bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
706 Commits 2 Branches 3 Tags 60 MiB
57abfa5b03
Commit Graph

280 Commits

Author SHA1 Message Date
root
57abfa5b03 feat(api-key): add per-product throttling 2026-03-15 06:26:42 +00:00
root
8240f6060d feat(api-key): restrict ops routes to service tokens 2026-03-15 06:24:08 +00:00
root
d1b3faae8b fix(tokens): issue machine-ready defaults 2026-03-15 06:19:48 +00:00
root
eac633e1e7 fix(api-key): enforce machine token policy 2026-03-15 06:16:15 +00:00
root
507f0fdd1f feat(tokens): classify machine credentials 2026-03-15 06:09:42 +00:00
root
3398d1400f feat(platform-service): add human review queue 2026-03-15 06:08:23 +00:00
root
33c5a5a5ce feat(platform-service): add org workspace foundation 2026-03-15 06:03:08 +00:00
root
841d2f5129 fix(api-key): enforce requested product binding 2026-03-15 06:01:17 +00:00
root
daec38faf7 feat(a2a): persist incident pipeline runs 2026-03-15 05:58:15 +00:00
root
07e9475b70 fix(tokens): align api token storage with cosmos partitioning 2026-03-15 05:57:34 +00:00
root
a76b932502 feat(platform-service): add durable run tracking 2026-03-14 16:08:07 +00:00
root
885ee2d504 feat(events): add durable event bus worker path 2026-03-14 16:02:40 +00:00
root
8de22f9f22 feat(platform-service): allow scoped api keys on webhook routes 2026-03-14 15:38:42 +00:00
root
da744ab116 feat(platform-service): allow scoped api keys on ops routes 2026-03-14 14:58:08 +00:00
root
0ad6703961 feat(platform-service): add api key auth context and throttling guard 2026-03-14 14:55:23 +00:00
root
7616901683 test(workspace): harden service bootstrap and sync coverage 2026-03-14 06:40:10 +00:00
root
2b4fccb744 feat(queue): add durable worker runtime and extraction integration 2026-03-14 06:25:10 +00:00
root
91885f0d4f Add Mailpit-backed prototype email sandbox 2026-03-14 06:16:28 +00:00
root
a27a822fc2 Add prototype storage diagnostics and smoke test 2026-03-14 06:06:35 +00:00
root
114240c79a feat(platform-service): add telegram and slack delivery 2026-03-14 06:01:59 +00:00
root
db9ae4a573 feat(platform-service): add smtp email delivery and postal setup 2026-03-14 05:52:28 +00:00
root
19b58b3ea0 Fix prototype service runtime dependencies 2026-03-14 05:32:21 +00:00
root
a5e8890df2 Add Cosmos emulator prototype support 2026-03-14 05:24:01 +00:00
saravanakumardb1
2b3130821c fix(auth): register magic_link event type + use admin productId for enterprise IdP 
- Register 'auth.magic_link_requested' in @bytelyst/events PlatformEventSchemas
- Remove any-cast from magic-link/routes.ts — now properly typed
- Enterprise IdP creation uses admin's JWT productId instead of hardcoded 'smartauth'
- All 53 auth tests passing
 2026-03-12 15:55:09 -07:00
saravanakumardb1
b0e1a54481 fix(auth): enterprise SSO bcrypt hash + upgrade cost 10→12 
- Enterprise SAML/OIDC callbacks used raw 'sso_xxx' string as passwordHash
  which would crash bcrypt.compare(). Now uses userRepo.hashPassword(randomUUID())
- Added updateLastLogin() for existing enterprise SSO users
- Upgraded bcrypt cost factor from 10 to 12 per PRD spec
- All 53 auth tests passing
 2026-03-12 15:35:00 -07:00
saravanakumardb1
0c4e53a0ed feat(auth): Phase 6 — enterprise SAML/OIDC, magic link, HIBP, E2E specs 
6A: Enterprise IdP CRUD, SAML callback, OIDC callback, email domain lookup
6B: Magic link send/verify (15min TTL, anti-enumeration), HIBP breach check
6D: 3 new E2E specs (account-linking, step-up, enterprise) — total 8 SmartAuth specs
- All 53 auth tests passing
 2026-03-12 15:25:28 -07:00
saravanakumardb1
f4b9124065 feat(auth): add Phase 5C-5E endpoints + SDK methods — TOTP secret, push approvals, QR auth 
- GET /auth/mfa/totp/secret — retrieve decrypted TOTP secret for auth app
- POST /auth/mfa/push/create, GET /pending, POST /:id/respond, GET /:id/status
- POST /auth/qr/create, POST /auth/qr/confirm, GET /auth/qr/:id/status
- Kotlin SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- Swift SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- All 53 auth tests passing
 2026-03-12 15:01:51 -07:00
saravanakumardb1
ae13abfab2 fix(auth): address SmartAuth agent review gaps — Swift mock wiring, passkey SDK consistency, device list parity, JSDoc, SSR docs 2026-03-12 12:27:08 -07:00
saravanakumardb1
a613cf1bf9 test(auth): add SmartAuth integration tests + fix auth.routes.test mocks 
- Add 5 new tests: MFA challenge integration, risk scorer edge cases, login events wiring, device trust pure function
- Fix auth.routes.test.ts: add vi.mock stubs for login-events, risk-scorer, mfa, devices, config, event-bus
- Change afterEach from restoreAllMocks to clearAllMocks (preserves mock implementations between tests)
- Total: 42 smartauth tests, 951 platform-service tests all passing
 2026-03-12 11:27:50 -07:00
saravanakumardb1
0f4be0c325 feat(auth): wire login events into OAuth login helper 
- Record success login event with risk scoring after OAuth token issuance
- Import login-events repo + risk-scorer into oauth/routes
- Best-effort recording — never blocks OAuth login flow
 2026-03-12 11:19:11 -07:00
saravanakumardb1
82d7f157d9 feat(auth): wire login events + MFA challenge into login handler 
- Add recordLoginEvent() helper with risk scoring via scoreLoginRisk()
- On failed login: record 'failed' event with risk assessment
- On MFA-required: issue challenge token, record 'mfa_required' event
- On success: record 'success' event with risk assessment
- Import login-events repo, risk-scorer, mfa repo, challenge store, device repo
 2026-03-12 11:17:23 -07:00
saravanakumardb1
bdb3e95e00 fix(auth): clean up MFA routes — remove redundant imports, use userRepo.update() 
- Remove redundant dynamic import('node:crypto'), use top-level nodeCrypto
- Remove getCollection import, use userRepo.update() for mfaEnabled/mfaMethods
- Expand update() Pick type to include mfaEnabled, mfaMethods, emailVerified
- Remove unused _reply param from MFA policy PUT handler
 2026-03-12 11:12:33 -07:00
saravanakumardb1
362b915ea9 feat(auth): SmartAuth backend core — OAuth, MFA, passkeys, device trust, login events 
Phase 0A: OneAuth schema extension — UserDoc evolution + auth_providers container
Phase 0B: Progressive lockout + IP rate limiting on login
Phase 1A-1B: Google/Microsoft/Apple OAuth + account linking
Phase 1D: Enhanced /auth/me — products, providers, MFA status
Phase 2A-2C: TOTP MFA + challenge flow + admin policies
Phase 3A-3B: WebAuthn passkeys + device trust
Phase 4A: Login events + rule-based risk scoring

New sub-modules: oauth/, mfa/, passkeys/, devices/, login-events/
New containers: auth_providers, auth_mfa, auth_mfa_policies, auth_passkeys, auth_devices, auth_login_events
Tests: 37 new (946 total, all passing), typecheck clean
 2026-03-12 10:55:41 -07:00
saravanakumardb1
aff78c55a4 fix(mcp-server): align notes tool outputs with contracts 2026-03-10 09:54:08 -07:00
saravanakumardb1
ec3dd4bd66 feat(mcp-server): add notes tool integration 2026-03-10 09:39:07 -07:00
saravanakumardb1
49db2cd2af fix(platform-service): pin vitest pool to threads 2026-03-06 13:52:44 -08:00
saravanakumardb1
63b0d20b07 fix(fastify-core): address jwt rollout review findings 2026-03-06 13:44:22 -08:00
saravanakumardb1
e4baa2fc16 refactor(platform-service): use shared optional jwt context 2026-03-06 12:57:00 -08:00
saravanakumardb1
cfca118c71 feat(fastify-core): add shared optional jwt context 2026-03-06 12:52:49 -08:00
saravanakumardb1
d365bc59d6 refactor(mcp-server): tighten MCP tool typing after review 2026-03-05 22:37:53 -08:00
saravanakumardb1
b199ea7976 fix(mcp-server): align secret and experiment tools with real services 2026-03-05 22:36:30 -08:00
saravanakumardb1
53f34851df fix(mcp-server): resolve lint blockers in new MCP tools 2026-03-05 22:30:39 -08:00
saravanakumardb1
3a7139790c fix(mcp-server): Improve error handling in A2A pipelines 
- regression-watch-pipeline.ts: Add try/catch around session creation, continue on failures
- post-incident-cleanup-pipeline.ts: Add try/catch around policy deletion and audit export
- Fix extractionResetProductRateLimit optional parameter pattern
- Update return values to use actual counts instead of targets
- All pipelines now continue processing individual items instead of failing entirely
- Add proper type casting for audit response events array
 2026-03-05 22:09:56 -08:00
saravanakumardb1
40db19a389 feat(mcp-server): Add 2 high-priority A2A pipelines 
- regression-watch-pipeline.ts: Monitor error clusters and auto-create diagnostics sessions
- post-incident-cleanup-pipeline.ts: Resolve clusters, delete policies, export audit logs
- a2a-tools.ts: Register both pipelines as MCP tools (a2a.regressionWatch, a2a.postIncidentCleanup)
- Fix platform-client function names and TelemetryCluster interface usage
- Both pipelines support dryRun mode and proper error handling
- Fix ESLint warnings: remove unused imports, add proper types

All tools require admin role and use existing platform-service endpoints.
 2026-03-05 22:07:42 -08:00
saravanakumardb1
c8fafbb564 feat(mcp-server): Add 7 missing extraction async jobs tools 
- extraction.extractBatch: batch extraction with shared config
- extraction.submitJob: async job submission with webhook support
- extraction.getJob: get job status/results by ID
- extraction.listJobs: list recent async jobs
- extraction.getProductRateLimitStatus: per-product or summary rate limits
- extraction.resetProductRateLimit: admin rate limit reset
- extraction.sidecarMonitoringState: detailed sidecar circuit breaker state

All tools require admin role and map to existing extraction-service endpoints.
Fixes TypeScript optional parameter error in extractionGetProductRateLimitStatus.
 2026-03-05 22:05:00 -08:00
saravanakumardb1
3f296a8e72 feat(mcp-server): fill 12 DOMAIN_PRODUCTS.md MCP tool gaps + client fn additions 
Bug fix (committed separately):
  social-fast-coordinator: stage_transition used non-existent currentStage

New client functions:
  nomgap-client: nomgapFastingCreateSession, nomgapProtocolGet,
                 nomgapSocialListGroupFasts (+ GroupFastDoc)
  peakpulse-client: peakpulseRoutesList, peakpulseSyncStatus
  lysnrai-client: lysnraiApiTokenCreate, lysnraiSessionsStats,
                  lysnraiTranscriptsExportBatch
  chronomind-client: chronomindRoutineGet, chronomindSharedTimerShare

New MCP tools (12):
  mindlyst.briefs.generate        — trigger daily brief via mindlystBriefCreate
  mindlyst.memory.getTriageResult — extract TriageResult sub-doc only
  nomgap.fasting.createSession    — start new fast with protocolId
  nomgap.protocols.get            — single protocol lookup
  nomgap.social.listGroupFasts    — list group fast sessions
  peakpulse.routes.list           — list GPS r
Bug fix (committed separately):
  social-fast-coordinator: stage_transition used non-existent currentStage
ats  social-fast-coordinator: staon
New client functions:
  nomgap-client: nomgapFastingCreateSession, nomgarai  nomgaens.rotate                      nomgapSocialListGroupFasts (+ GroupFastDoc)
 d.  peakpulse-client: peakpulseRoutesList, peakpulseSyncStaturg  lysnrai-client: lysnraiApiTokenCreate, lysnraiSessionsStati                  lysnraiTranscriptsExpor                    us  chronomind-client: chronomindRoutineGet, chrerver total: 126 tools across 17 namespaces
 2026-03-05 18:19:04 -08:00
saravanakumardb1
1da3394caf fix(mcp-server): social-fast-coordinator-pipeline — stage_transition used non-existent currentStage field 
FastingSessionDoc has stages: unknown[] not currentStage: string.
- Replace currentStage cast with hasStages check (session.stages.length > 0)
- Fix protocolId extraction to use direct field (session?.protocolId)
- Report currentStage derived from stages.length as 'stage_N' indicator
 2026-03-05 18:13:28 -08:00
saravanakumardb1
0a6950216a feat(mcp-server): A2A batch-5 — GoalCoachingAgent + SkiRunAnalystAgent (peakpulse) + OrgProvisioningAgent (lysnrai) + ProtocolTuningAgent (nomgap) + CalendarImportAgent (chronomind) 
goal-coaching-pipeline.ts: peakpulse.goals.coach
  - SessionHistoryAgent -> GoalAnalysisAgent -> GoalReportAgent
  - Computes duration/distance/elevation/speed trends across recent sessions
  - Classifies user as beginner/intermediate/advanced; generates metric-specific goal suggestions

ski-run-analyst-pipeline.ts: peakpulse.ski.analyze
  - SkiSessionCollectorAgent -> RunQualityAnalystAgent -> SkiReportAgent
  - Computes runDensity, verticalPerRun, skiToLiftRatio per session
  - Flags: low_run_density, high_lift_ratio, short_session, vertical_drop vs baseline

org-provisioning-pipeline.ts: lysnrai.orgs.provision
  - OrgInspectorAgent -> ProvisioningActionAgent -> OrgReportAgent
  - Checks API tokens + session activity; classifies as new_org/needs_attention/complete

protocol-tuning-pipeline.ts: nomgap.protocols.tune
  - ProtocolStatsCollectorAgent -> AbandonmentAnalysisAgent -> TuningReportAgent
  - Finds protocols with >40% abandonment; runs extraction for pattern analysis
  - Proposes duration reduction, milestone notifications, or variant creation

calendar-import-pipeline.ts: chronomind.calendar.import
  - EventValidatorAgent -> ConflictDetectorAgent -> ImportReportAgent
  - Validates dtstart/dtend; detects time overlaps vs existing timers
  - Creates alarm timers for conflict-free events; dryRun support

MCP server total: 110 tools
 2026-03-05 18:07:59 -08:00
saravanakumardb1
acadc3551e feat(mcp-server): A2A batch-4 — RoutineQualityAgent (chronomind) + SocialFastCoordinatorAgent (nomgap) + TeamProvisioningAgent (jarvis) 
routine-quality-pipeline.ts: chronomind.routines.checkQuality
  - RoutineInventoryAgent -> QualityCheckAgent -> QualityReportAgent
  - Flags: duration_overflow, never_completed, empty_steps, no_category
  - Per-routine issue list + remediation suggestions; configurable maxDurationMinutes

social-fast-coordinator-pipeline.ts: nomgap.social.coordinateFast
  - GroupMemberResolverAgent -> NotificationDispatchAgent -> CoordinationReportAgent
  - Fires social_invite + stage_transition push to each group member
  - Sends weekly_digest to session owner; per-member outcome tracking

team-provisioning-pipeline.ts: jarvis.teams.provision
  - NewMemberDetectorAgent -> OnboardingAgent -> ProvisioningReportAgent
  - Detects invited + recently joined members (configurable sinceHours window)
  - Recommends starter agents by member role, seeds context memory in each agent
  - Marks check-in as scheduled after successful memory seed

MCP server total: 105 tools
 2026-03-05 16:39:36 -08:00
saravanakumardb1
7ed4a105b7 feat(mcp-server): A2A batch-3 — ReflectionSynthesisAgent (mindlyst) + KeyboardDiagnosticsAgent (lysnrai) + NLParserEvalAgent (chronomind) 
reflection-synthesis-pipeline.ts: mindlyst.reflections.synthesize
  - ReflectionCollectorAgent -> ThemeExtractionAgent -> SynthesisReportAgent
  - Fetches recent reflections, runs reflection-enrichment extraction, surfaces themes by frequency
  - Proposes weekly summary text; max 52 reflections (1 year lookback)

keyboard-diagnostics-pipeline.ts: lysnrai.keyboard.diagnose
  - KeyboardErrorScannerAgent -> DiagnosticsSessionAgent -> BugReportDraftAgent
  - Scans error telemetry filtered to keyboard surface, groups by anonymousInstallId
  - Opens diagnostics session per erroring install; drafts severity-ranked bug reports
  - 48h default window, configurable minErrors threshold

nl-parser-eval-pipeline.ts: chronomind.nlParser.eval
  - PhraseSamplerAgent -> ParseEvalAgent -> RegressionReportAgent
  - 10-phrase canonical test suite + optional custom phrases
  - Submits to extraction-service timer-parse task, validates parsed field presence
  - Returns pass/fail/partial scorecard with regression list

MCP server total: 102 tools
 2026-03-05 16:36:19 -08:00