availsync 0.1.0

package/tests/integration/availability.route.test.ts

@@ -0,0 +1,125 @@
+import { afterAll, beforeAll, describe, expect, test } from '@jest/globals';
+import {
+  api,
+  closeDatabase,
+  createAgent,
+  createOrgAndAgent,
+  createWindow,
+  migrateTestDatabase,
+  resetDatabase,
+} from './helpers';
+
+describe('availability routes', () => {
+  let orgId: string;
+  let agentId: string;
+  let apiKey: string;
+
+  beforeAll(async () => {
+    await migrateTestDatabase();
+    await resetDatabase();
+    const created = await createOrgAndAgent();
+    orgId = created.orgId;
+    agentId = created.agentId;
+    apiKey = created.apiKey;
+    await createWindow(agentId, apiKey, '2026-05-18T09:00:00Z', '2026-05-18T11:00:00Z');
+    await createWindow(agentId, apiKey, '2030-01-03T09:00:00Z', '2030-01-03T11:00:00Z');
+  });
+
+  afterAll(async () => {
+    await resetDatabase();
+    await closeDatabase();
+  });
+
+  test('GET /v1/availability with valid params returns slots', async () => {
+    const response = await api
+      .get('/v1/availability')
+      .query({
+        agent_id: agentId,
+        from: '2026-05-18T09:00:00Z',
+        to: '2026-05-18T11:00:00Z',
+        duration_minutes: 30,
+      })
+      .set('Authorization', `Bearer ${apiKey}`)
+      .expect(200);
+
+    expect(response.body.total_slots).toBeGreaterThan(0);
+    expect(response.body.slots[0]).toHaveProperty('confidence');
+  });
+
+  test('GET /v1/availability excludes competing agent holds by default', async () => {
+    const competing = await createAgent(orgId, 'Competing Bot', 'internal');
+    await createWindow(competing.agentId, competing.apiKey, '2030-01-03T09:00:00Z', '2030-01-03T11:00:00Z');
+    await api
+      .post('/v1/holds')
+      .set('Authorization', `Bearer ${competing.apiKey}`)
+      .send({
+        agent_id: competing.agentId,
+        start_at: '2030-01-03T09:30:00Z',
+        end_at: '2030-01-03T10:00:00Z',
+      })
+      .expect(201);
+
+    const response = await api
+      .get('/v1/availability')
+      .set('Authorization', `Bearer ${apiKey}`)
+      .query({
+        agent_id: agentId,
+        from: '2030-01-03T09:00:00Z',
+        to: '2030-01-03T11:00:00Z',
+        duration_minutes: 30,
+      })
+      .expect(200);
+
+    expect(response.body.slots.map((slot: { start: string }) => slot.start)).not.toContain(
+      '2030-01-03T09:30:00.000Z',
+    );
+  });
+
+  test('GET /v1/availability can ignore competing agent holds for debugging', async () => {
+    const response = await api
+      .get('/v1/availability')
+      .set('Authorization', `Bearer ${apiKey}`)
+      .query({
+        agent_id: agentId,
+        from: '2030-01-03T09:00:00Z',
+        to: '2030-01-03T11:00:00Z',
+        duration_minutes: 30,
+        include_competing_agents: 'false',
+      })
+      .expect(200);
+
+    expect(response.body.slots.map((slot: { start: string }) => slot.start)).toContain(
+      '2030-01-03T09:30:00.000Z',
+    );
+  });
+
+  test('GET /v1/availability without auth returns 401', async () => {
+    await api.get('/v1/availability').query({ agent_id: agentId }).expect(401);
+  });
+
+  test('GET /v1/availability with invalid agent_id returns 403', async () => {
+    await api
+      .get('/v1/availability')
+      .query({
+        agent_id: '00000000-0000-0000-0000-000000000000',
+        from: '2026-05-18T09:00:00Z',
+        to: '2026-05-18T11:00:00Z',
+        duration_minutes: 30,
+      })
+      .set('Authorization', `Bearer ${apiKey}`)
+      .expect(403);
+  });
+
+  test('GET /v1/availability with from in the past returns 400', async () => {
+    await api
+      .get('/v1/availability')
+      .query({
+        agent_id: agentId,
+        from: '2020-01-01T09:00:00Z',
+        to: '2020-01-01T11:00:00Z',
+        duration_minutes: 30,
+      })
+      .set('Authorization', `Bearer ${apiKey}`)
+      .expect(400);
+  });
+});

package/tests/integration/billing.route.test.ts

@@ -0,0 +1,393 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, test } from '@jest/globals';
+import Stripe from 'stripe';
+import {
+  api,
+  closeDatabase,
+  createAgent,
+  createOrgAndAgent,
+  getWorkspaceCookie,
+  migrateTestDatabase,
+  resetDatabase,
+} from './helpers';
+import pool from '../../src/db/client';
+
+describe('billing routes', () => {
+  let orgId: string;
+
+  beforeAll(async () => {
+    await migrateTestDatabase();
+  });
+
+  beforeEach(async () => {
+    delete process.env.STRIPE_SECRET_KEY;
+    delete process.env.STRIPE_WEBHOOK_SECRET;
+    delete process.env.BILLING_UPGRADES_ENABLED;
+    delete process.env.NEXT_PUBLIC_BILLING_UPGRADES_ENABLED;
+    await resetDatabase();
+    const created = await api.post('/v1/orgs').send({ name: `Billing Org ${Date.now()}` }).expect(201);
+    orgId = created.body.org.id;
+  });
+
+  afterAll(async () => {
+    await resetDatabase();
+    await closeDatabase();
+  });
+
+  test('checkout returns 401 without auth', async () => {
+    await api
+      .post('/v1/billing/checkout')
+      .send({ plan: 'individual' })
+      .expect(401);
+  });
+
+  test('checkout is waitlist-only when paid upgrades are disabled', async () => {
+    const workspace = await createOrgAndAgent('Billing Agent', 'generic', 0);
+
+    const response = await api
+      .post('/v1/billing/checkout')
+      .set('Cookie', getWorkspaceCookie(workspace.orgId))
+      .send({ plan: 'individual' })
+      .expect(403);
+
+    expect(response.body).toMatchObject({ error: 'billing_upgrades_disabled' });
+  });
+
+  test('checkout returns safe not-configured response when upgrades are enabled without Stripe', async () => {
+    process.env.BILLING_UPGRADES_ENABLED = 'true';
+    const workspace = await createOrgAndAgent('Billing Agent', 'generic', 0);
+
+    const response = await api
+      .post('/v1/billing/checkout')
+      .set('Cookie', getWorkspaceCookie(workspace.orgId))
+      .send({ plan: 'individual' })
+      .expect(501);
+
+    expect(response.body).toMatchObject({ error: 'billing_not_configured' });
+  });
+
+  test('billing status returns limits and usage for the current workspace', async () => {
+    const workspace = await createOrgAndAgent('Billing Usage', 'generic', 0);
+    const claim = await api
+      .post('/v1/work/claim')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .send({
+        agent_id: workspace.agentId,
+        resource_type: 'repo',
+        resource_key: 'owner/repo',
+      })
+      .expect(201);
+
+    const response = await api
+      .get('/v1/billing/status')
+      .set('Cookie', getWorkspaceCookie(workspace.orgId))
+      .expect(200);
+
+    expect(response.body).toMatchObject({
+      plan: 'free',
+      subscription_status: 'free',
+      billing_upgrades_enabled: false,
+      limits: {
+        agents: 3,
+        protected_resources: 2,
+        active_work_claims: 1,
+        api_calls_month: 1000,
+        activity_retention_days: 7,
+      },
+      usage: {
+        agents: 1,
+        protected_resources: 1,
+        active_work_claims: 1,
+      },
+    });
+    expect(response.body.upgrade_reasons).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({ limit_type: 'active_work_claims', state: 'reached' }),
+      ]),
+    );
+
+    await api
+      .delete(`/v1/work/claims/${claim.body.claim.id}`)
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .expect(200);
+  });
+
+  test('free plan enforces agent limit with upgrade payload', async () => {
+    const workspace = await createOrgAndAgent('Agent Limit', 'generic', 0);
+    await createAgent(workspace.orgId, 'Second', 'generic', 0);
+    await createAgent(workspace.orgId, 'Third', 'generic', 0);
+
+    const response = await api
+      .post(`/v1/orgs/${workspace.orgId}/agents`)
+      .set('Cookie', getWorkspaceCookie(workspace.orgId))
+      .send({ name: 'Fourth', agent_type: 'generic', priority: 0 })
+      .expect(402);
+
+    expect(response.body).toMatchObject({
+      error: 'plan_limit_reached',
+      limit_type: 'agents',
+      plan: 'free',
+      limit: 3,
+      usage: 3,
+      upgrade_plan: 'individual',
+    });
+  });
+
+  test('free plan enforces protected resource and active work claim limits', async () => {
+    const workspace = await createOrgAndAgent('Work Limits', 'generic', 0);
+
+    const active = await api
+      .post('/v1/work/claim')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .send({ agent_id: workspace.agentId, resource_type: 'repo', resource_key: 'owner/active' })
+      .expect(201);
+
+    const activeBlocked = await api
+      .post('/v1/work/claim')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .send({ agent_id: workspace.agentId, resource_type: 'repo', resource_key: 'owner/blocked' })
+      .expect(402);
+
+    expect(activeBlocked.body).toMatchObject({
+      error: 'plan_limit_reached',
+      limit_type: 'active_work_claims',
+      usage: 1,
+    });
+
+    await api
+      .delete(`/v1/work/claims/${active.body.claim.id}`)
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .expect(200);
+
+    const second = await api
+      .post('/v1/work/claim')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .send({ agent_id: workspace.agentId, resource_type: 'repo', resource_key: 'owner/second' })
+      .expect(201);
+    await api
+      .delete(`/v1/work/claims/${second.body.claim.id}`)
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .expect(200);
+
+    const resourceBlocked = await api
+      .post('/v1/work/claim')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .send({ agent_id: workspace.agentId, resource_type: 'repo', resource_key: 'owner/third' })
+      .expect(402);
+
+    expect(resourceBlocked.body).toMatchObject({
+      error: 'plan_limit_reached',
+      limit_type: 'protected_resources',
+      usage: 2,
+    });
+  });
+
+  test('free plan enforces monthly runtime API call limit', async () => {
+    const workspace = await createOrgAndAgent('API Limit', 'generic', 0);
+    await pool.query(
+      `INSERT INTO agent_activity_events (org_id, agent_id, activity_type, status, created_at)
+       SELECT $1, $2, 'availability_check', 'success', NOW()
+       FROM generate_series(1, 1000)`,
+      [workspace.orgId, workspace.agentId],
+    );
+
+    const response = await api
+      .get('/v1/availability')
+      .set('Authorization', `Bearer ${workspace.apiKey}`)
+      .query({
+        agent_id: workspace.agentId,
+        from: '2030-05-01T09:00:00Z',
+        to: '2030-05-01T10:00:00Z',
+        duration_minutes: 30,
+      })
+      .expect(402);
+
+    expect(response.body).toMatchObject({
+      error: 'plan_limit_reached',
+      limit_type: 'api_calls_month',
+      usage: 1000,
+      upgrade_plan: 'individual',
+    });
+  });
+
+  test('subscription endpoint returns the current org plan', async () => {
+    await pool.query('UPDATE orgs SET plan = $1, agent_limit = $2 WHERE id = $3', [
+      'team',
+      50,
+      orgId,
+    ]);
+
+    const response = await api.get(`/v1/billing/subscription/${orgId}`).expect(200);
+
+    expect(response.body).toMatchObject({
+      org_id: orgId,
+      status: 'active',
+      plan: 'team',
+      agent_limit: 50,
+    });
+  });
+
+  test('signed checkout webhook upgrades the organization plan', async () => {
+    process.env.STRIPE_SECRET_KEY = 'sk_test_123';
+    process.env.STRIPE_WEBHOOK_SECRET = 'whsec_test_123';
+
+    const payload = JSON.stringify({
+      id: 'evt_test_checkout',
+      object: 'event',
+      type: 'checkout.session.completed',
+      data: {
+        object: {
+          id: 'cs_test_123',
+          object: 'checkout.session',
+          metadata: {
+            org_id: orgId,
+            plan: 'team',
+          },
+        },
+      },
+    });
+    const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
+    const signature = stripe.webhooks.generateTestHeaderString({
+      payload,
+      secret: process.env.STRIPE_WEBHOOK_SECRET,
+    });
+
+    await api
+      .post('/v1/billing/webhook')
+      .set('stripe-signature', signature)
+      .set('Content-Type', 'application/json')
+      .send(payload)
+      .expect(200);
+
+    const updated = await pool.query(
+      'SELECT plan, agent_limit, subscription_status, stripe_customer_id, stripe_subscription_id FROM orgs WHERE id = $1',
+      [orgId],
+    );
+    expect(updated.rows[0]).toMatchObject({
+      plan: 'team',
+      agent_limit: 9999,
+      subscription_status: 'active',
+    });
+  });
+
+  test('subscription updated webhook stores status and period fields', async () => {
+    process.env.STRIPE_SECRET_KEY = 'sk_test_123';
+    process.env.STRIPE_WEBHOOK_SECRET = 'whsec_test_123';
+    const now = Math.floor(Date.now() / 1000);
+
+    const payload = JSON.stringify({
+      id: 'evt_test_subscription_updated',
+      object: 'event',
+      type: 'customer.subscription.updated',
+      data: {
+        object: {
+          id: 'sub_test',
+          object: 'subscription',
+          customer: 'cus_test',
+          status: 'past_due',
+          current_period_start: now,
+          current_period_end: now + 86400,
+          cancel_at_period_end: true,
+          metadata: {
+            org_id: orgId,
+            plan: 'individual',
+          },
+        },
+      },
+    });
+    const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
+    const signature = stripe.webhooks.generateTestHeaderString({
+      payload,
+      secret: process.env.STRIPE_WEBHOOK_SECRET,
+    });
+
+    await api
+      .post('/v1/billing/webhook')
+      .set('stripe-signature', signature)
+      .set('Content-Type', 'application/json')
+      .send(payload)
+      .expect(200);
+
+    const updated = await pool.query(
+      `SELECT plan, agent_limit, subscription_status, stripe_customer_id, stripe_subscription_id, current_period_end, cancel_at_period_end
+       FROM orgs
+       WHERE id = $1`,
+      [orgId],
+    );
+    expect(updated.rows[0]).toMatchObject({
+      plan: 'individual',
+      agent_limit: 15,
+      subscription_status: 'past_due',
+      stripe_customer_id: 'cus_test',
+      stripe_subscription_id: 'sub_test',
+      cancel_at_period_end: true,
+    });
+    expect(updated.rows[0].current_period_end).toBeTruthy();
+  });
+
+  test('subscription deleted webhook downgrades to free', async () => {
+    process.env.STRIPE_SECRET_KEY = 'sk_test_123';
+    process.env.STRIPE_WEBHOOK_SECRET = 'whsec_test_123';
+    await pool.query(
+      `UPDATE orgs
+       SET plan = 'team',
+           agent_limit = 9999,
+           subscription_status = 'active',
+           stripe_subscription_id = 'sub_test'
+       WHERE id = $1`,
+      [orgId],
+    );
+
+    const payload = JSON.stringify({
+      id: 'evt_test_subscription_deleted',
+      object: 'event',
+      type: 'customer.subscription.deleted',
+      data: {
+        object: {
+          id: 'sub_test',
+          object: 'subscription',
+          metadata: {
+            org_id: orgId,
+            plan: 'team',
+          },
+        },
+      },
+    });
+    const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
+    const signature = stripe.webhooks.generateTestHeaderString({
+      payload,
+      secret: process.env.STRIPE_WEBHOOK_SECRET,
+    });
+
+    await api
+      .post('/v1/billing/webhook')
+      .set('stripe-signature', signature)
+      .set('Content-Type', 'application/json')
+      .send(payload)
+      .expect(200);
+
+    const updated = await pool.query(
+      'SELECT plan, agent_limit, subscription_status, stripe_subscription_id FROM orgs WHERE id = $1',
+      [orgId],
+    );
+    expect(updated.rows[0]).toMatchObject({
+      plan: 'free',
+      agent_limit: 3,
+      subscription_status: 'canceled',
+      stripe_subscription_id: null,
+    });
+  });
+
+  test('webhook rejects invalid signatures', async () => {
+    process.env.STRIPE_SECRET_KEY = 'sk_test_123';
+    process.env.STRIPE_WEBHOOK_SECRET = 'whsec_test_123';
+
+    const response = await api
+      .post('/v1/billing/webhook')
+      .set('stripe-signature', 'invalid')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify({}))
+      .expect(400);
+
+    expect(response.body).toEqual({ error: 'invalid_signature' });
+  });
+});

package/tests/integration/conflicts.route.test.ts

@@ -0,0 +1,131 @@
+import { afterAll, beforeAll, describe, expect, test } from '@jest/globals';
+import {
+  api,
+  closeDatabase,
+  createAgent,
+  createOrgAndAgent,
+  createWindow,
+  migrateTestDatabase,
+  resetDatabase,
+} from './helpers';
+import pool from '../../src/db/client';
+
+describe('conflict preview routes', () => {
+  let orgId: string;
+  let externalAgentId: string;
+  let externalApiKey: string;
+  let internalAgentId: string;
+  let internalApiKey: string;
+
+  beforeAll(async () => {
+    await migrateTestDatabase();
+    await resetDatabase();
+    const external = await createOrgAndAgent('External', 'external_meeting');
+    orgId = external.orgId;
+    externalAgentId = external.agentId;
+    externalApiKey = external.apiKey;
+    const internal = await createAgent(orgId, 'Internal', 'internal');
+    internalAgentId = internal.agentId;
+    internalApiKey = internal.apiKey;
+    await createWindow(externalAgentId, externalApiKey, '2030-02-01T09:00:00Z', '2030-02-01T17:00:00Z');
+    await createWindow(internalAgentId, internalApiKey, '2030-02-01T09:00:00Z', '2030-02-01T17:00:00Z');
+  });
+
+  afterAll(async () => {
+    await resetDatabase();
+    await closeDatabase();
+  });
+
+  test('returns available and does not mutate when no overlap exists', async () => {
+    const before = await pool.query('SELECT COUNT(*)::int AS count FROM holds');
+
+    const response = await api
+      .post('/v1/conflicts/check')
+      .set('Authorization', `Bearer ${externalApiKey}`)
+      .send({
+        agent_id: externalAgentId,
+        start_at: '2030-02-01T09:00:00Z',
+        end_at: '2030-02-01T09:30:00Z',
+      })
+      .expect(200);
+
+    const after = await pool.query('SELECT COUNT(*)::int AS count FROM holds');
+    expect(response.body).toMatchObject({
+      status: 'available',
+      would_create_hold: true,
+      winning_hold_id: null,
+      losing_hold_ids: [],
+      rule_applied: 'none',
+    });
+    expect(after.rows[0].count).toBe(before.rows[0].count);
+  });
+
+  test('returns would_lose when an existing higher-priority hold wins', async () => {
+    const created = await api
+      .post('/v1/holds')
+      .set('Authorization', `Bearer ${externalApiKey}`)
+      .send({
+        agent_id: externalAgentId,
+        start_at: '2030-02-01T10:00:00Z',
+        end_at: '2030-02-01T10:30:00Z',
+      })
+      .expect(201);
+
+    const response = await api
+      .post('/v1/conflicts/check')
+      .set('Authorization', `Bearer ${internalApiKey}`)
+      .send({
+        agent_id: internalAgentId,
+        start_at: '2030-02-01T10:00:00Z',
+        end_at: '2030-02-01T10:30:00Z',
+      })
+      .expect(200);
+
+    expect(response.body).toMatchObject({
+      status: 'would_lose',
+      would_create_hold: false,
+      winning_hold_id: created.body.hold.id,
+      losing_hold_ids: [],
+      rule_applied: 'agent_type',
+    });
+    expect(response.body.suggested_alternatives).toHaveLength(3);
+  });
+
+  test('returns would_win without superseding existing holds', async () => {
+    const created = await api
+      .post('/v1/holds')
+      .set('Authorization', `Bearer ${internalApiKey}`)
+      .send({
+        agent_id: internalAgentId,
+        start_at: '2030-02-01T11:00:00Z',
+        end_at: '2030-02-01T11:30:00Z',
+      })
+      .expect(201);
+
+    const response = await api
+      .post('/v1/conflicts/check')
+      .set('Authorization', `Bearer ${externalApiKey}`)
+      .send({
+        agent_id: externalAgentId,
+        start_at: '2030-02-01T11:00:00Z',
+        end_at: '2030-02-01T11:30:00Z',
+      })
+      .expect(200);
+
+    const existing = await pool.query('SELECT status FROM holds WHERE id = $1', [created.body.hold.id]);
+    const eventCount = await pool.query(
+      'SELECT COUNT(*)::int AS count FROM hold_events WHERE hold_id = $1',
+      [created.body.hold.id],
+    );
+
+    expect(response.body).toMatchObject({
+      status: 'would_win',
+      would_create_hold: true,
+      winning_hold_id: null,
+      losing_hold_ids: [created.body.hold.id],
+      rule_applied: 'agent_type',
+    });
+    expect(existing.rows[0].status).toBe('confirmed');
+    expect(eventCount.rows[0].count).toBe(1);
+  });
+});