ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-15 10:30:37 +09:00
Code Issues Projects Releases Packages Wiki Activity

[codex] Add access cleanup and user profile page (#4088)

Browse source 
## Thinking Path

> - Paperclip is moving from a solo local operator model toward teams
supervising AI-agent companies.
> - Human access management and human-visible profile surfaces are part
of that multiple-user path.
> - The branch included related access cleanup, archived-member removal,
permission protection, and a user profile page.
> - These changes share company membership, user attribution, and
access-service behavior.
> - This pull request groups those human access/profile changes into one
standalone branch.
> - The benefit is safer member removal behavior and a first profile
surface for user work, activity, and cost attribution.

## What Changed

- Added archived company member removal support across shared contracts,
server routes/services, and UI.
- Protected company member removal with stricter permission checks and
tests.
- Added company user profile API, shared types, route wiring, client
API, route, and UI page.
- Simplified the user profile page visual design to a neutral
typography-led layout.

## Verification

- `pnpm install --frozen-lockfile`
- `pnpm exec vitest run server/src/__tests__/access-service.test.ts
server/src/__tests__/user-profile-routes.test.ts
ui/src/pages/CompanyAccess.test.tsx --hookTimeout=30000`
- `pnpm exec vitest run server/src/__tests__/user-profile-routes.test.ts
--testTimeout=30000 --hookTimeout=30000` after an initial local
embedded-Postgres hook timeout in the combined run.
- Split integration check: merged after runtime/governance and
dev-infra/backups with no merge conflicts.
- Confirmed this branch does not include `pnpm-lock.yaml`.

## Risks

- Medium risk: changes member removal permissions and adds a new user
profile route with cross-table stats.
- The profile page is a new UI surface and may need visual follow-up in
browser QA.
- No database migrations are included.

> For core feature work, check [`ROADMAP.md`](ROADMAP.md) first and
discuss it in `#dev` before opening the PR. Feature PRs that overlap
with planned core work may need to be redirected — check the roadmap
first. See `CONTRIBUTING.md`.

## Model Used

- OpenAI Codex, GPT-5.4 tool-enabled coding model, agentic
code-editing/runtime with local shell and GitHub CLI access; exact
context window and reasoning mode are not exposed by the Paperclip
harness.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run tests locally and they pass
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, I have included before/after
screenshots
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Dotta 2026-04-20 06:10:20 -05:00 committed by GitHub
parent e89d3f7e11
commit d8b63a18e7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
23 changed files with 2156 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

178
server/src/routes/access.ts
View file

@ -9,7 +9,7 @@ import path from "node:path";
import { fileURLToPath } from "node:url";
import { Router } from "express";
import type { Request } from "express";
import { and, desc, eq, gt, inArray, isNotNull, isNull, lte, sql } from "drizzle-orm";
import { and, desc, eq, gt, inArray, isNotNull, isNull, lte, ne, sql } from "drizzle-orm";
import type { Db } from "@paperclipai/db";
import {
assets,
@ -18,6 +18,7 @@ import {
companies,
companyLogos,
companyMemberships,
instanceUserRoles,
invites,
joinRequests,
principalPermissionGrants,
@ -34,11 +35,12 @@ import {
searchAdminUsersQuerySchema,
updateCompanyMemberWithPermissionsSchema,
updateCompanyMemberSchema,
archiveCompanyMemberSchema,
updateMemberPermissionsSchema,
updateUserCompanyAccessSchema,
PERMISSION_KEYS
} from "@paperclipai/shared";
import type { DeploymentExposure, DeploymentMode, PermissionKey } from "@paperclipai/shared";
import type { DeploymentExposure, DeploymentMode, HumanCompanyMembershipRole, PermissionKey } from "@paperclipai/shared";
import {
forbidden,
conflict,
@ -994,7 +996,11 @@ async function loadCompanyAccessSummary(
};
}
async function loadCompanyMemberRecords(db: Db, companyId: string) {
async function loadCompanyMemberRecords(
db: Db,
companyId: string,
options: { includeArchived?: boolean } = {},
) {
const members = await db
.select()
.from(companyMemberships)
@ -1002,6 +1008,7 @@ async function loadCompanyMemberRecords(db: Db, companyId: string) {
and(
eq(companyMemberships.companyId, companyId),
eq(companyMemberships.principalType, "user"),
options.includeArchived ? undefined : ne(companyMemberships.status, "archived"),
),
)
.orderBy(desc(companyMemberships.updatedAt));
@ -1041,6 +1048,116 @@ async function loadCompanyMemberRecords(db: Db, companyId: string) {
}));
}
type CompanyMemberRecord = Awaited<ReturnType<typeof loadCompanyMemberRecords>>[number];
const humanRoleRank: Record<HumanCompanyMembershipRole, number> = {
viewer: 1,
operator: 2,
admin: 3,
owner: 4,
};
async function resolveActorHumanRole(
req: Request,
access: ReturnType<typeof accessService>,
companyId: string,
): Promise<HumanCompanyMembershipRole | null> {
if (req.actor.type !== "board") return null;
if (isLocalImplicit(req) || req.actor.isInstanceAdmin) return "owner";
const userId = req.actor.userId ?? null;
if (!userId) return null;
const membership = await access.getMembership(companyId, "user", userId);
if (membership?.status !== "active" || !membership.membershipRole) return null;
return normalizeHumanRole(membership.membershipRole, "operator");
}
async function getProtectedMemberReason(
req: Request,
access: ReturnType<typeof accessService>,
companyId: string,
member: { principalId: string; principalType: string; membershipRole: string | null },
opts?: {
actorRole?: HumanCompanyMembershipRole | null;
instanceAdminUserIds?: ReadonlySet<string>;
operation?: "archive" | "update";
},
): Promise<string | null> {
if (member.principalType !== "user") return "Only human company members can be removed.";
if (req.actor.type !== "board") return "Board access is required to remove members.";
if (member.principalId === req.actor.userId) return "You cannot remove yourself.";
const isTargetInstanceAdmin = opts?.instanceAdminUserIds
? opts.instanceAdminUserIds.has(member.principalId)
: await access.isInstanceAdmin(member.principalId);
if (isTargetInstanceAdmin) {
return "Instance admins cannot be removed from company access.";
}
const targetRole = member.membershipRole
? normalizeHumanRole(member.membershipRole, "operator")
: "operator";
if (opts?.operation === "archive") {
if (targetRole === "owner") return "Board owners cannot be removed from company access.";
if (targetRole === "admin") return "Company admins cannot be removed from company access.";
}
const actorRole = opts?.actorRole ?? await resolveActorHumanRole(req, access, companyId);
if (!actorRole) return "Only active company members can remove users.";
if (humanRoleRank[targetRole] >= humanRoleRank[actorRole]) {
return "You can only remove users below your company role.";
}
return null;
}
async function assertCanManageCompanyMember(
req: Request,
access: ReturnType<typeof accessService>,
companyId: string,
member: { principalId: string; principalType: string; membershipRole: string | null },
operation: "archive" | "update" = "update",
) {
const reason = await getProtectedMemberReason(req, access, companyId, member, { operation });
if (reason) throw forbidden(reason);
}
async function addCompanyMemberRemovalAccess(
req: Request,
db: Db,
access: ReturnType<typeof accessService>,
companyId: string,
members: CompanyMemberRecord[],
) {
const actorRole = await resolveActorHumanRole(req, access, companyId);
const userIds = [...new Set(members
.filter((member) => member.principalType === "user")
.map((member) => member.principalId))];
const instanceAdminUserIds = userIds.length > 0
? new Set(
await db
.select({ userId: instanceUserRoles.userId })
.from(instanceUserRoles)
.where(and(inArray(instanceUserRoles.userId, userIds), eq(instanceUserRoles.role, "instance_admin")))
.then((rows) => rows.map((row) => row.userId)),
)
: new Set<string>();
return Promise.all(
members.map(async (member) => {
const reason = await getProtectedMemberReason(req, access, companyId, member, {
actorRole,
instanceAdminUserIds,
operation: "archive",
});
return {
...member,
removal: {
canArchive: !reason,
reason,
},
};
}),
);
}
async function loadCompanyUserDirectory(db: Db, companyId: string) {
const members = await db
.select({
@ -3604,7 +3721,7 @@ export function accessRoutes(
loadCompanyAccessSummary(req, access, companyId),
]);
res.json({
members,
members: await addCompanyMemberRemovalAccess(req, db, access, companyId, members),
access: currentAccess,
});
});
@ -3623,6 +3740,9 @@ export function accessRoutes(
const companyId = req.params.companyId as string;
const memberId = req.params.memberId as string;
await assertCompanyPermission(req, companyId, "users:manage_permissions");
const memberToUpdate = await access.getMemberById(companyId, memberId);
if (!memberToUpdate) throw notFound("Member not found");
await assertCanManageCompanyMember(req, access, companyId, memberToUpdate);
const updated = await db.transaction(async (tx) => {
await tx.execute(sql`
@ -3717,6 +3837,9 @@ export function accessRoutes(
const companyId = req.params.companyId as string;
const memberId = req.params.memberId as string;
await assertCompanyPermission(req, companyId, "users:manage_permissions");
const memberToUpdate = await access.getMemberById(companyId, memberId);
if (!memberToUpdate) throw notFound("Member not found");
await assertCanManageCompanyMember(req, access, companyId, memberToUpdate);
const updated = await db.transaction(async (tx) => {
await tx.execute(sql`
@ -3834,6 +3957,47 @@ export function accessRoutes(
}
);
router.post(
"/companies/:companyId/members/:memberId/archive",
validate(archiveCompanyMemberSchema),
async (req, res) => {
const companyId = req.params.companyId as string;
const memberId = req.params.memberId as string;
await assertCompanyPermission(req, companyId, "users:manage_permissions");
const memberToArchive = await access.getMemberById(companyId, memberId);
if (!memberToArchive) throw notFound("Member not found");
await assertCanManageCompanyMember(req, access, companyId, memberToArchive, "archive");
const result = await access.archiveMember(companyId, memberId, {
reassignment: req.body.reassignment ?? null,
});
if (!result) throw notFound("Member not found");
await logActivity(db, {
companyId,
actorType: "user",
actorId: req.actor.userId ?? "board",
action: "company_member.archived",
entityType: "company_membership",
entityId: memberId,
details: {
principalId: result.member.principalId,
reassignedIssueCount: result.reassignedIssueCount,
reassignment: req.body.reassignment ?? null,
},
});
const member = (await loadCompanyMemberRecords(db, companyId, { includeArchived: true })).find(
(entry) => entry.id === memberId,
);
if (!member) throw notFound("Member not found");
res.json({
member,
reassignedIssueCount: result.reassignedIssueCount,
});
}
);
router.patch(
"/companies/:companyId/members/:memberId/permissions",
validate(updateMemberPermissionsSchema),
@ -3841,6 +4005,9 @@ export function accessRoutes(
const companyId = req.params.companyId as string;
const memberId = req.params.memberId as string;
await assertCompanyPermission(req, companyId, "users:manage_permissions");
const memberToUpdate = await access.getMemberById(companyId, memberId);
if (!memberToUpdate) throw notFound("Member not found");
await assertCanManageCompanyMember(req, access, companyId, memberToUpdate);
const updated = await access.setMemberPermissions(
companyId,
memberId,
@ -3962,7 +4129,8 @@ export function accessRoutes(
const userId = req.params.userId as string;
await access.setUserCompanyAccess(
userId,
req.body.companyIds ?? []
req.body.companyIds ?? [],
{ actorUserId: req.actor.userId ?? null },
);
res.json(await loadUserCompanyAccessResponse(db, access, userId));
}

436
server/src/routes/user-profiles.ts Normal file
View file

@ -0,0 +1,436 @@
import { Router } from "express";
import { and, desc, eq, gte, isNull, sql } from "drizzle-orm";
import type { Db } from "@paperclipai/db";
import {
activityLog,
agents,
authUsers,
companyMemberships,
costEvents,
issueComments,
issues,
} from "@paperclipai/db";
import type {
UserProfileDailyPoint,
UserProfileIdentity,
UserProfileResponse,
UserProfileWindowStats,
} from "@paperclipai/shared";
import { notFound } from "../errors.js";
import { assertCompanyAccess } from "./authz.js";
type CompanyUserRow = {
id: string;
principalId: string;
status: string;
membershipRole: string | null;
createdAt: Date;
userId: string | null;
name: string | null;
email: string | null;
image: string | null;
};
const PROFILE_WINDOWS = [
{ key: "last7", label: "Last 7 days", days: 7 },
{ key: "last30", label: "Last 30 days", days: 30 },
{ key: "all", label: "All time", days: null },
] as const;
function slugifyUserPart(value: string | null | undefined) {
const normalized = value
?.trim()
.toLowerCase()
.replace(/['"]/g, "")
.replace(/[^a-z0-9]+/g, "-")
.replace(/^-+|-+$/g, "");
return normalized || null;
}
function userSlugCandidates(row: CompanyUserRow) {
const candidates = new Set<string>();
const add = (value: string | null | undefined) => {
const slug = slugifyUserPart(value);
if (slug) candidates.add(slug);
};
add(row.name);
add(row.email?.split("@")[0]);
add(row.email);
add(row.principalId);
return [...candidates];
}
async function resolveCompanyUser(db: Db, companyId: string, rawSlug: string): Promise<CompanyUserRow | null> {
const slug = slugifyUserPart(rawSlug);
if (!slug) return null;
const rows = await db
.select({
id: companyMemberships.id,
principalId: companyMemberships.principalId,
status: companyMemberships.status,
membershipRole: companyMemberships.membershipRole,
createdAt: companyMemberships.createdAt,
userId: authUsers.id,
name: authUsers.name,
email: authUsers.email,
image: authUsers.image,
})
.from(companyMemberships)
.leftJoin(authUsers, eq(authUsers.id, companyMemberships.principalId))
.where(
and(
eq(companyMemberships.companyId, companyId),
eq(companyMemberships.principalType, "user"),
),
)
.orderBy(desc(companyMemberships.updatedAt))
.limit(200);
return rows.find((row) => userSlugCandidates(row).includes(slug)) ?? null;
}
function userIssueInvolvementSql(companyId: string, userId: string) {
return sql<boolean>`
(
${issues.createdByUserId} = ${userId}
OR ${issues.assigneeUserId} = ${userId}
OR EXISTS (
SELECT 1
FROM ${issueComments}
WHERE ${issueComments.companyId} = ${companyId}
AND ${issueComments.issueId} = ${issues.id}
AND ${issueComments.authorUserId} = ${userId}
)
)
`;
}
function windowStart(days: number | null) {
if (!days) return null;
return new Date(Date.now() - days * 24 * 60 * 60 * 1000);
}
function startOfUtcDay(date: Date) {
return new Date(Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate()));
}
function isoDay(date: Date) {
return startOfUtcDay(date).toISOString().slice(0, 10);
}
function dayKeyExpr(dateSql: ReturnType<typeof sql>) {
return sql<string>`to_char(date_trunc('day', ${dateSql}), 'YYYY-MM-DD')`;
}
function sumNumber(column: typeof costEvents.costCents | typeof costEvents.inputTokens | typeof costEvents.cachedInputTokens | typeof costEvents.outputTokens) {
return sql<number>`coalesce(sum(${column}), 0)::double precision`;
}
async function loadWindowStats(
db: Db,
companyId: string,
userId: string,
key: UserProfileWindowStats["key"],
label: string,
from: Date | null,
): Promise<UserProfileWindowStats> {
const involvement = userIssueInvolvementSql(companyId, userId);
const openStatuses = ["backlog", "todo", "in_progress", "in_review", "blocked"];
const fromIso = from?.toISOString();
const [issueStats] = await db
.select({
touchedIssues: sql<number>`count(distinct case when ${involvement} ${fromIso ? sql`and ${issues.updatedAt} >= ${fromIso}` : sql``} then ${issues.id} end)::int`,
createdIssues: sql<number>`count(distinct case when ${issues.createdByUserId} = ${userId} ${fromIso ? sql`and ${issues.createdAt} >= ${fromIso}` : sql``} then ${issues.id} end)::int`,
completedIssues: sql<number>`count(distinct case when ${involvement} and ${issues.status} = 'done' ${fromIso ? sql`and ${issues.completedAt} >= ${fromIso}` : sql``} then ${issues.id} end)::int`,
assignedOpenIssues: sql<number>`count(distinct case when ${issues.assigneeUserId} = ${userId} and ${issues.status} in (${sql.join(openStatuses.map((status) => sql`${status}`), sql`, `)}) then ${issues.id} end)::int`,
})
.from(issues)
.where(and(eq(issues.companyId, companyId), isNull(issues.hiddenAt)));
const commentConditions = [
eq(issueComments.companyId, companyId),
eq(issueComments.authorUserId, userId),
];
if (from) commentConditions.push(gte(issueComments.createdAt, from));
const [commentStats] = await db
.select({ count: sql<number>`count(*)::int` })
.from(issueComments)
.where(and(...commentConditions));
const activityConditions = [
eq(activityLog.companyId, companyId),
eq(activityLog.actorType, "user"),
eq(activityLog.actorId, userId),
];
if (from) activityConditions.push(gte(activityLog.createdAt, from));
const [activityStats] = await db
.select({ count: sql<number>`count(*)::int` })
.from(activityLog)
.where(and(...activityConditions));
const costConditions = [
eq(costEvents.companyId, companyId),
userIssueInvolvementSql(companyId, userId),
];
if (from) costConditions.push(gte(costEvents.occurredAt, from));
const [costStats] = await db
.select({
costCents: sumNumber(costEvents.costCents),
inputTokens: sumNumber(costEvents.inputTokens),
cachedInputTokens: sumNumber(costEvents.cachedInputTokens),
outputTokens: sumNumber(costEvents.outputTokens),
costEventCount: sql<number>`count(${costEvents.id})::int`,
})
.from(costEvents)
.innerJoin(issues, and(eq(issues.id, costEvents.issueId), eq(issues.companyId, costEvents.companyId)))
.where(and(...costConditions));
return {
key,
label,
touchedIssues: Number(issueStats?.touchedIssues ?? 0),
createdIssues: Number(issueStats?.createdIssues ?? 0),
completedIssues: Number(issueStats?.completedIssues ?? 0),
assignedOpenIssues: Number(issueStats?.assignedOpenIssues ?? 0),
commentCount: Number(commentStats?.count ?? 0),
activityCount: Number(activityStats?.count ?? 0),
costCents: Number(costStats?.costCents ?? 0),
inputTokens: Number(costStats?.inputTokens ?? 0),
cachedInputTokens: Number(costStats?.cachedInputTokens ?? 0),
outputTokens: Number(costStats?.outputTokens ?? 0),
costEventCount: Number(costStats?.costEventCount ?? 0),
};
}
async function loadDailyStats(db: Db, companyId: string, userId: string): Promise<UserProfileDailyPoint[]> {
const firstDay = startOfUtcDay(new Date(Date.now() - 13 * 24 * 60 * 60 * 1000));
const points = new Map<string, UserProfileDailyPoint>();
for (let index = 0; index < 14; index += 1) {
const date = new Date(firstDay.getTime() + index * 24 * 60 * 60 * 1000);
points.set(isoDay(date), {
date: isoDay(date),
activityCount: 0,
completedIssues: 0,
costCents: 0,
inputTokens: 0,
cachedInputTokens: 0,
outputTokens: 0,
});
}
const activityDay = dayKeyExpr(sql`${activityLog.createdAt}`);
const activityRows = await db
.select({
date: activityDay,
count: sql<number>`count(*)::int`,
})
.from(activityLog)
.where(
and(
eq(activityLog.companyId, companyId),
eq(activityLog.actorType, "user"),
eq(activityLog.actorId, userId),
gte(activityLog.createdAt, firstDay),
),
)
.groupBy(activityDay);
for (const row of activityRows) {
const point = points.get(row.date);
if (point) point.activityCount = Number(row.count);
}
const completedDay = dayKeyExpr(sql`${issues.completedAt}`);
const completedRows = await db
.select({
date: completedDay,
count: sql<number>`count(distinct ${issues.id})::int`,
})
.from(issues)
.where(
and(
eq(issues.companyId, companyId),
isNull(issues.hiddenAt),
eq(issues.status, "done"),
gte(issues.completedAt, firstDay),
userIssueInvolvementSql(companyId, userId),
),
)
.groupBy(completedDay);
for (const row of completedRows) {
const point = points.get(row.date);
if (point) point.completedIssues = Number(row.count);
}
const costDay = dayKeyExpr(sql`${costEvents.occurredAt}`);
const costRows = await db
.select({
date: costDay,
costCents: sumNumber(costEvents.costCents),
inputTokens: sumNumber(costEvents.inputTokens),
cachedInputTokens: sumNumber(costEvents.cachedInputTokens),
outputTokens: sumNumber(costEvents.outputTokens),
})
.from(costEvents)
.innerJoin(issues, and(eq(issues.id, costEvents.issueId), eq(issues.companyId, costEvents.companyId)))
.where(
and(
eq(costEvents.companyId, companyId),
gte(costEvents.occurredAt, firstDay),
userIssueInvolvementSql(companyId, userId),
),
)
.groupBy(costDay);
for (const row of costRows) {
const point = points.get(row.date);
if (!point) continue;
point.costCents = Number(row.costCents);
point.inputTokens = Number(row.inputTokens);
point.cachedInputTokens = Number(row.cachedInputTokens);
point.outputTokens = Number(row.outputTokens);
}
return [...points.values()];
}
export function userProfileRoutes(db: Db) {
const router = Router();
router.get("/companies/:companyId/users/:userSlug/profile", async (req, res) => {
const companyId = req.params.companyId as string;
const userSlug = req.params.userSlug as string;
assertCompanyAccess(req, companyId);
const row = await resolveCompanyUser(db, companyId, userSlug);
if (!row) throw notFound("User not found");
const canonicalSlug = userSlugCandidates(row)[0] ?? row.principalId;
const userId = row.userId ?? row.principalId;
const [stats, daily, recentIssues, recentActivity, topAgents, topProviders] = await Promise.all([
Promise.all(
PROFILE_WINDOWS.map((entry) =>
loadWindowStats(db, companyId, userId, entry.key, entry.label, windowStart(entry.days)),
),
),
loadDailyStats(db, companyId, userId),
db
.select({
id: issues.id,
identifier: issues.identifier,
title: issues.title,
status: issues.status,
priority: issues.priority,
assigneeAgentId: issues.assigneeAgentId,
assigneeUserId: issues.assigneeUserId,
updatedAt: issues.updatedAt,
completedAt: issues.completedAt,
})
.from(issues)
.where(
and(
eq(issues.companyId, companyId),
isNull(issues.hiddenAt),
userIssueInvolvementSql(companyId, userId),
),
)
.orderBy(desc(issues.updatedAt))
.limit(8),
db
.select({
id: activityLog.id,
action: activityLog.action,
entityType: activityLog.entityType,
entityId: activityLog.entityId,
details: activityLog.details,
createdAt: activityLog.createdAt,
})
.from(activityLog)
.where(
and(
eq(activityLog.companyId, companyId),
eq(activityLog.actorType, "user"),
eq(activityLog.actorId, userId),
),
)
.orderBy(desc(activityLog.createdAt))
.limit(12),
db
.select({
agentId: costEvents.agentId,
agentName: agents.name,
costCents: sumNumber(costEvents.costCents),
inputTokens: sumNumber(costEvents.inputTokens),
cachedInputTokens: sumNumber(costEvents.cachedInputTokens),
outputTokens: sumNumber(costEvents.outputTokens),
})
.from(costEvents)
.innerJoin(issues, and(eq(issues.id, costEvents.issueId), eq(issues.companyId, costEvents.companyId)))
.leftJoin(agents, eq(agents.id, costEvents.agentId))
.where(and(eq(costEvents.companyId, companyId), userIssueInvolvementSql(companyId, userId)))
.groupBy(costEvents.agentId, agents.name)
.orderBy(desc(sumNumber(costEvents.costCents)))
.limit(5),
db
.select({
provider: costEvents.provider,
biller: costEvents.biller,
model: costEvents.model,
costCents: sumNumber(costEvents.costCents),
inputTokens: sumNumber(costEvents.inputTokens),
cachedInputTokens: sumNumber(costEvents.cachedInputTokens),
outputTokens: sumNumber(costEvents.outputTokens),
})
.from(costEvents)
.innerJoin(issues, and(eq(issues.id, costEvents.issueId), eq(issues.companyId, costEvents.companyId)))
.where(and(eq(costEvents.companyId, companyId), userIssueInvolvementSql(companyId, userId)))
.groupBy(costEvents.provider, costEvents.biller, costEvents.model)
.orderBy(desc(sumNumber(costEvents.costCents)))
.limit(5),
]);
const user: UserProfileIdentity = {
id: userId,
slug: canonicalSlug,
name: row.name,
email: row.email,
image: row.image,
membershipRole: row.membershipRole,
membershipStatus: row.status,
joinedAt: row.createdAt,
};
const payload: UserProfileResponse = {
user,
stats,
daily,
recentIssues: recentIssues.map((issue) => ({
...issue,
status: issue.status as UserProfileResponse["recentIssues"][number]["status"],
priority: issue.priority as UserProfileResponse["recentIssues"][number]["priority"],
})),
recentActivity,
topAgents: topAgents.map((entry) => ({
...entry,
costCents: Number(entry.costCents),
inputTokens: Number(entry.inputTokens),
cachedInputTokens: Number(entry.cachedInputTokens),
outputTokens: Number(entry.outputTokens),
})),
topProviders: topProviders.map((entry) => ({
...entry,
costCents: Number(entry.costCents),
inputTokens: Number(entry.inputTokens),
cachedInputTokens: Number(entry.cachedInputTokens),
outputTokens: Number(entry.outputTokens),
})),
};
res.json(payload);
});
return router;
}