bopodev-api 0.1.1

package/src/services/governance-service.ts

@@ -0,0 +1,229 @@
+import { and, eq } from "drizzle-orm";
+import { z } from "zod";
+import type { BopoDb } from "bopodev-db";
+import { approvalRequests, createAgent, createGoal, goals, projects } from "bopodev-db";
+
+const approvalGatedActions = new Set([
+  "hire_agent",
+  "activate_goal",
+  "override_budget",
+  "pause_agent",
+  "terminate_agent"
+]);
+
+const hireAgentPayloadSchema = z.object({
+  managerAgentId: z.string().optional(),
+  role: z.string().min(1),
+  name: z.string().min(1),
+  providerType: z.enum(["claude_code", "codex", "http", "shell"]),
+  heartbeatCron: z.string().min(1),
+  monthlyBudgetUsd: z.number().nonnegative(),
+  canHireAgents: z.boolean().default(false),
+  runtimeCommand: z.string().optional(),
+  runtimeArgs: z.array(z.string()).optional(),
+  runtimeCwd: z.string().optional(),
+  runtimeTimeoutMs: z.number().int().positive().max(600000).optional()
+});
+
+const activateGoalPayloadSchema = z.object({
+  projectId: z.string().optional(),
+  parentGoalId: z.string().optional(),
+  level: z.enum(["company", "project", "agent"]),
+  title: z.string().min(1),
+  description: z.string().optional()
+});
+
+export class GovernanceError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "GovernanceError";
+  }
+}
+
+export function isApprovalRequired(action: string) {
+  return approvalGatedActions.has(action);
+}
+
+export async function resolveApproval(
+  db: BopoDb,
+  companyId: string,
+  approvalId: string,
+  status: "approved" | "rejected" | "overridden"
+) {
+  return db.transaction(async (tx) => {
+    const [approval] = await tx
+      .select()
+      .from(approvalRequests)
+      .where(and(eq(approvalRequests.companyId, companyId), eq(approvalRequests.id, approvalId)))
+      .limit(1);
+
+    if (!approval) {
+      throw new GovernanceError("Approval request not found.");
+    }
+    if (approval.status !== "pending") {
+      if (approval.status === status) {
+        // Idempotent retry: requested state already applied.
+        return {
+          approvalId,
+          action: approval.action,
+          status: approval.status,
+          execution: { applied: false }
+        };
+      }
+      throw new GovernanceError("Approval request has already been resolved.");
+    }
+
+    let execution:
+      | {
+          applied: boolean;
+          entityType?: "agent" | "goal";
+          entityId?: string;
+          entity?: Record<string, unknown>;
+        }
+      | undefined;
+
+    if (status === "approved") {
+      execution = await applyApprovalAction(tx as unknown as BopoDb, companyId, approval.action, approval.payloadJson);
+    }
+
+    const [updated] = await tx
+      .update(approvalRequests)
+      .set({ status, resolvedAt: new Date() })
+      .where(
+        and(
+          eq(approvalRequests.companyId, companyId),
+          eq(approvalRequests.id, approvalId),
+          eq(approvalRequests.status, "pending")
+        )
+      )
+      .returning({ id: approvalRequests.id });
+
+    if (!updated) {
+      const [latest] = await tx
+        .select()
+        .from(approvalRequests)
+        .where(and(eq(approvalRequests.companyId, companyId), eq(approvalRequests.id, approvalId)))
+        .limit(1);
+      if (latest && latest.status === status) {
+        return {
+          approvalId,
+          action: approval.action,
+          status: latest.status,
+          execution: { applied: false }
+        };
+      }
+      throw new GovernanceError("Approval request could not be resolved due to a concurrent update.");
+    }
+
+    return {
+      approvalId,
+      action: approval.action,
+      status,
+      execution: execution ?? { applied: false }
+    };
+  });
+}
+
+async function applyApprovalAction(db: BopoDb, companyId: string, action: string, payloadJson: string) {
+  const payload = parsePayload(payloadJson);
+
+  if (action === "hire_agent") {
+    const parsed = hireAgentPayloadSchema.safeParse(payload);
+    if (!parsed.success) {
+      throw new GovernanceError("Approval payload for agent hiring is invalid.");
+    }
+
+    const agent = await createAgent(db, {
+      companyId,
+      managerAgentId: parsed.data.managerAgentId,
+      role: parsed.data.role,
+      name: parsed.data.name,
+      providerType: parsed.data.providerType,
+      heartbeatCron: parsed.data.heartbeatCron,
+      monthlyBudgetUsd: parsed.data.monthlyBudgetUsd.toFixed(4),
+      canHireAgents: parsed.data.canHireAgents,
+      initialState: {
+        runtime: {
+          command: parsed.data.runtimeCommand,
+          args: parsed.data.runtimeArgs,
+          cwd: parsed.data.runtimeCwd,
+          timeoutMs: parsed.data.runtimeTimeoutMs
+        }
+      }
+    });
+
+    return {
+      applied: true,
+      entityType: "agent" as const,
+      entityId: agent.id,
+      entity: agent as Record<string, unknown>
+    };
+  }
+
+  if (action === "activate_goal") {
+    const parsed = activateGoalPayloadSchema.safeParse(payload);
+    if (!parsed.success) {
+      throw new GovernanceError("Approval payload for goal activation is invalid.");
+    }
+
+    if (parsed.data.parentGoalId) {
+      const [parentGoal] = await db
+        .select({ id: goals.id })
+        .from(goals)
+        .where(and(eq(goals.companyId, companyId), eq(goals.id, parsed.data.parentGoalId)))
+        .limit(1);
+
+      if (!parentGoal) {
+        throw new GovernanceError("Parent goal not found for activation request.");
+      }
+    }
+
+    if (parsed.data.projectId) {
+      const [project] = await db
+        .select({ id: projects.id })
+        .from(projects)
+        .where(and(eq(projects.companyId, companyId), eq(projects.id, parsed.data.projectId)))
+        .limit(1);
+
+      if (!project) {
+        throw new GovernanceError("Project not found for activation request.");
+      }
+    }
+
+    const goal = await createGoal(db, {
+      companyId,
+      projectId: parsed.data.projectId,
+      parentGoalId: parsed.data.parentGoalId,
+      level: parsed.data.level,
+      title: parsed.data.title,
+      description: parsed.data.description
+    });
+
+    await db
+      .update(goals)
+      .set({ status: "active", updatedAt: new Date() })
+      .where(and(eq(goals.companyId, companyId), eq(goals.id, goal.id)));
+
+    return {
+      applied: true,
+      entityType: "goal" as const,
+      entityId: goal.id,
+      entity: { ...goal, status: "active" }
+    };
+  }
+
+  if (action === "pause_agent" || action === "terminate_agent" || action === "override_budget") {
+    return { applied: false };
+  }
+
+  throw new GovernanceError(`Unsupported approval action: ${action}`);
+}
+
+function parsePayload(payloadJson: string) {
+  try {
+    const parsed = JSON.parse(payloadJson) as unknown;
+    return typeof parsed === "object" && parsed !== null ? parsed : {};
+  } catch {
+    return {};
+  }
+}