@wopr-network/platform-core 1.69.0 → 1.71.0

package/src/server/__tests__/container.test.ts

@@ -172,7 +172,10 @@ describe("createTestContainer", () => {
     };
 
     const hotPool: HotPoolServices = {
-      poolManager: {},
+      start: async () => ({ stop: () => {} }),
+      claim: async () => null,
+      getPoolSize: async () => 2,
+      setPoolSize: async () => {},
     };
 
     const c = createTestContainer({ fleet, crypto, stripe, gateway, hotPool });

package/src/server/container.ts

@@ -19,6 +19,7 @@ import type { FleetManager } from "../fleet/fleet-manager.js";
 import type { IProfileStore } from "../fleet/profile-store.js";
 import type { IServiceKeyRepository } from "../gateway/service-key-repository.js";
 import type { ProductConfig } from "../product-config/repository-types.js";
+import type { ProductConfigService } from "../product-config/service.js";
 import type { ProxyManagerInterface } from "../proxy/types.js";
 import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
 import type { OrgService } from "../tenancy/org-service.js";
@@ -53,8 +54,18 @@ export interface GatewayServices {
 }
 
 export interface HotPoolServices {
-  /** Will be typed properly when extracted from nemoclaw. */
-  poolManager: unknown;
+  /** Start the pool manager (replenish loop + cleanup). */
+  start: () => Promise<{ stop: () => void }>;
+  /** Claim a warm instance from the pool. Returns null if empty. */
+  claim: (
+    name: string,
+    tenantId: string,
+    adminUser: { id: string; email: string; name: string },
+  ) => Promise<{ id: string; name: string; subdomain: string } | null>;
+  /** Get current pool size from DB. */
+  getPoolSize: () => Promise<number>;
+  /** Set pool size in DB. */
+  setPoolSize: (size: number) => Promise<void>;
 }
 
 // ---------------------------------------------------------------------------
@@ -65,6 +76,7 @@ export interface PlatformContainer {
   db: DrizzleDb;
   pool: Pool;
   productConfig: ProductConfig;
+  productConfigService: ProductConfigService;
   creditLedger: ILedger;
   orgMemberRepo: IOrgMemberRepository;
   orgService: OrgService;
@@ -118,7 +130,7 @@ export async function buildContainer(bootConfig: BootConfig): Promise<PlatformCo
 
   // 4. Bootstrap product config from DB (auto-seeds from presets if needed)
   const { platformBoot } = await import("../product-config/boot.js");
-  const { config: productConfig } = await platformBoot({ slug: bootConfig.slug, db });
+  const { config: productConfig, service: productConfigService } = await platformBoot({ slug: bootConfig.slug, db });
 
   // 5. Credit ledger
   const { DrizzleLedger } = await import("../credits/ledger.js");
@@ -217,13 +229,12 @@ export async function buildContainer(bootConfig: BootConfig): Promise<PlatformCo
     gateway = { serviceKeyRepo };
   }
 
-  // hotPool: not yet implemented — needs nemoclaw extraction
-  const hotPool: HotPoolServices | null = null;
-
-  return {
+  // 12. Build the container (hotPool bound after construction)
+  const result: PlatformContainer = {
     db,
     pool,
     productConfig,
+    productConfigService,
     creditLedger,
     orgMemberRepo,
     orgService,
@@ -232,6 +243,25 @@ export async function buildContainer(bootConfig: BootConfig): Promise<PlatformCo
     crypto,
     stripe,
     gateway,
-    hotPool,
+    hotPool: null,
   };
+
+  // Bind hot pool after container construction (closures need the full container)
+  if (bootConfig.features.hotPool && fleet) {
+    const { startHotPool, setPoolSize: setSize, getPoolSize: getSize } = await import("./services/hot-pool.js");
+    const { claimPoolInstance } = await import("./services/hot-pool-claim.js");
+    const { DrizzlePoolRepository } = await import("./services/pool-repository.js");
+    const poolRepo = new DrizzlePoolRepository(pool);
+
+    const hotPoolConfig = { provisionSecret: bootConfig.provisionSecret };
+    result.hotPool = {
+      start: () => startHotPool(result, poolRepo, hotPoolConfig),
+      claim: (name, tenantId, adminUser) =>
+        claimPoolInstance(result, poolRepo, name, tenantId, adminUser, hotPoolConfig),
+      getPoolSize: () => getSize(poolRepo),
+      setPoolSize: (size) => setSize(poolRepo, size),
+    };
+  }
+
+  return result;
 }

package/src/server/lifecycle.ts

@@ -40,6 +40,16 @@ export async function startBackgroundServices(container: PlatformContainer): Pro
     }
   }
 
+  // Hot pool manager (if enabled)
+  if (container.hotPool) {
+    try {
+      const poolHandles = await container.hotPool.start();
+      handles.unsubscribes.push(poolHandles.stop);
+    } catch {
+      // Non-fatal — pool will be empty but claiming falls back to cold create
+    }
+  }
+
   return handles;
 }
 

package/src/server/routes/admin.ts

@@ -330,5 +330,31 @@ export function createAdminRouter(container: PlatformContainer, config?: AdminRo
         orgCount,
       };
     }),
+
+    // -----------------------------------------------------------------------
+    // Hot pool config (DB-driven, admin-only)
+    // -----------------------------------------------------------------------
+
+    getPoolConfig: adminProcedure.query(async () => {
+      if (!container.hotPool) {
+        return { enabled: false, poolSize: 0, warmCount: 0 };
+      }
+      const poolSize = await container.hotPool.getPoolSize();
+      const warmRes = await container.pool.query<{ count: string }>(
+        "SELECT COUNT(*)::int AS count FROM pool_instances WHERE status = 'warm'",
+      );
+      const warmCount = Number(warmRes.rows[0]?.count ?? 0);
+      return { enabled: true, poolSize, warmCount };
+    }),
+
+    setPoolSize: adminProcedure
+      .input(z.object({ size: z.number().int().min(0).max(50) }))
+      .mutation(async ({ input }) => {
+        if (!container.hotPool) {
+          throw new Error("Hot pool not enabled");
+        }
+        await container.hotPool.setPoolSize(input.size);
+        return { poolSize: input.size };
+      }),
   });
 }

package/src/server/services/hot-pool-claim.ts

@@ -0,0 +1,130 @@
+/**
+ * Atomic hot pool claiming.
+ *
+ * Uses IPoolRepository for all DB operations. No raw pool.query().
+ */
+
+import { randomBytes } from "node:crypto";
+
+import { logger } from "../../config/logger.js";
+import type { PlatformContainer } from "../container.js";
+import { replenishPool } from "./hot-pool.js";
+import type { IPoolRepository } from "./pool-repository.js";
+
+export interface ClaimConfig {
+  /** Shared secret for provision auth. */
+  provisionSecret: string;
+  /** Container name prefix. Default: "wopr". */
+  containerPrefix?: string;
+}
+
+export interface ClaimAdminUser {
+  id: string;
+  email: string;
+  name: string;
+}
+
+export interface ClaimResult {
+  id: string;
+  name: string;
+  subdomain: string;
+}
+
+/**
+ * Claim a warm pool instance, rename it, create a fleet profile,
+ * and register the proxy route.
+ *
+ * Returns the claim result on success, or null if the pool is empty.
+ */
+export async function claimPoolInstance(
+  container: PlatformContainer,
+  repo: IPoolRepository,
+  name: string,
+  tenantId: string,
+  _adminUser: ClaimAdminUser,
+  config?: ClaimConfig,
+): Promise<ClaimResult | null> {
+  if (!container.fleet) throw new Error("Fleet services required for pool claim");
+
+  const pc = container.productConfig;
+  const containerPort = pc.fleet?.containerPort ?? 3100;
+  const containerImage = pc.fleet?.containerImage ?? "ghcr.io/wopr-network/platform:latest";
+  const platformDomain = pc.product?.domain ?? "localhost";
+  const prefix = config?.containerPrefix ?? "wopr";
+
+  // ---- Step 1: Atomically claim a warm instance ----
+  const claimed = await repo.claimWarm(tenantId, name);
+  if (!claimed) return null;
+
+  const { id: instanceId, containerId } = claimed;
+
+  // ---- Step 2: Rename Docker container ----
+  const docker = container.fleet.docker;
+  const containerName = `${prefix}-${name}`;
+
+  try {
+    const c = docker.getContainer(containerId);
+    await c.rename({ name: containerName });
+    logger.info(`Pool claim: renamed container to ${containerName}`);
+  } catch (err) {
+    logger.error("Pool claim: rename failed", { error: (err as Error).message });
+    await repo.markDead(instanceId);
+    return null;
+  }
+
+  // ---- Step 3: Create fleet profile ----
+  const serviceKeyRepo = container.fleet.serviceKeyRepo;
+  const gatewayKey = serviceKeyRepo ? await serviceKeyRepo.generate(tenantId, instanceId) : crypto.randomUUID();
+
+  const store = container.fleet.profileStore;
+  const profile = {
+    id: instanceId,
+    name,
+    tenantId,
+    image: containerImage,
+    description: `Managed instance: ${name}`,
+    env: {
+      PORT: String(containerPort),
+      HOST: "0.0.0.0",
+      NODE_ENV: "production",
+      PROVISION_SECRET: config?.provisionSecret ?? "",
+      BETTER_AUTH_SECRET: randomBytes(32).toString("hex"),
+      DATA_HOME: "/data",
+      HOSTED_MODE: "true",
+      DEPLOYMENT_MODE: "hosted_proxy",
+      DEPLOYMENT_EXPOSURE: "private",
+      MIGRATION_AUTO_APPLY: "true",
+      GATEWAY_KEY: gatewayKey,
+    },
+    restartPolicy: "unless-stopped" as const,
+    releaseChannel: "stable" as const,
+    updatePolicy: "manual" as const,
+  };
+
+  await store.save(profile);
+  logger.info(`Pool claim: saved fleet profile for ${name} (${instanceId})`);
+
+  // ---- Step 4: Register proxy route ----
+  try {
+    if (container.fleet.proxy.addRoute) {
+      await container.fleet.proxy.addRoute({
+        instanceId,
+        subdomain: name,
+        upstreamHost: containerName,
+        upstreamPort: containerPort,
+        healthy: true,
+      });
+      logger.info(`Pool claim: registered proxy route ${name}.${platformDomain}`);
+    }
+  } catch (err) {
+    logger.error("Pool claim: proxy route registration failed", { error: (err as Error).message });
+  }
+
+  // ---- Step 5: Replenish pool in background ----
+  replenishPool(container, repo, { provisionSecret: config?.provisionSecret ?? "" }).catch((err) => {
+    logger.error("Pool replenish after claim failed", { error: (err as Error).message });
+  });
+
+  const subdomain = `${name}.${platformDomain}`;
+  return { id: instanceId, name, subdomain };
+}

package/src/server/services/hot-pool.ts

@@ -0,0 +1,174 @@
+/**
+ * Hot pool manager — pre-provisions warm containers for instant claiming.
+ *
+ * Reads desired pool size from DB (`pool_config` table) via IPoolRepository.
+ * Periodically replenishes the pool and cleans up dead containers.
+ *
+ * All config is DB-driven — no env vars for pool size, container image,
+ * or port. Admin API updates pool_config, this reads it.
+ */
+
+import { logger } from "../../config/logger.js";
+import type { PlatformContainer } from "../container.js";
+import type { IPoolRepository } from "./pool-repository.js";
+
+export interface HotPoolConfig {
+  /** Shared secret for provision auth between platform and managed instances. */
+  provisionSecret: string;
+  /** Replenish interval in ms. Default: 60_000. */
+  replenishIntervalMs?: number;
+}
+
+export interface HotPoolHandles {
+  replenishTimer: ReturnType<typeof setInterval>;
+  stop: () => void;
+}
+
+// ---------------------------------------------------------------------------
+// Pool size — delegates to repository
+// ---------------------------------------------------------------------------
+
+export async function getPoolSize(repo: IPoolRepository): Promise<number> {
+  return repo.getPoolSize();
+}
+
+export async function setPoolSize(repo: IPoolRepository, size: number): Promise<void> {
+  return repo.setPoolSize(size);
+}
+
+// ---------------------------------------------------------------------------
+// Warm container management
+// ---------------------------------------------------------------------------
+
+async function createWarmContainer(
+  container: PlatformContainer,
+  repo: IPoolRepository,
+  config: HotPoolConfig,
+): Promise<void> {
+  if (!container.fleet) throw new Error("Fleet services required for hot pool");
+
+  const pc = container.productConfig;
+  const containerImage = pc.fleet?.containerImage ?? "ghcr.io/wopr-network/platform:latest";
+  const containerPort = pc.fleet?.containerPort ?? 3100;
+  const provisionSecret = config.provisionSecret;
+  const dockerNetwork = pc.fleet?.dockerNetwork ?? "";
+  const docker = container.fleet.docker;
+  const id = crypto.randomUUID();
+  const containerName = `pool-${id.slice(0, 8)}`;
+  const volumeName = `pool-${id.slice(0, 8)}`;
+
+  try {
+    // Init volume permissions
+    const init = await docker.createContainer({
+      Image: containerImage,
+      Entrypoint: ["/bin/sh", "-c"],
+      Cmd: ["chown -R 999:999 /data"],
+      User: "root",
+      HostConfig: { Binds: [`${volumeName}:/data`] },
+    });
+    await init.start();
+    await init.wait();
+    await init.remove();
+
+    const warmContainer = await docker.createContainer({
+      Image: containerImage,
+      name: containerName,
+      Env: [`PORT=${containerPort}`, `PROVISION_SECRET=${provisionSecret}`, "HOME=/data"],
+      HostConfig: {
+        Binds: [`${volumeName}:/data`],
+        RestartPolicy: { Name: "unless-stopped" },
+      },
+    });
+
+    await warmContainer.start();
+
+    if (dockerNetwork) {
+      const network = docker.getNetwork(dockerNetwork);
+      await network.connect({ Container: warmContainer.id });
+    }
+
+    await repo.insertWarm(id, warmContainer.id);
+
+    logger.info(`Hot pool: created warm container ${containerName} (${id})`);
+  } catch (err) {
+    logger.error("Hot pool: failed to create warm container", {
+      error: (err as Error).message,
+    });
+  }
+}
+
+export async function replenishPool(
+  container: PlatformContainer,
+  repo: IPoolRepository,
+  config: HotPoolConfig,
+): Promise<void> {
+  const desired = await repo.getPoolSize();
+  const current = await repo.warmCount();
+  const deficit = desired - current;
+
+  if (deficit <= 0) return;
+
+  logger.info(`Hot pool: replenishing ${deficit} container(s) (have ${current}, want ${desired})`);
+
+  for (let i = 0; i < deficit; i++) {
+    await createWarmContainer(container, repo, config);
+  }
+}
+
+async function cleanupDead(container: PlatformContainer, repo: IPoolRepository): Promise<void> {
+  if (!container.fleet) return;
+
+  const docker = container.fleet.docker;
+  const warmInstances = await repo.listWarm();
+
+  for (const instance of warmInstances) {
+    try {
+      const c = docker.getContainer(instance.containerId);
+      const info = await c.inspect();
+      if (!info.State.Running) {
+        await repo.markDead(instance.id);
+        try {
+          await c.remove({ force: true });
+        } catch {
+          /* already gone */
+        }
+        logger.warn(`Hot pool: marked dead container ${instance.id}`);
+      }
+    } catch {
+      await repo.markDead(instance.id);
+      logger.warn(`Hot pool: marked missing container ${instance.id} as dead`);
+    }
+  }
+
+  await repo.deleteDead();
+}
+
+// ---------------------------------------------------------------------------
+// Lifecycle
+// ---------------------------------------------------------------------------
+
+export async function startHotPool(
+  container: PlatformContainer,
+  repo: IPoolRepository,
+  config: HotPoolConfig,
+): Promise<HotPoolHandles> {
+  await cleanupDead(container, repo);
+  await replenishPool(container, repo, config);
+
+  const intervalMs = config.replenishIntervalMs ?? 60_000;
+  const replenishTimer = setInterval(async () => {
+    try {
+      await cleanupDead(container, repo);
+      await replenishPool(container, repo, config);
+    } catch (err) {
+      logger.error("Hot pool tick failed", { error: (err as Error).message });
+    }
+  }, intervalMs);
+
+  logger.info("Hot pool manager started");
+
+  return {
+    replenishTimer,
+    stop: () => clearInterval(replenishTimer),
+  };
+}

package/src/server/services/pool-repository.ts

@@ -0,0 +1,107 @@
+/**
+ * Repository for hot pool database operations.
+ *
+ * Encapsulates all pool_config and pool_instances queries behind
+ * a testable interface. No raw pool.query() outside this file.
+ */
+
+import type { Pool } from "pg";
+
+export interface PoolInstance {
+  id: string;
+  containerId: string;
+  status: string;
+  tenantId: string | null;
+  name: string | null;
+}
+
+export interface IPoolRepository {
+  getPoolSize(): Promise<number>;
+  setPoolSize(size: number): Promise<void>;
+  warmCount(): Promise<number>;
+  insertWarm(id: string, containerId: string): Promise<void>;
+  listWarm(): Promise<PoolInstance[]>;
+  markDead(id: string): Promise<void>;
+  deleteDead(): Promise<void>;
+  claimWarm(tenantId: string, name: string): Promise<{ id: string; containerId: string } | null>;
+  updateInstanceStatus(id: string, status: string): Promise<void>;
+}
+
+export class DrizzlePoolRepository implements IPoolRepository {
+  constructor(private pool: Pool) {}
+
+  async getPoolSize(): Promise<number> {
+    try {
+      const res = await this.pool.query("SELECT pool_size FROM pool_config WHERE id = 1");
+      return res.rows[0]?.pool_size ?? 2;
+    } catch {
+      return 2;
+    }
+  }
+
+  async setPoolSize(size: number): Promise<void> {
+    await this.pool.query(
+      "INSERT INTO pool_config (id, pool_size) VALUES (1, $1) ON CONFLICT (id) DO UPDATE SET pool_size = $1",
+      [size],
+    );
+  }
+
+  async warmCount(): Promise<number> {
+    const res = await this.pool.query("SELECT COUNT(*)::int AS count FROM pool_instances WHERE status = 'warm'");
+    return res.rows[0].count;
+  }
+
+  async insertWarm(id: string, containerId: string): Promise<void> {
+    await this.pool.query("INSERT INTO pool_instances (id, container_id, status) VALUES ($1, $2, 'warm')", [
+      id,
+      containerId,
+    ]);
+  }
+
+  async listWarm(): Promise<PoolInstance[]> {
+    const res = await this.pool.query(
+      "SELECT id, container_id, status, tenant_id, name FROM pool_instances WHERE status = 'warm'",
+    );
+    return res.rows.map((r: Record<string, unknown>) => ({
+      id: r.id as string,
+      containerId: r.container_id as string,
+      status: r.status as string,
+      tenantId: (r.tenant_id as string) ?? null,
+      name: (r.name as string) ?? null,
+    }));
+  }
+
+  async markDead(id: string): Promise<void> {
+    await this.pool.query("UPDATE pool_instances SET status = 'dead' WHERE id = $1", [id]);
+  }
+
+  async deleteDead(): Promise<void> {
+    await this.pool.query("DELETE FROM pool_instances WHERE status = 'dead'");
+  }
+
+  async claimWarm(tenantId: string, name: string): Promise<{ id: string; containerId: string } | null> {
+    const res = await this.pool.query(
+      `UPDATE pool_instances
+          SET status = 'claimed',
+              claimed_at = NOW(),
+              tenant_id = $1,
+              name = $2
+        WHERE id = (
+          SELECT id FROM pool_instances
+           WHERE status = 'warm'
+           ORDER BY created_at ASC
+           LIMIT 1
+             FOR UPDATE SKIP LOCKED
+        )
+        RETURNING id, container_id`,
+      [tenantId, name],
+    );
+    if (res.rowCount === 0) return null;
+    const row = res.rows[0] as { id: string; container_id: string };
+    return { id: row.id, containerId: row.container_id };
+  }
+
+  async updateInstanceStatus(id: string, status: string): Promise<void> {
+    await this.pool.query("UPDATE pool_instances SET status = $1 WHERE id = $2", [status, id]);
+  }
+}

package/src/server/test-container.ts

@@ -12,6 +12,7 @@ import type { IUserRoleRepository } from "../auth/user-role-repository.js";
 import type { ILedger } from "../credits/ledger.js";
 import type { DrizzleDb } from "../db/index.js";
 import type { ProductConfig } from "../product-config/repository-types.js";
+import { ProductConfigService } from "../product-config/service.js";
 import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
 import type { OrgService } from "../tenancy/org-service.js";
 import type { PlatformContainer } from "./container.js";
@@ -90,6 +91,19 @@ function stubProductConfig(): ProductConfig {
   };
 }
 
+function stubProductConfigService(): ProductConfigService {
+  const stubRepo = {
+    getBySlug: async () => stubProductConfig(),
+    listAll: async () => [],
+    upsertProduct: async () => stubProductConfig().product,
+    replaceNavItems: async () => {},
+    upsertFeatures: async () => {},
+    upsertFleetConfig: async () => {},
+    upsertBillingConfig: async () => {},
+  };
+  return new ProductConfigService(stubRepo as never);
+}
+
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------
@@ -103,6 +117,7 @@ export function createTestContainer(overrides?: Partial<PlatformContainer>): Pla
     db: {} as DrizzleDb,
     pool: { end: async () => {} } as never,
     productConfig: stubProductConfig(),
+    productConfigService: stubProductConfigService(),
     creditLedger: stubLedger(),
     orgMemberRepo: stubOrgMemberRepo(),
     orgService: {} as OrgService,

package/src/trpc/index.ts

@@ -13,6 +13,7 @@ export { createFleetUpdateConfigRouter } from "./fleet-update-config-router.js";
 export {
   adminProcedure,
   createCallerFactory,
+  createTRPCContext,
   orgAdminProcedure,
   orgMemberProcedure,
   protectedProcedure,
@@ -28,3 +29,6 @@ export {
   type OrgRemovePaymentMethodDeps,
 } from "./org-remove-payment-method-router.js";
 export { createProductConfigRouter } from "./product-config-router.js";
+export { type PageContextRouterDeps, pageContextRouter, setPageContextRouterDeps } from "./routers/page-context.js";
+export { type ProfileRouterDeps, profileRouter, setProfileRouterDeps } from "./routers/profile.js";
+export { type SettingsRouterDeps, setSettingsRouterDeps, settingsRouter } from "./routers/settings.js";

package/src/trpc/init.ts

@@ -22,6 +22,34 @@ export interface TRPCContext {
   tenantId: string | undefined;
 }
 
+// ---------------------------------------------------------------------------
+// Context factory — resolves BetterAuth session into TRPCContext
+// ---------------------------------------------------------------------------
+
+/**
+ * Create a TRPCContext from an incoming request.
+ * Resolves the user from BetterAuth session cookies.
+ */
+export async function createTRPCContext(req: Request): Promise<TRPCContext> {
+  let user: AuthUser | undefined;
+  let tenantId: string | undefined;
+  try {
+    const { getAuth } = await import("../auth/better-auth.js");
+    const auth = getAuth();
+    const session = await auth.api.getSession({ headers: req.headers });
+    if (session?.user) {
+      const sessionUser = session.user as { id: string; role?: string };
+      const roles: string[] = [];
+      if (sessionUser.role) roles.push(sessionUser.role);
+      user = { id: sessionUser.id, roles };
+      tenantId = req.headers.get("x-tenant-id") || sessionUser.id;
+    }
+  } catch {
+    // No session — unauthenticated request
+  }
+  return { user, tenantId: tenantId ?? "" };
+}
+
 // ---------------------------------------------------------------------------
 // tRPC init
 // ---------------------------------------------------------------------------