bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
695 Commits 2 Branches 3 Tags 60 MiB
885ee2d504
Commit Graph

695 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
root
885ee2d504 feat(events): add durable event bus worker path 2026-03-14 16:02:40 +00:00
root
8de22f9f22 feat(platform-service): allow scoped api keys on webhook routes 2026-03-14 15:38:42 +00:00
root
da744ab116 feat(platform-service): allow scoped api keys on ops routes 2026-03-14 14:58:08 +00:00
root
0ad6703961 feat(platform-service): add api key auth context and throttling guard 2026-03-14 14:55:23 +00:00
root
b7c8e4fbef test(router): tighten routing and telemetry assertions 2026-03-14 14:53:43 +00:00
root
3cc35e2b51 docs(roadmaps): clarify reuse across agent platform gaps 2026-03-14 14:40:43 +00:00
root
f02ff801cb docs(roadmaps): refine agent platform roadmap decisions 2026-03-14 14:37:50 +00:00
root
d4c725a29d docs(roadmaps): add agent platform gap roadmap set 2026-03-14 14:34:08 +00:00
root
8ad3e1be34 test(core): strengthen app and auth assertions 2026-03-14 14:25:18 +00:00
root
9a746dfffa test(tracker-web): cover auth proxy 502 responses 2026-03-14 06:43:36 +00:00
root
50fc9c93c5 test(llm-router): cover local ollama inference 2026-03-14 06:41:08 +00:00
root
7616901683 test(workspace): harden service bootstrap and sync coverage 2026-03-14 06:40:10 +00:00
root
128207ac21 fix(testing): stabilize workspace test dependencies 2026-03-14 06:35:29 +00:00
root
c80016c8c2 docs: sync agent guidance with prototype runtime 2026-03-14 06:27:07 +00:00
root
bfecc9f95d docs(agents): sync local llm routing guidance 2026-03-14 06:26:08 +00:00
root
2b4fccb744 feat(queue): add durable worker runtime and extraction integration 2026-03-14 06:25:10 +00:00
root
bc1f9c59c2 Add host-side prototype smoke test command 2026-03-14 06:23:18 +00:00
root
604ce97e0d fix(local-llm): use resolved model for auto titles 2026-03-14 06:22:28 +00:00
root
bf2c285e41 feat(llm-router): unify local ollama routing 2026-03-14 06:17:17 +00:00
root
91885f0d4f Add Mailpit-backed prototype email sandbox 2026-03-14 06:16:28 +00:00
root
a27a822fc2 Add prototype storage diagnostics and smoke test 2026-03-14 06:06:35 +00:00
root
114240c79a feat(platform-service): add telegram and slack delivery 2026-03-14 06:01:59 +00:00
root
db9ae4a573 feat(platform-service): add smtp email delivery and postal setup 2026-03-14 05:52:28 +00:00
root
d57b388904 Sanitize prototype env examples 2026-03-14 05:48:18 +00:00
root
66a11c5713 Add Azurite-backed blob storage for prototype 2026-03-14 05:45:43 +00:00
root
19b58b3ea0 Fix prototype service runtime dependencies 2026-03-14 05:32:21 +00:00
root
a5e8890df2 Add Cosmos emulator prototype support 2026-03-14 05:24:01 +00:00
root
9e2fdb9643 Add prototype deployment workflow 2026-03-14 05:01:09 +00:00
saravanakumardb1
5195f9c052 fix(platform): production readiness — admin-web client bundling, config sub-path exports, stale tests 
- dashboards/admin-web: split product-constants.ts for client-safe imports
- dashboards/admin-web: serverExternalPackages + webpack fallbacks for @bytelyst/config
- dashboards/admin-web: instrumentation.ts uses @bytelyst/config/keyvault sub-path
- packages/config: add ./keyvault and ./product-identity sub-path exports
- packages/feedback-client: fix stale test expectation (TODO-1 → actual error message)
- packages/sync: fix reprocessFailed test (flush already pushes items)
 2026-03-12 16:49:15 -07:00
saravanakumardb1
9438085cc0 fix(blob): rewrite tests for storage-delegated API 
- Old tests imported removed functions (getBlobServiceClient, getContainerClient)
- Old tests mocked @azure/storage-blob directly but blob now delegates to @bytelyst/storage
- New tests use MemoryStorageProvider for functional validation
- Tests cover: isBlobStorageConfigured (4 cases), storage provider/bucket ops (5 cases), BLOB_CONTAINERS (1 case)
- 10/10 tests passing (was 2/8)
 2026-03-12 16:44:52 -07:00
saravanakumardb1
4ca9b73d75 fix(platform): build react-native-platform-sdk + fix admin-web typecheck errors 
- react-native-platform-sdk: add tsconfig.json + 13 source files (core, auth, telemetry, feature-flags, kill-switch, broadcasts, surveys)
- react-native-platform-sdk: React hooks + providers wrapping platform-service APIs via fetch
- admin-web: fix ThemeEditor.tsx + themes/active/route.ts lysnrai token type access
- tracker-web: product-context import path fix (pre-existing)
 2026-03-12 16:36:13 -07:00
saravanakumardb1
2b3130821c fix(auth): register magic_link event type + use admin productId for enterprise IdP 
- Register 'auth.magic_link_requested' in @bytelyst/events PlatformEventSchemas
- Remove any-cast from magic-link/routes.ts — now properly typed
- Enterprise IdP creation uses admin's JWT productId instead of hardcoded 'smartauth'
- All 53 auth tests passing
 2026-03-12 15:55:09 -07:00
saravanakumardb1
b8f22be677 fix(auth): SDK device/login-events response wrappers + correct API paths 
- Swift + Kotlin SDKs: listDevices() now unwraps { devices: [...] }
- Swift + Kotlin SDKs: getLoginHistory() now unwraps { events: [...] }
- Swift + Kotlin SDKs: revokeDevice() uses fingerprint param (not doc ID)
- Swift + Kotlin SDKs: revokeAllDevices() uses POST /revoke-all (not DELETE)
- Swift + Kotlin SDKs: getLoginHistory() path /login-events (not /login-events/me)
- Swift + Kotlin SDKs: Device model updated to match backend response fields
- All 53 auth tests passing
 2026-03-12 15:42:54 -07:00
saravanakumardb1
b0e1a54481 fix(auth): enterprise SSO bcrypt hash + upgrade cost 10→12 
- Enterprise SAML/OIDC callbacks used raw 'sso_xxx' string as passwordHash
  which would crash bcrypt.compare(). Now uses userRepo.hashPassword(randomUUID())
- Added updateLastLogin() for existing enterprise SSO users
- Upgraded bcrypt cost factor from 10 to 12 per PRD spec
- All 53 auth tests passing
 2026-03-12 15:35:00 -07:00
saravanakumardb1
0c4e53a0ed feat(auth): Phase 6 — enterprise SAML/OIDC, magic link, HIBP, E2E specs 
6A: Enterprise IdP CRUD, SAML callback, OIDC callback, email domain lookup
6B: Magic link send/verify (15min TTL, anti-enumeration), HIBP breach check
6D: 3 new E2E specs (account-linking, step-up, enterprise) — total 8 SmartAuth specs
- All 53 auth tests passing
 2026-03-12 15:25:28 -07:00
saravanakumardb1
f4b9124065 feat(auth): add Phase 5C-5E endpoints + SDK methods — TOTP secret, push approvals, QR auth 
- GET /auth/mfa/totp/secret — retrieve decrypted TOTP secret for auth app
- POST /auth/mfa/push/create, GET /pending, POST /:id/respond, GET /:id/status
- POST /auth/qr/create, POST /auth/qr/confirm, GET /auth/qr/:id/status
- Kotlin SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- Swift SDK: getTotpSecret, getPendingApprovals, respondToApproval, confirmQrLogin
- All 53 auth tests passing
 2026-03-12 15:01:51 -07:00
saravanakumardb1
b1b3fe42df feat(llm-router): add @bytelyst/llm-router — pure-code LLM router for free-tier providers 
- 4 providers: Groq, OpenRouter, Together AI, Cerebras
- Regex-based prompt classifier (code/math/reasoning/creative/general)
- Instance-level round-robin state (no shared module globals)
- Sliding-window health tracker (latency, error rate, rate-limit rate)
- Auto-fallback on 429/5xx with per-attempt latency tracking
- Telemetry hook for all routing decisions (auto + explicit)
- OpenRouter recommended headers (HTTP-Referer, X-Title)
- 47 tests across 5 test files, zero runtime deps
 2026-03-12 13:45:49 -07:00
saravanakumardb1
ae13abfab2 fix(auth): address SmartAuth agent review gaps — Swift mock wiring, passkey SDK consistency, device list parity, JSDoc, SSR docs 2026-03-12 12:27:08 -07:00
saravanakumardb1
a613cf1bf9 test(auth): add SmartAuth integration tests + fix auth.routes.test mocks 
- Add 5 new tests: MFA challenge integration, risk scorer edge cases, login events wiring, device trust pure function
- Fix auth.routes.test.ts: add vi.mock stubs for login-events, risk-scorer, mfa, devices, config, event-bus
- Change afterEach from restoreAllMocks to clearAllMocks (preserves mock implementations between tests)
- Total: 42 smartauth tests, 951 platform-service tests all passing
 2026-03-12 11:27:50 -07:00
saravanakumardb1
0f4be0c325 feat(auth): wire login events into OAuth login helper 
- Record success login event with risk scoring after OAuth token issuance
- Import login-events repo + risk-scorer into oauth/routes
- Best-effort recording — never blocks OAuth login flow
 2026-03-12 11:19:11 -07:00
saravanakumardb1
82d7f157d9 feat(auth): wire login events + MFA challenge into login handler 
- Add recordLoginEvent() helper with risk scoring via scoreLoginRisk()
- On failed login: record 'failed' event with risk assessment
- On MFA-required: issue challenge token, record 'mfa_required' event
- On success: record 'success' event with risk assessment
- Import login-events repo, risk-scorer, mfa repo, challenge store, device repo
 2026-03-12 11:17:23 -07:00
saravanakumardb1
10494ae0e4 feat(auth): SmartAuth tracker-web — OAuth proxy, MFA verify, login page with Google Sign-In 
- Add OAuth proxy route with productId forwarding via getRequestProductId
- Add MFA verify proxy route
- Update login page with Google Sign-In button (env-gated) and MFA challenge flow
- Fix completeAuth to avoid redundant router.push before window.location.href
- Add NEXT_PUBLIC_GOOGLE_CLIENT_ID to .env.example
- Add MessageEvent to ESLint globals for popup message handler
 2026-03-12 11:15:44 -07:00
saravanakumardb1
ac798a727e test(auth): SmartAuth Playwright E2E specs — login, MFA settings, security dashboard, devices, passkeys 
- smartauth-login.spec.ts: Google Sign-In button presence, MFA challenge not shown initially
- smartauth-mfa-settings.spec.ts: MFA status, setup/disable flows with API mocking
- smartauth-security-dashboard.spec.ts: stats cards, login events table, suspicious filter
- smartauth-devices.spec.ts: device list, trust badges, revoke all button
- smartauth-passkeys.spec.ts: passkey list, add button, empty state, device type labels
 2026-03-12 11:13:41 -07:00
saravanakumardb1
067a23449f feat(auth): SmartAuth admin-web — OAuth proxy, MFA settings, devices, passkeys, security dashboard 
- Add 15 API proxy routes for SmartAuth endpoints (OAuth, MFA, devices, passkeys, security)
- Add MFA Settings page (/settings/security) with TOTP setup/verify/disable flow
- Add Device Management page (/settings/devices) with trust badges and revoke actions
- Add Passkey Management page (/settings/passkeys) with WebAuthn registration
- Add Admin Security Dashboard (/ops/security) with stats, provider distribution, login events
- Update login page with Google Sign-In button (env-gated) and MFA challenge flow
- Add sidebar nav links for new security pages
- Fix sidebar nav highlighting for nested routes (exact match for parent items)
- Add NEXT_PUBLIC_GOOGLE_CLIENT_ID to .env.example
 2026-03-12 11:13:14 -07:00
saravanakumardb1
bdb3e95e00 fix(auth): clean up MFA routes — remove redundant imports, use userRepo.update() 
- Remove redundant dynamic import('node:crypto'), use top-level nodeCrypto
- Remove getCollection import, use userRepo.update() for mfaEnabled/mfaMethods
- Expand update() Pick type to include mfaEnabled, mfaMethods, emailVerified
- Remove unused _reply param from MFA policy PUT handler
 2026-03-12 11:12:33 -07:00
saravanakumardb1
362b915ea9 feat(auth): SmartAuth backend core — OAuth, MFA, passkeys, device trust, login events 
Phase 0A: OneAuth schema extension — UserDoc evolution + auth_providers container
Phase 0B: Progressive lockout + IP rate limiting on login
Phase 1A-1B: Google/Microsoft/Apple OAuth + account linking
Phase 1D: Enhanced /auth/me — products, providers, MFA status
Phase 2A-2C: TOTP MFA + challenge flow + admin policies
Phase 3A-3B: WebAuthn passkeys + device trust
Phase 4A: Login events + rule-based risk scoring

New sub-modules: oauth/, mfa/, passkeys/, devices/, login-events/
New containers: auth_providers, auth_mfa, auth_mfa_policies, auth_passkeys, auth_devices, auth_login_events
Tests: 37 new (946 total, all passing), typecheck clean
 2026-03-12 10:55:41 -07:00
saravanakumardb1
2c330387fc feat(auth): native SDK passkey + BLAuthUI Swift + Kotlin social/MFA 
SmartAuth v2 SDK extensions for both Swift and Kotlin platform SDKs:

Swift (BLAuthClient.swift):
- Social login, MFA, passkeys, providers, devices, step-up, login history
- New types: BLMfaChallenge, BLTotpSetup, BLMfaStatus, BLAuthProvider, etc.
- BLAuthState: added .mfaRequired case

Swift (BLAuthUI.swift) — 4 reusable views:
- BLLoginView, BLMfaChallengeView, BLPasskeyView, BLStepUpSheet

Kotlin (BLAuthClient.kt):
- Social login, MFA, providers, devices, step-up, login history
- MFA challenge detection in login(), encodeMap() helper

Kotlin (BLPasskeyManager.kt) — Credential Manager passkey wrapper
Kotlin (BLAuthUI.kt) — 5 Compose screens matching Swift BLAuthUI
Kotlin build.gradle.kts — Credential Manager dependencies

Tests: Swift (6 methods), Kotlin (5 methods)
 2026-03-12 10:55:32 -07:00
saravanakumardb1
53f2a97d40 feat(auth): SmartAuth SDK packages — OAuth, MFA, passkeys, devices, RS256, auth-ui 
Phase 1C: @bytelyst/auth-client + @bytelyst/react-auth Google Sign-In
- loginWithGoogle/Microsoft/Apple(idToken) → POST /auth/oauth/:provider
- getProviders/linkProvider/unlinkProvider → provider management
- React context: loginWithGoogle, providers state, refreshProviders

Phase 2D: MFA + Social Login SDK + Auth UI
- verifyMfa/setupTotp/verifyTotpSetup/disableMfa/getMfaStatus
- regenerateRecoveryCodes → recovery code management
- React context: mfaRequired/mfaChallenge/mfaMethods state, verifyMfa action
- login() handles MfaLoginResult (returns false, sets MFA state)
- NEW @bytelyst/auth-ui: LoginForm, MfaChallenge, SocialButtons components

Phase 3: Passkeys + Device SDK
- getPasskeyRegisterOptions/verifyPasskeyRegistration
- getPasskeyAuthOptions/verifyPasskeyAuth/listPasskeys/deletePasskey
- listDevices/trustDevice/revokeDevice/revokeAllDevices

Phase 4C: @bytelyst/auth RS256 support
- createJwtUtils({ algorithm: 'RS256', rsaPrivateKey, rsaPublicKey })
- Dual verification: RS256 first, HS256 fallback (migration-safe)
- Remote JWKS support via jwksUrl option
- Backward-compatible: HS256 remains default

Phase 5B: Admin security endpoints
- getSecurityOverview/unlockUser/exportAuthData/cancelDeletion

Tests: 101 total (36 auth-client + 21 react-auth + 13 auth-ui + 31 auth)
Builds: all 4 packages pass tsc
 2026-03-12 10:50:56 -07:00
saravanakumardb1
c8b520ba12 chore: sync chat history workflows and repo metadata 2026-03-11 09:13:49 -07:00
saravanakumardb1
9a00fbd86a fix(workflow): add FlowMonk to agent-doc generator 2026-03-10 23:35:29 -07:00