stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	93d403807b	feat(#351 ): Implement RLS context interceptor (fix SEC-API-4) Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details Implements Row-Level Security (RLS) context propagation via NestJS interceptor and AsyncLocalStorage. Core Implementation: - RlsContextInterceptor sets PostgreSQL session variables (app.current_user_id, app.current_workspace_id) within transaction boundaries - Uses SET LOCAL for transaction-scoped variables, preventing connection pool leakage - AsyncLocalStorage propagates transaction-scoped Prisma client to services - Graceful handling of unauthenticated routes - 30-second transaction timeout with 10-second max wait Security Features: - Error sanitization prevents information disclosure to clients - TransactionClient type provides compile-time safety, prevents invalid method calls - Defense-in-depth security layer for RLS policy enforcement Quality Rails Compliance: - Fixed 154 lint errors in llm-usage module (package-level enforcement) - Added proper TypeScript typing for Prisma operations - Resolved all type safety violations Test Coverage: - 19 tests (7 provider + 9 interceptor + 3 integration) - 95.75% overall coverage (100% statements on implementation files) - All tests passing, zero lint errors Documentation: - Comprehensive RLS-CONTEXT-USAGE.md with examples and migration guide Files Created: - apps/api/src/common/interceptors/rls-context.interceptor.ts - apps/api/src/common/interceptors/rls-context.interceptor.spec.ts - apps/api/src/common/interceptors/rls-context.integration.spec.ts - apps/api/src/prisma/rls-context.provider.ts - apps/api/src/prisma/rls-context.provider.spec.ts - apps/api/src/prisma/RLS-CONTEXT-USAGE.md Fixes #351 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-07 12:25:50 -06:00
Jason Woltje	b836940b89	feat(#309 ): Add LLM usage tracking and analytics Implements comprehensive LLM usage tracking with analytics endpoints. Implementation: - Added LlmUsageLog model to Prisma schema - Created llm-usage module with service, controller, and DTOs - Added tracking for token usage, costs, and durations - Implemented analytics aggregation by provider, model, and task type - Added filtering by workspace, provider, model, user, and date range Testing: - 20 unit tests with 90.8% coverage (exceeds 85% requirement) - Tests for service and controller with full error handling - Tests use Vitest following project conventions API Endpoints: - GET /api/llm-usage/analytics - Aggregated usage analytics - GET /api/llm-usage/by-workspace/:workspaceId - Workspace usage logs - GET /api/llm-usage/by-workspace/:workspaceId/provider/:provider - Provider logs - GET /api/llm-usage/by-workspace/:workspaceId/model/:model - Model logs Database: - LlmUsageLog table with indexes for efficient queries - Relations to User, Workspace, and LlmProviderInstance - Ready for migration with: pnpm prisma migrate dev Refs #309 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-04 13:41:45 -06:00

Author

SHA1

Message

Date

Jason Woltje

93d403807b

feat(#351 ): Implement RLS context interceptor (fix SEC-API-4)

ci/woodpecker/push/woodpecker Pipeline failed

Details

Implements Row-Level Security (RLS) context propagation via NestJS interceptor and AsyncLocalStorage.

Core Implementation:
- RlsContextInterceptor sets PostgreSQL session variables (app.current_user_id, app.current_workspace_id) within transaction boundaries
- Uses SET LOCAL for transaction-scoped variables, preventing connection pool leakage
- AsyncLocalStorage propagates transaction-scoped Prisma client to services
- Graceful handling of unauthenticated routes
- 30-second transaction timeout with 10-second max wait

Security Features:
- Error sanitization prevents information disclosure to clients
- TransactionClient type provides compile-time safety, prevents invalid method calls
- Defense-in-depth security layer for RLS policy enforcement

Quality Rails Compliance:
- Fixed 154 lint errors in llm-usage module (package-level enforcement)
- Added proper TypeScript typing for Prisma operations
- Resolved all type safety violations

Test Coverage:
- 19 tests (7 provider + 9 interceptor + 3 integration)
- 95.75% overall coverage (100% statements on implementation files)
- All tests passing, zero lint errors

Documentation:
- Comprehensive RLS-CONTEXT-USAGE.md with examples and migration guide

Files Created:
- apps/api/src/common/interceptors/rls-context.interceptor.ts
- apps/api/src/common/interceptors/rls-context.interceptor.spec.ts
- apps/api/src/common/interceptors/rls-context.integration.spec.ts
- apps/api/src/prisma/rls-context.provider.ts
- apps/api/src/prisma/rls-context.provider.spec.ts
- apps/api/src/prisma/RLS-CONTEXT-USAGE.md

Fixes #351

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-07 12:25:50 -06:00

Jason Woltje

b836940b89

feat(#309 ): Add LLM usage tracking and analytics

Implements comprehensive LLM usage tracking with analytics endpoints.

Implementation:
- Added LlmUsageLog model to Prisma schema
- Created llm-usage module with service, controller, and DTOs
- Added tracking for token usage, costs, and durations
- Implemented analytics aggregation by provider, model, and task type
- Added filtering by workspace, provider, model, user, and date range

Testing:
- 20 unit tests with 90.8% coverage (exceeds 85% requirement)
- Tests for service and controller with full error handling
- Tests use Vitest following project conventions

API Endpoints:
- GET /api/llm-usage/analytics - Aggregated usage analytics
- GET /api/llm-usage/by-workspace/:workspaceId - Workspace usage logs
- GET /api/llm-usage/by-workspace/:workspaceId/provider/:provider - Provider logs
- GET /api/llm-usage/by-workspace/:workspaceId/model/:model - Model logs

Database:
- LlmUsageLog table with indexes for efficient queries
- Relations to User, Workspace, and LlmProviderInstance
- Ready for migration with: pnpm prisma migrate dev

Refs #309

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-04 13:41:45 -06:00

2 Commits