@wopr-network/platform-core 1.13.0 → 1.13.1

package/src/api/routes/admin-inference.ts

@@ -0,0 +1,109 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+import type { ISessionUsageRepository } from "../../inference/session-usage-repository.js";
+
+/**
+ * Create admin inference dashboard routes.
+ *
+ * Routes:
+ *   GET /          — Summary: daily costs, session count, avg cost, cache hit rate
+ *   GET /daily     — Daily cost breakdown
+ *   GET /pages     — Per-page cost breakdown
+ *   GET /cache     — Cache hit rate
+ *   GET /session/:sessionId — Per-session usage detail
+ *
+ * @param repoFactory - factory for the session usage repository (lazy init)
+ */
+export function createAdminInferenceRoutes(repoFactory: () => ISessionUsageRepository): Hono<AuthEnv> {
+  const routes = new Hono<AuthEnv>();
+
+  routes.get("/", async (c) => {
+    const repo = repoFactory();
+    const daysParam = c.req.query("days");
+    const days = Math.min(90, Math.max(1, Number.isNaN(Number(daysParam)) ? 7 : Number(daysParam)));
+    const since = Date.now() - days * 24 * 60 * 60 * 1000;
+
+    try {
+      const [dailyCosts, pageCosts, cacheHitRate] = await Promise.all([
+        repo.aggregateByDay(since),
+        repo.aggregateByPage(since),
+        repo.cacheHitRate(since),
+      ]);
+
+      const totalCostUsd = dailyCosts.reduce((sum, d) => sum + d.totalCostUsd, 0);
+      const totalSessions = dailyCosts.reduce((sum, d) => sum + d.sessionCount, 0);
+      const avgCostPerSession = totalSessions > 0 ? totalCostUsd / totalSessions : 0;
+
+      return c.json({
+        period: { days, since },
+        summary: {
+          totalCostUsd,
+          totalSessions,
+          avgCostPerSessionUsd: avgCostPerSession,
+          cacheHitRate: cacheHitRate.hitRate,
+        },
+        dailyCosts,
+        pageCosts,
+      });
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  routes.get("/daily", async (c) => {
+    const repo = repoFactory();
+    const daysParam = c.req.query("days");
+    const days = Math.min(90, Math.max(1, Number.isNaN(Number(daysParam)) ? 30 : Number(daysParam)));
+    const since = Date.now() - days * 24 * 60 * 60 * 1000;
+
+    try {
+      const dailyCosts = await repo.aggregateByDay(since);
+      return c.json({ days, dailyCosts });
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  routes.get("/pages", async (c) => {
+    const repo = repoFactory();
+    const daysParam = c.req.query("days");
+    const days = Math.min(90, Math.max(1, Number.isNaN(Number(daysParam)) ? 7 : Number(daysParam)));
+    const since = Date.now() - days * 24 * 60 * 60 * 1000;
+
+    try {
+      const pageCosts = await repo.aggregateByPage(since);
+      return c.json({ days, pageCosts });
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  routes.get("/cache", async (c) => {
+    const repo = repoFactory();
+    const daysParam = c.req.query("days");
+    const days = Math.min(90, Math.max(1, Number.isNaN(Number(daysParam)) ? 7 : Number(daysParam)));
+    const since = Date.now() - days * 24 * 60 * 60 * 1000;
+
+    try {
+      const cacheStats = await repo.cacheHitRate(since);
+      return c.json({ days, cacheStats });
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  routes.get("/session/:sessionId", async (c) => {
+    const repo = repoFactory();
+    const sessionId = c.req.param("sessionId");
+
+    try {
+      const records = await repo.findBySessionId(sessionId);
+      const totalCostUsd = records.reduce((sum, r) => sum + r.costUsd, 0);
+      return c.json({ sessionId, totalCostUsd, records });
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  return routes;
+}

package/src/api/routes/admin-marketplace.ts

@@ -0,0 +1,233 @@
+import { Hono } from "hono";
+import { z } from "zod";
+import type { AuthEnv } from "../../auth/index.js";
+import type { IMarketplacePluginRepository } from "../../marketplace/marketplace-plugin-repository.js";
+import type { AdminAuditLogger } from "./admin-audit-helper.js";
+import { safeAuditLog } from "./admin-audit-helper.js";
+
+const addPluginSchema = z.object({
+  npmPackage: z.string().min(1),
+  version: z.string().min(1),
+  category: z.string().optional(),
+  notes: z.string().optional(),
+});
+
+const updatePluginSchema = z.object({
+  enabled: z.boolean().optional(),
+  featured: z.boolean().optional(),
+  sortOrder: z.number().int().optional(),
+  category: z.string().nullable().optional(),
+  notes: z.string().nullable().optional(),
+});
+
+/** Optional volume installer interface for fire-and-forget plugin installation. */
+export interface PluginVolumeInstaller {
+  installPluginToVolume(opts: {
+    pluginId: string;
+    npmPackage: string;
+    version: string;
+    volumePath: string;
+    repo: IMarketplacePluginRepository;
+  }): Promise<void>;
+}
+
+/** Optional npm discovery interface. */
+export interface NpmPluginDiscoverer {
+  discoverNpmPlugins(opts: {
+    repo: IMarketplacePluginRepository;
+    notify: (msg: string) => void;
+  }): Promise<{ discovered: number; skipped: number }>;
+}
+
+export interface AdminMarketplaceDeps {
+  repoFactory: () => IMarketplacePluginRepository;
+  auditLogger?: () => AdminAuditLogger;
+  volumeInstaller?: () => PluginVolumeInstaller;
+  pluginVolumePath?: string;
+  discoverer?: () => NpmPluginDiscoverer;
+  logger?: { info(msg: string): void; error(msg: string, meta?: Record<string, unknown>): void };
+}
+
+export function createAdminMarketplaceRoutes(
+  repoFactoryOrDeps: (() => IMarketplacePluginRepository) | AdminMarketplaceDeps,
+  auditLogger?: () => AdminAuditLogger,
+): Hono<AuthEnv> {
+  const deps: AdminMarketplaceDeps =
+    typeof repoFactoryOrDeps === "function" ? { repoFactory: repoFactoryOrDeps, auditLogger } : repoFactoryOrDeps;
+
+  const routes = new Hono<AuthEnv>();
+
+  let _repo: IMarketplacePluginRepository | null = null;
+  const repo = (): IMarketplacePluginRepository => {
+    if (!_repo) _repo = deps.repoFactory();
+    return _repo;
+  };
+
+  // GET /plugins — list all marketplace plugins
+  routes.get("/plugins", async (c) => {
+    return c.json(await repo().findAll());
+  });
+
+  // GET /queue — list plugins pending review (enabled = false)
+  routes.get("/queue", async (c) => {
+    return c.json(await repo().findPendingReview());
+  });
+
+  // POST /plugins — manually add a plugin by npm package name
+  routes.post("/plugins", async (c) => {
+    let body: unknown;
+    try {
+      body = await c.req.json();
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const parsed = addPluginSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "Validation failed", details: parsed.error.flatten() }, 400);
+    }
+
+    const { npmPackage, version, category, notes } = parsed.data;
+    const existing = await repo().findById(npmPackage);
+    if (existing) {
+      return c.json({ error: "Plugin already exists" }, 409);
+    }
+
+    const plugin = await repo().insert({
+      pluginId: npmPackage,
+      npmPackage,
+      version,
+      category,
+      notes,
+    });
+    const user = c.get("user") as { id: string } | undefined;
+    safeAuditLog(deps.auditLogger, {
+      adminUser: user?.id ?? "unknown",
+      action: "marketplace.plugin.create",
+      category: "config",
+      details: { pluginId: npmPackage, version },
+      outcome: "success",
+    });
+
+    // Fire-and-forget: install into shared volume
+    if (deps.volumeInstaller) {
+      const volumePath = deps.pluginVolumePath ?? "/data/plugins";
+      try {
+        const installer = deps.volumeInstaller();
+        installer
+          .installPluginToVolume({
+            pluginId: npmPackage,
+            npmPackage,
+            version,
+            volumePath,
+            repo: repo(),
+          })
+          .catch((err: unknown) => {
+            deps.logger?.error("Volume install trigger failed", { pluginId: npmPackage, err });
+          });
+      } catch {
+        /* volume installer unavailable — non-fatal */
+      }
+    }
+
+    return c.json(plugin, 201);
+  });
+
+  // PATCH /plugins/:id — update plugin (enable/disable, feature, sort, notes)
+  routes.patch("/plugins/:id", async (c) => {
+    const id = c.req.param("id");
+    const existing = await repo().findById(id);
+    if (!existing) {
+      return c.json({ error: "Plugin not found" }, 404);
+    }
+
+    let body: unknown;
+    try {
+      body = await c.req.json();
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const parsed = updatePluginSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "Validation failed", details: parsed.error.flatten() }, 400);
+    }
+
+    const patch: Record<string, unknown> = { ...parsed.data };
+    if (parsed.data.enabled === true) {
+      const user = c.get("user") as { id: string } | undefined;
+      if (user) patch.enabledBy = user.id;
+    }
+
+    const updated = await repo().update(id, patch as Parameters<IMarketplacePluginRepository["update"]>[1]);
+    const user = c.get("user") as { id: string } | undefined;
+    safeAuditLog(deps.auditLogger, {
+      adminUser: user?.id ?? "unknown",
+      action: "marketplace.plugin.update",
+      category: "config",
+      details: { pluginId: id, patch },
+      outcome: "success",
+    });
+    return c.json(updated);
+  });
+
+  // DELETE /plugins/:id — remove a plugin from the registry
+  routes.delete("/plugins/:id", async (c) => {
+    const id = c.req.param("id");
+    const existing = await repo().findById(id);
+    if (!existing) {
+      return c.json({ error: "Plugin not found" }, 404);
+    }
+    await repo().delete(id);
+    const user = c.get("user") as { id: string } | undefined;
+    safeAuditLog(deps.auditLogger, {
+      adminUser: user?.id ?? "unknown",
+      action: "marketplace.plugin.delete",
+      category: "config",
+      details: { pluginId: id },
+      outcome: "success",
+    });
+    return c.body(null, 204);
+  });
+
+  // GET /plugins/:id/install-status — poll install progress
+  routes.get("/plugins/:id/install-status", async (c) => {
+    const id = c.req.param("id");
+    const plugin = await repo().findById(id);
+    if (!plugin) {
+      return c.json({ error: "Plugin not found" }, 404);
+    }
+
+    const status = plugin.installedAt ? "installed" : plugin.installError ? "failed" : "pending";
+
+    return c.json({
+      pluginId: plugin.pluginId,
+      status,
+      installedAt: plugin.installedAt,
+      installError: plugin.installError,
+    });
+  });
+
+  // POST /discover — trigger manual discovery run
+  routes.post("/discover", async (c) => {
+    if (!deps.discoverer) {
+      return c.json({ error: "Discovery not configured" }, 503);
+    }
+    const discoverer = deps.discoverer();
+    const result = await discoverer.discoverNpmPlugins({
+      repo: repo(),
+      notify: (msg: string) => {
+        deps.logger?.info(`[Marketplace] ${msg}`);
+      },
+    });
+    const user = c.get("user") as { id: string } | undefined;
+    safeAuditLog(deps.auditLogger, {
+      adminUser: user?.id ?? "unknown",
+      action: "marketplace.discovery.trigger",
+      category: "config",
+      details: { discovered: result.discovered, skipped: result.skipped },
+      outcome: "success",
+    });
+    return c.json(result);
+  });
+
+  return routes;
+}

package/src/api/routes/admin-migration.ts

@@ -0,0 +1,61 @@
+import { Hono } from "hono";
+import { z } from "zod";
+import type { AuthEnv } from "../../auth/index.js";
+import { logger } from "../../config/logger.js";
+import type { AdminAuditLogger } from "./admin-audit-helper.js";
+import { safeAuditLog } from "./admin-audit-helper.js";
+
+export interface MigrationOrchestrator {
+  migrate(botId: string, targetNodeId?: string): Promise<{ success: boolean; error?: string }>;
+}
+
+const migrateInputSchema = z.object({
+  targetNodeId: z.string().min(1).optional(),
+});
+
+export function createAdminMigrationRoutes(
+  getOrchestrator: () => MigrationOrchestrator,
+  auditLogger?: () => AdminAuditLogger,
+): Hono<AuthEnv> {
+  const routes = new Hono<AuthEnv>();
+
+  routes.post("/:botId", async (c) => {
+    const botId = c.req.param("botId") as string;
+
+    let body: z.infer<typeof migrateInputSchema> = {};
+    try {
+      body = migrateInputSchema.parse(await c.req.json());
+    } catch {
+      // No body is fine — auto-select target
+    }
+
+    try {
+      const result = await getOrchestrator().migrate(botId, body.targetNodeId);
+
+      safeAuditLog(auditLogger, {
+        adminUser: (c.get("user") as { id?: string } | undefined)?.id ?? "unknown",
+        action: "bot.migrate",
+        category: "config",
+        details: { botId, targetNodeId: body.targetNodeId, success: result.success },
+        outcome: result.success ? "success" : "failure",
+      });
+
+      if (result.success) {
+        return c.json({ success: true, result });
+      }
+      return c.json({ success: false, result }, 400);
+    } catch (err) {
+      logger.error("Migration failed", { botId, err });
+      safeAuditLog(auditLogger, {
+        adminUser: (c.get("user") as { id?: string } | undefined)?.id ?? "unknown",
+        action: "bot.migrate",
+        category: "config",
+        details: { botId, targetNodeId: body.targetNodeId },
+        outcome: "failure",
+      });
+      return c.json({ success: false, error: err instanceof Error ? err.message : "Unknown error" }, 500);
+    }
+  });
+
+  return routes;
+}

package/src/api/routes/admin-notes.ts

@@ -0,0 +1,145 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+import type { AdminAuditLogger } from "./admin-audit-helper.js";
+import { safeAuditLog } from "./admin-audit-helper.js";
+
+/** Minimal interface for admin notes storage — implemented by concrete stores. */
+export interface IAdminNotesRepository {
+  create(input: { tenantId: string; authorId: string; content: string; isPinned: boolean }): Promise<{ id: string }>;
+  list(filters: { tenantId: string; limit?: number; offset?: number }): Promise<{ entries: unknown[]; total: number }>;
+  update(
+    noteId: string,
+    tenantId: string,
+    updates: { content?: string; isPinned?: boolean },
+  ): Promise<{ id: string } | null>;
+  delete(noteId: string, tenantId: string): Promise<boolean>;
+}
+
+function parseIntParam(value: string | undefined): number | undefined {
+  if (value == null) return undefined;
+  const n = Number(value);
+  return Number.isFinite(n) ? n : undefined;
+}
+
+/**
+ * Create admin notes API routes.
+ * Pass a store factory and optional audit logger for DI.
+ */
+export function createAdminNotesApiRoutes(
+  storeFactory: () => IAdminNotesRepository,
+  auditLogger?: () => AdminAuditLogger,
+): Hono<AuthEnv> {
+  const routes = new Hono<AuthEnv>();
+
+  // GET /:tenantId -- list notes
+  routes.get("/:tenantId", async (c) => {
+    const store = storeFactory();
+    const tenantId = c.req.param("tenantId");
+    const filters = {
+      tenantId,
+      limit: parseIntParam(c.req.query("limit")),
+      offset: parseIntParam(c.req.query("offset")),
+    };
+    try {
+      const result = await store.list(filters);
+      return c.json(result);
+    } catch {
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+
+  // POST /:tenantId -- create note
+  routes.post("/:tenantId", async (c) => {
+    const store = storeFactory();
+    const tenantId = c.req.param("tenantId");
+    let body: Record<string, unknown>;
+    try {
+      body = (await c.req.json()) as Record<string, unknown>;
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const content = body.content;
+    if (typeof content !== "string" || !content.trim()) {
+      return c.json({ error: "content is required and must be non-empty" }, 400);
+    }
+    try {
+      const user = c.get("user");
+      const note = await store.create({
+        tenantId,
+        authorId: user?.id ?? "unknown",
+        content,
+        isPinned: body.isPinned === true,
+      });
+      safeAuditLog(auditLogger, {
+        adminUser: user?.id ?? "unknown",
+        action: "note.create",
+        category: "support",
+        targetTenant: tenantId,
+        details: { noteId: note.id },
+        outcome: "success",
+      });
+      return c.json(note, 201);
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  // PATCH /:tenantId/:noteId -- update note
+  routes.patch("/:tenantId/:noteId", async (c) => {
+    const store = storeFactory();
+    const tenantId = c.req.param("tenantId");
+    const noteId = c.req.param("noteId");
+    let body: Record<string, unknown>;
+    try {
+      body = (await c.req.json()) as Record<string, unknown>;
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const updates: { content?: string; isPinned?: boolean } = {};
+    if (typeof body.content === "string") updates.content = body.content;
+    if (typeof body.isPinned === "boolean") updates.isPinned = body.isPinned;
+    try {
+      const note = await store.update(noteId, tenantId, updates);
+      if (note === null) {
+        return c.json({ error: "Forbidden" }, 403);
+      }
+      const user = c.get("user");
+      safeAuditLog(auditLogger, {
+        adminUser: user?.id ?? "unknown",
+        action: "note.update",
+        category: "support",
+        targetTenant: tenantId,
+        details: { noteId, hasContentChange: !!updates.content, hasPinChange: updates.isPinned !== undefined },
+        outcome: "success",
+      });
+      return c.json(note);
+    } catch (err) {
+      return c.json({ error: err instanceof Error ? err.message : "Internal server error" }, 500);
+    }
+  });
+
+  // DELETE /:tenantId/:noteId -- delete note
+  routes.delete("/:tenantId/:noteId", async (c) => {
+    const store = storeFactory();
+    const tenantId = c.req.param("tenantId");
+    const noteId = c.req.param("noteId");
+    try {
+      const deleted = await store.delete(noteId, tenantId);
+      if (!deleted) return c.json({ error: "Forbidden" }, 403);
+      const user = c.get("user");
+      safeAuditLog(auditLogger, {
+        adminUser: user?.id ?? "unknown",
+        action: "note.delete",
+        category: "support",
+        targetTenant: tenantId,
+        details: { noteId },
+        outcome: "success",
+      });
+      return c.json({ ok: true });
+    } catch {
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+
+  return routes;
+}

package/src/api/routes/admin-onboarding.ts

@@ -0,0 +1,62 @@
+import { Hono } from "hono";
+import type { AuthEnv } from "../../auth/index.js";
+import type { IOnboardingScriptRepository } from "../../onboarding/drizzle-onboarding-script-repository.js";
+import type { AdminAuditLogger } from "./admin-audit-helper.js";
+import { safeAuditLog } from "./admin-audit-helper.js";
+
+type RepoFactory = () => IOnboardingScriptRepository;
+
+export function createAdminOnboardingRoutes(getRepo: RepoFactory, auditLogger?: () => AdminAuditLogger): Hono<AuthEnv> {
+  const routes = new Hono<AuthEnv>();
+
+  routes.get("/current", async (c) => {
+    const repo = getRepo();
+    const script = await repo.findCurrent();
+    if (!script) {
+      return c.json({ error: "No onboarding script found" }, 404);
+    }
+    return c.json(script);
+  });
+
+  routes.get("/history", async (c) => {
+    const repo = getRepo();
+    const limitParam = c.req.query("limit");
+    const limit = limitParam ? Math.min(50, Math.max(1, Number(limitParam) || 10)) : 10;
+    const history = await repo.findHistory(limit);
+    return c.json(history);
+  });
+
+  routes.post("/", async (c) => {
+    const repo = getRepo();
+    let body: Record<string, unknown>;
+    try {
+      body = (await c.req.json()) as Record<string, unknown>;
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+
+    const content = body.content;
+    if (typeof content !== "string" || !content.trim()) {
+      return c.json({ error: "content is required and must be non-empty" }, 400);
+    }
+
+    const user = c.get("user");
+    const adminUser = (user as { id?: string } | undefined)?.id ?? "unknown";
+    const script = await repo.insert({
+      content,
+      updatedBy: adminUser !== "unknown" ? adminUser : null,
+    });
+
+    safeAuditLog(auditLogger, {
+      adminUser,
+      action: "onboarding.script_updated",
+      category: "config",
+      details: { version: script.version },
+      outcome: "success",
+    });
+
+    return c.json(script, 201);
+  });
+
+  return routes;
+}