mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: mosaic:docs/ms22-architecture
Branches Tags
mosaic:main mosaic:fix/dashboard-widget-mock-data mosaic:fix/ci-glibc-image mosaic:fix/dockerfile-npmrc mosaic:fix/matrix-native-binary mosaic:fix/kaniko-cache mosaic:fix/base-image-kaniko-v2 mosaic:fix/base-image-kaniko mosaic:feat/custom-base-image mosaic:ci/pnpm-cache mosaic:fix/interceptor-tests mosaic:fix/kanban-tests mosaic:feat/wire-chat mosaic:feat/usage-widget mosaic:fix/security-hardening mosaic:fix/project-domain-v2 mosaic:feat/kanban-add-task mosaic:fix/project-domain-attach mosaic:fix/logs-page-clean mosaic:fix/workspace-members mosaic:fix/ci-lint-632 mosaic:fix/file-manager-tags mosaic:fix/csrf-debug-log mosaic:fix/controller-type-imports mosaic:fix/system-admin-env mosaic:fix/gateway-cors-trusted-origins mosaic:feat/project-detail-page mosaic:fix/fleet-provider-form-dto-v2 mosaic:fix/ms22-audit mosaic:fix/orchestrator-widgets mosaic:fix/fleet-provider-form-dto mosaic:fix/csrf-bearer-bypass mosaic:fix/ms22-missing-authmodule-imports mosaic:fix/container-lifecycle-config-module mosaic:fix/swarm-compose-ms22-vars mosaic:chore/ms22-p1-complete mosaic:feat/ms22-p1h-settings-ui mosaic:feat/ms22-p1f-onboarding-ui mosaic:feat/ms22-p1i-chat-proxy mosaic:feat/ms22-p1k-idle-reaper mosaic:feat/ms22-p1j-docker mosaic:feat/ms22-p1e-onboarding-api mosaic:feat/ms22-p1g-settings-api mosaic:feat/ms22-p1d-container-mgr mosaic:feat/ms22-p1c-config-api mosaic:chore/ms22-prd-tracking mosaic:feat/ms22-p1a-schema mosaic:feat/ms22-p1b-crypto mosaic:chore/ms22-p1-tasks mosaic:docs/ms22-architecture mosaic:feat/ms22-openclaw-docker mosaic:feat/ms22-openclaw-gateway-module mosaic:chore/ms21-complete mosaic:chore/ms21-final-tasks-done mosaic:fix/ms21-ui-001-qa mosaic:test/ms21-ui-tests mosaic:chore/ms21-tasks-sync mosaic:chore/ms22-phase0-complete mosaic:feat/ms22-ingest-clean mosaic:feat/ms21-ui-users-members mosaic:feat/ms22-task-agent mosaic:chore/tasks-final mosaic:chore/tasks-update mosaic:feat/ms21-session-invalidation mosaic:feat/ms21-rbac-settings mosaic:feat/ms21-teams-page mosaic:feat/ms21-users-page mosaic:feat/ms19-terminal-persistence
mosaic:v0.0.21 mosaic:v0.20.0 mosaic:v0.0.15 mosaic:v0.0.2
..
compare: mosaic:feat/ms19-terminal-persistence
Branches Tags
mosaic:main mosaic:fix/dashboard-widget-mock-data mosaic:fix/ci-glibc-image mosaic:fix/dockerfile-npmrc mosaic:fix/matrix-native-binary mosaic:fix/kaniko-cache mosaic:fix/base-image-kaniko-v2 mosaic:fix/base-image-kaniko mosaic:feat/custom-base-image mosaic:ci/pnpm-cache mosaic:fix/interceptor-tests mosaic:fix/kanban-tests mosaic:feat/wire-chat mosaic:feat/usage-widget mosaic:fix/security-hardening mosaic:fix/project-domain-v2 mosaic:feat/kanban-add-task mosaic:fix/project-domain-attach mosaic:fix/logs-page-clean mosaic:fix/workspace-members mosaic:fix/ci-lint-632 mosaic:fix/file-manager-tags mosaic:fix/csrf-debug-log mosaic:fix/controller-type-imports mosaic:fix/system-admin-env mosaic:fix/gateway-cors-trusted-origins mosaic:feat/project-detail-page mosaic:fix/fleet-provider-form-dto-v2 mosaic:fix/ms22-audit mosaic:fix/orchestrator-widgets mosaic:fix/fleet-provider-form-dto mosaic:fix/csrf-bearer-bypass mosaic:fix/ms22-missing-authmodule-imports mosaic:fix/container-lifecycle-config-module mosaic:fix/swarm-compose-ms22-vars mosaic:chore/ms22-p1-complete mosaic:feat/ms22-p1h-settings-ui mosaic:feat/ms22-p1f-onboarding-ui mosaic:feat/ms22-p1i-chat-proxy mosaic:feat/ms22-p1k-idle-reaper mosaic:feat/ms22-p1j-docker mosaic:feat/ms22-p1e-onboarding-api mosaic:feat/ms22-p1g-settings-api mosaic:feat/ms22-p1d-container-mgr mosaic:feat/ms22-p1c-config-api mosaic:chore/ms22-prd-tracking mosaic:feat/ms22-p1a-schema mosaic:feat/ms22-p1b-crypto mosaic:chore/ms22-p1-tasks mosaic:docs/ms22-architecture mosaic:feat/ms22-openclaw-docker mosaic:feat/ms22-openclaw-gateway-module mosaic:chore/ms21-complete mosaic:chore/ms21-final-tasks-done mosaic:fix/ms21-ui-001-qa mosaic:test/ms21-ui-tests mosaic:chore/ms21-tasks-sync mosaic:chore/ms22-phase0-complete mosaic:feat/ms22-ingest-clean mosaic:feat/ms21-ui-users-members mosaic:feat/ms22-task-agent mosaic:chore/tasks-final mosaic:chore/tasks-update mosaic:feat/ms21-session-invalidation mosaic:feat/ms21-rbac-settings mosaic:feat/ms21-teams-page mosaic:feat/ms21-users-page mosaic:feat/ms19-terminal-persistence
mosaic:v0.0.21 mosaic:v0.20.0 mosaic:v0.0.15 mosaic:v0.0.2

2 Commits
docs/ms22- ... feat/ms19-

Author SHA1 Message Date
Jason Woltje
e41fedb3c2 feat(api): add terminal session persistence with Prisma model and CRUD service
Some checks failed
ci/woodpecker/push/api Pipeline failed
Details 
Adds database-backed TerminalSession model with ACTIVE/CLOSED status enum,
migration SQL, TerminalSessionService (create/findByWorkspace/close/findById),
DTO file with class-validator decorators, unit tests (12 tests), and module
registration. Workspace relation and indexed columns enable efficient session
listing and recovery.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-25 20:46:58 -06:00
Jason Woltje
5ba77d8952 fix(web): add random suffix to fallback assistant message IDs to prevent collisions
Some checks failed
ci/woodpecker/push/web Pipeline failed
Details 
Message IDs generated in the fallback path used only Date.now() which caused
ID collisions in rapid-send scenarios (multiple sends within the same millisecond).
Adding the same Math.random() suffix used by userMessage IDs ensures uniqueness.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-25 20:41:43 -06:00
213 changed files with 2169 additions and 25905 deletions
Expand all files Collapse all files

30
.env.example
View File

@@ -79,7 +79,7 @@ OIDC_CLIENT_ID=your-client-id-here
OIDC_CLIENT_SECRET=your-client-secret-here OIDC_CLIENT_SECRET=your-client-secret-here
# Redirect URI must match what's configured in Authentik # Redirect URI must match what's configured in Authentik
# Development: http://localhost:3001/auth/oauth2/callback/authentik # Development: http://localhost:3001/auth/oauth2/callback/authentik
# Production: https://mosaic-api.woltje.com/auth/oauth2/callback/authentik # Production: https://api.mosaicstack.dev/auth/oauth2/callback/authentik
OIDC_REDIRECT_URI=http://localhost:3001/auth/oauth2/callback/authentik OIDC_REDIRECT_URI=http://localhost:3001/auth/oauth2/callback/authentik
# Authentik PostgreSQL Database # Authentik PostgreSQL Database
@@ -314,19 +314,17 @@ COORDINATOR_ENABLED=true
# TTL is in seconds, limits are per TTL window # TTL is in seconds, limits are per TTL window
# Global rate limit (applies to all endpoints unless overridden) # Global rate limit (applies to all endpoints unless overridden)
# Time window in seconds RATE_LIMIT_TTL=60 # Time window in seconds
RATE_LIMIT_TTL=60 RATE_LIMIT_GLOBAL_LIMIT=100 # Requests per window
# Requests per window
RATE_LIMIT_GLOBAL_LIMIT=100
# Webhook endpoints (/stitcher/webhook, /stitcher/dispatch) — requests per minute # Webhook endpoints (/stitcher/webhook, /stitcher/dispatch)
RATE_LIMIT_WEBHOOK_LIMIT=60 RATE_LIMIT_WEBHOOK_LIMIT=60 # Requests per minute
# Coordinator endpoints (/coordinator/*) — requests per minute # Coordinator endpoints (/coordinator/*)
RATE_LIMIT_COORDINATOR_LIMIT=100 RATE_LIMIT_COORDINATOR_LIMIT=100 # Requests per minute
# Health check endpoints (/coordinator/health) — requests per minute (higher for monitoring) # Health check endpoints (/coordinator/health)
RATE_LIMIT_HEALTH_LIMIT=300 RATE_LIMIT_HEALTH_LIMIT=300 # Requests per minute (higher for monitoring)
# Storage backend for rate limiting (redis or memory) # Storage backend for rate limiting (redis or memory)
# redis: Uses Valkey for distributed rate limiting (recommended for production) # redis: Uses Valkey for distributed rate limiting (recommended for production)
@@ -361,17 +359,17 @@ RATE_LIMIT_STORAGE=redis
# a single workspace. # a single workspace.
MATRIX_HOMESERVER_URL=http://synapse:8008 MATRIX_HOMESERVER_URL=http://synapse:8008
MATRIX_ACCESS_TOKEN= MATRIX_ACCESS_TOKEN=
MATRIX_BOT_USER_ID=@mosaic-bot:matrix.woltje.com MATRIX_BOT_USER_ID=@mosaic-bot:matrix.example.com
MATRIX_SERVER_NAME=matrix.woltje.com MATRIX_SERVER_NAME=matrix.example.com
# MATRIX_CONTROL_ROOM_ID=!roomid:matrix.woltje.com # MATRIX_CONTROL_ROOM_ID=!roomid:matrix.example.com
# MATRIX_WORKSPACE_ID=your-workspace-uuid # MATRIX_WORKSPACE_ID=your-workspace-uuid
# ====================== # ======================
# Matrix / Synapse Deployment # Matrix / Synapse Deployment
# ====================== # ======================
# Domains for Traefik routing to Matrix services # Domains for Traefik routing to Matrix services
MATRIX_DOMAIN=matrix.woltje.com MATRIX_DOMAIN=matrix.example.com
ELEMENT_DOMAIN=chat.woltje.com ELEMENT_DOMAIN=chat.example.com
# Synapse database (created automatically by synapse-db-init in the swarm compose) # Synapse database (created automatically by synapse-db-init in the swarm compose)
SYNAPSE_POSTGRES_DB=synapse SYNAPSE_POSTGRES_DB=synapse

94
.mosaic/orchestrator/mission.json
View File

@@ -1,90 +1,14 @@
{ {
"schema_version": 1, "schema_version": 1,
"mission_id": "ms21-multi-tenant-rbac-data-migration-20260228", "mission_id": "prd-implementation-20260222",
"name": "MS21 Multi-Tenant RBAC Data Migration", "name": "PRD implementation",
"description": "Build multi-tenant user/workspace/team management, break-glass auth, RBAC UI enforcement, and migrate jarvis-brain data into Mosaic Stack", "description": "",
"project_path": "/home/jwoltje/src/mosaic-stack", "project_path": "/home/jwoltje/src/mosaic-stack",
"created_at": "2026-02-28T17:10:22Z", "created_at": "2026-02-23T03:20:55Z",
"status": "active", "status": "active",
"task_prefix": "MS21", "task_prefix": "",
"quality_gates": "pnpm lint && pnpm build && pnpm test", "quality_gates": "",
"milestone_version": "0.0.21", "milestone_version": "0.0.1",
"milestones": [ "milestones": [],
{ "sessions": []
"id": "phase-1",
"name": "Schema and Admin API",
"status": "pending",
"branch": "schema-and-admin-api",
"issue_ref": "",
"started_at": "",
"completed_at": ""
},
{
"id": "phase-2",
"name": "Break-Glass Authentication",
"status": "pending",
"branch": "break-glass-authentication",
"issue_ref": "",
"started_at": "",
"completed_at": ""
},
{
"id": "phase-3",
"name": "Data Migration",
"status": "pending",
"branch": "data-migration",
"issue_ref": "",
"started_at": "",
"completed_at": ""
},
{
"id": "phase-4",
"name": "Admin UI",
"status": "pending",
"branch": "admin-ui",
"issue_ref": "",
"started_at": "",
"completed_at": ""
},
{
"id": "phase-5",
"name": "RBAC UI Enforcement",
"status": "pending",
"branch": "rbac-ui-enforcement",
"issue_ref": "",
"started_at": "",
"completed_at": ""
},
{
"id": "phase-6",
"name": "Verification",
"status": "pending",
"branch": "verification",
"issue_ref": "",
"started_at": "",
"completed_at": ""
}
],
"sessions": [
{
"session_id": "sess-001",
"runtime": "unknown",
"started_at": "2026-02-28T17:48:51Z",
"ended_at": "",
"ended_reason": "",
"milestone_at_end": "",
"tasks_completed": [],
"last_task_id": ""
},
{
"session_id": "sess-002",
"runtime": "unknown",
"started_at": "2026-02-28T20:30:13Z",
"ended_at": "",
"ended_reason": "",
"milestone_at_end": "",
"tasks_completed": [],
"last_task_id": ""
}
]
} }

8
.mosaic/orchestrator/session.lock
View File

@@ -1,8 +0,0 @@
{
"session_id": "sess-002",
"runtime": "unknown",
"pid": 3178395,
"started_at": "2026-02-28T20:30:13Z",
"project_path": "/tmp/ms21-ui-001",
"milestone_id": ""
}

6
.trivyignore
View File

@@ -34,9 +34,3 @@ CVE-2026-26996 # HIGH: minimatch DoS via specially crafted glob patterns (needs
# OpenBao 2.5.0 compiled with Go 1.25.6, fix needs Go >= 1.25.7. # OpenBao 2.5.0 compiled with Go 1.25.6, fix needs Go >= 1.25.7.
# Cannot build OpenBao from source (large project). Waiting for upstream release. # Cannot build OpenBao from source (large project). Waiting for upstream release.
CVE-2025-68121 # CRITICAL: crypto/tls session resumption CVE-2025-68121 # CRITICAL: crypto/tls session resumption
# === multer CVEs (upstream via @nestjs/platform-express) ===
# multer <2.1.0 — waiting on NestJS to update their dependency
# These are DoS vulnerabilities in file upload handling
GHSA-xf7r-hgr6-v32p # HIGH: DoS via incomplete cleanup
GHSA-v52c-386h-88mc # HIGH: DoS via resource exhaustion

234
.woodpecker/api.yml Normal file
View File

@@ -0,0 +1,234 @@
# API Pipeline - Mosaic Stack
# Quality gates, build, and Docker publish for @mosaic/api
#
# Triggers on: apps/api/**, packages/**, root configs
# Security chain: source audit + Trivy container scan
when:
- event: [push, pull_request, manual]
path:
include:
- "apps/api/**"
- "packages/**"
- "pnpm-lock.yaml"
- "pnpm-workspace.yaml"
- "turbo.json"
- "package.json"
- ".woodpecker/api.yml"
- ".trivyignore"
variables:
- &node_image "node:24-alpine"
- &install_deps |
corepack enable
pnpm install --frozen-lockfile
- &use_deps |
corepack enable
- &kaniko_setup |
mkdir -p /kaniko/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
services:
postgres:
image: postgres:17.7-alpine3.22
environment:
POSTGRES_DB: test_db
POSTGRES_USER: test_user
POSTGRES_PASSWORD: test_password
steps:
# === Quality Gates ===
install:
image: *node_image
commands:
- *install_deps
security-audit:
image: *node_image
commands:
- *use_deps
- pnpm audit --audit-level=high
depends_on:
- install
lint:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" lint
depends_on:
- prisma-generate
- build-shared
prisma-generate:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" prisma:generate
depends_on:
- install
build-shared:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/shared" build
depends_on:
- install
typecheck:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" typecheck
depends_on:
- prisma-generate
- build-shared
prisma-migrate:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
DATABASE_URL: "postgresql://test_user:test_password@postgres:5432/test_db?schema=public"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" prisma migrate deploy
depends_on:
- prisma-generate
test:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
DATABASE_URL: "postgresql://test_user:test_password@postgres:5432/test_db?schema=public"
ENCRYPTION_KEY: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" exec vitest run --exclude 'src/auth/auth-rls.integration.spec.ts' --exclude 'src/credentials/user-credential.model.spec.ts' --exclude 'src/job-events/job-events.performance.spec.ts' --exclude 'src/knowledge/services/fulltext-search.spec.ts' --exclude 'src/mosaic-telemetry/mosaic-telemetry.module.spec.ts'
depends_on:
- prisma-migrate
# === Build ===
build:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
NODE_ENV: "production"
commands:
- *use_deps
- pnpm turbo build --filter=@mosaic/api
depends_on:
- lint
- typecheck
- test
- security-audit
# === Docker Build & Push ===
docker-build-api:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest"
fi
/kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
# === Container Security Scan ===
security-trivy-api:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then
SCAN_TAG="$$CI_COMMIT_TAG"
elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then
SCAN_TAG="latest"
else
SCAN_TAG="latest"
fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \
--ignorefile .trivyignore \
git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-api
# === Package Linking ===
link-packages:
image: alpine:3
environment:
GITEA_TOKEN:
from_secret: gitea_token
commands:
- apk add --no-cache curl
- sleep 10
- |
set -e
link_package() {
PKG="$$1"
echo "Linking $$PKG..."
for attempt in 1 2 3; do
STATUS=$$(curl -s -o /tmp/link-response.txt -w "%{http_code}" -X POST \
-H "Authorization: token $$GITEA_TOKEN" \
"https://git.mosaicstack.dev/api/v1/packages/mosaic/container/$$PKG/-/link/stack")
if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then
echo " Linked $$PKG"
return 0
elif [ "$$STATUS" = "400" ]; then
echo " $$PKG already linked"
return 0
elif [ "$$STATUS" = "404" ] && [ $$attempt -lt 3 ]; then
echo " $$PKG not found yet, retrying in 5s (attempt $$attempt/3)..."
sleep 5
else
echo " FAILED: $$PKG status $$STATUS"
cat /tmp/link-response.txt
return 1
fi
done
}
link_package "stack-api"
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- security-trivy-api

337
.woodpecker/ci.yml
View File

@@ -1,337 +0,0 @@
# Unified CI Pipeline - Mosaic Stack
# Single install, parallel quality gates, sequential deploy
#
# Replaces: api.yml, orchestrator.yml, web.yml
# Keeps: coordinator.yml (Python), infra.yml (separate concerns)
#
# Flow:
# install → security-audit
# → prisma-generate → lint + typecheck (parallel)
# → prisma-migrate → test
# → build (after all gates pass)
# → docker builds (main only, parallel)
# → trivy scans (main only, parallel)
# → package linking (main only)
when:
- event: [push, pull_request, manual]
path:
include:
- "apps/api/**"
- "apps/orchestrator/**"
- "apps/web/**"
- "packages/**"
- "pnpm-lock.yaml"
- "pnpm-workspace.yaml"
- "turbo.json"
- "package.json"
- ".woodpecker/ci.yml"
- ".trivyignore"
variables:
- &node_image "node:24-alpine"
- &install_deps |
corepack enable
pnpm install --frozen-lockfile
- &use_deps |
corepack enable
- &turbo_env
TURBO_API:
from_secret: turbo_api
TURBO_TOKEN:
from_secret: turbo_token
TURBO_TEAM:
from_secret: turbo_team
- &kaniko_setup |
mkdir -p /kaniko/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
services:
postgres:
image: postgres:17.7-alpine3.22
environment:
POSTGRES_DB: test_db
POSTGRES_USER: test_user
POSTGRES_PASSWORD: test_password
steps:
# ─── Install (once) ─────────────────────────────────────────
install:
image: *node_image
commands:
- *install_deps
# ─── Security Audit (once) ──────────────────────────────────
security-audit:
image: *node_image
commands:
- *use_deps
- pnpm audit --audit-level=high
depends_on:
- install
# ─── Prisma Generate ────────────────────────────────────────
prisma-generate:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" prisma:generate
depends_on:
- install
# ─── Lint (all packages) ────────────────────────────────────
lint:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
<<: *turbo_env
commands:
- *use_deps
- pnpm turbo lint
depends_on:
- prisma-generate
# ─── Typecheck (all packages, parallel with lint) ───────────
typecheck:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
<<: *turbo_env
commands:
- *use_deps
- pnpm turbo typecheck
depends_on:
- prisma-generate
# ─── Prisma Migrate (test DB) ──────────────────────────────
prisma-migrate:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
DATABASE_URL: "postgresql://test_user:test_password@postgres:5432/test_db?schema=public"
commands:
- *use_deps
- pnpm --filter "@mosaic/api" prisma migrate deploy
depends_on:
- prisma-generate
# ─── Test (all packages) ───────────────────────────────────
test:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
DATABASE_URL: "postgresql://test_user:test_password@postgres:5432/test_db?schema=public"
ENCRYPTION_KEY: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
<<: *turbo_env
commands:
- *use_deps
- pnpm --filter "@mosaic/api" exec vitest run --exclude 'src/auth/auth-rls.integration.spec.ts' --exclude 'src/credentials/user-credential.model.spec.ts' --exclude 'src/job-events/job-events.performance.spec.ts' --exclude 'src/knowledge/services/fulltext-search.spec.ts' --exclude 'src/mosaic-telemetry/mosaic-telemetry.module.spec.ts'
- pnpm turbo test --filter=@mosaic/orchestrator --filter=@mosaic/web
depends_on:
- prisma-migrate
# ─── Build (all packages) ──────────────────────────────────
build:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
NODE_ENV: "production"
<<: *turbo_env
commands:
- *use_deps
- pnpm turbo build
depends_on:
- lint
- typecheck
- test
- security-audit
# ─── Docker Builds (main only, parallel) ───────────────────
docker-build-api:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest"
fi
/kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
docker-build-orchestrator:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest"
fi
/kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
docker-build-web:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest"
fi
/kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
# ─── Container Security Scans (main only) ──────────────────
security-trivy-api:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-api
security-trivy-orchestrator:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-orchestrator
security-trivy-web:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-web
# ─── Package Linking (main only, once) ─────────────────────
link-packages:
image: alpine:3
environment:
GITEA_TOKEN:
from_secret: gitea_token
commands:
- apk add --no-cache curl
- sleep 10
- |
set -e
link_package() {
PKG="$$1"
echo "Linking $$PKG..."
for attempt in 1 2 3; do
STATUS=$$(curl -s -o /tmp/link-response.txt -w "%{http_code}" -X POST \
-H "Authorization: token $$GITEA_TOKEN" \
"https://git.mosaicstack.dev/api/v1/packages/mosaic/container/$$PKG/-/link/stack")
if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then
echo " Linked $$PKG"
return 0
elif [ "$$STATUS" = "400" ]; then
echo " $$PKG already linked"
return 0
elif [ "$$STATUS" = "404" ] && [ $$attempt -lt 3 ]; then
echo " $$PKG not found yet, retrying in 5s (attempt $$attempt/3)..."
sleep 5
else
echo " FAILED: $$PKG status $$STATUS"
cat /tmp/link-response.txt
return 1
fi
done
}
link_package "stack-api"
link_package "stack-orchestrator"
link_package "stack-web"
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- security-trivy-api
- security-trivy-orchestrator
- security-trivy-web

191
.woodpecker/orchestrator.yml Normal file
View File

@@ -0,0 +1,191 @@
# Orchestrator Pipeline - Mosaic Stack
# Quality gates, build, and Docker publish for @mosaic/orchestrator
#
# Triggers on: apps/orchestrator/**, packages/**, root configs
# Security chain: source audit + Trivy container scan
when:
- event: [push, pull_request, manual]
path:
include:
- "apps/orchestrator/**"
- "packages/**"
- "pnpm-lock.yaml"
- "pnpm-workspace.yaml"
- "turbo.json"
- "package.json"
- ".woodpecker/orchestrator.yml"
- ".trivyignore"
variables:
- &node_image "node:24-alpine"
- &install_deps |
corepack enable
pnpm install --frozen-lockfile
- &use_deps |
corepack enable
- &kaniko_setup |
mkdir -p /kaniko/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
steps:
# === Quality Gates ===
install:
image: *node_image
commands:
- *install_deps
security-audit:
image: *node_image
commands:
- *use_deps
- pnpm audit --audit-level=high
depends_on:
- install
lint:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/orchestrator" lint
depends_on:
- install
typecheck:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/orchestrator" typecheck
depends_on:
- install
test:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/orchestrator" test
depends_on:
- install
# === Build ===
build:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
NODE_ENV: "production"
commands:
- *use_deps
- pnpm turbo build --filter=@mosaic/orchestrator
depends_on:
- lint
- typecheck
- test
- security-audit
# === Docker Build & Push ===
docker-build-orchestrator:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest"
fi
/kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
# === Container Security Scan ===
security-trivy-orchestrator:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then
SCAN_TAG="$$CI_COMMIT_TAG"
elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then
SCAN_TAG="latest"
else
SCAN_TAG="latest"
fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \
--ignorefile .trivyignore \
git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-orchestrator
# === Package Linking ===
link-packages:
image: alpine:3
environment:
GITEA_TOKEN:
from_secret: gitea_token
commands:
- apk add --no-cache curl
- sleep 10
- |
set -e
link_package() {
PKG="$$1"
echo "Linking $$PKG..."
for attempt in 1 2 3; do
STATUS=$$(curl -s -o /tmp/link-response.txt -w "%{http_code}" -X POST \
-H "Authorization: token $$GITEA_TOKEN" \
"https://git.mosaicstack.dev/api/v1/packages/mosaic/container/$$PKG/-/link/stack")
if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then
echo " Linked $$PKG"
return 0
elif [ "$$STATUS" = "400" ]; then
echo " $$PKG already linked"
return 0
elif [ "$$STATUS" = "404" ] && [ $$attempt -lt 3 ]; then
echo " $$PKG not found yet, retrying in 5s (attempt $$attempt/3)..."
sleep 5
else
echo " FAILED: $$PKG status $$STATUS"
cat /tmp/link-response.txt
return 1
fi
done
}
link_package "stack-orchestrator"
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- security-trivy-orchestrator

202
.woodpecker/web.yml Normal file
View File

@@ -0,0 +1,202 @@
# Web Pipeline - Mosaic Stack
# Quality gates, build, and Docker publish for @mosaic/web
#
# Triggers on: apps/web/**, packages/**, root configs
# Security chain: source audit + Trivy container scan
when:
- event: [push, pull_request, manual]
path:
include:
- "apps/web/**"
- "packages/**"
- "pnpm-lock.yaml"
- "pnpm-workspace.yaml"
- "turbo.json"
- "package.json"
- ".woodpecker/web.yml"
- ".trivyignore"
variables:
- &node_image "node:24-alpine"
- &install_deps |
corepack enable
pnpm install --frozen-lockfile
- &use_deps |
corepack enable
- &kaniko_setup |
mkdir -p /kaniko/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
steps:
# === Quality Gates ===
install:
image: *node_image
commands:
- *install_deps
security-audit:
image: *node_image
commands:
- *use_deps
- pnpm audit --audit-level=high
depends_on:
- install
build-shared:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/shared" build
- pnpm --filter "@mosaic/ui" build
depends_on:
- install
lint:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/web" lint
depends_on:
- build-shared
typecheck:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/web" typecheck
depends_on:
- build-shared
test:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
commands:
- *use_deps
- pnpm --filter "@mosaic/web" test
depends_on:
- build-shared
# === Build ===
build:
image: *node_image
environment:
SKIP_ENV_VALIDATION: "true"
NODE_ENV: "production"
commands:
- *use_deps
- pnpm turbo build --filter=@mosaic/web
depends_on:
- lint
- typecheck
- test
- security-audit
# === Docker Build & Push ===
docker-build-web:
image: gcr.io/kaniko-project/executor:debug
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- *kaniko_setup
- |
DESTINATIONS=""
if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:$CI_COMMIT_TAG"
elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest"
fi
/kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- build
# === Container Security Scan ===
security-trivy-web:
image: aquasec/trivy:latest
environment:
GITEA_USER:
from_secret: gitea_username
GITEA_TOKEN:
from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG}
commands:
- |
if [ -n "$$CI_COMMIT_TAG" ]; then
SCAN_TAG="$$CI_COMMIT_TAG"
elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then
SCAN_TAG="latest"
else
SCAN_TAG="latest"
fi
mkdir -p ~/.docker
echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \
--ignorefile .trivyignore \
git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- docker-build-web
# === Package Linking ===
link-packages:
image: alpine:3
environment:
GITEA_TOKEN:
from_secret: gitea_token
commands:
- apk add --no-cache curl
- sleep 10
- |
set -e
link_package() {
PKG="$$1"
echo "Linking $$PKG..."
for attempt in 1 2 3; do
STATUS=$$(curl -s -o /tmp/link-response.txt -w "%{http_code}" -X POST \
-H "Authorization: token $$GITEA_TOKEN" \
"https://git.mosaicstack.dev/api/v1/packages/mosaic/container/$$PKG/-/link/stack")
if [ "$$STATUS" = "201" ] || [ "$$STATUS" = "204" ]; then
echo " Linked $$PKG"
return 0
elif [ "$$STATUS" = "400" ]; then
echo " $$PKG already linked"
return 0
elif [ "$$STATUS" = "404" ] && [ $$attempt -lt 3 ]; then
echo " $$PKG not found yet, retrying in 5s (attempt $$attempt/3)..."
sleep 5
else
echo " FAILED: $$PKG status $$STATUS"
cat /tmp/link-response.txt
return 1
fi
done
}
link_package "stack-web"
when:
- branch: [main]
event: [push, manual, tag]
depends_on:
- security-trivy-web

15
AGENTS.md
View File

@@ -46,21 +46,6 @@ pnpm lint
pnpm build pnpm build
``` ```
## Versioning Protocol (HARD GATE)
**This project is ALPHA. All versions MUST be `0.0.x`.**
- The `0.1.0` release is FORBIDDEN until Jason explicitly authorizes it.
- Every milestone bump increments the patch: `0.0.20``0.0.21``0.0.22`, etc.
- ALL package.json files in the monorepo MUST stay in sync at the same version.
- Use `scripts/version-bump.sh <version>` to bump — it enforces the alpha constraint and updates all packages atomically.
- The script rejects any version >= `0.1.0`.
- When creating a release tag, the tag MUST match the package version: `v0.0.x`.
**Milestone-to-version mapping** is defined in the PRD (`docs/PRD.md`) under "Delivery/Milestone Intent". Agents MUST use the version from that table when tagging a milestone release.
**Violation of this protocol is a blocking error.** If an agent attempts to set a version >= `0.1.0`, stop and escalate.
## Standards and Quality ## Standards and Quality
- Enforce strict typing and no unsafe shortcuts. - Enforce strict typing and no unsafe shortcuts.

18
apps/api/Dockerfile
View File

@@ -18,12 +18,6 @@ COPY turbo.json ./
# ====================== # ======================
FROM base AS deps FROM base AS deps
# Install build tools for native addons (node-pty requires node-gyp compilation)
# and OpenSSL for Prisma engine detection
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 make g++ openssl \
&& rm -rf /var/lib/apt/lists/*
# Copy all package.json files for workspace resolution # Copy all package.json files for workspace resolution
COPY packages/shared/package.json ./packages/shared/ COPY packages/shared/package.json ./packages/shared/
COPY packages/ui/package.json ./packages/ui/ COPY packages/ui/package.json ./packages/ui/
@@ -31,11 +25,7 @@ COPY packages/config/package.json ./packages/config/
COPY apps/api/package.json ./apps/api/ COPY apps/api/package.json ./apps/api/
# Install dependencies (no cache mount — Kaniko builds are ephemeral in CI) # Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
# Then explicitly rebuild node-pty from source since pnpm may skip postinstall RUN pnpm install --frozen-lockfile
# scripts or fail to find prebuilt binaries for this Node.js version
RUN pnpm install --frozen-lockfile \
&& cd node_modules/.pnpm/node-pty@*/node_modules/node-pty \
&& npx node-gyp rebuild 2>&1 || true
# ====================== # ======================
# Builder stage # Builder stage
@@ -68,11 +58,7 @@ FROM node:24-slim AS production
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
# Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot) # Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
# - openssl: Prisma engine detection requires libssl RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
# - No build tools needed here — native addons are compiled in the deps stage
RUN apt-get update && apt-get install -y --no-install-recommends openssl \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
&& chmod 755 /usr/local/bin/dumb-init \ && chmod 755 /usr/local/bin/dumb-init \
&& groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs && groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs

4
apps/api/package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "@mosaic/api", "name": "@mosaic/api",
"version": "0.0.20", "version": "0.0.1",
"private": true, "private": true,
"scripts": { "scripts": {
"build": "nest build", "build": "nest build",
@@ -52,7 +52,6 @@
"adm-zip": "^0.5.16", "adm-zip": "^0.5.16",
"archiver": "^7.0.1", "archiver": "^7.0.1",
"axios": "^1.13.5", "axios": "^1.13.5",
"bcryptjs": "^3.0.3",
"better-auth": "^1.4.17", "better-auth": "^1.4.17",
"bullmq": "^5.67.2", "bullmq": "^5.67.2",
"class-transformer": "^0.5.1", "class-transformer": "^0.5.1",
@@ -86,7 +85,6 @@
"@swc/core": "^1.10.18", "@swc/core": "^1.10.18",
"@types/adm-zip": "^0.5.7", "@types/adm-zip": "^0.5.7",
"@types/archiver": "^7.0.0", "@types/archiver": "^7.0.0",
"@types/bcryptjs": "^3.0.0",
"@types/cookie-parser": "^1.4.10", "@types/cookie-parser": "^1.4.10",
"@types/express": "^5.0.1", "@types/express": "^5.0.1",
"@types/highlight.js": "^10.1.0", "@types/highlight.js": "^10.1.0",

3
apps/api/prisma/migrations/20260227000000_add_personality_tone_formality/migration.sql
View File

@@ -1,3 +0,0 @@
-- AlterTable: add tone and formality_level columns to personalities
ALTER TABLE "personalities" ADD COLUMN "tone" TEXT NOT NULL DEFAULT 'neutral';
ALTER TABLE "personalities" ADD COLUMN "formality_level" "FormalityLevel" NOT NULL DEFAULT 'NEUTRAL';

24
apps/api/prisma/migrations/20260228000000_ms22_agent_memory/migration.sql
View File

@@ -1,24 +0,0 @@
-- CreateTable
CREATE TABLE "agent_memories" (
"id" UUID NOT NULL,
"workspace_id" UUID NOT NULL,
"agent_id" TEXT NOT NULL,
"key" TEXT NOT NULL,
"value" JSONB NOT NULL,
"created_at" TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" TIMESTAMPTZ NOT NULL,
CONSTRAINT "agent_memories_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "agent_memories_workspace_id_agent_id_key_key" ON "agent_memories"("workspace_id", "agent_id", "key");
-- CreateIndex
CREATE INDEX "agent_memories_workspace_id_idx" ON "agent_memories"("workspace_id");
-- CreateIndex
CREATE INDEX "agent_memories_agent_id_idx" ON "agent_memories"("agent_id");
-- AddForeignKey
ALTER TABLE "agent_memories" ADD CONSTRAINT "agent_memories_workspace_id_fkey" FOREIGN KEY ("workspace_id") REFERENCES "workspaces"("id") ON DELETE CASCADE ON UPDATE CASCADE;

33
apps/api/prisma/migrations/20260228000000_ms22_conversation_archive/migration.sql
View File

@@ -1,33 +0,0 @@
-- CreateTable
CREATE TABLE "conversation_archives" (
"id" UUID NOT NULL,
"workspace_id" UUID NOT NULL,
"session_id" TEXT NOT NULL,
"agent_id" TEXT NOT NULL,
"messages" JSONB NOT NULL,
"message_count" INTEGER NOT NULL,
"summary" TEXT NOT NULL,
"embedding" vector(1536),
"started_at" TIMESTAMPTZ NOT NULL,
"ended_at" TIMESTAMPTZ,
"metadata" JSONB NOT NULL DEFAULT '{}',
"created_at" TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" TIMESTAMPTZ NOT NULL,
CONSTRAINT "conversation_archives_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "conversation_archives_workspace_id_session_id_key" ON "conversation_archives"("workspace_id", "session_id");
-- CreateIndex
CREATE INDEX "conversation_archives_workspace_id_idx" ON "conversation_archives"("workspace_id");
-- CreateIndex
CREATE INDEX "conversation_archives_agent_id_idx" ON "conversation_archives"("agent_id");
-- CreateIndex
CREATE INDEX "conversation_archives_started_at_idx" ON "conversation_archives"("started_at");
-- AddForeignKey
ALTER TABLE "conversation_archives" ADD CONSTRAINT "conversation_archives_workspace_id_fkey" FOREIGN KEY ("workspace_id") REFERENCES "workspaces"("id") ON DELETE CASCADE ON UPDATE CASCADE;

37
apps/api/prisma/migrations/20260301194500_add_findings/migration.sql
View File

@@ -1,37 +0,0 @@
-- CreateTable
CREATE TABLE "findings" (
"id" UUID NOT NULL,
"workspace_id" UUID NOT NULL,
"task_id" UUID,
"agent_id" TEXT NOT NULL,
"type" TEXT NOT NULL,
"title" TEXT NOT NULL,
"data" JSONB NOT NULL,
"summary" TEXT NOT NULL,
"embedding" vector(1536),
"created_at" TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updated_at" TIMESTAMPTZ NOT NULL,
CONSTRAINT "findings_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "findings_id_workspace_id_key" ON "findings"("id", "workspace_id");
-- CreateIndex
CREATE INDEX "findings_workspace_id_idx" ON "findings"("workspace_id");
-- CreateIndex
CREATE INDEX "findings_agent_id_idx" ON "findings"("agent_id");
-- CreateIndex
CREATE INDEX "findings_type_idx" ON "findings"("type");
-- CreateIndex
CREATE INDEX "findings_task_id_idx" ON "findings"("task_id");
-- AddForeignKey
ALTER TABLE "findings" ADD CONSTRAINT "findings_workspace_id_fkey" FOREIGN KEY ("workspace_id") REFERENCES "workspaces"("id") ON DELETE CASCADE ON UPDATE CASCADE;
-- AddForeignKey
ALTER TABLE "findings" ADD CONSTRAINT "findings_task_id_fkey" FOREIGN KEY ("task_id") REFERENCES "agent_tasks"("id") ON DELETE SET NULL ON UPDATE CASCADE;

2
apps/api/prisma/migrations/20260301211000_ms22_task_assigned_agent/migration.sql
View File

@@ -1,2 +0,0 @@
-- AlterTable
ALTER TABLE "tasks" ADD COLUMN "assigned_agent" TEXT;

92
apps/api/prisma/schema.prisma
View File

@@ -3,7 +3,6 @@
generator client { generator client {
provider = "prisma-client-js" provider = "prisma-client-js"
binaryTargets = ["native", "debian-openssl-3.0.x"]
previewFeatures = ["postgresqlExtensions"] previewFeatures = ["postgresqlExtensions"]
} }
@@ -227,14 +226,6 @@ model User {
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
// MS21: Admin, local auth, and invitation fields
deactivatedAt DateTime? @map("deactivated_at") @db.Timestamptz
isLocalAuth Boolean @default(false) @map("is_local_auth")
passwordHash String? @map("password_hash")
invitedBy String? @map("invited_by") @db.Uuid
invitationToken String? @unique @map("invitation_token")
invitedAt DateTime? @map("invited_at") @db.Timestamptz
// Relations // Relations
ownedWorkspaces Workspace[] @relation("WorkspaceOwner") ownedWorkspaces Workspace[] @relation("WorkspaceOwner")
workspaceMemberships WorkspaceMember[] workspaceMemberships WorkspaceMember[]
@@ -298,8 +289,6 @@ model Workspace {
agents Agent[] agents Agent[]
agentSessions AgentSession[] agentSessions AgentSession[]
agentTasks AgentTask[] agentTasks AgentTask[]
findings Finding[]
agentMemories AgentMemory[]
userLayouts UserLayout[] userLayouts UserLayout[]
knowledgeEntries KnowledgeEntry[] knowledgeEntries KnowledgeEntry[]
knowledgeTags KnowledgeTag[] knowledgeTags KnowledgeTag[]
@@ -314,7 +303,6 @@ model Workspace {
llmUsageLogs LlmUsageLog[] llmUsageLogs LlmUsageLog[]
userCredentials UserCredential[] userCredentials UserCredential[]
terminalSessions TerminalSession[] terminalSessions TerminalSession[]
conversationArchives ConversationArchive[]
@@index([ownerId]) @@index([ownerId])
@@map("workspaces") @@map("workspaces")
@@ -379,7 +367,6 @@ model Task {
creatorId String @map("creator_id") @db.Uuid creatorId String @map("creator_id") @db.Uuid
projectId String? @map("project_id") @db.Uuid projectId String? @map("project_id") @db.Uuid
parentId String? @map("parent_id") @db.Uuid parentId String? @map("parent_id") @db.Uuid
assignedAgent String? @map("assigned_agent")
domainId String? @map("domain_id") @db.Uuid domainId String? @map("domain_id") @db.Uuid
sortOrder Int @default(0) @map("sort_order") sortOrder Int @default(0) @map("sort_order")
metadata Json @default("{}") metadata Json @default("{}")
@@ -693,7 +680,6 @@ model AgentTask {
createdBy User @relation("AgentTaskCreator", fields: [createdById], references: [id], onDelete: Cascade) createdBy User @relation("AgentTaskCreator", fields: [createdById], references: [id], onDelete: Cascade)
createdById String @map("created_by_id") @db.Uuid createdById String @map("created_by_id") @db.Uuid
runnerJobs RunnerJob[] runnerJobs RunnerJob[]
findings Finding[]
@@unique([id, workspaceId]) @@unique([id, workspaceId])
@@index([workspaceId]) @@index([workspaceId])
@@ -703,33 +689,6 @@ model AgentTask {
@@map("agent_tasks") @@map("agent_tasks")
} }
model Finding {
id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid
taskId String? @map("task_id") @db.Uuid
agentId String @map("agent_id")
type String
title String
data Json
summary String @db.Text
// Note: vector dimension (1536) must match EMBEDDING_DIMENSION constant in @mosaic/shared
embedding Unsupported("vector(1536)")?
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
task AgentTask? @relation(fields: [taskId], references: [id], onDelete: SetNull)
@@unique([id, workspaceId])
@@index([workspaceId])
@@index([agentId])
@@index([type])
@@index([taskId])
@@map("findings")
}
model AgentSession { model AgentSession {
id String @id @default(uuid()) @db.Uuid id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid workspaceId String @map("workspace_id") @db.Uuid
@@ -767,23 +726,6 @@ model AgentSession {
@@map("agent_sessions") @@map("agent_sessions")
} }
model AgentMemory {
id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid
agentId String @map("agent_id")
key String
value Json
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@unique([workspaceId, agentId, key])
@@index([workspaceId])
@@index([agentId])
@@map("agent_memories")
}
model WidgetDefinition { model WidgetDefinition {
id String @id @default(uuid()) @db.Uuid id String @id @default(uuid()) @db.Uuid
@@ -1125,10 +1067,6 @@ model Personality {
displayName String @map("display_name") displayName String @map("display_name")
description String? @db.Text description String? @db.Text
// Tone and formality
tone String @default("neutral")
formalityLevel FormalityLevel @default(NEUTRAL) @map("formality_level")
// System prompt // System prompt
systemPrompt String @map("system_prompt") @db.Text systemPrompt String @map("system_prompt") @db.Text
@@ -1595,33 +1533,3 @@ model TerminalSession {
@@index([workspaceId, status]) @@index([workspaceId, status])
@@map("terminal_sessions") @@map("terminal_sessions")
} }
// ============================================
// CONVERSATION ARCHIVE MODULE
// ============================================
model ConversationArchive {
id String @id @default(uuid()) @db.Uuid
workspaceId String @map("workspace_id") @db.Uuid
sessionId String @map("session_id")
agentId String @map("agent_id")
messages Json
messageCount Int @map("message_count")
summary String @db.Text
// Note: vector dimension (1536) must match EMBEDDING_DIMENSION constant in @mosaic/shared
embedding Unsupported("vector(1536)")?
startedAt DateTime @map("started_at") @db.Timestamptz
endedAt DateTime? @map("ended_at") @db.Timestamptz
metadata Json @default("{}")
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz
// Relations
workspace Workspace @relation(fields: [workspaceId], references: [id], onDelete: Cascade)
@@unique([workspaceId, sessionId])
@@index([workspaceId])
@@index([agentId])
@@index([startedAt])
@@map("conversation_archives")
}

258
apps/api/src/admin/admin.controller.spec.ts
View File

@@ -1,258 +0,0 @@
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { AdminController } from "./admin.controller";
import { AdminService } from "./admin.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { AdminGuard } from "../auth/guards/admin.guard";
import { WorkspaceMemberRole } from "@prisma/client";
import type { ExecutionContext } from "@nestjs/common";
describe("AdminController", () => {
let controller: AdminController;
let service: AdminService;
const mockAdminService = {
listUsers: vi.fn(),
inviteUser: vi.fn(),
updateUser: vi.fn(),
deactivateUser: vi.fn(),
createWorkspace: vi.fn(),
updateWorkspace: vi.fn(),
};
const mockAuthGuard = {
canActivate: vi.fn((context: ExecutionContext) => {
const request = context.switchToHttp().getRequest();
request.user = {
id: "550e8400-e29b-41d4-a716-446655440001",
email: "admin@example.com",
name: "Admin User",
};
return true;
}),
};
const mockAdminGuard = {
canActivate: vi.fn(() => true),
};
const mockAdminId = "550e8400-e29b-41d4-a716-446655440001";
const mockUserId = "550e8400-e29b-41d4-a716-446655440002";
const mockWorkspaceId = "550e8400-e29b-41d4-a716-446655440003";
const mockAdminUser = {
id: mockAdminId,
email: "admin@example.com",
name: "Admin User",
};
const mockUserResponse = {
id: mockUserId,
name: "Test User",
email: "test@example.com",
emailVerified: false,
image: null,
createdAt: new Date("2026-01-01"),
deactivatedAt: null,
isLocalAuth: false,
invitedAt: null,
invitedBy: null,
workspaceMemberships: [],
};
const mockWorkspaceResponse = {
id: mockWorkspaceId,
name: "Test Workspace",
ownerId: mockAdminId,
settings: {},
createdAt: new Date("2026-01-01"),
updatedAt: new Date("2026-01-01"),
memberCount: 1,
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [AdminController],
providers: [
{
provide: AdminService,
useValue: mockAdminService,
},
],
})
.overrideGuard(AuthGuard)
.useValue(mockAuthGuard)
.overrideGuard(AdminGuard)
.useValue(mockAdminGuard)
.compile();
controller = module.get<AdminController>(AdminController);
service = module.get<AdminService>(AdminService);
vi.clearAllMocks();
});
it("should be defined", () => {
expect(controller).toBeDefined();
});
describe("listUsers", () => {
it("should return paginated users", async () => {
const paginatedResult = {
data: [mockUserResponse],
meta: { total: 1, page: 1, limit: 50, totalPages: 1 },
};
mockAdminService.listUsers.mockResolvedValue(paginatedResult);
const result = await controller.listUsers({ page: 1, limit: 50 });
expect(result).toEqual(paginatedResult);
expect(service.listUsers).toHaveBeenCalledWith(1, 50);
});
it("should use default pagination", async () => {
const paginatedResult = {
data: [],
meta: { total: 0, page: 1, limit: 50, totalPages: 0 },
};
mockAdminService.listUsers.mockResolvedValue(paginatedResult);
await controller.listUsers({});
expect(service.listUsers).toHaveBeenCalledWith(undefined, undefined);
});
});
describe("inviteUser", () => {
it("should invite a user", async () => {
const inviteDto = { email: "new@example.com" };
const invitationResponse = {
userId: "new-id",
invitationToken: "token",
email: "new@example.com",
invitedAt: new Date(),
};
mockAdminService.inviteUser.mockResolvedValue(invitationResponse);
const result = await controller.inviteUser(inviteDto, mockAdminUser);
expect(result).toEqual(invitationResponse);
expect(service.inviteUser).toHaveBeenCalledWith(inviteDto, mockAdminId);
});
it("should invite a user with workspace and role", async () => {
const inviteDto = {
email: "new@example.com",
workspaceId: mockWorkspaceId,
role: WorkspaceMemberRole.ADMIN,
};
mockAdminService.inviteUser.mockResolvedValue({
userId: "new-id",
invitationToken: "token",
email: "new@example.com",
invitedAt: new Date(),
});
await controller.inviteUser(inviteDto, mockAdminUser);
expect(service.inviteUser).toHaveBeenCalledWith(inviteDto, mockAdminId);
});
});
describe("updateUser", () => {
it("should update a user", async () => {
const updateDto = { name: "Updated Name" };
mockAdminService.updateUser.mockResolvedValue({
...mockUserResponse,
name: "Updated Name",
});
const result = await controller.updateUser(mockUserId, updateDto);
expect(result.name).toBe("Updated Name");
expect(service.updateUser).toHaveBeenCalledWith(mockUserId, updateDto);
});
it("should deactivate a user via update", async () => {
const deactivatedAt = "2026-02-28T00:00:00.000Z";
const updateDto = { deactivatedAt };
mockAdminService.updateUser.mockResolvedValue({
...mockUserResponse,
deactivatedAt: new Date(deactivatedAt),
});
const result = await controller.updateUser(mockUserId, updateDto);
expect(result.deactivatedAt).toEqual(new Date(deactivatedAt));
});
});
describe("deactivateUser", () => {
it("should soft-delete a user", async () => {
mockAdminService.deactivateUser.mockResolvedValue({
...mockUserResponse,
deactivatedAt: new Date(),
});
const result = await controller.deactivateUser(mockUserId);
expect(result.deactivatedAt).toBeDefined();
expect(service.deactivateUser).toHaveBeenCalledWith(mockUserId);
});
});
describe("createWorkspace", () => {
it("should create a workspace", async () => {
const createDto = { name: "New Workspace", ownerId: mockAdminId };
mockAdminService.createWorkspace.mockResolvedValue(mockWorkspaceResponse);
const result = await controller.createWorkspace(createDto);
expect(result).toEqual(mockWorkspaceResponse);
expect(service.createWorkspace).toHaveBeenCalledWith(createDto);
});
it("should create workspace with settings", async () => {
const createDto = {
name: "New Workspace",
ownerId: mockAdminId,
settings: { feature: true },
};
mockAdminService.createWorkspace.mockResolvedValue({
...mockWorkspaceResponse,
settings: { feature: true },
});
const result = await controller.createWorkspace(createDto);
expect(result.settings).toEqual({ feature: true });
});
});
describe("updateWorkspace", () => {
it("should update a workspace", async () => {
const updateDto = { name: "Updated Workspace" };
mockAdminService.updateWorkspace.mockResolvedValue({
...mockWorkspaceResponse,
name: "Updated Workspace",
});
const result = await controller.updateWorkspace(mockWorkspaceId, updateDto);
expect(result.name).toBe("Updated Workspace");
expect(service.updateWorkspace).toHaveBeenCalledWith(mockWorkspaceId, updateDto);
});
it("should update workspace settings", async () => {
const updateDto = { settings: { notifications: false } };
mockAdminService.updateWorkspace.mockResolvedValue({
...mockWorkspaceResponse,
settings: { notifications: false },
});
const result = await controller.updateWorkspace(mockWorkspaceId, updateDto);
expect(result.settings).toEqual({ notifications: false });
});
});
});

64
apps/api/src/admin/admin.controller.ts
View File

@@ -1,64 +0,0 @@
import {
Controller,
Get,
Post,
Patch,
Delete,
Body,
Param,
Query,
UseGuards,
ParseUUIDPipe,
} from "@nestjs/common";
import { AdminService } from "./admin.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { AdminGuard } from "../auth/guards/admin.guard";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
import type { AuthUser } from "@mosaic/shared";
import { InviteUserDto } from "./dto/invite-user.dto";
import { UpdateUserDto } from "./dto/update-user.dto";
import { CreateWorkspaceDto } from "./dto/create-workspace.dto";
import { UpdateWorkspaceDto } from "./dto/update-workspace.dto";
import { QueryUsersDto } from "./dto/query-users.dto";
@Controller("admin")
@UseGuards(AuthGuard, AdminGuard)
export class AdminController {
constructor(private readonly adminService: AdminService) {}
@Get("users")
async listUsers(@Query() query: QueryUsersDto) {
return this.adminService.listUsers(query.page, query.limit);
}
@Post("users/invite")
async inviteUser(@Body() dto: InviteUserDto, @CurrentUser() user: AuthUser) {
return this.adminService.inviteUser(dto, user.id);
}
@Patch("users/:id")
async updateUser(
@Param("id", new ParseUUIDPipe({ version: "4" })) id: string,
@Body() dto: UpdateUserDto
) {
return this.adminService.updateUser(id, dto);
}
@Delete("users/:id")
async deactivateUser(@Param("id", new ParseUUIDPipe({ version: "4" })) id: string) {
return this.adminService.deactivateUser(id);
}
@Post("workspaces")
async createWorkspace(@Body() dto: CreateWorkspaceDto) {
return this.adminService.createWorkspace(dto);
}
@Patch("workspaces/:id")
async updateWorkspace(
@Param("id", new ParseUUIDPipe({ version: "4" })) id: string,
@Body() dto: UpdateWorkspaceDto
) {
return this.adminService.updateWorkspace(id, dto);
}
}

13
apps/api/src/admin/admin.module.ts
View File

@@ -1,13 +0,0 @@
import { Module } from "@nestjs/common";
import { AdminController } from "./admin.controller";
import { AdminService } from "./admin.service";
import { PrismaModule } from "../prisma/prisma.module";
import { AuthModule } from "../auth/auth.module";
@Module({
imports: [PrismaModule, AuthModule],
controllers: [AdminController],
providers: [AdminService],
exports: [AdminService],
})
export class AdminModule {}

477
apps/api/src/admin/admin.service.spec.ts
View File

@@ -1,477 +0,0 @@
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { AdminService } from "./admin.service";
import { PrismaService } from "../prisma/prisma.service";
import { BadRequestException, ConflictException, NotFoundException } from "@nestjs/common";
import { WorkspaceMemberRole } from "@prisma/client";
describe("AdminService", () => {
let service: AdminService;
const mockPrismaService = {
user: {
findMany: vi.fn(),
findUnique: vi.fn(),
count: vi.fn(),
create: vi.fn(),
update: vi.fn(),
},
workspace: {
findUnique: vi.fn(),
create: vi.fn(),
update: vi.fn(),
},
workspaceMember: {
create: vi.fn(),
},
session: {
deleteMany: vi.fn(),
},
$transaction: vi.fn(async (ops) => {
if (typeof ops === "function") {
return ops(mockPrismaService);
}
return Promise.all(ops);
}),
};
const mockAdminId = "550e8400-e29b-41d4-a716-446655440001";
const mockUserId = "550e8400-e29b-41d4-a716-446655440002";
const mockWorkspaceId = "550e8400-e29b-41d4-a716-446655440003";
const mockUser = {
id: mockUserId,
name: "Test User",
email: "test@example.com",
emailVerified: false,
image: null,
createdAt: new Date("2026-01-01"),
updatedAt: new Date("2026-01-01"),
deactivatedAt: null,
isLocalAuth: false,
passwordHash: null,
invitedBy: null,
invitationToken: null,
invitedAt: null,
authProviderId: null,
preferences: {},
workspaceMemberships: [
{
workspaceId: mockWorkspaceId,
userId: mockUserId,
role: WorkspaceMemberRole.MEMBER,
joinedAt: new Date("2026-01-01"),
workspace: { id: mockWorkspaceId, name: "Test Workspace" },
},
],
};
const mockWorkspace = {
id: mockWorkspaceId,
name: "Test Workspace",
ownerId: mockAdminId,
settings: {},
createdAt: new Date("2026-01-01"),
updatedAt: new Date("2026-01-01"),
matrixRoomId: null,
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AdminService,
{
provide: PrismaService,
useValue: mockPrismaService,
},
],
}).compile();
service = module.get<AdminService>(AdminService);
vi.clearAllMocks();
});
it("should be defined", () => {
expect(service).toBeDefined();
});
describe("listUsers", () => {
it("should return paginated users with memberships", async () => {
mockPrismaService.user.findMany.mockResolvedValue([mockUser]);
mockPrismaService.user.count.mockResolvedValue(1);
const result = await service.listUsers(1, 50);
expect(result.data).toHaveLength(1);
expect(result.data[0]?.id).toBe(mockUserId);
expect(result.data[0]?.workspaceMemberships).toHaveLength(1);
expect(result.meta).toEqual({
total: 1,
page: 1,
limit: 50,
totalPages: 1,
});
});
it("should use default pagination when not provided", async () => {
mockPrismaService.user.findMany.mockResolvedValue([]);
mockPrismaService.user.count.mockResolvedValue(0);
await service.listUsers();
expect(mockPrismaService.user.findMany).toHaveBeenCalledWith(
expect.objectContaining({
skip: 0,
take: 50,
})
);
});
it("should calculate pagination correctly", async () => {
mockPrismaService.user.findMany.mockResolvedValue([]);
mockPrismaService.user.count.mockResolvedValue(150);
const result = await service.listUsers(3, 25);
expect(mockPrismaService.user.findMany).toHaveBeenCalledWith(
expect.objectContaining({
skip: 50,
take: 25,
})
);
expect(result.meta.totalPages).toBe(6);
});
});
describe("inviteUser", () => {
it("should create a user with invitation token", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
const createdUser = {
id: "new-user-id",
email: "new@example.com",
name: "new",
invitationToken: "some-token",
};
mockPrismaService.user.create.mockResolvedValue(createdUser);
const result = await service.inviteUser({ email: "new@example.com" }, mockAdminId);
expect(result.email).toBe("new@example.com");
expect(result.invitationToken).toBeDefined();
expect(result.userId).toBe("new-user-id");
expect(mockPrismaService.user.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
email: "new@example.com",
invitedBy: mockAdminId,
invitationToken: expect.any(String),
}),
})
);
});
it("should add user to workspace when workspaceId provided", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
mockPrismaService.workspace.findUnique.mockResolvedValue(mockWorkspace);
const createdUser = { id: "new-user-id", email: "new@example.com", name: "new" };
mockPrismaService.user.create.mockResolvedValue(createdUser);
await service.inviteUser(
{
email: "new@example.com",
workspaceId: mockWorkspaceId,
role: WorkspaceMemberRole.ADMIN,
},
mockAdminId
);
expect(mockPrismaService.workspaceMember.create).toHaveBeenCalledWith({
data: {
workspaceId: mockWorkspaceId,
userId: "new-user-id",
role: WorkspaceMemberRole.ADMIN,
},
});
});
it("should throw ConflictException if email already exists", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
await expect(service.inviteUser({ email: "test@example.com" }, mockAdminId)).rejects.toThrow(
ConflictException
);
});
it("should throw NotFoundException if workspace does not exist", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
mockPrismaService.workspace.findUnique.mockResolvedValue(null);
await expect(
service.inviteUser({ email: "new@example.com", workspaceId: "non-existent" }, mockAdminId)
).rejects.toThrow(NotFoundException);
});
it("should use email prefix as default name", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
const createdUser = { id: "new-user-id", email: "jane.doe@example.com", name: "jane.doe" };
mockPrismaService.user.create.mockResolvedValue(createdUser);
await service.inviteUser({ email: "jane.doe@example.com" }, mockAdminId);
expect(mockPrismaService.user.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
name: "jane.doe",
}),
})
);
});
it("should use provided name when given", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
const createdUser = { id: "new-user-id", email: "j@example.com", name: "Jane Doe" };
mockPrismaService.user.create.mockResolvedValue(createdUser);
await service.inviteUser({ email: "j@example.com", name: "Jane Doe" }, mockAdminId);
expect(mockPrismaService.user.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
name: "Jane Doe",
}),
})
);
});
});
describe("updateUser", () => {
it("should update user fields", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.user.update.mockResolvedValue({
...mockUser,
name: "Updated Name",
});
const result = await service.updateUser(mockUserId, { name: "Updated Name" });
expect(result.name).toBe("Updated Name");
expect(mockPrismaService.user.update).toHaveBeenCalledWith(
expect.objectContaining({
where: { id: mockUserId },
data: { name: "Updated Name" },
})
);
});
it("should set deactivatedAt when provided", async () => {
const deactivatedAt = "2026-02-28T00:00:00.000Z";
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.user.update.mockResolvedValue({
...mockUser,
deactivatedAt: new Date(deactivatedAt),
});
const result = await service.updateUser(mockUserId, { deactivatedAt });
expect(result.deactivatedAt).toEqual(new Date(deactivatedAt));
});
it("should clear deactivatedAt when set to null", async () => {
const deactivatedUser = { ...mockUser, deactivatedAt: new Date() };
mockPrismaService.user.findUnique.mockResolvedValue(deactivatedUser);
mockPrismaService.user.update.mockResolvedValue({
...deactivatedUser,
deactivatedAt: null,
});
const result = await service.updateUser(mockUserId, { deactivatedAt: null });
expect(result.deactivatedAt).toBeNull();
});
it("should throw NotFoundException if user does not exist", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
await expect(service.updateUser("non-existent", { name: "Test" })).rejects.toThrow(
NotFoundException
);
});
it("should update emailVerified", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.user.update.mockResolvedValue({
...mockUser,
emailVerified: true,
});
const result = await service.updateUser(mockUserId, { emailVerified: true });
expect(result.emailVerified).toBe(true);
});
it("should update preferences", async () => {
const prefs = { theme: "dark" };
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.user.update.mockResolvedValue({
...mockUser,
preferences: prefs,
});
await service.updateUser(mockUserId, { preferences: prefs });
expect(mockPrismaService.user.update).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({ preferences: prefs }),
})
);
});
});
describe("deactivateUser", () => {
it("should set deactivatedAt and invalidate sessions", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.user.update.mockResolvedValue({
...mockUser,
deactivatedAt: new Date(),
});
mockPrismaService.session.deleteMany.mockResolvedValue({ count: 3 });
const result = await service.deactivateUser(mockUserId);
expect(result.deactivatedAt).toBeDefined();
expect(mockPrismaService.user.update).toHaveBeenCalledWith(
expect.objectContaining({
where: { id: mockUserId },
data: { deactivatedAt: expect.any(Date) },
})
);
expect(mockPrismaService.session.deleteMany).toHaveBeenCalledWith({ where: { userId: mockUserId } });
});
it("should throw NotFoundException if user does not exist", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
await expect(service.deactivateUser("non-existent")).rejects.toThrow(NotFoundException);
});
it("should throw BadRequestException if user is already deactivated", async () => {
mockPrismaService.user.findUnique.mockResolvedValue({
...mockUser,
deactivatedAt: new Date(),
});
await expect(service.deactivateUser(mockUserId)).rejects.toThrow(BadRequestException);
});
});
describe("createWorkspace", () => {
it("should create a workspace with owner membership", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.workspace.create.mockResolvedValue(mockWorkspace);
const result = await service.createWorkspace({
name: "New Workspace",
ownerId: mockAdminId,
});
expect(result.name).toBe("Test Workspace");
expect(result.memberCount).toBe(1);
expect(mockPrismaService.workspace.create).toHaveBeenCalled();
expect(mockPrismaService.workspaceMember.create).toHaveBeenCalledWith({
data: {
workspaceId: mockWorkspace.id,
userId: mockAdminId,
role: WorkspaceMemberRole.OWNER,
},
});
});
it("should throw NotFoundException if owner does not exist", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
await expect(
service.createWorkspace({ name: "New Workspace", ownerId: "non-existent" })
).rejects.toThrow(NotFoundException);
});
it("should pass settings when provided", async () => {
const settings = { theme: "dark", features: ["chat"] };
mockPrismaService.user.findUnique.mockResolvedValue(mockUser);
mockPrismaService.workspace.create.mockResolvedValue({
...mockWorkspace,
settings,
});
await service.createWorkspace({
name: "New Workspace",
ownerId: mockAdminId,
settings,
});
expect(mockPrismaService.workspace.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({ settings }),
})
);
});
});
describe("updateWorkspace", () => {
it("should update workspace name", async () => {
mockPrismaService.workspace.findUnique.mockResolvedValue(mockWorkspace);
mockPrismaService.workspace.update.mockResolvedValue({
...mockWorkspace,
name: "Updated Workspace",
_count: { members: 3 },
});
const result = await service.updateWorkspace(mockWorkspaceId, {
name: "Updated Workspace",
});
expect(result.name).toBe("Updated Workspace");
expect(result.memberCount).toBe(3);
});
it("should update workspace settings", async () => {
const newSettings = { notifications: true };
mockPrismaService.workspace.findUnique.mockResolvedValue(mockWorkspace);
mockPrismaService.workspace.update.mockResolvedValue({
...mockWorkspace,
settings: newSettings,
_count: { members: 1 },
});
const result = await service.updateWorkspace(mockWorkspaceId, {
settings: newSettings,
});
expect(result.settings).toEqual(newSettings);
});
it("should throw NotFoundException if workspace does not exist", async () => {
mockPrismaService.workspace.findUnique.mockResolvedValue(null);
await expect(service.updateWorkspace("non-existent", { name: "Test" })).rejects.toThrow(
NotFoundException
);
});
it("should only update provided fields", async () => {
mockPrismaService.workspace.findUnique.mockResolvedValue(mockWorkspace);
mockPrismaService.workspace.update.mockResolvedValue({
...mockWorkspace,
_count: { members: 1 },
});
await service.updateWorkspace(mockWorkspaceId, { name: "Only Name" });
expect(mockPrismaService.workspace.update).toHaveBeenCalledWith(
expect.objectContaining({
data: { name: "Only Name" },
})
);
});
});
});

309
apps/api/src/admin/admin.service.ts
View File

@@ -1,309 +0,0 @@
import {
BadRequestException,
ConflictException,
Injectable,
Logger,
NotFoundException,
} from "@nestjs/common";
import { Prisma, WorkspaceMemberRole } from "@prisma/client";
import { randomUUID } from "node:crypto";
import { PrismaService } from "../prisma/prisma.service";
import type { InviteUserDto } from "./dto/invite-user.dto";
import type { UpdateUserDto } from "./dto/update-user.dto";
import type { CreateWorkspaceDto } from "./dto/create-workspace.dto";
import type {
AdminUserResponse,
AdminWorkspaceResponse,
InvitationResponse,
PaginatedResponse,
} from "./types/admin.types";
@Injectable()
export class AdminService {
private readonly logger = new Logger(AdminService.name);
constructor(private readonly prisma: PrismaService) {}
async listUsers(page = 1, limit = 50): Promise<PaginatedResponse<AdminUserResponse>> {
const skip = (page - 1) * limit;
const [users, total] = await Promise.all([
this.prisma.user.findMany({
include: {
workspaceMemberships: {
include: {
workspace: { select: { id: true, name: true } },
},
},
},
orderBy: { createdAt: "desc" },
skip,
take: limit,
}),
this.prisma.user.count(),
]);
return {
data: users.map((user) => ({
id: user.id,
name: user.name,
email: user.email,
emailVerified: user.emailVerified,
image: user.image,
createdAt: user.createdAt,
deactivatedAt: user.deactivatedAt,
isLocalAuth: user.isLocalAuth,
invitedAt: user.invitedAt,
invitedBy: user.invitedBy,
workspaceMemberships: user.workspaceMemberships.map((m) => ({
workspaceId: m.workspaceId,
workspaceName: m.workspace.name,
role: m.role,
joinedAt: m.joinedAt,
})),
})),
meta: {
total,
page,
limit,
totalPages: Math.ceil(total / limit),
},
};
}
async inviteUser(dto: InviteUserDto, inviterId: string): Promise<InvitationResponse> {
const existing = await this.prisma.user.findUnique({
where: { email: dto.email },
});
if (existing) {
throw new ConflictException(`User with email ${dto.email} already exists`);
}
if (dto.workspaceId) {
const workspace = await this.prisma.workspace.findUnique({
where: { id: dto.workspaceId },
});
if (!workspace) {
throw new NotFoundException(`Workspace ${dto.workspaceId} not found`);
}
}
const invitationToken = randomUUID();
const now = new Date();
const user = await this.prisma.$transaction(async (tx) => {
const created = await tx.user.create({
data: {
email: dto.email,
name: dto.name ?? dto.email.split("@")[0] ?? dto.email,
emailVerified: false,
invitedBy: inviterId,
invitationToken,
invitedAt: now,
},
});
if (dto.workspaceId) {
await tx.workspaceMember.create({
data: {
workspaceId: dto.workspaceId,
userId: created.id,
role: dto.role ?? WorkspaceMemberRole.MEMBER,
},
});
}
return created;
});
this.logger.log(`User invited: ${user.email} by ${inviterId}`);
return {
userId: user.id,
invitationToken,
email: user.email,
invitedAt: now,
};
}
async updateUser(id: string, dto: UpdateUserDto): Promise<AdminUserResponse> {
const existing = await this.prisma.user.findUnique({ where: { id } });
if (!existing) {
throw new NotFoundException(`User ${id} not found`);
}
const data: Prisma.UserUpdateInput = {};
if (dto.name !== undefined) {
data.name = dto.name;
}
if (dto.emailVerified !== undefined) {
data.emailVerified = dto.emailVerified;
}
if (dto.preferences !== undefined) {
data.preferences = dto.preferences as Prisma.InputJsonValue;
}
if (dto.deactivatedAt !== undefined) {
data.deactivatedAt = dto.deactivatedAt ? new Date(dto.deactivatedAt) : null;
}
const user = await this.prisma.user.update({
where: { id },
data,
include: {
workspaceMemberships: {
include: {
workspace: { select: { id: true, name: true } },
},
},
},
});
this.logger.log(`User updated: ${id}`);
return {
id: user.id,
name: user.name,
email: user.email,
emailVerified: user.emailVerified,
image: user.image,
createdAt: user.createdAt,
deactivatedAt: user.deactivatedAt,
isLocalAuth: user.isLocalAuth,
invitedAt: user.invitedAt,
invitedBy: user.invitedBy,
workspaceMemberships: user.workspaceMemberships.map((m) => ({
workspaceId: m.workspaceId,
workspaceName: m.workspace.name,
role: m.role,
joinedAt: m.joinedAt,
})),
};
}
async deactivateUser(id: string): Promise<AdminUserResponse> {
const existing = await this.prisma.user.findUnique({ where: { id } });
if (!existing) {
throw new NotFoundException(`User ${id} not found`);
}
if (existing.deactivatedAt) {
throw new BadRequestException(`User ${id} is already deactivated`);
}
const [user] = await this.prisma.$transaction([
this.prisma.user.update({
where: { id },
data: { deactivatedAt: new Date() },
include: {
workspaceMemberships: {
include: {
workspace: { select: { id: true, name: true } },
},
},
},
}),
this.prisma.session.deleteMany({ where: { userId: id } }),
]);
this.logger.log(`User deactivated and sessions invalidated: ${id}`);
return {
id: user.id,
name: user.name,
email: user.email,
emailVerified: user.emailVerified,
image: user.image,
createdAt: user.createdAt,
deactivatedAt: user.deactivatedAt,
isLocalAuth: user.isLocalAuth,
invitedAt: user.invitedAt,
invitedBy: user.invitedBy,
workspaceMemberships: user.workspaceMemberships.map((m) => ({
workspaceId: m.workspaceId,
workspaceName: m.workspace.name,
role: m.role,
joinedAt: m.joinedAt,
})),
};
}
async createWorkspace(dto: CreateWorkspaceDto): Promise<AdminWorkspaceResponse> {
const owner = await this.prisma.user.findUnique({ where: { id: dto.ownerId } });
if (!owner) {
throw new NotFoundException(`User ${dto.ownerId} not found`);
}
const workspace = await this.prisma.$transaction(async (tx) => {
const created = await tx.workspace.create({
data: {
name: dto.name,
ownerId: dto.ownerId,
settings: dto.settings ? (dto.settings as Prisma.InputJsonValue) : {},
},
});
await tx.workspaceMember.create({
data: {
workspaceId: created.id,
userId: dto.ownerId,
role: WorkspaceMemberRole.OWNER,
},
});
return created;
});
this.logger.log(`Workspace created: ${workspace.id} with owner ${dto.ownerId}`);
return {
id: workspace.id,
name: workspace.name,
ownerId: workspace.ownerId,
settings: workspace.settings as Record<string, unknown>,
createdAt: workspace.createdAt,
updatedAt: workspace.updatedAt,
memberCount: 1,
};
}
async updateWorkspace(
id: string,
dto: { name?: string; settings?: Record<string, unknown> }
): Promise<AdminWorkspaceResponse> {
const existing = await this.prisma.workspace.findUnique({ where: { id } });
if (!existing) {
throw new NotFoundException(`Workspace ${id} not found`);
}
const data: Prisma.WorkspaceUpdateInput = {};
if (dto.name !== undefined) {
data.name = dto.name;
}
if (dto.settings !== undefined) {
data.settings = dto.settings as Prisma.InputJsonValue;
}
const workspace = await this.prisma.workspace.update({
where: { id },
data,
include: {
_count: { select: { members: true } },
},
});
this.logger.log(`Workspace updated: ${id}`);
return {
id: workspace.id,
name: workspace.name,
ownerId: workspace.ownerId,
settings: workspace.settings as Record<string, unknown>,
createdAt: workspace.createdAt,
updatedAt: workspace.updatedAt,
memberCount: workspace._count.members,
};
}
}

15
apps/api/src/admin/dto/create-workspace.dto.ts
View File

@@ -1,15 +0,0 @@
import { IsObject, IsOptional, IsString, IsUUID, MaxLength, MinLength } from "class-validator";
export class CreateWorkspaceDto {
@IsString({ message: "name must be a string" })
@MinLength(1, { message: "name must not be empty" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name!: string;
@IsUUID("4", { message: "ownerId must be a valid UUID" })
ownerId!: string;
@IsOptional()
@IsObject({ message: "settings must be an object" })
settings?: Record<string, unknown>;
}

20
apps/api/src/admin/dto/invite-user.dto.ts
View File

@@ -1,20 +0,0 @@
import { WorkspaceMemberRole } from "@prisma/client";
import { IsEmail, IsEnum, IsOptional, IsString, IsUUID, MaxLength } from "class-validator";
export class InviteUserDto {
@IsEmail({}, { message: "email must be a valid email address" })
email!: string;
@IsOptional()
@IsString({ message: "name must be a string" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name?: string;
@IsOptional()
@IsUUID("4", { message: "workspaceId must be a valid UUID" })
workspaceId?: string;
@IsOptional()
@IsEnum(WorkspaceMemberRole, { message: "role must be a valid WorkspaceMemberRole" })
role?: WorkspaceMemberRole;
}

15
apps/api/src/admin/dto/manage-member.dto.ts
View File

@@ -1,15 +0,0 @@
import { WorkspaceMemberRole } from "@prisma/client";
import { IsEnum, IsUUID } from "class-validator";
export class AddMemberDto {
@IsUUID("4", { message: "userId must be a valid UUID" })
userId!: string;
@IsEnum(WorkspaceMemberRole, { message: "role must be a valid WorkspaceMemberRole" })
role!: WorkspaceMemberRole;
}
export class UpdateMemberRoleDto {
@IsEnum(WorkspaceMemberRole, { message: "role must be a valid WorkspaceMemberRole" })
role!: WorkspaceMemberRole;
}

17
apps/api/src/admin/dto/query-users.dto.ts
View File

@@ -1,17 +0,0 @@
import { IsInt, IsOptional, Max, Min } from "class-validator";
import { Type } from "class-transformer";
export class QueryUsersDto {
@IsOptional()
@Type(() => Number)
@IsInt({ message: "page must be an integer" })
@Min(1, { message: "page must be at least 1" })
page?: number;
@IsOptional()
@Type(() => Number)
@IsInt({ message: "limit must be an integer" })
@Min(1, { message: "limit must be at least 1" })
@Max(100, { message: "limit must not exceed 100" })
limit?: number;
}

27
apps/api/src/admin/dto/update-user.dto.ts
View File

@@ -1,27 +0,0 @@
import {
IsBoolean,
IsDateString,
IsObject,
IsOptional,
IsString,
MaxLength,
} from "class-validator";
export class UpdateUserDto {
@IsOptional()
@IsString({ message: "name must be a string" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name?: string;
@IsOptional()
@IsDateString({}, { message: "deactivatedAt must be a valid ISO 8601 date string" })
deactivatedAt?: string | null;
@IsOptional()
@IsBoolean({ message: "emailVerified must be a boolean" })
emailVerified?: boolean;
@IsOptional()
@IsObject({ message: "preferences must be an object" })
preferences?: Record<string, unknown>;
}

13
apps/api/src/admin/dto/update-workspace.dto.ts
View File

@@ -1,13 +0,0 @@
import { IsObject, IsOptional, IsString, MaxLength, MinLength } from "class-validator";
export class UpdateWorkspaceDto {
@IsOptional()
@IsString({ message: "name must be a string" })
@MinLength(1, { message: "name must not be empty" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name?: string;
@IsOptional()
@IsObject({ message: "settings must be an object" })
settings?: Record<string, unknown>;
}

49
apps/api/src/admin/types/admin.types.ts
View File

@@ -1,49 +0,0 @@
import type { WorkspaceMemberRole } from "@prisma/client";
export interface AdminUserResponse {
id: string;
name: string;
email: string;
emailVerified: boolean;
image: string | null;
createdAt: Date;
deactivatedAt: Date | null;
isLocalAuth: boolean;
invitedAt: Date | null;
invitedBy: string | null;
workspaceMemberships: WorkspaceMembershipResponse[];
}
export interface WorkspaceMembershipResponse {
workspaceId: string;
workspaceName: string;
role: WorkspaceMemberRole;
joinedAt: Date;
}
export interface PaginatedResponse<T> {
data: T[];
meta: {
total: number;
page: number;
limit: number;
totalPages: number;
};
}
export interface InvitationResponse {
userId: string;
invitationToken: string;
email: string;
invitedAt: Date;
}
export interface AdminWorkspaceResponse {
id: string;
name: string;
ownerId: string;
settings: Record<string, unknown>;
createdAt: Date;
updatedAt: Date;
memberCount: number;
}

102
apps/api/src/agent-memory/agent-memory.controller.spec.ts
View File

@@ -1,102 +0,0 @@
import { Test, TestingModule } from "@nestjs/testing";
import { AgentMemoryController } from "./agent-memory.controller";
import { AgentMemoryService } from "./agent-memory.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { describe, it, expect, beforeEach, vi } from "vitest";
describe("AgentMemoryController", () => {
let controller: AgentMemoryController;
const mockAgentMemoryService = {
upsert: vi.fn(),
findAll: vi.fn(),
findOne: vi.fn(),
remove: vi.fn(),
};
const mockGuard = { canActivate: vi.fn(() => true) };
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [AgentMemoryController],
providers: [
{
provide: AgentMemoryService,
useValue: mockAgentMemoryService,
},
],
})
.overrideGuard(AuthGuard)
.useValue(mockGuard)
.overrideGuard(WorkspaceGuard)
.useValue(mockGuard)
.overrideGuard(PermissionGuard)
.useValue(mockGuard)
.compile();
controller = module.get<AgentMemoryController>(AgentMemoryController);
vi.clearAllMocks();
});
const workspaceId = "workspace-1";
const agentId = "agent-1";
const key = "context";
describe("upsert", () => {
it("should upsert a memory entry", async () => {
const dto = { value: { foo: "bar" } };
const mockEntry = { id: "mem-1", workspaceId, agentId, key, value: dto.value };
mockAgentMemoryService.upsert.mockResolvedValue(mockEntry);
const result = await controller.upsert(agentId, key, dto, workspaceId);
expect(mockAgentMemoryService.upsert).toHaveBeenCalledWith(workspaceId, agentId, key, dto);
expect(result).toEqual(mockEntry);
});
});
describe("findAll", () => {
it("should list all memory entries for an agent", async () => {
const mockEntries = [
{ id: "mem-1", key: "a", value: 1 },
{ id: "mem-2", key: "b", value: 2 },
];
mockAgentMemoryService.findAll.mockResolvedValue(mockEntries);
const result = await controller.findAll(agentId, workspaceId);
expect(mockAgentMemoryService.findAll).toHaveBeenCalledWith(workspaceId, agentId);
expect(result).toEqual(mockEntries);
});
});
describe("findOne", () => {
it("should get a single memory entry", async () => {
const mockEntry = { id: "mem-1", key, value: "v" };
mockAgentMemoryService.findOne.mockResolvedValue(mockEntry);
const result = await controller.findOne(agentId, key, workspaceId);
expect(mockAgentMemoryService.findOne).toHaveBeenCalledWith(workspaceId, agentId, key);
expect(result).toEqual(mockEntry);
});
});
describe("remove", () => {
it("should delete a memory entry", async () => {
const mockResponse = { message: "Memory entry deleted successfully" };
mockAgentMemoryService.remove.mockResolvedValue(mockResponse);
const result = await controller.remove(agentId, key, workspaceId);
expect(mockAgentMemoryService.remove).toHaveBeenCalledWith(workspaceId, agentId, key);
expect(result).toEqual(mockResponse);
});
});
});

89
apps/api/src/agent-memory/agent-memory.controller.ts
View File

@@ -1,89 +0,0 @@
import {
Controller,
Get,
Put,
Delete,
Body,
Param,
UseGuards,
HttpCode,
HttpStatus,
} from "@nestjs/common";
import { AgentMemoryService } from "./agent-memory.service";
import { UpsertAgentMemoryDto } from "./dto";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
/**
* Controller for per-agent key/value memory endpoints.
* All endpoints require authentication and workspace context.
*
* Guards are applied in order:
* 1. AuthGuard - Verifies user authentication
* 2. WorkspaceGuard - Validates workspace access
* 3. PermissionGuard - Checks role-based permissions
*/
@Controller("agents/:agentId/memory")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class AgentMemoryController {
constructor(private readonly agentMemoryService: AgentMemoryService) {}
/**
* PUT /api/agents/:agentId/memory/:key
* Upsert a memory entry for an agent
* Requires: MEMBER role or higher
*/
@Put(":key")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async upsert(
@Param("agentId") agentId: string,
@Param("key") key: string,
@Body() dto: UpsertAgentMemoryDto,
@Workspace() workspaceId: string
) {
return this.agentMemoryService.upsert(workspaceId, agentId, key, dto);
}
/**
* GET /api/agents/:agentId/memory
* List all memory entries for an agent
* Requires: Any workspace member (including GUEST)
*/
@Get()
@RequirePermission(Permission.WORKSPACE_ANY)
async findAll(@Param("agentId") agentId: string, @Workspace() workspaceId: string) {
return this.agentMemoryService.findAll(workspaceId, agentId);
}
/**
* GET /api/agents/:agentId/memory/:key
* Get a single memory entry by key
* Requires: Any workspace member (including GUEST)
*/
@Get(":key")
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne(
@Param("agentId") agentId: string,
@Param("key") key: string,
@Workspace() workspaceId: string
) {
return this.agentMemoryService.findOne(workspaceId, agentId, key);
}
/**
* DELETE /api/agents/:agentId/memory/:key
* Remove a memory entry
* Requires: MEMBER role or higher
*/
@Delete(":key")
@HttpCode(HttpStatus.OK)
@RequirePermission(Permission.WORKSPACE_MEMBER)
async remove(
@Param("agentId") agentId: string,
@Param("key") key: string,
@Workspace() workspaceId: string
) {
return this.agentMemoryService.remove(workspaceId, agentId, key);
}
}

198
apps/api/src/agent-memory/agent-memory.integration.spec.ts
View File

@@ -1,198 +0,0 @@
import { beforeAll, beforeEach, describe, expect, it, afterAll } from "vitest";
import { randomUUID as uuid } from "crypto";
import { Test, TestingModule } from "@nestjs/testing";
import { NotFoundException } from "@nestjs/common";
import { PrismaClient } from "@prisma/client";
import { AgentMemoryService } from "./agent-memory.service";
import { PrismaService } from "../prisma/prisma.service";
const shouldRunDbIntegrationTests =
process.env.RUN_DB_TESTS === "true" && Boolean(process.env.DATABASE_URL);
const describeFn = shouldRunDbIntegrationTests ? describe : describe.skip;
async function createWorkspace(
prisma: PrismaClient,
label: string
): Promise<{ workspaceId: string; ownerId: string }> {
const workspace = await prisma.workspace.create({
data: {
name: `${label} ${Date.now()}`,
owner: {
create: {
email: `${label.toLowerCase().replace(/\s+/g, "-")}-${Date.now()}@example.com`,
name: `${label} Owner`,
},
},
},
});
return {
workspaceId: workspace.id,
ownerId: workspace.ownerId,
};
}
describeFn("AgentMemoryService Integration", () => {
let moduleRef: TestingModule;
let prisma: PrismaClient;
let service: AgentMemoryService;
let setupComplete = false;
let workspaceAId: string;
let workspaceAOwnerId: string;
let workspaceBId: string;
let workspaceBOwnerId: string;
beforeAll(async () => {
prisma = new PrismaClient();
await prisma.$connect();
const workspaceA = await createWorkspace(prisma, "Agent Memory Integration A");
workspaceAId = workspaceA.workspaceId;
workspaceAOwnerId = workspaceA.ownerId;
const workspaceB = await createWorkspace(prisma, "Agent Memory Integration B");
workspaceBId = workspaceB.workspaceId;
workspaceBOwnerId = workspaceB.ownerId;
moduleRef = await Test.createTestingModule({
providers: [
AgentMemoryService,
{
provide: PrismaService,
useValue: prisma,
},
],
}).compile();
service = moduleRef.get<AgentMemoryService>(AgentMemoryService);
setupComplete = true;
});
beforeEach(async () => {
if (!setupComplete) {
return;
}
await prisma.agentMemory.deleteMany({
where: {
workspaceId: {
in: [workspaceAId, workspaceBId],
},
},
});
});
afterAll(async () => {
if (!prisma) {
return;
}
const workspaceIds = [workspaceAId, workspaceBId].filter(
(id): id is string => typeof id === "string"
);
const ownerIds = [workspaceAOwnerId, workspaceBOwnerId].filter(
(id): id is string => typeof id === "string"
);
if (workspaceIds.length > 0) {
await prisma.agentMemory.deleteMany({
where: {
workspaceId: {
in: workspaceIds,
},
},
});
await prisma.workspace.deleteMany({ where: { id: { in: workspaceIds } } });
}
if (ownerIds.length > 0) {
await prisma.user.deleteMany({ where: { id: { in: ownerIds } } });
}
if (moduleRef) {
await moduleRef.close();
}
await prisma.$disconnect();
});
it("upserts and lists memory entries", async () => {
if (!setupComplete) {
return;
}
const agentId = `agent-${uuid()}`;
const entry = await service.upsert(workspaceAId, agentId, "session-context", {
value: { intent: "create-tests", depth: "integration" },
});
expect(entry.workspaceId).toBe(workspaceAId);
expect(entry.agentId).toBe(agentId);
expect(entry.key).toBe("session-context");
const listed = await service.findAll(workspaceAId, agentId);
expect(listed).toHaveLength(1);
expect(listed[0]?.id).toBe(entry.id);
expect(listed[0]?.value).toMatchObject({ intent: "create-tests" });
});
it("updates existing key via upsert without creating duplicates", async () => {
if (!setupComplete) {
return;
}
const agentId = `agent-${uuid()}`;
const first = await service.upsert(workspaceAId, agentId, "preferences", {
value: { model: "fast" },
});
const second = await service.upsert(workspaceAId, agentId, "preferences", {
value: { model: "accurate" },
});
expect(second.id).toBe(first.id);
expect(second.value).toMatchObject({ model: "accurate" });
const rowCount = await prisma.agentMemory.count({
where: {
workspaceId: workspaceAId,
agentId,
key: "preferences",
},
});
expect(rowCount).toBe(1);
});
it("lists keys in sorted order and isolates by workspace", async () => {
if (!setupComplete) {
return;
}
const agentId = `agent-${uuid()}`;
await service.upsert(workspaceAId, agentId, "beta", { value: { v: 2 } });
await service.upsert(workspaceAId, agentId, "alpha", { value: { v: 1 } });
await service.upsert(workspaceBId, agentId, "alpha", { value: { v: 99 } });
const workspaceAEntries = await service.findAll(workspaceAId, agentId);
const workspaceBEntries = await service.findAll(workspaceBId, agentId);
expect(workspaceAEntries.map((row) => row.key)).toEqual(["alpha", "beta"]);
expect(workspaceBEntries).toHaveLength(1);
expect(workspaceBEntries[0]?.value).toMatchObject({ v: 99 });
});
it("throws NotFoundException when requesting unknown key", async () => {
if (!setupComplete) {
return;
}
await expect(service.findOne(workspaceAId, `agent-${uuid()}`, "missing")).rejects.toThrow(
NotFoundException
);
});
});

13
apps/api/src/agent-memory/agent-memory.module.ts
View File

@@ -1,13 +0,0 @@
import { Module } from "@nestjs/common";
import { AgentMemoryController } from "./agent-memory.controller";
import { AgentMemoryService } from "./agent-memory.service";
import { PrismaModule } from "../prisma/prisma.module";
import { AuthModule } from "../auth/auth.module";
@Module({
imports: [PrismaModule, AuthModule],
controllers: [AgentMemoryController],
providers: [AgentMemoryService],
exports: [AgentMemoryService],
})
export class AgentMemoryModule {}

126
apps/api/src/agent-memory/agent-memory.service.spec.ts
View File

@@ -1,126 +0,0 @@
import { Test, TestingModule } from "@nestjs/testing";
import { AgentMemoryService } from "./agent-memory.service";
import { PrismaService } from "../prisma/prisma.service";
import { NotFoundException } from "@nestjs/common";
import { describe, it, expect, beforeEach, vi } from "vitest";
describe("AgentMemoryService", () => {
let service: AgentMemoryService;
const mockPrismaService = {
agentMemory: {
upsert: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
delete: vi.fn(),
},
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AgentMemoryService,
{
provide: PrismaService,
useValue: mockPrismaService,
},
],
}).compile();
service = module.get<AgentMemoryService>(AgentMemoryService);
vi.clearAllMocks();
});
const workspaceId = "workspace-1";
const agentId = "agent-1";
const key = "session-context";
describe("upsert", () => {
it("should upsert a memory entry", async () => {
const dto = { value: { data: "some context" } };
const mockEntry = {
id: "mem-1",
workspaceId,
agentId,
key,
value: dto.value,
createdAt: new Date(),
updatedAt: new Date(),
};
mockPrismaService.agentMemory.upsert.mockResolvedValue(mockEntry);
const result = await service.upsert(workspaceId, agentId, key, dto);
expect(mockPrismaService.agentMemory.upsert).toHaveBeenCalledWith({
where: { workspaceId_agentId_key: { workspaceId, agentId, key } },
create: { workspaceId, agentId, key, value: dto.value },
update: { value: dto.value },
});
expect(result).toEqual(mockEntry);
});
});
describe("findAll", () => {
it("should return all memory entries for an agent", async () => {
const mockEntries = [
{ id: "mem-1", key: "a", value: 1 },
{ id: "mem-2", key: "b", value: 2 },
];
mockPrismaService.agentMemory.findMany.mockResolvedValue(mockEntries);
const result = await service.findAll(workspaceId, agentId);
expect(mockPrismaService.agentMemory.findMany).toHaveBeenCalledWith({
where: { workspaceId, agentId },
orderBy: { key: "asc" },
});
expect(result).toEqual(mockEntries);
});
});
describe("findOne", () => {
it("should return a memory entry by key", async () => {
const mockEntry = { id: "mem-1", workspaceId, agentId, key, value: "ctx" };
mockPrismaService.agentMemory.findUnique.mockResolvedValue(mockEntry);
const result = await service.findOne(workspaceId, agentId, key);
expect(mockPrismaService.agentMemory.findUnique).toHaveBeenCalledWith({
where: { workspaceId_agentId_key: { workspaceId, agentId, key } },
});
expect(result).toEqual(mockEntry);
});
it("should throw NotFoundException when key not found", async () => {
mockPrismaService.agentMemory.findUnique.mockResolvedValue(null);
await expect(service.findOne(workspaceId, agentId, key)).rejects.toThrow(NotFoundException);
});
});
describe("remove", () => {
it("should delete a memory entry", async () => {
const mockEntry = { id: "mem-1", workspaceId, agentId, key, value: "x" };
mockPrismaService.agentMemory.findUnique.mockResolvedValue(mockEntry);
mockPrismaService.agentMemory.delete.mockResolvedValue(mockEntry);
const result = await service.remove(workspaceId, agentId, key);
expect(mockPrismaService.agentMemory.delete).toHaveBeenCalledWith({
where: { workspaceId_agentId_key: { workspaceId, agentId, key } },
});
expect(result).toEqual({ message: "Memory entry deleted successfully" });
});
it("should throw NotFoundException when key not found", async () => {
mockPrismaService.agentMemory.findUnique.mockResolvedValue(null);
await expect(service.remove(workspaceId, agentId, key)).rejects.toThrow(NotFoundException);
});
});
});

79
apps/api/src/agent-memory/agent-memory.service.ts
View File

@@ -1,79 +0,0 @@
import { Injectable, NotFoundException } from "@nestjs/common";
import { PrismaService } from "../prisma/prisma.service";
import { Prisma } from "@prisma/client";
import type { UpsertAgentMemoryDto } from "./dto";
@Injectable()
export class AgentMemoryService {
constructor(private readonly prisma: PrismaService) {}
/**
* Upsert a memory entry for an agent.
*/
async upsert(workspaceId: string, agentId: string, key: string, dto: UpsertAgentMemoryDto) {
return this.prisma.agentMemory.upsert({
where: {
workspaceId_agentId_key: { workspaceId, agentId, key },
},
create: {
workspaceId,
agentId,
key,
value: dto.value as Prisma.InputJsonValue,
},
update: {
value: dto.value as Prisma.InputJsonValue,
},
});
}
/**
* List all memory entries for an agent in a workspace.
*/
async findAll(workspaceId: string, agentId: string) {
return this.prisma.agentMemory.findMany({
where: { workspaceId, agentId },
orderBy: { key: "asc" },
});
}
/**
* Get a single memory entry by key.
*/
async findOne(workspaceId: string, agentId: string, key: string) {
const entry = await this.prisma.agentMemory.findUnique({
where: {
workspaceId_agentId_key: { workspaceId, agentId, key },
},
});
if (!entry) {
throw new NotFoundException(`Memory key "${key}" not found for agent "${agentId}"`);
}
return entry;
}
/**
* Delete a memory entry by key.
*/
async remove(workspaceId: string, agentId: string, key: string) {
const entry = await this.prisma.agentMemory.findUnique({
where: {
workspaceId_agentId_key: { workspaceId, agentId, key },
},
});
if (!entry) {
throw new NotFoundException(`Memory key "${key}" not found for agent "${agentId}"`);
}
await this.prisma.agentMemory.delete({
where: {
workspaceId_agentId_key: { workspaceId, agentId, key },
},
});
return { message: "Memory entry deleted successfully" };
}
}

1
apps/api/src/agent-memory/dto/index.ts
View File

@@ -1 +0,0 @@
export * from "./upsert-agent-memory.dto";

10
apps/api/src/agent-memory/dto/upsert-agent-memory.dto.ts
View File

@@ -1,10 +0,0 @@
import { IsNotEmpty } from "class-validator";
/**
* DTO for upserting an agent memory entry.
* The value accepts any JSON-serializable data.
*/
export class UpsertAgentMemoryDto {
@IsNotEmpty({ message: "value must not be empty" })
value!: unknown;
}

16
apps/api/src/app.module.ts
View File

@@ -27,8 +27,6 @@ import { LlmUsageModule } from "./llm-usage/llm-usage.module";
import { BrainModule } from "./brain/brain.module"; import { BrainModule } from "./brain/brain.module";
import { CronModule } from "./cron/cron.module"; import { CronModule } from "./cron/cron.module";
import { AgentTasksModule } from "./agent-tasks/agent-tasks.module"; import { AgentTasksModule } from "./agent-tasks/agent-tasks.module";
import { FindingsModule } from "./findings/findings.module";
import { AgentMemoryModule } from "./agent-memory/agent-memory.module";
import { ValkeyModule } from "./valkey/valkey.module"; import { ValkeyModule } from "./valkey/valkey.module";
import { BullMqModule } from "./bullmq/bullmq.module"; import { BullMqModule } from "./bullmq/bullmq.module";
import { StitcherModule } from "./stitcher/stitcher.module"; import { StitcherModule } from "./stitcher/stitcher.module";
@@ -43,12 +41,6 @@ import { MosaicTelemetryModule } from "./mosaic-telemetry";
import { SpeechModule } from "./speech/speech.module"; import { SpeechModule } from "./speech/speech.module";
import { DashboardModule } from "./dashboard/dashboard.module"; import { DashboardModule } from "./dashboard/dashboard.module";
import { TerminalModule } from "./terminal/terminal.module"; import { TerminalModule } from "./terminal/terminal.module";
import { PersonalitiesModule } from "./personalities/personalities.module";
import { WorkspacesModule } from "./workspaces/workspaces.module";
import { AdminModule } from "./admin/admin.module";
import { TeamsModule } from "./teams/teams.module";
import { ImportModule } from "./import/import.module";
import { ConversationArchiveModule } from "./conversation-archive/conversation-archive.module";
import { RlsContextInterceptor } from "./common/interceptors/rls-context.interceptor"; import { RlsContextInterceptor } from "./common/interceptors/rls-context.interceptor";
@Module({ @Module({
@@ -103,8 +95,6 @@ import { RlsContextInterceptor } from "./common/interceptors/rls-context.interce
BrainModule, BrainModule,
CronModule, CronModule,
AgentTasksModule, AgentTasksModule,
FindingsModule,
AgentMemoryModule,
RunnerJobsModule, RunnerJobsModule,
JobEventsModule, JobEventsModule,
JobStepsModule, JobStepsModule,
@@ -115,12 +105,6 @@ import { RlsContextInterceptor } from "./common/interceptors/rls-context.interce
SpeechModule, SpeechModule,
DashboardModule, DashboardModule,
TerminalModule, TerminalModule,
PersonalitiesModule,
WorkspacesModule,
AdminModule,
TeamsModule,
ImportModule,
ConversationArchiveModule,
], ],
controllers: [AppController, CsrfController], controllers: [AppController, CsrfController],
providers: [ providers: [

19
apps/api/src/auth/auth.controller.spec.ts
View File

@@ -361,13 +361,16 @@ describe("AuthController", () => {
}); });
describe("getProfile", () => { describe("getProfile", () => {
it("should return complete user profile with identity fields", () => { it("should return complete user profile with workspace fields", () => {
const mockUser: AuthUser = { const mockUser: AuthUser = {
id: "user-123", id: "user-123",
email: "test@example.com", email: "test@example.com",
name: "Test User", name: "Test User",
image: "https://example.com/avatar.jpg", image: "https://example.com/avatar.jpg",
emailVerified: true, emailVerified: true,
workspaceId: "workspace-123",
currentWorkspaceId: "workspace-456",
workspaceRole: "admin",
}; };
const result = controller.getProfile(mockUser); const result = controller.getProfile(mockUser);
@@ -378,10 +381,13 @@ describe("AuthController", () => {
name: mockUser.name, name: mockUser.name,
image: mockUser.image, image: mockUser.image,
emailVerified: mockUser.emailVerified, emailVerified: mockUser.emailVerified,
workspaceId: mockUser.workspaceId,
currentWorkspaceId: mockUser.currentWorkspaceId,
workspaceRole: mockUser.workspaceRole,
}); });
}); });
it("should return user profile with only required fields", () => { it("should return user profile with optional fields undefined", () => {
const mockUser: AuthUser = { const mockUser: AuthUser = {
id: "user-123", id: "user-123",
email: "test@example.com", email: "test@example.com",
@@ -394,11 +400,12 @@ describe("AuthController", () => {
id: mockUser.id, id: mockUser.id,
email: mockUser.email, email: mockUser.email,
name: mockUser.name, name: mockUser.name,
image: undefined,
emailVerified: undefined,
workspaceId: undefined,
currentWorkspaceId: undefined,
workspaceRole: undefined,
}); });
// Workspace fields are not included — served by GET /api/workspaces
expect(result).not.toHaveProperty("workspaceId");
expect(result).not.toHaveProperty("currentWorkspaceId");
expect(result).not.toHaveProperty("workspaceRole");
}); });
}); });

13
apps/api/src/auth/auth.controller.ts
View File

@@ -72,10 +72,15 @@ export class AuthController {
if (user.emailVerified !== undefined) { if (user.emailVerified !== undefined) {
profile.emailVerified = user.emailVerified; profile.emailVerified = user.emailVerified;
} }
if (user.workspaceId !== undefined) {
// Workspace context is served by GET /api/workspaces, not the auth profile. profile.workspaceId = user.workspaceId;
// The deprecated workspaceId/currentWorkspaceId/workspaceRole fields on }
// AuthUser are never populated by BetterAuth and are omitted here. if (user.currentWorkspaceId !== undefined) {
profile.currentWorkspaceId = user.currentWorkspaceId;
}
if (user.workspaceRole !== undefined) {
profile.workspaceRole = user.workspaceRole;
}
return profile; return profile;
} }

7
apps/api/src/auth/auth.module.ts
View File

@@ -3,14 +3,11 @@ import { PrismaModule } from "../prisma/prisma.module";
import { AuthService } from "./auth.service"; import { AuthService } from "./auth.service";
import { AuthController } from "./auth.controller"; import { AuthController } from "./auth.controller";
import { AuthGuard } from "./guards/auth.guard"; import { AuthGuard } from "./guards/auth.guard";
import { LocalAuthController } from "./local/local-auth.controller";
import { LocalAuthService } from "./local/local-auth.service";
import { LocalAuthEnabledGuard } from "./local/local-auth.guard";
@Module({ @Module({
imports: [PrismaModule], imports: [PrismaModule],
controllers: [AuthController, LocalAuthController], controllers: [AuthController],
providers: [AuthService, AuthGuard, LocalAuthService, LocalAuthEnabledGuard], providers: [AuthService, AuthGuard],
exports: [AuthService, AuthGuard], exports: [AuthService, AuthGuard],
}) })
export class AuthModule {} export class AuthModule {}

10
apps/api/src/auth/local/dto/local-login.dto.ts
View File

@@ -1,10 +0,0 @@
import { IsEmail, IsString, MinLength } from "class-validator";
export class LocalLoginDto {
@IsEmail({}, { message: "email must be a valid email address" })
email!: string;
@IsString({ message: "password must be a string" })
@MinLength(1, { message: "password must not be empty" })
password!: string;
}

20
apps/api/src/auth/local/dto/local-setup.dto.ts
View File

@@ -1,20 +0,0 @@
import { IsEmail, IsString, MinLength, MaxLength } from "class-validator";
export class LocalSetupDto {
@IsEmail({}, { message: "email must be a valid email address" })
email!: string;
@IsString({ message: "name must be a string" })
@MinLength(1, { message: "name must not be empty" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name!: string;
@IsString({ message: "password must be a string" })
@MinLength(12, { message: "password must be at least 12 characters" })
@MaxLength(128, { message: "password must not exceed 128 characters" })
password!: string;
@IsString({ message: "setupToken must be a string" })
@MinLength(1, { message: "setupToken must not be empty" })
setupToken!: string;
}

232
apps/api/src/auth/local/local-auth.controller.spec.ts
View File

@@ -1,232 +0,0 @@
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import {
NotFoundException,
ForbiddenException,
UnauthorizedException,
ConflictException,
} from "@nestjs/common";
import { LocalAuthController } from "./local-auth.controller";
import { LocalAuthService } from "./local-auth.service";
import { LocalAuthEnabledGuard } from "./local-auth.guard";
describe("LocalAuthController", () => {
let controller: LocalAuthController;
let localAuthService: LocalAuthService;
const mockLocalAuthService = {
setup: vi.fn(),
login: vi.fn(),
};
const mockRequest = {
headers: { "user-agent": "TestAgent/1.0" },
ip: "127.0.0.1",
socket: { remoteAddress: "127.0.0.1" },
};
const originalEnv = {
ENABLE_LOCAL_AUTH: process.env.ENABLE_LOCAL_AUTH,
};
beforeEach(async () => {
process.env.ENABLE_LOCAL_AUTH = "true";
const module: TestingModule = await Test.createTestingModule({
controllers: [LocalAuthController],
providers: [
{
provide: LocalAuthService,
useValue: mockLocalAuthService,
},
],
})
.overrideGuard(LocalAuthEnabledGuard)
.useValue({ canActivate: () => true })
.compile();
controller = module.get<LocalAuthController>(LocalAuthController);
localAuthService = module.get<LocalAuthService>(LocalAuthService);
vi.clearAllMocks();
});
afterEach(() => {
vi.restoreAllMocks();
if (originalEnv.ENABLE_LOCAL_AUTH !== undefined) {
process.env.ENABLE_LOCAL_AUTH = originalEnv.ENABLE_LOCAL_AUTH;
} else {
delete process.env.ENABLE_LOCAL_AUTH;
}
});
describe("setup", () => {
const setupDto = {
email: "admin@example.com",
name: "Break Glass Admin",
password: "securePassword123!",
setupToken: "valid-token-123",
};
const mockSetupResult = {
user: {
id: "user-uuid-123",
email: "admin@example.com",
name: "Break Glass Admin",
isLocalAuth: true,
createdAt: new Date("2026-02-28T00:00:00Z"),
},
session: {
token: "session-token-abc",
expiresAt: new Date("2026-03-07T00:00:00Z"),
},
};
it("should create a break-glass user and return user data with session", async () => {
mockLocalAuthService.setup.mockResolvedValue(mockSetupResult);
const result = await controller.setup(setupDto, mockRequest as never);
expect(result).toEqual({
user: mockSetupResult.user,
session: mockSetupResult.session,
});
expect(mockLocalAuthService.setup).toHaveBeenCalledWith(
"admin@example.com",
"Break Glass Admin",
"securePassword123!",
"valid-token-123",
"127.0.0.1",
"TestAgent/1.0"
);
});
it("should extract client IP from x-forwarded-for header", async () => {
mockLocalAuthService.setup.mockResolvedValue(mockSetupResult);
const reqWithProxy = {
...mockRequest,
headers: {
...mockRequest.headers,
"x-forwarded-for": "203.0.113.50, 70.41.3.18",
},
};
await controller.setup(setupDto, reqWithProxy as never);
expect(mockLocalAuthService.setup).toHaveBeenCalledWith(
expect.any(String) as string,
expect.any(String) as string,
expect.any(String) as string,
expect.any(String) as string,
"203.0.113.50",
"TestAgent/1.0"
);
});
it("should propagate ForbiddenException from service", async () => {
mockLocalAuthService.setup.mockRejectedValue(new ForbiddenException("Invalid setup token"));
await expect(controller.setup(setupDto, mockRequest as never)).rejects.toThrow(
ForbiddenException
);
});
it("should propagate ConflictException from service", async () => {
mockLocalAuthService.setup.mockRejectedValue(
new ConflictException("A user with this email already exists")
);
await expect(controller.setup(setupDto, mockRequest as never)).rejects.toThrow(
ConflictException
);
});
});
describe("login", () => {
const loginDto = {
email: "admin@example.com",
password: "securePassword123!",
};
const mockLoginResult = {
user: {
id: "user-uuid-123",
email: "admin@example.com",
name: "Break Glass Admin",
},
session: {
token: "session-token-abc",
expiresAt: new Date("2026-03-07T00:00:00Z"),
},
};
it("should authenticate and return user data with session", async () => {
mockLocalAuthService.login.mockResolvedValue(mockLoginResult);
const result = await controller.login(loginDto, mockRequest as never);
expect(result).toEqual({
user: mockLoginResult.user,
session: mockLoginResult.session,
});
expect(mockLocalAuthService.login).toHaveBeenCalledWith(
"admin@example.com",
"securePassword123!",
"127.0.0.1",
"TestAgent/1.0"
);
});
it("should propagate UnauthorizedException from service", async () => {
mockLocalAuthService.login.mockRejectedValue(
new UnauthorizedException("Invalid email or password")
);
await expect(controller.login(loginDto, mockRequest as never)).rejects.toThrow(
UnauthorizedException
);
});
});
});
describe("LocalAuthEnabledGuard", () => {
let guard: LocalAuthEnabledGuard;
const originalEnv = process.env.ENABLE_LOCAL_AUTH;
beforeEach(() => {
guard = new LocalAuthEnabledGuard();
});
afterEach(() => {
if (originalEnv !== undefined) {
process.env.ENABLE_LOCAL_AUTH = originalEnv;
} else {
delete process.env.ENABLE_LOCAL_AUTH;
}
});
it("should allow access when ENABLE_LOCAL_AUTH is true", () => {
process.env.ENABLE_LOCAL_AUTH = "true";
expect(guard.canActivate()).toBe(true);
});
it("should throw NotFoundException when ENABLE_LOCAL_AUTH is not set", () => {
delete process.env.ENABLE_LOCAL_AUTH;
expect(() => guard.canActivate()).toThrow(NotFoundException);
});
it("should throw NotFoundException when ENABLE_LOCAL_AUTH is false", () => {
process.env.ENABLE_LOCAL_AUTH = "false";
expect(() => guard.canActivate()).toThrow(NotFoundException);
});
it("should throw NotFoundException when ENABLE_LOCAL_AUTH is empty", () => {
process.env.ENABLE_LOCAL_AUTH = "";
expect(() => guard.canActivate()).toThrow(NotFoundException);
});
});

81
apps/api/src/auth/local/local-auth.controller.ts
View File

@@ -1,81 +0,0 @@
import {
Controller,
Post,
Body,
UseGuards,
Req,
Logger,
HttpCode,
HttpStatus,
} from "@nestjs/common";
import { Throttle } from "@nestjs/throttler";
import type { Request as ExpressRequest } from "express";
import { SkipCsrf } from "../../common/decorators/skip-csrf.decorator";
import { LocalAuthService } from "./local-auth.service";
import { LocalAuthEnabledGuard } from "./local-auth.guard";
import { LocalLoginDto } from "./dto/local-login.dto";
import { LocalSetupDto } from "./dto/local-setup.dto";
@Controller("auth/local")
@UseGuards(LocalAuthEnabledGuard)
export class LocalAuthController {
private readonly logger = new Logger(LocalAuthController.name);
constructor(private readonly localAuthService: LocalAuthService) {}
/**
* First-time break-glass user creation.
* Requires BREAKGLASS_SETUP_TOKEN from environment.
*/
@Post("setup")
@SkipCsrf()
@Throttle({ strict: { limit: 5, ttl: 60000 } })
async setup(@Body() dto: LocalSetupDto, @Req() req: ExpressRequest) {
const ipAddress = this.getClientIp(req);
const userAgent = req.headers["user-agent"];
this.logger.log(`Break-glass setup attempt from ${ipAddress}`);
const result = await this.localAuthService.setup(
dto.email,
dto.name,
dto.password,
dto.setupToken,
ipAddress,
userAgent
);
return {
user: result.user,
session: result.session,
};
}
/**
* Break-glass login with email + password.
*/
@Post("login")
@SkipCsrf()
@HttpCode(HttpStatus.OK)
@Throttle({ strict: { limit: 10, ttl: 60000 } })
async login(@Body() dto: LocalLoginDto, @Req() req: ExpressRequest) {
const ipAddress = this.getClientIp(req);
const userAgent = req.headers["user-agent"];
const result = await this.localAuthService.login(dto.email, dto.password, ipAddress, userAgent);
return {
user: result.user,
session: result.session,
};
}
private getClientIp(req: ExpressRequest): string {
const forwardedFor = req.headers["x-forwarded-for"];
if (forwardedFor) {
const ips = Array.isArray(forwardedFor) ? forwardedFor[0] : forwardedFor;
return ips?.split(",")[0]?.trim() ?? "unknown";
}
return req.ip ?? req.socket.remoteAddress ?? "unknown";
}
}

15
apps/api/src/auth/local/local-auth.guard.ts
View File

@@ -1,15 +0,0 @@
import { Injectable, CanActivate, NotFoundException } from "@nestjs/common";
/**
* Guard that checks if local authentication is enabled via ENABLE_LOCAL_AUTH env var.
* Returns 404 when disabled so endpoints are invisible to callers.
*/
@Injectable()
export class LocalAuthEnabledGuard implements CanActivate {
canActivate(): boolean {
if (process.env.ENABLE_LOCAL_AUTH !== "true") {
throw new NotFoundException();
}
return true;
}
}

389
apps/api/src/auth/local/local-auth.service.spec.ts
View File

@@ -1,389 +0,0 @@
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import {
ConflictException,
ForbiddenException,
InternalServerErrorException,
UnauthorizedException,
} from "@nestjs/common";
import { hash } from "bcryptjs";
import { LocalAuthService } from "./local-auth.service";
import { PrismaService } from "../../prisma/prisma.service";
describe("LocalAuthService", () => {
let service: LocalAuthService;
const mockTxSession = {
create: vi.fn(),
};
const mockTxWorkspace = {
findFirst: vi.fn(),
create: vi.fn(),
};
const mockTxWorkspaceMember = {
create: vi.fn(),
};
const mockTxUser = {
create: vi.fn(),
findUnique: vi.fn(),
};
const mockTx = {
user: mockTxUser,
workspace: mockTxWorkspace,
workspaceMember: mockTxWorkspaceMember,
session: mockTxSession,
};
const mockPrismaService = {
user: {
findUnique: vi.fn(),
},
session: {
create: vi.fn(),
},
$transaction: vi
.fn()
.mockImplementation((fn: (tx: typeof mockTx) => Promise<unknown>) => fn(mockTx)),
};
const originalEnv = {
BREAKGLASS_SETUP_TOKEN: process.env.BREAKGLASS_SETUP_TOKEN,
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
LocalAuthService,
{
provide: PrismaService,
useValue: mockPrismaService,
},
],
}).compile();
service = module.get<LocalAuthService>(LocalAuthService);
vi.clearAllMocks();
});
afterEach(() => {
vi.restoreAllMocks();
if (originalEnv.BREAKGLASS_SETUP_TOKEN !== undefined) {
process.env.BREAKGLASS_SETUP_TOKEN = originalEnv.BREAKGLASS_SETUP_TOKEN;
} else {
delete process.env.BREAKGLASS_SETUP_TOKEN;
}
});
describe("setup", () => {
const validSetupArgs = {
email: "admin@example.com",
name: "Break Glass Admin",
password: "securePassword123!",
setupToken: "valid-token-123",
};
const mockCreatedUser = {
id: "user-uuid-123",
email: "admin@example.com",
name: "Break Glass Admin",
isLocalAuth: true,
createdAt: new Date("2026-02-28T00:00:00Z"),
};
const mockWorkspace = {
id: "workspace-uuid-123",
};
beforeEach(() => {
process.env.BREAKGLASS_SETUP_TOKEN = "valid-token-123";
mockPrismaService.user.findUnique.mockResolvedValue(null);
mockTxUser.create.mockResolvedValue(mockCreatedUser);
mockTxWorkspace.findFirst.mockResolvedValue(mockWorkspace);
mockTxWorkspaceMember.create.mockResolvedValue({});
mockTxSession.create.mockResolvedValue({});
});
it("should create a local auth user with hashed password", async () => {
const result = await service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
);
expect(result.user).toEqual(mockCreatedUser);
expect(result.session.token).toBeDefined();
expect(result.session.token.length).toBeGreaterThan(0);
expect(result.session.expiresAt).toBeInstanceOf(Date);
expect(result.session.expiresAt.getTime()).toBeGreaterThan(Date.now());
expect(mockTxUser.create).toHaveBeenCalledWith({
data: expect.objectContaining({
email: "admin@example.com",
name: "Break Glass Admin",
isLocalAuth: true,
emailVerified: true,
passwordHash: expect.any(String) as string,
}),
select: {
id: true,
email: true,
name: true,
isLocalAuth: true,
createdAt: true,
},
});
});
it("should assign OWNER role on default workspace", async () => {
await service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
);
expect(mockTxWorkspaceMember.create).toHaveBeenCalledWith({
data: {
workspaceId: "workspace-uuid-123",
userId: "user-uuid-123",
role: "OWNER",
},
});
});
it("should create a new workspace if none exists", async () => {
mockTxWorkspace.findFirst.mockResolvedValue(null);
mockTxWorkspace.create.mockResolvedValue({ id: "new-workspace-uuid" });
await service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
);
expect(mockTxWorkspace.create).toHaveBeenCalledWith({
data: {
name: "Default Workspace",
ownerId: "user-uuid-123",
settings: {},
},
select: { id: true },
});
expect(mockTxWorkspaceMember.create).toHaveBeenCalledWith({
data: {
workspaceId: "new-workspace-uuid",
userId: "user-uuid-123",
role: "OWNER",
},
});
});
it("should create a BetterAuth-compatible session", async () => {
await service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken,
"192.168.1.1",
"TestAgent/1.0"
);
expect(mockTxSession.create).toHaveBeenCalledWith({
data: {
userId: "user-uuid-123",
token: expect.any(String) as string,
expiresAt: expect.any(Date) as Date,
ipAddress: "192.168.1.1",
userAgent: "TestAgent/1.0",
},
});
});
it("should reject when BREAKGLASS_SETUP_TOKEN is not set", async () => {
delete process.env.BREAKGLASS_SETUP_TOKEN;
await expect(
service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
)
).rejects.toThrow(ForbiddenException);
});
it("should reject when BREAKGLASS_SETUP_TOKEN is empty", async () => {
process.env.BREAKGLASS_SETUP_TOKEN = "";
await expect(
service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
)
).rejects.toThrow(ForbiddenException);
});
it("should reject when setup token does not match", async () => {
await expect(
service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
"wrong-token"
)
).rejects.toThrow(ForbiddenException);
});
it("should reject when email already exists", async () => {
mockPrismaService.user.findUnique.mockResolvedValue({
id: "existing-user",
email: "admin@example.com",
});
await expect(
service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
)
).rejects.toThrow(ConflictException);
});
it("should return session token and expiry", async () => {
const result = await service.setup(
validSetupArgs.email,
validSetupArgs.name,
validSetupArgs.password,
validSetupArgs.setupToken
);
expect(typeof result.session.token).toBe("string");
expect(result.session.token.length).toBe(64); // 32 bytes hex
expect(result.session.expiresAt).toBeInstanceOf(Date);
});
});
describe("login", () => {
const validPasswordHash = "$2a$12$LJ3m4ys3Lz/YgP7xYz5k5uU6b5F6X1234567890abcdefghijkl";
beforeEach(async () => {
// Create a real bcrypt hash for testing
const realHash = await hash("securePassword123!", 4); // Low rounds for test speed
mockPrismaService.user.findUnique.mockResolvedValue({
id: "user-uuid-123",
email: "admin@example.com",
name: "Break Glass Admin",
isLocalAuth: true,
passwordHash: realHash,
deactivatedAt: null,
});
mockPrismaService.session.create.mockResolvedValue({});
});
it("should authenticate a valid local auth user", async () => {
const result = await service.login("admin@example.com", "securePassword123!");
expect(result.user).toEqual({
id: "user-uuid-123",
email: "admin@example.com",
name: "Break Glass Admin",
});
expect(result.session.token).toBeDefined();
expect(result.session.expiresAt).toBeInstanceOf(Date);
});
it("should create a session with ip and user agent", async () => {
await service.login("admin@example.com", "securePassword123!", "10.0.0.1", "Mozilla/5.0");
expect(mockPrismaService.session.create).toHaveBeenCalledWith({
data: {
userId: "user-uuid-123",
token: expect.any(String) as string,
expiresAt: expect.any(Date) as Date,
ipAddress: "10.0.0.1",
userAgent: "Mozilla/5.0",
},
});
});
it("should reject when user does not exist", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
await expect(service.login("nonexistent@example.com", "password123456")).rejects.toThrow(
UnauthorizedException
);
});
it("should reject when user is not a local auth user", async () => {
mockPrismaService.user.findUnique.mockResolvedValue({
id: "user-uuid-123",
email: "admin@example.com",
name: "OIDC User",
isLocalAuth: false,
passwordHash: null,
deactivatedAt: null,
});
await expect(service.login("admin@example.com", "password123456")).rejects.toThrow(
UnauthorizedException
);
});
it("should reject when user is deactivated", async () => {
const realHash = await hash("securePassword123!", 4);
mockPrismaService.user.findUnique.mockResolvedValue({
id: "user-uuid-123",
email: "admin@example.com",
name: "Deactivated User",
isLocalAuth: true,
passwordHash: realHash,
deactivatedAt: new Date("2026-01-01"),
});
await expect(service.login("admin@example.com", "securePassword123!")).rejects.toThrow(
new UnauthorizedException("Account has been deactivated")
);
});
it("should reject when password is incorrect", async () => {
await expect(service.login("admin@example.com", "wrongPassword123!")).rejects.toThrow(
UnauthorizedException
);
});
it("should throw InternalServerError when local auth user has no password hash", async () => {
mockPrismaService.user.findUnique.mockResolvedValue({
id: "user-uuid-123",
email: "admin@example.com",
name: "Broken User",
isLocalAuth: true,
passwordHash: null,
deactivatedAt: null,
});
await expect(service.login("admin@example.com", "securePassword123!")).rejects.toThrow(
InternalServerErrorException
);
});
it("should not reveal whether email exists in error messages", async () => {
mockPrismaService.user.findUnique.mockResolvedValue(null);
try {
await service.login("nonexistent@example.com", "password123456");
} catch (error) {
expect(error).toBeInstanceOf(UnauthorizedException);
expect((error as UnauthorizedException).message).toBe("Invalid email or password");
}
});
});
});

230
apps/api/src/auth/local/local-auth.service.ts
View File

@@ -1,230 +0,0 @@
import {
Injectable,
Logger,
ForbiddenException,
UnauthorizedException,
ConflictException,
InternalServerErrorException,
} from "@nestjs/common";
import { WorkspaceMemberRole } from "@prisma/client";
import { hash, compare } from "bcryptjs";
import { randomBytes, timingSafeEqual } from "crypto";
import { PrismaService } from "../../prisma/prisma.service";
const BCRYPT_ROUNDS = 12;
/** Session expiry: 7 days (matches BetterAuth config in auth.config.ts) */
const SESSION_EXPIRY_MS = 7 * 24 * 60 * 60 * 1000;
interface SetupResult {
user: {
id: string;
email: string;
name: string;
isLocalAuth: boolean;
createdAt: Date;
};
session: {
token: string;
expiresAt: Date;
};
}
interface LoginResult {
user: {
id: string;
email: string;
name: string;
};
session: {
token: string;
expiresAt: Date;
};
}
@Injectable()
export class LocalAuthService {
private readonly logger = new Logger(LocalAuthService.name);
constructor(private readonly prisma: PrismaService) {}
/**
* First-time break-glass user creation.
* Validates the setup token, creates a local auth user with bcrypt-hashed password,
* and assigns OWNER role on the default workspace.
*/
async setup(
email: string,
name: string,
password: string,
setupToken: string,
ipAddress?: string,
userAgent?: string
): Promise<SetupResult> {
this.validateSetupToken(setupToken);
const existing = await this.prisma.user.findUnique({ where: { email } });
if (existing) {
throw new ConflictException("A user with this email already exists");
}
const passwordHash = await hash(password, BCRYPT_ROUNDS);
const result = await this.prisma.$transaction(async (tx) => {
const user = await tx.user.create({
data: {
email,
name,
isLocalAuth: true,
passwordHash,
emailVerified: true,
},
select: {
id: true,
email: true,
name: true,
isLocalAuth: true,
createdAt: true,
},
});
// Find or create a default workspace and assign OWNER role
await this.assignDefaultWorkspace(tx, user.id);
// Create a BetterAuth-compatible session
const session = await this.createSession(tx, user.id, ipAddress, userAgent);
return { user, session };
});
this.logger.log(`Break-glass user created: ${email}`);
return result;
}
/**
* Break-glass login: verify email + password against bcrypt hash.
* Only works for users with isLocalAuth=true.
*/
async login(
email: string,
password: string,
ipAddress?: string,
userAgent?: string
): Promise<LoginResult> {
const user = await this.prisma.user.findUnique({
where: { email },
select: {
id: true,
email: true,
name: true,
isLocalAuth: true,
passwordHash: true,
deactivatedAt: true,
},
});
if (!user?.isLocalAuth) {
throw new UnauthorizedException("Invalid email or password");
}
if (user.deactivatedAt) {
throw new UnauthorizedException("Account has been deactivated");
}
if (!user.passwordHash) {
this.logger.error(`Local auth user ${email} has no password hash`);
throw new InternalServerErrorException("Account configuration error");
}
const passwordValid = await compare(password, user.passwordHash);
if (!passwordValid) {
throw new UnauthorizedException("Invalid email or password");
}
const session = await this.createSession(this.prisma, user.id, ipAddress, userAgent);
this.logger.log(`Break-glass login: ${email}`);
return {
user: { id: user.id, email: user.email, name: user.name },
session,
};
}
/**
* Validate the setup token against the environment variable.
*/
private validateSetupToken(token: string): void {
const expectedToken = process.env.BREAKGLASS_SETUP_TOKEN;
if (!expectedToken || expectedToken.trim() === "") {
throw new ForbiddenException(
"Break-glass setup is not configured. Set BREAKGLASS_SETUP_TOKEN environment variable."
);
}
const tokenBuffer = Buffer.from(token);
const expectedBuffer = Buffer.from(expectedToken);
if (
tokenBuffer.length !== expectedBuffer.length ||
!timingSafeEqual(tokenBuffer, expectedBuffer)
) {
this.logger.warn("Invalid break-glass setup token attempt");
throw new ForbiddenException("Invalid setup token");
}
}
/**
* Find the first workspace or create a default one, then assign OWNER role.
*/
private async assignDefaultWorkspace(
tx: Parameters<Parameters<PrismaService["$transaction"]>[0]>[0],
userId: string
): Promise<void> {
let workspace = await tx.workspace.findFirst({
orderBy: { createdAt: "asc" },
select: { id: true },
});
workspace ??= await tx.workspace.create({
data: {
name: "Default Workspace",
ownerId: userId,
settings: {},
},
select: { id: true },
});
await tx.workspaceMember.create({
data: {
workspaceId: workspace.id,
userId,
role: WorkspaceMemberRole.OWNER,
},
});
}
/**
* Create a BetterAuth-compatible session record.
*/
private async createSession(
tx: { session: { create: typeof PrismaService.prototype.session.create } },
userId: string,
ipAddress?: string,
userAgent?: string
): Promise<{ token: string; expiresAt: Date }> {
const token = randomBytes(32).toString("hex");
const expiresAt = new Date(Date.now() + SESSION_EXPIRY_MS);
await tx.session.create({
data: {
userId,
token,
expiresAt,
ipAddress: ipAddress ?? null,
userAgent: userAgent ?? null,
},
});
return { token, expiresAt };
}
}

8
apps/api/src/common/guards/workspace.guard.ts
View File

@@ -110,10 +110,10 @@ export class WorkspaceGuard implements CanActivate {
return paramWorkspaceId; return paramWorkspaceId;
} }
// 3. Check request body (body may be undefined for GET requests despite Express typings) // 3. Check request body
const body = request.body as Record<string, unknown> | undefined; const bodyWorkspaceId = request.body.workspaceId;
if (body && typeof body.workspaceId === "string") { if (typeof bodyWorkspaceId === "string") {
return body.workspaceId; return bodyWorkspaceId;
} }
// 4. Check query string (backward compatibility for existing clients) // 4. Check query string (backward compatibility for existing clients)

2
apps/api/src/common/utils/log-sanitizer.spec.ts
View File

@@ -270,7 +270,7 @@ describe("sanitizeForLogging", () => {
const duration = Date.now() - start; const duration = Date.now() - start;
expect(result.password).toBe("[REDACTED]"); expect(result.password).toBe("[REDACTED]");
expect(duration).toBeLessThan(500); // Should complete in under 500ms expect(duration).toBeLessThan(100); // Should complete in under 100ms
}); });
}); });

69
apps/api/src/conversation-archive/conversation-archive.controller.ts
View File

@@ -1,69 +0,0 @@
import { Controller, Post, Get, Body, Param, Query, UseGuards } from "@nestjs/common";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, RequirePermission, Permission } from "../common/decorators";
import { ConversationArchiveService } from "./conversation-archive.service";
import { IngestConversationDto, SearchConversationDto, ListConversationsDto } from "./dto";
/**
* Controller for conversation archive endpoints.
* All endpoints require workspace membership.
*/
@Controller("conversations")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class ConversationArchiveController {
constructor(private readonly service: ConversationArchiveService) {}
/**
* POST /api/conversations/ingest
* Ingest a conversation session log and auto-embed for semantic search.
* Requires: MEMBER or higher
*/
@Post("ingest")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async ingest(
@Workspace() workspaceId: string,
@Body() dto: IngestConversationDto
): Promise<{ id: string }> {
return this.service.ingest(workspaceId, dto);
}
/**
* POST /api/conversations/search
* Vector similarity search across archived conversations.
* Requires: Any workspace member
*/
@Post("search")
@RequirePermission(Permission.WORKSPACE_ANY)
async search(
@Workspace() workspaceId: string,
@Body() dto: SearchConversationDto
): Promise<unknown> {
return this.service.search(workspaceId, dto);
}
/**
* GET /api/conversations
* List conversation archives with filtering and pagination.
* Requires: Any workspace member
*/
@Get()
@RequirePermission(Permission.WORKSPACE_ANY)
async findAll(
@Workspace() workspaceId: string,
@Query() query: ListConversationsDto
): Promise<unknown> {
return this.service.findAll(workspaceId, query);
}
/**
* GET /api/conversations/:id
* Get a single conversation archive by ID (includes full messages).
* Requires: Any workspace member
*/
@Get(":id")
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne(@Workspace() workspaceId: string, @Param("id") id: string): Promise<unknown> {
return this.service.findOne(workspaceId, id);
}
}

239
apps/api/src/conversation-archive/conversation-archive.integration.spec.ts
View File

@@ -1,239 +0,0 @@
import { beforeAll, beforeEach, describe, expect, it, afterAll, vi } from "vitest";
import { randomUUID as uuid } from "crypto";
import { Test, TestingModule } from "@nestjs/testing";
import { ConflictException } from "@nestjs/common";
import { PrismaClient, Prisma } from "@prisma/client";
import { EMBEDDING_DIMENSION } from "@mosaic/shared";
import { ConversationArchiveService } from "./conversation-archive.service";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
const shouldRunDbIntegrationTests =
process.env.RUN_DB_TESTS === "true" && Boolean(process.env.DATABASE_URL);
const describeFn = shouldRunDbIntegrationTests ? describe : describe.skip;
function vector(value: number): number[] {
return Array.from({ length: EMBEDDING_DIMENSION }, () => value);
}
function toVectorLiteral(input: number[]): string {
return `[${input.join(",")}]`;
}
describeFn("ConversationArchiveService Integration", () => {
let moduleRef: TestingModule;
let prisma: PrismaClient;
let service: ConversationArchiveService;
let workspaceId: string;
let ownerId: string;
let setupComplete = false;
const embeddingServiceMock = {
isConfigured: vi.fn(),
generateEmbedding: vi.fn(),
};
beforeAll(async () => {
prisma = new PrismaClient();
await prisma.$connect();
const workspace = await prisma.workspace.create({
data: {
name: `Conversation Archive Integration ${Date.now()}`,
owner: {
create: {
email: `conversation-archive-integration-${Date.now()}@example.com`,
name: "Conversation Archive Integration Owner",
},
},
},
});
workspaceId = workspace.id;
ownerId = workspace.ownerId;
moduleRef = await Test.createTestingModule({
providers: [
ConversationArchiveService,
{
provide: PrismaService,
useValue: prisma,
},
{
provide: EmbeddingService,
useValue: embeddingServiceMock,
},
],
}).compile();
service = moduleRef.get<ConversationArchiveService>(ConversationArchiveService);
setupComplete = true;
});
beforeEach(async () => {
vi.clearAllMocks();
embeddingServiceMock.isConfigured.mockReturnValue(false);
if (!setupComplete) {
return;
}
await prisma.conversationArchive.deleteMany({ where: { workspaceId } });
});
afterAll(async () => {
if (!prisma) {
return;
}
if (workspaceId) {
await prisma.conversationArchive.deleteMany({ where: { workspaceId } });
await prisma.workspace.deleteMany({ where: { id: workspaceId } });
}
if (ownerId) {
await prisma.user.deleteMany({ where: { id: ownerId } });
}
if (moduleRef) {
await moduleRef.close();
}
await prisma.$disconnect();
});
it("ingests a conversation log", async () => {
if (!setupComplete) {
return;
}
const sessionId = `session-${uuid()}`;
const result = await service.ingest(workspaceId, {
sessionId,
agentId: "agent-conversation-ingest",
messages: [
{ role: "user", content: "Can you summarize deployment issues?" },
{ role: "assistant", content: "Yes, three retries timed out in staging." },
],
summary: "Deployment retry failures discussed",
startedAt: "2026-02-28T21:00:00.000Z",
endedAt: "2026-02-28T21:05:00.000Z",
metadata: { source: "integration-test" },
});
expect(result.id).toBeDefined();
const stored = await prisma.conversationArchive.findUnique({
where: {
id: result.id,
},
});
expect(stored).toBeTruthy();
expect(stored?.workspaceId).toBe(workspaceId);
expect(stored?.sessionId).toBe(sessionId);
expect(stored?.messageCount).toBe(2);
expect(stored?.summary).toBe("Deployment retry failures discussed");
});
it("rejects duplicate session ingest per workspace", async () => {
if (!setupComplete) {
return;
}
const sessionId = `session-${uuid()}`;
const dto = {
sessionId,
agentId: "agent-conversation-duplicate",
messages: [{ role: "user", content: "hello" }],
summary: "simple conversation",
startedAt: "2026-02-28T22:00:00.000Z",
};
await service.ingest(workspaceId, dto);
await expect(service.ingest(workspaceId, dto)).rejects.toThrow(ConflictException);
});
it("rejects semantic search when embeddings are disabled", async () => {
if (!setupComplete) {
return;
}
embeddingServiceMock.isConfigured.mockReturnValue(false);
await expect(
service.search(workspaceId, {
query: "deployment retries",
})
).rejects.toThrow(ConflictException);
});
it("searches archived conversations by vector similarity", async () => {
if (!setupComplete) {
return;
}
const near = vector(0.02);
const far = vector(0.85);
const matching = await prisma.conversationArchive.create({
data: {
workspaceId,
sessionId: `session-search-${uuid()}`,
agentId: "agent-conversation-search-a",
messages: [
{ role: "user", content: "What caused deployment retries?" },
{ role: "assistant", content: "A connection pool timeout." },
] as unknown as Prisma.InputJsonValue,
messageCount: 2,
summary: "Deployment retries caused by connection pool timeout",
startedAt: new Date("2026-02-28T23:00:00.000Z"),
metadata: { channel: "cli" } as Prisma.InputJsonValue,
},
});
const nonMatching = await prisma.conversationArchive.create({
data: {
workspaceId,
sessionId: `session-search-${uuid()}`,
agentId: "agent-conversation-search-b",
messages: [
{ role: "user", content: "How is billing configured?" },
] as unknown as Prisma.InputJsonValue,
messageCount: 1,
summary: "Billing and quotas conversation",
startedAt: new Date("2026-02-28T23:10:00.000Z"),
metadata: { channel: "cli" } as Prisma.InputJsonValue,
},
});
await prisma.$executeRaw`
UPDATE conversation_archives
SET embedding = ${toVectorLiteral(near)}::vector(${EMBEDDING_DIMENSION})
WHERE id = ${matching.id}::uuid
`;
await prisma.$executeRaw`
UPDATE conversation_archives
SET embedding = ${toVectorLiteral(far)}::vector(${EMBEDDING_DIMENSION})
WHERE id = ${nonMatching.id}::uuid
`;
embeddingServiceMock.isConfigured.mockReturnValue(true);
embeddingServiceMock.generateEmbedding.mockResolvedValue(near);
const result = await service.search(workspaceId, {
query: "deployment retries timeout",
agentId: "agent-conversation-search-a",
similarityThreshold: 0,
limit: 10,
});
const rows = result.data as Array<{ id: string; agent_id: string; similarity: number }>;
expect(result.pagination.total).toBe(1);
expect(rows).toHaveLength(1);
expect(rows[0]?.id).toBe(matching.id);
expect(rows[0]?.agent_id).toBe("agent-conversation-search-a");
expect(rows[0]?.similarity).toBeGreaterThan(0);
});
});

14
apps/api/src/conversation-archive/conversation-archive.module.ts
View File

@@ -1,14 +0,0 @@
import { Module } from "@nestjs/common";
import { PrismaModule } from "../prisma/prisma.module";
import { AuthModule } from "../auth/auth.module";
import { KnowledgeModule } from "../knowledge/knowledge.module";
import { ConversationArchiveService } from "./conversation-archive.service";
import { ConversationArchiveController } from "./conversation-archive.controller";
@Module({
imports: [PrismaModule, AuthModule, KnowledgeModule],
controllers: [ConversationArchiveController],
providers: [ConversationArchiveService],
exports: [ConversationArchiveService],
})
export class ConversationArchiveModule {}

149
apps/api/src/conversation-archive/conversation-archive.service.spec.ts
View File

@@ -1,149 +0,0 @@
import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { ConflictException, NotFoundException } from "@nestjs/common";
import { ConversationArchiveService } from "./conversation-archive.service";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
const mockPrisma = {
conversationArchive: {
findUnique: vi.fn(),
create: vi.fn(),
count: vi.fn(),
findMany: vi.fn(),
findFirst: vi.fn(),
},
$queryRaw: vi.fn(),
$executeRaw: vi.fn(),
};
const mockEmbedding = {
isConfigured: vi.fn(),
generateEmbedding: vi.fn(),
};
describe("ConversationArchiveService", () => {
let service: ConversationArchiveService;
beforeEach(async () => {
vi.clearAllMocks();
const module: TestingModule = await Test.createTestingModule({
providers: [
ConversationArchiveService,
{ provide: PrismaService, useValue: mockPrisma },
{ provide: EmbeddingService, useValue: mockEmbedding },
],
}).compile();
service = module.get<ConversationArchiveService>(ConversationArchiveService);
});
describe("ingest", () => {
const workspaceId = "ws-1";
const dto = {
sessionId: "sess-abc",
agentId: "agent-xyz",
messages: [
{ role: "user", content: "Hello" },
{ role: "assistant", content: "Hi there!" },
],
summary: "A greeting conversation",
startedAt: "2026-02-28T10:00:00Z",
};
it("creates a conversation archive and returns id", async () => {
mockPrisma.conversationArchive.findUnique.mockResolvedValue(null);
mockPrisma.conversationArchive.create.mockResolvedValue({ id: "conv-1" });
mockEmbedding.isConfigured.mockReturnValue(false);
const result = await service.ingest(workspaceId, dto);
expect(result).toEqual({ id: "conv-1" });
expect(mockPrisma.conversationArchive.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
workspaceId,
sessionId: dto.sessionId,
agentId: dto.agentId,
messageCount: 2,
}),
})
);
});
it("throws ConflictException when session already exists", async () => {
mockPrisma.conversationArchive.findUnique.mockResolvedValue({ id: "existing" });
await expect(service.ingest(workspaceId, dto)).rejects.toThrow(ConflictException);
});
});
describe("findAll", () => {
const workspaceId = "ws-1";
it("returns paginated list", async () => {
mockPrisma.conversationArchive.count.mockResolvedValue(5);
mockPrisma.conversationArchive.findMany.mockResolvedValue([
{ id: "conv-1", sessionId: "sess-1" },
]);
const result = await service.findAll(workspaceId, { page: 1, limit: 10 });
expect(result.pagination.total).toBe(5);
expect(result.data).toHaveLength(1);
});
it("uses default pagination when not provided", async () => {
mockPrisma.conversationArchive.count.mockResolvedValue(0);
mockPrisma.conversationArchive.findMany.mockResolvedValue([]);
const result = await service.findAll(workspaceId, {});
expect(result.pagination.page).toBe(1);
expect(result.pagination.limit).toBe(20);
});
});
describe("findOne", () => {
const workspaceId = "ws-1";
it("returns record when found", async () => {
const record = { id: "conv-1", workspaceId, sessionId: "sess-1" };
mockPrisma.conversationArchive.findFirst.mockResolvedValue(record);
const result = await service.findOne(workspaceId, "conv-1");
expect(result).toEqual(record);
});
it("throws NotFoundException when record does not exist", async () => {
mockPrisma.conversationArchive.findFirst.mockResolvedValue(null);
await expect(service.findOne(workspaceId, "missing")).rejects.toThrow(NotFoundException);
});
});
describe("search", () => {
it("throws ConflictException when embedding is not configured", async () => {
mockEmbedding.isConfigured.mockReturnValue(false);
await expect(service.search("ws-1", { query: "test query" })).rejects.toThrow(
ConflictException
);
});
it("performs vector search when configured", async () => {
mockEmbedding.isConfigured.mockReturnValue(true);
mockEmbedding.generateEmbedding.mockResolvedValue(new Array(1536).fill(0.1));
mockPrisma.$queryRaw
.mockResolvedValueOnce([{ id: "conv-1", similarity: 0.9 }])
.mockResolvedValueOnce([{ count: BigInt(1) }]);
const result = await service.search("ws-1", { query: "greetings" });
expect(result.data).toHaveLength(1);
expect(result.pagination.total).toBe(1);
});
});
});

277
apps/api/src/conversation-archive/conversation-archive.service.ts
View File

@@ -1,277 +0,0 @@
import { Injectable, Logger, NotFoundException, ConflictException } from "@nestjs/common";
import { Prisma } from "@prisma/client";
import { EMBEDDING_DIMENSION } from "@mosaic/shared";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
import type { IngestConversationDto, SearchConversationDto, ListConversationsDto } from "./dto";
/**
* Shape of a raw conversation archive row from $queryRaw vector search
*/
interface RawConversationResult {
id: string;
workspace_id: string;
session_id: string;
agent_id: string;
messages: unknown;
message_count: number;
summary: string;
started_at: Date;
ended_at: Date | null;
metadata: unknown;
created_at: Date;
updated_at: Date;
similarity: number;
}
/**
* Paginated response wrapper
*/
export interface PaginatedConversations<T> {
data: T[];
pagination: {
page: number;
limit: number;
total: number;
totalPages: number;
};
}
@Injectable()
export class ConversationArchiveService {
private readonly logger = new Logger(ConversationArchiveService.name);
private readonly defaultSimilarityThreshold = 0.5;
constructor(
private readonly prisma: PrismaService,
private readonly embedding: EmbeddingService
) {}
/**
* Ingest a conversation session log.
* Generates a vector embedding from the summary + message content and stores it alongside the record.
*/
async ingest(workspaceId: string, dto: IngestConversationDto): Promise<{ id: string }> {
// Verify no duplicate session in this workspace
const existing = await this.prisma.conversationArchive.findUnique({
where: { workspaceId_sessionId: { workspaceId, sessionId: dto.sessionId } },
select: { id: true },
});
if (existing) {
throw new ConflictException(
`Conversation session '${dto.sessionId}' already exists in this workspace`
);
}
const messageCount = dto.messages.length;
// Create record first to get ID for embedding
const record = await this.prisma.conversationArchive.create({
data: {
workspaceId,
sessionId: dto.sessionId,
agentId: dto.agentId,
messages: dto.messages as unknown as Prisma.InputJsonValue,
messageCount,
summary: dto.summary,
startedAt: new Date(dto.startedAt),
endedAt: dto.endedAt ? new Date(dto.endedAt) : null,
metadata: (dto.metadata ?? {}) as Prisma.InputJsonValue,
},
select: { id: true },
});
// Generate and store embedding asynchronously (non-blocking for ingest)
if (this.embedding.isConfigured()) {
const textForEmbedding = this.buildEmbeddingText(dto.summary, dto.messages);
this.storeEmbedding(record.id, textForEmbedding).catch((err: unknown) => {
this.logger.error(`Failed to store embedding for conversation ${record.id}`, err);
});
}
this.logger.log(`Ingested conversation ${record.id} (session: ${dto.sessionId})`);
return { id: record.id };
}
/**
* Semantic vector search across conversation archives in a workspace.
*/
async search(
workspaceId: string,
dto: SearchConversationDto
): Promise<PaginatedConversations<RawConversationResult>> {
if (!this.embedding.isConfigured()) {
throw new ConflictException("Semantic search requires OpenAI API key to be configured");
}
const limit = dto.limit ?? 20;
const threshold = dto.similarityThreshold ?? this.defaultSimilarityThreshold;
const distanceThreshold = 1 - threshold;
const queryEmbedding = await this.embedding.generateEmbedding(dto.query);
const embeddingStr = `[${queryEmbedding.join(",")}]`;
const agentFilter = dto.agentId ? Prisma.sql`AND ca.agent_id = ${dto.agentId}` : Prisma.sql``;
const rows = await this.prisma.$queryRaw<RawConversationResult[]>`
SELECT
ca.id,
ca.workspace_id,
ca.session_id,
ca.agent_id,
ca.messages,
ca.message_count,
ca.summary,
ca.started_at,
ca.ended_at,
ca.metadata,
ca.created_at,
ca.updated_at,
(1 - (ca.embedding <=> ${embeddingStr}::vector(${EMBEDDING_DIMENSION}))) AS similarity
FROM conversation_archives ca
WHERE ca.workspace_id = ${workspaceId}::uuid
AND ca.embedding IS NOT NULL
AND (ca.embedding <=> ${embeddingStr}::vector(${EMBEDDING_DIMENSION})) <= ${distanceThreshold}
${agentFilter}
ORDER BY ca.embedding <=> ${embeddingStr}::vector(${EMBEDDING_DIMENSION})
LIMIT ${limit}
`;
const countResult = await this.prisma.$queryRaw<[{ count: bigint }]>`
SELECT COUNT(*) AS count
FROM conversation_archives ca
WHERE ca.workspace_id = ${workspaceId}::uuid
AND ca.embedding IS NOT NULL
AND (ca.embedding <=> ${embeddingStr}::vector(${EMBEDDING_DIMENSION})) <= ${distanceThreshold}
${agentFilter}
`;
const total = Number(countResult[0].count);
return {
data: rows,
pagination: {
page: 1,
limit,
total,
totalPages: Math.ceil(total / limit),
},
};
}
/**
* List conversation archives with filtering and pagination.
*/
async findAll(
workspaceId: string,
query: ListConversationsDto
): Promise<PaginatedConversations<object>> {
const page = query.page ?? 1;
const limit = query.limit ?? 20;
const skip = (page - 1) * limit;
const where: Prisma.ConversationArchiveWhereInput = {
workspaceId,
...(query.agentId ? { agentId: query.agentId } : {}),
...(query.startedAfter || query.startedBefore
? {
startedAt: {
...(query.startedAfter ? { gte: new Date(query.startedAfter) } : {}),
...(query.startedBefore ? { lte: new Date(query.startedBefore) } : {}),
},
}
: {}),
};
const [total, records] = await Promise.all([
this.prisma.conversationArchive.count({ where }),
this.prisma.conversationArchive.findMany({
where,
select: {
id: true,
workspaceId: true,
sessionId: true,
agentId: true,
messageCount: true,
summary: true,
startedAt: true,
endedAt: true,
metadata: true,
createdAt: true,
updatedAt: true,
},
orderBy: { startedAt: "desc" },
skip,
take: limit,
}),
]);
return {
data: records,
pagination: {
page,
limit,
total,
totalPages: Math.ceil(total / limit),
},
};
}
/**
* Get a single conversation archive by ID.
*/
async findOne(workspaceId: string, id: string): Promise<object> {
const record = await this.prisma.conversationArchive.findFirst({
where: { id, workspaceId },
select: {
id: true,
workspaceId: true,
sessionId: true,
agentId: true,
messages: true,
messageCount: true,
summary: true,
startedAt: true,
endedAt: true,
metadata: true,
createdAt: true,
updatedAt: true,
},
});
if (!record) {
throw new NotFoundException(`Conversation archive '${id}' not found`);
}
return record;
}
/**
* Build text content for embedding from summary and messages.
*/
private buildEmbeddingText(
summary: string,
messages: { role: string; content: string }[]
): string {
const messageText = messages.map((m) => `${m.role}: ${m.content}`).join("\n");
return `${summary}\n\n${messageText}`.trim();
}
/**
* Generate embedding and store it on the conversation_archives row.
*/
private async storeEmbedding(id: string, text: string): Promise<void> {
const vector = await this.embedding.generateEmbedding(text);
const embeddingStr = `[${vector.join(",")}]`;
await this.prisma.$executeRaw`
UPDATE conversation_archives
SET embedding = ${embeddingStr}::vector(${EMBEDDING_DIMENSION}),
updated_at = NOW()
WHERE id = ${id}::uuid
`;
this.logger.log(`Stored embedding for conversation ${id}`);
}
}

3
apps/api/src/conversation-archive/dto/index.ts
View File

@@ -1,3 +0,0 @@
export { IngestConversationDto, ConversationMessageDto } from "./ingest-conversation.dto";
export { SearchConversationDto } from "./search-conversation.dto";
export { ListConversationsDto } from "./list-conversations.dto";

64
apps/api/src/conversation-archive/dto/ingest-conversation.dto.ts
View File

@@ -1,64 +0,0 @@
import {
IsString,
IsArray,
IsOptional,
IsDateString,
MinLength,
MaxLength,
IsObject,
ValidateNested,
ArrayMinSize,
} from "class-validator";
import { Type } from "class-transformer";
/**
* Represents a single message in a conversation session
*/
export class ConversationMessageDto {
@IsString()
role!: string;
@IsString()
@MinLength(1)
content!: string;
@IsOptional()
@IsDateString()
timestamp?: string;
}
/**
* DTO for ingesting a conversation session log
*/
export class IngestConversationDto {
@IsString()
@MinLength(1)
@MaxLength(500)
sessionId!: string;
@IsString()
@MinLength(1)
@MaxLength(500)
agentId!: string;
@IsArray()
@ArrayMinSize(1)
@ValidateNested({ each: true })
@Type(() => ConversationMessageDto)
messages!: ConversationMessageDto[];
@IsString()
@MinLength(1)
summary!: string;
@IsDateString()
startedAt!: string;
@IsOptional()
@IsDateString()
endedAt?: string;
@IsOptional()
@IsObject()
metadata?: Record<string, unknown>;
}

33
apps/api/src/conversation-archive/dto/list-conversations.dto.ts
View File

@@ -1,33 +0,0 @@
import { IsString, IsOptional, MaxLength, IsInt, Min, Max, IsDateString } from "class-validator";
import { Type } from "class-transformer";
/**
* DTO for listing/filtering conversation archives
*/
export class ListConversationsDto {
@IsOptional()
@IsString()
@MaxLength(500)
agentId?: string;
@IsOptional()
@IsDateString()
startedAfter?: string;
@IsOptional()
@IsDateString()
startedBefore?: string;
@IsOptional()
@Type(() => Number)
@IsInt()
@Min(1)
page?: number;
@IsOptional()
@Type(() => Number)
@IsInt()
@Min(1)
@Max(100)
limit?: number;
}

40
apps/api/src/conversation-archive/dto/search-conversation.dto.ts
View File

@@ -1,40 +0,0 @@
import {
IsString,
IsOptional,
MinLength,
MaxLength,
IsInt,
Min,
Max,
IsNumber,
} from "class-validator";
import { Type } from "class-transformer";
/**
* DTO for semantic search across conversation archives
*/
export class SearchConversationDto {
@IsString()
@MinLength(1)
@MaxLength(1000)
query!: string;
@IsOptional()
@IsString()
@MaxLength(500)
agentId?: string;
@IsOptional()
@Type(() => Number)
@IsInt()
@Min(1)
@Max(100)
limit?: number;
@IsOptional()
@Type(() => Number)
@IsNumber()
@Min(0)
@Max(1)
similarityThreshold?: number;
}

2
apps/api/src/coordinator-integration/coordinator-integration.rate-limit.spec.ts
View File

@@ -245,7 +245,7 @@ describe("CoordinatorIntegrationController - Rate Limiting", () => {
.set("X-API-Key", "test-coordinator-key"); .set("X-API-Key", "test-coordinator-key");
expect(response.status).toBe(HttpStatus.TOO_MANY_REQUESTS); expect(response.status).toBe(HttpStatus.TOO_MANY_REQUESTS);
}, 30000); });
}); });
describe("Per-API-Key Rate Limiting", () => { describe("Per-API-Key Rate Limiting", () => {

33
apps/api/src/findings/dto/create-finding.dto.ts
View File

@@ -1,33 +0,0 @@
import { IsObject, IsOptional, IsString, IsUUID, MaxLength, MinLength } from "class-validator";
/**
* DTO for creating a finding
*/
export class CreateFindingDto {
@IsOptional()
@IsUUID("4", { message: "taskId must be a valid UUID" })
taskId?: string;
@IsString({ message: "agentId must be a string" })
@MinLength(1, { message: "agentId must not be empty" })
@MaxLength(255, { message: "agentId must not exceed 255 characters" })
agentId!: string;
@IsString({ message: "type must be a string" })
@MinLength(1, { message: "type must not be empty" })
@MaxLength(100, { message: "type must not exceed 100 characters" })
type!: string;
@IsString({ message: "title must be a string" })
@MinLength(1, { message: "title must not be empty" })
@MaxLength(255, { message: "title must not exceed 255 characters" })
title!: string;
@IsObject({ message: "data must be an object" })
data!: Record<string, unknown>;
@IsString({ message: "summary must be a string" })
@MinLength(1, { message: "summary must not be empty" })
@MaxLength(20000, { message: "summary must not exceed 20000 characters" })
summary!: string;
}

3
apps/api/src/findings/dto/index.ts
View File

@@ -1,3 +0,0 @@
export { CreateFindingDto } from "./create-finding.dto";
export { QueryFindingsDto } from "./query-findings.dto";
export { SearchFindingsDto } from "./search-findings.dto";

32
apps/api/src/findings/dto/query-findings.dto.ts
View File

@@ -1,32 +0,0 @@
import { Type } from "class-transformer";
import { IsInt, IsOptional, IsString, IsUUID, Max, Min } from "class-validator";
/**
* DTO for querying findings with filters and pagination
*/
export class QueryFindingsDto {
@IsOptional()
@Type(() => Number)
@IsInt({ message: "page must be an integer" })
@Min(1, { message: "page must be at least 1" })
page?: number;
@IsOptional()
@Type(() => Number)
@IsInt({ message: "limit must be an integer" })
@Min(1, { message: "limit must be at least 1" })
@Max(100, { message: "limit must not exceed 100" })
limit?: number;
@IsOptional()
@IsString({ message: "agentId must be a string" })
agentId?: string;
@IsOptional()
@IsString({ message: "type must be a string" })
type?: string;
@IsOptional()
@IsUUID("4", { message: "taskId must be a valid UUID" })
taskId?: string;
}

52
apps/api/src/findings/dto/search-findings.dto.ts
View File

@@ -1,52 +0,0 @@
import { Type } from "class-transformer";
import {
IsInt,
IsNumber,
IsOptional,
IsString,
IsUUID,
Max,
MaxLength,
Min,
} from "class-validator";
/**
* DTO for finding semantic similarity search
*/
export class SearchFindingsDto {
@IsString({ message: "query must be a string" })
@MaxLength(1000, { message: "query must not exceed 1000 characters" })
query!: string;
@IsOptional()
@Type(() => Number)
@IsInt({ message: "page must be an integer" })
@Min(1, { message: "page must be at least 1" })
page?: number;
@IsOptional()
@Type(() => Number)
@IsInt({ message: "limit must be an integer" })
@Min(1, { message: "limit must be at least 1" })
@Max(100, { message: "limit must not exceed 100" })
limit?: number;
@IsOptional()
@Type(() => Number)
@IsNumber({}, { message: "similarityThreshold must be a number" })
@Min(0, { message: "similarityThreshold must be at least 0" })
@Max(1, { message: "similarityThreshold must not exceed 1" })
similarityThreshold?: number;
@IsOptional()
@IsString({ message: "agentId must be a string" })
agentId?: string;
@IsOptional()
@IsString({ message: "type must be a string" })
type?: string;
@IsOptional()
@IsUUID("4", { message: "taskId must be a valid UUID" })
taskId?: string;
}

195
apps/api/src/findings/findings.controller.spec.ts
View File

@@ -1,195 +0,0 @@
import { Test, TestingModule } from "@nestjs/testing";
import { describe, it, expect, beforeEach, vi } from "vitest";
import { FindingsController } from "./findings.controller";
import { FindingsService } from "./findings.service";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { CreateFindingDto, QueryFindingsDto, SearchFindingsDto } from "./dto";
describe("FindingsController", () => {
let controller: FindingsController;
let service: FindingsService;
const mockFindingsService = {
create: vi.fn(),
findAll: vi.fn(),
findOne: vi.fn(),
search: vi.fn(),
remove: vi.fn(),
};
const mockAuthGuard = {
canActivate: vi.fn(() => true),
};
const mockWorkspaceGuard = {
canActivate: vi.fn(() => true),
};
const mockPermissionGuard = {
canActivate: vi.fn(() => true),
};
const workspaceId = "550e8400-e29b-41d4-a716-446655440001";
const findingId = "550e8400-e29b-41d4-a716-446655440002";
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [FindingsController],
providers: [
{
provide: FindingsService,
useValue: mockFindingsService,
},
],
})
.overrideGuard(AuthGuard)
.useValue(mockAuthGuard)
.overrideGuard(WorkspaceGuard)
.useValue(mockWorkspaceGuard)
.overrideGuard(PermissionGuard)
.useValue(mockPermissionGuard)
.compile();
controller = module.get<FindingsController>(FindingsController);
service = module.get<FindingsService>(FindingsService);
vi.clearAllMocks();
});
it("should be defined", () => {
expect(controller).toBeDefined();
});
describe("create", () => {
it("should create a finding", async () => {
const createDto: CreateFindingDto = {
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
};
const createdFinding = {
id: findingId,
workspaceId,
taskId: null,
...createDto,
createdAt: new Date(),
updatedAt: new Date(),
};
mockFindingsService.create.mockResolvedValue(createdFinding);
const result = await controller.create(createDto, workspaceId);
expect(result).toEqual(createdFinding);
expect(service.create).toHaveBeenCalledWith(workspaceId, createDto);
});
});
describe("findAll", () => {
it("should return paginated findings", async () => {
const query: QueryFindingsDto = {
page: 1,
limit: 10,
type: "security",
};
const response = {
data: [],
meta: {
total: 0,
page: 1,
limit: 10,
totalPages: 0,
},
};
mockFindingsService.findAll.mockResolvedValue(response);
const result = await controller.findAll(query, workspaceId);
expect(result).toEqual(response);
expect(service.findAll).toHaveBeenCalledWith(workspaceId, query);
});
});
describe("findOne", () => {
it("should return a finding", async () => {
const finding = {
id: findingId,
workspaceId,
taskId: null,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
createdAt: new Date(),
updatedAt: new Date(),
};
mockFindingsService.findOne.mockResolvedValue(finding);
const result = await controller.findOne(findingId, workspaceId);
expect(result).toEqual(finding);
expect(service.findOne).toHaveBeenCalledWith(findingId, workspaceId);
});
});
describe("search", () => {
it("should perform semantic search", async () => {
const searchDto: SearchFindingsDto = {
query: "sql injection",
limit: 5,
};
const response = {
data: [
{
id: findingId,
workspaceId,
taskId: null,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
createdAt: new Date(),
updatedAt: new Date(),
score: 0.91,
},
],
meta: {
total: 1,
page: 1,
limit: 5,
totalPages: 1,
},
query: "sql injection",
};
mockFindingsService.search.mockResolvedValue(response);
const result = await controller.search(searchDto, workspaceId);
expect(result).toEqual(response);
expect(service.search).toHaveBeenCalledWith(workspaceId, searchDto);
});
});
describe("remove", () => {
it("should delete a finding", async () => {
const response = { message: "Finding deleted successfully" };
mockFindingsService.remove.mockResolvedValue(response);
const result = await controller.remove(findingId, workspaceId);
expect(result).toEqual(response);
expect(service.remove).toHaveBeenCalledWith(findingId, workspaceId);
});
});
});

81
apps/api/src/findings/findings.controller.ts
View File

@@ -1,81 +0,0 @@
import { Body, Controller, Delete, Get, Param, Post, Query, UseGuards } from "@nestjs/common";
import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { CreateFindingDto, QueryFindingsDto, SearchFindingsDto } from "./dto";
import {
FindingsService,
FindingsSearchResponse,
PaginatedFindingsResponse,
} from "./findings.service";
/**
* Controller for findings endpoints
* All endpoints require authentication and workspace context
*/
@Controller("findings")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class FindingsController {
constructor(private readonly findingsService: FindingsService) {}
/**
* POST /api/findings
* Create a new finding and embed its summary
* Requires: MEMBER role or higher
*/
@Post()
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create(@Body() createFindingDto: CreateFindingDto, @Workspace() workspaceId: string) {
return this.findingsService.create(workspaceId, createFindingDto);
}
/**
* GET /api/findings
* Get paginated findings with optional filters
* Requires: Any workspace member
*/
@Get()
@RequirePermission(Permission.WORKSPACE_ANY)
async findAll(
@Query() query: QueryFindingsDto,
@Workspace() workspaceId: string
): Promise<PaginatedFindingsResponse> {
return this.findingsService.findAll(workspaceId, query);
}
/**
* GET /api/findings/:id
* Get a single finding by ID
* Requires: Any workspace member
*/
@Get(":id")
@RequirePermission(Permission.WORKSPACE_ANY)
async findOne(@Param("id") id: string, @Workspace() workspaceId: string) {
return this.findingsService.findOne(id, workspaceId);
}
/**
* POST /api/findings/search
* Semantic search findings by vector similarity
* Requires: Any workspace member
*/
@Post("search")
@RequirePermission(Permission.WORKSPACE_ANY)
async search(
@Body() searchDto: SearchFindingsDto,
@Workspace() workspaceId: string
): Promise<FindingsSearchResponse> {
return this.findingsService.search(workspaceId, searchDto);
}
/**
* DELETE /api/findings/:id
* Delete a finding
* Requires: ADMIN role or higher
*/
@Delete(":id")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async remove(@Param("id") id: string, @Workspace() workspaceId: string) {
return this.findingsService.remove(id, workspaceId);
}
}

226
apps/api/src/findings/findings.integration.spec.ts
View File

@@ -1,226 +0,0 @@
import { beforeAll, beforeEach, describe, expect, it, afterAll, vi } from "vitest";
import { randomUUID as uuid } from "crypto";
import { Test, TestingModule } from "@nestjs/testing";
import { BadRequestException, NotFoundException } from "@nestjs/common";
import { PrismaClient, Prisma } from "@prisma/client";
import { FindingsService } from "./findings.service";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
const shouldRunDbIntegrationTests =
process.env.RUN_DB_TESTS === "true" && Boolean(process.env.DATABASE_URL);
const describeFn = shouldRunDbIntegrationTests ? describe : describe.skip;
const EMBEDDING_DIMENSION = 1536;
function vector(value: number): number[] {
return Array.from({ length: EMBEDDING_DIMENSION }, () => value);
}
function toVectorLiteral(input: number[]): string {
return `[${input.join(",")}]`;
}
describeFn("FindingsService Integration", () => {
let moduleRef: TestingModule;
let prisma: PrismaClient;
let service: FindingsService;
let workspaceId: string;
let ownerId: string;
let setupComplete = false;
const embeddingServiceMock = {
isConfigured: vi.fn(),
generateEmbedding: vi.fn(),
};
beforeAll(async () => {
prisma = new PrismaClient();
await prisma.$connect();
const workspace = await prisma.workspace.create({
data: {
name: `Findings Integration ${Date.now()}`,
owner: {
create: {
email: `findings-integration-${Date.now()}@example.com`,
name: "Findings Integration Owner",
},
},
},
});
workspaceId = workspace.id;
ownerId = workspace.ownerId;
moduleRef = await Test.createTestingModule({
providers: [
FindingsService,
{
provide: PrismaService,
useValue: prisma,
},
{
provide: EmbeddingService,
useValue: embeddingServiceMock,
},
],
}).compile();
service = moduleRef.get<FindingsService>(FindingsService);
setupComplete = true;
});
beforeEach(() => {
vi.clearAllMocks();
embeddingServiceMock.isConfigured.mockReturnValue(false);
});
afterAll(async () => {
if (!prisma) {
return;
}
if (workspaceId) {
await prisma.finding.deleteMany({ where: { workspaceId } });
await prisma.workspace.deleteMany({ where: { id: workspaceId } });
}
if (ownerId) {
await prisma.user.deleteMany({ where: { id: ownerId } });
}
if (moduleRef) {
await moduleRef.close();
}
await prisma.$disconnect();
});
it("creates, lists, fetches, and deletes findings", async () => {
if (!setupComplete) {
return;
}
const created = await service.create(workspaceId, {
agentId: "agent-findings-crud",
type: "security",
title: "Unescaped SQL fragment",
data: { severity: "high" },
summary: "Potential injection risk in dynamic query path.",
});
expect(created.id).toBeDefined();
expect(created.workspaceId).toBe(workspaceId);
expect(created.taskId).toBeNull();
const listed = await service.findAll(workspaceId, {
page: 1,
limit: 10,
agentId: "agent-findings-crud",
});
expect(listed.meta.total).toBeGreaterThanOrEqual(1);
expect(listed.data.some((row) => row.id === created.id)).toBe(true);
const found = await service.findOne(created.id, workspaceId);
expect(found.id).toBe(created.id);
expect(found.title).toBe("Unescaped SQL fragment");
await expect(service.findOne(created.id, uuid())).rejects.toThrow(NotFoundException);
await expect(service.remove(created.id, workspaceId)).resolves.toEqual({
message: "Finding deleted successfully",
});
await expect(service.findOne(created.id, workspaceId)).rejects.toThrow(NotFoundException);
});
it("rejects create when taskId does not exist in workspace", async () => {
if (!setupComplete) {
return;
}
await expect(
service.create(workspaceId, {
taskId: uuid(),
agentId: "agent-findings-missing-task",
type: "bug",
title: "Invalid task id",
data: { source: "integration-test" },
summary: "Should fail when task relation is not found.",
})
).rejects.toThrow(NotFoundException);
});
it("rejects vector search when embeddings are disabled", async () => {
if (!setupComplete) {
return;
}
embeddingServiceMock.isConfigured.mockReturnValue(false);
await expect(
service.search(workspaceId, {
query: "security issue",
})
).rejects.toThrow(BadRequestException);
});
it("searches findings by vector similarity with filters", async () => {
if (!setupComplete) {
return;
}
const near = vector(0.01);
const far = vector(0.9);
const matchedFinding = await prisma.finding.create({
data: {
workspaceId,
agentId: "agent-findings-search-a",
type: "incident",
title: "Authentication bypass",
data: { score: 0.9 } as Prisma.InputJsonValue,
summary: "Bypass risk found in login checks.",
},
});
const otherFinding = await prisma.finding.create({
data: {
workspaceId,
agentId: "agent-findings-search-b",
type: "incident",
title: "Retry timeout",
data: { score: 0.2 } as Prisma.InputJsonValue,
summary: "Timeout issue in downstream retries.",
},
});
await prisma.$executeRaw`
UPDATE findings
SET embedding = ${toVectorLiteral(near)}::vector(1536)
WHERE id = ${matchedFinding.id}::uuid
`;
await prisma.$executeRaw`
UPDATE findings
SET embedding = ${toVectorLiteral(far)}::vector(1536)
WHERE id = ${otherFinding.id}::uuid
`;
embeddingServiceMock.isConfigured.mockReturnValue(true);
embeddingServiceMock.generateEmbedding.mockResolvedValue(near);
const result = await service.search(workspaceId, {
query: "authentication bypass risk",
agentId: "agent-findings-search-a",
limit: 10,
similarityThreshold: 0,
});
expect(result.query).toBe("authentication bypass risk");
expect(result.meta.total).toBe(1);
expect(result.data).toHaveLength(1);
expect(result.data[0]?.id).toBe(matchedFinding.id);
expect(result.data[0]?.agentId).toBe("agent-findings-search-a");
expect(result.data.find((row) => row.id === otherFinding.id)).toBeUndefined();
});
});

14
apps/api/src/findings/findings.module.ts
View File

@@ -1,14 +0,0 @@
import { Module } from "@nestjs/common";
import { PrismaModule } from "../prisma/prisma.module";
import { AuthModule } from "../auth/auth.module";
import { KnowledgeModule } from "../knowledge/knowledge.module";
import { FindingsController } from "./findings.controller";
import { FindingsService } from "./findings.service";
@Module({
imports: [PrismaModule, AuthModule, KnowledgeModule],
controllers: [FindingsController],
providers: [FindingsService],
exports: [FindingsService],
})
export class FindingsModule {}

300
apps/api/src/findings/findings.service.spec.ts
View File

@@ -1,300 +0,0 @@
import { Test, TestingModule } from "@nestjs/testing";
import { describe, it, expect, beforeEach, vi } from "vitest";
import { BadRequestException, NotFoundException } from "@nestjs/common";
import { FindingsService } from "./findings.service";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
describe("FindingsService", () => {
let service: FindingsService;
let prisma: PrismaService;
let embeddingService: EmbeddingService;
const mockWorkspaceId = "550e8400-e29b-41d4-a716-446655440001";
const mockFindingId = "550e8400-e29b-41d4-a716-446655440002";
const mockTaskId = "550e8400-e29b-41d4-a716-446655440003";
const mockPrismaService = {
finding: {
create: vi.fn(),
findMany: vi.fn(),
findUnique: vi.fn(),
count: vi.fn(),
delete: vi.fn(),
},
agentTask: {
findUnique: vi.fn(),
},
$queryRaw: vi.fn(),
$executeRaw: vi.fn(),
};
const mockEmbeddingService = {
isConfigured: vi.fn(),
generateEmbedding: vi.fn(),
};
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
FindingsService,
{
provide: PrismaService,
useValue: mockPrismaService,
},
{
provide: EmbeddingService,
useValue: mockEmbeddingService,
},
],
}).compile();
service = module.get<FindingsService>(FindingsService);
prisma = module.get<PrismaService>(PrismaService);
embeddingService = module.get<EmbeddingService>(EmbeddingService);
vi.clearAllMocks();
});
it("should be defined", () => {
expect(service).toBeDefined();
});
describe("create", () => {
it("should create a finding and store embedding when configured", async () => {
const createDto = {
taskId: mockTaskId,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
};
const createdFinding = {
id: mockFindingId,
workspaceId: mockWorkspaceId,
...createDto,
createdAt: new Date(),
updatedAt: new Date(),
};
mockPrismaService.agentTask.findUnique.mockResolvedValue({
id: mockTaskId,
workspaceId: mockWorkspaceId,
});
mockPrismaService.finding.create.mockResolvedValue(createdFinding);
mockPrismaService.finding.findUnique.mockResolvedValue(createdFinding);
mockEmbeddingService.isConfigured.mockReturnValue(true);
mockEmbeddingService.generateEmbedding.mockResolvedValue([0.1, 0.2, 0.3]);
mockPrismaService.$executeRaw.mockResolvedValue(1);
const result = await service.create(mockWorkspaceId, createDto);
expect(result).toEqual(createdFinding);
expect(prisma.finding.create).toHaveBeenCalledWith({
data: expect.objectContaining({
workspaceId: mockWorkspaceId,
taskId: mockTaskId,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
}),
select: expect.any(Object),
});
expect(embeddingService.generateEmbedding).toHaveBeenCalledWith(createDto.summary);
expect(prisma.$executeRaw).toHaveBeenCalled();
});
it("should create a finding without embedding when not configured", async () => {
const createDto = {
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
};
const createdFinding = {
id: mockFindingId,
workspaceId: mockWorkspaceId,
taskId: null,
...createDto,
createdAt: new Date(),
updatedAt: new Date(),
};
mockPrismaService.finding.create.mockResolvedValue(createdFinding);
mockEmbeddingService.isConfigured.mockReturnValue(false);
const result = await service.create(mockWorkspaceId, createDto);
expect(result).toEqual(createdFinding);
expect(embeddingService.generateEmbedding).not.toHaveBeenCalled();
expect(prisma.$executeRaw).not.toHaveBeenCalled();
});
});
describe("findAll", () => {
it("should return paginated findings with filters", async () => {
const findings = [
{
id: mockFindingId,
workspaceId: mockWorkspaceId,
taskId: null,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
createdAt: new Date(),
updatedAt: new Date(),
},
];
mockPrismaService.finding.findMany.mockResolvedValue(findings);
mockPrismaService.finding.count.mockResolvedValue(1);
const result = await service.findAll(mockWorkspaceId, {
page: 1,
limit: 10,
type: "security",
agentId: "research-agent",
});
expect(result).toEqual({
data: findings,
meta: {
total: 1,
page: 1,
limit: 10,
totalPages: 1,
},
});
expect(prisma.finding.findMany).toHaveBeenCalledWith(
expect.objectContaining({
where: {
workspaceId: mockWorkspaceId,
type: "security",
agentId: "research-agent",
},
})
);
});
});
describe("findOne", () => {
it("should return a finding", async () => {
const finding = {
id: mockFindingId,
workspaceId: mockWorkspaceId,
taskId: null,
agentId: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
createdAt: new Date(),
updatedAt: new Date(),
};
mockPrismaService.finding.findUnique.mockResolvedValue(finding);
const result = await service.findOne(mockFindingId, mockWorkspaceId);
expect(result).toEqual(finding);
expect(prisma.finding.findUnique).toHaveBeenCalledWith({
where: {
id: mockFindingId,
workspaceId: mockWorkspaceId,
},
select: expect.any(Object),
});
});
it("should throw when finding does not exist", async () => {
mockPrismaService.finding.findUnique.mockResolvedValue(null);
await expect(service.findOne(mockFindingId, mockWorkspaceId)).rejects.toThrow(
NotFoundException
);
});
});
describe("search", () => {
it("should throw BadRequestException when embeddings are not configured", async () => {
mockEmbeddingService.isConfigured.mockReturnValue(false);
await expect(
service.search(mockWorkspaceId, {
query: "sql injection",
})
).rejects.toThrow(BadRequestException);
});
it("should return similarity-ranked search results", async () => {
mockEmbeddingService.isConfigured.mockReturnValue(true);
mockEmbeddingService.generateEmbedding.mockResolvedValue([0.1, 0.2, 0.3]);
mockPrismaService.$queryRaw
.mockResolvedValueOnce([
{
id: mockFindingId,
workspace_id: mockWorkspaceId,
task_id: null,
agent_id: "research-agent",
type: "security",
title: "SQL injection risk",
data: { severity: "high" },
summary: "Potential SQL injection in search endpoint.",
created_at: new Date(),
updated_at: new Date(),
score: 0.91,
},
])
.mockResolvedValueOnce([{ count: BigInt(1) }]);
const result = await service.search(mockWorkspaceId, {
query: "sql injection",
page: 1,
limit: 5,
similarityThreshold: 0.5,
});
expect(result.query).toBe("sql injection");
expect(result.data).toHaveLength(1);
expect(result.data[0].score).toBe(0.91);
expect(result.meta.total).toBe(1);
expect(prisma.$queryRaw).toHaveBeenCalledTimes(2);
});
});
describe("remove", () => {
it("should delete a finding", async () => {
mockPrismaService.finding.findUnique.mockResolvedValue({
id: mockFindingId,
workspaceId: mockWorkspaceId,
});
mockPrismaService.finding.delete.mockResolvedValue({
id: mockFindingId,
});
const result = await service.remove(mockFindingId, mockWorkspaceId);
expect(result).toEqual({ message: "Finding deleted successfully" });
expect(prisma.finding.delete).toHaveBeenCalledWith({
where: {
id: mockFindingId,
workspaceId: mockWorkspaceId,
},
});
});
it("should throw when finding does not exist", async () => {
mockPrismaService.finding.findUnique.mockResolvedValue(null);
await expect(service.remove(mockFindingId, mockWorkspaceId)).rejects.toThrow(
NotFoundException
);
});
});
});

337
apps/api/src/findings/findings.service.ts
View File

@@ -1,337 +0,0 @@
import { BadRequestException, Injectable, Logger, NotFoundException } from "@nestjs/common";
import { Prisma } from "@prisma/client";
import { PrismaService } from "../prisma/prisma.service";
import { EmbeddingService } from "../knowledge/services/embedding.service";
import type { CreateFindingDto, QueryFindingsDto, SearchFindingsDto } from "./dto";
const findingSelect = {
id: true,
workspaceId: true,
taskId: true,
agentId: true,
type: true,
title: true,
data: true,
summary: true,
createdAt: true,
updatedAt: true,
} satisfies Prisma.FindingSelect;
type FindingRecord = Prisma.FindingGetPayload<{ select: typeof findingSelect }>;
interface RawFindingSearchResult {
id: string;
workspace_id: string;
task_id: string | null;
agent_id: string;
type: string;
title: string;
data: Prisma.JsonValue;
summary: string;
created_at: Date;
updated_at: Date;
score: number;
}
export interface FindingSearchResult extends FindingRecord {
score: number;
}
interface PaginatedMeta {
total: number;
page: number;
limit: number;
totalPages: number;
}
export interface PaginatedFindingsResponse {
data: FindingRecord[];
meta: PaginatedMeta;
}
export interface FindingsSearchResponse {
data: FindingSearchResult[];
meta: PaginatedMeta;
query: string;
similarityThreshold: number;
}
/**
* Service for managing structured findings with vector search support
*/
@Injectable()
export class FindingsService {
private readonly logger = new Logger(FindingsService.name);
private readonly defaultSimilarityThreshold: number;
constructor(
private readonly prisma: PrismaService,
private readonly embeddingService: EmbeddingService
) {
const parsedThreshold = Number.parseFloat(process.env.FINDINGS_SIMILARITY_THRESHOLD ?? "0.5");
this.defaultSimilarityThreshold =
Number.isFinite(parsedThreshold) && parsedThreshold >= 0 && parsedThreshold <= 1
? parsedThreshold
: 0.5;
}
/**
* Create a finding and generate its embedding from the summary when available
*/
async create(workspaceId: string, createFindingDto: CreateFindingDto): Promise<FindingRecord> {
if (createFindingDto.taskId) {
const task = await this.prisma.agentTask.findUnique({
where: {
id: createFindingDto.taskId,
workspaceId,
},
select: { id: true },
});
if (!task) {
throw new NotFoundException(`Agent task with ID ${createFindingDto.taskId} not found`);
}
}
const createInput: Prisma.FindingUncheckedCreateInput = {
workspaceId,
agentId: createFindingDto.agentId,
type: createFindingDto.type,
title: createFindingDto.title,
data: createFindingDto.data as Prisma.InputJsonValue,
summary: createFindingDto.summary,
};
if (createFindingDto.taskId) {
createInput.taskId = createFindingDto.taskId;
}
const finding = await this.prisma.finding.create({
data: createInput,
select: findingSelect,
});
await this.generateAndStoreEmbedding(finding.id, workspaceId, finding.summary);
if (this.embeddingService.isConfigured()) {
return this.findOne(finding.id, workspaceId);
}
return finding;
}
/**
* Get paginated findings with optional filters
*/
async findAll(workspaceId: string, query: QueryFindingsDto): Promise<PaginatedFindingsResponse> {
const page = query.page ?? 1;
const limit = query.limit ?? 50;
const skip = (page - 1) * limit;
const where: Prisma.FindingWhereInput = {
workspaceId,
};
if (query.agentId) {
where.agentId = query.agentId;
}
if (query.type) {
where.type = query.type;
}
if (query.taskId) {
where.taskId = query.taskId;
}
const [data, total] = await Promise.all([
this.prisma.finding.findMany({
where,
select: findingSelect,
orderBy: {
createdAt: "desc",
},
skip,
take: limit,
}),
this.prisma.finding.count({ where }),
]);
return {
data,
meta: {
total,
page,
limit,
totalPages: Math.ceil(total / limit),
},
};
}
/**
* Get a single finding by ID
*/
async findOne(id: string, workspaceId: string): Promise<FindingRecord> {
const finding = await this.prisma.finding.findUnique({
where: {
id,
workspaceId,
},
select: findingSelect,
});
if (!finding) {
throw new NotFoundException(`Finding with ID ${id} not found`);
}
return finding;
}
/**
* Semantic search findings using vector similarity
*/
async search(workspaceId: string, searchDto: SearchFindingsDto): Promise<FindingsSearchResponse> {
if (!this.embeddingService.isConfigured()) {
throw new BadRequestException(
"Finding vector search requires OPENAI_API_KEY to be configured"
);
}
const page = searchDto.page ?? 1;
const limit = searchDto.limit ?? 20;
const offset = (page - 1) * limit;
const similarityThreshold = searchDto.similarityThreshold ?? this.defaultSimilarityThreshold;
const distanceThreshold = 1 - similarityThreshold;
const queryEmbedding = await this.embeddingService.generateEmbedding(searchDto.query);
const embeddingString = `[${queryEmbedding.join(",")}]`;
const agentFilter = searchDto.agentId
? Prisma.sql`AND f.agent_id = ${searchDto.agentId}`
: Prisma.sql``;
const typeFilter = searchDto.type ? Prisma.sql`AND f.type = ${searchDto.type}` : Prisma.sql``;
const taskFilter = searchDto.taskId
? Prisma.sql`AND f.task_id = ${searchDto.taskId}::uuid`
: Prisma.sql``;
const searchResults = await this.prisma.$queryRaw<RawFindingSearchResult[]>`
SELECT
f.id,
f.workspace_id,
f.task_id,
f.agent_id,
f.type,
f.title,
f.data,
f.summary,
f.created_at,
f.updated_at,
(1 - (f.embedding <=> ${embeddingString}::vector)) AS score
FROM findings f
WHERE f.workspace_id = ${workspaceId}::uuid
AND f.embedding IS NOT NULL
${agentFilter}
${typeFilter}
${taskFilter}
AND (f.embedding <=> ${embeddingString}::vector) <= ${distanceThreshold}
ORDER BY f.embedding <=> ${embeddingString}::vector
LIMIT ${limit}
OFFSET ${offset}
`;
const countResult = await this.prisma.$queryRaw<[{ count: bigint }]>`
SELECT COUNT(*) as count
FROM findings f
WHERE f.workspace_id = ${workspaceId}::uuid
AND f.embedding IS NOT NULL
${agentFilter}
${typeFilter}
${taskFilter}
AND (f.embedding <=> ${embeddingString}::vector) <= ${distanceThreshold}
`;
const total = Number(countResult[0].count);
const data: FindingSearchResult[] = searchResults.map((row) => ({
id: row.id,
workspaceId: row.workspace_id,
taskId: row.task_id,
agentId: row.agent_id,
type: row.type,
title: row.title,
data: row.data,
summary: row.summary,
createdAt: row.created_at,
updatedAt: row.updated_at,
score: row.score,
}));
return {
data,
meta: {
total,
page,
limit,
totalPages: Math.ceil(total / limit),
},
query: searchDto.query,
similarityThreshold,
};
}
/**
* Delete a finding
*/
async remove(id: string, workspaceId: string): Promise<{ message: string }> {
const existingFinding = await this.prisma.finding.findUnique({
where: {
id,
workspaceId,
},
select: { id: true },
});
if (!existingFinding) {
throw new NotFoundException(`Finding with ID ${id} not found`);
}
await this.prisma.finding.delete({
where: {
id,
workspaceId,
},
});
return { message: "Finding deleted successfully" };
}
/**
* Generate and persist embedding for a finding summary
*/
private async generateAndStoreEmbedding(
findingId: string,
workspaceId: string,
summary: string
): Promise<void> {
if (!this.embeddingService.isConfigured()) {
return;
}
try {
const embedding = await this.embeddingService.generateEmbedding(summary);
const embeddingString = `[${embedding.join(",")}]`;
await this.prisma.$executeRaw`
UPDATE findings
SET embedding = ${embeddingString}::vector,
updated_at = NOW()
WHERE id = ${findingId}::uuid
AND workspace_id = ${workspaceId}::uuid
`;
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
this.logger.warn(`Failed to generate embedding for finding ${findingId}: ${message}`);
}
}
}

89
apps/api/src/import/dto/import-project.dto.ts
View File

@@ -1,89 +0,0 @@
import { IsNumber, IsOptional, IsString, MaxLength, MinLength } from "class-validator";
/**
* DTO for a single jarvis-brain project record.
* This matches the project object shape consumed by scripts/migrate-brain.ts.
*/
export class ImportProjectDto {
@IsString({ message: "id must be a string" })
@MinLength(1, { message: "id must not be empty" })
@MaxLength(255, { message: "id must not exceed 255 characters" })
id!: string;
@IsString({ message: "name must be a string" })
@MinLength(1, { message: "name must not be empty" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name!: string;
@IsOptional()
@IsString({ message: "description must be a string" })
description?: string | null;
@IsOptional()
@IsString({ message: "domain must be a string" })
domain?: string | null;
@IsOptional()
@IsString({ message: "status must be a string" })
status?: string | null;
// jarvis-brain project priority can be a number, string, or null
@IsOptional()
priority?: number | string | null;
@IsOptional()
@IsNumber({}, { message: "progress must be a number" })
progress?: number | null;
@IsOptional()
@IsString({ message: "repo must be a string" })
repo?: string | null;
@IsOptional()
@IsString({ message: "branch must be a string" })
branch?: string | null;
@IsOptional()
@IsString({ message: "current_milestone must be a string" })
current_milestone?: string | null;
@IsOptional()
@IsString({ message: "next_milestone must be a string" })
next_milestone?: string | null;
@IsOptional()
@IsString({ message: "blocker must be a string" })
blocker?: string | null;
@IsOptional()
@IsString({ message: "owner must be a string" })
owner?: string | null;
@IsOptional()
@IsString({ message: "docs_path must be a string" })
docs_path?: string | null;
@IsOptional()
@IsString({ message: "created must be a string" })
created?: string | null;
@IsOptional()
@IsString({ message: "updated must be a string" })
updated?: string | null;
@IsOptional()
@IsString({ message: "target_date must be a string" })
target_date?: string | null;
@IsOptional()
@IsString({ message: "notes must be a string" })
notes?: string | null;
@IsOptional()
@IsString({ message: "notes_nontechnical must be a string" })
notes_nontechnical?: string | null;
@IsOptional()
@IsString({ message: "parent must be a string" })
parent?: string | null;
}

5
apps/api/src/import/dto/import-response.dto.ts
View File

@@ -1,5 +0,0 @@
export interface ImportResponseDto {
imported: number;
skipped: number;
errors: string[];
}

76
apps/api/src/import/dto/import-task.dto.ts
View File

@@ -1,76 +0,0 @@
import { IsArray, IsNumber, IsOptional, IsString, MaxLength, MinLength } from "class-validator";
/**
* DTO for a single jarvis-brain task record.
* This matches the task object shape consumed by scripts/migrate-brain.ts.
*/
export class ImportTaskDto {
@IsString({ message: "id must be a string" })
@MinLength(1, { message: "id must not be empty" })
@MaxLength(255, { message: "id must not exceed 255 characters" })
id!: string;
@IsString({ message: "title must be a string" })
@MinLength(1, { message: "title must not be empty" })
@MaxLength(255, { message: "title must not exceed 255 characters" })
title!: string;
@IsOptional()
@IsString({ message: "domain must be a string" })
domain?: string | null;
@IsOptional()
@IsString({ message: "project must be a string" })
project?: string | null;
@IsOptional()
@IsArray({ message: "related must be an array" })
@IsString({ each: true, message: "related items must be strings" })
related?: string[];
@IsOptional()
@IsString({ message: "priority must be a string" })
priority?: string | null;
@IsOptional()
@IsString({ message: "status must be a string" })
status?: string | null;
@IsOptional()
@IsNumber({}, { message: "progress must be a number" })
progress?: number | null;
@IsOptional()
@IsString({ message: "due must be a string" })
due?: string | null;
@IsOptional()
@IsArray({ message: "blocks must be an array" })
@IsString({ each: true, message: "blocks items must be strings" })
blocks?: string[];
@IsOptional()
@IsArray({ message: "blocked_by must be an array" })
@IsString({ each: true, message: "blocked_by items must be strings" })
blocked_by?: string[];
@IsOptional()
@IsString({ message: "assignee must be a string" })
assignee?: string | null;
@IsOptional()
@IsString({ message: "created must be a string" })
created?: string | null;
@IsOptional()
@IsString({ message: "updated must be a string" })
updated?: string | null;
@IsOptional()
@IsString({ message: "notes must be a string" })
notes?: string | null;
@IsOptional()
@IsString({ message: "notes_nontechnical must be a string" })
notes_nontechnical?: string | null;
}

3
apps/api/src/import/dto/index.ts
View File

@@ -1,3 +0,0 @@
export { ImportTaskDto } from "./import-task.dto";
export { ImportProjectDto } from "./import-project.dto";
export type { ImportResponseDto } from "./import-response.dto";

33
apps/api/src/import/import.controller.ts
View File

@@ -1,33 +0,0 @@
import { Body, Controller, ParseArrayPipe, Post, UseGuards } from "@nestjs/common";
import type { AuthUser } from "@mosaic/shared";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
import { AdminGuard } from "../auth/guards/admin.guard";
import { AuthGuard } from "../auth/guards/auth.guard";
import { Workspace } from "../common/decorators";
import { WorkspaceGuard } from "../common/guards";
import { ImportProjectDto, type ImportResponseDto, ImportTaskDto } from "./dto";
import { ImportService } from "./import.service";
@Controller("import")
@UseGuards(AuthGuard, WorkspaceGuard, AdminGuard)
export class ImportController {
constructor(private readonly importService: ImportService) {}
@Post("tasks")
async importTasks(
@Body(new ParseArrayPipe({ items: ImportTaskDto })) taskPayload: ImportTaskDto[],
@Workspace() workspaceId: string,
@CurrentUser() user: AuthUser
): Promise<ImportResponseDto> {
return this.importService.importTasks(workspaceId, user.id, taskPayload);
}
@Post("projects")
async importProjects(
@Body(new ParseArrayPipe({ items: ImportProjectDto })) projectPayload: ImportProjectDto[],
@Workspace() workspaceId: string,
@CurrentUser() user: AuthUser
): Promise<ImportResponseDto> {
return this.importService.importProjects(workspaceId, user.id, projectPayload);
}
}

13
apps/api/src/import/import.module.ts
View File

@@ -1,13 +0,0 @@
import { Module } from "@nestjs/common";
import { AuthModule } from "../auth/auth.module";
import { PrismaModule } from "../prisma/prisma.module";
import { ImportController } from "./import.controller";
import { ImportService } from "./import.service";
@Module({
imports: [PrismaModule, AuthModule],
controllers: [ImportController],
providers: [ImportService],
exports: [ImportService],
})
export class ImportModule {}

251
apps/api/src/import/import.service.spec.ts
View File

@@ -1,251 +0,0 @@
import { beforeEach, describe, expect, it, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing";
import { ProjectStatus, TaskPriority, TaskStatus } from "@prisma/client";
import { ImportService } from "./import.service";
import { PrismaService } from "../prisma/prisma.service";
describe("ImportService", () => {
let service: ImportService;
const mockPrismaService = {
withWorkspaceContext: vi.fn(),
domain: {
findUnique: vi.fn(),
create: vi.fn(),
},
project: {
findFirst: vi.fn(),
create: vi.fn(),
},
task: {
findFirst: vi.fn(),
create: vi.fn(),
},
};
const workspaceId = "550e8400-e29b-41d4-a716-446655440001";
const userId = "550e8400-e29b-41d4-a716-446655440002";
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
ImportService,
{
provide: PrismaService,
useValue: mockPrismaService,
},
],
}).compile();
service = module.get<ImportService>(ImportService);
vi.clearAllMocks();
mockPrismaService.withWorkspaceContext.mockImplementation(
async (_userId: string, _workspaceId: string, fn: (client: unknown) => Promise<unknown>) => {
return fn(mockPrismaService);
}
);
});
it("should be defined", () => {
expect(service).toBeDefined();
});
describe("importTasks", () => {
it("maps status/priority/domain and imports a task", async () => {
mockPrismaService.task.findFirst.mockResolvedValue(null);
mockPrismaService.domain.findUnique.mockResolvedValue(null);
mockPrismaService.domain.create.mockResolvedValue({ id: "domain-id" });
mockPrismaService.project.findFirst.mockResolvedValue(null);
mockPrismaService.task.create.mockResolvedValue({ id: "task-id" });
const result = await service.importTasks(workspaceId, userId, [
{
id: "task-1",
title: "Import me",
domain: "Platform Ops",
status: "in-progress",
priority: "critical",
project: null,
related: [],
blocks: [],
blocked_by: [],
progress: 42,
due: "2026-03-15",
created: "2026-03-01T10:00:00.000Z",
updated: "2026-03-05T12:00:00.000Z",
assignee: null,
notes: "notes",
notes_nontechnical: "non technical",
},
]);
expect(result).toEqual({ imported: 1, skipped: 0, errors: [] });
expect(mockPrismaService.task.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
title: "Import me",
status: TaskStatus.IN_PROGRESS,
priority: TaskPriority.HIGH,
domainId: "domain-id",
}),
})
);
});
it("skips existing task by brainId", async () => {
mockPrismaService.task.findFirst.mockResolvedValue({ id: "existing-task-id" });
const result = await service.importTasks(workspaceId, userId, [
{
id: "task-1",
title: "Existing",
domain: null,
status: "pending",
priority: "medium",
project: null,
related: [],
blocks: [],
blocked_by: [],
progress: null,
due: null,
created: null,
updated: null,
assignee: null,
notes: null,
notes_nontechnical: null,
},
]);
expect(result.imported).toBe(0);
expect(result.skipped).toBe(1);
expect(mockPrismaService.task.create).not.toHaveBeenCalled();
});
it("collects mapping/missing-project errors while importing", async () => {
mockPrismaService.task.findFirst.mockResolvedValue(null);
mockPrismaService.project.findFirst.mockResolvedValue(null);
mockPrismaService.task.create.mockResolvedValue({ id: "task-id" });
const result = await service.importTasks(workspaceId, userId, [
{
id: "task-1",
title: "Needs project",
domain: null,
status: "mystery-status",
priority: "mystery-priority",
project: "brain-project-1",
related: [],
blocks: [],
blocked_by: [],
progress: null,
due: null,
created: null,
updated: null,
assignee: null,
notes: null,
notes_nontechnical: null,
},
]);
expect(result.imported).toBe(1);
expect(result.errors).toEqual(
expect.arrayContaining([
expect.stringContaining('Unknown task status "mystery-status"'),
expect.stringContaining('Unknown task priority "mystery-priority"'),
expect.stringContaining('referenced project "brain-project-1" not found'),
])
);
expect(mockPrismaService.task.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
status: TaskStatus.NOT_STARTED,
priority: TaskPriority.MEDIUM,
projectId: null,
}),
})
);
});
});
describe("importProjects", () => {
it("maps status/domain and imports a project", async () => {
mockPrismaService.project.findFirst.mockResolvedValue(null);
mockPrismaService.domain.findUnique.mockResolvedValue(null);
mockPrismaService.domain.create.mockResolvedValue({ id: "domain-id" });
mockPrismaService.project.create.mockResolvedValue({ id: "project-id" });
const result = await service.importProjects(workspaceId, userId, [
{
id: "project-1",
name: "Project One",
description: "desc",
domain: "Backend",
status: "in-progress",
priority: "high",
progress: 50,
repo: "git@example.com/repo",
branch: "main",
current_milestone: "MS21",
next_milestone: "MS22",
blocker: null,
owner: "owner",
docs_path: "docs/PRD.md",
created: "2026-03-01",
updated: "2026-03-05",
target_date: "2026-04-01",
notes: "notes",
notes_nontechnical: "non tech",
parent: null,
},
]);
expect(result).toEqual({ imported: 1, skipped: 0, errors: [] });
expect(mockPrismaService.project.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
name: "Project One",
status: ProjectStatus.ACTIVE,
domainId: "domain-id",
}),
})
);
});
it("captures create failures as errors", async () => {
mockPrismaService.project.findFirst.mockResolvedValue(null);
mockPrismaService.project.create.mockRejectedValue(new Error("db failed"));
const result = await service.importProjects(workspaceId, userId, [
{
id: "project-1",
name: "Project One",
description: null,
domain: null,
status: "planning",
priority: null,
progress: null,
repo: null,
branch: null,
current_milestone: null,
next_milestone: null,
blocker: null,
owner: null,
docs_path: null,
created: null,
updated: null,
target_date: null,
notes: null,
notes_nontechnical: null,
parent: null,
},
]);
expect(result.imported).toBe(0);
expect(result.skipped).toBe(1);
expect(result.errors).toEqual([
expect.stringContaining("project project-1: failed to import: db failed"),
]);
});
});
});

496
apps/api/src/import/import.service.ts
View File

@@ -1,496 +0,0 @@
import { Injectable } from "@nestjs/common";
import { Prisma, PrismaClient, ProjectStatus, TaskPriority, TaskStatus } from "@prisma/client";
import { PrismaService } from "../prisma/prisma.service";
import type { ImportProjectDto, ImportResponseDto, ImportTaskDto } from "./dto";
interface TaskStatusMapping {
status: TaskStatus;
issue: string | null;
}
interface TaskPriorityMapping {
priority: TaskPriority;
issue: string | null;
}
interface ProjectStatusMapping {
status: ProjectStatus;
issue: string | null;
}
@Injectable()
export class ImportService {
constructor(private readonly prisma: PrismaService) {}
async importTasks(
workspaceId: string,
userId: string,
taskPayload: ImportTaskDto[]
): Promise<ImportResponseDto> {
const errors: string[] = [];
let imported = 0;
let skipped = 0;
const importTimestamp = new Date().toISOString();
const seenBrainTaskIds = new Set<string>();
const domainIdBySlug = new Map<string, string>();
const projectIdByBrainId = new Map<string, string | null>();
await this.prisma.withWorkspaceContext(userId, workspaceId, async (tx: PrismaClient) => {
for (const [index, task] of taskPayload.entries()) {
const brainId = task.id.trim();
if (seenBrainTaskIds.has(brainId)) {
skipped += 1;
errors.push(`task ${brainId}: duplicate item in request body`);
continue;
}
seenBrainTaskIds.add(brainId);
try {
const existingTask = await tx.task.findFirst({
where: {
workspaceId,
metadata: {
path: ["brainId"],
equals: brainId,
},
},
select: { id: true },
});
if (existingTask) {
skipped += 1;
continue;
}
const mappedStatus = this.mapTaskStatus(task.status ?? null);
if (mappedStatus.issue) {
errors.push(`task ${brainId}: ${mappedStatus.issue}`);
}
const mappedPriority = this.mapTaskPriority(task.priority ?? null);
if (mappedPriority.issue) {
errors.push(`task ${brainId}: ${mappedPriority.issue}`);
}
const projectBrainId = task.project?.trim() ? task.project.trim() : null;
const projectId = await this.resolveProjectId(
tx,
workspaceId,
projectBrainId,
projectIdByBrainId,
brainId,
errors
);
const domainId = await this.resolveDomainId(
tx,
workspaceId,
task.domain ?? null,
importTimestamp,
domainIdBySlug
);
const createdAt =
this.normalizeDate(task.created ?? null, `task ${brainId}.created`, errors) ??
new Date();
const updatedAt =
this.normalizeDate(task.updated ?? null, `task ${brainId}.updated`, errors) ??
createdAt;
const dueDate = this.normalizeDate(task.due ?? null, `task ${brainId}.due`, errors);
const completedAt = mappedStatus.status === TaskStatus.COMPLETED ? updatedAt : null;
const metadata = this.asJsonValue({
source: "jarvis-brain",
brainId,
brainDomain: task.domain ?? null,
brainProjectId: projectBrainId,
rawStatus: task.status ?? null,
rawPriority: task.priority ?? null,
related: task.related ?? [],
blocks: task.blocks ?? [],
blockedBy: task.blocked_by ?? [],
assignee: task.assignee ?? null,
progress: task.progress ?? null,
notes: task.notes ?? null,
notesNonTechnical: task.notes_nontechnical ?? null,
importedAt: importTimestamp,
});
await tx.task.create({
data: {
workspaceId,
title: task.title,
description: task.notes ?? null,
status: mappedStatus.status,
priority: mappedPriority.priority,
dueDate,
creatorId: userId,
projectId,
domainId,
metadata,
createdAt,
updatedAt,
completedAt,
},
});
imported += 1;
} catch (error) {
skipped += 1;
errors.push(
`task ${brainId || `index-${String(index)}`}: failed to import: ${this.getErrorMessage(error)}`
);
}
}
});
return {
imported,
skipped,
errors,
};
}
async importProjects(
workspaceId: string,
userId: string,
projectPayload: ImportProjectDto[]
): Promise<ImportResponseDto> {
const errors: string[] = [];
let imported = 0;
let skipped = 0;
const importTimestamp = new Date().toISOString();
const seenBrainProjectIds = new Set<string>();
const domainIdBySlug = new Map<string, string>();
await this.prisma.withWorkspaceContext(userId, workspaceId, async (tx: PrismaClient) => {
for (const [index, project] of projectPayload.entries()) {
const brainId = project.id.trim();
if (seenBrainProjectIds.has(brainId)) {
skipped += 1;
errors.push(`project ${brainId}: duplicate item in request body`);
continue;
}
seenBrainProjectIds.add(brainId);
try {
const existingProject = await tx.project.findFirst({
where: {
workspaceId,
metadata: {
path: ["brainId"],
equals: brainId,
},
},
select: { id: true },
});
if (existingProject) {
skipped += 1;
continue;
}
const mappedStatus = this.mapProjectStatus(project.status ?? null);
if (mappedStatus.issue) {
errors.push(`project ${brainId}: ${mappedStatus.issue}`);
}
const domainId = await this.resolveDomainId(
tx,
workspaceId,
project.domain ?? null,
importTimestamp,
domainIdBySlug
);
const createdAt =
this.normalizeDate(project.created ?? null, `project ${brainId}.created`, errors) ??
new Date();
const updatedAt =
this.normalizeDate(project.updated ?? null, `project ${brainId}.updated`, errors) ??
createdAt;
const startDate = this.normalizeDate(
project.created ?? null,
`project ${brainId}.startDate`,
errors
);
const endDate = this.normalizeDate(
project.target_date ?? null,
`project ${brainId}.target_date`,
errors
);
const metadata = this.asJsonValue({
source: "jarvis-brain",
brainId,
brainDomain: project.domain ?? null,
rawStatus: project.status ?? null,
rawPriority: project.priority ?? null,
progress: project.progress ?? null,
repo: project.repo ?? null,
branch: project.branch ?? null,
currentMilestone: project.current_milestone ?? null,
nextMilestone: project.next_milestone ?? null,
blocker: project.blocker ?? null,
owner: project.owner ?? null,
docsPath: project.docs_path ?? null,
targetDate: project.target_date ?? null,
notes: project.notes ?? null,
notesNonTechnical: project.notes_nontechnical ?? null,
parent: project.parent ?? null,
importedAt: importTimestamp,
});
await tx.project.create({
data: {
workspaceId,
name: project.name,
description: project.description ?? null,
status: mappedStatus.status,
startDate,
endDate,
creatorId: userId,
domainId,
metadata,
createdAt,
updatedAt,
},
});
imported += 1;
} catch (error) {
skipped += 1;
errors.push(
`project ${brainId || `index-${String(index)}`}: failed to import: ${this.getErrorMessage(error)}`
);
}
}
});
return {
imported,
skipped,
errors,
};
}
private async resolveProjectId(
tx: PrismaClient,
workspaceId: string,
projectBrainId: string | null,
projectIdByBrainId: Map<string, string | null>,
taskBrainId: string,
errors: string[]
): Promise<string | null> {
if (!projectBrainId) {
return null;
}
if (projectIdByBrainId.has(projectBrainId)) {
return projectIdByBrainId.get(projectBrainId) ?? null;
}
const existingProject = await tx.project.findFirst({
where: {
workspaceId,
metadata: {
path: ["brainId"],
equals: projectBrainId,
},
},
select: { id: true },
});
if (!existingProject) {
projectIdByBrainId.set(projectBrainId, null);
errors.push(`task ${taskBrainId}: referenced project "${projectBrainId}" not found`);
return null;
}
projectIdByBrainId.set(projectBrainId, existingProject.id);
return existingProject.id;
}
private async resolveDomainId(
tx: PrismaClient,
workspaceId: string,
rawDomain: string | null,
importTimestamp: string,
domainIdBySlug: Map<string, string>
): Promise<string | null> {
const domainSlug = this.normalizeDomain(rawDomain);
if (!domainSlug) {
return null;
}
const cachedId = domainIdBySlug.get(domainSlug);
if (cachedId) {
return cachedId;
}
const existingDomain = await tx.domain.findUnique({
where: {
workspaceId_slug: {
workspaceId,
slug: domainSlug,
},
},
select: { id: true },
});
if (existingDomain) {
domainIdBySlug.set(domainSlug, existingDomain.id);
return existingDomain.id;
}
const trimmedDomainName = rawDomain?.trim();
const domainName =
trimmedDomainName && trimmedDomainName.length > 0 ? trimmedDomainName : domainSlug;
const createdDomain = await tx.domain.create({
data: {
workspaceId,
slug: domainSlug,
name: domainName,
metadata: this.asJsonValue({
source: "jarvis-brain",
brainId: domainName,
sourceValues: [domainName],
importedAt: importTimestamp,
}),
},
select: { id: true },
});
domainIdBySlug.set(domainSlug, createdDomain.id);
return createdDomain.id;
}
private normalizeKey(value: string | null | undefined): string {
return value?.trim().toLowerCase() ?? "";
}
private mapTaskStatus(rawStatus: string | null): TaskStatusMapping {
const statusKey = this.normalizeKey(rawStatus);
switch (statusKey) {
case "done":
return { status: TaskStatus.COMPLETED, issue: null };
case "in-progress":
return { status: TaskStatus.IN_PROGRESS, issue: null };
case "backlog":
case "pending":
case "scheduled":
case "not-started":
case "planned":
return { status: TaskStatus.NOT_STARTED, issue: null };
case "blocked":
case "on-hold":
return { status: TaskStatus.PAUSED, issue: null };
case "cancelled":
return { status: TaskStatus.ARCHIVED, issue: null };
default:
return {
status: TaskStatus.NOT_STARTED,
issue: `Unknown task status "${rawStatus ?? "null"}" mapped to NOT_STARTED`,
};
}
}
private mapTaskPriority(rawPriority: string | null): TaskPriorityMapping {
const priorityKey = this.normalizeKey(rawPriority);
switch (priorityKey) {
case "critical":
case "high":
return { priority: TaskPriority.HIGH, issue: null };
case "medium":
return { priority: TaskPriority.MEDIUM, issue: null };
case "low":
return { priority: TaskPriority.LOW, issue: null };
default:
return {
priority: TaskPriority.MEDIUM,
issue: `Unknown task priority "${rawPriority ?? "null"}" mapped to MEDIUM`,
};
}
}
private mapProjectStatus(rawStatus: string | null): ProjectStatusMapping {
const statusKey = this.normalizeKey(rawStatus);
switch (statusKey) {
case "active":
case "in-progress":
return { status: ProjectStatus.ACTIVE, issue: null };
case "backlog":
case "planning":
return { status: ProjectStatus.PLANNING, issue: null };
case "paused":
case "blocked":
return { status: ProjectStatus.PAUSED, issue: null };
case "archived":
case "maintenance":
return { status: ProjectStatus.ARCHIVED, issue: null };
default:
return {
status: ProjectStatus.PLANNING,
issue: `Unknown project status "${rawStatus ?? "null"}" mapped to PLANNING`,
};
}
}
private normalizeDomain(rawDomain: string | null | undefined): string | null {
if (!rawDomain) {
return null;
}
const trimmed = rawDomain.trim();
if (trimmed.length === 0) {
return null;
}
const slug = trimmed
.toLowerCase()
.replace(/[^a-z0-9]+/g, "-")
.replace(/^-+|-+$/g, "");
return slug.length > 0 ? slug : null;
}
private normalizeDate(rawValue: string | null, context: string, errors: string[]): Date | null {
if (!rawValue) {
return null;
}
const trimmed = rawValue.trim();
if (trimmed.length === 0) {
return null;
}
const value = /^\d{4}-\d{2}-\d{2}$/.test(trimmed) ? `${trimmed}T00:00:00.000Z` : trimmed;
const parsedDate = new Date(value);
if (Number.isNaN(parsedDate.getTime())) {
errors.push(`${context}: invalid date "${rawValue}"`);
return null;
}
return parsedDate;
}
private asJsonValue(value: Record<string, unknown>): Prisma.InputJsonValue {
return value as Prisma.InputJsonValue;
}
private getErrorMessage(error: unknown): string {
if (error instanceof Error) {
return error.message;
}
return String(error);
}
}

22
apps/api/src/knowledge/dto/entry-query.dto.ts
View File

@@ -1,6 +1,6 @@
import { IsOptional, IsEnum, IsString, IsInt, IsIn, Min, Max } from "class-validator"; import { IsOptional, IsEnum, IsString, IsInt, Min, Max } from "class-validator";
import { Type } from "class-transformer"; import { Type } from "class-transformer";
import { EntryStatus, Visibility } from "@prisma/client"; import { EntryStatus } from "@prisma/client";
/** /**
* DTO for querying knowledge entries (list endpoint) * DTO for querying knowledge entries (list endpoint)
@@ -10,28 +10,10 @@ export class EntryQueryDto {
@IsEnum(EntryStatus, { message: "status must be a valid EntryStatus" }) @IsEnum(EntryStatus, { message: "status must be a valid EntryStatus" })
status?: EntryStatus; status?: EntryStatus;
@IsOptional()
@IsEnum(Visibility, { message: "visibility must be a valid Visibility" })
visibility?: Visibility;
@IsOptional() @IsOptional()
@IsString({ message: "tag must be a string" }) @IsString({ message: "tag must be a string" })
tag?: string; tag?: string;
@IsOptional()
@IsString({ message: "search must be a string" })
search?: string;
@IsOptional()
@IsIn(["updatedAt", "createdAt", "title"], {
message: "sortBy must be updatedAt, createdAt, or title",
})
sortBy?: "updatedAt" | "createdAt" | "title";
@IsOptional()
@IsIn(["asc", "desc"], { message: "sortOrder must be asc or desc" })
sortOrder?: "asc" | "desc";
@IsOptional() @IsOptional()
@Type(() => Number) @Type(() => Number)
@IsInt({ message: "page must be an integer" }) @IsInt({ message: "page must be an integer" })

22
apps/api/src/knowledge/knowledge.service.ts
View File

@@ -48,10 +48,6 @@ export class KnowledgeService {
where.status = query.status; where.status = query.status;
} }
if (query.visibility) {
where.visibility = query.visibility;
}
if (query.tag) { if (query.tag) {
where.tags = { where.tags = {
some: { some: {
@@ -62,20 +58,6 @@ export class KnowledgeService {
}; };
} }
if (query.search) {
where.OR = [
{ title: { contains: query.search, mode: "insensitive" } },
{ content: { contains: query.search, mode: "insensitive" } },
];
}
// Build orderBy
const sortField = query.sortBy ?? "updatedAt";
const sortDirection = query.sortOrder ?? "desc";
const orderBy: Prisma.KnowledgeEntryOrderByWithRelationInput = {
[sortField]: sortDirection,
};
// Get total count // Get total count
const total = await this.prisma.knowledgeEntry.count({ where }); const total = await this.prisma.knowledgeEntry.count({ where });
@@ -89,7 +71,9 @@ export class KnowledgeService {
}, },
}, },
}, },
orderBy, orderBy: {
updatedAt: "desc",
},
skip, skip,
take: limit, take: limit,
}); });

69
apps/api/src/personalities/dto/create-personality.dto.ts
View File

@@ -1,38 +1,59 @@
import { FormalityLevel } from "@prisma/client"; import {
import { IsString, IsEnum, IsOptional, IsBoolean, MinLength, MaxLength } from "class-validator"; IsString,
IsOptional,
IsBoolean,
IsNumber,
IsInt,
IsUUID,
MinLength,
MaxLength,
Min,
Max,
} from "class-validator";
/** /**
* DTO for creating a new personality * DTO for creating a new personality/assistant configuration
* Field names match the frontend API contract from @mosaic/shared Personality type.
*/ */
export class CreatePersonalityDto { export class CreatePersonalityDto {
@IsString({ message: "name must be a string" }) @IsString()
@MinLength(1, { message: "name must not be empty" }) @MinLength(1)
@MaxLength(255, { message: "name must not exceed 255 characters" }) @MaxLength(100)
name!: string; name!: string; // unique identifier slug
@IsString()
@MinLength(1)
@MaxLength(200)
displayName!: string; // human-readable name
@IsOptional() @IsOptional()
@IsString({ message: "description must be a string" }) @IsString()
@MaxLength(2000, { message: "description must not exceed 2000 characters" }) @MaxLength(1000)
description?: string; description?: string;
@IsString({ message: "tone must be a string" }) @IsString()
@MinLength(1, { message: "tone must not be empty" }) @MinLength(10)
@MaxLength(100, { message: "tone must not exceed 100 characters" }) systemPrompt!: string;
tone!: string;
@IsEnum(FormalityLevel, { message: "formalityLevel must be a valid FormalityLevel" })
formalityLevel!: FormalityLevel;
@IsString({ message: "systemPromptTemplate must be a string" })
@MinLength(1, { message: "systemPromptTemplate must not be empty" })
systemPromptTemplate!: string;
@IsOptional() @IsOptional()
@IsBoolean({ message: "isDefault must be a boolean" }) @IsNumber()
@Min(0)
@Max(2)
temperature?: number; // null = use provider default
@IsOptional()
@IsInt()
@Min(1)
maxTokens?: number; // null = use provider default
@IsOptional()
@IsUUID("4")
llmProviderInstanceId?: string; // FK to LlmProviderInstance
@IsOptional()
@IsBoolean()
isDefault?: boolean; isDefault?: boolean;
@IsOptional() @IsOptional()
@IsBoolean({ message: "isActive must be a boolean" }) @IsBoolean()
isActive?: boolean; isEnabled?: boolean;
} }

1
apps/api/src/personalities/dto/index.ts
View File

@@ -1,3 +1,2 @@
export * from "./create-personality.dto"; export * from "./create-personality.dto";
export * from "./update-personality.dto"; export * from "./update-personality.dto";
export * from "./personality-query.dto";

12
apps/api/src/personalities/dto/personality-query.dto.ts
View File

@@ -1,12 +0,0 @@
import { IsBoolean, IsOptional } from "class-validator";
import { Transform } from "class-transformer";
/**
* DTO for querying/filtering personalities
*/
export class PersonalityQueryDto {
@IsOptional()
@IsBoolean({ message: "isActive must be a boolean" })
@Transform(({ value }) => value === "true" || value === true)
isActive?: boolean;
}

64
apps/api/src/personalities/dto/update-personality.dto.ts
View File

@@ -1,42 +1,62 @@
import { FormalityLevel } from "@prisma/client"; import {
import { IsString, IsEnum, IsOptional, IsBoolean, MinLength, MaxLength } from "class-validator"; IsString,
IsOptional,
IsBoolean,
IsNumber,
IsInt,
IsUUID,
MinLength,
MaxLength,
Min,
Max,
} from "class-validator";
/** /**
* DTO for updating an existing personality * DTO for updating an existing personality/assistant configuration
* All fields are optional; only provided fields are updated.
*/ */
export class UpdatePersonalityDto { export class UpdatePersonalityDto {
@IsOptional() @IsOptional()
@IsString({ message: "name must be a string" }) @IsString()
@MinLength(1, { message: "name must not be empty" }) @MinLength(1)
@MaxLength(255, { message: "name must not exceed 255 characters" }) @MaxLength(100)
name?: string; name?: string; // unique identifier slug
@IsOptional() @IsOptional()
@IsString({ message: "description must be a string" }) @IsString()
@MaxLength(2000, { message: "description must not exceed 2000 characters" }) @MinLength(1)
@MaxLength(200)
displayName?: string; // human-readable name
@IsOptional()
@IsString()
@MaxLength(1000)
description?: string; description?: string;
@IsOptional() @IsOptional()
@IsString({ message: "tone must be a string" }) @IsString()
@MinLength(1, { message: "tone must not be empty" }) @MinLength(10)
@MaxLength(100, { message: "tone must not exceed 100 characters" }) systemPrompt?: string;
tone?: string;
@IsOptional() @IsOptional()
@IsEnum(FormalityLevel, { message: "formalityLevel must be a valid FormalityLevel" }) @IsNumber()
formalityLevel?: FormalityLevel; @Min(0)
@Max(2)
temperature?: number; // null = use provider default
@IsOptional() @IsOptional()
@IsString({ message: "systemPromptTemplate must be a string" }) @IsInt()
@MinLength(1, { message: "systemPromptTemplate must not be empty" }) @Min(1)
systemPromptTemplate?: string; maxTokens?: number; // null = use provider default
@IsOptional() @IsOptional()
@IsBoolean({ message: "isDefault must be a boolean" }) @IsUUID("4")
llmProviderInstanceId?: string; // FK to LlmProviderInstance
@IsOptional()
@IsBoolean()
isDefault?: boolean; isDefault?: boolean;
@IsOptional() @IsOptional()
@IsBoolean({ message: "isActive must be a boolean" }) @IsBoolean()
isActive?: boolean; isEnabled?: boolean;
} }

36
apps/api/src/personalities/entities/personality.entity.ts
View File

@@ -1,24 +1,20 @@
import type { FormalityLevel } from "@prisma/client"; import type { Personality as PrismaPersonality } from "@prisma/client";
/** /**
* Personality response entity * Personality entity representing an assistant configuration
* Maps Prisma Personality fields to the frontend API contract.
*
* Field mapping (Prisma -> API):
* systemPrompt -> systemPromptTemplate
* isEnabled -> isActive
* (tone, formalityLevel are identical in both)
*/ */
export interface PersonalityResponse { export class Personality implements PrismaPersonality {
id: string; id!: string;
workspaceId: string; workspaceId!: string;
name: string; name!: string; // unique identifier slug
description: string | null; displayName!: string; // human-readable name
tone: string; description!: string | null;
formalityLevel: FormalityLevel; systemPrompt!: string;
systemPromptTemplate: string; temperature!: number | null; // null = use provider default
isDefault: boolean; maxTokens!: number | null; // null = use provider default
isActive: boolean; llmProviderInstanceId!: string | null; // FK to LlmProviderInstance
createdAt: Date; isDefault!: boolean;
updatedAt: Date; isEnabled!: boolean;
createdAt!: Date;
updatedAt!: Date;
} }

131
apps/api/src/personalities/personalities.controller.spec.ts
View File

@@ -2,32 +2,36 @@ import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing"; import { Test, TestingModule } from "@nestjs/testing";
import { PersonalitiesController } from "./personalities.controller"; import { PersonalitiesController } from "./personalities.controller";
import { PersonalitiesService } from "./personalities.service"; import { PersonalitiesService } from "./personalities.service";
import type { CreatePersonalityDto } from "./dto/create-personality.dto"; import { CreatePersonalityDto, UpdatePersonalityDto } from "./dto";
import type { UpdatePersonalityDto } from "./dto/update-personality.dto";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { FormalityLevel } from "@prisma/client";
describe("PersonalitiesController", () => { describe("PersonalitiesController", () => {
let controller: PersonalitiesController; let controller: PersonalitiesController;
let service: PersonalitiesService; let service: PersonalitiesService;
const mockWorkspaceId = "workspace-123"; const mockWorkspaceId = "workspace-123";
const mockUserId = "user-123";
const mockPersonalityId = "personality-123"; const mockPersonalityId = "personality-123";
/** API response shape (frontend field names) */
const mockPersonality = { const mockPersonality = {
id: mockPersonalityId, id: mockPersonalityId,
workspaceId: mockWorkspaceId, workspaceId: mockWorkspaceId,
name: "professional-assistant", name: "professional-assistant",
displayName: "Professional Assistant",
description: "A professional communication assistant", description: "A professional communication assistant",
tone: "professional", systemPrompt: "You are a professional assistant who helps with tasks.",
formalityLevel: FormalityLevel.FORMAL, temperature: 0.7,
systemPromptTemplate: "You are a professional assistant who helps with tasks.", maxTokens: 2000,
llmProviderInstanceId: "provider-123",
isDefault: true, isDefault: true,
isActive: true, isEnabled: true,
createdAt: new Date("2026-01-01"), createdAt: new Date(),
updatedAt: new Date("2026-01-01"), updatedAt: new Date(),
};
const mockRequest = {
user: { id: mockUserId },
workspaceId: mockWorkspaceId,
}; };
const mockPersonalitiesService = { const mockPersonalitiesService = {
@@ -53,54 +57,24 @@ describe("PersonalitiesController", () => {
}) })
.overrideGuard(AuthGuard) .overrideGuard(AuthGuard)
.useValue({ canActivate: () => true }) .useValue({ canActivate: () => true })
.overrideGuard(WorkspaceGuard)
.useValue({
canActivate: (ctx: {
switchToHttp: () => { getRequest: () => { workspaceId: string } };
}) => {
const req = ctx.switchToHttp().getRequest();
req.workspaceId = mockWorkspaceId;
return true;
},
})
.overrideGuard(PermissionGuard)
.useValue({ canActivate: () => true })
.compile(); .compile();
controller = module.get<PersonalitiesController>(PersonalitiesController); controller = module.get<PersonalitiesController>(PersonalitiesController);
service = module.get<PersonalitiesService>(PersonalitiesService); service = module.get<PersonalitiesService>(PersonalitiesService);
// Reset mocks
vi.clearAllMocks(); vi.clearAllMocks();
}); });
describe("findAll", () => { describe("findAll", () => {
it("should return success response with personalities list", async () => { it("should return all personalities", async () => {
const mockList = [mockPersonality]; const mockPersonalities = [mockPersonality];
mockPersonalitiesService.findAll.mockResolvedValue(mockList); mockPersonalitiesService.findAll.mockResolvedValue(mockPersonalities);
const result = await controller.findAll(mockWorkspaceId, {}); const result = await controller.findAll(mockRequest);
expect(result).toEqual({ success: true, data: mockList }); expect(result).toEqual(mockPersonalities);
expect(service.findAll).toHaveBeenCalledWith(mockWorkspaceId, {}); expect(service.findAll).toHaveBeenCalledWith(mockWorkspaceId);
});
it("should pass isActive query filter to service", async () => {
mockPersonalitiesService.findAll.mockResolvedValue([mockPersonality]);
await controller.findAll(mockWorkspaceId, { isActive: true });
expect(service.findAll).toHaveBeenCalledWith(mockWorkspaceId, { isActive: true });
});
});
describe("findDefault", () => {
it("should return the default personality", async () => {
mockPersonalitiesService.findDefault.mockResolvedValue(mockPersonality);
const result = await controller.findDefault(mockWorkspaceId);
expect(result).toEqual(mockPersonality);
expect(service.findDefault).toHaveBeenCalledWith(mockWorkspaceId);
}); });
}); });
@@ -108,29 +82,54 @@ describe("PersonalitiesController", () => {
it("should return a personality by id", async () => { it("should return a personality by id", async () => {
mockPersonalitiesService.findOne.mockResolvedValue(mockPersonality); mockPersonalitiesService.findOne.mockResolvedValue(mockPersonality);
const result = await controller.findOne(mockWorkspaceId, mockPersonalityId); const result = await controller.findOne(mockRequest, mockPersonalityId);
expect(result).toEqual(mockPersonality); expect(result).toEqual(mockPersonality);
expect(service.findOne).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId); expect(service.findOne).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId);
}); });
}); });
describe("findByName", () => {
it("should return a personality by name", async () => {
mockPersonalitiesService.findByName.mockResolvedValue(mockPersonality);
const result = await controller.findByName(mockRequest, "professional-assistant");
expect(result).toEqual(mockPersonality);
expect(service.findByName).toHaveBeenCalledWith(mockWorkspaceId, "professional-assistant");
});
});
describe("findDefault", () => {
it("should return the default personality", async () => {
mockPersonalitiesService.findDefault.mockResolvedValue(mockPersonality);
const result = await controller.findDefault(mockRequest);
expect(result).toEqual(mockPersonality);
expect(service.findDefault).toHaveBeenCalledWith(mockWorkspaceId);
});
});
describe("create", () => { describe("create", () => {
it("should create a new personality", async () => { it("should create a new personality", async () => {
const createDto: CreatePersonalityDto = { const createDto: CreatePersonalityDto = {
name: "casual-helper", name: "casual-helper",
displayName: "Casual Helper",
description: "A casual helper", description: "A casual helper",
tone: "casual", systemPrompt: "You are a casual assistant.",
formalityLevel: FormalityLevel.CASUAL, temperature: 0.8,
systemPromptTemplate: "You are a casual assistant.", maxTokens: 1500,
}; };
const created = { ...mockPersonality, ...createDto, isActive: true, isDefault: false }; mockPersonalitiesService.create.mockResolvedValue({
mockPersonalitiesService.create.mockResolvedValue(created); ...mockPersonality,
...createDto,
});
const result = await controller.create(mockWorkspaceId, createDto); const result = await controller.create(mockRequest, createDto);
expect(result).toMatchObject({ name: createDto.name, tone: createDto.tone }); expect(result).toMatchObject(createDto);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, createDto); expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, createDto);
}); });
}); });
@@ -139,13 +138,15 @@ describe("PersonalitiesController", () => {
it("should update a personality", async () => { it("should update a personality", async () => {
const updateDto: UpdatePersonalityDto = { const updateDto: UpdatePersonalityDto = {
description: "Updated description", description: "Updated description",
tone: "enthusiastic", temperature: 0.9,
}; };
const updated = { ...mockPersonality, ...updateDto }; mockPersonalitiesService.update.mockResolvedValue({
mockPersonalitiesService.update.mockResolvedValue(updated); ...mockPersonality,
...updateDto,
});
const result = await controller.update(mockWorkspaceId, mockPersonalityId, updateDto); const result = await controller.update(mockRequest, mockPersonalityId, updateDto);
expect(result).toMatchObject(updateDto); expect(result).toMatchObject(updateDto);
expect(service.update).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId, updateDto); expect(service.update).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId, updateDto);
@@ -156,7 +157,7 @@ describe("PersonalitiesController", () => {
it("should delete a personality", async () => { it("should delete a personality", async () => {
mockPersonalitiesService.delete.mockResolvedValue(undefined); mockPersonalitiesService.delete.mockResolvedValue(undefined);
await controller.delete(mockWorkspaceId, mockPersonalityId); await controller.delete(mockRequest, mockPersonalityId);
expect(service.delete).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId); expect(service.delete).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId);
}); });
@@ -164,10 +165,12 @@ describe("PersonalitiesController", () => {
describe("setDefault", () => { describe("setDefault", () => {
it("should set a personality as default", async () => { it("should set a personality as default", async () => {
const updated = { ...mockPersonality, isDefault: true }; mockPersonalitiesService.setDefault.mockResolvedValue({
mockPersonalitiesService.setDefault.mockResolvedValue(updated); ...mockPersonality,
isDefault: true,
});
const result = await controller.setDefault(mockWorkspaceId, mockPersonalityId); const result = await controller.setDefault(mockRequest, mockPersonalityId);
expect(result).toMatchObject({ isDefault: true }); expect(result).toMatchObject({ isDefault: true });
expect(service.setDefault).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId); expect(service.setDefault).toHaveBeenCalledWith(mockWorkspaceId, mockPersonalityId);

109
apps/api/src/personalities/personalities.controller.ts
View File

@@ -6,122 +6,105 @@ import {
Delete, Delete,
Body, Body,
Param, Param,
Query,
UseGuards, UseGuards,
Req,
HttpCode, HttpCode,
HttpStatus, HttpStatus,
} from "@nestjs/common"; } from "@nestjs/common";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { WorkspaceGuard, PermissionGuard } from "../common/guards";
import { Workspace, Permission, RequirePermission } from "../common/decorators";
import { PersonalitiesService } from "./personalities.service"; import { PersonalitiesService } from "./personalities.service";
import { CreatePersonalityDto } from "./dto/create-personality.dto"; import { CreatePersonalityDto, UpdatePersonalityDto } from "./dto";
import { UpdatePersonalityDto } from "./dto/update-personality.dto"; import { Personality } from "./entities/personality.entity";
import { PersonalityQueryDto } from "./dto/personality-query.dto";
import type { PersonalityResponse } from "./entities/personality.entity"; interface AuthenticatedRequest {
user: { id: string };
workspaceId: string;
}
/** /**
* Controller for personality CRUD endpoints. * Controller for managing personality/assistant configurations
* Route: /api/personalities
*
* Guards applied in order:
* 1. AuthGuard - verifies the user is authenticated
* 2. WorkspaceGuard - validates workspace access
* 3. PermissionGuard - checks role-based permissions
*/ */
@Controller("personalities") @Controller("personality")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard) @UseGuards(AuthGuard)
export class PersonalitiesController { export class PersonalitiesController {
constructor(private readonly personalitiesService: PersonalitiesService) {} constructor(private readonly personalitiesService: PersonalitiesService) {}
/** /**
* GET /api/personalities * List all personalities for the workspace
* List all personalities for the workspace.
* Supports ?isActive=true|false filter.
*/ */
@Get() @Get()
@RequirePermission(Permission.WORKSPACE_ANY) async findAll(@Req() req: AuthenticatedRequest): Promise<Personality[]> {
async findAll( return this.personalitiesService.findAll(req.workspaceId);
@Workspace() workspaceId: string,
@Query() query: PersonalityQueryDto
): Promise<{ success: true; data: PersonalityResponse[] }> {
const data = await this.personalitiesService.findAll(workspaceId, query);
return { success: true, data };
} }
/** /**
* GET /api/personalities/default * Get the default personality for the workspace
* Get the default personality for the workspace.
* Must be declared before :id to avoid route conflicts.
*/ */
@Get("default") @Get("default")
@RequirePermission(Permission.WORKSPACE_ANY) async findDefault(@Req() req: AuthenticatedRequest): Promise<Personality> {
async findDefault(@Workspace() workspaceId: string): Promise<PersonalityResponse> { return this.personalitiesService.findDefault(req.workspaceId);
return this.personalitiesService.findDefault(workspaceId);
} }
/** /**
* GET /api/personalities/:id * Get a personality by its unique name
* Get a single personality by ID. */
@Get("by-name/:name")
async findByName(
@Req() req: AuthenticatedRequest,
@Param("name") name: string
): Promise<Personality> {
return this.personalitiesService.findByName(req.workspaceId, name);
}
/**
* Get a personality by ID
*/ */
@Get(":id") @Get(":id")
@RequirePermission(Permission.WORKSPACE_ANY) async findOne(@Req() req: AuthenticatedRequest, @Param("id") id: string): Promise<Personality> {
async findOne( return this.personalitiesService.findOne(req.workspaceId, id);
@Workspace() workspaceId: string,
@Param("id") id: string
): Promise<PersonalityResponse> {
return this.personalitiesService.findOne(workspaceId, id);
} }
/** /**
* POST /api/personalities * Create a new personality
* Create a new personality.
*/ */
@Post() @Post()
@HttpCode(HttpStatus.CREATED) @HttpCode(HttpStatus.CREATED)
@RequirePermission(Permission.WORKSPACE_MEMBER)
async create( async create(
@Workspace() workspaceId: string, @Req() req: AuthenticatedRequest,
@Body() dto: CreatePersonalityDto @Body() dto: CreatePersonalityDto
): Promise<PersonalityResponse> { ): Promise<Personality> {
return this.personalitiesService.create(workspaceId, dto); return this.personalitiesService.create(req.workspaceId, dto);
} }
/** /**
* PATCH /api/personalities/:id * Update a personality
* Update an existing personality.
*/ */
@Patch(":id") @Patch(":id")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async update( async update(
@Workspace() workspaceId: string, @Req() req: AuthenticatedRequest,
@Param("id") id: string, @Param("id") id: string,
@Body() dto: UpdatePersonalityDto @Body() dto: UpdatePersonalityDto
): Promise<PersonalityResponse> { ): Promise<Personality> {
return this.personalitiesService.update(workspaceId, id, dto); return this.personalitiesService.update(req.workspaceId, id, dto);
} }
/** /**
* DELETE /api/personalities/:id * Delete a personality
* Delete a personality.
*/ */
@Delete(":id") @Delete(":id")
@HttpCode(HttpStatus.NO_CONTENT) @HttpCode(HttpStatus.NO_CONTENT)
@RequirePermission(Permission.WORKSPACE_MEMBER) async delete(@Req() req: AuthenticatedRequest, @Param("id") id: string): Promise<void> {
async delete(@Workspace() workspaceId: string, @Param("id") id: string): Promise<void> { return this.personalitiesService.delete(req.workspaceId, id);
return this.personalitiesService.delete(workspaceId, id);
} }
/** /**
* POST /api/personalities/:id/set-default * Set a personality as the default
* Convenience endpoint to set a personality as the default.
*/ */
@Post(":id/set-default") @Post(":id/set-default")
@RequirePermission(Permission.WORKSPACE_MEMBER)
async setDefault( async setDefault(
@Workspace() workspaceId: string, @Req() req: AuthenticatedRequest,
@Param("id") id: string @Param("id") id: string
): Promise<PersonalityResponse> { ): Promise<Personality> {
return this.personalitiesService.setDefault(workspaceId, id); return this.personalitiesService.setDefault(req.workspaceId, id);
} }
} }

246
apps/api/src/personalities/personalities.service.spec.ts
View File

@@ -2,10 +2,8 @@ import { describe, it, expect, beforeEach, vi } from "vitest";
import { Test, TestingModule } from "@nestjs/testing"; import { Test, TestingModule } from "@nestjs/testing";
import { PersonalitiesService } from "./personalities.service"; import { PersonalitiesService } from "./personalities.service";
import { PrismaService } from "../prisma/prisma.service"; import { PrismaService } from "../prisma/prisma.service";
import type { CreatePersonalityDto } from "./dto/create-personality.dto"; import { CreatePersonalityDto, UpdatePersonalityDto } from "./dto";
import type { UpdatePersonalityDto } from "./dto/update-personality.dto";
import { NotFoundException, ConflictException } from "@nestjs/common"; import { NotFoundException, ConflictException } from "@nestjs/common";
import { FormalityLevel } from "@prisma/client";
describe("PersonalitiesService", () => { describe("PersonalitiesService", () => {
let service: PersonalitiesService; let service: PersonalitiesService;
@@ -13,39 +11,22 @@ describe("PersonalitiesService", () => {
const mockWorkspaceId = "workspace-123"; const mockWorkspaceId = "workspace-123";
const mockPersonalityId = "personality-123"; const mockPersonalityId = "personality-123";
const mockProviderId = "provider-123";
/** Raw Prisma record shape (uses Prisma field names) */ const mockPersonality = {
const mockPrismaRecord = {
id: mockPersonalityId, id: mockPersonalityId,
workspaceId: mockWorkspaceId, workspaceId: mockWorkspaceId,
name: "professional-assistant", name: "professional-assistant",
displayName: "Professional Assistant", displayName: "Professional Assistant",
description: "A professional communication assistant", description: "A professional communication assistant",
tone: "professional",
formalityLevel: FormalityLevel.FORMAL,
systemPrompt: "You are a professional assistant who helps with tasks.", systemPrompt: "You are a professional assistant who helps with tasks.",
temperature: 0.7, temperature: 0.7,
maxTokens: 2000, maxTokens: 2000,
llmProviderInstanceId: "provider-123", llmProviderInstanceId: mockProviderId,
isDefault: true, isDefault: true,
isEnabled: true, isEnabled: true,
createdAt: new Date("2026-01-01"), createdAt: new Date(),
updatedAt: new Date("2026-01-01"), updatedAt: new Date(),
};
/** Expected API response shape (uses frontend field names) */
const mockResponse = {
id: mockPersonalityId,
workspaceId: mockWorkspaceId,
name: "professional-assistant",
description: "A professional communication assistant",
tone: "professional",
formalityLevel: FormalityLevel.FORMAL,
systemPromptTemplate: "You are a professional assistant who helps with tasks.",
isDefault: true,
isActive: true,
createdAt: new Date("2026-01-01"),
updatedAt: new Date("2026-01-01"),
}; };
const mockPrismaService = { const mockPrismaService = {
@@ -56,7 +37,9 @@ describe("PersonalitiesService", () => {
create: vi.fn(), create: vi.fn(),
update: vi.fn(), update: vi.fn(),
delete: vi.fn(), delete: vi.fn(),
count: vi.fn(),
}, },
$transaction: vi.fn((callback) => callback(mockPrismaService)),
}; };
beforeEach(async () => { beforeEach(async () => {
@@ -73,54 +56,44 @@ describe("PersonalitiesService", () => {
service = module.get<PersonalitiesService>(PersonalitiesService); service = module.get<PersonalitiesService>(PersonalitiesService);
prisma = module.get<PrismaService>(PrismaService); prisma = module.get<PrismaService>(PrismaService);
// Reset mocks
vi.clearAllMocks(); vi.clearAllMocks();
}); });
describe("create", () => { describe("create", () => {
const createDto: CreatePersonalityDto = { const createDto: CreatePersonalityDto = {
name: "casual-helper", name: "casual-helper",
displayName: "Casual Helper",
description: "A casual communication helper", description: "A casual communication helper",
tone: "casual", systemPrompt: "You are a casual assistant.",
formalityLevel: FormalityLevel.CASUAL, temperature: 0.8,
systemPromptTemplate: "You are a casual assistant.", maxTokens: 1500,
isDefault: false, llmProviderInstanceId: mockProviderId,
isActive: true,
}; };
const createdRecord = { it("should create a new personality", async () => {
...mockPrismaRecord,
name: createDto.name,
description: createDto.description,
tone: createDto.tone,
formalityLevel: createDto.formalityLevel,
systemPrompt: createDto.systemPromptTemplate,
isDefault: false,
isEnabled: true,
id: "new-personality-id",
};
it("should create a new personality and return API response shape", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(null); mockPrismaService.personality.findFirst.mockResolvedValue(null);
mockPrismaService.personality.create.mockResolvedValue(createdRecord); mockPrismaService.personality.create.mockResolvedValue({
...mockPersonality,
...createDto,
id: "new-personality-id",
isDefault: false,
isEnabled: true,
});
const result = await service.create(mockWorkspaceId, createDto); const result = await service.create(mockWorkspaceId, createDto);
expect(result.name).toBe(createDto.name); expect(result).toMatchObject(createDto);
expect(result.tone).toBe(createDto.tone);
expect(result.formalityLevel).toBe(createDto.formalityLevel);
expect(result.systemPromptTemplate).toBe(createDto.systemPromptTemplate);
expect(result.isActive).toBe(true);
expect(result.isDefault).toBe(false);
expect(prisma.personality.create).toHaveBeenCalledWith({ expect(prisma.personality.create).toHaveBeenCalledWith({
data: { data: {
workspaceId: mockWorkspaceId, workspaceId: mockWorkspaceId,
name: createDto.name, name: createDto.name,
displayName: createDto.name, displayName: createDto.displayName,
description: createDto.description ?? null, description: createDto.description ?? null,
tone: createDto.tone, systemPrompt: createDto.systemPrompt,
formalityLevel: createDto.formalityLevel, temperature: createDto.temperature ?? null,
systemPrompt: createDto.systemPromptTemplate, maxTokens: createDto.maxTokens ?? null,
llmProviderInstanceId: createDto.llmProviderInstanceId ?? null,
isDefault: false, isDefault: false,
isEnabled: true, isEnabled: true,
}, },
@@ -128,73 +101,68 @@ describe("PersonalitiesService", () => {
}); });
it("should throw ConflictException when name already exists", async () => { it("should throw ConflictException when name already exists", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(mockPrismaRecord); mockPrismaService.personality.findFirst.mockResolvedValue(mockPersonality);
await expect(service.create(mockWorkspaceId, createDto)).rejects.toThrow(ConflictException); await expect(service.create(mockWorkspaceId, createDto)).rejects.toThrow(ConflictException);
}); });
it("should unset other defaults when creating a new default personality", async () => { it("should unset other defaults when creating a new default personality", async () => {
const createDefaultDto: CreatePersonalityDto = { ...createDto, isDefault: true }; const createDefaultDto = { ...createDto, isDefault: true };
const otherDefault = { ...mockPrismaRecord, id: "other-id" }; // First call to findFirst checks for name conflict (should be null)
// Second call to findFirst finds the existing default personality
mockPrismaService.personality.findFirst mockPrismaService.personality.findFirst
.mockResolvedValueOnce(null) // name conflict check .mockResolvedValueOnce(null) // No name conflict
.mockResolvedValueOnce(otherDefault); // existing default lookup .mockResolvedValueOnce(mockPersonality); // Existing default
mockPrismaService.personality.update.mockResolvedValue({ ...otherDefault, isDefault: false }); mockPrismaService.personality.update.mockResolvedValue({
...mockPersonality,
isDefault: false,
});
mockPrismaService.personality.create.mockResolvedValue({ mockPrismaService.personality.create.mockResolvedValue({
...createdRecord, ...mockPersonality,
isDefault: true, ...createDefaultDto,
}); });
await service.create(mockWorkspaceId, createDefaultDto); await service.create(mockWorkspaceId, createDefaultDto);
expect(prisma.personality.update).toHaveBeenCalledWith({ expect(prisma.personality.update).toHaveBeenCalledWith({
where: { id: "other-id" }, where: { id: mockPersonalityId },
data: { isDefault: false }, data: { isDefault: false },
}); });
}); });
}); });
describe("findAll", () => { describe("findAll", () => {
it("should return mapped response list for a workspace", async () => { it("should return all personalities for a workspace", async () => {
mockPrismaService.personality.findMany.mockResolvedValue([mockPrismaRecord]); const mockPersonalities = [mockPersonality];
mockPrismaService.personality.findMany.mockResolvedValue(mockPersonalities);
const result = await service.findAll(mockWorkspaceId); const result = await service.findAll(mockWorkspaceId);
expect(result).toHaveLength(1); expect(result).toEqual(mockPersonalities);
expect(result[0]).toEqual(mockResponse);
expect(prisma.personality.findMany).toHaveBeenCalledWith({ expect(prisma.personality.findMany).toHaveBeenCalledWith({
where: { workspaceId: mockWorkspaceId }, where: { workspaceId: mockWorkspaceId },
orderBy: [{ isDefault: "desc" }, { name: "asc" }], orderBy: [{ isDefault: "desc" }, { name: "asc" }],
}); });
}); });
it("should filter by isActive when provided", async () => {
mockPrismaService.personality.findMany.mockResolvedValue([mockPrismaRecord]);
await service.findAll(mockWorkspaceId, { isActive: true });
expect(prisma.personality.findMany).toHaveBeenCalledWith({
where: { workspaceId: mockWorkspaceId, isEnabled: true },
orderBy: [{ isDefault: "desc" }, { name: "asc" }],
});
});
}); });
describe("findOne", () => { describe("findOne", () => {
it("should return a mapped personality response by id", async () => { it("should return a personality by id", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(mockPrismaRecord); mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
const result = await service.findOne(mockWorkspaceId, mockPersonalityId); const result = await service.findOne(mockWorkspaceId, mockPersonalityId);
expect(result).toEqual(mockResponse); expect(result).toEqual(mockPersonality);
expect(prisma.personality.findFirst).toHaveBeenCalledWith({ expect(prisma.personality.findUnique).toHaveBeenCalledWith({
where: { id: mockPersonalityId, workspaceId: mockWorkspaceId }, where: {
id: mockPersonalityId,
workspaceId: mockWorkspaceId,
},
}); });
}); });
it("should throw NotFoundException when personality not found", async () => { it("should throw NotFoundException when personality not found", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(null); mockPrismaService.personality.findUnique.mockResolvedValue(null);
await expect(service.findOne(mockWorkspaceId, mockPersonalityId)).rejects.toThrow( await expect(service.findOne(mockWorkspaceId, mockPersonalityId)).rejects.toThrow(
NotFoundException NotFoundException
@@ -203,14 +171,17 @@ describe("PersonalitiesService", () => {
}); });
describe("findByName", () => { describe("findByName", () => {
it("should return a mapped personality response by name", async () => { it("should return a personality by name", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(mockPrismaRecord); mockPrismaService.personality.findFirst.mockResolvedValue(mockPersonality);
const result = await service.findByName(mockWorkspaceId, "professional-assistant"); const result = await service.findByName(mockWorkspaceId, "professional-assistant");
expect(result).toEqual(mockResponse); expect(result).toEqual(mockPersonality);
expect(prisma.personality.findFirst).toHaveBeenCalledWith({ expect(prisma.personality.findFirst).toHaveBeenCalledWith({
where: { workspaceId: mockWorkspaceId, name: "professional-assistant" }, where: {
workspaceId: mockWorkspaceId,
name: "professional-assistant",
},
}); });
}); });
@@ -225,11 +196,11 @@ describe("PersonalitiesService", () => {
describe("findDefault", () => { describe("findDefault", () => {
it("should return the default personality", async () => { it("should return the default personality", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(mockPrismaRecord); mockPrismaService.personality.findFirst.mockResolvedValue(mockPersonality);
const result = await service.findDefault(mockWorkspaceId); const result = await service.findDefault(mockWorkspaceId);
expect(result).toEqual(mockResponse); expect(result).toEqual(mockPersonality);
expect(prisma.personality.findFirst).toHaveBeenCalledWith({ expect(prisma.personality.findFirst).toHaveBeenCalledWith({
where: { workspaceId: mockWorkspaceId, isDefault: true, isEnabled: true }, where: { workspaceId: mockWorkspaceId, isDefault: true, isEnabled: true },
}); });
@@ -245,45 +216,41 @@ describe("PersonalitiesService", () => {
describe("update", () => { describe("update", () => {
const updateDto: UpdatePersonalityDto = { const updateDto: UpdatePersonalityDto = {
description: "Updated description", description: "Updated description",
tone: "formal", temperature: 0.9,
isActive: false,
}; };
it("should update a personality and return mapped response", async () => { it("should update a personality", async () => {
const updatedRecord = { mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
...mockPrismaRecord, mockPrismaService.personality.findFirst.mockResolvedValue(null);
description: updateDto.description, mockPrismaService.personality.update.mockResolvedValue({
tone: updateDto.tone, ...mockPersonality,
isEnabled: false, ...updateDto,
}; });
mockPrismaService.personality.findFirst
.mockResolvedValueOnce(mockPrismaRecord) // findOne check
.mockResolvedValueOnce(null); // name conflict check (no dto.name here)
mockPrismaService.personality.update.mockResolvedValue(updatedRecord);
const result = await service.update(mockWorkspaceId, mockPersonalityId, updateDto); const result = await service.update(mockWorkspaceId, mockPersonalityId, updateDto);
expect(result.description).toBe(updateDto.description); expect(result).toMatchObject(updateDto);
expect(result.tone).toBe(updateDto.tone); expect(prisma.personality.update).toHaveBeenCalledWith({
expect(result.isActive).toBe(false); where: { id: mockPersonalityId },
data: updateDto,
});
}); });
it("should throw NotFoundException when personality not found", async () => { it("should throw NotFoundException when personality not found", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(null); mockPrismaService.personality.findUnique.mockResolvedValue(null);
await expect(service.update(mockWorkspaceId, mockPersonalityId, updateDto)).rejects.toThrow( await expect(service.update(mockWorkspaceId, mockPersonalityId, updateDto)).rejects.toThrow(
NotFoundException NotFoundException
); );
}); });
it("should throw ConflictException when updating to an existing name", async () => { it("should throw ConflictException when updating to existing name", async () => {
const updateNameDto: UpdatePersonalityDto = { name: "existing-name" }; const updateNameDto = { name: "existing-name" };
const conflictRecord = { ...mockPrismaRecord, id: "different-id" }; mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
mockPrismaService.personality.findFirst.mockResolvedValue({
mockPrismaService.personality.findFirst ...mockPersonality,
.mockResolvedValueOnce(mockPrismaRecord) // findOne check id: "different-id",
.mockResolvedValueOnce(conflictRecord); // name conflict });
await expect( await expect(
service.update(mockWorkspaceId, mockPersonalityId, updateNameDto) service.update(mockWorkspaceId, mockPersonalityId, updateNameDto)
@@ -291,16 +258,14 @@ describe("PersonalitiesService", () => {
}); });
it("should unset other defaults when setting as default", async () => { it("should unset other defaults when setting as default", async () => {
const updateDefaultDto: UpdatePersonalityDto = { isDefault: true }; const updateDefaultDto = { isDefault: true };
const otherPersonality = { ...mockPrismaRecord, id: "other-id", isDefault: true }; const otherPersonality = { ...mockPersonality, id: "other-id", isDefault: true };
const updatedRecord = { ...mockPrismaRecord, isDefault: true };
mockPrismaService.personality.findFirst mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
.mockResolvedValueOnce(mockPrismaRecord) // findOne check mockPrismaService.personality.findFirst.mockResolvedValue(otherPersonality); // Existing default from unsetOtherDefaults
.mockResolvedValueOnce(otherPersonality); // unsetOtherDefaults lookup
mockPrismaService.personality.update mockPrismaService.personality.update
.mockResolvedValueOnce({ ...otherPersonality, isDefault: false }) .mockResolvedValueOnce({ ...otherPersonality, isDefault: false }) // Unset old default
.mockResolvedValueOnce(updatedRecord); .mockResolvedValueOnce({ ...mockPersonality, isDefault: true }); // Set new default
await service.update(mockWorkspaceId, mockPersonalityId, updateDefaultDto); await service.update(mockWorkspaceId, mockPersonalityId, updateDefaultDto);
@@ -308,12 +273,16 @@ describe("PersonalitiesService", () => {
where: { id: "other-id" }, where: { id: "other-id" },
data: { isDefault: false }, data: { isDefault: false },
}); });
expect(prisma.personality.update).toHaveBeenNthCalledWith(2, {
where: { id: mockPersonalityId },
data: updateDefaultDto,
});
}); });
}); });
describe("delete", () => { describe("delete", () => {
it("should delete a personality", async () => { it("should delete a personality", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(mockPrismaRecord); mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
mockPrismaService.personality.delete.mockResolvedValue(undefined); mockPrismaService.personality.delete.mockResolvedValue(undefined);
await service.delete(mockWorkspaceId, mockPersonalityId); await service.delete(mockWorkspaceId, mockPersonalityId);
@@ -324,7 +293,7 @@ describe("PersonalitiesService", () => {
}); });
it("should throw NotFoundException when personality not found", async () => { it("should throw NotFoundException when personality not found", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(null); mockPrismaService.personality.findUnique.mockResolvedValue(null);
await expect(service.delete(mockWorkspaceId, mockPersonalityId)).rejects.toThrow( await expect(service.delete(mockWorkspaceId, mockPersonalityId)).rejects.toThrow(
NotFoundException NotFoundException
@@ -334,27 +303,30 @@ describe("PersonalitiesService", () => {
describe("setDefault", () => { describe("setDefault", () => {
it("should set a personality as default", async () => { it("should set a personality as default", async () => {
const otherPersonality = { ...mockPrismaRecord, id: "other-id", isDefault: true }; const otherPersonality = { ...mockPersonality, id: "other-id", isDefault: true };
const updatedRecord = { ...mockPrismaRecord, isDefault: true }; const updatedPersonality = { ...mockPersonality, isDefault: true };
mockPrismaService.personality.findFirst mockPrismaService.personality.findUnique.mockResolvedValue(mockPersonality);
.mockResolvedValueOnce(mockPrismaRecord) // findOne check mockPrismaService.personality.findFirst.mockResolvedValue(otherPersonality);
.mockResolvedValueOnce(otherPersonality); // unsetOtherDefaults lookup
mockPrismaService.personality.update mockPrismaService.personality.update
.mockResolvedValueOnce({ ...otherPersonality, isDefault: false }) .mockResolvedValueOnce({ ...otherPersonality, isDefault: false }) // Unset old default
.mockResolvedValueOnce(updatedRecord); .mockResolvedValueOnce(updatedPersonality); // Set new default
const result = await service.setDefault(mockWorkspaceId, mockPersonalityId); const result = await service.setDefault(mockWorkspaceId, mockPersonalityId);
expect(result.isDefault).toBe(true); expect(result).toMatchObject({ isDefault: true });
expect(prisma.personality.update).toHaveBeenCalledWith({ expect(prisma.personality.update).toHaveBeenNthCalledWith(1, {
where: { id: "other-id" },
data: { isDefault: false },
});
expect(prisma.personality.update).toHaveBeenNthCalledWith(2, {
where: { id: mockPersonalityId }, where: { id: mockPersonalityId },
data: { isDefault: true }, data: { isDefault: true },
}); });
}); });
it("should throw NotFoundException when personality not found", async () => { it("should throw NotFoundException when personality not found", async () => {
mockPrismaService.personality.findFirst.mockResolvedValue(null); mockPrismaService.personality.findUnique.mockResolvedValue(null);
await expect(service.setDefault(mockWorkspaceId, mockPersonalityId)).rejects.toThrow( await expect(service.setDefault(mockWorkspaceId, mockPersonalityId)).rejects.toThrow(
NotFoundException NotFoundException

133
apps/api/src/personalities/personalities.service.ts
View File

@@ -1,17 +1,10 @@
import { Injectable, NotFoundException, ConflictException, Logger } from "@nestjs/common"; import { Injectable, NotFoundException, ConflictException, Logger } from "@nestjs/common";
import type { FormalityLevel, Personality } from "@prisma/client";
import { PrismaService } from "../prisma/prisma.service"; import { PrismaService } from "../prisma/prisma.service";
import type { CreatePersonalityDto } from "./dto/create-personality.dto"; import { CreatePersonalityDto, UpdatePersonalityDto } from "./dto";
import type { UpdatePersonalityDto } from "./dto/update-personality.dto"; import { Personality } from "./entities/personality.entity";
import type { PersonalityQueryDto } from "./dto/personality-query.dto";
import type { PersonalityResponse } from "./entities/personality.entity";
/** /**
* Service for managing personality/assistant configurations. * Service for managing personality/assistant configurations
*
* Field mapping:
* Prisma `systemPrompt` <-> API/frontend `systemPromptTemplate`
* Prisma `isEnabled` <-> API/frontend `isActive`
*/ */
@Injectable() @Injectable()
export class PersonalitiesService { export class PersonalitiesService {
@@ -19,30 +12,11 @@ export class PersonalitiesService {
constructor(private readonly prisma: PrismaService) {} constructor(private readonly prisma: PrismaService) {}
/**
* Map a Prisma Personality record to the API response shape.
*/
private toResponse(personality: Personality): PersonalityResponse {
return {
id: personality.id,
workspaceId: personality.workspaceId,
name: personality.name,
description: personality.description,
tone: personality.tone,
formalityLevel: personality.formalityLevel,
systemPromptTemplate: personality.systemPrompt,
isDefault: personality.isDefault,
isActive: personality.isEnabled,
createdAt: personality.createdAt,
updatedAt: personality.updatedAt,
};
}
/** /**
* Create a new personality * Create a new personality
*/ */
async create(workspaceId: string, dto: CreatePersonalityDto): Promise<PersonalityResponse> { async create(workspaceId: string, dto: CreatePersonalityDto): Promise<Personality> {
// Check for duplicate name within workspace // Check for duplicate name
const existing = await this.prisma.personality.findFirst({ const existing = await this.prisma.personality.findFirst({
where: { workspaceId, name: dto.name }, where: { workspaceId, name: dto.name },
}); });
@@ -51,7 +25,7 @@ export class PersonalitiesService {
throw new ConflictException(`Personality with name "${dto.name}" already exists`); throw new ConflictException(`Personality with name "${dto.name}" already exists`);
} }
// If creating as default, unset other defaults first // If creating a default personality, unset other defaults
if (dto.isDefault) { if (dto.isDefault) {
await this.unsetOtherDefaults(workspaceId); await this.unsetOtherDefaults(workspaceId);
} }
@@ -60,43 +34,36 @@ export class PersonalitiesService {
data: { data: {
workspaceId, workspaceId,
name: dto.name, name: dto.name,
displayName: dto.name, // use name as displayName since frontend doesn't send displayName separately displayName: dto.displayName,
description: dto.description ?? null, description: dto.description ?? null,
tone: dto.tone, systemPrompt: dto.systemPrompt,
formalityLevel: dto.formalityLevel, temperature: dto.temperature ?? null,
systemPrompt: dto.systemPromptTemplate, maxTokens: dto.maxTokens ?? null,
llmProviderInstanceId: dto.llmProviderInstanceId ?? null,
isDefault: dto.isDefault ?? false, isDefault: dto.isDefault ?? false,
isEnabled: dto.isActive ?? true, isEnabled: dto.isEnabled ?? true,
}, },
}); });
this.logger.log(`Created personality ${personality.id} for workspace ${workspaceId}`); this.logger.log(`Created personality ${personality.id} for workspace ${workspaceId}`);
return this.toResponse(personality); return personality;
} }
/** /**
* Find all personalities for a workspace with optional active filter * Find all personalities for a workspace
*/ */
async findAll(workspaceId: string, query?: PersonalityQueryDto): Promise<PersonalityResponse[]> { async findAll(workspaceId: string): Promise<Personality[]> {
const where: { workspaceId: string; isEnabled?: boolean } = { workspaceId }; return this.prisma.personality.findMany({
where: { workspaceId },
if (query?.isActive !== undefined) {
where.isEnabled = query.isActive;
}
const personalities = await this.prisma.personality.findMany({
where,
orderBy: [{ isDefault: "desc" }, { name: "asc" }], orderBy: [{ isDefault: "desc" }, { name: "asc" }],
}); });
return personalities.map((p) => this.toResponse(p));
} }
/** /**
* Find a specific personality by ID * Find a specific personality by ID
*/ */
async findOne(workspaceId: string, id: string): Promise<PersonalityResponse> { async findOne(workspaceId: string, id: string): Promise<Personality> {
const personality = await this.prisma.personality.findFirst({ const personality = await this.prisma.personality.findUnique({
where: { id, workspaceId }, where: { id, workspaceId },
}); });
@@ -104,13 +71,13 @@ export class PersonalitiesService {
throw new NotFoundException(`Personality with ID ${id} not found`); throw new NotFoundException(`Personality with ID ${id} not found`);
} }
return this.toResponse(personality); return personality;
} }
/** /**
* Find a personality by name slug * Find a personality by name
*/ */
async findByName(workspaceId: string, name: string): Promise<PersonalityResponse> { async findByName(workspaceId: string, name: string): Promise<Personality> {
const personality = await this.prisma.personality.findFirst({ const personality = await this.prisma.personality.findFirst({
where: { workspaceId, name }, where: { workspaceId, name },
}); });
@@ -119,13 +86,13 @@ export class PersonalitiesService {
throw new NotFoundException(`Personality with name "${name}" not found`); throw new NotFoundException(`Personality with name "${name}" not found`);
} }
return this.toResponse(personality); return personality;
} }
/** /**
* Find the default (and enabled) personality for a workspace * Find the default personality for a workspace
*/ */
async findDefault(workspaceId: string): Promise<PersonalityResponse> { async findDefault(workspaceId: string): Promise<Personality> {
const personality = await this.prisma.personality.findFirst({ const personality = await this.prisma.personality.findFirst({
where: { workspaceId, isDefault: true, isEnabled: true }, where: { workspaceId, isDefault: true, isEnabled: true },
}); });
@@ -134,18 +101,14 @@ export class PersonalitiesService {
throw new NotFoundException(`No default personality found for workspace ${workspaceId}`); throw new NotFoundException(`No default personality found for workspace ${workspaceId}`);
} }
return this.toResponse(personality); return personality;
} }
/** /**
* Update an existing personality * Update an existing personality
*/ */
async update( async update(workspaceId: string, id: string, dto: UpdatePersonalityDto): Promise<Personality> {
workspaceId: string, // Check existence
id: string,
dto: UpdatePersonalityDto
): Promise<PersonalityResponse> {
// Verify existence
await this.findOne(workspaceId, id); await this.findOne(workspaceId, id);
// Check for duplicate name if updating name // Check for duplicate name if updating name
@@ -164,43 +127,20 @@ export class PersonalitiesService {
await this.unsetOtherDefaults(workspaceId, id); await this.unsetOtherDefaults(workspaceId, id);
} }
// Build update data with field mapping
const updateData: {
name?: string;
displayName?: string;
description?: string;
tone?: string;
formalityLevel?: FormalityLevel;
systemPrompt?: string;
isDefault?: boolean;
isEnabled?: boolean;
} = {};
if (dto.name !== undefined) {
updateData.name = dto.name;
updateData.displayName = dto.name;
}
if (dto.description !== undefined) updateData.description = dto.description;
if (dto.tone !== undefined) updateData.tone = dto.tone;
if (dto.formalityLevel !== undefined) updateData.formalityLevel = dto.formalityLevel;
if (dto.systemPromptTemplate !== undefined) updateData.systemPrompt = dto.systemPromptTemplate;
if (dto.isDefault !== undefined) updateData.isDefault = dto.isDefault;
if (dto.isActive !== undefined) updateData.isEnabled = dto.isActive;
const personality = await this.prisma.personality.update({ const personality = await this.prisma.personality.update({
where: { id }, where: { id },
data: updateData, data: dto,
}); });
this.logger.log(`Updated personality ${id} for workspace ${workspaceId}`); this.logger.log(`Updated personality ${id} for workspace ${workspaceId}`);
return this.toResponse(personality); return personality;
} }
/** /**
* Delete a personality * Delete a personality
*/ */
async delete(workspaceId: string, id: string): Promise<void> { async delete(workspaceId: string, id: string): Promise<void> {
// Verify existence // Check existence
await this.findOne(workspaceId, id); await this.findOne(workspaceId, id);
await this.prisma.personality.delete({ await this.prisma.personality.delete({
@@ -211,22 +151,23 @@ export class PersonalitiesService {
} }
/** /**
* Set a personality as the default (convenience endpoint) * Set a personality as the default
*/ */
async setDefault(workspaceId: string, id: string): Promise<PersonalityResponse> { async setDefault(workspaceId: string, id: string): Promise<Personality> {
// Verify existence // Check existence
await this.findOne(workspaceId, id); await this.findOne(workspaceId, id);
// Unset other defaults // Unset other defaults
await this.unsetOtherDefaults(workspaceId, id); await this.unsetOtherDefaults(workspaceId, id);
// Set this one as default
const personality = await this.prisma.personality.update({ const personality = await this.prisma.personality.update({
where: { id }, where: { id },
data: { isDefault: true }, data: { isDefault: true },
}); });
this.logger.log(`Set personality ${id} as default for workspace ${workspaceId}`); this.logger.log(`Set personality ${id} as default for workspace ${workspaceId}`);
return this.toResponse(personality); return personality;
} }
/** /**
@@ -237,7 +178,7 @@ export class PersonalitiesService {
where: { where: {
workspaceId, workspaceId,
isDefault: true, isDefault: true,
...(excludeId !== undefined && { id: { not: excludeId } }), ...(excludeId && { id: { not: excludeId } }),
}, },
}); });

11
apps/api/src/prisma/prisma.service.ts
View File

@@ -140,11 +140,8 @@ export class PrismaService extends PrismaClient implements OnModuleInit, OnModul
workspaceId: string, workspaceId: string,
client: PrismaClient = this client: PrismaClient = this
): Promise<void> { ): Promise<void> {
// Use set_config() instead of SET LOCAL so values are safely parameterized. await client.$executeRaw`SET LOCAL app.current_user_id = ${userId}`;
// SET LOCAL with Prisma's tagged template produces invalid SQL (bind parameter $1 await client.$executeRaw`SET LOCAL app.current_workspace_id = ${workspaceId}`;
// is not supported in SET statements by PostgreSQL).
await client.$executeRaw`SELECT set_config('app.current_user_id', ${userId}, true)`;
await client.$executeRaw`SELECT set_config('app.current_workspace_id', ${workspaceId}, true)`;
} }
/** /**
@@ -154,8 +151,8 @@ export class PrismaService extends PrismaClient implements OnModuleInit, OnModul
* @param client - Optional Prisma client (uses 'this' if not provided) * @param client - Optional Prisma client (uses 'this' if not provided)
*/ */
async clearWorkspaceContext(client: PrismaClient = this): Promise<void> { async clearWorkspaceContext(client: PrismaClient = this): Promise<void> {
await client.$executeRaw`SELECT set_config('app.current_user_id', '', true)`; await client.$executeRaw`SET LOCAL app.current_user_id = NULL`;
await client.$executeRaw`SELECT set_config('app.current_workspace_id', '', true)`; await client.$executeRaw`SET LOCAL app.current_workspace_id = NULL`;
} }
/** /**

6
apps/api/src/tasks/dto/create-task.dto.ts
View File

@@ -50,12 +50,6 @@ export class CreateTaskDto {
@IsUUID("4", { message: "parentId must be a valid UUID" }) @IsUUID("4", { message: "parentId must be a valid UUID" })
parentId?: string; parentId?: string;
@IsOptional()
@IsString({ message: "assignedAgent must be a string" })
@MinLength(1, { message: "assignedAgent must not be empty" })
@MaxLength(255, { message: "assignedAgent must not exceed 255 characters" })
assignedAgent?: string;
@IsOptional() @IsOptional()
@IsInt({ message: "sortOrder must be an integer" }) @IsInt({ message: "sortOrder must be an integer" })
@Min(0, { message: "sortOrder must be at least 0" }) @Min(0, { message: "sortOrder must be at least 0" })

6
apps/api/src/tasks/dto/update-task.dto.ts
View File

@@ -52,12 +52,6 @@ export class UpdateTaskDto {
@IsUUID("4", { message: "parentId must be a valid UUID" }) @IsUUID("4", { message: "parentId must be a valid UUID" })
parentId?: string | null; parentId?: string | null;
@IsOptional()
@IsString({ message: "assignedAgent must be a string" })
@MinLength(1, { message: "assignedAgent must not be empty" })
@MaxLength(255, { message: "assignedAgent must not exceed 255 characters" })
assignedAgent?: string | null;
@IsOptional() @IsOptional()
@IsInt({ message: "sortOrder must be an integer" }) @IsInt({ message: "sortOrder must be an integer" })
@Min(0, { message: "sortOrder must be at least 0" }) @Min(0, { message: "sortOrder must be at least 0" })

162
apps/api/src/tasks/tasks.assigned-agent.integration.spec.ts
View File

@@ -1,162 +0,0 @@
import { beforeAll, beforeEach, describe, expect, it, afterAll, vi } from "vitest";
import { randomUUID as uuid } from "crypto";
import { Test, TestingModule } from "@nestjs/testing";
import { PrismaClient } from "@prisma/client";
import { TasksService } from "./tasks.service";
import { PrismaService } from "../prisma/prisma.service";
import { ActivityService } from "../activity/activity.service";
const shouldRunDbIntegrationTests =
process.env.RUN_DB_TESTS === "true" && Boolean(process.env.DATABASE_URL);
const describeFn = shouldRunDbIntegrationTests ? describe : describe.skip;
describeFn("TasksService assignedAgent Integration", () => {
let moduleRef: TestingModule;
let prisma: PrismaClient;
let service: TasksService;
let workspaceId: string;
let ownerId: string;
let setupComplete = false;
const activityServiceMock = {
logTaskCreated: vi.fn().mockResolvedValue(undefined),
logTaskUpdated: vi.fn().mockResolvedValue(undefined),
logTaskDeleted: vi.fn().mockResolvedValue(undefined),
logTaskCompleted: vi.fn().mockResolvedValue(undefined),
logTaskAssigned: vi.fn().mockResolvedValue(undefined),
};
beforeAll(async () => {
prisma = new PrismaClient();
await prisma.$connect();
const workspace = await prisma.workspace.create({
data: {
name: `Tasks Assigned Agent Integration ${Date.now()}`,
owner: {
create: {
email: `tasks-assigned-agent-integration-${Date.now()}@example.com`,
name: "Tasks Assigned Agent Integration Owner",
},
},
},
});
workspaceId = workspace.id;
ownerId = workspace.ownerId;
moduleRef = await Test.createTestingModule({
providers: [
TasksService,
{
provide: PrismaService,
useValue: prisma,
},
{
provide: ActivityService,
useValue: activityServiceMock,
},
],
}).compile();
service = moduleRef.get<TasksService>(TasksService);
setupComplete = true;
});
beforeEach(async () => {
vi.clearAllMocks();
if (!setupComplete) {
return;
}
await prisma.task.deleteMany({ where: { workspaceId } });
});
afterAll(async () => {
if (!prisma) {
return;
}
if (workspaceId) {
await prisma.task.deleteMany({ where: { workspaceId } });
await prisma.workspace.deleteMany({ where: { id: workspaceId } });
}
if (ownerId) {
await prisma.user.deleteMany({ where: { id: ownerId } });
}
if (moduleRef) {
await moduleRef.close();
}
await prisma.$disconnect();
});
it("persists assignedAgent on create", async () => {
if (!setupComplete) {
return;
}
const task = await service.create(workspaceId, ownerId, {
title: `Assigned agent create ${uuid()}`,
assignedAgent: "fleet-worker-1",
});
expect(task.assignedAgent).toBe("fleet-worker-1");
const stored = await prisma.task.findUnique({
where: {
id: task.id,
},
select: {
id: true,
assignedAgent: true,
},
});
expect(stored).toMatchObject({
id: task.id,
assignedAgent: "fleet-worker-1",
});
const listed = await service.findAll({ workspaceId, page: 1, limit: 10 }, ownerId);
const listedTask = listed.data.find((row) => row.id === task.id);
expect(listedTask?.assignedAgent).toBe("fleet-worker-1");
});
it("updates and clears assignedAgent", async () => {
if (!setupComplete) {
return;
}
const created = await service.create(workspaceId, ownerId, {
title: `Assigned agent update ${uuid()}`,
});
expect(created.assignedAgent).toBeNull();
const updated = await service.update(created.id, workspaceId, ownerId, {
assignedAgent: "fleet-worker-2",
});
expect(updated.assignedAgent).toBe("fleet-worker-2");
const cleared = await service.update(created.id, workspaceId, ownerId, {
assignedAgent: null,
});
expect(cleared.assignedAgent).toBeNull();
const stored = await prisma.task.findUnique({
where: {
id: created.id,
},
select: {
assignedAgent: true,
},
});
expect(stored?.assignedAgent).toBeNull();
});
});

43
apps/api/src/tasks/tasks.service.spec.ts
View File

@@ -48,7 +48,6 @@ describe("TasksService", () => {
creatorId: mockUserId, creatorId: mockUserId,
projectId: null, projectId: null,
parentId: null, parentId: null,
assignedAgent: null,
sortOrder: 0, sortOrder: 0,
metadata: {}, metadata: {},
createdAt: new Date(), createdAt: new Date(),
@@ -159,28 +158,6 @@ describe("TasksService", () => {
}) })
); );
}); });
it("should include assignedAgent when provided", async () => {
const createDto = {
title: "Agent-owned Task",
assignedAgent: "fleet-worker-1",
};
mockPrismaService.task.create.mockResolvedValue({
...mockTask,
assignedAgent: createDto.assignedAgent,
});
await service.create(mockWorkspaceId, mockUserId, createDto);
expect(prisma.task.create).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
assignedAgent: createDto.assignedAgent,
}),
})
);
});
}); });
describe("findAll", () => { describe("findAll", () => {
@@ -492,26 +469,6 @@ describe("TasksService", () => {
service.update(mockTaskId, mockWorkspaceId, mockUserId, { title: "Test" }) service.update(mockTaskId, mockWorkspaceId, mockUserId, { title: "Test" })
).rejects.toThrow(NotFoundException); ).rejects.toThrow(NotFoundException);
}); });
it("should update assignedAgent when provided", async () => {
const updateDto = { assignedAgent: "fleet-worker-2" };
mockPrismaService.task.findUnique.mockResolvedValue(mockTask);
mockPrismaService.task.update.mockResolvedValue({
...mockTask,
assignedAgent: updateDto.assignedAgent,
});
await service.update(mockTaskId, mockWorkspaceId, mockUserId, updateDto);
expect(prisma.task.update).toHaveBeenCalledWith(
expect.objectContaining({
data: expect.objectContaining({
assignedAgent: updateDto.assignedAgent,
}),
})
);
});
}); });
describe("remove", () => { describe("remove", () => {

6
apps/api/src/tasks/tasks.service.ts
View File

@@ -67,9 +67,6 @@ export class TasksService {
metadata: createTaskDto.metadata metadata: createTaskDto.metadata
? (createTaskDto.metadata as unknown as Prisma.InputJsonValue) ? (createTaskDto.metadata as unknown as Prisma.InputJsonValue)
: {}, : {},
...(createTaskDto.assignedAgent !== undefined && {
assignedAgent: createTaskDto.assignedAgent,
}),
...(assigneeConnection && { assignee: assigneeConnection }), ...(assigneeConnection && { assignee: assigneeConnection }),
...(projectConnection && { project: projectConnection }), ...(projectConnection && { project: projectConnection }),
...(parentConnection && { parent: parentConnection }), ...(parentConnection && { parent: parentConnection }),
@@ -294,9 +291,6 @@ export class TasksService {
if (updateTaskDto.parentId !== undefined && updateTaskDto.parentId !== null) { if (updateTaskDto.parentId !== undefined && updateTaskDto.parentId !== null) {
data.parent = { connect: { id: updateTaskDto.parentId } }; data.parent = { connect: { id: updateTaskDto.parentId } };
} }
if (updateTaskDto.assignedAgent !== undefined) {
data.assignedAgent = updateTaskDto.assignedAgent;
}
// Handle completedAt based on status changes // Handle completedAt based on status changes
if (updateTaskDto.status) { if (updateTaskDto.status) {

13
apps/api/src/teams/dto/create-team.dto.ts
View File

@@ -1,13 +0,0 @@
import { IsOptional, IsString, MaxLength, MinLength } from "class-validator";
export class CreateTeamDto {
@IsString({ message: "name must be a string" })
@MinLength(1, { message: "name must not be empty" })
@MaxLength(255, { message: "name must not exceed 255 characters" })
name!: string;
@IsOptional()
@IsString({ message: "description must be a string" })
@MaxLength(10000, { message: "description must not exceed 10000 characters" })
description?: string;
}

11
apps/api/src/teams/dto/manage-team-member.dto.ts
View File

@@ -1,11 +0,0 @@
import { TeamMemberRole } from "@prisma/client";
import { IsEnum, IsOptional, IsUUID } from "class-validator";
export class ManageTeamMemberDto {
@IsUUID("4", { message: "userId must be a valid UUID" })
userId!: string;
@IsOptional()
@IsEnum(TeamMemberRole, { message: "role must be a valid TeamMemberRole" })
role?: TeamMemberRole;
}

150
apps/api/src/teams/teams.controller.spec.ts
View File

@@ -1,150 +0,0 @@
import { Test, TestingModule } from "@nestjs/testing";
import { describe, it, expect, beforeEach, vi } from "vitest";
import { TeamMemberRole } from "@prisma/client";
import { AuthGuard } from "../auth/guards/auth.guard";
import { PermissionGuard, WorkspaceGuard } from "../common/guards";
import { TeamsController } from "./teams.controller";
import { TeamsService } from "./teams.service";
describe("TeamsController", () => {
let controller: TeamsController;
let service: TeamsService;
const mockTeamsService = {
create: vi.fn(),
findAll: vi.fn(),
addMember: vi.fn(),
removeMember: vi.fn(),
remove: vi.fn(),
};
const mockWorkspaceId = "550e8400-e29b-41d4-a716-446655440001";
const mockTeamId = "550e8400-e29b-41d4-a716-446655440002";
const mockUserId = "550e8400-e29b-41d4-a716-446655440003";
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [TeamsController],
providers: [
{
provide: TeamsService,
useValue: mockTeamsService,
},
],
})
.overrideGuard(AuthGuard)
.useValue({ canActivate: vi.fn(() => true) })
.overrideGuard(WorkspaceGuard)
.useValue({ canActivate: vi.fn(() => true) })
.overrideGuard(PermissionGuard)
.useValue({ canActivate: vi.fn(() => true) })
.compile();
controller = module.get<TeamsController>(TeamsController);
service = module.get<TeamsService>(TeamsService);
vi.clearAllMocks();
});
it("should be defined", () => {
expect(controller).toBeDefined();
});
describe("create", () => {
it("should create a team in a workspace", async () => {
const createDto = {
name: "Platform Team",
description: "Owns platform services",
};
const createdTeam = {
id: mockTeamId,
workspaceId: mockWorkspaceId,
name: createDto.name,
description: createDto.description,
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
};
mockTeamsService.create.mockResolvedValue(createdTeam);
const result = await controller.create(createDto, mockWorkspaceId);
expect(result).toEqual(createdTeam);
expect(service.create).toHaveBeenCalledWith(mockWorkspaceId, createDto);
});
});
describe("findAll", () => {
it("should list teams in a workspace", async () => {
const teams = [
{
id: mockTeamId,
workspaceId: mockWorkspaceId,
name: "Platform Team",
description: "Owns platform services",
metadata: {},
createdAt: new Date(),
updatedAt: new Date(),
_count: { members: 2 },
},
];
mockTeamsService.findAll.mockResolvedValue(teams);
const result = await controller.findAll(mockWorkspaceId);
expect(result).toEqual(teams);
expect(service.findAll).toHaveBeenCalledWith(mockWorkspaceId);
});
});
describe("addMember", () => {
it("should add a member to a team", async () => {
const dto = {
userId: mockUserId,
role: TeamMemberRole.ADMIN,
};
const createdTeamMember = {
teamId: mockTeamId,
userId: mockUserId,
role: TeamMemberRole.ADMIN,
joinedAt: new Date(),
user: {
id: mockUserId,
name: "Test User",
email: "test@example.com",
},
};
mockTeamsService.addMember.mockResolvedValue(createdTeamMember);
const result = await controller.addMember(mockTeamId, dto, mockWorkspaceId);
expect(result).toEqual(createdTeamMember);
expect(service.addMember).toHaveBeenCalledWith(mockWorkspaceId, mockTeamId, dto);
});
});
describe("removeMember", () => {
it("should remove a member from a team", async () => {
mockTeamsService.removeMember.mockResolvedValue(undefined);
await controller.removeMember(mockTeamId, mockUserId, mockWorkspaceId);
expect(service.removeMember).toHaveBeenCalledWith(mockWorkspaceId, mockTeamId, mockUserId);
});
});
describe("remove", () => {
it("should delete a team", async () => {
mockTeamsService.remove.mockResolvedValue(undefined);
await controller.remove(mockTeamId, mockWorkspaceId);
expect(service.remove).toHaveBeenCalledWith(mockWorkspaceId, mockTeamId);
});
});
});

51
apps/api/src/teams/teams.controller.ts
View File

@@ -1,51 +0,0 @@
import { Body, Controller, Delete, Get, Param, Post, UseGuards } from "@nestjs/common";
import { AuthGuard } from "../auth/guards/auth.guard";
import { PermissionGuard, WorkspaceGuard } from "../common/guards";
import { Permission, RequirePermission, Workspace } from "../common/decorators";
import { CreateTeamDto } from "./dto/create-team.dto";
import { ManageTeamMemberDto } from "./dto/manage-team-member.dto";
import { TeamsService } from "./teams.service";
@Controller("workspaces/:workspaceId/teams")
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)
export class TeamsController {
constructor(private readonly teamsService: TeamsService) {}
@Post()
@RequirePermission(Permission.WORKSPACE_ADMIN)
async create(@Body() createTeamDto: CreateTeamDto, @Workspace() workspaceId: string) {
return this.teamsService.create(workspaceId, createTeamDto);
}
@Get()
@RequirePermission(Permission.WORKSPACE_ANY)
async findAll(@Workspace() workspaceId: string) {
return this.teamsService.findAll(workspaceId);
}
@Post(":teamId/members")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async addMember(
@Param("teamId") teamId: string,
@Body() dto: ManageTeamMemberDto,
@Workspace() workspaceId: string
) {
return this.teamsService.addMember(workspaceId, teamId, dto);
}
@Delete(":teamId/members/:userId")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async removeMember(
@Param("teamId") teamId: string,
@Param("userId") userId: string,
@Workspace() workspaceId: string
) {
return this.teamsService.removeMember(workspaceId, teamId, userId);
}
@Delete(":teamId")
@RequirePermission(Permission.WORKSPACE_ADMIN)
async remove(@Param("teamId") teamId: string, @Workspace() workspaceId: string) {
return this.teamsService.remove(workspaceId, teamId);
}
}

13
apps/api/src/teams/teams.module.ts
View File

@@ -1,13 +0,0 @@
import { Module } from "@nestjs/common";
import { AuthModule } from "../auth/auth.module";
import { PrismaModule } from "../prisma/prisma.module";
import { TeamsController } from "./teams.controller";
import { TeamsService } from "./teams.service";
@Module({
imports: [PrismaModule, AuthModule],
controllers: [TeamsController],
providers: [TeamsService],
exports: [TeamsService],
})
export class TeamsModule {}

Some files were not shown because too many files have changed in this diff Show More