npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/package.json +90 -0
package/src/audit/__tests__/audit.integration.ts +328 -0
package/src/audit/constants.ts +7 -0
package/src/audit/feature.ts +23 -0
package/src/audit/handlers/list.query.ts +98 -0
package/src/audit/index.ts +2 -0
package/src/auth-email-password/__tests__/account-lockout-no-redis.integration.ts +149 -0
package/src/auth-email-password/__tests__/account-lockout.integration.ts +308 -0
package/src/auth-email-password/__tests__/auth-claims.integration.ts +512 -0
package/src/auth-email-password/__tests__/auth.integration.ts +610 -0
package/src/auth-email-password/__tests__/confirm-token-flow.test.ts +67 -0
package/src/auth-email-password/__tests__/email-templates.test.ts +106 -0
package/src/auth-email-password/__tests__/email-verification.integration.ts +327 -0
package/src/auth-email-password/__tests__/identity-v3-hash.test.ts +174 -0
package/src/auth-email-password/__tests__/identity-v3-login.integration.ts +150 -0
package/src/auth-email-password/__tests__/invite-flow.integration.ts +458 -0
package/src/auth-email-password/__tests__/multi-roles.integration.ts +256 -0
package/src/auth-email-password/__tests__/password-reset.integration.ts +346 -0
package/src/auth-email-password/__tests__/public-routes-rate-limit.integration.ts +144 -0
package/src/auth-email-password/__tests__/seed-admin.integration.ts +176 -0
package/src/auth-email-password/__tests__/session-callbacks.integration.ts +310 -0
package/src/auth-email-password/__tests__/session-strict-mode.integration.ts +101 -0
package/src/auth-email-password/__tests__/signed-token.test.ts +78 -0
package/src/auth-email-password/__tests__/signup-flow.integration.ts +259 -0
package/src/auth-email-password/auth-user-row.ts +41 -0
package/src/auth-email-password/constants.ts +101 -0
package/src/auth-email-password/email-templates.ts +283 -0
package/src/auth-email-password/feature.ts +140 -0
package/src/auth-email-password/handlers/change-password.write.ts +58 -0
package/src/auth-email-password/handlers/confirm-token-flow.ts +191 -0
package/src/auth-email-password/handlers/invite-accept-with-login.write.ts +203 -0
package/src/auth-email-password/handlers/invite-accept.write.ts +189 -0
package/src/auth-email-password/handlers/invite-create.write.ts +145 -0
package/src/auth-email-password/handlers/invite-signup-complete.write.ts +192 -0
package/src/auth-email-password/handlers/login.write.ts +208 -0
package/src/auth-email-password/handlers/logout.write.ts +12 -0
package/src/auth-email-password/handlers/request-email-verification.write.ts +29 -0
package/src/auth-email-password/handlers/request-password-reset.write.ts +31 -0
package/src/auth-email-password/handlers/reset-password.write.ts +61 -0
package/src/auth-email-password/handlers/signup-confirm.write.ts +170 -0
package/src/auth-email-password/handlers/signup-request.write.ts +104 -0
package/src/auth-email-password/handlers/token-request-handler.ts +114 -0
package/src/auth-email-password/handlers/verify-email.write.ts +62 -0
package/src/auth-email-password/i18n.ts +211 -0
package/src/auth-email-password/identity-v3-hash.ts +97 -0
package/src/auth-email-password/index.ts +35 -0
package/src/auth-email-password/invite-token-store.ts +92 -0
package/src/auth-email-password/lockout-store.ts +118 -0
package/src/auth-email-password/password-hashing.ts +43 -0
package/src/auth-email-password/reset-token.ts +28 -0
package/src/auth-email-password/seeding.ts +183 -0
package/src/auth-email-password/signed-token.ts +85 -0
package/src/auth-email-password/signup-token-store.ts +104 -0
package/src/auth-email-password/stream-tenant.ts +31 -0
package/src/auth-email-password/testing.ts +5 -0
package/src/auth-email-password/token-burn-store.ts +57 -0
package/src/auth-email-password/verification-token.ts +27 -0
package/src/auth-email-password/web/__tests__/auth-gate.test.tsx +51 -0
package/src/auth-email-password/web/__tests__/forgot-password-screen.test.tsx +80 -0
package/src/auth-email-password/web/__tests__/login-screen.test.tsx +94 -0
package/src/auth-email-password/web/__tests__/reset-password-screen.test.tsx +108 -0
package/src/auth-email-password/web/__tests__/session-roles.test.ts +54 -0
package/src/auth-email-password/web/__tests__/tenant-switcher.test.tsx +100 -0
package/src/auth-email-password/web/__tests__/test-utils.tsx +73 -0
package/src/auth-email-password/web/__tests__/user-menu.test.tsx +55 -0
package/src/auth-email-password/web/__tests__/verify-email-screen.test.tsx +59 -0
package/src/auth-email-password/web/auth-client.ts +350 -0
package/src/auth-email-password/web/auth-form-primitives.tsx +70 -0
package/src/auth-email-password/web/auth-gate.tsx +33 -0
package/src/auth-email-password/web/client-plugin.ts +48 -0
package/src/auth-email-password/web/default-topbar-actions.tsx +47 -0
package/src/auth-email-password/web/forgot-password-screen.tsx +110 -0
package/src/auth-email-password/web/index.ts +56 -0
package/src/auth-email-password/web/invite-accept-screen.tsx +220 -0
package/src/auth-email-password/web/login-screen.tsx +150 -0
package/src/auth-email-password/web/reset-password-screen.tsx +152 -0
package/src/auth-email-password/web/session.tsx +171 -0
package/src/auth-email-password/web/signup-complete-screen.tsx +150 -0
package/src/auth-email-password/web/signup-screen.tsx +130 -0
package/src/auth-email-password/web/tenant-switcher.tsx +116 -0
package/src/auth-email-password/web/use-shell-user.ts +34 -0
package/src/auth-email-password/web/user-menu.tsx +89 -0
package/src/auth-email-password/web/verify-email-screen.tsx +102 -0
package/src/billing-foundation/__tests__/billing-foundation.integration.ts +568 -0
package/src/billing-foundation/__tests__/feature.test.ts +110 -0
package/src/billing-foundation/__tests__/webhook-handler.test.ts +199 -0
package/src/billing-foundation/aggregate-id.ts +21 -0
package/src/billing-foundation/constants.ts +70 -0
package/src/billing-foundation/entities.ts +50 -0
package/src/billing-foundation/events.ts +71 -0
package/src/billing-foundation/feature.ts +122 -0
package/src/billing-foundation/get-subscription-for-tenant.ts +39 -0
package/src/billing-foundation/handlers/create-checkout-session.write.ts +79 -0
package/src/billing-foundation/handlers/create-portal-session.write.ts +73 -0
package/src/billing-foundation/handlers/list-subscriptions.query.ts +20 -0
package/src/billing-foundation/handlers/process-event.write.ts +160 -0
package/src/billing-foundation/index.ts +42 -0
package/src/billing-foundation/projection.ts +135 -0
package/src/billing-foundation/types.ts +157 -0
package/src/billing-foundation/webhook-handler.ts +184 -0
package/src/cap-counter/__tests__/cap-counter.integration.ts +566 -0
package/src/cap-counter/__tests__/enforce-cap.test.ts +422 -0
package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts +265 -0
package/src/cap-counter/aggregate-id.ts +61 -0
package/src/cap-counter/constants.ts +32 -0
package/src/cap-counter/enforce-cap.ts +404 -0
package/src/cap-counter/entity.ts +48 -0
package/src/cap-counter/feature.ts +90 -0
package/src/cap-counter/handlers/get-counter.query.ts +43 -0
package/src/cap-counter/handlers/increment-rolling.write.ts +79 -0
package/src/cap-counter/handlers/increment.write.ts +92 -0
package/src/cap-counter/handlers/mark-soft-warned.write.ts +57 -0
package/src/cap-counter/index.ts +34 -0
package/src/cap-counter/with-cap-enforcement.ts +179 -0
package/src/channel-email/email-channel.ts +48 -0
package/src/channel-email/feature.ts +15 -0
package/src/channel-email/index.ts +4 -0
package/src/channel-email/smtp-transport.ts +65 -0
package/src/channel-email/types.ts +34 -0
package/src/channel-in-app/constants.ts +11 -0
package/src/channel-in-app/feature.ts +30 -0
package/src/channel-in-app/handlers/inbox.query.ts +28 -0
package/src/channel-in-app/handlers/mark-all-read.write.ts +21 -0
package/src/channel-in-app/handlers/mark-read.write.ts +32 -0
package/src/channel-in-app/handlers/unread-count.query.ts +20 -0
package/src/channel-in-app/in-app-channel.ts +44 -0
package/src/channel-in-app/index.ts +4 -0
package/src/channel-in-app/tables.ts +22 -0
package/src/channel-push/feature.ts +15 -0
package/src/channel-push/index.ts +3 -0
package/src/channel-push/push-channel.ts +33 -0
package/src/channel-push/types.ts +22 -0
package/src/config/__tests__/app-overrides.test.ts +118 -0
package/src/config/__tests__/config.integration.ts +1246 -0
package/src/config/constants.ts +23 -0
package/src/config/feature.ts +117 -0
package/src/config/handlers/__tests__/prepare-config-write.test.ts +209 -0
package/src/config/handlers/reset.write.ts +45 -0
package/src/config/handlers/schema.query.ts +22 -0
package/src/config/handlers/set.write.ts +93 -0
package/src/config/handlers/values.query.ts +43 -0
package/src/config/index.ts +15 -0
package/src/config/resolver.ts +283 -0
package/src/config/table.ts +35 -0
package/src/config/write-helpers.ts +268 -0
package/src/delivery/__tests__/delivery-events.integration.ts +166 -0
package/src/delivery/__tests__/delivery.integration.ts +1405 -0
package/src/delivery/constants.ts +33 -0
package/src/delivery/delivery-service.ts +489 -0
package/src/delivery/events.ts +18 -0
package/src/delivery/feature.ts +70 -0
package/src/delivery/handlers/log.query.ts +21 -0
package/src/delivery/handlers/preferences.query.ts +18 -0
package/src/delivery/handlers/set-preference.write.ts +28 -0
package/src/delivery/index.ts +35 -0
package/src/delivery/tables.ts +74 -0
package/src/delivery/testing.ts +47 -0
package/src/delivery/types.ts +71 -0
package/src/delivery/unsubscribe.ts +99 -0
package/src/delivery/upsert-preference.ts +145 -0
package/src/feature-toggles/__tests__/feature-toggles.integration.ts +687 -0
package/src/feature-toggles/constants.ts +20 -0
package/src/feature-toggles/events.ts +18 -0
package/src/feature-toggles/feature.ts +98 -0
package/src/feature-toggles/global-feature-state-table.ts +28 -0
package/src/feature-toggles/handlers/list.query.ts +26 -0
package/src/feature-toggles/handlers/registered.query.ts +56 -0
package/src/feature-toggles/handlers/set.write.ts +158 -0
package/src/feature-toggles/index.ts +9 -0
package/src/feature-toggles/toggle-runtime.ts +73 -0
package/src/file-foundation/__tests__/feature.test.ts +35 -0
package/src/file-foundation/__tests__/file-foundation.integration.ts +235 -0
package/src/file-foundation/feature.ts +123 -0
package/src/file-foundation/index.ts +7 -0
package/src/file-provider-inmemory/__tests__/feature.test.ts +35 -0
package/src/file-provider-inmemory/feature.ts +73 -0
package/src/file-provider-inmemory/index.ts +3 -0
package/src/file-provider-s3/__tests__/feature.test.ts +54 -0
package/src/file-provider-s3/feature.ts +169 -0
package/src/file-provider-s3/index.ts +3 -0
package/src/files-provider-s3/__tests__/env-helper.test.ts +161 -0
package/src/files-provider-s3/__tests__/s3-provider.integration.ts +134 -0
package/src/files-provider-s3/__tests__/s3-provider.test.ts +36 -0
package/src/files-provider-s3/env-helper.ts +49 -0
package/src/files-provider-s3/index.ts +3 -0
package/src/files-provider-s3/s3-provider.ts +114 -0
package/src/foundation-shared/config-helpers.ts +67 -0
package/src/foundation-shared/index.ts +4 -0
package/src/jobs/__tests__/job-system-user.integration.ts +194 -0
package/src/jobs/__tests__/jobs-events.integration.ts +143 -0
package/src/jobs/__tests__/jobs-feature.integration.ts +342 -0
package/src/jobs/constants.ts +21 -0
package/src/jobs/events.ts +39 -0
package/src/jobs/feature.ts +150 -0
package/src/jobs/handlers/detail.query.ts +30 -0
package/src/jobs/handlers/list.query.ts +36 -0
package/src/jobs/handlers/retry.write.ts +69 -0
package/src/jobs/handlers/trigger.write.ts +39 -0
package/src/jobs/index.ts +5 -0
package/src/jobs/job-run-logger.ts +213 -0
package/src/jobs/job-run-table.ts +55 -0
package/src/legal-pages/README.md +195 -0
package/src/legal-pages/__tests__/legal-pages.integration.ts +361 -0
package/src/legal-pages/constants.ts +36 -0
package/src/legal-pages/feature.ts +187 -0
package/src/legal-pages/index.ts +13 -0
package/src/legal-pages/markdown.ts +69 -0
package/src/mail-foundation/__tests__/feature.test.ts +46 -0
package/src/mail-foundation/__tests__/mail-foundation.integration.ts +247 -0
package/src/mail-foundation/feature.ts +160 -0
package/src/mail-foundation/index.ts +14 -0
package/src/mail-transport-inmemory/__tests__/feature.test.ts +37 -0
package/src/mail-transport-inmemory/feature.ts +90 -0
package/src/mail-transport-inmemory/index.ts +3 -0
package/src/mail-transport-smtp/__tests__/feature.test.ts +61 -0
package/src/mail-transport-smtp/feature.ts +182 -0
package/src/mail-transport-smtp/index.ts +3 -0
package/src/rate-limiting/__tests__/rate-limiting.integration.ts +84 -0
package/src/rate-limiting/constants.ts +9 -0
package/src/rate-limiting/feature.ts +16 -0
package/src/rate-limiting/handlers/status.query.ts +52 -0
package/src/rate-limiting/index.ts +2 -0
package/src/renderer-simple/__tests__/simple-renderer.test.ts +97 -0
package/src/renderer-simple/feature.ts +12 -0
package/src/renderer-simple/index.ts +2 -0
package/src/renderer-simple/simple-renderer.ts +72 -0
package/src/secrets/__tests__/rotate.integration.ts +176 -0
package/src/secrets/__tests__/secrets-events.integration.ts +125 -0
package/src/secrets/__tests__/secrets.integration.ts +118 -0
package/src/secrets/feature.ts +84 -0
package/src/secrets/handlers/delete.write.ts +20 -0
package/src/secrets/handlers/list.query.ts +38 -0
package/src/secrets/handlers/rotate.job.ts +193 -0
package/src/secrets/handlers/set.write.ts +50 -0
package/src/secrets/index.ts +16 -0
package/src/secrets/secrets-context.ts +296 -0
package/src/secrets/table.ts +68 -0
package/src/sessions/__tests__/cleanup.integration.ts +175 -0
package/src/sessions/__tests__/password-auto-revoke.integration.ts +202 -0
package/src/sessions/__tests__/sessions.integration.ts +472 -0
package/src/sessions/__tests__/test-helpers.ts +66 -0
package/src/sessions/constants.ts +43 -0
package/src/sessions/feature.ts +84 -0
package/src/sessions/handlers/cleanup.job.ts +109 -0
package/src/sessions/handlers/list.query.ts +35 -0
package/src/sessions/handlers/mine.query.ts +37 -0
package/src/sessions/handlers/revoke-all-others.write.ts +42 -0
package/src/sessions/handlers/revoke.write.ts +76 -0
package/src/sessions/index.ts +17 -0
package/src/sessions/schema/index.ts +5 -0
package/src/sessions/schema/user-session.ts +67 -0
package/src/sessions/session-callbacks.ts +110 -0
package/src/sessions/testing.ts +42 -0
package/src/subscription-mollie/__tests__/feature.test.ts +106 -0
package/src/subscription-mollie/__tests__/mollie-foundation.integration.ts +421 -0
package/src/subscription-mollie/__tests__/verify-webhook.test.ts +388 -0
package/src/subscription-mollie/constants.ts +33 -0
package/src/subscription-mollie/feature.ts +144 -0
package/src/subscription-mollie/index.ts +13 -0
package/src/subscription-mollie/plugin-methods.ts +79 -0
package/src/subscription-mollie/verify-webhook.ts +244 -0
package/src/subscription-stripe/__tests__/feature.test.ts +98 -0
package/src/subscription-stripe/__tests__/plugin-methods.test.ts +161 -0
package/src/subscription-stripe/__tests__/stripe-foundation.integration.ts +315 -0
package/src/subscription-stripe/__tests__/verify-webhook.test.ts +306 -0
package/src/subscription-stripe/constants.ts +20 -0
package/src/subscription-stripe/feature.ts +120 -0
package/src/subscription-stripe/index.ts +14 -0
package/src/subscription-stripe/plugin-methods.ts +91 -0
package/src/subscription-stripe/verify-webhook.ts +235 -0
package/src/tenant/__tests__/multi-tenant.integration.ts +278 -0
package/src/tenant/__tests__/seed-testing.integration.ts +229 -0
package/src/tenant/__tests__/tenant.integration.ts +347 -0
package/src/tenant/command-schemas.ts +37 -0
package/src/tenant/constants.ts +37 -0
package/src/tenant/feature.ts +109 -0
package/src/tenant/handlers/active-tenant-ids.query.ts +19 -0
package/src/tenant/handlers/add-member.write.ts +53 -0
package/src/tenant/handlers/cancel-invitation.write.ts +87 -0
package/src/tenant/handlers/create.write.ts +21 -0
package/src/tenant/handlers/disable.write.ts +18 -0
package/src/tenant/handlers/invitations.query.ts +31 -0
package/src/tenant/handlers/list.query.ts +17 -0
package/src/tenant/handlers/me.query.ts +17 -0
package/src/tenant/handlers/members.query.ts +22 -0
package/src/tenant/handlers/memberships.query.ts +24 -0
package/src/tenant/handlers/remove-member.write.ts +40 -0
package/src/tenant/handlers/resolve-user-ids.query.ts +43 -0
package/src/tenant/handlers/update-member-roles.write.ts +54 -0
package/src/tenant/handlers/update.write.ts +20 -0
package/src/tenant/index.ts +12 -0
package/src/tenant/invitation-table.ts +93 -0
package/src/tenant/membership-table.ts +35 -0
package/src/tenant/schema/index.ts +5 -0
package/src/tenant/schema/tenant.ts +27 -0
package/src/tenant/seeding.ts +155 -0
package/src/tenant/testing.ts +8 -0
package/src/text-content/README.md +190 -0
package/src/text-content/__tests__/text-content.integration.ts +415 -0
package/src/text-content/api.ts +92 -0
package/src/text-content/constants.ts +19 -0
package/src/text-content/feature.ts +29 -0
package/src/text-content/handlers/by-slug.query.ts +55 -0
package/src/text-content/handlers/set.write.ts +118 -0
package/src/text-content/index.ts +14 -0
package/src/text-content/seeding.ts +91 -0
package/src/text-content/table.ts +45 -0
package/src/tier-engine/__tests__/compose-app.test.ts +182 -0
package/src/tier-engine/__tests__/drift.test.ts +42 -0
package/src/tier-engine/__tests__/tier-engine.integration.ts +241 -0
package/src/tier-engine/aggregate-id.ts +27 -0
package/src/tier-engine/compose-app.ts +150 -0
package/src/tier-engine/constants.ts +15 -0
package/src/tier-engine/entity.ts +30 -0
package/src/tier-engine/feature.ts +72 -0
package/src/tier-engine/handlers/active-tier.query.ts +23 -0
package/src/tier-engine/index.ts +22 -0
package/src/user/__tests__/seed-testing.integration.ts +127 -0
package/src/user/__tests__/user.integration.ts +198 -0
package/src/user/command-schemas.ts +15 -0
package/src/user/constants.ts +23 -0
package/src/user/feature.ts +32 -0
package/src/user/handlers/create.write.ts +54 -0
package/src/user/handlers/detail.query.ts +9 -0
package/src/user/handlers/find-for-auth.query.ts +38 -0
package/src/user/handlers/list.query.ts +8 -0
package/src/user/handlers/me.query.ts +15 -0
package/src/user/handlers/update.write.ts +54 -0
package/src/user/index.ts +4 -0
package/src/user/schema/index.ts +5 -0
package/src/user/schema/user.ts +69 -0
package/src/user/seeding.ts +93 -0
package/src/user/testing.ts +5 -0

package/src/subscription-stripe/feature.ts ADDED Viewed

@@ -0,0 +1,120 @@
+// kumiko-feature-version: 1
+//
+// subscription-stripe — Stripe-Plugin für die subscription-foundation
+// Plugin-API.
+//
+// **Factory-Pattern (= createSubscriptionStripeFeature(options)):**
+// Im Gegensatz zu mail-transport-smtp / file-provider-s3 (die ihre
+// secrets aus tenant-secrets lesen) ist Stripe's webhook-secret
+// **app-wide** — App-Owner hat einen Stripe-account, alle Webhooks
+// gehen dorthin. Plugin braucht den secret beim webhook-sig-verify-
+// Zeitpunkt, der ist PRE-tenant-resolution (kein ctx).
+//
+// Lösung: factory-Funktion `createSubscriptionStripeFeature(options)`
+// liest webhook-secret + apiKey beim mount-time aus dem Caller (= App-
+// Builder's bin/server.ts der's aus process.env zieht). Closure
+// hält's für den verifyAndParseWebhook-call.
+//
+// Beispiel-Verwendung in run-config.ts:
+//
+//   import { createSubscriptionStripeFeature } from "@cosmicdrift/kumiko-bundled-features/subscription-stripe";
+//
+//   const features = [
+//     billingFoundationFeature,
+//     createSubscriptionStripeFeature({
+//       webhookSecret: process.env.STRIPE_WEBHOOK_SECRET ?? "",
+//       apiKey: process.env.STRIPE_API_KEY ?? "",
+//       priceToTier: {
+//         "price_1ABC": "pro",
+//         "price_1XYZ": "business",
+//       },
+//     }),
+//   ];
+//
+// **Pattern-Vorbild:** mirrors createFeatureTogglesFeature(options) —
+// gleiche factory-Form für features die module-load-time-Konfiguration
+// haben (analog zum FeatureToggle-runtime-holder).
+import type { SubscriptionProviderPlugin } from "@cosmicdrift/kumiko-bundled-features/billing-foundation";
+import { defineFeature, type FeatureDefinition } from "@cosmicdrift/kumiko-framework/engine";
+import Stripe from "stripe";
+import { STRIPE_PROVIDER_NAME, SUBSCRIPTION_STRIPE_FEATURE } from "./constants";
+import {
+  createStripeCancelSubscription,
+  createStripeCheckoutSession,
+  createStripePortalSession,
+} from "./plugin-methods";
+import { verifyAndParseStripeWebhook } from "./verify-webhook";
+export type SubscriptionStripeOptions = {
+  /** Webhook-secret aus dem Stripe-Dashboard. App-wide. Plugin throws
+   *  beim runtime wenn empty (= App-Owner hat sub-stripe gemountet
+   *  aber Stripe-Account nicht konfiguriert). */
+  readonly webhookSecret: string;
+  /** Stripe-API-key (sk_live_... / sk_test_...). Heute nur für
+   *  constructEvent-API-Version-Pin gebraucht; Phase 5.2b nutzt's
+   *  für outgoing-API-calls (createPortalSession etc.). */
+  readonly apiKey: string;
+  /** Price-to-tier-Mapping. Plugin liest die price-id aus Stripe-event
+   *  (subscription.items.data[0].price.id) und mappt auf einen tier-
+   *  name. Fehlt die price-id im Mapping → null (foundation 200
+   *  ignored — App-Owner-Bug, hat den Stripe-price angelegt aber
+   *  nicht zur tier zugeordnet). */
+  readonly priceToTier: Readonly<Record<string, string>>;
+};
+/**
+ * Factory für das subscription-stripe-feature. Wird mit den App-Owner-
+ * eigenen Stripe-Credentials gemountet. Der returnte FeatureDefinition
+ * registriert den Plugin gegen subscription-foundation's
+ * "subscriptionProvider"-extension-point unter entityName "stripe".
+ */
+export function createSubscriptionStripeFeature(
+  options: SubscriptionStripeOptions,
+): FeatureDefinition {
+  // Module-load-Validation: ohne webhook-secret kann der Plugin keinen
+  // single Webhook verifizieren. Throw vor dem mount damit der App-
+  // Owner nicht zur Laufzeit Mystery-401s sieht.
+  if (options.webhookSecret.length === 0) {
+    throw new Error(
+      "subscription-stripe: webhookSecret is empty. Set STRIPE_WEBHOOK_SECRET (or system-config) before mounting.",
+    );
+  }
+  if (options.apiKey.length === 0) {
+    throw new Error(
+      "subscription-stripe: apiKey is empty. Set STRIPE_API_KEY (or system-config) before mounting.",
+    );
+  }
+  // EIN Stripe-Client für alle vier plugin-methods (verify-webhook +
+  // checkout + portal + cancel). API-version-pin zentral, kein
+  // Connection-Duplikat.
+  const stripe = new Stripe(options.apiKey, { apiVersion: "2026-04-22.dahlia" });
+  const verifyAndParse = verifyAndParseStripeWebhook(stripe, {
+    webhookSecret: options.webhookSecret,
+    priceToTier: options.priceToTier,
+  });
+  const checkoutSession = createStripeCheckoutSession(stripe);
+  const portalSession = createStripePortalSession(stripe);
+  const cancel = createStripeCancelSubscription(stripe);
+  return defineFeature(SUBSCRIPTION_STRIPE_FEATURE, (r) => {
+    // Hard-deps: subscription-foundation als plugin-host. KEIN
+    // `r.requires("config", "secrets")` — der Plugin nutzt weder
+    // tenant-config noch tenant-secrets (alles app-wide via factory-
+    // options).
+    r.requires("billing-foundation");
+    // Plugin: register against subscription-foundation's
+    // "subscriptionProvider" extension. entityName "stripe" matcht den
+    // path-segment in der webhook-URL (`/api/subscription/webhook/stripe`).
+    const plugin: SubscriptionProviderPlugin = {
+      verifyAndParseWebhook: verifyAndParse,
+      createCheckoutSession: checkoutSession,
+      createPortalSession: portalSession,
+      cancelSubscription: cancel,
+    };
+    r.useExtension("subscriptionProvider", STRIPE_PROVIDER_NAME, plugin);
+  });
+}

package/src/subscription-stripe/index.ts ADDED Viewed

@@ -0,0 +1,14 @@
+// Public API of the subscription-stripe bundled-feature.
+//
+// **Internal-only** (NICHT im public-barrel — App-Builder nutzt das nie direkt):
+//   - StripeWebhookOptions / verifyAndParseStripeWebhook (intern vom
+//     feature.ts factory aufgerufen)
+//   - mapStripeEventType / mapStripeStatus (pure helpers, test-only;
+//     direct-import aus dem File wenn echt mal extern gebraucht)
+export {
+  STRIPE_PROVIDER_NAME,
+  StripeEventTypes,
+  SUBSCRIPTION_STRIPE_FEATURE,
+} from "./constants";
+export { createSubscriptionStripeFeature, type SubscriptionStripeOptions } from "./feature";

package/src/subscription-stripe/plugin-methods.ts ADDED Viewed

@@ -0,0 +1,91 @@
+// Stripe-Plugin-Methoden für die POST-tenant-resolution-Phase:
+// createCheckoutSession, createPortalSession, cancelSubscription.
+//
+// Werden vom Plugin-build (feature.ts) als methods auf dem
+// SubscriptionProviderPlugin registriert. Anders als
+// verifyAndParseWebhook (= pre-tenant) bekommen diese den vollen
+// HandlerContext (für ggf. tenant-spezifische Lookups).
+//
+// **Type-Ableitung:** die options-shapes der drei methods werden
+// **direkt vom Plugin-Contract** abgeleitet (`Parameters<NonNullable
+// <SubscriptionProviderPlugin["...method"]>>[1]`). Wenn Foundation den
+// Contract erweitert (z.B. neuer optionaler Field), bemerkt der
+// Stripe-Plugin das beim TS-Compile, nicht erst zur Laufzeit.
+import type { SubscriptionProviderPlugin } from "@cosmicdrift/kumiko-bundled-features/billing-foundation";
+import type { HandlerContext } from "@cosmicdrift/kumiko-framework/engine";
+import type Stripe from "stripe";
+// =============================================================================
+// createCheckoutSession
+// =============================================================================
+//
+// Stripe-Checkout-Session erstellen. Der hosted-page-URL wird returnt;
+// der App-Builder redirected den Tenant-Admin dorthin. Nach erfolgreichem
+// checkout sendet Stripe `customer.subscription.created` mit
+// `metadata.tenantId` zurück — das ist wie der subsequent webhook den
+// Tenant resolved.
+export type StripeCheckoutOptions = Parameters<
+  NonNullable<SubscriptionProviderPlugin["createCheckoutSession"]>
+>[1];
+export function createStripeCheckoutSession(stripe: Stripe) {
+  return async (_ctx: HandlerContext, options: StripeCheckoutOptions): Promise<{ url: string }> => {
+    const session = await stripe.checkout.sessions.create({
+      mode: "subscription",
+      line_items: [{ price: options.priceId, quantity: 1 }],
+      success_url: options.successUrl,
+      cancel_url: options.cancelUrl,
+      // metadata.tenantId landet auf der subscription die durch diese
+      // checkout-session entsteht — beim subsequent webhook lesen wir's
+      // aus subscription.metadata.tenantId zurück.
+      subscription_data: {
+        metadata: { tenantId: options.tenantId },
+      },
+      ...(options.providerCustomerId && { customer: options.providerCustomerId }),
+    });
+    if (!session.url) {
+      // Stripe garantiert url für mode: subscription. Defensive für
+      // zukünftige API-Drift.
+      throw new Error("subscription-stripe: checkout.sessions.create returned no url");
+    }
+    return { url: session.url };
+  };
+}
+// =============================================================================
+// createPortalSession
+// =============================================================================
+//
+// Stripe Customer-Portal-Session — Tenant verwaltet seine subscription
+// selbst (cancel, payment-method, invoice-history).
+export type StripePortalOptions = Parameters<
+  NonNullable<SubscriptionProviderPlugin["createPortalSession"]>
+>[1];
+export function createStripePortalSession(stripe: Stripe) {
+  return async (_ctx: HandlerContext, options: StripePortalOptions): Promise<{ url: string }> => {
+    const session = await stripe.billingPortal.sessions.create({
+      customer: options.providerCustomerId,
+      return_url: options.returnUrl,
+    });
+    return { url: session.url };
+  };
+}
+// =============================================================================
+// cancelSubscription
+// =============================================================================
+//
+// Stripe sendet danach `customer.subscription.deleted`-webhook → der
+// state-update läuft über den normalen webhook-pfad. Diese function
+// triggert nur die API-Cancellation.
+export function createStripeCancelSubscription(stripe: Stripe) {
+  return async (_ctx: HandlerContext, providerSubscriptionId: string): Promise<void> => {
+    await stripe.subscriptions.cancel(providerSubscriptionId);
+  };
+}

package/src/subscription-stripe/verify-webhook.ts ADDED Viewed

@@ -0,0 +1,235 @@
+// verifyAndParseStripeWebhook — Stripe-spezifische sig-verify +
+// event-mapping. Wird vom Plugin-Build (feature.ts) als
+// `verifyAndParseWebhook` registriert.
+//
+// **Drei Schritte:**
+//   1. Sig-verify via stripe.webhooks.constructEvent (HMAC-SHA-256
+//      gegen rawBody + Stripe-Signature-Header). Wirft bei mismatch
+//      oder älter als 5min (Replay-Protection).
+//   2. Event-type-Filter: nur die 5 event-types die wir auf
+//      SubscriptionEventTypes mappen kommen weiter; alles andere
+//      returnt null (foundation antwortet 200 ignored).
+//   3. Stripe-payload → SubscriptionEvent normalisieren
+//      (status-mapping, tenant-id aus metadata, price-to-tier-Lookup).
+//
+// **Invoice-event lazy-fetch (Phase 5.2b):**
+// Bei `invoice.paid` und `invoice.payment_failed` enthält der webhook-
+// payload nur die subscription-id (Stripe-Webhooks expanden subscription
+// nicht automatisch). Plugin macht einen lazy-fetch via
+// `stripe.subscriptions.retrieve(subId)` um an das full subscription-
+// Object für status/tier/period-end-mapping zu kommen. Bei Stripe-API-
+// failure (= subscription gelöscht zwischen webhook + retrieve)
+// returnt der Plugin defensiv null — der nächste subscription-event
+// wird den state korrekt handhaben.
+import type { SubscriptionEvent } from "@cosmicdrift/kumiko-bundled-features/billing-foundation";
+import {
+  type SubscriptionEventType,
+  SubscriptionEventTypes,
+  type SubscriptionStatus,
+  SubscriptionStatuses,
+} from "@cosmicdrift/kumiko-bundled-features/billing-foundation";
+import type Stripe from "stripe";
+import { STRIPE_PROVIDER_NAME, StripeEventTypes } from "./constants";
+// =============================================================================
+// Sig-verify + parse
+// =============================================================================
+export type StripeWebhookOptions = {
+  /** Webhook-secret aus dem Stripe-Dashboard. **App-wide**, nicht
+   *  per-tenant. Liest aus ENV-VAR oder system-config beim Plugin-
+   *  build. */
+  readonly webhookSecret: string;
+  /** Price-to-tier-Map. Plugin liest die price-id aus dem event und
+   *  mapped auf tier-name. Fehlt die price-id im Mapping → null. */
+  readonly priceToTier: Readonly<Record<string, string>>;
+};
+/**
+ * Stripe-webhook-handler. Implementiert den Plugin-Contract
+ * `verifyAndParseWebhook`. Closure über die `options` + den shared
+ * Stripe-Client (kein ctx-arg — das ist die Pre-tenant-resolution-Phase).
+ *
+ * **Shared Stripe-Client:** Der Caller (feature.ts) baut EINEN Stripe-
+ * Client beim mount und gibt ihn an alle vier plugin-methods weiter.
+ * Konstruktor-API-version-pin ist damit zentral; verify-webhook nutzt
+ * den client für `webhooks.constructEvent` (sig-verify) + lazy-fetch
+ * der invoice-events.
+ */
+export function verifyAndParseStripeWebhook(
+  stripe: Stripe,
+  options: StripeWebhookOptions,
+): (rawBody: string, headers: Record<string, string>) => Promise<SubscriptionEvent | null> {
+  return async (rawBody, headers) => {
+    const sigHeader = headers["stripe-signature"];
+    if (!sigHeader) {
+      throw new Error("subscription-stripe: stripe-signature header missing");
+    }
+    // 1. Sig-verify. constructEvent throws bei mismatch (= invalid sig)
+    //    oder timestamp-tolerance-violation (default 5min). Foundation
+    //    mapped throw → HTTP 401.
+    let event: Stripe.Event;
+    try {
+      event = stripe.webhooks.constructEvent(rawBody, sigHeader, options.webhookSecret);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      throw new Error(`subscription-stripe: webhook signature verify failed — ${msg}`);
+    }
+    // 2. Event-type-Filter — wir kennen nur 5.
+    const normalizedType = mapStripeEventType(event.type);
+    if (!normalizedType) {
+      return null; // foundation returnt 200 ignored
+    }
+    // 3. Payload-extraction. Stripe liefert je nach event.type
+    //    verschiedene data.object-shapes. Wir extrahieren die
+    //    Subscription-Daten — entweder direkt (subscription-events)
+    //    oder via lazy-fetch (invoice-events, Phase 5.2b).
+    const sub = await extractSubscriptionFromEvent(event, stripe);
+    if (!sub) {
+      // event-type war unter den 5 (oben gefiltert), aber payload-shape
+      // matched nicht — Stripe-SDK-Schema-Drift, defensive null.
+      return null;
+    }
+    // 4. Tenant-resolution aus metadata. App-Builder setzt
+    //    `metadata.tenantId` beim createCheckoutSession-call.
+    const tenantId = sub.metadata?.["tenantId"];
+    if (!tenantId || tenantId.length === 0) {
+      // Subscription ohne tenant-metadata → kann kein subscription
+      // erstellen ohne tenant-resolution. Drop the event silent
+      // (foundation 200 ignored). App-Owner-Bug, nicht foundation-Bug.
+      return null;
+    }
+    // 5. Price-to-tier-Mapping. Stripe-subscription hat items[0].price.id.
+    const priceId = sub.items.data[0]?.price.id;
+    if (!priceId) {
+      return null;
+    }
+    const tier = options.priceToTier[priceId];
+    if (!tier) {
+      // Price-id nicht im Mapping → App-Owner hat den Stripe-price
+      // angelegt aber nicht zur tier zugeordnet. Drop silent.
+      return null;
+    }
+    // 6. Status-Mapping + period-end. Stripe hat den period-end seit
+    //    2024 vom subscription-level auf item-level migriert (=
+    //    subscription.items.data[i].current_period_end). Wir lesen
+    //    das vom ersten item; multi-item-subs (Add-Ons) sind kein
+    //    Phase-5-Scope.
+    const status = mapStripeStatus(sub.status);
+    const periodEndUnixSec = sub.items.data[0]?.current_period_end ?? 0;
+    // Stripe returns Unix-seconds; Temporal.Instant.fromEpochMilliseconds
+    // expects ms. Multiply, then ISO. (No-Date-API-Guard verbietet
+    // `new Date()` — Temporal ist global verfügbar via polyfill.)
+    const currentPeriodEnd = Temporal.Instant.fromEpochMilliseconds(
+      periodEndUnixSec * 1000,
+    ).toString();
+    return {
+      providerEventId: event.id,
+      providerName: STRIPE_PROVIDER_NAME,
+      type: normalizedType,
+      tenantId,
+      providerCustomerId: typeof sub.customer === "string" ? sub.customer : sub.customer.id,
+      providerSubscriptionId: sub.id,
+      status,
+      tier,
+      currentPeriodEnd,
+      rawPayload: JSON.stringify(event),
+    };
+  };
+}
+// =============================================================================
+// Helpers
+// =============================================================================
+/** Stripe-event-type → normalisiert. null = ignore. */
+export function mapStripeEventType(stripeType: string): SubscriptionEventType | null {
+  switch (stripeType) {
+    case StripeEventTypes.customerSubscriptionCreated:
+      return SubscriptionEventTypes.created;
+    case StripeEventTypes.customerSubscriptionUpdated:
+      return SubscriptionEventTypes.updated;
+    case StripeEventTypes.customerSubscriptionDeleted:
+      return SubscriptionEventTypes.canceled;
+    case StripeEventTypes.invoicePaid:
+      return SubscriptionEventTypes.invoicePaid;
+    case StripeEventTypes.invoicePaymentFailed:
+      return SubscriptionEventTypes.invoicePaymentFailed;
+    default:
+      return null;
+  }
+}
+/** Stripe-status → normalisiert. Defensive: unbekannte Status →
+ *  incomplete (Plugin sollte das nicht erreichen, aber wir wollen
+ *  kein ungültiger status-string in der DB). */
+export function mapStripeStatus(stripeStatus: Stripe.Subscription.Status): SubscriptionStatus {
+  switch (stripeStatus) {
+    case "active":
+      return SubscriptionStatuses.active;
+    case "trialing":
+      return SubscriptionStatuses.trialing;
+    case "past_due":
+    case "unpaid":
+    case "paused":
+      return SubscriptionStatuses.pastDue;
+    case "canceled":
+      return SubscriptionStatuses.canceled;
+    case "incomplete":
+    case "incomplete_expired":
+      return SubscriptionStatuses.incomplete;
+    default:
+      return SubscriptionStatuses.incomplete;
+  }
+}
+/** Holt die Subscription aus dem Event. Subscription-events haben sie
+ *  direkt im data.object; invoice-events haben nur die subscription-id
+ *  und brauchen einen lazy-fetch via stripe.subscriptions.retrieve
+ *  (Phase 5.2b). */
+async function extractSubscriptionFromEvent(
+  event: Stripe.Event,
+  stripe: Stripe,
+): Promise<Stripe.Subscription | null> {
+  switch (event.type) {
+    case StripeEventTypes.customerSubscriptionCreated:
+    case StripeEventTypes.customerSubscriptionUpdated:
+    case StripeEventTypes.customerSubscriptionDeleted:
+      return event.data.object as Stripe.Subscription;
+    case StripeEventTypes.invoicePaid:
+    case StripeEventTypes.invoicePaymentFailed: {
+      // Lazy-fetch der subscription. invoice.subscription ist eine
+      // string-id (Stripe-Webhooks expanden nicht auto). Wir holen das
+      // full subscription-Object damit der downstream-mapping
+      // (status, tier via priceId, period-end) konsistent funktioniert.
+      const invoice = event.data.object as Stripe.Invoice;
+      const subRef = (invoice as { subscription?: string | Stripe.Subscription | null })
+        .subscription;
+      if (!subRef) {
+        // Invoice ohne subscription-reference (= one-shot-invoice, nicht
+        // recurring). Nicht unsere Domain — ignorieren.
+        return null;
+      }
+      const subId = typeof subRef === "string" ? subRef : subRef.id;
+      try {
+        return await stripe.subscriptions.retrieve(subId);
+      } catch {
+        // Stripe-API-failure beim retrieve (z.B. subscription gelöscht
+        // zwischen webhook + retrieve). Defensive: null returnen, damit
+        // foundation 200 ignored returnt — der nächste subscription-
+        // event wird's korrekt handhaben.
+        return null;
+      }
+    }
+    default:
+      return null;
+  }
+}