@m5kdev/backend 0.1.1 → 0.1.3

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
 
-> @m5kdev/backend@0.1.0 build /Users/michalkow/Projects/m5kdev/packages/backend
+> @m5kdev/backend@0.1.1 build /Users/michalkow/Projects/m5kdev/packages/backend
 > tsc --build
 

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @m5kdev/backend
 
+## 0.1.3
+
+### Patch Changes
+
+- build js
+- Updated dependencies
+  - @m5kdev/commons@0.1.3
+  - @m5kdev/config@0.1.3
+
+## 0.1.2
+
+### Patch Changes
+
+- build
+- Updated dependencies
+  - @m5kdev/commons@0.1.2
+  - @m5kdev/config@0.1.2
+
 ## 0.1.1
 
 ### Patch Changes

package/dist/src/lib/posthog.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.posthogClient = void 0;
+const posthog_node_1 = require("posthog-node");
+exports.posthogClient = new posthog_node_1.PostHog(process.env.VITE_PUBLIC_POSTHOG_KEY, {
+    host: process.env.VITE_PUBLIC_POSTHOG_HOST,
+});

package/dist/src/lib/sentry.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const Sentry = tslib_1.__importStar(require("@sentry/node"));
+Sentry.init({
+    dsn: process.env.SENTRY_SERVER_DNS,
+    // Set sampling rate for profiling - this is evaluated only once per SDK.init
+    profileSessionSampleRate: 1.0,
+});

package/dist/src/modules/access/access.repository.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessRepository = void 0;
+const tslib_1 = require("tslib");
+const drizzle_orm_1 = require("drizzle-orm");
+const neverthrow_1 = require("neverthrow");
+const auth = tslib_1.__importStar(require("#modules/auth/auth.db"));
+const base_repository_1 = require("#modules/base/base.repository");
+const schema = { ...auth };
+class AccessRepository extends base_repository_1.BaseRepository {
+    async getOrganizationRole(userId, organizationId) {
+        return this.throwableAsync(async () => {
+            const [member] = await this.orm
+                .select({ role: schema.members.role })
+                .from(schema.members)
+                .where((0, drizzle_orm_1.and)((0, drizzle_orm_1.eq)(schema.members.organizationId, organizationId), (0, drizzle_orm_1.eq)(schema.members.userId, userId)))
+                .limit(1);
+            return (0, neverthrow_1.ok)(member?.role ?? "");
+        });
+    }
+    async getTeamRole(userId, teamId) {
+        return this.throwableAsync(async () => {
+            const [member] = await this.orm
+                .select({ role: schema.teamMembers.role })
+                .from(schema.teamMembers)
+                .where((0, drizzle_orm_1.and)((0, drizzle_orm_1.eq)(schema.teamMembers.teamId, teamId), (0, drizzle_orm_1.eq)(schema.teamMembers.userId, userId)))
+                .limit(1);
+            return (0, neverthrow_1.ok)(member?.role ?? "");
+        });
+    }
+}
+exports.AccessRepository = AccessRepository;

package/dist/src/modules/access/access.service.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessService = void 0;
+const neverthrow_1 = require("neverthrow");
+const base_service_1 = require("#modules/base/base.service");
+class AccessService extends base_service_1.BaseService {
+    acr;
+    constructor(repositories, acr) {
+        super(repositories);
+        this.acr = acr;
+    }
+    authorize(level, role, request, connector = "AND") {
+        try {
+            return !!this.acr[level][role].authorize(request, connector).success;
+        }
+        catch (error) {
+            console.error(error);
+            return false;
+        }
+    }
+    async checkAccess(user, level, levelId, request, connector = "AND") {
+        const role = level === "organization"
+            ? await this.repository.access.getOrganizationRole(user.id, levelId)
+            : await this.repository.access.getTeamRole(user.id, levelId);
+        if (role.isErr())
+            return (0, neverthrow_1.err)(role.error);
+        return (0, neverthrow_1.ok)(this.authorize(level, role.value, request, connector));
+    }
+    async hasAccess(user, level, levelId, request, connector = "AND") {
+        // FIXME: catch all admin user access for now
+        if (user.role === "admin")
+            return (0, neverthrow_1.ok)(true);
+        const userAccess = this.authorize("user", user.role, request, connector);
+        if (level === "user")
+            return (0, neverthrow_1.ok)(userAccess && user.id === levelId);
+        if (userAccess)
+            return (0, neverthrow_1.ok)(true);
+        const organizationAccess = await this.checkAccess(user, "organization", levelId, request, connector);
+        if (organizationAccess.isErr())
+            return (0, neverthrow_1.err)(organizationAccess.error);
+        if (level === "organization")
+            return organizationAccess;
+        if (organizationAccess.value)
+            return (0, neverthrow_1.ok)(true);
+        const teamAccess = await this.checkAccess(user, "team", levelId, request, connector);
+        if (teamAccess.isErr())
+            return (0, neverthrow_1.err)(teamAccess.error);
+        return teamAccess;
+    }
+}
+exports.AccessService = AccessService;

package/dist/src/modules/access/access.test.js

@@ -0,0 +1,182 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const client_1 = require("@libsql/client");
+const libsql_1 = require("drizzle-orm/libsql");
+const fs_1 = tslib_1.__importDefault(require("fs"));
+const path_1 = tslib_1.__importDefault(require("path"));
+const access_repository_1 = require("#modules/access/access.repository");
+const access_service_1 = require("#modules/access/access.service");
+const access_utils_1 = require("#modules/access/access.utils");
+const authSchema = tslib_1.__importStar(require("#modules/auth/auth.db"));
+describe("AccessService", () => {
+    const statements = {
+        project: ["create", "share", "update", "delete"],
+    };
+    const roleDefinitions = {
+        user: {
+            admin: { project: ["create", "share", "update"] },
+        },
+        team: {
+            admin: { project: ["create", "share", "update"] },
+        },
+        organization: {
+            admin: { project: ["create", "share", "update"] },
+        },
+    };
+    const acr = (0, access_utils_1.createAccessRoles)(statements, roleDefinitions);
+    // Minimal repository stub; not used by authorize() unit tests
+    const accessService = new access_service_1.AccessService({ access: {} }, acr);
+    describe("user level", () => {
+        it("allows defined action", () => {
+            expect(accessService.authorize("user", "admin", { project: ["create"] })).toBe(true);
+        });
+        it("denies undefined action", () => {
+            expect(accessService.authorize("user", "admin", { project: ["delete"] })).toBe(false);
+        });
+        it("handles AND vs OR connectors for multiple actions", () => {
+            // admin has create but not delete
+            expect(accessService.authorize("user", "admin", { project: ["create", "delete"] }, "AND")).toBe(false);
+            expect(accessService.authorize("user", "admin", { project: { actions: ["create", "delete"], connector: "OR" } }, "OR")).toBe(true);
+        });
+    });
+    describe("team level", () => {
+        it("allows defined action", () => {
+            expect(accessService.authorize("team", "admin", { project: ["share"] })).toBe(true);
+        });
+        it("denies undefined action", () => {
+            expect(accessService.authorize("team", "admin", { project: ["delete"] })).toBe(false);
+        });
+    });
+    describe("organization level", () => {
+        it("allows defined action", () => {
+            expect(accessService.authorize("organization", "admin", { project: ["update"] })).toBe(true);
+        });
+        it("denies undefined action", () => {
+            expect(accessService.authorize("organization", "admin", { project: ["delete"] })).toBe(false);
+        });
+    });
+});
+describe("AccessRepository (libsql local)", () => {
+    const dbFile = path_1.default.join(__dirname, "access.test.sqlite");
+    const url = `file:${dbFile}`;
+    const client = (0, client_1.createClient)({ url });
+    const orm = (0, libsql_1.drizzle)(client, { schema: authSchema });
+    const repo = new access_repository_1.AccessRepository({ orm, schema: authSchema }, {});
+    beforeAll(async () => {
+        // Create minimal tables required for tests
+        await client.execute(`
+      CREATE TABLE IF NOT EXISTS members (
+        id TEXT PRIMARY KEY,
+        organization_id TEXT NOT NULL,
+        user_id TEXT NOT NULL,
+        role TEXT NOT NULL
+      );
+    `);
+        await client.execute(`
+      CREATE TABLE IF NOT EXISTS teammembers (
+        id TEXT PRIMARY KEY,
+        team_id TEXT NOT NULL,
+        user_id TEXT NOT NULL,
+        role TEXT NOT NULL
+      );
+    `);
+    });
+    beforeEach(async () => {
+        await client.execute({
+            sql: "INSERT INTO members (id, organization_id, user_id, role) VALUES (?, ?, ?, ?)",
+            args: ["m1", "org1", "user1", "admin"],
+        });
+        await client.execute({
+            sql: "INSERT INTO teammembers (id, team_id, user_id, role) VALUES (?, ?, ?, ?)",
+            args: ["tm1", "team1", "user1", "admin"],
+        });
+    });
+    afterEach(async () => {
+        await client.execute("DELETE FROM members;");
+        await client.execute("DELETE FROM teammembers;");
+    });
+    afterAll(async () => {
+        try {
+            await client.close();
+        }
+        catch { }
+        try {
+            if (fs_1.default.existsSync(dbFile))
+                fs_1.default.unlinkSync(dbFile);
+        }
+        catch { }
+    });
+    it("returns organization role for user", async () => {
+        const res = await repo.getOrganizationRole("user1", "org1");
+        expect(res.isOk()).toBe(true);
+        if (res.isOk())
+            expect(res.value).toBe("admin");
+    });
+    it("returns team role for user", async () => {
+        const res = await repo.getTeamRole("user1", "team1");
+        expect(res.isOk()).toBe(true);
+        if (res.isOk())
+            expect(res.value).toBe("admin");
+    });
+    describe("AccessService.hasAccess (with repo)", () => {
+        const hasAccessStatements = {
+            project: ["create", "share", "update", "delete"],
+        };
+        const hasAccessRoles = {
+            user: {
+                member: { project: ["create"] },
+            },
+            team: {
+                manager: { project: ["share"] },
+            },
+            organization: {
+                manager: { project: ["update"] },
+            },
+        };
+        const acr2 = (0, access_utils_1.createAccessRoles)(hasAccessStatements, hasAccessRoles);
+        const service = new access_service_1.AccessService({ access: repo }, acr2);
+        it("admin override grants access", async () => {
+            const result = await service.hasAccess({ id: "any", role: "admin" }, "organization", "whatever", { project: ["delete"] });
+            expect(result.isOk()).toBe(true);
+            if (result.isOk())
+                expect(result.value).toBe(true);
+        });
+        it("user level access only for self and allowed action", async () => {
+            const allowSelf = await service.hasAccess({ id: "user2", role: "member" }, "user", "user2", {
+                project: ["create"],
+            });
+            expect(allowSelf.isOk()).toBe(true);
+            if (allowSelf.isOk())
+                expect(allowSelf.value).toBe(true);
+            const denyOther = await service.hasAccess({ id: "user2", role: "member" }, "user", "other", {
+                project: ["create"],
+            });
+            expect(denyOther.isOk()).toBe(true);
+            if (denyOther.isOk())
+                expect(denyOther.value).toBe(false);
+        });
+        it("organization membership grants access based on repo role", async () => {
+            await client.execute({
+                sql: "INSERT INTO members (id, organization_id, user_id, role) VALUES (?, ?, ?, ?)",
+                args: ["m2", "org2", "user2", "manager"],
+            });
+            const result = await service.hasAccess({ id: "user2", role: "member" }, "organization", "org2", { project: ["update"] });
+            expect(result.isOk()).toBe(true);
+            if (result.isOk())
+                expect(result.value).toBe(true);
+        });
+        it("team membership grants access based on repo role", async () => {
+            await client.execute({
+                sql: "INSERT INTO teammembers (id, team_id, user_id, role) VALUES (?, ?, ?, ?)",
+                args: ["tm2", "team2", "user2", "manager"],
+            });
+            const result = await service.hasAccess({ id: "user2", role: "member" }, "team", "team2", {
+                project: ["share"],
+            });
+            expect(result.isOk()).toBe(true);
+            if (result.isOk())
+                expect(result.value).toBe(true);
+        });
+    });
+});

package/dist/src/modules/access/access.utils.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAccessRoles = createAccessRoles;
+const access_1 = require("better-auth/plugins/access");
+function createAccessRoles(statements, roleDefinitions) {
+    const ac = (0, access_1.createAccessControl)(statements);
+    const user = {};
+    const team = {};
+    const organization = {};
+    for (const [roleName, roleStatements] of Object.entries(roleDefinitions.user)) {
+        user[roleName] = ac.newRole(roleStatements);
+    }
+    for (const [roleName, roleStatements] of Object.entries(roleDefinitions.team)) {
+        team[roleName] = ac.newRole(roleStatements);
+    }
+    for (const [roleName, roleStatements] of Object.entries(roleDefinitions.organization)) {
+        organization[roleName] = ac.newRole(roleStatements);
+    }
+    return { ac, user, team, organization };
+}

package/dist/src/modules/ai/ai.db.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aiUsage = exports.chats = void 0;
+const sqlite_core_1 = require("drizzle-orm/sqlite-core");
+const uuid_1 = require("uuid");
+const auth_db_1 = require("#modules/auth/auth.db");
+exports.chats = (0, sqlite_core_1.sqliteTable)("chats", {
+    id: (0, sqlite_core_1.text)("id").primaryKey().$default(uuid_1.v4),
+    userId: (0, sqlite_core_1.text)("user_id")
+        .notNull()
+        .references(() => auth_db_1.users.id, { onDelete: "cascade" }),
+    title: (0, sqlite_core_1.text)("title"),
+    type: (0, sqlite_core_1.text)("type"),
+    conversation: (0, sqlite_core_1.text)("conversation", { mode: "json" }),
+    createdAt: (0, sqlite_core_1.integer)("created_at", { mode: "timestamp" }).$default(() => new Date()),
+    updatedAt: (0, sqlite_core_1.integer)("updated_at", { mode: "timestamp" })
+        .notNull()
+        .$default(() => new Date()),
+});
+exports.aiUsage = (0, sqlite_core_1.sqliteTable)("ai_usage", {
+    id: (0, sqlite_core_1.text)("id").primaryKey().$default(uuid_1.v4),
+    userId: (0, sqlite_core_1.text)("user_id").references(() => auth_db_1.users.id, { onDelete: "cascade" }),
+    teamId: (0, sqlite_core_1.text)("team_id").references(() => auth_db_1.teams.id, { onDelete: "cascade" }),
+    organizationId: (0, sqlite_core_1.text)("organization_id").references(() => auth_db_1.organizations.id, {
+        onDelete: "cascade",
+    }),
+    feature: (0, sqlite_core_1.text)("feature").notNull(),
+    provider: (0, sqlite_core_1.text)("provider").notNull(),
+    model: (0, sqlite_core_1.text)("model").notNull(),
+    inputTokens: (0, sqlite_core_1.integer)("input_tokens"),
+    outputTokens: (0, sqlite_core_1.integer)("output_tokens"),
+    totalTokens: (0, sqlite_core_1.integer)("total_tokens"),
+    cost: (0, sqlite_core_1.real)("cost"),
+    traceId: (0, sqlite_core_1.text)("trace_id"),
+    createdAt: (0, sqlite_core_1.integer)("created_at", { mode: "timestamp" })
+        .notNull()
+        .$default(() => new Date()),
+    metadata: (0, sqlite_core_1.text)("metadata", { mode: "json" }),
+});

package/dist/src/modules/ai/ai.prompt.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Prompt = void 0;
+const tslib_1 = require("tslib");
+const mustache_1 = tslib_1.__importDefault(require("mustache"));
+const logger_1 = require("#utils/logger");
+class Prompt {
+    prompt;
+    name;
+    type;
+    config;
+    version;
+    labels;
+    tags;
+    constructor(prompt, settings) {
+        this.prompt = prompt;
+        this.name = settings?.name;
+        this.type = settings?.type ?? "text";
+        this.config = settings?.config;
+        this.version = settings?.version;
+        this.labels = settings?.labels;
+        this.tags = settings?.tags;
+    }
+    compile(context) {
+        const result = mustache_1.default.render(this.prompt.trim(), context);
+        logger_1.logger.debug(`[PROMPT]: ${result.trim()}`);
+        return result.trim();
+    }
+}
+exports.Prompt = Prompt;

package/dist/src/modules/ai/ai.repository.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AiUsageRepository = void 0;
+const tslib_1 = require("tslib");
+const drizzle_orm_1 = require("drizzle-orm");
+const neverthrow_1 = require("neverthrow");
+const ai = tslib_1.__importStar(require("#modules/ai/ai.db"));
+const base_repository_1 = require("#modules/base/base.repository");
+const schema = { ...ai };
+class AiUsageRepository extends base_repository_1.BaseTableRepository {
+    getUsage(userId) {
+        return this.throwableAsync(async () => {
+            const [usage] = await this.orm
+                .select({
+                inputTokens: (0, drizzle_orm_1.sql) `SUM(${this.table.inputTokens})`,
+                outputTokens: (0, drizzle_orm_1.sql) `SUM(${this.table.outputTokens})`,
+                totalTokens: (0, drizzle_orm_1.sql) `SUM(${this.table.totalTokens})`,
+                cost: (0, drizzle_orm_1.sql) `SUM(${this.table.cost})`,
+            })
+                .from(this.table)
+                .where((0, drizzle_orm_1.eq)(this.table.userId, userId));
+            return (0, neverthrow_1.ok)(usage);
+        });
+    }
+}
+exports.AiUsageRepository = AiUsageRepository;

package/dist/src/modules/ai/ai.router.js

@@ -0,0 +1,132 @@
+"use strict";
+// import { openai } from "@ai-sdk/openai";
+// import { open}
+// import { withTracing } from "@posthog/ai";
+// import {
+//   appendClientMessage,
+//   appendResponseMessages,
+//   type Message,
+//   streamText,
+//   type Tool,
+// } from "ai";
+// import bodyParser from "body-parser";
+// import { and, eq } from "drizzle-orm";
+// import express, { type Response, type Router } from "express";
+// import { v4 as uuidv4 } from "uuid";
+// import type { AuthRequest, createAuthMiddleware } from "../auth/auth.middleware";
+// import { type Orm, schema } from "../db";
+// import { logger } from "../logger";
+// import { posthogClient } from "../posthog";
+Object.defineProperty(exports, "__esModule", { value: true });
+// export type Tooling = Record<
+//   string,
+//   {
+//     getMesseges: (chatId: string) => Promise<Message[]>;
+//     getTools: (chatId: string) => Promise<
+//       Record<
+//         string,
+//         {
+//           tool: Tool;
+//           handler?: (
+//             chatId: string,
+//             args: unknown,
+//             user: NonNullable<AuthRequest["user"]>
+//           ) => Promise<void>;
+//         }
+//       >
+//     >;
+//   }
+// >;
+// export function tracedOpenAiModel(
+//   model: Parameters<typeof openai>[0],
+//   clientOptions: Parameters<typeof withTracing>[2]
+// ) {
+//   return withTracing(openai(model), posthogClient, clientOptions);
+// }
+// async function getRouteSettings(id: string, name: string, settings: Tooling) {
+//   const entity = settings[name as keyof typeof settings];
+//   if (!entity) return { tools: {}, entityMesseges: [], entityTools: {} };
+//   const entityTools = await entity.getTools(id);
+//   const entityMesseges = await entity.getMesseges(id);
+//   const tools = Object.entries(entityTools).reduce<
+//     Record<string, (typeof entityTools)[keyof typeof entityTools]["tool"]>
+//   >((acc, [key, value]) => {
+//     acc[key] = value.tool as (typeof entityTools)[keyof typeof entityTools]["tool"];
+//     return acc;
+//   }, {});
+//   return { tools, entityMesseges, entityTools };
+// }
+// export function createAiRouter(
+//   orm: Orm,
+//   authMiddleware: ReturnType<typeof createAuthMiddleware>,
+//   settings: Tooling
+// ) {
+//   const aiRouter: Router = express.Router();
+//   aiRouter.use(bodyParser.json());
+//   aiRouter.post("/completion/:name", authMiddleware, async (req: AuthRequest, res: Response) => {
+//     try {
+//       const { id, message } = req.body as {
+//         id: string;
+//         message: Message;
+//       };
+//       logger.info(req.body, "body");
+//       const { name } = req.params;
+//       const user = req.user!;
+//       logger.info(message, "Received message:");
+//       const { tools, entityMesseges, entityTools } = await getRouteSettings(id, name, settings);
+//       const [chat] = await orm
+//         .select()
+//         .from(schema.chats)
+//         .where(and(eq(schema.chats.id, id), eq(schema.chats.userId, user.id)));
+//       if (!chat) throw new Error("Chat not found");
+//       const messages = appendClientMessage({
+//         messages: (chat.conversation || []) as Message[],
+//         message,
+//       });
+//       // Process any tool invocations in the message
+//       const toolInvocation = message?.parts?.find((p) => p.type === "tool-invocation");
+//       if (toolInvocation) {
+//         logger.info(toolInvocation, "Processing tool invocation:");
+//         const tool =
+//           entityTools[toolInvocation.toolInvocation.toolName as keyof typeof entityTools];
+//         if (tool?.handler) {
+//           const result = await tool.handler(id, toolInvocation.toolInvocation.args, user);
+//           logger.info({ result }, "Tool handler result:");
+//         }
+//       }
+//       logger.info([...entityMesseges, ...messages], "Processed messages");
+//       const result = streamText({
+//         model: tracedOpenAiModel("gpt-4o", {
+//           posthogDistinctId: user.id,
+//           posthogProperties: { conversation_id: id, paid: true },
+//           posthogPrivacyMode: false,
+//         }),
+//         experimental_generateMessageId: uuidv4,
+//         messages: [...entityMesseges, ...messages],
+//         async onFinish({ response }) {
+//           logger.info(response, "Final response:");
+//           try {
+//             await orm
+//               .update(schema.chats)
+//               .set({
+//                 conversation: appendResponseMessages({
+//                   messages,
+//                   responseMessages: response.messages,
+//                 }),
+//               })
+//               .where(eq(schema.chats.id, id));
+//           } catch (error) {
+//             logger.error("Error in onFinish handler:", error);
+//           }
+//         },
+//         tools,
+//       });
+//       result.consumeStream();
+//       result.pipeDataStreamToResponse(res);
+//     } catch (error) {
+//       logger.error(error, "Error in ai handler");
+//       res.status(500).send({ error: "Internal Server Error" });
+//     }
+//   });
+//   return aiRouter;
+// }