@adobe/aio-commerce-lib-app 0.3.2 → 1.0.0

package/dist/es/actions/scope-tree.mjs

@@ -0,0 +1,95 @@
+import { n as logger, t as HttpActionRouter } from "../router-CJ4VWoCt.mjs";
+import { r as nonEmptyStringValueSchema } from "../schemas-B8yIv0_b.mjs";
+import { t as inspect } from "../logging-CzmXDzxI.mjs";
+import { internalServerError, nonAuthoritativeInformation, ok } from "@adobe/aio-commerce-lib-core/responses";
+import * as v from "valibot";
+import { getScopeTree, setCustomScopeTree, syncCommerceScopes, unsyncCommerceScopes } from "@adobe/aio-commerce-lib-config";
+import { resolveCommerceHttpClientParams } from "@adobe/aio-commerce-lib-api";
+
+//#region source/actions/scope-tree.ts
+const router = new HttpActionRouter().use(logger());
+/** GET / - Get scope tree */
+router.get("/", { handler: async (_req, ctx) => {
+	const { logger } = ctx;
+	const result = await getScopeTree();
+	logger.debug(`Successfully retrieved scope tree (cached: ${result.isCachedData}): ${inspect(result.scopeTree)}`);
+	if (result.isCachedData) return nonAuthoritativeInformation({
+		headers: { "x-cache": "hit" },
+		body: { scopes: result.scopeTree }
+	});
+	return ok({ body: { scopes: result.scopeTree } });
+} });
+/** POST / - Set custom scope tree */
+router.put("/", {
+	body: v.object({ scopes: v.array(v.any()) }),
+	handler: async (req, ctx) => {
+		const { logger } = ctx;
+		logger.debug(`Setting custom scope tree with ${req.body.scopes?.length || 0} scopes`);
+		const request = { scopes: req.body.scopes };
+		logger.debug(`Setting custom scope tree: ${inspect(request)}`);
+		const result = await setCustomScopeTree(request);
+		logger.debug(`Successfully set custom scope tree: ${inspect(result)}`);
+		return ok({
+			body: { result },
+			headers: { "Cache-Control": "no-store" }
+		});
+	}
+});
+/** POST /commerce - Sync commerce scopes */
+router.post("/commerce", {
+	body: v.object({
+		commerceBaseUrl: nonEmptyStringValueSchema("commerceBaseUrl"),
+		commerceEnv: v.optional(nonEmptyStringValueSchema("commerceEnv"))
+	}),
+	handler: async (req, ctx) => {
+		const { logger } = ctx;
+		logger.debug("Syncing commerce scopes...");
+		const { commerceBaseUrl, commerceEnv } = req.body;
+		const result = await syncCommerceScopes(resolveCommerceHttpClientParams({
+			...ctx.rawParams,
+			AIO_COMMERCE_API_BASE_URL: commerceBaseUrl,
+			...commerceEnv && { AIO_COMMERCE_API_FLAVOR: commerceEnv }
+		}, { tryForwardAuthProvider: true }));
+		if (result.error) {
+			logger.error(`Error syncing commerce scopes: ${inspect(result.error)}`);
+			return internalServerError({ body: {
+				message: "An internal server error occurred",
+				error: result.error
+			} });
+		}
+		if (!result.synced) {
+			logger.debug(`Commerce scopes not synced (cached): ${inspect(result.scopeTree)}`);
+			return nonAuthoritativeInformation({
+				headers: { "x-cache": "hit" },
+				body: {
+					scopes: result.scopeTree,
+					synced: false
+				}
+			});
+		}
+		logger.debug(`Successfully synced commerce scopes: ${inspect(result.scopeTree)}`);
+		return ok({ body: {
+			scopes: result.scopeTree,
+			synced: true
+		} });
+	}
+});
+/** DELETE /commerce - Unsync commerce scopes */
+router.delete("/commerce", { handler: async (_req, ctx) => {
+	const { logger } = ctx;
+	logger.debug("Unsyncing commerce scopes...");
+	const { unsynced } = await unsyncCommerceScopes();
+	if (unsynced) {
+		const message = "Commerce scopes unsynced successfully";
+		logger.debug(message);
+		return ok(message);
+	}
+	const message = "No commerce scopes to unsync";
+	logger.debug(message);
+	return ok(message);
+} });
+/** The handler method for the `scope-tree` action. */
+const scopeTreeRuntimeAction = router.handler();
+
+//#endregion
+export { scopeTreeRuntimeAction };

package/dist/es/{app-Cx1-6dn0.d.mts → app-vKXaAr6f.d.mts}

@@ -40,7 +40,7 @@ declare const CommerceAppConfigSchema: v.LooseObjectSchema<{
       readonly description: v.OptionalSchema<v.StringSchema<"Expected a string for the field description">, undefined>;
     }, undefined>, v.ObjectSchema<{
       readonly type: v.LiteralSchema<"password", "Expected the type to be 'password'">;
-      readonly default: v.OptionalSchema<v.StringSchema<"Expected a string for the default value">, undefined>;
+      readonly default: v.OptionalSchema<v.NeverSchema<"Password fields do not have a default value">, undefined>;
       readonly name: v.SchemaWithPipe<readonly [v.StringSchema<"Expected a string for the field name">, v.NonEmptyAction<string, "The field name must not be empty">]>;
       readonly label: v.OptionalSchema<v.StringSchema<"Expected a string for the field label">, undefined>;
       readonly description: v.OptionalSchema<v.StringSchema<"Expected a string for the field description">, undefined>;
@@ -92,7 +92,7 @@ declare const CommerceAppConfigSchema: v.LooseObjectSchema<{
       description?: string | undefined;
     } | {
       type: "password";
-      default?: string | undefined;
+      default?: undefined;
       name: string;
       label?: string | undefined;
       description?: string | undefined;
@@ -124,7 +124,7 @@ declare const CommerceAppConfigSchema: v.LooseObjectSchema<{
         readonly key: v.OptionalSchema<v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.RegexAction<string, `Only alphanumeric characters and hyphens are allowed in string value of "${string}"${string}`>]>, v.MaxLengthAction<string, 50, "The provider key must not be longer than 50 characters">]>, undefined>;
       }, undefined>;
       readonly events: v.ArraySchema<v.ObjectSchema<{
-        readonly name: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.RegexAction<string, "Event name must start with \"plugin.\" or \"observer.\" followed by lowercase letters and underscores only (e.g., \"plugin.order_placed\")">]>;
+        readonly name: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.RegexAction<string, "Event name must start with \"plugin.\" or \"observer.\" followed by lowercase letters and underscores only (e.g., \"plugin.order_placed\")">, v.MaxLengthAction<string, 180, "The event name must not be longer than 180 characters">]>;
         readonly fields: v.ArraySchema<v.ObjectSchema<{
           readonly name: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.RegexAction<string, "Field name must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), dots (.), and square brackets ([, ]), or be exactly \"*\"">]>;
           readonly source: v.OptionalSchema<v.StringSchema<`Expected a string value for '${string}'`>, undefined>;
@@ -135,8 +135,8 @@ declare const CommerceAppConfigSchema: v.LooseObjectSchema<{
           readonly value: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>;
         }, undefined>, "Expected an array of event rules with field, operator, and value">, undefined>;
         readonly destination: v.OptionalSchema<v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, undefined>;
-        readonly hipaaAuditRequired: v.OptionalSchema<v.BooleanSchema<`Expected a boolean value for '${string}'`>, undefined>;
-        readonly prioritary: v.OptionalSchema<v.BooleanSchema<`Expected a boolean value for '${string}'`>, undefined>;
+        readonly hipaa_audit_required: v.OptionalSchema<v.BooleanSchema<`Expected a boolean value for '${string}'`>, undefined>;
+        readonly priority: v.OptionalSchema<v.BooleanSchema<`Expected a boolean value for '${string}'`>, undefined>;
         readonly force: v.OptionalSchema<v.BooleanSchema<`Expected a boolean value for '${string}'`>, undefined>;
         readonly label: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.MaxLengthAction<string, 100, "The event label must not be longer than 100 characters">]>;
         readonly description: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.MaxLengthAction<string, 255, "The event description must not be longer than 255 characters">]>;
@@ -150,7 +150,7 @@ declare const CommerceAppConfigSchema: v.LooseObjectSchema<{
         readonly key: v.OptionalSchema<v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.RegexAction<string, `Only alphanumeric characters and hyphens are allowed in string value of "${string}"${string}`>]>, v.MaxLengthAction<string, 50, "The provider key must not be longer than 50 characters">]>, undefined>;
       }, undefined>;
       readonly events: v.ArraySchema<v.ObjectSchema<{
-        readonly name: v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.RegexAction<string, `Only alphanumeric characters and underscores are allowed in string value of "${string}"${string}`>]>;
+        readonly name: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.RegexAction<string, "Event name must contain only letters, digits, underscores, hyphens, and dots (e.g., \"external_event\", \"webhook.received\", \"my-event_123\")">, v.MaxLengthAction<string, 180, "The event name must not be longer than 180 characters">]>;
         readonly label: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.MaxLengthAction<string, 100, "The event label must not be longer than 100 characters">]>;
         readonly description: v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.MaxLengthAction<string, 255, "The event description must not be longer than 255 characters">]>;
         readonly runtimeActions: v.ArraySchema<v.SchemaWithPipe<readonly [v.SchemaWithPipe<readonly [v.StringSchema<`Expected a string value for '${string}'`>, v.NonEmptyAction<string, `The value of "${string}" must not be empty`>]>, v.RegexAction<string, "Runtime action must be in the format \"<package>/<action>\" (e.g., \"my-package/my-action\")">]>, "Expected an array of runtime actions in the format <package>/<action>">;

package/dist/es/commands/generate/actions/templates/app-management/app-config.js.template

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2026 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+// This file has been auto-generated by `@adobe/aio-commerce-lib-app`
+// Do not modify this file directly
+
+import { appConfigRuntimeAction } from "@adobe/aio-commerce-lib-app/actions/app-config";
+
+// The manifest is always at this relative constant path from the action.
+import commerceAppManifest from "../../app.commerce.manifest.json" with { type: "json" };
+
+const args = { appConfig: commerceAppManifest };
+export const main = appConfigRuntimeAction(args);

package/dist/es/commands/generate/actions/templates/app-management/installation.js.template

@@ -13,7 +13,7 @@
 // This file has been auto-generated by `@adobe/aio-commerce-lib-app`
 // Do not modify this file directly
 
-import { installationRuntimeAction } from "@adobe/aio-commerce-lib-app/actions"
+import { installationRuntimeAction } from "@adobe/aio-commerce-lib-app/actions/installation"
 import appConfig from "../../app.commerce.manifest.json" with { type: "json" };
 
 // {{CUSTOM_SCRIPTS_LOADER}}

package/dist/es/commands/generate/actions/templates/business-configuration/config.js.template

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2026 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+// This file has been auto-generated by `@adobe/aio-commerce-lib-app`
+// Do not modify this file directly
+
+import { configRuntimeAction } from "@adobe/aio-commerce-lib-app/actions/config";
+
+// The config schema is always at this relative constant path from the action.
+import configSchema from "../../configuration-schema.json" with { type: "json" };
+
+const args = { configSchema };
+export const main = configRuntimeAction(args);

package/dist/es/commands/generate/actions/templates/business-configuration/scope-tree.js.template

@@ -0,0 +1,18 @@
+/*
+ * Copyright 2026 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+// This file has been auto-generated by `@adobe/aio-commerce-lib-app`
+// Do not modify this file directly
+
+import { scopeTreeRuntimeAction } from "@adobe/aio-commerce-lib-app/actions/scope-tree";
+
+export const main = scopeTreeRuntimeAction;

package/dist/es/commands/index.mjs

@@ -1,7 +1,9 @@
 #!/usr/bin/env node
-import { c as hasCustomInstallationSteps, t as stringifyError } from "../error-P7JgUTds.mjs";
-import { t as inspect } from "../logging-VgerMhp6.mjs";
-import { _ as readPackageJson, d as hasBusinessConfigSchema, f as detectPackageManager, g as makeOutputDirFor, h as isESM, i as validateCommerceAppConfig, m as getProjectRootDirectory, n as readCommerceAppConfig, p as getExecCommand, s as getConfigDomains, t as parseCommerceAppConfig } from "../config-BSGerqCG.mjs";
+import { c as hasBusinessConfigSchema, i as getConfigDomains, t as validateCommerceAppConfig } from "../validate-DXI6gwZ2.mjs";
+import { r as hasCustomInstallationSteps } from "../installation-SWIwhpKT.mjs";
+import { a as findNearestPackageJson, c as isESM, i as detectPackageManager, l as makeOutputDirFor, n as readCommerceAppConfig, o as getExecCommand, s as getProjectRootDirectory, t as parseCommerceAppConfig, u as readPackageJson } from "../parser-CKQyrTB7.mjs";
+import { t as stringifyError } from "../error-CMV3IjBz.mjs";
+import { t as inspect } from "../logging-CzmXDzxI.mjs";
 import { CommerceSdkValidationError } from "@adobe/aio-commerce-lib-core/error";
 import path, { basename, dirname, join, relative, resolve } from "path";
 import { existsSync, readFileSync, writeFileSync } from "fs";
@@ -22,12 +24,12 @@ import * as prettier from "prettier";
 * Read a YAML file and return a {@link Document}
 * @param path - The path to the YAML file
 */
-async function readYamlFile(path$1) {
+async function readYamlFile(path) {
 	let doc = new Document();
-	if (existsSync(path$1)) try {
-		doc = parseDocument(await readFile(path$1, "utf-8"), { keepSourceTokens: true });
+	if (existsSync(path)) try {
+		doc = parseDocument(await readFile(path, "utf-8"), { keepSourceTokens: true });
 	} catch (_) {
-		const file = basename(path$1);
+		const file = basename(path);
 		throw new Error(`Failed to parse ${file}`);
 	}
 	if (doc.contents === null) doc.contents = new YAMLMap();
@@ -41,18 +43,18 @@ async function readYamlFile(path$1) {
 * @param typeConfig - Configuration for the node type
 * @returns The existing or newly created node
 */
-function getOrCreateNode(doc, path$1, options, typeConfig) {
-	const node = doc.getIn(path$1);
+function getOrCreateNode(doc, path, options, typeConfig) {
+	const node = doc.getIn(path);
 	if (node) {
-		if (!typeConfig.typeGuard(node)) throw new Error(`Expected ${typeConfig.typeName} at path "${path$1.join(".")}".`);
+		if (!typeConfig.typeGuard(node)) throw new Error(`Expected ${typeConfig.typeName} at path "${path.join(".")}".`);
 		return node;
 	}
-	if (doc.hasIn(path$1)) doc.deleteIn(path$1);
-	const pair = doc.createPair(path$1.at(-1), typeConfig.createNode());
+	if (doc.hasIn(path)) doc.deleteIn(path);
+	const pair = doc.createPair(path.at(-1), typeConfig.createNode());
 	options.onBeforeCreate?.(pair);
-	if (path$1.length === 1) doc.add(pair);
-	else doc.addIn(path$1.slice(0, -1), pair);
-	return doc.getIn(path$1);
+	if (path.length === 1) doc.add(pair);
+	else doc.addIn(path.slice(0, -1), pair);
+	return doc.getIn(path);
 }
 /**
 * Get or create a sequence at the given path
@@ -60,8 +62,8 @@ function getOrCreateNode(doc, path$1, options, typeConfig) {
 * @param path - The path to the sequence
 * @param options - The options for the sequence
 */
-function getOrCreateSeq(doc, path$1, options) {
-	return getOrCreateNode(doc, path$1, options ?? {}, {
+function getOrCreateSeq(doc, path, options) {
+	return getOrCreateNode(doc, path, options ?? {}, {
 		typeGuard: isSeq,
 		createNode: () => new YAMLSeq(),
 		typeName: "sequence"
@@ -73,8 +75,8 @@ function getOrCreateSeq(doc, path$1, options) {
 * @param path - The path to the map
 * @param options - The options for the map
 */
-function getOrCreateMap(doc, path$1, options) {
-	return getOrCreateNode(doc, path$1, options ?? {}, {
+function getOrCreateMap(doc, path, options) {
+	return getOrCreateNode(doc, path, options ?? {}, {
 		typeGuard: isMap,
 		createNode: () => new YAMLMap(),
 		typeName: "map"
@@ -89,15 +91,15 @@ function getOrCreateMap(doc, path$1, options) {
 * @param config - The config to build
 * @param doc - The document to modify (a new one is created if not provided)
 */
-async function createOrUpdateExtConfig(path$1, config$1, doc) {
+async function createOrUpdateExtConfig(path, config, doc) {
 	const extConfigDoc = doc ?? new Document({});
-	config$1.hooks ??= {};
-	config$1.operations ??= { workerProcess: [] };
-	config$1.runtimeManifest ??= { packages: {} };
-	await buildHooks(extConfigDoc, config$1.hooks);
-	buildOperations(extConfigDoc, config$1.operations);
-	buildRuntimeManifest(extConfigDoc, config$1.runtimeManifest);
-	await writeExtConfig(path$1, extConfigDoc);
+	config.hooks ??= {};
+	config.operations ??= { workerProcess: [] };
+	config.runtimeManifest ??= { packages: {} };
+	await buildHooks(extConfigDoc, config.hooks);
+	buildOperations(extConfigDoc, config.operations);
+	buildRuntimeManifest(extConfigDoc, config.runtimeManifest);
+	await writeExtConfig(path, extConfigDoc);
 	return extConfigDoc;
 }
 /**
@@ -193,8 +195,8 @@ async function buildHooks(extConfig, hooks) {
 		pair.key.commentBefore = ` The ${generatedHooks} hooks are auto-generated. Do not remove or manually edit.`;
 	} });
 	const execCommand = getExecCommand(await detectPackageManager());
-	for (const [name, command$1] of Object.entries(hooks)) {
-		const fullCommand = `${command$1.replaceAll("$packageExec", execCommand)}`;
+	for (const [name, command] of Object.entries(hooks)) {
+		const fullCommand = `${command.replaceAll("$packageExec", execCommand)}`;
 		const prevValue = (hooksMap.get(name) ?? "").trim();
 		if (prevValue.endsWith("js") || prevValue.endsWith("ts")) throw new Error(`Conflicting hook definition found. The "${name}" hook needs to be a command, not a script.`);
 		if (prevValue !== "" && !prevValue.includes(fullCommand)) hooksMap.set(name, `${prevValue} && ${fullCommand}`);
@@ -276,7 +278,7 @@ const CUSTOM_SCRIPTS_LOADER_PLACEHOLDER = "// {{CUSTOM_SCRIPTS_LOADER}}";
 * @param actionName - The name of the action.
 * @param options - Optional configuration options.
 */
-function createActionDefinition(actionName, config$1 = {}, options = {}) {
+function createActionDefinition(actionName, config = {}, options = {}) {
 	const def = {
 		...options,
 		function: `${GENERATED_ACTIONS_PATH}/${actionName}.js`,
@@ -287,8 +289,7 @@ function createActionDefinition(actionName, config$1 = {}, options = {}) {
 			final: true
 		}
 	};
-	if (config$1.requiresSchema) def.include = [[`${GENERATED_PATH}/${CONFIG_SCHEMA_FILE_NAME}`, `${PACKAGE_NAME}/`]];
-	if (config$1.requiresEncryptionKey) def.inputs = {
+	if (config.requiresEncryptionKey) def.inputs = {
 		...def.inputs,
 		AIO_COMMERCE_CONFIG_ENCRYPTION_KEY: "$AIO_COMMERCE_CONFIG_ENCRYPTION_KEY"
 	};
@@ -308,16 +309,18 @@ function getRuntimeActions(extConfig, dir) {
 * Builds the ext.config.yaml configuration for the extensibility extension.
 * @param features - The features that are enabled for the app.
 */
-function buildAppManagementExtConfig(features) {
+function buildAppManagementExtConfig(appConfig) {
+	const features = getConfigDomains(appConfig);
+	const hasPasswordFieldsInSchema = hasBusinessConfigSchema(appConfig) && appConfig.businessConfig.schema.some((field) => field.type === "password");
 	const extConfig = {
 		hooks: { "pre-app-build": "EXTENSION=extensibility/1 $packageExec aio-commerce-lib-app hooks pre-app-build" },
 		operations: { workerProcess: [{
 			type: "action",
-			impl: `${PACKAGE_NAME}/get-app-config`
+			impl: `${PACKAGE_NAME}/app-config`
 		}] },
 		runtimeManifest: { packages: { [PACKAGE_NAME]: {
 			license: "Apache-2.0",
-			actions: { "get-app-config": createActionDefinition("get-app-config") }
+			actions: { "app-config": createActionDefinition("app-config") }
 		} } }
 	};
 	if ([
@@ -329,7 +332,7 @@ function buildAppManagementExtConfig(features) {
 			type: "action",
 			impl: `${PACKAGE_NAME}/installation`
 		});
-		extConfig.runtimeManifest.packages[PACKAGE_NAME].actions.installation = createActionDefinition("installation", {}, {
+		extConfig.runtimeManifest.packages[PACKAGE_NAME].actions.installation = createActionDefinition("installation", { requiresEncryptionKey: hasPasswordFieldsInSchema }, {
 			inputs: {
 				...COMMERCE_ACTION_INPUTS,
 				LOG_LEVEL: "$LOG_LEVEL"
@@ -341,40 +344,14 @@ function buildAppManagementExtConfig(features) {
 }
 /** Builds the ext.config.yaml configuration for the business configuration extension. */
 function buildBusinessConfigurationExtConfig() {
-	const actions = [
-		{
-			name: "get-scope-tree",
-			templateFile: "get-scope-tree.js.template"
-		},
-		{
-			name: "get-config-schema",
-			templateFile: "get-config-schema.js.template",
-			requiresSchema: true
-		},
-		{
-			name: "get-configuration",
-			templateFile: "get-configuration.js.template",
-			requiresSchema: true,
-			requiresEncryptionKey: true
-		},
-		{
-			name: "set-configuration",
-			templateFile: "set-configuration.js.template",
-			requiresEncryptionKey: true
-		},
-		{
-			name: "set-custom-scope-tree",
-			templateFile: "set-custom-scope-tree.js.template"
-		},
-		{
-			name: "sync-commerce-scopes",
-			templateFile: "sync-commerce-scopes.js.template"
-		},
-		{
-			name: "unsync-commerce-scopes",
-			templateFile: "unsync-commerce-scopes.js.template"
-		}
-	];
+	const actions = [{
+		name: "config",
+		templateFile: "config.js.template",
+		requiresEncryptionKey: true
+	}, {
+		name: "scope-tree",
+		templateFile: "scope-tree.js.template"
+	}];
 	return {
 		hooks: { "pre-app-build": "EXTENSION=configuration/1 $packageExec aio-commerce-lib-app hooks pre-app-build" },
 		operations: { workerProcess: actions.map((action) => ({
@@ -413,7 +390,7 @@ async function updateExtConfig(appConfig, extensionPointId) {
 	let extConfig;
 	switch (extensionPointId) {
 		case EXTENSIBILITY_EXTENSION_POINT_ID:
-			extConfig = buildAppManagementExtConfig(getConfigDomains(appConfig));
+			extConfig = buildAppManagementExtConfig(appConfig);
 			break;
 		case CONFIGURATION_EXTENSION_POINT_ID:
 			extConfig = buildBusinessConfigurationExtConfig();
@@ -500,7 +477,14 @@ async function run$2(appConfig) {
 		consola$1.warn("Business configuration schema not found");
 		return;
 	}
-	execSync("aio-commerce-lib-config validate schema");
+	const projectDir = dirname(await findNearestPackageJson() ?? process.cwd());
+	const envPath = join(projectDir, ".env");
+	process.loadEnvFile(envPath);
+	if (appConfig.businessConfig.schema.some((field) => field.type === "password")) {
+		const packageExec = getExecCommand(await detectPackageManager(projectDir));
+		if ("AIO_COMMERCE_CONFIG_ENCRYPTION_KEY" in process.env && String(process.env.AIO_COMMERCE_CONFIG_ENCRYPTION_KEY).trim().length > 0) execSync(`${packageExec} aio-commerce-lib-config encryption validate`);
+		else execSync(`${packageExec} aio-commerce-lib-config encryption setup`);
+	}
 	const contents = stringify(appConfig.businessConfig.schema, null, 2);
 	await writeFile(join(await makeOutputDirFor(`${getExtensionPointFolderPath(CONFIGURATION_EXTENSION_POINT_ID)}/.generated`), CONFIG_SCHEMA_FILE_NAME), contents, "utf-8");
 	consola$1.success(`Generated ${CONFIG_SCHEMA_FILE_NAME}`);
@@ -842,12 +826,12 @@ async function addExtensionPointToInstallYaml(extensionPointId, rootDirectory, c
 //#region source/commands/init/lib.ts
 /** Ensure app.commerce.config file exists, allow creating if it doesn't */
 async function ensureCommerceAppConfig(cwd = process.cwd()) {
-	let config$1 = null;
+	let config = null;
 	try {
-		config$1 = await readCommerceAppConfig(cwd);
+		config = await readCommerceAppConfig(cwd);
 	} catch (_) {}
-	if (config$1) try {
-		const validatedConfig = validateCommerceAppConfig(config$1);
+	if (config) try {
+		const validatedConfig = validateCommerceAppConfig(config);
 		consola$1.success(`${COMMERCE_APP_CONFIG_FILE} found and is valid. Continuing...`);
 		return {
 			config: validatedConfig,
@@ -866,8 +850,8 @@ async function ensureCommerceAppConfig(cwd = process.cwd()) {
 	try {
 		const configContent = await getDefaultCommerceAppConfig(cwd, answers);
 		consola$1.info(`Creating ${answers.configFile}...`);
-		const path$1 = join(await getProjectRootDirectory(cwd), answers.configFile);
-		await writeFile(path$1, await prettier.format(configContent, {
+		const path = join(await getProjectRootDirectory(cwd), answers.configFile);
+		await writeFile(path, await prettier.format(configContent, {
 			semi: true,
 			quoteStyle: "double",
 			arrowParens: "always",
@@ -877,7 +861,7 @@ async function ensureCommerceAppConfig(cwd = process.cwd()) {
 			tabWidth: 2,
 			useTabs: false,
 			printWidth: 80,
-			filepath: path$1
+			filepath: path
 		}), "utf-8");
 		consola$1.success(`Created ${answers.configFile}`);
 		return {
@@ -991,12 +975,12 @@ async function exec() {
 		consola$1.start("Initializing app...");
 		const { execCommand, packageManager } = await ensurePackageJson();
 		runInstall(packageManager, REQUIRED_DEPENDENCIES);
-		const { config: config$1, domains } = await ensureCommerceAppConfig();
+		const { config, domains } = await ensureCommerceAppConfig();
 		installDependencies(packageManager, domains);
-		execSync(`npm pkg set name="${config$1.metadata.id}"`);
-		execSync(`npm pkg set version="${config$1.metadata.version}"`);
-		execSync(`npm pkg set description="${config$1.metadata.description}"`);
-		await runGeneration(config$1, execCommand);
+		execSync(`npm pkg set name="${config.metadata.id}"`);
+		execSync(`npm pkg set version="${config.metadata.version}"`);
+		execSync(`npm pkg set description="${config.metadata.description}"`);
+		await runGeneration(config, execCommand);
 		await ensureAppConfig(domains);
 		await ensureInstallYaml(domains);
 		consola$1.success("Initialization complete!");