bopodev-api 0.1.14 → 0.1.16

package/src/routes/templates.ts

@@ -0,0 +1,439 @@
+import { Router } from "express";
+import {
+  TemplateApplyRequestSchema,
+  TemplateCreateRequestSchema,
+  TemplateManifestDefault,
+  TemplateImportRequestSchema,
+  TemplateManifestSchema,
+  TemplatePreviewRequestSchema,
+  TemplateUpdateRequestSchema
+} from "bopodev-contracts";
+import {
+  appendAuditEvent,
+  createApprovalRequest,
+  createTemplate,
+  createTemplateVersion,
+  deleteTemplate,
+  getCurrentTemplateVersion,
+  getTemplate,
+  getTemplateBySlug,
+  getTemplateVersionByVersion,
+  listTemplates,
+  updateTemplate
+} from "bopodev-db";
+import type { AppContext } from "../context";
+import { sendError, sendOk } from "../http";
+import { requireCompanyScope } from "../middleware/company-scope";
+import { requirePermission } from "../middleware/request-actor";
+import { applyTemplateManifest } from "../services/template-apply-service";
+import { buildTemplatePreview } from "../services/template-preview-service";
+
+export function createTemplatesRouter(ctx: AppContext) {
+  const router = Router();
+  router.use(requireCompanyScope);
+
+  router.get("/", async (req, res) => {
+    const rows = await listTemplates(ctx.db, req.companyId!);
+    const hydrated = await Promise.all(rows.map((row) => hydrateTemplate(ctx, req.companyId!, row.id)));
+    return sendOk(res, hydrated.filter((row): row is NonNullable<typeof row> => Boolean(row)));
+  });
+
+  router.post("/", async (req, res) => {
+    requirePermission("templates:write")(req, res, () => {});
+    if (res.headersSent) {
+      return;
+    }
+    const parsed = TemplateCreateRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const existing = await getTemplateBySlug(ctx.db, req.companyId!, parsed.data.slug);
+    if (existing) {
+      return sendError(res, `Template slug '${parsed.data.slug}' already exists.`, 409);
+    }
+    const created = await createTemplate(ctx.db, {
+      companyId: req.companyId!,
+      slug: parsed.data.slug,
+      name: parsed.data.name,
+      description: parsed.data.description,
+      currentVersion: parsed.data.currentVersion,
+      status: parsed.data.status,
+      visibility: parsed.data.visibility,
+      variablesJson: JSON.stringify(parsed.data.variables)
+    });
+    if (!created) {
+      return sendError(res, "Template creation failed.", 500);
+    }
+    await createTemplateVersion(ctx.db, {
+      companyId: req.companyId!,
+      templateId: created.id,
+      version: parsed.data.currentVersion,
+      manifestJson: JSON.stringify(parsed.data.manifest)
+    });
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, created.id);
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.created",
+      entityType: "template",
+      entityId: created.id,
+      payload: hydrated ?? created
+    });
+    return sendOk(res, hydrated ?? created);
+  });
+
+  router.put("/:templateId", async (req, res) => {
+    requirePermission("templates:write")(req, res, () => {});
+    if (res.headersSent) {
+      return;
+    }
+    const parsed = TemplateUpdateRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const existing = await getTemplate(ctx.db, req.companyId!, req.params.templateId);
+    if (!existing) {
+      return sendError(res, "Template not found.", 404);
+    }
+    const nextVersion = parsed.data.currentVersion ?? existing.currentVersion;
+    const updated = await updateTemplate(ctx.db, {
+      companyId: req.companyId!,
+      id: req.params.templateId,
+      slug: parsed.data.slug,
+      name: parsed.data.name,
+      description: parsed.data.description,
+      currentVersion: parsed.data.currentVersion,
+      status: parsed.data.status,
+      visibility: parsed.data.visibility,
+      variablesJson: parsed.data.variables ? JSON.stringify(parsed.data.variables) : undefined
+    });
+    if (!updated) {
+      return sendError(res, "Template not found.", 404);
+    }
+    if (parsed.data.manifest) {
+      const existingVersion = await getTemplateVersionByVersion(ctx.db, {
+        companyId: req.companyId!,
+        templateId: req.params.templateId,
+        version: nextVersion
+      });
+      if (!existingVersion) {
+        await createTemplateVersion(ctx.db, {
+          companyId: req.companyId!,
+          templateId: req.params.templateId,
+          version: nextVersion,
+          manifestJson: JSON.stringify(parsed.data.manifest)
+        });
+      }
+    }
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, req.params.templateId);
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.updated",
+      entityType: "template",
+      entityId: req.params.templateId,
+      payload: hydrated ?? updated
+    });
+    return sendOk(res, hydrated ?? updated);
+  });
+
+  router.delete("/:templateId", async (req, res) => {
+    requirePermission("templates:write")(req, res, () => {});
+    if (res.headersSent) {
+      return;
+    }
+    const deleted = await deleteTemplate(ctx.db, req.companyId!, req.params.templateId);
+    if (!deleted) {
+      return sendError(res, "Template not found.", 404);
+    }
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.deleted",
+      entityType: "template",
+      entityId: req.params.templateId,
+      payload: { id: req.params.templateId }
+    });
+    return sendOk(res, { deleted: true });
+  });
+
+  router.post("/:templateId/preview", async (req, res) => {
+    const parsed = TemplatePreviewRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, req.params.templateId);
+    if (!hydrated) {
+      return sendError(res, "Template not found.", 404);
+    }
+    const preview = buildTemplatePreview({
+      templateId: hydrated.id,
+      templateVersion: hydrated.currentVersion,
+      manifest: hydrated.manifest,
+      variables: parsed.data.variables
+    });
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.previewed",
+      entityType: "template",
+      entityId: hydrated.id,
+      payload: {
+        mode: parsed.data.mode,
+        targetCompanyName: parsed.data.targetCompanyName ?? null,
+        summary: preview.summary
+      }
+    });
+    return sendOk(res, preview);
+  });
+
+  router.post("/:templateId/apply", async (req, res) => {
+    requirePermission("templates:write")(req, res, () => {});
+    if (res.headersSent) {
+      return;
+    }
+    const parsed = TemplateApplyRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, req.params.templateId);
+    if (!hydrated) {
+      return sendError(res, "Template not found.", 404);
+    }
+    if (parsed.data.requestApproval) {
+      const approvalId = await createApprovalRequest(ctx.db, {
+        companyId: req.companyId!,
+        requestedByAgentId: req.actor?.type === "agent" ? req.actor.id : null,
+        action: "apply_template",
+        payload: {
+          templateId: hydrated.id,
+          templateVersion: hydrated.currentVersion,
+          variables: parsed.data.variables,
+          mode: parsed.data.mode,
+          targetCompanyName: parsed.data.targetCompanyName ?? null
+        }
+      });
+      await appendAuditEvent(ctx.db, {
+        companyId: req.companyId!,
+        actorType: "human",
+        eventType: "template.apply_queued",
+        entityType: "template",
+        entityId: hydrated.id,
+        payload: { approvalId }
+      });
+      return sendOk(res, {
+        applied: false,
+        queuedForApproval: true,
+        approvalId,
+        summary: {
+          projects: 0,
+          goals: 0,
+          agents: 0,
+          issues: 0,
+          plugins: 0,
+          recurrence: 0
+        },
+        warnings: []
+      });
+    }
+    const currentVersion = await getCurrentTemplateVersion(ctx.db, req.companyId!, hydrated.id);
+    const applied = await applyTemplateManifest(ctx.db, {
+      companyId: req.companyId!,
+      templateId: hydrated.id,
+      templateVersion: hydrated.currentVersion,
+      templateVersionId: currentVersion?.id ?? null,
+      manifest: hydrated.manifest,
+      variables: parsed.data.variables
+    });
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.applied",
+      entityType: "template",
+      entityId: hydrated.id,
+      payload: {
+        mode: parsed.data.mode,
+        targetCompanyName: parsed.data.targetCompanyName ?? null,
+        summary: applied.summary
+      }
+    });
+    return sendOk(res, applied);
+  });
+
+  router.post("/import", async (req, res) => {
+    requirePermission("templates:write")(req, res, () => {});
+    if (res.headersSent) {
+      return;
+    }
+    const parsed = TemplateImportRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const payload = parsed.data.template.template;
+    const existing = await getTemplateBySlug(ctx.db, req.companyId!, payload.slug);
+    if (existing && !parsed.data.overwrite) {
+      return sendError(res, `Template slug '${payload.slug}' already exists. Use overwrite=true to replace.`, 409);
+    }
+    let targetId = existing?.id ?? null;
+    if (!existing) {
+      const created = await createTemplate(ctx.db, {
+        companyId: req.companyId!,
+        slug: payload.slug,
+        name: payload.name,
+        description: payload.description,
+        currentVersion: payload.currentVersion,
+        status: payload.status,
+        visibility: payload.visibility,
+        variablesJson: JSON.stringify(payload.variables)
+      });
+      targetId = created?.id ?? null;
+    } else {
+      await updateTemplate(ctx.db, {
+        companyId: req.companyId!,
+        id: existing.id,
+        name: payload.name,
+        description: payload.description,
+        currentVersion: payload.currentVersion,
+        status: payload.status,
+        visibility: payload.visibility,
+        variablesJson: JSON.stringify(payload.variables)
+      });
+      targetId = existing.id;
+    }
+    if (!targetId) {
+      return sendError(res, "Template import failed.", 500);
+    }
+    const existingVersion = await getTemplateVersionByVersion(ctx.db, {
+      companyId: req.companyId!,
+      templateId: targetId,
+      version: payload.currentVersion
+    });
+    if (!existingVersion) {
+      await createTemplateVersion(ctx.db, {
+        companyId: req.companyId!,
+        templateId: targetId,
+        version: payload.currentVersion,
+        manifestJson: JSON.stringify(payload.manifest)
+      });
+    }
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.imported",
+      entityType: "template",
+      entityId: targetId,
+      payload: {
+        slug: payload.slug,
+        version: payload.currentVersion
+      }
+    });
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, targetId);
+    return sendOk(res, hydrated);
+  });
+
+  router.get("/:templateId/export", async (req, res) => {
+    const hydrated = await hydrateTemplate(ctx, req.companyId!, req.params.templateId);
+    if (!hydrated) {
+      return sendError(res, "Template not found.", 404);
+    }
+    await appendAuditEvent(ctx.db, {
+      companyId: req.companyId!,
+      actorType: "human",
+      eventType: "template.exported",
+      entityType: "template",
+      entityId: hydrated.id,
+      payload: {
+        version: hydrated.currentVersion
+      }
+    });
+    return sendOk(res, {
+      schemaVersion: "bopo.template.v1",
+      template: {
+        slug: hydrated.slug,
+        name: hydrated.name,
+        description: hydrated.description ?? undefined,
+        currentVersion: hydrated.currentVersion,
+        status: hydrated.status,
+        visibility: hydrated.visibility,
+        variables: hydrated.variables,
+        manifest: sanitizeManifestForExport(hydrated.manifest)
+      }
+    });
+  });
+
+  return router;
+}
+
+async function hydrateTemplate(ctx: AppContext, companyId: string, templateId: string) {
+  const template = await getTemplate(ctx.db, companyId, templateId);
+  if (!template) {
+    return null;
+  }
+  const version =
+    (await getTemplateVersionByVersion(ctx.db, {
+      companyId,
+      templateId,
+      version: template.currentVersion
+    })) ?? (await getCurrentTemplateVersion(ctx.db, companyId, templateId));
+  const variables = safeParseJsonArray(template.variablesJson);
+  const manifestRaw = safeParseJsonObject(version?.manifestJson ?? "{}");
+  const parsedManifest = TemplateManifestSchema.safeParse(manifestRaw);
+  const manifest = parsedManifest.success ? parsedManifest.data : TemplateManifestSchema.parse(TemplateManifestDefault);
+  return {
+    ...template,
+    variables,
+    manifest
+  };
+}
+
+function safeParseJsonArray(value: string | null | undefined) {
+  if (!value) {
+    return [];
+  }
+  try {
+    const parsed = JSON.parse(value) as unknown;
+    return Array.isArray(parsed) ? parsed : [];
+  } catch {
+    return [];
+  }
+}
+
+function safeParseJsonObject(value: string | null | undefined) {
+  if (!value) {
+    return {};
+  }
+  try {
+    const parsed = JSON.parse(value) as unknown;
+    return typeof parsed === "object" && parsed !== null ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+
+function sanitizeManifestForExport(manifest: Record<string, unknown>) {
+  const root = structuredClone(manifest) as Record<string, unknown>;
+  if (!Array.isArray(root.agents)) {
+    return root;
+  }
+  root.agents = root.agents.map((agent) => {
+    if (!agent || typeof agent !== "object") {
+      return agent;
+    }
+    const agentRecord = { ...(agent as Record<string, unknown>) };
+    const runtimeConfig = agentRecord.runtimeConfig;
+    if (runtimeConfig && typeof runtimeConfig === "object" && runtimeConfig !== null) {
+      const runtime = { ...(runtimeConfig as Record<string, unknown>) };
+      if (runtime.runtimeEnv && typeof runtime.runtimeEnv === "object" && runtime.runtimeEnv !== null) {
+        const env = runtime.runtimeEnv as Record<string, unknown>;
+        runtime.runtimeEnv = Object.fromEntries(
+          Object.entries(env).map(([key, value]) =>
+            /token|secret|password|key/i.test(key) ? [key, "<redacted>"] : [key, value]
+          )
+        );
+      }
+      agentRecord.runtimeConfig = runtime;
+    }
+    return agentRecord;
+  });
+  return root;
+}

package/src/scripts/backfill-project-workspaces.ts

@@ -1,11 +1,26 @@
 import { access, constants, mkdir } from "node:fs/promises";
 import { isAbsolute } from "node:path";
 import { pathToFileURL } from "node:url";
-import { bootstrapDatabase, listCompanies, listProjects, updateProject } from "bopodev-db";
-import { normalizeAbsolutePath, resolveBopoInstanceRoot, resolveProjectWorkspacePath, resolveStorageRoot } from "../lib/instance-paths";
+import {
+  bootstrapDatabase,
+  createProjectWorkspace,
+  listCompanies,
+  listProjects,
+  listProjectWorkspaces,
+  updateProjectWorkspace
+} from "bopodev-db";
+import {
+  normalizeCompanyWorkspacePath,
+  resolveBopoInstanceRoot,
+  resolveProjectWorkspacePath,
+  resolveStorageRoot
+} from "../lib/instance-paths";
 
 export interface ProjectWorkspaceBackfillSummary {
   scannedProjects: number;
+  createdWorkspaces: number;
+  normalizedWorkspaceCwds: number;
+  updatedWorkspaces: number;
   missingWorkspaceLocalPath: number;
   relativeWorkspaceLocalPath: number;
   updatedProjects: number;
@@ -20,9 +35,11 @@ export async function backfillProjectWorkspaces(input: { dbPath?: string; dryRun
   const instanceRoot = resolveBopoInstanceRoot();
   const storageRoot = resolveStorageRoot();
   let scannedProjects = 0;
-  let missingWorkspaceLocalPath = 0;
-  let relativeWorkspaceLocalPath = 0;
-  let updatedProjects = 0;
+  let createdWorkspaces = 0;
+  let normalizedWorkspaceCwds = 0;
+  let updatedWorkspaces = 0;
+  let missingWorkspaceCount = 0;
+  let relativeWorkspaceCount = 0;
   let createdDirectories = 0;
 
   try {
@@ -31,38 +48,49 @@ export async function backfillProjectWorkspaces(input: { dbPath?: string; dryRun
       const projects = await listProjects(db, company.id);
       for (const project of projects) {
         scannedProjects += 1;
-        const workspaceLocalPath = project.workspaceLocalPath?.trim() ?? "";
-        if (!workspaceLocalPath) {
-          missingWorkspaceLocalPath += 1;
+        const workspaces = await listProjectWorkspaces(db, company.id, project.id);
+        if (workspaces.length === 0) {
+          missingWorkspaceCount += 1;
           const nextPath = resolveProjectWorkspacePath(company.id, project.id);
           if (!input.dryRun) {
             await mkdir(nextPath, { recursive: true });
             createdDirectories += 1;
-            const updated = await updateProject(db, {
+            const created = await createProjectWorkspace(db, {
               companyId: company.id,
-              id: project.id,
-              workspaceLocalPath: nextPath
+              projectId: project.id,
+              name: project.name,
+              cwd: nextPath,
+              isPrimary: true
             });
-            if (updated) {
-              updatedProjects += 1;
+            if (created) {
+              createdWorkspaces += 1;
             }
           }
           continue;
         }
 
-        if (!isAbsolute(workspaceLocalPath)) {
-          relativeWorkspaceLocalPath += 1;
-          const nextPath = normalizeAbsolutePath(workspaceLocalPath);
+        for (const workspace of workspaces) {
+          const cwd = workspace.cwd?.trim() ?? "";
+          if (!cwd) {
+            continue;
+          }
+          if (isAbsolute(cwd)) {
+            continue;
+          }
+          relativeWorkspaceCount += 1;
+          normalizedWorkspaceCwds += 1;
+          const nextPath = normalizeCompanyWorkspacePath(company.id, cwd);
           if (!input.dryRun) {
             await mkdir(nextPath, { recursive: true });
             createdDirectories += 1;
-            const updated = await updateProject(db, {
+            const updated = await updateProjectWorkspace(db, {
               companyId: company.id,
-              id: project.id,
-              workspaceLocalPath: nextPath
+              projectId: project.id,
+              id: workspace.id,
+              cwd: nextPath
             });
             if (updated) {
-              updatedProjects += 1;
+              updatedWorkspaces += 1;
             }
           }
         }
@@ -78,9 +106,12 @@ export async function backfillProjectWorkspaces(input: { dbPath?: string; dryRun
 
     return {
       scannedProjects,
-      missingWorkspaceLocalPath,
-      relativeWorkspaceLocalPath,
-      updatedProjects,
+      createdWorkspaces,
+      normalizedWorkspaceCwds,
+      updatedWorkspaces,
+      missingWorkspaceLocalPath: missingWorkspaceCount,
+      relativeWorkspaceLocalPath: relativeWorkspaceCount,
+      updatedProjects: updatedWorkspaces + createdWorkspaces,
       createdDirectories,
       writableInstanceRoot,
       writableStorageRoot,
@@ -105,8 +136,9 @@ async function isDirectoryWritable(path: string) {
 }
 
 async function main() {
+  const dbPath = normalizeOptionalDbPath(process.env.BOPO_DB_PATH);
   const summary = await backfillProjectWorkspaces({
-    dbPath: process.env.BOPO_DB_PATH,
+    dbPath,
     dryRun: process.env.BOPO_BACKFILL_DRY_RUN !== "0"
   });
   // eslint-disable-next-line no-console
@@ -116,3 +148,8 @@ async function main() {
 if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
   void main();
 }
+
+function normalizeOptionalDbPath(value: string | undefined) {
+  const normalized = value?.trim();
+  return normalized && normalized.length > 0 ? normalized : undefined;
+}

package/src/scripts/db-init.ts

@@ -1,7 +1,8 @@
 import { bootstrapDatabase } from "bopodev-db";
 
 async function main() {
-  const { client } = await bootstrapDatabase(process.env.BOPO_DB_PATH);
+  const dbPath = normalizeOptionalDbPath(process.env.BOPO_DB_PATH);
+  const { client } = await bootstrapDatabase(dbPath);
   const maybeClose = (client as { close?: () => Promise<void> }).close;
   if (maybeClose) {
     await maybeClose.call(client);
@@ -11,3 +12,8 @@ async function main() {
 }
 
 void main();
+
+function normalizeOptionalDbPath(value: string | undefined) {
+  const normalized = value?.trim();
+  return normalized && normalized.length > 0 ? normalized : undefined;
+}