cognova 0.1.0

package/server/utils/auth.ts

@@ -0,0 +1,33 @@
+import { betterAuth } from 'better-auth'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { getDb, schema } from '../db'
+
+export const auth = betterAuth({
+  baseURL: process.env.BETTER_AUTH_URL || 'http://localhost:3000',
+  database: drizzleAdapter(getDb(), {
+    provider: 'pg',
+    schema: {
+      user: schema.user,
+      session: schema.session,
+      account: schema.account,
+      verification: schema.verification
+    }
+  }),
+  emailAndPassword: {
+    enabled: true
+  },
+  session: {
+    expiresIn: 60 * 60 * 24 * 7, // 7 days
+    updateAge: 60 * 60 * 24 // Update session every 24 hours
+  },
+  advanced: {
+    // For HTTP (non-HTTPS) access via IP/LAN, cookies must not require Secure flag
+    useSecureCookies: process.env.BETTER_AUTH_URL?.startsWith('https://') ?? false
+  },
+  trustedOrigins: process.env.ACCESS_MODE === 'any'
+    ? (request?: Request) => {
+        const origin = request?.headers.get('origin')
+        return origin ? [origin] : []
+      }
+    : process.env.BETTER_AUTH_URL ? [process.env.BETTER_AUTH_URL] : []
+})

package/server/utils/chat-session-manager.ts

@@ -0,0 +1,59 @@
+import { query } from '@anthropic-ai/claude-agent-sdk'
+
+interface ActiveSession {
+  conversationId: string
+  sdkSessionId: string
+  conversation: ReturnType<typeof query>
+  interrupted: boolean
+  startedAt: Date
+}
+
+class ChatSessionManager {
+  private sessions = new Map<string, ActiveSession>()
+
+  startSession(conversationId: string, prompt: string, resumeSessionId?: string): ActiveSession {
+    // Use the project directory as CWD so the SDK picks up .claude/ (skills, rules, CLAUDE.md)
+    // The vault is accessible via VAULT_PATH env var in tools
+    const projectDir = process.env.COGNOVA_PROJECT_DIR || process.cwd()
+    const conversation = query({
+      prompt,
+      options: {
+        cwd: projectDir,
+        settingSources: ['user', 'project'],
+        permissionMode: 'bypassPermissions',
+        allowDangerouslySkipPermissions: true,
+        maxTurns: 200,
+        includePartialMessages: true,
+        ...(resumeSessionId ? { resume: resumeSessionId } : {})
+      }
+    })
+
+    const session: ActiveSession = {
+      conversationId,
+      sdkSessionId: '',
+      conversation,
+      interrupted: false,
+      startedAt: new Date()
+    }
+
+    this.sessions.set(conversationId, session)
+    return session
+  }
+
+  getSession(conversationId: string): ActiveSession | undefined {
+    return this.sessions.get(conversationId)
+  }
+
+  interrupt(conversationId: string): boolean {
+    const session = this.sessions.get(conversationId)
+    if (!session) return false
+    session.interrupted = true
+    return true
+  }
+
+  removeSession(conversationId: string): void {
+    this.sessions.delete(conversationId)
+  }
+}
+
+export const chatSessionManager = new ChatSessionManager()

package/server/utils/crypto.ts

@@ -0,0 +1,40 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto'
+
+const ALGORITHM = 'aes-256-gcm'
+const SALT = 'cognova-secrets-salt'
+
+function deriveKey(): Buffer {
+  const secret = process.env.BETTER_AUTH_SECRET
+  if (!secret) throw new Error('BETTER_AUTH_SECRET not set')
+  return scryptSync(secret, SALT, 32)
+}
+
+export function encryptSecret(plaintext: string): { encrypted: string, iv: string } {
+  const key = deriveKey()
+  const iv = randomBytes(16)
+  const cipher = createCipheriv(ALGORITHM, key, iv)
+
+  let encrypted = cipher.update(plaintext, 'utf8', 'hex')
+  encrypted += cipher.final('hex')
+  const authTag = cipher.getAuthTag().toString('hex')
+
+  return {
+    encrypted: encrypted + ':' + authTag,
+    iv: iv.toString('hex')
+  }
+}
+
+export function decryptSecret(encrypted: string, ivHex: string): string {
+  const key = deriveKey()
+  const iv = Buffer.from(ivHex, 'hex')
+  const [ciphertext, authTag] = encrypted.split(':')
+
+  const decipher = createDecipheriv(ALGORITHM, key, iv)
+  decipher.setAuthTag(Buffer.from(authTag!, 'hex'))
+
+  const decryptedBuf = Buffer.concat([
+    decipher.update(Buffer.from(ciphertext!, 'hex')),
+    decipher.final()
+  ])
+  return decryptedBuf.toString('utf8')
+}

package/server/utils/db-guard.ts

@@ -0,0 +1,12 @@
+import type { H3Event } from 'h3'
+import { isDbAvailable } from './db-state'
+
+export function requireDb(_event: H3Event) {
+  if (!isDbAvailable()) {
+    throw createError({
+      statusCode: 503,
+      statusMessage: 'Database Unavailable',
+      message: 'Database features are currently disabled. Configure DATABASE_URL to enable.'
+    })
+  }
+}

package/server/utils/db-state.ts

@@ -0,0 +1,63 @@
+interface DbState {
+  available: boolean
+  error?: string
+  lastCheck: Date
+}
+
+let dbState: DbState = {
+  available: false,
+  lastCheck: new Date()
+}
+
+// Track whether setDbState has been called
+let stateInitialized = false
+
+// Promise that resolves when DB state is first set
+let dbReadyResolve: ((available: boolean) => void) | null = null
+let dbReadyPromise: Promise<boolean> | null = null
+
+export function setDbState(available: boolean, error?: string) {
+  dbState = { available, error, lastCheck: new Date() }
+  stateInitialized = true
+
+  // Resolve the waiting promise if anyone is waiting
+  if (dbReadyResolve) {
+    dbReadyResolve(available)
+    dbReadyResolve = null
+  }
+}
+
+export function isDbAvailable(): boolean {
+  return dbState.available
+}
+
+export function getDbState(): DbState {
+  return { ...dbState }
+}
+
+/**
+ * Wait for the database to be initialized.
+ * Returns true if available, false if unavailable or timeout.
+ */
+export function waitForDb(timeoutMs = 10000): Promise<boolean> {
+  // Already initialized
+  if (stateInitialized)
+    return Promise.resolve(dbState.available)
+
+  // Create promise if not already waiting
+  if (!dbReadyPromise) {
+    dbReadyPromise = new Promise<boolean>((resolve) => {
+      dbReadyResolve = resolve
+
+      // Timeout fallback
+      setTimeout(() => {
+        if (dbReadyResolve) {
+          dbReadyResolve(false)
+          dbReadyResolve = null
+        }
+      }, timeoutMs)
+    })
+  }
+
+  return dbReadyPromise
+}

package/server/utils/document-sync.ts

@@ -0,0 +1,207 @@
+import { readFile, readdir, writeFile } from 'fs/promises'
+import { join, basename } from 'path'
+import { eq, isNull } from 'drizzle-orm'
+import { getDb } from '~~/server/db'
+import * as schema from '~~/server/db/schema'
+import { getVaultRoot, toRelativePath } from './path-validator'
+import { parseFrontmatter, stringifyFrontmatter, extractTitle, computeContentHash, isBinaryFile, getMimeType } from './frontmatter'
+import { isDbAvailable } from './db-state'
+
+// Default frontmatter values for new documents
+const DEFAULT_FRONTMATTER = {
+  tags: [] as string[],
+  shared: false
+}
+
+export type SyncResult = 'added' | 'updated' | 'restored' | 'unchanged' | 'skipped'
+
+export async function syncDocument(absolutePath: string): Promise<SyncResult> {
+  if (!isDbAvailable()) return 'skipped'
+
+  const db = getDb()
+  const relativePath = toRelativePath(absolutePath)
+  const filename = basename(absolutePath)
+
+  // Skip hidden files
+  if (filename.startsWith('.')) return 'skipped'
+
+  let fileContent: string
+  try {
+    fileContent = await readFile(absolutePath, 'utf-8')
+  } catch {
+    console.error(`[sync] Failed to read file: ${relativePath}`)
+    return 'skipped'
+  }
+
+  const isBinary = isBinaryFile(filename)
+
+  const [existing] = await db
+    .select()
+    .from(schema.documents)
+    .where(eq(schema.documents.path, relativePath))
+    .limit(1)
+
+  if (isBinary) {
+    if (!existing) {
+      await db.insert(schema.documents).values({
+        path: relativePath,
+        title: filename,
+        fileType: 'binary',
+        mimeType: getMimeType(filename),
+        syncedAt: new Date()
+      })
+      return 'added'
+    } else if (existing.deletedAt) {
+      // Restore previously deleted binary file
+      await db.update(schema.documents).set({
+        deletedAt: null,
+        syncedAt: new Date()
+      }).where(eq(schema.documents.id, existing.id))
+      return 'restored'
+    }
+    return 'unchanged'
+  }
+
+  const { metadata: initialMetadata, body: bodyContent } = parseFrontmatter(fileContent)
+  let metadata = initialMetadata
+  const title = extractTitle(metadata, bodyContent, filename)
+
+  // For new documents without frontmatter, add defaults
+  const needsDefaults = !existing && Object.keys(metadata).length === 0
+
+  if (needsDefaults) {
+    // Merge defaults into metadata
+    metadata = { ...DEFAULT_FRONTMATTER }
+
+    // Write frontmatter back to file
+    const newContent = stringifyFrontmatter(metadata, bodyContent)
+    try {
+      await writeFile(absolutePath, newContent, 'utf-8')
+      fileContent = newContent
+    } catch (err) {
+      console.error(`[sync] Failed to write frontmatter to ${relativePath}:`, err)
+    }
+  }
+
+  const contentHash = computeContentHash(fileContent)
+
+  if (existing) {
+    const contentChanged = existing.contentHash !== contentHash
+    const wasDeleted = existing.deletedAt !== null
+
+    // Update if content changed OR document was previously deleted (restore it)
+    if (contentChanged || wasDeleted) {
+      await db.update(schema.documents).set({
+        title,
+        content: bodyContent,
+        contentHash,
+        tags: Array.isArray(metadata.tags) ? metadata.tags as string[] : existing.tags,
+        deletedAt: null, // Clear deletion flag - file exists on disk
+        syncedAt: new Date(),
+        modifiedAt: new Date()
+      }).where(eq(schema.documents.id, existing.id))
+      return wasDeleted ? 'restored' : 'updated'
+    }
+    return 'unchanged'
+  }
+
+  await db.insert(schema.documents).values({
+    path: relativePath,
+    title,
+    content: bodyContent,
+    contentHash,
+    tags: Array.isArray(metadata.tags) ? metadata.tags as string[] : [],
+    shared: metadata.shared === true,
+    fileType: 'markdown',
+    syncedAt: new Date()
+  })
+  return 'added'
+}
+
+export async function markDocumentDeleted(absolutePath: string): Promise<void> {
+  if (!isDbAvailable()) return
+
+  const db = getDb()
+  const relativePath = toRelativePath(absolutePath)
+
+  await db.update(schema.documents).set({
+    deletedAt: new Date(),
+    modifiedAt: new Date()
+  }).where(eq(schema.documents.path, relativePath))
+}
+
+export async function handleDocumentMove(oldPath: string, newPath: string): Promise<void> {
+  if (!isDbAvailable()) return
+
+  const db = getDb()
+  const oldRelative = toRelativePath(oldPath)
+  const newRelative = toRelativePath(newPath)
+
+  await db.update(schema.documents).set({
+    path: newRelative,
+    modifiedAt: new Date()
+  }).where(eq(schema.documents.path, oldRelative))
+}
+
+export async function fullSync(): Promise<{ added: number, updated: number, removed: number }> {
+  if (!isDbAvailable()) {
+    console.log('[sync] Database not available for full sync')
+    return { added: 0, updated: 0, removed: 0 }
+  }
+
+  const db = getDb()
+  const vaultRoot = getVaultRoot()
+  const stats = { added: 0, updated: 0, removed: 0 }
+  const foundPaths = new Set<string>()
+
+  async function scanDir(dir: string): Promise<void> {
+    let entries
+    try {
+      entries = await readdir(dir, { withFileTypes: true })
+    } catch (err) {
+      console.error(`[sync] Failed to read directory ${dir}:`, err)
+      return
+    }
+
+    for (const entry of entries) {
+      if (entry.name.startsWith('.')) continue
+
+      const fullPath = join(dir, entry.name)
+
+      if (entry.isDirectory()) {
+        await scanDir(fullPath)
+      } else if (entry.isFile()) {
+        const relativePath = toRelativePath(fullPath)
+        foundPaths.add(relativePath)
+        try {
+          const result = await syncDocument(fullPath)
+          if (result === 'added') stats.added++
+          else if (result === 'updated' || result === 'restored') stats.updated++
+        } catch (err) {
+          console.error(`[sync] Failed to sync ${relativePath}:`, err)
+        }
+      }
+    }
+  }
+
+  console.log(`[sync] Starting full sync of ${vaultRoot}`)
+  await scanDir(vaultRoot)
+  console.log(`[sync] Scanned ${foundPaths.size} files`)
+
+  // Mark documents not found on disk as deleted
+  const dbDocs = await db
+    .select({ id: schema.documents.id, path: schema.documents.path })
+    .from(schema.documents)
+    .where(isNull(schema.documents.deletedAt))
+
+  for (const doc of dbDocs) {
+    if (!foundPaths.has(doc.path)) {
+      await db.update(schema.documents).set({
+        deletedAt: new Date()
+      }).where(eq(schema.documents.id, doc.id))
+      stats.removed++
+    }
+  }
+
+  return stats
+}

package/server/utils/frontmatter.ts

@@ -0,0 +1,84 @@
+import matter from 'gray-matter'
+import { createHash } from 'crypto'
+
+export interface ParsedDocument {
+  metadata: Record<string, unknown>
+  body: string
+  raw: string
+}
+
+export function parseFrontmatter(content: string): ParsedDocument {
+  const { data, content: body } = matter(content)
+  return {
+    metadata: data,
+    body,
+    raw: content
+  }
+}
+
+export function stringifyFrontmatter(metadata: Record<string, unknown>, body: string): string {
+  if (Object.keys(metadata).length === 0)
+    return body
+
+  return matter.stringify(body, metadata)
+}
+
+export function computeContentHash(content: string): string {
+  return createHash('sha256').update(content).digest('hex')
+}
+
+export function extractTitle(metadata: Record<string, unknown>, body: string, filename: string): string {
+  if (metadata.title && typeof metadata.title === 'string')
+    return metadata.title
+
+  const h1Match = body.match(/^#\s+(.+)$/m)
+  if (h1Match?.[1])
+    return h1Match[1].trim()
+
+  return filename.replace(/\.[^.]+$/, '')
+}
+
+const binaryExtensions = new Set([
+  'png', 'jpg', 'jpeg', 'gif', 'webp', 'svg', 'ico', 'bmp', 'tiff',
+  'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx',
+  'zip', 'tar', 'gz', 'rar', '7z',
+  'mp3', 'mp4', 'wav', 'avi', 'mov', 'mkv', 'flac',
+  'ttf', 'otf', 'woff', 'woff2', 'eot'
+])
+
+export function isBinaryFile(filename: string): boolean {
+  const ext = filename.split('.').pop()?.toLowerCase() || ''
+  return binaryExtensions.has(ext)
+}
+
+export function getFileType(filename: string): 'markdown' | 'text' | 'binary' {
+  if (isBinaryFile(filename)) return 'binary'
+  const ext = filename.split('.').pop()?.toLowerCase() || ''
+  if (ext === 'md' || ext === 'mdx') return 'markdown'
+  return 'text'
+}
+
+const mimeTypes: Record<string, string> = {
+  png: 'image/png',
+  jpg: 'image/jpeg',
+  jpeg: 'image/jpeg',
+  gif: 'image/gif',
+  webp: 'image/webp',
+  svg: 'image/svg+xml',
+  ico: 'image/x-icon',
+  bmp: 'image/bmp',
+  pdf: 'application/pdf',
+  doc: 'application/msword',
+  docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  xls: 'application/vnd.ms-excel',
+  xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  zip: 'application/zip',
+  mp3: 'audio/mpeg',
+  mp4: 'video/mp4',
+  wav: 'audio/wav'
+}
+
+export function getMimeType(filename: string): string | undefined {
+  const ext = filename.split('.').pop()?.toLowerCase()
+  return ext ? mimeTypes[ext] : undefined
+}

package/server/utils/notification-bus.ts

@@ -0,0 +1,60 @@
+import { EventEmitter } from 'events'
+import type { NotificationPayload } from '~~/shared/types'
+
+type Peer = {
+  id: string
+  send: (data: string) => void
+}
+
+class NotificationBus extends EventEmitter {
+  private peers = new Map<string, Peer>()
+
+  registerPeer(peer: Peer) {
+    this.peers.set(peer.id, peer)
+    console.log(`[notification-bus] Peer connected: ${peer.id} (${this.peers.size} total)`)
+  }
+
+  unregisterPeer(peerId: string) {
+    this.peers.delete(peerId)
+    console.log(`[notification-bus] Peer disconnected: ${peerId} (${this.peers.size} total)`)
+  }
+
+  broadcast(payload: NotificationPayload) {
+    const message = JSON.stringify({
+      ...payload,
+      timestamp: payload.timestamp || new Date().toISOString()
+    })
+
+    for (const [peerId, peer] of this.peers) {
+      try {
+        peer.send(message)
+      } catch {
+        // Peer may have disconnected, remove it
+        this.unregisterPeer(peerId)
+      }
+    }
+
+    console.log(`[notification-bus] Broadcast: ${payload.type} to ${this.peers.size} peers`)
+  }
+
+  sendToPeer(peerId: string, payload: NotificationPayload) {
+    const peer = this.peers.get(peerId)
+    if (peer) {
+      try {
+        peer.send(JSON.stringify({
+          ...payload,
+          timestamp: payload.timestamp || new Date().toISOString()
+        }))
+      } catch {
+        this.unregisterPeer(peerId)
+      }
+    }
+  }
+
+  getPeerCount(): number {
+    return this.peers.size
+  }
+}
+
+// Singleton instance
+export const notificationBus = new NotificationBus()

package/server/utils/path-validator.ts

@@ -0,0 +1,55 @@
+import { resolve, relative, join } from 'path'
+import { existsSync } from 'fs'
+
+function getDefaultVaultPath(): string {
+  // Check common locations in order of preference
+  const candidates = [
+    process.env.VAULT_PATH,
+    '/tmp/cognova-vault',
+    process.env.HOME ? join(process.env.HOME, 'Documents', 'vault') : null,
+    process.cwd()
+  ].filter(Boolean) as string[]
+
+  for (const path of candidates) {
+    // Always resolve to absolute path
+    const absolutePath = resolve(path)
+    if (existsSync(absolutePath)) {
+      return absolutePath
+    }
+  }
+
+  // Fallback to current working directory
+  return process.cwd()
+}
+
+const VAULT_ROOT = getDefaultVaultPath()
+
+export function getVaultRoot(): string {
+  return VAULT_ROOT
+}
+
+export function validatePath(requestedPath: string): string {
+  // Normalize the path - remove leading slash and resolve
+  const normalizedPath = requestedPath.replace(/^\/+/, '')
+  const resolved = resolve(VAULT_ROOT, normalizedPath)
+  const rel = relative(VAULT_ROOT, resolved)
+
+  // Prevent traversal outside vault
+  if (rel.startsWith('..') || !resolved.startsWith(VAULT_ROOT)) {
+    throw createError({
+      statusCode: 403,
+      message: 'Path outside vault directory'
+    })
+  }
+
+  return resolved
+}
+
+export function toRelativePath(absolutePath: string): string {
+  const rel = relative(VAULT_ROOT, absolutePath)
+  return '/' + rel
+}
+
+export function joinVaultPath(...paths: string[]): string {
+  return join(VAULT_ROOT, ...paths)
+}