dineway 0.1.4 → 0.1.6

package/src/astro/routes/api/taxonomies/[name]/terms/[slug].ts

@@ -7,15 +7,36 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleTermDelete, handleTermGet, handleTermUpdate } from "#api/handlers/taxonomies.js";
-import { isParseError, parseBody } from "#api/parse.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { isParseError, parseBody, parseQuery } from "#api/parse.js";
 import { updateTermBody } from "#api/schemas.js";
+import {
+	activityChangedKeys,
+	logTaxonomyActivity,
+	RiskPolicyEvaluator,
+	taxonomyApiRouteSource,
+	TaxonomyHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const updateTermHitlBody = updateTermBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
+const deleteTermQuery = z.object({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 /**
  * Get a single term
  */
@@ -59,10 +80,68 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 	if (denied) return denied;
 
 	try {
-		const body = await parseBody(request, updateTermBody);
+		const body = await parseBody(request, updateTermHitlBody);
 		if (isParseError(body)) return body;
 
-		const result = await handleTermUpdate(dineway.db, name, slug, body);
+		const current = await handleTermGet(dineway.db, name, slug);
+		if (!current.success) return unwrapResult(current);
+
+		const { hitlRequestId, ...termInput } = body;
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
+			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
+			if (!taxonomy) {
+				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
+			}
+
+			const action = await payloadBuilder.buildUpdateTermRequest({
+				taxonomy,
+				currentTerm: {
+					id: current.data.term.id,
+					name: current.data.term.name,
+					slug: current.data.term.slug,
+					label: current.data.term.label,
+					parentId: current.data.term.parentId,
+					description: current.data.term.description ?? null,
+				},
+				...termInput,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
+		const result = await handleTermUpdate(dineway.db, name, slug, termInput);
+		if (result.success) {
+			await logTaxonomyActivity(dineway.db, locals, {
+				action: "term_updated",
+				taxonomyName: name,
+				termId: result.data.term.id,
+				termSlug: result.data.term.slug,
+				...taxonomyApiRouteSource("term_updated"),
+				detail: {
+					changedKeys: activityChangedKeys(termInput),
+					label: result.data.term.label,
+					parentId: result.data.term.parentId,
+					description: result.data.term.description ?? null,
+					hitlRequestId: approvedHitlRequestId,
+				},
+			});
+		}
 		return unwrapResult(result);
 	} catch (error) {
 		return handleError(error, "Failed to update term", "TERM_UPDATE_ERROR");
@@ -72,7 +151,7 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 /**
  * Delete a term
  */
-export const DELETE: APIRoute = async ({ params, locals }) => {
+export const DELETE: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const { name, slug } = params;
 
@@ -86,8 +165,66 @@ export const DELETE: APIRoute = async ({ params, locals }) => {
 	const denied = requirePerm(user, "taxonomies:manage");
 	if (denied) return denied;
 
+	const query = parseQuery(new URL(request.url), deleteTermQuery);
+	if (isParseError(query)) return query;
+
 	try {
+		const current = await handleTermGet(dineway.db, name, slug);
+		if (!current.success) return unwrapResult(current);
+
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
+			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
+			if (!taxonomy) {
+				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
+			}
+
+			const action = await payloadBuilder.buildDeleteTermRequest({
+				taxonomy,
+				currentTerm: {
+					id: current.data.term.id,
+					name: current.data.term.name,
+					slug: current.data.term.slug,
+					label: current.data.term.label,
+					parentId: current.data.term.parentId,
+					description: current.data.term.description ?? null,
+				},
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId: query.hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
 		const result = await handleTermDelete(dineway.db, name, slug);
+		if (result.success) {
+			await logTaxonomyActivity(dineway.db, locals, {
+				action: "term_deleted",
+				taxonomyName: name,
+				termId: current.data.term.id,
+				termSlug: current.data.term.slug,
+				...taxonomyApiRouteSource("term_deleted"),
+				detail: {
+					label: current.data.term.label,
+					parentId: current.data.term.parentId,
+					description: current.data.term.description ?? null,
+					hitlRequestId: approvedHitlRequestId,
+				},
+			});
+		}
 		return unwrapResult(result);
 	} catch (error) {
 		return handleError(error, "Failed to delete term", "TERM_DELETE_ERROR");

package/src/astro/routes/api/taxonomies/[name]/terms/index.ts

@@ -6,15 +6,31 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleTermCreate, handleTermList } from "#api/handlers/taxonomies.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { createTermBody } from "#api/schemas.js";
+import {
+	logTaxonomyActivity,
+	RiskPolicyEvaluator,
+	taxonomyApiRouteSource,
+	TaxonomyHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const createTermHitlBody = createTermBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 /**
  * List all terms for a taxonomy
  */
@@ -58,10 +74,56 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	if (denied) return denied;
 
 	try {
-		const body = await parseBody(request, createTermBody);
+		const body = await parseBody(request, createTermHitlBody);
 		if (isParseError(body)) return body;
 
-		const result = await handleTermCreate(dineway.db, name, body);
+		const { hitlRequestId, ...termInput } = body;
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
+			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
+			if (!taxonomy) {
+				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
+			}
+
+			const action = await payloadBuilder.buildCreateTermRequest({
+				taxonomy,
+				...termInput,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
+		const result = await handleTermCreate(dineway.db, name, termInput);
+		if (result.success) {
+			await logTaxonomyActivity(dineway.db, locals, {
+				action: "term_created",
+				taxonomyName: name,
+				termId: result.data.term.id,
+				termSlug: result.data.term.slug,
+				...taxonomyApiRouteSource("term_created"),
+				detail: {
+					label: result.data.term.label,
+					parentId: result.data.term.parentId,
+					description: result.data.term.description ?? null,
+					hitlRequestId: approvedHitlRequestId,
+				},
+			});
+		}
 		return unwrapResult(result, 201);
 	} catch (error) {
 		return handleError(error, "Failed to create term", "TERM_CREATE_ERROR");

package/src/astro/routes/api/taxonomies/index.ts

@@ -6,15 +6,31 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleTaxonomyCreate, handleTaxonomyList } from "#api/handlers/taxonomies.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { createTaxonomyDefBody } from "#api/schemas.js";
+import {
+	logTaxonomyActivity,
+	RiskPolicyEvaluator,
+	taxonomyApiRouteSource,
+	TaxonomyHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const createTaxonomyHitlBody = createTaxonomyDefBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 /**
  * List taxonomy definitions
  */
@@ -48,10 +64,49 @@ export const POST: APIRoute = async ({ request, locals }) => {
 	if (denied) return denied;
 
 	try {
-		const body = await parseBody(request, createTaxonomyDefBody);
+		const body = await parseBody(request, createTaxonomyHitlBody);
 		if (isParseError(body)) return body;
 
-		const result = await handleTaxonomyCreate(dineway.db, body);
+		const { hitlRequestId, ...taxonomyInput } = body;
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await new TaxonomyHitlPayloadBuilder(dineway.db).buildCreateTaxonomyRequest(
+				taxonomyInput,
+			);
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
+		const result = await handleTaxonomyCreate(dineway.db, taxonomyInput);
+		if (result.success) dineway.invalidateManifest();
+		if (result.success) {
+			await logTaxonomyActivity(dineway.db, locals, {
+				action: "created",
+				taxonomyId: result.data.taxonomy.id,
+				taxonomyName: result.data.taxonomy.name,
+				...taxonomyApiRouteSource("created"),
+				detail: {
+					label: result.data.taxonomy.label,
+					hierarchical: result.data.taxonomy.hierarchical,
+					collections: result.data.taxonomy.collections,
+					hitlRequestId: approvedHitlRequestId,
+				},
+			});
+		}
 		return unwrapResult(result, 201);
 	} catch (error) {
 		return handleError(error, "Failed to create taxonomy", "TAXONOMY_CREATE_ERROR");

package/src/astro/routes/api/well-known/auth.ts

@@ -10,6 +10,8 @@ import type { APIRoute } from "astro";
 import { getAuthMode } from "#auth/mode.js";
 import { OptionsRepository } from "#db/repositories/options.js";
 
+import { VERSION } from "../../../../version.js";
+
 export const prerender = false;
 
 export const GET: APIRoute = async ({ locals }) => {
@@ -35,7 +37,7 @@ export const GET: APIRoute = async ({ locals }) => {
 	const response: Record<string, unknown> = {
 		instance: {
 			name: siteName,
-			version: "0.1.0",
+			version: VERSION,
 		},
 		auth: {
 			mode: isExternal ? "external" : "passkey",

package/src/astro/routes/api/well-known/oauth-authorization-server.ts

@@ -1,8 +1,9 @@
 /**
- * GET /_dineway/.well-known/oauth-authorization-server
+ * GET /.well-known/oauth-authorization-server/_dineway
  *
- * RFC 8414 Authorization Server Metadata. Tells MCP clients which
- * endpoints to use for OAuth authorization, token exchange, etc.
+ * RFC 8414 Authorization Server Metadata. The issuer pathname (`/_dineway`)
+ * is appended after the well-known prefix so standards-compliant OAuth/MCP
+ * clients can discover the metadata from the issuer URL.
  *
  * Public, unauthenticated.
  */
@@ -10,7 +11,8 @@
 import type { APIRoute } from "astro";
 
 import { getPublicOrigin } from "#api/public-url.js";
-import { VALID_SCOPES } from "#auth/api-tokens.js";
+import { ALL_VALID_SCOPES } from "#auth/api-tokens.js";
+import { filterExperimentalSiteContextWorkflowScopes } from "#site-context/experimental-workflows.js";
 
 export const prerender = false;
 
@@ -23,7 +25,7 @@ export const GET: APIRoute = async ({ url, locals }) => {
 			issuer,
 			authorization_endpoint: `${origin}/_dineway/oauth/authorize`,
 			token_endpoint: `${origin}/_dineway/api/oauth/token`,
-			scopes_supported: [...VALID_SCOPES],
+			scopes_supported: filterExperimentalSiteContextWorkflowScopes(ALL_VALID_SCOPES),
 			response_types_supported: ["code"],
 			grant_types_supported: [
 				"authorization_code",
@@ -31,6 +33,7 @@ export const GET: APIRoute = async ({ url, locals }) => {
 				"urn:ietf:params:oauth:grant-type:device_code",
 			],
 			code_challenge_methods_supported: ["S256"],
+			registration_endpoint: `${origin}/_dineway/api/oauth/register`,
 			token_endpoint_auth_methods_supported: ["none"],
 			client_id_metadata_document_supported: true,
 			device_authorization_endpoint: `${origin}/_dineway/api/oauth/device/code`,

package/src/astro/routes/api/well-known/oauth-protected-resource.ts

@@ -14,7 +14,8 @@
 import type { APIRoute } from "astro";
 
 import { getPublicOrigin } from "#api/public-url.js";
-import { VALID_SCOPES } from "#auth/api-tokens.js";
+import { ALL_VALID_SCOPES } from "#auth/api-tokens.js";
+import { filterExperimentalSiteContextWorkflowScopes } from "#site-context/experimental-workflows.js";
 
 export const prerender = false;
 
@@ -25,7 +26,7 @@ export const GET: APIRoute = async ({ url, locals }) => {
 		{
 			resource: `${origin}/_dineway/api/mcp`,
 			authorization_servers: [`${origin}/_dineway`],
-			scopes_supported: [...VALID_SCOPES],
+			scopes_supported: filterExperimentalSiteContextWorkflowScopes(ALL_VALID_SCOPES),
 			bearer_methods_supported: ["header"],
 		},
 		{

package/src/astro/routes/api/widget-areas/[name]/reorder.ts

@@ -5,14 +5,30 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { reorderWidgetsBody } from "#api/schemas.js";
+import {
+	logWidgetActivity,
+	RiskPolicyEvaluator,
+	widgetApiRouteSource,
+	WidgetHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const reorderWidgetsHitlBody = reorderWidgetsBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 export const POST: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
@@ -26,37 +42,52 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	}
 
 	try {
-		// Get the area
-		const area = await db
-			.selectFrom("_dineway_widget_areas")
-			.select("id")
-			.where("name", "=", name)
-			.executeTakeFirst();
+		const payloadBuilder = new WidgetHitlPayloadBuilder(db);
+		const area = await payloadBuilder.loadWidgetAreaSnapshot(name);
 
 		if (!area) {
 			return apiError("NOT_FOUND", `Widget area "${name}" not found`, 404);
 		}
 
-		const body = await parseBody(request, reorderWidgetsBody);
+		const body = await parseBody(request, reorderWidgetsHitlBody);
 		if (isParseError(body)) return body;
+		const { hitlRequestId, widgetIds } = body;
 
 		// Verify all widget IDs belong to this area
-		const existingWidgets = await db
-			.selectFrom("_dineway_widgets")
-			.select("id")
-			.where("area_id", "=", area.id)
-			.execute();
-
-		const existingIds = new Set(existingWidgets.map((w) => w.id));
-		for (const id of body.widgetIds) {
+		const existingIds = new Set(area.widgets.map((widget) => widget.id));
+		for (const id of widgetIds) {
 			if (!existingIds.has(id)) {
 				return apiError("VALIDATION_ERROR", `Widget "${id}" not found in area "${name}"`, 400);
 			}
 		}
 
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await payloadBuilder.buildReorderWidgetsRequest({
+				area,
+				widgetIds,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
 		// Update sort_order for each widget
 		await Promise.all(
-			body.widgetIds.map((id, index) =>
+			widgetIds.map((id, index) =>
 				db
 					.updateTable("_dineway_widgets")
 					.set({ sort_order: index })
@@ -65,6 +96,17 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 			),
 		);
 
+		await logWidgetActivity(db, locals, {
+			action: "reordered",
+			areaId: area.id,
+			areaName: area.name,
+			...widgetApiRouteSource("reordered"),
+			detail: {
+				widgetIds,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess({ success: true });
 	} catch (error) {
 		return handleError(error, "Failed to reorder widgets", "WIDGET_REORDER_ERROR");