insforge 1.2.10 → 1.4.8

package/backend/src/services/usage/usage.service.ts

@@ -54,7 +54,7 @@ export class UsageService {
   async recordMCPUsage(toolName: string, success: boolean = true): Promise<{ created_at: string }> {
     try {
       const result = await this.getPool().query(
-        `INSERT INTO _mcp_usage (tool_name, success)
+        `INSERT INTO system.mcp_usage (tool_name, success)
          VALUES ($1, $2)
          RETURNING created_at`,
         [toolName, success]
@@ -75,7 +75,7 @@ export class UsageService {
     try {
       const result = await this.getPool().query(
         `SELECT tool_name, success, created_at
-         FROM _mcp_usage
+         FROM system.mcp_usage
          WHERE success = $1
          ORDER BY created_at DESC
          LIMIT $2`,
@@ -98,7 +98,7 @@ export class UsageService {
       // Get MCP tool usage count
       const mcpResult = await this.getPool().query(
         `SELECT COUNT(*) as count
-         FROM _mcp_usage
+         FROM system.mcp_usage
          WHERE success = true
            AND created_at >= $1
            AND created_at < $2`,
@@ -112,7 +112,7 @@ export class UsageService {
 
       // Get total storage size
       const storageResult = await this.getPool().query(
-        `SELECT COALESCE(SUM(size), 0) as total_size FROM _storage`
+        `SELECT COALESCE(SUM(size), 0) as total_size FROM storage.objects`
       );
 
       // Get AI usage breakdown by model (only billable metrics)
@@ -122,8 +122,8 @@ export class UsageService {
           COALESCE(SUM(u.input_tokens), 0) as total_input_tokens,
           COALESCE(SUM(u.output_tokens), 0) as total_output_tokens,
           COALESCE(SUM(u.image_count), 0) as total_images
-        FROM _ai_usage u
-        LEFT JOIN _ai_configs c ON u.config_id = c.id
+        FROM ai.usage u
+        LEFT JOIN ai.configs c ON u.config_id = c.id
         WHERE u.created_at >= $1 AND u.created_at < $2
         GROUP BY COALESCE(u.model_id, c.model_id)
         ORDER BY (COALESCE(SUM(u.input_tokens), 0) + COALESCE(SUM(u.output_tokens), 0)) DESC`,

package/backend/src/types/ai.ts

@@ -11,6 +11,14 @@ export interface OpenRouterImageMessage {
   };
 }
 
+export interface OpenRouterAudioMessage {
+  type: 'input_audio';
+  input_audio: {
+    data: string; // Base64-encoded audio data
+    format: string; // wav, mp3, aiff, aac, ogg, flac, m4a
+  };
+}
+
 // ============= OpenRouter API Types =============
 
 export interface RawOpenRouterModel {

package/backend/src/types/auth.ts

@@ -1,9 +1,13 @@
 // Type definitions for database user records
+
 export interface UserRecord {
   id: string;
   email: string;
-  name: string;
+  profile: Record<string, unknown> | null;
+  metadata: Record<string, unknown> | null;
   email_verified: boolean;
+  is_project_admin: boolean;
+  is_anonymous: boolean;
   created_at: string;
   updated_at: string;
   password?: string;
@@ -135,6 +139,16 @@ export interface XUserInfo {
   created_at?: string;
 }
 
+export interface AppleUserInfo {
+  sub: string;
+  email: string;
+  email_verified?: boolean;
+  is_private_email?: boolean;
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+}
+
 // Generic OAuth user data returned by provider services
 export interface OAuthUserData {
   provider: string;
@@ -150,5 +164,6 @@ export interface OAuthUserData {
     | FacebookUserInfo
     | MicrosoftUserInfo
     | XUserInfo
+    | AppleUserInfo
     | Record<string, unknown>;
 }

package/backend/src/types/database.ts

@@ -102,6 +102,7 @@ export type ForeignKeyInfo = ForeignKeySchema & {
 export interface ForeignKeyRow {
   constraint_name: string;
   from_column: string;
+  foreign_schema: string;
   foreign_table: string;
   foreign_column: string;
   on_delete: string;
@@ -112,6 +113,7 @@ export interface ForeignKeyRow {
 export interface ColumnInfo {
   column_name: string;
   data_type: string;
+  udt_name: string;
   is_nullable: string;
   column_default: string | null;
   character_maximum_length: number | null;

package/backend/src/types/deployments.ts

@@ -0,0 +1,33 @@
+// Backend-only types for deployments
+
+/**
+ * Deployment status constants
+ * WAITING -> UPLOADING -> (Vercel statuses: QUEUED/BUILDING/READY/ERROR/CANCELED)
+ */
+export const DeploymentStatus = {
+  // InsForge internal statuses
+  WAITING: 'WAITING', // Record created, waiting for client to upload zip to S3
+  UPLOADING: 'UPLOADING', // Server is downloading from S3 and uploading to Vercel
+  // Vercel statuses (stored directly)
+  QUEUED: 'QUEUED',
+  BUILDING: 'BUILDING',
+  READY: 'READY',
+  ERROR: 'ERROR',
+  CANCELED: 'CANCELED',
+} as const;
+
+export type DeploymentStatusType = (typeof DeploymentStatus)[keyof typeof DeploymentStatus];
+
+/**
+ * Internal deployment record with Date objects (database returns Date, not string)
+ */
+export interface DeploymentRecord {
+  id: string;
+  providerDeploymentId: string | null; // Provider's deployment ID, null until deployment starts
+  provider: string;
+  status: DeploymentStatusType;
+  url: string | null;
+  metadata: Record<string, unknown> | null;
+  createdAt: Date;
+  updatedAt: Date;
+}

package/backend/src/types/realtime.ts

@@ -0,0 +1,18 @@
+/**
+ * Realtime feature types - Backend-only types
+ *
+ * Shared types should be imported directly from @insforge/shared-schemas.
+ */
+
+// ============================================================================
+// Backend-Only Types (Internal Use)
+// ============================================================================
+
+/**
+ * Delivery statistics after message processing
+ */
+export interface DeliveryResult {
+  wsAudienceCount: number;
+  whAudienceCount: number;
+  whDeliveredCount: number;
+}

package/backend/src/types/socket.ts

@@ -10,24 +10,18 @@ export enum ServerEvents {
   NOTIFICATION = 'notification',
   DATA_UPDATE = 'data:update',
   MCP_CONNECTED = 'mcp:connected',
+  // Realtime events
+  REALTIME_ERROR = 'realtime:error',
 }
 
 /**
  * Client-to-Server events
  */
 export enum ClientEvents {
-  SUBSCRIBE = 'subscribe',
-  UNSUBSCRIBE = 'unsubscribe',
-}
-
-/**
- * Generic message interface
- */
-export interface SocketMessage<T = unknown> {
-  type: string;
-  payload?: T;
-  timestamp: number;
-  id?: string;
+  // Realtime events
+  REALTIME_SUBSCRIBE = 'realtime:subscribe',
+  REALTIME_UNSUBSCRIBE = 'realtime:unsubscribe',
+  REALTIME_PUBLISH = 'realtime:publish',
 }
 
 /**
@@ -43,27 +37,9 @@ export interface NotificationPayload {
 export enum DataUpdateResourceType {
   DATABASE = 'database',
   USERS = 'users',
-  RECORDS = 'records',
   BUCKETS = 'buckets',
   FUNCTIONS = 'functions',
-}
-
-export interface DataUpdatePayload {
-  resource: DataUpdateResourceType;
-  action: 'created' | 'updated' | 'deleted';
-  data: unknown;
-}
-
-/**
- * Client event payloads
- */
-export interface SubscribePayload {
-  channel: string;
-  filters?: Record<string, unknown>;
-}
-
-export interface UnsubscribePayload {
-  channel: string;
+  REALTIME = 'realtime',
 }
 
 /**

package/backend/src/types/storage.ts

@@ -10,7 +10,7 @@ export interface StorageRecord {
   uploaded_at: string;
 }
 
-// Bucket record from _storage_buckets table
+// Bucket record from storage.buckets table
 export type BucketRecord = Omit<StorageBucketSchema, 'created_at'>;
 
 // Form field types for file uploads

package/backend/src/types/webhooks.ts

@@ -0,0 +1,45 @@
+// Webhook types for external integrations
+
+// ============================================================================
+// Vercel Webhooks
+// ============================================================================
+
+/**
+ * Vercel webhook event types we handle for deployments
+ */
+export type VercelDeploymentEventType =
+  | 'deployment.created'
+  | 'deployment.succeeded'
+  | 'deployment.error'
+  | 'deployment.canceled';
+
+/**
+ * Map Vercel webhook event types to our deployment status
+ */
+export const VERCEL_EVENT_TO_STATUS: Record<VercelDeploymentEventType, string> = {
+  'deployment.created': 'BUILDING',
+  'deployment.succeeded': 'READY',
+  'deployment.error': 'ERROR',
+  'deployment.canceled': 'CANCELED',
+};
+
+/**
+ * Vercel webhook payload structure for deployment events
+ */
+export interface VercelWebhookPayload {
+  type: string;
+  id: string;
+  createdAt: string;
+  payload: {
+    team?: { id: string };
+    user?: { id: string };
+    deployment: {
+      id: string;
+      url: string;
+      name: string;
+      meta?: Record<string, unknown>;
+    };
+    target?: string;
+    project?: { id: string };
+  };
+}

package/backend/src/utils/cookies.ts

@@ -0,0 +1,34 @@
+import { Request, Response } from 'express';
+
+/**
+ * Cookie names
+ */
+export const REFRESH_TOKEN_COOKIE_NAME = 'insforge_refresh_token';
+
+/**
+ * Set an auth cookie on response
+ * @param name - Cookie name
+ * @param value - Cookie value
+ */
+export function setAuthCookie(req: Request, res: Response, name: string, value: string): void {
+  res.cookie(name, value, {
+    httpOnly: true,
+    secure: req.secure,
+    sameSite: 'none',
+    path: '/api/auth',
+    maxAge: 7 * 24 * 60 * 60 * 1000, // 7 days
+  });
+}
+
+/**
+ * Clear an auth cookie on response
+ * IMPORTANT: Must use the same options (especially path) as when setting the cookie
+ */
+export function clearAuthCookie(req: Request, res: Response, name: string): void {
+  res.clearCookie(name, {
+    httpOnly: true,
+    secure: req.secure,
+    sameSite: 'none',
+    path: '/api/auth',
+  });
+}

package/backend/src/utils/environment.ts

@@ -18,20 +18,6 @@ export function isOAuthSharedKeysAvailable(): boolean {
   return isCloudEnvironment();
 }
 
-/**
- * Check if running in development mode
- */
-export function isDevelopment(): boolean {
-  return process.env.NODE_ENV === 'development' || !process.env.NODE_ENV;
-}
-
-/**
- * Check if running in production mode
- */
-export function isProduction(): boolean {
-  return process.env.NODE_ENV === 'production';
-}
-
 /**
  * Get the API base URL from environment variable or default to localhost
  * @returns The API base URL

package/backend/src/utils/s3-config-loader.ts

@@ -0,0 +1,64 @@
+import { S3Client, GetObjectCommand } from '@aws-sdk/client-s3';
+import logger from '@/utils/logger.js';
+
+// TODO: make these configurable in env variables in cloud backend
+const CONFIG_BUCKET = process.env.AWS_CONFIG_BUCKET || 'insforge-config';
+const CONFIG_REGION = process.env.AWS_CONFIG_REGION || 'us-east-2';
+
+let s3Client: S3Client | null = null;
+
+/**
+ * Get or create S3 client for config loading
+ */
+function getS3Client(): S3Client {
+  if (s3Client) {
+    return s3Client;
+  }
+
+  const s3Config: {
+    region: string;
+    credentials?: { accessKeyId: string; secretAccessKey: string };
+  } = {
+    region: CONFIG_REGION,
+  };
+
+  // Use explicit credentials if provided, otherwise IAM role
+  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
+    s3Config.credentials = {
+      accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+    };
+  }
+
+  s3Client = new S3Client(s3Config);
+  return s3Client;
+}
+
+/**
+ * Fetches a JSON config file from the S3 config bucket
+ * @param key - The S3 object key (e.g., 'default-ai-models.json')
+ * @returns Parsed JSON content or null if fetch fails
+ */
+export async function fetchS3Config<T>(key: string): Promise<T | null> {
+  try {
+    const command = new GetObjectCommand({
+      Bucket: CONFIG_BUCKET,
+      Key: key,
+    });
+
+    const response = await getS3Client().send(command);
+    const body = await response.Body?.transformToString();
+
+    if (!body) {
+      logger.warn(`Empty config file from S3: ${key}`);
+      return null;
+    }
+
+    return JSON.parse(body) as T;
+  } catch (error) {
+    logger.warn(`Failed to fetch config from S3: ${key}`, {
+      error: error instanceof Error ? error.message : String(error),
+    });
+    return null;
+  }
+}

package/backend/src/utils/seed.ts

@@ -1,3 +1,4 @@
+import bcrypt from 'bcryptjs';
 import { DatabaseManager } from '@/infra/database/database.manager.js';
 import { TokenManager } from '@/infra/security/token.manager.js';
 import { AIConfigService } from '@/services/ai/ai-config.service.js';
@@ -5,55 +6,96 @@ import { isCloudEnvironment } from '@/utils/environment.js';
 import logger from '@/utils/logger.js';
 import { SecretService } from '@/services/secrets/secret.service.js';
 import { OAuthConfigService } from '@/services/auth/oauth-config.service.js';
-import { OAuthProvidersSchema } from '@insforge/shared-schemas';
+import { OAuthProvidersSchema, aiConfigurationInputSchema } from '@insforge/shared-schemas';
+import { z } from 'zod';
 import { AuthConfigService } from '@/services/auth/auth-config.service.js';
+import { fetchS3Config } from '@/utils/s3-config-loader.js';
+import { ADMIN_ID } from '@/utils/constants.js';
 
 /**
- * Validates admin credentials are configured
- * Admin is authenticated via environment variables, not stored in DB
+ * Seeds the admin user if it doesn't exist in the database
+ * Creates an admin user with is_project_admin = true
  */
-function ensureFirstAdmin(adminEmail: string, adminPassword: string): void {
-  if (adminEmail && adminPassword) {
-    logger.info(`✅ Admin configured: ${adminEmail}`);
-  } else {
+async function seedAdminUser(adminEmail: string, adminPassword: string): Promise<void> {
+  if (!adminEmail || !adminPassword) {
     logger.warn('⚠️ Admin credentials not configured - check ADMIN_EMAIL and ADMIN_PASSWORD');
+    return;
+  }
+
+  const dbManager = DatabaseManager.getInstance();
+  const pool = dbManager.getPool();
+  const client = await pool.connect();
+
+  try {
+    // Check if admin user already exists
+    const existingAdmin = await client.query('SELECT id FROM auth.users WHERE id = $1', [ADMIN_ID]);
+
+    if (existingAdmin.rows.length > 0) {
+      logger.info(`✅ Admin configured: ${adminEmail}`);
+      return;
+    }
+
+    // Hash password and create admin user
+    const hashedPassword = await bcrypt.hash(adminPassword, 10);
+    const profile = JSON.stringify({ name: 'Administrator' });
+
+    await client.query(
+      `INSERT INTO auth.users (id, email, password, profile, email_verified, is_project_admin, is_anonymous, created_at, updated_at)
+       VALUES ($1, $2, $3, $4::jsonb, true, true, false, NOW(), NOW())
+       ON CONFLICT (id) DO NOTHING`,
+      [ADMIN_ID, adminEmail, hashedPassword, profile]
+    );
+
+    logger.info(`✅ Admin user seeded: ${adminEmail}`);
+  } catch (error) {
+    logger.error('Failed to seed admin user', {
+      error: error instanceof Error ? error.message : String(error),
+    });
+    // Don't throw - this is not critical for app startup if admin already exists
+  } finally {
+    client.release();
   }
 }
 
 /**
- * Seeds default AI configurations for cloud environments
+ * Seeds default AI configurations from S3 config
  */
 async function seedDefaultAIConfigs(): Promise<void> {
-  // Only seed default AI configs in cloud environment
-  if (!isCloudEnvironment()) {
+  const aiConfigService = AIConfigService.getInstance();
+
+  const existingConfigs = await aiConfigService.findAll();
+  if (existingConfigs.length) {
     return;
   }
 
-  const aiConfigService = AIConfigService.getInstance();
+  const defaultModels =
+    await fetchS3Config<z.infer<typeof aiConfigurationInputSchema>[]>('default-ai-models.json');
 
-  // Check if AI configs already exist
-  const existingConfigs = await aiConfigService.findAll();
+  if (!defaultModels || defaultModels.length === 0) {
+    logger.warn('⚠️ No default AI models configured - add via dashboard or check S3 config');
+    return;
+  }
 
-  if (existingConfigs.length) {
+  const parsed = aiConfigurationInputSchema.array().safeParse(defaultModels);
+  if (!parsed.success) {
+    logger.error('❌ Invalid AI models configuration from S3', {
+      error: parsed.error.message,
+    });
     return;
   }
 
-  await aiConfigService.create(
-    ['text', 'image'],
-    ['text'],
-    'openrouter',
-    'openai/gpt-4o',
-    'You are a helpful assistant.'
-  );
-
-  await aiConfigService.create(
-    ['text', 'image'],
-    ['text', 'image'],
-    'openrouter',
-    'google/gemini-3-pro-image-preview'
-  );
-
-  logger.info('✅ Default AI models configured (cloud environment)');
+  const validatedModels = parsed.data;
+  for (const model of validatedModels) {
+    await aiConfigService.create(
+      model.inputModality,
+      model.outputModality,
+      model.provider,
+      model.modelId,
+      model.systemPrompt
+    );
+  }
+
+  logger.info(`✅ Default AI models configured (${validatedModels.length} models)`);
 }
 
 /**
@@ -67,7 +109,7 @@ async function seedDefaultAuthConfig(): Promise<void> {
   const client = await pool.connect();
 
   try {
-    const result = await client.query('SELECT COUNT(*) as count FROM _auth_configs');
+    const result = await client.query('SELECT COUNT(*) as count FROM auth.configs');
     const hasConfig = result.rows.length > 0 && Number(result.rows[0].count) > 0;
 
     if (hasConfig) {
@@ -81,10 +123,8 @@ async function seedDefaultAuthConfig(): Promise<void> {
     }
 
     // Table is empty - this is first startup, insert default cloud configuration
-    // Note: Migration 016 will add verify_email_method, reset_password_method, sign_in_redirect_to
-    // so we only insert fields that exist in migration 015
     await client.query(
-      `INSERT INTO _auth_configs (
+      `INSERT INTO auth.configs (
         require_email_verification,
         password_min_length,
         require_number,
@@ -222,8 +262,8 @@ export async function seedBackend(): Promise<void> {
   try {
     logger.info(`\n🚀 Insforge Backend Starting...`);
 
-    // Validate admin credentials are configured
-    ensureFirstAdmin(adminEmail, adminPassword);
+    // Seed admin user if not exists
+    await seedAdminUser(adminEmail, adminPassword);
 
     // Initialize API key (from env or generate)
     const apiKey = await secretService.initializeApiKey();
@@ -242,15 +282,11 @@ export async function seedBackend(): Promise<void> {
       logger.info(`✅ Found ${tables.length} user tables`);
     }
 
-    // seed AI configs for cloud environment
-    await seedDefaultAIConfigs();
-
-    // Enable email verification in cloud environment
-    await seedDefaultAuthConfig();
-
-    // add default OAuth configs in Cloud hosting
+    // seed default configs for cloud environment
     if (isCloudEnvironment()) {
       await seedDefaultOAuthConfigs();
+      await seedDefaultAIConfigs();
+      await seedDefaultAuthConfig();
     } else {
       await seedLocalOAuthConfigs();
     }