refactor(store): replace project and skill models with generated models

* Update project creation and retrieval to use generated models * Modify skill addition and listing to utilize generated models * Refactor thought handling to incorporate generated models * Adjust tool annotations to align with new model structure * Update API calls in the UI to use new ResolveSpec-based endpoints * Enhance stats retrieval logic to aggregate thought metadata
2026-04-26 12:56:32 +02:00
parent da7220ad64
commit db7b152852
53 changed files with 3638 additions and 426 deletions
--- a/internal/app/admin_legacy.go.disabled
+++ b/internal/app/admin_legacy.go.disabled
@@ -1,4 +1,5 @@
 package app
+// Legacy admin handlers retired in favor of ResolveSpec-backed routes.

 import (
 	"encoding/json"
@@ -265,4 +266,3 @@ func parseUUID(w http.ResponseWriter, s string) (uuid.UUID, bool) {
 	}
 	return id, true
 }
-
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -227,7 +227,9 @@ func routes(logger *slog.Logger, cfg *config.Config, info buildinfo.Info, db *st
 		mux.Handle(cfg.MCP.SSEPath, authMiddleware(mcpHandlers.SSE))
 		logger.Info("SSE transport enabled", slog.String("sse_path", cfg.MCP.SSEPath))
 	}
-	newAdminHandlers(db, logger).register(mux, authMiddleware)
+	if err := registerResolveSpecAdminRoutes(mux, db, authMiddleware, logger); err != nil {
+		return nil, fmt.Errorf("setup resolvespec admin routes: %w", err)
+	}
 	mux.Handle("/files", authMiddleware(fileHandler(filesTool)))
 	mux.Handle("/files/{id}", authMiddleware(fileHandler(filesTool)))
 	mux.HandleFunc("/.well-known/oauth-authorization-server", oauthMetadataHandler())
--- a/internal/app/resolvespec_admin.go
+++ b/internal/app/resolvespec_admin.go
@@ -0,0 +1,128 @@
+package app
+
+import (
+	"fmt"
+	"log/slog"
+	"net/http"
+
+	"github.com/bitechdev/ResolveSpec/pkg/resolvespec"
+	"github.com/uptrace/bunrouter"
+
+	"git.warky.dev/wdevs/amcs/internal/generatedmodels"
+	"git.warky.dev/wdevs/amcs/internal/store"
+)
+
+func registerResolveSpecAdminRoutes(mux *http.ServeMux, db *store.DB, middleware func(http.Handler) http.Handler, logger *slog.Logger) error {
+	rs := resolvespec.NewHandlerWithBun(db.Bun())
+	registerResolveSpecGuards(rs)
+	for _, model := range resolveSpecModels() {
+		if err := rs.RegisterModel(model.schema, model.entity, model.model); err != nil {
+			return fmt.Errorf("register resolvespec model %s.%s: %w", model.schema, model.entity, err)
+		}
+	}
+
+	rsRouter := bunrouter.New()
+	resolvespec.SetupBunRouterRoutes(rsRouter, rs, nil)
+
+	rsMount := http.StripPrefix("/api/rs", rsRouter)
+	protectedRSMount := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == http.MethodOptions {
+			rsMount.ServeHTTP(w, r)
+			return
+		}
+		middleware(rsMount).ServeHTTP(w, r)
+	})
+
+	mux.Handle("/api/rs/", protectedRSMount)
+	mux.Handle("/api/rs", http.RedirectHandler("/api/rs/openapi", http.StatusTemporaryRedirect))
+
+	if logger != nil {
+		logger.Info("resolvespec admin api enabled",
+			slog.String("prefix", "/api/rs"),
+			slog.Int("models", len(resolveSpecModels())),
+		)
+	}
+
+	return nil
+}
+
+func registerResolveSpecGuards(rs *resolvespec.Handler) {
+	mutableByEntity := map[string]map[string]struct{}{
+		"projects": {
+			"create": {},
+		},
+		"thoughts": {
+			"update": {},
+			"delete": {},
+		},
+		"agent_skills": {
+			"delete": {},
+		},
+		"agent_guardrails": {
+			"delete": {},
+		},
+	}
+
+	rs.Hooks().Register(resolvespec.BeforeHandle, func(hookCtx *resolvespec.HookContext) error {
+		switch hookCtx.Operation {
+		case "read", "meta":
+			return nil
+		case "create", "update", "delete":
+			allowedOps, ok := mutableByEntity[hookCtx.Entity]
+			if !ok {
+				hookCtx.Abort = true
+				hookCtx.AbortCode = http.StatusForbidden
+				hookCtx.AbortMessage = fmt.Sprintf("operation %q is not allowed for %s.%s", hookCtx.Operation, hookCtx.Schema, hookCtx.Entity)
+				return fmt.Errorf("forbidden operation")
+			}
+			if _, ok := allowedOps[hookCtx.Operation]; !ok {
+				hookCtx.Abort = true
+				hookCtx.AbortCode = http.StatusForbidden
+				hookCtx.AbortMessage = fmt.Sprintf("operation %q is not allowed for %s.%s", hookCtx.Operation, hookCtx.Schema, hookCtx.Entity)
+				return fmt.Errorf("forbidden operation")
+			}
+			return nil
+		default:
+			hookCtx.Abort = true
+			hookCtx.AbortCode = http.StatusBadRequest
+			hookCtx.AbortMessage = fmt.Sprintf("unsupported operation %q", hookCtx.Operation)
+			return fmt.Errorf("unsupported operation")
+		}
+	})
+}
+
+type resolveSpecModel struct {
+	schema string
+	entity string
+	model  any
+}
+
+func resolveSpecModels() []resolveSpecModel {
+	return []resolveSpecModel{
+		{schema: "public", entity: "activities", model: generatedmodels.ModelPublicActivities{}},
+		{schema: "public", entity: "agent_guardrails", model: generatedmodels.ModelPublicAgentGuardrails{}},
+		{schema: "public", entity: "agent_skills", model: generatedmodels.ModelPublicAgentSkills{}},
+		{schema: "public", entity: "chat_histories", model: generatedmodels.ModelPublicChatHistories{}},
+		{schema: "public", entity: "contact_interactions", model: generatedmodels.ModelPublicContactInteractions{}},
+		{schema: "public", entity: "embeddings", model: generatedmodels.ModelPublicEmbeddings{}},
+		{schema: "public", entity: "family_members", model: generatedmodels.ModelPublicFamilyMembers{}},
+		{schema: "public", entity: "household_items", model: generatedmodels.ModelPublicHouseholdItems{}},
+		{schema: "public", entity: "household_vendors", model: generatedmodels.ModelPublicHouseholdVendors{}},
+		{schema: "public", entity: "important_dates", model: generatedmodels.ModelPublicImportantDates{}},
+		{schema: "public", entity: "learnings", model: generatedmodels.ModelPublicLearnings{}},
+		{schema: "public", entity: "maintenance_logs", model: generatedmodels.ModelPublicMaintenanceLogs{}},
+		{schema: "public", entity: "maintenance_tasks", model: generatedmodels.ModelPublicMaintenanceTasks{}},
+		{schema: "public", entity: "meal_plans", model: generatedmodels.ModelPublicMealPlans{}},
+		{schema: "public", entity: "opportunities", model: generatedmodels.ModelPublicOpportunities{}},
+		{schema: "public", entity: "professional_contacts", model: generatedmodels.ModelPublicProfessionalContacts{}},
+		{schema: "public", entity: "project_guardrails", model: generatedmodels.ModelPublicProjectGuardrails{}},
+		{schema: "public", entity: "project_skills", model: generatedmodels.ModelPublicProjectSkills{}},
+		{schema: "public", entity: "projects", model: generatedmodels.ModelPublicProjects{}},
+		{schema: "public", entity: "recipes", model: generatedmodels.ModelPublicRecipes{}},
+		{schema: "public", entity: "shopping_lists", model: generatedmodels.ModelPublicShoppingLists{}},
+		{schema: "public", entity: "stored_files", model: generatedmodels.ModelPublicStoredFiles{}},
+		{schema: "public", entity: "thought_links", model: generatedmodels.ModelPublicThoughtLinks{}},
+		{schema: "public", entity: "thoughts", model: generatedmodels.ModelPublicThoughts{}},
+		{schema: "public", entity: "tool_annotations", model: generatedmodels.ModelPublicToolAnnotations{}},
+	}
+}
--- a/internal/app/resolvespec_admin_test.go
+++ b/internal/app/resolvespec_admin_test.go
@@ -0,0 +1,154 @@
+package app
+
+import (
+	"io"
+	"log/slog"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"git.warky.dev/wdevs/amcs/internal/auth"
+	"git.warky.dev/wdevs/amcs/internal/config"
+
+	"github.com/bitechdev/ResolveSpec/pkg/resolvespec"
+)
+
+func TestResolveSpecAuthRequiresValidCredentials(t *testing.T) {
+	keyring, err := auth.NewKeyring([]config.APIKey{{ID: "operator", Value: "secret"}})
+	if err != nil {
+		t.Fatalf("NewKeyring() error = %v", err)
+	}
+
+	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
+	protected := auth.Middleware(config.AuthConfig{}, keyring, nil, nil, nil, logger)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/api/rs/public/projects" {
+			t.Fatalf("path = %q, want /api/rs/public/projects", r.URL.Path)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}))
+
+	t.Run("missing credentials are rejected", func(t *testing.T) {
+		req := httptest.NewRequest(http.MethodPost, "/api/rs/public/projects", strings.NewReader(`{"operation":"read"}`))
+		rec := httptest.NewRecorder()
+
+		protected.ServeHTTP(rec, req)
+
+		if rec.Code != http.StatusUnauthorized {
+			t.Fatalf("status = %d, want %d", rec.Code, http.StatusUnauthorized)
+		}
+	})
+
+	t.Run("valid API key is accepted", func(t *testing.T) {
+		req := httptest.NewRequest(http.MethodPost, "/api/rs/public/projects", strings.NewReader(`{"operation":"read"}`))
+		req.Header.Set("x-brain-key", "secret")
+		rec := httptest.NewRecorder()
+
+		protected.ServeHTTP(rec, req)
+
+		if rec.Code != http.StatusNoContent {
+			t.Fatalf("status = %d, want %d", rec.Code, http.StatusNoContent)
+		}
+	})
+}
+
+func TestResolveSpecGuardAllowsSupportedMutations(t *testing.T) {
+	rs := resolvespec.NewHandler(nil, nil)
+	registerResolveSpecGuards(rs)
+
+	cases := []struct {
+		name      string
+		entity    string
+		operation string
+	}{
+		{name: "projects create", entity: "projects", operation: "create"},
+		{name: "thoughts update", entity: "thoughts", operation: "update"},
+		{name: "thoughts delete", entity: "thoughts", operation: "delete"},
+		{name: "agent_skills delete", entity: "agent_skills", operation: "delete"},
+		{name: "agent_guardrails delete", entity: "agent_guardrails", operation: "delete"},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			hookCtx := &resolvespec.HookContext{
+				Schema:    "public",
+				Entity:    tc.entity,
+				Operation: tc.operation,
+			}
+
+			err := rs.Hooks().Execute(resolvespec.BeforeHandle, hookCtx)
+			if err != nil {
+				t.Fatalf("Execute() error = %v, want nil", err)
+			}
+			if hookCtx.Abort {
+				t.Fatalf("Abort = true, want false (code=%d message=%q)", hookCtx.AbortCode, hookCtx.AbortMessage)
+			}
+		})
+	}
+}
+
+func TestResolveSpecGuardBlocksUnsupportedMutations(t *testing.T) {
+	rs := resolvespec.NewHandler(nil, nil)
+	registerResolveSpecGuards(rs)
+
+	cases := []struct {
+		name          string
+		entity        string
+		operation     string
+		wantCode      int
+		wantMessageIn string
+	}{
+		{
+			name:          "create not allowed on thoughts",
+			entity:        "thoughts",
+			operation:     "create",
+			wantCode:      http.StatusForbidden,
+			wantMessageIn: `operation "create" is not allowed for public.thoughts`,
+		},
+		{
+			name:          "delete not allowed on projects",
+			entity:        "projects",
+			operation:     "delete",
+			wantCode:      http.StatusForbidden,
+			wantMessageIn: `operation "delete" is not allowed for public.projects`,
+		},
+		{
+			name:          "mutations blocked for non-allowlisted entity",
+			entity:        "stored_files",
+			operation:     "delete",
+			wantCode:      http.StatusForbidden,
+			wantMessageIn: `operation "delete" is not allowed for public.stored_files`,
+		},
+		{
+			name:          "unknown operation is rejected",
+			entity:        "projects",
+			operation:     "scan",
+			wantCode:      http.StatusBadRequest,
+			wantMessageIn: `unsupported operation "scan"`,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			hookCtx := &resolvespec.HookContext{
+				Schema:    "public",
+				Entity:    tc.entity,
+				Operation: tc.operation,
+			}
+
+			err := rs.Hooks().Execute(resolvespec.BeforeHandle, hookCtx)
+			if err == nil {
+				t.Fatal("Execute() error = nil, want non-nil")
+			}
+			if !hookCtx.Abort {
+				t.Fatal("Abort = false, want true")
+			}
+			if hookCtx.AbortCode != tc.wantCode {
+				t.Fatalf("AbortCode = %d, want %d", hookCtx.AbortCode, tc.wantCode)
+			}
+			if !strings.Contains(hookCtx.AbortMessage, tc.wantMessageIn) {
+				t.Fatalf("AbortMessage = %q, want substring %q", hookCtx.AbortMessage, tc.wantMessageIn)
+			}
+		})
+	}
+}