Opey working, site map public, login redirect_to , activity trail WIP

Author: simonredfern

src/hooks.server.ts

@@ -7,9 +7,12 @@ import { sveltekitSessionHandle } from "svelte-kit-sessions";
 import RedisStore from "svelte-kit-connect-redis";
 import { Redis } from "ioredis";
 import { env } from "$env/dynamic/private";
+import { PUBLIC_OBP_BASE_URL } from "$env/static/public";
 import { oauth2ProviderManager } from "$lib/oauth/providerManager";
 import { SessionOAuthHelper } from "$lib/oauth/sessionHelper";
 import { resourceDocsCache } from "$lib/stores/resourceDocsCache";
+import { healthCheckRegistry } from "$lib/health-check/HealthCheckRegistry";
+import { ensureSystemActivityTrail } from "$lib/opey/bootstrap/activityTrailEntities";
 
 declare const process: { env: Record<string, string | undefined>; argv: string[] };
 
@@ -83,6 +86,16 @@ if (!env.REDIS_HOST || !env.REDIS_PORT) {
 // Start OAuth2 provider manager (handles initialization and retries automatically)
 await oauth2ProviderManager.start();
 
+// Register and start health checks
+healthCheckRegistry.register({ serviceName: 'OBP API', url: `${PUBLIC_OBP_BASE_URL}/obp/v6.0.0/root` });
+if (env.OPEY_BASE_URL) {
+  healthCheckRegistry.register({ serviceName: 'Opey II', url: `${env.OPEY_BASE_URL}/status` });
+}
+healthCheckRegistry.startAll();
+
+// Bootstrap: ensure activity trail dynamic entity exists (attempted once per server lifecycle)
+let activityTrailBootstrapped = false;
+
 function needsAuthorization(routeId: string): boolean {
   // protected routes are put in the /(protected)/ route group
   return routeId.startsWith("/(protected)/");
@@ -106,10 +119,11 @@ const checkAuthorization: Handle = async ({ event, resolve }) => {
         "No valid OAuth data found in session. Redirecting to login.",
       );
       // Redirect to login page if no OAuth data is found
+      const redirectTo = encodeURIComponent(event.url.pathname + event.url.search);
       return new Response(null, {
         status: 302,
         headers: {
-          Location: "/login",
+          Location: `/login?redirect_to=${redirectTo}`,
         },
       });
     }
@@ -134,21 +148,23 @@ const checkAuthorization: Handle = async ({ event, resolve }) => {
         logger.info("Destroying expired session and redirecting to login.");
         await session.destroy();
 
+        const redirectTo = encodeURIComponent(event.url.pathname + event.url.search);
         return new Response(null, {
           status: 302,
           headers: {
-            Location: "/login",
+            Location: `/login?redirect_to=${redirectTo}`,
           },
         });
       }
     }
 
     if (!session || !session.data.user) {
       // Redirect to login page if not authenticated
+      const redirectTo = encodeURIComponent(event.url.pathname + event.url.search);
       return new Response(null, {
         status: 302,
         headers: {
-          Location: "/login",
+          Location: `/login?redirect_to=${redirectTo}`,
         },
       });
     } else {
@@ -160,6 +176,21 @@ const checkAuthorization: Handle = async ({ event, resolve }) => {
         resourceDocsCache.preWarmCache(sessionOAuth.accessToken).catch(() => {
           // Silently fail - pre-warming is best-effort
         });
+
+        // Ensure system_activity_trail entity exists (once per server lifecycle)
+        if (!activityTrailBootstrapped) {
+          activityTrailBootstrapped = true;
+          ensureSystemActivityTrail(sessionOAuth.accessToken).then((ok) => {
+            if (!ok) {
+              logger.warn(
+                "WARNING: system_activity_trail entity could not be created. " +
+                  "Ensure the API Manager consumer has the CanCreateSystemLevelDynamicEntity scope. " +
+                  "Opey activity trail features will not work without it."
+              );
+              activityTrailBootstrapped = false; // Allow retry on next request
+            }
+          });
+        }
       }
     }
   }

src/lib/components/ChatMessage.svelte

@@ -79,6 +79,12 @@
 
 	// Compute alignment class
 	let alignmentClass = $derived(message.role === 'user' ? 'items-end' : 'items-start');
+
+	// Use $effect.pre to ensure renderedContent updates before DOM render
+	let renderedContent = $state('');
+	$effect.pre(() => {
+		renderedContent = renderMarkdown(message.message);
+	});
 </script>
 
 <!-- Message container -->
@@ -103,7 +109,7 @@
 
 	<!-- Message content -->
 	<div
-		class="{message.role === 'user' ? 'max-w-3/5' : message.role === 'tool' ? 'w-2/3' : 'max-w-full'} group relative mt-3"
+		class="{message.role === 'user' ? 'max-w-3/5' : message.role === 'tool' ? 'w-2/3' : 'w-full'} group relative mt-3"
 		role="region"
 		aria-label="Chat message"
 	>
@@ -165,7 +171,7 @@
 			{:else}
 				<hr class="hr" />
 				<div class="prose max-w-full rounded-2xl p-2 text-left dark:prose-invert">
-					{@html renderMarkdown(message.message)}
+					{@html renderedContent}
 					{#if message.error}
 						<div class="mt-2">
 							<p class="text-sm text-error-500 dark:text-error-400">

src/lib/components/OpeyChat.svelte

@@ -13,7 +13,7 @@
 	import { ChatController } from '$lib/opey/controllers/ChatController';
 	import { SessionState, type SessionSnapshot } from '$lib/opey/state/SessionState';
 	import { ConsentSessionService } from '$lib/opey/services/ConsentSessionService';
-	import type { ToolMessage } from '$lib/opey/types';
+	import type { BaseMessage, ToolMessage } from '$lib/opey/types';
 	import type { OBPConsentInfo } from '$lib/obp/types';
 	import { healthCheckRegistry } from '$lib/health-check/HealthCheckRegistry';
 
@@ -52,7 +52,7 @@
 	}
 	// Default chat options
 	const defaultChatOptions: OpeyChatOptions = {
-		baseUrl: env.PUBLIC_OPEY_BASE_URL || 'http://localhost:5000',
+		baseUrl: '/api/opey',
 		displayHeader: true,
 		currentlyActiveUserName: 'Guest',
 		displayConnectionPips: true,
@@ -74,6 +74,7 @@
 
 	let session: SessionSnapshot = $state({ isAuthenticated: userAuthenticated, status: 'ready' });
 	let chat: ChatStateSnapshot = $state({ threadId: '', messages: [] });
+	let messages: BaseMessage[] = $state([]);
 
 	// Track pending approvals for batch handling
 	let pendingApprovalTools = $derived.by(() => {
@@ -215,6 +216,7 @@
 		sessionState.subscribe((s) => (session = s));
 		chatState.subscribe((c) => {
 			chat = c;
+			messages = [...c.messages];
 		});
 
 		if (options.initialAssistantMessage) {
@@ -558,10 +560,10 @@
 				class="h-full w-full overflow-y-auto overflow-x-hidden py-4 {options.bodyClasses || ''}"
 			>
 				<div class="space-y-4 min-w-0">
-					{#each chat.messages as message, index (message.id)}
+					{#each messages as message, index (message.id)}
 						<ChatMessage
 							{message}
-							previousMessageRole={index > 0 ? chat.messages[index - 1].role : undefined}
+							previousMessageRole={index > 0 ? messages[index - 1].role : undefined}
 							userName={options.currentlyActiveUserName}
 							onApprove={handleApprove}
 							onDeny={handleDeny}
@@ -570,7 +572,7 @@
 							batchApprovalGroup={pendingApprovalTools.length > 1 ? pendingApprovalTools : undefined}
 							onConsent={handleConsent}
 							onConsentDeny={handleConsentDeny}
-							allMessages={chat.messages}
+							allMessages={messages}
 						/>
 					{/each}
 				</div>

src/lib/config/navigation.ts

@@ -72,7 +72,7 @@ function buildMyAccountItems(): NavigationItem[] {
       label: "My Collections",
       iconComponent: FolderOpen,
     },
-    { href: "/user/site-map", label: "Site Map", iconComponent: Map },
+    { href: "/site-map", label: "Site Map", iconComponent: Map },
   ];
 
   // Only add Subscriptions link if PUBLIC_SUBSCRIPTIONS_URL is set

src/lib/opey/bootstrap/activityTrailEntities.ts

@@ -0,0 +1,118 @@
+import { obp_requests } from "$lib/obp/requests";
+import { createLogger } from "$lib/utils/logger";
+
+const logger = createLogger("ActivityTrailBootstrap");
+
+/**
+ * Schema definition for system_activity_trail — a system-level personal dynamic entity.
+ *
+ * Stores snapshots of data entities the user has encountered (users, consumers,
+ * customers, accounts, products, etc.) to power Opey's "What should I know?" insights.
+ *
+ * Bank-scoped entities include a bank_id in the metadata field.
+ */
+const SYSTEM_ACTIVITY_TRAIL = {
+	entity_name: "system_activity_trail",
+	has_personal_entity: true,
+	has_public_access: false,
+	has_community_access: false,
+	personal_requires_role: false,
+	schema: {
+		description:
+			"Snapshots of data entities encountered by the user, for cross-entity insight generation.",
+		required: ["timestamp", "entity_type", "entity_id", "summary"],
+		properties: {
+			timestamp: {
+				type: "string",
+				minLength: 20,
+				maxLength: 30,
+				example: "2026-03-06T14:32:00Z",
+				description: "ISO 8601 timestamp of when the entity was encountered"
+			},
+			entity_type: {
+				type: "string",
+				minLength: 1,
+				maxLength: 50,
+				example: "customer",
+				description:
+					"Type of entity encountered, e.g. user, consumer, entitlement, customer, account, product, transaction, branch, atm"
+			},
+			entity_id: {
+				type: "string",
+				minLength: 1,
+				maxLength: 200,
+				example: "abc-123",
+				description: "The specific OBP identifier of the entity"
+			},
+			summary: {
+				type: "string",
+				minLength: 1,
+				maxLength: 2000,
+				example:
+					"ABC Corp - 3 accounts (2 GBP, 1 EUR), onboarded 2024-01, KYC complete",
+				description:
+					"Human-readable snapshot of the entity data at time of encounter"
+			},
+			metadata: {
+				type: "string",
+				minLength: 0,
+				maxLength: 5000,
+				example:
+					'{"bank_id": "gh.29.uk", "account_count": 3, "currencies": ["GBP", "EUR"]}',
+				description:
+					"JSON-encoded structured data for machine reasoning. Include bank_id here for bank-scoped entities."
+			}
+		}
+	}
+};
+
+/**
+ * Ensure the system_activity_trail dynamic entity exists in OBP.
+ * Creates it if missing. Requires CanCreateSystemLevelDynamicEntity consumer scope.
+ *
+ * Call once at startup (on first authenticated request).
+ */
+export async function ensureSystemActivityTrail(
+	accessToken: string
+): Promise<boolean> {
+	const entityName = SYSTEM_ACTIVITY_TRAIL.entity_name;
+
+	try {
+		const response = await obp_requests.get(
+			"/obp/v6.0.0/management/system-dynamic-entities",
+			accessToken
+		);
+		const entities = response.dynamic_entities || [];
+		const exists = entities.some(
+			(e: { entity_name: string }) => e.entity_name === entityName
+		);
+
+		if (exists) {
+			logger.info(`Dynamic entity '${entityName}' already exists.`);
+			return true;
+		}
+	} catch (err) {
+		logger.warn(
+			`Could not list system dynamic entities — ` +
+				`check that the API Manager consumer has CanCreateSystemLevelDynamicEntity scope: ${err}`
+		);
+		return false;
+	}
+
+	try {
+		logger.info(`Creating dynamic entity '${entityName}'...`);
+		await obp_requests.post(
+			"/obp/v6.0.0/management/system-dynamic-entities",
+			SYSTEM_ACTIVITY_TRAIL,
+			accessToken
+		);
+		logger.info(`Dynamic entity '${entityName}' created successfully.`);
+		return true;
+	} catch (err) {
+		logger.warn(
+			`Failed to create dynamic entity '${entityName}'. ` +
+				`Ensure the API Manager consumer has CanCreateSystemLevelDynamicEntity scope. Error: ${err}`
+		);
+		return false;
+	}
+}

src/lib/opey/services/OBPIntegrationService.ts

@@ -19,22 +19,25 @@ export class DefaultOBPIntegrationService implements OBPIntegrationService {
       throw new Error("User not authenticated with OBP");
     }
 
+    logger.info(`getOrCreateOpeyConsent: looking for existing ACCEPTED consent with consumer_id="${this.opeyConsumerId}"`);
+
     // Check for existing consent first
     const existingConsentId = await this.checkExistingOpeyConsent(session);
     if (existingConsentId) {
       const userIdentifier = extractUsernameFromJWT(existingConsentId.jwt);
       logger.info(
-        `Found existing consent JWT - Primary user: ${userIdentifier}`,
+        `Found existing consent: consent_id="${existingConsentId.consent_id}", status="${existingConsentId.status}", consumer_id="${existingConsentId.consumer_id}" - user: ${userIdentifier}`,
       );
       return existingConsentId;
     }
 
     // Create new consent
+    logger.info(`No existing ACCEPTED consent found - creating new IMPLICIT consent with consumer_id="${this.opeyConsumerId}"`);
     const consent = await this.createImplicitConsent(
       session.data.oauth.access_token,
     );
     const userIdentifier = extractUsernameFromJWT(consent.jwt);
-    logger.info(`Created new consent JWT - Primary user: ${userIdentifier}`);
+    logger.info(`Created new consent: consent_id="${consent.consent_id}", status="${consent.status}", consumer_id="${consent.consumer_id}" - user: ${userIdentifier}`);
     return consent;
   }
 

src/lib/opey/services/RestChatService.ts

@@ -207,7 +207,6 @@ export class RestChatService implements ChatService {
 				buffer = lines.pop() || ''; // Keep the last incomplete line
 
 				for (const line of lines) {
-					//logger.debug(line);
 					if (line.startsWith('data: ')) {
 						let eventData;
 
@@ -233,7 +232,7 @@ export class RestChatService implements ChatService {
 	}
 
 	private handleStreamEvent(eventData: any): void {
-		logger.debug('Received stream event data:', eventData);
+		logger.debug(`Received stream event type="${eventData?.type}":`, eventData);
 		switch (eventData.type) {
 			case 'user_message_confirmed':
 				this.streamEventCallback?.({
@@ -248,7 +247,8 @@ export class RestChatService implements ChatService {
 				this.streamEventCallback?.({
 					type: 'assistant_start',
 					messageId: eventData.message_id,
-					timestamp: new Date(eventData.timestamp)
+					// Opey sends Unix timestamps in seconds; multiply by 1000 for JS Date (milliseconds)
+					timestamp: new Date(eventData.timestamp * 1000)
 				});
 				break;
 			case 'assistant_token':