npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/package.json +90 -0
package/src/audit/__tests__/audit.integration.ts +328 -0
package/src/audit/constants.ts +7 -0
package/src/audit/feature.ts +23 -0
package/src/audit/handlers/list.query.ts +98 -0
package/src/audit/index.ts +2 -0
package/src/auth-email-password/__tests__/account-lockout-no-redis.integration.ts +149 -0
package/src/auth-email-password/__tests__/account-lockout.integration.ts +308 -0
package/src/auth-email-password/__tests__/auth-claims.integration.ts +512 -0
package/src/auth-email-password/__tests__/auth.integration.ts +610 -0
package/src/auth-email-password/__tests__/confirm-token-flow.test.ts +67 -0
package/src/auth-email-password/__tests__/email-templates.test.ts +106 -0
package/src/auth-email-password/__tests__/email-verification.integration.ts +327 -0
package/src/auth-email-password/__tests__/identity-v3-hash.test.ts +174 -0
package/src/auth-email-password/__tests__/identity-v3-login.integration.ts +150 -0
package/src/auth-email-password/__tests__/invite-flow.integration.ts +458 -0
package/src/auth-email-password/__tests__/multi-roles.integration.ts +256 -0
package/src/auth-email-password/__tests__/password-reset.integration.ts +346 -0
package/src/auth-email-password/__tests__/public-routes-rate-limit.integration.ts +144 -0
package/src/auth-email-password/__tests__/seed-admin.integration.ts +176 -0
package/src/auth-email-password/__tests__/session-callbacks.integration.ts +310 -0
package/src/auth-email-password/__tests__/session-strict-mode.integration.ts +101 -0
package/src/auth-email-password/__tests__/signed-token.test.ts +78 -0
package/src/auth-email-password/__tests__/signup-flow.integration.ts +259 -0
package/src/auth-email-password/auth-user-row.ts +41 -0
package/src/auth-email-password/constants.ts +101 -0
package/src/auth-email-password/email-templates.ts +283 -0
package/src/auth-email-password/feature.ts +140 -0
package/src/auth-email-password/handlers/change-password.write.ts +58 -0
package/src/auth-email-password/handlers/confirm-token-flow.ts +191 -0
package/src/auth-email-password/handlers/invite-accept-with-login.write.ts +203 -0
package/src/auth-email-password/handlers/invite-accept.write.ts +189 -0
package/src/auth-email-password/handlers/invite-create.write.ts +145 -0
package/src/auth-email-password/handlers/invite-signup-complete.write.ts +192 -0
package/src/auth-email-password/handlers/login.write.ts +208 -0
package/src/auth-email-password/handlers/logout.write.ts +12 -0
package/src/auth-email-password/handlers/request-email-verification.write.ts +29 -0
package/src/auth-email-password/handlers/request-password-reset.write.ts +31 -0
package/src/auth-email-password/handlers/reset-password.write.ts +61 -0
package/src/auth-email-password/handlers/signup-confirm.write.ts +170 -0
package/src/auth-email-password/handlers/signup-request.write.ts +104 -0
package/src/auth-email-password/handlers/token-request-handler.ts +114 -0
package/src/auth-email-password/handlers/verify-email.write.ts +62 -0
package/src/auth-email-password/i18n.ts +211 -0
package/src/auth-email-password/identity-v3-hash.ts +97 -0
package/src/auth-email-password/index.ts +35 -0
package/src/auth-email-password/invite-token-store.ts +92 -0
package/src/auth-email-password/lockout-store.ts +118 -0
package/src/auth-email-password/password-hashing.ts +43 -0
package/src/auth-email-password/reset-token.ts +28 -0
package/src/auth-email-password/seeding.ts +183 -0
package/src/auth-email-password/signed-token.ts +85 -0
package/src/auth-email-password/signup-token-store.ts +104 -0
package/src/auth-email-password/stream-tenant.ts +31 -0
package/src/auth-email-password/testing.ts +5 -0
package/src/auth-email-password/token-burn-store.ts +57 -0
package/src/auth-email-password/verification-token.ts +27 -0
package/src/auth-email-password/web/__tests__/auth-gate.test.tsx +51 -0
package/src/auth-email-password/web/__tests__/forgot-password-screen.test.tsx +80 -0
package/src/auth-email-password/web/__tests__/login-screen.test.tsx +94 -0
package/src/auth-email-password/web/__tests__/reset-password-screen.test.tsx +108 -0
package/src/auth-email-password/web/__tests__/session-roles.test.ts +54 -0
package/src/auth-email-password/web/__tests__/tenant-switcher.test.tsx +100 -0
package/src/auth-email-password/web/__tests__/test-utils.tsx +73 -0
package/src/auth-email-password/web/__tests__/user-menu.test.tsx +55 -0
package/src/auth-email-password/web/__tests__/verify-email-screen.test.tsx +59 -0
package/src/auth-email-password/web/auth-client.ts +350 -0
package/src/auth-email-password/web/auth-form-primitives.tsx +70 -0
package/src/auth-email-password/web/auth-gate.tsx +33 -0
package/src/auth-email-password/web/client-plugin.ts +48 -0
package/src/auth-email-password/web/default-topbar-actions.tsx +47 -0
package/src/auth-email-password/web/forgot-password-screen.tsx +110 -0
package/src/auth-email-password/web/index.ts +56 -0
package/src/auth-email-password/web/invite-accept-screen.tsx +220 -0
package/src/auth-email-password/web/login-screen.tsx +150 -0
package/src/auth-email-password/web/reset-password-screen.tsx +152 -0
package/src/auth-email-password/web/session.tsx +171 -0
package/src/auth-email-password/web/signup-complete-screen.tsx +150 -0
package/src/auth-email-password/web/signup-screen.tsx +130 -0
package/src/auth-email-password/web/tenant-switcher.tsx +116 -0
package/src/auth-email-password/web/use-shell-user.ts +34 -0
package/src/auth-email-password/web/user-menu.tsx +89 -0
package/src/auth-email-password/web/verify-email-screen.tsx +102 -0
package/src/billing-foundation/__tests__/billing-foundation.integration.ts +568 -0
package/src/billing-foundation/__tests__/feature.test.ts +110 -0
package/src/billing-foundation/__tests__/webhook-handler.test.ts +199 -0
package/src/billing-foundation/aggregate-id.ts +21 -0
package/src/billing-foundation/constants.ts +70 -0
package/src/billing-foundation/entities.ts +50 -0
package/src/billing-foundation/events.ts +71 -0
package/src/billing-foundation/feature.ts +122 -0
package/src/billing-foundation/get-subscription-for-tenant.ts +39 -0
package/src/billing-foundation/handlers/create-checkout-session.write.ts +79 -0
package/src/billing-foundation/handlers/create-portal-session.write.ts +73 -0
package/src/billing-foundation/handlers/list-subscriptions.query.ts +20 -0
package/src/billing-foundation/handlers/process-event.write.ts +160 -0
package/src/billing-foundation/index.ts +42 -0
package/src/billing-foundation/projection.ts +135 -0
package/src/billing-foundation/types.ts +157 -0
package/src/billing-foundation/webhook-handler.ts +184 -0
package/src/cap-counter/__tests__/cap-counter.integration.ts +566 -0
package/src/cap-counter/__tests__/enforce-cap.test.ts +422 -0
package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts +265 -0
package/src/cap-counter/aggregate-id.ts +61 -0
package/src/cap-counter/constants.ts +32 -0
package/src/cap-counter/enforce-cap.ts +404 -0
package/src/cap-counter/entity.ts +48 -0
package/src/cap-counter/feature.ts +90 -0
package/src/cap-counter/handlers/get-counter.query.ts +43 -0
package/src/cap-counter/handlers/increment-rolling.write.ts +79 -0
package/src/cap-counter/handlers/increment.write.ts +92 -0
package/src/cap-counter/handlers/mark-soft-warned.write.ts +57 -0
package/src/cap-counter/index.ts +34 -0
package/src/cap-counter/with-cap-enforcement.ts +179 -0
package/src/channel-email/email-channel.ts +48 -0
package/src/channel-email/feature.ts +15 -0
package/src/channel-email/index.ts +4 -0
package/src/channel-email/smtp-transport.ts +65 -0
package/src/channel-email/types.ts +34 -0
package/src/channel-in-app/constants.ts +11 -0
package/src/channel-in-app/feature.ts +30 -0
package/src/channel-in-app/handlers/inbox.query.ts +28 -0
package/src/channel-in-app/handlers/mark-all-read.write.ts +21 -0
package/src/channel-in-app/handlers/mark-read.write.ts +32 -0
package/src/channel-in-app/handlers/unread-count.query.ts +20 -0
package/src/channel-in-app/in-app-channel.ts +44 -0
package/src/channel-in-app/index.ts +4 -0
package/src/channel-in-app/tables.ts +22 -0
package/src/channel-push/feature.ts +15 -0
package/src/channel-push/index.ts +3 -0
package/src/channel-push/push-channel.ts +33 -0
package/src/channel-push/types.ts +22 -0
package/src/config/__tests__/app-overrides.test.ts +118 -0
package/src/config/__tests__/config.integration.ts +1246 -0
package/src/config/constants.ts +23 -0
package/src/config/feature.ts +117 -0
package/src/config/handlers/__tests__/prepare-config-write.test.ts +209 -0
package/src/config/handlers/reset.write.ts +45 -0
package/src/config/handlers/schema.query.ts +22 -0
package/src/config/handlers/set.write.ts +93 -0
package/src/config/handlers/values.query.ts +43 -0
package/src/config/index.ts +15 -0
package/src/config/resolver.ts +283 -0
package/src/config/table.ts +35 -0
package/src/config/write-helpers.ts +268 -0
package/src/delivery/__tests__/delivery-events.integration.ts +166 -0
package/src/delivery/__tests__/delivery.integration.ts +1405 -0
package/src/delivery/constants.ts +33 -0
package/src/delivery/delivery-service.ts +489 -0
package/src/delivery/events.ts +18 -0
package/src/delivery/feature.ts +70 -0
package/src/delivery/handlers/log.query.ts +21 -0
package/src/delivery/handlers/preferences.query.ts +18 -0
package/src/delivery/handlers/set-preference.write.ts +28 -0
package/src/delivery/index.ts +35 -0
package/src/delivery/tables.ts +74 -0
package/src/delivery/testing.ts +47 -0
package/src/delivery/types.ts +71 -0
package/src/delivery/unsubscribe.ts +99 -0
package/src/delivery/upsert-preference.ts +145 -0
package/src/feature-toggles/__tests__/feature-toggles.integration.ts +687 -0
package/src/feature-toggles/constants.ts +20 -0
package/src/feature-toggles/events.ts +18 -0
package/src/feature-toggles/feature.ts +98 -0
package/src/feature-toggles/global-feature-state-table.ts +28 -0
package/src/feature-toggles/handlers/list.query.ts +26 -0
package/src/feature-toggles/handlers/registered.query.ts +56 -0
package/src/feature-toggles/handlers/set.write.ts +158 -0
package/src/feature-toggles/index.ts +9 -0
package/src/feature-toggles/toggle-runtime.ts +73 -0
package/src/file-foundation/__tests__/feature.test.ts +35 -0
package/src/file-foundation/__tests__/file-foundation.integration.ts +235 -0
package/src/file-foundation/feature.ts +123 -0
package/src/file-foundation/index.ts +7 -0
package/src/file-provider-inmemory/__tests__/feature.test.ts +35 -0
package/src/file-provider-inmemory/feature.ts +73 -0
package/src/file-provider-inmemory/index.ts +3 -0
package/src/file-provider-s3/__tests__/feature.test.ts +54 -0
package/src/file-provider-s3/feature.ts +169 -0
package/src/file-provider-s3/index.ts +3 -0
package/src/files-provider-s3/__tests__/env-helper.test.ts +161 -0
package/src/files-provider-s3/__tests__/s3-provider.integration.ts +134 -0
package/src/files-provider-s3/__tests__/s3-provider.test.ts +36 -0
package/src/files-provider-s3/env-helper.ts +49 -0
package/src/files-provider-s3/index.ts +3 -0
package/src/files-provider-s3/s3-provider.ts +114 -0
package/src/foundation-shared/config-helpers.ts +67 -0
package/src/foundation-shared/index.ts +4 -0
package/src/jobs/__tests__/job-system-user.integration.ts +194 -0
package/src/jobs/__tests__/jobs-events.integration.ts +143 -0
package/src/jobs/__tests__/jobs-feature.integration.ts +342 -0
package/src/jobs/constants.ts +21 -0
package/src/jobs/events.ts +39 -0
package/src/jobs/feature.ts +150 -0
package/src/jobs/handlers/detail.query.ts +30 -0
package/src/jobs/handlers/list.query.ts +36 -0
package/src/jobs/handlers/retry.write.ts +69 -0
package/src/jobs/handlers/trigger.write.ts +39 -0
package/src/jobs/index.ts +5 -0
package/src/jobs/job-run-logger.ts +213 -0
package/src/jobs/job-run-table.ts +55 -0
package/src/legal-pages/README.md +195 -0
package/src/legal-pages/__tests__/legal-pages.integration.ts +361 -0
package/src/legal-pages/constants.ts +36 -0
package/src/legal-pages/feature.ts +187 -0
package/src/legal-pages/index.ts +13 -0
package/src/legal-pages/markdown.ts +69 -0
package/src/mail-foundation/__tests__/feature.test.ts +46 -0
package/src/mail-foundation/__tests__/mail-foundation.integration.ts +247 -0
package/src/mail-foundation/feature.ts +160 -0
package/src/mail-foundation/index.ts +14 -0
package/src/mail-transport-inmemory/__tests__/feature.test.ts +37 -0
package/src/mail-transport-inmemory/feature.ts +90 -0
package/src/mail-transport-inmemory/index.ts +3 -0
package/src/mail-transport-smtp/__tests__/feature.test.ts +61 -0
package/src/mail-transport-smtp/feature.ts +182 -0
package/src/mail-transport-smtp/index.ts +3 -0
package/src/rate-limiting/__tests__/rate-limiting.integration.ts +84 -0
package/src/rate-limiting/constants.ts +9 -0
package/src/rate-limiting/feature.ts +16 -0
package/src/rate-limiting/handlers/status.query.ts +52 -0
package/src/rate-limiting/index.ts +2 -0
package/src/renderer-simple/__tests__/simple-renderer.test.ts +97 -0
package/src/renderer-simple/feature.ts +12 -0
package/src/renderer-simple/index.ts +2 -0
package/src/renderer-simple/simple-renderer.ts +72 -0
package/src/secrets/__tests__/rotate.integration.ts +176 -0
package/src/secrets/__tests__/secrets-events.integration.ts +125 -0
package/src/secrets/__tests__/secrets.integration.ts +118 -0
package/src/secrets/feature.ts +84 -0
package/src/secrets/handlers/delete.write.ts +20 -0
package/src/secrets/handlers/list.query.ts +38 -0
package/src/secrets/handlers/rotate.job.ts +193 -0
package/src/secrets/handlers/set.write.ts +50 -0
package/src/secrets/index.ts +16 -0
package/src/secrets/secrets-context.ts +296 -0
package/src/secrets/table.ts +68 -0
package/src/sessions/__tests__/cleanup.integration.ts +175 -0
package/src/sessions/__tests__/password-auto-revoke.integration.ts +202 -0
package/src/sessions/__tests__/sessions.integration.ts +472 -0
package/src/sessions/__tests__/test-helpers.ts +66 -0
package/src/sessions/constants.ts +43 -0
package/src/sessions/feature.ts +84 -0
package/src/sessions/handlers/cleanup.job.ts +109 -0
package/src/sessions/handlers/list.query.ts +35 -0
package/src/sessions/handlers/mine.query.ts +37 -0
package/src/sessions/handlers/revoke-all-others.write.ts +42 -0
package/src/sessions/handlers/revoke.write.ts +76 -0
package/src/sessions/index.ts +17 -0
package/src/sessions/schema/index.ts +5 -0
package/src/sessions/schema/user-session.ts +67 -0
package/src/sessions/session-callbacks.ts +110 -0
package/src/sessions/testing.ts +42 -0
package/src/subscription-mollie/__tests__/feature.test.ts +106 -0
package/src/subscription-mollie/__tests__/mollie-foundation.integration.ts +421 -0
package/src/subscription-mollie/__tests__/verify-webhook.test.ts +388 -0
package/src/subscription-mollie/constants.ts +33 -0
package/src/subscription-mollie/feature.ts +144 -0
package/src/subscription-mollie/index.ts +13 -0
package/src/subscription-mollie/plugin-methods.ts +79 -0
package/src/subscription-mollie/verify-webhook.ts +244 -0
package/src/subscription-stripe/__tests__/feature.test.ts +98 -0
package/src/subscription-stripe/__tests__/plugin-methods.test.ts +161 -0
package/src/subscription-stripe/__tests__/stripe-foundation.integration.ts +315 -0
package/src/subscription-stripe/__tests__/verify-webhook.test.ts +306 -0
package/src/subscription-stripe/constants.ts +20 -0
package/src/subscription-stripe/feature.ts +120 -0
package/src/subscription-stripe/index.ts +14 -0
package/src/subscription-stripe/plugin-methods.ts +91 -0
package/src/subscription-stripe/verify-webhook.ts +235 -0
package/src/tenant/__tests__/multi-tenant.integration.ts +278 -0
package/src/tenant/__tests__/seed-testing.integration.ts +229 -0
package/src/tenant/__tests__/tenant.integration.ts +347 -0
package/src/tenant/command-schemas.ts +37 -0
package/src/tenant/constants.ts +37 -0
package/src/tenant/feature.ts +109 -0
package/src/tenant/handlers/active-tenant-ids.query.ts +19 -0
package/src/tenant/handlers/add-member.write.ts +53 -0
package/src/tenant/handlers/cancel-invitation.write.ts +87 -0
package/src/tenant/handlers/create.write.ts +21 -0
package/src/tenant/handlers/disable.write.ts +18 -0
package/src/tenant/handlers/invitations.query.ts +31 -0
package/src/tenant/handlers/list.query.ts +17 -0
package/src/tenant/handlers/me.query.ts +17 -0
package/src/tenant/handlers/members.query.ts +22 -0
package/src/tenant/handlers/memberships.query.ts +24 -0
package/src/tenant/handlers/remove-member.write.ts +40 -0
package/src/tenant/handlers/resolve-user-ids.query.ts +43 -0
package/src/tenant/handlers/update-member-roles.write.ts +54 -0
package/src/tenant/handlers/update.write.ts +20 -0
package/src/tenant/index.ts +12 -0
package/src/tenant/invitation-table.ts +93 -0
package/src/tenant/membership-table.ts +35 -0
package/src/tenant/schema/index.ts +5 -0
package/src/tenant/schema/tenant.ts +27 -0
package/src/tenant/seeding.ts +155 -0
package/src/tenant/testing.ts +8 -0
package/src/text-content/README.md +190 -0
package/src/text-content/__tests__/text-content.integration.ts +415 -0
package/src/text-content/api.ts +92 -0
package/src/text-content/constants.ts +19 -0
package/src/text-content/feature.ts +29 -0
package/src/text-content/handlers/by-slug.query.ts +55 -0
package/src/text-content/handlers/set.write.ts +118 -0
package/src/text-content/index.ts +14 -0
package/src/text-content/seeding.ts +91 -0
package/src/text-content/table.ts +45 -0
package/src/tier-engine/__tests__/compose-app.test.ts +182 -0
package/src/tier-engine/__tests__/drift.test.ts +42 -0
package/src/tier-engine/__tests__/tier-engine.integration.ts +241 -0
package/src/tier-engine/aggregate-id.ts +27 -0
package/src/tier-engine/compose-app.ts +150 -0
package/src/tier-engine/constants.ts +15 -0
package/src/tier-engine/entity.ts +30 -0
package/src/tier-engine/feature.ts +72 -0
package/src/tier-engine/handlers/active-tier.query.ts +23 -0
package/src/tier-engine/index.ts +22 -0
package/src/user/__tests__/seed-testing.integration.ts +127 -0
package/src/user/__tests__/user.integration.ts +198 -0
package/src/user/command-schemas.ts +15 -0
package/src/user/constants.ts +23 -0
package/src/user/feature.ts +32 -0
package/src/user/handlers/create.write.ts +54 -0
package/src/user/handlers/detail.query.ts +9 -0
package/src/user/handlers/find-for-auth.query.ts +38 -0
package/src/user/handlers/list.query.ts +8 -0
package/src/user/handlers/me.query.ts +15 -0
package/src/user/handlers/update.write.ts +54 -0
package/src/user/index.ts +4 -0
package/src/user/schema/index.ts +5 -0
package/src/user/schema/user.ts +69 -0
package/src/user/seeding.ts +93 -0
package/src/user/testing.ts +5 -0

package/src/billing-foundation/types.ts ADDED Viewed

@@ -0,0 +1,157 @@
+// Plugin-Contract + Domain-Types der subscription-foundation. Provider-
+// Plugins (subscription-stripe, subscription-mollie, ...) implementieren
+// `SubscriptionProviderPlugin` und registrieren via
+// `r.useExtension("subscriptionProvider", "<name>", { build })`.
+//
+// **Two-phase plugin contract:**
+//   1. **Pre-tenant-resolution:** `verifyAndParseWebhook` läuft BEVOR
+//      ein Tenant aus dem Event aufgelöst ist — kein HandlerContext
+//      verfügbar. Plugin liest seinen webhook-secret aus
+//      module-load-Closure (ENV-VAR oder system-config), NICHT aus
+//      ctx. **Webhook-secret ist app-wide**, nicht per-tenant — das
+//      ist App-Owner's Stripe-/PayPal-Account, nicht Tenant-Sache.
+//   2. **Post-tenant-resolution:** `createPortalSession` +
+//      `cancelSubscription` werden aus regulären write-handlern
+//      gerufen mit voll-aufgelöstem HandlerContext. Plugin kann
+//      hier ctx.config + ctx.secrets nutzen für tenant-spezifische
+//      Konfiguration (z.B. tenant-eigene customer-id-mapping).
+//
+// Foundation nutzt nur den common-subset der Provider-Funktionalität —
+// proration, multi-currency, coupons etc. bleiben provider-spezifisch
+// und sind über den Customer-Portal-Link erreichbar.
+import type { HandlerContext } from "@cosmicdrift/kumiko-framework/engine";
+import type { SubscriptionEventType, SubscriptionStatus } from "./constants";
+// =============================================================================
+// Normalisierter Webhook-Event
+// =============================================================================
+//
+// Der Plugin parsed den raw provider-payload und liefert diese Form
+// zurück. Foundation kennt KEINE Stripe-/Mollie-types direkt — der
+// Plugin abstrahiert.
+export type SubscriptionEvent = {
+  /** Provider-eigene Event-ID — UNIQUE-key für Idempotency.
+   *  Stripe: "evt_..."; Mollie: payment-id oder subscription-id. */
+  readonly providerEventId: string;
+  /** Discriminator — welcher Plugin diesen Event geliefert hat. */
+  readonly providerName: string;
+  /** Normalisierter Event-Type. Plugin filtert provider-spezifische
+   *  Sub-Types raus (Stripe hat ~80 Event-types, wir kennen 5). */
+  readonly type: SubscriptionEventType;
+  /** Plattform-Tenant-ID (provider-customer-metadata oder lookup
+   *  via providerCustomerId). Plugin macht die resolution. */
+  readonly tenantId: string;
+  /** Provider-eigene customer-id für späteren Lookup bei events
+   *  ohne metadata. */
+  readonly providerCustomerId: string;
+  /** Provider-eigene subscription-id. */
+  readonly providerSubscriptionId: string;
+  /** Normalisierter status. */
+  readonly status: SubscriptionStatus;
+  /** Resolved tier — Plugin liest die price-id aus dem event und
+   *  mapped via plugin-eigenem `<plugin>:config:price-to-tier` auf
+   *  einen tier-name. Wenn der price-id im Mapping fehlt, returnt
+   *  der Plugin null aus verifyAndParseWebhook (= "unknown event,
+   *  ignore"). */
+  readonly tier: string;
+  /** ISO-timestamp wann die aktuelle Billing-Period endet. */
+  readonly currentPeriodEnd: string;
+  /** Raw provider-payload — wird 1:1 in subscription-event.rawPayload
+   *  archiviert. Plugin liefert das als JSON-stringified-string. */
+  readonly rawPayload: string;
+};
+// =============================================================================
+// Plugin-Contract
+// =============================================================================
+export type SubscriptionProviderPlugin = {
+  /**
+   * Verify webhook signature + parse provider-event into normalized
+   * form. **Pre-tenant-resolution** — kein HandlerContext, weil zum
+   * Zeitpunkt des sig-verify der Tenant noch nicht aufgelöst ist
+   * (Plugin macht die Tenant-Resolution selbst aus dem provider-
+   * payload metadata).
+   *
+   * Plugin liest seinen webhook-secret aus module-load-Closure
+   * (process.env.STRIPE_WEBHOOK_SECRET oder system-config), NICHT
+   * aus ctx. App-wide-secret = App-Owner's eigener Provider-Account.
+   *
+   * Returns null für events die der Plugin nicht versteht oder die
+   * foundation nicht braucht (= filter out, foundation returnt 200
+   * "ignored").
+   *
+   * **Throws** bei sig-mismatch — der webhook-handler mapped das auf
+   * 401 damit der Provider keine retries macht (sig-fail = config-bug,
+   * nicht transient).
+   */
+  readonly verifyAndParseWebhook: (
+    rawBody: string,
+    headers: Record<string, string>,
+  ) => Promise<SubscriptionEvent | null>;
+  /**
+   * **Post-tenant-resolution** — wird aus dem
+   * `create-checkout-session`-write-handler gerufen. Plugin baut
+   * eine provider-eigene checkout-session und returnt die hosted-
+   * page-URL — Tenant-Admin wird dorthin redirected, schließt den
+   * Bezahl-Flow ab, Provider sendet `subscription.created`-webhook
+   * mit `metadata.tenantId` zurück.
+   *
+   * Optional: Apple-IAP hat keinen Web-Checkout (alles in der App).
+   * Apps die ausschließlich Apple-IAP nutzen lassen das weg.
+   */
+  readonly createCheckoutSession?: (
+    ctx: HandlerContext,
+    options: {
+      /** Provider-eigene price/plan-ID die der Endkunde abonniert. */
+      readonly priceId: string;
+      /** Plattform-Tenant-ID — landet als metadata im checkout-session
+       *  damit der subsequent webhook den tenant resolved (siehe
+       *  `verifyAndParseWebhook`'s metadata.tenantId-lookup). */
+      readonly tenantId: string;
+      /** Wo der Endkunde nach erfolgreichem checkout landed. */
+      readonly successUrl: string;
+      /** Wo der Endkunde landed wenn er abbricht. */
+      readonly cancelUrl: string;
+      /** Optional: existierende provider-customer-id wenn der Tenant
+       *  schon einen Account beim Provider hat. Sonst legt der Provider
+       *  beim checkout einen neuen customer an. */
+      readonly providerCustomerId?: string;
+    },
+  ) => Promise<{ readonly url: string }>;
+  /**
+   * **Post-tenant-resolution** — wird aus einem write-handler gerufen
+   * mit voll-aufgelöstem ctx. Erstellt einen self-service Portal-Link.
+   * Stripe: customer-portal-session, Mollie: hosted-management-page.
+   * Tenant-Admin klickt darauf um Subscription selbst zu verwalten
+   * (cancel, payment-method, ...).
+   *
+   * Optional weil nicht jeder Provider einen Portal-Pattern hat
+   * (Apple-IAP managed Subs in der Apple-App, kein Web-Portal).
+   * Plugin der das nicht supported kann das Field weglassen — foundation
+   * returnt dann "portal_not_supported"-error wenn ein Tenant-Admin
+   * den Portal-Link anfordert.
+   */
+  readonly createPortalSession?: (
+    ctx: HandlerContext,
+    options: {
+      readonly providerCustomerId: string;
+      readonly returnUrl: string;
+    },
+  ) => Promise<{ readonly url: string }>;
+  /**
+   * Optional: Cancel-aus-der-App-API. Wenn nicht implementiert, kann
+   * der Tenant nur über den Customer-Portal-Link cancellen (oder gar
+   * nicht, wenn auch createPortalSession fehlt — dann ist
+   * Cancel-Flow Provider-Dashboard-only).
+   */
+  readonly cancelSubscription?: (
+    ctx: HandlerContext,
+    providerSubscriptionId: string,
+  ) => Promise<void>;
+};

package/src/billing-foundation/webhook-handler.ts ADDED Viewed

@@ -0,0 +1,184 @@
+// createSubscriptionWebhookHandler — Hono-route-factory den der App-
+// Owner via `extraRoutes` in seinem bin/server.ts mountet.
+//
+// **Multi-Provider:** der Plugin wird via Pfad-Parameter
+// `:providerName` ausgewählt — Stripe-Dashboard zeigt auf
+// `/api/subscription/webhook/stripe`, PayPal auf
+// `/api/subscription/webhook/paypal`. Eine Hono-Route, alle Plugins
+// gleichzeitig aktiv.
+//
+// Beispiel-Verwendung in bin/server.ts:
+//
+//   await runDevApp({
+//     features: APP_FEATURES,
+//     extraRoutes: (app, deps) => {
+//       const handler = createSubscriptionWebhookHandler(deps);
+//       app.post("/api/subscription/webhook/:providerName", handler);
+//     },
+//   });
+//
+// Was der handler macht:
+//   1. providerName aus dem URL-Pfad lesen
+//   2. raw-body via c.req.text() lesen (NICHT JSON-parsen — Stripe-Sig
+//      prüft exakte bytes)
+//   3. Headers sammeln + an Plugin durchreichen
+//   4. Plugin-Lookup im Registry via "subscriptionProvider"-extension
+//      und dem providerName aus dem URL-Pfad
+//   5. plugin.verifyAndParseWebhook(raw, headers, ctx) → SubscriptionEvent | null
+//   6. Bei null (= Plugin filtert event-type raus): 200 OK ohne side-effects
+//   7. Bei Event: ctx.write("billing-foundation:write:process-event")
+//      mit der vom Plugin aufgelösten tenantId
+//   8. Returnt 200 OK an Provider
+//
+// **Auth:** kein JWT/Cookie. Authentifizierung läuft via Provider-
+// Webhook-Sig im Plugin. Kein `c.get("user")`-call hier.
+import type { TenantId } from "@cosmicdrift/kumiko-framework/engine";
+import type { Context, Hono } from "hono";
+import {
+  BILLING_FOUNDATION_FEATURE,
+  SUBSCRIPTION_PROVIDER_EXTENSION,
+  SubscriptionFoundationHandlers,
+} from "./constants";
+import type { SubscriptionProviderPlugin } from "./types";
+/**
+ * Dependencies the App-Owner gibt dem webhook-handler. Identisch zum
+ * `extraRoutes`-Callback-Argument-shape von runDevApp/runProdApp.
+ */
+export type SubscriptionWebhookDeps = {
+  /** Schreibt durch den Standard-Dispatcher mit einem auto-konstruierten
+   *  SystemUser. Muss `process-event` als SystemAdmin durchlassen. */
+  readonly dispatchWrite: (args: {
+    readonly handlerQn: string;
+    readonly payload: unknown;
+    readonly tenantId: string;
+  }) => Promise<{
+    readonly isSuccess: boolean;
+    readonly data?: unknown;
+    readonly error?: unknown;
+  }>;
+  /** Plugin-Lookup-Function — bekommt den providerName aus dem URL-
+   *  Pfad und returnt den passenden Plugin (= entityName-match in
+   *  registry.getExtensionUsages("subscriptionProvider")). */
+  readonly resolveProvider: (providerName: string) => SubscriptionProviderPlugin | undefined;
+};
+/**
+ * Returnt einen Hono-handler. Mounten via
+ * `app.post("/api/subscription/webhook/:providerName", handler)`.
+ */
+export function createSubscriptionWebhookHandler(deps: SubscriptionWebhookDeps) {
+  return async (c: Context): Promise<Response> => {
+    // 1. providerName aus URL-Pfad. Hono-Standard via c.req.param.
+    const providerName = c.req.param("providerName");
+    if (!providerName || providerName.length === 0) {
+      return c.json(
+        {
+          error: {
+            code: "subscription_provider_path_missing",
+            message: `${BILLING_FOUNDATION_FEATURE}: Mount the route as POST /api/subscription/webhook/:providerName so each provider has its own URL (Stripe-Dashboard → /stripe, PayPal-Dashboard → /paypal).`,
+          },
+        },
+        400,
+      );
+    }
+    // 2. Raw-body. Provider-Sigs werden gegen die exakten bytes verifiziert.
+    const rawBody = await c.req.text();
+    const headers: Record<string, string> = {};
+    c.req.raw.headers.forEach((value, key) => {
+      headers[key.toLowerCase()] = value;
+    });
+    // 3. Plugin-Lookup via path-segment. Jeder gemountete Plugin hat
+    //    sich mit `r.useExtension("subscriptionProvider", entityName,
+    //    {...})` registriert; entityName matcht hier den path-segment.
+    const plugin = deps.resolveProvider(providerName);
+    if (!plugin) {
+      return c.json(
+        {
+          error: {
+            code: "subscription_provider_not_registered",
+            message: `${BILLING_FOUNDATION_FEATURE}: provider "${providerName}" not registered as '${SUBSCRIPTION_PROVIDER_EXTENSION}'-plugin. Mount the matching subscription-${providerName} feature.`,
+          },
+        },
+        404,
+      );
+    }
+    // 4. Plugin verifies + parses. **Pre-tenant-resolution** — kein
+    //    ctx, Plugin liest seinen webhook-secret aus eigener
+    //    module-load-Closure (ENV-VAR oder system-config).
+    //    Throws on sig-mismatch — wir mappen auf 401 (= "config-bug,
+    //    retry won't help, Provider stopp").
+    let parsed: Awaited<ReturnType<SubscriptionProviderPlugin["verifyAndParseWebhook"]>>;
+    try {
+      parsed = await plugin.verifyAndParseWebhook(rawBody, headers);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      return c.json(
+        {
+          error: {
+            code: "subscription_webhook_signature_invalid",
+            message: `Plugin "${providerName}" rejected webhook: ${msg}`,
+          },
+        },
+        401,
+      );
+    }
+    // 5. Plugin returned null = "ich kenne diesen event-type nicht / ist
+    //    nicht relevant". 200 OK damit der Provider keine retries macht.
+    if (parsed === null) {
+      return c.json({ ignored: true }, 200);
+    }
+    // 6. Dispatch process-event-handler durch den Standard-Dispatcher.
+    //    Idempotency macht der handler intern via deterministic
+    //    aggregate-id + UNIQUE-constraint.
+    const dispatched = await deps.dispatchWrite({
+      handlerQn: SubscriptionFoundationHandlers.processEvent,
+      tenantId: parsed.tenantId,
+      payload: {
+        providerEventId: parsed.providerEventId,
+        providerName: parsed.providerName,
+        type: parsed.type,
+        providerCustomerId: parsed.providerCustomerId,
+        providerSubscriptionId: parsed.providerSubscriptionId,
+        status: parsed.status,
+        tier: parsed.tier,
+        currentPeriodEndIso: parsed.currentPeriodEnd,
+        rawPayload: parsed.rawPayload,
+      },
+    });
+    if (!dispatched.isSuccess) {
+      // Internal error — Provider soll retry'n. 500 statt 401/404 weil
+      // das transient ist (DB down etc.) nicht config-bug.
+      return c.json(
+        {
+          error: {
+            code: "subscription_webhook_processing_failed",
+            message: "Internal error processing subscription event",
+            details: dispatched.error,
+          },
+        },
+        500,
+      );
+    }
+    return c.json({ processed: true, ...((dispatched.data as object) ?? {}) }, 200);
+  };
+}
+/**
+ * Convenience für TypeScript-IDE: `Hono.post(...)`-Call-Type damit der
+ * App-Owner-Code typed bleibt ohne Hono-types zu importieren.
+ */
+export type SubscriptionWebhookHandler = ReturnType<typeof createSubscriptionWebhookHandler>;
+// Re-export für convenience: App-Owner kann den TenantId-type aus dem
+// gleichen Modul importieren (vermeidet ein zweites Framework-import).
+export type { Hono, TenantId };