till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-15 00:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/scripts/personas/password.ts
Till JS 493db0c3b2 feat(personas): M2.a-c — persona schemas + admin endpoints + seed pipeline 
Continuation of docs/plans/mana-mcp-and-personas.md. Personas are the
auto-test users the M3 runner will drive — they're real Mana users
(kind='persona', tier='founder'), registered through the same Better
Auth pipeline as humans, just stamped differently and metadata-tracked
so the persona-runner knows how to role-play them.

Schemas (auth namespace — personas are 1:1 with users, no reason for a
separate platform.* schema that the plan originally sketched)

- userKindEnum ('human' | 'persona' | 'system') + users.kind column,
  wired into better-auth additionalFields so the JWT/user object carry
  the flag. Default 'human' keeps every existing user untouched.
- auth.personas — 1:1 descriptor (archetype, systemPrompt, moduleMix
  jsonb, tickCadence, lastActiveAt). CASCADE from users.id.
- auth.persona_actions — tick-grouped audit of every tool call the
  runner makes (toolName, inputHash for dedup, result, latency).
- auth.persona_feedback — structured 1-5 ratings per module per tick,
  plus free-text notes. This is where the runner writes the
  self-reflection step at end of each tick.

Admin endpoints (/api/v1/admin/personas, admin-tier-gated)

- POST /            create-or-update by email. Uses auth.api.signUpEmail
                    if the user's new, then stamps kind+tier+verified
                    and upserts the personas row. Idempotent — safe to
                    re-run after catalog edits.
- GET  /            list with 7-day action count per persona.
- GET  /:id         detail + recent 20 actions + per-module feedback
                    aggregate.
- DELETE /:id       hard delete. Refuses non-persona users as
                    defense-in-depth: an admin typo here would cascade
                    through the full user-delete chain.

Catalog + seed pipeline (scripts/personas/)

- catalog.json      10 handwritten personas spanning 7 archetypes
                    (adhd-student, ceo-busy, creative-parent, solo-dev,
                    researcher, freelancer, overwhelmed-newbie).
                    Five pairs of personas that will later share
                    family/team spaces (cross-space setup is deferred
                    to M2.d per the plan).
- catalog.ts        zod-validated loader. Refines email to require
                    @mana.test TLD — non-existent, no bounce risk.
- password.ts       deterministic HMAC-SHA256(PERSONA_SEED_SECRET,
                    email). No stored per-persona credentials; the
                    runner re-derives on every login. Refuses the
                    dev-fallback secret in production.
- seed.ts           POST /admin/personas per catalog entry. Flags:
                    --auth=, --jwt=, --dry-run.
- cleanup.ts        Hard-delete every live persona. Warns when the
                    live set drifts from the catalog.

Root package.json:
  pnpm seed:personas
  pnpm seed:personas:cleanup

Extends the ESLint root-ignore list with `scripts/**` so Bun-typed
utility scripts don't fail the typed-parser check they weren't opted
into. Consistent with the rest of scripts/ being .mjs+.sh.

To go live (user action):
  pnpm docker:up
  cd services/mana-auth && bun run db:push
  export MANA_ADMIN_JWT=...
  pnpm seed:personas

M2.d deferred: cross-space (family/team/practice) memberships between
persona pairs. Better Auth's org-invite flow is multi-step and would
roughly double the M2 scope; the persona-runner (M3) can operate in
personal spaces first, shared-space tests land as their own milestone.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 13:55:14 +02:00

31 lines
1.3 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* Deterministic per-persona password.
*
* HMAC-SHA256(PERSONA_SEED_SECRET, persona.email) → base64 → trim to 32
* chars. Long enough for Better Auth's 8128 range, identical every run
* so seed/login are repeatable, but only knowable to whoever holds the
* env secret.
*
* Why not random + storage: storing per-persona passwords means another
* place to encrypt and audit. The runner needs to log in as the persona
* many times — looking up a stored cred per call is wasteful when the
* same HMAC gives us the same answer in O(1).
*/
import { createHmac } from 'node:crypto';
const DEV_FALLBACK_SECRET = 'dev-persona-seed-secret-rotate-in-prod';
export function personaPassword(email: string): string {
const secret = process.env.PERSONA_SEED_SECRET ?? DEV_FALLBACK_SECRET;
if (secret === DEV_FALLBACK_SECRET && process.env.NODE_ENV === 'production') {
throw new Error(
'PERSONA_SEED_SECRET must be set in production — refusing to derive persona passwords from the dev fallback.'
);
}
const hmac = createHmac('sha256', secret).update(email).digest('base64');
// Strip non-alphanumerics so the result is safe in CLI quotes,
// keep at least one digit + one letter for password-policy compliance.
const cleaned = hmac.replace(/[^a-zA-Z0-9]/g, '');
return cleaned.slice(0, 32);
}
Reference in a new issue View git blame Copy permalink