refactor(profile-editor): rebuild backend on web3-adapter for 2-way sync

.env.example

@@ -97,6 +97,11 @@ PUBLIC_PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
 PUBLIC_ESIGNER_BASE_URL="http://localhost:3004"
 PUBLIC_FILE_MANAGER_BASE_URL="http://localhost:3005"
 PUBLIC_PROFILE_EDITOR_BASE_URL=http://localhost:3007
+PROFILE_EDITOR_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/profile_editor
+PROFILE_EDITOR_JWT_SECRET="secret"
+# web3-adapter SQLite id-map directory (localId <-> eVault globalId)
+PROFILE_EDITOR_MAPPING_DB_PATH="/path/to/profile-editor/mapping/db"
+# PROFILE_EDITOR_API_PORT=3007   # optional, defaults to 3007
 
 DREAMSYNC_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/dreamsync
 VITE_DREAMSYNC_BASE_URL="http://localhost:8888"
@@ -140,6 +145,13 @@ AWARENESS_PUBLIC_URL="http://localhost:4100"
 AWARENESS_INGEST_SECRET="replace-with-a-strong-secret"
 # Where evault-core forwards every awareness packet
 AWARENESS_SERVICE_URL="http://localhost:4100"
+# Consumer API key (aaas_...) the profile-editor backend uses to register its
+# webhook subscription and poll AaaS. Issued from the AaaS portal after approval.
+AWARENESS_API_KEY=""
+# Public URL AaaS should POST awareness packets to. Override for local dev
+# against prod AaaS — set it to your Cloudflare tunnel, e.g.
+# https://xyz.trycloudflare.com/api/webhook. Defaults to {base}/api/webhook.
+AWARENESS_WEBHOOK_URL=""
 # Comma-separated eNames allowed to act as AaaS portal admins
 AAAS_ADMIN_ENAMES=""
 

platforms/profile-editor/api/nodemon.json

@@ -0,0 +1,6 @@
+{
+	"watch": ["src"],
+	"ext": "ts,json",
+	"ignore": ["src/**/*.spec.ts"],
+	"exec": "ts-node src/index.ts"
+}

platforms/profile-editor/api/package.json

@@ -1,42 +1,36 @@
 {
 	"name": "profile-editor-api",
 	"version": "1.0.0",
-	"description": "Profile Editor API for the w3ds ecosystem",
+	"description": "Profile Editor API for the w3ds ecosystem (AaaS-based)",
 	"main": "src/index.ts",
 	"scripts": {
 		"start": "ts-node src/index.ts",
 		"dev": "nodemon --exec ts-node src/index.ts",
-		"build": "tsc && cp -r src/web3adapter/mappings dist/web3adapter/",
+		"build": "tsc",
 		"typeorm": "typeorm-ts-node-commonjs",
-		"migration:generate": "bash -c 'read -p \"Migration name: \" name && npx typeorm-ts-node-commonjs migration:generate src/database/migrations/$name -d src/database/data-source.ts'",
-		"migration:run": "npm run typeorm migration:run -- -d src/database/data-source.ts",
-		"migration:revert": "npm run typeorm migration:revert -- -d src/database/data-source.ts"
+		"migration:generate": "bash -c 'read -p \"Migration name: \" name && npx typeorm-ts-node-commonjs migration:generate src/migrations/$name -d src/db.ts'",
+		"migration:run": "npm run typeorm migration:run -- -d src/db.ts",
+		"migration:revert": "npm run typeorm migration:revert -- -d src/db.ts"
 	},
 	"dependencies": {
 		"@metastate-foundation/auth": "workspace:*",
 		"axios": "^1.6.7",
 		"cors": "^2.8.5",
 		"dotenv": "^16.4.5",
 		"express": "^4.18.2",
-		"form-data": "^4.0.5",
-		"graphql-request": "^6.1.0",
-		"jsonwebtoken": "^9.0.3",
 		"multer": "^2.1.1",
 		"pg": "^8.20.0",
 		"reflect-metadata": "^0.2.2",
-		"signature-validator": "workspace:*",
-		"web3-adapter": "workspace:*",
 		"typeorm": "^0.3.28",
-		"uuid": "^9.0.1"
+		"web3-adapter": "workspace:*",
+		"zod": "^3.23.8"
 	},
 	"devDependencies": {
 		"@types/cors": "^2.8.17",
 		"@types/express": "^4.17.21",
-		"@types/jsonwebtoken": "^9.0.10",
 		"@types/multer": "^2.1.0",
 		"@types/node": "^20.11.24",
 		"@types/pg": "^8.18.0",
-		"@types/uuid": "^9.0.8",
 		"nodemon": "^3.0.3",
 		"ts-node": "^10.9.2",
 		"typescript": "^5.3.3"

platforms/profile-editor/api/src/aaas.ts

@@ -0,0 +1,55 @@
+import axios from "axios";
+import { env } from "./env";
+
+const USER_ONTOLOGY = "550e8400-e29b-41d4-a716-446655440000";
+const PROFESSIONAL_PROFILE_ONTOLOGY = "550e8400-e29b-41d4-a716-446655440009";
+
+/**
+ * Registers our `/api/webhook` as an AaaS subscription for the user and
+ * professional-profile ontologies (idempotent — skips if one already targets
+ * us). Logs and continues on failure so a down AaaS never blocks startup.
+ */
+export async function registerSubscriptionOnStartup(): Promise<void> {
+    if (!env.awarenessApiKey) {
+        console.warn(
+            "[aaas] AWARENESS_API_KEY not set — skipping subscription registration",
+        );
+        return;
+    }
+
+    const targetUrl =
+        env.awarenessWebhookUrl ||
+        `${env.baseUrl.replace(/\/$/, "")}/api/webhook`;
+    const headers = { Authorization: `Bearer ${env.awarenessApiKey}` };
+    const base = env.awarenessServiceUrl.replace(/\/$/, "");
+
+    try {
+        const { data } = await axios.get<{
+            subscriptions: Array<{ targetUrl: string }>;
+        }>(`${base}/api/subscriptions`, { headers, timeout: 10000 });
+
+        if (data.subscriptions?.some((s) => s.targetUrl === targetUrl)) {
+            console.log("[aaas] subscription already registered");
+            return;
+        }
+
+        await axios.post(
+            `${base}/api/subscriptions`,
+            {
+                targetUrl,
+                ontologyFilter: [USER_ONTOLOGY, PROFESSIONAL_PROFILE_ONTOLOGY],
+                evaultFilter: [],
+            },
+            { headers, timeout: 10000 },
+        );
+        console.log(`[aaas] subscription registered -> ${targetUrl}`);
+    } catch (error) {
+        const message = axios.isAxiosError(error)
+            ? (error.response?.data?.error ?? error.message)
+            : (error as Error).message;
+        console.error(
+            "[aaas] subscription registration failed (continuing):",
+            message,
+        );
+    }
+}