Removes outdated prompt files

Removes the `Chat Prompt.txt`, `VSCode Agent/Prompt.txt`, `Warp.dev/Prompt.txt`, and `v0 Prompts and Tools/Prompt.txt` files.

These files likely contain outdated prompts or configurations that are no longer needed in the current project. Removing them helps to clean up the codebase and prevent potential confusion or conflicts.

Nowhere_AI_Agent/backend/src/middleware/auth.ts

@@ -0,0 +1,107 @@
+import { Request, Response, NextFunction } from 'express';
+import jwt from 'jsonwebtoken';
+import { Logger } from '../utils/logger';
+
+const logger = new Logger('AuthMiddleware');
+
+export interface AuthenticatedRequest extends Request {
+  user?: {
+    id: string;
+    email?: string;
+    role?: string;
+  };
+}
+
+export function authMiddleware(req: AuthenticatedRequest, res: Response, next: NextFunction) {
+  try {
+    // Skip authentication for public endpoints
+    if (req.path.startsWith('/public')) {
+      return next();
+    }
+
+    // Get token from header
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      // For development, allow requests without token
+      if (process.env.NODE_ENV === 'development') {
+        req.user = {
+          id: 'default-user',
+          email: 'dev@nowhere.ai',
+          role: 'developer'
+        };
+        return next();
+      }
+
+      return res.status(401).json({
+        success: false,
+        message: 'Access token required'
+      });
+    }
+
+    const token = authHeader.substring(7); // Remove 'Bearer ' prefix
+
+    // Verify token
+    const secret = process.env.JWT_SECRET || 'nowhere-secret-key';
+    const decoded = jwt.verify(token, secret) as any;
+
+    // Add user info to request
+    req.user = {
+      id: decoded.id || decoded.sub,
+      email: decoded.email,
+      role: decoded.role || 'user'
+    };
+
+    logger.debug('User authenticated', { 
+      userId: req.user.id, 
+      role: req.user.role 
+    });
+
+    next();
+
+  } catch (error) {
+    logger.error('Authentication failed', { error: error.message });
+
+    // For development, allow requests with invalid tokens
+    if (process.env.NODE_ENV === 'development') {
+      req.user = {
+        id: 'default-user',
+        email: 'dev@nowhere.ai',
+        role: 'developer'
+      };
+      return next();
+    }
+
+    return res.status(401).json({
+      success: false,
+      message: 'Invalid or expired token'
+    });
+  }
+}
+
+/**
+ * Generate JWT token for user
+ */
+export function generateToken(userId: string, email?: string, role?: string): string {
+  const secret = process.env.JWT_SECRET || 'nowhere-secret-key';
+  const payload = {
+    id: userId,
+    email,
+    role: role || 'user',
+    iat: Math.floor(Date.now() / 1000),
+    exp: Math.floor(Date.now() / 1000) + (24 * 60 * 60) // 24 hours
+  };
+
+  return jwt.sign(payload, secret);
+}
+
+/**
+ * Verify token and return user info
+ */
+export function verifyToken(token: string): any {
+  try {
+    const secret = process.env.JWT_SECRET || 'nowhere-secret-key';
+    return jwt.verify(token, secret);
+  } catch (error) {
+    throw new Error('Invalid token');
+  }
+} 

Nowhere_AI_Agent/backend/src/middleware/error-handler.ts

@@ -0,0 +1,127 @@
+import { Request, Response, NextFunction } from 'express';
+import { Logger } from '../utils/logger';
+
+const logger = new Logger('ErrorHandler');
+
+export interface AppError extends Error {
+  statusCode?: number;
+  isOperational?: boolean;
+  code?: string;
+}
+
+export function errorHandler(
+  error: AppError,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  // Log the error
+  logger.error('Unhandled error', {
+    message: error.message,
+    stack: error.stack,
+    url: req.url,
+    method: req.method,
+    ip: req.ip,
+    userAgent: req.get('User-Agent')
+  });
+
+  // Determine status code
+  const statusCode = error.statusCode || 500;
+
+  // Determine if it's an operational error
+  const isOperational = error.isOperational || false;
+
+  // Create error response
+  const errorResponse = {
+    success: false,
+    message: error.message || 'Internal server error',
+    ...(process.env.NODE_ENV === 'development' && {
+      stack: error.stack,
+      code: error.code
+    }),
+    timestamp: new Date().toISOString(),
+    path: req.url,
+    method: req.method
+  };
+
+  // Send response
+  res.status(statusCode).json(errorResponse);
+
+  // For non-operational errors, consider shutting down gracefully
+  if (!isOperational && process.env.NODE_ENV === 'production') {
+    logger.error('Non-operational error detected, shutting down gracefully');
+    process.exit(1);
+  }
+}
+
+/**
+ * Create operational errors
+ */
+export class OperationalError extends Error implements AppError {
+  public statusCode: number;
+  public isOperational: boolean;
+  public code: string;
+
+  constructor(message: string, statusCode: number = 500, code?: string) {
+    super(message);
+    this.statusCode = statusCode;
+    this.isOperational = true;
+    this.code = code || 'OPERATIONAL_ERROR';
+    
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+
+/**
+ * Create validation errors
+ */
+export class ValidationError extends OperationalError {
+  constructor(message: string) {
+    super(message, 400, 'VALIDATION_ERROR');
+  }
+}
+
+/**
+ * Create authentication errors
+ */
+export class AuthenticationError extends OperationalError {
+  constructor(message: string = 'Authentication failed') {
+    super(message, 401, 'AUTHENTICATION_ERROR');
+  }
+}
+
+/**
+ * Create authorization errors
+ */
+export class AuthorizationError extends OperationalError {
+  constructor(message: string = 'Access denied') {
+    super(message, 403, 'AUTHORIZATION_ERROR');
+  }
+}
+
+/**
+ * Create not found errors
+ */
+export class NotFoundError extends OperationalError {
+  constructor(message: string = 'Resource not found') {
+    super(message, 404, 'NOT_FOUND_ERROR');
+  }
+}
+
+/**
+ * Create rate limit errors
+ */
+export class RateLimitError extends OperationalError {
+  constructor(message: string = 'Rate limit exceeded') {
+    super(message, 429, 'RATE_LIMIT_ERROR');
+  }
+}
+
+/**
+ * Async error wrapper
+ */
+export function asyncHandler(fn: Function) {
+  return (req: Request, res: Response, next: NextFunction) => {
+    Promise.resolve(fn(req, res, next)).catch(next);
+  };
+} 

Nowhere_AI_Agent/backend/src/middleware/rate-limiter.ts

@@ -0,0 +1,109 @@
+import rateLimit from 'express-rate-limit';
+import { Request, Response } from 'express';
+import { Logger } from '../utils/logger';
+
+const logger = new Logger('RateLimiter');
+
+// General rate limiter
+export const rateLimiter = rateLimit({
+  windowMs: parseInt(process.env.RATE_LIMIT_WINDOW || '900000'), // 15 minutes
+  max: parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '100'), // limit each IP to 100 requests per windowMs
+  message: {
+    success: false,
+    message: 'Too many requests from this IP, please try again later.',
+    code: 'RATE_LIMIT_EXCEEDED'
+  },
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+  handler: (req, res) => {
+    logger.warn('Rate limit exceeded', {
+      ip: req.ip,
+      userAgent: req.get('User-Agent'),
+      url: req.url
+    });
+    res.status(429).json({
+      success: false,
+      message: 'Too many requests from this IP, please try again later.',
+      code: 'RATE_LIMIT_EXCEEDED',
+      retryAfter: Math.ceil(parseInt(process.env.RATE_LIMIT_WINDOW || '900000') / 1000)
+    });
+  }
+});
+
+// Stricter rate limiter for authentication endpoints
+export const authRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 5, // limit each IP to 5 requests per windowMs
+  message: {
+    success: false,
+    message: 'Too many authentication attempts, please try again later.',
+    code: 'AUTH_RATE_LIMIT_EXCEEDED'
+  },
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (req, res) => {
+    logger.warn('Auth rate limit exceeded', {
+      ip: req.ip,
+      userAgent: req.get('User-Agent'),
+      url: req.url
+    });
+    res.status(429).json({
+      success: false,
+      message: 'Too many authentication attempts, please try again later.',
+      code: 'AUTH_RATE_LIMIT_EXCEEDED',
+      retryAfter: 900 // 15 minutes
+    });
+  }
+});
+
+// Rate limiter for voice endpoints (more lenient)
+export const voiceRateLimiter = rateLimit({
+  windowMs: 60 * 1000, // 1 minute
+  max: 30, // limit each IP to 30 requests per windowMs
+  message: {
+    success: false,
+    message: 'Too many voice requests, please try again later.',
+    code: 'VOICE_RATE_LIMIT_EXCEEDED'
+  },
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (req, res) => {
+    logger.warn('Voice rate limit exceeded', {
+      ip: req.ip,
+      userAgent: req.get('User-Agent'),
+      url: req.url
+    });
+    res.status(429).json({
+      success: false,
+      message: 'Too many voice requests, please try again later.',
+      code: 'VOICE_RATE_LIMIT_EXCEEDED',
+      retryAfter: 60 // 1 minute
+    });
+  }
+});
+
+// Rate limiter for tool execution (stricter for security)
+export const toolRateLimiter = rateLimit({
+  windowMs: 60 * 1000, // 1 minute
+  max: 10, // limit each IP to 10 requests per windowMs
+  message: {
+    success: false,
+    message: 'Too many tool execution requests, please try again later.',
+    code: 'TOOL_RATE_LIMIT_EXCEEDED'
+  },
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (req, res) => {
+    logger.warn('Tool rate limit exceeded', {
+      ip: req.ip,
+      userAgent: req.get('User-Agent'),
+      url: req.url
+    });
+    res.status(429).json({
+      success: false,
+      message: 'Too many tool execution requests, please try again later.',
+      code: 'TOOL_RATE_LIMIT_EXCEEDED',
+      retryAfter: 60 // 1 minute
+    });
+  }
+});