@wopr-network/platform-core 0.1.0

package/src/tenancy/org-service.ts

@@ -0,0 +1,290 @@
+/**
+ * OrgService — business logic for org member management, invite lifecycle,
+ * role changes, and org CRUD. Depends on IOrgRepository (tenant data) and
+ * IOrgMemberRepository (members/invites data).
+ */
+
+import crypto from "node:crypto";
+import { TRPCError } from "@trpc/server";
+import { eq } from "drizzle-orm";
+import { logger } from "../config/logger.js";
+import type { PlatformDb } from "../db/index.js";
+import { organizationInvites, organizationMembers, tenants } from "../db/schema/index.js";
+import type { IOrgMemberRepository, OrgInviteRow } from "./org-member-repository.js";
+import type { IOrgRepository, Tenant } from "./drizzle-org-repository.js";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface OrgWithMembers extends Tenant {
+  members: OrgMemberWithUser[];
+  invites: OrgInvitePublic[];
+}
+
+export interface OrgMemberWithUser {
+  id: string;
+  userId: string;
+  name: string;
+  email: string;
+  role: "owner" | "admin" | "member";
+  joinedAt: string;
+}
+
+export interface OrgInvitePublic {
+  id: string;
+  email: string;
+  role: "admin" | "member";
+  invitedBy: string;
+  expiresAt: string;
+  createdAt: string;
+}
+
+// ---------------------------------------------------------------------------
+// Service
+// ---------------------------------------------------------------------------
+
+export interface OrgServiceOptions {
+  /** Hook called inside deleteOrg transaction before members/invites/tenant rows are deleted. */
+  onBeforeDeleteOrg?: (orgId: string, tx: PlatformDb) => Promise<void>;
+}
+
+export class OrgService {
+  private readonly onBeforeDeleteOrg?: (orgId: string, tx: PlatformDb) => Promise<void>;
+
+  constructor(
+    private readonly orgRepo: IOrgRepository,
+    private readonly memberRepo: IOrgMemberRepository,
+    private readonly db: PlatformDb,
+    options?: OrgServiceOptions,
+  ) {
+    this.onBeforeDeleteOrg = options?.onBeforeDeleteOrg;
+  }
+
+  /**
+   * Return the personal org for the user, creating it if it doesn't exist.
+   * "Personal org" = the user's personal tenant (type="personal").
+   */
+  async getOrCreatePersonalOrg(userId: string, displayName: string): Promise<OrgWithMembers> {
+    const tenant = await this.orgRepo.ensurePersonalTenant(userId, displayName);
+    // Ensure the owner member row exists. Use addMember (which uses ON CONFLICT DO NOTHING)
+    // unconditionally to handle concurrent calls that may race past findMember.
+    await this.memberRepo.addMember({
+      id: crypto.randomUUID(),
+      orgId: tenant.id,
+      userId,
+      role: "owner",
+      joinedAt: Date.now(),
+    });
+    return this.buildOrgWithMembers(tenant);
+  }
+
+  /**
+   * Create a new team organization. The caller becomes the owner.
+   * Returns the created org's id, name, and slug.
+   */
+  async createOrg(userId: string, name: string, slug?: string): Promise<{ id: string; name: string; slug: string }> {
+    if (!name.trim()) {
+      throw new TRPCError({ code: "BAD_REQUEST", message: "Org name cannot be blank or whitespace only" });
+    }
+    if (slug !== undefined) {
+      this.validateSlug(slug);
+      const existing = await this.orgRepo.getBySlug(slug);
+      if (existing) {
+        throw new TRPCError({ code: "CONFLICT", message: "Slug already taken" });
+      }
+    }
+    const tenant = await this.orgRepo.createOrg(userId, name, slug);
+    try {
+      await this.memberRepo.addMember({
+        id: crypto.randomUUID(),
+        orgId: tenant.id,
+        userId,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+    } catch (err) {
+      // Compensating delete: remove the orphan tenant if member creation fails
+      await this.db
+        .delete(tenants)
+        .where(eq(tenants.id, tenant.id))
+        .catch((deleteErr) => {
+          logger.error("Compensating org delete failed — orphaned tenant record", {
+            err: deleteErr,
+            tenantId: tenant.id,
+          });
+        });
+      throw err;
+    }
+    return { id: tenant.id, name: tenant.name, slug: tenant.slug ?? "" };
+  }
+
+  /** Get an org's details, including member/invite lists. */
+  async getOrg(orgId: string): Promise<OrgWithMembers> {
+    const tenant = await this.requireOrg(orgId);
+    return this.buildOrgWithMembers(tenant);
+  }
+
+  async updateOrg(
+    orgId: string,
+    actorUserId: string,
+    data: { name?: string; slug?: string; billingEmail?: string | null },
+  ): Promise<Tenant> {
+    await this.requireAdminOrOwner(orgId, actorUserId);
+    if (data.slug !== undefined) {
+      this.validateSlug(data.slug);
+      const existing = await this.orgRepo.getBySlug(data.slug);
+      if (existing && existing.id !== orgId) {
+        throw new TRPCError({ code: "CONFLICT", message: "Slug already taken" });
+      }
+    }
+    return this.orgRepo.updateOrg(orgId, data);
+  }
+
+  async deleteOrg(orgId: string, actorUserId: string): Promise<void> {
+    const org = await this.requireOrg(orgId);
+    if (org.ownerId !== actorUserId) {
+      throw new TRPCError({ code: "FORBIDDEN", message: "Only the owner can delete the organization" });
+    }
+    await this.db.transaction(async (tx) => {
+      // Let consumer clean up domain-specific tables (e.g., bot instances, VPS subscriptions)
+      if (this.onBeforeDeleteOrg) {
+        await this.onBeforeDeleteOrg(orgId, tx as unknown as PlatformDb);
+      }
+      await tx.delete(organizationInvites).where(eq(organizationInvites.orgId, orgId));
+      await tx.delete(organizationMembers).where(eq(organizationMembers.orgId, orgId));
+      await tx.delete(tenants).where(eq(tenants.id, orgId));
+    });
+  }
+
+  async inviteMember(
+    orgId: string,
+    actorUserId: string,
+    email: string,
+    role: "admin" | "member",
+  ): Promise<OrgInviteRow> {
+    await this.requireAdminOrOwner(orgId, actorUserId);
+    const token = crypto.randomBytes(32).toString("hex");
+    const invite: OrgInviteRow = {
+      id: crypto.randomUUID(),
+      orgId,
+      email,
+      role,
+      invitedBy: actorUserId,
+      token,
+      expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
+      createdAt: Date.now(),
+    };
+    await this.memberRepo.createInvite(invite);
+    return invite;
+  }
+
+  async revokeInvite(orgId: string, actorUserId: string, inviteId: string): Promise<void> {
+    await this.requireAdminOrOwner(orgId, actorUserId);
+    const invite = await this.memberRepo.findInviteById(inviteId);
+    if (!invite || invite.orgId !== orgId) {
+      throw new TRPCError({ code: "NOT_FOUND", message: "Invite not found" });
+    }
+    await this.memberRepo.deleteInvite(inviteId);
+  }
+
+  async changeRole(
+    orgId: string,
+    actorUserId: string,
+    targetUserId: string,
+    newRole: "admin" | "member",
+  ): Promise<void> {
+    await this.requireAdminOrOwner(orgId, actorUserId);
+    const org = await this.requireOrg(orgId);
+    if (org.ownerId === targetUserId) {
+      throw new TRPCError({
+        code: "BAD_REQUEST",
+        message: "Cannot change the owner's role. Use transfer ownership instead.",
+      });
+    }
+    const member = await this.memberRepo.findMember(orgId, targetUserId);
+    if (!member) {
+      throw new TRPCError({ code: "NOT_FOUND", message: "Member not found" });
+    }
+    await this.memberRepo.updateMemberRole(orgId, targetUserId, newRole);
+  }
+
+  async removeMember(orgId: string, actorUserId: string, targetUserId: string): Promise<void> {
+    await this.requireAdminOrOwner(orgId, actorUserId);
+    const org = await this.requireOrg(orgId);
+    if (org.ownerId === targetUserId) {
+      throw new TRPCError({ code: "BAD_REQUEST", message: "Cannot remove the owner" });
+    }
+    const member = await this.memberRepo.findMember(orgId, targetUserId);
+    if (!member) {
+      throw new TRPCError({ code: "NOT_FOUND", message: "Member not found" });
+    }
+    if (member.role === "admin") {
+      const count = await this.memberRepo.countAdminsAndOwners(orgId);
+      if (count <= 1) {
+        throw new TRPCError({ code: "BAD_REQUEST", message: "Cannot remove the last admin" });
+      }
+    }
+    await this.memberRepo.removeMember(orgId, targetUserId);
+  }
+
+  async transferOwnership(orgId: string, actorUserId: string, targetUserId: string): Promise<void> {
+    const org = await this.requireOrg(orgId);
+    if (org.ownerId !== actorUserId) {
+      throw new TRPCError({ code: "FORBIDDEN", message: "Only the owner can transfer ownership" });
+    }
+    const target = await this.memberRepo.findMember(orgId, targetUserId);
+    if (!target) {
+      throw new TRPCError({ code: "NOT_FOUND", message: "Target member not found" });
+    }
+    await this.memberRepo.updateMemberRole(orgId, targetUserId, "owner");
+    await this.memberRepo.updateMemberRole(orgId, actorUserId, "admin");
+    await this.orgRepo.updateOwner(orgId, targetUserId);
+  }
+
+  validateSlug(slug: string): void {
+    if (!/^[a-z0-9][a-z0-9-]{1,46}[a-z0-9]$/.test(slug)) {
+      throw new TRPCError({
+        code: "BAD_REQUEST",
+        message: "Slug must be 3-48 characters, lowercase alphanumeric and hyphens, cannot start/end with a hyphen",
+      });
+    }
+  }
+
+  private async buildOrgWithMembers(tenant: Tenant): Promise<OrgWithMembers> {
+    const members = await this.memberRepo.listMembers(tenant.id);
+    const invites = await this.memberRepo.listInvites(tenant.id);
+    return {
+      ...tenant,
+      members: members.map((m) => ({
+        id: m.id,
+        userId: m.userId,
+        name: m.userId, // name resolved from user context (placeholder until user profile lookup wired)
+        email: "", // email resolved from user context (placeholder)
+        role: m.role,
+        joinedAt: new Date(m.joinedAt).toISOString(),
+      })),
+      invites: invites.map((i) => ({
+        id: i.id,
+        email: i.email,
+        role: i.role,
+        invitedBy: i.invitedBy,
+        expiresAt: new Date(i.expiresAt).toISOString(),
+        createdAt: new Date(i.createdAt).toISOString(),
+      })),
+    };
+  }
+
+  private async requireOrg(orgId: string): Promise<Tenant> {
+    const org = await this.orgRepo.getById(orgId);
+    if (!org) throw new TRPCError({ code: "NOT_FOUND", message: "Organization not found" });
+    return org;
+  }
+
+  private async requireAdminOrOwner(orgId: string, userId: string): Promise<void> {
+    const member = await this.memberRepo.findMember(orgId, userId);
+    if (!member || (member.role !== "admin" && member.role !== "owner")) {
+      throw new TRPCError({ code: "FORBIDDEN", message: "Admin or owner role required" });
+    }
+  }
+}

package/src/test/db.ts

@@ -0,0 +1,97 @@
+import { PGlite } from "@electric-sql/pglite";
+import { drizzle } from "drizzle-orm/pglite";
+import { migrate } from "drizzle-orm/pglite/migrator";
+import type { PlatformDb } from "../db/index.js";
+import * as schema from "../db/schema/index.js";
+import { meterEvents, usageSummaries } from "../db/schema/meter-events.js";
+
+let migratedSnapshot: Blob | null = null;
+
+async function getSnapshot(): Promise<Blob> {
+  if (migratedSnapshot) return migratedSnapshot;
+  const pool = new PGlite();
+  await migrate(drizzle(pool, { schema }), { migrationsFolder: "./drizzle/migrations" });
+  migratedSnapshot = await pool.dumpDataDir("auto");
+  await pool.close();
+  return migratedSnapshot;
+}
+
+export async function createTestDb(): Promise<{ db: PlatformDb; pool: PGlite }> {
+  const snapshot = await getSnapshot();
+  const pool = new PGlite({ loadDataDir: snapshot });
+  const db = drizzle(pool, { schema }) as unknown as PlatformDb;
+  return { db, pool };
+}
+
+export async function beginTestTransaction(pool: PGlite): Promise<void> {
+  await pool.query("BEGIN");
+  await pool.query("SAVEPOINT test_tx");
+}
+
+export async function rollbackTestTransaction(pool: PGlite): Promise<void> {
+  await pool.query("ROLLBACK TO SAVEPOINT test_tx");
+  await pool.query("RELEASE SAVEPOINT test_tx");
+  await pool.query("SAVEPOINT test_tx");
+}
+
+export async function endTestTransaction(pool: PGlite): Promise<void> {
+  await pool.query("ROLLBACK");
+}
+
+export async function truncateAllTables(pool: PGlite): Promise<void> {
+  const result = await pool.query<{ tablename: string }>(`SELECT tablename FROM pg_tables WHERE schemaname = 'public'`);
+  const tables = result.rows.map((r) => `"${r.tablename}"`).join(", ");
+  if (tables) {
+    await pool.query(`TRUNCATE ${tables} RESTART IDENTITY CASCADE`);
+  }
+}
+
+export interface SeedMeterEventOptions {
+  id: string;
+  tenant: string;
+  charge: number;
+  timestamp: number;
+  capability?: string;
+  provider?: string;
+  cost?: number;
+}
+
+export async function seedMeterEvent(db: PlatformDb, opts: SeedMeterEventOptions): Promise<void> {
+  await db.insert(meterEvents).values({
+    id: opts.id,
+    tenant: opts.tenant,
+    cost: opts.cost ?? 0,
+    charge: opts.charge,
+    capability: opts.capability ?? "llm",
+    provider: opts.provider ?? "openai",
+    timestamp: opts.timestamp,
+  });
+}
+
+export interface SeedUsageSummaryOptions {
+  id: string;
+  tenant: string;
+  totalCharge: number;
+  windowStart: number;
+  windowEnd: number;
+  capability?: string;
+  provider?: string;
+  eventCount?: number;
+  totalCost?: number;
+  totalDuration?: number;
+}
+
+export async function seedUsageSummary(db: PlatformDb, opts: SeedUsageSummaryOptions): Promise<void> {
+  await db.insert(usageSummaries).values({
+    id: opts.id,
+    tenant: opts.tenant,
+    capability: opts.capability ?? "tts",
+    provider: opts.provider ?? "kokoro",
+    eventCount: opts.eventCount ?? 1,
+    totalCost: opts.totalCost ?? 0,
+    totalCharge: opts.totalCharge,
+    totalDuration: opts.totalDuration ?? 0,
+    windowStart: opts.windowStart,
+    windowEnd: opts.windowEnd,
+  });
+}

package/src/trpc/index.ts

@@ -0,0 +1,11 @@
+export {
+  router,
+  createCallerFactory,
+  publicProcedure,
+  protectedProcedure,
+  adminProcedure,
+  tenantProcedure,
+  orgMemberProcedure,
+  setTrpcOrgMemberRepo,
+  type TRPCContext,
+} from "./init.js";

package/src/trpc/init.test.ts

@@ -0,0 +1,196 @@
+import { describe, expect, it, vi, beforeEach } from "vitest";
+import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
+import {
+  router,
+  createCallerFactory,
+  publicProcedure,
+  protectedProcedure,
+  adminProcedure,
+  tenantProcedure,
+  orgMemberProcedure,
+  setTrpcOrgMemberRepo,
+} from "./init.js";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/** Create a stub org member repository. */
+function makeMockRepo(overrides?: Partial<IOrgMemberRepository>): IOrgMemberRepository {
+  return {
+    listMembers: vi.fn().mockResolvedValue([]),
+    addMember: vi.fn().mockResolvedValue(undefined),
+    updateMemberRole: vi.fn().mockResolvedValue(undefined),
+    removeMember: vi.fn().mockResolvedValue(undefined),
+    findMember: vi.fn().mockResolvedValue(null),
+    countAdminsAndOwners: vi.fn().mockResolvedValue(0),
+    listInvites: vi.fn().mockResolvedValue([]),
+    createInvite: vi.fn().mockResolvedValue(undefined),
+    findInviteById: vi.fn().mockResolvedValue(null),
+    findInviteByToken: vi.fn().mockResolvedValue(null),
+    deleteInvite: vi.fn().mockResolvedValue(undefined),
+    deleteAllMembers: vi.fn().mockResolvedValue(undefined),
+    deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+    ...overrides,
+  };
+}
+
+/** Build a test router + caller factory exercising all procedure types. */
+const appRouter = router({
+  publicHello: publicProcedure.query(() => "public-ok"),
+  protectedHello: protectedProcedure.query(() => "protected-ok"),
+  adminHello: adminProcedure.query(() => "admin-ok"),
+  tenantHello: tenantProcedure.query(() => "tenant-ok"),
+  orgAction: orgMemberProcedure
+    .input((v: unknown) => v as { orgId: string })
+    .mutation(() => "org-ok"),
+});
+
+const createCaller = createCallerFactory(appRouter);
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("tRPC procedure builders", () => {
+  beforeEach(() => {
+    setTrpcOrgMemberRepo(makeMockRepo());
+  });
+
+  // -----------------------------------------------------------------------
+  // publicProcedure
+  // -----------------------------------------------------------------------
+
+  describe("publicProcedure", () => {
+    it("allows unauthenticated access", async () => {
+      const caller = createCaller({ user: undefined, tenantId: undefined });
+      expect(await caller.publicHello()).toBe("public-ok");
+    });
+
+    it("allows authenticated access", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      expect(await caller.publicHello()).toBe("public-ok");
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // protectedProcedure
+  // -----------------------------------------------------------------------
+
+  describe("protectedProcedure", () => {
+    it("rejects unauthenticated requests", async () => {
+      const caller = createCaller({ user: undefined, tenantId: undefined });
+      await expect(caller.protectedHello()).rejects.toThrow("Authentication required");
+    });
+
+    it("allows authenticated requests", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      expect(await caller.protectedHello()).toBe("protected-ok");
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // adminProcedure
+  // -----------------------------------------------------------------------
+
+  describe("adminProcedure", () => {
+    it("rejects unauthenticated requests", async () => {
+      const caller = createCaller({ user: undefined, tenantId: undefined });
+      await expect(caller.adminHello()).rejects.toThrow("Authentication required");
+    });
+
+    it("rejects non-admin users", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.adminHello()).rejects.toThrow("Platform admin role required");
+    });
+
+    it("allows platform_admin users", async () => {
+      const caller = createCaller({
+        user: { id: "admin1", roles: ["platform_admin"] },
+        tenantId: undefined,
+      });
+      expect(await caller.adminHello()).toBe("admin-ok");
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // tenantProcedure
+  // -----------------------------------------------------------------------
+
+  describe("tenantProcedure", () => {
+    it("rejects unauthenticated requests", async () => {
+      const caller = createCaller({ user: undefined, tenantId: undefined });
+      await expect(caller.tenantHello()).rejects.toThrow("Authentication required");
+    });
+
+    it("rejects when tenantId is missing", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.tenantHello()).rejects.toThrow("Tenant context required");
+    });
+
+    it("allows bearer-token users (token: prefix) without org check", async () => {
+      const caller = createCaller({
+        user: { id: "token:admin", roles: ["admin"] },
+        tenantId: "t1",
+      });
+      expect(await caller.tenantHello()).toBe("tenant-ok");
+    });
+
+    it("allows session users accessing their personal tenant", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "u1" });
+      expect(await caller.tenantHello()).toBe("tenant-ok");
+    });
+
+    it("allows session users who are org members", async () => {
+      const repo = makeMockRepo({
+        findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-t", userId: "u1", role: "member", joinedAt: 0 }),
+      });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "org-t" });
+      expect(await caller.tenantHello()).toBe("tenant-ok");
+    });
+
+    it("rejects session users not in the org", async () => {
+      const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "org-other" });
+      await expect(caller.tenantHello()).rejects.toThrow("Not authorized for this tenant");
+    });
+  });
+
+  // -----------------------------------------------------------------------
+  // orgMemberProcedure
+  // -----------------------------------------------------------------------
+
+  describe("orgMemberProcedure", () => {
+    it("rejects unauthenticated requests", async () => {
+      const caller = createCaller({ user: undefined, tenantId: undefined });
+      await expect(caller.orgAction({ orgId: "org-1" })).rejects.toThrow("Authentication required");
+    });
+
+    it("rejects when orgId is missing from input", async () => {
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.orgAction({} as any)).rejects.toThrow("orgId is required");
+    });
+
+    it("rejects non-members", async () => {
+      const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.orgAction({ orgId: "org-1" })).rejects.toThrow("Not a member of this organization");
+    });
+
+    it("allows org members", async () => {
+      const repo = makeMockRepo({
+        findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "member", joinedAt: 0 }),
+      });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      expect(await caller.orgAction({ orgId: "org-1" })).toBe("org-ok");
+    });
+  });
+});