responses-proxy 0.1.0

package/dist/session-log.js

@@ -0,0 +1,178 @@
+import { appendFile, mkdir, readdir, rm } from "node:fs/promises";
+import path from "node:path";
+const LATEST_DIR_NAME = "latest";
+const DATE_DIR_PATTERN = /^\d{4}-\d{2}-\d{2}$/;
+const CACHE_HIT_STREAK_TTL_MS = 6 * 60 * 60 * 1000;
+const MAX_CACHE_HIT_STREAK_SESSIONS = 2000;
+let lastCleanupStartedAt = 0;
+let cleanupPromise;
+const cacheHitStreakBySession = new Map();
+export function deriveSessionKey(body, traceContext) {
+    const promptCacheKey = readString(traceContext.promptCacheKey) ?? readString(body.prompt_cache_key);
+    if (promptCacheKey) {
+        return promptCacheKey;
+    }
+    const metadataUserId = readString(traceContext.metadataUserId);
+    if (metadataUserId) {
+        return metadataUserId;
+    }
+    const previousResponseId = readString(body.previous_response_id);
+    if (previousResponseId) {
+        return previousResponseId;
+    }
+    const user = readString(body.user);
+    if (user) {
+        return user;
+    }
+    return "unknown-session";
+}
+export function createSessionLogContext(logDir, sessionKey, retentionDays = 14, options) {
+    const fileName = `${sanitizeFileName(sessionKey)}.jsonl`;
+    const sessionFileFor = (date = new Date()) => path.join(logDir, formatLocalDate(date), fileName);
+    const latestSessionFile = () => path.join(logDir, LATEST_DIR_NAME, fileName);
+    return {
+        sessionKey,
+        sessionFileFor,
+        latestSessionFile,
+        async write(entry) {
+            const now = new Date();
+            const sessionFile = sessionFileFor(now);
+            const latestFile = latestSessionFile();
+            await Promise.all([
+                mkdir(path.dirname(sessionFile), { recursive: true }),
+                mkdir(path.dirname(latestFile), { recursive: true }),
+            ]);
+            const enrichedEntry = enrichCacheMetrics(sessionKey, entry, options?.cacheMetricsStore);
+            const payload = JSON.stringify({
+                ts: now.toISOString(),
+                sessionKey,
+                ...enrichedEntry,
+            });
+            await Promise.all([
+                appendFile(sessionFile, `${payload}\n`, "utf8"),
+                appendFile(latestFile, `${payload}\n`, "utf8"),
+            ]);
+            scheduleRetentionCleanup(logDir, retentionDays);
+        },
+    };
+}
+function enrichCacheMetrics(sessionKey, entry, cacheMetricsStore) {
+    const cachedTokens = typeof entry.cachedTokens === "number" ? entry.cachedTokens : undefined;
+    if (cachedTokens === undefined) {
+        return entry;
+    }
+    const persistedState = cacheMetricsStore?.recordCacheResult(sessionKey, cachedTokens);
+    if (persistedState) {
+        return {
+            ...entry,
+            cacheHit: persistedState.cacheHit,
+            consecutiveCacheHits: persistedState.consecutiveCacheHits,
+        };
+    }
+    pruneCacheHitStreaks();
+    const cacheHit = cachedTokens > 0;
+    const now = Date.now();
+    const consecutiveCacheHits = cacheHit
+        ? (cacheHitStreakBySession.get(sessionKey)?.count ?? 0) + 1
+        : 0;
+    cacheHitStreakBySession.set(sessionKey, {
+        count: consecutiveCacheHits,
+        updatedAt: now,
+    });
+    return {
+        ...entry,
+        cacheHit,
+        consecutiveCacheHits,
+    };
+}
+function scheduleRetentionCleanup(logDir, retentionDays) {
+    if (retentionDays <= 0) {
+        return;
+    }
+    const now = Date.now();
+    if (cleanupPromise) {
+        return;
+    }
+    if (now - lastCleanupStartedAt < 60_000) {
+        return;
+    }
+    lastCleanupStartedAt = now;
+    cleanupPromise = cleanupOldLogDirs(logDir, retentionDays).finally(() => {
+        cleanupPromise = undefined;
+    });
+}
+function pruneCacheHitStreaks() {
+    const now = Date.now();
+    for (const [sessionKey, state] of cacheHitStreakBySession) {
+        if (now - state.updatedAt > CACHE_HIT_STREAK_TTL_MS) {
+            cacheHitStreakBySession.delete(sessionKey);
+        }
+    }
+    if (cacheHitStreakBySession.size <= MAX_CACHE_HIT_STREAK_SESSIONS) {
+        return;
+    }
+    const overflow = cacheHitStreakBySession.size - MAX_CACHE_HIT_STREAK_SESSIONS;
+    let removed = 0;
+    for (const sessionKey of cacheHitStreakBySession.keys()) {
+        cacheHitStreakBySession.delete(sessionKey);
+        removed += 1;
+        if (removed >= overflow) {
+            break;
+        }
+    }
+}
+async function cleanupOldLogDirs(logDir, retentionDays) {
+    let entries;
+    try {
+        entries = await readdir(logDir);
+    }
+    catch (error) {
+        if (isMissingPathError(error)) {
+            return;
+        }
+        throw error;
+    }
+    const cutoff = startOfLocalDay(new Date());
+    cutoff.setDate(cutoff.getDate() - retentionDays);
+    await Promise.all(entries
+        .filter((entry) => entry !== LATEST_DIR_NAME && DATE_DIR_PATTERN.test(entry))
+        .filter((entry) => {
+        const parsed = parseLocalDate(entry);
+        return parsed !== undefined && parsed.getTime() < cutoff.getTime();
+    })
+        .map((entry) => rm(path.join(logDir, entry), { recursive: true, force: true })));
+}
+function startOfLocalDay(value) {
+    return new Date(value.getFullYear(), value.getMonth(), value.getDate());
+}
+function parseLocalDate(value) {
+    const match = DATE_DIR_PATTERN.exec(value);
+    if (!match) {
+        return undefined;
+    }
+    const [year, month, day] = value.split("-").map((part) => Number(part));
+    const parsed = new Date(year, month - 1, day);
+    if (parsed.getFullYear() !== year ||
+        parsed.getMonth() !== month - 1 ||
+        parsed.getDate() !== day) {
+        return undefined;
+    }
+    return parsed;
+}
+function isMissingPathError(error) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
+function sanitizeFileName(value) {
+    const compact = value.trim().replace(/[^\w.-]+/g, "_");
+    const sanitized = compact.replace(/_+/g, "_").replace(/^_+|_+$/g, "");
+    return sanitized || "unknown-session";
+}
+function formatLocalDate(value) {
+    const year = value.getFullYear();
+    const month = String(value.getMonth() + 1).padStart(2, "0");
+    const day = String(value.getDate()).padStart(2, "0");
+    return `${year}-${month}-${day}`;
+}
+function readString(value) {
+    return typeof value === "string" && value.trim() ? value : undefined;
+}

package/dist/tailnet-funnel-script.test.js

@@ -0,0 +1,33 @@
+import assert from "node:assert/strict";
+import { spawnSync } from "node:child_process";
+import path from "node:path";
+import test from "node:test";
+const scriptPath = path.resolve(process.cwd(), "scripts", "tailnet-funnel.sh");
+const bashLookup = spawnSync("sh", ["-c", "command -v bash"], {
+    encoding: "utf8",
+});
+const bashPath = bashLookup.status === 0 ? bashLookup.stdout.trim() : "";
+test("tailnet funnel script rejects invalid public https port", { skip: !bashPath }, () => {
+    const result = spawnSync(bashPath, [scriptPath], {
+        encoding: "utf8",
+        env: {
+            ...process.env,
+            TAILSCALE_LOCAL_TARGET: "http://127.0.0.1:8318",
+            TAILSCALE_FUNNEL_HTTPS_PORT: "8444",
+        },
+    });
+    assert.notEqual(result.status, 0);
+    assert.match(`${result.stdout}${result.stderr}`, /TAILSCALE_FUNNEL_HTTPS_PORT/);
+});
+test("tailnet funnel script rejects non-localhost target", { skip: !bashPath }, () => {
+    const result = spawnSync(bashPath, [scriptPath], {
+        encoding: "utf8",
+        env: {
+            ...process.env,
+            TAILSCALE_LOCAL_TARGET: "http://192.168.0.10:8318",
+            TAILSCALE_FUNNEL_HTTPS_PORT: "443",
+        },
+    });
+    assert.notEqual(result.status, 0);
+    assert.match(`${result.stdout}${result.stderr}`, /TAILSCALE_LOCAL_TARGET must point at localhost/);
+});

package/dist/telegram-bot/actions.js

@@ -0,0 +1,118 @@
+import { formatClientConfigs, formatHealthStatus, formatModels, formatOauthStatus, formatProviderDetails, formatProviders, formatProxyError, formatTestResult, } from "./format.js";
+import { replyOrEditMessage } from "./callbacks.js";
+import { ProxyClientError } from "./proxy-client.js";
+export function getProxyErrorMessage(error) {
+    if (error instanceof ProxyClientError) {
+        return formatProxyError(error.body?.error ?? error);
+    }
+    return error instanceof Error ? error.message : "Unknown bot error";
+}
+export async function replyWithProxyError(ctx, error) {
+    await replyOrEditMessage(ctx, getProxyErrorMessage(error));
+}
+export async function loadStatusText(deps) {
+    const [health, providers, promptCache, usageStats] = await Promise.all([
+        deps.proxyClient.getHealth(),
+        deps.proxyClient.getProviders(),
+        deps.proxyClient.getLatestPromptCache(),
+        deps.proxyClient.getUsageStats(),
+    ]);
+    const usageSummary = summarizeUsageStats(usageStats?.stats);
+    return formatHealthStatus({
+        ...health,
+        activeProviderId: providers?.activeProviderId,
+        latestPromptCache: promptCache?.latest ?? null,
+        usageSummary,
+    });
+}
+export async function loadProvidersText(deps) {
+    return formatProviders(await deps.proxyClient.getProviders());
+}
+export async function loadClientsText(deps) {
+    return formatClientConfigs(await deps.proxyClient.getClientConfigs());
+}
+export async function loadModelsText(deps) {
+    return formatModels(await deps.proxyClient.getModels());
+}
+export async function loadOauthStatusText(deps) {
+    return formatOauthStatus(await deps.proxyClient.getOauthStatus());
+}
+export async function sendStatus(ctx, deps) {
+    try {
+        await ctx.reply(await loadStatusText(deps));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendProviders(ctx, deps) {
+    try {
+        await ctx.reply(await loadProvidersText(deps));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendClients(ctx, deps) {
+    try {
+        await ctx.reply(await loadClientsText(deps));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendOauthStatus(ctx, deps) {
+    try {
+        await ctx.reply(await loadOauthStatusText(deps));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendTestResult(ctx, deps, input) {
+    try {
+        const result = await deps.proxyClient.sendTestPrompt({
+            prompt: input.prompt,
+            model: input.model?.trim() || deps.config.defaultModel,
+            providerId: input.providerId?.trim() || undefined,
+        });
+        await ctx.reply(formatTestResult(result));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendModels(ctx, deps) {
+    try {
+        await ctx.reply(formatModels(await deps.proxyClient.getModels()));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+export async function sendProviderDetails(ctx, deps, providerId) {
+    try {
+        const payload = await deps.proxyClient.getProviderDetails(providerId);
+        await ctx.reply(formatProviderDetails(payload.provider));
+    }
+    catch (error) {
+        await replyWithProxyError(ctx, error);
+    }
+}
+function summarizeUsageStats(stats) {
+    if (!stats || typeof stats !== "object") {
+        return [];
+    }
+    const summary = stats;
+    const lines = [];
+    if (typeof summary.totalRequests === "number") {
+        lines.push(`total requests: ${summary.totalRequests}`);
+    }
+    if (typeof summary.totalPromptTokens === "number") {
+        lines.push(`prompt tokens: ${summary.totalPromptTokens}`);
+    }
+    if (typeof summary.totalCompletionTokens === "number") {
+        lines.push(`completion tokens: ${summary.totalCompletionTokens}`);
+    }
+    return lines;
+}

package/dist/telegram-bot/admin-actions.js

@@ -0,0 +1,103 @@
+import { InlineKeyboard } from "grammy";
+import { replyOrEditMessage } from "./callbacks.js";
+export const ADMIN_CALLBACK_ACTIONS = [
+    "status",
+    "clients",
+    "providers",
+    "models",
+    "oauth",
+    "plans",
+    "renewals",
+    "apikeys",
+    "apply",
+    "menu",
+];
+export const ADMIN_CALLBACK_PATTERN = new RegExp(`^v1:admin:(${ADMIN_CALLBACK_ACTIONS.join("|")})$`);
+export const ADMIN_ACTION_BUTTONS = {
+    status: { label: "📈 Status", callbackData: "v1:admin:status" },
+    clients: { label: "👥 Clients", callbackData: "v1:admin:clients" },
+    providers: { label: "🧭 Providers", callbackData: "v1:admin:providers" },
+    models: { label: "🧠 Models", callbackData: "v1:admin:models" },
+    plans: { label: "💳 Plans", callbackData: "v1:admin:plans" },
+    renewals: { label: "🧾 Renewals", callbackData: "v1:admin:renewals" },
+    apikeys: { label: "🔑 API Keys", callbackData: "v1:admin:apikeys" },
+    apply: { label: "⚙️ Apply", callbackData: "v1:admin:apply" },
+    oauth: { label: "🔐 OAuth", callbackData: "v1:admin:oauth" },
+    accounts: { label: "👤 Accounts", callbackData: "v1:acct:list" },
+    menu: { label: "⬅️ Admin", callbackData: "v1:admin:menu" },
+};
+export const ADMIN_ACTION_LOOPS = {
+    main: {
+        title: "Admin actions",
+        actions: ["status", "clients", "providers", "models", "plans", "renewals", "apikeys", "apply", "oauth", "accounts"],
+    },
+    proxy: {
+        title: "Proxy actions",
+        actions: ["status", "providers", "models", "oauth", "accounts", "menu"],
+    },
+    config: {
+        title: "Config actions",
+        actions: ["clients", "apply", "providers", "models", "menu"],
+    },
+    billing: {
+        title: "Billing actions",
+        actions: ["plans", "renewals", "apikeys", "menu"],
+    },
+    keys: {
+        title: "API key actions",
+        actions: ["apikeys", "plans", "renewals", "clients", "menu"],
+    },
+    apply: {
+        title: "Apply actions",
+        actions: ["apply", "clients", "status", "menu"],
+    },
+    accounts: {
+        title: "Account actions",
+        actions: ["accounts", "oauth", "status", "menu"],
+    },
+};
+export function buildAdminActionKeyboard(actions) {
+    const keyboard = new InlineKeyboard();
+    actions.forEach((action, index) => {
+        const button = ADMIN_ACTION_BUTTONS[action];
+        keyboard.text(button.label, button.callbackData);
+        if (index % 2 === 1 && index < actions.length - 1) {
+            keyboard.row();
+        }
+    });
+    return keyboard;
+}
+export function buildAdminStartKeyboard() {
+    return buildAdminActionKeyboard(ADMIN_ACTION_LOOPS.main.actions);
+}
+export function mergeInlineKeyboards(...keyboards) {
+    const rows = keyboards.flatMap((keyboard) => {
+        if (!keyboard) {
+            return [];
+        }
+        const raw = JSON.parse(JSON.stringify(keyboard));
+        return Array.isArray(raw.inline_keyboard) ? raw.inline_keyboard : [];
+    });
+    return rows.length > 0 ? { inline_keyboard: rows } : undefined;
+}
+export async function replyAdminActionLoop(ctx, loop = "main") {
+    const definition = ADMIN_ACTION_LOOPS[loop];
+    await replyOrEditMessage(ctx, definition.title, {
+        reply_markup: buildAdminActionKeyboard(definition.actions),
+    });
+}
+export async function renderAdminScreen(ctx, input) {
+    const loopKeyboard = buildAdminActionKeyboard(ADMIN_ACTION_LOOPS[input.loop].actions);
+    await replyOrEditMessage(ctx, input.text, {
+        reply_markup: mergeInlineKeyboards(input.primaryKeyboard, loopKeyboard),
+    });
+}
+export function buildApplyClientKeyboard(includeMenu = true) {
+    const keyboard = new InlineKeyboard()
+        .text("Hermes", "v1:apply:client:hermes")
+        .text("Codex", "v1:apply:client:codex");
+    if (includeMenu) {
+        keyboard.row().text(ADMIN_ACTION_BUTTONS.menu.label, ADMIN_ACTION_BUTTONS.menu.callbackData);
+    }
+    return keyboard;
+}

package/dist/telegram-bot/auth.js

@@ -0,0 +1,46 @@
+function isAllowed(ctx, config) {
+    const fromId = ctx.from?.id?.toString();
+    const chatId = ctx.chat?.id?.toString();
+    const hasEmergencyUserLockdown = config.allowedUserIds.size > 0;
+    const isOwnerOrAdmin = !!fromId && (config.ownerUserIds.has(fromId) || config.adminUserIds.has(fromId));
+    const userAllowed = fromId
+        ? isOwnerOrAdmin ||
+            config.allowedUserIds.has(fromId) ||
+            (!hasEmergencyUserLockdown && config.publicSignupEnabled)
+        : false;
+    const chatAllowed = config.allowedChatIds.size === 0 || (chatId ? config.allowedChatIds.has(chatId) : false);
+    return userAllowed && chatAllowed;
+}
+export function isAdmin(ctx, config) {
+    const fromId = ctx.from?.id?.toString();
+    return !!fromId && (config.ownerUserIds.has(fromId) || config.adminUserIds.has(fromId));
+}
+export function createAllowlistMiddleware(config) {
+    return async (ctx, next) => {
+        if (!isAllowed(ctx, config)) {
+            await ctx.reply("🔒 Access restricted\nThis bot is restricted. Your user or chat is not authorized.");
+            return;
+        }
+        await next();
+    };
+}
+export function createCustomerCommandMiddleware(config) {
+    const customerCommands = new Set(["start", "help", "me", "apikey", "usage", "quota", "renew", "tailscale"]);
+    return async (ctx, next) => {
+        if (isAdmin(ctx, config)) {
+            await next();
+            return;
+        }
+        const text = ctx.message && "text" in ctx.message ? ctx.message.text : undefined;
+        const command = parseCommand(text);
+        if (!command || customerCommands.has(command)) {
+            await next();
+            return;
+        }
+        await ctx.reply("🔒 Admin-only command\nThis command is admin-only. Use /apikey to view your Responses API key.");
+    };
+}
+function parseCommand(text) {
+    const match = text?.trim().match(/^\/([A-Za-z0-9_]+)(?:@[A-Za-z0-9_]+)?(?:\s|$)/);
+    return match?.[1]?.toLowerCase();
+}

package/dist/telegram-bot/auth.test.js

@@ -0,0 +1 @@
+export {};

package/dist/telegram-bot/bot-identity-repository.js

@@ -0,0 +1,189 @@
+import { mkdirSync } from "node:fs";
+import path from "node:path";
+import BetterSqlite3 from "better-sqlite3";
+export class BotIdentityRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    static create(dbFile) {
+        mkdirSync(path.dirname(dbFile), { recursive: true });
+        const db = new BetterSqlite3(dbFile);
+        ensureIdentitySchema(db);
+        return new BotIdentityRepository(db);
+    }
+    upsertUser(input) {
+        const now = (input.now ?? new Date()).toISOString();
+        const existing = this.getUser(input.telegramUserId);
+        const role = existing?.role ?? input.defaultRole ?? "customer";
+        const status = existing?.status ?? input.defaultStatus ?? "active";
+        this.db
+            .prepare(`INSERT INTO telegram_users (
+          telegram_user_id,
+          username,
+          first_name,
+          last_name,
+          language_code,
+          role,
+          status,
+          created_at,
+          updated_at,
+          last_seen_at
+        )
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        ON CONFLICT(telegram_user_id) DO UPDATE SET
+          username = excluded.username,
+          first_name = excluded.first_name,
+          last_name = excluded.last_name,
+          language_code = excluded.language_code,
+          updated_at = excluded.updated_at,
+          last_seen_at = excluded.last_seen_at`)
+            .run(input.telegramUserId, input.username ?? null, input.firstName ?? null, input.lastName ?? null, input.languageCode ?? null, role, status, existing?.createdAt ?? now, now, now);
+        return this.getUser(input.telegramUserId);
+    }
+    getUser(telegramUserId) {
+        const row = this.db
+            .prepare(`SELECT
+          telegram_user_id,
+          username,
+          first_name,
+          last_name,
+          language_code,
+          role,
+          status,
+          created_at,
+          updated_at,
+          last_seen_at
+        FROM telegram_users
+        WHERE telegram_user_id = ?`)
+            .get(telegramUserId);
+        return row ? mapTelegramUserRow(row) : undefined;
+    }
+    setUserStatus(telegramUserId, status, now = new Date()) {
+        this.db
+            .prepare(`UPDATE telegram_users
+         SET status = ?, updated_at = ?
+         WHERE telegram_user_id = ?`)
+            .run(status, now.toISOString(), telegramUserId);
+    }
+    upsertChat(input) {
+        const now = (input.now ?? new Date()).toISOString();
+        const existing = this.getChat(input.telegramChatId);
+        this.db
+            .prepare(`INSERT INTO telegram_chats (
+          telegram_chat_id,
+          chat_type,
+          title,
+          created_at,
+          updated_at,
+          last_seen_at
+        )
+        VALUES (?, ?, ?, ?, ?, ?)
+        ON CONFLICT(telegram_chat_id) DO UPDATE SET
+          chat_type = excluded.chat_type,
+          title = excluded.title,
+          updated_at = excluded.updated_at,
+          last_seen_at = excluded.last_seen_at`)
+            .run(input.telegramChatId, input.chatType, input.title ?? null, existing?.createdAt ?? now, now, now);
+        return this.getChat(input.telegramChatId);
+    }
+    getChat(telegramChatId) {
+        const row = this.db
+            .prepare(`SELECT
+          telegram_chat_id,
+          chat_type,
+          title,
+          created_at,
+          updated_at,
+          last_seen_at
+        FROM telegram_chats
+        WHERE telegram_chat_id = ?`)
+            .get(telegramChatId);
+        return row ? mapTelegramChatRow(row) : undefined;
+    }
+    upsertMembership(input) {
+        const now = (input.now ?? new Date()).toISOString();
+        const role = input.role?.trim() || "member";
+        this.db
+            .prepare(`INSERT INTO telegram_chat_memberships (
+          telegram_user_id,
+          telegram_chat_id,
+          role,
+          created_at,
+          updated_at
+        )
+        VALUES (?, ?, ?, ?, ?)
+        ON CONFLICT(telegram_user_id, telegram_chat_id) DO UPDATE SET
+          role = excluded.role,
+          updated_at = excluded.updated_at`)
+            .run(input.telegramUserId, input.telegramChatId, role, now, now);
+    }
+}
+function ensureIdentitySchema(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS telegram_users (
+      telegram_user_id TEXT PRIMARY KEY,
+      username TEXT,
+      first_name TEXT,
+      last_name TEXT,
+      language_code TEXT,
+      role TEXT NOT NULL DEFAULT 'customer',
+      status TEXT NOT NULL DEFAULT 'active',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      last_seen_at TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS telegram_chats (
+      telegram_chat_id TEXT PRIMARY KEY,
+      chat_type TEXT NOT NULL,
+      title TEXT,
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      last_seen_at TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS telegram_chat_memberships (
+      telegram_user_id TEXT NOT NULL,
+      telegram_chat_id TEXT NOT NULL,
+      role TEXT NOT NULL DEFAULT 'member',
+      created_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      PRIMARY KEY (telegram_user_id, telegram_chat_id)
+    );
+  `);
+}
+function mapTelegramUserRow(row) {
+    return {
+        telegramUserId: row.telegram_user_id,
+        username: row.username ?? undefined,
+        firstName: row.first_name ?? undefined,
+        lastName: row.last_name ?? undefined,
+        languageCode: row.language_code ?? undefined,
+        role: normalizeRole(row.role),
+        status: normalizeStatus(row.status),
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+        lastSeenAt: row.last_seen_at ?? undefined,
+    };
+}
+function mapTelegramChatRow(row) {
+    return {
+        telegramChatId: row.telegram_chat_id,
+        chatType: row.chat_type,
+        title: row.title ?? undefined,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at,
+        lastSeenAt: row.last_seen_at ?? undefined,
+    };
+}
+function normalizeRole(value) {
+    return value === "owner" || value === "admin" || value === "support" || value === "customer"
+        ? value
+        : "customer";
+}
+function normalizeStatus(value) {
+    return value === "active" || value === "pending_approval" || value === "blocked"
+        ? value
+        : "active";
+}