@memberjunction/server 3.3.0 → 4.0.0

package/src/resolvers/MergeRecordsResolver.ts

@@ -4,6 +4,7 @@ import { AppContext } from '../types.js';
 import { CompositeKeyInputType, CompositeKeyOutputType } from '../generic/KeyInputOutputTypes.js';
 import { z } from 'zod';
 import { GetReadOnlyProvider, GetReadWriteProvider } from '../util.js';
+import { ResolverBase } from '../generic/ResolverBase.js';
 
 @ObjectType()
 export class EntityDependencyResult {
@@ -162,13 +163,16 @@ export class RecordMergeResult {
 }
 
 @Resolver(RecordMergeResult)
-export class RecordMergeResolver {
+export class RecordMergeResolver extends ResolverBase {
   @Mutation(() => RecordMergeResult)
   async MergeRecords(
     @Arg('request', () => RecordMergeRequest) request: RecordMergeRequest,
     @Ctx() { dataSource, userPayload, providers }: AppContext,
     @PubSub() pubSub: PubSubEngine
   ) {
+    // Check API key scope authorization for entity merge operation
+    await this.CheckAPIKeyScopeAuthorization('entity:merge', request.EntityName, userPayload);
+
     try {
       const md = GetReadWriteProvider(providers);
       const options = {};

package/src/resolvers/PotentialDuplicateRecordResolver.ts

@@ -10,12 +10,8 @@ import {
 import { AppContext } from '../types.js';
 import { UserCache } from '@memberjunction/sqlserver-dataprovider';
 
-//load the default vectorDB
-import { LoadPineconeVectorDB } from '@memberjunction/ai-vectors-pinecone';
 import { CompositeKeyInputType, CompositeKeyOutputType, KeyValuePairOutputType } from '../generic/KeyInputOutputTypes.js';
 import { GetReadOnlyProvider } from '../util.js';
-// AI provider loading now handled by @memberjunction/aiengine
-LoadPineconeVectorDB();
 
 @InputType()
 export class PotentialDuplicateRequestType extends PotentialDuplicateRequest {

package/src/resolvers/QueryResolver.ts

@@ -6,6 +6,7 @@ import { GraphQLJSONObject } from 'graphql-type-json';
 import { Metadata } from '@memberjunction/core';
 import { GetReadOnlyProvider } from '../util.js';
 import { SQLServerDataProvider } from '@memberjunction/sqlserver-dataprovider';
+import { ResolverBase } from '../generic/ResolverBase.js';
 
 /**
  * Input type for batch query execution - allows running multiple queries in a single network call
@@ -141,7 +142,7 @@ export class RunQueriesWithCacheCheckOutput {
 }
 
 @Resolver()
-export class RunQueryResolver {
+export class RunQueryResolver extends ResolverBase {
   private async findQuery(md: IMetadataProvider, QueryID: string, QueryName?: string, CategoryID?: string, CategoryPath?: string, refreshMetadataIfNotFound: boolean = false): Promise<QueryInfo | null> {
     // Filter queries based on provided criteria
     const queries = md.Queries.filter(q => {
@@ -175,7 +176,7 @@ export class RunQueryResolver {
     }
   }
   @Query(() => RunQueryResultType)
-  async GetQueryData(@Arg('QueryID', () => String) QueryID: string, 
+  async GetQueryData(@Arg('QueryID', () => String) QueryID: string,
                      @Ctx() context: AppContext,
                      @Arg('CategoryID', () => String, {nullable: true}) CategoryID?: string,
                      @Arg('CategoryPath', () => String, {nullable: true}) CategoryPath?: string,
@@ -184,6 +185,9 @@ export class RunQueryResolver {
                      @Arg('StartRow', () => Int, {nullable: true}) StartRow?: number,
                      @Arg('ForceAuditLog', () => Boolean, {nullable: true}) ForceAuditLog?: boolean,
                      @Arg('AuditLogDescription', () => String, {nullable: true}) AuditLogDescription?: string): Promise<RunQueryResultType> {
+    // Check API key scope authorization for query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', QueryID, context.userPayload);
+
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const md = provider as unknown as IMetadataProvider;
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
@@ -235,7 +239,7 @@ export class RunQueryResolver {
   }
 
   @Query(() => RunQueryResultType)
-  async GetQueryDataByName(@Arg('QueryName', () => String) QueryName: string, 
+  async GetQueryDataByName(@Arg('QueryName', () => String) QueryName: string,
                            @Ctx() context: AppContext,
                            @Arg('CategoryID', () => String, {nullable: true}) CategoryID?: string,
                            @Arg('CategoryPath', () => String, {nullable: true}) CategoryPath?: string,
@@ -244,6 +248,9 @@ export class RunQueryResolver {
                            @Arg('StartRow', () => Int, {nullable: true}) StartRow?: number,
                            @Arg('ForceAuditLog', () => Boolean, {nullable: true}) ForceAuditLog?: boolean,
                            @Arg('AuditLogDescription', () => String, {nullable: true}) AuditLogDescription?: string): Promise<RunQueryResultType> {
+    // Check API key scope authorization for query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', QueryName, context.userPayload);
+
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
     const result = await rq.RunQuery(
@@ -381,6 +388,10 @@ export class RunQueryResolver {
     @Arg('input', () => [RunQueryInput]) input: RunQueryInput[],
     @Ctx() context: AppContext
   ): Promise<RunQueryResultType[]> {
+    // Check API key scope authorization for batch query execution
+    // We check against '*' since this runs multiple queries
+    await this.CheckAPIKeyScopeAuthorization('query:run', '*', context.userPayload);
+
     const provider = GetReadOnlyProvider(context.providers, { allowFallbackToReadWrite: true });
     const rq = new RunQuery(provider as unknown as IRunQueryProvider);
 
@@ -478,6 +489,9 @@ export class RunQueryResolver {
     @Arg('input', () => [RunQueryWithCacheCheckInput]) input: RunQueryWithCacheCheckInput[],
     @Ctx() context: AppContext
   ): Promise<RunQueriesWithCacheCheckOutput> {
+    // Check API key scope authorization for batch query execution
+    await this.CheckAPIKeyScopeAuthorization('query:run', '*', context.userPayload);
+
     try {
       const provider = GetReadOnlyProvider(context.providers, { allowFallbackToReadWrite: true });
 

package/src/resolvers/ReportResolver.ts

@@ -8,6 +8,7 @@ import { UserCache } from '@memberjunction/sqlserver-dataprovider';
 import { z } from 'zod';
 import mssql from 'mssql';
 import { GetReadOnlyProvider, GetReadWriteProvider } from '../util.js';
+import { ResolverBase } from '../generic/ResolverBase.js';
 
 @ObjectType()
 export class RunReportResultType {
@@ -46,9 +47,12 @@ export class CreateReportResultType {
 }
 
 @Resolver(RunReportResultType)
-export class ReportResolverExtended {
+export class ReportResolverExtended extends ResolverBase {
   @Query(() => RunReportResultType)
   async GetReportData(@Arg('ReportID', () => String) ReportID: string, @Ctx() context: AppContext): Promise<RunReportResultType> {
+    // Check API key scope authorization for report run
+    await this.CheckAPIKeyScopeAuthorization('report:run', ReportID, context.userPayload);
+
     const provider = GetReadOnlyProvider(context.providers, {allowFallbackToReadWrite: true});
     const rp = new RunReport(provider as unknown as IRunReportProvider);
 
@@ -71,6 +75,9 @@ export class ReportResolverExtended {
     @Arg('ConversationDetailID', () => String) ConversationDetailID: string,
     @Ctx() { dataSource, userPayload, providers }: AppContext
   ): Promise<CreateReportResultType> {
+    // Check API key scope authorization for report creation (uses entity:create for Reports entity)
+    await this.CheckAPIKeyScopeAuthorization('entity:create', 'Reports', userPayload);
+
     try {
       const md = GetReadWriteProvider(providers);
 

package/src/resolvers/RunAIAgentResolver.ts

@@ -552,6 +552,9 @@ export class RunAIAgentResolver extends ResolverBase {
         @Arg('sourceArtifactId', { nullable: true }) sourceArtifactId?: string,
         @Arg('sourceArtifactVersionId', { nullable: true }) sourceArtifactVersionId?: string
     ): Promise<AIAgentRunResult> {
+        // Check API key scope authorization for agent execution
+        await this.CheckAPIKeyScopeAuthorization('agent:execute', agentId, userPayload);
+
         const p = GetReadWriteProvider(providers);
         return this.executeAIAgent(
             p,
@@ -741,6 +744,9 @@ export class RunAIAgentResolver extends ResolverBase {
         @Arg('sourceArtifactId', { nullable: true }) sourceArtifactId?: string,
         @Arg('sourceArtifactVersionId', { nullable: true }) sourceArtifactVersionId?: string
     ): Promise<AIAgentRunResult> {
+        // Check API key scope authorization for agent execution
+        await this.CheckAPIKeyScopeAuthorization('agent:execute', agentId, userPayload);
+
         const p = GetReadWriteProvider(providers);
         const currentUser = this.GetUserFromPayload(userPayload);
 

package/src/resolvers/RunAIPromptResolver.ts

@@ -305,6 +305,9 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('rerunFromPromptRunID', { nullable: true }) rerunFromPromptRunID?: string,
         @Arg('systemPromptOverride', { nullable: true }) systemPromptOverride?: string
     ): Promise<AIPromptRunResult> {
+        // Check API key scope authorization for prompt execution
+        await this.CheckAPIKeyScopeAuthorization('prompt:execute', promptId, userPayload);
+
         const p = GetReadWriteProvider(providers);
         return this.executeAIPrompt(
             p,
@@ -589,8 +592,11 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('modelPower', { nullable: true }) modelPower?: string,
         @Arg('responseFormat', { nullable: true }) responseFormat?: string
     ): Promise<SimplePromptResult> {
+        // Check API key scope authorization for simple prompt execution
+        await this.CheckAPIKeyScopeAuthorization('prompt:execute', '*', userPayload);
+
         const startTime = Date.now();
-        
+
         try {
             LogStatus(`=== EXECUTING SIMPLE PROMPT ===`);
             
@@ -699,6 +705,9 @@ export class RunAIPromptResolver extends ResolverBase {
         @Arg('modelSize') modelSize: string,
         @Ctx() { userPayload }: { userPayload: UserPayload }
     ): Promise<EmbedTextResult> {
+        // Check API key scope authorization for embedding generation
+        await this.CheckAPIKeyScopeAuthorization('embedding:generate', '*', userPayload);
+
         try {
             LogStatus(`=== GENERATING EMBEDDINGS for ${textToEmbed.length} text(s) ===`);
             

package/src/resolvers/RunTemplateResolver.ts

@@ -29,8 +29,11 @@ export class RunTemplateResolver extends ResolverBase {
         @Ctx() { userPayload, providers }: AppContext,
         @Arg('contextData', { nullable: true }) contextData?: string
     ): Promise<TemplateRunResult> {
+        // Check API key scope authorization for template execution
+        await this.CheckAPIKeyScopeAuthorization('template:execute', templateId, userPayload);
+
         const startTime = Date.now();
-        
+
         try {
             LogStatus(`=== RUNNING TEMPLATE FOR ID: ${templateId} ===`);
 

package/src/resolvers/TaskResolver.ts

@@ -56,6 +56,9 @@ export class TaskOrchestrationResolver extends ResolverBase {
         @Ctx() { userPayload }: AppContext,
         @Arg('createNotifications', { nullable: true }) createNotifications?: boolean
     ): Promise<ExecuteTaskGraphResult> {
+        // Check API key scope authorization for task execution
+        await this.CheckAPIKeyScopeAuthorization('task:execute', '*', userPayload);
+
         try {
             LogStatus(`=== EXECUTING TASK GRAPH FOR CONVERSATION: ${conversationDetailId} ===`);
 

package/src/resolvers/UserResolver.ts

@@ -6,6 +6,9 @@ import { GetReadOnlyProvider } from '../util.js';
 export class UserResolver extends MJUserResolverBase {
   @Query(() => MJUser_)
   async CurrentUser(@Ctx() context: AppContext) {
+    // Check API key scope authorization for user read (self)
+    await this.CheckAPIKeyScopeAuthorization('user:read', '*', context.userPayload);
+
     // If userRecord is already available (e.g., from API key auth or system auth),
     // use it directly instead of looking up by email again
     if (context.userPayload.userRecord) {
@@ -49,23 +52,32 @@ export class UserResolver extends MJUserResolverBase {
 
   @Query(() => MJUser_)
   async UserByID(@Arg('ID', () => Int) ID: number, @Ctx() { providers, userPayload }: AppContext) {
-    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})    
+    // Check API key scope authorization for user read
+    await this.CheckAPIKeyScopeAuthorization('user:read', ID.toString(), userPayload);
+
+    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})
     const retVal = super.safeFirstArrayElement(await this.findBy(provider, 'Users', { ID }, userPayload.userRecord));
     return this.MapFieldNamesToCodeNames('Users', retVal);
   }
 
   @Query(() => MJUser_)
   async UserByEmployeeID(@Arg('EmployeeID', () => Int) EmployeeID: number, @Ctx() { providers, userPayload }: AppContext) {
-    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})    
+    // Check API key scope authorization for user read
+    await this.CheckAPIKeyScopeAuthorization('user:read', EmployeeID.toString(), userPayload);
+
+    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})
     const retVal = super.safeFirstArrayElement(await this.findBy(provider, 'Users', { EmployeeID }, userPayload.userRecord));
     return this.MapFieldNamesToCodeNames('Users', retVal);
   }
 
   @Query(() => MJUser_)
   async UserByEmail(@Arg('Email', () => String) Email: string, @Ctx() { providers, userPayload }: AppContext) {
+    // Check API key scope authorization for user read
+    await this.CheckAPIKeyScopeAuthorization('user:read', Email, userPayload);
+
     // const searchEmail = userEmailMap[Email] ?? Email;
     const searchEmail = Email;
-    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})    
+    const provider = GetReadOnlyProvider(providers, {allowFallbackToReadWrite: true})
     const returnVal = super.safeFirstArrayElement(await this.findBy(provider, 'Users', { Email: searchEmail }, userPayload.userRecord));
     return this.MapFieldNamesToCodeNames('Users', returnVal);
   }

package/src/resolvers/VersionHistoryResolver.ts

@@ -0,0 +1,177 @@
+import { Resolver, Mutation, Arg, Ctx, ObjectType, Field, Int, InputType, PubSub, PubSubEngine } from 'type-graphql';
+import { AppContext } from '../types.js';
+import { LogError, LogStatus, CompositeKey, KeyValuePair } from '@memberjunction/core';
+import { ResolverBase } from '../generic/ResolverBase.js';
+import { VersionHistoryEngine } from '@memberjunction/version-history';
+import { CreateLabelParams, CreateLabelProgressUpdate, VersionLabelScope } from '@memberjunction/version-history';
+import { KeyValuePairInput } from '../generic/KeyValuePairInput.js';
+import { PUSH_STATUS_UPDATES_TOPIC } from '../generic/PushStatusResolver.js';
+
+// =========================================================================
+// GraphQL types
+// =========================================================================
+
+@ObjectType()
+export class CaptureErrorOutput {
+    @Field()
+    EntityName: string;
+
+    @Field()
+    RecordID: string;
+
+    @Field()
+    ErrorMessage: string;
+}
+
+@ObjectType()
+export class CreateLabelResultOutput {
+    @Field()
+    Success: boolean;
+
+    @Field({ nullable: true })
+    LabelID?: string;
+
+    @Field({ nullable: true })
+    LabelName?: string;
+
+    @Field(() => Int, { nullable: true })
+    ItemsCaptured?: number;
+
+    @Field(() => Int, { nullable: true })
+    SyntheticSnapshotsCreated?: number;
+
+    @Field({ nullable: true })
+    Error?: string;
+
+    @Field(() => [CaptureErrorOutput], { nullable: true })
+    CaptureErrors?: CaptureErrorOutput[];
+}
+
+@InputType()
+export class CreateVersionLabelInput {
+    @Field()
+    Name: string;
+
+    @Field({ nullable: true })
+    Description?: string;
+
+    @Field({ nullable: true })
+    Scope?: string;
+
+    @Field({ nullable: true })
+    EntityName?: string;
+
+    @Field(() => [KeyValuePairInput], { nullable: true })
+    RecordKeys?: KeyValuePairInput[];
+
+    @Field({ nullable: true })
+    ParentID?: string;
+
+    @Field({ nullable: true })
+    ExternalSystemID?: string;
+
+    @Field(() => Boolean, { nullable: true })
+    IncludeDependencies?: boolean;
+
+    @Field(() => Int, { nullable: true })
+    MaxDepth?: number;
+
+    @Field(() => [String], { nullable: true })
+    ExcludeEntities?: string[];
+}
+
+// =========================================================================
+// Resolver
+// =========================================================================
+
+@Resolver()
+export class VersionHistoryResolver extends ResolverBase {
+
+    @Mutation(() => CreateLabelResultOutput)
+    async CreateVersionLabel(
+        @Arg('input') input: CreateVersionLabelInput,
+        @Arg('sessionId', { nullable: true }) sessionId: string,
+        @PubSub() pubSub: PubSubEngine,
+        @Ctx() context: AppContext
+    ): Promise<CreateLabelResultOutput> {
+        const contextUser = this.GetUserFromPayload(context.userPayload);
+        if (!contextUser) {
+            return { Success: false, Error: 'Unable to determine user context.' };
+        }
+
+        try {
+            const engine = new VersionHistoryEngine();
+
+            // Build CompositeKey from input key pairs if provided
+            let recordKey: CompositeKey | undefined;
+            if (input.RecordKeys && input.RecordKeys.length > 0) {
+                recordKey = new CompositeKey(
+                    input.RecordKeys.map(kv => ({
+                        FieldName: kv.Key,
+                        Value: kv.Value ?? ''
+                    } as KeyValuePair))
+                );
+            }
+
+            // Build progress callback that publishes to PubSub
+            const resolvedSessionId = sessionId ?? context.userPayload.sessionId;
+            const onProgress = this.buildProgressCallback(pubSub, resolvedSessionId);
+
+            const params: CreateLabelParams = {
+                Name: input.Name,
+                Description: input.Description,
+                Scope: (input.Scope as VersionLabelScope) ?? 'Record',
+                EntityName: input.EntityName,
+                RecordKey: recordKey,
+                ParentID: input.ParentID,
+                ExternalSystemID: input.ExternalSystemID,
+                IncludeDependencies: input.IncludeDependencies,
+                MaxDepth: input.MaxDepth,
+                ExcludeEntities: input.ExcludeEntities,
+                OnProgress: onProgress,
+            };
+
+            const result = await engine.CreateLabel(params, contextUser);
+
+            LogStatus(`VersionHistory resolver: Label '${input.Name}' created with ${result.CaptureResult.ItemsCaptured} items.`);
+
+            return {
+                Success: result.CaptureResult.Success,
+                LabelID: result.Label.ID,
+                LabelName: result.Label.Name,
+                ItemsCaptured: result.CaptureResult.ItemsCaptured,
+                SyntheticSnapshotsCreated: result.CaptureResult.SyntheticSnapshotsCreated,
+                CaptureErrors: result.CaptureResult.Errors.map(e => ({
+                    EntityName: e.EntityName,
+                    RecordID: e.RecordID,
+                    ErrorMessage: e.ErrorMessage,
+                })),
+            };
+        } catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            LogError(`VersionHistory resolver: CreateLabel failed: ${msg}`);
+            return { Success: false, Error: msg };
+        }
+    }
+
+    /**
+     * Build a progress callback that publishes CreateLabelProgress messages
+     * to the PubSub system for real-time client consumption.
+     */
+    private buildProgressCallback(
+        pubSub: PubSubEngine,
+        sessionId: string
+    ): (progress: CreateLabelProgressUpdate) => void {
+        return (progress: CreateLabelProgressUpdate) => {
+            pubSub.publish(PUSH_STATUS_UPDATES_TOPIC, {
+                message: JSON.stringify({
+                    resolver: 'VersionHistoryResolver',
+                    type: 'CreateLabelProgress',
+                    status: 'ok',
+                    data: progress,
+                }),
+                sessionId,
+            });
+        };
+    }
+}