@nexttylabs/echo 0.2.0

package/lib/feedback/prefill.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { feedbackTypeEnum, priorityEnum } from "@/lib/validators/feedback";
+
+export type FeedbackPrefill = Partial<{
+  title: string;
+  description: string;
+  type: "bug" | "feature" | "issue" | "other";
+  priority: "low" | "medium" | "high";
+}>;
+
+/**
+ * Parse URL search params into feedback prefill values.
+ * Only known fields are included, and enum values are validated.
+ */
+export function parseFeedbackPrefill(params: URLSearchParams): FeedbackPrefill {
+  const prefill: FeedbackPrefill = {};
+
+  const title = params.get("title");
+  const description = params.get("description");
+  const type = params.get("type");
+  const priority = params.get("priority");
+
+  if (title) prefill.title = title;
+  if (description) prefill.description = description;
+
+  if (type && feedbackTypeEnum.safeParse(type).success) {
+    prefill.type = type as FeedbackPrefill["type"];
+  }
+
+  if (priority && priorityEnum.safeParse(priority).success) {
+    prefill.priority = priority as FeedbackPrefill["priority"];
+  }
+
+  return prefill;
+}

package/lib/http/get-request-url.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+export function getRequestOrigin(headerList: Headers): string {
+  const proto = headerList.get("x-forwarded-proto") ?? "http";
+  const host =
+    headerList.get("x-forwarded-host") ?? headerList.get("host") ?? "localhost";
+
+  return `${proto}://${host}`;
+}
+
+export function getRequestUrl(headerList: Headers, path: string): URL {
+  return new URL(path, getRequestOrigin(headerList));
+}

package/lib/integrations/github.ts

@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+export interface GitHubConfig {
+  accessToken: string;
+  owner: string;
+  repo: string;
+}
+
+export interface GitHubIssue {
+  id: number;
+  number: number;
+  title: string;
+  body: string;
+  state: "open" | "closed";
+  labels: Array<{
+    id: number;
+    name: string;
+    color: string;
+  }>;
+  assignee?: {
+    id: number;
+    login: string;
+  };
+  html_url: string;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface GitHubLabel {
+  id: number;
+  name: string;
+  color: string;
+}
+
+export interface GitHubRepository {
+  id: number;
+  name: string;
+  full_name: string;
+  owner: { login: string };
+}
+
+export class GitHubClient {
+  private config: GitHubConfig;
+  private baseUrl = "https://api.github.com";
+
+  constructor(config: GitHubConfig) {
+    this.config = config;
+  }
+
+  private async request<T>(
+    method: string,
+    path: string,
+    body?: unknown,
+  ): Promise<T> {
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      method,
+      headers: {
+        Accept: "application/vnd.github+json",
+        Authorization: `Bearer ${this.config.accessToken}`,
+        "X-GitHub-Api-Version": "2022-11-28",
+        "Content-Type": "application/json",
+      },
+      body: body ? JSON.stringify(body) : undefined,
+    });
+
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`GitHub API error: ${response.status} - ${error}`);
+    }
+
+    return response.json();
+  }
+
+  async createIssue(params: {
+    title: string;
+    body: string;
+    labels?: string[];
+    assignees?: string[];
+  }): Promise<GitHubIssue> {
+    return this.request<GitHubIssue>(
+      "POST",
+      `/repos/${this.config.owner}/${this.config.repo}/issues`,
+      params,
+    );
+  }
+
+  async updateIssue(
+    issueNumber: number,
+    params: {
+      title?: string;
+      body?: string;
+      state?: "open" | "closed";
+      labels?: string[];
+    },
+  ): Promise<GitHubIssue> {
+    return this.request<GitHubIssue>(
+      "PATCH",
+      `/repos/${this.config.owner}/${this.config.repo}/issues/${issueNumber}`,
+      params,
+    );
+  }
+
+  async getIssue(issueNumber: number): Promise<GitHubIssue> {
+    return this.request<GitHubIssue>(
+      "GET",
+      `/repos/${this.config.owner}/${this.config.repo}/issues/${issueNumber}`,
+    );
+  }
+
+  async getLabels(): Promise<GitHubLabel[]> {
+    return this.request<GitHubLabel[]>(
+      "GET",
+      `/repos/${this.config.owner}/${this.config.repo}/labels`,
+    );
+  }
+
+  async createLabel(params: {
+    name: string;
+    color: string;
+    description?: string;
+  }): Promise<GitHubLabel> {
+    return this.request<GitHubLabel>(
+      "POST",
+      `/repos/${this.config.owner}/${this.config.repo}/labels`,
+      params,
+    );
+  }
+
+  async getRepository(): Promise<GitHubRepository> {
+    return this.request<GitHubRepository>(
+      "GET",
+      `/repos/${this.config.owner}/${this.config.repo}`,
+    );
+  }
+
+  async validateToken(): Promise<boolean> {
+    try {
+      await this.getRepository();
+      return true;
+    } catch {
+      return false;
+    }
+  }
+}

package/lib/invitations.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+export const buildInviteExpiry = (from: Date) => {
+  const next = new Date(from);
+  next.setDate(next.getDate() + 7);
+  return next;
+};

package/lib/logger.test.ts

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { describe, it, expect } from "bun:test";
+import { createLogger, createRequestLogger } from "./logger";
+
+describe("logger", () => {
+  it("creates child logger with context", () => {
+    const log = createLogger({ component: "test" });
+    expect(log.bindings().component).toBe("test");
+  });
+
+  it("creates request logger with reqId", () => {
+    const log = createRequestLogger("req-123");
+    expect(log.bindings().reqId).toBe("req-123");
+  });
+});

package/lib/logger.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import pino from "pino";
+
+const isDevelopment = process.env.NODE_ENV === "development";
+const logLevel = process.env.LOG_LEVEL || "info";
+
+export const logger = pino({
+  level: logLevel,
+  transport: isDevelopment
+    ? {
+        target: "pino-pretty",
+        options: {
+          colorize: true,
+          translateTime: "SYS:standard",
+          ignore: "pid,hostname",
+          singleLine: false,
+        },
+      }
+    : undefined,
+  formatters: {
+    level: (label) => ({ level: label }),
+  },
+  base: {
+    env: process.env.NODE_ENV || "development",
+    app: "echo",
+  },
+  timestamp: pino.stdTimeFunctions.isoTime,
+  serializers: {
+    err: pino.stdSerializers.err,
+    error: pino.stdSerializers.err,
+  },
+  messageKey: "message",
+  errorKey: "err",
+});
+
+export function createLogger(context: Record<string, unknown>) {
+  return logger.child(context);
+}
+
+export function createRequestLogger(reqId: string) {
+  return logger.child({ reqId });
+}

package/lib/middleware/api-key.ts

@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import { db } from "@/lib/db";
+import { apiKeys } from "@/lib/db/schema";
+import { eq } from "drizzle-orm";
+import { logger } from "@/lib/logger";
+import { createHash } from "crypto";
+
+export interface ApiKeyContext {
+  organizationId: string;
+  apiKeyId: number;
+}
+
+export interface AuthResult {
+  error?: NextResponse;
+  context?: ApiKeyContext;
+}
+
+export function hashApiKey(key: string): string {
+  return createHash("sha256").update(key).digest("hex");
+}
+
+export async function requireApiKey(req: NextRequest): Promise<AuthResult> {
+  const apiKey =
+    req.headers.get("X-API-Key") ||
+    req.headers.get("Authorization")?.replace("Bearer ", "");
+
+  if (!apiKey) {
+    return {
+      error: NextResponse.json(
+        {
+          error: "API key is required",
+          code: "MISSING_API_KEY",
+        },
+        { status: 401 },
+      ),
+    };
+  }
+
+  if (!db) {
+    return {
+      error: NextResponse.json(
+        {
+          error: "Database not configured",
+          code: "DATABASE_NOT_CONFIGURED",
+        },
+        { status: 500 },
+      ),
+    };
+  }
+
+  try {
+    const hashedKey = hashApiKey(apiKey);
+
+    const keyRecord = await db
+      .select()
+      .from(apiKeys)
+      .where(eq(apiKeys.hashedKey, hashedKey))
+      .limit(1);
+
+    if (keyRecord.length === 0) {
+      return {
+        error: NextResponse.json(
+          {
+            error: "Invalid API key",
+            code: "INVALID_API_KEY",
+          },
+          { status: 401 },
+        ),
+      };
+    }
+
+    const key = keyRecord[0];
+
+    if (key.disabled) {
+      return {
+        error: NextResponse.json(
+          {
+            error: "API key is disabled",
+            code: "API_KEY_DISABLED",
+          },
+          { status: 401 },
+        ),
+      };
+    }
+
+    await db
+      .update(apiKeys)
+      .set({ lastUsed: new Date() })
+      .where(eq(apiKeys.keyId, key.keyId));
+
+    return {
+      context: {
+        organizationId: key.organizationId,
+        apiKeyId: key.keyId,
+      },
+    };
+  } catch (error) {
+    logger.error({ err: error }, "API key authentication failed");
+    return {
+      error: NextResponse.json(
+        {
+          error: "Authentication failed",
+          code: "AUTH_ERROR",
+        },
+        { status: 500 },
+      ),
+    };
+  }
+}

package/lib/middleware/rate-limit-keys.ts

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { NextRequest } from 'next/server';
+
+export function ipKeyGenerator(req: NextRequest): string {
+  const ip =
+    req.headers.get('x-forwarded-for')?.split(',')[0].trim() ||
+    req.headers.get('x-real-ip') ||
+    'unknown';
+  return `ip:${ip}`;
+}
+
+export function apiKeyKeyGenerator(req: NextRequest): string {
+  const apiKey =
+    req.headers.get('X-API-Key') ||
+    req.headers.get('Authorization')?.replace('Bearer ', '');
+  return apiKey ? `apikey:${apiKey}` : ipKeyGenerator(req);
+}
+
+export function userKeyGenerator(req: NextRequest): string {
+  const session = req.headers.get('x-session');
+  return session ? `user:${session}` : ipKeyGenerator(req);
+}
+
+export function endpointKeyGenerator(
+  req: NextRequest,
+  endpoint: string
+): string {
+  const apiKey = req.headers.get('X-API-Key');
+  const key = apiKey ? `apikey:${apiKey}` : ipKeyGenerator(req);
+  return `${key}:${endpoint}`;
+}

package/lib/middleware/rate-limit.ts

@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2026 Echo Team
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { NextRequest } from 'next/server';
+
+interface RateLimitEntry {
+  count: number;
+  resetAt: number;
+}
+
+const memoryStore = new Map<string, RateLimitEntry>();
+
+export interface RateLimitConfig {
+  windowMs: number;
+  maxRequests: number;
+  keyGenerator: (req: NextRequest) => string | Promise<string>;
+  skipFailedRequests?: boolean;
+  storage?: RateLimitStorage;
+}
+
+export interface RateLimitStorage {
+  get(key: string): Promise<RateLimitEntry | null>;
+  set(key: string, value: RateLimitEntry): Promise<void>;
+  delete(key: string): Promise<void>;
+}
+
+export interface RateLimitResult {
+  allowed: boolean;
+  remaining: number;
+  resetAt: string;
+  limit: number;
+}
+
+export async function rateLimit(
+  req: NextRequest,
+  config: RateLimitConfig
+): Promise<{ result: RateLimitResult; response?: Response }> {
+  const key = await config.keyGenerator(req);
+  const now = Date.now();
+  const windowStart = now - config.windowMs * 1000;
+
+  const storage = config.storage || createMemoryStorage();
+
+  let entry = await storage.get(key);
+
+  if (!entry || entry.resetAt < windowStart) {
+    entry = {
+      count: 1,
+      resetAt: now + config.windowMs * 1000,
+    };
+    await storage.set(key, entry);
+  } else {
+    entry.count++;
+    await storage.set(key, entry);
+  }
+
+  const result: RateLimitResult = {
+    allowed: entry.count <= config.maxRequests,
+    remaining: Math.max(0, config.maxRequests - entry.count),
+    resetAt: new Date(entry.resetAt).toISOString(),
+    limit: config.maxRequests,
+  };
+
+  if (!result.allowed) {
+    const response = new Response(
+      JSON.stringify({
+        error: 'Too many requests',
+        code: 'RATE_LIMIT_EXCEEDED',
+        retryAfter: Math.ceil((entry.resetAt - now) / 1000),
+      }),
+      {
+        status: 429,
+        headers: {
+          'Content-Type': 'application/json',
+          'X-RateLimit-Limit': String(config.maxRequests),
+          'X-RateLimit-Remaining': '0',
+          'X-RateLimit-Reset': result.resetAt,
+          'Retry-After': String(Math.ceil((entry.resetAt - now) / 1000)),
+        },
+      }
+    );
+
+    return { result, response };
+  }
+
+  return { result };
+}
+
+function createMemoryStorage(): RateLimitStorage {
+  return {
+    async get(key: string) {
+      return memoryStore.get(key) || null;
+    },
+    async set(key: string, value: RateLimitEntry) {
+      memoryStore.set(key, value);
+
+      setTimeout(() => {
+        if (memoryStore.get(key)?.resetAt === value.resetAt) {
+          memoryStore.delete(key);
+        }
+      }, value.resetAt - Date.now());
+    },
+    async delete(key: string) {
+      memoryStore.delete(key);
+    },
+  };
+}
+
+export function createRedisStorage(redisClient: {
+  get(key: string): Promise<string | null>;
+  setex(key: string, seconds: number, value: string): Promise<void>;
+  del(key: string): Promise<void>;
+}): RateLimitStorage {
+  return {
+    async get(key: string) {
+      const data = await redisClient.get(`ratelimit:${key}`);
+      return data ? JSON.parse(data) : null;
+    },
+    async set(key: string, value: RateLimitEntry) {
+      await redisClient.setex(
+        `ratelimit:${key}`,
+        Math.ceil((value.resetAt - Date.now()) / 1000),
+        JSON.stringify(value)
+      );
+    },
+    async delete(key: string) {
+      await redisClient.del(`ratelimit:${key}`);
+    },
+  };
+}
+
+export function clearMemoryStore() {
+  memoryStore.clear();
+}