stagent 0.8.0 → 0.9.0

package/src/lib/license/limit-queries.ts

@@ -0,0 +1,51 @@
+/**
+ * Count queries for tier limit enforcement.
+ *
+ * Each function returns the current count for a specific resource,
+ * used with checkLimit() to determine if an operation is allowed.
+ */
+
+import { db } from "@/lib/db";
+import { agentMemory, learnedContext, schedules } from "@/lib/db/schema";
+import { eq, and, sql } from "drizzle-orm";
+
+/**
+ * Count active (non-archived) memories for a profile.
+ */
+export function getMemoryCount(profileId: string): number {
+  const result = db
+    .select({ count: sql<number>`count(*)` })
+    .from(agentMemory)
+    .where(
+      and(
+        eq(agentMemory.profileId, profileId),
+        eq(agentMemory.status, "active")
+      )
+    )
+    .get();
+  return result?.count ?? 0;
+}
+
+/**
+ * Count learned context versions for a profile.
+ */
+export function getContextVersionCount(profileId: string): number {
+  const result = db
+    .select({ count: sql<number>`count(*)` })
+    .from(learnedContext)
+    .where(eq(learnedContext.profileId, profileId))
+    .get();
+  return result?.count ?? 0;
+}
+
+/**
+ * Count active schedules (both scheduled and heartbeat types).
+ */
+export function getActiveScheduleCount(): number {
+  const result = db
+    .select({ count: sql<number>`count(*)` })
+    .from(schedules)
+    .where(eq(schedules.status, "active"))
+    .get();
+  return result?.count ?? 0;
+}

package/src/lib/license/manager.ts

@@ -0,0 +1,290 @@
+/**
+ * LicenseManager — singleton for local license enforcement.
+ *
+ * Mirrors the budget-guardrails.ts pattern: process-memory cache for
+ * synchronous access, daily cloud validation, offline grace period.
+ *
+ * Usage:
+ *   import { licenseManager } from "@/lib/license/manager";
+ *   const tier = licenseManager.getTier();
+ *   if (!licenseManager.isFeatureAllowed("cloud-sync")) { ... }
+ */
+
+import { db } from "@/lib/db";
+import { license as licenseTable } from "@/lib/db/schema";
+import { eq } from "drizzle-orm";
+import { type LicenseTier, TIER_LIMITS, type LimitResource } from "./tier-limits";
+import { canAccessFeature, type LicenseFeature } from "./features";
+
+const LICENSE_ROW_ID = "default";
+const GRACE_PERIOD_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+const VALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
+
+interface CachedLicense {
+  tier: LicenseTier;
+  status: "active" | "inactive" | "grace";
+  email: string | null;
+  activatedAt: Date | null;
+  expiresAt: Date | null;
+  lastValidatedAt: Date | null;
+  gracePeriodExpiresAt: Date | null;
+}
+
+class LicenseManager {
+  private cache: CachedLicense | null = null;
+  private validationTimer: ReturnType<typeof setInterval> | null = null;
+
+  /**
+   * Initialize from DB. Call once at app boot (instrumentation.ts).
+   * Creates the default license row if it doesn't exist.
+   */
+  initialize(): void {
+    const rows = db
+      .select()
+      .from(licenseTable)
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .all();
+
+    if (rows.length === 0) {
+      const now = new Date();
+      db.insert(licenseTable)
+        .values({
+          id: LICENSE_ROW_ID,
+          tier: "community",
+          status: "active",
+          createdAt: now,
+          updatedAt: now,
+        })
+        .run();
+
+      this.cache = {
+        tier: "community",
+        status: "active",
+        email: null,
+        activatedAt: null,
+        expiresAt: null,
+        lastValidatedAt: null,
+        gracePeriodExpiresAt: null,
+      };
+    } else {
+      const row = rows[0];
+      this.cache = this.rowToCache(row);
+    }
+
+    // Check grace period expiry
+    this.checkGracePeriod();
+  }
+
+  /**
+   * Start the daily validation timer.
+   * Separated from initialize() so tests can skip the timer.
+   */
+  startValidationTimer(): void {
+    if (this.validationTimer) return;
+    this.validationTimer = setInterval(() => {
+      this.validateAndRefresh();
+    }, VALIDATION_INTERVAL_MS);
+  }
+
+  stopValidationTimer(): void {
+    if (this.validationTimer) {
+      clearInterval(this.validationTimer);
+      this.validationTimer = null;
+    }
+  }
+
+  /** Current tier — synchronous, zero-latency (reads from cache) */
+  getTier(): LicenseTier {
+    return this.cache?.tier ?? "community";
+  }
+
+  /**
+   * Read tier directly from DB — bypasses in-memory cache.
+   * Use this in Server Components where the singleton cache may be stale
+   * due to Turbopack module instance separation.
+   */
+  getTierFromDb(): LicenseTier {
+    const row = db
+      .select({ tier: licenseTable.tier })
+      .from(licenseTable)
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .get();
+    return (row?.tier as LicenseTier) ?? "community";
+  }
+
+  /** True if tier is solo or above */
+  isPremium(): boolean {
+    const tier = this.getTier();
+    return tier !== "community";
+  }
+
+  /** Check if a specific feature is allowed for the current tier */
+  isFeatureAllowed(feature: LicenseFeature): boolean {
+    return canAccessFeature(this.getTier(), feature);
+  }
+
+  /** Get the limit value for a resource at the current tier */
+  getLimit(resource: LimitResource): number {
+    return TIER_LIMITS[this.getTier()][resource];
+  }
+
+  /** Get the full cached license state */
+  getStatus(): CachedLicense & { tier: LicenseTier } {
+    return {
+      tier: this.getTier(),
+      status: this.cache?.status ?? "inactive",
+      email: this.cache?.email ?? null,
+      activatedAt: this.cache?.activatedAt ?? null,
+      expiresAt: this.cache?.expiresAt ?? null,
+      lastValidatedAt: this.cache?.lastValidatedAt ?? null,
+      gracePeriodExpiresAt: this.cache?.gracePeriodExpiresAt ?? null,
+    };
+  }
+
+  /**
+   * Activate a license locally. Called after successful cloud validation.
+   */
+  activate(params: {
+    tier: LicenseTier;
+    email: string;
+    expiresAt?: Date;
+    encryptedToken?: string;
+  }): void {
+    const now = new Date();
+    db.update(licenseTable)
+      .set({
+        tier: params.tier,
+        status: "active",
+        email: params.email,
+        activatedAt: now,
+        expiresAt: params.expiresAt ?? null,
+        lastValidatedAt: now,
+        gracePeriodExpiresAt: null,
+        encryptedToken: params.encryptedToken ?? null,
+        updatedAt: now,
+      })
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .run();
+
+    this.refreshCache();
+  }
+
+  /**
+   * Deactivate — revert to community tier.
+   */
+  deactivate(): void {
+    const now = new Date();
+    db.update(licenseTable)
+      .set({
+        tier: "community",
+        status: "inactive",
+        email: null,
+        activatedAt: null,
+        expiresAt: null,
+        lastValidatedAt: null,
+        gracePeriodExpiresAt: null,
+        encryptedToken: null,
+        updatedAt: now,
+      })
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .run();
+
+    this.refreshCache();
+  }
+
+  /**
+   * Daily validation against cloud.
+   * On success: update lastValidatedAt, clear grace period.
+   * On failure: enter grace period if not already in one.
+   * Never throws — silently uses cached state on error.
+   */
+  async validateAndRefresh(): Promise<void> {
+    try {
+      // Skip validation for community tier — no license to validate
+      if (this.getTier() === "community") return;
+
+      // Dynamic import to avoid circular deps and allow Supabase to be optional
+      const { validateLicenseWithCloud } = await import("./cloud-validation");
+      const result = await validateLicenseWithCloud(this.cache?.email ?? "");
+
+      if (result.valid) {
+        const now = new Date();
+        db.update(licenseTable)
+          .set({
+            tier: result.tier,
+            status: "active",
+            lastValidatedAt: now,
+            gracePeriodExpiresAt: null,
+            expiresAt: result.expiresAt ?? null,
+            updatedAt: now,
+          })
+          .where(eq(licenseTable.id, LICENSE_ROW_ID))
+          .run();
+      } else {
+        this.enterGracePeriod();
+      }
+    } catch {
+      // Network failure — enter grace period if not already in one
+      if (this.cache?.status === "active" && this.cache?.lastValidatedAt) {
+        this.enterGracePeriod();
+      }
+    }
+
+    this.refreshCache();
+  }
+
+  private enterGracePeriod(): void {
+    if (this.cache?.status === "grace") return; // Already in grace
+
+    const now = new Date();
+    const graceExpiry = new Date(now.getTime() + GRACE_PERIOD_MS);
+
+    db.update(licenseTable)
+      .set({
+        status: "grace",
+        gracePeriodExpiresAt: graceExpiry,
+        updatedAt: now,
+      })
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .run();
+  }
+
+  private checkGracePeriod(): void {
+    if (this.cache?.status !== "grace") return;
+    if (!this.cache.gracePeriodExpiresAt) return;
+
+    if (new Date() > this.cache.gracePeriodExpiresAt) {
+      // Grace period expired — degrade to community
+      this.deactivate();
+    }
+  }
+
+  private refreshCache(): void {
+    const rows = db
+      .select()
+      .from(licenseTable)
+      .where(eq(licenseTable.id, LICENSE_ROW_ID))
+      .all();
+
+    if (rows.length > 0) {
+      this.cache = this.rowToCache(rows[0]);
+      this.checkGracePeriod();
+    }
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  private rowToCache(row: any): CachedLicense {
+    return {
+      tier: row.tier as LicenseTier,
+      status: row.status as CachedLicense["status"],
+      email: row.email,
+      activatedAt: row.activatedAt,
+      expiresAt: row.expiresAt,
+      lastValidatedAt: row.lastValidatedAt,
+      gracePeriodExpiresAt: row.gracePeriodExpiresAt,
+    };
+  }
+}
+
+/** Singleton instance */
+export const licenseManager = new LicenseManager();

package/src/lib/license/notifications.ts

@@ -0,0 +1,59 @@
+/**
+ * License tier limit notifications.
+ * Mirrors the budget_alert notification pattern.
+ */
+
+import { db } from "@/lib/db";
+import { notifications } from "@/lib/db/schema";
+import type { LimitResource } from "./tier-limits";
+import { licenseManager } from "./manager";
+
+export class TierLimitExceededError extends Error {
+  public readonly resource: LimitResource;
+  public readonly current: number;
+  public readonly limit: number;
+  public readonly tier: string;
+
+  constructor(resource: LimitResource, current: number, limit: number) {
+    const tier = licenseManager.getTier();
+    super(
+      `Tier limit exceeded: ${resource} (${current}/${limit}) on ${tier} tier`
+    );
+    this.name = "TierLimitExceededError";
+    this.resource = resource;
+    this.current = current;
+    this.limit = limit;
+    this.tier = tier;
+  }
+}
+
+const RESOURCE_LABELS: Record<LimitResource, string> = {
+  agentMemories: "Agent Memories",
+  contextVersions: "Context Versions",
+  activeSchedules: "Active Schedules",
+  historyRetentionDays: "History Retention",
+  parallelWorkflows: "Parallel Workflows",
+};
+
+/**
+ * Create a tier_limit notification to surface limit hits in the Inbox.
+ */
+export async function createTierLimitNotification(
+  resource: LimitResource,
+  current: number,
+  limit: number,
+  taskId?: string
+): Promise<void> {
+  const tier = licenseManager.getTier();
+  const label = RESOURCE_LABELS[resource];
+
+  await db.insert(notifications).values({
+    id: crypto.randomUUID(),
+    taskId: taskId ?? null,
+    type: "tier_limit",
+    title: `${label} limit reached`,
+    body: `You've reached the ${tier} tier limit of ${limit} ${label.toLowerCase()}. Current usage: ${current}. Upgrade to unlock higher limits.`,
+    read: false,
+    createdAt: new Date(),
+  });
+}

package/src/lib/license/tier-limits.ts

@@ -0,0 +1,71 @@
+/**
+ * Tier limit constants for the PLG monetization system.
+ *
+ * Each tier includes all capabilities of lower tiers.
+ * "Unlimited" is represented as Infinity for easy comparison.
+ */
+
+export const TIERS = ["community", "solo", "operator", "scale"] as const;
+export type LicenseTier = (typeof TIERS)[number];
+
+/** Numeric rank for tier comparison — higher = more capable */
+export const TIER_RANK: Record<LicenseTier, number> = {
+  community: 0,
+  solo: 1,
+  operator: 2,
+  scale: 3,
+} as const;
+
+export type LimitResource =
+  | "agentMemories"
+  | "contextVersions"
+  | "activeSchedules"
+  | "historyRetentionDays"
+  | "parallelWorkflows";
+
+export const TIER_LIMITS: Record<LicenseTier, Record<LimitResource, number>> = {
+  community: {
+    agentMemories: 50,
+    contextVersions: 10,
+    activeSchedules: 5,
+    historyRetentionDays: 30,
+    parallelWorkflows: 3,
+  },
+  solo: {
+    agentMemories: 200,
+    contextVersions: 50,
+    activeSchedules: 20,
+    historyRetentionDays: 180,
+    parallelWorkflows: 5,
+  },
+  operator: {
+    agentMemories: 500,
+    contextVersions: 100,
+    activeSchedules: 50,
+    historyRetentionDays: 365,
+    parallelWorkflows: 10,
+  },
+  scale: {
+    agentMemories: Infinity,
+    contextVersions: Infinity,
+    activeSchedules: Infinity,
+    historyRetentionDays: Infinity,
+    parallelWorkflows: Infinity,
+  },
+} as const;
+
+/** Human-friendly tier labels for UI display */
+export const TIER_LABELS: Record<LicenseTier, string> = {
+  community: "Community",
+  solo: "Solo",
+  operator: "Operator",
+  scale: "Scale",
+} as const;
+
+/** Monthly pricing in USD (0 = free) */
+export const TIER_PRICING: Record<LicenseTier, { monthly: number; annual: number }> = {
+  community: { monthly: 0, annual: 0 },
+  solo: { monthly: 19, annual: 190 },
+  operator: { monthly: 49, annual: 490 },
+  scale: { monthly: 99, annual: 990 },
+} as const;

package/src/lib/marketplace/marketplace-client.ts

@@ -0,0 +1,107 @@
+/**
+ * Marketplace client — Supabase CRUD for blueprints.
+ * All reads go through the marketplace-catalog Edge Function.
+ * Writes go directly to Supabase with RLS.
+ */
+
+import { getSupabaseClient, isCloudConfigured } from "@/lib/cloud/supabase-client";
+
+export interface MarketplaceBlueprint {
+  id: string;
+  title: string;
+  description: string | null;
+  category: string;
+  price_cents: number;
+  success_rate: number;
+  install_count: number;
+  tags: string[];
+  created_at: string;
+}
+
+export interface MarketplaceCatalogResult {
+  blueprints: MarketplaceBlueprint[];
+  total: number;
+  page: number;
+  limit: number;
+}
+
+/**
+ * Browse published blueprints (available to all tiers).
+ */
+export async function browseBlueprints(
+  page: number = 1,
+  category?: string
+): Promise<MarketplaceCatalogResult> {
+  if (!isCloudConfigured()) {
+    return { blueprints: [], total: 0, page, limit: 20 };
+  }
+
+  const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+  const anonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
+
+  const params = new URLSearchParams({ page: String(page) });
+  if (category) params.set("category", category);
+
+  try {
+    const res = await fetch(
+      `${supabaseUrl}/functions/v1/marketplace-catalog?${params}`,
+      { headers: { Authorization: `Bearer ${anonKey}` } }
+    );
+    if (!res.ok) return { blueprints: [], total: 0, page, limit: 20 };
+    return await res.json();
+  } catch {
+    return { blueprints: [], total: 0, page, limit: 20 };
+  }
+}
+
+/**
+ * Import a blueprint into local workflows (Solo+ tier).
+ */
+export async function importBlueprint(
+  blueprintId: string
+): Promise<{ success: boolean; content?: string; error?: string }> {
+  const supabase = getSupabaseClient();
+  if (!supabase) return { success: false, error: "Cloud not configured" };
+
+  const { data, error } = await supabase
+    .from("blueprints")
+    .select("content")
+    .eq("id", blueprintId)
+    .single();
+
+  if (error || !data) {
+    return { success: false, error: error?.message ?? "Blueprint not found" };
+  }
+
+  return { success: true, content: data.content };
+}
+
+/**
+ * Publish a local workflow as a marketplace blueprint (Operator+ tier).
+ */
+export async function publishBlueprint(params: {
+  title: string;
+  description: string;
+  category: string;
+  content: string;
+  tags: string[];
+}): Promise<{ success: boolean; id?: string; error?: string }> {
+  const supabase = getSupabaseClient();
+  if (!supabase) return { success: false, error: "Cloud not configured" };
+
+  const { data, error } = await supabase
+    .from("blueprints")
+    .insert({
+      title: params.title,
+      description: params.description,
+      category: params.category,
+      content: params.content,
+      tags: params.tags,
+      status: "published",
+    })
+    .select("id")
+    .single();
+
+  if (error) return { success: false, error: error.message };
+  return { success: true, id: data?.id };
+}