natroc 0.0.1

package/server/dist/storage/agent-repository.js

@@ -0,0 +1,192 @@
+import { runInTransaction } from "./database.js";
+export class AgentRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    list(options) {
+        const rows = this.db
+            .prepare(`
+          SELECT * FROM agents
+          WHERE user_id = ?
+          ORDER BY is_default DESC, updated_at DESC, rowid DESC
+        `)
+            .all(options.userId);
+        return rows.map(mapAgentRow);
+    }
+    get(options) {
+        const row = this.db
+            .prepare("SELECT * FROM agents WHERE user_id = ? AND id = ?")
+            .get(options.userId, options.id);
+        return row ? mapAgentRow(row) : null;
+    }
+    getDefault(options) {
+        const row = this.db
+            .prepare(`
+          SELECT * FROM agents
+          WHERE user_id = ? AND is_enabled = 1
+          ORDER BY is_default DESC, updated_at DESC, rowid DESC
+          LIMIT 1
+        `)
+            .get(options.userId);
+        return row ? mapAgentRow(row) : null;
+    }
+    create(input) {
+        const id = crypto.randomUUID();
+        const now = new Date().toISOString();
+        const shouldDefault = input.isDefault === true || this.list({ userId: input.userId }).length === 0;
+        runInTransaction(this.db, () => {
+            if (shouldDefault) {
+                this.clearDefault(input.userId, now);
+            }
+            this.db
+                .prepare(`
+            INSERT INTO agents (
+              id,
+              user_id,
+              name,
+              description,
+              default_provider,
+              default_model,
+              workspace,
+              system_prompt,
+              config_json,
+              is_enabled,
+              is_default,
+              created_at,
+              updated_at
+            )
+            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+          `)
+                .run(id, input.userId, normalizeName(input.name), normalizeText(input.description), input.defaultProvider ?? null, normalizeOptional(input.defaultModel), normalizeOptional(input.workspace), normalizeText(input.systemPrompt), JSON.stringify(input.config ?? {}), input.isEnabled === false ? 0 : 1, shouldDefault ? 1 : 0, now, now);
+        });
+        return this.get({ userId: input.userId, id }) ?? failPersisted("Agent");
+    }
+    update(input) {
+        const existing = this.get(input);
+        if (!existing) {
+            throw new Error("Agent not found.");
+        }
+        const now = new Date().toISOString();
+        const next = {
+            name: input.name === undefined ? existing.name : normalizeName(input.name),
+            description: input.description === undefined
+                ? existing.description
+                : normalizeText(input.description),
+            defaultProvider: input.defaultProvider === undefined
+                ? existing.defaultProvider
+                : input.defaultProvider,
+            defaultModel: input.defaultModel === undefined
+                ? existing.defaultModel
+                : normalizeOptional(input.defaultModel),
+            workspace: input.workspace === undefined
+                ? existing.workspace
+                : normalizeOptional(input.workspace),
+            systemPrompt: input.systemPrompt === undefined
+                ? existing.systemPrompt
+                : normalizeText(input.systemPrompt),
+            config: input.config === undefined ? existing.config : (input.config ?? {}),
+            isEnabled: input.isEnabled === undefined ? existing.isEnabled : input.isEnabled,
+            isDefault: input.isDefault === undefined ? existing.isDefault : input.isDefault,
+        };
+        runInTransaction(this.db, () => {
+            if (next.isDefault) {
+                this.clearDefault(input.userId, now);
+            }
+            this.db
+                .prepare(`
+            UPDATE agents
+            SET
+              name = ?,
+              description = ?,
+              default_provider = ?,
+              default_model = ?,
+              workspace = ?,
+              system_prompt = ?,
+              config_json = ?,
+              is_enabled = ?,
+              is_default = ?,
+              updated_at = ?
+            WHERE user_id = ? AND id = ?
+          `)
+                .run(next.name, next.description, next.defaultProvider, next.defaultModel, next.workspace, next.systemPrompt, JSON.stringify(next.config), next.isEnabled ? 1 : 0, next.isDefault ? 1 : 0, now, input.userId, input.id);
+        });
+        return this.get(input) ?? failPersisted("Agent");
+    }
+    setDefault(options) {
+        const existing = this.get(options);
+        if (!existing) {
+            throw new Error("Agent not found.");
+        }
+        const now = new Date().toISOString();
+        runInTransaction(this.db, () => {
+            this.clearDefault(options.userId, now);
+            this.db
+                .prepare("UPDATE agents SET is_default = 1, is_enabled = 1, updated_at = ? WHERE user_id = ? AND id = ?")
+                .run(now, options.userId, options.id);
+        });
+        return this.get(options) ?? failPersisted("Agent");
+    }
+    delete(options) {
+        const existing = this.get(options);
+        if (!existing)
+            return false;
+        const result = this.db
+            .prepare("DELETE FROM agents WHERE user_id = ? AND id = ?")
+            .run(options.userId, options.id);
+        if (existing.isDefault) {
+            const replacement = this.list({ userId: options.userId })[0];
+            if (replacement) {
+                this.setDefault({ userId: options.userId, id: replacement.id });
+            }
+        }
+        return Number(result.changes) > 0;
+    }
+    clearDefault(userId, updatedAt) {
+        this.db
+            .prepare("UPDATE agents SET is_default = 0, updated_at = ? WHERE user_id = ?")
+            .run(updatedAt, userId);
+    }
+}
+function normalizeName(value) {
+    return value.trim().replace(/\s+/g, " ").slice(0, 80) || "Agent";
+}
+function normalizeText(value) {
+    return value?.trim() ?? "";
+}
+function normalizeOptional(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : null;
+}
+function safeParseConfig(value) {
+    try {
+        const parsed = JSON.parse(value);
+        return parsed && typeof parsed === "object" && !Array.isArray(parsed)
+            ? parsed
+            : {};
+    }
+    catch {
+        return {};
+    }
+}
+function mapAgentRow(row) {
+    return {
+        id: row.id,
+        userId: row.user_id,
+        name: row.name,
+        description: row.description,
+        defaultProvider: row.default_provider,
+        defaultModel: row.default_model,
+        workspace: row.workspace,
+        systemPrompt: row.system_prompt,
+        config: safeParseConfig(row.config_json),
+        isEnabled: row.is_enabled === 1,
+        isDefault: row.is_default === 1,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+    };
+}
+function failPersisted(entity) {
+    throw new Error(`${entity} was not persisted.`);
+}
+//# sourceMappingURL=agent-repository.js.map

package/server/dist/storage/agent-repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-repository.js","sourceRoot":"","sources":["../../src/storage/agent-repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,eAAe,CAAA;AAwDzE,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,EAAsB;QAAtB,OAAE,GAAF,EAAE,CAAoB;IAAG,CAAC;IAEvD,IAAI,CAAC,OAA2B;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN;;;;SAIC,CACF;aACA,GAAG,CAAC,OAAO,CAAC,MAAM,CAAe,CAAA;QAEpC,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC9B,CAAC;IAED,GAAG,CAAC,OAAuC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,mDAAmD,CAAC;aAC5D,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAyB,CAAA;QAE1D,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACtC,CAAC;IAED,UAAU,CAAC,OAA2B;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CACN;;;;;SAKC,CACF;aACA,GAAG,CAAC,OAAO,CAAC,MAAM,CAAyB,CAAA;QAE9C,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACtC,CAAC;IAED,MAAM,CAAC,KAAuB;QAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QAC9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,aAAa,GACjB,KAAK,CAAC,SAAS,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,CAAA;QAE9E,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE;YAC7B,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YAED,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;;;;;;;;;;;;;;;WAiBC,CACF;iBACA,GAAG,CACF,EAAE,EACF,KAAK,CAAC,MAAM,EACZ,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,EACzB,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC,EAChC,KAAK,CAAC,eAAe,IAAI,IAAI,EAC7B,iBAAiB,CAAC,KAAK,CAAC,YAAY,CAAC,EACrC,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,EAClC,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,EAClC,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACjC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACrB,GAAG,EACH,GAAG,CACJ,CAAA;QACL,CAAC,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;IACzE,CAAC;IAED,MAAM,CAAC,KAAuB;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QAEhC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;QACrC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,IAAI,GAAG;YACX,IAAI,EAAE,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;YAC1E,WAAW,EACT,KAAK,CAAC,WAAW,KAAK,SAAS;gBAC7B,CAAC,CAAC,QAAQ,CAAC,WAAW;gBACtB,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC;YACtC,eAAe,EACb,KAAK,CAAC,eAAe,KAAK,SAAS;gBACjC,CAAC,CAAC,QAAQ,CAAC,eAAe;gBAC1B,CAAC,CAAC,KAAK,CAAC,eAAe;YAC3B,YAAY,EACV,KAAK,CAAC,YAAY,KAAK,SAAS;gBAC9B,CAAC,CAAC,QAAQ,CAAC,YAAY;gBACvB,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,YAAY,CAAC;YAC3C,SAAS,EACP,KAAK,CAAC,SAAS,KAAK,SAAS;gBAC3B,CAAC,CAAC,QAAQ,CAAC,SAAS;gBACpB,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC;YACxC,YAAY,EACV,KAAK,CAAC,YAAY,KAAK,SAAS;gBAC9B,CAAC,CAAC,QAAQ,CAAC,YAAY;gBACvB,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC;YACvC,MAAM,EAAE,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAC3E,SAAS,EACP,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS;YACtE,SAAS,EACP,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS;SACvE,CAAA;QAED,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE;YAC7B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YAED,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN;;;;;;;;;;;;;;WAcC,CACF;iBACA,GAAG,CACF,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAC3B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACtB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACtB,GAAG,EACH,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,EAAE,CACT,CAAA;QACL,CAAC,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC;IAED,UAAU,CAAC,OAAuC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAElC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;QACrC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE;YAC7B,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YACtC,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN,+FAA+F,CAChG;iBACA,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;QACzC,CAAC,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC,CAAA;IACpD,CAAC;IAED,MAAM,CAAC,OAAuC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAA;QAE3B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CAAC,iDAAiD,CAAC;aAC1D,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;QAElC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5D,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC;IAEO,YAAY,CAAC,MAAc,EAAE,SAAiB;QACpD,IAAI,CAAC,EAAE;aACJ,OAAO,CACN,oEAAoE,CACrE;aACA,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IAC3B,CAAC;CACF;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,OAAO,CAAA;AAClE,CAAC;AAED,SAAS,aAAa,CAAC,KAAgC;IACrD,OAAO,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AAC5B,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAgC;IACzD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAA;IAC7B,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;AACjC,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACzC,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACnE,CAAC,CAAE,MAAkC;YACrC,CAAC,CAAC,EAAE,CAAA;IACR,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAa;IAChC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,MAAM,EAAE,GAAG,CAAC,OAAO;QACnB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,eAAe,EAAE,GAAG,CAAC,gBAAgB;QACrC,YAAY,EAAE,GAAG,CAAC,aAAa;QAC/B,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,YAAY,EAAE,GAAG,CAAC,aAAa;QAC/B,MAAM,EAAE,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;QACxC,SAAS,EAAE,GAAG,CAAC,UAAU,KAAK,CAAC;QAC/B,SAAS,EAAE,GAAG,CAAC,UAAU,KAAK,CAAC;QAC/B,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAA;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,qBAAqB,CAAC,CAAA;AACjD,CAAC"}

package/server/dist/storage/auth-repository.d.ts

@@ -0,0 +1,49 @@
+import { type DatabaseConnection } from "./database.js";
+export type UserRecord = {
+    id: string;
+    username: string;
+    fullName: string;
+    avatarFileName: string | null;
+    createdAt: string;
+    updatedAt: string;
+};
+export type UserWithSecret = UserRecord & {
+    passwordHash: string;
+    passwordSalt: string;
+};
+export type SessionRecord = {
+    token: string;
+    userId: string;
+    createdAt: string;
+    expiresAt: string;
+};
+export type CreateUserInput = {
+    username: string;
+    fullName: string;
+    passwordHash: string;
+    passwordSalt: string;
+};
+export declare class AuthRepository {
+    private readonly db;
+    constructor(db: DatabaseConnection);
+    countUsers(): number;
+    /**
+     * Mengambil id user yang paling pertama dibuat. Dipakai oleh CLI helper
+     * (`natroc cli-token`) untuk asumsi single-user. Mengembalikan null bila
+     * belum ada user.
+     */
+    getFirstUserId(): string | null;
+    createUser(input: CreateUserInput): UserRecord;
+    getUserByUsername(username: string): UserWithSecret | null;
+    getUserById(id: string): UserRecord | null;
+    getUserWithSecretById(id: string): UserWithSecret | null;
+    updatePassword(input: {
+        userId: string;
+        passwordHash: string;
+        passwordSalt: string;
+    }): UserRecord | null;
+    updateAvatarFileName(userId: string, avatarFileName: string | null): UserRecord | null;
+    createSession(userId: string): SessionRecord;
+    getSessionUser(token: string): UserRecord | null;
+    deleteSession(token: string): boolean;
+}

package/server/dist/storage/auth-repository.js

@@ -0,0 +1,139 @@
+import { randomBytes } from "node:crypto";
+import { assignLegacyDataToSingleUser, } from "./database.js";
+const SESSION_TTL_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
+export class AuthRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    countUsers() {
+        const row = this.db
+            .prepare("SELECT COUNT(*) as count FROM users")
+            .get();
+        return row.count;
+    }
+    /**
+     * Mengambil id user yang paling pertama dibuat. Dipakai oleh CLI helper
+     * (`natroc cli-token`) untuk asumsi single-user. Mengembalikan null bila
+     * belum ada user.
+     */
+    getFirstUserId() {
+        const row = this.db
+            .prepare("SELECT id FROM users ORDER BY created_at ASC LIMIT 1")
+            .get();
+        return row?.id ?? null;
+    }
+    createUser(input) {
+        const id = crypto.randomUUID();
+        const now = new Date().toISOString();
+        this.db
+            .prepare(`
+        INSERT INTO users (
+          id,
+          username,
+          full_name,
+          password_hash,
+          password_salt,
+          created_at,
+          updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, ?, ?)
+      `)
+            .run(id, input.username, input.fullName, input.passwordHash, input.passwordSalt, now, now);
+        assignLegacyDataToSingleUser(this.db);
+        return {
+            id,
+            username: input.username,
+            fullName: input.fullName,
+            avatarFileName: null,
+            createdAt: now,
+            updatedAt: now,
+        };
+    }
+    getUserByUsername(username) {
+        const row = this.db
+            .prepare("SELECT * FROM users WHERE username = ?")
+            .get(username);
+        return row ? mapUserWithSecret(row) : null;
+    }
+    getUserById(id) {
+        const row = this.db
+            .prepare("SELECT * FROM users WHERE id = ?")
+            .get(id);
+        return row ? mapUser(row) : null;
+    }
+    getUserWithSecretById(id) {
+        const row = this.db
+            .prepare("SELECT * FROM users WHERE id = ?")
+            .get(id);
+        return row ? mapUserWithSecret(row) : null;
+    }
+    updatePassword(input) {
+        const now = new Date().toISOString();
+        this.db
+            .prepare(`
+        UPDATE users
+        SET password_hash = ?, password_salt = ?, updated_at = ?
+        WHERE id = ?
+      `)
+            .run(input.passwordHash, input.passwordSalt, now, input.userId);
+        return this.getUserById(input.userId);
+    }
+    updateAvatarFileName(userId, avatarFileName) {
+        const now = new Date().toISOString();
+        this.db
+            .prepare(`
+        UPDATE users
+        SET avatar_file_name = ?, updated_at = ?
+        WHERE id = ?
+      `)
+            .run(avatarFileName, now, userId);
+        return this.getUserById(userId);
+    }
+    createSession(userId) {
+        const token = randomBytes(32).toString("hex");
+        const now = Date.now();
+        const createdAt = new Date(now).toISOString();
+        const expiresAt = new Date(now + SESSION_TTL_MS).toISOString();
+        this.db
+            .prepare("INSERT INTO sessions (token, user_id, created_at, expires_at) VALUES (?, ?, ?, ?)")
+            .run(token, userId, createdAt, expiresAt);
+        return { token, userId, createdAt, expiresAt };
+    }
+    getSessionUser(token) {
+        const row = this.db
+            .prepare("SELECT * FROM sessions WHERE token = ?")
+            .get(token);
+        if (!row)
+            return null;
+        if (new Date(row.expires_at).getTime() < Date.now()) {
+            this.deleteSession(token);
+            return null;
+        }
+        return this.getUserById(row.user_id);
+    }
+    deleteSession(token) {
+        const result = this.db
+            .prepare("DELETE FROM sessions WHERE token = ?")
+            .run(token);
+        return Number(result.changes) > 0;
+    }
+}
+function mapUser(row) {
+    return {
+        id: row.id,
+        username: row.username,
+        fullName: row.full_name,
+        avatarFileName: row.avatar_file_name ?? null,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+    };
+}
+function mapUserWithSecret(row) {
+    return {
+        ...mapUser(row),
+        passwordHash: row.password_hash,
+        passwordSalt: row.password_salt,
+    };
+}
+//# sourceMappingURL=auth-repository.js.map

package/server/dist/storage/auth-repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-repository.js","sourceRoot":"","sources":["../../src/storage/auth-repository.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEzC,OAAO,EACL,4BAA4B,GAE7B,MAAM,eAAe,CAAA;AAgDtB,MAAM,cAAc,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA,CAAC,UAAU;AAE1D,MAAM,OAAO,cAAc;IACI;IAA7B,YAA6B,EAAsB;QAAtB,OAAE,GAAF,EAAE,CAAoB;IAAG,CAAC;IAEvD,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,qCAAqC,CAAC;aAC9C,GAAG,EAAuB,CAAA;QAE7B,OAAO,GAAG,CAAC,KAAK,CAAA;IAClB,CAAC;IAED;;;;OAIG;IACH,cAAc;QACZ,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,sDAAsD,CAAC;aAC/D,GAAG,EAAiC,CAAA;QAEvC,OAAO,GAAG,EAAE,EAAE,IAAI,IAAI,CAAA;IACxB,CAAC;IAED,UAAU,CAAC,KAAsB;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QAC9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAEpC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;;;;;;;;OAWD,CACA;aACA,GAAG,CACF,EAAE,EACF,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,YAAY,EAClB,GAAG,EACH,GAAG,CACJ,CAAA;QAEH,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAErC,OAAO;YACL,EAAE;YACF,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,cAAc,EAAE,IAAI;YACpB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,CAAA;IACH,CAAC;IAED,iBAAiB,CAAC,QAAgB;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,wCAAwC,CAAC;aACjD,GAAG,CAAC,QAAQ,CAAwB,CAAA;QAEvC,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC5C,CAAC;IAED,WAAW,CAAC,EAAU;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,kCAAkC,CAAC;aAC3C,GAAG,CAAC,EAAE,CAAwB,CAAA;QAEjC,OAAO,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClC,CAAC;IAED,qBAAqB,CAAC,EAAU;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,kCAAkC,CAAC;aAC3C,GAAG,CAAC,EAAE,CAAwB,CAAA;QAEjC,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC5C,CAAC;IAED,cAAc,CAAC,KAId;QACC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAEpC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;OAID,CACA;aACA,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QAEjE,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACvC,CAAC;IAED,oBAAoB,CAClB,MAAc,EACd,cAA6B;QAE7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAEpC,IAAI,CAAC,EAAE;aACJ,OAAO,CACN;;;;OAID,CACA;aACA,GAAG,CAAC,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QAEnC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;IACjC,CAAC;IAED,aAAa,CAAC,MAAc;QAC1B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;QAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,cAAc,CAAC,CAAC,WAAW,EAAE,CAAA;QAE9D,IAAI,CAAC,EAAE;aACJ,OAAO,CACN,mFAAmF,CACpF;aACA,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;QAE3C,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA;IAChD,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,wCAAwC,CAAC;aACjD,GAAG,CAAC,KAAK,CAA2B,CAAA;QAEvC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;YACzB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACtC,CAAC;IAED,aAAa,CAAC,KAAa;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CAAC,sCAAsC,CAAC;aAC/C,GAAG,CAAC,KAAK,CAAC,CAAA;QAEb,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC;CACF;AAED,SAAS,OAAO,CAAC,GAAY;IAC3B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,QAAQ,EAAE,GAAG,CAAC,SAAS;QACvB,cAAc,EAAE,GAAG,CAAC,gBAAgB,IAAI,IAAI;QAC5C,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,SAAS,EAAE,GAAG,CAAC,UAAU;KAC1B,CAAA;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY;IACrC,OAAO;QACL,GAAG,OAAO,CAAC,GAAG,CAAC;QACf,YAAY,EAAE,GAAG,CAAC,aAAa;QAC/B,YAAY,EAAE,GAAG,CAAC,aAAa;KAChC,CAAA;AACH,CAAC"}

package/server/dist/storage/channel-repository.d.ts

@@ -0,0 +1,152 @@
+import { type DatabaseConnection } from "./database.js";
+export type ChannelKind = "telegram" | "whatsapp";
+export type ChannelAccountStatus = "disconnected" | "connecting" | "connected" | "error";
+export type ChannelAccountRecord = {
+    id: string;
+    userId: string;
+    channel: ChannelKind;
+    displayName: string;
+    accountRef: string | null;
+    secretRef: string | null;
+    status: ChannelAccountStatus;
+    isEnabled: boolean;
+    allowlist: string[];
+    metadata: Record<string, unknown>;
+    lastError: string | null;
+    connectedAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+};
+/**
+ * agar tidak butuh migrasi skema. Field opsional — default lihat
+ * {@link DEFAULT_CHANNEL_POLICY}.
+ */
+export type ChannelAccountPolicy = {
+    dmPolicy?: "pairing" | "allowlist" | "open" | "disabled";
+    groupPolicy?: "allowlist" | "open" | "disabled";
+    groupAllowFrom?: string[];
+    textChunkLimit?: number;
+    chunkMode?: "length";
+    mediaMaxMb?: number;
+    sendReadReceipts?: boolean;
+    requireMention?: boolean;
+};
+/**
+ * Default policy. `allowlist` di DM + `disabled` di group adalah default
+ * konservatif: tidak akan membalas siapa pun yang tidak diizinkan eksplisit.
+ */
+export declare const DEFAULT_CHANNEL_POLICY: Required<ChannelAccountPolicy>;
+/** Mengambil policy efektif (defaults + override dari `account.metadata.policy`). */
+export declare function getAccountPolicy(account: ChannelAccountRecord): Required<ChannelAccountPolicy>;
+export type ChannelBindingRecord = {
+    id: string;
+    userId: string;
+    accountId: string;
+    agentId: string;
+    peer: string;
+    isEnabled: boolean;
+    createdAt: string;
+    updatedAt: string;
+};
+export type ChannelLogRecord = {
+    id: string;
+    userId: string;
+    accountId: string;
+    bindingId: string | null;
+    channel: ChannelKind;
+    peer: string;
+    direction: "inbound" | "outbound";
+    messageText: string;
+    status: "ok" | "error";
+    error: string | null;
+    createdAt: string;
+};
+export type CreateChannelAccountInput = {
+    userId: string;
+    channel: ChannelKind;
+    displayName: string;
+    accountRef?: string | null;
+    secretRef?: string | null;
+    status?: ChannelAccountStatus;
+    isEnabled?: boolean;
+    allowlist?: string[];
+    metadata?: Record<string, unknown>;
+    lastError?: string | null;
+};
+export type UpdateChannelAccountInput = Partial<Omit<CreateChannelAccountInput, "userId" | "channel">> & {
+    userId: string;
+    id: string;
+    channel?: ChannelKind;
+    connectedAt?: string | null;
+};
+export declare class ChannelRepository {
+    private readonly db;
+    constructor(db: DatabaseConnection);
+    listAccounts(options: {
+        userId: string;
+    }): ChannelAccountRecord[];
+    listAccountsForRuntime(): ChannelAccountRecord[];
+    getAccount(options: {
+        userId: string;
+        id: string;
+    }): ChannelAccountRecord | null;
+    createAccount(input: CreateChannelAccountInput): ChannelAccountRecord;
+    updateAccount(input: UpdateChannelAccountInput): ChannelAccountRecord;
+    deleteAccount(options: {
+        userId: string;
+        id: string;
+    }): boolean;
+    setSecret(input: {
+        userId: string;
+        channel: ChannelKind;
+        secretRef: string;
+        encryptedValue: string;
+    }): void;
+    getSecret(options: {
+        userId: string;
+        secretRef: string;
+    }): string | null;
+    listBindings(options: {
+        userId: string;
+    }): ChannelBindingRecord[];
+    createBinding(input: {
+        userId: string;
+        accountId: string;
+        agentId: string;
+        peer: string;
+        isEnabled?: boolean;
+    }): ChannelBindingRecord;
+    updateBinding(input: {
+        userId: string;
+        id: string;
+        agentId?: string;
+        peer?: string;
+        isEnabled?: boolean;
+    }): ChannelBindingRecord;
+    deleteBinding(options: {
+        userId: string;
+        id: string;
+    }): boolean;
+    resolveBinding(options: {
+        userId: string;
+        accountId: string;
+        peer: string;
+    }): ChannelBindingRecord | null;
+    createLog(input: {
+        userId: string;
+        accountId: string;
+        bindingId?: string | null;
+        channel: ChannelKind;
+        peer: string;
+        direction: "inbound" | "outbound";
+        messageText: string;
+        status: "ok" | "error";
+        error?: string | null;
+    }): ChannelLogRecord;
+    listLogs(options: {
+        userId: string;
+        limit?: number;
+    }): ChannelLogRecord[];
+    private getBinding;
+    private assertAccountBelongsToUser;
+}