draft-board 0.1.0-beta.0

package/app/backend/setup_demo_review.py

@@ -0,0 +1,302 @@
+"""Create demo data for PR review flow."""
+import sqlite3
+import uuid
+import os
+from datetime import datetime, timezone
+
+DB = "kanban.db"
+BOARD_ID = "40c6e796-b75d-47d0-9e9d-ea525b70e271"
+TICKET_ID = "8b383839-cbec-45af-86ee-c7708d075cbe"  # JWT auth ticket
+GOAL_ID = "d1213e05-a49c-4b30-8033-64de449e587f"
+
+conn = sqlite3.connect(DB)
+c = conn.cursor()
+
+# 1. Transition ticket to needs_human
+c.execute("UPDATE tickets SET state = ? WHERE id = ?", ("needs_human", TICKET_ID))
+
+# 2. Create a Job record
+job_id = str(uuid.uuid4())
+now = datetime.now(timezone.utc).isoformat()
+c.execute(
+    """INSERT INTO jobs (id, ticket_id, board_id, kind, status, created_at, started_at, finished_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+    (job_id, TICKET_ID, BOARD_ID, "execute", "succeeded", now, now, now),
+)
+
+# 3. Create evidence files on disk
+evidence_dir = os.path.join(".smartkanban", "evidence", TICKET_ID)
+os.makedirs(evidence_dir, exist_ok=True)
+
+diff_stat = """ src/middleware/auth.js | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ src/routes/auth.js    | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ src/models/db.js      | 12 ++++++++++--
+ src/index.js          |  8 ++++++--
+ package.json          |  4 +++-
+ 5 files changed, 142 insertions(+), 5 deletions(-)"""
+
+diff_patch = '''diff --git a/package.json b/package.json
+index 1a2b3c4..5d6e7f8 100644
+--- a/package.json
++++ b/package.json
+@@ -10,7 +10,9 @@
+   "dependencies": {
+     "express": "^4.18.2",
+     "better-sqlite3": "^9.4.3",
+-    "cors": "^2.8.5"
++    "cors": "^2.8.5",
++    "jsonwebtoken": "^9.0.2",
++    "bcryptjs": "^2.4.3"
+   },
+   "devDependencies": {
+     "jest": "^29.7.0",
+diff --git a/src/models/db.js b/src/models/db.js
+index 2b3c4d5..8e9f0a1 100644
+--- a/src/models/db.js
++++ b/src/models/db.js
+@@ -8,6 +8,16 @@ db.exec(`
+   )
+ `);
+
++db.exec(`
++  CREATE TABLE IF NOT EXISTS users (
++    id INTEGER PRIMARY KEY AUTOINCREMENT,
++    username TEXT UNIQUE NOT NULL,
++    password TEXT NOT NULL,
++    email TEXT,
++    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
++  )
++`);
++
+ module.exports = db;
+diff --git a/src/middleware/auth.js b/src/middleware/auth.js
+new file mode 100644
+index 0000000..3f4a5b6
+--- /dev/null
++++ b/src/middleware/auth.js
+@@ -0,0 +1,45 @@
++const jwt = require("jsonwebtoken");
++
++const JWT_SECRET = process.env.JWT_SECRET || "dev-secret-key";
++
++function authenticateToken(req, res, next) {
++  const authHeader = req.headers["authorization"];
++  const token = authHeader && authHeader.split(" ")[1];
++
++  if (!token) {
++    return res.status(401).json({ error: "Access token required" });
++  }
++
++  try {
++    const decoded = jwt.verify(token, JWT_SECRET);
++    req.user = decoded;
++    next();
++  } catch (err) {
++    return res.status(401).json({ error: "Invalid or expired token" });
++  }
++}
++
++function generateToken(user) {
++  return jwt.sign(
++    { id: user.id, username: user.username },
++    JWT_SECRET,
++    { expiresIn: "24h" }
++  );
++}
++
++function hashPassword(password) {
++  const bcrypt = require("bcryptjs");
++  return bcrypt.hashSync(password, 10);
++}
++
++function comparePassword(password, hash) {
++  const bcrypt = require("bcryptjs");
++  return bcrypt.compareSync(password, hash);
++}
++
++module.exports = {
++  authenticateToken,
++  generateToken,
++  hashPassword,
++  comparePassword,
++  JWT_SECRET
++};
+diff --git a/src/routes/auth.js b/src/routes/auth.js
+new file mode 100644
+index 0000000..7c8d9e0
+--- /dev/null
++++ b/src/routes/auth.js
+@@ -0,0 +1,78 @@
++const express = require("express");
++const router = express.Router();
++const db = require("../models/db");
++const { generateToken, hashPassword, comparePassword } = require("../middleware/auth");
++
++// POST /api/auth/register
++router.post("/register", (req, res) => {
++  const { username, password, email } = req.body;
++
++  if (!username || !password) {
++    return res.status(400).json({ error: "Username and password are required" });
++  }
++
++  if (password.length < 6) {
++    return res.status(400).json({ error: "Password must be at least 6 characters" });
++  }
++
++  try {
++    const existing = db.prepare("SELECT id FROM users WHERE username = ?").get(username);
++    if (existing) {
++      return res.status(409).json({ error: "Username already exists" });
++    }
++
++    const hashedPassword = hashPassword(password);
++    const result = db.prepare(
++      "INSERT INTO users (username, password, email) VALUES (?, ?, ?)"
++    ).run(username, hashedPassword, email || null);
++
++    const user = { id: result.lastInsertRowid, username };
++    const token = generateToken(user);
++
++    res.status(201).json({ user: { id: user.id, username }, token });
++  } catch (err) {
++    res.status(500).json({ error: "Registration failed" });
++  }
++});
++
++// POST /api/auth/login
++router.post("/login", (req, res) => {
++  const { username, password } = req.body;
++
++  if (!username || !password) {
++    return res.status(400).json({ error: "Username and password are required" });
++  }
++
++  try {
++    const user = db.prepare("SELECT * FROM users WHERE username = ?").get(username);
++
++    if (!user) {
++      return res.status(401).json({ error: "Invalid credentials" });
++    }
++
++    if (!comparePassword(password, user.password)) {
++      return res.status(401).json({ error: "Invalid credentials" });
++    }
++
++    const token = generateToken({ id: user.id, username: user.username });
++    res.json({ user: { id: user.id, username: user.username }, token });
++  } catch (err) {
++    res.status(500).json({ error: "Login failed" });
++  }
++});
++
++// GET /api/auth/me - Get current user
++router.get("/me", (req, res) => {
++  if (!req.user) {
++    return res.status(401).json({ error: "Not authenticated" });
++  }
++
++  const user = db.prepare("SELECT id, username, email, created_at FROM users WHERE id = ?").get(req.user.id);
++  if (!user) {
++    return res.status(404).json({ error: "User not found" });
++  }
++
++  res.json({ user });
++});
++
++module.exports = router;
+diff --git a/src/index.js b/src/index.js
+index 4d5e6f7..9a0b1c2 100644
+--- a/src/index.js
++++ b/src/index.js
+@@ -2,6 +2,8 @@ const express = require("express");
+ const cors = require("cors");
+ const taskRoutes = require("./routes/tasks");
+ const projectRoutes = require("./routes/projects");
++const authRoutes = require("./routes/auth");
++const { authenticateToken } = require("./middleware/auth");
+ const { errorHandler } = require("./middleware/errorHandler");
+
+ const app = express();
+@@ -12,8 +14,10 @@ app.use(express.json());
+
+ app.get("/health", (req, res) => res.json({ status: "ok" }));
+
+-app.use("/api/tasks", taskRoutes);
+-app.use("/api/projects", projectRoutes);
++app.use("/api/auth", authRoutes);
++
++app.use("/api/tasks", authenticateToken, taskRoutes);
++app.use("/api/projects", authenticateToken, projectRoutes);
+
+ app.use(errorHandler);
+'''
+
+# Write evidence files
+stat_path = os.path.join(evidence_dir, f"{job_id}_stat.txt")
+patch_path = os.path.join(evidence_dir, f"{job_id}_patch.txt")
+with open(stat_path, "w") as f:
+    f.write(diff_stat)
+with open(patch_path, "w") as f:
+    f.write(diff_patch)
+
+# 4. Create Evidence records
+stat_evidence_id = str(uuid.uuid4())
+patch_evidence_id = str(uuid.uuid4())
+
+c.execute(
+    """INSERT INTO evidence (id, ticket_id, job_id, kind, command, exit_code, stdout_path, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+    (
+        stat_evidence_id,
+        TICKET_ID,
+        job_id,
+        "git_diff_stat",
+        "git diff --stat",
+        0,
+        os.path.abspath(stat_path),
+        now,
+    ),
+)
+
+c.execute(
+    """INSERT INTO evidence (id, ticket_id, job_id, kind, command, exit_code, stdout_path, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+    (
+        patch_evidence_id,
+        TICKET_ID,
+        job_id,
+        "git_diff_patch",
+        "git diff",
+        0,
+        os.path.abspath(patch_path),
+        now,
+    ),
+)
+
+# 5. Create Revision record
+revision_id = str(uuid.uuid4())
+c.execute(
+    """INSERT INTO revisions (id, ticket_id, job_id, number, status, diff_stat_evidence_id, diff_patch_evidence_id, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+    (
+        revision_id,
+        TICKET_ID,
+        job_id,
+        1,
+        "open",
+        stat_evidence_id,
+        patch_evidence_id,
+        now,
+    ),
+)
+
+conn.commit()
+conn.close()
+
+print(f"Ticket: {TICKET_ID}")
+print(f"Job: {job_id}")
+print(f"Revision: {revision_id}")
+print(f"Evidence stat: {stat_evidence_id}")
+print(f"Evidence patch: {patch_evidence_id}")
+print("Done - ticket is now in needs_human with a revision")

package/app/backend/test_actual_parse.py

@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+"""Test parsing the actual agent response."""
+
+import json
+import re
+import sys
+
+sys.path.insert(0, ".")
+
+# Read the actual agent response
+with open("/tmp/tmpi59wry37_agent_response.txt") as f:
+    response = f.read()
+
+print(f"Response length: {len(response)} chars")
+print(f"First 200 chars: {response[:200]}")
+print()
+
+# Try to find JSON in code blocks first (same logic as the service)
+json_block_pattern = r"```(?:json)?\s*(\{[\s\S]*?\})\s*```"
+matches = re.findall(json_block_pattern, response)
+
+print(f"Found {len(matches)} JSON blocks")
+
+for i, match in enumerate(matches, 1):
+    print(f"\nBlock {i} length: {len(match)} chars")
+    print(f"First 100 chars: {match[:100]}")
+
+    try:
+        data = json.loads(match)
+        if "tickets" in data:
+            print("✅ Valid JSON with tickets!")
+            print(f"Tickets: {len(data['tickets'])}")
+            for ticket in data["tickets"]:
+                print(f"  - {ticket.get('title', 'NO TITLE')[:80]}")
+        else:
+            print("❌ JSON valid but no 'tickets' key")
+    except json.JSONDecodeError as e:
+        print(f"❌ JSON parse error: {e}")
+        print(f"Error at position {e.pos}")
+        if e.pos < len(match):
+            print(f"Context: ...{match[max(0, e.pos - 50) : e.pos + 50]}...")

package/app/backend/test_agent_streaming.py

@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+"""Test agent CLI streaming."""
+
+import subprocess
+from pathlib import Path
+
+
+def test_agent_streaming():
+    """Test cursor-agent streaming with a real prompt."""
+    print("Testing cursor-agent streaming...")
+
+    # Get repo root
+    repo_root = Path(__file__).parent.parent
+    agent_path = Path.home() / ".local/bin/cursor-agent"
+
+    # Simple prompt
+    prompt = """Analyze this repository and list 3 files you see. Output in JSON:
+{"files": ["file1", "file2", "file3"]}"""
+
+    cmd = [str(agent_path), "--print", "--workspace", str(repo_root), prompt]
+
+    print(f"Running: {' '.join(cmd[:3])} <prompt>")
+    print("Waiting for output...\n")
+
+    received_lines = []
+
+    def stream_callback(line: str):
+        print(f"CALLBACK: {line}")
+        received_lines.append(line)
+
+    # Test with Popen and line-by-line reading
+    process = subprocess.Popen(
+        cmd,
+        cwd=repo_root,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+        text=True,
+        bufsize=1,  # Line buffered
+    )
+
+    output_lines = []
+    while True:
+        line = process.stdout.readline()
+        if not line and process.poll() is not None:
+            break
+        if line:
+            output_lines.append(line)
+            stream_callback(line.rstrip())
+
+    process.wait(timeout=60)
+
+    print(f"\nReceived {len(received_lines)} lines")
+    print(f"Return code: {process.returncode}")
+
+    if len(output_lines) > 0:
+        print("\nFull output:")
+        print("".join(output_lines[:50]))  # First 50 lines
+
+
+if __name__ == "__main__":
+    test_agent_streaming()

package/app/backend/test_parse.py

@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+"""Test parsing the agent response."""
+
+import json
+import re
+
+# Sample agent output (based on what we saw in the stream)
+agent_output = """Now I understand the context. This is the Draft backend project, and the goal is to add calculator functionality (multiplication and division) to the `app/utils` module. Based on the existing code structure and the previous ticket examples I found, I'll generate appropriate tickets.
+
+```json
+{
+  "tickets": [
+    {
+      "title": "Test ticket",
+      "description": "Test description",
+      "priority_bucket": "P1",
+      "priority_rationale": "Test rationale",
+      "verification": ["test command"],
+      "notes": "Test notes",
+      "blocked_by": null
+    }
+  ]
+}
+```"""
+
+print("Testing JSON extraction...")
+
+# Try to extract JSON from markdown code block
+json_match = re.search(r"```(?:json)?\s*(\{.*?\})\s*```", agent_output, re.DOTALL)
+if json_match:
+    json_str = json_match.group(1)
+    print(f"Found JSON in markdown: {len(json_str)} chars")
+    print(f"JSON preview: {json_str[:200]}...")
+
+    try:
+        data = json.loads(json_str)
+        print("✅ Parsed successfully!")
+        print(f"Tickets: {len(data.get('tickets', []))}")
+        for ticket in data.get("tickets", []):
+            print(f"  - {ticket.get('title')}")
+    except json.JSONDecodeError as e:
+        print(f"❌ JSON parse error: {e}")
+else:
+    print("❌ No JSON found in markdown block")
+
+# Also try parsing the full output
+try:
+    data = json.loads(agent_output)
+    print(f"✅ Direct parse successful: {len(data.get('tickets', []))} tickets")
+except:
+    print("❌ Direct parse failed (expected)")

package/app/backend/test_streaming.py

@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+"""Test script to verify streaming callback works."""
+
+import asyncio
+import sys
+from pathlib import Path
+
+# Add backend to path
+sys.path.insert(0, str(Path(__file__).parent))
+
+from app.database import get_db
+from app.services.ticket_generation_service import TicketGenerationService
+
+
+async def test_streaming():
+    """Test streaming callback."""
+    print("Testing streaming...")
+
+    # Get DB session
+    async for db in get_db():
+        service = TicketGenerationService(db)
+
+        # Goal ID from earlier
+        goal_id = "b7e723f4-030f-45d9-8c6b-eae97fd5d72f"
+
+        received_lines = []
+
+        def stream_callback(line: str):
+            print(f"CALLBACK: {line}")
+            received_lines.append(line)
+
+        try:
+            result = await service.generate_from_goal(
+                goal_id=goal_id,
+                include_readme=False,
+                validate_tickets=False,  # Skip validation for test
+                stream_callback=stream_callback,
+            )
+
+            print(f"\nReceived {len(received_lines)} lines from agent")
+            print(f"Generated {len(result.tickets)} tickets")
+
+        except Exception as e:
+            print(f"Error: {e}")
+            import traceback
+
+            traceback.print_exc()
+
+
+if __name__ == "__main__":
+    asyncio.run(test_streaming())

package/app/backend/test_subprocess_streaming.py

@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+"""Test subprocess streaming directly."""
+
+import subprocess
+from pathlib import Path
+
+
+def test_subprocess_streaming():
+    """Test that subprocess.Popen can stream output."""
+    print("Testing subprocess streaming...")
+
+    # Get repo root
+    repo_root = Path(__file__).parent.parent
+
+    # Simple test command that produces output
+    cmd = ["echo", "Line 1\nLine 2\nLine 3"]
+
+    received_lines = []
+
+    def stream_callback(line: str):
+        print(f"CALLBACK: {line}")
+        received_lines.append(line)
+
+    # Test with Popen and line-by-line reading
+    process = subprocess.Popen(
+        cmd,
+        cwd=repo_root,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+        text=True,
+        bufsize=1,  # Line buffered
+    )
+
+    output_lines = []
+    while True:
+        line = process.stdout.readline()
+        if not line and process.poll() is not None:
+            break
+        if line:
+            output_lines.append(line)
+            stream_callback(line.rstrip())
+
+    process.wait()
+
+    print(f"\nReceived {len(received_lines)} lines")
+    print(f"Return code: {process.returncode}")
+
+
+if __name__ == "__main__":
+    test_subprocess_streaming()

package/app/backend/tests/__init__.py

@@ -0,0 +1 @@
+"""Tests for Draft backend."""

package/app/backend/tests/conftest.py

@@ -0,0 +1,46 @@
+"""Pytest configuration and fixtures for tests."""
+
+from collections.abc import AsyncGenerator
+
+import pytest
+from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
+from sqlalchemy.pool import StaticPool
+
+from app.models.base import Base
+
+# Use in-memory SQLite for tests
+TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
+
+
+@pytest.fixture(scope="function")
+async def db() -> AsyncGenerator[AsyncSession, None]:
+    """Create a fresh database session for each test.
+
+    Uses in-memory SQLite with a single connection to ensure
+    all operations see the same data.
+    """
+    engine = create_async_engine(
+        TEST_DATABASE_URL,
+        echo=False,
+        connect_args={"check_same_thread": False},
+        poolclass=StaticPool,
+    )
+
+    # Create all tables
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)
+
+    # Create session
+    async_session = async_sessionmaker(
+        engine,
+        class_=AsyncSession,
+        expire_on_commit=False,
+    )
+
+    async with async_session() as session:
+        yield session
+
+    # Clean up
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.drop_all)
+    await engine.dispose()