@knotpad/app 0.1.0

package/app/api/billing/webhook/route.tsx

@@ -0,0 +1,199 @@
+import { NextRequest, NextResponse } from "next/server";
+import Stripe from "stripe";
+import { prisma } from "@/lib/prisma";
+import { stripe } from "@/lib/stripe";
+
+export const dynamic = "force-dynamic";
+
+export async function POST(req: NextRequest) {
+  const body = await req.text();
+  const sig = req.headers.get("stripe-signature");
+
+  if (!sig || !process.env.STRIPE_WEBHOOK_SECRET) {
+    return NextResponse.json({ error: "Missing signature" }, { status: 400 });
+  }
+
+  let event: Stripe.Event;
+  try {
+    event = stripe.webhooks.constructEvent(body, sig, process.env.STRIPE_WEBHOOK_SECRET);
+  } catch {
+    return NextResponse.json({ error: "Webhook signature verification failed" }, { status: 400 });
+  }
+
+  // ── Idempotency guard ──────────────────────────────────────────────────────
+  // Stripe retries events for up to 3 days on non-2xx responses. Store the
+  // event ID before processing so replays are ignored without re-running logic.
+  const alreadyProcessed = await prisma.stripeWebhookEvent.findUnique({
+    where: { id: event.id },
+  });
+  if (alreadyProcessed) {
+    return NextResponse.json({ received: true });
+  }
+  await prisma.stripeWebhookEvent.create({
+    data: { id: event.id, type: event.type },
+  });
+  // ────────────────────────────────────────────────────────────────────────────
+
+  console.log(`[brief/webhook] processing event ${event.id} (${event.type})`);
+
+  switch (event.type) {
+    case "checkout.session.completed": {
+      const session = event.data.object as Stripe.Checkout.Session;
+      const workspaceId = session.metadata?.workspaceId;
+      const planType = session.metadata?.planType as "PERSONAL_PRO" | "TEAM_PRO" | undefined;
+      const subId = typeof session.subscription === "string" ? session.subscription : session.subscription?.id;
+
+      if (!workspaceId || !planType || !subId) {
+        console.warn(`[brief/webhook] checkout.session.completed missing metadata`, { workspaceId, planType, subId });
+        break;
+      }
+
+      const sub = await stripe.subscriptions.retrieve(subId);
+      const quantity = sub.items.data[0]?.quantity ?? 1;
+
+      await prisma.workspace.update({
+        where: { id: workspaceId },
+        data: {
+          planType,
+          isPro: true,
+          isCloud: true,
+          stripeSubId: subId,
+          seatCount: quantity,
+        },
+      });
+
+      // Fire-and-forget: copy local PGlite data to Neon for cloud-first mode.
+      // The migrate endpoint is idempotent — safe to retry.
+      const migrateUrl = `${process.env.NEXTAUTH_URL}/api/billing/migrate`;
+      fetch(migrateUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${process.env.CRON_SECRET ?? ""}`,
+        },
+        body: JSON.stringify({ workspaceId }),
+        signal: AbortSignal.timeout(10_000),
+      }).catch((err) => console.error("[brief/webhook] migration trigger failed:", err));
+
+      break;
+    }
+
+    case "customer.subscription.updated": {
+      const sub = event.data.object as Stripe.Subscription;
+      const workspaceId = sub.metadata?.workspaceId;
+      if (!workspaceId) {
+        console.warn(`[brief/webhook] subscription.updated missing workspaceId metadata`);
+        break;
+      }
+
+      const quantity = sub.items.data[0]?.quantity ?? 1;
+      const active = sub.status === "active" || sub.status === "trialing";
+
+      if (active) {
+        await prisma.workspace.update({
+          where: { id: workspaceId },
+          data: { seatCount: quantity },
+        });
+      } else {
+        // Subscription lapsed — downgrade workspace
+        await prisma.workspace.update({
+          where: { id: workspaceId },
+          data: {
+            planType: "FREE",
+            isPro: false,
+            isCloud: false,
+            stripeSubId: null,
+          },
+        });
+      }
+      break;
+    }
+
+    case "customer.subscription.deleted":
+    case "customer.subscription.paused": {
+      // Both deleted and paused mean the user loses access.
+      const sub = event.data.object as Stripe.Subscription;
+      const workspaceId = sub.metadata?.workspaceId;
+      if (!workspaceId) {
+        console.warn(`[brief/webhook] ${event.type} missing workspaceId metadata`);
+        break;
+      }
+
+      await prisma.workspace.update({
+        where: { id: workspaceId },
+        data: {
+          planType: "FREE",
+          isPro: false,
+          isCloud: false,
+          stripeSubId: null,
+          seatCount: 1,
+        },
+      });
+      break;
+    }
+
+    case "invoice.payment_failed": {
+      // Renewal failed — downgrade until payment is recovered.
+      // In API version 2026-04-22.dahlia, the subscription lives under parent.subscription_details.
+      const invoice = event.data.object as Stripe.Invoice;
+      const subRef = invoice.parent?.subscription_details?.subscription;
+      const subId = typeof subRef === "string" ? subRef : subRef?.id;
+      if (!subId) break;
+
+      const sub = await stripe.subscriptions.retrieve(subId);
+      const workspaceId = sub.metadata?.workspaceId;
+      if (!workspaceId) break;
+
+      await prisma.workspace.update({
+        where: { id: workspaceId },
+        data: {
+          planType: "FREE",
+          isPro: false,
+          isCloud: false,
+          stripeSubId: null,
+          seatCount: 1,
+        },
+      });
+      console.log(`[brief/webhook] workspace ${workspaceId} downgraded — invoice.payment_failed`);
+      break;
+    }
+
+    case "invoice.payment_succeeded": {
+      const invoice = event.data.object as Stripe.Invoice;
+      const subRef = invoice.parent?.subscription_details?.subscription;
+      const subId = typeof subRef === "string" ? subRef : subRef?.id;
+      if (!subId) break;
+
+      const sub = await stripe.subscriptions.retrieve(subId);
+      const workspaceId = sub.metadata?.workspaceId;
+      if (!workspaceId) break;
+
+      // Don't re-upgrade if already pro (first invoice fires this too)
+      const workspace = await prisma.workspace.findUnique({ where: { id: workspaceId } });
+      if (workspace?.isPro) break;
+
+      const quantity = sub.items.data[0]?.quantity ?? 1;
+      const planType = sub.metadata?.planType as "PERSONAL_PRO" | "TEAM_PRO" | undefined;
+      if (!planType) break;
+
+      await prisma.workspace.update({
+        where: { id: workspaceId },
+        data: {
+          planType,
+          isPro: true,
+          isCloud: true,
+          stripeSubId: subId,
+          seatCount: quantity,
+        },
+      });
+      console.log(`[brief/webhook] workspace ${workspaceId} re-activated — invoice.payment_succeeded`);
+      break;
+    }
+
+    default:
+      // Unknown event type — safe to ignore
+      break;
+  }
+
+  return NextResponse.json({ received: true });
+}

package/app/api/calendar-feeds/[feedId]/route.tsx

@@ -0,0 +1,67 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { notFound, parseJson, unauthorized } from "@/lib/api-error";
+import { updateFeedSchema } from "@/lib/validation/calendar-feed";
+import { encryptFeedUrl } from "@/lib/calendar-feed-crypto";
+import { generateSalt } from "@/lib/encryption";
+import { fetchAndCacheFeed } from "@/lib/calendar-feed";
+
+export async function PATCH(
+  req: NextRequest,
+  { params }: { params: Promise<{ feedId: string }> }
+) {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const { feedId } = await params;
+  const feed = await prisma.calendarFeed.findFirst({
+    where: { id: feedId, userId: session.user.id },
+  });
+  if (!feed) return notFound();
+
+  const parsed = await parseJson(req, updateFeedSchema);
+  if (parsed.response) return parsed.response;
+  const { label, url, enabled, color } = parsed.data;
+
+  const data: { label?: string; enabled?: boolean; color?: string; encryptedUrl?: string; urlSalt?: string } = {};
+  if (label !== undefined) data.label = label;
+  if (enabled !== undefined) data.enabled = enabled;
+  if (color !== undefined) data.color = color;
+  if (url !== undefined) {
+    const salt = generateSalt();
+    data.encryptedUrl = await encryptFeedUrl(url, salt);
+    data.urlSalt = salt;
+  }
+
+  await prisma.calendarFeed.update({ where: { id: feedId }, data });
+
+  if (url !== undefined) {
+    await fetchAndCacheFeed(feedId);
+  }
+
+  const updated = await prisma.calendarFeed.findUnique({
+    where: { id: feedId },
+    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
+  });
+
+  return NextResponse.json(updated);
+}
+
+export async function DELETE(
+  _req: NextRequest,
+  { params }: { params: Promise<{ feedId: string }> }
+) {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const { feedId } = await params;
+  const feed = await prisma.calendarFeed.findFirst({
+    where: { id: feedId, userId: session.user.id },
+  });
+  if (!feed) return notFound();
+
+  await prisma.calendarFeed.delete({ where: { id: feedId } });
+
+  return NextResponse.json({ ok: true });
+}

package/app/api/calendar-feeds/[feedId]/sync/route.tsx

@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { notFound, unauthorized } from "@/lib/api-error";
+import { fetchAndCacheFeed } from "@/lib/calendar-feed";
+import { rateLimit } from "@/lib/rate-limit";
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ feedId: string }> }
+) {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const limit = rateLimit(`calendar-feed-sync:${session.user.id}`, 10, 60_000);
+  if (limit.limited) {
+    return NextResponse.json(
+      { error: "Too many sync requests, please wait a moment" },
+      { status: 429, headers: { "Retry-After": String(limit.retryAfter) } }
+    );
+  }
+
+  const { feedId } = await params;
+  const feed = await prisma.calendarFeed.findFirst({
+    where: { id: feedId, userId: session.user.id },
+  });
+  if (!feed) return notFound();
+
+  const result = await fetchAndCacheFeed(feedId);
+
+  const updated = await prisma.calendarFeed.findUnique({
+    where: { id: feedId },
+    select: { id: true, label: true, enabled: true, lastFetchedAt: true, lastError: true },
+  });
+
+  return NextResponse.json({ ...updated, syncOk: result.ok });
+}

package/app/api/calendar-feeds/events/route.tsx

@@ -0,0 +1,82 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { apiError, unauthorized } from "@/lib/api-error";
+
+const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
+
+export async function GET(req: NextRequest) {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const { searchParams } = req.nextUrl;
+  const start = searchParams.get("start");
+  const end = searchParams.get("end");
+  if (!start || !end || !DATE_RE.test(start) || !DATE_RE.test(end)) {
+    return apiError("start and end query params required (YYYY-MM-DD)", 400);
+  }
+
+  const rangeStart = new Date(`${start}T00:00:00.000Z`);
+  const rangeEnd = new Date(`${end}T23:59:59.999Z`);
+
+  const events = await prisma.calendarFeedEvent.findMany({
+    where: {
+      feed: { userId: session.user.id, enabled: true },
+      start: { lte: rangeEnd },
+      end: { gte: rangeStart },
+    },
+    include: { feed: { select: { id: true, label: true, color: true } } },
+    orderBy: { start: "asc" },
+  });
+
+  const byDate: Record<
+    string,
+    { title: string; start: string; end: string; allDay: boolean; feedId: string; feedLabel: string; feedColor: string }[]
+  > = {};
+
+  for (const e of events) {
+    if (e.allDay) {
+      const eventStartStr = e.start.toISOString().slice(0, 10);
+      const eventEndStr = e.end.toISOString().slice(0, 10);
+      const overlapStartStr = eventStartStr < start ? start : eventStartStr;
+      const overlapEndStr = eventEndStr > end ? end : eventEndStr;
+
+      const cursor = new Date(`${overlapStartStr}T00:00:00.000Z`);
+      const limit = new Date(`${overlapEndStr}T00:00:00.000Z`);
+      while (cursor <= limit) {
+        const key = cursor.toISOString().slice(0, 10);
+        (byDate[key] ??= []).push({
+          title: e.title,
+          start: e.start.toISOString(),
+          end: e.end.toISOString(),
+          allDay: e.allDay,
+          feedId: e.feed.id,
+          feedLabel: e.feed.label,
+          feedColor: e.feed.color,
+        });
+        cursor.setUTCDate(cursor.getUTCDate() + 1);
+      }
+    } else {
+      // Bucket multi-day events under each day they overlap within the range.
+      const dayCursor = new Date(Math.max(e.start.getTime(), rangeStart.getTime()));
+      dayCursor.setUTCHours(0, 0, 0, 0);
+      const last = new Date(Math.min(e.end.getTime(), rangeEnd.getTime()));
+
+      while (dayCursor <= last) {
+        const key = dayCursor.toISOString().slice(0, 10);
+        (byDate[key] ??= []).push({
+          title: e.title,
+          start: e.start.toISOString(),
+          end: e.end.toISOString(),
+          allDay: e.allDay,
+          feedId: e.feed.id,
+          feedLabel: e.feed.label,
+          feedColor: e.feed.color,
+        });
+        dayCursor.setUTCDate(dayCursor.getUTCDate() + 1);
+      }
+    }
+  }
+
+  return NextResponse.json({ events: byDate });
+}

package/app/api/calendar-feeds/route.tsx

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { apiError, parseJson, unauthorized } from "@/lib/api-error";
+import { createFeedSchema } from "@/lib/validation/calendar-feed";
+import { encryptFeedUrl } from "@/lib/calendar-feed-crypto";
+import { generateSalt } from "@/lib/encryption";
+import { fetchAndCacheFeed } from "@/lib/calendar-feed";
+import { MAX_CALENDAR_FEEDS } from "@/lib/limits";
+
+export async function GET() {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const feeds = await prisma.calendarFeed.findMany({
+    where: { userId: session.user.id },
+    orderBy: { createdAt: "asc" },
+    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
+  });
+
+  return NextResponse.json(feeds);
+}
+
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const parsed = await parseJson(req, createFeedSchema);
+  if (parsed.response) return parsed.response;
+  const { label, url, color } = parsed.data;
+
+  const count = await prisma.calendarFeed.count({ where: { userId: session.user.id } });
+  if (count >= MAX_CALENDAR_FEEDS) {
+    return apiError(`You can connect up to ${MAX_CALENDAR_FEEDS} calendars`, 400);
+  }
+
+  const salt = generateSalt();
+  const encryptedUrl = await encryptFeedUrl(url, salt);
+
+  const feed = await prisma.calendarFeed.create({
+    data: { userId: session.user.id, label, encryptedUrl, urlSalt: salt, color: color ?? "sky" },
+  });
+
+  const result = await fetchAndCacheFeed(feed.id);
+
+  const updated = await prisma.calendarFeed.findUnique({
+    where: { id: feed.id },
+    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
+  });
+
+  return NextResponse.json({ ...updated, syncOk: result.ok }, { status: 201 });
+}

package/app/api/calendar-feeds/sync-all/route.tsx

@@ -0,0 +1,34 @@
+import { NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { unauthorized } from "@/lib/api-error";
+import { fetchAndCacheFeed } from "@/lib/calendar-feed";
+import { rateLimit } from "@/lib/rate-limit";
+
+/** POST /api/calendar-feeds/sync-all — refresh every enabled feed for the user. */
+export async function POST() {
+  const session = await auth();
+  if (!session) return unauthorized();
+
+  const limit = rateLimit(`calendar-feed-sync-all:${session.user.id}`, 3, 60_000);
+  if (limit.limited) {
+    return NextResponse.json(
+      { error: "Too many sync requests, please wait a moment" },
+      { status: 429, headers: { "Retry-After": String(limit.retryAfter) } },
+    );
+  }
+
+  const feeds = await prisma.calendarFeed.findMany({
+    where: { userId: session.user.id, enabled: true },
+    select: { id: true },
+  });
+
+  // Run syncs sequentially to avoid hammering upstream servers
+  const results: { id: string; ok: boolean; error?: string }[] = [];
+  for (const feed of feeds) {
+    const r = await fetchAndCacheFeed(feed.id);
+    results.push({ id: feed.id, ...r });
+  }
+
+  return NextResponse.json({ results });
+}

package/app/api/cron/calendar-feeds/route.tsx

@@ -0,0 +1,31 @@
+/**
+ * Cron-triggered calendar feed sync.
+ * Refreshes cached events for all enabled CalendarFeed subscriptions.
+ * Secured with CRON_SECRET header (same pattern as app/api/cron/sync/route.tsx).
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { fetchAndCacheFeed } from "@/lib/calendar-feed";
+
+export async function POST(req: NextRequest) {
+  const cronSecret = process.env.CRON_SECRET;
+  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const feeds = await prisma.calendarFeed.findMany({
+    where: { enabled: true },
+    select: { id: true },
+  });
+
+  const results = await Promise.allSettled(feeds.map((f) => fetchAndCacheFeed(f.id)));
+
+  const summary = results.map((r, i) => ({
+    feedId: feeds[i].id,
+    ok: r.status === "fulfilled" ? r.value.ok : false,
+    error: r.status === "fulfilled" ? r.value.error : String(r.reason),
+  }));
+
+  return NextResponse.json({ synced: summary.length, summary });
+}

package/app/api/cron/stale-tasks/route.tsx

@@ -0,0 +1,51 @@
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+
+// Called by a cron job or scheduled trigger every 15 minutes.
+// Marks claimed tasks with no heartbeat for >4hrs as stale and auto-releases them.
+// Protected by a simple CRON_SECRET header.
+export async function POST(req: NextRequest) {
+  const cronSecret = process.env.CRON_SECRET;
+  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const staleThreshold = new Date(Date.now() - 4 * 60 * 60 * 1000);
+
+  const staleTasks = await prisma.task.findMany({
+    where: {
+      status: { in: ["CLAIMED", "IN_PROGRESS"] },
+      claimedBy: { not: null },
+      lastHeartbeat: { lt: staleThreshold },
+    },
+    include: { workspace: { include: { members: { where: { role: "OWNER" } } } } },
+  });
+
+  let released = 0;
+  for (const task of staleTasks) {
+    const owner = task.workspace.members[0];
+    await prisma.$transaction(async (tx) => {
+      await tx.task.update({
+        where: { id: task.id },
+        data: { status: "OPEN", claimedBy: null, claimedByAlias: null, claimedAt: null, lastHeartbeat: null },
+      });
+      await tx.auditLog.create({
+        data: { taskId: task.id, action: "auto_released", detail: "auto-released after 4hr inactivity" },
+      });
+      if (owner) {
+        await tx.notification.create({
+          data: {
+            userId: owner.userId,
+            type: "stale_release",
+            title: `Task auto-released: "${task.title}"`,
+            body: "No heartbeat for 4 hours. Returned to agent pool.",
+            taskId: task.id,
+          },
+        });
+      }
+    });
+    released++;
+  }
+
+  return NextResponse.json({ released });
+}

package/app/api/cron/sync/route.tsx

@@ -0,0 +1,34 @@
+/**
+ * Cron-triggered sync endpoint.
+ * Called every 5 minutes by the hosting platform's scheduler (Dokploy/Nixpacks cron).
+ * Secured with CRON_SECRET header to prevent unauthorized triggers.
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { runProFlush } from "@/lib/pro-flush";
+
+export async function POST(req: NextRequest) {
+  const cronSecret = process.env.CRON_SECRET;
+  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  // Find all cloud-enabled pro workspaces
+  const workspaces = await prisma.workspace.findMany({
+    where: { isPro: true, isCloud: true },
+    select: { id: true },
+  });
+
+  const results = await Promise.allSettled(
+    workspaces.map((w) => runProFlush(w.id))
+  );
+
+  const summary = results.map((r, i) => ({
+    workspaceId: workspaces[i].id,
+    status: r.status === "fulfilled" ? r.value.status : "error",
+    error: r.status === "rejected" ? String(r.reason) : undefined,
+  }));
+
+  return NextResponse.json({ synced: summary.length, summary });
+}

package/app/api/devices/[deviceId]/route.tsx

@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+
+export async function DELETE(
+  _req: NextRequest,
+  { params }: { params: Promise<{ deviceId: string }> }
+) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const { deviceId } = await params;
+
+  const device = await prisma.deviceSession.findUnique({ where: { id: deviceId } });
+  if (!device || device.userId !== session.user.id) {
+    return NextResponse.json({ error: "Not found" }, { status: 404 });
+  }
+
+  await prisma.deviceSession.update({
+    where: { id: deviceId },
+    data: { revokedAt: new Date() },
+  });
+
+  return NextResponse.json({ ok: true });
+}

package/app/api/devices/route.tsx

@@ -0,0 +1,41 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+
+export async function GET() {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const devices = await prisma.deviceSession.findMany({
+    where: { userId: session.user.id, revokedAt: null },
+    orderBy: { lastActive: "desc" },
+  });
+
+  return NextResponse.json(devices.map((d) => ({
+    id: d.id,
+    deviceName: d.deviceName,
+    deviceId: d.deviceId,
+    lastActive: d.lastActive.toISOString(),
+    createdAt: d.createdAt.toISOString(),
+  })));
+}
+
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const { deviceId, deviceName } = await req.json();
+  if (!deviceId) return NextResponse.json({ error: "deviceId required" }, { status: 400 });
+
+  const device = await prisma.deviceSession.upsert({
+    where: { deviceId },
+    create: {
+      userId: session.user.id,
+      deviceId,
+      deviceName: deviceName ?? "Unknown Device",
+    },
+    update: { lastActive: new Date(), revokedAt: null },
+  });
+
+  return NextResponse.json({ id: device.id });
+}