jettypod 4.4.118 → 4.4.121

package/crates/jettypod-core/build.rs

@@ -0,0 +1,98 @@
+//! Build script: parses V1__baseline.sql to extract table names,
+//! work_items column names, and full column definitions for schema fixup.
+
+use std::env;
+use std::fs;
+use std::path::Path;
+
+fn main() {
+    println!("cargo:rerun-if-changed=migrations/V1__baseline.sql");
+
+    let manifest_dir = env::var("CARGO_MANIFEST_DIR").unwrap();
+    let sql_path = Path::new(&manifest_dir)
+        .join("migrations")
+        .join("V1__baseline.sql");
+
+    let sql = fs::read_to_string(&sql_path).expect("Failed to read V1__baseline.sql");
+
+    let mut tables: Vec<String> = Vec::new();
+    let mut work_item_columns: Vec<String> = Vec::new();
+    // (column_name, full_definition) for ALTER TABLE ADD COLUMN fixup
+    let mut work_item_col_defs: Vec<(String, String)> = Vec::new();
+    let mut in_work_items = false;
+
+    for line in sql.lines() {
+        let trimmed = line.trim();
+
+        // Detect CREATE TABLE statements
+        if let Some(rest) = trimmed.strip_prefix("CREATE TABLE IF NOT EXISTS ") {
+            let table_name = rest
+                .split(|c: char| !c.is_alphanumeric() && c != '_')
+                .next()
+                .unwrap_or("");
+            if !table_name.is_empty() {
+                tables.push(table_name.to_string());
+                in_work_items = table_name == "work_items";
+            }
+            continue;
+        }
+
+        // Inside work_items, extract column names and definitions
+        if in_work_items {
+            if trimmed.starts_with(");") {
+                in_work_items = false;
+                continue;
+            }
+            if trimmed.is_empty()
+                || trimmed.starts_with("--")
+                || trimmed.starts_with("FOREIGN")
+                || trimmed.starts_with("UNIQUE")
+                || trimmed.starts_with("CHECK")
+            {
+                continue;
+            }
+            // Extract column name (first word) and full definition (rest)
+            let clean = trimmed.trim_end_matches(',');
+            let col_name = clean.split_whitespace().next().unwrap_or("");
+            if !col_name.is_empty() {
+                work_item_columns.push(col_name.to_string());
+                // Full definition is everything after the column name
+                let def = clean[col_name.len()..].trim().to_string();
+                work_item_col_defs.push((col_name.to_string(), def));
+            }
+        }
+    }
+
+    let out_dir = env::var("OUT_DIR").unwrap();
+    let dest_path = Path::new(&out_dir).join("schema_info.rs");
+
+    let columns_str = work_item_columns
+        .iter()
+        .map(|c| format!("    \"{c}\""))
+        .collect::<Vec<_>>()
+        .join(",\n");
+
+    let tables_str = tables
+        .iter()
+        .map(|t| format!("    \"{t}\""))
+        .collect::<Vec<_>>()
+        .join(",\n");
+
+    let col_defs_str = work_item_col_defs
+        .iter()
+        .map(|(name, def)| format!("    (\"{name}\", \"{def}\")"))
+        .collect::<Vec<_>>()
+        .join(",\n");
+
+    let generated = format!(
+        "/// Work-items columns derived from V1__baseline.sql at build time.\n\
+         const EXPECTED_WORK_ITEM_COLUMNS: &[&str] = &[\n{columns_str}\n];\n\n\
+         /// Table names derived from V1__baseline.sql at build time.\n\
+         const EXPECTED_TABLES: &[&str] = &[\n{tables_str}\n];\n\n\
+         /// Column definitions for ALTER TABLE fixup of missing columns.\n\
+         /// Each tuple is (column_name, type_and_default_clause).\n\
+         const WORK_ITEM_COLUMN_DEFS: &[(&str, &str)] = &[\n{col_defs_str}\n];\n"
+    );
+
+    fs::write(dest_path, generated).expect("Failed to write schema_info.rs");
+}

package/crates/jettypod-core/migrations/V1__baseline.sql

@@ -0,0 +1,197 @@
+-- Baseline schema: captures the cumulative effect of Node.js migrations 001-030.
+-- Uses CREATE TABLE/INDEX IF NOT EXISTS so it's idempotent on existing databases.
+-- Future schema changes should be added as V2, V3, etc.
+
+CREATE TABLE IF NOT EXISTS work_items (
+    id INTEGER PRIMARY KEY,
+    type TEXT NOT NULL,
+    title TEXT NOT NULL,
+    description TEXT,
+    status TEXT DEFAULT 'backlog',
+    parent_id INTEGER,
+    epic_id INTEGER,
+    branch_name TEXT,
+    file_paths TEXT,
+    commit_sha TEXT,
+    mode TEXT,
+    current INTEGER DEFAULT 0,
+    phase TEXT,
+    prototype_files TEXT,
+    discovery_winner TEXT,
+    discovery_rationale TEXT,
+    scenario_file TEXT,
+    completed_at TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    needs_discovery INTEGER DEFAULT 0,
+    worktree_path TEXT,
+    display_order INTEGER,
+    architectural_decision TEXT,
+    discovery_completed_at TEXT,
+    rejection_reason TEXT,
+    rejected_at TEXT,
+    plan_at_creation TEXT DEFAULT NULL,
+    ready_for_review INTEGER DEFAULT 0,
+    conversational INTEGER DEFAULT 0,
+    rejection_count INTEGER DEFAULT 0,
+    rejection_round INTEGER,
+    rejection_history TEXT
+);
+
+CREATE TABLE IF NOT EXISTS project_config (
+    id INTEGER PRIMARY KEY CHECK (id = 1),
+    project_state TEXT DEFAULT 'internal',
+    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS external_readiness_checklist (
+    id INTEGER PRIMARY KEY,
+    category TEXT NOT NULL,
+    item_key TEXT NOT NULL,
+    title TEXT NOT NULL,
+    description TEXT,
+    completed INTEGER DEFAULT 0,
+    completed_at DATETIME,
+    UNIQUE(category, item_key)
+);
+
+CREATE TABLE IF NOT EXISTS discovery_decisions (
+    id INTEGER PRIMARY KEY,
+    work_item_id INTEGER NOT NULL,
+    aspect TEXT NOT NULL,
+    decision TEXT NOT NULL,
+    rationale TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id)
+);
+
+CREATE TABLE IF NOT EXISTS skill_executions (
+    id INTEGER PRIMARY KEY,
+    work_item_id INTEGER NOT NULL,
+    skill_name TEXT NOT NULL,
+    status TEXT DEFAULT 'in_progress',
+    step_reached INTEGER DEFAULT 1,
+    context_json TEXT,
+    started_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    completed_at DATETIME,
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id)
+);
+
+CREATE TABLE IF NOT EXISTS workflow_gates (
+    id INTEGER PRIMARY KEY,
+    work_item_id INTEGER NOT NULL,
+    gate_name TEXT NOT NULL,
+    passed_at DATETIME,
+    UNIQUE(work_item_id, gate_name),
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id)
+);
+
+CREATE TABLE IF NOT EXISTS _meta (
+    key TEXT PRIMARY KEY,
+    value TEXT
+);
+
+CREATE TABLE IF NOT EXISTS migrations (
+    id TEXT PRIMARY KEY,
+    applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS worktrees (
+    id INTEGER PRIMARY KEY,
+    work_item_id INTEGER NOT NULL,
+    branch_name TEXT NOT NULL,
+    worktree_path TEXT NOT NULL,
+    status TEXT NOT NULL CHECK(status IN ('active', 'merging', 'merged', 'cleanup_pending', 'cleaned')),
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id)
+);
+CREATE INDEX IF NOT EXISTS idx_worktrees_work_item_id ON worktrees(work_item_id);
+CREATE INDEX IF NOT EXISTS idx_worktrees_status ON worktrees(status);
+
+CREATE TABLE IF NOT EXISTS merge_locks (
+    id INTEGER PRIMARY KEY,
+    locked_by TEXT NOT NULL,
+    locked_at TEXT NOT NULL DEFAULT (datetime('now')),
+    operation TEXT NOT NULL DEFAULT 'merging',
+    work_item_id INTEGER NOT NULL,
+    heartbeat_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_merge_locks_locked_at ON merge_locks(locked_at);
+
+CREATE TABLE IF NOT EXISTS workflow_checkpoints (
+    id INTEGER PRIMARY KEY,
+    skill_name TEXT NOT NULL,
+    current_step INTEGER NOT NULL,
+    total_steps INTEGER,
+    context_json TEXT,
+    branch_name TEXT NOT NULL,
+    work_item_id INTEGER,
+    created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+    updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_workflow_checkpoints_branch ON workflow_checkpoints(branch_name);
+
+CREATE TABLE IF NOT EXISTS claude_sessions (
+    id INTEGER PRIMARY KEY,
+    work_item_id INTEGER UNIQUE,
+    title TEXT NOT NULL,
+    session_title TEXT,
+    status TEXT NOT NULL CHECK(status IN ('active', 'completed', 'error', 'orphaned')),
+    started_at TEXT NOT NULL DEFAULT (datetime('now')),
+    completed_at TEXT,
+    content TEXT,
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id) ON DELETE SET NULL
+);
+CREATE INDEX IF NOT EXISTS idx_claude_sessions_status ON claude_sessions(status);
+CREATE INDEX IF NOT EXISTS idx_claude_sessions_work_item ON claude_sessions(work_item_id);
+
+CREATE TABLE IF NOT EXISTS env_vars (
+    id INTEGER PRIMARY KEY,
+    name TEXT NOT NULL UNIQUE,
+    value TEXT NOT NULL,
+    created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+    updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS test_runs (
+    id INTEGER PRIMARY KEY,
+    run_at TEXT NOT NULL DEFAULT (datetime('now')),
+    total_scenarios INTEGER NOT NULL,
+    passed INTEGER NOT NULL,
+    failed INTEGER NOT NULL,
+    pending INTEGER NOT NULL,
+    duration_ms INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS test_scenarios (
+    id INTEGER PRIMARY KEY,
+    feature_file TEXT NOT NULL,
+    scenario_name TEXT NOT NULL,
+    UNIQUE(feature_file, scenario_name)
+);
+
+CREATE TABLE IF NOT EXISTS test_results (
+    id INTEGER PRIMARY KEY,
+    test_run_id INTEGER NOT NULL,
+    scenario_id INTEGER NOT NULL,
+    status TEXT NOT NULL CHECK(status IN ('passed', 'failed', 'pending')),
+    duration_ms INTEGER NOT NULL DEFAULT 0,
+    error_message TEXT,
+    failed_step TEXT,
+    run_at TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (test_run_id) REFERENCES test_runs(id),
+    FOREIGN KEY (scenario_id) REFERENCES test_scenarios(id)
+);
+CREATE INDEX IF NOT EXISTS idx_test_results_run ON test_results(test_run_id);
+CREATE INDEX IF NOT EXISTS idx_test_results_scenario ON test_results(scenario_id);
+
+CREATE TABLE IF NOT EXISTS worktree_sessions (
+    id INTEGER PRIMARY KEY,
+    worktree_path TEXT UNIQUE NOT NULL,
+    work_item_id INTEGER NOT NULL,
+    branch_name TEXT NOT NULL,
+    last_activity DATETIME DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (work_item_id) REFERENCES work_items(id)
+);
+CREATE INDEX IF NOT EXISTS idx_worktree_sessions_path ON worktree_sessions(worktree_path);
+CREATE INDEX IF NOT EXISTS idx_worktree_sessions_work_item ON worktree_sessions(work_item_id);

package/crates/jettypod-core/migrations/V2__work_items_indexes.sql

@@ -0,0 +1,6 @@
+-- Add indexes on work_items for common query patterns.
+-- status: used by get_tree() WHERE clause and kanban grouping.
+-- parent_id: used by get_children(), find_epic() parent chain walks, and grouping.
+
+CREATE INDEX IF NOT EXISTS idx_work_items_status ON work_items(status);
+CREATE INDEX IF NOT EXISTS idx_work_items_parent_id ON work_items(parent_id);

package/crates/jettypod-core/migrations/V3__qa_steps.sql

@@ -0,0 +1,2 @@
+-- Add qa_steps column for storing AI-generated QA checklist items as JSON.
+ALTER TABLE work_items ADD COLUMN qa_steps TEXT;

package/crates/jettypod-core/src/auth.rs

@@ -0,0 +1,294 @@
+//! Auth token management.
+//!
+//! Reads `~/Library/Application Support/jettypod/auth.json` to get the
+//! current user's login state and plan info.
+//!
+//! The auth.json file is written by the Electron/Tauri desktop app after
+//! completing the Google OAuth flow. The format is:
+//! ```json
+//! {
+//!   "token": "jwt-string",
+//!   "user": { "id": "...", "email": "...", "plan": "free" },
+//!   "savedAt": "2024-01-15T12:00:00.000Z"
+//! }
+//! ```
+
+use crate::error::Result;
+use serde::{Deserialize, Serialize};
+use std::path::PathBuf;
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+/// Contents of auth.json.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuthData {
+    pub token: String,
+
+    #[serde(default)]
+    pub user: Option<AuthUser>,
+
+    #[serde(rename = "savedAt", default)]
+    pub saved_at: Option<String>,
+}
+
+/// User info decoded from the JWT and stored alongside the token.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuthUser {
+    #[serde(default)]
+    pub id: Option<String>,
+
+    #[serde(default)]
+    pub email: Option<String>,
+
+    #[serde(default)]
+    pub name: Option<String>,
+
+    #[serde(default)]
+    pub plan: Option<String>,
+
+    /// Preserve unknown fields.
+    #[serde(flatten)]
+    pub extra: serde_json::Map<String, serde_json::Value>,
+}
+
+/// JWT payload — the decoded middle section of the token.
+#[derive(Debug, Clone, Deserialize)]
+pub struct JwtPayload {
+    /// Subject (user ID).
+    pub sub: Option<String>,
+
+    pub email: Option<String>,
+
+    pub plan: Option<String>,
+
+    /// Issued-at timestamp (Unix seconds).
+    pub iat: Option<i64>,
+
+    /// Expiration timestamp (Unix seconds).
+    pub exp: Option<i64>,
+}
+
+// ---------------------------------------------------------------------------
+// Path resolution
+// ---------------------------------------------------------------------------
+
+/// Get the path to auth.json.
+///
+/// On macOS: `~/Library/Application Support/jettypod/auth.json`
+/// Falls back to `~/.config/jettypod/auth.json` on other platforms.
+pub fn auth_path() -> Option<PathBuf> {
+    #[cfg(target_os = "macos")]
+    {
+        dirs::home_dir().map(|h| {
+            h.join("Library")
+                .join("Application Support")
+                .join("jettypod")
+                .join("auth.json")
+        })
+    }
+
+    #[cfg(not(target_os = "macos"))]
+    {
+        dirs::config_dir().map(|c| c.join("jettypod").join("auth.json"))
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Operations
+// ---------------------------------------------------------------------------
+
+/// Read auth.json and return the parsed data.
+///
+/// Returns `None` if the file doesn't exist or can't be parsed.
+pub fn read() -> Option<AuthData> {
+    let path = auth_path()?;
+    let contents = std::fs::read_to_string(&path).ok()?;
+    serde_json::from_str(&contents).ok()
+}
+
+/// Check whether the user is logged in (auth.json exists with a token).
+pub fn is_logged_in() -> bool {
+    read().is_some()
+}
+
+/// Get the current user's plan, or `"free"` if not logged in.
+pub fn current_plan() -> String {
+    read()
+        .and_then(|d| d.user)
+        .and_then(|u| u.plan)
+        .unwrap_or_else(|| "free".into())
+}
+
+/// Save auth data to auth.json.
+pub fn write(data: &AuthData) -> Result<()> {
+    let path = auth_path().ok_or_else(|| {
+        crate::error::CoreError::Config("Cannot determine auth.json path".into())
+    })?;
+
+    if let Some(parent) = path.parent() {
+        std::fs::create_dir_all(parent)?;
+    }
+
+    let json = serde_json::to_string_pretty(data)?;
+    std::fs::write(&path, json)?;
+    Ok(())
+}
+
+/// Delete auth.json (logout).
+pub fn logout() -> Result<()> {
+    if let Some(path) = auth_path() {
+        if path.exists() {
+            std::fs::remove_file(&path)?;
+        }
+    }
+    Ok(())
+}
+
+/// Decode the payload section of a JWT without verification.
+///
+/// This is a quick decode for extracting user info — it does NOT
+/// validate the signature. For full verification, use the update
+/// server's auth endpoint.
+pub fn decode_jwt_payload(token: &str) -> Option<JwtPayload> {
+    let parts: Vec<&str> = token.split('.').collect();
+    if parts.len() != 3 {
+        return None;
+    }
+
+    // Decode base64url payload (second part)
+    use base64_decode::decode_base64url;
+    let payload_bytes = decode_base64url(parts[1])?;
+    serde_json::from_slice(&payload_bytes).ok()
+}
+
+// Inline base64url decoder to avoid adding a dependency just for this.
+mod base64_decode {
+    pub fn decode_base64url(input: &str) -> Option<Vec<u8>> {
+        // Pad to multiple of 4
+        let padded = match input.len() % 4 {
+            2 => format!("{}==", input),
+            3 => format!("{}=", input),
+            0 => input.to_string(),
+            _ => return None,
+        };
+
+        // Replace URL-safe characters with standard base64
+        let standard = padded.replace('-', "+").replace('_', "/");
+
+        // Use a minimal base64 decode
+        base64_standard_decode(&standard)
+    }
+
+    fn base64_standard_decode(input: &str) -> Option<Vec<u8>> {
+        const TABLE: &[u8; 64] =
+            b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+        fn decode_char(c: u8) -> Option<u8> {
+            TABLE.iter().position(|&b| b == c).map(|p| p as u8)
+        }
+
+        let bytes = input.as_bytes();
+        if bytes.len() % 4 != 0 {
+            return None;
+        }
+
+        let mut output = Vec::with_capacity(bytes.len() * 3 / 4);
+
+        for chunk in bytes.chunks(4) {
+            let mut buf = [0u8; 4];
+            let mut pad = 0;
+
+            for (i, &b) in chunk.iter().enumerate() {
+                if b == b'=' {
+                    pad += 1;
+                    buf[i] = 0;
+                } else {
+                    buf[i] = decode_char(b)?;
+                }
+            }
+
+            output.push((buf[0] << 2) | (buf[1] >> 4));
+            if pad < 2 {
+                output.push((buf[1] << 4) | (buf[2] >> 2));
+            }
+            if pad < 1 {
+                output.push((buf[2] << 6) | buf[3]);
+            }
+        }
+
+        Some(output)
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn decode_jwt_payload_works() {
+        // Build a minimal JWT: header.payload.signature
+        // Payload: {"sub":"user123","email":"test@example.com","plan":"free","iat":1700000000,"exp":1702592000}
+        let payload_json = r#"{"sub":"user123","email":"test@example.com","plan":"free","iat":1700000000,"exp":1702592000}"#;
+        let payload_b64 = base64url_encode(payload_json.as_bytes());
+        let header_b64 = base64url_encode(b"{\"alg\":\"HS256\",\"typ\":\"JWT\"}");
+        let token = format!("{}.{}.fake_signature", header_b64, payload_b64);
+
+        let payload = decode_jwt_payload(&token).unwrap();
+        assert_eq!(payload.sub.as_deref(), Some("user123"));
+        assert_eq!(payload.email.as_deref(), Some("test@example.com"));
+        assert_eq!(payload.plan.as_deref(), Some("free"));
+        assert_eq!(payload.iat, Some(1700000000));
+        assert_eq!(payload.exp, Some(1702592000));
+    }
+
+    #[test]
+    fn decode_jwt_payload_rejects_invalid() {
+        assert!(decode_jwt_payload("not-a-jwt").is_none());
+        assert!(decode_jwt_payload("a.b").is_none());
+        assert!(decode_jwt_payload("").is_none());
+    }
+
+    #[test]
+    fn auth_path_is_set() {
+        let path = auth_path();
+        assert!(path.is_some());
+        let p = path.unwrap();
+        assert!(p.ends_with("auth.json"));
+    }
+
+    #[test]
+    fn current_plan_defaults_to_free() {
+        // When no auth file exists (test env), should return "free"
+        assert_eq!(current_plan(), "free");
+    }
+
+    /// Helper: base64url encode (no padding).
+    fn base64url_encode(input: &[u8]) -> String {
+        const TABLE: &[u8; 64] =
+            b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
+        let mut output = String::new();
+        for chunk in input.chunks(3) {
+            let b0 = chunk[0] as u32;
+            let b1 = if chunk.len() > 1 { chunk[1] as u32 } else { 0 };
+            let b2 = if chunk.len() > 2 { chunk[2] as u32 } else { 0 };
+            let triple = (b0 << 16) | (b1 << 8) | b2;
+
+            output.push(TABLE[((triple >> 18) & 0x3F) as usize] as char);
+            output.push(TABLE[((triple >> 12) & 0x3F) as usize] as char);
+            if chunk.len() > 1 {
+                output.push(TABLE[((triple >> 6) & 0x3F) as usize] as char);
+            }
+            if chunk.len() > 2 {
+                output.push(TABLE[(triple & 0x3F) as usize] as char);
+            }
+        }
+        output
+    }
+}