npm - @memberjunction/server - Versions diffs - 3.3.0 → 3.4.0 - Mend

@memberjunction/server 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/README.md +59 -0
package/dist/auth/BaseAuthProvider.d.ts +1 -0
package/dist/auth/BaseAuthProvider.d.ts.map +1 -1
package/dist/auth/BaseAuthProvider.js +2 -0
package/dist/auth/BaseAuthProvider.js.map +1 -1
package/dist/auth/IAuthProvider.d.ts +1 -0
package/dist/auth/IAuthProvider.d.ts.map +1 -1
package/dist/config.js +2 -2
package/dist/config.js.map +1 -1
package/dist/generated/generated.d.ts +431 -2
package/dist/generated/generated.d.ts.map +1 -1
package/dist/generated/generated.js +3052 -379
package/dist/generated/generated.js.map +1 -1
package/dist/generic/ResolverBase.d.ts +1 -0
package/dist/generic/ResolverBase.d.ts.map +1 -1
package/dist/generic/ResolverBase.js +30 -0
package/dist/generic/ResolverBase.js.map +1 -1
package/dist/index.d.ts +2 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/resolvers/APIKeyResolver.d.ts +2 -1
package/dist/resolvers/APIKeyResolver.d.ts.map +1 -1
package/dist/resolvers/APIKeyResolver.js +4 -1
package/dist/resolvers/APIKeyResolver.js.map +1 -1
package/dist/resolvers/ActionResolver.d.ts +2 -1
package/dist/resolvers/ActionResolver.d.ts.map +1 -1
package/dist/resolvers/ActionResolver.js +4 -1
package/dist/resolvers/ActionResolver.js.map +1 -1
package/dist/resolvers/DatasetResolver.d.ts +5 -4
package/dist/resolvers/DatasetResolver.d.ts.map +1 -1
package/dist/resolvers/DatasetResolver.js +7 -4
package/dist/resolvers/DatasetResolver.js.map +1 -1
package/dist/resolvers/EntityCommunicationsResolver.d.ts +2 -1
package/dist/resolvers/EntityCommunicationsResolver.d.ts.map +1 -1
package/dist/resolvers/EntityCommunicationsResolver.js +3 -1
package/dist/resolvers/EntityCommunicationsResolver.js.map +1 -1
package/dist/resolvers/GetDataContextDataResolver.d.ts +2 -1
package/dist/resolvers/GetDataContextDataResolver.d.ts.map +1 -1
package/dist/resolvers/GetDataContextDataResolver.js +10 -3
package/dist/resolvers/GetDataContextDataResolver.js.map +1 -1
package/dist/resolvers/MCPResolver.d.ts +37 -0
package/dist/resolvers/MCPResolver.d.ts.map +1 -0
package/dist/resolvers/MCPResolver.js +363 -0
package/dist/resolvers/MCPResolver.js.map +1 -0
package/dist/resolvers/MergeRecordsResolver.d.ts +2 -1
package/dist/resolvers/MergeRecordsResolver.d.ts.map +1 -1
package/dist/resolvers/MergeRecordsResolver.js +3 -1
package/dist/resolvers/MergeRecordsResolver.js.map +1 -1
package/dist/resolvers/QueryResolver.d.ts +2 -1
package/dist/resolvers/QueryResolver.d.ts.map +1 -1
package/dist/resolvers/QueryResolver.js +6 -1
package/dist/resolvers/QueryResolver.js.map +1 -1
package/dist/resolvers/ReportResolver.d.ts +2 -1
package/dist/resolvers/ReportResolver.d.ts.map +1 -1
package/dist/resolvers/ReportResolver.js +4 -1
package/dist/resolvers/ReportResolver.js.map +1 -1
package/dist/resolvers/RunAIAgentResolver.d.ts.map +1 -1
package/dist/resolvers/RunAIAgentResolver.js +2 -0
package/dist/resolvers/RunAIAgentResolver.js.map +1 -1
package/dist/resolvers/RunAIPromptResolver.d.ts.map +1 -1
package/dist/resolvers/RunAIPromptResolver.js +3 -0
package/dist/resolvers/RunAIPromptResolver.js.map +1 -1
package/dist/resolvers/RunTemplateResolver.d.ts.map +1 -1
package/dist/resolvers/RunTemplateResolver.js +1 -0
package/dist/resolvers/RunTemplateResolver.js.map +1 -1
package/dist/resolvers/TaskResolver.d.ts.map +1 -1
package/dist/resolvers/TaskResolver.js +1 -0
package/dist/resolvers/TaskResolver.js.map +1 -1
package/dist/resolvers/UserResolver.d.ts.map +1 -1
package/dist/resolvers/UserResolver.js +4 -0
package/dist/resolvers/UserResolver.js.map +1 -1
package/package.json +47 -46
package/src/auth/BaseAuthProvider.ts +3 -0
package/src/auth/IAuthProvider.ts +5 -0
package/src/config.ts +2 -2
package/src/generated/generated.ts +2020 -334
package/src/generic/ResolverBase.ts +89 -3
package/src/index.ts +10 -2
package/src/resolvers/APIKeyResolver.ts +8 -1
package/src/resolvers/ActionResolver.ts +8 -1
package/src/resolvers/DatasetResolver.ts +11 -4
package/src/resolvers/EntityCommunicationsResolver.ts +5 -1
package/src/resolvers/GetDataContextDataResolver.ts +14 -6
package/src/resolvers/MCPResolver.ts +480 -0
package/src/resolvers/MergeRecordsResolver.ts +5 -1
package/src/resolvers/QueryResolver.ts +17 -3
package/src/resolvers/ReportResolver.ts +8 -1
package/src/resolvers/RunAIAgentResolver.ts +6 -0
package/src/resolvers/RunAIPromptResolver.ts +10 -1
package/src/resolvers/RunTemplateResolver.ts +4 -1
package/src/resolvers/TaskResolver.ts +3 -0
package/src/resolvers/UserResolver.ts +15 -3
package/dist/resolvers/AskSkipResolver.d.ts +0 -123
package/dist/resolvers/AskSkipResolver.d.ts.map +0 -1
package/dist/resolvers/AskSkipResolver.js +0 -1788
package/dist/resolvers/AskSkipResolver.js.map +0 -1
package/dist/scheduler/LearningCycleScheduler.d.ts +0 -4
package/dist/scheduler/LearningCycleScheduler.d.ts.map +0 -1
package/dist/scheduler/LearningCycleScheduler.js +0 -4
package/dist/scheduler/LearningCycleScheduler.js.map +0 -1
package/src/resolvers/AskSkipResolver.ts +0 -3446
package/src/scheduler/LearningCycleScheduler.ts +0 -320

package/src/resolvers/MCPResolver.ts ADDED Viewed

@@ -0,0 +1,480 @@
+/**
+ * @fileoverview MCP GraphQL Resolver
+ *
+ * Provides GraphQL mutations for MCP (Model Context Protocol) operations
+ * including tool synchronization with progress streaming.
+ */
+import { Resolver, Mutation, Arg, Ctx, Field, ObjectType, InputType, PubSub } from 'type-graphql';
+import { PubSubEngine } from 'type-graphql';
+import { LogError, LogStatus, UserInfo } from '@memberjunction/core';
+import { MCPClientManager, MCPSyncToolsResult, MCPToolCallResult } from '@memberjunction/ai-mcp-client';
+import { AppContext } from '../types.js';
+import { ResolverBase } from '../generic/ResolverBase.js';
+import { PUSH_STATUS_UPDATES_TOPIC } from '../generic/PushStatusResolver.js';
+import { GraphQLJSONObject } from 'graphql-type-json';
+/**
+ * Input type for syncing MCP tools
+ */
+@InputType()
+export class SyncMCPToolsInput {
+    /**
+     * The ID of the MCP server connection to sync tools for
+     */
+    @Field()
+    ConnectionID: string;
+    /**
+     * Optional flag to force a full sync even if recently synced
+     */
+    @Field({ nullable: true })
+    ForceSync?: boolean;
+}
+/**
+ * Output type for MCP tool sync results
+ */
+@ObjectType()
+export class SyncMCPToolsResult {
+    /**
+     * Whether the sync operation succeeded
+     */
+    @Field()
+    Success: boolean;
+    /**
+     * Error message if the operation failed
+     */
+    @Field({ nullable: true })
+    ErrorMessage?: string;
+    /**
+     * Number of tools newly added
+     */
+    @Field()
+    Added: number;
+    /**
+     * Number of tools updated
+     */
+    @Field()
+    Updated: number;
+    /**
+     * Number of tools marked as deprecated
+     */
+    @Field()
+    Deprecated: number;
+    /**
+     * Total number of tools after sync
+     */
+    @Field()
+    Total: number;
+    /**
+     * Name of the MCP server that was synced
+     */
+    @Field({ nullable: true })
+    ServerName?: string;
+    /**
+     * Connection name that was synced
+     */
+    @Field({ nullable: true })
+    ConnectionName?: string;
+}
+/**
+ * Input type for executing an MCP tool
+ */
+@InputType()
+export class ExecuteMCPToolInput {
+    /**
+     * The ID of the MCP server connection to use
+     */
+    @Field()
+    ConnectionID: string;
+    /**
+     * The ID of the tool to execute (from MCP Server Tools entity)
+     */
+    @Field()
+    ToolID: string;
+    /**
+     * The name of the tool to execute
+     */
+    @Field()
+    ToolName: string;
+    /**
+     * JSON string of input arguments to pass to the tool
+     */
+    @Field({ nullable: true })
+    InputArgs?: string;
+}
+/**
+ * Output type for MCP tool execution results
+ */
+@ObjectType()
+export class ExecuteMCPToolResult {
+    /**
+     * Whether the tool execution succeeded
+     */
+    @Field()
+    Success: boolean;
+    /**
+     * Error message if the execution failed
+     */
+    @Field({ nullable: true })
+    ErrorMessage?: string;
+    /**
+     * The result returned by the tool (JSON)
+     */
+    @Field(() => GraphQLJSONObject, { nullable: true })
+    Result?: Record<string, unknown> | null;
+    /**
+     * Execution duration in milliseconds
+     */
+    @Field({ nullable: true })
+    DurationMs?: number;
+}
+/**
+ * Progress message type for sync status updates
+ */
+interface SyncProgressMessage {
+    resolver: string;
+    type: string;
+    status: 'ok' | 'error';
+    connectionId: string;
+    phase: 'connecting' | 'listing' | 'syncing' | 'complete' | 'error';
+    message: string;
+    progress?: {
+        current?: number;
+        total?: number;
+        percentage?: number;
+    };
+    result?: {
+        added: number;
+        updated: number;
+        deprecated: number;
+        total: number;
+    };
+}
+/**
+ * MCP Resolver for GraphQL operations
+ */
+@Resolver()
+export class MCPResolver extends ResolverBase {
+    /**
+     * Syncs tools from an MCP server connection to the database.
+     * Publishes progress updates via the statusUpdates subscription.
+     *
+     * @param input The sync input parameters
+     * @param ctx The GraphQL context
+     * @param pubSub PubSub engine for progress updates
+     * @returns The sync result
+     */
+    @Mutation(() => SyncMCPToolsResult)
+    async SyncMCPTools(
+        @Arg('input') input: SyncMCPToolsInput,
+        @Ctx() ctx: AppContext,
+        @PubSub() pubSub: PubSubEngine
+    ): Promise<SyncMCPToolsResult> {
+        const user = ctx.userPayload.userRecord;
+        if (!user) {
+            return this.createErrorResult('User is not authenticated');
+        }
+        const { ConnectionID } = input;
+        const sessionId = ctx.userPayload.sessionId;
+        try {
+            // Check API key scope authorization
+            await this.CheckAPIKeyScopeAuthorization('mcp:sync', ConnectionID, ctx.userPayload);
+            // Get the MCP client manager instance and ensure it's initialized
+            const manager = MCPClientManager.Instance;
+            await manager.initialize(user);
+            // Publish initial progress
+            this.publishProgress(pubSub, sessionId, ConnectionID, 'connecting', 'Connecting to MCP server...');
+            // Connect if not already connected
+            const isConnected = manager.isConnected(ConnectionID);
+            if (!isConnected) {
+                LogStatus(`MCPResolver: Connecting to MCP server for connection ${ConnectionID}`);
+                try {
+                    await manager.connect(ConnectionID, { contextUser: user });
+                } catch (connectError) {
+                    const connectErrorMsg = connectError instanceof Error ? connectError.message : String(connectError);
+                    this.publishProgress(pubSub, sessionId, ConnectionID, 'error', `Connection failed: ${connectErrorMsg}`);
+                    return this.createErrorResult(`Failed to connect to MCP server: ${connectErrorMsg}`);
+                }
+            }
+            // Get connection info for the result
+            const connectionInfo = manager.getConnectionInfo(ConnectionID);
+            const serverName = connectionInfo?.serverName || 'Unknown Server';
+            const connectionName = connectionInfo?.connectionName || 'Unknown Connection';
+            // Publish listing progress
+            this.publishProgress(pubSub, sessionId, ConnectionID, 'listing', 'Discovering tools from MCP server...');
+            // Perform the sync with event listening for granular progress
+            LogStatus(`MCPResolver: Starting tool sync for connection ${ConnectionID}`);
+            // Subscribe to manager events for this sync
+            const eventHandler = (event: { type: string; data?: Record<string, unknown> }) => {
+                if (event.type === 'toolsSynced') {
+                    const data = event.data as { added: number; updated: number; deprecated: number; total: number } | undefined;
+                    this.publishProgress(pubSub, sessionId, ConnectionID, 'complete', 'Tool sync complete', {
+                        added: data?.added || 0,
+                        updated: data?.updated || 0,
+                        deprecated: data?.deprecated || 0,
+                        total: data?.total || 0
+                    });
+                }
+            };
+            manager.addEventListener('toolsSynced', eventHandler);
+            // Publish syncing progress
+            this.publishProgress(pubSub, sessionId, ConnectionID, 'syncing', 'Synchronizing tools to database...');
+            // Perform the sync
+            const syncResult: MCPSyncToolsResult = await manager.syncTools(ConnectionID, { contextUser: user });
+            // Remove event listener
+            manager.removeEventListener('toolsSynced', eventHandler);
+            if (!syncResult.success) {
+                this.publishProgress(pubSub, sessionId, ConnectionID, 'error', `Sync failed: ${syncResult.error}`);
+                return this.createErrorResult(syncResult.error || 'Tool sync failed');
+            }
+            // Publish final completion
+            this.publishProgress(pubSub, sessionId, ConnectionID, 'complete',
+                `Sync complete: ${syncResult.added} added, ${syncResult.updated} updated, ${syncResult.deprecated} deprecated`,
+                {
+                    added: syncResult.added,
+                    updated: syncResult.updated,
+                    deprecated: syncResult.deprecated,
+                    total: syncResult.total
+                }
+            );
+            LogStatus(`MCPResolver: Tool sync complete for ${ConnectionID} - Added: ${syncResult.added}, Updated: ${syncResult.updated}, Deprecated: ${syncResult.deprecated}, Total: ${syncResult.total}`);
+            return {
+                Success: true,
+                Added: syncResult.added,
+                Updated: syncResult.updated,
+                Deprecated: syncResult.deprecated,
+                Total: syncResult.total,
+                ServerName: serverName,
+                ConnectionName: connectionName
+            };
+        } catch (error) {
+            const errorMsg = error instanceof Error ? error.message : String(error);
+            LogError(`MCPResolver: Error syncing tools for ${ConnectionID}: ${errorMsg}`);
+            this.publishProgress(pubSub, sessionId, ConnectionID, 'error', `Error: ${errorMsg}`);
+            return this.createErrorResult(errorMsg);
+        }
+    }
+    /**
+     * Executes an MCP tool and returns the result.
+     *
+     * @param input The execution input parameters
+     * @param ctx The GraphQL context
+     * @returns The execution result
+     */
+    @Mutation(() => ExecuteMCPToolResult)
+    async ExecuteMCPTool(
+        @Arg('input') input: ExecuteMCPToolInput,
+        @Ctx() ctx: AppContext
+    ): Promise<ExecuteMCPToolResult> {
+        const user = ctx.userPayload.userRecord;
+        if (!user) {
+            return {
+                Success: false,
+                ErrorMessage: 'User is not authenticated'
+            };
+        }
+        const { ConnectionID, ToolID, ToolName, InputArgs } = input;
+        const startTime = Date.now();
+        try {
+            // Check API key scope authorization
+            LogStatus(`MCPResolver: [${ToolName}] Step 1 - Checking API key authorization...`);
+            await this.CheckAPIKeyScopeAuthorization('mcp:execute', ConnectionID, ctx.userPayload);
+            LogStatus(`MCPResolver: [${ToolName}] Step 1 complete - Authorization passed (${Date.now() - startTime}ms)`);
+            // Get the MCP client manager instance and ensure it's initialized
+            LogStatus(`MCPResolver: [${ToolName}] Step 2 - Initializing MCP client manager...`);
+            const manager = MCPClientManager.Instance;
+            await manager.initialize(user);
+            LogStatus(`MCPResolver: [${ToolName}] Step 2 complete - Manager initialized (${Date.now() - startTime}ms)`);
+            // Connect if not already connected
+            const isConnected = manager.isConnected(ConnectionID);
+            LogStatus(`MCPResolver: [${ToolName}] Step 3 - Connection status: ${isConnected ? 'already connected' : 'needs connection'}`);
+            if (!isConnected) {
+                LogStatus(`MCPResolver: [${ToolName}] Connecting to MCP server for connection ${ConnectionID}...`);
+                try {
+                    await manager.connect(ConnectionID, { contextUser: user });
+                    LogStatus(`MCPResolver: [${ToolName}] Step 3 complete - Connected (${Date.now() - startTime}ms)`);
+                } catch (connectError) {
+                    const connectErrorMsg = connectError instanceof Error ? connectError.message : String(connectError);
+                    LogError(`MCPResolver: [${ToolName}] Connection failed: ${connectErrorMsg}`);
+                    return {
+                        Success: false,
+                        ErrorMessage: `Failed to connect to MCP server: ${connectErrorMsg}`
+                    };
+                }
+            }
+            // Parse input arguments
+            LogStatus(`MCPResolver: [${ToolName}] Step 4 - Parsing input arguments...`);
+            let parsedArgs: Record<string, unknown> = {};
+            if (InputArgs) {
+                try {
+                    parsedArgs = JSON.parse(InputArgs);
+                    LogStatus(`MCPResolver: [${ToolName}] Parsed args: ${JSON.stringify(parsedArgs).substring(0, 200)}...`);
+                } catch (parseError) {
+                    LogError(`MCPResolver: [${ToolName}] Failed to parse InputArgs: ${parseError}`);
+                    return {
+                        Success: false,
+                        ErrorMessage: 'Invalid JSON in InputArgs'
+                    };
+                }
+            }
+            LogStatus(`MCPResolver: [${ToolName}] Step 4 complete - Args parsed (${Date.now() - startTime}ms)`);
+            // Call the tool
+            LogStatus(`MCPResolver: [${ToolName}] Step 5 - Calling tool on connection ${ConnectionID}...`);
+            LogStatus(`MCPResolver: [${ToolName}] Tool ID: ${ToolID}`);
+            const result: MCPToolCallResult = await manager.callTool(
+                ConnectionID,
+                ToolName,
+                { arguments: parsedArgs },
+                { contextUser: user }
+            );
+            LogStatus(`MCPResolver: [${ToolName}] Step 5 complete - Tool call returned (${Date.now() - startTime}ms)`);
+            // Format the result for the response - wrap in object for GraphQLJSONObject
+            let formattedResult: Record<string, unknown> | null = null;
+            if (result.content && result.content.length > 0) {
+                // If there's only one text content block, try to parse as JSON object
+                if (result.content.length === 1 && result.content[0].type === 'text') {
+                    const textContent = result.content[0].text;
+                    // Try to parse as JSON object
+                    if (textContent && (textContent.startsWith('{') || textContent.startsWith('['))) {
+                        try {
+                            const parsed = JSON.parse(textContent);
+                            // Wrap arrays in an object
+                            if (Array.isArray(parsed)) {
+                                formattedResult = { items: parsed };
+                            } else if (typeof parsed === 'object' && parsed !== null) {
+                                formattedResult = parsed as Record<string, unknown>;
+                            } else {
+                                formattedResult = { value: parsed };
+                            }
+                        } catch {
+                            // Keep as wrapped string if not valid JSON
+                            formattedResult = { text: textContent };
+                        }
+                    } else {
+                        // Wrap plain text in object
+                        formattedResult = { text: textContent };
+                    }
+                } else {
+                    // Return all content blocks wrapped in object
+                    formattedResult = { content: result.content };
+                }
+            }
+            // Use structuredContent if available (already an object)
+            if (result.structuredContent) {
+                formattedResult = result.structuredContent as Record<string, unknown>;
+            }
+            LogStatus(`MCPResolver: [${ToolName}] Step 6 complete - Result formatted (${Date.now() - startTime}ms)`);
+            LogStatus(`MCPResolver: [${ToolName}] Tool execution complete - Success: ${result.success}, Duration: ${result.durationMs}ms, Total time: ${Date.now() - startTime}ms`);
+            return {
+                Success: result.success,
+                ErrorMessage: result.error,
+                Result: formattedResult,
+                DurationMs: result.durationMs
+            };
+        } catch (error) {
+            const errorMsg = error instanceof Error ? error.message : String(error);
+            const stack = error instanceof Error ? error.stack : '';
+            LogError(`MCPResolver: [${ToolName}] Error after ${Date.now() - startTime}ms: ${errorMsg}`);
+            LogError(`MCPResolver: [${ToolName}] Stack: ${stack}`);
+            return {
+                Success: false,
+                ErrorMessage: errorMsg
+            };
+        }
+    }
+    /**
+     * Publishes a progress update to the statusUpdates subscription
+     */
+    private publishProgress(
+        pubSub: PubSubEngine,
+        sessionId: string,
+        connectionId: string,
+        phase: SyncProgressMessage['phase'],
+        message: string,
+        result?: { added: number; updated: number; deprecated: number; total: number }
+    ): void {
+        const progressMessage: SyncProgressMessage = {
+            resolver: 'MCPResolver',
+            type: 'MCPToolSyncProgress',
+            status: phase === 'error' ? 'error' : 'ok',
+            connectionId,
+            phase,
+            message,
+            result
+        };
+        pubSub.publish(PUSH_STATUS_UPDATES_TOPIC, {
+            message: JSON.stringify(progressMessage),
+            sessionId
+        });
+    }
+    /**
+     * Creates an error result with default values
+     */
+    private createErrorResult(errorMessage: string): SyncMCPToolsResult {
+        return {
+            Success: false,
+            ErrorMessage: errorMessage,
+            Added: 0,
+            Updated: 0,
+            Deprecated: 0,
+            Total: 0
+        };
+    }
+}
+/**
+ * Tree-shaking prevention function
+ */
+export function LoadMCPResolver(): void {
+    // Ensures the resolver is not tree-shaken
+}

package/src/resolvers/MergeRecordsResolver.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { AppContext } from '../types.js';
 import { CompositeKeyInputType, CompositeKeyOutputType } from '../generic/KeyInputOutputTypes.js';
 import { z } from 'zod';
 import { GetReadOnlyProvider, GetReadWriteProvider } from '../util.js';
+import { ResolverBase } from '../generic/ResolverBase.js';
 @ObjectType()
 export class EntityDependencyResult {
@@ -162,13 +163,16 @@ export class RecordMergeResult {
 }
 @Resolver(RecordMergeResult)
-export class RecordMergeResolver {
+export class RecordMergeResolver extends ResolverBase {
   @Mutation(() => RecordMergeResult)
   async MergeRecords(
     @Arg('request', () => RecordMergeRequest) request: RecordMergeRequest,
     @Ctx() { dataSource, userPayload, providers }: AppContext,
     @PubSub() pubSub: PubSubEngine
   ) {
+    // Check API key scope authorization for entity merge operation
+    await this.CheckAPIKeyScopeAuthorization('entity:merge', request.EntityName, userPayload);
     try {
       const md = GetReadWriteProvider(providers);
       const options = {};

package/src/resolvers/QueryResolver.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { GraphQLJSONObject } from 'graphql-type-json';
 import { Metadata } from '@memberjunction/core';
 import { GetReadOnlyProvider } from '../util.js';
 import { SQLServerDataProvider } from '@memberjunction/sqlserver-dataprovider';
+import { ResolverBase } from '../generic/ResolverBase.js';
 /**
  * Input type for batch query execution - allows running multiple queries in a single network call
@@ -141,7 +142,7 @@ export class RunQueriesWithCacheCheckOutput {
 }
 @Resolver()
-export class RunQueryResolver {
+export class RunQueryResolver extends ResolverBase {
   private async findQuery(md: IMetadataProvider, QueryID: string, QueryName?: string, CategoryID?: string, CategoryPath?: string, refreshMetadataIfNotFound: boolean = false): Promise<QueryInfo | null> {
     // Filter queries based on provided criteria
     const queries = md.Queries.filter(q => {
@@ -175,7 +176,7 @@ export class RunQueryResolver {
     }
   }
   @Query(() => RunQueryResultType)
-  async GetQueryData(@Arg('QueryID', () => String) QueryID: string,
+  async GetQueryData(@Arg('QueryID', () => String) QueryID: string,
                      @Ctx() context: AppContext,
                      @Arg('CategoryID', () => String, {nullable: true}) CategoryID?: string,
                      @Arg('CategoryPath', () => String, {nullable: true}) CategoryPath?: string,
@@ -184,6 +185,9 @@ export class RunQueryResolver {
                      @Arg('StartRow', () => Int, {nullable: true}) StartRow?: number,
                      @Arg('ForceAuditLog', () => Boolean, {nullable: true}) ForceAuditLog?: boolean,
                      @Arg('AuditLogDescription', () => String, {nullable: true}) AuditLogDescription?: string): Promise<RunQueryResultType> {
+    // Check API key scope authorization for query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', QueryID, context.userPayload);
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const md = provider as unknown as IMetadataProvider;
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
@@ -235,7 +239,7 @@ export class RunQueryResolver {
   }
   @Query(() => RunQueryResultType)
-  async GetQueryDataByName(@Arg('QueryName', () => String) QueryName: string,
+  async GetQueryDataByName(@Arg('QueryName', () => String) QueryName: string,
                            @Ctx() context: AppContext,
                            @Arg('CategoryID', () => String, {nullable: true}) CategoryID?: string,
                            @Arg('CategoryPath', () => String, {nullable: true}) CategoryPath?: string,
@@ -244,6 +248,9 @@ export class RunQueryResolver {
                            @Arg('StartRow', () => Int, {nullable: true}) StartRow?: number,
                            @Arg('ForceAuditLog', () => Boolean, {nullable: true}) ForceAuditLog?: boolean,
                            @Arg('AuditLogDescription', () => String, {nullable: true}) AuditLogDescription?: string): Promise<RunQueryResultType> {
+    // Check API key scope authorization for query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', QueryName, context.userPayload);
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
     const result = await rq.RunQuery(
@@ -381,6 +388,10 @@ export class RunQueryResolver {
     @Arg('input', () => [RunQueryInput]) input: RunQueryInput[],
     @Ctx() context: AppContext
   ): Promise<RunQueryResultType[]> {
+    // Check API key scope authorization for batch query execution
+    // We check against '*' since this runs multiple queries
+    await this.CheckAPIKeyScopeAuthorization('query:run', '*', context.userPayload);
     const provider = GetReadOnlyProvider(context.providers, { allowFallbackToReadWrite: true });
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
@@ -478,6 +489,9 @@ export class RunQueryResolver {
     @Arg('input', () => [RunQueryWithCacheCheckInput]) input: RunQueryWithCacheCheckInput[],
     @Ctx() context: AppContext
   ): Promise<RunQueriesWithCacheCheckOutput> {
+    // Check API key scope authorization for batch query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', '*', context.userPayload);
     try {
       const provider = GetReadOnlyProvider(context.providers, { allowFallbackToReadWrite: true });

package/src/resolvers/ReportResolver.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import { UserCache } from '@memberjunction/sqlserver-dataprovider';
 import { z } from 'zod';
 import mssql from 'mssql';
 import { GetReadOnlyProvider, GetReadWriteProvider } from '../util.js';
+import { ResolverBase } from '../generic/ResolverBase.js';
 @ObjectType()
 export class RunReportResultType {
@@ -46,9 +47,12 @@ export class CreateReportResultType {
 }
 @Resolver(RunReportResultType)
-export class ReportResolverExtended {
+export class ReportResolverExtended extends ResolverBase {
   @Query(() => RunReportResultType)
   async GetReportData(@Arg('ReportID', () => String) ReportID: string, @Ctx() context: AppContext): Promise<RunReportResultType> {
+    // Check API key scope authorization for report run
+    await this.CheckAPIKeyScopeAuthorization('report:run', ReportID, context.userPayload);
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const rp = new RunReport(provider as unknown as IRunReportProvider);
@@ -71,6 +75,9 @@ export class ReportResolverExtended {
     @Arg('ConversationDetailID', () => String) ConversationDetailID: string,
     @Ctx() { dataSource, userPayload, providers }: AppContext
   ): Promise<CreateReportResultType> {
+    // Check API key scope authorization for report creation (uses entity:create for Reports entity)
+    await this.CheckAPIKeyScopeAuthorization('entity:create', 'Reports', userPayload);
     try {
       const md = GetReadWriteProvider(providers);

package/src/resolvers/RunAIAgentResolver.ts CHANGED Viewed

@@ -552,6 +552,9 @@ export class RunAIAgentResolver extends ResolverBase {
         @Arg('sourceArtifactId', { nullable: true }) sourceArtifactId?: string,
         @Arg('sourceArtifactVersionId', { nullable: true }) sourceArtifactVersionId?: string
     ): Promise<AIAgentRunResult> {
+        // Check API key scope authorization for agent execution
+        await this.CheckAPIKeyScopeAuthorization('agent:execute', agentId, userPayload);
         const p = GetReadWriteProvider(providers);
         return this.executeAIAgent(
             p,
@@ -741,6 +744,9 @@ export class RunAIAgentResolver extends ResolverBase {
         @Arg('sourceArtifactId', { nullable: true }) sourceArtifactId?: string,
         @Arg('sourceArtifactVersionId', { nullable: true }) sourceArtifactVersionId?: string
     ): Promise<AIAgentRunResult> {
+        // Check API key scope authorization for agent execution
+        await this.CheckAPIKeyScopeAuthorization('agent:execute', agentId, userPayload);
         const p = GetReadWriteProvider(providers);
         const currentUser = this.GetUserFromPayload(userPayload);

package/src/resolvers/RunAIPromptResolver.ts CHANGED Viewed

@@ -305,6 +305,9 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('rerunFromPromptRunID', { nullable: true }) rerunFromPromptRunID?: string,
         @Arg('systemPromptOverride', { nullable: true }) systemPromptOverride?: string
     ): Promise<AIPromptRunResult> {
+        // Check API key scope authorization for prompt execution
+        await this.CheckAPIKeyScopeAuthorization('prompt:execute', promptId, userPayload);
         const p = GetReadWriteProvider(providers);
         return this.executeAIPrompt(
             p,
@@ -589,8 +592,11 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('modelPower', { nullable: true }) modelPower?: string,
         @Arg('responseFormat', { nullable: true }) responseFormat?: string
     ): Promise<SimplePromptResult> {
+        // Check API key scope authorization for simple prompt execution
+        await this.CheckAPIKeyScopeAuthorization('prompt:execute', '*', userPayload);
         const startTime = Date.now();
         try {
             LogStatus(`=== EXECUTING SIMPLE PROMPT ===`);
@@ -699,6 +705,9 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('modelSize') modelSize: string,
         @Ctx() { userPayload }: { userPayload: UserPayload }
     ): Promise<EmbedTextResult> {
+        // Check API key scope authorization for embedding generation
+        await this.CheckAPIKeyScopeAuthorization('embedding:generate', '*', userPayload);
         try {
             LogStatus(`=== GENERATING EMBEDDINGS for ${textToEmbed.length} text(s) ===`);

package/src/resolvers/RunTemplateResolver.ts CHANGED Viewed

@@ -29,8 +29,11 @@ export class RunTemplateResolver extends ResolverBase {
         @Ctx() { userPayload, providers }: AppContext,
         @Arg('contextData', { nullable: true }) contextData?: string
     ): Promise<TemplateRunResult> {
+        // Check API key scope authorization for template execution
+        await this.CheckAPIKeyScopeAuthorization('template:execute', templateId, userPayload);
         const startTime = Date.now();
         try {
             LogStatus(`=== RUNNING TEMPLATE FOR ID: ${templateId} ===`);