Resolve PR #225 conflicts (combine both)

Author: Calebux

.github/workflows/typecheck.yml

@@ -0,0 +1,43 @@
+name: TypeScript Check
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  typecheck-backend:
+    name: TypeScript Check (Backend)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: backend
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: backend/pnpm-lock.yaml
+      - run: pnpm install
+      - run: npx tsc --noEmit
+
+  typecheck-client:
+    name: TypeScript Check (Client)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: client
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: client/package-lock.json
+      - run: npm ci
+      - run: npx tsc --noEmit

README.md

@@ -1,3 +1,4 @@
+[![TypeScript Check](https://github.com/Calebux/SYNCRO/actions/workflows/typecheck.yml/badge.svg)](https://github.com/Calebux/SYNCRO/actions/workflows/typecheck.yml)
 # SYNCRO
 
 ![Tests](https://github.com/Calebux/SYNCRO/actions/workflows/test.yml/badge.svg)

backend/.env.example

@@ -43,6 +43,8 @@ VAPID_SUBJECT=mailto:noreply@synchro.app
 # Rate Limiting Configuration (optional)
 # Redis URL for persistent rate limiting across server instances
 RATE_LIMIT_REDIS_URL=redis://localhost:6379
+# Redis connection URL used by the renewal rate limiter and other Redis-backed services
+REDIS_URL=redis://localhost:6379
 
 # Enable/disable Redis for rate limiting (defaults to true if URL is provided)
 RATE_LIMIT_REDIS_ENABLED=true
@@ -60,6 +62,12 @@ RATE_LIMIT_ADMIN_MAX=100
 RATE_LIMIT_ADMIN_WINDOW_HOURS=1
 
 # External API Keys (optional)
+ANTHROPIC_API_KEY=your_anthropic_api_key_for_classification  
+# Sentry  
+SENTRY_DSN=your_sentry_dsn_here  
+SENTRY_AUTH_TOKEN=your_sentry_auth_token_here  
+SENTRY_ORG=your_sentry_org_here  
+SENTRY_PROJECT=your_sentry_project_here 
 ANTHROPIC_API_KEY=your_anthropic_api_key_for_classification
 # Risk calculation concurrency (number of simultaneous risk calculations per page)
 RISK_CALC_CONCURRENCY=10

backend/migrations/create_price_history.sql

@@ -0,0 +1,36 @@
+-- Create subscription_price_history table
+CREATE TABLE IF NOT EXISTS subscription_price_history (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  subscription_id UUID NOT NULL REFERENCES subscriptions(id) ON DELETE CASCADE,
+  old_price DECIMAL(10, 2) NOT NULL,
+  new_price DECIMAL(10, 2) NOT NULL,
+  changed_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+  user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE
+);
+
+-- Enable RLS
+ALTER TABLE subscription_price_history ENABLE ROW LEVEL SECURITY;
+
+-- RLS Policies
+CREATE POLICY "Users can view their own price history"
+  ON subscription_price_history FOR SELECT
+  USING (auth.uid() = user_id);
+
+-- Function to handle price changes
+CREATE OR REPLACE FUNCTION handle_subscription_price_change()
+RETURNS TRIGGER AS $$
+BEGIN
+  IF (OLD.price IS DISTINCT FROM NEW.price) THEN
+    INSERT INTO subscription_price_history (subscription_id, old_price, new_price, user_id)
+    VALUES (NEW.id, OLD.price, NEW.price, NEW.user_id);
+  END IF;
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Trigger for price changes
+DROP TRIGGER IF EXISTS on_subscription_price_change ON subscriptions;
+CREATE TRIGGER on_subscription_price_change
+  AFTER UPDATE ON subscriptions
+  FOR EACH ROW
+  EXECUTE FUNCTION handle_subscription_price_change();

backend/package.json

@@ -19,6 +19,8 @@
     "db:new": "supabase migration new"
   },
   "dependencies": {
+    "@sentry/node": "^10.46.0",
+    "@sentry/profiling-node": "^10.46.0",
     "@stellar/stellar-sdk": "^14.5.0",
     "@supabase/supabase-js": "^2.47.10",
     "@types/cookie-parser": "^1.4.10",

backend/scripts/018_add_trial_tracking.sql

@@ -0,0 +1,47 @@
+-- Add trial tracking fields to subscriptions table
+ALTER TABLE public.subscriptions
+  ADD COLUMN IF NOT EXISTS trial_converts_to_price DECIMAL(10,2),
+  ADD COLUMN IF NOT EXISTS credit_card_required BOOLEAN DEFAULT FALSE;
+
+-- Note: is_trial and trial_ends_at already exist on the subscriptions table.
+-- price_after_trial covers trial_converts_to_price semantics but we add the
+-- canonical column name for clarity; both are kept for backwards compatibility.
+
+-- Trial conversion events table
+-- Tracks whether a trial converted intentionally (user clicked "Keep") or automatically,
+-- and whether the user acted on reminders — used for the "Saved by SYNCRO" metric.
+CREATE TABLE IF NOT EXISTS public.trial_conversion_events (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  subscription_id UUID NOT NULL REFERENCES public.subscriptions(id) ON DELETE CASCADE,
+  user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE,
+  -- 'converted' = user kept it, 'cancelled' = user cancelled before charge
+  outcome TEXT NOT NULL CHECK (outcome IN ('converted', 'cancelled')),
+  -- 'intentional' = user clicked Keep/Cancel, 'automatic' = trial expired without action
+  conversion_type TEXT NOT NULL CHECK (conversion_type IN ('intentional', 'automatic')),
+  -- true when user cancelled before auto-charge (counts toward "Saved by SYNCRO")
+  saved_by_syncro BOOLEAN NOT NULL DEFAULT FALSE,
+  -- which reminder (days_before) the user acted on, if any
+  acted_on_reminder_days INTEGER,
+  converted_price DECIMAL(10,2),
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+ALTER TABLE public.trial_conversion_events ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "trial_conversion_events_select_own"
+  ON public.trial_conversion_events FOR SELECT
+  USING (auth.uid() = user_id);
+
+CREATE POLICY "trial_conversion_events_insert_own"
+  ON public.trial_conversion_events FOR INSERT
+  WITH CHECK (auth.uid() = user_id);
+
+CREATE INDEX IF NOT EXISTS trial_conversion_events_user_id_idx
+  ON public.trial_conversion_events(user_id);
+
+CREATE INDEX IF NOT EXISTS trial_conversion_events_subscription_id_idx
+  ON public.trial_conversion_events(subscription_id);
+
+CREATE INDEX IF NOT EXISTS trial_conversion_events_saved_idx
+  ON public.trial_conversion_events(saved_by_syncro)
+  WHERE saved_by_syncro = TRUE;

backend/src/index.ts

@@ -1,6 +1,8 @@
 import express from 'express';
 import cookieParser from 'cookie-parser';
 import dotenv from 'dotenv';
+import * as Sentry from '@sentry/node';
+import { nodeProfilingIntegration } from '@sentry/profiling-node';
 import swaggerUi from 'swagger-ui-express';
 // Load environment variables before importing other modules
 dotenv.config();
@@ -118,6 +120,211 @@ app.get('/api/admin/metrics/subscriptions', adminAuth, async (req, res) => {
   }
 });
 
+// Load environment variables before importing other modules
+dotenv.config();
+
+Sentry.init({
+  dsn: process.env.SENTRY_DSN,
+  environment: process.env.NODE_ENV,
+  integrations: [nodeProfilingIntegration()],
+  tracesSampleRate: 0.1,
+  profilesSampleRate: 0.1,
+});
+
+
+import logger from './config/logger';
+import { requestIdMiddleware } from './middleware/requestContext';
+import { requestLoggerMiddleware } from './middleware/requestLogger';
+import { schedulerService } from './services/scheduler';
+import { reminderEngine } from './services/reminder-engine';
+import subscriptionRoutes from './routes/subscriptions';
+import riskScoreRoutes from './routes/risk-score';
+import simulationRoutes from './routes/simulation';
+import merchantRoutes from './routes/merchants';
+import teamRoutes from './routes/team';
+import auditRoutes from './routes/audit';
+import webhookRoutes from './routes/webhooks';
+import { monitoringService } from './services/monitoring-service';
+import { healthService } from './services/health-service';
+import { eventListener } from './services/event-listener';
+import { expiryService } from './services/expiry-service';
+import { scheduleAutoResume } from './jobs/auto-resume';
+
+const app = express();
+
+// Add Sentry request handler before routes
+app.use(Sentry.Handlers.requestHandler());
+
+const PORT = process.env.PORT || 3001;
+const ADMIN_API_KEY = process.env.ADMIN_API_KEY || 'development-admin-key';
+
+// CORS configuration
+const FRONTEND_URL = process.env.FRONTEND_URL || 'http://localhost:3000';
+app.use((req, res, next) => {
+  res.header('Access-Control-Allow-Origin', FRONTEND_URL);
+  res.header('Access-Control-Allow-Credentials', 'true');
+  res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
+  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Idempotency-Key, If-Match');
+
+  if (req.method === 'OPTIONS') {
+    return res.sendStatus(200);
+  }
+  next();
+});
+
+// Middleware
+app.use(cookieParser());
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+// Request tracing — must come before routes so every log line carries requestId
+app.use(requestIdMiddleware);
+app.use(requestLoggerMiddleware);
+
+
+import { adminAuth } from './middleware/admin';
+import { createAdminLimiter, RateLimiterFactory } from './middleware/rate-limit-factory';
+
+// Health check endpoint
+app.get('/health', (req, res) => {
+  res.json({ status: 'ok', timestamp: new Date().toISOString() });
+});
+
+// API Routes
+app.use('/api/subscriptions', subscriptionRoutes);
+app.use('/api/risk-score', riskScoreRoutes);
+app.use('/api/simulation', simulationRoutes);
+app.use('/api/merchants', merchantRoutes);
+app.use('/api/team', teamRoutes);
+app.use('/api/audit', auditRoutes);
+app.use('/api/webhooks', webhookRoutes);
+
+// API Routes (Public/Standard)
+app.get('/api/reminders/status', (req, res) => {
+  const status = schedulerService.getStatus();
+  res.json(status);
+});
+
+// Admin Monitoring Endpoints (Read-only)
+app.get('/api/admin/metrics/subscriptions', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const metrics = await monitoringService.getSubscriptionMetrics();
+    res.json(metrics);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch subscription metrics' });
+  }
+});
+
+app.get('/api/admin/metrics/renewals', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const metrics = await monitoringService.getRenewalMetrics();
+    res.json(metrics);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch renewal metrics' });
+  }
+});
+
+app.get('/api/admin/metrics/activity', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const metrics = await monitoringService.getAgentActivity();
+    res.json(metrics);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch agent activity' });
+  }
+});
+
+// Protocol Health Monitor: unified admin health (metrics, alerts, history)
+app.get('/api/admin/health', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const includeHistory = req.query.history !== 'false';
+    const health = await healthService.getAdminHealth(includeHistory);
+    const statusCode = health.status === 'unhealthy' ? 503 : 200;
+    res.status(statusCode).json(health);
+  } catch (error) {
+    logger.error('Error fetching admin health:', error);
+    res.status(500).json({ error: 'Failed to fetch health status' });
+  }
+});
+
+// Manual trigger endpoints (for testing/admin - Should eventually be protected)
+app.post('/api/reminders/process', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    await reminderEngine.processReminders();
+    res.json({ success: true, message: 'Reminders processed' });
+  } catch (error) {
+    logger.error('Error processing reminders:', error);
+    res.status(500).json({
+      success: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  }
+});
+
+app.post('/api/reminders/schedule', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const daysBefore = req.body.daysBefore || [7, 3, 1];
+    await reminderEngine.scheduleReminders(daysBefore);
+    res.json({ success: true, message: 'Reminders scheduled' });
+  } catch (error) {
+    logger.error('Error scheduling reminders:', error);
+    res.status(500).json({
+      success: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  }
+});
+
+app.post('/api/reminders/retry', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    await reminderEngine.processRetries();
+    res.json({ success: true, message: 'Retries processed' });
+  } catch (error) {
+    logger.error('Error processing retries:', error);
+    res.status(500).json({
+      success: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  }
+});
+
+// Protocol Health Monitor: record metrics snapshot periodically (historical storage)
+const HEALTH_SNAPSHOT_INTERVAL_MS = 15 * 60 * 1000; // 15 minutes
+function startHealthSnapshotInterval() {
+  setInterval(() => {
+    healthService.recordSnapshot().catch(() => {});
+  }, HEALTH_SNAPSHOT_INTERVAL_MS);
+  // Record one snapshot shortly after startup
+  setTimeout(() => healthService.recordSnapshot().catch(() => {}), 5000);
+}
+
+app.post('/api/admin/expiry/process', createAdminLimiter(), adminAuth, async (req, res) => {
+  try {
+    const result = await expiryService.processExpiries();
+    res.json({ success: true, data: result });
+  } catch (error) {
+    logger.error('Error processing expiries:', error);
+    res.status(500).json({
+      success: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  }
+});
+
+// Add Sentry error handler after all routes
+app.use(Sentry.Handlers.errorHandler());
+
+// Start server
+const server = app.listen(PORT, async () => {
+  logger.info(`Server running on port ${PORT}`);
+  logger.info(`Environment: ${process.env.NODE_ENV || 'development'}`);
+
+  // Initialize rate limiting Redis store
+  try {
+    await RateLimiterFactory.initializeRedisStore();
+    logger.info('Rate limiting initialized successfully');
+  } catch (error) {
+    logger.warn('Rate limiting initialization failed, using memory store:', error);
+import * as bip39 from 'bip39';
 /**
  * @openapi
  * /api/admin/metrics/renewals:
@@ -132,6 +339,8 @@ app.get('/api/admin/metrics/subscriptions', adminAuth, async (req, res) => {
  *       401:
  *         description: Unauthorized
  */
+export function generateMnemonic(): string {
+  return bip39.generateMnemonic(128);
 app.get('/api/admin/metrics/renewals', adminAuth, async (req, res) => {
   try {
     const metrics = await monitoringService.getRenewalMetrics();