@adobe/spacecat-shared-data-access 3.62.0 → 3.64.0

package/CHANGELOG.md

@@ -1,3 +1,21 @@
+## [@adobe/spacecat-shared-data-access-v3.64.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-data-access-v3.63.0...@adobe/spacecat-shared-data-access-v3.64.0) (2026-05-15)
+
+### Features
+
+* strict schema for data.issues[] with per-issue lifecycle fields       ([#1594](https://github.com/adobe/spacecat-shared/issues/1594)) ([d101db4](https://github.com/adobe/spacecat-shared/commit/d101db4e6407cfe9cbb742d54b500439cf62b64f))
+
+## [@adobe/spacecat-shared-data-access-v3.63.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-data-access-v3.62.0...@adobe/spacecat-shared-data-access-v3.63.0) (2026-05-14)
+
+### Features
+
+* add rumConfig to Site config for deterministic RUM availability signal ([#1596](https://github.com/adobe/spacecat-shared/issues/1596)) ([3b16cdf](https://github.com/adobe/spacecat-shared/commit/3b16cdf7d66ddddc4b4b62aae4428feba3ef7f04))
+* **data-access:** add preOnboarded flag to PLG onboarding steps schema ([#1601](https://github.com/adobe/spacecat-shared/issues/1601)) ([6f18f71](https://github.com/adobe/spacecat-shared/commit/6f18f71d112d5f409a545a3720ca8b7d9e3a13d7))
+
+### Bug Fixes
+
+* adds a function to get latest token by createdAt ([#1597](https://github.com/adobe/spacecat-shared/issues/1597)) ([fb4d5f9](https://github.com/adobe/spacecat-shared/commit/fb4d5f91dc7bf674cff4f9855d3f630aa4807b5a))
+* **deps:** update external fixes ([#1533](https://github.com/adobe/spacecat-shared/issues/1533)) ([0a3e2ab](https://github.com/adobe/spacecat-shared/commit/0a3e2abbbc5f58b5320518f7d596d4cef6271fa0))
+
 ## [@adobe/spacecat-shared-data-access-v3.62.0](https://github.com/adobe/spacecat-shared/compare/@adobe/spacecat-shared-data-access-v3.61.0...@adobe/spacecat-shared-data-access-v3.62.0) (2026-05-12)
 
 ### Features

package/README.md

@@ -172,6 +172,25 @@ The `deliveryConfig` object on a Site stores delivery infrastructure details. It
 | `preferContentApi` | boolean | Whether to prefer the Content API for content retrieval |
 | `contentSourcePath` | string | AEM content root path for a site. Used to disambiguate multiple sites that share the same Cloud Manager program and environment. Corresponds to `/content/<site-name>` in the AEM repository. |
 
+## Site rumConfig
+
+The `rumConfig` object on a Site tracks Real User Monitoring (RUM) domain key availability. It is set automatically on site creation and refreshed weekly by the `rum-config-refresh` audit handler.
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `hasDomainKey` | boolean | Whether the site's domain has an active RUM domain key registered |
+| `lastCheckedAt` | string (ISO 8601) | Timestamp of the most recent RUM domain key check |
+
+### Config model methods
+
+| Method | Returns | Description |
+|--------|---------|-------------|
+| `getRumConfig()` | `{ hasDomainKey, lastCheckedAt } \| undefined` | Returns the current rumConfig, or `undefined` if not yet set |
+| `hasRumDomainKey()` | `boolean` | Returns `true` if a RUM domain key is active, `false` otherwise |
+| `updateRumConfig(hasDomainKey)` | `void` | Sets `hasDomainKey` and updates `lastCheckedAt` to the current time |
+
+Sites created before the `rum-config-refresh` handler ran will have no `rumConfig` key — callers must treat `undefined` as "unknown" rather than "not set up".
+
 ## Architecture
 
 ```

package/docker-compose.test.yml

@@ -22,7 +22,7 @@ services:
       retries: 10
 
   postgrest:
-    image: postgrest/postgrest:v14.8
+    image: postgrest/postgrest:v14.11
     container_name: spacecat-test-postgrest
     depends_on:
       db:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/spacecat-shared-data-access",
-  "version": "3.62.0",
+  "version": "3.64.0",
   "description": "Shared modules of the Spacecat Services - Data Access",
   "type": "module",
   "engines": {
@@ -42,18 +42,18 @@
   "dependencies": {
     "@adobe/fetch": "^4.2.3",
     "@adobe/spacecat-shared-utils": "1.105.0",
-    "@supabase/postgrest-js": "2.101.1",
+    "@supabase/postgrest-js": "2.105.4",
     "@aws-sdk/client-s3": "^3.940.0",
     "@types/joi": "17.2.3",
     "aws-xray-sdk": "3.12.0",
-    "joi": "18.1.2",
+    "joi": "18.2.1",
     "pluralize": "8.0.0"
   },
   "devDependencies": {
     "chai": "6.2.2",
     "chai-as-promised": "8.0.2",
-    "nock": "14.0.11",
-    "sinon": "21.0.3",
+    "nock": "14.0.15",
+    "sinon": "21.1.2",
     "sinon-chai": "4.0.1"
   }
 }

package/src/models/plg-onboarding/plg-onboarding.schema.js

@@ -68,6 +68,7 @@ const schema = new SchemaBuilder(PlgOnboarding, PlgOnboardingCollection)
       entitlementCreated: { type: 'boolean' },
       entitlementFailed: { type: 'boolean' },
       orgResolutionFailed: { type: 'boolean' },
+      preOnboarded: { type: 'boolean' },
     },
   })
   .addAttribute('error', {

package/src/models/site/config.js

@@ -407,6 +407,10 @@ export const configSchema = Joi.object({
       startTime: Joi.number().optional(),
     })).optional(),
   }).optional(),
+  rumConfig: Joi.object({
+    hasDomainKey: Joi.boolean().required(),
+    lastCheckedAt: Joi.string().isoDate().required(),
+  }).optional(),
   commerceLlmoConfig: Joi.object().pattern(
     Joi.string(),
     Joi.object({
@@ -542,6 +546,18 @@ export const Config = (data = {}) => {
   self.getEdgeOptimizeConfig = () => state?.edgeOptimizeConfig;
   self.getOnboardConfig = () => state?.onboardConfig;
   self.getCommerceLlmoConfig = () => state?.commerceLlmoConfig;
+  /**
+   * Returns the RUM configuration for the site, or undefined if not set.
+   * Returns a shallow copy to prevent callers from mutating internal state.
+   * @returns {{ hasDomainKey: boolean, lastCheckedAt: string } | undefined}
+   */
+  self.getRumConfig = () => (state?.rumConfig ? { ...state.rumConfig } : undefined);
+
+  /**
+   * Returns true if RUM data collection is confirmed active for this site.
+   * @returns {boolean}
+   */
+  self.hasRumDomainKey = () => state?.rumConfig?.hasDomainKey === true;
   const AUDIT_TARGET_SOURCES = ['manual', 'moneyPages'];
   const auditTargetEntrySchema = Joi.object({
     url: Joi.string().uri().required(),
@@ -955,6 +971,22 @@ export const Config = (data = {}) => {
     state.commerceLlmoConfig = commerceLlmoConfig;
   };
 
+  /**
+   * Records the outcome of a RUM domain-key check and updates the timestamp.
+   * @param {boolean} hasDomainKey - Whether the site has an active RUM domain key.
+   * @param {Date} [now=new Date()] - Timestamp for lastCheckedAt; injectable for tests.
+   * @throws {Error} if hasDomainKey is not a boolean.
+   */
+  self.updateRumConfig = (hasDomainKey, now = new Date()) => {
+    if (typeof hasDomainKey !== 'boolean') {
+      throw new TypeError(`updateRumConfig: hasDomainKey must be a boolean, got ${typeof hasDomainKey}`);
+    }
+    state.rumConfig = {
+      hasDomainKey,
+      lastCheckedAt: now.toISOString(),
+    };
+  };
+
   return Object.freeze(self);
 };
 
@@ -974,6 +1006,7 @@ Config.toDynamoItem = (config) => ({
   edgeOptimizeConfig: config.getEdgeOptimizeConfig(),
   onboardConfig: config.getOnboardConfig?.(),
   commerceLlmoConfig: config.getCommerceLlmoConfig?.(),
+  rumConfig: config.getRumConfig?.(),
   enableMoneyPageUrls: config.isMoneyPageUrlsEnabled?.() === false ? false : undefined,
   auditTargetURLs: config.getAuditTargetURLsConfig?.(),
 });

package/src/models/suggestion/index.js

@@ -20,3 +20,11 @@ export {
 
 // Export DATA_SCHEMAS for api-service to reference
 export const { DATA_SCHEMAS } = Suggestion;
+
+// Re-export per-issue lifecycle constants so consumers (audit-worker, autofix-worker,
+// api-service, Mystique) can validate per-issue values without duplicating enum lists.
+export {
+  CWV_METRIC_TYPES,
+  ISSUE_STATUSES,
+  ISSUE_SKIP_REASONS,
+} from './suggestion.data-schemas.js';

package/src/models/suggestion/suggestion.data-schemas.js

@@ -26,6 +26,85 @@
 import Joi from 'joi';
 import { OPPORTUNITY_TYPES } from '@adobe/spacecat-shared-utils';
 
+/**
+ * Status and skip-reason values for per-issue lifecycle inside `data.issues[]`.
+ *
+ * Exported for consumers that need to construct or validate per-issue values
+ * (audit-worker, autofix-worker, api-service controllers, Mystique).
+ *
+ * Duplicated from `Suggestion.STATUSES` / `Suggestion.SKIP_REASONS` (suggestion.model.js)
+ * to avoid a circular import — the model already imports DATA_SCHEMAS from this file.
+ * Keep in sync if either set ever changes.
+ */
+export const ISSUE_STATUSES = [
+  'NEW',
+  'APPROVED',
+  'IN_PROGRESS',
+  'SKIPPED',
+  'FIXED',
+  'ERROR',
+  'OUTDATED',
+  'PENDING_VALIDATION',
+  'REJECTED',
+];
+
+export const ISSUE_SKIP_REASONS = [
+  'ALREADY_IMPLEMENTED',
+  'INACCURATE_OR_INCOMPLETE',
+  'TOO_RISKY',
+  'NO_REASON',
+  'OTHER',
+];
+
+/**
+ * Allowed CWV metric types for `data.issues[].type`.
+ * Exported so audit-worker / Mystique / api-service can reuse the same source of truth.
+ */
+export const CWV_METRIC_TYPES = ['lcp', 'cls', 'inp'];
+
+/**
+ * Strict per-issue schema for `data.issues[]` on CWV suggestions.
+ *
+ * All fields are optional initially so existing prod rows (issues without `id` / `type` /
+ * `status`) keep validating. Tighten to required after a backfill populates `id` and `type`
+ * on every existing issue.
+ *
+ * Field ownership:
+ * - `id`, `type`, `value`, `title`, `cwvValue`, `patchContent`, `isCodeChangeAvailable`,
+ *   initial `status: 'NEW'` — written by Mystique (guidance + code-fix tasks).
+ * - `status` transitions (APPROVED/REJECTED/SKIPPED/IN_PROGRESS) — written by api-service
+ *   via the existing PATCH /suggestions/:id endpoint (UI does read-modify-write of the
+ *   whole `data` payload).
+ * - `status: FIXED | ERROR` — written by autofix-worker after PR creation.
+ * - `status: OUTDATED` — written by audit-worker `handleOutdatedSuggestions` on re-audit.
+ * - `fixEntityId` — written by autofix-worker (or Mystique `_create_fix_entity`).
+ * - `jiraLink` — written by whichever service files the Jira ticket (today: UI or api-service).
+ * - `skipReason`, `skipDetail` — written by api-service when `status` transitions to SKIPPED.
+ */
+const CWV_ISSUE_SCHEMA = Joi.object({
+  // Identity
+  id: Joi.string().optional(),
+
+  // Semantic
+  type: Joi.string().valid(...CWV_METRIC_TYPES).optional(),
+  title: Joi.string().optional(),
+  value: Joi.string().optional(),
+  cwvValue: Joi.number().optional(),
+
+  // Patch
+  patchContent: Joi.string().allow('').optional(),
+  isCodeChangeAvailable: Joi.boolean().optional(),
+
+  // Lifecycle
+  status: Joi.string().valid(...ISSUE_STATUSES).optional(),
+  skipReason: Joi.string().valid(...ISSUE_SKIP_REASONS).optional(),
+  skipDetail: Joi.string().max(1000).optional(),
+
+  // Linkage
+  jiraLink: Joi.string().uri().allow(null).optional(),
+  fixEntityId: Joi.string().uuid().optional(),
+}).unknown(true);
+
 /**
  * Custom Joi validator that accepts malformed HTTP/HTTPS URLs and relative paths
  * while rejecting dangerous URI schemes (javascript:, data:, blob:, etc.).
@@ -148,22 +227,26 @@ export const DATA_SCHEMAS = {
       url: Joi.string().uri().optional(),
       pageviews: Joi.number().optional(),
       organic: Joi.number().optional(),
+      // RUM metrics are nullable in practice. INP requires user interaction events,
+      // so devices/pages without interactions report `inp: null`. The *Count fields
+      // similarly are null when the source RUM bundle has no sample for that metric.
+      // Mirror the existing `.allow(null)` already on lcp/ttfb/cls.
       metrics: Joi.array().items(
         Joi.object({
           deviceType: Joi.string().optional(),
-          pageviews: Joi.number().optional(),
-          clsCount: Joi.number().optional(),
-          ttfbCount: Joi.number().optional(),
+          pageviews: Joi.number().allow(null).optional(),
+          clsCount: Joi.number().allow(null).optional(),
+          ttfbCount: Joi.number().allow(null).optional(),
           lcp: Joi.number().allow(null).optional(),
-          inpCount: Joi.number().optional(),
-          inp: Joi.number().optional(),
+          inpCount: Joi.number().allow(null).optional(),
+          inp: Joi.number().allow(null).optional(),
           ttfb: Joi.number().allow(null).optional(),
           cls: Joi.number().allow(null).optional(),
-          lcpCount: Joi.number().optional(),
-          organic: Joi.number().optional(),
+          lcpCount: Joi.number().allow(null).optional(),
+          organic: Joi.number().allow(null).optional(),
         }).unknown(true),
       ).required(),
-      issues: Joi.array().items(Joi.object()).optional().default([]),
+      issues: Joi.array().items(CWV_ISSUE_SCHEMA).optional().default([]),
       jiraLink: Joi.string().uri().allow(null).optional(),
       aggregationKey: Joi.string().allow(null).optional(),
     }).unknown(true),

package/src/models/token/token.collection.js

@@ -42,6 +42,21 @@ class TokenCollection extends BaseCollection {
    * @returns {Promise<import('./token.model.js').default|null>} Token instance
    *   (existing or newly created), or null when none exists and createIfNotFound is false.
    */
+  /**
+   * Finds the most recently created Token for a given siteId and tokenType,
+   * regardless of cycle. Returns null if no token exists.
+   *
+   * @param {string} siteId - Site ID (UUID).
+   * @param {string} tokenType - Token type (e.g. grant_cwv, grant_broken_backlinks).
+   * @returns {Promise<import('./token.model.js').default|null>} The last created Token, or null.
+   */
+  async findLastCreatedBySiteIdAndTokenType(siteId, tokenType) {
+    if (!hasText(siteId) || !hasText(tokenType)) {
+      throw new DataAccessError('TokenCollection.findLastCreatedBySiteIdAndTokenType: siteId and tokenType are required');
+    }
+    return this.findByIndexKeys({ siteId, tokenType }, { order: 'desc' });
+  }
+
   async findBySiteIdAndTokenType(siteId, tokenType, options = {}) {
     if (!hasText(siteId) || !hasText(tokenType)) {
       throw new DataAccessError('TokenCollection.findBySiteIdAndTokenType: siteId and tokenType are required');