kachow 0.1.0

package/_server/dist/routes/agents.js

@@ -0,0 +1,162 @@
+"use strict";
+/**
+ * Agent routes — Phase 10: Deep Analysis Engine.
+ *
+ * POST   /api/agents/analyze        — Trigger deep analysis on a repo
+ * GET    /api/agents/knowledge-graph — Get latest knowledge graph
+ * GET    /api/agents/analyses        — Get agent analysis history
+ * GET    /api/agents/status          — Quick status check
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agentRouter = void 0;
+const express_1 = require("express");
+const zod_1 = require("zod");
+const crypto_1 = require("crypto");
+const agentService_js_1 = require("../services/agentService.js");
+const scannerService_js_1 = require("../services/scannerService.js");
+const graphService_js_1 = require("../services/graphService.js");
+const index_js_1 = require("../db/index.js");
+const index_js_2 = require("../types/index.js");
+const router = (0, express_1.Router)();
+exports.agentRouter = router;
+// ── POST /api/agents/analyze ──────────────────────────────────────────────────
+const AnalyzeBodySchema = zod_1.z.object({
+    repoPath: zod_1.z.string().min(1, 'repoPath is required'),
+    repoUrl: zod_1.z.string().url().optional(),
+    team: zod_1.z.string().optional(),
+});
+router.post('/analyze', async (req, res) => {
+    const parse = AnalyzeBodySchema.safeParse(req.body);
+    if (!parse.success) {
+        res.status(400).json((0, index_js_2.err)(parse.error.errors.map((e) => `${e.path.join('.')}: ${e.message}`).join(', ')));
+        return;
+    }
+    const { repoPath, repoUrl, team } = parse.data;
+    try {
+        // Step 1: Run the normal scanner first to discover services
+        console.log('[Agents] Step 1: Running scanner...');
+        const scanResult = (0, scannerService_js_1.scanMonorepo)(repoPath, repoUrl, team);
+        // Persist scanner results to DB (same as scanner route)
+        const db = (0, index_js_1.getDb)();
+        const toTier = (s) => s >= 75 ? 'healthy' : s >= 50 ? 'warning' : 'critical';
+        const upsertService = db.prepare(`
+            INSERT INTO services (id, name, repo_url, repo_subpath, team, language,
+              health_score, health_tier, doc_coverage, test_coverage, last_commit, last_ingested)
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, datetime('now'))
+            ON CONFLICT(id) DO UPDATE SET
+              name=excluded.name, repo_url=excluded.repo_url, repo_subpath=excluded.repo_subpath,
+              team=excluded.team, language=excluded.language, health_score=excluded.health_score,
+              health_tier=excluded.health_tier, doc_coverage=excluded.doc_coverage,
+              test_coverage=excluded.test_coverage, last_commit=excluded.last_commit,
+              last_ingested=excluded.last_ingested, updated_at=datetime('now')
+        `);
+        const upsertEndpoint = db.prepare(`
+            INSERT INTO endpoints (id, service_id, path, method, deprecated)
+            VALUES (?, ?, ?, ?, ?)
+            ON CONFLICT(service_id, path, method) DO UPDATE SET deprecated=excluded.deprecated, updated_at=datetime('now')
+        `);
+        for (const svc of scanResult.services) {
+            upsertService.run(svc.id, svc.name, svc.repoUrl, svc.repoSubpath, svc.team ?? team ?? null, svc.language, svc.healthScore, toTier(svc.healthScore), svc.docCoverage, svc.testCoverage, svc.lastCommit);
+            for (const ep of svc.endpoints) {
+                upsertEndpoint.run((0, crypto_1.randomUUID)(), svc.id, ep.path, ep.method, ep.deprecated ? 1 : 0);
+            }
+        }
+        // Build service roots for deep analysis
+        const serviceRoots = scanResult.services
+            .filter((s) => s.language !== 'infra') // skip infra stubs from scanner
+            .map((s) => ({
+            id: s.id,
+            name: s.name,
+            language: s.language,
+            dir: s.repoPath,
+        }));
+        if (serviceRoots.length === 0) {
+            res.status(400).json((0, index_js_2.err)('No services found to analyze. Run /api/scanner/scan first.'));
+            return;
+        }
+        // Step 2: Run deep analysis with LLM agents
+        console.log(`[Agents] Step 2: Deep analysis on ${serviceRoots.length} services...`);
+        const analysisResult = await (0, agentService_js_1.runDeepAnalysis)(repoPath, serviceRoots);
+        // Save a fresh snapshot
+        try {
+            (0, graphService_js_1.saveSnapshot)('latest');
+        }
+        catch { /* non-fatal */ }
+        res.json((0, index_js_2.ok)({
+            analysisId: analysisResult.analysisId,
+            servicesAnalyzed: analysisResult.servicesAnalyzed,
+            totalFindings: analysisResult.totalFindings,
+            knowledgeGraph: {
+                nodes: analysisResult.orchestratorResult.nodes.length,
+                edges: analysisResult.orchestratorResult.edges.length,
+                layers: analysisResult.orchestratorResult.architecture.layers.length,
+                dataFlows: analysisResult.orchestratorResult.architecture.dataFlows.length,
+                selfHealingSuggestions: analysisResult.orchestratorResult.selfHealingSuggestions.length,
+            },
+            agentBreakdown: analysisResult.agentResults.map((r) => ({
+                agent: r.agentName,
+                service: r.serviceName,
+                findings: r.findings.length,
+                durationMs: r.durationMs,
+            })),
+            totalDurationMs: analysisResult.totalDurationMs,
+            summary: analysisResult.orchestratorResult.summary,
+        }));
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : 'Deep analysis failed';
+        console.error('[Agents] Error:', msg);
+        res.status(500).json((0, index_js_2.err)(msg));
+    }
+});
+// ── GET /api/agents/knowledge-graph ───────────────────────────────────────────
+router.get('/knowledge-graph', (_req, res) => {
+    try {
+        const kg = (0, agentService_js_1.getLatestKnowledgeGraph)();
+        if (!kg) {
+            res.json((0, index_js_2.ok)({
+                nodes: [], edges: [],
+                architecture: { layers: [], dataFlows: [] },
+                selfHealingSuggestions: [],
+                summary: 'No deep analysis has been run yet. POST /api/agents/analyze to start.',
+            }));
+            return;
+        }
+        res.json((0, index_js_2.ok)(kg));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_2.err)(e instanceof Error ? e.message : 'Failed to get knowledge graph'));
+    }
+});
+// ── GET /api/agents/analyses ──────────────────────────────────────────────────
+router.get('/analyses', (req, res) => {
+    try {
+        const analysisId = req.query.analysisId;
+        const analyses = (0, agentService_js_1.getAgentAnalyses)(analysisId);
+        res.json((0, index_js_2.ok)(analyses));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_2.err)(e instanceof Error ? e.message : 'Failed to get analyses'));
+    }
+});
+// ── GET /api/agents/status ────────────────────────────────────────────────────
+router.get('/status', (_req, res) => {
+    try {
+        const hasKey = !!(process.env.OPENAI_API_KEY && process.env.OPENAI_API_KEY !== 'your_openai_key_here');
+        const kg = (0, agentService_js_1.getLatestKnowledgeGraph)();
+        res.json((0, index_js_2.ok)({
+            openaiConfigured: hasKey,
+            hasKnowledgeGraph: !!kg,
+            nodeCount: kg?.nodes.length ?? 0,
+            edgeCount: kg?.edges.length ?? 0,
+            agents: [
+                'db-agent', 'routing-agent', 'dependency-agent', 'infra-agent',
+                'cicd-agent', 'schema-agent', 'security-agent', 'test-agent',
+            ],
+        }));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_2.err)(e instanceof Error ? e.message : 'Failed to get status'));
+    }
+});
+//# sourceMappingURL=agents.js.map

package/_server/dist/routes/architecture.js

@@ -0,0 +1,88 @@
+"use strict";
+/**
+ * Architecture diagram routes — Phase 9.
+ *
+ * GET  /api/architecture/flow              — Services in layers (INGRESS/CORE/DOMAIN/INFRA)
+ * GET  /api/architecture/blueprint/:id     — Full service blueprint
+ * POST /api/architecture/propose           — AI-proposed new service (brownie points)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.architectureRouter = void 0;
+const express_1 = require("express");
+const zod_1 = require("zod");
+const openai_1 = __importDefault(require("openai"));
+const architectureService_js_1 = require("../services/architectureService.js");
+const index_js_1 = require("../types/index.js");
+const router = (0, express_1.Router)();
+exports.architectureRouter = router;
+// ── GET /api/architecture/flow ────────────────────────────────────────────────
+router.get('/flow', (_req, res) => {
+    try {
+        res.json((0, index_js_1.ok)((0, architectureService_js_1.getArchitectureFlow)()));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_1.err)(e instanceof Error ? e.message : 'Failed to get architecture flow'));
+    }
+});
+// ── GET /api/architecture/blueprint/:serviceId ────────────────────────────────
+router.get('/blueprint/:serviceId', (req, res) => {
+    try {
+        const blueprint = (0, architectureService_js_1.getServiceBlueprint)(req.params.serviceId);
+        if (!blueprint) {
+            res.status(404).json((0, index_js_1.err)(`Service ${req.params.serviceId} not found`));
+            return;
+        }
+        res.json((0, index_js_1.ok)(blueprint));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_1.err)(e instanceof Error ? e.message : 'Failed to get blueprint'));
+    }
+});
+// ── POST /api/architecture/propose (brownie points) ───────────────────────────
+const ProposeSchema = zod_1.z.object({
+    requirement: zod_1.z.string().min(10, 'Requirement must be at least 10 characters').max(500),
+});
+router.post('/propose', async (req, res) => {
+    const parse = ProposeSchema.safeParse(req.body);
+    if (!parse.success) {
+        res.status(400).json((0, index_js_1.err)(parse.error.errors.map(e => e.message).join('; ')));
+        return;
+    }
+    const apiKey = process.env.OPENAI_API_KEY;
+    if (!apiKey) {
+        res.status(503).json((0, index_js_1.err)('OPENAI_API_KEY not set'));
+        return;
+    }
+    try {
+        const openai = new openai_1.default({ apiKey });
+        const completion = await openai.chat.completions.create({
+            model: 'gpt-4o',
+            messages: [{
+                    role: 'user',
+                    content: `You are a senior software architect. Design a new microservice to fulfil this requirement: "${parse.data.requirement}"
+
+Respond with ONLY valid JSON:
+{
+  "name": "kebab-case-service-name",
+  "description": "what this service does",
+  "dependencies": ["existing-service-name"],
+  "techStack": ["Node.js", "TypeScript", "PostgreSQL"],
+  "folderStructure": ["src/index.ts", "src/routes.ts", "src/service.ts"],
+  "adraft": "one paragraph ADR context for this decision"
+}`,
+                }],
+            response_format: { type: 'json_object' },
+            temperature: 0.4,
+            max_tokens: 600,
+        });
+        const proposed = JSON.parse(completion.choices[0]?.message?.content ?? '{}');
+        res.json((0, index_js_1.ok)({ proposedService: proposed, requirement: parse.data.requirement }));
+    }
+    catch (e) {
+        res.status(500).json((0, index_js_1.err)(e instanceof Error ? e.message : 'Proposal generation failed'));
+    }
+});
+//# sourceMappingURL=architecture.js.map

package/_server/dist/routes/config.js

@@ -0,0 +1,24 @@
+"use strict";
+/**
+ * Config router — exposes runtime configuration to the frontend.
+ * GET /api/config returns which integrations are active and the default team.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configRouter = void 0;
+const express_1 = require("express");
+exports.configRouter = (0, express_1.Router)();
+exports.configRouter.get('/', (_req, res) => {
+    res.json({
+        success: true,
+        data: {
+            defaultTeamId: process.env.DEFAULT_TEAM_ID || null,
+            hasGitHub: !!process.env.GITHUB_TOKEN,
+            hasSlack: !!process.env.SLACK_BOT_TOKEN,
+            hasJira: !!process.env.JIRA_BASE_URL,
+            hasOpenAI: !!process.env.OPENAI_API_KEY,
+        },
+        error: null,
+        meta: { timestamp: new Date().toISOString(), version: '1.0.0' },
+    });
+});
+//# sourceMappingURL=config.js.map

package/_server/dist/routes/github.js

@@ -0,0 +1,158 @@
+"use strict";
+/**
+ * GitHub webhook handler.
+ *
+ * POST /api/github/webhook
+ *
+ * GitHub sends a signed POST on every push event.
+ * We verify the HMAC-SHA256 signature using GITHUB_WEBHOOK_SECRET,
+ * then enqueue a commit-triggered partial re-scan via ingestService.
+ *
+ * Register this webhook at:
+ *   https://github.com/organizations/<org>/settings/hooks
+ *   or per-repo at Settings → Webhooks
+ *
+ * Required env vars:
+ *   GITHUB_WEBHOOK_SECRET  — must match the "Secret" field in GitHub's UI
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.githubRouter = void 0;
+const crypto_1 = require("crypto");
+const express_1 = __importStar(require("express"));
+const ingestService_js_1 = require("../services/ingestService.js");
+exports.githubRouter = (0, express_1.Router)();
+// ── Signature verification ────────────────────────────────────────────────────
+/**
+ * Verifies the X-Hub-Signature-256 header sent by GitHub.
+ * Uses timing-safe comparison to prevent timing attacks.
+ *
+ * @param secret  - GITHUB_WEBHOOK_SECRET from env
+ * @param payload - Raw request body as a Buffer
+ * @param header  - Value of X-Hub-Signature-256 header
+ * @returns true if the signature matches
+ */
+function verifySignature(secret, payload, header) {
+    if (!header)
+        return false;
+    const expected = 'sha256=' + (0, crypto_1.createHmac)('sha256', secret).update(payload).digest('hex');
+    try {
+        return (0, crypto_1.timingSafeEqual)(Buffer.from(expected), Buffer.from(header));
+    }
+    catch {
+        return false;
+    }
+}
+// ── POST /api/github/webhook ──────────────────────────────────────────────────
+/**
+ * Receives GitHub push events and enqueues a commit-triggered re-scan.
+ *
+ * GitHub push payload shape (relevant fields only):
+ *   { ref, after, repository: { id, full_name, clone_url }, commits: [{ id, added, removed, modified }] }
+ */
+exports.githubRouter.post('/webhook', 
+// Capture raw body for HMAC verification BEFORE JSON parsing strips it.
+// We register this route with express.raw() so the body is a Buffer here.
+express_1.default.raw({ type: 'application/json' }), async (req, res) => {
+    const secret = process.env.GITHUB_WEBHOOK_SECRET;
+    if (!secret) {
+        console.error('[GitHub Webhook] GITHUB_WEBHOOK_SECRET is not set');
+        res.status(500).json({ success: false, error: 'Webhook secret not configured' });
+        return;
+    }
+    // ── Signature check ───────────────────────────────────────────────────────
+    const signature = req.headers['x-hub-signature-256'];
+    const rawBody = req.body;
+    if (!verifySignature(secret, rawBody, signature)) {
+        console.warn('[GitHub Webhook] Invalid signature — request rejected');
+        res.status(401).json({ success: false, error: 'Invalid webhook signature' });
+        return;
+    }
+    // ── Parse payload ─────────────────────────────────────────────────────────
+    let payload;
+    try {
+        payload = JSON.parse(rawBody.toString('utf-8'));
+    }
+    catch {
+        res.status(400).json({ success: false, error: 'Could not parse JSON payload' });
+        return;
+    }
+    // Only process push events (not tag deletions, etc.)
+    const event = req.headers['x-github-event'];
+    if (event !== 'push') {
+        res.json({ success: true, data: { skipped: true, reason: `event '${String(event)}' not handled` } });
+        return;
+    }
+    const commitHash = payload.after;
+    const repoFullName = payload.repository?.full_name ?? 'unknown';
+    const repoId = String(payload.repository?.id ?? '');
+    if (!commitHash || commitHash === '0000000000000000000000000000000000000000') {
+        // Branch deletion — nothing to scan
+        res.json({ success: true, data: { skipped: true, reason: 'branch deletion event' } });
+        return;
+    }
+    // Collect all changed files across every commit in this push
+    const changedFiles = [
+        ...new Set((payload.commits ?? []).flatMap((c) => [
+            ...(c.added ?? []),
+            ...(c.modified ?? []),
+            ...(c.removed ?? []),
+        ])),
+    ];
+    if (changedFiles.length === 0) {
+        res.json({ success: true, data: { skipped: true, reason: 'no files changed' } });
+        return;
+    }
+    // ── Enqueue re-scan ───────────────────────────────────────────────────────
+    try {
+        const result = await (0, ingestService_js_1.enqueueCommitIngest)({ repoId, commitHash, changedFiles });
+        console.log(`[GitHub Webhook] Enqueued commit job for ${repoFullName}@${commitHash.slice(0, 7)}`);
+        res.status(201).json({ success: true, data: result });
+    }
+    catch (err) {
+        const e = err;
+        if (e.statusCode === 404) {
+            // Repo not yet ingested — that's fine, just skip
+            res.status(404).json({
+                success: false,
+                error: `Repository '${repoFullName}' (id: ${repoId}) not found in KA-CHOW. Run a full ingest first.`,
+            });
+            return;
+        }
+        console.error('[GitHub Webhook] Enqueue error:', e.message);
+        res.status(500).json({ success: false, error: e.message ?? 'Internal error' });
+    }
+});
+//# sourceMappingURL=github.js.map

package/_server/dist/routes/graph.js

@@ -0,0 +1,112 @@
+"use strict";
+/**
+ * Graph router — Phase 2 read-only endpoints.
+ *
+ *   GET /api/graph/nodes               → all service nodes with layout coords
+ *   GET /api/graph/edges               → all dependency edges
+ *   GET /api/graph/node/:id            → full node detail for sidebar panel
+ *   GET /api/graph/health              → system-wide health aggregate (30-s poll)
+ *   GET /api/graph/snapshot/:version   → snapshot at a specific version/tag
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.graphRouter = void 0;
+const express_1 = require("express");
+const graphService_js_1 = require("../services/graphService.js");
+exports.graphRouter = (0, express_1.Router)();
+// ── GET /nodes ────────────────────────────────────────────────────────────────
+exports.graphRouter.get('/nodes', (req, res) => {
+    try {
+        const team = typeof req.query.team === 'string' && req.query.team ? req.query.team : undefined;
+        const teamId = typeof req.query.teamId === 'string' && req.query.teamId ? req.query.teamId : undefined;
+        const nodes = (0, graphService_js_1.getNodes)(team, teamId);
+        res.json({ success: true, data: nodes, meta: { count: nodes.length } });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+// ── GET /edges ────────────────────────────────────────────────────────────────
+exports.graphRouter.get('/edges', (req, res) => {
+    try {
+        const team = typeof req.query.team === 'string' && req.query.team ? req.query.team : undefined;
+        const teamId = typeof req.query.teamId === 'string' && req.query.teamId ? req.query.teamId : undefined;
+        const edges = (0, graphService_js_1.getEdges)(team, teamId);
+        res.json({ success: true, data: edges, meta: { count: edges.length } });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+// ── GET /health ───────────────────────────────────────────────────────────────
+exports.graphRouter.get('/health', (req, res) => {
+    try {
+        const teamId = typeof req.query.teamId === 'string' && req.query.teamId ? req.query.teamId : undefined;
+        const health = (0, graphService_js_1.getSystemHealth)(teamId);
+        res.json({ success: true, data: health });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+// ── GET /snapshot/:version ────────────────────────────────────────────────────
+exports.graphRouter.get('/snapshot/:version', (req, res) => {
+    const { version } = req.params;
+    if (!version || version.trim().length === 0) {
+        res.status(400).json({ success: false, error: 'version is required' });
+        return;
+    }
+    try {
+        const snapshot = (0, graphService_js_1.getSnapshot)(version);
+        if (!snapshot) {
+            res.status(404).json({
+                success: false,
+                error: `Snapshot '${version}' not found`,
+            });
+            return;
+        }
+        res.json({ success: true, data: snapshot });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+// ── GET /critical-issues ──────────────────────────────────────────────────────
+exports.graphRouter.get('/critical-issues', (req, res) => {
+    try {
+        const teamId = typeof req.query.teamId === 'string' && req.query.teamId ? req.query.teamId : undefined;
+        const issues = (0, graphService_js_1.getCriticalIssues)(teamId);
+        res.json({ success: true, data: issues, meta: { count: issues.length } });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+// ── GET /node/:id  (most specific last) ──────────────────────────────────────
+exports.graphRouter.get('/node/:id', (req, res) => {
+    const { id } = req.params;
+    if (!id || id.trim().length === 0) {
+        res.status(400).json({ success: false, error: 'id is required' });
+        return;
+    }
+    try {
+        const detail = (0, graphService_js_1.getNodeDetail)(id);
+        if (!detail) {
+            res.status(404).json({
+                success: false,
+                error: `Service node '${id}' not found`,
+            });
+            return;
+        }
+        res.json({ success: true, data: detail });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Unknown error';
+        res.status(500).json({ success: false, error: message });
+    }
+});
+//# sourceMappingURL=graph.js.map