diff --git a/advocate.php b/advocate.php index 91a93c1..39dcce1 100644 --- a/advocate.php +++ b/advocate.php @@ -55,9 +55,10 @@ require_once __DIR__ . '/includes/layout.php'; - + + -

Azure mini finishes fastest. Azure full produces the most thorough advocate brief. Norwegian specialist uses a fine-tuned Norwegian law model for the synthesis — best for Barneloven, barnevern, and ECHR family law cases.

+

Azure mini finishes fastest. Azure full produces the most thorough advocate brief. Norwegian specialist v3 is a Qwen2.5 fine-tune trained on barnevernsloven, ECHR, and forvaltningsloven — highest precision for § 4-25, Strand Lobben, and procedural red flags.

Corpus slices

diff --git a/api/award-survey-credits.php b/api/award-survey-credits.php new file mode 100644 index 0000000..6ac6e91 --- /dev/null +++ b/api/award-survey-credits.php @@ -0,0 +1,104 @@ + 300) { + dbnToolsError('Stale intersite timestamp.', 401, 'stale_timestamp'); +} + +$raw = file_get_contents('php://input'); +if ($raw === false || $raw === '') { + dbnToolsError('Empty body.', 400, 'empty_body'); +} + +$expected = hash_hmac('sha256', $ts . '.' . $raw, $secret); +if (!hash_equals($expected, $sig)) { + dbnToolsError('Bad intersite signature.', 401, 'bad_signature'); +} + +$data = json_decode($raw, true); +if (!is_array($data)) { + dbnToolsError('Invalid JSON body.', 400, 'invalid_json'); +} + +$email = strtolower(trim((string)($data['email'] ?? ''))); +$userIdHint = isset($data['user_id']) ? (int)$data['user_id'] : 0; +$credits = (int)($data['credits'] ?? 25); +$source = (string)($data['source'] ?? 'survey'); + +if ($credits < 1 || $credits > 100) { + dbnToolsError('Credits out of range.', 400, 'bad_credits'); +} +if ($email === '' && $userIdHint <= 0) { + dbnToolsError('Need email or user_id.', 400, 'missing_user'); +} + +$db = dbnmDb(); + +// Resolve user_id from hint or email +$userId = $userIdHint; +if ($userId <= 0 && $email !== '') { + $stmt = $db->prepare('SELECT id FROM users WHERE LOWER(email) = ? LIMIT 1'); + $stmt->execute([$email]); + $userId = (int)($stmt->fetchColumn() ?: 0); +} + +if ($userId <= 0) { + // No account yet — that's fine, dobetternorge.no will magic-link them; we'll award on next login. + dbnToolsRespond([ + 'ok' => true, + 'awarded' => false, + 'pending' => true, + 'message' => 'User not yet registered — will award on first login.', + ]); +} + +// Idempotency: don't double-award +if (FreeTier::hasCompletedSurvey($userId)) { + dbnToolsRespond([ + 'ok' => true, + 'awarded' => false, + 'reason' => 'already_completed', + 'balance' => FreeTier::balance($userId), + ]); +} + +FreeTier::ensureRow($userId); +$newBalance = FreeTier::awardBonus($userId, $credits, $source); +FreeTier::markSurveyCompleted($userId); + +dbnToolsRespond([ + 'ok' => true, + 'awarded' => true, + 'credits' => $credits, + 'balance' => $newBalance, + 'user_id' => $userId, +]); diff --git a/api/case/delete.php b/api/case/delete.php new file mode 100644 index 0000000..606c873 --- /dev/null +++ b/api/case/delete.php @@ -0,0 +1,26 @@ + true, 'doc_id' => $docId]); diff --git a/api/case/ingest-callback.php b/api/case/ingest-callback.php new file mode 100644 index 0000000..ee7a6fd --- /dev/null +++ b/api/case/ingest-callback.php @@ -0,0 +1,73 @@ + 300) { + dbnToolsError('Bad intersite auth.', 401, 'bad_auth'); +} + +$raw = file_get_contents('php://input'); +if (!is_string($raw) || $raw === '') { + dbnToolsError('Empty body.', 400, 'empty'); +} +if (!hash_equals(hash_hmac('sha256', $ts . '.' . $raw, $secret), $sig)) { + dbnToolsError('Bad signature.', 401, 'bad_sig'); +} + +$data = json_decode($raw, true); +if (!is_array($data)) { + dbnToolsError('Invalid JSON.', 400, 'invalid_json'); +} + +$docId = (int)($data['doc_id'] ?? 0); +$status = (string)($data['status'] ?? 'failed'); +$pageCount = isset($data['page_count']) ? (int)$data['page_count'] : null; +$docType = isset($data['doc_type']) ? (string)$data['doc_type'] : null; +$detectedDate = isset($data['detected_date']) ? (string)$data['detected_date'] : null; +$parties = $data['parties'] ?? null; +$errorMsg = isset($data['error_msg']) ? (string)$data['error_msg'] : null; + +if ($docId <= 0) { + dbnToolsError('doc_id required.', 400, 'bad_input'); +} + +$db = dbnmDb(); +$db->prepare( + 'UPDATE case_documents + SET ocr_status = ?, + page_count = COALESCE(?, page_count), + doc_type = COALESCE(?, doc_type), + detected_date = COALESCE(?, detected_date), + parties = COALESCE(?, parties), + ocr_error = COALESCE(?, ocr_error), + indexed_at = CASE WHEN ? = "ready" THEN NOW() ELSE indexed_at END + WHERE id = ?' +)->execute([ + $status, + $pageCount, + $docType, + $detectedDate, + $parties !== null ? json_encode($parties, JSON_UNESCAPED_UNICODE) : null, + $errorMsg, + $status, + $docId, +]); + +dbnToolsRespond(['ok' => true]); diff --git a/api/case/list.php b/api/case/list.php new file mode 100644 index 0000000..65e19be --- /dev/null +++ b/api/case/list.php @@ -0,0 +1,18 @@ + true, + 'docs' => CaseStore::listDocs($userId), +]); diff --git a/api/case/upload.php b/api/case/upload.php new file mode 100644 index 0000000..463d436 --- /dev/null +++ b/api/case/upload.php @@ -0,0 +1,50 @@ + 25 * 1024 * 1024) { + dbnToolsError('Filen må være mellom 1 byte og 25 MB.', 413, 'bad_size'); +} + +// Validate it's actually a PDF (magic number check) +$fh = @fopen($tmp, 'rb'); +if ($fh === false) { + dbnToolsError('Kunne ikke lese filen.', 500, 'read_fail'); +} +$head = (string)fread($fh, 5); +fclose($fh); +if (strncmp($head, '%PDF-', 5) !== 0) { + dbnToolsError('Filen er ikke en gyldig PDF.', 415, 'not_pdf'); +} + +try { + $doc = CaseStore::registerUpload($userId, $name, $tmp, $size); + CaseStore::caseEnqueueIngest((int)$doc['doc_id'], $userId); + dbnToolsRespond([ + 'ok' => true, + 'doc_id' => $doc['doc_id'], + 'filename' => $doc['filename'], + ]); +} catch (Throwable $e) { + dbnToolsError($e->getMessage(), 400, 'upload_failed'); +} diff --git a/api/korrespond.php b/api/korrespond.php index 1d3a81f..056235f 100644 --- a/api/korrespond.php +++ b/api/korrespond.php @@ -78,6 +78,7 @@ try { $input['deadlines'] ))), 0, 6) : [], 'clarifications' => is_array($input['clarifications'] ?? null) ? $input['clarifications'] : [], + 'use_my_case' => !empty($input['use_my_case']), ]; $forceDraft = !empty($input['force_draft']); diff --git a/api/stripe-checkout.php b/api/stripe-checkout.php new file mode 100644 index 0000000..a00d6ff --- /dev/null +++ b/api/stripe-checkout.php @@ -0,0 +1,77 @@ +ensureCustomer($email, $userId); + + $baseUrl = (dbnToolsIsHttps() ? 'https://' : 'http://') . ($_SERVER['HTTP_HOST'] ?? 'tools.dobetternorge.no'); + $successUrl = $baseUrl . '/billing.php?status=success&session_id={CHECKOUT_SESSION_ID}'; + $cancelUrl = $baseUrl . '/pricing.php?status=canceled'; + + $isSub = in_array($sku, $validSubscriptions, true); + + $params = [ + 'mode' => $isSub ? 'subscription' : 'payment', + 'customer' => $customerId, + 'success_url' => $successUrl, + 'cancel_url' => $cancelUrl, + 'line_items' => [[ + 'price' => StripeClient::priceId($sku), + 'quantity' => 1, + ]], + 'metadata' => [ + 'user_id' => (string)$userId, + 'sku' => $sku, + ], + 'allow_promotion_codes' => true, + 'billing_address_collection' => 'auto', + 'locale' => 'auto', + 'automatic_tax' => ['enabled' => false], + ]; + + if ($isSub) { + $params['subscription_data'] = [ + 'metadata' => ['user_id' => (string)$userId, 'tier' => $sku], + ]; + } else { + $params['payment_intent_data'] = [ + 'metadata' => ['user_id' => (string)$userId, 'sku' => $sku, 'credits' => (string)StripeClient::topupCredits($sku)], + ]; + } + + $session = $stripe->createCheckoutSession($params); + $url = (string)($session['url'] ?? ''); + if ($url === '') { + dbnToolsError('Stripe did not return a checkout URL.', 502, 'stripe_no_url'); + } + + dbnToolsRespond(['ok' => true, 'url' => $url, 'session_id' => (string)($session['id'] ?? '')]); +} catch (Throwable $e) { + error_log('[stripe-checkout] ' . $e->getMessage()); + dbnToolsError('Could not start checkout: ' . $e->getMessage(), 500, 'stripe_failed'); +} diff --git a/api/stripe-portal.php b/api/stripe-portal.php new file mode 100644 index 0000000..d9a5e29 --- /dev/null +++ b/api/stripe-portal.php @@ -0,0 +1,36 @@ +createPortalSession($customerId, $baseUrl . '/billing.php'); + $url = (string)($session['url'] ?? ''); + if ($url === '') { + dbnToolsError('Stripe did not return a portal URL.', 502, 'stripe_no_url'); + } + dbnToolsRespond(['ok' => true, 'url' => $url]); +} catch (Throwable $e) { + error_log('[stripe-portal] ' . $e->getMessage()); + dbnToolsError('Could not open billing portal: ' . $e->getMessage(), 500, 'stripe_failed'); +} diff --git a/api/stripe-webhook.php b/api/stripe-webhook.php new file mode 100644 index 0000000..65bf210 --- /dev/null +++ b/api/stripe-webhook.php @@ -0,0 +1,224 @@ +prepare('SELECT 1 FROM stripe_events WHERE stripe_event_id = ? LIMIT 1'); +$check->execute([$eventId]); +if ($check->fetchColumn()) { + http_response_code(200); + echo 'Already processed'; + exit; +} + +try { + $db->prepare('INSERT INTO stripe_events (stripe_event_id, type, payload, processed_at) VALUES (?, ?, ?, NOW())') + ->execute([$eventId, $type, json_encode($event, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)]); + + switch ($type) { + case 'checkout.session.completed': + handleCheckoutCompleted($db, $object); + break; + + case 'customer.subscription.created': + case 'customer.subscription.updated': + handleSubscriptionChange($db, $object); + break; + + case 'customer.subscription.deleted': + handleSubscriptionDeleted($db, $object); + break; + + case 'invoice.paid': + handleInvoicePaid($db, $object); + break; + + case 'invoice.payment_failed': + handleInvoiceFailed($db, $object); + break; + + default: + // Unhandled event types are fine — Stripe just needs a 2xx response. + break; + } + http_response_code(200); + echo 'OK'; +} catch (Throwable $e) { + error_log('[stripe-webhook] handler error: ' . $e->getMessage()); + // Return 500 so Stripe retries — but the stripe_events row already exists, so a retry will be idempotent-skipped. + // To re-process: delete the row before retry. + http_response_code(500); + echo 'Handler failure'; +} + +// ── Handlers ──────────────────────────────────────────────────────────────── + +function handleCheckoutCompleted(PDO $db, array $session): void +{ + $mode = (string)($session['mode'] ?? ''); + $metadata = (array)($session['metadata'] ?? []); + $userId = (int)($metadata['user_id'] ?? 0); + if ($userId <= 0) { + error_log('[stripe-webhook] checkout.session.completed missing user_id metadata'); + return; + } + // Store Stripe customer ID for portal access later. + $customerId = (string)($session['customer'] ?? ''); + if ($customerId !== '') { + $db->prepare('UPDATE user_tool_credits SET stripe_customer_id = ? WHERE user_id = ? AND (stripe_customer_id IS NULL OR stripe_customer_id = "")') + ->execute([$customerId, $userId]); + } + + if ($mode === 'payment') { + // One-time topup — grant credits immediately. + $sku = (string)($metadata['sku'] ?? ''); + $credits = StripeClient::topupCredits($sku); + if ($credits > 0) { + FreeTier::awardBonus($userId, $credits, 'topup:' . $sku); + } + } + // For mode='subscription', subscription.created will fire and update the tier. +} + +function handleSubscriptionChange(PDO $db, array $sub): void +{ + $subId = (string)($sub['id'] ?? ''); + $status = (string)($sub['status'] ?? ''); + $customerId = (string)($sub['customer'] ?? ''); + $items = (array)($sub['items']['data'] ?? []); + $priceId = (string)($items[0]['price']['id'] ?? ''); + $tier = StripeClient::tierForPrice($priceId); + if ($tier === null) { + error_log('[stripe-webhook] unknown price_id on subscription: ' . $priceId); + return; + } + $metadata = (array)($sub['metadata'] ?? []); + $userId = (int)($metadata['user_id'] ?? 0); + if ($userId <= 0) { + // Fallback: look up by stripe_customer_id + $stmt = $db->prepare('SELECT user_id FROM user_tool_credits WHERE stripe_customer_id = ? LIMIT 1'); + $stmt->execute([$customerId]); + $userId = (int)($stmt->fetchColumn() ?: 0); + } + if ($userId <= 0) { + error_log('[stripe-webhook] subscription.* could not resolve user_id (sub=' . $subId . ', customer=' . $customerId . ')'); + return; + } + + $periodEndTs = (int)($sub['current_period_end'] ?? 0); + $periodStartTs = (int)($sub['current_period_start'] ?? 0); + $periodEndIso = $periodEndTs > 0 ? gmdate('Y-m-d H:i:s', $periodEndTs) : null; + $periodStartIso = $periodStartTs > 0 ? gmdate('Y-m-d H:i:s', $periodStartTs) : null; + + // Upsert subscription ledger + $db->prepare( + 'INSERT INTO user_subscriptions + (user_id, stripe_customer_id, stripe_subscription_id, tier, status, current_period_start, current_period_end) + VALUES (?, ?, ?, ?, ?, ?, ?) + ON DUPLICATE KEY UPDATE + status = VALUES(status), + tier = VALUES(tier), + current_period_start = VALUES(current_period_start), + current_period_end = VALUES(current_period_end), + stripe_customer_id = VALUES(stripe_customer_id)' + )->execute([$userId, $customerId, $subId, $tier, $status, $periodStartIso, $periodEndIso]); + + // Only flip the live tier flag if subscription is active/trialing. + if (in_array($status, ['active', 'trialing'], true)) { + FreeTier::setTier($userId, $tier, $customerId, $subId, $periodEndIso); + } elseif (in_array($status, ['canceled', 'unpaid', 'incomplete_expired'], true)) { + FreeTier::clearTier($userId); + } +} + +function handleSubscriptionDeleted(PDO $db, array $sub): void +{ + $subId = (string)($sub['id'] ?? ''); + $customerId = (string)($sub['customer'] ?? ''); + $stmt = $db->prepare('SELECT user_id FROM user_subscriptions WHERE stripe_subscription_id = ? LIMIT 1'); + $stmt->execute([$subId]); + $userId = (int)($stmt->fetchColumn() ?: 0); + if ($userId <= 0 && $customerId !== '') { + $stmt = $db->prepare('SELECT user_id FROM user_tool_credits WHERE stripe_customer_id = ? LIMIT 1'); + $stmt->execute([$customerId]); + $userId = (int)($stmt->fetchColumn() ?: 0); + } + if ($userId > 0) { + $db->prepare('UPDATE user_subscriptions SET status = ? WHERE stripe_subscription_id = ?') + ->execute(['canceled', $subId]); + FreeTier::clearTier($userId); + } +} + +function handleInvoicePaid(PDO $db, array $invoice): void +{ + $subId = (string)($invoice['subscription'] ?? ''); + if ($subId === '') return; + $stmt = $db->prepare('SELECT user_id, tier FROM user_subscriptions WHERE stripe_subscription_id = ? LIMIT 1'); + $stmt->execute([$subId]); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if (!$row) return; + + $userId = (int)$row['user_id']; + $tier = (string)$row['tier']; + $periodEndTs = (int)($invoice['lines']['data'][0]['period']['end'] ?? 0); + $periodEndIso = $periodEndTs > 0 ? gmdate('Y-m-d H:i:s', $periodEndTs) : null; + + FreeTier::refillForRenewal($userId, $tier, $periodEndIso); +} + +function handleInvoiceFailed(PDO $db, array $invoice): void +{ + $subId = (string)($invoice['subscription'] ?? ''); + if ($subId === '') return; + $db->prepare('UPDATE user_subscriptions SET status = ? WHERE stripe_subscription_id = ?') + ->execute(['past_due', $subId]); + // Don't downgrade yet — Stripe will retry. subscription.updated will fire if it fully fails. +} diff --git a/assets/js/korrespond.js b/assets/js/korrespond.js index 80b9a1f..166d6e0 100644 --- a/assets/js/korrespond.js +++ b/assets/js/korrespond.js @@ -576,7 +576,7 @@ ${(data.legal_check && data.legal_check.length) ? `
-

⚖ Legal threshold check (dbn-legal-agent-v2)

+

⚖ Legal threshold check (dbn-legal-agent-v3)

${data.legal_check.map((f) => `
@@ -701,7 +701,7 @@ ${(data.legal_check && data.legal_check.length) ? `
-

⚖ Legal threshold check (dbn-legal-agent-v2)

+

⚖ Legal threshold check (dbn-legal-agent-v3)

${data.legal_check.map((f) => `
diff --git a/assets/js/workbench.js b/assets/js/workbench.js index f297bf2..de4bfad 100644 --- a/assets/js/workbench.js +++ b/assets/js/workbench.js @@ -171,3 +171,116 @@ list.innerHTML = '

' + t('error') + '

'; }); }()); + +// ── Upload zone ─────────────────────────────────────────────────────────────── +(function () { + 'use strict'; + + var zone = document.getElementById('wbUploadZone'); + var input = document.getElementById('wbUploadInput'); + var status = document.getElementById('wbUploadStatus'); + var list = document.getElementById('myDocsList'); + if (!zone || !input) return; + + var lang = (window.DBN_TOOLS_LANG || 'en'); + var statusTimer = 0; + + var i18n = { + uploading: { en: 'Uploading…', no: 'Laster opp…', uk: 'Завантаження…', pl: 'Przesyłanie…' }, + saved: { en: 'Saved.', no: 'Lagret.', uk: 'Збережено.', pl: 'Zapisano.' }, + error: { en: 'Upload failed.', no: 'Opplasting mislyktes.', uk: 'Помилка завантаження.', pl: 'Błąd przesyłania.' }, + remove: { en: 'Remove', no: 'Fjern', uk: 'Видалити', pl: 'Usuń' }, + empty: { en: 'No documents yet.', no: 'Ingen dokumenter ennå.', uk: 'Документів ще немає.', pl: 'Brak dokumentów.' }, + }; + + function t(key) { + return (i18n[key] && i18n[key][lang]) || (i18n[key] && i18n[key]['en']) || key; + } + + function esc(str) { + return String(str).replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"'); + } + + function setStatus(msg, keep) { + if (!status) return; + status.textContent = msg; + window.clearTimeout(statusTimer); + if (!keep) { + statusTimer = window.setTimeout(function () { status.textContent = ''; }, 2400); + } + } + + function prependDoc(doc) { + if (!list) return; + var empty = list.querySelector('.workbench-docs__empty, .workbench-docs__loading'); + if (empty) empty.remove(); + + var el = document.createElement('div'); + el.className = 'workbench-docs__item'; + el.setAttribute('role', 'listitem'); + el.setAttribute('data-doc-id', doc.doc_id); + el.innerHTML = '📄' + + '' + esc(doc.filename) + '' + + '' + esc(new Date(doc.created_at).toLocaleDateString()) + ' · workbench' + + ''; + + el.querySelector('.workbench-docs__remove').addEventListener('click', function () { + var btn = this; + btn.disabled = true; + fetch('/api/user-docs.php?id=' + encodeURIComponent(doc.doc_id), { method: 'DELETE', credentials: 'include' }) + .then(function () { + var item = list.querySelector('[data-doc-id="' + doc.doc_id + '"]'); + if (item) item.remove(); + if (!list.querySelector('.workbench-docs__item')) { + list.innerHTML = '

' + t('empty') + '

'; + } + }) + .catch(function () { btn.disabled = false; }); + }); + + list.insertBefore(el, list.firstChild); + } + + function uploadFile(file) { + var fd = new FormData(); + fd.append('file', file); + setStatus(t('uploading'), true); + return fetch('/api/user-docs.php', { method: 'POST', credentials: 'include', body: fd }) + .then(function (r) { return r.json(); }) + .then(function (data) { + if (data.ok && data.doc) { + prependDoc(data.doc); + setStatus(t('saved')); + } else { + setStatus((data.error || t('error'))); + } + }) + .catch(function () { setStatus(t('error')); }); + } + + function handleFiles(files) { + if (!files || !files.length) return; + var chain = Promise.resolve(); + Array.prototype.forEach.call(files, function (file) { + chain = chain.then(function () { return uploadFile(file); }); + }); + } + + zone.addEventListener('dragover', function (e) { + e.preventDefault(); + zone.classList.add('is-drag-over'); + }); + zone.addEventListener('dragleave', function () { + zone.classList.remove('is-drag-over'); + }); + zone.addEventListener('drop', function (e) { + e.preventDefault(); + zone.classList.remove('is-drag-over'); + handleFiles(e.dataTransfer.files); + }); + + input.addEventListener('change', function () { + handleFiles(input.files); + input.value = ''; + }); +}()); diff --git a/barnevernet.php b/barnevernet.php index 91902f1..df80d00 100644 --- a/barnevernet.php +++ b/barnevernet.php @@ -41,8 +41,9 @@ require_once __DIR__ . '/includes/layout.php'; +
-

Engine applies to the final advocacy synthesis only. Document classification, party extraction, and timeline are always fast (azure-mini).

+

Engine applies to the final advocacy synthesis only. Norwegian specialist v3 is the recommended choice for Barnevernet documents — it is fine-tuned on § 4-25, Strand Lobben, forvaltningsloven § 17/§ 41, and procedural red-flag detection. Classification, party extraction, and timeline always use azure-mini.

Corpus slices

diff --git a/billing.php b/billing.php new file mode 100644 index 0000000..d7153e8 --- /dev/null +++ b/billing.php @@ -0,0 +1,210 @@ + 0 ? FreeTier::balanceDetail($userId) : [ + 'balance' => 0, 'bonus_balance' => 0, 'tier' => 'caveau', + 'storage_used_bytes' => 0, 'storage_quota_bytes' => 0, + 'survey_completed_at' => null, 'subscription_period_end' => null, +]; + +$tier = (string)$detail['tier']; +$effective = (int)$detail['balance'] + (int)$detail['bonus_balance']; +$storageMb = round($detail['storage_used_bytes'] / 1048576, 1); +$quotaMb = $detail['storage_quota_bytes'] > 0 ? round($detail['storage_quota_bytes'] / 1048576, 0) : 0; +$storagePct = $quotaMb > 0 ? min(100, round(($storageMb / $quotaMb) * 100)) : 0; + +$tierLabels = [ + 'free' => 'Gratis', + 'light' => 'Light', + 'pro' => 'Pro', + 'pro_plus' => 'Pro+ Familie', + 'caveau' => 'CaveauAI', +]; + +// Recent usage +$db = dbnmDb(); +$stmt = $db->prepare( + 'SELECT tool, credits_used, created_at FROM user_tool_usage_log + WHERE user_id = ? ORDER BY created_at DESC LIMIT 25' +); +$stmt->execute([$userId]); +$recent = $stmt->fetchAll(PDO::FETCH_ASSOC); + +$status = (string)($_GET['status'] ?? ''); +?> + + + + + + Konto & fakturering — tools.dobetternorge.no + + + + + + + + +
+

Konto & fakturering

+

· Tilbake til dashbordet

+ + +

Betalingen er bekreftet. Hvis du nettopp abonnerte, kan det ta noen sekunder før kontoen oppdateres.

+ + +
+
+

Nåværende plan

+

+ +

+ +

Fornyes

+ +

Ingen aktiv abonnement. Se planer

+ +
+ + + + Se alle planer +
+
+ +
+

Tilgjengelige kreditter

+

+

+ månedlige · bonus +

+ +

✓ Pro+ har ubegrenset bruk (50 kall/time)

+ +
+ + +
+

Sak-lagring

+

MB / MB

+
+

Gå til Min Sak

+
+ +
+

Min Sak

+

Last opp dine egne dokumenter — alle verktøyene kan deretter referere til din private sak.

+ Oppgrader for å bygge sak +
+ + +
+

Bonus-kreditter (undersøkelse)

+ +

✓ Du har allerede mottatt 25 bonuskreditter for å fylle ut undersøkelsen.

+ +

Svar på 5 korte spørsmål om dine behov og motta 25 bonus-kreditter — utløper aldri.

+ Ta undersøkelsen + +
+
+ +
+

Nylig bruk (siste 25)

+ +

Ingen bruk registrert ennå.

+ + + + + + + + + + + + + +
Verktøy / hendelseKreditterTidspunkt
+ +
+
+ + + + diff --git a/dashboard.php b/dashboard.php index face732..675d5b7 100644 --- a/dashboard.php +++ b/dashboard.php @@ -2,6 +2,7 @@ declare(strict_types=1); require_once __DIR__ . '/includes/bootstrap.php'; +require_once __DIR__ . '/includes/FreeTier.php'; if (!dbnToolsIsAuthenticated()) { header('Location: /?return=' . urlencode($_SERVER['REQUEST_URI'] ?? '/dashboard.php')); @@ -13,6 +14,19 @@ $tools = dbnToolsLaunchedTools($uiLang); $workbench = dbnToolsWorkbenchMeta($uiLang); $langPath = '/dashboard.php'; +// Tier + balance for SSO users (CaveauAI sessions get no panel) +$dashIsSso = dbnToolsIsFreeTier(); +$dashTier = $dashIsSso ? FreeTier::tier((int)$_SESSION['dbn_tools_sso_uid']) : 'caveau'; +$dashDetail = $dashIsSso ? FreeTier::balanceDetail((int)$_SESSION['dbn_tools_sso_uid']) : null; +$tierLabels = [ + 'free' => ['Gratis', '#f3f4f6', '#374151'], + 'light' => ['Light', '#ddd6fe', '#5b21b6'], + 'pro' => ['Pro', '#bfdbfe', '#1e40af'], + 'pro_plus' => ['Pro+ Familie', '#fde68a', '#92400e'], +]; +$tierLabel = $tierLabels[$dashTier] ?? ['CaveauAI', '#d1fae5', '#065f46']; +$showSurveyCta = $dashIsSso && empty($dashDetail['survey_completed_at']); + require_once __DIR__ . '/includes/tool-svgs.php'; ?> @@ -53,10 +67,54 @@ window.DBN_TOOLS_LANG = ; + + + + +
+ +
+
+

Tilgjengelige kreditter

+

+ + +

+

månedlige · bonus · Detaljer

+
+ + +

Min sak

+

Bygg din egen sak →

+ 0 ? round($used / 1048576, 1) : 0; + $quotaMb = $quota > 0 ? round($quota / 1048576, 0) : 0; + ?> +

MB / MB brukt

+ + + +

Bygg din egen sak

+

Last opp dokumenter →

+

Tilgjengelig fra Light €9/mo

+ + + + +

Tjen 25 ekstra kreditter

+

Ta vår 5-spørsmåls undersøkelse →

+

Ingen salgspitch — bare research

+ + +
+ +

diff --git a/deep-research.php b/deep-research.php index 79499f4..e9eb2eb 100644 --- a/deep-research.php +++ b/deep-research.php @@ -21,8 +21,9 @@ require_once __DIR__ . '/includes/layout.php'; +
-

Azure mini is the default and finishes fastest. Azure full is the most thorough but can take 1-3 minutes. GPU keeps everything inside the BNL fleet. Live progress shown in the right-hand reasoning panel.

+

Azure mini is the default and finishes fastest. Azure full is the most thorough. Norwegian specialist v3 is a Qwen2.5 fine-tune optimised for barnevernsloven, ECHR, and forvaltningsloven — best for cases involving § 4-25, Strand Lobben, or procedural challenges.

Corpus slices

diff --git a/discrepancy.php b/discrepancy.php index 1452a18..cadaebd 100644 --- a/discrepancy.php +++ b/discrepancy.php @@ -60,8 +60,9 @@ require_once __DIR__ . '/includes/layout.php'; +
-

Engine applies to the final synthesis only. Document classification, party extraction, timelines, and cross-referencing always use azure-mini.

+

Engine applies to the final synthesis only. Norwegian specialist v3 excels at identifying legally significant discrepancies in Barnevernet documents — procedural violations, threshold errors, and missing statutory justifications. Classification, party extraction, timelines, and cross-referencing always use azure-mini.

Corpus slices (used for legal significance context) diff --git a/includes/AzureDocIntelligence.php b/includes/AzureDocIntelligence.php new file mode 100644 index 0000000..2b29273 --- /dev/null +++ b/includes/AzureDocIntelligence.php @@ -0,0 +1,119 @@ +endpoint = rtrim($endpoint ?? ($cfg['endpoint'] ?? ''), '/'); + $this->key = $key ?? ($cfg['key'] ?? ''); + if ($this->endpoint === '' || $this->key === '') { + throw new RuntimeException('AzureDocIntelligence: endpoint or key not configured.'); + } + } + + private static function loadConfig(): array + { + $path = '/etc/bnl/azure.php'; + if (is_readable($path)) { + $cfg = require $path; + return [ + 'endpoint' => (string)($cfg['DOC_INTELLIGENCE_ENDPOINT'] ?? ''), + 'key' => (string)($cfg['DOC_INTELLIGENCE_KEY'] ?? ''), + ]; + } + return [ + 'endpoint' => (string)(getenv('AZURE_DOC_INTELLIGENCE_ENDPOINT') ?: ''), + 'key' => (string)(getenv('AZURE_DOC_INTELLIGENCE_KEY') ?: ''), + ]; + } + + /** + * OCR a local PDF file using the prebuilt-read model. + * Returns: ['content' => string, 'pages' => array, 'languages' => array] + */ + public function readPdf(string $localPath, int $pollTimeoutSeconds = 120): array + { + if (!is_readable($localPath)) { + throw new InvalidArgumentException("Unreadable file: {$localPath}"); + } + $url = $this->endpoint . '/documentintelligence/documentModels/prebuilt-read:analyze?api-version=2024-11-30'; + $body = file_get_contents($localPath); + + $ch = curl_init(); + curl_setopt_array($ch, [ + CURLOPT_URL => $url, + CURLOPT_POST => true, + CURLOPT_POSTFIELDS => $body, + CURLOPT_HTTPHEADER => [ + 'Content-Type: application/pdf', + 'Ocp-Apim-Subscription-Key: ' . $this->key, + ], + CURLOPT_RETURNTRANSFER => true, + CURLOPT_HEADER => true, + CURLOPT_TIMEOUT => 60, + ]); + $response = curl_exec($ch); + $headerSize = (int)curl_getinfo($ch, CURLINFO_HEADER_SIZE); + $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + curl_close($ch); + + if ($status !== 202 || !is_string($response)) { + throw new RuntimeException("DocIntelligence analyze failed: HTTP {$status}"); + } + $headers = substr($response, 0, $headerSize); + if (!preg_match('/Operation-Location:\s*(.+?)\r?\n/i', $headers, $m)) { + throw new RuntimeException('DocIntelligence: missing Operation-Location header.'); + } + $pollUrl = trim($m[1]); + + $deadline = time() + $pollTimeoutSeconds; + while (time() < $deadline) { + usleep(1500_000); + $pollCh = curl_init(); + curl_setopt_array($pollCh, [ + CURLOPT_URL => $pollUrl, + CURLOPT_HTTPHEADER => ['Ocp-Apim-Subscription-Key: ' . $this->key], + CURLOPT_RETURNTRANSFER => true, + CURLOPT_TIMEOUT => 30, + ]); + $pollResp = curl_exec($pollCh); + $pollStatus = (int)curl_getinfo($pollCh, CURLINFO_RESPONSE_CODE); + curl_close($pollCh); + if ($pollStatus !== 200 || !is_string($pollResp)) { + throw new RuntimeException("DocIntelligence poll failed: HTTP {$pollStatus}"); + } + $data = json_decode($pollResp, true); + $st = (string)($data['status'] ?? ''); + if ($st === 'succeeded') { + $result = $data['analyzeResult'] ?? []; + return [ + 'content' => (string)($result['content'] ?? ''), + 'pages' => $result['pages'] ?? [], + 'languages' => $result['languages'] ?? [], + 'page_count' => count($result['pages'] ?? []), + ]; + } + if ($st === 'failed') { + $err = $data['error']['message'] ?? 'unknown'; + throw new RuntimeException("DocIntelligence analysis failed: {$err}"); + } + // 'running' or 'notStarted' — continue polling + } + throw new RuntimeException("DocIntelligence poll timeout after {$pollTimeoutSeconds}s."); + } +} diff --git a/includes/AzureSearchAdmin.php b/includes/AzureSearchAdmin.php new file mode 100644 index 0000000..e617dac --- /dev/null +++ b/includes/AzureSearchAdmin.php @@ -0,0 +1,204 @@ +endpoint = rtrim($endpoint ?? ($cfg['endpoint'] ?? ''), '/'); + $this->adminKey = $adminKey ?? ($cfg['admin_key'] ?? ''); + if ($this->endpoint === '' || $this->adminKey === '') { + throw new RuntimeException('AzureSearchAdmin: endpoint or admin key not configured.'); + } + } + + private static function loadConfig(): array + { + $path = '/etc/bnl/azure.php'; + if (is_readable($path)) { + $cfg = require $path; + return [ + 'endpoint' => (string)($cfg['SEARCH_ENDPOINT'] ?? 'https://bnl-legal-search.search.windows.net'), + 'admin_key' => (string)($cfg['SEARCH_ADMIN_KEY'] ?? ''), + ]; + } + return [ + 'endpoint' => (string)(getenv('AZURE_SEARCH_ENDPOINT') ?: 'https://bnl-legal-search.search.windows.net'), + 'admin_key' => (string)(getenv('AZURE_SEARCH_ADMIN_KEY') ?: ''), + ]; + } + + public static function indexName(int $userId): string + { + return 'case-' . $userId; + } + + /** Create the per-user index if it does not exist. Idempotent. */ + public function ensureUserIndex(int $userId): string + { + $name = self::indexName($userId); + if ($this->indexExists($name)) { + return $name; + } + $body = [ + 'name' => $name, + 'fields' => [ + ['name' => 'id', 'type' => 'Edm.String', 'key' => true, 'filterable' => true], + ['name' => 'doc_id', 'type' => 'Edm.Int32', 'filterable' => true, 'facetable' => true], + ['name' => 'user_id', 'type' => 'Edm.Int32', 'filterable' => true], + ['name' => 'filename', 'type' => 'Edm.String', 'filterable' => true, 'sortable' => true, 'searchable' => true, 'analyzer' => 'standard.lucene'], + ['name' => 'page', 'type' => 'Edm.Int32', 'filterable' => true, 'sortable' => true], + ['name' => 'chunk_text', 'type' => 'Edm.String', 'searchable' => true, 'analyzer' => 'nb.microsoft'], + ['name' => 'doc_type', 'type' => 'Edm.String', 'filterable' => true, 'facetable' => true], + ['name' => 'detected_date', 'type' => 'Edm.DateTimeOffset', 'filterable' => true, 'sortable' => true], + [ + 'name' => 'vector', + 'type' => 'Collection(Edm.Single)', + 'searchable' => true, + 'dimensions' => 1536, + 'vectorSearchProfile' => 'caseVectorProfile', + ], + ], + 'vectorSearch' => [ + 'algorithms' => [[ + 'name' => 'caseHnsw', + 'kind' => 'hnsw', + 'hnswParameters' => ['m' => 4, 'efConstruction' => 400, 'efSearch' => 500, 'metric' => 'cosine'], + ]], + 'profiles' => [['name' => 'caseVectorProfile', 'algorithm' => 'caseHnsw']], + ], + 'semantic' => [ + 'configurations' => [[ + 'name' => 'caseSemantic', + 'prioritizedFields' => [ + 'contentFields' => [['fieldName' => 'chunk_text']], + 'titleField' => ['fieldName' => 'filename'], + ], + ]], + ], + ]; + $this->request('PUT', '/indexes/' . rawurlencode($name) . '?api-version=' . self::API_VERSION, $body); + return $name; + } + + public function indexExists(string $name): bool + { + $code = $this->request('GET', '/indexes/' . rawurlencode($name) . '?api-version=' . self::API_VERSION, null, true); + return $code === 200; + } + + /** Upsert a batch of documents (chunks) into the user's index. */ + public function upsertChunks(int $userId, array $chunks): void + { + if (empty($chunks)) return; + $name = self::indexName($userId); + $body = [ + 'value' => array_map(fn($c) => array_merge(['@search.action' => 'mergeOrUpload'], $c), $chunks), + ]; + $this->request('POST', '/indexes/' . rawurlencode($name) . '/docs/index?api-version=' . self::API_VERSION, $body); + } + + /** Delete all chunks for a given doc_id (used on document deletion). */ + public function deleteDoc(int $userId, int $docId): void + { + $name = self::indexName($userId); + // First search to get all chunk ids for this doc + $resp = $this->request('POST', '/indexes/' . rawurlencode($name) . '/docs/search?api-version=' . self::API_VERSION, [ + 'search' => '*', + 'filter' => 'doc_id eq ' . $docId, + 'select' => 'id', + 'top' => 1000, + ]); + $ids = array_map(fn($v) => $v['id'] ?? null, $resp['value'] ?? []); + $ids = array_filter($ids); + if (empty($ids)) return; + + $body = [ + 'value' => array_map(fn($id) => ['@search.action' => 'delete', 'id' => $id], array_values($ids)), + ]; + $this->request('POST', '/indexes/' . rawurlencode($name) . '/docs/index?api-version=' . self::API_VERSION, $body); + } + + /** Delete the entire index (account deletion / GDPR). */ + public function deleteIndex(int $userId): void + { + $name = self::indexName($userId); + $this->request('DELETE', '/indexes/' . rawurlencode($name) . '?api-version=' . self::API_VERSION, null, true); + } + + /** + * Hybrid search: BM25 (Norwegian analyzer) + vector + semantic ranker. + * Returns ['value' => [{id, doc_id, filename, page, chunk_text, @search.score, @search.rerankerScore}, ...]] + */ + public function hybridSearch(int $userId, string $query, array $queryVector, int $k = 5): array + { + $name = self::indexName($userId); + $body = [ + 'search' => $query, + 'queryType' => 'semantic', + 'semanticConfiguration' => 'caseSemantic', + 'searchFields' => 'chunk_text,filename', + 'select' => 'id,doc_id,filename,page,chunk_text,doc_type,detected_date', + 'top' => $k, + 'vectorQueries' => [[ + 'kind' => 'vector', + 'vector' => $queryVector, + 'k' => $k, + 'fields' => 'vector', + ]], + ]; + return $this->request('POST', '/indexes/' . rawurlencode($name) . '/docs/search?api-version=' . self::API_VERSION, $body); + } + + /** Low-level HTTP. If $returnStatusOnly, returns http code instead of decoded body. */ + private function request(string $method, string $path, ?array $body = null, bool $returnStatusOnly = false) + { + $url = $this->endpoint . $path; + $headers = [ + 'api-key: ' . $this->adminKey, + 'Content-Type: application/json', + ]; + $ch = curl_init(); + curl_setopt_array($ch, [ + CURLOPT_URL => $url, + CURLOPT_CUSTOMREQUEST => strtoupper($method), + CURLOPT_RETURNTRANSFER => true, + CURLOPT_HTTPHEADER => $headers, + CURLOPT_TIMEOUT => 30, + ]); + if ($body !== null) { + curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); + } + $raw = curl_exec($ch); + $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + $errno = curl_errno($ch); + curl_close($ch); + + if ($returnStatusOnly) { + return $status; + } + if ($errno !== 0) { + throw new RuntimeException('AzureSearch curl error: ' . curl_strerror($errno)); + } + if ($status >= 400) { + throw new RuntimeException("AzureSearch HTTP {$status}: " . substr((string)$raw, 0, 300)); + } + $decoded = json_decode((string)$raw, true); + return is_array($decoded) ? $decoded : []; + } +} diff --git a/includes/BvjAnalyzerAgent.php b/includes/BvjAnalyzerAgent.php index db707c1..c7fbd82 100644 --- a/includes/BvjAnalyzerAgent.php +++ b/includes/BvjAnalyzerAgent.php @@ -921,14 +921,18 @@ PROMPT; $opts = ['json' => true, 'temperature' => $temperature, 'max_tokens' => 4500, 'timeout' => 240]; $deployLabel = match ($engine) { - 'gpu' => 'GPU (cuttlefish)', - 'azure_full' => 'gpt-4o', - default => $this->azure->chatDeployment(), + 'gpu' => 'GPU (cuttlefish)', + 'dbn_legal_v3' => 'dbn-legal-agent-v3', + 'azure_full' => 'gpt-4o', + default => $this->azure->chatDeployment(), }; $raw = ''; try { - if ($engine === 'gpu') { + if ($engine === 'dbn_legal_v3') { + $response = dbnToolsCallGpuLlm($messages, array_merge($opts, ['model' => 'dbn-legal-agent-v3', 'timeout' => 180])); + $raw = (string)($response['choices'][0]['message']['content'] ?? ''); + } elseif ($engine === 'gpu') { $response = dbnToolsCallGpuLlm($messages, $opts); $raw = (string)($response['choices'][0]['message']['content'] ?? ''); } elseif ($engine === 'azure_full') { @@ -953,10 +957,9 @@ PROMPT; ]; } - // Step 6b: dbn-legal-agent targeted legal Q&A check (azure engines only; silent on failure) - // Asks one focused question about the document's statutory basis to surface domain knowledge - // that Azure reliably misses (klar nødvendighet threshold, Strand Lobben, fvl §17/§41). - if (in_array($engine, ['azure_mini', 'azure_full'], true)) { + // Step 6b: dbn-legal-agent targeted legal Q&A check (azure + gpu engines only; + // skipped when dbn_legal_v3 is the synthesis engine — it already IS the legal model). + if (in_array($engine, ['azure_mini', 'azure_full', 'gpu'], true)) { $checkFindings = dbnToolsRunLegalCheck( (string)($json['advocacy_brief'] ?? ''), $docType @@ -968,7 +971,7 @@ PROMPT; foreach ($checkFindings as $cf) { $json['procedural_red_flags'][] = $cf; } - $json['check_model'] = 'dbn-legal-agent-v2'; + $json['check_model'] = 'dbn-legal-agent-v3'; } } diff --git a/includes/CaseStore.php b/includes/CaseStore.php new file mode 100644 index 0000000..6a946bd --- /dev/null +++ b/includes/CaseStore.php @@ -0,0 +1,285 @@ +prepare( + 'SELECT owner_user_id FROM case_seats + WHERE member_user_id = ? AND accepted_at IS NOT NULL AND revoked_at IS NULL + LIMIT 1' + ); + $stmt->execute([$userId]); + $ownerId = (int)($stmt->fetchColumn() ?: 0); + return $ownerId > 0 ? $ownerId : $userId; + } + + /** Ensure storage dir + Azure index exist for a user. Idempotent. */ + public static function caseProvisionUser(int $userId): array + { + $rootDir = self::storageRoot() . '/case_' . $userId; + if (!is_dir($rootDir)) { + // 0750: owner rwx, group rx, world none + @mkdir($rootDir, 0750, true); + } + $indexName = ''; + try { + $admin = new AzureSearchAdmin(); + $indexName = $admin->ensureUserIndex($userId); + } catch (Throwable $e) { + error_log('[CaseStore::caseProvisionUser] index create failed: ' . $e->getMessage()); + } + return ['storage_path' => $rootDir, 'index_name' => $indexName]; + } + + /** + * Register an uploaded file in DB and return the doc row. + * Enforces tier-based storage quota. + */ + public static function registerUpload(int $userId, string $filename, string $tempPath, int $sizeBytes): array + { + // Quota check + $detail = FreeTier::balanceDetail($userId); + $quota = (int)$detail['storage_quota_bytes']; + $used = (int)$detail['storage_used_bytes']; + if ($quota === 0) { + throw new RuntimeException('Min Sak er ikke tilgjengelig på gratis-nivå. Oppgrader for å laste opp dokumenter.'); + } + if ($used + $sizeBytes > $quota) { + $remainMb = max(0, ($quota - $used) / 1048576); + throw new RuntimeException(sprintf('Du har %.1f MB lagring igjen, men filen er %.1f MB.', $remainMb, $sizeBytes / 1048576)); + } + + // Provision (idempotent) + $bundle = self::caseProvisionUser($userId); + $dir = $bundle['storage_path']; + + // Sanitize filename + $safeName = preg_replace('/[^A-Za-z0-9._\-]/', '_', $filename); + $safeName = mb_substr((string)$safeName, 0, 100); + + $db = dbnmDb(); + $db->prepare( + 'INSERT INTO case_documents + (user_id, filename, storage_path, size_bytes, ocr_status, qdrant_collection, azure_index_name, uploaded_at) + VALUES (?, ?, ?, ?, ?, ?, ?, NOW())' + )->execute([ + $userId, $safeName, '', $sizeBytes, 'pending', + 'case_user_' . $userId, + AzureSearchAdmin::indexName($userId), + ]); + $docId = (int)$db->lastInsertId(); + + $finalPath = $dir . '/' . $docId . '.pdf'; + if (!@rename($tempPath, $finalPath)) { + // Fallback: copy + unlink + if (!@copy($tempPath, $finalPath)) { + $db->prepare('DELETE FROM case_documents WHERE id = ?')->execute([$docId]); + throw new RuntimeException('Kunne ikke lagre filen på serveren.'); + } + @unlink($tempPath); + } + @chmod($finalPath, 0640); + + // Save final path + bump storage usage + $db->prepare('UPDATE case_documents SET storage_path = ? WHERE id = ?') + ->execute([$finalPath, $docId]); + $db->prepare('UPDATE user_tool_credits SET storage_used_bytes = storage_used_bytes + ? WHERE user_id = ?') + ->execute([$sizeBytes, $userId]); + + return [ + 'doc_id' => $docId, + 'filename' => $safeName, + 'storage_path' => $finalPath, + 'size_bytes' => $sizeBytes, + ]; + } + + /** Notify n8n that a new doc is ready for OCR + indexing. */ + public static function caseEnqueueIngest(int $docId, int $userId): bool + { + $webhookUrl = getenv('N8N_CASE_INGEST_WEBHOOK') ?: ''; + if ($webhookUrl === '') { + error_log('[CaseStore] N8N_CASE_INGEST_WEBHOOK not configured — leaving doc ' . $docId . ' as pending'); + return false; + } + $payload = json_encode([ + 'doc_id' => $docId, + 'user_id' => $userId, + 'callback_url' => 'https://tools.dobetternorge.no/api/case/ingest-callback.php', + ], JSON_UNESCAPED_UNICODE); + + $ch = curl_init($webhookUrl); + curl_setopt_array($ch, [ + CURLOPT_POST => true, + CURLOPT_POSTFIELDS => $payload, + CURLOPT_HTTPHEADER => ['Content-Type: application/json'], + CURLOPT_RETURNTRANSFER => true, + CURLOPT_TIMEOUT => 5, + ]); + curl_exec($ch); + $errno = curl_errno($ch); + $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + curl_close($ch); + return $errno === 0 && $status >= 200 && $status < 300; + } + + /** + * Hybrid search across the user's case. + * Embeds the query via LiteLLM (azure-text-embedding-3-small) and hits the per-user Azure Search index. + * + * CRITICAL: $userId here must be the EFFECTIVE owner_user_id (resolved via caseResolveClientId). + * The Azure index is scoped to this user_id at the INDEX NAME level — cross-user leak is structurally + * impossible: index "case-100" cannot return rows from index "case-200". + */ + public static function caseHybridSearch(int $effectiveOwnerUserId, string $query, int $k = 5): array + { + if ($effectiveOwnerUserId <= 0 || trim($query) === '') { + return []; + } + try { + $vector = self::embedQuery($query); + if (empty($vector)) { + return []; + } + $admin = new AzureSearchAdmin(); + $resp = $admin->hybridSearch($effectiveOwnerUserId, $query, $vector, $k); + $hits = []; + foreach (($resp['value'] ?? []) as $hit) { + $hits[] = [ + 'chunk_text' => (string)($hit['chunk_text'] ?? ''), + 'filename' => (string)($hit['filename'] ?? ''), + 'page' => (int)($hit['page'] ?? 0), + 'doc_id' => (int)($hit['doc_id'] ?? 0), + 'doc_type' => (string)($hit['doc_type'] ?? ''), + 'score' => (float)($hit['@search.score'] ?? 0), + 'reranker_score' => (float)($hit['@search.rerankerScore'] ?? 0), + ]; + } + return $hits; + } catch (Throwable $e) { + error_log('[CaseStore::caseHybridSearch] failed: ' . $e->getMessage()); + return []; + } + } + + /** Embed a string via LiteLLM (azure-text-embedding-3-small). Returns float[] of dim 1536, or []. */ + public static function embedQuery(string $text): array + { + $base = getenv('LITELLM_BASE_URL') ?: 'http://10.0.1.10:4000'; + $key = getenv('LITELLM_API_KEY') ?: 'sk-bnl-litellm-26xR9mK4qvN3wL8sTj7pB2d'; + $payload = json_encode([ + 'model' => 'azure-text-embedding-3-small', + 'input' => mb_substr($text, 0, 8000), + ], JSON_UNESCAPED_UNICODE); + + $ch = curl_init($base . '/v1/embeddings'); + curl_setopt_array($ch, [ + CURLOPT_POST => true, + CURLOPT_POSTFIELDS => $payload, + CURLOPT_HTTPHEADER => [ + 'Authorization: Bearer ' . $key, + 'Content-Type: application/json', + ], + CURLOPT_RETURNTRANSFER => true, + CURLOPT_TIMEOUT => 15, + ]); + $raw = curl_exec($ch); + $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + curl_close($ch); + if ($status !== 200 || !is_string($raw)) { + return []; + } + $data = json_decode($raw, true); + $vec = $data['data'][0]['embedding'] ?? null; + return is_array($vec) ? array_map('floatval', $vec) : []; + } + + /** Format chunks for injection into an agent's system prompt. */ + public static function formatChunksForPrompt(array $chunks): string + { + if (empty($chunks)) return ''; + $out = "\n\n## Brukerens egne dokumenter (private sak):\n"; + foreach ($chunks as $i => $c) { + $out .= sprintf( + "\n[%d] %s · side %d%s\n%s\n", + $i + 1, + $c['filename'], + $c['page'], + $c['doc_type'] !== '' ? ' · ' . $c['doc_type'] : '', + mb_substr($c['chunk_text'], 0, 1500) + ); + } + $out .= "\n— slutt på brukerens dokumenter —\n"; + return $out; + } + + /** Soft-delete a doc + remove vectors from Azure index. */ + public static function deleteDocument(int $userId, int $docId): bool + { + $db = dbnmDb(); + $stmt = $db->prepare('SELECT id, storage_path, size_bytes FROM case_documents WHERE id = ? AND user_id = ? AND deleted_at IS NULL LIMIT 1'); + $stmt->execute([$docId, $userId]); + $doc = $stmt->fetch(PDO::FETCH_ASSOC); + if (!$doc) { + return false; + } + // Remove from Azure index + try { + $admin = new AzureSearchAdmin(); + $admin->deleteDoc($userId, $docId); + } catch (Throwable $e) { + error_log('[CaseStore::deleteDocument] azure delete: ' . $e->getMessage()); + } + // Mark deleted in DB + $db->prepare('UPDATE case_documents SET deleted_at = NOW() WHERE id = ?')->execute([$docId]); + // Refund storage + $db->prepare('UPDATE user_tool_credits SET storage_used_bytes = GREATEST(0, storage_used_bytes - ?) WHERE user_id = ?') + ->execute([(int)$doc['size_bytes'], $userId]); + // Remove file from disk + if (!empty($doc['storage_path']) && is_file($doc['storage_path'])) { + @unlink($doc['storage_path']); + } + return true; + } + + /** Return all docs for a user (excluding deleted). */ + public static function listDocs(int $userId): array + { + $db = dbnmDb(); + $stmt = $db->prepare( + 'SELECT id, filename, size_bytes, page_count, doc_type, detected_date, ocr_status, ocr_error, uploaded_at, indexed_at + FROM case_documents WHERE user_id = ? AND deleted_at IS NULL ORDER BY uploaded_at DESC' + ); + $stmt->execute([$userId]); + return $stmt->fetchAll(PDO::FETCH_ASSOC) ?: []; + } +} diff --git a/includes/DeepResearchAgent.php b/includes/DeepResearchAgent.php index 094d9de..c3c3877 100644 --- a/includes/DeepResearchAgent.php +++ b/includes/DeepResearchAgent.php @@ -980,10 +980,11 @@ PROMPT; 'next_practical_step' => 'Try widening slice selection or rephrasing with more specific statutory or party terms.', ], 'deploy_label' => match($engine) { - 'gpu' => 'GPU (cuttlefish)', - 'dbn_legal' => 'dbn-legal-agent-v2', - 'azure_full'=> 'gpt-4o', - default => $this->azure->chatDeployment(), + 'gpu' => 'GPU (cuttlefish)', + 'dbn_legal' => 'dbn-legal-agent-v2', + 'dbn_legal_v3' => 'dbn-legal-agent-v3', + 'azure_full' => 'gpt-4o', + default => $this->azure->chatDeployment(), }, ]; } @@ -1121,7 +1122,11 @@ PROMPT; $opts = ['json' => true, 'temperature' => $synthTemp, 'max_tokens' => 4000, 'timeout' => 180]; try { - if ($engine === 'dbn_legal') { + if ($engine === 'dbn_legal_v3') { + $response = dbnToolsCallGpuLlm($messages, array_merge($opts, ['model' => 'dbn-legal-agent-v3', 'timeout' => 180])); + $deployLabel = 'dbn-legal-agent-v3'; + $raw = (string)($response['choices'][0]['message']['content'] ?? ''); + } elseif ($engine === 'dbn_legal') { $response = dbnToolsCallGpuLlm($messages, array_merge($opts, ['model' => 'dbn-legal-agent-v2', 'timeout' => 180])); $deployLabel = 'dbn-legal-agent-v2'; $raw = (string)($response['choices'][0]['message']['content'] ?? ''); diff --git a/includes/DiscrepancyAgent.php b/includes/DiscrepancyAgent.php index 92eaa97..089dd7f 100644 --- a/includes/DiscrepancyAgent.php +++ b/includes/DiscrepancyAgent.php @@ -754,9 +754,10 @@ PROMPT; $locale = dbnToolsLanguageName($language); $sourceCount = count($numberedSources); $deployLabel = match ($engine) { - 'gpu' => 'GPU (cuttlefish)', - 'azure_full' => 'gpt-4o', - default => $this->azure->chatDeployment(), + 'gpu' => 'GPU (cuttlefish)', + 'dbn_legal_v3' => 'dbn-legal-agent-v3', + 'azure_full' => 'gpt-4o', + default => $this->azure->chatDeployment(), }; if (empty($numberedSources)) { @@ -863,7 +864,10 @@ PROMPT; $raw = ''; try { - if ($engine === 'gpu') { + if ($engine === 'dbn_legal_v3') { + $response = dbnToolsCallGpuLlm($messages, array_merge($opts, ['model' => 'dbn-legal-agent-v3', 'timeout' => 180])); + $raw = (string)($response['choices'][0]['message']['content'] ?? ''); + } elseif ($engine === 'gpu') { $response = dbnToolsCallGpuLlm($messages, $opts); $raw = (string)($response['choices'][0]['message']['content'] ?? ''); } elseif ($engine === 'azure_full') { diff --git a/includes/FreeTier.php b/includes/FreeTier.php index 9bf38a1..529348b 100644 --- a/includes/FreeTier.php +++ b/includes/FreeTier.php @@ -2,18 +2,22 @@ declare(strict_types=1); /** - * Credit system for free-tier (Google-authenticated) users of tools.dobetternorge.no. + * Credit + tier system for users of tools.dobetternorge.no. * - * Credits are stored in dobetternorge_maindb.user_tool_credits. - * Usage is logged in user_tool_usage_log. + * Tables: + * user_tool_credits — balance (monthly, resets), bonus_balance (never expires), tier, Stripe links + * user_tool_usage_log — every tool call with credits_used + * user_subscriptions — Stripe subscription ledger + * + * Effective balance = balance + bonus_balance. + * Spend order: deduct from balance first, overflow to bonus_balance. + * pro_plus tier bypasses balance checks (still subject to hourly cap). * * CaveauAI client sessions (dbn_tools_user_id + client_id) bypass all checks. - * Only SSO sessions with tier='free' are subject to limits. + * Only SSO sessions are subject to limits. */ final class FreeTier { - private const HOURLY_LIMIT = 10; - private const COSTS = [ 'corpus-search' => 0, 'search' => 0, @@ -24,8 +28,33 @@ final class FreeTier 'barnevernet' => 3, 'advocate' => 3, 'deep-research' => 5, - 'transcribe' => 2, // flat rate; actual duration unknown upfront - 'discrepancy' => 4, // 2 docs × 4 extraction steps + cross-ref + synthesis + 'transcribe' => 2, + 'discrepancy' => 4, + 'korrespond' => 3, + ]; + + /** Monthly credit allowance per tier. pro_plus is "effectively unlimited" but hourly-capped. */ + private const MONTHLY_ALLOWANCE = [ + 'free' => 30, + 'light' => 120, + 'pro' => 500, + 'pro_plus' => 999999, + ]; + + /** Hourly rate-limit per tier (number of paid tool calls per rolling hour). */ + private const HOURLY_CAP = [ + 'free' => 10, + 'light' => 15, + 'pro' => 30, + 'pro_plus' => 50, + ]; + + /** Per-user case-storage quota in bytes. */ + private const STORAGE_QUOTA = [ + 'free' => 0, + 'light' => 104857600, // 100 MB + 'pro' => 1073741824, // 1 GB + 'pro_plus' => 10737418240, // 10 GB ]; /** Credit cost for a given tool slug. Returns 1 for unknown tools. */ @@ -34,94 +63,269 @@ final class FreeTier return self::COSTS[$tool] ?? 1; } + public static function monthlyAllowance(string $tier): int + { + return self::MONTHLY_ALLOWANCE[$tier] ?? self::MONTHLY_ALLOWANCE['free']; + } + + public static function hourlyCap(string $tier): int + { + return self::HOURLY_CAP[$tier] ?? self::HOURLY_CAP['free']; + } + + public static function storageQuota(string $tier): int + { + return self::STORAGE_QUOTA[$tier] ?? 0; + } + + /** Fetch a user's tier (defaults to 'free' if no row). */ + public static function tier(int $userId): string + { + $row = self::row($userId); + return $row['tier'] ?? 'free'; + } + + /** Fetch the full credits row, applying lazy monthly reset. */ + public static function row(int $userId): ?array + { + $db = dbnmDb(); + // Auto-refill monthly balance based on tier-specific allowance, only if a new calendar month has begun. + $db->prepare( + "UPDATE user_tool_credits + SET balance = CASE tier + WHEN 'free' THEN " . self::MONTHLY_ALLOWANCE['free'] . " + WHEN 'light' THEN " . self::MONTHLY_ALLOWANCE['light'] . " + WHEN 'pro' THEN " . self::MONTHLY_ALLOWANCE['pro'] . " + WHEN 'pro_plus' THEN " . self::MONTHLY_ALLOWANCE['pro_plus'] . " + ELSE balance END, + last_reset = CURDATE() + WHERE user_id = ? + AND (YEAR(last_reset) < YEAR(CURDATE()) OR MONTH(last_reset) < MONTH(CURDATE()))" + )->execute([$userId]); + + $stmt = $db->prepare('SELECT * FROM user_tool_credits WHERE user_id = ? LIMIT 1'); + $stmt->execute([$userId]); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + return is_array($row) ? $row : null; + } + /** * Check whether the user may proceed with a tool call. - * Handles monthly reset automatically. * - * Returns ['ok' => true, 'balance' => int] - * or ['ok' => false, 'balance' => int, 'reason' => 'no_credits'|'rate_limit'] + * Returns: + * ['ok' => true, 'balance' => int, 'bonus_balance' => int, 'tier' => string] + * ['ok' => false, 'balance' => int, 'bonus_balance' => int, 'tier' => string, + * 'reason' => 'no_credits'|'rate_limit'] */ public static function check(int $userId, string $tool): array { $db = dbnmDb(); $cost = self::cost($tool); + $row = self::row($userId); - // Auto-reset balance if a new month has begun since last reset - $db->prepare( - 'UPDATE user_tool_credits - SET balance = allowance, last_reset = CURDATE() - WHERE user_id = ? - AND (YEAR(last_reset) < YEAR(CURDATE()) OR MONTH(last_reset) < MONTH(CURDATE()))' - )->execute([$userId]); - - $row = $db->prepare( - 'SELECT balance FROM user_tool_credits WHERE user_id = ? LIMIT 1' - ); - $row->execute([$userId]); - $credits = $row->fetch(PDO::FETCH_ASSOC); - - if ($credits === false) { - // No credits row — treat as 0 balance (shouldn't happen after ensureFreeTierCredits) - return ['ok' => false, 'balance' => 0, 'reason' => 'no_credits']; + if ($row === null) { + return [ + 'ok' => false, 'balance' => 0, 'bonus_balance' => 0, + 'tier' => 'free', 'reason' => 'no_credits', + ]; } - $balance = (int)$credits['balance']; + $balance = (int)$row['balance']; + $bonus = (int)$row['bonus_balance']; + $tier = (string)$row['tier']; - // Free tools always pass - if ($cost === 0) { - return ['ok' => true, 'balance' => $balance]; - } + $base = [ + 'balance' => $balance, + 'bonus_balance' => $bonus, + 'tier' => $tier, + ]; - if ($balance < $cost) { - return ['ok' => false, 'balance' => $balance, 'reason' => 'no_credits']; - } - - // Hourly rate limit check (counts any tool that costs > 0) - $hourlyCount = $db->prepare( + // Hourly rate limit (always applies, even to pro_plus) + $stmt = $db->prepare( 'SELECT COUNT(*) FROM user_tool_usage_log WHERE user_id = ? AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR) AND credits_used > 0' ); - $hourlyCount->execute([$userId]); - if ((int)$hourlyCount->fetchColumn() >= self::HOURLY_LIMIT) { - return ['ok' => false, 'balance' => $balance, 'reason' => 'rate_limit']; + $stmt->execute([$userId]); + $hourly = (int)$stmt->fetchColumn(); + if ($hourly >= self::hourlyCap($tier)) { + return $base + ['ok' => false, 'reason' => 'rate_limit']; } - return ['ok' => true, 'balance' => $balance]; + // Free tool (cost=0) always passes credit check + if ($cost === 0) { + return $base + ['ok' => true]; + } + + // pro_plus bypasses credit check + if ($tier === 'pro_plus') { + return $base + ['ok' => true]; + } + + if (($balance + $bonus) < $cost) { + return $base + ['ok' => false, 'reason' => 'no_credits']; + } + + return $base + ['ok' => true]; } /** * Deduct credits for a completed tool call and log the usage. - * Safe to call even when cost is 0 (logs the call but deducts nothing). + * Spends from `balance` first, then `bonus_balance`. + * pro_plus tier logs the call but does not deduct. + * + * Returns the new effective balance (balance + bonus_balance). */ public static function deduct(int $userId, string $tool): int { $db = dbnmDb(); $cost = self::cost($tool); + $row = self::row($userId); + $tier = $row['tier'] ?? 'free'; + + if ($cost > 0 && $tier !== 'pro_plus' && $row !== null) { + $balance = (int)$row['balance']; + $bonus = (int)$row['bonus_balance']; + + $fromBalance = min($cost, $balance); + $fromBonus = $cost - $fromBalance; - if ($cost > 0) { $db->prepare( 'UPDATE user_tool_credits - SET balance = GREATEST(0, balance - ?) + SET balance = GREATEST(0, balance - ?), + bonus_balance = GREATEST(0, bonus_balance - ?) WHERE user_id = ?' - )->execute([$cost, $userId]); + )->execute([$fromBalance, $fromBonus, $userId]); } $db->prepare( 'INSERT INTO user_tool_usage_log (user_id, tool, credits_used) VALUES (?, ?, ?)' )->execute([$userId, $tool, $cost]); - $row = $db->prepare('SELECT balance FROM user_tool_credits WHERE user_id = ? LIMIT 1'); - $row->execute([$userId]); - $r = $row->fetch(PDO::FETCH_ASSOC); - return $r ? (int)$r['balance'] : 0; + $latest = self::row($userId); + return $latest ? ((int)$latest['balance'] + (int)$latest['bonus_balance']) : 0; + } + + /** Effective balance (monthly + bonus). */ + public static function balance(int $userId): int + { + $row = self::row($userId); + return $row ? ((int)$row['balance'] + (int)$row['bonus_balance']) : 0; + } + + /** Detailed balance breakdown for UI rendering. */ + public static function balanceDetail(int $userId): array + { + $row = self::row($userId); + if (!$row) { + return ['balance' => 0, 'bonus_balance' => 0, 'tier' => 'free']; + } + return [ + 'balance' => (int)$row['balance'], + 'bonus_balance' => (int)$row['bonus_balance'], + 'tier' => (string)$row['tier'], + 'storage_used_bytes' => (int)($row['storage_used_bytes'] ?? 0), + 'storage_quota_bytes' => self::storageQuota((string)$row['tier']), + 'survey_completed_at' => $row['survey_completed_at'] ?? null, + 'subscription_period_end' => $row['subscription_period_end'] ?? null, + ]; } /** - * Current balance for a user (after any pending monthly reset). + * Award one-time bonus credits (survey reward, Stripe topup, manual grant). + * Source is logged via user_tool_usage_log with a negative credits_used value. */ - public static function balance(int $userId): int + public static function awardBonus(int $userId, int $credits, string $source): int { - $result = self::check($userId, 'corpus-search'); // cost=0, triggers reset if needed - return $result['balance']; + if ($credits <= 0) { + return self::balance($userId); + } + $db = dbnmDb(); + self::ensureRow($userId); + $db->prepare('UPDATE user_tool_credits SET bonus_balance = bonus_balance + ? WHERE user_id = ?') + ->execute([$credits, $userId]); + $db->prepare('INSERT INTO user_tool_usage_log (user_id, tool, credits_used) VALUES (?, ?, ?)') + ->execute([$userId, 'bonus:' . substr($source, 0, 40), -$credits]); + return self::balance($userId); + } + + /** + * Set or upgrade a user's tier (called by Stripe subscription webhook). + * Refills monthly balance to the new tier's allowance. + */ + public static function setTier( + int $userId, + string $tier, + ?string $stripeCustomerId, + ?string $subscriptionId, + ?string $periodEndIso + ): void { + $db = dbnmDb(); + self::ensureRow($userId); + $allowance = self::monthlyAllowance($tier); + $db->prepare( + 'UPDATE user_tool_credits + SET tier = ?, balance = ?, allowance = ?, + stripe_customer_id = COALESCE(?, stripe_customer_id), + subscription_id = ?, + subscription_period_end = ?, + last_reset = CURDATE() + WHERE user_id = ?' + )->execute([$tier, $allowance, $allowance, $stripeCustomerId, $subscriptionId, $periodEndIso, $userId]); + } + + /** + * Refill monthly balance at subscription renewal (invoice.paid). + * Does not touch bonus_balance. + */ + public static function refillForRenewal(int $userId, string $tier, ?string $periodEndIso): void + { + $db = dbnmDb(); + $allowance = self::monthlyAllowance($tier); + $db->prepare( + 'UPDATE user_tool_credits + SET balance = ?, + subscription_period_end = ?, + last_reset = CURDATE() + WHERE user_id = ?' + )->execute([$allowance, $periodEndIso, $userId]); + } + + /** + * Revert a user to free tier (subscription canceled or fully ended). + * Preserves bonus_balance and case_documents (handled by 90-day cron). + */ + public static function clearTier(int $userId): void + { + $db = dbnmDb(); + $db->prepare( + 'UPDATE user_tool_credits + SET tier = ?, allowance = ?, subscription_id = NULL, subscription_period_end = NULL + WHERE user_id = ?' + )->execute(['free', self::monthlyAllowance('free'), $userId]); + } + + /** Mark survey as completed so the bonus can only be claimed once per account. */ + public static function markSurveyCompleted(int $userId): void + { + $db = dbnmDb(); + self::ensureRow($userId); + $db->prepare('UPDATE user_tool_credits SET survey_completed_at = NOW() WHERE user_id = ?') + ->execute([$userId]); + } + + public static function hasCompletedSurvey(int $userId): bool + { + $row = self::row($userId); + return !empty($row['survey_completed_at']); + } + + /** Create the user_tool_credits row if missing (idempotent). */ + public static function ensureRow(int $userId): void + { + $db = dbnmDb(); + $db->prepare( + 'INSERT IGNORE INTO user_tool_credits (user_id, balance, allowance, tier, last_reset, created_at) + VALUES (?, ?, ?, ?, CURDATE(), NOW())' + )->execute([$userId, self::monthlyAllowance('free'), self::monthlyAllowance('free'), 'free']); } } diff --git a/includes/KorrespondAgent.php b/includes/KorrespondAgent.php index 9bd9026..f4fec25 100644 --- a/includes/KorrespondAgent.php +++ b/includes/KorrespondAgent.php @@ -330,6 +330,18 @@ PROMPT; $parts[] = ' • ' . $key . ': ' . $value; } } + + // Inject Min Sak (private case corpus) hits if user opted in and is on a paid tier. + if (!empty($intake['use_my_case'])) { + $caseQuery = trim((string)($intake['goal'] ?? '') . ' ' . (string)($intake['narrative'] ?? '')); + if ($caseQuery !== '') { + $caseBlock = dbnToolsCaseContext(true, $caseQuery, 5); + if ($caseBlock !== '') { + $parts[] = $caseBlock; + } + } + } + return mb_substr(implode("\n\n", $parts), 0, self::MAX_CONTEXT_CHARS, 'UTF-8'); } diff --git a/includes/StripeClient.php b/includes/StripeClient.php new file mode 100644 index 0000000..b51ece4 --- /dev/null +++ b/includes/StripeClient.php @@ -0,0 +1,234 @@ +secretKey = $secretKey ?? self::config('STRIPE_SECRET_KEY'); + if ($this->secretKey === '') { + throw new RuntimeException('StripeClient: STRIPE_SECRET_KEY not configured.'); + } + } + + /** Load a Stripe config value from /etc/bnl/stripe.php OR env. */ + public static function config(string $key): string + { + static $fileConfig = null; + if ($fileConfig === null) { + $path = '/etc/bnl/stripe.php'; + $fileConfig = is_readable($path) ? (require $path) : []; + if (!is_array($fileConfig)) { + $fileConfig = []; + } + } + + $envValue = getenv($key); + if ($envValue !== false && $envValue !== '') { + return $envValue; + } + return (string)($fileConfig[$key] ?? ''); + } + + /** Map an internal SKU to a Stripe price ID. */ + public static function priceId(string $sku): string + { + static $map = null; + if ($map === null) { + $map = [ + 'topup_s' => self::config('STRIPE_PRICE_TOPUP_S'), + 'topup_m' => self::config('STRIPE_PRICE_TOPUP_M'), + 'topup_l' => self::config('STRIPE_PRICE_TOPUP_L'), + 'light' => self::config('STRIPE_PRICE_LIGHT'), + 'pro' => self::config('STRIPE_PRICE_PRO'), + 'pro_plus' => self::config('STRIPE_PRICE_PRO_PLUS'), + ]; + } + $id = $map[$sku] ?? ''; + if ($id === '') { + throw new InvalidArgumentException("Unknown Stripe SKU: {$sku}"); + } + return $id; + } + + /** Topup credit grants — must match values shown on pricing.php. */ + public static function topupCredits(string $sku): int + { + return match ($sku) { + 'topup_s' => 30, + 'topup_m' => 100, + 'topup_l' => 300, + default => 0, + }; + } + + /** Map a Stripe price ID back to the internal subscription tier (light/pro/pro_plus). */ + public static function tierForPrice(string $priceId): ?string + { + foreach (['light', 'pro', 'pro_plus'] as $tier) { + if (self::config('STRIPE_PRICE_' . strtoupper($tier)) === $priceId) { + return $tier; + } + } + return null; + } + + /** + * Create a Checkout Session. + * + * @param array $params Stripe parameters (flat form-encoded — see request() docs). + */ + public function createCheckoutSession(array $params): array + { + return $this->request('POST', '/checkout/sessions', $params); + } + + /** Create a Customer Portal session for self-serve subscription management. */ + public function createPortalSession(string $customerId, string $returnUrl): array + { + return $this->request('POST', '/billing_portal/sessions', [ + 'customer' => $customerId, + 'return_url' => $returnUrl, + ]); + } + + /** Retrieve a subscription. */ + public function getSubscription(string $subscriptionId): array + { + return $this->request('GET', '/subscriptions/' . urlencode($subscriptionId)); + } + + /** Find-or-create a Stripe customer for a given email. */ + public function ensureCustomer(string $email, ?int $userId = null): string + { + $found = $this->request('GET', '/customers', ['email' => $email, 'limit' => 1]); + if (!empty($found['data'][0]['id'])) { + return (string)$found['data'][0]['id']; + } + $params = ['email' => $email]; + if ($userId !== null) { + $params['metadata'] = ['user_id' => (string)$userId]; + } + $created = $this->request('POST', '/customers', $params); + return (string)($created['id'] ?? ''); + } + + /** + * Verify a Stripe webhook signature. + * Stripe-Signature header format: t=,v1=[,v1=...] + */ + public static function verifyWebhookSignature(string $payload, string $sigHeader, string $secret, int $toleranceSeconds = 300): bool + { + if ($secret === '' || $sigHeader === '') { + return false; + } + $parts = []; + foreach (explode(',', $sigHeader) as $pair) { + $kv = explode('=', $pair, 2); + if (count($kv) === 2) { + $parts[trim($kv[0])][] = trim($kv[1]); + } + } + $timestamp = isset($parts['t'][0]) ? (int)$parts['t'][0] : 0; + $sigs = $parts['v1'] ?? []; + if ($timestamp === 0 || empty($sigs)) { + return false; + } + if (abs(time() - $timestamp) > $toleranceSeconds) { + return false; + } + $signedPayload = $timestamp . '.' . $payload; + $expected = hash_hmac('sha256', $signedPayload, $secret); + foreach ($sigs as $sig) { + if (hash_equals($expected, $sig)) { + return true; + } + } + return false; + } + + /** + * Low-level HTTP request to Stripe API. Returns decoded JSON or throws on error. + * Stripe uses form-encoded bodies even for nested params (foo[bar]=baz). + */ + public function request(string $method, string $path, array $params = []): array + { + $url = self::API_BASE . $path; + $method = strtoupper($method); + $headers = [ + 'Authorization: Bearer ' . $this->secretKey, + 'Stripe-Version: 2024-10-28.acacia', + ]; + + $ch = curl_init(); + $body = ''; + if ($method === 'GET' && !empty($params)) { + $url .= '?' . self::flattenFormParams($params); + } elseif (!empty($params)) { + $body = self::flattenFormParams($params); + $headers[] = 'Content-Type: application/x-www-form-urlencoded'; + } + + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_TIMEOUT, self::TIMEOUT); + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + if ($body !== '') { + curl_setopt($ch, CURLOPT_POSTFIELDS, $body); + } + + $raw = curl_exec($ch); + $errno = curl_errno($ch); + $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); + curl_close($ch); + + if ($errno !== 0 || $raw === false) { + throw new RuntimeException('Stripe curl error: ' . curl_strerror($errno)); + } + + $decoded = json_decode((string)$raw, true); + if (!is_array($decoded)) { + throw new RuntimeException('Stripe response was not JSON: ' . substr((string)$raw, 0, 200)); + } + if ($status >= 400) { + $msg = $decoded['error']['message'] ?? 'Unknown Stripe error'; + $code = $decoded['error']['code'] ?? 'unknown'; + throw new RuntimeException("Stripe API error ({$status}/{$code}): {$msg}"); + } + return $decoded; + } + + /** Flatten nested arrays into Stripe's form-encoding scheme (foo[bar]=baz). */ + private static function flattenFormParams(array $params, string $prefix = ''): string + { + $pairs = []; + foreach ($params as $key => $value) { + $name = $prefix === '' ? (string)$key : $prefix . '[' . $key . ']'; + if (is_array($value)) { + $pairs[] = self::flattenFormParams($value, $name); + } elseif (is_bool($value)) { + $pairs[] = rawurlencode($name) . '=' . ($value ? 'true' : 'false'); + } elseif ($value !== null) { + $pairs[] = rawurlencode($name) . '=' . rawurlencode((string)$value); + } + } + return implode('&', $pairs); + } +} diff --git a/includes/bootstrap.php b/includes/bootstrap.php index 1495329..e2869c6 100644 --- a/includes/bootstrap.php +++ b/includes/bootstrap.php @@ -420,18 +420,20 @@ function dbnmDb(): PDO } /** - * True when the current session is a free-tier SSO user (Google login). - * False for CaveauAI client sessions (always unlimited). + * True when the current session belongs to an SSO user (Google login). + * All SSO sessions go through the credit + tier system (free, light, pro, pro_plus). + * False for CaveauAI client sessions, which bypass all credit checks. + * + * Note: name is historical — paid SSO users are also subject to the credit gate. */ function dbnToolsIsFreeTier(): bool { return !empty($_SESSION['dbn_tools_authenticated']) - && !empty($_SESSION['dbn_tools_sso_uid']) - && ($_SESSION['dbn_tools_tier'] ?? '') === 'free'; + && !empty($_SESSION['dbn_tools_sso_uid']); } /** - * Enforce free-tier credit gate before a tool call. + * Enforce credit + tier gate before a tool call. * Exits with JSON 402/429 if the user is over limit or out of credits. * No-op for CaveauAI sessions. * @@ -449,16 +451,20 @@ function dbnToolsFreeTierCheck(string $tool): int if (!$result['ok']) { $isRateLimit = ($result['reason'] ?? '') === 'rate_limit'; + $tier = (string)($result['tier'] ?? 'free'); + $cap = FreeTier::hourlyCap($tier); http_response_code($isRateLimit ? 429 : 402); header('Content-Type: application/json; charset=utf-8'); header('Cache-Control: no-store'); echo json_encode([ 'ok' => false, 'error' => ['code' => $result['reason'], 'message' => $isRateLimit - ? 'Rate limit reached — you can make up to 10 requests per hour on the free tier.' - : 'No credits remaining. Your 10 free credits reset on the 1st of next month.', + ? "Rate limit reached — your tier ({$tier}) allows {$cap} requests per hour." + : 'No credits remaining. See /pricing.php to top up or upgrade.', ], 'balance' => $result['balance'], + 'bonus_balance' => $result['bonus_balance'] ?? 0, + 'tier' => $tier, ], JSON_UNESCAPED_UNICODE); exit; } @@ -466,6 +472,83 @@ function dbnToolsFreeTierCheck(string $tool): int return $uid; } +/** Return the current SSO user's tier, or 'free' if not SSO / no row. */ +function dbnToolsCurrentTier(): string +{ + if (!dbnToolsIsFreeTier()) { + return 'caveau'; + } + require_once __DIR__ . '/FreeTier.php'; + return FreeTier::tier((int)$_SESSION['dbn_tools_sso_uid']); +} + +/** + * Inject "Min Sak" context into an agent's system prompt. + * + * Returns a system-prompt fragment with the top-k hybrid-search hits from the user's + * private case corpus, or an empty string if the user is not paid / has no docs / opted out. + * + * CRITICAL: this resolves family-plan members to their OWNER's user_id so the search hits + * the shared OWNER's index. Index-level isolation makes cross-user leak structurally impossible. + * + * Pattern (for agents): + * $caseBlock = dbnToolsCaseContext($intake['use_my_case'] ?? false, $userQuery); + * if ($caseBlock !== '') { $systemPrompt .= $caseBlock; } + */ +function dbnToolsCaseContext(bool $useMyCase, string $query, int $k = 5): string +{ + if (!$useMyCase) return ''; + if (!dbnToolsIsFreeTier()) return ''; + $userId = (int)($_SESSION['dbn_tools_sso_uid'] ?? 0); + if ($userId <= 0) return ''; + + require_once __DIR__ . '/FreeTier.php'; + $tier = FreeTier::tier($userId); + if (!in_array($tier, ['light', 'pro', 'pro_plus'], true)) return ''; + + require_once __DIR__ . '/CaseStore.php'; + $effective = CaseStore::caseResolveClientId($userId); + $chunks = CaseStore::caseHybridSearch($effective, $query, $k); + + // Audit log: who ran what against whose case + try { + $db = dbnmDb(); + $db->prepare( + 'INSERT INTO case_tool_runs (user_id, tool, used_my_case, case_chunks_retrieved, doc_ids, ip_hash, created_at) + VALUES (?, ?, 1, ?, ?, ?, NOW())' + )->execute([ + $userId, + (string)(debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2)[1]['function'] ?? 'unknown'), + count($chunks), + json_encode(array_values(array_unique(array_map(fn($c) => (int)$c['doc_id'], $chunks))), JSON_UNESCAPED_UNICODE), + hash('sha256', ($_SERVER['REMOTE_ADDR'] ?? '0.0.0.0') . '|case'), + ]); + } catch (Throwable $e) { /* audit log is non-fatal */ } + + return CaseStore::formatChunksForPrompt($chunks); +} + +/** Read /etc/bnl/intersite.php for the HMAC secret shared between dobetternorge.no and tools.dobetternorge.no. */ +function dbnToolsIntersiteSecret(): string +{ + static $secret = null; + if ($secret !== null) { + return $secret; + } + $envValue = (string)(dbnToolsEnv('INTERSITE_HMAC_SECRET') ?? ''); + if ($envValue !== '') { + return $secret = $envValue; + } + $path = '/etc/bnl/intersite.php'; + if (is_readable($path)) { + $cfg = require $path; + if (is_array($cfg) && !empty($cfg['INTERSITE_HMAC_SECRET'])) { + return $secret = (string)$cfg['INTERSITE_HMAC_SECRET']; + } + } + return $secret = ''; +} + /** * Deduct credits after a successful tool call. * The $uid returned from dbnToolsFreeTierCheck() must be passed in. @@ -863,24 +946,43 @@ function dbnToolsRunLegalCheck(string $brief, string $docType): array } $opts = [ - 'model' => 'dbn-legal-agent-v2', + 'model' => 'dbn-legal-agent-v3', 'temperature' => 0.1, 'max_tokens' => 350, 'timeout' => 120, // No 'json' key — plain narrative, no response_format flag ]; + $sysMsg = 'Du er en ekspert på norsk barnevernsloven og EMD-praksis. Svar alltid på norsk med korrekt juridisk terminologi. Bruk terskler fra barnevernsloven 2021: § 4-25 krever «klar nødvendighet». Strand Lobben mot Norge (37283/13) setter krav om rehabiliteringsplan før adopsjon. Aldri oppfinn paragrafnumre, saksnumre eller dommernavn.'; + + $text = ''; try { $response = dbnToolsCallGpuLlm( [ - ['role' => 'system', 'content' => 'Du er en ekspert på norsk barnevernsloven og EMD-praksis. Svar alltid på norsk med korrekt juridisk terminologi. Bruk terskler fra barnevernsloven 2021: § 4-25 krever «klar nødvendighet». Strand Lobben mot Norge (37283/13) setter krav om rehabiliteringsplan før adopsjon. Aldri oppfinn paragrafnumre, saksnumre eller dommernavn.'], + ['role' => 'system', 'content' => $sysMsg], ['role' => 'user', 'content' => $question], ], $opts ); $text = trim((string)($response['choices'][0]['message']['content'] ?? '')); } catch (Throwable $e) { - return []; + // v3 unavailable — fall back to qwen2.5:7b as safety net + } + + // Fallback: if v3 timed out or returned empty, retry with qwen2.5:7b + if (empty($text) || str_word_count($text) < 8) { + try { + $fallback = dbnToolsCallGpuLlm( + [ + ['role' => 'system', 'content' => $sysMsg], + ['role' => 'user', 'content' => $question], + ], + array_merge($opts, ['model' => 'qwen2.5:7b', 'timeout' => 60]) + ); + $text = trim((string)($fallback['choices'][0]['message']['content'] ?? '')); + } catch (Throwable $e) { + return []; + } } if (empty($text) || str_word_count($text) < 15) { @@ -898,7 +1000,7 @@ function dbnToolsRunLegalCheck(string $brief, string $docType): array 'legal_basis' => dbnToolsExtractCheckLegalBasis($clean), 'source_refs' => [], 'what_to_check'=> 'Verifiser med norsk familieretsadvokat', - 'check_model' => 'dbn-legal-agent-v2', + 'check_model' => 'dbn-legal-agent-v3', ]]; } diff --git a/min-sak.php b/min-sak.php new file mode 100644 index 0000000..21ab60b --- /dev/null +++ b/min-sak.php @@ -0,0 +1,228 @@ + + + Min Sak — Do Better Norge + + +
+

Min Sak — bygg din egen sak

+

Last opp dokumentene fra saken din én gang, og la alle verktøyene jobbe på din private korpus.

+
    +
  • 📄 Privat dokumentbank med OCR
    • +
  • 🔍 Hybrid søk (BM25 + vektor) i din sak
    • +
  • 🧠 Alle verktøy kan referere til din egen sak
    • +
  • 🇪🇺 Alt lagres i EU (Tyskland/Finland/Norge)
    • +
+

Se planer fra €9/mo

+
0 ? min(100, round(($used / $quota) * 100)) : 0; +?> + + + + + + Min Sak — tools.dobetternorge.no + + + + + + + + +
+

+ ← Dashbord · Fakturering +

+

Min Sak

+

Last opp dokumentene dine én gang. Alle verktøyene kan deretter referere til din private sak når du krysser av "Bruk min sak som kontekst".

+ +
+
+

Lagring

+
MB / MB
+
+

dokumenter

+
+
+

Plan

+
+ 'Light','pro'=>'Pro','pro_plus'=>'Pro+ Familie'][$tier] ?? $tier) ?> +
+

+ Oppgrader · Administrer +

+
+
+ + + +
+ +
+ +

Ingen dokumenter ennå. Last opp din første PDF over.

+ +
+
📄
+
+
+
+ KB + · sider + · + · lastet opp +
+
+ + 'I kø','running'=>'OCR pågår','ready'=>'Klar','failed'=>'Feilet'][$d['ocr_status']] ?? $d['ocr_status']); + ?> + +
+ +
+
+ +
+
+ + + + diff --git a/pricing.php b/pricing.php new file mode 100644 index 0000000..da548ed --- /dev/null +++ b/pricing.php @@ -0,0 +1,308 @@ + 'free', + 'name' => 'Gratis', + 'price' => '€0', + 'period' => 'alltid', + 'credits' => '30 kreditter / måned', + 'storage' => 'Ingen sak-lagring', + 'seats' => '1 plass', + 'cap' => '10 verktøy/time', + 'features' => [ + 'Tilgang til alle 13 verktøy', + 'Spørsmål, søk, redaksjon', + 'Korrespondanse-utkast', + ], + 'cta' => $isAuthed ? null : 'Logg inn for å starte', + 'highlight' => false, + ], + [ + 'sku' => 'light', + 'name' => 'Light', + 'price' => '€9', + 'period' => '/ måned', + 'credits' => '120 kreditter / måned', + 'storage' => '100 MB sak-lagring', + 'seats' => '1 plass', + 'cap' => '15 verktøy/time', + 'features' => [ + 'Alt i Gratis', + 'Bygg din egen sak (Min Sak)', + 'Privat dokument-RAG i alle verktøy', + 'OCR på opplastede PDF-er', + ], + 'highlight' => false, + ], + [ + 'sku' => 'pro', + 'name' => 'Pro', + 'price' => '€29', + 'period' => '/ måned', + 'credits' => '500 kreditter / måned', + 'storage' => '1 GB sak-lagring', + 'seats' => '1 plass', + 'cap' => '30 verktøy/time', + 'features' => [ + 'Alt i Light', + 'Hybrid søk (BM25 + vektor) i din sak', + 'Prioritert kø ved opplasting', + 'Tidslinje-rapport på saken din', + ], + 'highlight' => true, + 'badge' => 'Mest populær', + ], + [ + 'sku' => 'pro_plus', + 'name' => 'Pro+ Familie', + 'price' => '€79', + 'period' => '/ måned', + 'credits' => 'Ubegrenset', + 'storage' => '10 GB sak-lagring', + 'seats' => '3 plasser (familie)', + 'cap' => '50 verktøy/time per plass', + 'features' => [ + 'Alt i Pro', + 'Inviter 2 familiemedlemmer eller advokat', + 'Delt sak-arkiv med revisjonslogg', + 'Ubegrensede saksrapporter', + ], + 'highlight' => false, + 'badge' => 'For familier', + ], +]; + +$topups = [ + ['sku' => 'topup_s', 'price' => '€5', 'credits' => 30, 'note' => 'Impulskjøp'], + ['sku' => 'topup_m', 'price' => '€15', 'credits' => 100, 'note' => 'Beste verdi'], + ['sku' => 'topup_l', 'price' => '€40', 'credits' => 300, 'note' => 'Tunge brukere'], +]; +?> + + + + + + Priser — Do Better Norge verktøy + + + + + + + + + + +
+
+

Do Better Norge — verktøy

+

Bygg din egen sak. Bruk hele verktøyboksen.

+

13 AI-verktøy for barnevernssaker. Last opp dine egne dokumenter, og la verktøyene jobbe på din private sak — ikke bare generisk lov.

+
+ + +

Takk! Din betaling er bekreftet. Det kan ta noen sekunder før kontoen oppdateres.

+ +

Kassen ble avbrutt. Du kan prøve igjen når som helst.

+ + + +
+
+

Tjen 25 ekstra kreditter

+

Svar på 5 korte spørsmål om hva som hjelper deg mest. Ingen salgspitch — bare research som hjelper oss å forbedre verktøyene.

+
+ Ta undersøkelsen +
+ + +
+ +
+ + + +

+
+ + +
+
    +
    • +
    • +
    • +
    • +
+
    + +
    • + +
+ + + + + Din nåværende plan + + Tilgjengelig + + + + Logg inn for å abonnere + + Din nåværende plan + + + + +
+ +
+ +
+

Topp opp kreditter

+

Trenger du flere kreditter denne måneden? Kjøp en engangspakke — de utløper aldri.

+
+ +
+
+
kreditter
+
+ + + + Logg inn først + +
+ +
+
+ +
+

Ofte stilte spørsmål

+
+ Hva er forskjellen mellom månedlige kreditter og bonuskreditter? +

Månedlige kreditter (fra abonnement eller gratis tier) tilbakestilles første hver måned. Bonuskreditter (fra undersøkelsen eller topp-opp) utløper aldri og brukes etter de månedlige er oppbrukt.

+
+
+ Hva er Min Sak? +

Min Sak er din private dokumentbank. Last opp PDF-er fra saken din, så blir de OCR-ert, analysert og lagret i din egen sikre korpus. Alle verktøyene kan deretter referere til dine egne dokumenter i stedet for bare generisk lov.

+
+
+ Hvor er dataene mine lagret? +

Alt innenfor EU: servere i Falkenstein (Tyskland) og Helsinki (Finland), AI-tjenester i Vest-Europa og Norge Øst. Vi er hostet hos Hetzner og bruker Microsoft Azure for AI. Stripe behandler betalinger gjennom Irland.

+
+
+ Kan jeg dele en konto med advokaten min? +

Ja — Pro+ Familie inkluderer 3 plasser. Du kan invitere advokat, samboer eller en annen familiemedlem. Alle ser de samme dokumentene, men hvem som gjorde hva blir logget.

+
+
+ Hva skjer hvis jeg sier opp? +

Du faller tilbake til gratis-tier. Bonuskredittene dine beholdes. Dokumentene i Min Sak oppbevares i 90 dager før de slettes — så du har tid til å eksportere dem eller fornye.

+
+
+ Tilbyr dere refusjon? +

Ja, full refusjon innen 7 dager hvis du ikke er fornøyd. Send oss en e-post.

+
+
+
+ + + + diff --git a/workbench.php b/workbench.php index 1cab9bc..2e4e36a 100644 --- a/workbench.php +++ b/workbench.php @@ -9,19 +9,9 @@ if (!dbnToolsIsAuthenticated()) { } $uiLang = dbnToolsCurrentLanguage(); -$tools = dbnToolsLaunchedTools($uiLang); $copy = dbnToolsWorkbenchCopy($uiLang); $langPath = '/workbench.php'; -$toolFlow = [ - ['slug' => 'transcribe', 'step' => '01', 'bring' => $copy['bring_transcribe']], - ['slug' => 'timeline', 'step' => '02', 'bring' => $copy['bring_timeline']], - ['slug' => 'redact', 'step' => '03', 'bring' => $copy['bring_redact']], - ['slug' => 'barnevernet', 'step' => '04', 'bring' => $copy['bring_barnevernet']], - ['slug' => 'advocate', 'step' => '05', 'bring' => $copy['bring_advocate']], - ['slug' => 'deep-research', 'step' => '06', 'bring' => $copy['bring_research']], - ['slug' => 'corpus', 'step' => '07', 'bring' => $copy['bring_corpus']], -]; ?> @@ -154,34 +144,9 @@ foreach ($evidenceFields as [$name, $label, $hint]):
-
-
-

03

-

-
-
- -
-
-
-

-

- -
- -
- -
-
-
-

04

+

03

@@ -199,22 +164,26 @@ foreach ($evidenceFields as [$name, $label, $hint]):
-
-

05

+

04

+
+ +
+ +

Drop files here or

+

PDF, DOCX, TXT — stored for this case.

+
+
+

- - ↗ -
-