@wopr-network/platform-core 1.68.0 → 1.69.0

package/dist/server/routes/__tests__/stripe-webhook.test.js

@@ -0,0 +1,65 @@
+import { Hono } from "hono";
+import { describe, expect, it, vi } from "vitest";
+import { createTestContainer } from "../../test-container.js";
+import { createStripeWebhookRoutes } from "../stripe-webhook.js";
+function makeApp(stripeOverride) {
+    const container = createTestContainer(stripeOverride !== undefined ? { stripe: stripeOverride } : {});
+    const app = new Hono();
+    app.route("/api/webhooks/stripe", createStripeWebhookRoutes(container));
+    return app;
+}
+describe("stripe webhook route", () => {
+    it("returns 501 when stripe not configured", async () => {
+        const app = makeApp(null);
+        const res = await app.request("/api/webhooks/stripe", { method: "POST" });
+        expect(res.status).toBe(501);
+    });
+    it("returns 400 when stripe-signature header missing", async () => {
+        const app = makeApp({
+            stripe: {},
+            webhookSecret: "whsec_test",
+            customerRepo: {},
+            processor: { handleWebhook: vi.fn() },
+        });
+        const res = await app.request("/api/webhooks/stripe", {
+            method: "POST",
+            body: "{}",
+        });
+        expect(res.status).toBe(400);
+        const body = await res.json();
+        expect(body.error).toBe("Missing stripe-signature header");
+    });
+    it("returns 200 on valid webhook", async () => {
+        const handleWebhook = vi.fn().mockResolvedValue({ handled: true, event_type: "checkout.session.completed" });
+        const app = makeApp({
+            stripe: {},
+            webhookSecret: "whsec_test",
+            customerRepo: {},
+            processor: { handleWebhook },
+        });
+        const res = await app.request("/api/webhooks/stripe", {
+            method: "POST",
+            headers: { "stripe-signature": "t=123,v1=abc" },
+            body: '{"type":"checkout.session.completed"}',
+        });
+        expect(res.status).toBe(200);
+        expect(handleWebhook).toHaveBeenCalledOnce();
+    });
+    it("returns 400 when processor throws (bad signature)", async () => {
+        const handleWebhook = vi.fn().mockRejectedValue(new Error("Signature verification failed"));
+        const app = makeApp({
+            stripe: {},
+            webhookSecret: "whsec_test",
+            customerRepo: {},
+            processor: { handleWebhook },
+        });
+        const res = await app.request("/api/webhooks/stripe", {
+            method: "POST",
+            headers: { "stripe-signature": "t=123,v1=bad" },
+            body: "invalid",
+        });
+        expect(res.status).toBe(400);
+        const body = await res.json();
+        expect(body.error).toBe("Webhook processing failed");
+    });
+});

package/dist/server/routes/admin.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Admin tRPC router factory — platform-wide settings for the operator.
+ *
+ * All endpoints require platform_admin role (via adminProcedure).
+ * Dependencies are injected via PlatformContainer rather than module-level
+ * singletons, enabling clean testing and per-product composition.
+ */
+import type { PlatformContainer } from "../container.js";
+type CachedModel = {
+    id: string;
+    name: string;
+    contextLength: number;
+    promptPrice: string;
+    completionPrice: string;
+};
+/**
+ * Synchronous model resolver for the gateway proxy.
+ * Returns the cached DB value, or null to fall back to env var.
+ * The cache is refreshed asynchronously every 5 seconds.
+ */
+export declare function resolveGatewayModel(): string | null;
+/** Seed the cache on startup so the first request doesn't miss. */
+export declare function warmModelCache(container: PlatformContainer): Promise<void>;
+export interface AdminRouterConfig {
+    openRouterApiKey?: string;
+}
+export declare function createAdminRouter(container: PlatformContainer, config?: AdminRouterConfig): import("@trpc/server").TRPCBuiltRouter<{
+    ctx: import("../../trpc/init.js").TRPCContext;
+    meta: object;
+    errorShape: import("@trpc/server").TRPCDefaultErrorShape;
+    transformer: false;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    /** Get the current gateway model setting. */
+    getGatewayModel: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            model: string;
+            updatedAt: string;
+        };
+        meta: object;
+    }>;
+    /** Set the gateway model. Takes effect within 5 seconds. */
+    setGatewayModel: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            model: string;
+        };
+        output: {
+            ok: boolean;
+            model: string;
+        };
+        meta: object;
+    }>;
+    /** List available OpenRouter models for the gateway model dropdown. */
+    listAvailableModels: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            models: CachedModel[];
+        };
+        meta: object;
+    }>;
+    /** List ALL instances across all tenants with health status. */
+    listAllInstances: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            instances: never[];
+            error: string;
+        } | {
+            instances: {
+                id: string;
+                name: string;
+                tenantId: string;
+                image: string;
+                state: "paused" | "error" | "running" | "stopped" | "pulling" | "created" | "restarting" | "exited" | "dead";
+                health: string | null;
+                uptime: string | null;
+                containerId: string | null;
+                startedAt: string | null;
+            }[];
+            error?: undefined;
+        };
+        meta: object;
+    }>;
+    /** List all organizations with member counts and instance counts. */
+    listAllOrgs: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            orgs: {
+                id: string;
+                name: string;
+                slug: string | null;
+                createdAt: string;
+                memberCount: number;
+                instanceCount: number;
+                balanceCents: number;
+            }[];
+        };
+        meta: object;
+    }>;
+    /** Get platform billing summary: total credits, active service keys, payment method count. */
+    billingOverview: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            totalBalanceCents: number;
+            activeKeyCount: number;
+            paymentMethodCount: number;
+            orgCount: number;
+        };
+        meta: object;
+    }>;
+}>>;
+export {};

package/dist/server/routes/admin.js

@@ -0,0 +1,273 @@
+/**
+ * Admin tRPC router factory — platform-wide settings for the operator.
+ *
+ * All endpoints require platform_admin role (via adminProcedure).
+ * Dependencies are injected via PlatformContainer rather than module-level
+ * singletons, enabling clean testing and per-product composition.
+ */
+import { eq } from "drizzle-orm";
+import { z } from "zod";
+import { tenantModelSelection } from "../../db/schema/tenant-model-selection.js";
+import { adminProcedure, router } from "../../trpc/init.js";
+let modelListCache = null;
+let modelListCacheExpiry = 0;
+/** Well-known tenant ID for the global platform model setting. */
+const GLOBAL_TENANT_ID = "__platform__";
+// ---------------------------------------------------------------------------
+// Gateway model cache (short-TTL, refreshed per-request for the proxy)
+// ---------------------------------------------------------------------------
+const CACHE_TTL_MS = 5_000;
+let cachedModel = null;
+let modelCacheExpiry = 0;
+/** Container ref stashed by `warmModelCache` so the background refresh can use it. */
+let _container = null;
+/**
+ * Synchronous model resolver for the gateway proxy.
+ * Returns the cached DB value, or null to fall back to env var.
+ * The cache is refreshed asynchronously every 5 seconds.
+ */
+export function resolveGatewayModel() {
+    const now = Date.now();
+    if (now > modelCacheExpiry && _container) {
+        // Refresh cache in the background — don't block the request
+        refreshModelCache(_container).catch(() => { });
+    }
+    return cachedModel;
+}
+async function refreshModelCache(container) {
+    try {
+        const row = await container.db
+            .select({ defaultModel: tenantModelSelection.defaultModel })
+            .from(tenantModelSelection)
+            .where(eq(tenantModelSelection.tenantId, GLOBAL_TENANT_ID))
+            .then((rows) => rows[0] ?? null);
+        cachedModel = row?.defaultModel ?? null;
+        modelCacheExpiry = Date.now() + CACHE_TTL_MS;
+    }
+    catch {
+        // DB error — keep stale cache, retry next time
+    }
+}
+/** Seed the cache on startup so the first request doesn't miss. */
+export async function warmModelCache(container) {
+    _container = container;
+    await refreshModelCache(container);
+}
+// ---------------------------------------------------------------------------
+// Router factory
+// ---------------------------------------------------------------------------
+export function createAdminRouter(container, config) {
+    return router({
+        /** Get the current gateway model setting. */
+        getGatewayModel: adminProcedure.query(async () => {
+            const row = await container.db
+                .select({
+                defaultModel: tenantModelSelection.defaultModel,
+                updatedAt: tenantModelSelection.updatedAt,
+            })
+                .from(tenantModelSelection)
+                .where(eq(tenantModelSelection.tenantId, GLOBAL_TENANT_ID))
+                .then((rows) => rows[0] ?? null);
+            return {
+                model: row?.defaultModel ?? null,
+                updatedAt: row?.updatedAt ?? null,
+            };
+        }),
+        /** Set the gateway model. Takes effect within 5 seconds. */
+        setGatewayModel: adminProcedure
+            .input(z.object({ model: z.string().min(1).max(200) }))
+            .mutation(async ({ input }) => {
+            const now = new Date().toISOString();
+            await container.db
+                .insert(tenantModelSelection)
+                .values({
+                tenantId: GLOBAL_TENANT_ID,
+                defaultModel: input.model,
+                updatedAt: now,
+            })
+                .onConflictDoUpdate({
+                target: tenantModelSelection.tenantId,
+                set: { defaultModel: input.model, updatedAt: now },
+            });
+            // Immediately update the in-memory cache.
+            cachedModel = input.model;
+            modelCacheExpiry = Date.now() + CACHE_TTL_MS;
+            return { ok: true, model: input.model };
+        }),
+        /** List available OpenRouter models for the gateway model dropdown. */
+        listAvailableModels: adminProcedure.query(async () => {
+            const apiKey = config?.openRouterApiKey;
+            if (!apiKey)
+                return { models: [] };
+            const now = Date.now();
+            if (modelListCache && modelListCacheExpiry > now)
+                return { models: modelListCache };
+            try {
+                const res = await fetch("https://openrouter.ai/api/v1/models", {
+                    headers: { Authorization: `Bearer ${apiKey}` },
+                    signal: AbortSignal.timeout(10_000),
+                });
+                if (!res.ok)
+                    return { models: modelListCache ?? [] };
+                const json = (await res.json());
+                const models = json.data
+                    .map((m) => ({
+                    id: m.id,
+                    name: m.name,
+                    contextLength: m.context_length ?? 0,
+                    promptPrice: m.pricing?.prompt ?? "0",
+                    completionPrice: m.pricing?.completion ?? "0",
+                }))
+                    .sort((a, b) => a.id.localeCompare(b.id));
+                modelListCache = models;
+                modelListCacheExpiry = now + 60_000;
+                return { models };
+            }
+            catch {
+                return { models: modelListCache ?? [] };
+            }
+        }),
+        // -----------------------------------------------------------------------
+        // Platform-wide instance overview (all tenants)
+        // -----------------------------------------------------------------------
+        /** List ALL instances across all tenants with health status. */
+        listAllInstances: adminProcedure.query(async () => {
+            if (!container.fleet) {
+                return { instances: [], error: "Fleet not configured" };
+            }
+            const fleet = container.fleet;
+            const profiles = await fleet.profileStore.list();
+            const instances = await Promise.all(profiles.map(async (profile) => {
+                try {
+                    const status = await fleet.manager.status(profile.id);
+                    return {
+                        id: profile.id,
+                        name: profile.name,
+                        tenantId: profile.tenantId,
+                        image: profile.image,
+                        state: status.state,
+                        health: status.health,
+                        uptime: status.uptime,
+                        containerId: status.containerId ?? null,
+                        startedAt: status.startedAt ?? null,
+                    };
+                }
+                catch {
+                    return {
+                        id: profile.id,
+                        name: profile.name,
+                        tenantId: profile.tenantId,
+                        image: profile.image,
+                        state: "error",
+                        health: null,
+                        uptime: null,
+                        containerId: null,
+                        startedAt: null,
+                    };
+                }
+            }));
+            return { instances };
+        }),
+        // -----------------------------------------------------------------------
+        // Platform-wide tenant/org overview
+        // -----------------------------------------------------------------------
+        /** List all organizations with member counts and instance counts. */
+        listAllOrgs: adminProcedure.query(async () => {
+            const orgs = await container.pool.query(`
+        SELECT
+          o.id,
+          o.name,
+          o.slug,
+          o.created_at as "createdAt",
+          (SELECT COUNT(*) FROM org_member om WHERE om.org_id = o.id) as "memberCount"
+        FROM organization o
+        ORDER BY o.created_at DESC
+      `);
+            // Count instances per tenant from fleet profiles
+            const instanceCountByTenant = new Map();
+            if (container.fleet) {
+                const profiles = await container.fleet.profileStore.list();
+                for (const p of profiles) {
+                    instanceCountByTenant.set(p.tenantId, (instanceCountByTenant.get(p.tenantId) ?? 0) + 1);
+                }
+            }
+            const result = await Promise.all(orgs.rows.map(async (org) => {
+                let balanceCents = 0;
+                try {
+                    const balance = await container.creditLedger.balance(org.id);
+                    balanceCents = balance.toCentsRounded();
+                }
+                catch {
+                    // Ledger may not have an entry for this org
+                }
+                return {
+                    id: org.id,
+                    name: org.name,
+                    slug: org.slug,
+                    createdAt: org.createdAt,
+                    memberCount: Number(org.memberCount),
+                    instanceCount: instanceCountByTenant.get(org.id) ?? 0,
+                    balanceCents,
+                };
+            }));
+            return { orgs: result };
+        }),
+        // -----------------------------------------------------------------------
+        // Platform-wide billing summary
+        // -----------------------------------------------------------------------
+        /** Get platform billing summary: total credits, active service keys, payment method count. */
+        billingOverview: adminProcedure.query(async () => {
+            // Total credit balance across all tenants
+            let totalBalanceCents = 0;
+            try {
+                const balanceResult = await container.pool.query(`
+          SELECT COALESCE(SUM(amount), 0) as "totalRaw"
+          FROM credit_entry
+        `);
+                const rawTotal = Number(balanceResult.rows[0]?.totalRaw ?? 0);
+                // credit_entry.amount is in microdollars (10^-6), convert to cents
+                totalBalanceCents = Math.round(rawTotal / 10_000);
+            }
+            catch {
+                // Table may not exist yet
+            }
+            // Count active service keys
+            let activeKeyCount = 0;
+            if (container.gateway) {
+                try {
+                    const keyResult = await container.pool.query(`SELECT COUNT(*) as "count" FROM service_keys WHERE revoked_at IS NULL`);
+                    activeKeyCount = Number(keyResult.rows[0]?.count ?? 0);
+                }
+                catch {
+                    // Table may not exist
+                }
+            }
+            // Count payment methods across all tenants
+            let paymentMethodCount = 0;
+            try {
+                const pmResult = await container.pool.query(`
+          SELECT COUNT(*) as "count" FROM payment_methods WHERE enabled = true
+        `);
+                paymentMethodCount = Number(pmResult.rows[0]?.count ?? 0);
+            }
+            catch {
+                // Table may not exist
+            }
+            // Count total orgs
+            let orgCount = 0;
+            try {
+                const orgCountResult = await container.pool.query(`SELECT COUNT(*) as "count" FROM organization`);
+                orgCount = Number(orgCountResult.rows[0]?.count ?? 0);
+            }
+            catch {
+                // Table may not exist
+            }
+            return {
+                totalBalanceCents,
+                activeKeyCount,
+                paymentMethodCount,
+                orgCount,
+            };
+        }),
+    });
+}

package/dist/server/routes/crypto-webhook.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Crypto webhook route — accepts payment confirmations from the key server.
+ *
+ * Extracted from paperclip-platform into platform-core so every product
+ * gets the same timing-safe auth, Zod validation, and idempotent handler
+ * without copy-pasting.
+ */
+import { Hono } from "hono";
+import type { PlatformContainer } from "../container.js";
+export interface CryptoWebhookConfig {
+    provisionSecret: string;
+    cryptoServiceKey?: string;
+}
+/**
+ * Create the crypto webhook Hono sub-app.
+ *
+ * Mount it at `/api/webhooks/crypto` (or wherever the product prefers).
+ *
+ * ```ts
+ * app.route("/api/webhooks/crypto", createCryptoWebhookRoutes(container, config));
+ * ```
+ */
+export declare function createCryptoWebhookRoutes(container: PlatformContainer, config: CryptoWebhookConfig): Hono;

package/dist/server/routes/crypto-webhook.js

@@ -0,0 +1,82 @@
+/**
+ * Crypto webhook route — accepts payment confirmations from the key server.
+ *
+ * Extracted from paperclip-platform into platform-core so every product
+ * gets the same timing-safe auth, Zod validation, and idempotent handler
+ * without copy-pasting.
+ */
+import { timingSafeEqual } from "node:crypto";
+import { Hono } from "hono";
+import { z } from "zod";
+import { handleKeyServerWebhook } from "../../billing/crypto/key-server-webhook.js";
+// ---------------------------------------------------------------------------
+// Zod schema for incoming webhook payloads
+// ---------------------------------------------------------------------------
+const cryptoWebhookSchema = z.object({
+    chargeId: z.string().min(1),
+    chain: z.string().min(1),
+    address: z.string().min(1),
+    amountUsdCents: z.number().optional(),
+    amountReceivedCents: z.number().optional(),
+    status: z.string().min(1),
+    txHash: z.string().optional(),
+    amountReceived: z.string().optional(),
+    confirmations: z.number().optional(),
+    confirmationsRequired: z.number().optional(),
+});
+// ---------------------------------------------------------------------------
+// Timing-safe secret validation
+// ---------------------------------------------------------------------------
+function assertSecret(authHeader, config) {
+    if (!authHeader?.startsWith("Bearer "))
+        return false;
+    const token = authHeader.slice("Bearer ".length).trim();
+    const secrets = [config.provisionSecret, config.cryptoServiceKey].filter((s) => !!s);
+    for (const secret of secrets) {
+        if (token.length === secret.length && timingSafeEqual(Buffer.from(token), Buffer.from(secret))) {
+            return true;
+        }
+    }
+    return false;
+}
+// ---------------------------------------------------------------------------
+// Route factory
+// ---------------------------------------------------------------------------
+/**
+ * Create the crypto webhook Hono sub-app.
+ *
+ * Mount it at `/api/webhooks/crypto` (or wherever the product prefers).
+ *
+ * ```ts
+ * app.route("/api/webhooks/crypto", createCryptoWebhookRoutes(container, config));
+ * ```
+ */
+export function createCryptoWebhookRoutes(container, config) {
+    const app = new Hono();
+    app.post("/", async (c) => {
+        if (!assertSecret(c.req.header("authorization"), config)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        if (!container.crypto) {
+            return c.json({ error: "Crypto payments not configured" }, 501);
+        }
+        let payload;
+        try {
+            const raw = await c.req.json();
+            payload = cryptoWebhookSchema.parse(raw);
+        }
+        catch (err) {
+            if (err instanceof z.ZodError) {
+                return c.json({ error: "Invalid payload", issues: err.issues }, 400);
+            }
+            return c.json({ error: "Invalid JSON" }, 400);
+        }
+        const result = await handleKeyServerWebhook({
+            chargeStore: container.crypto.chargeRepo,
+            creditLedger: container.creditLedger,
+            replayGuard: container.crypto.webhookSeenRepo,
+        }, payload);
+        return c.json(result, 200);
+    });
+    return app;
+}

package/dist/server/routes/provision-webhook.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Provision webhook routes — instance lifecycle management.
+ *
+ * POST /create  — spin up a new container and configure it
+ * POST /destroy — tear down a container
+ * PUT  /budget  — update a container's spending budget
+ *
+ * Extracted from product-specific implementations into platform-core so
+ * every product gets the same timing-safe auth and DI-based fleet access
+ * without copy-pasting.
+ *
+ * All env var names are generic (no product-specific prefixes).
+ */
+import { Hono } from "hono";
+import type { PlatformContainer } from "../container.js";
+export interface ProvisionWebhookConfig {
+    provisionSecret: string;
+    /** Docker image to provision for new instances. */
+    instanceImage: string;
+    /** Port the provisioned container listens on. */
+    containerPort: number;
+    /** Maximum instances per tenant (0 = unlimited). */
+    maxInstancesPerTenant: number;
+    /** URL of the metered inference gateway (passed to provisioned containers). */
+    gatewayUrl?: string;
+    /** Container prefix for naming (e.g. "wopr" → "wopr-<subdomain>"). */
+    containerPrefix?: string;
+}
+/**
+ * Create the provision webhook Hono sub-app.
+ *
+ * Mount it at `/api/provision` (or wherever the product prefers).
+ *
+ * ```ts
+ * app.route("/api/provision", createProvisionWebhookRoutes(container, config));
+ * ```
+ */
+export declare function createProvisionWebhookRoutes(container: PlatformContainer, config: ProvisionWebhookConfig): Hono;