cognova 0.1.0

package/server/drizzle/migrations/meta/_journal.json

@@ -0,0 +1,76 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1769553197688,
+      "tag": "0000_brown_george_stacy",
+      "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "7",
+      "when": 1769561551712,
+      "tag": "0001_stormy_pyro",
+      "breakpoints": true
+    },
+    {
+      "idx": 2,
+      "version": "7",
+      "when": 1769565938491,
+      "tag": "0002_clean_colossus",
+      "breakpoints": true
+    },
+    {
+      "idx": 3,
+      "version": "7",
+      "when": 1769566836364,
+      "tag": "0003_fine_joystick",
+      "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "7",
+      "when": 1769597683643,
+      "tag": "0004_tan_groot",
+      "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "7",
+      "when": 1769657793143,
+      "tag": "0005_cloudy_lilith",
+      "breakpoints": true
+    },
+    {
+      "idx": 6,
+      "version": "7",
+      "when": 1769741983377,
+      "tag": "0006_ordinary_retro_girl",
+      "breakpoints": true
+    },
+    {
+      "idx": 7,
+      "version": "7",
+      "when": 1769796171417,
+      "tag": "0007_flowery_venus",
+      "breakpoints": true
+    },
+    {
+      "idx": 8,
+      "version": "7",
+      "when": 1769837309085,
+      "tag": "0008_talented_zombie",
+      "breakpoints": true
+    },
+    {
+      "idx": 9,
+      "version": "7",
+      "when": 1771286195501,
+      "tag": "0009_gray_shen",
+      "breakpoints": true
+    }
+  ]
+}

package/server/middleware/auth.ts

@@ -0,0 +1,79 @@
+import type { H3Event } from 'h3'
+import { auth } from '~~/server/utils/auth'
+import { getDb } from '~~/server/db'
+
+// Paths that don't require authentication
+const publicPaths = [
+  '/api/auth', // BetterAuth endpoints
+  '/api/health', // Health check
+  '/api/home', // Public home page content
+  '/api/_mdc', // MDC syntax highlighting
+  '/_nuxt', // Nuxt assets
+  '/login', // Login page
+  '/view' // Public document viewer
+]
+
+// Check for API token authentication (for CLI tools)
+async function checkApiToken(event: H3Event): Promise<boolean> {
+  const apiToken = process.env.COGNOVA_API_TOKEN
+  if (!apiToken) return false
+
+  const headerToken = getHeader(event, 'X-API-Token')
+  if (!headerToken || headerToken !== apiToken) return false
+
+  // Token matches - get the first user as the authenticated user for CLI
+  const db = getDb()
+  const user = await db.query.user.findFirst()
+  if (user) {
+    event.context.user = user
+    event.context.session = { id: 'api-token', userId: user.id }
+  }
+  return true
+}
+
+export default defineEventHandler(async (event) => {
+  const path = getRequestURL(event).pathname
+
+  // Skip auth for root path (public home page)
+  if (path === '/') return
+
+  // Skip auth for public paths
+  if (publicPaths.some(p => path.startsWith(p))) return
+
+  // Skip auth for static assets
+  if (path.match(/\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$/)) return
+
+  // Check API token for CLI tools
+  if (await checkApiToken(event)) return
+
+  // Public document API - allow through but still try to get session for owner check
+  if (path.match(/^\/api\/documents\/[^/]+\/public$/)) {
+    const session = await auth.api.getSession({ headers: event.headers })
+    if (session) {
+      event.context.user = session.user
+      event.context.session = session.session
+    }
+    return
+  }
+
+  // Check session
+  const session = await auth.api.getSession({
+    headers: event.headers
+  })
+
+  if (!session) {
+    // API requests get 401
+    if (path.startsWith('/api/')) {
+      throw createError({
+        statusCode: 401,
+        message: 'Unauthorized'
+      })
+    }
+    // Page requests redirect to login
+    return sendRedirect(event, '/login')
+  }
+
+  // Attach user to event context for use in routes
+  event.context.user = session.user
+  event.context.session = session.session
+})

package/server/plugins/00.env-validate.ts

@@ -0,0 +1,38 @@
+/**
+ * Validates required environment variables on server startup.
+ * Runs before all other plugins to catch misconfigurations early.
+ */
+export default defineNitroPlugin(() => {
+  const warnings: string[] = []
+  const errors: string[] = []
+
+  // Required for auth to function
+  if (!process.env.BETTER_AUTH_SECRET) {
+    errors.push('BETTER_AUTH_SECRET is not set. Auth will not work. Generate one with: openssl rand -base64 32')
+  }
+
+  // Required for file operations
+  if (!process.env.VAULT_PATH) {
+    errors.push('VAULT_PATH is not set. File browsing and document features will not work.')
+  }
+
+  // Optional but important
+  if (!process.env.DATABASE_URL) {
+    warnings.push('DATABASE_URL is not set. Database features (tasks, agents, conversations, memory) will be disabled.')
+  }
+
+  if (!process.env.BETTER_AUTH_URL) {
+    warnings.push('BETTER_AUTH_URL is not set. Auth callbacks may not work correctly. Set to your app URL (e.g. http://localhost:3000).')
+  }
+
+  for (const w of warnings)
+    console.warn(`[env] WARNING: ${w}`)
+
+  if (errors.length > 0) {
+    for (const e of errors)
+      console.error(`[env] ERROR: ${e}`)
+
+    console.error('[env] Fix the above errors in your .env file and restart.')
+    console.error('[env] See .env.example for reference.')
+  }
+})

package/server/plugins/01.api-token.ts

@@ -0,0 +1,31 @@
+import { randomBytes } from 'crypto'
+import { writeFileSync } from 'fs'
+import { join } from 'path'
+
+/**
+ * Generates an API token on server startup for CLI tools.
+ * The token is written to .api-token file in the project root
+ * and set in the runtime environment.
+ */
+export default defineNitroPlugin(() => {
+  // Skip if token already set via environment variable
+  if (process.env.COGNOVA_API_TOKEN) {
+    console.log('[api-token] Using existing COGNOVA_API_TOKEN from environment')
+    return
+  }
+
+  // Generate a secure random token
+  const token = randomBytes(32).toString('hex')
+
+  // Set in process environment for auth middleware
+  process.env.COGNOVA_API_TOKEN = token
+
+  // Write to file for CLI tools to read
+  const tokenPath = join(process.cwd(), '.api-token')
+  try {
+    writeFileSync(tokenPath, token, { mode: 0o600 }) // Read/write only for owner
+    console.log(`[api-token] Generated API token, written to ${tokenPath}`)
+  } catch (err) {
+    console.error('[api-token] Failed to write token file:', err)
+  }
+})

package/server/plugins/02.database.ts

@@ -0,0 +1,54 @@
+import { runMigrations } from '~~/server/db/migrate'
+import { warmupDb } from '~~/server/db'
+import { seedIfEmpty } from '~~/server/db/seed'
+import { setDbState } from '~~/server/utils/db-state'
+
+function withTimeout<T>(promise: Promise<T>, ms: number, label: string): Promise<T> {
+  return Promise.race([
+    promise,
+    new Promise<never>((_, reject) =>
+      setTimeout(() => reject(new Error(`${label} timed out after ${ms}ms`)), ms)
+    )
+  ])
+}
+
+export default defineNitroPlugin(async () => {
+  if (!process.env.DATABASE_URL) {
+    console.warn('[db] DATABASE_URL not set, database features disabled')
+    setDbState(false, 'DATABASE_URL not configured')
+    return
+  }
+
+  try {
+    // In development, skip migrations - use db:push instead
+    // In production, run migrations on startup
+    const skipMigrations = process.env.NODE_ENV !== 'production' && process.env.DB_SKIP_MIGRATIONS !== 'false'
+
+    if (skipMigrations) {
+      console.log('[db] Skipping migrations in development (use db:push for schema changes)')
+    } else {
+      try {
+        await withTimeout(runMigrations(), 30000, 'Migration')
+      } catch (migrationError) {
+        // Don't let migration failure prevent DB from being usable
+        console.error('[db] Migration issue (continuing anyway):', migrationError instanceof Error ? migrationError.message : migrationError)
+      }
+    }
+
+    await withTimeout(warmupDb(), 15000, 'DB warmup')
+
+    // Seed default user if database is empty
+    await seedIfEmpty()
+  } catch (error) {
+    console.error('[db] Database initialization failed:', error)
+
+    // In production, don't crash - just disable DB features
+    if (process.env.NODE_ENV === 'production') {
+      console.error('[db] Continuing with database features disabled')
+      setDbState(false, error instanceof Error ? error.message : 'Initialization failed')
+    } else {
+      // In development, fail fast
+      throw error
+    }
+  }
+})

package/server/plugins/03.file-watcher.ts

@@ -0,0 +1,65 @@
+import { watch } from 'chokidar'
+import { getVaultRoot } from '~~/server/utils/path-validator'
+import { syncDocument, markDocumentDeleted, fullSync } from '~~/server/utils/document-sync'
+import { waitForDb } from '~~/server/utils/db-state'
+
+export default defineNitroPlugin(async (nitroApp) => {
+  // Wait for database to be initialized
+  const dbAvailable = await waitForDb()
+  if (!dbAvailable) {
+    console.log('[file-watcher] Database not available, skipping file watcher')
+    return
+  }
+
+  const vaultRoot = getVaultRoot()
+  console.log(`[file-watcher] Starting watcher on ${vaultRoot}`)
+
+  // Full sync on startup
+  try {
+    const stats = await fullSync()
+    if (stats.added + stats.removed + stats.updated > 0)
+      console.log(`[file-watcher] Initial sync complete: ${stats.added} added, ${stats.removed} removed, ${stats.updated} updated`)
+  } catch (error) {
+    console.error('[file-watcher] Initial sync failed:', error)
+  }
+
+  // Debounce map for rapid changes
+  const pending = new Map<string, NodeJS.Timeout>()
+
+  function debounced(path: string, action: () => Promise<unknown>) {
+    const existing = pending.get(path)
+    if (existing) clearTimeout(existing)
+
+    pending.set(path, setTimeout(async () => {
+      pending.delete(path)
+      try {
+        await action()
+      } catch (error) {
+        console.error(`[file-watcher] Error processing ${path}:`, error)
+      }
+    }, 500))
+  }
+
+  // Start watching
+  const watcher = watch(vaultRoot, {
+    ignored: /(^|[/\\])\../, // Ignore dotfiles
+    persistent: true,
+    ignoreInitial: true,
+    awaitWriteFinish: {
+      stabilityThreshold: 500,
+      pollInterval: 100
+    }
+  })
+
+  watcher
+    .on('add', path => debounced(path, () => syncDocument(path)))
+    .on('change', path => debounced(path, () => syncDocument(path)))
+    .on('unlink', path => debounced(path, () => markDocumentDeleted(path)))
+    .on('error', error => console.error('[file-watcher] Error:', error))
+
+  // Cleanup on shutdown
+  nitroApp.hooks.hook('close', async () => {
+    await watcher.close()
+    console.log('[file-watcher] Watcher closed')
+  })
+})

package/server/plugins/04.cron-agents.ts

@@ -0,0 +1,26 @@
+import { waitForDb } from '../utils/db-state'
+import { initCronScheduler } from '../services/cron-scheduler'
+import { cleanupOrphanedRuns } from '../utils/agent-cleanup'
+
+export default defineNitroPlugin(async () => {
+  const dbAvailable = await waitForDb()
+  if (!dbAvailable) {
+    console.log('[cron-agents] Database not available, skipping scheduler')
+    return
+  }
+
+  try {
+    // Clean up any orphaned runs from previous server shutdown
+    const { cancelled, fixed } = await cleanupOrphanedRuns()
+    if (cancelled > 0 || fixed > 0) {
+      console.log(`[cron-agents] Cleanup: ${cancelled} orphaned runs cancelled, ${fixed} runs fixed`)
+    }
+
+    const count = await initCronScheduler()
+    if (count > 0) {
+      console.log(`[cron-agents] Initialized ${count} scheduled agents`)
+    }
+  } catch (error) {
+    console.error('[cron-agents] Failed to initialize scheduler:', error)
+  }
+})

package/server/routes/_ws/chat.ts

@@ -0,0 +1,252 @@
+import { randomUUID } from 'crypto'
+import { eq } from 'drizzle-orm'
+import { chatSessionManager } from '~~/server/utils/chat-session-manager'
+import { getDb } from '~~/server/db'
+import * as schema from '~~/server/db/schema'
+import type { ChatClientMessage, ChatContentBlock } from '~~/shared/types'
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function send(peer: any, data: object) {
+  try {
+    const json = JSON.stringify(data)
+    peer.send(json)
+  } catch (err) {
+    console.error('[chat] send failed:', err)
+  }
+}
+
+export default defineWebSocketHandler({
+  open(peer) {
+    console.log(`[chat] WebSocket opened: ${peer.id}`)
+    send(peer, { type: 'chat:connected' })
+  },
+
+  message(peer, rawMessage) {
+    try {
+      const msg = JSON.parse(rawMessage.text()) as ChatClientMessage
+
+      switch (msg.type) {
+        case 'chat:send':
+          handleSend(peer, msg.message, msg.conversationId)
+          break
+        case 'chat:interrupt':
+          handleInterrupt(peer, msg.conversationId)
+          break
+      }
+    } catch (e) {
+      console.error('[chat] Message error:', e)
+      send(peer, { type: 'chat:error', message: 'Invalid message format' })
+    }
+  },
+
+  close(peer) {
+    console.log(`[chat] WebSocket closed: ${peer.id}`)
+  },
+
+  error(peer, error) {
+    console.error(`[chat] WebSocket error for ${peer.id}:`, error)
+  }
+})
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+async function handleSend(peer: any, message: string, conversationId?: string) {
+  const db = getDb()
+
+  let convId = conversationId
+  let resumeSessionId: string | undefined
+
+  if (!convId) {
+    // New conversation
+    const [conv] = await db.insert(schema.conversations)
+      .values({
+        sessionId: randomUUID(),
+        title: message.slice(0, 100),
+        status: 'streaming',
+        messageCount: 0,
+        totalCostUsd: 0
+      })
+      .returning()
+
+    convId = conv!.id
+    send(peer, { type: 'chat:session_created', conversationId: convId })
+  } else {
+    // Continuing existing conversation — check for SDK session to resume
+    const existing = chatSessionManager.getSession(convId)
+    if (existing) resumeSessionId = existing.sdkSessionId
+
+    if (!resumeSessionId) {
+      const [conv] = await db.select()
+        .from(schema.conversations)
+        .where(eq(schema.conversations.id, convId))
+        .limit(1)
+
+      if (!conv) {
+        send(peer, { type: 'chat:error', message: 'Conversation not found' })
+        return
+      }
+      if (conv.sdkSessionId) resumeSessionId = conv.sdkSessionId
+    }
+
+    await db.update(schema.conversations)
+      .set({ status: 'streaming' })
+      .where(eq(schema.conversations.id, convId))
+  }
+
+  // Persist user message
+  await db.insert(schema.conversationMessages).values({
+    conversationId: convId,
+    role: 'user',
+    content: JSON.stringify([{ type: 'text', text: message }])
+  })
+
+  // Start SDK streaming (fire-and-forget so WS stays responsive for interrupts)
+  const session = chatSessionManager.startSession(convId, message, resumeSessionId)
+  send(peer, { type: 'chat:stream_start', conversationId: convId })
+
+  streamSDKResponse(peer, session, convId).catch((err) => {
+    console.error('[chat] Unhandled stream error:', err)
+  })
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function handleInterrupt(peer: any, conversationId: string) {
+  const interrupted = chatSessionManager.interrupt(conversationId)
+  if (!interrupted)
+    send(peer, { type: 'chat:error', conversationId, message: 'No active session to interrupt' })
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+async function streamSDKResponse(peer: any, session: any, conversationId: string) {
+  const db = getDb()
+  const contentBlocks: ChatContentBlock[] = []
+  let currentText = ''
+
+  try {
+    for await (const message of session.conversation) {
+      if (session.interrupted) {
+        send(peer, { type: 'chat:interrupted', conversationId })
+        await db.update(schema.conversations)
+          .set({ status: 'interrupted' })
+          .where(eq(schema.conversations.id, conversationId))
+        break
+      }
+
+      if (message.type === 'system' && message.subtype === 'init') {
+        session.sdkSessionId = message.session_id
+        await db.update(schema.conversations)
+          .set({ sdkSessionId: message.session_id })
+          .where(eq(schema.conversations.id, conversationId))
+      } else if (message.type === 'stream_event') {
+        // Real-time streaming events from the Anthropic API
+        const event = message.event
+        if (event.type === 'content_block_delta') {
+          const deltaType = event.delta?.type
+          if (deltaType === 'text_delta' && event.delta.text) {
+            currentText += event.delta.text
+            send(peer, { type: 'chat:text_delta', conversationId, delta: event.delta.text })
+          }
+        } else if (event.type === 'content_block_start') {
+          if (event.content_block?.type === 'tool_use') {
+            send(peer, {
+              type: 'chat:tool_start',
+              conversationId,
+              toolUseId: event.content_block.id,
+              toolName: event.content_block.name
+            })
+          }
+        }
+      } else if (message.type === 'assistant') {
+        // Complete assistant turn — capture content blocks for persistence
+        for (const block of message.message?.content || []) {
+          if (block.type === 'text') {
+            contentBlocks.push({ type: 'text', text: block.text })
+            // Fallback: if no stream_events arrived, send full text now
+            if (!currentText)
+              send(peer, { type: 'chat:text_delta', conversationId, delta: block.text })
+          } else if (block.type === 'tool_use') {
+            contentBlocks.push({
+              type: 'tool_use',
+              id: block.id,
+              name: block.name,
+              input: block.input as Record<string, unknown>
+            })
+          }
+        }
+        currentText = ''
+      } else if (message.type === 'user') {
+        // User messages contain tool results from SDK tool execution
+        const content = message.message?.content
+        if (Array.isArray(content)) {
+          for (const block of content) {
+            if (block.type === 'tool_result') {
+              const resultText = typeof block.content === 'string'
+                ? block.content
+                : Array.isArray(block.content)
+                  ? block.content.map((c: { text?: string }) => c.text || '').join('')
+                  : JSON.stringify(block.content ?? '')
+              contentBlocks.push({
+                type: 'tool_result',
+                tool_use_id: block.tool_use_id,
+                content: resultText,
+                is_error: !!block.is_error
+              })
+              send(peer, {
+                type: 'chat:tool_end',
+                conversationId,
+                toolUseId: block.tool_use_id,
+                result: resultText.slice(0, 5000),
+                isError: !!block.is_error
+              })
+            }
+          }
+        }
+      } else if (message.type === 'result') {
+        const costUsd = message.total_cost_usd || 0
+        const durationMs = message.duration_ms || 0
+
+        // Persist assistant message
+        if (contentBlocks.length > 0) {
+          await db.insert(schema.conversationMessages).values({
+            conversationId,
+            role: 'assistant',
+            content: JSON.stringify(contentBlocks),
+            costUsd,
+            durationMs
+          })
+        }
+
+        // Count messages
+        const msgs = await db.select()
+          .from(schema.conversationMessages)
+          .where(eq(schema.conversationMessages.conversationId, conversationId))
+
+        // Update conversation metadata
+        await db.update(schema.conversations)
+          .set({
+            status: 'idle',
+            messageCount: msgs.length,
+            totalCostUsd: costUsd,
+            endedAt: new Date()
+          })
+          .where(eq(schema.conversations.id, conversationId))
+
+        send(peer, {
+          type: 'chat:stream_end',
+          conversationId,
+          costUsd,
+          durationMs
+        })
+      }
+    }
+  } catch (error) {
+    const errorMsg = error instanceof Error ? error.message : String(error)
+    console.error('[chat] Stream error:', errorMsg)
+    send(peer, { type: 'chat:error', conversationId, message: errorMsg })
+
+    await db.update(schema.conversations)
+      .set({ status: 'error' })
+      .where(eq(schema.conversations.id, conversationId))
+  } finally {
+    chatSessionManager.removeSession(conversationId)
+  }
+}

package/server/routes/notifications.ts

@@ -0,0 +1,47 @@
+import { notificationBus } from '../utils/notification-bus'
+
+interface NotificationMessage {
+  type: 'ping' | 'subscribe'
+}
+
+export default defineWebSocketHandler({
+  open(peer) {
+    console.log(`Notification WebSocket opened: ${peer.id}`)
+
+    notificationBus.registerPeer({
+      id: peer.id,
+      send: (data: string) => peer.send(data)
+    })
+
+    // Send welcome message
+    peer.send(JSON.stringify({
+      type: 'connected',
+      message: 'Notification bus connected',
+      timestamp: new Date().toISOString()
+    }))
+  },
+
+  message(peer, message) {
+    try {
+      const msg = JSON.parse(message.text()) as NotificationMessage
+
+      switch (msg.type) {
+        case 'ping':
+          peer.send(JSON.stringify({ type: 'pong', timestamp: new Date().toISOString() }))
+          break
+      }
+    } catch (e) {
+      console.error('Notification message error:', e)
+    }
+  },
+
+  close(peer) {
+    console.log(`Notification WebSocket closed: ${peer.id}`)
+    notificationBus.unregisterPeer(peer.id)
+  },
+
+  error(peer, error) {
+    console.error(`Notification WebSocket error for ${peer.id}:`, error)
+    notificationBus.unregisterPeer(peer.id)
+  }
+})