palaryn 0.1.0 → 0.3.2

package/src/storage/memory.ts

@@ -0,0 +1,686 @@
+import { BudgetState } from '../types/budget';
+import { AuditEvent, EventType } from '../types/events';
+import { PolicyPack } from '../types/policy';
+import {
+  User,
+  OAuthAccount,
+  OAuthProvider,
+  Workspace,
+  WorkspaceMember,
+  Session,
+  UserApiKey,
+} from '../types/user';
+import {
+  BudgetStore,
+  AuditStore,
+  ApprovalStore,
+  ApprovalRecord,
+  IdempotencyStore,
+  RateLimitStore,
+  UserStore,
+  OAuthAccountStore,
+  WorkspaceStore,
+  WorkspaceMemberStore,
+  SessionStore,
+  UserApiKeyStore,
+  SubscriptionStore,
+  PolicyStore,
+  RateLimitConfigStore,
+  BudgetConfigStore,
+  WorkspaceRateLimitConfig,
+  WorkspaceBudgetConfig,
+} from './interfaces';
+import { Subscription } from '../types/subscription';
+import { ToolResult } from '../types/tool-result';
+
+export class InMemoryBudgetStore implements BudgetStore {
+  private taskStates = new Map<string, BudgetState>();
+  private counters = new Map<string, number>();
+  private retryCounts = new Map<string, number>();
+
+  getTaskState(taskId: string): BudgetState | undefined {
+    return this.taskStates.get(taskId);
+  }
+
+  setTaskState(taskId: string, state: BudgetState): void {
+    this.taskStates.set(taskId, state);
+  }
+
+  getCounter(key: string): number {
+    return this.counters.get(key) ?? 0;
+  }
+
+  incrementCounter(key: string, amount: number): void {
+    this.counters.set(key, (this.counters.get(key) ?? 0) + amount);
+  }
+
+  getRetryCount(toolCallId: string): number {
+    return this.retryCounts.get(toolCallId) ?? 0;
+  }
+
+  incrementRetryCount(toolCallId: string): number {
+    const count = (this.retryCounts.get(toolCallId) ?? 0) + 1;
+    this.retryCounts.set(toolCallId, count);
+    return count;
+  }
+
+  async flush(): Promise<void> {}
+
+  reset(): void {
+    this.taskStates.clear();
+    this.counters.clear();
+    this.retryCounts.clear();
+  }
+}
+
+export class InMemoryAuditStore implements AuditStore {
+  private events: AuditEvent[] = [];
+
+  append(event: AuditEvent): void {
+    this.events.push(event);
+  }
+
+  getByTaskId(taskId: string): AuditEvent[] {
+    return this.events
+      .filter(e => e.task_id === taskId)
+      .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+  }
+
+  getByToolCallId(toolCallId: string): AuditEvent[] {
+    return this.events
+      .filter(e => e.tool_call_id === toolCallId)
+      .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+  }
+
+  getByEventType(eventType: EventType): AuditEvent[] {
+    return this.events.filter(e => e.event_type === eventType);
+  }
+
+  getAll(): AuditEvent[] {
+    return [...this.events];
+  }
+
+  deleteByTaskId(taskId: string): void {
+    this.events = this.events.filter(e => e.task_id !== taskId);
+  }
+
+  deleteBySessionId(sessionId: string): void {
+    this.events = this.events.filter(e => e.session_id !== sessionId);
+  }
+
+  clear(): void {
+    this.events = [];
+  }
+}
+
+export class InMemoryApprovalStore implements ApprovalStore {
+  private approvals = new Map<string, ApprovalRecord>();
+  private tokenIndex = new Map<string, string>();
+
+  save(approvalId: string, approval: ApprovalRecord): void {
+    this.approvals.set(approvalId, approval);
+  }
+
+  getById(approvalId: string): ApprovalRecord | undefined {
+    return this.approvals.get(approvalId);
+  }
+
+  getByToken(token: string): ApprovalRecord | undefined {
+    const id = this.tokenIndex.get(token);
+    return id ? this.approvals.get(id) : undefined;
+  }
+
+  getByToolCallId(toolCallId: string): ApprovalRecord | undefined {
+    for (const approval of this.approvals.values()) {
+      if (approval.tool_call_id === toolCallId) return approval;
+    }
+    return undefined;
+  }
+
+  findApproved(taskId: string, actorId: string, toolName: string, capability: string): ApprovalRecord | undefined {
+    for (const approval of this.approvals.values()) {
+      if (approval.status !== 'approved') continue;
+      if (approval.task_id !== taskId) continue;
+      if (approval.actor_id !== actorId) continue;
+      if (approval.tool_name === toolName || approval.tool_capability === capability) {
+        return approval;
+      }
+    }
+    return undefined;
+  }
+
+  findPending(workspaceId?: string): ApprovalRecord[] {
+    const results: ApprovalRecord[] = [];
+    for (const approval of this.approvals.values()) {
+      if (approval.status !== 'pending') continue;
+      if (workspaceId && approval.workspace_id !== workspaceId) continue;
+      results.push(approval);
+    }
+    return results;
+  }
+
+  indexToken(token: string, approvalId: string): void {
+    this.tokenIndex.set(token, approvalId);
+  }
+
+  compareAndSetStatus(approvalId: string, expectedStatus: string, approval: ApprovalRecord): boolean {
+    const existing = this.approvals.get(approvalId);
+    if (!existing || existing.status !== expectedStatus) return false;
+    this.approvals.set(approvalId, approval);
+    return true;
+  }
+
+  async flush(): Promise<void> {}
+
+  clear(): void {
+    this.approvals.clear();
+    this.tokenIndex.clear();
+  }
+}
+
+export class InMemoryIdempotencyStore implements IdempotencyStore {
+  private entries = new Map<string, { result: ToolResult; expiresAt: number }>();
+  private lastEviction = Date.now();
+  /** Evict expired entries every 30 seconds or when cache exceeds 5000 entries */
+  private static readonly EVICTION_INTERVAL_MS = 30000;
+  private static readonly MAX_ENTRIES = 5000;
+
+  async get(toolCallId: string): Promise<ToolResult | undefined> {
+    const entry = this.entries.get(toolCallId);
+    if (!entry) return undefined;
+    if (Date.now() > entry.expiresAt) {
+      this.entries.delete(toolCallId);
+      return undefined;
+    }
+    return entry.result;
+  }
+
+  set(toolCallId: string, result: ToolResult, ttlMs: number): void {
+    this.entries.set(toolCallId, {
+      result,
+      expiresAt: Date.now() + ttlMs,
+    });
+    this.maybeEvict();
+  }
+
+  /** Proactively evict expired entries based on time or size thresholds */
+  private maybeEvict(): void {
+    const now = Date.now();
+    const shouldEvict = this.entries.size > InMemoryIdempotencyStore.MAX_ENTRIES
+      || (now - this.lastEviction) > InMemoryIdempotencyStore.EVICTION_INTERVAL_MS;
+
+    if (shouldEvict) {
+      for (const [key, val] of this.entries) {
+        if (now > val.expiresAt) this.entries.delete(key);
+      }
+      this.lastEviction = now;
+    }
+  }
+
+  async has(toolCallId: string): Promise<boolean> {
+    return (await this.get(toolCallId)) !== undefined;
+  }
+
+  async flush(): Promise<void> {}
+
+  clear(): void {
+    this.entries.clear();
+  }
+}
+
+export class InMemoryRateLimitStore implements RateLimitStore {
+  // Sliding window counters: key -> array of timestamps
+  private windows = new Map<string, number[]>();
+
+  hit(key: string, windowMs: number, maxRequests: number): {
+    allowed: boolean;
+    current: number;
+    limit: number;
+    resetAt: number;
+  } {
+    const now = Date.now();
+    const cutoff = now - windowMs;
+
+    // Get existing timestamps and prune expired ones
+    let timestamps = this.windows.get(key) || [];
+    timestamps = timestamps.filter(t => t > cutoff);
+
+    // Add current hit
+    timestamps.push(now);
+    this.windows.set(key, timestamps);
+
+    const current = timestamps.length;
+    const allowed = current <= maxRequests;
+    const resetAt = timestamps.length > 0 ? timestamps[0] + windowMs : now + windowMs;
+
+    return { allowed, current, limit: maxRequests, resetAt };
+  }
+
+  reset(): void {
+    this.windows.clear();
+  }
+}
+
+// ---------------------------------------------------------------------------
+// SaaS In-Memory Stores
+// ---------------------------------------------------------------------------
+
+export class InMemoryUserStore implements UserStore {
+  private users = new Map<string, User>();
+
+  create(user: User): void {
+    this.users.set(user.id, { ...user });
+  }
+
+  getById(id: string): User | undefined {
+    const u = this.users.get(id);
+    return u ? { ...u } : undefined;
+  }
+
+  getByEmail(email: string): User | undefined {
+    for (const u of this.users.values()) {
+      if (u.email === email) return { ...u };
+    }
+    return undefined;
+  }
+
+  update(id: string, updates: Partial<Pick<User, 'display_name' | 'avatar_url' | 'password_hash' | 'status' | 'onboarding_completed' | 'updated_at'>>): User | undefined {
+    const u = this.users.get(id);
+    if (!u) return undefined;
+    Object.assign(u, updates);
+    return { ...u };
+  }
+
+  delete(id: string): boolean {
+    return this.users.delete(id);
+  }
+
+  list(): User[] {
+    return Array.from(this.users.values()).map(u => ({ ...u }));
+  }
+}
+
+export class InMemoryOAuthAccountStore implements OAuthAccountStore {
+  private accounts = new Map<string, OAuthAccount>();
+
+  create(account: OAuthAccount): void {
+    this.accounts.set(account.id, { ...account });
+  }
+
+  getById(id: string): OAuthAccount | undefined {
+    const a = this.accounts.get(id);
+    return a ? { ...a } : undefined;
+  }
+
+  getByProvider(provider: OAuthProvider, providerUserId: string): OAuthAccount | undefined {
+    for (const a of this.accounts.values()) {
+      if (a.provider === provider && a.provider_user_id === providerUserId) return { ...a };
+    }
+    return undefined;
+  }
+
+  getByUserId(userId: string): OAuthAccount[] {
+    const results: OAuthAccount[] = [];
+    for (const a of this.accounts.values()) {
+      if (a.user_id === userId) results.push({ ...a });
+    }
+    return results;
+  }
+
+  update(id: string, updates: Partial<Pick<OAuthAccount, 'access_token_encrypted' | 'refresh_token_encrypted' | 'token_expires_at' | 'updated_at'>>): OAuthAccount | undefined {
+    const a = this.accounts.get(id);
+    if (!a) return undefined;
+    Object.assign(a, updates);
+    return { ...a };
+  }
+
+  delete(id: string): boolean {
+    return this.accounts.delete(id);
+  }
+}
+
+export class InMemoryWorkspaceStore implements WorkspaceStore {
+  private workspaces = new Map<string, Workspace>();
+
+  create(workspace: Workspace): void {
+    this.workspaces.set(workspace.id, { ...workspace });
+  }
+
+  getById(id: string): Workspace | undefined {
+    const w = this.workspaces.get(id);
+    return w ? { ...w } : undefined;
+  }
+
+  getBySlug(slug: string): Workspace | undefined {
+    for (const w of this.workspaces.values()) {
+      if (w.slug === slug) return { ...w };
+    }
+    return undefined;
+  }
+
+  getByOwner(userId: string): Workspace[] {
+    const results: Workspace[] = [];
+    for (const w of this.workspaces.values()) {
+      if (w.owner_user_id === userId) results.push({ ...w });
+    }
+    return results;
+  }
+
+  update(id: string, updates: Partial<Pick<Workspace, 'name' | 'slug' | 'plan' | 'settings' | 'updated_at'>>): Workspace | undefined {
+    const w = this.workspaces.get(id);
+    if (!w) return undefined;
+    Object.assign(w, updates);
+    return { ...w };
+  }
+
+  delete(id: string): boolean {
+    return this.workspaces.delete(id);
+  }
+
+  list(): Workspace[] {
+    return Array.from(this.workspaces.values()).map(w => ({ ...w }));
+  }
+}
+
+export class InMemoryWorkspaceMemberStore implements WorkspaceMemberStore {
+  private members = new Map<string, WorkspaceMember>();
+
+  create(member: WorkspaceMember): void {
+    this.members.set(member.id, { ...member });
+  }
+
+  getById(id: string): WorkspaceMember | undefined {
+    const m = this.members.get(id);
+    return m ? { ...m } : undefined;
+  }
+
+  getByWorkspace(workspaceId: string): WorkspaceMember[] {
+    const results: WorkspaceMember[] = [];
+    for (const m of this.members.values()) {
+      if (m.workspace_id === workspaceId) results.push({ ...m });
+    }
+    return results;
+  }
+
+  getByUser(userId: string): WorkspaceMember[] {
+    const results: WorkspaceMember[] = [];
+    for (const m of this.members.values()) {
+      if (m.user_id === userId) results.push({ ...m });
+    }
+    return results;
+  }
+
+  getByWorkspaceAndUser(workspaceId: string, userId: string): WorkspaceMember | undefined {
+    for (const m of this.members.values()) {
+      if (m.workspace_id === workspaceId && m.user_id === userId) return { ...m };
+    }
+    return undefined;
+  }
+
+  update(id: string, updates: Partial<Pick<WorkspaceMember, 'role'>>): WorkspaceMember | undefined {
+    const m = this.members.get(id);
+    if (!m) return undefined;
+    Object.assign(m, updates);
+    return { ...m };
+  }
+
+  delete(id: string): boolean {
+    return this.members.delete(id);
+  }
+}
+
+export class InMemorySessionStore implements SessionStore {
+  private sessions = new Map<string, Session>();
+
+  create(session: Session): void {
+    this.sessions.set(session.id, { ...session });
+  }
+
+  getById(id: string): Session | undefined {
+    const s = this.sessions.get(id);
+    if (!s) return undefined;
+    // Check expiry
+    if (new Date(s.expires_at).getTime() <= Date.now()) {
+      this.sessions.delete(id);
+      return undefined;
+    }
+    return { ...s };
+  }
+
+  getByUserId(userId: string): Session[] {
+    const now = Date.now();
+    const results: Session[] = [];
+    for (const s of this.sessions.values()) {
+      if (s.user_id === userId && new Date(s.expires_at).getTime() > now) {
+        results.push({ ...s });
+      }
+    }
+    return results;
+  }
+
+  update(id: string, updates: Partial<Pick<Session, 'workspace_id' | 'last_active_at'>>): Session | undefined {
+    const s = this.sessions.get(id);
+    if (!s) return undefined;
+    Object.assign(s, updates);
+    return { ...s };
+  }
+
+  delete(id: string): boolean {
+    return this.sessions.delete(id);
+  }
+
+  deleteExpired(): number {
+    const now = Date.now();
+    let count = 0;
+    for (const [id, s] of this.sessions) {
+      if (new Date(s.expires_at).getTime() <= now) {
+        this.sessions.delete(id);
+        count++;
+      }
+    }
+    return count;
+  }
+
+  deleteByUserId(userId: string): number {
+    let count = 0;
+    for (const [id, s] of this.sessions) {
+      if (s.user_id === userId) {
+        this.sessions.delete(id);
+        count++;
+      }
+    }
+    return count;
+  }
+}
+
+export class InMemoryUserApiKeyStore implements UserApiKeyStore {
+  private keys = new Map<string, UserApiKey>();
+
+  create(apiKey: UserApiKey): void {
+    this.keys.set(apiKey.id, { ...apiKey });
+  }
+
+  getById(id: string): UserApiKey | undefined {
+    const k = this.keys.get(id);
+    return k ? { ...k } : undefined;
+  }
+
+  getByKeyHash(keyHash: string): UserApiKey | undefined {
+    for (const k of this.keys.values()) {
+      if (k.key_hash === keyHash) return { ...k };
+    }
+    return undefined;
+  }
+
+  verifyToken(token: string): UserApiKey | undefined {
+    const crypto = require('crypto') as typeof import('crypto');
+    const unsaltedHash = crypto.createHash('sha256').update(token).digest('hex');
+
+    for (const k of this.keys.values()) {
+      if (k.key_hash.includes(':')) {
+        // Salted format: "salt:hash"
+        const colonIndex = k.key_hash.indexOf(':');
+        const salt = k.key_hash.slice(0, colonIndex);
+        const expectedHash = k.key_hash.slice(colonIndex + 1);
+        const computedHash = crypto.createHash('sha256').update(salt + token).digest('hex');
+        const a = Buffer.from(computedHash, 'hex');
+        const b = Buffer.from(expectedHash, 'hex');
+        if (a.length === b.length && crypto.timingSafeEqual(a, b)) {
+          return { ...k };
+        }
+      } else {
+        // Legacy unsalted format
+        if (k.key_hash === unsaltedHash) return { ...k };
+      }
+    }
+    return undefined;
+  }
+
+  getByWorkspace(workspaceId: string): UserApiKey[] {
+    const results: UserApiKey[] = [];
+    for (const k of this.keys.values()) {
+      if (k.workspace_id === workspaceId) results.push({ ...k });
+    }
+    return results;
+  }
+
+  getByUser(userId: string): UserApiKey[] {
+    const results: UserApiKey[] = [];
+    for (const k of this.keys.values()) {
+      if (k.user_id === userId) results.push({ ...k });
+    }
+    return results;
+  }
+
+  update(id: string, updates: Partial<Pick<UserApiKey, 'name' | 'roles' | 'tags' | 'revoked' | 'last_used_at'>>): UserApiKey | undefined {
+    const k = this.keys.get(id);
+    if (!k) return undefined;
+    Object.assign(k, updates);
+    return { ...k };
+  }
+
+  delete(id: string): boolean {
+    return this.keys.delete(id);
+  }
+}
+
+export class InMemorySubscriptionStore implements SubscriptionStore {
+  private subscriptions = new Map<string, Subscription>();
+
+  create(subscription: Subscription): void {
+    this.subscriptions.set(subscription.id, { ...subscription });
+  }
+
+  getById(id: string): Subscription | undefined {
+    const s = this.subscriptions.get(id);
+    return s ? { ...s } : undefined;
+  }
+
+  getByWorkspace(workspaceId: string): Subscription | undefined {
+    for (const s of this.subscriptions.values()) {
+      if (s.workspace_id === workspaceId) return { ...s };
+    }
+    return undefined;
+  }
+
+  getByStripeCustomerId(customerId: string): Subscription | undefined {
+    for (const s of this.subscriptions.values()) {
+      if (s.stripe_customer_id === customerId) return { ...s };
+    }
+    return undefined;
+  }
+
+  getByStripeSubscriptionId(subscriptionId: string): Subscription | undefined {
+    for (const s of this.subscriptions.values()) {
+      if (s.stripe_subscription_id === subscriptionId) return { ...s };
+    }
+    return undefined;
+  }
+
+  update(id: string, updates: Partial<Subscription>): Subscription | undefined {
+    const s = this.subscriptions.get(id);
+    if (!s) return undefined;
+    Object.assign(s, updates);
+    return { ...s };
+  }
+
+  delete(id: string): boolean {
+    return this.subscriptions.delete(id);
+  }
+
+  list(): Subscription[] {
+    return Array.from(this.subscriptions.values()).map(s => ({ ...s }));
+  }
+}
+
+export class InMemoryPolicyStore implements PolicyStore {
+  private policies = new Map<string, PolicyPack>();
+
+  getByWorkspaceId(workspaceId: string): PolicyPack | undefined {
+    return this.policies.get(workspaceId);
+  }
+
+  set(workspaceId: string, policy: PolicyPack): void {
+    this.policies.set(workspaceId, policy);
+  }
+
+  delete(workspaceId: string): boolean {
+    return this.policies.delete(workspaceId);
+  }
+
+  list(): Map<string, PolicyPack> {
+    return new Map(this.policies);
+  }
+
+  clear(): void {
+    this.policies.clear();
+  }
+}
+
+export class InMemoryRateLimitConfigStore implements RateLimitConfigStore {
+  private configs = new Map<string, WorkspaceRateLimitConfig>();
+
+  getByWorkspaceId(workspaceId: string): WorkspaceRateLimitConfig | undefined {
+    return this.configs.get(workspaceId);
+  }
+
+  set(workspaceId: string, config: WorkspaceRateLimitConfig): void {
+    this.configs.set(workspaceId, config);
+  }
+
+  delete(workspaceId: string): boolean {
+    return this.configs.delete(workspaceId);
+  }
+
+  list(): Map<string, WorkspaceRateLimitConfig> {
+    return new Map(this.configs);
+  }
+
+  clear(): void {
+    this.configs.clear();
+  }
+}
+
+export class InMemoryBudgetConfigStore implements BudgetConfigStore {
+  private configs = new Map<string, WorkspaceBudgetConfig>();
+
+  getByWorkspaceId(workspaceId: string): WorkspaceBudgetConfig | undefined {
+    return this.configs.get(workspaceId);
+  }
+
+  set(workspaceId: string, config: WorkspaceBudgetConfig): void {
+    this.configs.set(workspaceId, config);
+  }
+
+  delete(workspaceId: string): boolean {
+    return this.configs.delete(workspaceId);
+  }
+
+  list(): Map<string, WorkspaceBudgetConfig> {
+    return new Map(this.configs);
+  }
+
+  clear(): void {
+    this.configs.clear();
+  }
+}