npm - @anby/platform-sdk - Versions diffs - 0.1.0 - Mend

@anby/platform-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

package/LICENSE +21 -0
package/README.md +86 -0
package/dist/cjs/apps/publish.d.ts +73 -0
package/dist/cjs/apps/publish.d.ts.map +1 -0
package/dist/cjs/apps/publish.js +166 -0
package/dist/cjs/apps/publish.js.map +1 -0
package/dist/cjs/auth/index.d.ts +22 -0
package/dist/cjs/auth/index.d.ts.map +1 -0
package/dist/cjs/auth/index.js +101 -0
package/dist/cjs/auth/index.js.map +1 -0
package/dist/cjs/config/index.d.ts +8 -0
package/dist/cjs/config/index.d.ts.map +1 -0
package/dist/cjs/config/index.js +14 -0
package/dist/cjs/config/index.js.map +1 -0
package/dist/cjs/entities/cache.d.ts +31 -0
package/dist/cjs/entities/cache.d.ts.map +1 -0
package/dist/cjs/entities/cache.js +84 -0
package/dist/cjs/entities/cache.js.map +1 -0
package/dist/cjs/entities/client.d.ts +32 -0
package/dist/cjs/entities/client.d.ts.map +1 -0
package/dist/cjs/entities/client.js +130 -0
package/dist/cjs/entities/client.js.map +1 -0
package/dist/cjs/entities/errors.d.ts +35 -0
package/dist/cjs/entities/errors.d.ts.map +1 -0
package/dist/cjs/entities/errors.js +68 -0
package/dist/cjs/entities/errors.js.map +1 -0
package/dist/cjs/entities/handler.d.ts +89 -0
package/dist/cjs/entities/handler.d.ts.map +1 -0
package/dist/cjs/entities/handler.js +332 -0
package/dist/cjs/entities/handler.js.map +1 -0
package/dist/cjs/entities/identity.d.ts +90 -0
package/dist/cjs/entities/identity.d.ts.map +1 -0
package/dist/cjs/entities/identity.js +180 -0
package/dist/cjs/entities/identity.js.map +1 -0
package/dist/cjs/entities/index.d.ts +12 -0
package/dist/cjs/entities/index.d.ts.map +1 -0
package/dist/cjs/entities/index.js +64 -0
package/dist/cjs/entities/index.js.map +1 -0
package/dist/cjs/entities/redis.d.ts +128 -0
package/dist/cjs/entities/redis.d.ts.map +1 -0
package/dist/cjs/entities/redis.js +354 -0
package/dist/cjs/entities/redis.js.map +1 -0
package/dist/cjs/entities/resolver.d.ts +25 -0
package/dist/cjs/entities/resolver.d.ts.map +1 -0
package/dist/cjs/entities/resolver.js +128 -0
package/dist/cjs/entities/resolver.js.map +1 -0
package/dist/cjs/entities/schema.d.ts +15 -0
package/dist/cjs/entities/schema.d.ts.map +1 -0
package/dist/cjs/entities/schema.js +140 -0
package/dist/cjs/entities/schema.js.map +1 -0
package/dist/cjs/entities/scopedDb.d.ts +92 -0
package/dist/cjs/entities/scopedDb.d.ts.map +1 -0
package/dist/cjs/entities/scopedDb.js +96 -0
package/dist/cjs/entities/scopedDb.js.map +1 -0
package/dist/cjs/entities/token.d.ts +18 -0
package/dist/cjs/entities/token.d.ts.map +1 -0
package/dist/cjs/entities/token.js +87 -0
package/dist/cjs/entities/token.js.map +1 -0
package/dist/cjs/entities/types.d.ts +90 -0
package/dist/cjs/entities/types.d.ts.map +1 -0
package/dist/cjs/entities/types.js +33 -0
package/dist/cjs/entities/types.js.map +1 -0
package/dist/cjs/events/index.d.ts +39 -0
package/dist/cjs/events/index.d.ts.map +1 -0
package/dist/cjs/events/index.js +112 -0
package/dist/cjs/events/index.js.map +1 -0
package/dist/cjs/index.d.ts +7 -0
package/dist/cjs/index.d.ts.map +1 -0
package/dist/cjs/index.js +44 -0
package/dist/cjs/index.js.map +1 -0
package/dist/cjs/preview.d.ts +28 -0
package/dist/cjs/preview.d.ts.map +1 -0
package/dist/cjs/preview.js +49 -0
package/dist/cjs/preview.js.map +1 -0
package/dist/esm/apps/publish.js +162 -0
package/dist/esm/apps/publish.js.map +1 -0
package/dist/esm/auth/index.js +90 -0
package/dist/esm/auth/index.js.map +1 -0
package/dist/esm/config/index.js +10 -0
package/dist/esm/config/index.js.map +1 -0
package/dist/esm/entities/cache.js +74 -0
package/dist/esm/entities/cache.js.map +1 -0
package/dist/esm/entities/client.js +127 -0
package/dist/esm/entities/client.js.map +1 -0
package/dist/esm/entities/errors.js +60 -0
package/dist/esm/entities/errors.js.map +1 -0
package/dist/esm/entities/handler.js +320 -0
package/dist/esm/entities/handler.js.map +1 -0
package/dist/esm/entities/identity.js +167 -0
package/dist/esm/entities/identity.js.map +1 -0
package/dist/esm/entities/index.js +14 -0
package/dist/esm/entities/index.js.map +1 -0
package/dist/esm/entities/redis.js +310 -0
package/dist/esm/entities/redis.js.map +1 -0
package/dist/esm/entities/resolver.js +121 -0
package/dist/esm/entities/resolver.js.map +1 -0
package/dist/esm/entities/schema.js +98 -0
package/dist/esm/entities/schema.js.map +1 -0
package/dist/esm/entities/scopedDb.js +92 -0
package/dist/esm/entities/scopedDb.js.map +1 -0
package/dist/esm/entities/token.js +82 -0
package/dist/esm/entities/token.js.map +1 -0
package/dist/esm/entities/types.js +29 -0
package/dist/esm/entities/types.js.map +1 -0
package/dist/esm/events/index.js +69 -0
package/dist/esm/events/index.js.map +1 -0
package/dist/esm/index.js +10 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/preview.js +45 -0
package/dist/esm/preview.js.map +1 -0
package/package.json +62 -0
package/src/apps/publish.test.ts +178 -0
package/src/apps/publish.ts +251 -0
package/src/auth/index.ts +114 -0
package/src/config/index.ts +16 -0
package/src/entities/cache.ts +103 -0
package/src/entities/client.ts +180 -0
package/src/entities/entities.test.ts +611 -0
package/src/entities/errors.ts +66 -0
package/src/entities/handler.ts +408 -0
package/src/entities/identity.ts +222 -0
package/src/entities/index.ts +108 -0
package/src/entities/redis.test.ts +192 -0
package/src/entities/redis.ts +454 -0
package/src/entities/resolver.ts +163 -0
package/src/entities/schema.ts +130 -0
package/src/entities/scopedDb.ts +165 -0
package/src/entities/token.ts +106 -0
package/src/entities/types.ts +108 -0
package/src/events/index.ts +94 -0
package/src/index.ts +43 -0
package/src/preview.ts +50 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 ANBY
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,86 @@
+# @anby/platform-sdk
+SDK runtime mà mọi service Anby (và mọi app được cài thêm) dùng để cắm vào platform. Package này gói gọn ba concern xuyên suốt mà nếu không có nó thì mỗi service sẽ phải tự viết lại:
+1. **Auth** — verify JWT đến từ `anby-auth-service` và verify các request service-to-service ký bằng HMAC.
+2. **Events** — publish / subscribe event bus của platform qua transport có thể thay thế.
+3. **Config** — một entry point `configurePlatform()` duy nhất để các service boot đồng nhất.
+Phụ thuộc vào [`@anby/contracts`](../contracts) để dùng envelope sự kiện đã được type sẵn.
+## Cài đặt
+```json
+{
+  "dependencies": {
+    "@anby/platform-sdk": "file:../../packages/platform-sdk",
+    "@anby/contracts":   "file:../../packages/contracts"
+  }
+}
+```
+## Cách dùng
+### Bootstrap
+```ts
+import { configurePlatform, configureAuth, configureEventTransport, PostgresEventTransport } from '@anby/platform-sdk';
+configurePlatform({ serviceName: 'org-chart', tenantResolver });
+configureAuth({ jwtPublicKey: process.env.AUTH_PUBLIC_KEY!, hmacSecret: process.env.SVC_HMAC_SECRET! });
+configureEventTransport(new PostgresEventTransport(process.env.DATABASE_URL!));
+```
+### Xác thực request
+```ts
+import { requireAuth, type AuthUser } from '@anby/platform-sdk';
+app.get('/me', requireAuth(), (req, res) => {
+  const user = (req as any).user as AuthUser;
+  res.json(user);
+});
+```
+- `verifyJwt(token)` — verify token của end-user.
+- `verifyHmac(req)` — verify chữ ký service-to-service.
+- `authenticateRequest(req)` — thử JWT trước, fallback sang HMAC.
+- `requireAuth()` — middleware kiểu Express/Remix, trả 401 nếu fail.
+### Publish một event
+```ts
+import { createEvent, publishEvent } from '@anby/platform-sdk';
+await publishEvent(createEvent({
+  type: 'org.node.created',
+  tenantId,
+  actor: { userId, email },
+  data: { nodeId, parentId },
+}));
+```
+Các transport có sẵn:
+- **`InMemoryTransport`** — dùng cho test và local dev.
+- **`PostgresEventTransport`** — ghi vào bảng outbox để `anby-event-router` tiêu thụ.
+## Cấu trúc
+```
+src/
+├── auth/      Verify JWT + HMAC, middleware auth
+├── events/    Builder envelope sự kiện + transport có thể thay thế
+├── config/    configurePlatform / getPlatformConfig
+└── index.ts   Public API — chỉ import từ đây
+```
+## Scripts
+```bash
+npm run build    # tsc
+npm run test     # vitest
+```
+## Độ ổn định
+Chưa đạt 1.0. Public API là tất cả những gì được re-export từ `src/index.ts`; mọi thứ khác đều là nội bộ và có thể thay đổi mà không báo trước.

package/dist/cjs/apps/publish.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * App publish helper for self-hosted Anby services.
+ *
+ * Single code path used by:
+ *   - Service startup (`publishAppFromManifest()` inside entry.server.tsx / main.ts)
+ *   - The `anby app publish` CLI
+ *   - The shell's Marketplace "Submit app" server action
+ *
+ * All three converge on `POST /registry/apps` with a platform HMAC signature,
+ * which the registry verifies via `HmacGuard` and then persists via the same
+ * `registry.service.publishApp()`.
+ */
+export interface PublishAppOptions {
+    /**
+     * Path to the manifest file. Defaults to `./anby-app.manifest.json` in the
+     * current working directory, which is where every Anby service keeps it.
+     */
+    manifestPath?: string;
+    /**
+     * Registry base URL — defaults to REGISTRY_URL env or http://localhost:3003.
+     */
+    registryUrl?: string;
+    /**
+     * Public URL where this service is reachable. Overrides APP_PUBLIC_URL env.
+     * When neither is set, the helper derives `http://localhost:<manifest.runtime.port>`.
+     */
+    publicUrl?: string;
+    /**
+     * HMAC secret used to authenticate the call. Defaults to INTERNAL_API_SECRET
+     * env. Must match the secret the registry is running with.
+     */
+    internalApiSecret?: string;
+    /**
+     * Identifier sent in `x-internal-user` header. Defaults to the manifest id
+     * so audit logs show which service published.
+     */
+    submittedBy?: string;
+    /**
+     * Marks the app as "featured" so it shows up in the setup-wizard
+     * recommendation list. Defaults to false.
+     */
+    featured?: boolean;
+    /**
+     * Optional changelog string attached to this version.
+     */
+    changelog?: string;
+    /**
+     * If true, swallow network/registry errors and return null instead of
+     * throwing. Used by `autoPublishOnBoot` so a flaky registry doesn't
+     * crash the service startup.
+     */
+    silent?: boolean;
+}
+export interface PublishAppResult {
+    app: {
+        id: string;
+        name: string;
+        publicUrl: string | null;
+        status: string;
+    };
+    version: {
+        appId: string;
+        version: string;
+    };
+}
+export declare function publishAppFromManifest(opts?: PublishAppOptions): Promise<PublishAppResult | null>;
+/**
+ * Fire-and-forget wrapper for use inside service entrypoints. Logs on both
+ * success and failure but never throws, so a flaky registry at boot time
+ * doesn't crash the service.
+ */
+export declare function autoPublishOnBoot(opts?: PublishAppOptions): void;
+//# sourceMappingURL=publish.d.ts.map

package/dist/cjs/apps/publish.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"publish.d.ts","sourceRoot":"","sources":["../../../src/apps/publish.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAQH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE;QACH,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC7C;AAyFD,wBAAsB,sBAAsB,CAC1C,IAAI,GAAE,iBAAsB,GAC3B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CA6ElC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,iBAAsB,GAAG,IAAI,CAMpE"}

package/dist/cjs/apps/publish.js ADDED Viewed

@@ -0,0 +1,166 @@
+"use strict";
+/**
+ * App publish helper for self-hosted Anby services.
+ *
+ * Single code path used by:
+ *   - Service startup (`publishAppFromManifest()` inside entry.server.tsx / main.ts)
+ *   - The `anby app publish` CLI
+ *   - The shell's Marketplace "Submit app" server action
+ *
+ * All three converge on `POST /registry/apps` with a platform HMAC signature,
+ * which the registry verifies via `HmacGuard` and then persists via the same
+ * `registry.service.publishApp()`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.publishAppFromManifest = publishAppFromManifest;
+exports.autoPublishOnBoot = autoPublishOnBoot;
+const promises_1 = require("node:fs/promises");
+const node_path_1 = require("node:path");
+const manifest_schema_1 = require("@anby/manifest-schema");
+const index_js_1 = require("../auth/index.js");
+const schema_js_1 = require("../entities/schema.js");
+async function loadManifest(path) {
+    const raw = await (0, promises_1.readFile)(path, 'utf-8');
+    const parsed = JSON.parse(raw);
+    const { valid, errors } = (0, manifest_schema_1.validateManifest)(parsed);
+    if (!valid) {
+        throw new Error(`Manifest at ${path} is invalid:\n  - ${errors.join('\n  - ')}`);
+    }
+    return parsed;
+}
+/**
+ * Entity schema inliner (CR-4).
+ *
+ * The manifest-on-disk references schemas by relative path for
+ * developer ergonomics. At publish time we MUST inline the actual JSON
+ * content — the registry has no access to the publisher's filesystem
+ * and explicitly rejects string schema paths in publish payloads.
+ *
+ * We also compute a sha256 checksum over the schema content so the
+ * registry can detect drift in follow-up publishes.
+ */
+async function inlineEntitySchemas(manifest, manifestPath) {
+    const entities = manifest.provides?.entities;
+    if (!entities || entities.length === 0)
+        return manifest;
+    const manifestDir = (0, node_path_1.dirname)(manifestPath);
+    const resolved = await Promise.all(entities.map(async (entry) => {
+        // String form — legacy. Coerce to object with no schema.
+        if (typeof entry === 'string') {
+            return { name: entry, version: 'v1' };
+        }
+        // Object form without a schema field — nothing to inline.
+        if (!entry.schema)
+            return entry;
+        // Already inlined (object content, not a path) — pass through and
+        // compute checksum if the caller didn't.
+        if (typeof entry.schema === 'object') {
+            return {
+                ...entry,
+                schemaChecksum: entry.schemaChecksum ?? (0, schema_js_1.schemaChecksum)(entry.schema),
+            };
+        }
+        // Schema is a string path — resolve relative to the manifest,
+        // read, parse, inline.
+        const schemaPath = (0, node_path_1.isAbsolute)(entry.schema)
+            ? entry.schema
+            : (0, node_path_1.resolve)(manifestDir, entry.schema);
+        let rawSchema;
+        try {
+            rawSchema = await (0, promises_1.readFile)(schemaPath, 'utf-8');
+        }
+        catch (err) {
+            throw new Error(`Entity "${entry.name}": unable to read schema file at ${schemaPath} ` +
+                `(${err.message})`);
+        }
+        let parsed;
+        try {
+            parsed = JSON.parse(rawSchema);
+        }
+        catch (err) {
+            throw new Error(`Entity "${entry.name}": schema file at ${schemaPath} is not valid JSON: ${err.message}`);
+        }
+        return {
+            name: entry.name,
+            version: entry.version,
+            schema: parsed,
+            schemaChecksum: (0, schema_js_1.schemaChecksum)(parsed),
+        };
+    }));
+    return {
+        ...manifest,
+        provides: {
+            ...manifest.provides,
+            entities: resolved,
+        },
+    };
+}
+async function publishAppFromManifest(opts = {}) {
+    try {
+        const manifestPath = (0, node_path_1.resolve)(opts.manifestPath ?? (0, node_path_1.join)(process.cwd(), 'anby-app.manifest.json'));
+        const rawManifest = await loadManifest(manifestPath);
+        // CR-4: inline schema content before sending. Manifest on disk uses
+        // relative paths for DX; wire format sends the actual JSON object.
+        const manifest = await inlineEntitySchemas(rawManifest, manifestPath);
+        const publicUrl = opts.publicUrl ??
+            process.env.APP_PUBLIC_URL ??
+            `http://localhost:${manifest.runtime.port}`;
+        const registryUrl = opts.registryUrl ??
+            process.env.REGISTRY_URL ??
+            'http://localhost:3003';
+        const internalApiSecret = opts.internalApiSecret ?? process.env.INTERNAL_API_SECRET ?? '';
+        if (!internalApiSecret) {
+            throw new Error('INTERNAL_API_SECRET is not set — cannot sign publish request');
+        }
+        const submittedBy = opts.submittedBy ?? manifest.id;
+        const signature = (0, index_js_1.signHmac)(submittedBy, internalApiSecret);
+        const body = {
+            id: manifest.id,
+            name: manifest.name,
+            description: manifest.description,
+            icon: manifest.icon,
+            color: manifest.color,
+            publisherId: manifest.id.split('.').slice(0, 2).join('.'),
+            version: manifest.version,
+            publicUrl,
+            submittedBy,
+            featured: opts.featured,
+            changelog: opts.changelog,
+            manifest,
+        };
+        const res = await fetch(`${registryUrl}/registry/apps`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'x-internal-user': submittedBy,
+                'x-internal-signature': signature,
+            },
+            body: JSON.stringify(body),
+        });
+        if (!res.ok) {
+            const errBody = await res.text();
+            throw new Error(`Registry rejected publish (${res.status}): ${errBody}`);
+        }
+        const result = (await res.json());
+        console.log(`[platform-sdk] Published ${manifest.id}@${manifest.version} to ${registryUrl} (publicUrl=${publicUrl})`);
+        return result;
+    }
+    catch (err) {
+        if (opts.silent) {
+            console.warn(`[platform-sdk] publishAppFromManifest failed (silent): ${err.message}`);
+            return null;
+        }
+        throw err;
+    }
+}
+/**
+ * Fire-and-forget wrapper for use inside service entrypoints. Logs on both
+ * success and failure but never throws, so a flaky registry at boot time
+ * doesn't crash the service.
+ */
+function autoPublishOnBoot(opts = {}) {
+    publishAppFromManifest({ ...opts, silent: true }).catch((err) => {
+        console.warn(`[platform-sdk] autoPublishOnBoot unexpected error: ${err.message}`);
+    });
+}
+//# sourceMappingURL=publish.js.map

package/dist/cjs/apps/publish.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"publish.js","sourceRoot":"","sources":["../../../src/apps/publish.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAmJH,wDA+EC;AAOD,8CAMC;AA7OD,+CAA4C;AAC5C,yCAA+D;AAC/D,2DAA2E;AAC3E,+CAA4C;AAC5C,qDAAuD;AAsDvD,KAAK,UAAU,YAAY,CAAC,IAAY;IACtC,MAAM,GAAG,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;IAC9C,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,IAAA,kCAAgB,EAAC,MAAM,CAAC,CAAC;IACnD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,eAAe,IAAI,qBAAqB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAChE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAqB,EACrB,YAAoB;IAEpB,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC7C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAExD,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAChC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAC3B,yDAAyD;QACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACxC,CAAC;QACD,0DAA0D;QAC1D,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAChC,kEAAkE;QAClE,yCAAyC;QACzC,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO;gBACL,GAAG,KAAK;gBACR,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,IAAA,0BAAc,EAAC,KAAK,CAAC,MAAM,CAAC;aACrE,CAAC;QACJ,CAAC;QACD,8DAA8D;QAC9D,uBAAuB;QACvB,MAAM,UAAU,GAAG,IAAA,sBAAU,EAAC,KAAK,CAAC,MAAM,CAAC;YACzC,CAAC,CAAC,KAAK,CAAC,MAAM;YACd,CAAC,CAAC,IAAA,mBAAO,EAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,IAAA,mBAAQ,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,WAAW,KAAK,CAAC,IAAI,oCAAoC,UAAU,GAAG;gBACpE,IAAK,GAAa,CAAC,OAAO,GAAG,CAChC,CAAC;QACJ,CAAC;QACD,IAAI,MAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,WAAW,KAAK,CAAC,IAAI,qBAAqB,UAAU,uBAAwB,GAAa,CAAC,OAAO,EAAE,CACpG,CAAC;QACJ,CAAC;QACD,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,MAAM,EAAE,MAAM;YACd,cAAc,EAAE,IAAA,0BAAc,EAAC,MAAM,CAAC;SACvC,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IAEF,OAAO;QACL,GAAG,QAAQ;QACX,QAAQ,EAAE;YACR,GAAG,QAAQ,CAAC,QAAQ;YACpB,QAAQ,EAAE,QAAQ;SACnB;KACF,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,OAA0B,EAAE;IAE5B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAA,mBAAO,EAC1B,IAAI,CAAC,YAAY,IAAI,IAAA,gBAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,wBAAwB,CAAC,CACnE,CAAC;QACF,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC,CAAC;QACrD,oEAAoE;QACpE,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAEtE,MAAM,SAAS,GACb,IAAI,CAAC,SAAS;YACd,OAAO,CAAC,GAAG,CAAC,cAAc;YAC1B,oBAAoB,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAE9C,MAAM,WAAW,GACf,IAAI,CAAC,WAAW;YAChB,OAAO,CAAC,GAAG,CAAC,YAAY;YACxB,uBAAuB,CAAC;QAE1B,MAAM,iBAAiB,GACrB,IAAI,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;QAClE,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,QAAQ,CAAC,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,IAAA,mBAAQ,EAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QAE3D,MAAM,IAAI,GAAG;YACX,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,WAAW,EAAE,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YACzD,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,SAAS;YACT,WAAW;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ;SACT,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,gBAAgB,EAAE;YACtD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,iBAAiB,EAAE,WAAW;gBAC9B,sBAAsB,EAAE,SAAS;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,8BAA8B,GAAG,CAAC,MAAM,MAAM,OAAO,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAqB,CAAC;QACtD,OAAO,CAAC,GAAG,CACT,4BAA4B,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO,OAAO,WAAW,eAAe,SAAS,GAAG,CACzG,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CACV,0DAA2D,GAAa,CAAC,OAAO,EAAE,CACnF,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,OAA0B,EAAE;IAC5D,sBAAsB,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9D,OAAO,CAAC,IAAI,CACV,sDAAuD,GAAa,CAAC,OAAO,EAAE,CAC/E,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cjs/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+export interface AuthUser {
+    id: string;
+    email: string;
+    name?: string;
+    tenantId: string;
+}
+export interface AuthConfig {
+    jwtSecret: string;
+    internalApiSecret: string;
+}
+export declare function configureAuth(config: AuthConfig): void;
+export declare function verifyJwt(token: string): AuthUser;
+export declare function verifyHmac(userValue: string, signature: string): boolean;
+/**
+ * Compute an HMAC signature for service-to-service calls. Pair the returned
+ * value with the matching `userValue` sent in the `x-internal-user` header;
+ * the receiving side calls `verifyHmac` with the same pair.
+ */
+export declare function signHmac(userValue: string, secret?: string): string;
+export declare function authenticateRequest(request: Request): AuthUser | null;
+export declare function requireAuth(request: Request): AuthUser;
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/auth/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAID,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAEtD;AAOD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAcjD;AAED,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAOxE;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAMnE;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,CAsCrE;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,CAStD"}

package/dist/cjs/auth/index.js ADDED Viewed

@@ -0,0 +1,101 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuth = configureAuth;
+exports.verifyJwt = verifyJwt;
+exports.verifyHmac = verifyHmac;
+exports.signHmac = signHmac;
+exports.authenticateRequest = authenticateRequest;
+exports.requireAuth = requireAuth;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const crypto_1 = __importDefault(require("crypto"));
+let _config = null;
+function configureAuth(config) {
+    _config = config;
+}
+function getConfig() {
+    if (!_config)
+        throw new Error('Auth not configured. Call configureAuth() first.');
+    return _config;
+}
+function verifyJwt(token) {
+    const config = getConfig();
+    const payload = jsonwebtoken_1.default.verify(token, config.jwtSecret);
+    return {
+        id: payload.sub,
+        email: payload.email,
+        name: payload.name,
+        tenantId: payload.tenantId || 'default',
+    };
+}
+function verifyHmac(userValue, signature) {
+    const config = getConfig();
+    const expected = crypto_1.default
+        .createHmac('sha256', config.internalApiSecret)
+        .update(userValue)
+        .digest('hex');
+    return crypto_1.default.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
+}
+/**
+ * Compute an HMAC signature for service-to-service calls. Pair the returned
+ * value with the matching `userValue` sent in the `x-internal-user` header;
+ * the receiving side calls `verifyHmac` with the same pair.
+ */
+function signHmac(userValue, secret) {
+    const internalApiSecret = secret ?? getConfig().internalApiSecret;
+    return crypto_1.default
+        .createHmac('sha256', internalApiSecret)
+        .update(userValue)
+        .digest('hex');
+}
+function authenticateRequest(request) {
+    // Try JWT from Authorization header
+    const authHeader = request.headers.get('authorization');
+    if (authHeader?.startsWith('Bearer ')) {
+        try {
+            return verifyJwt(authHeader.slice(7));
+        }
+        catch {
+            return null;
+        }
+    }
+    // Try JWT from cookie
+    const cookies = request.headers.get('cookie') || '';
+    const authCookie = cookies.split(';').find(c => c.trim().startsWith('auth-token='));
+    if (authCookie) {
+        const token = authCookie.split('=')[1]?.trim();
+        if (token) {
+            try {
+                return verifyJwt(token);
+            }
+            catch {
+                return null;
+            }
+        }
+    }
+    // Try HMAC (service-to-service)
+    const internalUser = request.headers.get('x-internal-user');
+    const internalSig = request.headers.get('x-internal-signature');
+    if (internalUser && internalSig && verifyHmac(internalUser, internalSig)) {
+        return {
+            id: 'internal',
+            email: internalUser,
+            name: 'Internal Service',
+            tenantId: request.headers.get('x-tenant-id') || 'default',
+        };
+    }
+    return null;
+}
+function requireAuth(request) {
+    const user = authenticateRequest(request);
+    if (!user) {
+        throw new Response(JSON.stringify({ error: 'Unauthorized' }), {
+            status: 401,
+            headers: { 'Content-Type': 'application/json' },
+        });
+    }
+    return user;
+}
+//# sourceMappingURL=index.js.map

package/dist/cjs/auth/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;AAiBA,sCAEC;AAOD,8BAcC;AAED,gCAOC;AAOD,4BAMC;AAED,kDAsCC;AAED,kCASC;AAjHD,gEAA+B;AAC/B,oDAA4B;AAc5B,IAAI,OAAO,GAAsB,IAAI,CAAC;AAEtC,SAAgB,aAAa,CAAC,MAAkB;IAC9C,OAAO,GAAG,MAAM,CAAC;AACnB,CAAC;AAED,SAAS,SAAS;IAChB,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IAClF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,SAAS,CAAC,KAAa;IACrC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAKjD,CAAC;IACF,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,GAAG;QACf,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;KACxC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,SAAiB,EAAE,SAAiB;IAC7D,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,gBAAM;SACpB,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC;SAC9C,MAAM,CAAC,SAAS,CAAC;SACjB,MAAM,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,gBAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED;;;;GAIG;AACH,SAAgB,QAAQ,CAAC,SAAiB,EAAE,MAAe;IACzD,MAAM,iBAAiB,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,iBAAiB,CAAC;IAClE,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,EAAE,iBAAiB,CAAC;SACvC,MAAM,CAAC,SAAS,CAAC;SACjB,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,oCAAoC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,OAAO,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACpD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACpF,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAChE,IAAI,YAAY,IAAI,WAAW,IAAI,UAAU,CAAC,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;QACzE,OAAO;YACL,EAAE,EAAE,UAAU;YACd,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,SAAS;SAC1D,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,WAAW,CAAC,OAAgB;IAC1C,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,EAAE;YAC5D,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/cjs/config/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export interface PlatformConfig {
+    registryUrl: string;
+    appId: string;
+    tenantId?: string;
+}
+export declare function configurePlatform(config: PlatformConfig): void;
+export declare function getPlatformConfig(): PlatformConfig;
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/config/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE9D;AAED,wBAAgB,iBAAiB,IAAI,cAAc,CAGlD"}

package/dist/cjs/config/index.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configurePlatform = configurePlatform;
+exports.getPlatformConfig = getPlatformConfig;
+let _platformConfig = null;
+function configurePlatform(config) {
+    _platformConfig = config;
+}
+function getPlatformConfig() {
+    if (!_platformConfig)
+        throw new Error('Platform not configured. Call configurePlatform() first.');
+    return _platformConfig;
+}
+//# sourceMappingURL=index.js.map

package/dist/cjs/config/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/config/index.ts"],"names":[],"mappings":";;AAQA,8CAEC;AAED,8CAGC;AATD,IAAI,eAAe,GAA0B,IAAI,CAAC;AAElD,SAAgB,iBAAiB,CAAC,MAAsB;IACtD,eAAe,GAAG,MAAM,CAAC;AAC3B,CAAC;AAED,SAAgB,iBAAiB;IAC/B,IAAI,CAAC,eAAe;QAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAClG,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/cjs/entities/cache.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Entity response cache (Phase 1 = in-memory LRU).
+ *
+ * Interface is pluggable so Phase 2 can swap to Redis + pub/sub invalidation
+ * without touching callers. Key format: "{tenantId}:{entity}@{version}:{pathHash}".
+ */
+export interface EntityCache {
+    get(key: string): unknown | undefined;
+    set(key: string, value: unknown, ttlMs?: number): void;
+    del(key: string): void;
+    delPattern(prefix: string): void;
+    clear(): void;
+}
+export declare class InMemoryEntityCache implements EntityCache {
+    private readonly store;
+    private readonly maxEntries;
+    private readonly defaultTtlMs;
+    constructor(opts?: {
+        maxEntries?: number;
+        defaultTtlMs?: number;
+    });
+    get(key: string): unknown | undefined;
+    set(key: string, value: unknown, ttlMs?: number): void;
+    del(key: string): void;
+    delPattern(prefix: string): void;
+    clear(): void;
+}
+export declare function configureEntityCache(cache: EntityCache): void;
+export declare function getEntityCache(): EntityCache;
+export declare function entityCacheKey(tenantId: string, entityName: string, version: string, path: string, query?: Record<string, unknown>): string;
+//# sourceMappingURL=cache.d.ts.map

package/dist/cjs/entities/cache.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../src/entities/cache.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,KAAK,IAAI,IAAI,CAAC;CACf;AAOD,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA4B;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAO;IAKrE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS;IAarC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI;IAWtD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAItB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAMhC,KAAK,IAAI,IAAI;CAGd;AAID,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI,CAE7D;AAED,wBAAgB,cAAc,IAAI,WAAW,CAE5C;AAED,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,KAAK,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAClC,MAAM,CAeR"}

package/dist/cjs/entities/cache.js ADDED Viewed

@@ -0,0 +1,84 @@
+"use strict";
+/**
+ * Entity response cache (Phase 1 = in-memory LRU).
+ *
+ * Interface is pluggable so Phase 2 can swap to Redis + pub/sub invalidation
+ * without touching callers. Key format: "{tenantId}:{entity}@{version}:{pathHash}".
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryEntityCache = void 0;
+exports.configureEntityCache = configureEntityCache;
+exports.getEntityCache = getEntityCache;
+exports.entityCacheKey = entityCacheKey;
+const crypto_1 = __importDefault(require("crypto"));
+class InMemoryEntityCache {
+    store = new Map();
+    maxEntries;
+    defaultTtlMs;
+    constructor(opts = {}) {
+        this.maxEntries = opts.maxEntries ?? 1000;
+        this.defaultTtlMs = opts.defaultTtlMs ?? 30_000;
+    }
+    get(key) {
+        const entry = this.store.get(key);
+        if (!entry)
+            return undefined;
+        if (entry.expiresAt <= Date.now()) {
+            this.store.delete(key);
+            return undefined;
+        }
+        // Refresh insertion order for LRU.
+        this.store.delete(key);
+        this.store.set(key, entry);
+        return entry.value;
+    }
+    set(key, value, ttlMs) {
+        this.store.set(key, {
+            value,
+            expiresAt: Date.now() + (ttlMs ?? this.defaultTtlMs),
+        });
+        if (this.store.size > this.maxEntries) {
+            const oldest = this.store.keys().next().value;
+            if (oldest !== undefined)
+                this.store.delete(oldest);
+        }
+    }
+    del(key) {
+        this.store.delete(key);
+    }
+    delPattern(prefix) {
+        for (const key of this.store.keys()) {
+            if (key.startsWith(prefix))
+                this.store.delete(key);
+        }
+    }
+    clear() {
+        this.store.clear();
+    }
+}
+exports.InMemoryEntityCache = InMemoryEntityCache;
+let _cache = new InMemoryEntityCache();
+function configureEntityCache(cache) {
+    _cache = cache;
+}
+function getEntityCache() {
+    return _cache;
+}
+function entityCacheKey(tenantId, entityName, version, path, query = {}) {
+    const sortedQuery = JSON.stringify(Object.keys(query)
+        .sort()
+        .reduce((acc, k) => {
+        acc[k] = query[k];
+        return acc;
+    }, {}));
+    const hash = crypto_1.default
+        .createHash('sha256')
+        .update(path + '|' + sortedQuery)
+        .digest('hex')
+        .slice(0, 16);
+    return `${tenantId}:${entityName}@${version}:${hash}`;
+}
+//# sourceMappingURL=cache.js.map

package/dist/cjs/entities/cache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cache.js","sourceRoot":"","sources":["../../../src/entities/cache.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;AAoEH,oDAEC;AAED,wCAEC;AAED,wCAqBC;AA/FD,oDAA4B;AAe5B,MAAa,mBAAmB;IACb,KAAK,GAAG,IAAI,GAAG,EAAiB,CAAC;IACjC,UAAU,CAAS;IACnB,YAAY,CAAS;IAEtC,YAAY,OAAuD,EAAE;QACnE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC;IAClD,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAC7B,IAAI,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,mCAAmC;QACnC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,KAAc;QAC7C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY,CAAC;SACrD,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YAC9C,IAAI,MAAM,KAAK,SAAS;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAW;QACb,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AA/CD,kDA+CC;AAED,IAAI,MAAM,GAAgB,IAAI,mBAAmB,EAAE,CAAC;AAEpD,SAAgB,oBAAoB,CAAC,KAAkB;IACrD,MAAM,GAAG,KAAK,CAAC;AACjB,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,cAAc,CAC5B,QAAgB,EAChB,UAAkB,EAClB,OAAe,EACf,IAAY,EACZ,QAAiC,EAAE;IAEnC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAChC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACf,IAAI,EAAE;SACN,MAAM,CAA0B,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC1C,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC,CACT,CAAC;IACF,MAAM,IAAI,GAAG,gBAAM;SAChB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,IAAI,GAAG,GAAG,GAAG,WAAW,CAAC;SAChC,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChB,OAAO,GAAG,QAAQ,IAAI,UAAU,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;AACxD,CAAC"}