artifacts/api-server/src/routes/admin-relay-queue.ts

/**
 * admin-relay-queue.ts — Admin endpoints for the event moderation queue.
 *
 * Protected by ADMIN_SECRET Bearer token (same pattern as admin-relay.ts).
 *
 * Routes:
 *   GET  /api/admin/relay/queue                    — list queue (filterable by status)
 *   POST /api/admin/relay/queue/:eventId/approve   — admin approve
 *   POST /api/admin/relay/queue/:eventId/reject    — admin reject
 */

import { Router, type Request, type Response, type NextFunction } from "express";
import { db, relayEventQueue, type QueueStatus, QUEUE_STATUSES } from "@workspace/db";
import { eq } from "drizzle-orm";
import { makeLogger } from "../lib/logger.js";
import { moderationService } from "../lib/moderation.js";

const logger = makeLogger("admin-relay-queue");
const router = Router();

const ADMIN_SECRET = process.env["ADMIN_SECRET"] ?? "";
const IS_PROD = process.env["NODE_ENV"] === "production";

if (!ADMIN_SECRET && IS_PROD) {
  logger.error("ADMIN_SECRET not set in production — admin relay queue routes are unprotected");
}

// ── Admin auth middleware ─────────────────────────────────────────────────────

function requireAdmin(req: Request, res: Response, next: NextFunction): void {
  if (ADMIN_SECRET) {
    const authHeader = req.headers["authorization"] ?? "";
    const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : "";
    if (token !== ADMIN_SECRET) {
      res.status(401).json({ error: "Unauthorized" });
      return;
    }
  } else {
    const ip = req.ip ?? "";
    const isLocal = ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1";
    if (!isLocal) {
      res.status(401).json({ error: "Unauthorized" });
      return;
    }
  }
  next();
}

// ── GET /admin/relay/queue ────────────────────────────────────────────────────
// Query param: ?status=pending|approved|rejected|auto_approved
// Default: returns all statuses.

router.get("/admin/relay/queue", requireAdmin, async (req: Request, res: Response) => {
  const statusParam = req.query["status"] as string | undefined;

  if (statusParam && !QUEUE_STATUSES.includes(statusParam as QueueStatus)) {
    res.status(400).json({
      error: `Invalid status '${statusParam}'. Must be one of: ${QUEUE_STATUSES.join(", ")}`,
    });
    return;
  }

  const rows = statusParam
    ? await db
        .select()
        .from(relayEventQueue)
        .where(eq(relayEventQueue.status, statusParam as QueueStatus))
        .orderBy(relayEventQueue.createdAt)
    : await db
        .select()
        .from(relayEventQueue)
        .orderBy(relayEventQueue.createdAt);

  res.json({
    total: rows.length,
    events: rows.map((r) => ({
      eventId: r.eventId,
      pubkey: r.pubkey,
      kind: r.kind,
      status: r.status,
      reviewedBy: r.reviewedBy,
      reviewReason: r.reviewReason,
      createdAt: r.createdAt,
      decidedAt: r.decidedAt,
    })),
  });
});

// ── POST /admin/relay/queue/:eventId/approve ──────────────────────────────────

router.post(
  "/admin/relay/queue/:eventId/approve",
  requireAdmin,
  async (req: Request, res: Response) => {
    const { eventId } = req.params as { eventId: string };
    const body = req.body as { reason?: string };
    const reason = body.reason ?? "admin approval";

    const rows = await db
      .select({ status: relayEventQueue.status })
      .from(relayEventQueue)
      .where(eq(relayEventQueue.eventId, eventId))
      .limit(1);

    if (!rows[0]) {
      res.status(404).json({ error: "Event not found in queue" });
      return;
    }

    if (rows[0].status === "approved" || rows[0].status === "auto_approved") {
      res.status(409).json({ error: "Event already approved" });
      return;
    }

    await moderationService.decide(eventId, "approved", reason, "admin");

    logger.info("admin approved queued event", {
      eventId: eventId.slice(0, 8),
      reason,
    });

    res.json({ ok: true, eventId, status: "approved", reason });
  },
);

// ── POST /admin/relay/queue/:eventId/reject ───────────────────────────────────

router.post(
  "/admin/relay/queue/:eventId/reject",
  requireAdmin,
  async (req: Request, res: Response) => {
    const { eventId } = req.params as { eventId: string };
    const body = req.body as { reason?: string };
    const reason = body.reason ?? "admin rejection";

    const rows = await db
      .select({ status: relayEventQueue.status })
      .from(relayEventQueue)
      .where(eq(relayEventQueue.eventId, eventId))
      .limit(1);

    if (!rows[0]) {
      res.status(404).json({ error: "Event not found in queue" });
      return;
    }

    if (rows[0].status === "rejected") {
      res.status(409).json({ error: "Event already rejected" });
      return;
    }

    await moderationService.decide(eventId, "rejected", reason, "admin");

    logger.info("admin rejected queued event", {
      eventId: eventId.slice(0, 8),
      reason,
    });

    res.json({ ok: true, eventId, status: "rejected", reason });
  },
);

export default router;
task/32: Event moderation queue + Timmy AI review ## What was built Full moderation pipeline: relay_event_queue table, strfry inject helper, ModerationService with Claude haiku review, policy tier routing, 30s poll loop, admin approve/reject/list endpoints. ## DB schema (`lib/db/src/schema/relay-event-queue.ts`) relay_event_queue: event_id (PK), pubkey (FK → nostr_identities), kind, raw_event (text JSON), status (pending/approved/rejected/auto_approved), reviewed_by (timmy_ai/admin/null), review_reason, created_at, decided_at. Exported from schema/index.ts. Pushed via pnpm run push. ## strfry HTTP client (`artifacts/api-server/src/lib/strfry.ts`) injectEvent(rawEventJson) — POST {STRFRY_URL}/import (NDJSON). STRFRY_URL defaults to "http://strfry:7777" (Docker internal network). 5s timeout; graceful failure in dev when strfry not running; never throws. ## ModerationService (`artifacts/api-server/src/lib/moderation.ts`) - enqueue(event) — insert pending row; idempotent onConflictDoNothing - autoReview(eventId) — Claude haiku prompt: approve or flag. On flag, marks reviewedBy=timmy_ai and leaves pending for admin. On approve, calls decide(). - decide(eventId, status, reason, reviewedBy) — updates DB + calls injectEvent - processPending(limit=10) — batch poll: auto-review up to limit pending events - Stub mode: auto-approves all events when Anthropic key absent ## Policy endpoint update (`artifacts/api-server/src/routes/relay.ts`) Tier routing in evaluatePolicy: read/none → reject (unchanged) write + elite tier → injectEvent + accept (elite bypass; shadowReject if inject fails) write + non-elite → enqueue + shadowReject (held for moderation) Imports db/nostrIdentities directly for tier check. Both inject and enqueue errors are fail-closed (reject vs shadowReject respectively). ## Background poll loop (`artifacts/api-server/src/index.ts`) setInterval every 30s calling moderationService.processPending(10). Interval configurable via MODERATION_POLL_MS env var. Errors caught per-event; poll loop never crashes the server. ## Admin queue routes (`artifacts/api-server/src/routes/admin-relay-queue.ts`) ADMIN_SECRET Bearer auth (same pattern as admin-relay.ts). GET /api/admin/relay/queue?status=... — list all / by status POST /api/admin/relay/queue/:eventId/approve — approve + inject into strfry POST /api/admin/relay/queue/:eventId/reject — reject (no inject) 409 on duplicate decisions. Registered in routes/index.ts. ## Smoke tests (all pass) Unknown → reject ✓; elite → shadowReject (strfry unavailable in dev) ✓; non-elite write → shadowReject + pending in queue ✓; admin approve → approved ✓; moderation poll loop started ✓; TypeScript 0 errors. 2026-03-19 20:35:39 +00:00			`/**`
			`* admin-relay-queue.ts — Admin endpoints for the event moderation queue.`
			`*`
			`* Protected by ADMIN_SECRET Bearer token (same pattern as admin-relay.ts).`
			`*`
			`* Routes:`
			`* GET /api/admin/relay/queue — list queue (filterable by status)`
			`* POST /api/admin/relay/queue/:eventId/approve — admin approve`
			`* POST /api/admin/relay/queue/:eventId/reject — admin reject`
			`*/`

			`import { Router, type Request, type Response, type NextFunction } from "express";`
			`import { db, relayEventQueue, type QueueStatus, QUEUE_STATUSES } from "@workspace/db";`
			`import { eq } from "drizzle-orm";`
			`import { makeLogger } from "../lib/logger.js";`
			`import { moderationService } from "../lib/moderation.js";`

			`const logger = makeLogger("admin-relay-queue");`
			`const router = Router();`

			`const ADMIN_SECRET = process.env["ADMIN_SECRET"] ?? "";`
			`const IS_PROD = process.env["NODE_ENV"] === "production";`

			`if (!ADMIN_SECRET && IS_PROD) {`
			`logger.error("ADMIN_SECRET not set in production — admin relay queue routes are unprotected");`
			`}`

			`// ── Admin auth middleware ─────────────────────────────────────────────────────`

			`function requireAdmin(req: Request, res: Response, next: NextFunction): void {`
			`if (ADMIN_SECRET) {`
			`const authHeader = req.headers["authorization"] ?? "";`
			`const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : "";`
			`if (token !== ADMIN_SECRET) {`
			`res.status(401).json({ error: "Unauthorized" });`
			`return;`
			`}`
			`} else {`
			`const ip = req.ip ?? "";`
			`const isLocal = ip === "127.0.0.1" \|\| ip === "::1" \|\| ip === "::ffff:127.0.0.1";`
			`if (!isLocal) {`
			`res.status(401).json({ error: "Unauthorized" });`
			`return;`
			`}`
			`}`
			`next();`
			`}`

			`// ── GET /admin/relay/queue ────────────────────────────────────────────────────`
			`// Query param: ?status=pending\|approved\|rejected\|auto_approved`
			`// Default: returns all statuses.`

			`router.get("/admin/relay/queue", requireAdmin, async (req: Request, res: Response) => {`
			`const statusParam = req.query["status"] as string \| undefined;`

			`if (statusParam && !QUEUE_STATUSES.includes(statusParam as QueueStatus)) {`
			`res.status(400).json({`
			error: `Invalid status '${statusParam}'. Must be one of: ${QUEUE_STATUSES.join(", ")}`,
			`});`
			`return;`
			`}`

			`const rows = statusParam`
			`? await db`
			`.select()`
			`.from(relayEventQueue)`
			`.where(eq(relayEventQueue.status, statusParam as QueueStatus))`
			`.orderBy(relayEventQueue.createdAt)`
			`: await db`
			`.select()`
			`.from(relayEventQueue)`
			`.orderBy(relayEventQueue.createdAt);`

			`res.json({`
			`total: rows.length,`
			`events: rows.map((r) => ({`
			`eventId: r.eventId,`
			`pubkey: r.pubkey,`
			`kind: r.kind,`
			`status: r.status,`
			`reviewedBy: r.reviewedBy,`
			`reviewReason: r.reviewReason,`
			`createdAt: r.createdAt,`
			`decidedAt: r.decidedAt,`
			`})),`
			`});`
			`});`

			`// ── POST /admin/relay/queue/:eventId/approve ──────────────────────────────────`

			`router.post(`
			`"/admin/relay/queue/:eventId/approve",`
			`requireAdmin,`
			`async (req: Request, res: Response) => {`
			`const { eventId } = req.params as { eventId: string };`
			`const body = req.body as { reason?: string };`
			`const reason = body.reason ?? "admin approval";`

			`const rows = await db`
			`.select({ status: relayEventQueue.status })`
			`.from(relayEventQueue)`
			`.where(eq(relayEventQueue.eventId, eventId))`
			`.limit(1);`

			`if (!rows[0]) {`
			`res.status(404).json({ error: "Event not found in queue" });`
			`return;`
			`}`

			`if (rows[0].status === "approved" \|\| rows[0].status === "auto_approved") {`
			`res.status(409).json({ error: "Event already approved" });`
			`return;`
			`}`

			`await moderationService.decide(eventId, "approved", reason, "admin");`

			`logger.info("admin approved queued event", {`
			`eventId: eventId.slice(0, 8),`
			`reason,`
			`});`

			`res.json({ ok: true, eventId, status: "approved", reason });`
			`},`
			`);`

			`// ── POST /admin/relay/queue/:eventId/reject ───────────────────────────────────`

			`router.post(`
			`"/admin/relay/queue/:eventId/reject",`
			`requireAdmin,`
			`async (req: Request, res: Response) => {`
			`const { eventId } = req.params as { eventId: string };`
			`const body = req.body as { reason?: string };`
			`const reason = body.reason ?? "admin rejection";`

			`const rows = await db`
			`.select({ status: relayEventQueue.status })`
			`.from(relayEventQueue)`
			`.where(eq(relayEventQueue.eventId, eventId))`
			`.limit(1);`

			`if (!rows[0]) {`
			`res.status(404).json({ error: "Event not found in queue" });`
			`return;`
			`}`

			`if (rows[0].status === "rejected") {`
			`res.status(409).json({ error: "Event already rejected" });`
			`return;`
			`}`

			`await moderationService.decide(eventId, "rejected", reason, "admin");`

			`logger.info("admin rejected queued event", {`
			`eventId: eventId.slice(0, 8),`
			`reason,`
			`});`

			`res.json({ ok: true, eventId, status: "rejected", reason });`
			`},`
			`);`

			`export default router;`