@knotpad/app 0.1.0 → 0.1.1

package/lib/conflict-resolver.test.ts

@@ -1,57 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { threeWayMerge, lastWriteWins } from "@/lib/conflict-resolver";
-
-const P = (...ps: string[]) => ps.join("\n\n");
-
-describe("threeWayMerge", () => {
-  it("returns either side when they are equal", () => {
-    const r = threeWayMerge("base", "same", "same");
-    expect(r.merged).toBe("same");
-    expect(r.hasConflicts).toBe(false);
-  });
-
-  it("takes the changed side when the other is unchanged", () => {
-    expect(threeWayMerge("a", "a", "b").merged).toBe("b");
-    expect(threeWayMerge("a", "b", "a").merged).toBe("b");
-  });
-
-  it("unions non-overlapping additions from both sides", () => {
-    const base = P("intro");
-    const local = P("intro", "local note");
-    const cloud = P("intro", "cloud note");
-    const r = threeWayMerge(base, local, cloud);
-    expect(r.hasConflicts).toBe(false);
-    expect(r.merged).toContain("local note");
-    expect(r.merged).toContain("cloud note");
-  });
-
-  it("preserves legitimately duplicated paragraphs (no global de-dup)", () => {
-    const dup = P("repeat", "repeat", "tail");
-    const r = threeWayMerge("repeat", dup, dup);
-    expect(r.merged).toBe(dup);
-  });
-
-  it("flags competing edits in the same region as a conflict", () => {
-    const base = P("anchor", "original", "end");
-    const local = P("anchor", "local edit", "end");
-    const cloud = P("anchor", "cloud edit", "end");
-    const r = threeWayMerge(base, local, cloud);
-    expect(r.hasConflicts).toBe(true);
-    expect(r.conflicts[0]).toEqual({ localVersion: "local edit", cloudVersion: "cloud edit" });
-  });
-});
-
-describe("lastWriteWins", () => {
-  it("prefers the newer timestamp", () => {
-    const older = { id: "a", updatedAt: new Date(1000), version: 5 };
-    const newer = { id: "a", updatedAt: new Date(2000), version: 1 };
-    expect(lastWriteWins(newer, older)).toBe("local");
-    expect(lastWriteWins(older, newer)).toBe("cloud");
-  });
-
-  it("breaks ties by version", () => {
-    const local = { id: "a", updatedAt: new Date(1000), version: 3 };
-    const cloud = { id: "a", updatedAt: new Date(1000), version: 2 };
-    expect(lastWriteWins(local, cloud)).toBe("local");
-  });
-});

package/lib/conflict-resolver.ts

@@ -1,240 +0,0 @@
-import { prisma, getCloudPrisma } from "@/lib/prisma";
-import type { PrismaClient } from "@/app/generated/prisma/client";
-
-// --- Types ---
-
-export type MergeResult = {
-  merged: string;
-  hasConflicts: boolean;
-  conflicts: Array<{ localVersion: string; cloudVersion: string }>;
-};
-
-export type TaskSyncable = {
-  id: string;
-  updatedAt: Date;
-  version: number;
-};
-
-// --- Last Write Wins ---
-
-export function lastWriteWins(
-  local: TaskSyncable,
-  cloud: TaskSyncable
-): "local" | "cloud" {
-  if (local.updatedAt > cloud.updatedAt) return "local";
-  if (cloud.updatedAt > local.updatedAt) return "cloud";
-  return local.version >= cloud.version ? "local" : "cloud";
-}
-
-// --- Union Merge for task ID sets ---
-
-export function unionMergeIds(
-  localIds: Set<string>,
-  cloudIds: Set<string>
-): { onlyLocal: string[]; onlyCloud: string[] } {
-  const onlyLocal = [...localIds].filter((id) => !cloudIds.has(id));
-  const onlyCloud = [...cloudIds].filter((id) => !localIds.has(id));
-  return { onlyLocal, onlyCloud };
-}
-
-// --- Paragraph-level three-way merge ---
-
-function splitParagraphs(text: string): string[] {
-  return text.split(/\n{2,}/).map((p) => p.trim()).filter(Boolean);
-}
-
-// Longest Common Subsequence of paragraph arrays
-function lcs(a: string[], b: string[]): string[] {
-  const m = a.length;
-  const n = b.length;
-
-  // Bail on very large inputs to avoid O(mn) blowup
-  if (m * n > 40000) return [];
-
-  const dp: number[][] = Array.from({ length: m + 1 }, () =>
-    new Array(n + 1).fill(0)
-  );
-  for (let i = 1; i <= m; i++) {
-    for (let j = 1; j <= n; j++) {
-      dp[i][j] =
-        a[i - 1] === b[j - 1]
-          ? dp[i - 1][j - 1] + 1
-          : Math.max(dp[i - 1][j], dp[i][j - 1]);
-    }
-  }
-
-  const result: string[] = [];
-  let i = m, j = n;
-  while (i > 0 && j > 0) {
-    if (a[i - 1] === b[j - 1]) {
-      result.unshift(a[i - 1]);
-      i--;
-      j--;
-    } else if (dp[i - 1][j] >= dp[i][j - 1]) {
-      i--;
-    } else {
-      j--;
-    }
-  }
-  return result;
-}
-
-/**
- * Three-way merge at the paragraph level.
- *
- * base  = last synced content (stored snapshot)
- * local = current local content
- * cloud = current cloud content
- *
- * Strategy: anchor on the longest common subsequence of local↔cloud paragraphs.
- * Between consecutive anchors, each side may contribute a "run" of paragraphs:
- *   - one side empty            → take the other side's run (an add/keep)
- *   - both runs identical       → take it once (same edit on both sides)
- *   - both runs differ          → genuine conflict in that region (flag it,
- *                                 and keep the local run in the provisional
- *                                 merge, which is only used when nothing conflicts)
- * Anchors are consumed in order, so legitimately repeated paragraphs are
- * preserved (no global de-duplication). Union bias is intentional for PM notes:
- * when in doubt we keep content rather than drop it.
- *
- * `base` is used for the equality fast-paths; the merge itself is local↔cloud.
- */
-export function threeWayMerge(
-  base: string,
-  local: string,
-  cloud: string
-): MergeResult {
-  // Fast paths
-  if (local === cloud) return { merged: local, hasConflicts: false, conflicts: [] };
-  if (local === base) return { merged: cloud, hasConflicts: false, conflicts: [] };
-  if (cloud === base) return { merged: local, hasConflicts: false, conflicts: [] };
-
-  const B = splitParagraphs(base);
-  const L = splitParagraphs(local);
-  const C = splitParagraphs(cloud);
-  const anchors = lcs(L, C); // shared paragraphs, in order
-
-  const conflicts: Array<{ localVersion: string; cloudVersion: string }> = [];
-  const result: string[] = [];
-
-  // baseRun = what base held in this region. Empty base region + differing runs
-  // means both sides *added* here (auto-mergeable union); a non-empty base region
-  // that both sides changed differently is a genuine conflict.
-  const flushGap = (localRun: string[], cloudRun: string[], baseRun: string[]) => {
-    if (cloudRun.length === 0) { result.push(...localRun); return; }
-    if (localRun.length === 0) { result.push(...cloudRun); return; }
-    if (
-      localRun.length === cloudRun.length &&
-      localRun.every((p, k) => p === cloudRun[k])
-    ) {
-      result.push(...localRun); // both sides made the same edit
-      return;
-    }
-    if (baseRun.length === 0) {
-      result.push(...localRun, ...cloudRun); // independent additions → union
-      return;
-    }
-    conflicts.push({
-      localVersion: localRun.join("\n\n"),
-      cloudVersion: cloudRun.join("\n\n"),
-    });
-    result.push(...localRun);
-  };
-
-  let li = 0;
-  let ci = 0;
-  let bi = 0;
-  for (const anchor of anchors) {
-    const lNext = L.indexOf(anchor, li);
-    const cNext = C.indexOf(anchor, ci);
-    const bNext = B.indexOf(anchor, bi); // -1 if both sides added this anchor
-    flushGap(L.slice(li, lNext), C.slice(ci, cNext), bNext === -1 ? [] : B.slice(bi, bNext));
-    result.push(anchor);
-    li = lNext + 1;
-    ci = cNext + 1;
-    if (bNext !== -1) bi = bNext + 1;
-  }
-  // Trailing run after the last anchor.
-  flushGap(L.slice(li), C.slice(ci), B.slice(bi));
-
-  return {
-    merged: result.join("\n\n"),
-    hasConflicts: conflicts.length > 0,
-    conflicts,
-  };
-}
-
-// --- Tombstone helpers ---
-
-export async function isTombstoned(
-  workspaceId: string,
-  entityType: string,
-  entityId: string,
-  db: PrismaClient = prisma
-): Promise<boolean> {
-  const record = await db.tombstone.findFirst({
-    where: { workspaceId, entityType, entityId },
-  });
-  return record !== null;
-}
-
-export async function writeTombstone(
-  workspaceId: string,
-  entityType: string,
-  entityId: string
-): Promise<void> {
-  const where = { workspaceId, entityType, entityId };
-
-  // Write to local PGlite
-  const existing = await prisma.tombstone.findFirst({ where });
-  if (!existing) {
-    await prisma.tombstone.create({ data: where });
-  }
-
-  // Mirror to Neon so syncing devices don't resurrect deleted records
-  const cloud = getCloudPrisma();
-  if (cloud) {
-    const cloudExisting = await cloud.tombstone.findFirst({ where });
-    if (!cloudExisting) {
-      await cloud.tombstone.create({ data: where });
-    }
-  }
-}
-
-// --- Conflict log helpers ---
-
-export async function logConflict(
-  workspaceId: string,
-  entityType: "note" | "task",
-  entityId: string,
-  localValue: string,
-  cloudValue: string,
-  db: PrismaClient = prisma
-): Promise<string> {
-  // Use upsert so a second conflict on the same entity (before the first is
-  // resolved) refreshes the values instead of throwing a unique-constraint error
-  // and silently killing the entire sync flush for this workspace.
-  const record = await db.conflictLog.upsert({
-    where: { workspaceId_entityType_entityId: { workspaceId, entityType, entityId } },
-    create: { workspaceId, entityType, entityId, localValue, cloudValue },
-    update: {
-      // Keep the original localValue as the baseline; update cloudValue with
-      // the latest cloud state so the user always sees the most recent divergence.
-      cloudValue,
-      resolvedBy: null,
-      resolvedAt: null,
-    },
-  });
-  return record.id;
-}
-
-export async function resolveConflict(
-  conflictId: string,
-  resolvedBy: "local" | "cloud" | "user",
-  db: PrismaClient = prisma
-): Promise<void> {
-  await db.conflictLog.update({
-    where: { id: conflictId },
-    data: { resolvedBy, resolvedAt: new Date() },
-  });
-}

package/lib/db-init.ts

@@ -1,79 +0,0 @@
-/**
- * PGlite startup migration runner.
- *
- * On every app start, reads the SQL files from prisma/migrations/ and applies
- * any that haven't been applied to the local PGlite database yet.
- *
- * This replaces `prisma migrate deploy` for the local embedded DB — the
- * migration files are generated by `prisma migrate dev` (against Neon) and
- * bundled with the package, so local users get schema updates automatically
- * on the next `npx @brief/app` run.
- */
-
-import { type PGlite } from "@electric-sql/pglite";
-import fs from "fs";
-import path from "path";
-import { randomUUID } from "crypto";
-
-const MIGRATIONS_TABLE = `
-  CREATE TABLE IF NOT EXISTS "_prisma_migrations" (
-    "id"                  VARCHAR(36)  NOT NULL PRIMARY KEY,
-    "checksum"            VARCHAR(64)  NOT NULL,
-    "finished_at"         TIMESTAMPTZ,
-    "migration_name"      VARCHAR(255) NOT NULL,
-    "logs"                TEXT,
-    "rolled_back_at"      TIMESTAMPTZ,
-    "started_at"          TIMESTAMPTZ  NOT NULL DEFAULT now(),
-    "applied_steps_count" INTEGER      NOT NULL DEFAULT 0
-  );
-`;
-
-export async function runLocalMigrations(db: PGlite): Promise<void> {
-  // Ensure tracking table exists
-  await db.exec(MIGRATIONS_TABLE);
-
-  const migrationsDir = path.join(process.cwd(), "prisma", "migrations");
-
-  if (!fs.existsSync(migrationsDir)) {
-    console.warn(
-      "[Brief] No migration files found. Run `prisma migrate dev --name init` to generate them."
-    );
-    return;
-  }
-
-  // Get already-applied migrations
-  const result = await db.query<{ migration_name: string }>(
-    `SELECT migration_name FROM "_prisma_migrations" WHERE finished_at IS NOT NULL ORDER BY started_at`
-  );
-  const applied = new Set(result.rows.map((r) => r.migration_name));
-
-  // Read migration directories sorted by name (timestamp prefix ensures order)
-  const dirs = fs
-    .readdirSync(migrationsDir)
-    .filter((d) => fs.statSync(path.join(migrationsDir, d)).isDirectory())
-    .sort();
-
-  for (const dir of dirs) {
-    if (applied.has(dir)) continue;
-
-    const sqlFile = path.join(migrationsDir, dir, "migration.sql");
-    if (!fs.existsSync(sqlFile)) continue;
-
-    const sql = fs.readFileSync(sqlFile, "utf-8");
-    const id = randomUUID();
-
-    try {
-      await db.exec(sql);
-      await db.query(
-        `INSERT INTO "_prisma_migrations"
-           (id, checksum, finished_at, migration_name, applied_steps_count)
-         VALUES ($1, '', now(), $2, 1)`,
-        [id, dir]
-      );
-      console.log(`[Brief] Applied migration: ${dir}`);
-    } catch (err) {
-      console.error(`[Brief] Migration failed: ${dir}`, err);
-      throw err;
-    }
-  }
-}

package/lib/email.ts

@@ -1,159 +0,0 @@
-/**
- * Transactional email service backed by Brevo (formerly Sendinblue).
- *
- * Identities are read from environment variables so they can be swapped
- * without code changes:
- *
- *   BREVO_API_KEY           – shared API key
- *   EMAIL_AUTH_FROM         – "Display Name <addr>"  (auth emails)
- *   EMAIL_AUTH_NAME         – sender display name
- *   EMAIL_AUTH_EMAIL        – sender address
- *   EMAIL_NOTIFY_FROM       – "Display Name <addr>"  (notifications)
- *   EMAIL_NOTIFY_NAME       – sender display name
- *   EMAIL_NOTIFY_EMAIL      – sender address
- *
- * If a given identity is not configured the call is silently skipped (and a
- * warning is logged) so local/dev environments without Brevo still work.
- */
-
-// ---------------------------------------------------------------------------
-// Types
-// ---------------------------------------------------------------------------
-
-export type EmailIdentity = "auth" | "notify";
-
-export interface SendEmailOptions {
-  /** Which sender identity to use. */
-  identity: EmailIdentity;
-  /** Recipient email address. */
-  to: string;
-  /** Email subject line. */
-  subject: string;
-  /** HTML body. */
-  html: string;
-  /** Optional plain-text body. */
-  text?: string;
-  /** Optional reply-to address. */
-  replyTo?: string;
-}
-
-interface BrevoSender {
-  name: string;
-  email: string;
-}
-
-// ---------------------------------------------------------------------------
-// Identity helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Parse a "Display Name <addr>" string into { name, email }.
- * Falls back to the env-provided name/email pair if FROM isn't set.
- */
-function parseFromHeader(
-  fromEnv: string | undefined,
-  nameEnv: string | undefined,
-  emailEnv: string | undefined
-): BrevoSender | null {
-  if (fromEnv) {
-    const match = /^(.+?)\s*<([^>]+)>$/.exec(fromEnv);
-    if (match) return { name: match[1].trim(), email: match[2].trim() };
-  }
-  if (nameEnv && emailEnv) return { name: nameEnv, email: emailEnv };
-  return null;
-}
-
-function getSender(identity: EmailIdentity): BrevoSender | null {
-  if (identity === "auth") {
-    return parseFromHeader(
-      process.env.EMAIL_AUTH_FROM,
-      process.env.EMAIL_AUTH_NAME,
-      process.env.EMAIL_AUTH_EMAIL
-    );
-  }
-  return parseFromHeader(
-    process.env.EMAIL_NOTIFY_FROM,
-    process.env.EMAIL_NOTIFY_NAME,
-    process.env.EMAIL_NOTIFY_EMAIL
-  );
-}
-
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-
-/**
- * Send a transactional email via Brevo.  Returns `true` on success, `false`
- * when the email could not be sent (missing config, API error, etc.).
- */
-export async function sendEmail(opts: SendEmailOptions): Promise<boolean> {
-  const apiKey = process.env.BREVO_API_KEY;
-  if (!apiKey) {
-    console.warn("[email] BREVO_API_KEY not configured — skipping email send.");
-    return false;
-  }
-
-  const sender = getSender(opts.identity);
-  if (!sender) {
-    console.warn(
-      `[email] Sender identity "${opts.identity}" not configured — skipping email send.`
-    );
-    return false;
-  }
-
-  const body: Record<string, unknown> = {
-    sender,
-    to: [{ email: opts.to }],
-    subject: opts.subject,
-    htmlContent: opts.html,
-  };
-  if (opts.text) body.textContent = opts.text;
-  if (opts.replyTo) body.replyTo = { email: opts.replyTo };
-
-  try {
-    const res = await fetch("https://api.brevo.com/v3/smtp/email", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        accept: "application/json",
-        "api-key": apiKey,
-      },
-      body: JSON.stringify(body),
-    });
-
-    if (!res.ok) {
-      const detail = await res.text().catch(() => "");
-      console.error(`[email] Brevo API ${res.status}: ${detail}`);
-      return false;
-    }
-
-    return true;
-  } catch (err) {
-    console.error("[email] Brevo send failed:", err);
-    return false;
-  }
-}
-
-/**
- * Convenience: send an auth-related email (magic link, password reset, etc.).
- */
-export function sendAuthEmail(
-  to: string,
-  subject: string,
-  html: string,
-  text?: string
-) {
-  return sendEmail({ identity: "auth", to, subject, html, text });
-}
-
-/**
- * Convenience: send a system notification email (report, update, etc.).
- */
-export function sendNotifyEmail(
-  to: string,
-  subject: string,
-  html: string,
-  text?: string
-) {
-  return sendEmail({ identity: "notify", to, subject, html, text });
-}

package/lib/encryption.test.ts

@@ -1,41 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { encryptNote, decryptNote, isEncrypted, generateSalt, ENC_PREFIX } from "@/lib/encryption";
-
-const SECRET = "test-pepper-do-not-use-in-prod";
-
-describe("encryption", () => {
-  it("round-trips plaintext through encrypt/decrypt", async () => {
-    const salt = generateSalt();
-    const plain = "# Title\n\n- [ ] do thing @alice 2026-01-02";
-    const cipher = await encryptNote(plain, SECRET, salt);
-    expect(cipher.startsWith(ENC_PREFIX)).toBe(true);
-    expect(cipher).not.toContain("do thing");
-    expect(await decryptNote(cipher, SECRET, salt)).toBe(plain);
-  });
-
-  it("marks ciphertext and not plaintext via isEncrypted", async () => {
-    const salt = generateSalt();
-    expect(isEncrypted("just some text")).toBe(false);
-    expect(isEncrypted(await encryptNote("hello", SECRET, salt))).toBe(true);
-  });
-
-  it("is idempotent — never double-encrypts", async () => {
-    const salt = generateSalt();
-    const once = await encryptNote("hello", SECRET, salt);
-    const twice = await encryptNote(once, SECRET, salt);
-    expect(twice).toBe(once);
-  });
-
-  it("returns legacy plaintext unchanged on decrypt", async () => {
-    const salt = generateSalt();
-    expect(await decryptNote("legacy plaintext", SECRET, salt)).toBe("legacy plaintext");
-  });
-
-  it("produces different ciphertext for the same input (random IV)", async () => {
-    const salt = generateSalt();
-    const a = await encryptNote("hello", SECRET, salt);
-    const b = await encryptNote("hello", SECRET, salt);
-    expect(a).not.toBe(b);
-    expect(await decryptNote(b, SECRET, salt)).toBe("hello");
-  });
-});

package/lib/encryption.ts

@@ -1,98 +0,0 @@
-/**
- * AES-256-GCM encryption-at-rest for Brief note content.
- *
- * Architecture (server-side, NOT end-to-end):
- *  - Server key:      ENCRYPTION_PEPPER env var (never stored in the DB)
- *  - Workspace salt:  random 16 bytes, stored in workspace.encryptionSalt (not sensitive)
- *  - Derived key:     PBKDF2(pepper, salt, 100_000 iterations, SHA-256) → 256-bit AES key
- *  - Ciphertext:      "enc:v1:" + base64( [IV (12 bytes)] + [GCM ciphertext+tag] )
- *
- * The server holds the key, so this protects against a database dump / at-rest
- * exposure — it is deliberately NOT E2E (that was dropped to keep multi-device
- * and team sync simple). Note content must never be persisted as plaintext.
- */
-
-const PBKDF2_ITERATIONS = 100_000;
-const SALT_BYTES = 16;
-const IV_BYTES = 12; // AES-GCM standard
-
-// Version marker prepended to every ciphertext. Lets us detect encrypted vs
-// plaintext content unambiguously (the old base64 heuristic mis-classified
-// plaintext that happened to look base64-ish).
-export const ENC_PREFIX = "enc:v1:";
-
-export function generateSalt(): string {
-  const bytes = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
-  return Buffer.from(bytes).toString("base64");
-}
-
-// --- Key derivation ---
-
-async function deriveKey(secret: string, saltBase64: string): Promise<CryptoKey> {
-  const enc = new TextEncoder();
-  const keyMaterial = await crypto.subtle.importKey(
-    "raw",
-    enc.encode(secret),
-    "PBKDF2",
-    false,
-    ["deriveKey"]
-  );
-  const salt = Buffer.from(saltBase64, "base64");
-  return crypto.subtle.deriveKey(
-    { name: "PBKDF2", salt, iterations: PBKDF2_ITERATIONS, hash: "SHA-256" },
-    keyMaterial,
-    { name: "AES-GCM", length: 256 },
-    false,
-    ["encrypt", "decrypt"]
-  );
-}
-
-// --- Encrypt / Decrypt ---
-
-/**
- * Encrypt plaintext using the server key + workspace salt.
- * Returns: ENC_PREFIX + base64([IV] + [ciphertext]).
- * Returns already-encrypted input unchanged (idempotent).
- */
-export async function encryptNote(plaintext: string, secret: string, saltBase64: string): Promise<string> {
-  if (isEncrypted(plaintext)) return plaintext;
-  const key = await deriveKey(secret, saltBase64);
-  const iv = crypto.getRandomValues(new Uint8Array(IV_BYTES));
-  const enc = new TextEncoder();
-  const ciphertext = await crypto.subtle.encrypt(
-    { name: "AES-GCM", iv },
-    key,
-    enc.encode(plaintext)
-  );
-  const combined = new Uint8Array(IV_BYTES + ciphertext.byteLength);
-  combined.set(iv, 0);
-  combined.set(new Uint8Array(ciphertext), IV_BYTES);
-  return ENC_PREFIX + Buffer.from(combined).toString("base64");
-}
-
-/**
- * Decrypt a value produced by encryptNote. If the input is not encrypted
- * (legacy plaintext row), it is returned unchanged.
- */
-export async function decryptNote(encrypted: string, secret: string, saltBase64: string): Promise<string> {
-  if (!isEncrypted(encrypted)) return encrypted; // legacy / plaintext safety
-  try {
-    const key = await deriveKey(secret, saltBase64);
-    const combined = Buffer.from(encrypted.slice(ENC_PREFIX.length), "base64");
-    const iv = combined.subarray(0, IV_BYTES);
-    const ciphertext = combined.subarray(IV_BYTES);
-    const dec = new TextDecoder();
-    const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext);
-    return dec.decode(plaintext);
-  } catch {
-    // Not genuinely our ciphertext (e.g. a note that literally starts with the
-    // marker, or a corrupted row). Return the raw value rather than throwing so
-    // a single bad row can't 500 the whole note read.
-    return encrypted;
-  }
-}
-
-/** True if a string is Brief-encrypted ciphertext (carries the version marker). */
-export function isEncrypted(content: string): boolean {
-  return content.startsWith(ENC_PREFIX);
-}