bopodev-api 0.1.31 → 0.1.32

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bopodev-api",
-  "version": "0.1.31",
+  "version": "0.1.32",
   "license": "MIT",
   "type": "module",
   "files": [
@@ -8,20 +8,24 @@
     "tsconfig.json"
   ],
   "dependencies": {
+    "archiver": "^7.0.1",
     "cors": "^2.8.5",
     "cron-parser": "^5.3.1",
     "dotenv": "^17.0.1",
     "drizzle-orm": "^0.44.5",
     "express": "^5.1.0",
+    "fflate": "^0.8.2",
     "multer": "^2.1.1",
     "nanoid": "^5.1.5",
     "ws": "^8.19.0",
+    "yaml": "^2.8.3",
     "zod": "^4.1.5",
-    "bopodev-db": "0.1.31",
-    "bopodev-agent-sdk": "0.1.31",
-    "bopodev-contracts": "0.1.31"
+    "bopodev-agent-sdk": "0.1.32",
+    "bopodev-contracts": "0.1.32",
+    "bopodev-db": "0.1.32"
   },
   "devDependencies": {
+    "@types/archiver": "^7.0.0",
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.3",
     "@types/multer": "^2.1.0",

package/src/app.ts

@@ -2,6 +2,7 @@ import express from "express";
 import type { NextFunction, Request, Response } from "express";
 import { pingDatabase, RepositoryValidationError } from "bopodev-db";
 import type { AppContext } from "./context";
+import { createAssistantRouter } from "./routes/assistant";
 import { createAgentsRouter } from "./routes/agents";
 import { createAuthRouter } from "./routes/auth";
 import { createAttentionRouter } from "./routes/attention";
@@ -62,6 +63,7 @@ export function createApp(ctx: AppContext) {
 
   app.use("/auth", createAuthRouter(ctx));
   app.use("/attention", createAttentionRouter(ctx));
+  app.use("/assistant", createAssistantRouter(ctx));
   app.use("/companies", createCompaniesRouter(ctx));
   app.use("/projects", createProjectsRouter(ctx));
   app.use("/issues", createIssuesRouter(ctx));

package/src/routes/assistant.ts

@@ -0,0 +1,109 @@
+import { Router } from "express";
+import { z } from "zod";
+import {
+  createAssistantThread,
+  getAssistantThreadById,
+  getOrCreateAssistantThread,
+  listAssistantMessages
+} from "bopodev-db";
+import type { AppContext } from "../context";
+import { sendError, sendOk } from "../http";
+import { requireCompanyScope } from "../middleware/company-scope";
+import { ASK_ASSISTANT_BRAIN_IDS, listAskAssistantBrains } from "../services/company-assistant-brain";
+import { getCompanyCeoPersona, runCompanyAssistantTurn } from "../services/company-assistant-service";
+
+const brainEnum = z.enum(ASK_ASSISTANT_BRAIN_IDS);
+
+const postMessageSchema = z.object({
+  message: z.string().trim().min(1).max(16_000),
+  /** Adapter / runtime used to answer (same catalog as hiring an agent). */
+  brain: brainEnum.optional(),
+  /** Active chat thread; omit to use latest-or-create for the company. */
+  threadId: z.string().trim().min(1).optional()
+});
+
+export function createAssistantRouter(ctx: AppContext) {
+  const router = Router();
+  router.use(requireCompanyScope);
+
+  router.get("/brains", (_req, res) => {
+    return sendOk(res, { brains: listAskAssistantBrains() });
+  });
+
+  router.get("/messages", async (req, res) => {
+    const companyId = req.companyId!;
+    const qThread =
+      typeof req.query.threadId === "string" && req.query.threadId.trim() ? req.query.threadId.trim() : "";
+    let thread;
+    if (qThread) {
+      const found = await getAssistantThreadById(ctx.db, companyId, qThread);
+      if (!found) {
+        return sendError(res, "Chat thread not found.", 404);
+      }
+      thread = found;
+    } else {
+      thread = await getOrCreateAssistantThread(ctx.db, companyId);
+    }
+    const rawLimit = Number(req.query.limit ?? 100);
+    const limit = Number.isFinite(rawLimit) ? Math.min(Math.max(Math.floor(rawLimit), 1), 200) : 100;
+    const rows = await listAssistantMessages(ctx.db, thread.id, limit);
+    const ceoPersona = await getCompanyCeoPersona(ctx.db, companyId);
+    return sendOk(res, {
+      threadId: thread.id,
+      ceoPersona,
+      messages: rows.map((m) => ({
+        id: m.id,
+        role: m.role,
+        body: m.body,
+        createdAt: m.createdAt instanceof Date ? m.createdAt.toISOString() : String(m.createdAt),
+        metadata: m.metadataJson ? safeJsonParse(m.metadataJson) : null
+      }))
+    });
+  });
+
+  router.post("/messages", async (req, res) => {
+    const parsed = postMessageSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    const companyId = req.companyId!;
+    const actor = req.actor;
+    const auditActorType =
+      actor?.type === "agent" ? "agent" : actor?.type === "board" || actor?.type === "member" ? "human" : "human";
+    const actorId = actor?.id?.trim() || "unknown";
+    try {
+      const result = await runCompanyAssistantTurn({
+        db: ctx.db,
+        companyId,
+        userMessage: parsed.data.message,
+        actorType: auditActorType,
+        actorId,
+        brain: parsed.data.brain,
+        threadId: parsed.data.threadId
+      });
+      return sendOk(res, result);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("Missing API key")) {
+        return sendError(res, message, 503);
+      }
+      return sendError(res, message, 422);
+    }
+  });
+
+  router.post("/threads", async (req, res) => {
+    const companyId = req.companyId!;
+    const thread = await createAssistantThread(ctx.db, companyId);
+    return sendOk(res, { threadId: thread.id });
+  });
+
+  return router;
+}
+
+function safeJsonParse(raw: string): unknown {
+  try {
+    return JSON.parse(raw) as unknown;
+  } catch {
+    return null;
+  }
+}

package/src/routes/companies.ts

@@ -1,6 +1,7 @@
 import { mkdir } from "node:fs/promises";
 import type { NextFunction, Request, Response } from "express";
 import { Router } from "express";
+import multer from "multer";
 import { z } from "zod";
 import { CompanySchema } from "bopodev-contracts";
 import { createAgent, createCompany, deleteCompany, listCompanies, updateCompany } from "bopodev-db";
@@ -10,11 +11,29 @@ import { normalizeRuntimeConfig, resolveRuntimeModelForProvider, runtimeConfigTo
 import { buildDefaultCeoBootstrapPrompt } from "../lib/ceo-bootstrap-prompt";
 import { resolveOpencodeRuntimeModel } from "../lib/opencode-model";
 import { resolveDefaultRuntimeCwdForCompany } from "../lib/workspace-policy";
-import { buildCompanyPortabilityExport } from "../services/company-export-service";
 import { canAccessCompany, requireBoardRole, requirePermission } from "../middleware/request-actor";
+import {
+  CompanyFileArchiveError,
+  listCompanyExportManifest,
+  normalizeExportPath,
+  pipeCompanyExportZip,
+  readCompanyExportFileText
+} from "../services/company-file-archive-service";
+import { buildCompanyPortabilityExport } from "../services/company-export-service";
+import { CompanyFileImportError, importCompanyFromZipBuffer } from "../services/company-file-import-service";
 import { ensureCompanyBuiltinPluginDefaults } from "../services/plugin-runtime";
 import { ensureCompanyBuiltinTemplateDefaults } from "../services/template-catalog";
 
+const zipUpload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 80 * 1024 * 1024 }
+});
+
+const exportZipBodySchema = z.object({
+  paths: z.array(z.string()).nullable().optional(),
+  includeAgentMemory: z.boolean().optional().default(false)
+});
+
 const DEFAULT_AGENT_PROVIDER_ENV = "BOPO_DEFAULT_AGENT_PROVIDER";
 const DEFAULT_AGENT_MODEL_ENV = "BOPO_DEFAULT_AGENT_MODEL";
 
@@ -54,6 +73,98 @@ export function createCompaniesRouter(ctx: AppContext) {
     );
   });
 
+  router.post("/import/files", requireBoardRole, zipUpload.single("archive"), async (req, res) => {
+    const file = req.file;
+    if (!file?.buffer) {
+      return sendError(res, 'Upload a .zip file in field "archive".', 422);
+    }
+    try {
+      const result = await importCompanyFromZipBuffer(ctx.db, file.buffer);
+      return sendOk(res, result);
+    } catch (err) {
+      const message = err instanceof CompanyFileImportError ? err.message : String(err);
+      return sendError(res, message, 422);
+    }
+  });
+
+  router.get("/:companyId/export/files/manifest", async (req, res) => {
+    const companyId = readCompanyIdParam(req);
+    if (!companyId) {
+      return sendError(res, "Missing company id.", 422);
+    }
+    if (!canAccessCompany(req, companyId)) {
+      return sendError(res, "Actor does not have access to this company.", 403);
+    }
+    const includeAgentMemory = req.query.includeAgentMemory === "1" || req.query.includeAgentMemory === "true";
+    try {
+      const files = await listCompanyExportManifest(ctx.db, companyId, { includeAgentMemory });
+      return sendOk(res, { files, includeAgentMemory });
+    } catch (err) {
+      const message = err instanceof CompanyFileArchiveError ? err.message : String(err);
+      return sendError(res, message, 422);
+    }
+  });
+
+  router.get("/:companyId/export/files/preview", async (req, res) => {
+    const companyId = readCompanyIdParam(req);
+    if (!companyId) {
+      return sendError(res, "Missing company id.", 422);
+    }
+    if (!canAccessCompany(req, companyId)) {
+      return sendError(res, "Actor does not have access to this company.", 403);
+    }
+    const pathRaw = typeof req.query.path === "string" ? req.query.path : "";
+    const includeAgentMemory = req.query.includeAgentMemory === "1" || req.query.includeAgentMemory === "true";
+    const normalizedPath = normalizeExportPath(pathRaw);
+    if (!normalizedPath) {
+      return sendError(res, "Invalid or missing path query parameter.", 422);
+    }
+    try {
+      const preview = await readCompanyExportFileText(ctx.db, companyId, normalizedPath, { includeAgentMemory });
+      if (!preview) {
+        return sendError(res, "File not found in export manifest.", 404);
+      }
+      res.setHeader("content-type", "text/plain; charset=utf-8");
+      return res.status(200).send(preview.content);
+    } catch (err) {
+      const message = err instanceof CompanyFileArchiveError ? err.message : String(err);
+      return sendError(res, message, 422);
+    }
+  });
+
+  router.post("/:companyId/export/files/zip", async (req, res) => {
+    const companyId = readCompanyIdParam(req);
+    if (!companyId) {
+      return sendError(res, "Missing company id.", 422);
+    }
+    if (!canAccessCompany(req, companyId)) {
+      return sendError(res, "Actor does not have access to this company.", 403);
+    }
+    const parsed = exportZipBodySchema.safeParse(req.body ?? {});
+    if (!parsed.success) {
+      return sendError(res, parsed.error.message, 422);
+    }
+    try {
+      const stream = await pipeCompanyExportZip(ctx.db, companyId, {
+        paths: parsed.data.paths ?? null,
+        includeAgentMemory: parsed.data.includeAgentMemory
+      });
+      res.setHeader("Content-Type", "application/zip");
+      res.setHeader("Content-Disposition", `attachment; filename="company-${companyId}-export.zip"`);
+      stream.on("error", () => {
+        if (!res.headersSent) {
+          sendError(res, "Zip stream failed.", 500);
+        } else {
+          res.end();
+        }
+      });
+      stream.pipe(res);
+    } catch (err) {
+      const message = err instanceof CompanyFileArchiveError ? err.message : String(err);
+      return sendError(res, message, 422);
+    }
+  });
+
   router.get("/:companyId/export", async (req, res) => {
     const companyId = readCompanyIdParam(req);
     if (!companyId) {

package/src/routes/observability.ts

@@ -3,6 +3,7 @@ import { readFile, stat } from "node:fs/promises";
 import { basename, resolve } from "node:path";
 import {
   getHeartbeatRun,
+  listAssistantChatThreadStatsInCreatedAtRange,
   listCompanies,
   listAgents,
   listAuditEvents,
@@ -10,7 +11,8 @@ import {
   listGoals,
   listHeartbeatRunMessages,
   listHeartbeatRuns,
-  listPluginRuns
+  listPluginRuns,
+  listProjects
 } from "bopodev-db";
 import type { AppContext } from "../context";
 import { sendError, sendOk } from "../http";
@@ -24,8 +26,12 @@ import {
 } from "../services/agent-operating-file-service";
 import {
   listAgentMemoryFiles,
+  listCompanyMemoryFiles,
+  listProjectMemoryFiles,
   loadAgentMemoryContext,
   readAgentMemoryFile,
+  readCompanyMemoryFile,
+  readProjectMemoryFile,
   writeAgentMemoryFile
 } from "../services/memory-file-service";
 
@@ -55,6 +61,53 @@ export function createObservabilityRouter(ctx: AppContext) {
     );
   });
 
+  /**
+   * Owner-assistant threads with message counts in `[from, toExclusive)` on message `created_at`.
+   * Prefer `from` + `toExclusive` (ISO 8601) so the window matches the browser local month used for cost charts;
+   * otherwise `monthKey=YYYY-MM` selects that month in UTC.
+   */
+  router.get("/assistant-chat-threads", async (req, res) => {
+    const companyId = req.companyId!;
+    const fromRaw = typeof req.query.from === "string" ? req.query.from.trim() : "";
+    const toRaw = typeof req.query.toExclusive === "string" ? req.query.toExclusive.trim() : "";
+    let startInclusive: Date;
+    let endExclusive: Date;
+    if (fromRaw.length > 0 && toRaw.length > 0) {
+      startInclusive = new Date(fromRaw);
+      endExclusive = new Date(toRaw);
+      if (Number.isNaN(startInclusive.getTime()) || Number.isNaN(endExclusive.getTime())) {
+        return sendError(res, "from and toExclusive must be valid ISO 8601 datetimes", 422);
+      }
+      if (endExclusive.getTime() <= startInclusive.getTime()) {
+        return sendError(res, "toExclusive must be after from", 422);
+      }
+      const maxSpanMs = 120 * 86400000;
+      if (endExclusive.getTime() - startInclusive.getTime() > maxSpanMs) {
+        return sendError(res, "Date range too large (max 120 days)", 422);
+      }
+    } else {
+      const monthKey = typeof req.query.monthKey === "string" ? req.query.monthKey.trim() : "";
+      const match = monthKey.match(/^(\d{4})-(\d{2})$/);
+      if (!match) {
+        return sendError(res, "Provide from+toExclusive (ISO) or monthKey (YYYY-MM)", 422);
+      }
+      const year = Number(match[1]);
+      const month = Number(match[2]);
+      if (month < 1 || month > 12) {
+        return sendError(res, "Invalid month in monthKey", 422);
+      }
+      startInclusive = new Date(Date.UTC(year, month - 1, 1, 0, 0, 0, 0));
+      endExclusive = new Date(Date.UTC(year, month, 1, 0, 0, 0, 0));
+    }
+    const threads = await listAssistantChatThreadStatsInCreatedAtRange(
+      ctx.db,
+      companyId,
+      startInclusive,
+      endExclusive
+    );
+    return sendOk(res, { threads });
+  });
+
   router.get("/heartbeats", async (req, res) => {
     const companyId = req.companyId!;
     const rawLimit = Number(req.query.limit ?? 100);
@@ -251,6 +304,84 @@ export function createObservabilityRouter(ctx: AppContext) {
     });
   });
 
+  router.get("/memory/company/files", async (req, res) => {
+    const companyId = req.companyId!;
+    const rawLimit = Number(req.query.limit ?? 100);
+    const limit = Number.isFinite(rawLimit) ? Math.min(Math.max(Math.floor(rawLimit), 1), 500) : 100;
+    try {
+      const files = await listCompanyMemoryFiles({ companyId, maxFiles: limit });
+      return sendOk(res, {
+        items: files.map((file) => ({
+          relativePath: file.relativePath,
+          path: file.path
+        }))
+      });
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
+  });
+
+  router.get("/memory/company/file", async (req, res) => {
+    const companyId = req.companyId!;
+    const relativePath = typeof req.query.path === "string" ? req.query.path.trim() : "";
+    if (!relativePath) {
+      return sendError(res, "Query parameter 'path' is required.", 422);
+    }
+    try {
+      const file = await readCompanyMemoryFile({ companyId, relativePath });
+      return sendOk(res, file);
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
+  });
+
+  router.get("/memory/project/:projectId/files", async (req, res) => {
+    const companyId = req.companyId!;
+    const projectId = req.params.projectId?.trim() ?? "";
+    if (!projectId) {
+      return sendError(res, "Missing project id.", 422);
+    }
+    const projects = await listProjects(ctx.db, companyId);
+    if (!projects.some((p) => p.id === projectId)) {
+      return sendError(res, "Project not found.", 404);
+    }
+    const rawLimit = Number(req.query.limit ?? 100);
+    const limit = Number.isFinite(rawLimit) ? Math.min(Math.max(Math.floor(rawLimit), 1), 500) : 100;
+    try {
+      const files = await listProjectMemoryFiles({ companyId, projectId, maxFiles: limit });
+      return sendOk(res, {
+        items: files.map((file) => ({
+          relativePath: file.relativePath,
+          path: file.path
+        }))
+      });
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
+  });
+
+  router.get("/memory/project/:projectId/file", async (req, res) => {
+    const companyId = req.companyId!;
+    const projectId = req.params.projectId?.trim() ?? "";
+    if (!projectId) {
+      return sendError(res, "Missing project id.", 422);
+    }
+    const projects = await listProjects(ctx.db, companyId);
+    if (!projects.some((p) => p.id === projectId)) {
+      return sendError(res, "Project not found.", 404);
+    }
+    const relativePath = typeof req.query.path === "string" ? req.query.path.trim() : "";
+    if (!relativePath) {
+      return sendError(res, "Query parameter 'path' is required.", 422);
+    }
+    try {
+      const file = await readProjectMemoryFile({ companyId, projectId, relativePath });
+      return sendOk(res, file);
+    } catch (error) {
+      return sendError(res, String(error), 422);
+    }
+  });
+
   router.get("/memory/:agentId/file", async (req, res) => {
     const companyId = req.companyId!;
     const agentId = req.params.agentId;

package/src/services/company-assistant-brain.ts

@@ -0,0 +1,50 @@
+import { getAdapterMetadata } from "bopodev-agent-sdk";
+
+/** CLI/local runtimes only (no direct API keys in Chat). */
+export const ASK_ASSISTANT_BRAIN_IDS = [
+  "claude_code",
+  "codex",
+  "cursor",
+  "opencode",
+  "gemini_cli"
+] as const;
+
+export type AskAssistantBrainId = (typeof ASK_ASSISTANT_BRAIN_IDS)[number];
+
+export type AskCliBrainId = AskAssistantBrainId;
+
+const ASK_BRAIN_SET = new Set<string>(ASK_ASSISTANT_BRAIN_IDS);
+
+/** Default when the client omits `brain` (env `BOPO_CHAT_DEFAULT_BRAIN` if set and valid, else codex). */
+export const DEFAULT_ASK_ASSISTANT_BRAIN: AskAssistantBrainId = "codex";
+
+const CLI_BRAINS = ASK_BRAIN_SET;
+
+export function listAskAssistantBrains() {
+  return getAdapterMetadata()
+    .filter((m) => ASK_BRAIN_SET.has(m.providerType))
+    .map((m) => ({
+      providerType: m.providerType,
+      label: m.label,
+      requiresRuntimeCwd: m.requiresRuntimeCwd
+    }));
+}
+
+export function parseAskBrain(raw?: string | null): string {
+  const trimmed = typeof raw === "string" ? raw.trim() : "";
+  if (!trimmed) {
+    const env = process.env.BOPO_CHAT_DEFAULT_BRAIN?.trim();
+    if (env && ASK_BRAIN_SET.has(env)) {
+      return env;
+    }
+    return DEFAULT_ASK_ASSISTANT_BRAIN;
+  }
+  if (!ASK_BRAIN_SET.has(trimmed)) {
+    throw new Error(`Unsupported assistant brain "${trimmed}".`);
+  }
+  return trimmed;
+}
+
+export function isAskCliBrain(brain: string): boolean {
+  return CLI_BRAINS.has(brain);
+}