@yrpri/api 9.0.133 → 9.0.135

package/agents/managers/newAiModelSetup.js

@@ -644,6 +644,43 @@ export class NewAiModelSetup {
             await gemini25ProPreview2.save();
             console.log("Google model already exists: Gemini 2.5 Pro");
         }
+        const gemini25ProFinalPreview = await PsAiModel.findOne({
+            where: { name: "Gemini 2.5 Pro Final Preview" },
+        });
+        const gemini25ProFinalConfig = {
+            type: PsAiModelType.TextReasoning,
+            modelSize: PsAiModelSize.Large,
+            provider: "google",
+            prices: {
+                costInTokensPerMillion: 1.25,
+                costOutTokensPerMillion: 10,
+                costInCachedContextTokensPerMillion: 0.875,
+                longContextTokenThreshold: 200000,
+                longContextCostInTokensPerMillion: 2.5,
+                longContextCostInCachedContextTokensPerMillion: 1.75,
+                longContextCostOutTokensPerMillion: 15,
+                currency: "USD",
+            },
+            model: "gemini-2-5-pro-preview-06-05",
+            active: true,
+            maxTokensOut: 100000,
+            defaultTemperature: 0.0,
+        };
+        if (!gemini25ProFinalPreview) {
+            await PsAiModel.create({
+                name: "Gemini 2.5 Pro Final Preview",
+                organization_id: 1,
+                user_id: userId,
+                configuration: gemini25ProFinalConfig,
+            });
+            console.log("Created Google model: Gemini 2.5 Pro Final Preview");
+        }
+        else {
+            gemini25ProFinalPreview.set("configuration", gemini25ProFinalConfig);
+            gemini25ProFinalPreview.changed("configuration", true);
+            await gemini25ProFinalPreview.save();
+            console.log("Google model already exists: Gemini 2.5 Pro Final Preview");
+        }
         const gemini25FlashPreview1 = await PsAiModel.findOne({
             where: { name: "Gemini 2.5 Flash Preview 1" },
         });
@@ -681,6 +718,39 @@ export class NewAiModelSetup {
             await gemini25FlashPreview1.save();
             console.log("Google model already exists: Gemini 2.5 Pro");
         }
+        const gemini25FlashPreview = await PsAiModel.findOne({
+            where: { name: "Gemini 2.5 Flash Preview" },
+        });
+        const gemini25FlashPreviewConfig = {
+            type: PsAiModelType.Text,
+            modelSize: PsAiModelSize.Medium,
+            provider: "google",
+            prices: {
+                costInTokensPerMillion: 0.15,
+                costOutTokensPerMillion: 0.6,
+                costInCachedContextTokensPerMillion: 0.09,
+                currency: "USD",
+            },
+            maxTokensOut: 8192,
+            defaultTemperature: 0.0,
+            model: "gemini-2-5-flash-preview-05-20",
+            active: true,
+        };
+        if (!gemini25FlashPreview) {
+            await PsAiModel.create({
+                name: "Gemini 2.5 Flash Preview",
+                organization_id: 1,
+                user_id: userId,
+                configuration: gemini25FlashPreviewConfig,
+            });
+            console.log("Created Google model: Gemini 2.5 Flash Preview");
+        }
+        else {
+            gemini25FlashPreview.set("configuration", gemini25FlashPreviewConfig);
+            gemini25FlashPreview.changed("configuration", true);
+            await gemini25FlashPreview.save();
+            console.log("Google model already exists: Gemini 2.5 Flash Preview");
+        }
     }
     /**
      * Master seeding function which calls the provider-specific functions
@@ -790,7 +860,9 @@ export class NewAiModelSetup {
             { name: "Gemini 2.0 Flash", envKey: "GEMINI_API_KEY" },
             { name: "Gemini 2.5 Pro Preview 1", envKey: "GEMINI_API_KEY" },
             { name: "Gemini 2.5 Pro Preview 2", envKey: "GEMINI_API_KEY" },
+            { name: "Gemini 2.5 Pro Final Preview", envKey: "GEMINI_API_KEY" },
             { name: "Gemini 2.5 Flash Preview 1", envKey: "GEMINI_API_KEY" },
+            { name: "Gemini 2.5 Flash Preview", envKey: "GEMINI_API_KEY" },
             { name: "o1 24", envKey: "OPENAI_API_KEY" },
             { name: "o3 mini", envKey: "OPENAI_API_KEY" },
             { name: "o4 mini", envKey: "OPENAI_API_KEY" },

package/app.js

@@ -198,10 +198,10 @@ export class YourPrioritiesApi {
         this.addDirnameToRequest();
         this.forceHttps();
         this.initializeMiddlewares();
-        this.setupNewWebAppVersionHandling();
         this.handleShortenedRedirects();
         this.initializeRateLimiting();
         this.setupDomainAndCommunity();
+        this.setupNewWebAppVersionHandling();
         this.setupSitemapRoute();
         this.initializePassportStrategies();
         this.addInviteAsAnonMiddleWare();
@@ -216,10 +216,10 @@ export class YourPrioritiesApi {
         this.addDirnameToRequest();
         this.forceHttps();
         this.initializeMiddlewares();
-        this.setupNewWebAppVersionHandling();
         this.handleShortenedRedirects();
         this.initializeRateLimiting();
         this.setupDomainAndCommunity();
+        this.setupNewWebAppVersionHandling();
         this.setupSitemapRoute();
         this.initializePassportStrategies();
         this.addInviteAsAnonMiddleWare();

package/controllers/users.cjs

@@ -1437,7 +1437,6 @@ router.delete('/anonymize_current_user', function (req, res) {
     }
 });
 router.post('/logout', function (req, res) {
-    log.info("Anon debug logout");
     if (req.isAuthenticated()) {
         log.info('User Logging out', { userId: req.user.id, context: 'logout' });
     }
@@ -1447,8 +1446,11 @@ router.post('/logout', function (req, res) {
     const oidcProvider = req.ypDomain &&
         req.ypDomain.loginProviders &&
         req.ypDomain.loginProviders.find((p) => p.provider === 'oidc');
+    log.info("oidcProvider", { oidcProvider });
     if (req.sso && oidcProvider && oidcProvider.endSessionURL) {
+        log.info("Logging out from OIDC");
         logoutFromSession(req, res, 200, () => {
+            log.info("Logging out from OIDC", { oidcProvider });
             req.sso.logout(oidcProvider.name, { postLogoutRedirectUri: '/' }, req, res, (error) => {
                 if (error) {
                     log.error('Error logging out from OIDC', { err: error });
@@ -2208,6 +2210,103 @@ router.get('/:id/status_update/:bulkStatusUpdateId', function (req, res, next) {
         });
     }
 });
+// Audkenni REST Authentication
+router.post('/auth/audkenni-rest/start', async function (req, res) {
+    try {
+        const { phone, authenticator } = req.body;
+        if (!phone || !authenticator) {
+            res.status(400).send({ error: 'missing_parameters' });
+            return;
+        }
+        const { default: AudkenniRestService } = await import('../services/auth/audkenniRestService.js');
+        const service = new AudkenniRestService();
+        const startData = await service.start();
+        const callbacks = (startData.callbacks || []).map((cb) => {
+            if (cb.type === 'NameCallback') {
+                cb.input[0].value = phone;
+            }
+            else if (cb.type === 'ChoiceCallback') {
+                const index = cb.output[1].value.indexOf(authenticator);
+                cb.input[0].value = index >= 0 ? index : 0;
+            }
+            return cb;
+        });
+        await service.continue(startData.authId, callbacks);
+        res.send({ pollId: startData.authId });
+    }
+    catch (error) {
+        log.error('Error starting Audkenni REST login', { error });
+        res.status(500).send({ error: 'audkenni_start_failed' });
+    }
+});
+router.post('/auth/audkenni-rest/continue', async function (req, res) {
+    try {
+        const { authId, callbacks } = req.body;
+        const { default: AudkenniRestService } = await import('../services/auth/audkenniRestService.js');
+        const service = new AudkenniRestService();
+        const data = await service.continue(authId, callbacks);
+        res.send({ authId: data.authId, callbacks: data.callbacks, tokenId: data.tokenId });
+    }
+    catch (error) {
+        log.error('Error continuing Audkenni REST login', { error });
+        res.status(500).send({ error: 'audkenni_continue_failed' });
+    }
+});
+router.get('/auth/audkenni-rest/poll/:id', async function (req, res) {
+    try {
+        const authId = req.params.id;
+        const { default: AudkenniRestService } = await import('../services/auth/audkenniRestService.js');
+        const service = new AudkenniRestService();
+        const result = await service.poll(authId);
+        if (!result.tokenId) {
+            res.send({ pending: true });
+            return;
+        }
+        const profile = result.profile || { nationalRegisterId: result.nationalId, name: result.name, provider: 'oidc' };
+        models.User.serializeOidcUser(profile, req, function (error, user) {
+            if (error || !user) {
+                log.error('Error serializing Audkenni user', { error });
+                res.status(500).send({ error: 'audkenni_login_failed' });
+            }
+            else {
+                req.logIn(user, async function (err) {
+                    if (err) {
+                        log.error('Error logging in Audkenni user', { err });
+                        res.status(500).send({ error: 'audkenni_login_failed' });
+                    }
+                    else {
+                        await new Promise(resolve => setTimeout(resolve, 50));
+                        getUserWithAll(user.id, true, function (getErr, fullUser) {
+                            if (getErr || !fullUser) {
+                                res.status(500).send({ error: 'audkenni_user_fetch_failed' });
+                            }
+                            else {
+                                if (fullUser.email) {
+                                    delete fullUser.email;
+                                }
+                                else {
+                                    fullUser.missingEmail = true;
+                                }
+                                if (fullUser.private_profile_data && fullUser.private_profile_data.registration_answers) {
+                                    fullUser.dataValues.hasRegistrationAnswers = true;
+                                }
+                                else {
+                                    fullUser.dataValues.hasRegistrationAnswers = false;
+                                }
+                                delete fullUser.private_profile_data;
+                                res.send(fullUser);
+                            }
+                        });
+                    }
+                });
+            }
+        });
+    }
+    catch (error) {
+        log.error('Error polling Audkenni REST login', { error });
+        res.status(500).send({ error: 'audkenni_poll_failed' });
+    }
+});
 // Facebook Authentication
 router.get('/auth/facebook', function (req, res) {
     req.sso.authenticate('facebook-strategy-' + req.ypDomain.id, {}, req, res, function (error, user) {
@@ -2287,7 +2386,10 @@ router.get('/auth/audkenni/callback', async function (req, res) {
             }
         }
         else {
-            if (process.env.REDIRECT_TO_ROOT_AFTER_OIDC) {
+            if (process.env.REDIRECT_AFTER_AUDKENNI_URL) {
+                res.redirect(process.env.REDIRECT_AFTER_AUDKENNI_URL);
+            }
+            else if (process.env.REDIRECT_TO_ROOT_AFTER_OIDC) {
                 res.redirect('/');
             }
             else {

package/models/domain.cjs

@@ -237,6 +237,7 @@ module.exports = (sequelize, DataTypes) => {
                     authorizationURL: domain.secret_api_keys.oidc.authorizationURL,
                     tokenURL: domain.secret_api_keys.oidc.tokenURL,
                     userInfoURL: domain.secret_api_keys.oidc.userInfoURL,
+                    endSessionURL: domain.secret_api_keys.oidc.endSessionURL,
                     callbackUrl: "https://" +
                         callbackDomainName +
                         "/api/users/auth/audkenni/callback",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yrpri/api",
-  "version": "9.0.133",
+  "version": "9.0.135",
   "license": "MIT",
   "author": "Robert Bjarnason & Citizens Foundation",
   "repository": {

package/scripts/agents/changeModelForWorkflowGroupTemplate.d.ts

@@ -0,0 +1 @@
+export {};

package/scripts/agents/changeModelForWorkflowGroupTemplate.js

@@ -0,0 +1,82 @@
+import { initializeModels, PsAgent, PsAiModel, } from "@policysynth/agents/dbModels/index.js";
+import { PsAiModelSize, PsAiModelType } from "@policysynth/agents/aiModelTypes.js";
+import models from "../../models/index.cjs";
+(async () => {
+    const [groupIdArg, sizeArg, typeArg, modelNameArg] = process.argv.slice(2);
+    if (!groupIdArg || !sizeArg || !typeArg || !modelNameArg) {
+        console.error("Usage: ts-node changeModelForWorkflowGroupTemplate.ts <groupId> <modelSize (small, medium, large)> <modeltype: text, textReasoning> <model_name>");
+        process.exit(1);
+    }
+    const groupId = Number(groupIdArg);
+    if (isNaN(groupId)) {
+        console.error("groupId must be a number");
+        process.exit(1);
+    }
+    const sizeMap = {
+        small: PsAiModelSize.Small,
+        medium: PsAiModelSize.Medium,
+        large: PsAiModelSize.Large,
+    };
+    const typeMap = {
+        text: PsAiModelType.Text,
+        textreasoning: PsAiModelType.TextReasoning,
+    };
+    const size = sizeMap[sizeArg.toLowerCase()];
+    const modelType = typeMap[typeArg.toLowerCase()];
+    if (!size) {
+        console.error("modelSize must be one of small, medium or large");
+        process.exit(1);
+    }
+    if (!modelType) {
+        console.error("modeltype must be text or textReasoning");
+        process.exit(1);
+    }
+    try {
+        await initializeModels();
+        const group = await models.Group.findByPk(groupId);
+        if (!group) {
+            throw new Error(`Group ${groupId} not found`);
+        }
+        const topLevelAgentId = group.configuration?.agents?.topLevelAgentId;
+        if (!topLevelAgentId) {
+            throw new Error("Top level agent id not found in group configuration");
+        }
+        const subAgents = await PsAgent.findAll({
+            where: { group_id: groupId, parent_agent_id: topLevelAgentId },
+        });
+        if (subAgents.length === 0) {
+            throw new Error("No sub-agents found for workflow group");
+        }
+        const newModel = await PsAiModel.findOne({
+            where: { configuration: { model: modelNameArg } },
+        });
+        if (!newModel) {
+            throw new Error(`AI model with configuration.model ${modelNameArg} not found`);
+        }
+        const privateConfig = (group.private_access_configuration ?? []);
+        for (const agent of subAgents) {
+            const currentModels = await agent.getAiModels();
+            for (const current of currentModels) {
+                const cfg = current.configuration || {};
+                if (cfg.modelSize === size && cfg.type === modelType) {
+                    await agent.removeAiModel(current);
+                    const entry = privateConfig.find((p) => p.aiModelId === current.id);
+                    if (entry)
+                        entry.aiModelId = newModel.id;
+                }
+            }
+            await agent.addAiModel(newModel);
+            console.log(`Updated agent ${agent.id} to use model ${newModel.name}`);
+        }
+        group.set("private_access_configuration", privateConfig);
+        group.changed("private_access_configuration", true);
+        await group.save();
+        console.log(`Group ${groupId} updated successfully`);
+    }
+    catch (error) {
+        console.error(error);
+    }
+    finally {
+        await models.sequelize.close();
+    }
+})();

package/scripts/change/setUseNewVersion.cjs

@@ -7,6 +7,7 @@ models.Domain.findOne({ where: { id: domainId } }).then(async (domain) => {
         console.log("Domain " + domain.domain_name);
         if (useNewVersionStatus === "true" || useNewVersionStatus === "false") {
             domain.set("configuration.useNewVersion", useNewVersionStatus === "true" ? true : false);
+            domain.changed("configuration", true);
             await domain.save();
             console.log("Set useNewVersionStatus to " + useNewVersionStatus);
         }

package/scripts/domains/importDomainsFromXls.js

@@ -2,9 +2,9 @@ import ExcelJS from 'exceljs';
 import models from '../../models/index.cjs';
 (async () => {
     try {
-        const [xlsPath, clientId, clientSecret, issuer, authorizationURL, tokenURL, userInfoURL,] = process.argv.slice(2);
+        const [xlsPath, clientId, clientSecret, issuer, authorizationURL, tokenURL, userInfoURL, endSessionURL,] = process.argv.slice(2);
         if (!xlsPath) {
-            console.log('Usage: node importDomainsFromXls.js <path-to-xls> [clientId clientSecret issuer authorizationURL tokenURL userInfoURL]');
+            console.log('Usage: node importDomainsFromXls.js <path-to-xls> [clientId clientSecret issuer authorizationURL tokenURL userInfoURL endSessionURL]');
             process.exit(1);
         }
         const oidcProvided = clientId &&
@@ -12,7 +12,8 @@ import models from '../../models/index.cjs';
             issuer &&
             authorizationURL &&
             tokenURL &&
-            userInfoURL;
+            userInfoURL &&
+            endSessionURL;
         const workbook = new ExcelJS.Workbook();
         await workbook.xlsx.readFile(xlsPath);
         const worksheet = workbook.getWorksheet(1);
@@ -29,6 +30,7 @@ import models from '../../models/index.cjs';
                     authorizationURL,
                     tokenURL,
                     userInfoURL,
+                    endSessionURL,
                 }
                 : null;
             for (let i = 2; i <= worksheet.rowCount; i++) {

package/scripts/keys/addOidcToDomain.cjs

@@ -8,6 +8,7 @@ const issuer = process.argv[5];
 const authorizationURL = process.argv[6];
 const tokenURL = process.argv[7];
 const userInfoURL = process.argv[8];
+const endSessionURL = process.argv[9];
 console.log(`Updating OIDC keys for domain ${domainId}`);
 async.series([
     function (callback) {
@@ -29,7 +30,8 @@ async.series([
                     issuer: issuer,
                     authorizationURL: authorizationURL,
                     tokenURL: tokenURL,
-                    userInfoURL: userInfoURL
+                    userInfoURL: userInfoURL,
+                    endSessionURL: endSessionURL
                 };
                 console.log("Updated secret_api_keys:", JSON.stringify(domain.secret_api_keys, null, 2));
                 domain.changed('secret_api_keys', true);

package/scripts/users/createUserAddDomain.js

@@ -23,7 +23,7 @@ import models from '../../models/index.cjs';
             email,
             name,
             status: 'active',
-            ssn: ssn ? Number(ssn) : undefined,
+            ssn: ssn || undefined,
             encrypted_password: hashed,
         });
         await domain.addDomainUsers(user);

package/scripts/users/importUsersForDomainsFromXls.js

@@ -18,7 +18,7 @@ import models from '../../models/index.cjs';
                 const fullUserName = String(row.getCell(2).text).trim();
                 const userEmail = String(row.getCell(3).text).trim().toLowerCase();
                 const userSsn = String(row.getCell(4).text).trim();
-                const userSsnNumber = userSsn ? Number(userSsn) : undefined;
+                const userSsnNumber = userSsn || undefined;
                 if (!domainName || !fullUserName || !userEmail) {
                     throw new Error(`Missing data in row ${i}`);
                 }

package/scripts/users/updatePasswordFromSsn.js

@@ -7,7 +7,7 @@ import models from '../../models/index.cjs';
             console.log('Usage: node updatePasswordFromSsn.js <ssn> <newPassword>');
             process.exit(1);
         }
-        const ssn = Number(ssnArg);
+        const ssn = ssnArg;
         const user = await models.User.findOne({ where: { ssn } });
         if (!user) {
             console.error(`User with ssn ${ssn} not found`);

package/scripts/users/updateUserSsnFromEmail.js

@@ -11,7 +11,7 @@ import models from '../../models/index.cjs';
             console.error(`User ${email} not found`);
             process.exit(1);
         }
-        const ssn = Number(ssnArg);
+        const ssn = ssnArg;
         user.ssn = ssn;
         await user.save();
         console.log(`Updated SSN for ${email}`);

package/services/auth/audkenniRestService.d.ts

@@ -0,0 +1,14 @@
+export interface AudkenniAuthResponse {
+    authId?: string;
+    callbacks?: any[];
+    tokenId?: string;
+    [key: string]: any;
+}
+export default class AudkenniRestService {
+    private endpoint;
+    private client;
+    start(): Promise<AudkenniAuthResponse>;
+    authenticate(phone: string, authenticator: 'sim' | 'app'): Promise<AudkenniAuthResponse>;
+    continue(authId: string, callbacks: any[]): Promise<AudkenniAuthResponse>;
+    poll(authId: string, callbacks?: any[], interval?: number, maxAttempts?: number): Promise<AudkenniAuthResponse>;
+}

package/services/auth/audkenniRestService.js

@@ -0,0 +1,52 @@
+import axios from "axios";
+export default class AudkenniRestService {
+    constructor() {
+        this.endpoint = "https://idp.audkenni.is/sso/json/realms/root/realms/audkenni/authenticate";
+        this.client = axios.create({
+            headers: {
+                Accept: "application/json",
+                "Content-Type": "application/json",
+            },
+            validateStatus: () => true,
+        });
+    }
+    async start() {
+        const { data } = await this.client.post(this.endpoint, {});
+        return data;
+    }
+    async authenticate(phone, authenticator) {
+        const startData = await this.start();
+        if (!startData.authId || !startData.callbacks) {
+            throw new Error('Invalid start response');
+        }
+        const callbacks = (startData.callbacks || []).map((cb) => {
+            if (cb.type === 'NameCallback') {
+                cb.input[0].value = phone;
+            }
+            else if (cb.type === 'ChoiceCallback') {
+                const choices = cb.output?.find((o) => o.name === 'choices')?.value || [];
+                const idx = choices.findIndex((c) => c.toLowerCase().includes(authenticator));
+                cb.input[0].value = idx >= 0 ? idx : 0;
+            }
+            return cb;
+        });
+        const cont = await this.continue(startData.authId, callbacks);
+        return this.poll(cont.authId || startData.authId, cont.callbacks);
+    }
+    async continue(authId, callbacks) {
+        const payload = { authId, callbacks };
+        const { data } = await this.client.post(this.endpoint, payload);
+        return data;
+    }
+    async poll(authId, callbacks, interval = 2000, maxAttempts = 30) {
+        for (let i = 0; i < maxAttempts; i++) {
+            const payload = callbacks ? { authId, callbacks } : { authId };
+            const { data } = await this.client.post(this.endpoint, payload);
+            if (data.tokenId) {
+                return data;
+            }
+            await new Promise((r) => setTimeout(r, interval));
+        }
+        throw new Error("Timeout waiting for tokenId");
+    }
+}