@wopr-network/platform-core 1.12.2 → 1.13.1

package/dist/api/routes/auth.js

@@ -0,0 +1,25 @@
+/**
+ * Auth Routes — Mounts better-auth's HTTP handler as a Hono route.
+ *
+ * All requests to `/api/auth/*` are forwarded to better-auth, which handles:
+ * - POST /api/auth/sign-up/email — Register with email + password
+ * - POST /api/auth/sign-in/email — Sign in with email + password
+ * - POST /api/auth/sign-out — Sign out (invalidate session)
+ * - GET  /api/auth/get-session — Get current session
+ *
+ * better-auth manages its own session cookies and CSRF protection.
+ */
+import { Hono } from "hono";
+/**
+ * Create auth routes that delegate to better-auth's handler.
+ *
+ * @param auth - The better-auth instance (use `getAuth()`)
+ */
+export function createAuthRoutes(auth) {
+    const routes = new Hono();
+    routes.all("/*", async (c) => {
+        const response = await auth.handler(c.req.raw);
+        return response;
+    });
+    return routes;
+}

package/dist/api/routes/channel-validate.d.ts

@@ -0,0 +1,11 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+export interface ChannelValidateLogger {
+    info(msg: string, meta?: Record<string, unknown>): void;
+}
+/**
+ * Create channel validation routes.
+ *
+ * @param logger - Optional logger for validation events
+ */
+export declare function createChannelValidateRoutes(logger?: ChannelValidateLogger): Hono<AuthEnv>;

package/dist/api/routes/channel-validate.js

@@ -0,0 +1,148 @@
+import { Hono } from "hono";
+import { z } from "zod";
+const channelValidateSchema = z.object({
+    credentials: z.record(z.string(), z.string()),
+});
+/**
+ * Create channel validation routes.
+ *
+ * @param logger - Optional logger for validation events
+ */
+export function createChannelValidateRoutes(logger) {
+    const routes = new Hono();
+    /**
+     * POST /:pluginId/test
+     *
+     * Validates channel credentials by calling the channel's API.
+     * Returns { success: boolean, error?: string }.
+     *
+     * SECURITY: Credentials are used for a single API probe and then discarded.
+     * They are NEVER logged, NEVER persisted, NEVER returned in the response.
+     */
+    routes.post("/:pluginId/test", async (c) => {
+        let user;
+        try {
+            user = c.get("user");
+        }
+        catch {
+            // not set
+        }
+        if (!user) {
+            return c.json({ error: "Authentication required" }, 401);
+        }
+        const pluginId = c.req.param("pluginId");
+        let body;
+        try {
+            body = await c.req.json();
+        }
+        catch {
+            return c.json({ error: "Invalid JSON body" }, 400);
+        }
+        const parsed = channelValidateSchema.safeParse(body);
+        if (!parsed.success) {
+            return c.json({ error: "Invalid input", details: parsed.error.flatten().fieldErrors }, 400);
+        }
+        const { credentials } = parsed.data;
+        const result = await validateChannel(pluginId, credentials);
+        logger?.info("Channel credential validation", {
+            pluginId,
+            userId: user.id,
+            success: result.success,
+            // NEVER log credential values
+        });
+        return c.json(result);
+    });
+    return routes;
+}
+const PROBE_TIMEOUT_MS = 5000;
+async function validateChannel(pluginId, credentials) {
+    switch (pluginId) {
+        case "discord":
+            return validateDiscord(credentials);
+        case "telegram":
+            return validateTelegram(credentials);
+        case "slack":
+            return validateSlack(credentials);
+        // Signal, WhatsApp, MS Teams: no simple API probe available.
+        // Format validation is handled client-side; server returns success.
+        default:
+            return { success: true };
+    }
+}
+async function validateDiscord(credentials) {
+    const token = credentials.discord_bot_token;
+    if (!token) {
+        return { success: false, error: "Discord bot token is required" };
+    }
+    try {
+        const res = await fetch("https://discord.com/api/v10/users/@me", {
+            headers: { Authorization: `Bot ${token}` },
+            signal: AbortSignal.timeout(PROBE_TIMEOUT_MS),
+        });
+        if (res.ok) {
+            return { success: true };
+        }
+        if (res.status === 401) {
+            return { success: false, error: "Invalid Discord bot token" };
+        }
+        return { success: false, error: `Discord API returned ${res.status}` };
+    }
+    catch (err) {
+        return handleFetchError(err, "Discord");
+    }
+}
+async function validateTelegram(credentials) {
+    const token = credentials.telegram_bot_token;
+    if (!token) {
+        return { success: false, error: "Telegram bot token is required" };
+    }
+    try {
+        const res = await fetch(`https://api.telegram.org/bot${token}/getMe`, {
+            signal: AbortSignal.timeout(PROBE_TIMEOUT_MS),
+        });
+        if (!res.ok) {
+            return { success: false, error: "Invalid Telegram bot token" };
+        }
+        const data = (await res.json());
+        if (data.ok) {
+            return { success: true };
+        }
+        return { success: false, error: "Invalid Telegram bot token" };
+    }
+    catch (err) {
+        return handleFetchError(err, "Telegram");
+    }
+}
+async function validateSlack(credentials) {
+    const token = credentials.slack_bot_token;
+    if (!token) {
+        return { success: false, error: "Slack bot token is required" };
+    }
+    try {
+        const res = await fetch("https://slack.com/api/auth.test", {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            signal: AbortSignal.timeout(PROBE_TIMEOUT_MS),
+        });
+        if (!res.ok) {
+            return { success: false, error: `Slack API returned ${res.status}` };
+        }
+        const data = (await res.json());
+        if (data.ok) {
+            return { success: true };
+        }
+        return { success: false, error: `Slack error: ${data.error || "invalid_auth"}` };
+    }
+    catch (err) {
+        return handleFetchError(err, "Slack");
+    }
+}
+function handleFetchError(err, provider) {
+    if (err instanceof DOMException && (err.name === "TimeoutError" || err.name === "AbortError")) {
+        return { success: false, error: `${provider} API request timed out. Please try again.` };
+    }
+    return { success: false, error: `Could not reach ${provider}. Check your connection.` };
+}

package/dist/api/routes/fleet-events.d.ts

@@ -0,0 +1,4 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+import type { FleetEventEmitter } from "../../fleet/fleet-event-emitter.js";
+export declare function createFleetEventsRoute(emitter: FleetEventEmitter): Hono<AuthEnv>;

package/dist/api/routes/fleet-events.js

@@ -0,0 +1,53 @@
+import { Hono } from "hono";
+import { logger } from "../../config/logger.js";
+export function createFleetEventsRoute(emitter) {
+    const routes = new Hono();
+    routes.get("/", (c) => {
+        const user = c.get("user");
+        if (!user) {
+            return c.json({ error: "Authentication required" }, 401);
+        }
+        // Derive tenantId exclusively from the authenticated session — never from
+        // caller-supplied query params, which would allow IDOR (any user subscribing
+        // to another tenant's events).
+        const tenantId = user.id;
+        const { readable, writable } = new TransformStream();
+        const writer = writable.getWriter();
+        const unsub = emitter.subscribe((event) => {
+            // BotFleetEvents are tenant-scoped; NodeFleetEvents are forwarded to all authenticated subscribers.
+            if ("tenantId" in event && event.tenantId !== tenantId)
+                return;
+            const payload = "tenantId" in event
+                ? JSON.stringify({ type: event.type, botId: event.botId, timestamp: event.timestamp })
+                : JSON.stringify({ type: event.type, nodeId: event.nodeId, timestamp: event.timestamp });
+            writer.write(`event: fleet\ndata: ${payload}\n\n`).catch(() => {
+                unsub();
+                clearInterval(heartbeatTimer);
+                logger.debug("Fleet SSE write error (client disconnected)");
+            });
+        });
+        const heartbeatTimer = setInterval(() => {
+            writer.write(": heartbeat\n\n").catch(() => {
+                clearInterval(heartbeatTimer);
+                unsub();
+            });
+        }, 30_000);
+        const signal = c.req.raw.signal;
+        if (signal) {
+            signal.addEventListener("abort", () => {
+                clearInterval(heartbeatTimer);
+                unsub();
+                writer.close().catch(() => { });
+            });
+        }
+        return new Response(readable, {
+            headers: {
+                "Content-Type": "text/event-stream",
+                "Cache-Control": "no-cache",
+                Connection: "keep-alive",
+                "X-Accel-Buffering": "no",
+            },
+        });
+    });
+    return routes;
+}

package/dist/api/routes/friends-proxy.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Result from proxying a request to a bot instance's P2P friend API.
+ */
+export interface ProxyResult {
+    ok: boolean;
+    status: number;
+    data?: unknown;
+    error?: string;
+}
+export interface ProxyLogger {
+    error(msg: string, meta?: Record<string, unknown>): void;
+}
+/**
+ * Proxy a request to a bot instance's internal friend management API.
+ *
+ * The platform never parses friend data itself -- it acts as a pass-through
+ * to the instance's P2P plugin HTTP API running inside the container.
+ *
+ * @param instanceId - The bot instance identifier (used to build the container hostname)
+ * @param method - HTTP method (GET, POST, PUT, PATCH, DELETE)
+ * @param path - The API path on the instance (e.g., "/p2p/friends")
+ * @param body - Optional request body (will be JSON-serialized)
+ * @param opts - Optional configuration (logger, hostname builder)
+ */
+export declare function proxyToInstance(instanceId: string, method: string, path: string, body?: unknown, opts?: {
+    logger?: ProxyLogger;
+    buildHostname?: (id: string) => string;
+}): Promise<ProxyResult>;

package/dist/api/routes/friends-proxy.js

@@ -0,0 +1,63 @@
+/** Allowed path prefixes — proxy targets must live under /p2p/ or /plugins/. */
+const ALLOWED_PATH_RE = /^\/(?:p2p|plugins)\/[a-zA-Z0-9/_-]*$|^\/plugins\/install$/;
+/** Allowed HTTP methods for proxying. */
+const ALLOWED_METHODS = new Set(["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"]);
+/**
+ * Proxy a request to a bot instance's internal friend management API.
+ *
+ * The platform never parses friend data itself -- it acts as a pass-through
+ * to the instance's P2P plugin HTTP API running inside the container.
+ *
+ * @param instanceId - The bot instance identifier (used to build the container hostname)
+ * @param method - HTTP method (GET, POST, PUT, PATCH, DELETE)
+ * @param path - The API path on the instance (e.g., "/p2p/friends")
+ * @param body - Optional request body (will be JSON-serialized)
+ * @param opts - Optional configuration (logger, hostname builder)
+ */
+export async function proxyToInstance(instanceId, method, path, body, opts) {
+    // --- SSRF defense (WOP-1288) ---
+    if (!ALLOWED_METHODS.has(method)) {
+        throw new Error(`proxyToInstance: disallowed method ${method}`);
+    }
+    // Decode percent-encoded characters before checking, to prevent %2e%2e bypass
+    const decodedPath = decodeURIComponent(path);
+    if (!ALLOWED_PATH_RE.test(decodedPath) ||
+        decodedPath.includes("..") ||
+        decodedPath.includes("?") ||
+        decodedPath.includes("#") ||
+        decodedPath.includes("://") ||
+        /[\r\n]/.test(path)) {
+        throw new Error(`proxyToInstance: disallowed path ${path}`);
+    }
+    const hostname = opts?.buildHostname?.(instanceId) ?? `wopr-${instanceId}`;
+    const instanceUrl = `http://${hostname}:3000${path}`;
+    try {
+        const init = {
+            method,
+            headers: { "Content-Type": "application/json" },
+        };
+        if (body !== undefined && method !== "GET" && method !== "HEAD") {
+            init.body = JSON.stringify(body);
+        }
+        const response = await fetch(instanceUrl, init);
+        const contentType = response.headers.get("content-type") || "";
+        if (contentType.includes("application/json")) {
+            const data = await response.json();
+            return { ok: response.ok, status: response.status, data };
+        }
+        const text = await response.text();
+        if (response.ok) {
+            return { ok: true, status: response.status, data: text || null };
+        }
+        return { ok: false, status: response.status, error: text || "Request failed" };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : "Unknown error";
+        opts?.logger?.error(`Failed to proxy to instance ${instanceId}`, { path, error: message });
+        // Distinguish between connection errors (instance down) and other failures
+        if (message.includes("ECONNREFUSED") || message.includes("ENOTFOUND")) {
+            return { ok: false, status: 503, error: "Instance unavailable" };
+        }
+        return { ok: false, status: 502, error: "Failed to reach instance" };
+    }
+}

package/dist/api/routes/friends-types.d.ts

@@ -0,0 +1,34 @@
+import { z } from "zod";
+export declare const instanceIdSchema: z.ZodString;
+/** Friend capability levels. */
+export declare const friendCapabilitySchema: z.ZodEnum<{
+    "message-only": "message-only";
+    inject: "inject";
+    "ai-access": "ai-access";
+}>;
+export type FriendCapability = z.infer<typeof friendCapabilitySchema>;
+/** Schema for updating a friend's capabilities. */
+export declare const updateCapabilitiesSchema: z.ZodObject<{
+    capabilities: z.ZodArray<z.ZodEnum<{
+        "message-only": "message-only";
+        inject: "inject";
+        "ai-access": "ai-access";
+    }>>;
+}, z.core.$strip>;
+/** Schema for sending a friend request. */
+export declare const sendFriendRequestSchema: z.ZodObject<{
+    peerId: z.ZodString;
+    message: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/** Schema for auto-accept rule configuration. */
+export declare const autoAcceptRuleSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    sameTopicOnly: z.ZodDefault<z.ZodBoolean>;
+    defaultCapabilities: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+        "message-only": "message-only";
+        inject: "inject";
+        "ai-access": "ai-access";
+    }>>>;
+    allowlist: z.ZodDefault<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export type AutoAcceptRule = z.infer<typeof autoAcceptRuleSchema>;

package/dist/api/routes/friends-types.js

@@ -0,0 +1,28 @@
+import { z } from "zod";
+/** Allowlist: only alphanumeric, hyphens, and underscores. */
+const SAFE_ID_RE = /^[a-zA-Z0-9_-]+$/;
+export const instanceIdSchema = z.string().regex(SAFE_ID_RE, "Invalid instance ID");
+/** Friend capability levels. */
+export const friendCapabilitySchema = z.enum(["message-only", "inject", "ai-access"]);
+/** Schema for updating a friend's capabilities. */
+export const updateCapabilitiesSchema = z.object({
+    capabilities: z.array(friendCapabilitySchema).min(1, "At least one capability required"),
+});
+/** Schema for sending a friend request. */
+export const sendFriendRequestSchema = z.object({
+    /** The peer ID or discovery ID of the target bot. */
+    peerId: z.string().min(1, "peerId is required"),
+    /** Optional message to send with the request. */
+    message: z.string().max(256).optional(),
+});
+/** Schema for auto-accept rule configuration. */
+export const autoAcceptRuleSchema = z.object({
+    /** Whether auto-accept is enabled. */
+    enabled: z.boolean(),
+    /** Only auto-accept from peers on the same discovery topic. */
+    sameTopicOnly: z.boolean().default(false),
+    /** Default capabilities granted to auto-accepted friends. */
+    defaultCapabilities: z.array(friendCapabilitySchema).default(["message-only"]),
+    /** Allowlist of peer IDs that are always accepted. Empty = accept all (when enabled). */
+    allowlist: z.array(z.string().min(1)).default([]),
+});

package/dist/api/routes/health.d.ts

@@ -0,0 +1,14 @@
+import { Hono } from "hono";
+import type { IBackupStatusStore } from "../../backup/backup-status-store.js";
+export interface HealthRouteConfig {
+    /** Service name returned in health responses (e.g., "wopr-platform", "silo") */
+    serviceName: string;
+    /** Factory to resolve the backup status store. Return null if unavailable. */
+    storeFactory?: () => IBackupStatusStore | null;
+}
+/**
+ * Create health check routes.
+ *
+ * Public, unauthenticated, used by load balancers and monitoring.
+ */
+export declare function createHealthRoutes(config: HealthRouteConfig): Hono;

package/dist/api/routes/health.js

@@ -0,0 +1,32 @@
+import { Hono } from "hono";
+/**
+ * Create health check routes.
+ *
+ * Public, unauthenticated, used by load balancers and monitoring.
+ */
+export function createHealthRoutes(config) {
+    const routes = new Hono();
+    const resolveStore = config.storeFactory ?? (() => null);
+    routes.get("/", async (c) => {
+        const health = {
+            status: "ok",
+            service: config.serviceName,
+        };
+        const store = resolveStore();
+        if (store) {
+            try {
+                const stale = await store.listStale();
+                const total = await store.count();
+                health.backups = { staleCount: stale.length, totalTracked: total };
+                if (stale.length > 0) {
+                    health.status = "degraded";
+                }
+            }
+            catch {
+                // Backup DB query failed — don't crash the health endpoint
+            }
+        }
+        return c.json(health);
+    });
+    return routes;
+}

package/dist/api/routes/health.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/api/routes/health.test.js

@@ -0,0 +1,70 @@
+import { describe, expect, it, vi } from "vitest";
+import { createHealthRoutes } from "./health.js";
+function createMockStore(staleCount, totalCount) {
+    return {
+        listStale: vi.fn().mockReturnValue(Array(staleCount).fill({ isStale: true })),
+        count: vi.fn().mockReturnValue(totalCount),
+        listAll: vi.fn().mockReturnValue([]),
+        get: vi.fn().mockReturnValue(null),
+        recordSuccess: vi.fn(),
+        recordFailure: vi.fn(),
+    };
+}
+describe("createHealthRoutes", () => {
+    it("returns ok with configured service name", async () => {
+        const routes = createHealthRoutes({ serviceName: "test-service" });
+        const res = await routes.request("/");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.status).toBe("ok");
+        expect(body.service).toBe("test-service");
+    });
+    it("returns ok when no backup store is available", async () => {
+        const routes = createHealthRoutes({ serviceName: "my-platform" });
+        const res = await routes.request("/");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.status).toBe("ok");
+        expect(body.backups).toBeUndefined();
+    });
+    it("returns ok with backup info when all backups fresh", async () => {
+        const store = createMockStore(0, 5);
+        const routes = createHealthRoutes({ serviceName: "my-platform", storeFactory: () => store });
+        const res = await routes.request("/");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.status).toBe("ok");
+        expect(body.backups).toEqual({ staleCount: 0, totalTracked: 5 });
+    });
+    it("returns degraded when stale backups exist", async () => {
+        const store = createMockStore(2, 5);
+        const routes = createHealthRoutes({ serviceName: "my-platform", storeFactory: () => store });
+        const res = await routes.request("/");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.status).toBe("degraded");
+        expect(body.backups).toEqual({ staleCount: 2, totalTracked: 5 });
+    });
+    it("does not crash when backup store throws", async () => {
+        const store = {
+            listStale: vi.fn().mockImplementation(() => {
+                throw new Error("DB locked");
+            }),
+            count: vi.fn().mockReturnValue(0),
+        };
+        const routes = createHealthRoutes({ serviceName: "my-platform", storeFactory: () => store });
+        const res = await routes.request("/");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.status).toBe("ok");
+        expect(body.backups).toBeUndefined();
+    });
+    it("uses different service names per brand", async () => {
+        const wopr = createHealthRoutes({ serviceName: "wopr-platform" });
+        const silo = createHealthRoutes({ serviceName: "silo" });
+        const woprBody = await (await wopr.request("/")).json();
+        const siloBody = await (await silo.request("/")).json();
+        expect(woprBody.service).toBe("wopr-platform");
+        expect(siloBody.service).toBe("silo");
+    });
+});

package/dist/api/routes/incident-response.d.ts

@@ -0,0 +1,9 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+/**
+ * Create admin incident response routes.
+ *
+ * All imports come from platform-core's monetization/incident module.
+ * No external dependencies needed.
+ */
+export declare function createIncidentResponseRoutes(): Hono<AuthEnv>;