@posiwise/common-services 0.2.23 → 0.2.25

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@posiwise/common-services",
-  "version": "0.2.23",
+  "version": "0.2.25",
   "peerDependencies": {
     "@angular/common": "^21.2.6",
     "@angular/core": "^21.2.6",

package/types/posiwise-common-services.d.ts

@@ -495,9 +495,18 @@ declare class UserService {
     private readonly toast;
     private readonly endpoint;
     private isTosModalOpen;
+    private isSecondaryPaymentModalOpen;
     constructor(api: MainApiHttpService, store: Store<AppState>, router: Router, appConfigService: AppConfigService, profileService: ProfileService, toast: CustomToastService);
     getUserState(): Observable<UserState>;
     getUserInfo(): Observable<User>;
+    /**
+     * Hard-gate the user when their active product requires a Braintree
+     * (secondary) payment method and they don't have one registered yet.
+     * Pattern mirrors checkAndHandleTosAcceptance — a non-dismissable
+     * SweetAlert2 modal that takes the user to the update-payment route.
+     * See main-api ticket #922.
+     */
+    private checkAndHandleSecondaryPayment;
     /**
      * Ensure the current user has accepted the latest Terms of Service for this domain.
      * If the domain has a newer TOS version than the user's accepted timestamp, a blocking
@@ -581,6 +590,13 @@ declare class AuthService {
     storeToken(token: string): rxjs.Observable<boolean>;
     storePlatform(plat: string): rxjs.Observable<void>;
     logout(): rxjs.Observable<any>;
+    /**
+     * Wipe every `pw-brain.*` localStorage key on logout so the next user
+     * on a shared browser doesn't inherit the previous user's chat thread
+     * (ticket #4167). Best-effort: private-browsing / quota throws are
+     * swallowed so logout never breaks.
+     */
+    private clearBrainChatStorage;
     /**
      * Clear all authentication tokens
      */
@@ -729,7 +745,7 @@ declare class SubscriptionService {
     getEnrolledSubscription(id: number, paging?: Paging): rxjs.Observable<any>;
     removeEnrolledSubscription(id: number, user_id: number): rxjs.Observable<any>;
     toggleAdmin(id: number, data: any): rxjs.Observable<any>;
-    updateSubscriptionAPIKey(id: number): rxjs.Observable<any>;
+    updateSubscriptionAPIKey(id: number, productId: number): rxjs.Observable<any>;
     refreshApiTokens(id: number): rxjs.Observable<any>;
     addFullLogo(id: number, data: any): rxjs.Observable<any>;
     addSquaredLogo(id: number, data: any): rxjs.Observable<any>;
@@ -737,6 +753,9 @@ declare class SubscriptionService {
     updateCardDetails(data: {
         [key: string]: string;
     }, subscription_id: number): rxjs.Observable<any>;
+    getPaymentMethods(subscriptionId: number): rxjs.Observable<any>;
+    getBraintreeClientToken(subscriptionId: number): rxjs.Observable<any>;
+    registerBraintreePaymentMethod(subscriptionId: number, paymentMethodNonce: string): rxjs.Observable<any>;
     getEnterpriseInsight(subscriptionId: number, starting_at?: string, ending_at?: string): rxjs.Observable<any>;
     postSubscriptionCredential(data: any): rxjs.Observable<any>;
     editSubscriptionCredential(id: number, data: any): rxjs.Observable<any>;
@@ -1015,6 +1034,116 @@ declare class McpJsonRpcService {
     static ɵprov: i0.ɵɵInjectableDeclaration<McpJsonRpcService>;
 }
 
+/**
+ * Posiwise Brain MCP orchestrator client (ticket #36).
+ *
+ * Wraps `POST /brain-api/v1/mcp/{execute,interpret,confirm}`. Frees the chat
+ * UI from JSON-RPC plumbing and the `McpJsonRpcService` direct-to-main-api
+ * pattern, which bypasses Bedrock interpretation + the per-user allowlist.
+ *
+ * Auth: the orchestrator authenticates user requests by calling main-api's
+ * `/api/auth/token` from server side. The frontend MUST forward the three
+ * user-token headers (`x-api-user-token`, `x-api-user-id`, `x-api-client-id`)
+ * so the orchestrator can identify the caller. The platform's
+ * `CustomAuthInterceptor` does NOT set these — it sets `Authorization:
+ * pw-gateway` + `x-auth-token` — so we attach them explicitly per request,
+ * mirroring `McpJsonRpcService.pickApiCredentials`.
+ *
+ * Conversation continuity: every response echoes a `conversation_id`. The
+ * UI persists it in localStorage and replays it on subsequent calls so
+ * Bedrock keeps chat context across the three endpoints.
+ */
+interface MCPExecuteRequest {
+    message: string;
+    workspace_context?: Record<string, unknown>;
+    conversation_id?: string;
+}
+type MCPInterpretRequest = MCPExecuteRequest;
+interface MCPConfirmRequest {
+    confirmation_token: string;
+    idempotency_key?: string;
+    tool_arguments?: Record<string, unknown>;
+    conversation_id?: string;
+}
+type MCPRiskLevel = 'low' | 'medium' | 'high' | 'critical';
+type MCPResultStatus = 'success' | 'error' | 'blocked';
+interface MCPActionPlan {
+    intent: string;
+    target_service: string;
+    target_tool: string;
+    tool_arguments: Record<string, unknown>;
+    risk_level: MCPRiskLevel;
+    needs_confirmation: boolean;
+    summary?: string | null;
+}
+interface MCPFieldDiff {
+    [field: string]: {
+        before: unknown;
+        after: unknown;
+    };
+}
+interface MCPExecuteResponse {
+    request_id: string;
+    result_status: MCPResultStatus;
+    needs_confirmation: boolean;
+    confirmation_token?: string | null;
+    risk_level?: MCPRiskLevel | null;
+    summary?: string | null;
+    response?: string | null;
+    tool_result?: Record<string, unknown> | null;
+    interpreted_intent?: string | null;
+    target_service?: string | null;
+    target_tool?: string | null;
+    reason?: string | null;
+    conversation_id?: string | null;
+    diff?: MCPFieldDiff | null;
+}
+interface MCPInterpretResponse {
+    request_id: string;
+    plan: MCPActionPlan | null;
+    allowlist_match: boolean;
+    reason_blocked?: string | null;
+    conversation_id?: string | null;
+}
+declare class MCPOrchestratorService {
+    private readonly http;
+    private readonly appConfigService;
+    private readonly store;
+    /**
+     * Dev base — `BRAIN_API_PREFIX` = '/brain-api/v1/'. In prod the
+     * orchestrator is reached via the API-gateway public hostname; we read
+     * it from `links.brain_api` in app config (same convention as
+     * `BrainApiHttpService`).
+     */
+    constructor(http: HttpClient, appConfigService: AppConfigService, store: Store<AppState>);
+    execute(body: MCPExecuteRequest): Observable<MCPExecuteResponse>;
+    interpret(body: MCPInterpretRequest): Observable<MCPInterpretResponse>;
+    confirm(body: MCPConfirmRequest): Observable<MCPExecuteResponse>;
+    private post;
+    /**
+     * Pull `(token, userId, clientId?)` for the active session.
+     *
+     * `clientId` comes from `PermissionService.selectedSubscription` — the
+     * canonical "currently-active subscription" on this frontend, set when
+     * the user picks/lands on a subscription. Every other place in the
+     * codebase that needs subscription context (mailbox, chatbox, search,
+     * dashboard, admin lists) reads from the same static. Without it,
+     * downstream MCP tools that require subscription scope (e.g.
+     * `cloudolive-api.count_reconciled_account_inputs`) reject the call
+     * with `McpError: This tool requires subscription context. Please
+     * provide api_client_id parameter`.
+     *
+     * `api_client_id` does NOT live on the `User` interface — it's a
+     * property of `Subscription` (`subscription.interface.ts`). Reading
+     * from the user object would always return `undefined` and silently
+     * drop the header.
+     */
+    private pickApiCredentials;
+    private buildHeaders;
+    static ɵfac: i0.ɵɵFactoryDeclaration<MCPOrchestratorService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<MCPOrchestratorService>;
+}
+
 declare class WebsocketService {
     private readonly appConfigService;
     private readonly authService;
@@ -1205,5 +1334,5 @@ declare class BrainApiService {
     static ɵprov: i0.ɵɵInjectableDeclaration<BrainApiService>;
 }
 
-export { AbTestService, AhoyService, AuthService, BaseHttpService, BrainApiHttpService, BrainApiService, CommonService, CommonServicesModule, CustomPreloadingStrategy, CustomToastService, DashboardService, DataService, FeatureFlagService, FormHelperService, GeoService, GoogleAnalyticsService, GroupService, HopscotchService, IntegrationsApiHttpService, LinkService, LocalStorage, LogoCacheService, MailBoxService, MainApiHttpService, McpJsonRpcService, NgbDateCustomParserFormatter, NotificationService, NumberPickerService, PermissionService, PrimeNgHelper, ProductService, ProfileService, QualificationService, ScriptLoaderService, SecureTokenStorageService, SentryErrorHandler, SeoService, SubscriptionService, TagService, TipsService, UserEffects, UserService, ValidationService, WebsocketService, WindowService };
-export type { McpJsonRpcError, McpJsonRpcRequest, McpJsonRpcResponse, McpToolDefinition, McpToolsListResult };
+export { AbTestService, AhoyService, AuthService, BaseHttpService, BrainApiHttpService, BrainApiService, CommonService, CommonServicesModule, CustomPreloadingStrategy, CustomToastService, DashboardService, DataService, FeatureFlagService, FormHelperService, GeoService, GoogleAnalyticsService, GroupService, HopscotchService, IntegrationsApiHttpService, LinkService, LocalStorage, LogoCacheService, MCPOrchestratorService, MailBoxService, MainApiHttpService, McpJsonRpcService, NgbDateCustomParserFormatter, NotificationService, NumberPickerService, PermissionService, PrimeNgHelper, ProductService, ProfileService, QualificationService, ScriptLoaderService, SecureTokenStorageService, SentryErrorHandler, SeoService, SubscriptionService, TagService, TipsService, UserEffects, UserService, ValidationService, WebsocketService, WindowService };
+export type { MCPActionPlan, MCPConfirmRequest, MCPExecuteRequest, MCPExecuteResponse, MCPFieldDiff, MCPInterpretRequest, MCPInterpretResponse, MCPResultStatus, MCPRiskLevel, McpJsonRpcError, McpJsonRpcRequest, McpJsonRpcResponse, McpToolDefinition, McpToolsListResult };