@ornexus/neocortex 4.0.1

package/packages/client/dist/tier/tier-aware-client.js

@@ -0,0 +1,260 @@
+/**
+ * @license FSL-1.1
+ * Copyright (c) 2026 OrNexus AI
+ *
+ * This file is part of Neocortex CLI, licensed under the
+ * Functional Source License, Version 1.1 (FSL-1.1).
+ *
+ * Change Date: February 20, 2029
+ * Change License: MIT
+ *
+ * See the LICENSE file in the project root for full license text.
+ */
+// ── Constants ────────────────────────────────────────────────────────────
+const TIER_CACHE_KEY = 'neocortex:tier';
+const QUOTA_CACHE_KEY_PREFIX = 'neocortex:quota:';
+const QUOTA_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const TIER_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour (Story 31.05: reduced from 24h to align with short-lived JWTs)
+const VALID_TIERS = new Set(['free', 'pro', 'enterprise']);
+const DEFAULT_TIER = 'free';
+// ── Trigger Gates (inlined from shared tier-config to avoid import issues) ─
+const TRIGGER_GATES = {
+    'status': 'free',
+    'init': 'free',
+    'create-epic': 'free',
+    'idea-diagnose': 'free',
+    'idea-research': 'free',
+    'generate-epic': 'free',
+    'exec': 'pro',
+    'yolo': 'pro',
+    'epic': 'pro',
+    'setup-branch': 'free',
+    'diagnose': 'free',
+    'research': 'free',
+    'write-spec': 'free',
+    'create-tasks': 'free',
+    'implement': 'free',
+    'update-memory': 'free',
+    'commit': 'free',
+    'sync': 'free',
+    'create-pr': 'free',
+    'review': 'pro',
+    'merge': 'free',
+    'fix-blocked': 'free',
+    'finalize-epic': 'free',
+    'cleanup': 'free',
+    'resolve-conflicts': 'free',
+    'audit': 'free',
+    'menu': 'free',
+    'plans': 'free',
+    'billing': 'free',
+    'subscribe': 'free',
+};
+const TIER_HIERARCHY = {
+    free: 0,
+    pro: 1,
+    enterprise: 2,
+};
+// ── TierAwareClient ──────────────────────────────────────────────────────
+export class TierAwareClient {
+    cache;
+    licenseClient;
+    cachedTier = null;
+    constructor(options) {
+        this.cache = options.cacheProvider;
+        this.licenseClient = options.licenseClient;
+    }
+    // ── Story 60.1: Tier Extraction from JWT + Cache ────────────────────
+    /**
+     * Get the current tier. Checks in-memory, then cache, then JWT token.
+     * NEVER throws - returns 'free' on failure (fail-open).
+     */
+    async getCachedTier() {
+        try {
+            // 1. In-memory
+            if (this.cachedTier)
+                return this.cachedTier;
+            // 2. EncryptedCache
+            const cached = await this.cache.get(TIER_CACHE_KEY);
+            if (cached && VALID_TIERS.has(cached)) {
+                this.cachedTier = cached;
+                return this.cachedTier;
+            }
+            // 3. Extract from JWT
+            const token = await this.licenseClient.getToken();
+            if (token) {
+                const tier = this.extractTierFromJwt(token);
+                this.cachedTier = tier;
+                // Persist to cache (fire-and-forget)
+                this.cache.set(TIER_CACHE_KEY, tier, TIER_CACHE_TTL_MS).catch(() => { });
+                return tier;
+            }
+            return DEFAULT_TIER;
+        }
+        catch {
+            return DEFAULT_TIER;
+        }
+    }
+    /**
+     * Update cached tier (called when server returns tier info).
+     */
+    async updateTier(tier) {
+        try {
+            if (!VALID_TIERS.has(tier))
+                return;
+            this.cachedTier = tier;
+            await this.cache.set(TIER_CACHE_KEY, tier, TIER_CACHE_TTL_MS).catch(() => { });
+        }
+        catch {
+            // Non-critical
+        }
+    }
+    // ── Story 18.8: Tier Cache Invalidation ──────────────────────────────
+    /**
+     * Invalidate all tier and quota caches.
+     * Called when a tier change is detected to ensure fresh data.
+     * NEVER throws.
+     */
+    async invalidateTierCache() {
+        try {
+            this.cachedTier = null;
+            await this.cache.clear().catch(() => { });
+        }
+        catch {
+            // Non-critical
+        }
+    }
+    // ── Story 60.2: Pre-flight Trigger Check ────────────────────────────
+    /**
+     * Check if a trigger is allowed for the current tier WITHOUT calling the server.
+     * Returns immediately (in-memory lookup).
+     * NEVER throws - returns { allowed: true } on failure (fail-open).
+     */
+    async preFlightCheck(trigger, tier) {
+        try {
+            const userTier = tier ?? await this.getCachedTier();
+            const requiredTier = TRIGGER_GATES[trigger] ?? 'free';
+            if (TIER_HIERARCHY[userTier] >= TIER_HIERARCHY[requiredTier]) {
+                return { allowed: true };
+            }
+            const message = this.buildUpgradeMessage(trigger, userTier, requiredTier);
+            return { allowed: false, message };
+        }
+        catch {
+            // Fail-open: allow on error
+            return { allowed: true };
+        }
+    }
+    // ── Story 60.3: Quota Cache from Response ───────────────────────────
+    /**
+     * Update cached quota from server response metadata.
+     * Called after each successful invoke.
+     */
+    async updateQuotaFromResponse(metadata) {
+        try {
+            const quotaRemaining = metadata.quotaRemaining;
+            if (!quotaRemaining)
+                return;
+            const snapshot = {
+                stepsRemaining: quotaRemaining.stepsRemaining ?? 0,
+                invocationsRemaining: quotaRemaining.invocationsRemaining ?? 0,
+                stepsLimit: quotaRemaining.stepsLimit ?? 0,
+                invocationsLimit: quotaRemaining.invocationsLimit ?? 0,
+                cachedAt: Date.now(),
+            };
+            const dateKey = this.getQuotaCacheKey();
+            await this.cache.set(dateKey, JSON.stringify(snapshot), QUOTA_TTL_MS).catch(() => { });
+        }
+        catch {
+            // Non-critical
+        }
+    }
+    /**
+     * Get cached quota for today.
+     * NEVER throws - returns null if cache empty or expired.
+     */
+    async getCachedQuota() {
+        try {
+            const dateKey = this.getQuotaCacheKey();
+            const raw = await this.cache.get(dateKey);
+            if (!raw)
+                return null;
+            const snapshot = JSON.parse(raw);
+            // Validate TTL (EncryptedCache already handles this, but double-check)
+            if (Date.now() - snapshot.cachedAt > QUOTA_TTL_MS)
+                return null;
+            return snapshot;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── Story 60.4: Offline Enforcement ─────────────────────────────────
+    /**
+     * Check quota in offline mode using cached data.
+     * NEVER throws - returns { allowed: true } on failure (fail-open).
+     *
+     * @param isOffline - Whether the circuit breaker is in L2+ degradation
+     */
+    async offlineQuotaCheck(isOffline = false) {
+        try {
+            if (!isOffline)
+                return { allowed: true };
+            const quota = await this.getCachedQuota();
+            // Fail-open: if no cached quota, allow
+            if (!quota)
+                return { allowed: true };
+            // Check steps
+            if (quota.stepsRemaining <= 0 && quota.stepsLimit > 0) {
+                return {
+                    allowed: false,
+                    message: `Daily step limit reached (${quota.stepsLimit}/${quota.stepsLimit}). Resets at 00:00 UTC.`,
+                };
+            }
+            // Check invocations
+            if (quota.invocationsRemaining <= 0 && quota.invocationsLimit > 0) {
+                return {
+                    allowed: false,
+                    message: `Daily invocation limit reached (${quota.invocationsLimit}/${quota.invocationsLimit}). Resets at 00:00 UTC.`,
+                };
+            }
+            return { allowed: true };
+        }
+        catch {
+            // Fail-open
+            return { allowed: true };
+        }
+    }
+    // ── Private Helpers ─────────────────────────────────────────────────
+    /**
+     * Extract tier from JWT payload via base64url decode.
+     * No cryptographic verification - client-side is UX only.
+     */
+    extractTierFromJwt(token) {
+        try {
+            const parts = token.split('.');
+            if (parts.length !== 3)
+                return DEFAULT_TIER;
+            // Decode base64url payload
+            const payload = parts[1];
+            const decoded = Buffer.from(payload, 'base64url').toString('utf8');
+            const claims = JSON.parse(decoded);
+            const tier = claims.tier;
+            if (tier && VALID_TIERS.has(tier)) {
+                return tier;
+            }
+            return DEFAULT_TIER;
+        }
+        catch {
+            return DEFAULT_TIER;
+        }
+    }
+    buildUpgradeMessage(trigger, currentTier, requiredTier) {
+        return `The *${trigger} command requires ${requiredTier.toUpperCase()} plan. Your current plan: ${currentTier.toUpperCase()}. Upgrade: neocortex.dev/pricing`;
+    }
+    getQuotaCacheKey() {
+        const now = new Date();
+        const dateStr = now.toISOString().slice(0, 10); // YYYY-MM-DD UTC
+        return `${QUOTA_CACHE_KEY_PREFIX}${dateStr}`;
+    }
+}

package/packages/client/dist/types/index.d.ts

@@ -0,0 +1,140 @@
+/**
+ * @license FSL-1.1
+ * Copyright (c) 2026 OrNexus AI
+ *
+ * This file is part of Neocortex CLI, licensed under the
+ * Functional Source License, Version 1.1 (FSL-1.1).
+ *
+ * Change Date: February 20, 2029
+ * Change License: MIT
+ *
+ * See the LICENSE file in the project root for full license text.
+ */
+/**
+ * @neocortex/client - Type Definitions
+ *
+ * All types for the asset resolution abstraction layer.
+ */
+/** Mode of asset resolution */
+export declare enum ResolverMode {
+    /** Read assets from local filesystem (development) */
+    LOCAL = "local",
+    /** Fetch assets from remote IP Protection Server (production) */
+    REMOTE = "remote"
+}
+/** Metadata about the codebase for context collection */
+export interface CodebaseMetadata {
+    readonly projectName: string;
+    readonly languages: readonly string[];
+    readonly frameworks: readonly string[];
+    readonly dependencies: Readonly<Record<string, string>>;
+    readonly nodeVersion: string;
+}
+/** Metadata extracted from the story file */
+export interface StoryMetadata {
+    readonly id: string;
+    readonly epicId: string;
+    readonly title: string;
+    readonly status: string;
+    readonly dependencies: readonly string[];
+    readonly acceptanceCriteria: readonly string[];
+}
+/** Full pipeline context sent to the server for prompt assembly */
+export interface PipelineContext {
+    readonly storyId: string;
+    readonly stepId: string;
+    readonly epicId: string;
+    readonly storyTitle: string;
+    readonly currentStatus: string;
+    readonly stepsCompleted: readonly string[];
+    readonly branchName: string;
+    readonly platformTarget: string;
+    readonly codebaseMetadata: CodebaseMetadata;
+    readonly storyMetadata: StoryMetadata;
+}
+/** Content of a resolved pipeline step */
+export interface StepContent {
+    readonly id: string;
+    readonly content: string;
+    readonly frontmatter: Readonly<Record<string, unknown>>;
+}
+/** Content of a resolved skill */
+export interface SkillContent {
+    readonly id: string;
+    readonly content: string;
+    readonly metadata: Readonly<Record<string, unknown>>;
+}
+/** Content of a resolved standard */
+export interface StandardContent {
+    readonly id: string;
+    readonly content: string;
+}
+/** Step registry entry matching core/data/step-registry.json structure */
+export interface StepRegistryEntry {
+    readonly id: string;
+    readonly order?: number;
+    readonly name: string;
+    readonly status_after?: string;
+    readonly file: string;
+    readonly auto_continue?: boolean;
+    readonly requires_git?: boolean;
+    readonly standalone?: boolean;
+    readonly terminal?: boolean;
+    readonly returns_to?: string;
+    readonly returns_to_status?: string;
+}
+/** Full step registry structure */
+export interface StepRegistry {
+    readonly version: string;
+    readonly steps: {
+        readonly core: readonly StepRegistryEntry[];
+        readonly recovery: readonly StepRegistryEntry[];
+        readonly utility: readonly StepRegistryEntry[];
+        readonly planning: readonly StepRegistryEntry[];
+        readonly epic: readonly StepRegistryEntry[];
+    };
+    readonly [key: string]: unknown;
+}
+/** Assembled prompt ready for execution */
+export interface AssembledPrompt {
+    readonly prompt: string;
+    readonly variables: Readonly<Record<string, string>>;
+    readonly includedSkills: readonly string[];
+    readonly includedStandards: readonly string[];
+}
+/** Interface for encrypted cache (implemented in Story 42.3) */
+export interface CacheProvider {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string, ttlMs?: number): Promise<void>;
+    clear(): Promise<void>;
+}
+/** No-op cache implementation for development/fallback */
+export declare class NoOpCache implements CacheProvider {
+    get(): Promise<null>;
+    set(): Promise<void>;
+    clear(): Promise<void>;
+}
+/** Options for LocalResolver */
+export interface LocalResolverOptions {
+    readonly projectRoot: string;
+}
+/** Options for RemoteResolver */
+export interface RemoteResolverOptions {
+    readonly serverUrl: string;
+    readonly licenseKey: string;
+    readonly timeout?: number;
+    readonly retryCount?: number;
+    readonly cacheProvider?: CacheProvider;
+    readonly licenseClient?: import('../license/license-client.js').LicenseClient;
+}
+/** Options for resolver factory */
+export interface CreateResolverOptions {
+    readonly forceLocal?: boolean;
+    /** Force offline mode: skip server, use cache exclusively (Story 42.9 - AC6) */
+    readonly forceOffline?: boolean;
+    readonly projectRoot?: string;
+    readonly serverUrl?: string;
+    readonly licenseKey?: string;
+    readonly cacheProvider?: CacheProvider;
+    readonly licenseClient?: import('../license/license-client.js').LicenseClient;
+}

package/packages/client/dist/types/index.js

@@ -0,0 +1,38 @@
+/**
+ * @license FSL-1.1
+ * Copyright (c) 2026 OrNexus AI
+ *
+ * This file is part of Neocortex CLI, licensed under the
+ * Functional Source License, Version 1.1 (FSL-1.1).
+ *
+ * Change Date: February 20, 2029
+ * Change License: MIT
+ *
+ * See the LICENSE file in the project root for full license text.
+ */
+/**
+ * @neocortex/client - Type Definitions
+ *
+ * All types for the asset resolution abstraction layer.
+ */
+// ── Resolver Mode ────────────────────────────────────────────────────────
+/** Mode of asset resolution */
+export var ResolverMode;
+(function (ResolverMode) {
+    /** Read assets from local filesystem (development) */
+    ResolverMode["LOCAL"] = "local";
+    /** Fetch assets from remote IP Protection Server (production) */
+    ResolverMode["REMOTE"] = "remote";
+})(ResolverMode || (ResolverMode = {}));
+/** No-op cache implementation for development/fallback */
+export class NoOpCache {
+    async get() {
+        return null;
+    }
+    async set() {
+        // No-op: cache disabled
+    }
+    async clear() {
+        // No-op: nothing to clear
+    }
+}