availsync 0.1.0

package/src/routes/holds.ts

@@ -0,0 +1,437 @@
+import express from 'express';
+import { addDays } from 'date-fns';
+import { z } from 'zod';
+import pool from '../db/client';
+import { log } from '../lib/logger';
+import { getAvailableSlots } from '../core/availability';
+import { checkAndResolveConflict } from '../core/conflict';
+import { actorFromAuth, durationSince, logActivity } from '../lib/activity';
+import { enforcePlanLimit } from '../lib/plans';
+import {
+  canAccessAgent,
+  isAgentAuth,
+  requireWorkspaceOrAgent,
+  type AnyAuthenticatedRequest,
+} from '../middleware/auth';
+import type { Hold } from '../types';
+
+const router = express.Router();
+
+const HoldSchema = z
+  .object({
+    agent_id: z.string().uuid(),
+    start_at: z.string().datetime({ offset: true }),
+    end_at: z.string().datetime({ offset: true }),
+    reason: z.string().max(500).optional(),
+    metadata: z.record(z.string(), z.unknown()).optional(),
+  })
+  .refine((data) => new Date(data.end_at) > new Date(data.start_at), {
+    path: ['end_at'],
+    message: 'end_at must be after start_at',
+  });
+
+async function getAgentInOrg(agentId: string, orgId: string) {
+  const result = await pool.query('SELECT * FROM agents WHERE id = $1 AND org_id = $2', [
+    agentId,
+    orgId,
+  ]);
+  return result.rows[0];
+}
+
+function actorFor(req: AnyAuthenticatedRequest) {
+  if (isAgentAuth(req)) {
+    return {
+      actor_type: 'agent',
+      actor_id: req.agent.id,
+      actor_label: req.agent.name,
+    };
+  }
+
+  return {
+    actor_type: 'workspace',
+    actor_id: req.user.id,
+    actor_label: req.user.email,
+  };
+}
+
+router.post('/holds', requireWorkspaceOrAgent, async (req, res) => {
+  const startedAt = Date.now();
+  const parsed = HoldSchema.safeParse(req.body);
+  if (!parsed.success) {
+    return res.status(422).json({ error: 'validation_error', details: parsed.error.flatten() });
+  }
+
+  const authReq = req as AnyAuthenticatedRequest;
+  const startAt = new Date(parsed.data.start_at);
+  const endAt = new Date(parsed.data.end_at);
+
+  try {
+    if (!(await getAgentInOrg(parsed.data.agent_id, authReq.org.id))) {
+      return res.status(403).json({ error: 'forbidden', message: 'Agent is outside your org' });
+    }
+    if (!canAccessAgent(authReq, parsed.data.agent_id)) {
+      return res.status(403).json({ error: 'forbidden', message: 'Agent key cannot act for another agent' });
+    }
+    if (!(await enforcePlanLimit({
+      org_id: authReq.org.id,
+      limit_type: 'api_calls_month',
+      res,
+    }))) {
+      return;
+    }
+
+    const client = await pool.connect();
+    try {
+      await client.query('BEGIN');
+      await client.query('SELECT pg_advisory_xact_lock(hashtext($1))', [
+        `${authReq.org.id}:${startAt.toISOString()}:${endAt.toISOString()}`,
+      ]);
+
+      const window = await client.query(
+        `SELECT 1
+         FROM availability_windows
+         WHERE agent_id = $1
+           AND window_type = 'available'
+           AND start_at <= $2
+           AND end_at >= $3
+         LIMIT 1`,
+        [parsed.data.agent_id, startAt, endAt],
+      );
+
+      if (window.rows.length === 0) {
+        await client.query('ROLLBACK');
+        return res.status(400).json({
+          error: 'outside_availability_window',
+          message: 'Requested hold is outside an availability window',
+        });
+      }
+
+      const newHold: Omit<Hold, 'id' | 'created_at'> = {
+        agent_id: parsed.data.agent_id,
+        org_id: authReq.org.id,
+        start_at: startAt,
+        end_at: endAt,
+        reason: parsed.data.reason,
+        status: 'confirmed',
+        booked_by_agent_id: isAgentAuth(authReq) ? authReq.agent.id : undefined,
+        metadata: parsed.data.metadata,
+      };
+
+      const conflict = await checkAndResolveConflict(newHold, client);
+
+      if (conflict.winner === 'existing') {
+        const actor = actorFor(authReq);
+        await client.query(
+          `INSERT INTO hold_events (
+             hold_id,
+             event_type,
+             agent_id,
+             org_id,
+             conflicting_hold_id,
+             rule_applied,
+             metadata,
+             actor_type,
+             actor_id,
+             actor_label
+           )
+           VALUES ($1, 'conflict_won', $2, $3, NULL, 'priority', $4, $5, $6, $7)`,
+          [
+            conflict.conflictingHold?.id,
+            conflict.conflictingHold?.agent_id,
+            authReq.org.id,
+            JSON.stringify({
+              blocked_agent_id: parsed.data.agent_id,
+              requested_start_at: startAt.toISOString(),
+              requested_end_at: endAt.toISOString(),
+            }),
+            actor.actor_type,
+            actor.actor_id,
+            actor.actor_label,
+          ],
+        );
+        await client.query('COMMIT');
+        const alternatives = await getAvailableSlots({
+          agent_id: parsed.data.agent_id,
+          org_id: authReq.org.id,
+          from: startAt,
+          to: addDays(startAt, 7),
+          duration_minutes: Math.ceil((endAt.getTime() - startAt.getTime()) / 60000),
+          include_competing_agents: true,
+        });
+
+        await logActivity({
+          org_id: authReq.org.id,
+          agent_id: parsed.data.agent_id,
+          activity_type: 'hold_create',
+          endpoint: '/v1/holds',
+          method: 'POST',
+          status_code: 409,
+          status: 'error',
+          ...actorFromAuth(authReq),
+          latency_ms: durationSince(startedAt),
+          error_code: 'slot_taken',
+          error_message: 'Another agent has priority for this time slot',
+          metadata: {
+            start_at: startAt.toISOString(),
+            end_at: endAt.toISOString(),
+            winning_hold_id: conflict.conflictingHold?.id,
+          },
+        });
+
+        return res.status(409).json({
+          error: 'slot_taken',
+          message: 'Another agent has priority for this time slot',
+          winning_hold_id: conflict.conflictingHold?.id,
+          suggested_alternatives: alternatives.slice(0, 3).map((slot) => ({
+            start: slot.start.toISOString(),
+            end: slot.end.toISOString(),
+            confidence: slot.confidence,
+          })),
+        });
+      }
+
+      if (conflict.conflictingHold) {
+        await client.query("UPDATE holds SET status = 'superseded' WHERE id = $1", [
+          conflict.conflictingHold.id,
+        ]);
+      }
+
+      const created = await client.query<Hold>(
+        `INSERT INTO holds (
+           agent_id,
+           org_id,
+           start_at,
+           end_at,
+           reason,
+           booked_by_agent_id,
+           metadata,
+           status
+         )
+         VALUES ($1, $2, $3, $4, $5, $6, $7, 'confirmed')
+         RETURNING *`,
+        [
+          newHold.agent_id,
+          newHold.org_id,
+          newHold.start_at,
+          newHold.end_at,
+          newHold.reason ?? null,
+          newHold.booked_by_agent_id ?? null,
+          newHold.metadata ? JSON.stringify(newHold.metadata) : null,
+        ],
+      );
+
+      const actor = actorFor(authReq);
+      await client.query(
+        `INSERT INTO hold_events (
+           hold_id,
+           event_type,
+           agent_id,
+           org_id,
+           metadata,
+           actor_type,
+           actor_id,
+           actor_label
+         )
+         VALUES ($1, 'created', $2, $3, $4, $5, $6, $7)`,
+        [
+          created.rows[0].id,
+          parsed.data.agent_id,
+          authReq.org.id,
+          null,
+          actor.actor_type,
+          actor.actor_id,
+          actor.actor_label,
+        ],
+      );
+
+      if (conflict.conflictingHold) {
+        await client.query(
+          `INSERT INTO hold_events (
+             hold_id,
+             event_type,
+             agent_id,
+             org_id,
+             conflicting_hold_id,
+             rule_applied,
+             actor_type,
+             actor_id,
+             actor_label
+           )
+           VALUES ($1, 'superseded', $2, $3, $4, 'priority', $5, $6, $7)`,
+          [
+            conflict.conflictingHold.id,
+            conflict.conflictingHold.agent_id,
+            authReq.org.id,
+            created.rows[0].id,
+            actor.actor_type,
+            actor.actor_id,
+            actor.actor_label,
+          ],
+        );
+      }
+
+      await client.query('COMMIT');
+      await logActivity({
+        org_id: authReq.org.id,
+        agent_id: parsed.data.agent_id,
+        activity_type: 'hold_create',
+        endpoint: '/v1/holds',
+        method: 'POST',
+        status_code: 201,
+        status: 'success',
+        ...actorFromAuth(authReq),
+        latency_ms: durationSince(startedAt),
+        metadata: {
+          hold_id: created.rows[0].id,
+          start_at: startAt.toISOString(),
+          end_at: endAt.toISOString(),
+          conflict_resolved: Boolean(conflict.conflictingHold),
+        },
+      });
+      return res.status(201).json({
+        hold: created.rows[0],
+        conflict_resolved: Boolean(conflict.conflictingHold),
+        ...(conflict.conflictingHold ? { superseded_hold_id: conflict.conflictingHold.id } : {}),
+      });
+    } catch (err) {
+      await client.query('ROLLBACK');
+      throw err;
+    } finally {
+      client.release();
+    }
+  } catch (err) {
+    log.error('[holds] unexpected error', { error: (err as Error).message });
+    return res.status(500).json({ error: 'internal_error', message: 'An unexpected error occurred' });
+  }
+});
+
+router.delete('/holds/:hold_id', requireWorkspaceOrAgent, async (req, res) => {
+  const startedAt = Date.now();
+  const authReq = req as AnyAuthenticatedRequest;
+
+  try {
+    if (!(await enforcePlanLimit({
+      org_id: authReq.org.id,
+      limit_type: 'api_calls_month',
+      res,
+    }))) {
+      return;
+    }
+
+    const client = await pool.connect();
+    try {
+      await client.query('BEGIN');
+      const updated = await client.query<Hold>(
+        `UPDATE holds
+         SET status = 'released'
+         WHERE id = $1
+           AND org_id = $2
+           AND ($3::uuid IS NULL OR agent_id = $3)
+         RETURNING *`,
+        [
+          req.params.hold_id,
+          authReq.org.id,
+          isAgentAuth(authReq) ? authReq.agent.id : null,
+        ],
+      );
+
+      if (updated.rows.length === 0) {
+        await client.query('ROLLBACK');
+        return res.status(404).json({ error: 'hold_not_found', message: 'Hold not found' });
+      }
+
+      const actor = actorFor(authReq);
+      await client.query(
+        `INSERT INTO hold_events (
+           hold_id,
+           event_type,
+           agent_id,
+           org_id,
+           actor_type,
+           actor_id,
+           actor_label
+         )
+         VALUES ($1, 'released', $2, $3, $4, $5, $6)`,
+        [
+          req.params.hold_id,
+          isAgentAuth(authReq) ? authReq.agent.id : updated.rows[0].agent_id,
+          authReq.org.id,
+          actor.actor_type,
+          actor.actor_id,
+          actor.actor_label,
+        ],
+      );
+      await client.query('COMMIT');
+      await logActivity({
+        org_id: authReq.org.id,
+        agent_id: updated.rows[0].agent_id,
+        activity_type: 'hold_release',
+        endpoint: '/v1/holds/:hold_id',
+        method: 'DELETE',
+        status_code: 200,
+        status: 'success',
+        ...actorFromAuth(authReq),
+        latency_ms: durationSince(startedAt),
+        metadata: {
+          hold_id: req.params.hold_id,
+        },
+      });
+      return res.json({ hold: updated.rows[0] });
+    } catch (err) {
+      await client.query('ROLLBACK');
+      throw err;
+    } finally {
+      client.release();
+    }
+  } catch (err) {
+    log.error('[holds] unexpected error', { error: (err as Error).message });
+    return res.status(500).json({ error: 'internal_error', message: 'An unexpected error occurred' });
+  }
+});
+
+router.get('/holds', requireWorkspaceOrAgent, async (req, res) => {
+  const query = z
+    .object({
+      agent_id: z.string().uuid().optional(),
+      from: z.string().datetime({ offset: true }).optional(),
+      to: z.string().datetime({ offset: true }).optional(),
+      status: z.enum(['confirmed', 'superseded', 'released']).optional().default('confirmed'),
+    })
+    .safeParse(req.query);
+
+  if (!query.success) {
+    return res.status(400).json({ error: 'validation_error', details: query.error.flatten() });
+  }
+
+  const authReq = req as AnyAuthenticatedRequest;
+  if (isAgentAuth(authReq) && query.data.agent_id && query.data.agent_id !== authReq.agent.id) {
+    return res.status(403).json({ error: 'forbidden', message: 'Agent key cannot act for another agent' });
+  }
+  const effectiveAgentId = isAgentAuth(authReq) ? authReq.agent.id : query.data.agent_id;
+
+  try {
+    const holds = await pool.query(
+      `SELECT *
+       FROM holds
+       WHERE org_id = $1
+         AND status = $2
+         AND ($3::uuid IS NULL OR agent_id = $3)
+         AND ($4::timestamptz IS NULL OR end_at > $4)
+         AND ($5::timestamptz IS NULL OR start_at < $5)
+       ORDER BY start_at ASC`,
+      [
+        authReq.org.id,
+        query.data.status,
+        effectiveAgentId ?? null,
+        query.data.from ? new Date(query.data.from) : null,
+        query.data.to ? new Date(query.data.to) : null,
+      ],
+    );
+    return res.json({ holds: holds.rows });
+  } catch (err) {
+    log.error('[holds] unexpected error', { error: (err as Error).message });
+    return res.status(500).json({ error: 'internal_error', message: 'An unexpected error occurred' });
+  }
+});
+
+export default router;

package/src/routes/mcp.ts

@@ -0,0 +1,57 @@
+import express from 'express';
+import { z } from 'zod';
+import pool from '../db/client';
+import { log } from '../lib/logger';
+import { agentActor, durationSince, logActivity } from '../lib/activity';
+import { requireAgentKey, type AgentAuthenticatedRequest } from '../middleware/auth';
+
+const router = express.Router();
+
+const HeartbeatSchema = z.object({
+  client_name: z.string().max(100).optional().default('mcp'),
+});
+
+router.post('/mcp/heartbeat', requireAgentKey, async (req, res) => {
+  const startedAt = Date.now();
+  const parsed = HeartbeatSchema.safeParse(req.body ?? {});
+  if (!parsed.success) {
+    return res.status(422).json({ error: 'validation_error', details: parsed.error.flatten() });
+  }
+
+  const authReq = req as AgentAuthenticatedRequest;
+
+  try {
+    const updated = await pool.query(
+      `UPDATE agents
+       SET mcp_last_seen_at = NOW(),
+           mcp_client_name = $1
+       WHERE id = $2
+       RETURNING id, mcp_last_seen_at, mcp_client_name`,
+      [parsed.data.client_name, authReq.agent.id],
+    );
+
+    await logActivity({
+      org_id: authReq.org.id,
+      agent_id: authReq.agent.id,
+      activity_type: 'mcp_heartbeat',
+      endpoint: '/v1/mcp/heartbeat',
+      method: 'POST',
+      status_code: 200,
+      status: 'success',
+      ...agentActor(authReq),
+      client_name: parsed.data.client_name,
+      latency_ms: durationSince(startedAt),
+    });
+
+    return res.json({
+      agent_id: updated.rows[0].id,
+      mcp_last_seen_at: updated.rows[0].mcp_last_seen_at,
+      mcp_client_name: updated.rows[0].mcp_client_name,
+    });
+  } catch (err) {
+    log.error('[mcp] heartbeat error', { error: (err as Error).message });
+    return res.status(500).json({ error: 'internal_error', message: 'An unexpected error occurred' });
+  }
+});
+
+export default router;

package/src/routes/metrics.ts

@@ -0,0 +1,39 @@
+import express from 'express';
+import pool from '../db/client';
+import { requireWorkspaceSession, type WorkspaceAuthenticatedRequest } from '../middleware/auth';
+import { log } from '../lib/logger';
+
+const router = express.Router();
+
+router.get('/metrics/overview', requireWorkspaceSession, async (req, res) => {
+  const authReq = req as WorkspaceAuthenticatedRequest;
+
+  try {
+    const result = await pool.query(
+      `SELECT
+         (SELECT COUNT(*)::int FROM agents WHERE org_id = $1) AS active_agents,
+         (SELECT COUNT(*)::int FROM agents WHERE org_id = $1 AND mcp_last_seen_at > NOW() - INTERVAL '2 minutes') AS mcp_online,
+         (SELECT COUNT(*)::int FROM holds WHERE org_id = $1 AND status = 'confirmed') AS confirmed_holds,
+         (SELECT COUNT(*)::int FROM hold_events WHERE org_id = $1 AND event_type = 'superseded') AS conflicts_resolved,
+         (SELECT COUNT(*)::int FROM hold_events WHERE org_id = $1 AND event_type = 'conflict_won') AS conflicts_blocked,
+         (SELECT COUNT(*)::int FROM holds WHERE org_id = $1 AND status = 'released') AS released_holds,
+         (SELECT COUNT(*)::int FROM agent_activity_events WHERE org_id = $1 AND created_at >= date_trunc('day', NOW())) AS api_calls_today,
+         (SELECT COUNT(*)::int FROM agents WHERE org_id = $1 AND GREATEST(COALESCE(last_seen_at, 'epoch'::timestamptz), COALESCE(mcp_last_seen_at, 'epoch'::timestamptz)) > NOW() - INTERVAL '15 minutes') AS connected_agents,
+         (SELECT COUNT(*)::int FROM agent_activity_events WHERE org_id = $1 AND status = 'error' AND created_at > NOW() - INTERVAL '24 hours') AS recent_errors,
+         (SELECT COALESCE(SUM(total_tokens), 0)::int FROM agent_activity_events WHERE org_id = $1 AND created_at >= date_trunc('day', NOW())) AS token_usage_reported,
+         (SELECT COUNT(*)::int FROM work_claims WHERE org_id = $1 AND status = 'active' AND expires_at >= NOW()) AS active_work_claims,
+         (SELECT COUNT(*)::int FROM work_resources WHERE org_id = $1) AS protected_resources,
+         (SELECT COUNT(*)::int FROM work_claim_events WHERE org_id = $1 AND event_type = 'blocked') AS blocked_agent_runs,
+         (SELECT COUNT(*)::int FROM work_claims WHERE org_id = $1 AND status = 'released') AS released_work_slots,
+         (SELECT MAX(created_at) FROM hold_events WHERE org_id = $1) AS latest_event_at`,
+      [authReq.org.id],
+    );
+
+    return res.json(result.rows[0]);
+  } catch (err) {
+    log.error('[metrics] unexpected error', { error: (err as Error).message });
+    return res.status(500).json({ error: 'internal_error', message: 'An unexpected error occurred' });
+  }
+});
+
+export default router;