openvolo 0.1.2

package/src/app/api/platforms/x/auth/route.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from "next/server";
+import { randomBytes, createHash } from "crypto";
+import { getXClientCredentials } from "@/lib/platforms/x/auth";
+import { savePkceState } from "@/lib/platforms/x/pkce-store";
+
+// Free tier: CRM engagement + messaging (requires "Read and write and Direct message" in X Developer Portal)
+const FREE_SCOPES = "tweet.read tweet.write tweet.moderate.write users.read like.read like.write bookmark.read bookmark.write dm.read dm.write offline.access";
+// Basic+ tier: adds contact management scopes (follows, lists, mute, block)
+const EXTENDED_SCOPES = "tweet.read tweet.write tweet.moderate.write users.read like.read like.write bookmark.read bookmark.write dm.read dm.write follows.read follows.write list.read list.write mute.read mute.write block.read block.write space.read offline.access";
+
+/**
+ * GET /api/platforms/x/auth
+ * Generate PKCE challenge and return the X OAuth 2.0 authorization URL.
+ * Pass ?extended=true to request Basic+ tier scopes (follows.read/write).
+ */
+export async function GET(req: NextRequest) {
+  try {
+    const { clientId } = getXClientCredentials();
+    const extended = req.nextUrl.searchParams.get("extended") === "true";
+
+    // Determine redirect URI from the request origin
+    const origin = req.headers.get("origin") || req.nextUrl.origin;
+    const redirectUri = `${origin}/api/platforms/x/callback`;
+
+    // Generate PKCE code verifier and challenge
+    const codeVerifier = randomBytes(32).toString("base64url");
+    const codeChallenge = createHash("sha256").update(codeVerifier).digest("base64url");
+
+    // Generate state parameter for CSRF protection
+    const state = randomBytes(16).toString("hex");
+
+    // Store PKCE state with tier metadata (in-memory, 10-min TTL)
+    savePkceState(state, codeVerifier, extended);
+
+    const params = new URLSearchParams({
+      response_type: "code",
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      scope: extended ? EXTENDED_SCOPES : FREE_SCOPES,
+      state,
+      code_challenge: codeChallenge,
+      code_challenge_method: "S256",
+    });
+
+    const authUrl = `https://x.com/i/oauth2/authorize?${params.toString()}`;
+
+    return NextResponse.json({ authUrl, state });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to generate auth URL";
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}

package/src/app/api/platforms/x/browser-session/route.ts

@@ -0,0 +1,79 @@
+import { NextRequest, NextResponse } from "next/server";
+import {
+  hasSession,
+  loadSession,
+  clearSession,
+  setupSession,
+  validateSession,
+} from "@/lib/browser/session";
+
+/**
+ * POST /api/platforms/x/browser-session
+ * Manage browser session for X.
+ * Body: { action: "setup" | "validate" }
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const body = await req.json().catch(() => ({}));
+    const action = body.action || "setup";
+
+    switch (action) {
+      case "setup": {
+        // Launch headed browser for manual login
+        const session = await setupSession("x");
+        return NextResponse.json({
+          status: "session_created",
+          createdAt: session.createdAt,
+        });
+      }
+
+      case "validate": {
+        const isValid = await validateSession("x");
+        return NextResponse.json({
+          status: isValid ? "valid" : "invalid",
+          isValid,
+        });
+      }
+
+      default:
+        return NextResponse.json(
+          { error: `Unknown action: ${action}` },
+          { status: 400 }
+        );
+    }
+  } catch (error) {
+    const message =
+      error instanceof Error ? error.message : "Browser session operation failed";
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}
+
+/**
+ * GET /api/platforms/x/browser-session
+ * Check browser session status.
+ */
+export async function GET() {
+  const exists = hasSession("x");
+
+  if (!exists) {
+    return NextResponse.json({
+      hasSession: false,
+    });
+  }
+
+  const session = loadSession("x");
+  return NextResponse.json({
+    hasSession: true,
+    lastValidatedAt: session?.lastValidatedAt ?? null,
+    createdAt: session?.createdAt ?? null,
+  });
+}
+
+/**
+ * DELETE /api/platforms/x/browser-session
+ * Clear stored browser session.
+ */
+export async function DELETE() {
+  clearSession("x");
+  return NextResponse.json({ status: "cleared" });
+}

package/src/app/api/platforms/x/callback/route.ts

@@ -0,0 +1,130 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getXClientCredentials, saveXCredentials } from "@/lib/platforms/x/auth";
+import { getPkceState } from "@/lib/platforms/x/pkce-store";
+import { encrypt } from "@/lib/auth/crypto";
+import {
+  createPlatformAccount,
+  getPlatformAccountByPlatform,
+  updatePlatformAccount,
+} from "@/lib/db/queries/platform-accounts";
+import type { PlatformCredentials } from "@/lib/platforms/adapter";
+
+/**
+ * GET /api/platforms/x/callback?code=...&state=...
+ * OAuth 2.0 callback — exchanges code for tokens, fetches user profile, stores account.
+ */
+export async function GET(req: NextRequest) {
+  const { searchParams } = new URL(req.url);
+  const code = searchParams.get("code");
+  const state = searchParams.get("state");
+  const error = searchParams.get("error");
+
+  // Handle OAuth denial
+  if (error) {
+    return NextResponse.redirect(
+      new URL(`/dashboard/settings?error=${encodeURIComponent(error)}`, req.url)
+    );
+  }
+
+  if (!code || !state) {
+    return NextResponse.redirect(
+      new URL("/dashboard/settings?error=missing_params", req.url)
+    );
+  }
+
+  // Validate PKCE state
+  const pkceEntry = getPkceState(state);
+  if (!pkceEntry) {
+    return NextResponse.redirect(
+      new URL("/dashboard/settings?error=invalid_state", req.url)
+    );
+  }
+  const { codeVerifier } = pkceEntry;
+
+  try {
+    const { clientId, clientSecret } = getXClientCredentials();
+    const origin = req.nextUrl.origin;
+    const redirectUri = `${origin}/api/platforms/x/callback`;
+
+    // Exchange authorization code for tokens
+    const tokenRes = await fetch("https://api.x.com/2/oauth2/token", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,
+      },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: redirectUri,
+        code_verifier: codeVerifier,
+      }),
+    });
+
+    if (!tokenRes.ok) {
+      const errText = await tokenRes.text();
+      console.error("Token exchange failed:", errText);
+      return NextResponse.redirect(
+        new URL("/dashboard/settings?error=token_exchange_failed", req.url)
+      );
+    }
+
+    const tokenData = await tokenRes.json();
+    // X returns the actually-granted scopes in the token response
+    const grantedScopes: string = tokenData.scope ?? "";
+    const creds: PlatformCredentials = {
+      accessToken: tokenData.access_token,
+      refreshToken: tokenData.refresh_token,
+      expiresAt: Math.floor(Date.now() / 1000) + tokenData.expires_in,
+      grantedScopes,
+    };
+
+    // Fetch user profile from X API
+    const profileRes = await fetch(
+      "https://api.x.com/2/users/me?user.fields=name,username,description,location,url,profile_image_url,public_metrics",
+      {
+        headers: { Authorization: `Bearer ${creds.accessToken}` },
+      }
+    );
+
+    if (!profileRes.ok) {
+      const errText = await profileRes.text();
+      console.error("Profile fetch failed:", errText);
+      return NextResponse.redirect(
+        new URL("/dashboard/settings?error=profile_fetch_failed", req.url)
+      );
+    }
+
+    const profileData = await profileRes.json();
+    const xUser = profileData.data;
+
+    // Upsert platform account
+    const existing = getPlatformAccountByPlatform("x");
+    if (existing) {
+      updatePlatformAccount(existing.id, {
+        displayName: `@${xUser.username}`,
+        credentialsEncrypted: encrypt(JSON.stringify(creds)),
+        status: "active",
+      });
+    } else {
+      const account = createPlatformAccount({
+        platform: "x",
+        displayName: `@${xUser.username}`,
+        authType: "oauth",
+        credentialsEncrypted: encrypt(JSON.stringify(creds)),
+        status: "active",
+      });
+      // Save credentials after creation (already encrypted in createPlatformAccount call above)
+      void account; // credentials already stored inline
+    }
+
+    return NextResponse.redirect(
+      new URL("/dashboard/settings?connected=x", req.url)
+    );
+  } catch (err) {
+    console.error("OAuth callback error:", err);
+    return NextResponse.redirect(
+      new URL("/dashboard/settings?error=callback_failed", req.url)
+    );
+  }
+}

package/src/app/api/platforms/x/compose/route.ts

@@ -0,0 +1,247 @@
+import { NextRequest, NextResponse } from "next/server";
+import { z } from "zod";
+import { nanoid } from "nanoid";
+import { getPlatformAccountByPlatform } from "@/lib/db/queries/platform-accounts";
+import { createContentItem, updateContentItem, getContentItem, getThreadItems } from "@/lib/db/queries/content";
+import {
+  getAuthenticatedUser,
+  postTweet,
+  postThread,
+  RateLimitError,
+  TierRestrictedError,
+} from "@/lib/platforms/x/client";
+
+const composeSchema = z.object({
+  tweets: z.array(z.string().min(1).max(280)).min(1).max(25),
+  saveAsDraft: z.boolean().optional(),
+  draftId: z.string().optional(),
+});
+
+/**
+ * POST /api/platforms/x/compose
+ * Compose and publish tweets/threads, or save as drafts.
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const account = getPlatformAccountByPlatform("x");
+    if (!account) {
+      return NextResponse.json({ error: "No X account connected" }, { status: 400 });
+    }
+
+    if (account.status === "needs_reauth") {
+      return NextResponse.json({ error: "X account needs re-authentication" }, { status: 401 });
+    }
+
+    const body = await req.json();
+    const { tweets, saveAsDraft, draftId } = composeSchema.parse(body);
+
+    const isThread = tweets.length > 1;
+    const threadId = draftId
+      ? getExistingThreadId(draftId)
+      : (isThread ? nanoid() : null);
+
+    // --- Save as draft ---
+    if (saveAsDraft) {
+      const items = saveDraftItems(tweets, threadId, draftId, account.id);
+      return NextResponse.json({ success: true, draft: true, items });
+    }
+
+    // --- Publish ---
+    if (isThread) {
+      const result = await postThread(account.id, tweets);
+      const me = await getAuthenticatedUser(account.id);
+
+      // Create content items for each posted tweet
+      const items = result.posted.map((tweet, i) => {
+        const item = createContentItem(
+          {
+            body: tweets[i],
+            contentType: i === 0 ? "thread" : "reply",
+            status: "published",
+            origin: "authored",
+            direction: "outbound",
+            platformAccountId: account.id,
+            threadId: threadId!,
+            parentItemId: i > 0 ? undefined : undefined, // linked via threadId
+          },
+          {
+            platformAccountId: account.id,
+            platformPostId: tweet.id,
+            platformUrl: `https://x.com/${me.username}/status/${tweet.id}`,
+            publishedAt: Math.floor(Date.now() / 1000),
+            status: "published",
+            engagementSnapshot: JSON.stringify({
+              likes: 0,
+              replies: 0,
+              retweets: 0,
+              quotes: 0,
+            }),
+          }
+        );
+        return item;
+      });
+
+      // Clean up draft items if publishing from a draft
+      if (draftId) {
+        cleanupDraftItems(draftId);
+      }
+
+      if (result.error) {
+        return NextResponse.json({
+          success: true,
+          partial: true,
+          error: result.error,
+          published: items.length,
+          total: tweets.length,
+          items,
+        });
+      }
+
+      return NextResponse.json({ success: true, items });
+    }
+
+    // Single tweet
+    const tweet = await postTweet(account.id, tweets[0]);
+    const me = await getAuthenticatedUser(account.id);
+
+    const item = createContentItem(
+      {
+        body: tweets[0],
+        contentType: "post",
+        status: "published",
+        origin: "authored",
+        direction: "outbound",
+        platformAccountId: account.id,
+      },
+      {
+        platformAccountId: account.id,
+        platformPostId: tweet.id,
+        platformUrl: `https://x.com/${me.username}/status/${tweet.id}`,
+        publishedAt: Math.floor(Date.now() / 1000),
+        status: "published",
+        engagementSnapshot: JSON.stringify({
+          likes: 0,
+          replies: 0,
+          retweets: 0,
+          quotes: 0,
+        }),
+      }
+    );
+
+    // Clean up draft if publishing from one
+    if (draftId) {
+      cleanupDraftItems(draftId);
+    }
+
+    return NextResponse.json({ success: true, items: [item] });
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors }, { status: 400 });
+    }
+    if (error instanceof RateLimitError) {
+      return NextResponse.json(
+        { error: `Rate limited. Try again in ${error.retryAfter} seconds.`, retryAfter: error.retryAfter },
+        { status: 429 }
+      );
+    }
+    if (error instanceof TierRestrictedError) {
+      return NextResponse.json(
+        { error: "Posting requires a higher X API tier.", code: "TIER_RESTRICTED" },
+        { status: 403 }
+      );
+    }
+    const message = error instanceof Error ? error.message : "Compose failed";
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}
+
+/** Get existing threadId from a draft's first content item. */
+function getExistingThreadId(draftId: string): string | null {
+  const item = getContentItem(draftId);
+  return item?.threadId ?? null;
+}
+
+/** Save tweets as draft content items. If draftId provided, update existing draft. */
+function saveDraftItems(
+  tweets: string[],
+  threadId: string | null,
+  draftId: string | undefined,
+  accountId: string
+) {
+  const isThread = tweets.length > 1;
+
+  // If updating existing draft, update the first item and handle additions/removals
+  if (draftId) {
+    const existing = getContentItem(draftId);
+    if (existing) {
+      const existingThreadItems = existing.threadId
+        ? getThreadItems(existing.threadId)
+        : [existing];
+
+      // Update existing items with new text, create new items if needed
+      const updatedItems = [];
+      for (let i = 0; i < tweets.length; i++) {
+        if (i < existingThreadItems.length) {
+          // Update existing item
+          const updated = updateContentItem(existingThreadItems[i].id, {
+            body: tweets[i],
+            contentType: isThread ? (i === 0 ? "thread" : "reply") : "post",
+          });
+          if (updated) updatedItems.push(updated);
+        } else {
+          // Create new item for additional tweets
+          const item = createContentItem({
+            body: tweets[i],
+            contentType: isThread ? "reply" : "post",
+            status: "draft",
+            origin: "authored",
+            direction: "outbound",
+            platformAccountId: accountId,
+            threadId: threadId,
+          });
+          updatedItems.push(item);
+        }
+      }
+
+      // Delete excess items if the new draft has fewer tweets
+      for (let i = tweets.length; i < existingThreadItems.length; i++) {
+        updateContentItem(existingThreadItems[i].id, { status: "draft" });
+        // We can't delete easily, so just leave extras — they'll be cleaned up on publish
+      }
+
+      return updatedItems;
+    }
+  }
+
+  // Create new draft items
+  const items = tweets.map((text, i) => {
+    return createContentItem({
+      body: text,
+      contentType: isThread ? (i === 0 ? "thread" : "reply") : "post",
+      status: "draft",
+      origin: "authored",
+      direction: "outbound",
+      platformAccountId: accountId,
+      threadId: isThread ? threadId : null,
+    });
+  });
+
+  return items;
+}
+
+/** Remove draft items after successful publish. */
+function cleanupDraftItems(draftId: string) {
+  const item = getContentItem(draftId);
+  if (!item) return;
+
+  if (item.threadId) {
+    const threadItems = getThreadItems(item.threadId);
+    for (const ti of threadItems) {
+      if (ti.status === "draft") {
+        updateContentItem(ti.id, { status: "published" });
+      }
+    }
+  } else {
+    updateContentItem(draftId, { status: "published" });
+  }
+}

package/src/app/api/platforms/x/engage/route.ts

@@ -0,0 +1,113 @@
+import { NextRequest, NextResponse } from "next/server";
+import { z } from "zod";
+import { getPlatformAccountByPlatform } from "@/lib/db/queries/platform-accounts";
+import { createEngagement } from "@/lib/db/queries/engagements";
+import {
+  getAuthenticatedUser,
+  likeTweet,
+  unlikeTweet,
+  retweet,
+  unretweet,
+  replyToTweet,
+  RateLimitError,
+  TierRestrictedError,
+} from "@/lib/platforms/x/client";
+
+const engageSchema = z.object({
+  action: z.enum(["like", "unlike", "retweet", "unretweet", "reply"]),
+  tweetId: z.string().min(1),
+  contentPostId: z.string().optional(),
+  text: z.string().optional(),
+});
+
+/**
+ * POST /api/platforms/x/engage
+ * Perform an engagement action (like, retweet, reply) on a tweet.
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const account = getPlatformAccountByPlatform("x");
+    if (!account) {
+      return NextResponse.json({ error: "No X account connected" }, { status: 400 });
+    }
+
+    if (account.status === "needs_reauth") {
+      return NextResponse.json({ error: "X account needs re-authentication" }, { status: 401 });
+    }
+
+    const body = await req.json();
+    const { action, tweetId, contentPostId, text } = engageSchema.parse(body);
+
+    if (action === "reply" && !text) {
+      return NextResponse.json({ error: "Reply text is required" }, { status: 400 });
+    }
+
+    // Get the authenticated user's platform ID (needed for like/retweet endpoints)
+    const me = await getAuthenticatedUser(account.id);
+
+    let result: unknown;
+
+    switch (action) {
+      case "like":
+        result = await likeTweet(account.id, me.id, tweetId);
+        break;
+      case "unlike":
+        result = await unlikeTweet(account.id, me.id, tweetId);
+        break;
+      case "retweet":
+        result = await retweet(account.id, me.id, tweetId);
+        break;
+      case "unretweet":
+        result = await unretweet(account.id, me.id, tweetId);
+        break;
+      case "reply":
+        result = await replyToTweet(account.id, tweetId, text!);
+        break;
+    }
+
+    // Record the engagement in the database
+    const engagementTypeMap = {
+      like: "like",
+      unlike: "like",
+      retweet: "retweet",
+      unretweet: "retweet",
+      reply: "reply",
+    } as const;
+
+    createEngagement({
+      contactId: null,
+      platformAccountId: account.id,
+      engagementType: engagementTypeMap[action],
+      direction: "outbound",
+      content: action === "reply" ? text ?? null : null,
+      templateId: null,
+      workflowRunId: null,
+      contentPostId: contentPostId ?? null,
+      platform: "x",
+      platformEngagementId: null,
+      threadId: null,
+      source: "manual",
+      platformData: JSON.stringify({ action, tweetId, result }),
+    });
+
+    return NextResponse.json({ success: true, action, result });
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors }, { status: 400 });
+    }
+    if (error instanceof RateLimitError) {
+      return NextResponse.json(
+        { error: `Rate limited. Try again in ${error.retryAfter} seconds.`, retryAfter: error.retryAfter },
+        { status: 429 }
+      );
+    }
+    if (error instanceof TierRestrictedError) {
+      return NextResponse.json(
+        { error: "This action requires a higher X API tier.", code: "TIER_RESTRICTED" },
+        { status: 403 }
+      );
+    }
+    const message = error instanceof Error ? error.message : "Engagement action failed";
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}

package/src/app/api/platforms/x/enrich/route.ts

@@ -0,0 +1,79 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getPlatformAccountByPlatform } from "@/lib/db/queries/platform-accounts";
+import { listSyncCursors } from "@/lib/db/queries/sync";
+import { hasSession } from "@/lib/browser/session";
+import { syncXProfiles } from "@/lib/platforms/sync-x-profiles";
+import { runSyncWorkflow } from "@/lib/workflows/run-sync-workflow";
+
+/**
+ * POST /api/platforms/x/enrich
+ * Trigger browser-based profile enrichment for X contacts.
+ * Body: { contactIds?: string[], maxProfiles?: number }
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const account = getPlatformAccountByPlatform("x");
+    if (!account) {
+      return NextResponse.json(
+        { error: "No X platform account found" },
+        { status: 400 }
+      );
+    }
+
+    if (!hasSession("x")) {
+      return NextResponse.json(
+        { error: "No browser session configured. Set up in Settings." },
+        { status: 400 }
+      );
+    }
+
+    const body = await req.json().catch(() => ({}));
+    const maxProfiles = body.maxProfiles ?? 15;
+
+    const { workflowRun, syncResult } = await runSyncWorkflow({
+      workflowType: "enrich",
+      syncSubType: "x_enrich",
+      platformAccountId: account.id,
+      syncFunction: () =>
+        syncXProfiles(account.id, {
+          contactIds: body.contactIds,
+          maxProfiles,
+        }),
+    });
+
+    return NextResponse.json({ success: true, result: syncResult, workflowRunId: workflowRun.id });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Enrichment failed";
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}
+
+/**
+ * GET /api/platforms/x/enrich
+ * Get enrichment sync status.
+ */
+export async function GET() {
+  const account = getPlatformAccountByPlatform("x");
+  if (!account) {
+    return NextResponse.json({ configured: false });
+  }
+
+  const hasBrowserSession = hasSession("x");
+
+  // Find the x_profiles sync cursor if it exists
+  const cursors = listSyncCursors(account.id);
+  const enrichCursor = cursors.find((c) => c.dataType === "x_profiles");
+
+  return NextResponse.json({
+    configured: true,
+    hasBrowserSession,
+    enrichment: enrichCursor
+      ? {
+          status: enrichCursor.syncStatus,
+          totalEnriched: enrichCursor.totalItemsSynced,
+          lastEnrichedAt: enrichCursor.lastSyncCompletedAt,
+          lastError: enrichCursor.lastError,
+        }
+      : null,
+  });
+}