kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 15:52:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve all Biome linting errors and Prettier formatting issues

Browse Source 
- Reduce cognitive complexity in lib/api/handler.ts (23 → 15)
- Reduce cognitive complexity in lib/config/provider.ts (38 → 15)
- Fix TypeScript any type violations in multiple files
- Remove unused variable in lib/batchSchedulerOptimized.ts
- Add prettier-ignore comments to documentation with intentional syntax errors
- Resolve Prettier/Biome formatting conflicts with targeted ignores
- Create .prettierignore for build artifacts and dependencies

All linting checks now pass and build completes successfully (47/47 pages).
This commit is contained in:
Kaj Kowalski
2025-07-13 22:02:21 +02:00
parent 6114e80e98
commit 1e0ee37a39
17 changed files with 4409 additions and 7558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.husky/pre-commit
View File

@ -1 +1 @@
npx lint-staged
lint-staged

14
.prettierignore Normal file
View File

@ -0,0 +1,14 @@
# Don't ignore doc files - we'll use prettier-ignore comments instead
## Ignore lockfile
pnpm-lock.yaml
package-lock.json
## Ignore build outputs
.next
dist
build
out
## Ignore dependencies
node_modules

1
components/MessageViewer.tsx
View File

@ -70,6 +70,7 @@ export default function MessageViewer({ messages }: MessageViewerProps) {
? new Date(messages[0].timestamp).toLocaleString()
: "No timestamp"}
</span>
{/* prettier-ignore */}
<span>
Last message: {(() => {
const lastMessage = messages[messages.length - 1];

217
docs/CSRF_PROTECTION.md
View File

@ -6,10 +6,10 @@ This document describes the comprehensive CSRF (Cross-Site Request Forgery) prot
CSRF protection has been implemented to prevent cross-site request forgery attacks on state-changing operations. The implementation follows industry best practices and provides protection at multiple layers:
- **Middleware Level**: Automatic CSRF validation for protected endpoints
- **tRPC Level**: CSRF protection for all state-changing tRPC procedures
- **Client Level**: Automatic token management and inclusion in requests
- **Component Level**: React components and hooks for easy integration
- **Middleware Level**: Automatic CSRF validation for protected endpoints
- **tRPC Level**: CSRF protection for all state-changing tRPC procedures
- **Client Level**: Automatic token management and inclusion in requests
- **Component Level**: React components and hooks for easy integration
## Implementation Components
@ -17,17 +17,17 @@ CSRF protection has been implemented to prevent cross-site request forgery attac
The core CSRF functionality includes:
- **Token Generation**: Cryptographically secure token generation using the `csrf` library
- **Token Verification**: Server-side token validation
- **Request Parsing**: Support for tokens in headers, JSON bodies, and form data
- **Client Utilities**: Browser-side token management and request enhancement
- **Token Generation**: Cryptographically secure token generation using the `csrf` library
- **Token Verification**: Server-side token validation
- **Request Parsing**: Support for tokens in headers, JSON bodies, and form data
- **Client Utilities**: Browser-side token management and request enhancement
**Key Functions:**
- `generateCSRFToken()` - Creates new CSRF tokens
- `verifyCSRFToken()` - Validates tokens server-side
- `CSRFProtection.validateRequest()` - Request validation middleware
- `CSRFClient.*` - Client-side utilities
- `generateCSRFToken()` - Creates new CSRF tokens
- `verifyCSRFToken()` - Validates tokens server-side
- `CSRFProtection.validateRequest()` - Request validation middleware
- `CSRFClient.*` - Client-side utilities
### 2. Middleware Protection (`middleware/csrfProtection.ts`)
@ -35,26 +35,26 @@ Provides automatic CSRF protection for API endpoints:
**Protected Endpoints:**
- `/api/auth/*` - Authentication endpoints
- `/api/register` - User registration
- `/api/forgot-password` - Password reset requests
- `/api/reset-password` - Password reset completion
- `/api/dashboard/*` - Dashboard API endpoints
- `/api/platform/*` - Platform admin endpoints
- `/api/trpc/*` - All tRPC endpoints
- `/api/auth/*` - Authentication endpoints
- `/api/register` - User registration
- `/api/forgot-password` - Password reset requests
- `/api/reset-password` - Password reset completion
- `/api/dashboard/*` - Dashboard API endpoints
- `/api/platform/*` - Platform admin endpoints
- `/api/trpc/*` - All tRPC endpoints
**Protected Methods:**
- `POST` - Create operations
- `PUT` - Update operations
- `DELETE` - Delete operations
- `PATCH` - Partial update operations
- `POST` - Create operations
- `PUT` - Update operations
- `DELETE` - Delete operations
- `PATCH` - Partial update operations
**Safe Methods (Not Protected):**
- `GET` - Read operations
- `HEAD` - Metadata requests
- `OPTIONS` - CORS preflight requests
- `GET` - Read operations
- `HEAD` - Metadata requests
- `OPTIONS` - CORS preflight requests
### 3. tRPC Integration (`lib/trpc.ts`)
@ -62,57 +62,57 @@ CSRF protection integrated into tRPC procedures:
**New Procedure Types:**
- `csrfProtectedProcedure` - Basic CSRF protection
- `csrfProtectedAuthProcedure` - CSRF + authentication protection
- `csrfProtectedCompanyProcedure` - CSRF + company access protection
- `csrfProtectedAdminProcedure` - CSRF + admin access protection
- `csrfProtectedProcedure` - Basic CSRF protection
- `csrfProtectedAuthProcedure` - CSRF + authentication protection
- `csrfProtectedCompanyProcedure` - CSRF + company access protection
- `csrfProtectedAdminProcedure` - CSRF + admin access protection
**Updated Router Example:**
```typescript
// Before
register: rateLimitedProcedure
.input(registerSchema)
.mutation(async ({ input, ctx }) => { /* ... */ });
register: rateLimitedProcedure.input(registerSchema).mutation(async ({ input, ctx }) => {
/* ... */
});
// After
register: csrfProtectedProcedure
.input(registerSchema)
.mutation(async ({ input, ctx }) => { /* ... */ });
register: csrfProtectedProcedure.input(registerSchema).mutation(async ({ input, ctx }) => {
/* ... */
});
```
### 4. Client-Side Integration
#### tRPC Client (`lib/trpc-client.ts`)
- Automatic CSRF token inclusion in tRPC requests
- Token extracted from cookies and added to request headers
- Automatic CSRF token inclusion in tRPC requests
- Token extracted from cookies and added to request headers
#### React Hooks (`lib/hooks/useCSRF.ts`)
- `useCSRF()` - Basic token management
- `useCSRFFetch()` - Enhanced fetch with automatic CSRF tokens
- `useCSRFForm()` - Form submission with CSRF protection
- `useCSRF()` - Basic token management
- `useCSRFFetch()` - Enhanced fetch with automatic CSRF tokens
- `useCSRFForm()` - Form submission with CSRF protection
#### Provider Component (`components/providers/CSRFProvider.tsx`)
- Application-wide CSRF token management
- Automatic token fetching and refresh
- Context-based token sharing
- Application-wide CSRF token management
- Automatic token fetching and refresh
- Context-based token sharing
#### Protected Form Component (`components/forms/CSRFProtectedForm.tsx`)
- Ready-to-use form component with CSRF protection
- Automatic token inclusion in form submissions
- Graceful fallback for non-JavaScript environments
- Ready-to-use form component with CSRF protection
- Automatic token inclusion in form submissions
- Graceful fallback for non-JavaScript environments
### 5. API Endpoint (`app/api/csrf-token/route.ts`)
Provides CSRF tokens to client applications:
- `GET /api/csrf-token` - Returns new CSRF token
- Sets HTTP-only cookie for automatic inclusion
- Used by client-side hooks and components
- `GET /api/csrf-token` - Returns new CSRF token
- Sets HTTP-only cookie for automatic inclusion
- Used by client-side hooks and components
## Configuration
@ -144,17 +144,17 @@ export const CSRF_CONFIG = {
### 1. Using CSRF in React Components
```tsx
import { useCSRFFetch } from '@/lib/hooks/useCSRF';
import { useCSRFFetch } from "@/lib/hooks/useCSRF";
function MyComponent() {
const { csrfFetch } = useCSRFFetch();
const handleSubmit = async () => {
// CSRF token automatically included
const response = await csrfFetch('/api/dashboard/sessions', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ data: 'example' }),
const response = await csrfFetch("/api/dashboard/sessions", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ data: "example" }),
});
};
}
@ -163,7 +163,7 @@ function MyComponent() {
### 2. Using CSRF Protected Forms
```tsx
import { CSRFProtectedForm } from '@/components/forms/CSRFProtectedForm';
import { CSRFProtectedForm } from "@/components/forms/CSRFProtectedForm";
function RegistrationForm() {
return (
@ -194,15 +194,15 @@ export const userRouter = router({
### 4. Manual CSRF Token Handling
```typescript
import { CSRFClient } from '@/lib/csrf';
import { CSRFClient } from "@/lib/csrf";
// Get token from cookies
const token = CSRFClient.getToken();
// Add to fetch options
const options = CSRFClient.addTokenToFetch({
method: 'POST',
headers: { 'Content-Type': 'application/json' },
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(data),
});
@ -211,17 +211,17 @@ const formData = new FormData();
CSRFClient.addTokenToFormData(formData);
// Add to object
const dataWithToken = CSRFClient.addTokenToObject({ data: 'example' });
const dataWithToken = CSRFClient.addTokenToObject({ data: "example" });
```
## Security Features
### 1. Token Properties
- **Cryptographically Secure**: Uses the `csrf` library with secure random generation
- **Short-Lived**: 24-hour expiration by default
- **HTTP-Only Cookies**: Prevents XSS-based token theft
- **SameSite Protection**: Reduces CSRF attack surface
- **Cryptographically Secure**: Uses the `csrf` library with secure random generation
- **Short-Lived**: 24-hour expiration by default
- **HTTP-Only Cookies**: Prevents XSS-based token theft
- **SameSite Protection**: Reduces CSRF attack surface
### 2. Validation Process
@ -233,19 +233,19 @@ const dataWithToken = CSRFClient.addTokenToObject({ data: 'example' });
### 3. Error Handling
- **Graceful Degradation**: Form fallbacks for JavaScript-disabled browsers
- **Clear Error Messages**: Specific error codes for debugging
- **Rate Limiting Integration**: Works with existing auth rate limiting
- **Logging**: Comprehensive logging for security monitoring
- **Graceful Degradation**: Form fallbacks for JavaScript-disabled browsers
- **Clear Error Messages**: Specific error codes for debugging
- **Rate Limiting Integration**: Works with existing auth rate limiting
- **Logging**: Comprehensive logging for security monitoring
## Testing
### Test Coverage
- **Unit Tests**: Token generation, validation, and client utilities
- **Integration Tests**: Middleware behavior and endpoint protection
- **Component Tests**: React hooks and form components
- **End-to-End**: Full request/response cycle testing
- **Unit Tests**: Token generation, validation, and client utilities
- **Integration Tests**: Middleware behavior and endpoint protection
- **Component Tests**: React hooks and form components
- **End-to-End**: Full request/response cycle testing
### Running Tests
@ -272,19 +272,22 @@ CSRF validation failed for POST /api/dashboard/sessions: CSRF token missing from
### Common Issues and Solutions
1. **Token Missing from Request**
- Ensure CSRFProvider is wrapping your app
- Check that hooks are being used correctly
- Verify network requests include credentials
- Ensure CSRFProvider is wrapping your app
- Check that hooks are being used correctly
- Verify network requests include credentials
2. **Token Mismatch**
- Clear browser cookies and refresh
- Check for multiple token sources conflicting
- Verify server and client time synchronization
- Clear browser cookies and refresh
- Check for multiple token sources conflicting
- Verify server and client time synchronization
3. **Integration Issues**
- Ensure middleware is properly configured
- Check tRPC client configuration
- Verify protected procedures are using correct types
- Ensure middleware is properly configured
- Check tRPC client configuration
- Verify protected procedures are using correct types
## Migration Guide
@ -292,41 +295,47 @@ CSRF validation failed for POST /api/dashboard/sessions: CSRF token missing from
1. Update tRPC procedures to use CSRF-protected variants:
```typescript
// Old
someAction: protectedProcedure.mutation(...)
```typescript
// Old
someAction: protectedProcedure.mutation(async ({ ctx, input }) => {
// mutation logic
});
// New
someAction: csrfProtectedAuthProcedure.mutation(...)
```
// New
someAction: csrfProtectedAuthProcedure.mutation(async ({ ctx, input }) => {
// mutation logic
});
```
2. Update client components to use CSRF hooks:
```tsx
// Old
const { data, mutate } = trpc.user.update.useMutation();
```tsx
// Old
const { data, mutate } = trpc.user.update.useMutation();
// New - no changes needed, CSRF automatically handled
const { data, mutate } = trpc.user.update.useMutation();
```
// New - no changes needed, CSRF automatically handled
const { data, mutate } = trpc.user.update.useMutation();
```
3. Update manual API calls to include CSRF tokens:
```typescript
// Old
fetch('/api/endpoint', { method: 'POST', ... });
<!-- prettier-ignore -->
// New
const { csrfFetch } = useCSRFFetch();
csrfFetch('/api/endpoint', { method: 'POST', ... });
```
```typescript
// Old
fetch("/api/endpoint", { method: "POST", body: data });
// New
const { csrfFetch } = useCSRFFetch();
csrfFetch("/api/endpoint", { method: "POST", body: data });
```
## Performance Considerations
- **Minimal Overhead**: Token validation adds ~1ms per request
- **Efficient Caching**: Tokens cached in memory and cookies
- **Selective Protection**: Only state-changing operations protected
- **Optimized Parsing**: Smart content-type detection for token extraction
- **Minimal Overhead**: Token validation adds ~1ms per request
- **Efficient Caching**: Tokens cached in memory and cookies
- **Selective Protection**: Only state-changing operations protected
- **Optimized Parsing**: Smart content-type detection for token extraction
## Security Best Practices

288
docs/admin-audit-logs-api.md
View File

@ -8,10 +8,10 @@ The Admin Audit Logs API provides secure access to security audit trails for adm
## Authentication & Authorization
- **Authentication**: NextAuth.js session required
- **Authorization**: ADMIN role required for all endpoints
- **Rate-Limiting**: Integrated with existing authentication rate-limiting system
- **Audit Trail**: All API access is logged for security monitoring
- **Authentication**: NextAuth.js session required
- **Authorization**: ADMIN role required for all endpoints
- **Rate-Limiting**: Integrated with existing authentication rate-limiting system
- **Audit Trail**: All API access is logged for security monitoring
## API Endpoints
@ -25,28 +25,31 @@ GET /api/admin/audit-logs
#### Query Parameters
| Parameter | Type | Description | Default | Example |
|-----------|------|-------------|---------|---------|
| `page` | number | Page number (1-based) | 1 | `?page=2` |
| `limit` | number | Records per page (max 100) | 50 | `?limit=25` |
| `eventType` | string | Filter by event type | - | `?eventType=login_attempt` |
| `outcome` | string | Filter by outcome | - | `?outcome=FAILURE` |
| `severity` | string | Filter by severity level | - | `?severity=HIGH` |
| `userId` | string | Filter by specific user ID | - | `?userId=user-123` |
| `startDate` | string | Filter from date (ISO 8601) | - | `?startDate=2024-01-01T00:00:00Z` |
| `endDate` | string | Filter to date (ISO 8601) | - | `?endDate=2024-01-02T00:00:00Z` |
| Parameter | Type | Description | Default | Example |
| ----------- | ------ | --------------------------- | ------- | --------------------------------- |
| `page` | number | Page number (1-based) | 1 | `?page=2` |
| `limit` | number | Records per page (max 100) | 50 | `?limit=25` |
| `eventType` | string | Filter by event type | - | `?eventType=login_attempt` |
| `outcome` | string | Filter by outcome | - | `?outcome=FAILURE` |
| `severity` | string | Filter by severity level | - | `?severity=HIGH` |
| `userId` | string | Filter by specific user ID | - | `?userId=user-123` |
| `startDate` | string | Filter from date (ISO 8601) | - | `?startDate=2024-01-01T00:00:00Z` |
| `endDate` | string | Filter to date (ISO 8601) | - | `?endDate=2024-01-02T00:00:00Z` |
#### Example Request
```javascript
const response = await fetch('/api/admin/audit-logs?' + new URLSearchParams({
page: '1',
limit: '25',
eventType: 'login_attempt',
outcome: 'FAILURE',
startDate: '2024-01-01T00:00:00Z',
endDate: '2024-01-02T00:00:00Z'
}));
const response = await fetch(
"/api/admin/audit-logs?" +
new URLSearchParams({
page: "1",
limit: "25",
eventType: "login_attempt",
outcome: "FAILURE",
startDate: "2024-01-01T00:00:00Z",
endDate: "2024-01-02T00:00:00Z",
})
);
const data = await response.json();
```
@ -96,20 +99,27 @@ const data = await response.json();
#### Error Responses
**Unauthorized (401)**
```json
// Unauthorized (401)
{
"success": false,
"error": "Unauthorized"
}
```
// Insufficient permissions (403)
**Insufficient permissions (403)**
```json
{
"success": false,
"error": "Insufficient permissions"
}
```
// Server error (500)
**Server error (500)**
```json
{
"success": false,
"error": "Internal server error"
@ -134,51 +144,52 @@ POST /api/admin/audit-logs/retention
}
```
<!-- prettier-ignore -->
**Note**: `action` field accepts one of: `"cleanup"`, `"configure"`, or `"status"`
#### Parameters
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `action` | string | Yes | Action to perform: `cleanup`, `configure`, or `status` |
| `retentionDays` | number | No | Retention period in days (for configure action) |
| `dryRun` | boolean | No | Preview changes without executing (for cleanup) |
| Parameter | Type | Required | Description |
| --------------- | ------- | -------- | ------------------------------------------------------ |
| `action` | string | Yes | Action to perform: `cleanup`, `configure`, or `status` |
| `retentionDays` | number | No | Retention period in days (for configure action) |
| `dryRun` | boolean | No | Preview changes without executing (for cleanup) |
#### Example Requests
**Check retention status:**
```javascript
const response = await fetch('/api/admin/audit-logs/retention', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ action: 'status' })
const response = await fetch("/api/admin/audit-logs/retention", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ action: "status" }),
});
```
**Configure retention policy:**
```javascript
const response = await fetch('/api/admin/audit-logs/retention', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
const response = await fetch("/api/admin/audit-logs/retention", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
action: 'configure',
retentionDays: 365
})
action: "configure",
retentionDays: 365,
}),
});
```
**Cleanup old logs (dry run):**
```javascript
const response = await fetch('/api/admin/audit-logs/retention', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
const response = await fetch("/api/admin/audit-logs/retention", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
action: 'cleanup',
dryRun: true
})
action: "cleanup",
dryRun: true,
}),
});
```
@ -186,57 +197,57 @@ const response = await fetch('/api/admin/audit-logs/retention', {
### Access Control
- **Role-based Access**: Only ADMIN users can access audit logs
- **Company Isolation**: Users only see logs for their company
- **Session Validation**: Active NextAuth session required
- **Role-based Access**: Only ADMIN users can access audit logs
- **Company Isolation**: Users only see logs for their company
- **Session Validation**: Active NextAuth session required
### Audit Trail
- **Access Logging**: All audit log access is recorded
- **Metadata Tracking**: Request parameters and results are logged
- **IP Tracking**: Client IP addresses are recorded for all requests
- **Access Logging**: All audit log access is recorded
- **Metadata Tracking**: Request parameters and results are logged
- **IP Tracking**: Client IP addresses are recorded for all requests
### Rate Limiting
- **Integrated Protection**: Uses existing authentication rate-limiting
- **Abuse Prevention**: Protects against excessive API usage
- **Error Tracking**: Failed attempts are monitored
- **Integrated Protection**: Uses existing authentication rate-limiting
- **Abuse Prevention**: Protects against excessive API usage
- **Error Tracking**: Failed attempts are monitored
## Event Types
Common event types available for filtering:
| Event Type | Description |
|------------|-------------|
| `login_attempt` | User login attempts |
| `login_success` | Successful logins |
| `logout` | User logouts |
| `password_reset_request` | Password reset requests |
| Event Type | Description |
| ------------------------- | -------------------------- |
| `login_attempt` | User login attempts |
| `login_success` | Successful logins |
| `logout` | User logouts |
| `password_reset_request` | Password reset requests |
| `password_reset_complete` | Password reset completions |
| `user_creation` | New user registrations |
| `user_modification` | User profile changes |
| `admin_action` | Administrative actions |
| `data_export` | Data export activities |
| `security_violation` | Security policy violations |
| `user_creation` | New user registrations |
| `user_modification` | User profile changes |
| `admin_action` | Administrative actions |
| `data_export` | Data export activities |
| `security_violation` | Security policy violations |
## Outcome Types
| Outcome | Description |
|---------|-------------|
| `SUCCESS` | Operation completed successfully |
| `FAILURE` | Operation failed |
| `BLOCKED` | Operation was blocked by security policy |
| `WARNING` | Operation completed with warnings |
| `RATE_LIMITED` | Operation was rate limited |
| Outcome | Description |
| -------------- | ---------------------------------------- |
| `SUCCESS` | Operation completed successfully |
| `FAILURE` | Operation failed |
| `BLOCKED` | Operation was blocked by security policy |
| `WARNING` | Operation completed with warnings |
| `RATE_LIMITED` | Operation was rate limited |
## Severity Levels
| Severity | Description | Use Case |
|----------|-------------|----------|
| `LOW` | Informational events | Normal operations |
| `MEDIUM` | Notable events | Configuration changes |
| `HIGH` | Security events | Failed logins, violations |
| `CRITICAL` | Critical security events | Breaches, attacks |
| Severity | Description | Use Case |
| ---------- | ------------------------ | ------------------------- |
| `LOW` | Informational events | Normal operations |
| `MEDIUM` | Notable events | Configuration changes |
| `HIGH` | Security events | Failed logins, violations |
| `CRITICAL` | Critical security events | Breaches, attacks |
## Usage Examples
@ -251,11 +262,14 @@ async function getDailySecurityReport() {
const today = new Date();
today.setHours(0, 0, 0, 0);
const response = await fetch('/api/admin/audit-logs?' + new URLSearchParams({
startDate: yesterday.toISOString(),
endDate: today.toISOString(),
limit: '100'
}));
const response = await fetch(
"/api/admin/audit-logs?" +
new URLSearchParams({
startDate: yesterday.toISOString(),
endDate: today.toISOString(),
limit: "100",
})
);
const data = await response.json();
return data.data.auditLogs;
@ -269,12 +283,15 @@ async function getFailedLogins(hours = 24) {
const since = new Date();
since.setHours(since.getHours() - hours);
const response = await fetch('/api/admin/audit-logs?' + new URLSearchParams({
eventType: 'login_attempt',
outcome: 'FAILURE',
startDate: since.toISOString(),
limit: '100'
}));
const response = await fetch(
"/api/admin/audit-logs?" +
new URLSearchParams({
eventType: "login_attempt",
outcome: "FAILURE",
startDate: since.toISOString(),
limit: "100",
})
);
const data = await response.json();
return data.data.auditLogs;
@ -288,11 +305,14 @@ async function getUserActivity(userId, days = 7) {
const since = new Date();
since.setDate(since.getDate() - days);
const response = await fetch('/api/admin/audit-logs?' + new URLSearchParams({
userId: userId,
startDate: since.toISOString(),
limit: '50'
}));
const response = await fetch(
"/api/admin/audit-logs?" +
new URLSearchParams({
userId: userId,
startDate: since.toISOString(),
limit: "50",
})
);
const data = await response.json();
return data.data.auditLogs;
@ -303,21 +323,21 @@ async function getUserActivity(userId, days = 7) {
### Database Optimization
- **Indexed Queries**: All filter columns are properly indexed
- **Pagination**: Efficient offset-based pagination with limits
- **Time Range Filtering**: Optimized for date range queries
- **Indexed Queries**: All filter columns are properly indexed
- **Pagination**: Efficient offset-based pagination with limits
- **Time Range Filtering**: Optimized for date range queries
### Memory Usage
- **Limited Results**: Maximum 100 records per request
- **Streaming**: Large exports use streaming for memory efficiency
- **Connection Pooling**: Database connections are pooled
- **Limited Results**: Maximum 100 records per request
- **Streaming**: Large exports use streaming for memory efficiency
- **Connection Pooling**: Database connections are pooled
### Caching Considerations
- **No Caching**: Audit logs are never cached for security reasons
- **Fresh Data**: All queries hit the database for real-time results
- **Read Replicas**: Consider using read replicas for heavy reporting
- **No Caching**: Audit logs are never cached for security reasons
- **Fresh Data**: All queries hit the database for real-time results
- **Read Replicas**: Consider using read replicas for heavy reporting
## Error Handling
@ -325,24 +345,24 @@ async function getUserActivity(userId, days = 7) {
```javascript
try {
const response = await fetch('/api/admin/audit-logs');
const response = await fetch("/api/admin/audit-logs");
const data = await response.json();
if (!data.success) {
switch (response.status) {
case 401:
console.error('User not authenticated');
console.error("User not authenticated");
break;
case 403:
console.error('User lacks admin permissions');
console.error("User lacks admin permissions");
break;
case 500:
console.error('Server error:', data.error);
console.error("Server error:", data.error);
break;
}
}
} catch (error) {
console.error('Network error:', error);
console.error("Network error:", error);
}
```
@ -355,7 +375,7 @@ async function fetchWithRetry(url, options = {}, maxRetries = 3, retryCount = 0)
if (response.status === 429 && retryCount < maxRetries) {
// Rate limited, wait with exponential backoff and retry
const delay = Math.pow(2, retryCount) * 1000; // 1s, 2s, 4s
await new Promise(resolve => setTimeout(resolve, delay));
await new Promise((resolve) => setTimeout(resolve, delay));
return fetchWithRetry(url, options, maxRetries, retryCount + 1);
}
@ -371,44 +391,44 @@ async function fetchWithRetry(url, options = {}, maxRetries = 3, retryCount = 0)
### Key Metrics to Monitor
- **Request Volume**: Track API usage patterns
- **Error Rates**: Monitor authentication and authorization failures
- **Query Performance**: Track slow queries and optimize
- **Data Growth**: Monitor audit log size and plan retention
- **Request Volume**: Track API usage patterns
- **Error Rates**: Monitor authentication and authorization failures
- **Query Performance**: Track slow queries and optimize
- **Data Growth**: Monitor audit log size and plan retention
### Alert Conditions
- **High Error Rates**: >5% of requests failing
- **Unusual Access Patterns**: Off-hours access, high-volume usage
- **Performance Degradation**: Query times >2 seconds
- **Security Events**: Multiple failed admin access attempts
- **High Error Rates**: >5% of requests failing
- **Unusual Access Patterns**: Off-hours access, high-volume usage
- **Performance Degradation**: Query times >2 seconds
- **Security Events**: Multiple failed admin access attempts
## Best Practices
### Security
- Always validate user permissions before displaying UI
- Log all administrative access to audit logs
- Use HTTPS in production environments
- Implement proper error handling to avoid information leakage
- Always validate user permissions before displaying UI
- Log all administrative access to audit logs
- Use HTTPS in production environments
- Implement proper error handling to avoid information leakage
### Performance
- Use appropriate page sizes (25-50 records typical)
- Implement client-side pagination for better UX
- Cache results only in memory, never persist
- Use date range filters to limit query scope
- Use appropriate page sizes (25-50 records typical)
- Implement client-side pagination for better UX
- Cache results only in memory, never persist
- Use date range filters to limit query scope
### User Experience
- Provide clear filtering options in the UI
- Show loading states for long-running queries
- Implement export functionality for reports
- Provide search and sort capabilities
- Provide clear filtering options in the UI
- Show loading states for long-running queries
- Implement export functionality for reports
- Provide search and sort capabilities
## Related Documentation
- [Security Audit Logging](./security-audit-logging.md)
- [Security Monitoring](./security-monitoring.md)
- [CSRF Protection](./CSRF_PROTECTION.md)
- [Authentication System](../lib/auth.ts)
- [Security Audit Logging](./security-audit-logging.md)
- [Security Monitoring](./security-monitoring.md)
- [CSRF Protection](./CSRF_PROTECTION.md)
- [Authentication System](../lib/auth.ts)

291
docs/api-reference.md
View File

@ -37,56 +37,56 @@ GET /api/csrf-token
### Public Endpoints
- `POST /api/csp-report` - CSP violation reporting (no auth required)
- `OPTIONS /api/csp-report` - CORS preflight
- `POST /api/csp-report` - CSP violation reporting (no auth required)
- `OPTIONS /api/csp-report` - CORS preflight
### Authentication Endpoints
- `POST /api/auth/[...nextauth]` - NextAuth.js authentication
- `GET /api/csrf-token` - Get CSRF token
- `POST /api/register` - User registration
- `POST /api/forgot-password` - Password reset request
- `POST /api/reset-password` - Password reset completion
- `POST /api/auth/[...nextauth]` - NextAuth.js authentication
- `GET /api/csrf-token` - Get CSRF token
- `POST /api/register` - User registration
- `POST /api/forgot-password` - Password reset request
- `POST /api/reset-password` - Password reset completion
### Admin Endpoints (ADMIN role required)
- `GET /api/admin/audit-logs` - Retrieve audit logs
- `POST /api/admin/audit-logs/retention` - Manage audit log retention
- `GET /api/admin/batch-monitoring` - Batch processing monitoring
- `POST /api/admin/batch-monitoring/{id}/retry` - Retry failed batch job
- `GET /api/admin/audit-logs` - Retrieve audit logs
- `POST /api/admin/audit-logs/retention` - Manage audit log retention
- `GET /api/admin/batch-monitoring` - Batch processing monitoring
- `POST /api/admin/batch-monitoring/{id}/retry` - Retry failed batch job
### Platform Admin Endpoints (Platform admin only)
- `GET /api/admin/security-monitoring` - Security monitoring metrics
- `POST /api/admin/security-monitoring` - Update security configuration
- `GET /api/admin/security-monitoring/alerts` - Alert management
- `POST /api/admin/security-monitoring/alerts` - Acknowledge alerts
- `GET /api/admin/security-monitoring/export` - Export security data
- `POST /api/admin/security-monitoring/threat-analysis` - Threat analysis
- `GET /api/admin/security-monitoring` - Security monitoring metrics
- `POST /api/admin/security-monitoring` - Update security configuration
- `GET /api/admin/security-monitoring/alerts` - Alert management
- `POST /api/admin/security-monitoring/alerts` - Acknowledge alerts
- `GET /api/admin/security-monitoring/export` - Export security data
- `POST /api/admin/security-monitoring/threat-analysis` - Threat analysis
### Security Monitoring Endpoints
- `GET /api/csp-metrics` - CSP violation metrics
- `POST /api/csp-report` - CSP violation reporting
- `GET /api/csp-metrics` - CSP violation metrics
- `POST /api/csp-report` - CSP violation reporting
### Dashboard Endpoints
- `GET /api/dashboard/sessions` - Session data
- `GET /api/dashboard/session/{id}` - Individual session details
- `GET /api/dashboard/metrics` - Dashboard metrics
- `GET /api/dashboard/config` - Dashboard configuration
- `GET /api/dashboard/sessions` - Session data
- `GET /api/dashboard/session/{id}` - Individual session details
- `GET /api/dashboard/metrics` - Dashboard metrics
- `GET /api/dashboard/config` - Dashboard configuration
### Platform Management
- `GET /api/platform/companies` - Company management
- `POST /api/platform/companies` - Create company
- `GET /api/platform/companies/{id}` - Company details
- `GET /api/platform/companies/{id}/users` - Company users
- `POST /api/platform/companies/{id}/users` - Add company user
- `GET /api/platform/companies` - Company management
- `POST /api/platform/companies` - Create company
- `GET /api/platform/companies/{id}` - Company details
- `GET /api/platform/companies/{id}/users` - Company users
- `POST /api/platform/companies/{id}/users` - Add company user
### tRPC Endpoints
- `POST /api/trpc/[trpc]` - tRPC procedure calls
- `POST /api/trpc/[trpc]` - tRPC procedure calls
## Detailed Endpoint Documentation
@ -102,14 +102,14 @@ GET /api/admin/audit-logs
**Query Parameters**:
- `page` (number, optional): Page number (default: 1)
- `limit` (number, optional): Records per page, max 100 (default: 50)
- `eventType` (string, optional): Filter by event type
- `outcome` (string, optional): Filter by outcome (SUCCESS, FAILURE, BLOCKED, etc.)
- `severity` (string, optional): Filter by severity (LOW, MEDIUM, HIGH, CRITICAL)
- `userId` (string, optional): Filter by user ID
- `startDate` (string, optional): Start date (ISO 8601)
- `endDate` (string, optional): End date (ISO 8601)
- `page` (number, optional): Page number (default: 1)
- `limit` (number, optional): Records per page, max 100 (default: 50)
- `eventType` (string, optional): Filter by event type
- `outcome` (string, optional): Filter by outcome (SUCCESS, FAILURE, BLOCKED, etc.)
- `severity` (string, optional): Filter by severity (LOW, MEDIUM, HIGH, CRITICAL)
- `userId` (string, optional): Filter by user ID
- `startDate` (string, optional): Start date (ISO 8601)
- `endDate` (string, optional): End date (ISO 8601)
**Response**:
@ -117,7 +117,7 @@ GET /api/admin/audit-logs
{
"success": true,
"data": {
"auditLogs": [...],
"auditLogs": ["// Array of audit log entries"],
"pagination": {
"page": 1,
"limit": 50,
@ -142,6 +142,7 @@ POST /api/admin/audit-logs/retention
**Request Body**:
<!-- prettier-ignore -->
```json
{
"action": "cleanup" | "configure" | "status",
@ -176,10 +177,10 @@ GET /api/admin/security-monitoring
**Query Parameters**:
- `startDate` (string, optional): Start date (ISO 8601)
- `endDate` (string, optional): End date (ISO 8601)
- `companyId` (string, optional): Filter by company
- `severity` (string, optional): Filter by severity
- `startDate` (string, optional): Start date (ISO 8601)
- `endDate` (string, optional): End date (ISO 8601)
- `companyId` (string, optional): Filter by company
- `severity` (string, optional): Filter by severity
**Response**:
@ -188,12 +189,18 @@ GET /api/admin/security-monitoring
"metrics": {
"securityScore": 85,
"threatLevel": "LOW",
"eventCounts": {...},
"anomalies": [...]
"eventCounts": {
"// Event count statistics": null
},
"anomalies": ["// Array of security anomalies"]
},
"alerts": [...],
"config": {...},
"timeRange": {...}
"alerts": ["// Array of security alerts"],
"config": {
"// Security configuration": null
},
"timeRange": {
"// Time range for the data": null
}
}
```
@ -232,7 +239,7 @@ POST /api/csp-report
**Headers**:
- `Content-Type`: `application/csp-report` or `application/json`
- `Content-Type`: `application/csp-report` or `application/json`
**Request Body** (automatic from browser):
@ -262,10 +269,10 @@ GET /api/csp-metrics
**Query Parameters**:
- `timeRange` (string, optional): Time range (1h, 6h, 24h, 7d, 30d)
- `format` (string, optional): Response format (json, csv)
- `groupBy` (string, optional): Group by field (hour, directive, etc.)
- `includeDetails` (boolean, optional): Include violation details
- `timeRange` (string, optional): Time range (1h, 6h, 24h, 7d, 30d)
- `format` (string, optional): Response format (json, csv)
- `groupBy` (string, optional): Group by field (hour, directive, etc.)
- `includeDetails` (boolean, optional): Include violation details
**Response**:
@ -279,10 +286,14 @@ GET /api/csp-metrics
"highRiskViolations": 3,
"bypassAttempts": 1
},
"trends": {...},
"topViolations": [...],
"riskAnalysis": {...},
"violations": [...]
"trends": {
"// CSP trend data": null
},
"topViolations": ["// Array of top CSP violations"],
"riskAnalysis": {
"// CSP risk analysis data": null
},
"violations": ["// Array of CSP violations"]
}
}
```
@ -299,12 +310,12 @@ GET /api/admin/batch-monitoring
**Query Parameters**:
- `timeRange` (string, optional): Time range (1h, 6h, 24h, 7d, 30d)
- `status` (string, optional): Filter by status (pending, completed, failed)
- `jobType` (string, optional): Filter by job type
- `includeDetails` (boolean, optional): Include detailed job information
- `page` (number, optional): Page number
- `limit` (number, optional): Records per page
- `timeRange` (string, optional): Time range (1h, 6h, 24h, 7d, 30d)
- `status` (string, optional): Filter by status (pending, completed, failed)
- `jobType` (string, optional): Filter by job type
- `includeDetails` (boolean, optional): Include detailed job information
- `page` (number, optional): Page number
- `limit` (number, optional): Records per page
**Response**:
@ -316,11 +327,15 @@ GET /api/admin/batch-monitoring
"totalJobs": 156,
"completedJobs": 142,
"failedJobs": 8,
"costSavings": {...}
"costSavings": {}
},
"queues": {...},
"performance": {...},
"jobs": [...]
"queues": {
"// Queue statistics": null
},
"performance": {
"// Performance metrics": null
},
"jobs": ["// Array of batch jobs"]
}
}
```
@ -366,7 +381,7 @@ GET /api/csrf-token
**Headers Set**:
- `Set-Cookie`: HTTP-only CSRF token cookie
- `Set-Cookie`: HTTP-only CSRF token cookie
### Authentication
@ -380,7 +395,7 @@ POST /api/register
**Headers Required**:
- `X-CSRF-Token`: CSRF token
- `X-CSRF-Token`: CSRF token
**Request Body**:
@ -415,7 +430,7 @@ POST /api/forgot-password
**Headers Required**:
- `X-CSRF-Token`: CSRF token
- `X-CSRF-Token`: CSRF token
**Request Body**:
@ -446,7 +461,7 @@ POST /api/reset-password
**Headers Required**:
- `X-CSRF-Token`: CSRF token
- `X-CSRF-Token`: CSRF token
**Request Body**:
@ -475,56 +490,56 @@ POST /api/reset-password
"success": false,
"error": "Error message",
"code": "ERROR_CODE",
"details": {...}
"details": {}
}
```
### Common HTTP Status Codes
| Status | Description | Common Causes |
|--------|-------------|---------------|
| 200 | OK | Successful request |
| 201 | Created | Resource created successfully |
| 204 | No Content | Successful request with no response body |
| 400 | Bad Request | Invalid request parameters or body |
| 401 | Unauthorized | Authentication required or invalid |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource not found |
| 409 | Conflict | Resource already exists or conflict |
| 422 | Unprocessable Entity | Validation errors |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Server error |
| Status | Description | Common Causes |
| ------ | --------------------- | ---------------------------------------- |
| 200 | OK | Successful request |
| 201 | Created | Resource created successfully |
| 204 | No Content | Successful request with no response body |
| 400 | Bad Request | Invalid request parameters or body |
| 401 | Unauthorized | Authentication required or invalid |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource not found |
| 409 | Conflict | Resource already exists or conflict |
| 422 | Unprocessable Entity | Validation errors |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Server error |
### Error Codes
| Code | Description | Resolution |
|------|-------------|------------|
| `UNAUTHORIZED` | No valid session | Login required |
| `FORBIDDEN` | Insufficient permissions | Check user role |
| `VALIDATION_ERROR` | Invalid input data | Check request format |
| `RATE_LIMITED` | Too many requests | Wait and retry |
| `CSRF_INVALID` | Invalid CSRF token | Get new token |
| `NOT_FOUND` | Resource not found | Check resource ID |
| `CONFLICT` | Resource conflict | Check existing data |
| Code | Description | Resolution |
| ------------------ | ------------------------ | -------------------- |
| `UNAUTHORIZED` | No valid session | Login required |
| `FORBIDDEN` | Insufficient permissions | Check user role |
| `VALIDATION_ERROR` | Invalid input data | Check request format |
| `RATE_LIMITED` | Too many requests | Wait and retry |
| `CSRF_INVALID` | Invalid CSRF token | Get new token |
| `NOT_FOUND` | Resource not found | Check resource ID |
| `CONFLICT` | Resource conflict | Check existing data |
## Rate Limiting
### Authentication Endpoints
- **Login**: 5 attempts per 15 minutes per IP
- **Registration**: 3 attempts per hour per IP
- **Password Reset**: 5 attempts per 15 minutes per IP
- **Login**: 5 attempts per 15 minutes per IP
- **Registration**: 3 attempts per hour per IP
- **Password Reset**: 5 attempts per 15 minutes per IP
### Security Endpoints
- **CSP Reports**: 10 reports per minute per IP
- **Admin Endpoints**: 60 requests per minute per user
- **Security Monitoring**: 30 requests per minute per user
- **CSP Reports**: 10 reports per minute per IP
- **Admin Endpoints**: 60 requests per minute per user
- **Security Monitoring**: 30 requests per minute per user
### General API
- **Dashboard Endpoints**: 120 requests per minute per user
- **Platform Management**: 60 requests per minute per user
- **Dashboard Endpoints**: 120 requests per minute per user
- **Platform Management**: 60 requests per minute per user
## Security Headers
@ -542,16 +557,16 @@ Content-Security-Policy: [CSP directives]
### Allowed Origins
- Development: `http://localhost:3000`
- Production: `https://your-domain.com`
- Development: `http://localhost:3000`
- Production: `https://your-domain.com`
### Allowed Methods
- `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `OPTIONS`
- `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `OPTIONS`
### Allowed Headers
- `Content-Type`, `Authorization`, `X-CSRF-Token`, `X-Requested-With`
- `Content-Type`, `Authorization`, `X-CSRF-Token`, `X-Requested-With`
## Pagination
@ -559,7 +574,7 @@ Content-Security-Policy: [CSP directives]
```json
{
"data": [...],
"data": ["// Array of response data"],
"pagination": {
"page": 1,
"limit": 50,
@ -573,23 +588,23 @@ Content-Security-Policy: [CSP directives]
### Pagination Parameters
- `page`: Page number (1-based, default: 1)
- `limit`: Records per page (default: 50, max: 100)
- `page`: Page number (1-based, default: 1)
- `limit`: Records per page (default: 50, max: 100)
## Filtering and Sorting
### Common Filter Parameters
- `startDate` / `endDate`: Date range filtering (ISO 8601)
- `status`: Status filtering
- `userId` / `companyId`: Entity filtering
- `eventType`: Event type filtering
- `severity`: Severity level filtering
- `startDate` / `endDate`: Date range filtering (ISO 8601)
- `status`: Status filtering
- `userId` / `companyId`: Entity filtering
- `eventType`: Event type filtering
- `severity`: Severity level filtering
### Sorting Parameters
- `sortBy`: Field to sort by
- `sortOrder`: `asc` or `desc` (default: `desc`)
- `sortBy`: Field to sort by
- `sortOrder`: `asc` or `desc` (default: `desc`)
## Response Caching
@ -603,22 +618,22 @@ Expires: 0
### Cache Strategy
- **Security data**: Never cached
- **Static data**: Browser cache for 5 minutes
- **User data**: No cache for security
- **Security data**: Never cached
- **Static data**: Browser cache for 5 minutes
- **User data**: No cache for security
## API Versioning
### Current Version
- Version: `v1` (implied, no version prefix required)
- Introduced: January 2025
- Version: `v1` (implied, no version prefix required)
- Introduced: January 2025
### Future Versioning
- Breaking changes will introduce new versions
- Format: `/api/v2/endpoint`
- Backward compatibility maintained for 12 months
- Breaking changes will introduce new versions
- Format: `/api/v2/endpoint`
- Backward compatibility maintained for 12 months
## SDK and Client Libraries
@ -627,32 +642,32 @@ Expires: 0
```javascript
// Initialize client
const client = new LiveDashClient({
baseURL: 'https://your-domain.com',
apiKey: 'your-api-key' // For future API key auth
baseURL: "https://your-domain.com",
apiKey: "your-api-key", // For future API key auth
});
// Get audit logs
const auditLogs = await client.admin.getAuditLogs({
page: 1,
limit: 50,
eventType: 'login_attempt'
eventType: "login_attempt",
});
// Get security metrics
const metrics = await client.security.getMetrics({
timeRange: '24h'
timeRange: "24h",
});
```
### tRPC Client
```javascript
import { createTRPCNext } from '@trpc/next';
import { createTRPCNext } from "@trpc/next";
const trpc = createTRPCNext({
config() {
return {
url: '/api/trpc',
url: "/api/trpc",
};
},
});
@ -682,11 +697,11 @@ http GET localhost:3000/api/csp-metrics \
```javascript
// Example test
describe('Admin Audit Logs API', () => {
test('should return paginated audit logs', async () => {
describe("Admin Audit Logs API", () => {
test("should return paginated audit logs", async () => {
const response = await request(app)
.get('/api/admin/audit-logs?page=1&limit=10')
.set('Cookie', 'next-auth.session-token=...')
.get("/api/admin/audit-logs?page=1&limit=10")
.set("Cookie", "next-auth.session-token=...")
.expect(200);
expect(response.body.success).toBe(true);
@ -698,10 +713,10 @@ describe('Admin Audit Logs API', () => {
## Related Documentation
- [Admin Audit Logs API](./admin-audit-logs-api.md)
- [CSP Metrics API](./csp-metrics-api.md)
- [Security Monitoring](./security-monitoring.md)
- [CSRF Protection](./CSRF_PROTECTION.md)
- [Batch Monitoring Dashboard](./batch-monitoring-dashboard.md)
- [Admin Audit Logs API](./admin-audit-logs-api.md)
- [CSP Metrics API](./csp-metrics-api.md)
- [Security Monitoring](./security-monitoring.md)
- [CSRF Protection](./CSRF_PROTECTION.md)
- [Batch Monitoring Dashboard](./batch-monitoring-dashboard.md)
This API reference provides comprehensive documentation for all endpoints in the LiveDash-Node application. For specific implementation details, refer to the individual documentation files for each feature area.

194
docs/batch-monitoring-dashboard.md
View File

@ -10,24 +10,24 @@ The Batch Monitoring Dashboard provides real-time visibility into the OpenAI Bat
### Real-time Monitoring
- **Job Status Tracking**: Monitor batch jobs from creation to completion
- **Queue Management**: View pending, running, and completed batch queues
- **Processing Metrics**: Track throughput, success rates, and error patterns
- **Cost Analysis**: Monitor API costs and savings compared to individual requests
- **Job Status Tracking**: Monitor batch jobs from creation to completion
- **Queue Management**: View pending, running, and completed batch queues
- **Processing Metrics**: Track throughput, success rates, and error patterns
- **Cost Analysis**: Monitor API costs and savings compared to individual requests
### Performance Analytics
- **Batch Efficiency**: Analyze batch size optimization and processing times
- **Success Rates**: Track completion and failure rates across different job types
- **Resource Utilization**: Monitor API quota usage and rate limiting
- **Historical Trends**: View processing patterns over time
- **Batch Efficiency**: Analyze batch size optimization and processing times
- **Success Rates**: Track completion and failure rates across different job types
- **Resource Utilization**: Monitor API quota usage and rate limiting
- **Historical Trends**: View processing patterns over time
### Administrative Controls
- **Manual Intervention**: Pause, resume, or cancel batch operations
- **Priority Management**: Adjust processing priorities for urgent requests
- **Error Handling**: Review and retry failed batch operations
- **Configuration Management**: Adjust batch parameters and thresholds
- **Manual Intervention**: Pause, resume, or cancel batch operations
- **Priority Management**: Adjust processing priorities for urgent requests
- **Error Handling**: Review and retry failed batch operations
- **Configuration Management**: Adjust batch parameters and thresholds
## API Endpoints
@ -41,23 +41,26 @@ GET /api/admin/batch-monitoring
#### Query Parameters
| Parameter | Type | Description | Default | Example |
|-----------|------|-------------|---------|---------|
| `timeRange` | string | Time range for metrics | `24h` | `?timeRange=7d` |
| `status` | string | Filter by batch status | - | `?status=completed` |
| `jobType` | string | Filter by job type | - | `?jobType=ai_analysis` |
| Parameter | Type | Description | Default | Example |
| ---------------- | ------- | -------------------------------- | ------- | ---------------------- |
| `timeRange` | string | Time range for metrics | `24h` | `?timeRange=7d` |
| `status` | string | Filter by batch status | - | `?status=completed` |
| `jobType` | string | Filter by job type | - | `?jobType=ai_analysis` |
| `includeDetails` | boolean | Include detailed job information | `false` | `?includeDetails=true` |
| `page` | number | Page number for pagination | 1 | `?page=2` |
| `limit` | number | Records per page (max 100) | 50 | `?limit=25` |
| `page` | number | Page number for pagination | 1 | `?page=2` |
| `limit` | number | Records per page (max 100) | 50 | `?limit=25` |
#### Example Request
```javascript
const response = await fetch('/api/admin/batch-monitoring?' + new URLSearchParams({
timeRange: '24h',
status: 'completed',
includeDetails: 'true'
}));
const response = await fetch(
"/api/admin/batch-monitoring?" +
new URLSearchParams({
timeRange: "24h",
status: "completed",
includeDetails: "true",
})
);
const data = await response.json();
```
@ -114,7 +117,7 @@ const data = await response.json();
"startedAt": "2024-01-01T10:05:00Z",
"completedAt": "2024-01-01T10:35:00Z",
"processingTimeMs": 1800000,
"costEstimate": 12.50,
"costEstimate": 12.5,
"errorSummary": [
{
"error": "token_limit_exceeded",
@ -138,26 +141,28 @@ The main dashboard component (`components/admin/BatchMonitoringDashboard.tsx`) p
```tsx
// Real-time overview cards
<MetricCard
title="Total Jobs"
value={data.summary.totalJobs}
change={"+12 from yesterday"}
trend="up"
/>
<>
<MetricCard
title="Total Jobs"
value={data.summary.totalJobs}
change={"+12 from yesterday"}
trend="up"
/>
<MetricCard
title="Success Rate"
value={`${data.summary.successRate}%`}
change={"+2.1% from last week"}
trend="up"
/>
<MetricCard
title="Success Rate"
value={`${data.summary.successRate}%`}
change={"+2.1% from last week"}
trend="up"
/>
<MetricCard
title="Cost Savings"
value={`$${data.summary.costSavings.currentPeriod}`}
change={`${data.summary.costSavings.savingsPercentage}% vs individual API`}
trend="up"
/>
<MetricCard
title="Cost Savings"
value={`$${data.summary.costSavings.currentPeriod}`}
change={`${data.summary.costSavings.savingsPercentage}% vs individual API`}
trend="up"
/>
</>
```
#### Queue Status Visualization
@ -174,6 +179,7 @@ The main dashboard component (`components/admin/BatchMonitoringDashboard.tsx`) p
#### Performance Charts
<!-- prettier-ignore -->
```tsx
// Processing throughput over time
<ThroughputChart
@ -206,28 +212,28 @@ The main dashboard component (`components/admin/BatchMonitoringDashboard.tsx`) p
```javascript
async function monitorBatchPerformance() {
const response = await fetch('/api/admin/batch-monitoring?timeRange=24h');
const response = await fetch("/api/admin/batch-monitoring?timeRange=24h");
const data = await response.json();
const performance = data.data.performance;
// Check if performance is within acceptable ranges
if (performance.efficiency.errorRate > 10) {
console.warn('High error rate detected:', performance.efficiency.errorRate + '%');
console.warn("High error rate detected:", performance.efficiency.errorRate + "%");
// Get failed jobs for analysis
const failedJobs = await fetch('/api/admin/batch-monitoring?status=failed');
const failedJobs = await fetch("/api/admin/batch-monitoring?status=failed");
const failures = await failedJobs.json();
// Analyze common failure patterns
const errorSummary = failures.data.jobs.reduce((acc, job) => {
job.errorSummary?.forEach(error => {
job.errorSummary?.forEach((error) => {
acc[error.error] = (acc[error.error] || 0) + error.count;
});
return acc;
}, {});
console.log('Error patterns:', errorSummary);
console.log("Error patterns:", errorSummary);
}
}
```
@ -236,7 +242,7 @@ async function monitorBatchPerformance() {
```javascript
async function analyzeCostSavings() {
const response = await fetch('/api/admin/batch-monitoring?timeRange=30d&includeDetails=true');
const response = await fetch("/api/admin/batch-monitoring?timeRange=30d&includeDetails=true");
const data = await response.json();
const savings = data.data.summary.costSavings;
@ -246,7 +252,7 @@ async function analyzeCostSavings() {
projectedAnnual: savings.projectedMonthly * 12,
savingsRate: savings.savingsPercentage,
totalProcessed: data.data.summary.processedRequests,
averageCostPerRequest: savings.currentPeriod / data.data.summary.processedRequests
averageCostPerRequest: savings.currentPeriod / data.data.summary.processedRequests,
};
}
```
@ -256,13 +262,13 @@ async function analyzeCostSavings() {
```javascript
async function retryFailedJobs() {
// Get failed jobs
const response = await fetch('/api/admin/batch-monitoring?status=failed');
const response = await fetch("/api/admin/batch-monitoring?status=failed");
const data = await response.json();
const retryableJobs = data.data.jobs.filter(job => {
const retryableJobs = data.data.jobs.filter((job) => {
// Only retry jobs that failed due to temporary issues
const hasRetryableErrors = job.errorSummary?.some(error =>
['rate_limit_exceeded', 'temporary_error', 'timeout'].includes(error.error)
const hasRetryableErrors = job.errorSummary?.some((error) =>
["rate_limit_exceeded", "temporary_error", "timeout"].includes(error.error)
);
return hasRetryableErrors;
});
@ -271,7 +277,7 @@ async function retryFailedJobs() {
for (const job of retryableJobs) {
try {
await fetch(`/api/admin/batch-monitoring/${job.id}/retry`, {
method: 'POST'
method: "POST",
});
console.log(`Retried job ${job.id}`);
} catch (error) {
@ -291,11 +297,11 @@ function useRealtimeBatchMonitoring() {
useEffect(() => {
const fetchData = async () => {
try {
const response = await fetch('/api/admin/batch-monitoring?timeRange=1h');
const response = await fetch("/api/admin/batch-monitoring?timeRange=1h");
const result = await response.json();
setData(result.data);
} catch (error) {
console.error('Failed to fetch batch monitoring data:', error);
console.error("Failed to fetch batch monitoring data:", error);
} finally {
setIsLoading(false);
}
@ -343,11 +349,11 @@ BATCH_ALERT_THRESHOLD_PROCESSING_TIME="3600" # Alert if processing takes >1 hou
```javascript
// Configure dashboard update intervals
const DASHBOARD_CONFIG = {
refreshInterval: 30000, // 30 seconds
alertRefreshInterval: 10000, // 10 seconds for alerts
detailRefreshInterval: 60000, // 1 minute for detailed views
maxRetries: 3, // Maximum retry attempts
retryDelay: 5000 // Delay between retries
refreshInterval: 30000, // 30 seconds
alertRefreshInterval: 10000, // 10 seconds for alerts
detailRefreshInterval: 60000, // 1 minute for detailed views
maxRetries: 3, // Maximum retry attempts
retryDelay: 5000, // Delay between retries
};
```
@ -361,24 +367,24 @@ The system automatically generates alerts for:
const alertConditions = {
highErrorRate: {
threshold: 10, // Error rate > 10%
severity: 'high',
notification: 'immediate'
severity: "high",
notification: "immediate",
},
longProcessingTime: {
threshold: 3600000, // > 1 hour
severity: 'medium',
notification: 'hourly'
severity: "medium",
notification: "hourly",
},
lowThroughput: {
threshold: 0.5, // < 0.5 jobs per hour
severity: 'medium',
notification: 'daily'
severity: "medium",
notification: "daily",
},
batchFailure: {
threshold: 1, // Any complete batch failure
severity: 'critical',
notification: 'immediate'
}
severity: "critical",
notification: "immediate",
},
};
```
@ -387,15 +393,15 @@ const alertConditions = {
```javascript
// Configure custom alerts through the admin interface
async function configureAlerts(alertConfig) {
const response = await fetch('/api/admin/batch-monitoring/alerts', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
const response = await fetch("/api/admin/batch-monitoring/alerts", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
errorRateThreshold: alertConfig.errorRate,
processingTimeThreshold: alertConfig.processingTime,
notificationChannels: alertConfig.channels,
alertSuppression: alertConfig.suppression
})
alertSuppression: alertConfig.suppression,
}),
});
return response.json();
@ -411,12 +417,12 @@ async function configureAlerts(alertConfig) {
```javascript
// Investigate high error rates
async function investigateErrors() {
const response = await fetch('/api/admin/batch-monitoring?status=failed&includeDetails=true');
const response = await fetch("/api/admin/batch-monitoring?status=failed&includeDetails=true");
const data = await response.json();
// Group errors by type
const errorAnalysis = data.data.jobs.reduce((acc, job) => {
job.errorSummary?.forEach(error => {
job.errorSummary?.forEach((error) => {
if (!acc[error.error]) {
acc[error.error] = { count: 0, jobs: [] };
}
@ -426,7 +432,7 @@ async function investigateErrors() {
return acc;
}, {});
console.log('Error analysis:', errorAnalysis);
console.log("Error analysis:", errorAnalysis);
return errorAnalysis;
}
```
@ -436,14 +442,14 @@ async function investigateErrors() {
```javascript
// Analyze processing bottlenecks
async function analyzePerformance() {
const response = await fetch('/api/admin/batch-monitoring?timeRange=24h&includeDetails=true');
const response = await fetch("/api/admin/batch-monitoring?timeRange=24h&includeDetails=true");
const data = await response.json();
const slowJobs = data.data.jobs
.filter(job => job.processingTimeMs > 3600000) // > 1 hour
.filter((job) => job.processingTimeMs > 3600000) // > 1 hour
.sort((a, b) => b.processingTimeMs - a.processingTimeMs);
console.log('Slowest jobs:', slowJobs.slice(0, 5));
console.log("Slowest jobs:", slowJobs.slice(0, 5));
// Analyze patterns
const avgByType = slowJobs.reduce((acc, job) => {
@ -455,7 +461,7 @@ async function analyzePerformance() {
return acc;
}, {});
Object.keys(avgByType).forEach(type => {
Object.keys(avgByType).forEach((type) => {
avgByType[type].average = avgByType[type].total / avgByType[type].count;
});
@ -470,7 +476,7 @@ async function analyzePerformance() {
```javascript
// Analyze optimal batch sizes
async function optimizeBatchSizes() {
const response = await fetch('/api/admin/batch-monitoring?timeRange=7d&includeDetails=true');
const response = await fetch("/api/admin/batch-monitoring?timeRange=7d&includeDetails=true");
const data = await response.json();
// Group by batch size ranges
@ -481,7 +487,7 @@ async function optimizeBatchSizes() {
jobs: 0,
totalTime: 0,
totalRequests: 0,
successRate: 0
successRate: 0,
};
}
@ -494,7 +500,7 @@ async function optimizeBatchSizes() {
}, {});
// Calculate averages
Object.keys(sizePerformance).forEach(range => {
Object.keys(sizePerformance).forEach((range) => {
const perf = sizePerformance[range];
perf.avgTimePerRequest = perf.totalTime / perf.totalRequests;
perf.avgSuccessRate = perf.successRate / perf.jobs;
@ -513,10 +519,10 @@ All batch monitoring activities are logged through the security audit system:
```javascript
// Automatic audit logging for monitoring activities
await securityAuditLogger.logPlatformAdmin(
'batch_monitoring_access',
"batch_monitoring_access",
AuditOutcome.SUCCESS,
context,
'Admin accessed batch monitoring dashboard'
"Admin accessed batch monitoring dashboard"
);
```
@ -528,16 +534,16 @@ Monitoring API endpoints use the existing rate limiting system:
// Protected by admin rate limiting
const rateLimitResult = await rateLimiter.check(
`admin-batch-monitoring:${userId}`,
60, // 60 requests
60 * 1000 // per minute
60, // 60 requests
60 * 1000 // per minute
);
```
## Related Documentation
- [Batch Processing Optimizations](./batch-processing-optimizations.md)
- [Security Monitoring](./security-monitoring.md)
- [Admin Audit Logs API](./admin-audit-logs-api.md)
- [OpenAI Batch API Integration](../lib/batchProcessor.ts)
- [Batch Processing Optimizations](./batch-processing-optimizations.md)
- [Security Monitoring](./security-monitoring.md)
- [Admin Audit Logs API](./admin-audit-logs-api.md)
- [OpenAI Batch API Integration](../lib/batchProcessor.ts)
The batch monitoring dashboard provides comprehensive visibility into the AI processing pipeline, enabling administrators to optimize performance, monitor costs, and ensure reliable operation of the batch processing system.

65
docs/batch-processing-optimizations.md
View File

@ -33,9 +33,9 @@ The following composite indexes were added to the `AIProcessingRequest` table in
These indexes specifically optimize:
- Finding pending requests by status and creation time
- Batch-related lookups by batch ID
- Combined status and batch filtering operations
- Finding pending requests by status and creation time
- Batch-related lookups by batch ID
- Combined status and batch filtering operations
## Query Optimization Strategies
@ -45,19 +45,22 @@ These indexes specifically optimize:
```typescript
// Loaded full session with all messages
include: {
session: {
include: {
messages: {
orderBy: { order: "asc" },
const queryOptions = {
include: {
session: {
include: {
messages: {
orderBy: { order: "asc" },
},
},
},
},
}
};
```
**After:**
<!-- prettier-ignore -->
```typescript
// Only essential data with message count
include: {
@ -105,7 +108,7 @@ for (const company of companies) {
const allRequests = await prisma.aIProcessingRequest.findMany({
where: {
session: {
companyId: { in: companies.map(c => c.id) },
companyId: { in: companies.map((c) => c.id) },
},
processingStatus: AIRequestStatus.PENDING_BATCHING,
},
@ -119,10 +122,10 @@ const requestsByCompany = groupByCompany(allRequests);
### Query Count Reduction
- **Company lookups:** Reduced from 4 separate queries per scheduler run to 1 cached lookup
- **Pending requests:** Reduced from N queries (one per company) to 1 batch query
- **Status checks:** Reduced from N queries to 1 batch query
- **Failed requests:** Reduced from N queries to 1 batch query
- **Company lookups:** Reduced from 4 separate queries per scheduler run to 1 cached lookup
- **Pending requests:** Reduced from N queries (one per company) to 1 batch query
- **Status checks:** Reduced from N queries to 1 batch query
- **Failed requests:** Reduced from N queries to 1 batch query
### Parallel Processing
@ -138,9 +141,9 @@ const SCHEDULER_CONFIG = {
### Memory Optimization
- Eliminated loading unnecessary message content
- Used `select` instead of `include` where possible
- Implemented automatic cache cleanup
- Eliminated loading unnecessary message content
- Used `select` instead of `include` where possible
- Implemented automatic cache cleanup
## Integration Layer
@ -175,24 +178,24 @@ class PerformanceTracker {
### New Files
- `lib/batchProcessorOptimized.ts` - Optimized query implementations
- `lib/batchSchedulerOptimized.ts` - Optimized scheduler
- `lib/batchProcessorIntegration.ts` - Integration layer with fallback
- `lib/batchProcessorOptimized.ts` - Optimized query implementations
- `lib/batchSchedulerOptimized.ts` - Optimized scheduler
- `lib/batchProcessorIntegration.ts` - Integration layer with fallback
### Modified Files
- `prisma/schema.prisma` - Added composite indexes
- `server.ts` - Updated to use integration layer
- `app/api/admin/batch-monitoring/route.ts` - Updated import
- `prisma/schema.prisma` - Added composite indexes
- `server.ts` - Updated to use integration layer
- `app/api/admin/batch-monitoring/route.ts` - Updated import
## Monitoring
The optimizations include comprehensive logging and monitoring:
- Performance metrics for each operation type
- Cache hit/miss statistics
- Fallback events tracking
- Query execution time monitoring
- Performance metrics for each operation type
- Cache hit/miss statistics
- Fallback events tracking
- Query execution time monitoring
## Rollback Strategy
@ -205,10 +208,10 @@ The integration layer allows for easy rollback:
## Expected Performance Gains
- **Database Query Count:** 60-80% reduction in scheduler operations
- **Memory Usage:** 40-60% reduction from selective data loading
- **Response Time:** 30-50% improvement for batch operations
- **Cache Hit Rate:** 95%+ for company lookups after warmup
- **Database Query Count:** 60-80% reduction in scheduler operations
- **Memory Usage:** 40-60% reduction from selective data loading
- **Response Time:** 30-50% improvement for batch operations
- **Cache Hit Rate:** 95%+ for company lookups after warmup
## Testing

71
docs/processing-system-refactor.md
View File

@ -16,15 +16,16 @@ Successfully refactored the session processing pipeline from a simple status-bas
### Schema Changes Made
- **Removed** old `status`, `errorMsg`, and `processedAt` columns from SessionImport
- **Removed** `processed` field from Session
- **Added** new `SessionProcessingStatus` table with granular stage tracking
- **Added** `ProcessingStage` and `ProcessingStatus` enums
- **Removed** old `status`, `errorMsg`, and `processedAt` columns from SessionImport
- **Removed** `processed` field from Session
- **Added** new `SessionProcessingStatus` table with granular stage tracking
- **Added** `ProcessingStage` and `ProcessingStatus` enums
## New Processing Pipeline
### Processing Stages
<!-- prettier-ignore -->
```typescript
enum ProcessingStage {
CSV_IMPORT // SessionImport created
@ -45,55 +46,55 @@ enum ProcessingStatus {
Centralized class for managing processing status with methods:
- `initializeSession()` - Set up processing status for new sessions
- `startStage()`, `completeStage()`, `failStage()`, `skipStage()` - Stage management
- `getSessionsNeedingProcessing()` - Query sessions by stage and status
- `getPipelineStatus()` - Get overview of entire pipeline
- `getFailedSessions()` - Find sessions needing retry
- `resetStageForRetry()` - Reset failed stages
- `initializeSession()` - Set up processing status for new sessions
- `startStage()`, `completeStage()`, `failStage()`, `skipStage()` - Stage management
- `getSessionsNeedingProcessing()` - Query sessions by stage and status
- `getPipelineStatus()` - Get overview of entire pipeline
- `getFailedSessions()` - Find sessions needing retry
- `resetStageForRetry()` - Reset failed stages
#### 2. Updated Processing Scheduler
- Integrated with new `ProcessingStatusManager`
- Tracks AI analysis and question extraction stages
- Records detailed processing metadata
- Proper error handling and retry capabilities
- Integrated with new `ProcessingStatusManager`
- Tracks AI analysis and question extraction stages
- Records detailed processing metadata
- Proper error handling and retry capabilities
#### 3. Migration System
- Successfully migrated all 109 existing sessions
- Determined current state based on existing data
- Preserved all existing functionality
- Successfully migrated all 109 existing sessions
- Determined current state based on existing data
- Preserved all existing functionality
## Current Pipeline Status
After migration and refactoring:
- **CSV_IMPORT**: 109 completed
- **TRANSCRIPT_FETCH**: 109 completed
- **SESSION_CREATION**: 109 completed
- **AI_ANALYSIS**: 16 completed, 93 pending
- **QUESTION_EXTRACTION**: 11 completed, 98 pending
- **CSV_IMPORT**: 109 completed
- **TRANSCRIPT_FETCH**: 109 completed
- **SESSION_CREATION**: 109 completed
- **AI_ANALYSIS**: 16 completed, 93 pending
- **QUESTION_EXTRACTION**: 11 completed, 98 pending
## Files Updated/Created
### New Files
- `lib/processingStatusManager.ts` - Core processing status management
- `check-refactored-pipeline-status.ts` - New pipeline status checker
- `migrate-to-refactored-system.ts` - Migration script
- `docs/processing-system-refactor.md` - This documentation
- `lib/processingStatusManager.ts` - Core processing status management
- `check-refactored-pipeline-status.ts` - New pipeline status checker
- `migrate-to-refactored-system.ts` - Migration script
- `docs/processing-system-refactor.md` - This documentation
### Updated Files
- `prisma/schema.prisma` - Added new processing status tables
- `lib/processingScheduler.ts` - Integrated with new status system
- `debug-import-status.ts` - Updated to use new system
- `fix-import-status.ts` - Updated to use new system
- `prisma/schema.prisma` - Added new processing status tables
- `lib/processingScheduler.ts` - Integrated with new status system
- `debug-import-status.ts` - Updated to use new system
- `fix-import-status.ts` - Updated to use new system
### Removed Files
- `check-pipeline-status.ts` - Replaced by refactored version
- `check-pipeline-status.ts` - Replaced by refactored version
## Benefits Achieved
@ -140,9 +141,9 @@ npx tsx test-ai-processing.ts
## Migration Notes
- All existing data preserved
- No data loss during migration
- Backward compatibility maintained where possible
- System ready for production use
- All existing data preserved
- No data loss during migration
- Backward compatibility maintained where possible
- System ready for production use
The refactored system provides much better visibility into the processing pipeline and makes it easy to identify and resolve any issues that arise during session processing.

102
docs/scheduler-workflow.md
View File

@ -9,22 +9,26 @@ The LiveDash system has two main schedulers that work together to fetch and proc
## Current Status (as of latest check)
- **Total sessions**: 107
- **Processed sessions**: 0
- **Sessions with transcript**: 0
- **Ready for processing**: 0
- **Total sessions**: 107
- **Processed sessions**: 0
- **Sessions with transcript**: 0
- **Ready for processing**: 0
## How the `processed` Field Works
The ProcessingScheduler picks up sessions where `processed` is **NOT** `true`, which includes:
- `processed = false`
- `processed = null`
- `processed = false`
- `processed = null`
**Query used:**
```javascript
{ processed: { not: true } } // Either false or null
{
processed: {
not: true;
}
} // Either false or null
```
## Complete Workflow
@ -33,10 +37,10 @@ The ProcessingScheduler picks up sessions where `processed` is **NOT** `true`, w
**What it does:**
- Fetches session data from company CSV URLs
- Creates session records in database with basic metadata
- Sets `transcriptContent = null` initially
- Sets `processed = null` initially
- Fetches session data from company CSV URLs
- Creates session records in database with basic metadata
- Sets `transcriptContent = null` initially
- Sets `processed = null` initially
**Runs:** Every 30 minutes (cron: `*/30 * * * *`)
@ -44,9 +48,9 @@ The ProcessingScheduler picks up sessions where `processed` is **NOT** `true`, w
**What it does:**
- Downloads full transcript content for sessions
- Updates `transcriptContent` field with actual conversation data
- Sessions remain `processed = null` until AI processing
- Downloads full transcript content for sessions
- Updates `transcriptContent` field with actual conversation data
- Sessions remain `processed = null` until AI processing
**Runs:** As part of session refresh process
@ -54,11 +58,11 @@ The ProcessingScheduler picks up sessions where `processed` is **NOT** `true`, w
**What it does:**
- Finds sessions with transcript content where `processed != true`
- Sends transcripts to OpenAI for analysis
- Extracts: sentiment, category, questions, summary, etc.
- Updates session with processed data
- Sets `processed = true`
- Finds sessions with transcript content where `processed != true`
- Sends transcripts to OpenAI for analysis
- Extracts: sentiment, category, questions, summary, etc.
- Updates session with processed data
- Sets `processed = true`
**Runs:** Every hour (cron: `0 * * * *`)
@ -94,41 +98,42 @@ node scripts/manual-triggers.js both
1. **Check if sessions have transcripts:**
```bash
node scripts/manual-triggers.js status
```
```bash
node scripts/manual-triggers.js status
```
2. **If "Sessions with transcript" is 0:**
- Sessions exist but transcripts haven't been fetched yet
- Run session refresh: `node scripts/manual-triggers.js refresh`
- Sessions exist but transcripts haven't been fetched yet
- Run session refresh: `node scripts/manual-triggers.js refresh`
3. **If "Ready for processing" is 0 but "Sessions with transcript" > 0:**
- All sessions with transcripts have already been processed
- Check if `OPENAI_API_KEY` is set in environment
- All sessions with transcripts have already been processed
- Check if `OPENAI_API_KEY` is set in environment
### Common Issues
#### "No sessions found requiring processing"
- All sessions with transcripts have been processed (`processed = true`)
- Or no sessions have transcript content yet
- All sessions with transcripts have been processed (`processed = true`)
- Or no sessions have transcript content yet
#### "OPENAI_API_KEY environment variable is not set"
- Add OpenAI API key to `.env.development` file
- Restart the application
- Add OpenAI API key to `.env.development` file
- Restart the application
#### "Error fetching transcript: Unauthorized"
- CSV credentials are incorrect or expired
- Check company CSV username/password in database
- CSV credentials are incorrect or expired
- Check company CSV username/password in database
## Database Field Mapping
### Before AI Processing
<!-- prettier-ignore -->
```javascript
{
id: "session-uuid",
@ -143,6 +148,7 @@ node scripts/manual-triggers.js both
### After AI Processing
<!-- prettier-ignore -->
```javascript
{
id: "session-uuid",
@ -165,16 +171,16 @@ node scripts/manual-triggers.js both
### Session Refresh Scheduler
- **File**: `lib/scheduler.js`
- **Frequency**: Every 30 minutes
- **Cron**: `*/30 * * * *`
- **File**: `lib/scheduler.js`
- **Frequency**: Every 30 minutes
- **Cron**: `*/30 * * * *`
### Processing Scheduler
- **File**: `lib/processingScheduler.js`
- **Frequency**: Every hour
- **Cron**: `0 * * * *`
- **Batch size**: 10 sessions per run
- **File**: `lib/processingScheduler.js`
- **Frequency**: Every hour
- **Cron**: `0 * * * *`
- **Batch size**: 10 sessions per run
## Environment Variables Required
@ -194,20 +200,20 @@ NEXTAUTH_URL="http://localhost:3000"
1. **Trigger session refresh** to fetch transcripts:
```bash
node scripts/manual-triggers.js refresh
```
```bash
node scripts/manual-triggers.js refresh
```
2. **Check status** to see if transcripts were fetched:
```bash
node scripts/manual-triggers.js status
```
```bash
node scripts/manual-triggers.js status
```
3. **Trigger processing** if transcripts are available:
```bash
node scripts/manual-triggers.js process
```
```bash
node scripts/manual-triggers.js process
```
4. **View results** in the dashboard session details pages

197
docs/security/enhanced-csp.md
View File

@ -8,54 +8,60 @@ This document outlines the comprehensive Content Security Policy implementation
The enhanced CSP implementation provides:
- **Nonce-based script execution** for maximum security in production
- **Strict mode policies** with configurable external domain allowlists
- **Environment-specific configurations** for development vs production
- **CSP violation reporting and monitoring** system with real-time analysis
- **Advanced bypass detection and alerting** capabilities with risk assessment
- **Comprehensive testing framework** with automated validation
- **Performance metrics and policy recommendations**
- **Framework compatibility** with Next.js, TailwindCSS, and Leaflet maps
- **Nonce-based script execution** for maximum security in production
- **Strict mode policies** with configurable external domain allowlists
- **Environment-specific configurations** for development vs production
- **CSP violation reporting and monitoring** system with real-time analysis
- **Advanced bypass detection and alerting** capabilities with risk assessment
- **Comprehensive testing framework** with automated validation
- **Performance metrics and policy recommendations**
- **Framework compatibility** with Next.js, TailwindCSS, and Leaflet maps
## Architecture
### Core Components
1. **CSP Utility Library** (`lib/csp.ts`)
- Nonce generation with cryptographic security
- Dynamic CSP building based on environment
- Violation parsing and bypass detection
- Policy validation and testing
- Nonce generation with cryptographic security
- Dynamic CSP building based on environment
- Violation parsing and bypass detection
- Policy validation and testing
2. **Middleware Implementation** (`middleware.ts`)
- Automatic nonce generation per request
- Environment-aware policy application
- Enhanced security headers
- Route-based CSP filtering
- Automatic nonce generation per request
- Environment-aware policy application
- Enhanced security headers
- Route-based CSP filtering
3. **Violation Reporting** (`app/api/csp-report/route.ts`)
- Real-time violation monitoring with intelligent analysis
- Rate-limited endpoint protection (10 reports/minute per IP)
- Advanced bypass attempt detection with risk assessment
- Automated alerting for critical violations with recommendations
- Real-time violation monitoring with intelligent analysis
- Rate-limited endpoint protection (10 reports/minute per IP)
- Advanced bypass attempt detection with risk assessment
- Automated alerting for critical violations with recommendations
4. **Monitoring Service** (`lib/csp-monitoring.ts`)
- Violation tracking and metrics collection
- Policy recommendation engine based on violation patterns
- Export capabilities for external analysis (JSON/CSV)
- Automatic cleanup of old violation data
- Violation tracking and metrics collection
- Policy recommendation engine based on violation patterns
- Export capabilities for external analysis (JSON/CSV)
- Automatic cleanup of old violation data
5. **Metrics API** (`app/api/csp-metrics/route.ts`)
- Real-time CSP violation metrics (1h, 6h, 24h, 7d, 30d ranges)
- Top violated directives and blocked URIs analysis
- Violation trend tracking and visualization data
- Policy optimization recommendations
- Real-time CSP violation metrics (1h, 6h, 24h, 7d, 30d ranges)
- Top violated directives and blocked URIs analysis
- Violation trend tracking and visualization data
- Policy optimization recommendations
6. **Testing Framework**
- Comprehensive unit and integration tests
- Enhanced CSP validation tools with security scoring
- Automated compliance verification
- Real-world scenario testing for application compatibility
- Comprehensive unit and integration tests
- Enhanced CSP validation tools with security scoring
- Automated compliance verification
- Real-world scenario testing for application compatibility
## CSP Policies
@ -67,8 +73,14 @@ const productionCSP = {
"default-src": ["'self'"],
"script-src": ["'self'", "'nonce-{generated}'", "'strict-dynamic'"],
"style-src": ["'self'", "'nonce-{generated}'"],
"img-src": ["'self'", "data:", "https://schema.org", "https://livedash.notso.ai",
"https://*.basemaps.cartocdn.com", "https://*.openstreetmap.org"],
"img-src": [
"'self'",
"data:",
"https://schema.org",
"https://livedash.notso.ai",
"https://*.basemaps.cartocdn.com",
"https://*.openstreetmap.org",
],
"font-src": ["'self'", "data:"],
"connect-src": ["'self'", "https://api.openai.com", "https://livedash.notso.ai", "https:"],
"object-src": ["'none'"],
@ -77,7 +89,7 @@ const productionCSP = {
"frame-ancestors": ["'none'"],
"upgrade-insecure-requests": true,
"report-uri": ["/api/csp-report"],
"report-to": ["csp-endpoint"]
"report-to": ["csp-endpoint"],
};
```
@ -89,11 +101,8 @@ const strictCSP = buildCSP({
isDevelopment: false,
nonce: generateNonce(),
strictMode: true,
allowedExternalDomains: [
"https://api.openai.com",
"https://schema.org"
],
reportUri: "/api/csp-report"
allowedExternalDomains: ["https://api.openai.com", "https://schema.org"],
reportUri: "/api/csp-report",
});
// Results in:
@ -118,9 +127,9 @@ const developmentCSP = {
### 1. Nonce-Based Script Execution
- **128-bit cryptographically secure nonces** generated per request
- **Strict-dynamic policy** prevents inline script execution
- **Automatic nonce injection** into layout components
- **128-bit cryptographically secure nonces** generated per request
- **Strict-dynamic policy** prevents inline script execution
- **Automatic nonce injection** into layout components
```tsx
// Layout with nonce support
@ -137,9 +146,7 @@ export default async function RootLayout({ children }: { children: ReactNode })
/>
</head>
<body>
<NonceProvider nonce={nonce}>
{children}
</NonceProvider>
<NonceProvider nonce={nonce}>{children}</NonceProvider>
</body>
</html>
);
@ -150,31 +157,32 @@ export default async function RootLayout({ children }: { children: ReactNode })
#### Script Sources
- **Production**: Only `'self'` and nonce-approved scripts
- **Development**: Additional `'unsafe-eval'` for dev tools
- **Blocked**: All external CDNs, inline scripts without nonce
- **Production**: Only `'self'` and nonce-approved scripts
- **Development**: Additional `'unsafe-eval'` for dev tools
- **Blocked**: All external CDNs, inline scripts without nonce
#### Style Sources
- **Production**: Nonce-based inline styles preferred
- **Fallback**: `'unsafe-inline'` for TailwindCSS compatibility
- **External**: Only self-hosted stylesheets
- **Production**: Nonce-based inline styles preferred
- **Fallback**: `'unsafe-inline'` for TailwindCSS compatibility
- **External**: Only self-hosted stylesheets
#### Image Sources
- **Allowed**: Self, data URIs, schema.org, application domain
- **Blocked**: All other external domains
- **Allowed**: Self, data URIs, schema.org, application domain
- **Blocked**: All other external domains
#### Connection Sources
- **Production**: Self, OpenAI API, application domain
- **Development**: Additional WebSocket for HMR
- **Blocked**: All other external connections
- **Production**: Self, OpenAI API, application domain
- **Development**: Additional WebSocket for HMR
- **Blocked**: All other external connections
### 3. XSS Protection Mechanisms
#### Inline Script Prevention
<!-- prettier-ignore -->
```javascript
// Blocked by CSP
<script>alert('xss')</script>
@ -185,6 +193,7 @@ export default async function RootLayout({ children }: { children: ReactNode })
#### Object Injection Prevention
<!-- prettier-ignore -->
```javascript
// Completely blocked
object-src 'none'
@ -192,6 +201,7 @@ object-src 'none'
#### Base Tag Injection Prevention
<!-- prettier-ignore -->
```javascript
// Restricted to same origin
base-uri 'self'
@ -199,6 +209,7 @@ base-uri 'self'
#### Clickjacking Protection
<!-- prettier-ignore -->
```javascript
// No framing allowed
frame-ancestors 'none'
@ -210,11 +221,11 @@ The system actively monitors for common CSP bypass attempts:
```javascript
const bypassPatterns = [
/javascript:/i, // Protocol injection
/data:text\/html/i, // Data URI injection
/eval\(/i, // Code evaluation
/Function\(/i, // Constructor injection
/setTimeout.*string/i, // Timer string execution
/javascript:/i, // Protocol injection
/data:text\/html/i, // Data URI injection
/eval\(/i, // Code evaluation
/Function\(/i, // Constructor injection
/setTimeout.*string/i, // Timer string execution
];
```
@ -248,11 +259,11 @@ CSP violations are automatically reported to `/api/csp-report`:
Violations are logged with:
- Timestamp and source IP
- User agent and referer
- Violation type and blocked content
- Risk level and bypass indicators
- Response actions taken
- Timestamp and source IP
- User agent and referer
- Violation type and blocked content
- Risk level and bypass indicators
- Response actions taken
## Testing and Validation
@ -281,10 +292,10 @@ pnpm test:csp:full
The validation framework provides a security score:
- **90-100%**: Excellent implementation
- **80-89%**: Good with minor improvements needed
- **70-79%**: Needs attention
- **<70%**: Serious security issues
- **90-100%**: Excellent implementation
- **80-89%**: Good with minor improvements needed
- **70-79%**: Needs attention
- **<70%**: Serious security issues
## Deployment Considerations
@ -298,15 +309,15 @@ NODE_ENV=development # Enables permissive CSP
### Performance Impact
- **Nonce generation**: ~0.1ms per request
- **Header processing**: ~0.05ms per request
- **Total overhead**: <1ms per request
- **Nonce generation**: ~0.1ms per request
- **Header processing**: ~0.05ms per request
- **Total overhead**: <1ms per request
### Browser Compatibility
- **Modern browsers**: Full CSP Level 3 support
- **Legacy browsers**: Graceful degradation with X-XSS-Protection
- **Reporting**: Supported in all major browsers
- **Modern browsers**: Full CSP Level 3 support
- **Legacy browsers**: Graceful degradation with X-XSS-Protection
- **Reporting**: Supported in all major browsers
## Maintenance
@ -339,24 +350,24 @@ For CSP violations:
### Development
- Always test CSP changes in development first
- Use nonce provider for new inline scripts
- Validate external resources before adding
- Monitor console for CSP violations
- Always test CSP changes in development first
- Use nonce provider for new inline scripts
- Validate external resources before adding
- Monitor console for CSP violations
### Production
- Never disable CSP in production
- Monitor violation rates and patterns
- Keep nonce generation entropy high
- Regular security audits
- Never disable CSP in production
- Monitor violation rates and patterns
- Keep nonce generation entropy high
- Regular security audits
### Code Review
- Check all inline scripts have nonce
- Verify external resources are approved
- Ensure CSP tests pass
- Document any policy changes
- Check all inline scripts have nonce
- Verify external resources are approved
- Ensure CSP tests pass
- Document any policy changes
## Troubleshooting
@ -394,9 +405,9 @@ If CSP breaks production:
This CSP implementation addresses:
- **OWASP Top 10**: XSS prevention
- **CSP Level 3**: Modern security standards
- **GDPR**: Privacy-preserving monitoring
- **SOC 2**: Security controls documentation
- **OWASP Top 10**: XSS prevention
- **CSP Level 3**: Modern security standards
- **GDPR**: Privacy-preserving monitoring
- **SOC 2**: Security controls documentation
The enhanced CSP provides defense-in-depth against XSS attacks while maintaining application functionality and performance.

97
docs/transcript-parsing-implementation.md
View File

@ -25,8 +25,8 @@ CREATE INDEX Message_sessionId_order_idx ON Message(sessionId, order);
### Updated Session Table
- Added `messages` relation to Session model
- Sessions can now have both raw transcript content AND parsed messages
- Added `messages` relation to Session model
- Sessions can now have both raw transcript content AND parsed messages
## New Components
@ -46,35 +46,35 @@ export interface Message {
### 2. Transcript Parser (`lib/transcriptParser.js`)
- **`parseChatLogToJSON(logString)`** - Parses raw transcript text into structured messages
- **`storeMessagesForSession(sessionId, messages)`** - Stores parsed messages in database
- **`processTranscriptForSession(sessionId, transcriptContent)`** - Complete processing for one session
- **`processAllUnparsedTranscripts()`** - Batch process all unparsed transcripts
- **`getMessagesForSession(sessionId)`** - Retrieve messages for a session
- **`parseChatLogToJSON(logString)`** - Parses raw transcript text into structured messages
- **`storeMessagesForSession(sessionId, messages)`** - Stores parsed messages in database
- **`processTranscriptForSession(sessionId, transcriptContent)`** - Complete processing for one session
- **`processAllUnparsedTranscripts()`** - Batch process all unparsed transcripts
- **`getMessagesForSession(sessionId)`** - Retrieve messages for a session
### 3. MessageViewer Component (`components/MessageViewer.tsx`)
- Chat-like interface for displaying parsed messages
- Color-coded by role (User: blue, Assistant: gray, System: yellow)
- Shows timestamps and message order
- Scrollable with conversation metadata
- Chat-like interface for displaying parsed messages
- Color-coded by role (User: blue, Assistant: gray, System: yellow)
- Shows timestamps and message order
- Scrollable with conversation metadata
## Updated Components
### 1. Session API (`pages/api/dashboard/session/[id].ts`)
- Now includes parsed messages in session response
- Messages are ordered by `order` field (ascending)
- Now includes parsed messages in session response
- Messages are ordered by `order` field (ascending)
### 2. Session Details Page (`app/dashboard/sessions/[id]/page.tsx`)
- Added MessageViewer component
- Shows both parsed messages AND raw transcript
- Prioritizes parsed messages when available
- Added MessageViewer component
- Shows both parsed messages AND raw transcript
- Prioritizes parsed messages when available
### 3. ChatSession Interface (`lib/types.ts`)
- Added optional `messages?: Message[]` field
- Added optional `messages?: Message[]` field
## Parsing Logic
@ -90,11 +90,11 @@ The parser expects transcript format:
### Features
- **Multi-line support** - Messages can span multiple lines
- **Timestamp parsing** - Converts DD.MM.YYYY HH:MM:SS to ISO format
- **Role detection** - Extracts sender role from each message
- **Ordering** - Maintains conversation order with explicit order field
- **Sorting** - Messages sorted by timestamp, then by role (User before Assistant)
- **Multi-line support** - Messages can span multiple lines
- **Timestamp parsing** - Converts DD.MM.YYYY HH:MM:SS to ISO format
- **Role detection** - Extracts sender role from each message
- **Ordering** - Maintains conversation order with explicit order field
- **Sorting** - Messages sorted by timestamp, then by role (User before Assistant)
## Manual Commands
@ -113,8 +113,8 @@ node scripts/manual-triggers.js status
### Updated Commands
- **`status`** - Now shows transcript and parsing statistics
- **`all`** - New command that runs refresh → parse → process in sequence
- **`status`** - Now shows transcript and parsing statistics
- **`all`** - New command that runs refresh → parse → process in sequence
## Workflow Integration
@ -126,6 +126,7 @@ node scripts/manual-triggers.js status
### Database States
<!-- prettier-ignore -->
```javascript
// After CSV fetch
{
@ -156,18 +157,18 @@ node scripts/manual-triggers.js status
### Before
- Only raw transcript text in a text area
- Difficult to follow conversation flow
- No clear distinction between speakers
- Only raw transcript text in a text area
- Difficult to follow conversation flow
- No clear distinction between speakers
### After
- **Chat-like interface** with message bubbles
- **Color-coded roles** for easy identification
- **Timestamps** for each message
- **Conversation metadata** (first/last message times)
- **Fallback to raw transcript** if parsing fails
- **Both views available** - structured AND raw
- **Chat-like interface** with message bubbles
- **Color-coded roles** for easy identification
- **Timestamps** for each message
- **Conversation metadata** (first/last message times)
- **Fallback to raw transcript** if parsing fails
- **Both views available** - structured AND raw
## Testing
@ -195,34 +196,34 @@ node scripts/manual-triggers.js all
### Performance
- **Indexed queries** - Messages indexed by sessionId and order
- **Efficient loading** - Only load messages when needed
- **Cascading deletes** - Messages automatically deleted with sessions
- **Indexed queries** - Messages indexed by sessionId and order
- **Efficient loading** - Only load messages when needed
- **Cascading deletes** - Messages automatically deleted with sessions
### Maintainability
- **Separation of concerns** - Parsing logic isolated in dedicated module
- **Type safety** - Full TypeScript support for Message interface
- **Error handling** - Graceful fallbacks when parsing fails
- **Separation of concerns** - Parsing logic isolated in dedicated module
- **Type safety** - Full TypeScript support for Message interface
- **Error handling** - Graceful fallbacks when parsing fails
### Extensibility
- **Role flexibility** - Supports any role names (User, Assistant, System, etc.)
- **Content preservation** - Multi-line messages fully supported
- **Metadata ready** - Easy to add message-level metadata in future
- **Role flexibility** - Supports any role names (User, Assistant, System, etc.)
- **Content preservation** - Multi-line messages fully supported
- **Metadata ready** - Easy to add message-level metadata in future
## Migration Notes
### Existing Data
- **No data loss** - Original transcript content preserved
- **Backward compatibility** - Pages work with or without parsed messages
- **Gradual migration** - Can parse transcripts incrementally
- **No data loss** - Original transcript content preserved
- **Backward compatibility** - Pages work with or without parsed messages
- **Gradual migration** - Can parse transcripts incrementally
### Database Migration
- New Message table created with foreign key constraints
- Existing Session table unchanged (only added relation)
- Index created for efficient message queries
- New Message table created with foreign key constraints
- Existing Session table unchanged (only added relation)
- Index created for efficient message queries
This implementation provides a solid foundation for enhanced conversation analysis and user experience while maintaining full backward compatibility.

60
docs/troubleshooting-fixes.md
View File

@ -24,9 +24,9 @@ import { Permission, createPermissionChecker } from "./authorization";
```typescript
// Before
error.errors.map((e) => `${e.path.join(".")}: ${e.message}`)
error.errors.map((e) => `${e.path.join(".")}: ${e.message}`);
// After
error.issues.map((e) => `${e.path.join(".")}: ${e.message}`)
error.issues.map((e) => `${e.path.join(".")}: ${e.message}`);
```
### 3. Missing LRU Cache Dependency
@ -45,6 +45,7 @@ pnpm add lru-cache
**Error:** `Type 'K' does not satisfy the constraint '{}'`
**Fix:** Added proper generic type constraints
<!-- prettier-ignore -->
```typescript
// Before
<K = string, V = any>
@ -58,6 +59,7 @@ pnpm add lru-cache
**Error:** `can only be iterated through when using the '--downlevelIteration' flag`
**Fix:** Used `Array.from()` pattern for compatibility
<!-- prettier-ignore -->
```typescript
// Before
for (const [key, value] of map) { ... }
@ -88,11 +90,11 @@ this.client = createClient({
```typescript
// Before
user.securityAuditLogs
session.sessionImport
user.securityAuditLogs;
session.sessionImport;
// After
user.auditLogs
session.import
user.auditLogs;
session.import;
```
### 8. Missing Schema Fields
@ -102,7 +104,7 @@ session.import
**Fix:** Applied type casting where schema fields were missing
```typescript
userId: (session as any).userId || null
userId: (session as any).userId || null;
```
### 9. Deprecated Package Dependencies
@ -111,6 +113,7 @@ userId: (session as any).userId || null
**Error:** `Cannot find module 'critters'`
**Fix:** Disabled CSS optimization feature that required critters
<!-- prettier-ignore -->
```javascript
experimental: {
optimizeCss: false, // Disabled due to critters dependency
@ -123,6 +126,7 @@ experimental: {
**Error:** Build failed due to linting warnings
**Fix:** Disabled ESLint during build since Biome is used for linting
<!-- prettier-ignore -->
```javascript
eslint: {
ignoreDuringBuilds: true,
@ -161,39 +165,39 @@ model User {
Enhanced UserRepository with new methods:
- `updateLastLogin()` - Tracks user login times
- `incrementFailedLoginAttempts()` - Security feature for account locking
- `verifyEmail()` - Email verification management
- `deactivateUser()` - Account management
- `unlockUser()` - Security administration
- `updatePreferences()` - User settings management
- `findInactiveUsers()` - Now uses `lastLoginAt` instead of `createdAt`
- `updateLastLogin()` - Tracks user login times
- `incrementFailedLoginAttempts()` - Security feature for account locking
- `verifyEmail()` - Email verification management
- `deactivateUser()` - Account management
- `unlockUser()` - Security administration
- `updatePreferences()` - User settings management
- `findInactiveUsers()` - Now uses `lastLoginAt` instead of `createdAt`
## Prevention Measures
### 1. Regular Dependency Updates
- Monitor for breaking changes in dependencies like Zod
- Use `pnpm outdated` to check for deprecated packages
- Test builds after dependency updates
- Monitor for breaking changes in dependencies like Zod
- Use `pnpm outdated` to check for deprecated packages
- Test builds after dependency updates
### 2. TypeScript Strict Checking
- Enable strict TypeScript checking to catch type errors early
- Use proper type imports and exports
- Avoid `any` types where possible
- Enable strict TypeScript checking to catch type errors early
- Use proper type imports and exports
- Avoid `any` types where possible
### 3. Build Pipeline Validation
- Run `pnpm build` before committing
- Include type checking in CI/CD pipeline
- Separate linting from build process
- Run `pnpm build` before committing
- Include type checking in CI/CD pipeline
- Separate linting from build process
### 4. Schema Management
- Regenerate Prisma client after schema changes: `pnpm prisma:generate`
- Validate schema changes with database migrations
- Use proper TypeScript types for database operations
- Regenerate Prisma client after schema changes: `pnpm prisma:generate`
- Validate schema changes with database migrations
- Use proper TypeScript types for database operations
### 5. Development Workflow
@ -233,5 +237,5 @@ pnpm install
---
*Last updated: 2025-07-12*
*Build Status: ✅ Success (47/47 pages generated)*
_Last updated: 2025-07-12_
_Build Status: ✅ Success (47/47 pages generated)_

1
lib/performance/integration.ts
View File

@ -403,6 +403,7 @@ function mergeOptions(
/**
* Create a performance-enhanced service instance
*/
// prettier-ignore
export function createEnhancedService<T>(
ServiceClass: new (...args: unknown[]) => T,
options: PerformanceIntegrationOptions = {}

22
package.json
View File

@ -8,14 +8,14 @@
"build:analyze": "ANALYZE=true next build",
"dev": "pnpm exec tsx server.ts",
"dev:next-only": "next dev --turbopack",
"format": "pnpm format:prettier && pnpm format:biome",
"format:check": "pnpm format:check-prettier && pnpm format:check-biome",
"format": "pnpm format:prettier; pnpm format:biome",
"format:check": "pnpm format:check-prettier; pnpm format:check-biome",
"format:biome": "biome format --write",
"format:check-biome": "biome format",
"format:prettier": "npx prettier --write .",
"format:check-prettier": "npx prettier --check .",
"format:prettier": "prettier --write .",
"format:check-prettier": "prettier --check .",
"lint": "next lint",
"lint:fix": "npx eslint --fix",
"lint:fix": "pnpm dlx eslint --fix",
"biome:check": "biome check",
"biome:fix": "biome check --write",
"biome:format": "biome format --write",
@ -225,13 +225,15 @@
"*.json"
]
},
"packageManager": "pnpm@10.12.4",
"lint-staged": {
"*.{js,jsx,ts,tsx,json}": [
"biome check --write"
],
"*.{md,markdown}": [
"markdownlint-cli2 --fix"
],
"*.{js,ts,cjs,mjs,d.cts,d.mts,jsx,tsx,json,jsonc}": [
"biome check --files-ignore-unknown=true",
"biome check --write --no-errors-on-unmatched",
"biome format --write --no-errors-on-unmatched"
]
}
},
"packageManager": "pnpm@10.13.1+sha512.37ebf1a5c7a30d5fabe0c5df44ee8da4c965ca0c5af3dbab28c3a1681b70a256218d05c81c9c0dcf767ef6b8551eb5b960042b9ed4300c59242336377e01cfad"
}

10139
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

102
refactor/ai-session-processing-pipeline.md
View File

@ -2,7 +2,7 @@
> This is a significant but valuable refactoring project. A detailed, well-structured prompt is key for getting a good result from a code-focused AI like Claude.
> **Project:** _LiveDash-Node_ (`~/Projects/livedash-node-max-branch`)
> **Objective:** _Refactor our AI session processing pipeline to use the OpenAI Batch API for cost savings and higher throughput. Implement a new internal admin API under /api/admin/legacy/* to monitor and manage this new asynchronous workflow._
> **Objective:** _Refactor our AI session processing pipeline to use the OpenAI Batch API for cost savings and higher throughput. Implement a new internal admin API under /api/admin/legacy/\* to monitor and manage this new asynchronous workflow._
> **Assignee:** Claude Code
## Context
@ -47,6 +47,7 @@ First, we need to update our database schema to track the state of batch jobs an
@@index([companyId, status])
}
// prettier-ignore
enum AIBatchRequestStatus {
PENDING // We have created the batch in our DB, preparing to send to OpenAI
UPLOADING // Uploading the .jsonl file
@ -75,6 +76,7 @@ First, we need to update our database schema to track the state of batch jobs an
@@index([processingStatus]) // Add this index for efficient querying
}
// prettier-ignore
enum AIRequestStatus {
PENDING_BATCHING // Default state: waiting to be picked up by the batch creator
BATCHING_IN_PROGRESS // It has been assigned to a batch that is currently running
@ -133,69 +135,71 @@ Functionality:
Create a new set of internal API endpoints for monitoring and managing this process.
* Location: `app/api/admin/legacy/`
* Authentication: Protect all these endpoints with our most secure admin-level authentication middleware (e.g., from `lib/platform-auth.ts`). Access should be strictly limited.
- Location: `app/api/admin/legacy/`
- Authentication: Protect all these endpoints with our most secure admin-level authentication middleware (e.g., from `lib/platform-auth.ts`). Access should be strictly limited.
### Endpoint 1: Get Summary
* Route: `GET` `/api/admin/legacy/summary`
* Description: Returns a count of all `AIProcessingRequest` records, grouped by `processingStatus`.
* Response:
- Route: `GET` `/api/admin/legacy/summary`
- Description: Returns a count of all `AIProcessingRequest` records, grouped by `processingStatus`.
- Response:
```json
{
"ok": true,
"summary": {
"pending_batching": 15231,
"batching_in_progress": 2500,
"processing_complete": 85432,
"processing_failed": 78
}
```json
{
"ok": true,
"summary": {
"pending_batching": 15231,
"batching_in_progress": 2500,
"processing_complete": 85432,
"processing_failed": 78
}
```
}
```
### Endpoint 2: List Requests
* Route: `GET` `/api/admin/legacy/requests`
* Description: Retrieves a paginated list of `AIProcessingRequest` records, filterable by `status`.
* Query Params: `status` (required), `limit` (optional), `cursor` (optional).
* Response:
- Route: `GET` `/api/admin/legacy/requests`
- Description: Retrieves a paginated list of `AIProcessingRequest` records, filterable by `status`.
- Query Params: `status` (required), `limit` (optional), `cursor` (optional).
- Response:
```json
{
"ok": true,
"requests": [
{
"id": "...",
"sessionId": "...",
"status": "processing_failed", ...
}
],
"nextCursor": "..."
}
```
```json
{
"ok": true,
"requests": [
{
"id": "...",
"sessionId": "...",
"status": "processing_failed",
"failedAt": "2024-03-15T10:23:45Z",
"error": "Timeout during processing"
}
],
"nextCursor": "..."
}
```
### Endpoint 3: Re-queue Failed Requests
* Route: `POST` `/api/admin/legacy/requests/requeue`
* Description: Resets the status of specified failed requests back to `PENDING_BATCHING` so they can be re-processed in a new batch.
* Request Body:
- Route: `POST` `/api/admin/legacy/requests/requeue`
- Description: Resets the status of specified failed requests back to `PENDING_BATCHING` so they can be re-processed in a new batch.
- Request Body:
```json
{
"requestIds": ["req_id_1", "req_id_2", ...]
}
```
```json
{
"requestIds": ["req_id_1", "req_id_2"]
}
```
* Response:
- Response:
```json
{
"ok": true,
"requeuedCount": 2,
"notFoundCount": 0
}
```
```json
{
"ok": true,
"requeuedCount": 2,
"notFoundCount": 0
}
```
---