kyd-shared-badge 0.2.34 → 0.3.1

package/src/chat/useChatStreaming.ts

@@ -0,0 +1,85 @@
+'use client';
+
+import { useCallback, useMemo, useRef, useState } from 'react';
+
+export type Role = 'user' | 'assistant';
+export type ChatMessage = { id: string; role: Role; content: string };
+
+export type UseChatStreamingConfig = {
+  api: string; // e.g. /api/chat
+  badgeId: string;
+};
+
+export function useChatStreaming(cfg: UseChatStreamingConfig) {
+  const { api, badgeId } = cfg;
+  const [messages, setMessages] = useState<ChatMessage[]>([]);
+  const [input, setInput] = useState('');
+  const [sending, setSending] = useState(false);
+  const [sessionId, setSessionId] = useState<string | null>(null);
+  const abortRef = useRef<AbortController | null>(null);
+
+  const sendMessage = useCallback(async (text?: string) => {
+    const content = (text ?? input).trim();
+    if (!content || sending) return;
+    setInput('');
+    setSending(true);
+
+    const userMsg: ChatMessage = { id: crypto.randomUUID(), role: 'user', content };
+    const assistantId = crypto.randomUUID();
+    setMessages(m => [...m, userMsg, { id: assistantId, role: 'assistant', content: '' }]);
+
+    try {
+      abortRef.current?.abort();
+      abortRef.current = new AbortController();
+      // Ensure a session exists
+      let sid = sessionId;
+      if (!sid) {
+        const sres = await fetch(`${api}/session`, { method: 'POST' });
+        if (!sres.ok) throw new Error('session');
+        const sj = await sres.json();
+        sid = sj.sessionId as string;
+        setSessionId(sid);
+      }
+      const res = await fetch(api, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ content, sessionId: sid, badgeId }),
+        signal: abortRef.current.signal,
+      });
+      if (!res.ok || !res.body) throw new Error(`send: ${res.status}`);
+
+      const reader = res.body.getReader();
+      const decoder = new TextDecoder();
+      let done = false;
+      while (!done) {
+        const chunk = await reader.read();
+        done = chunk.done || false;
+        if (chunk.value) {
+          const textPart = decoder.decode(chunk.value, { stream: true });
+          setMessages(m => m.map(msg => msg.id === assistantId ? { ...msg, content: msg.content + textPart } : msg));
+        }
+      }
+    } catch (e) {
+      setMessages(m => m.map(msg => msg.id === assistantId ? { ...msg, content: 'Streaming failed. Please try again.' } : msg));
+    } finally {
+      setSending(false);
+    }
+  }, [api, input, sending, badgeId]);
+
+  const cancel = useCallback(() => {
+    abortRef.current?.abort();
+    setSending(false);
+    // If the last assistant message is empty, set a friendly stopped message
+    setMessages(m => {
+      const last = m[m.length - 1];
+      if (last && last.role === 'assistant' && (last.content || '').trim().length === 0) {
+        return m.map((msg, idx) => idx === m.length - 1 ? { ...msg, content: 'Generation stopped.' } : msg);
+      }
+      return m;
+    });
+  }, []);
+
+  return useMemo(() => ({ messages, input, setInput, sending, sendMessage, cancel }), [messages, input, sending, sendMessage, cancel]);
+}
+
+

package/src/components/AppendixTables.tsx

@@ -1,6 +1,7 @@
 'use client';
 
 import React, { useState, useEffect } from 'react';
+import { formatLocalDate } from '../utils/date';
 import { FaGithub, FaGitlab, FaStackOverflow, FaLinkedin, FaGoogle, FaKaggle } from 'react-icons/fa';
 import { SiCredly, SiFiverr } from 'react-icons/si';
 import { DomainCSVRow } from '../types';
@@ -153,7 +154,7 @@ const AppendixTables: React.FC<AppendixTableProps> = ({ type, sources, searchedA
         return () => window.removeEventListener('hashchange', flashIfRule);
     }, []);
 
-    const formattedDate = new Date(searchedAt).toLocaleString(undefined, {
+    const formattedDate = formatLocalDate(searchedAt, {
         year: 'numeric', month: 'short', day: 'numeric',
         // hour: 'numeric', minute: '2-digit',
     });

package/src/components/ConnectedPlatforms.tsx

@@ -1,6 +1,7 @@
 'use client';
 
 import React from 'react';
+import { formatLocalDate } from '../utils/date';
 import { FaGithub, FaGitlab, FaStackOverflow, FaLinkedin, FaGoogle, FaKaggle } from 'react-icons/fa';
 import { SiCredly, SiFiverr } from 'react-icons/si';
 
@@ -42,7 +43,7 @@ const ConnectedPlatforms = ({ accounts }: { accounts?: ConnectedAccount[] }) =>
               </div>
               {acct.observedAt ? (
                 <div className={'text-xs whitespace-nowrap'} style={{ color: 'var(--text-secondary)' }}>
-                  <span style={{ color: 'var(--text-main)' }}>Observed At:</span> {new Date(acct.observedAt).toLocaleDateString()}
+                  <span style={{ color: 'var(--text-main)' }}>Observed At:</span> {formatLocalDate(acct.observedAt)}
                 </div>
               ) : <div />}
             </div>

package/src/components/ProviderInsights.tsx

@@ -1,4 +1,5 @@
 import { IconType } from 'react-icons';
+import { formatLocalDate } from '../utils/date';
 import { FaGithub, FaGitlab, FaStackOverflow, FaAtlassian, FaLinkedin, FaGoogle } from 'react-icons/fa';
 import { SiFiverr, SiCredly, SiKaggle } from 'react-icons/si';
 import { TopContributingRule } from '../types';
@@ -54,7 +55,7 @@ export default function ProviderInsights({ platforms, topContributingRules }: Pr
           const display = providerDisplayMap[(r.provider || '').toLowerCase()] || r.provider;
           return display === normalizedName;
         });
-        const observedDate = platform.observedAt ? new Date(platform.observedAt).toLocaleDateString(undefined, {
+        const observedDate = platform.observedAt ? formatLocalDate(platform.observedAt, {
           year: 'numeric',
           month: 'short',
           day: 'numeric',

package/src/components/ReportHeader.tsx

@@ -1,6 +1,7 @@
 'use client';
 
 import Image from 'next/image';
+import { formatLocalDate } from '../utils/date';
 import countriesLib from 'i18n-iso-countries';
 import enLocale from 'i18n-iso-countries/langs/en.json';
 
@@ -43,7 +44,7 @@ const ReportHeader = ({ badgeId, developerName, updatedAt, score = 0, badgeImage
   const finalBadgeImageUrl = badgeImageUrl || getBadgeImageUrl(score || 0);
   const tint = hexToRgba(pickTint(score || 0), 0.06);
   
-  const formattedDate = updatedAt ? new Date(updatedAt).toLocaleString(undefined, {
+  const formattedDate = updatedAt ? formatLocalDate(updatedAt, {
     year: 'numeric',
     month: 'long',
     day: 'numeric',
@@ -57,8 +58,8 @@ const ReportHeader = ({ badgeId, developerName, updatedAt, score = 0, badgeImage
       <div className="flex flex-col md:flex-row items-center md:items-stretch gap-6">
         {/* Left Half: Badge Image with robust centered overlay */}
         <div className="w-full md:w-1/3 flex items-center justify-center self-stretch">
-          <div className="relative w-full max-w-xs select-none">
-            <Image src={finalBadgeImageUrl} alt="KYD Badge" width={400} height={400} unoptimized className='w-full h-auto pointer-events-none p-10'/>
+          <div className="relative w-full max-w-xs select-none" style={{ maxWidth: 260 }}>
+            <Image src={finalBadgeImageUrl} alt="KYD Badge" width={260} height={260} unoptimized className='w-full h-auto pointer-events-none p-6'/>
             {/* Centered overlay slightly lower on Y axis, responsive and readable */}
             <div className="pointer-events-none absolute left-1/2 top-[66%] -translate-x-1/2 -translate-y-1/2">
               <div className="font-extrabold text-black text-3xl " >

package/src/index.ts

@@ -1,2 +1,6 @@
 export * from './types';
 export { default as SharedBadgeDisplay } from './SharedBadgeDisplay';
+export { default as ChatWindowStreaming } from './chat/ChatWindowStreaming';
+export { default as ChatWidget } from './chat/ChatWidget';
+
+

package/src/lib/auth-verify.ts

@@ -0,0 +1,48 @@
+import { NextRequest } from 'next/server';
+import { getServerSession } from 'next-auth';
+import { authOptions } from '@/lib/auth';
+import { jwtVerify, createRemoteJWKSet } from 'jose';
+
+export type VerifiedUser = {
+  userId: string;
+  companyId?: string | null;
+  idToken: string;
+};
+
+// Verifies Cognito ID Token from the server session or Authorization header.
+// Returns userId (sub) and optional companyId claim if present.
+export async function verifyCognito(req: NextRequest): Promise<VerifiedUser> {
+  // Try to get id_token from NextAuth session first
+  const session = await getServerSession(authOptions as any);
+  let idToken: string | undefined;
+  if (session && (session as any).id_token) {
+    idToken = (session as any).id_token as string;
+  }
+  if (!idToken) {
+    const authz = req.headers.get('authorization') || req.headers.get('Authorization');
+    if (authz && authz.toLowerCase().startsWith('bearer ')) {
+      idToken = authz.slice(7).trim();
+    }
+  }
+
+  if (!idToken) {
+    throw new Response(JSON.stringify({ error: 'Not authenticated' }), { status: 401 }) as unknown as Error;
+  }
+
+  const region = process.env.AWS_REGION!;
+  const userPoolId = process.env.COGNITO_USER_POOL_ID!;
+  const issuer = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}`;
+  const jwks = createRemoteJWKSet(new URL(`${issuer}/.well-known/jwks.json`));
+
+  try {
+    const { payload } = await jwtVerify(idToken, jwks, { issuer });
+    const sub = String(payload.sub || '');
+    if (!sub) throw new Error('Invalid token');
+    const companyId = (payload as any)['custom:companyId'] || (payload as any).companyId || null;
+    return { userId: sub, companyId, idToken };
+  } catch (e) {
+    throw new Response(JSON.stringify({ error: 'Invalid token' }), { status: 401 }) as unknown as Error;
+  }
+}
+
+

package/src/lib/chat-store.ts

@@ -0,0 +1,96 @@
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb';
+import { DynamoDBDocumentClient, PutCommand, QueryCommand } from '@aws-sdk/lib-dynamodb';
+import { ulid } from 'ulid';
+
+type Role = 'user' | 'assistant' | 'system';
+
+const region = process.env.AWS_REGION!;
+const tableName = process.env.CHAT_TABLE_NAME!;
+
+const ddb = new DynamoDBClient({ region });
+const doc = DynamoDBDocumentClient.from(ddb);
+
+export type SessionItem = {
+  pk: string; // SESSION#{sessionId}
+  sk: 'SESSION';
+  userId: string;
+  companyId?: string | null;
+  model?: string;
+  promptId?: string;
+  promptVersion?: string;
+  createdAt: string;
+  updatedAt: string;
+};
+
+export type MessageItem = {
+  pk: string; // SESSION#{sessionId}
+  sk: string; // MSG#{isoOrUlid}
+  role: Role;
+  content: string;
+  createdAt: string;
+  redactions?: any;
+  toolCalls?: any;
+  evidenceJson?: any;
+};
+
+export async function createSession(params: { userId: string; companyId?: string | null; model?: string; promptId?: string; promptVersion?: string; }): Promise<string> {
+  const sessionId = ulid();
+  const now = new Date().toISOString();
+  let item: SessionItem = {
+    pk: `SESSION#${sessionId}`,
+    sk: 'SESSION',
+    userId: params.userId,
+    createdAt: now,
+    updatedAt: now,
+  }
+  if (params.companyId) {
+    item.companyId = params.companyId;
+  }
+  if (params.model) {
+    item.model = params.model;
+  }
+  if (params.promptId) {
+    item.promptId = params.promptId;
+  }
+  if (params.promptVersion) {
+    item.promptVersion = params.promptVersion;
+  }
+  await doc.send(new PutCommand({ TableName: tableName, Item: item }));
+  return sessionId;
+}
+
+export async function putMessage(params: { sessionId: string; role: Role; content: string; evidenceJson?: any }): Promise<void> {
+  const now = new Date().toISOString();
+  const item: MessageItem = {
+    pk: `SESSION#${params.sessionId}`,
+    sk: `MSG#${ulid()}`,
+    role: params.role,
+    content: sanitizeContent(params.content),
+    createdAt: now,
+    evidenceJson: params.evidenceJson,
+  } as MessageItem;
+  await doc.send(new PutCommand({ TableName: tableName, Item: item }));
+}
+
+export async function getHistory(sessionId: string, limit: number = 20): Promise<Array<{ role: Role; content: string }>> {
+  const resp = await doc.send(new QueryCommand({
+    TableName: tableName,
+    KeyConditionExpression: 'pk = :pk and begins_with(sk, :msg) ',
+    ExpressionAttributeValues: { ':pk': `SESSION#${sessionId}`, ':msg': 'MSG#' },
+    ScanIndexForward: true,
+    Limit: limit,
+  }));
+  const items = (resp.Items || []) as MessageItem[];
+  return items.map(it => ({ role: it.role, content: it.content })).slice(-limit);
+}
+
+function sanitizeContent(text: string): string {
+  // Basic server-side redaction: do not persist raw secrets-looking strings
+  try {
+    return String(text).replace(/(api|secret|token|password)[=:]\s*[^\s"']+/gi, '$1=[REDACTED]');
+  } catch {
+    return text;
+  }
+}
+
+

package/src/lib/context.ts

@@ -0,0 +1,147 @@
+// Placeholder for aggregator: mimic Python aggregator semantics by reading from the same tables/blobs in future.
+// For MVP, return a minimal shape merged from UserTable and known analysis keys if already present in user record.
+
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb';
+import { DynamoDBDocumentClient, GetCommand } from '@aws-sdk/lib-dynamodb';
+import { S3Client, GetObjectCommand } from '@aws-sdk/client-s3';
+import { mkdir, writeFile } from 'fs/promises';
+import { GraphInsightsPayload } from '../types';
+
+const region = process.env.AWS_REGION!;
+const usersTableName = process.env.USER_TABLE_NAME || `UserTable${(process.env.NEXT_PUBLIC_STAGE || process.env.STAGE || 'dev').replace(/^./, c => c.toUpperCase())}`;
+const doc = DynamoDBDocumentClient.from(new DynamoDBClient({ region }));
+const s3 = new S3Client({ region });
+const providerDataBucket = process.env.PROVIDER_DATA_BUCKET_NAME!;
+const badgeTableName = process.env.BADGE_TABLE_NAME!;
+
+export async function aggregateUserData(userId: string, enterpriseMode?: boolean, companyId?: string | null): Promise<any> {
+  // Minimal: load user record. Optionally, in enterprise mode, you could also fetch link overlay.
+  const userResp = await doc.send(new GetCommand({ TableName: usersTableName, Key: { userId } }));
+  const user = userResp.Item || {};
+  const merged = { ...user } as Record<string, any>;
+  if (enterpriseMode && companyId) {
+    // Optionally merge enterprise overlay later; keeping simple for MVP.
+    merged.companyId = companyId;
+  }
+
+  // For each provider_* entry, fetch filtered_data_key JSON from S3 and attach under <provider>_analysis
+  const providerKeys = Object.keys(merged).filter(k => k.startsWith('provider_'));
+  const fetches = providerKeys.map(async (key) => {
+    try {
+      const providerData = merged[key];
+      if (!providerData || typeof providerData !== 'object') return;
+      const filteredKey = providerData['filtered_data_key'];
+      if (!filteredKey || typeof filteredKey !== 'string') return;
+      const obj = await getJsonFromS3(providerDataBucket, filteredKey);
+      const providerName = key.replace(/^provider_/, '');
+      const analysisKey = `${providerName}_analysis`;
+      merged[analysisKey] = obj;
+    } catch (e) {
+      console.error('Failed to load provider filtered data', e);
+      // Non-fatal; annotate error
+      try {
+        const providerName = key.replace(/^provider_/, '');
+        merged[`${providerName}_analysis`] = { error: 'Failed to load provider filtered data' };
+      } catch {}
+    }
+  });
+  await Promise.all(fetches);
+
+  return merged;
+}
+
+export function cleanDeveloperProfile(data: any): any {
+  if (Array.isArray(data)) return data.map(cleanDeveloperProfile);
+  if (data === null || typeof data !== 'object') return data;
+  const cleaned: any = {};
+  const keysToRemove = new Set([
+    'accessToken','refreshToken','access_token','refresh_token','id_token',
+    'stripeCustomerId','password','secret',
+    'gravatar_id','node_id','id','site_admin',
+    'expires_in','expires_at','token_type','scope','avatarUrls',
+    'iconUrl','extern_uid','saml_provider_id','profile_image',
+    'account_id','user_id','prompt','expiresAt',
+    'source_files_for_analysis','prompt_location','prompt_location_s3_key',
+    's3_archive_key','repos','profilePic','linkedinUrl','url','profilePictureUrl',
+    'userId','key_data_points','projects_limit','web_url','linkedinUrl',
+    'requestHistory','domains_checked','connectedAccounts', 'analysisCache',
+    'filtered_data_key', 'raw_data_key'
+  ]);
+  const urlKeysToKeep = new Set(['html_url','web_url','blog']);
+  for (const [key, value] of Object.entries(data)) {
+    if (keysToRemove.has(key)) continue;
+    if (key.includes('avatar') || key.includes('picture')) continue;
+    if (key.endsWith('_url') && !urlKeysToKeep.has(key)) continue;
+    const v = cleanDeveloperProfile(value);
+    if (key === 'screening_sources' && v && typeof v === 'object') {
+      delete v['ofac_lists'];
+      delete v['additional_watchlists'];
+      delete v['risk_profile_domains'];
+    }
+    cleaned[key] = v;
+  }
+  return cleaned;
+}
+
+export function buildAllContextPrompt(cleanedData: any, reportGraphData: GraphInsightsPayload | undefined, options?: { concise?: boolean, debugName?: string }): string {
+  const instructions = [
+    'You are KYD, a trust and risk analyst.',
+    'Give customer-facing answers. ',
+    'Prefer concise, direct answers.',
+    'Use ONLY the JSON provided to answer the user.',
+    'Never invent or fetch external data.',
+    'If data is missing, say so briefly.',
+    'Return natural language for the main reply.',
+    'When referring to the input JSON, use the term "Report Information" or "Report"',
+    'You are speaking to a non-technical user, ensure you do not use variable-esk language like "based on linkedin_provider", instead use "based the LinkedIn profile"',
+    // 'Optionally append a fenced JSON evidence block at the end if relevant.',
+    // 'If you output evidence, follow the exact evidence schema described.',
+  ];
+  const jsonOnlyNote = 'Do not include the input JSON in your reply.';
+  // const evidenceSchema = '{ "type": "evidence", "claims": [ { "claim": str, "items": [ { "provider": str, "title": str, "url": str, "date": str } ] } ] }';
+  const out = [
+    instructions.join(' '),
+    jsonOnlyNote,
+    '-----BEGIN REPORT GRAPH DATA-----',
+    JSON.stringify(reportGraphData),
+    '-----END REPORT GRAPH DATA-----',
+    '-----BEGIN USER INPUT DATA-----',
+    JSON.stringify(cleanedData),
+    '-----END USER INPUT DATA-----',
+  ].join('\n');
+  // Fire-and-forget debug write if enabled via env
+  // if (process.env.NODE_ENV === 'development') {
+  //   void maybeWriteDebugContext(cleanedData, out, options?.debugName).catch(() => {});
+  // }
+  return out;
+}
+
+async function getJsonFromS3(bucket: string, key: string): Promise<any> {
+  const res = await s3.send(new GetObjectCommand({ Bucket: bucket, Key: key }));
+  const text = await (res as any).Body?.transformToString('utf-8');
+  return JSON.parse(text || '{}');
+}
+
+
+async function maybeWriteDebugContext(cleanedData: any, promptText: string, nameHint?: string): Promise<void> {
+  try {
+    const dir = './debug';
+    await mkdir(dir, { recursive: true });
+    const sanitize = (s: string) => s.replace(/[^a-zA-Z0-9_\-.]/g, '_').slice(0, 64) || 'context';
+    const base = sanitize(nameHint || 'context');
+    const ts = new Date().toISOString().replace(/[:.]/g, '-');
+    const jsonPath = `${dir}/kyd-${base}-${ts}.json`;
+    const txtPath = `${dir}/kyd-${base}-${ts}.txt`;
+    const jsonPretty = JSON.stringify(cleanedData, null, 2);
+    await writeFile(jsonPath, jsonPretty, 'utf8');
+    await writeFile(txtPath, promptText, 'utf8');
+  } catch (e) {
+    console.error('Context debug write failed', e);
+  }
+}
+
+
+export async function getReportGraphData(badgeId: string): Promise<GraphInsightsPayload | undefined> {
+  const badge = await doc.send(new GetCommand({ TableName: badgeTableName, Key: { badgeId } }));
+  return badge.Item?.assessmentResult?.graph_insights as GraphInsightsPayload | undefined;
+}

package/src/lib/rate-limit.ts

@@ -0,0 +1,29 @@
+import { DynamoDBDocumentClient, GetCommand, PutCommand } from '@aws-sdk/lib-dynamodb';
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb';
+
+const region = process.env.AWS_REGION!;
+const tableName = process.env.RATE_LIMIT_TABLE_NAME!;
+
+const ddb = new DynamoDBClient({ region });
+const doc = DynamoDBDocumentClient.from(ddb);
+
+export async function checkAndConsumeToken(userId: string, capacityPerMinute: number = 10): Promise<boolean> {
+  const now = Date.now();
+  const key = { userId } as any;
+  const resp = await doc.send(new GetCommand({ TableName: tableName, Key: key }));
+  const item = (resp.Item as any) || { userId, tokens: capacityPerMinute, refillAt: now };
+  let tokens: number = typeof item.tokens === 'number' ? item.tokens : capacityPerMinute;
+  let refillAt: number = typeof item.refillAt === 'number' ? item.refillAt : now;
+  if (now >= refillAt + 60_000) {
+    tokens = capacityPerMinute;
+    refillAt = now;
+  }
+  if (tokens <= 0) {
+    return false;
+  }
+  tokens -= 1;
+  await doc.send(new PutCommand({ TableName: tableName, Item: { userId, tokens, refillAt } }));
+  return true;
+}
+
+

package/src/lib/routes.ts

@@ -0,0 +1,94 @@
+// Dummy streaming chat endpoint for local testing
+// POST /api/chat { content: string, sessionId?: string }
+
+import { NextRequest } from 'next/server';
+import { streamText } from 'ai';
+import { bedrock } from '@ai-sdk/amazon-bedrock';
+
+import { verifyCognito } from './auth-verify';
+import { getHistory, putMessage } from './chat-store';
+import { aggregateUserData, cleanDeveloperProfile, buildAllContextPrompt, getReportGraphData } from './context';
+import { checkAndConsumeToken } from './rate-limit';
+
+import { createSession } from './chat-store';
+
+
+export const runtime = 'nodejs';
+
+export async function chatStreamRoute(req: NextRequest) {
+  try {
+    const user = await verifyCognito(req);
+    const { sessionId, content, badgeId } = await req.json();
+    if (!content || !sessionId) {
+      return Response.json({ error: 'Missing sessionId or content' }, { status: 400 });
+    }
+
+    const allowed = await checkAndConsumeToken(user.userId, 20);
+    if (!allowed) {
+      return Response.json({ error: 'Rate limit exceeded' }, { status: 429 });
+    }
+
+    await putMessage({ sessionId, role: 'user', content });
+
+    const aggregated = await aggregateUserData(user.userId, !!user.companyId, user.companyId);
+    const cleaned = cleanDeveloperProfile(aggregated);
+    const graphData = await getReportGraphData(badgeId);
+    const system = buildAllContextPrompt(cleaned, graphData, { concise: true });
+    const history = await getHistory(sessionId, 20);
+
+    const result = await streamText({
+      model: bedrock('us.anthropic.claude-3-5-haiku-20241022-v1:0', { region: process.env.AWS_REGION }),
+      system,
+      messages: [...history, { role: 'user' as const, content }],
+      maxTokens: 1024,
+      temperature: 0.2,
+      onFinish: async ({ text }: { text: string }) => {
+        // Attempt to capture evidence block if present (UI also parses, but cache server-side)
+        const evidence = tryParseEvidenceServer(text);
+        await putMessage({ sessionId, role: 'assistant', content: text, evidenceJson: evidence || undefined });
+      },
+    });
+
+    return result.toTextStreamResponse();
+  } catch (e: any) {
+    if (e instanceof Response) return e;
+    console.error('chat error', e);
+    return new Response('An error occurred. Please try again.', { status: 500 });
+  }
+}
+
+function tryParseEvidenceServer(text: string): any | null {
+  try {
+    const start = text.indexOf('```json');
+    const end = text.indexOf('```', start + 7);
+    const raw = start >= 0 && end > start ? text.slice(start + 7, end).trim() : text.trim();
+    const obj = JSON.parse(raw);
+    if (obj && obj.type === 'evidence' && Array.isArray(obj.claims)) return obj;
+  } catch {}
+  return null;
+}
+
+
+
+
+
+export async function createSessionRoute(req: NextRequest) {
+  try {
+    const user = await verifyCognito(req);
+    const body = await req.json().catch(() => ({}));
+    const sessionId = await createSession({
+      userId: user.userId,
+      companyId: user.companyId,
+      model: body?.model,
+      promptId: body?.promptId,
+      promptVersion: body?.promptVersion,
+    });
+    return Response.json({ sessionId });
+  } catch (e: any) {
+    console.error(e);
+    if (e instanceof Response) return e;
+    return Response.json({ error: 'Failed to create session' }, { status: 500 });
+  }
+}
+
+

package/src/utils/date.ts

@@ -0,0 +1,68 @@
+export type DateLike = string | number | Date | null | undefined;
+
+const hasTimezoneDesignator = (value: string): boolean => {
+  return /[zZ]$/.test(value) || /[+-]\d{2}:?\d{2}$/.test(value);
+};
+
+const truncateExcessFraction = (value: string): string => {
+  // Keep at most 3 fractional digits for milliseconds
+  return value.replace(/(\.\d{3})\d+/, '$1');
+};
+
+export const parseUtcDate = (input: DateLike): Date => {
+  if (input == null) return new Date(Number.NaN);
+  if (input instanceof Date) return new Date(input.getTime());
+  if (typeof input === 'number') {
+    const millis = input < 1e12 ? input * 1000 : input;
+    return new Date(millis);
+  }
+
+  const raw = String(input).trim();
+  if (!raw) return new Date(Number.NaN);
+
+  // Numeric strings (epoch seconds or millis)
+  if (/^\d{10}$/.test(raw)) return new Date(Number(raw) * 1000);
+  if (/^\d{13}$/.test(raw)) return new Date(Number(raw));
+
+  // Already has timezone; trust the browser parser
+  if (hasTimezoneDesignator(raw)) return new Date(raw);
+
+  // Normalize common forms: "YYYY-MM-DD HH:MM:SS[.fff...]" -> ISO-like
+  let norm = raw.replace(' ', 'T');
+  norm = truncateExcessFraction(norm);
+
+  // Date-only string -> treat as UTC midnight
+  if (/^\d{4}-\d{2}-\d{2}$/.test(norm)) {
+    return new Date(`${norm}T00:00:00Z`);
+  }
+
+  // If ISO-like without timezone, explicitly mark as UTC
+  if (/^\d{4}-\d{2}-\d{2}T/.test(norm) && !hasTimezoneDesignator(norm)) {
+    return new Date(`${norm}Z`);
+  }
+
+  // Fallback to native parsing
+  return new Date(norm);
+};
+
+export const formatLocalDate = (value: DateLike, options?: Intl.DateTimeFormatOptions): string => {
+  const d = value instanceof Date ? value : parseUtcDate(value);
+  if (Number.isNaN(d.getTime())) return 'N/A';
+  return d.toLocaleDateString(undefined, options);
+};
+
+export const formatLocalDateTime = (value: DateLike, options?: Intl.DateTimeFormatOptions): string => {
+  const d = value instanceof Date ? value : parseUtcDate(value);
+  if (Number.isNaN(d.getTime())) return 'N/A';
+  const base: Intl.DateTimeFormatOptions = {
+    year: 'numeric',
+    month: 'long',
+    day: 'numeric',
+    hour: 'numeric',
+    minute: '2-digit',
+    timeZoneName: 'short',
+  };
+  return d.toLocaleString(undefined, { ...base, ...(options || {}) });
+};
+
+