };
+      });
+      return c.json(paginatedResponse(items, rows, limit));
+    },
+  );
+  app.post(
+    "/",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "Establish federation trust",
+      description:
+        "Creates a trust relationship with another tenant for cross-tenant agent discovery and interaction.",
+      responses: {
+        201: {
+          description: "Trust established",
+          content: {
+            "application/json": { schema: resolver(FederationTrust) },
+          },
+        },
+        400: {
+          description: "Validation error",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    validator("json", CreateFederationTrust),
+    async (c) => {
+      const tenantCtx = c.get("tenant");
+      const body = c.req.valid("json");
+      const target = await db.query.tenant.findFirst({
+        where: eq(tenant.id, body.targetTenantId),
+      });
+      if (!target) {
+        return c.json(
+          {
+            error: {
+              code: "not_found",
+              message: "Target tenant not found",
+            },
+          },
+          404,
+        );
+      }
+      const existing = await db.query.federationTrust.findFirst({
+        where: and(
+          eq(federationTrust.tenantId, tenantCtx.id),
+          eq(federationTrust.targetTenantId, body.targetTenantId),
+        ),
+      });
+      if (existing) {
+        return c.json(
+          {
+            error: {
+              code: "conflict",
+              message: "Trust relationship already exists",
+            },
+          },
+          409,
+        );
+      }
+      await db.insert(federationTrust).values({
+        id: generateId("federationTrust"),
+        tenantId: tenantCtx.id,
+        targetTenantId: body.targetTenantId,
+        direction: body.direction,
+        createdAt: new Date(),
+      });
+      return c.json(
+        {
+          tenantId: body.targetTenantId,
+          tenantName: target.name,
+          tenantDomain: target.domain,
+          direction: body.direction,
+          createdAt: ts(new Date()),
+        },
+        201,
+      );
+    },
+  );
+  app.delete(
+    "/:targetTenantId",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "Revoke federation trust",
+      responses: {
+        204: {
+          description: "Trust revoked",
+        },
+        404: {
+          description: "Trust not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    async (c) => {
+      const tenantCtx = c.get("tenant");
+      const targetTenantId = c.req.param("targetTenantId");
+      const deleted = await db
+        .delete(federationTrust)
+        .where(
+          and(
+            eq(federationTrust.tenantId, tenantCtx.id),
+            eq(federationTrust.targetTenantId, targetTenantId),
+          ),
+        )
+        .returning();
+      if (deleted.length === 0) {
+        return c.json(
+          {
+            error: { code: "not_found", message: "Trust not found" },
+          },
+          404,
+        );
+      }
+      return c.body(null, 204);
+    },
+  );
+  return app;
+}

package/src/routes/tenants.ts ADDED Viewed

@@ -0,0 +1,369 @@
+import { eq, and } from "drizzle-orm";
+import { Hono } from "hono";
+import { describeRoute, resolver, validator } from "hono-openapi";
+import { tenant, principal, role, principalRole, grant } from "@intx/db/schema";
+import { parseTenantRow } from "@intx/db";
+import type { DB } from "@intx/db";
+import {
+  CreateTenant,
+  UpdateTenant,
+  TenantResponse,
+  ErrorResponse,
+} from "@intx/types";
+import type { AppEnv } from "../context";
+import { first, ts } from "../format";
+import { generateId } from "@intx/hub-common";
+const SYSTEM_ROLES = ["owner", "admin", "member"] as const;
+function formatTenant(row: typeof tenant.$inferSelect) {
+  const parsed = parseTenantRow(row);
+  return {
+    id: parsed.id,
+    name: parsed.name,
+    slug: parsed.slug,
+    domain: parsed.domain,
+    parentId: parsed.parentId ?? null,
+    config: parsed.config ?? undefined,
+    createdAt: ts(parsed.createdAt),
+    updatedAt: ts(parsed.updatedAt),
+  };
+}
+export type CreateTenantRoutesDeps = {
+  db: DB["db"];
+};
+export function createTenantRoutes({
+  db,
+}: CreateTenantRoutesDeps): Hono<AppEnv> {
+  const app = new Hono<AppEnv>();
+  app.post(
+    "/",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "Create a tenant",
+      description:
+        "Creates a new tenant. The authenticated user becomes the owner with a principal and default owner role.",
+      responses: {
+        201: {
+          description: "Tenant created",
+          content: {
+            "application/json": { schema: resolver(TenantResponse) },
+          },
+        },
+        400: {
+          description: "Validation error",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    validator("json", CreateTenant),
+    async (c) => {
+      const user = c.get("user");
+      if (!user) {
+        return c.json(
+          {
+            error: { code: "unauthorized", message: "Authentication required" },
+          },
+          401,
+        );
+      }
+      const body = c.req.valid("json");
+      const tenantId = generateId("tenant");
+      const domain = `${body.slug}.localhost`;
+      const existing = await db.query.tenant.findFirst({
+        where: eq(tenant.slug, body.slug),
+      });
+      if (existing) {
+        return c.json(
+          {
+            error: { code: "conflict", message: "Slug already taken" },
+          },
+          409,
+        );
+      }
+      const now = new Date();
+      const tenantRow = first(
+        await db
+          .insert(tenant)
+          .values({
+            id: tenantId,
+            name: body.name,
+            slug: body.slug,
+            domain,
+            parentId: body.parentId ?? null,
+            createdAt: now,
+            updatedAt: now,
+          })
+          .returning(),
+      );
+      const roleIds: Record<string, string> = {};
+      for (const roleName of SYSTEM_ROLES) {
+        const roleId = generateId("role");
+        roleIds[roleName] = roleId;
+        await db.insert(role).values({
+          id: roleId,
+          tenantId,
+          name: roleName,
+          description: `System ${roleName} role`,
+          isSystem: true,
+          createdAt: now,
+          updatedAt: now,
+        });
+      }
+      const ownerRoleId = roleIds["owner"];
+      if (!ownerRoleId) throw new Error("Owner role was not created");
+      const principalId = generateId("principal");
+      await db.insert(principal).values({
+        id: principalId,
+        tenantId,
+        kind: "user",
+        refId: user.id,
+        status: "active",
+        createdAt: now,
+        updatedAt: now,
+      });
+      await db.insert(principalRole).values({
+        principalId,
+        roleId: ownerRoleId,
+        createdAt: now,
+      });
+      // Grant owner role full access
+      await db.insert(grant).values({
+        id: generateId("grant"),
+        tenantId,
+        roleId: ownerRoleId,
+        resource: "*",
+        action: "*",
+        effect: "allow",
+        origin: "system",
+        createdAt: now,
+        updatedAt: now,
+      });
+      // Grant admin role broad management access
+      const adminRoleId = roleIds["admin"];
+      if (adminRoleId) {
+        await db.insert(grant).values([
+          {
+            id: generateId("grant"),
+            tenantId,
+            roleId: adminRoleId,
+            resource: "*",
+            action: "read",
+            effect: "allow",
+            origin: "system",
+            createdAt: now,
+            updatedAt: now,
+          },
+          {
+            id: generateId("grant"),
+            tenantId,
+            roleId: adminRoleId,
+            resource: "*",
+            action: "create",
+            effect: "allow",
+            origin: "system",
+            createdAt: now,
+            updatedAt: now,
+          },
+          {
+            id: generateId("grant"),
+            tenantId,
+            roleId: adminRoleId,
+            resource: "*",
+            action: "manage",
+            effect: "allow",
+            origin: "system",
+            createdAt: now,
+            updatedAt: now,
+          },
+        ]);
+      }
+      // Grant member role read-only access
+      const memberRoleId = roleIds["member"];
+      if (memberRoleId) {
+        await db.insert(grant).values({
+          id: generateId("grant"),
+          tenantId,
+          roleId: memberRoleId,
+          resource: "*",
+          action: "read",
+          effect: "allow",
+          origin: "system",
+          createdAt: now,
+          updatedAt: now,
+        });
+      }
+      return c.json(formatTenant(tenantRow), 201);
+    },
+  );
+  app.get(
+    "/:tenantId",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "Get tenant details",
+      responses: {
+        200: {
+          description: "Tenant details",
+          content: {
+            "application/json": { schema: resolver(TenantResponse) },
+          },
+        },
+        403: {
+          description: "Not a member of this tenant",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+        404: {
+          description: "Tenant not found",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    async (c) => {
+      const user = c.get("user");
+      if (!user) {
+        return c.json(
+          {
+            error: { code: "unauthorized", message: "Authentication required" },
+          },
+          401,
+        );
+      }
+      const tenantId = c.req.param("tenantId");
+      const tenantRow = await db.query.tenant.findFirst({
+        where: eq(tenant.id, tenantId),
+      });
+      if (!tenantRow) {
+        return c.json(
+          { error: { code: "not_found", message: "Tenant not found" } },
+          404,
+        );
+      }
+      const membership = await db.query.principal.findFirst({
+        where: and(
+          eq(principal.tenantId, tenantId),
+          eq(principal.kind, "user"),
+          eq(principal.refId, user.id),
+        ),
+      });
+      if (!membership) {
+        return c.json(
+          {
+            error: {
+              code: "forbidden",
+              message: "Not a member of this tenant",
+            },
+          },
+          403,
+        );
+      }
+      return c.json(formatTenant(tenantRow));
+    },
+  );
+  app.patch(
+    "/:tenantId",
+    describeRoute({
+      tags: ["Tenants"],
+      summary: "Update tenant config",
+      description: "Requires admin or higher grant within the tenant.",
+      responses: {
+        200: {
+          description: "Tenant updated",
+          content: {
+            "application/json": { schema: resolver(TenantResponse) },
+          },
+        },
+        403: {
+          description: "Insufficient grants",
+          content: {
+            "application/json": { schema: resolver(ErrorResponse) },
+          },
+        },
+      },
+    }),
+    validator("json", UpdateTenant),
+    async (c) => {
+      const user = c.get("user");
+      if (!user) {
+        return c.json(
+          {
+            error: { code: "unauthorized", message: "Authentication required" },
+          },
+          401,
+        );
+      }
+      const tenantId = c.req.param("tenantId");
+      const body = c.req.valid("json");
+      const membership = await db.query.principal.findFirst({
+        where: and(
+          eq(principal.tenantId, tenantId),
+          eq(principal.kind, "user"),
+          eq(principal.refId, user.id),
+        ),
+      });
+      if (!membership) {
+        return c.json(
+          {
+            error: {
+              code: "forbidden",
+              message: "Not a member of this tenant",
+            },
+          },
+          403,
+        );
+      }
+      const updates: Record<string, unknown> = { updatedAt: new Date() };
+      if (body.name !== undefined) updates["name"] = body.name;
+      if (body.config !== undefined) updates["config"] = body.config;
+      const [updated] = await db
+        .update(tenant)
+        .set(updates)
+        .where(eq(tenant.id, tenantId))
+        .returning();
+      if (!updated) {
+        return c.json(
+          { error: { code: "not_found", message: "Tenant not found" } },
+          404,
+        );
+      }
+      return c.json(formatTenant(updated));
+    },
+  );
+  return app;
+}