@cosmicdrift/kumiko-bundled-features 0.35.0 → 0.38.0

package/src/custom-fields/wire-user-data-rights.ts

@@ -1,5 +1,6 @@
 // T1.5c — user-data-rights wiring for custom-fields.
 
+import { extractTableName } from "@cosmicdrift/kumiko-framework/db";
 import type { UserDataDeleteHook, UserDataExportHook } from "@cosmicdrift/kumiko-framework/engine";
 import { EXT_USER_DATA, type FeatureRegistrar } from "@cosmicdrift/kumiko-framework/engine";
 import {
@@ -7,16 +8,7 @@ import {
   selectFieldDefinitionsForEntity,
   stripSensitiveCustomFieldKeys,
 } from "./db/queries/user-data-rights";
-import { parseSerializedField } from "./lib/parse-serialized-field";
-
-const KUMIKO_NAME_SYMBOL = Symbol.for("kumiko:schema:Name");
-function getTableName(table: unknown): string {
-  if (typeof table === "object" && table !== null) {
-    const sym = (table as Record<symbol, unknown>)[KUMIKO_NAME_SYMBOL];
-    if (typeof sym === "string") return sym;
-  }
-  throw new Error("wire-user-data-rights: table missing kumiko:schema:Name symbol");
-}
+import { isFieldDefinitionRow, parseSerializedField } from "./lib/parse-serialized-field";
 
 export interface WireCustomFieldsUserDataRightsOptions {
   readonly entityName: string;
@@ -52,7 +44,7 @@ export function wireCustomFieldsUserDataRightsFor<TReg extends FeatureRegistrar<
   r: TReg,
   opts: WireCustomFieldsUserDataRightsOptions,
 ): void {
-  const tableName = getTableName(opts.entityTable);
+  const tableName = extractTableName(opts.entityTable, "custom-fields/wire-user-data-rights");
 
   const exportHook: UserDataExportHook = async (ctx) => {
     const rows = await selectCustomFieldsHostRows(
@@ -100,17 +92,6 @@ export function wireCustomFieldsUserDataRightsFor<TReg extends FeatureRegistrar<
   });
 }
 
-interface FieldDefinitionRow {
-  readonly field_key: string;
-  readonly serialized_field: unknown;
-}
-
-function isFieldDefinitionRow(value: unknown): value is FieldDefinitionRow {
-  if (!value || typeof value !== "object") return false;
-  if (!("field_key" in value)) return false;
-  return typeof value.field_key === "string";
-}
-
 async function loadSensitiveFieldKeys(
   db: Parameters<UserDataExportHook>[0]["db"],
   tenantId: string,

package/src/data-retention/__tests__/data-retention.integration.test.ts

@@ -36,11 +36,11 @@ describe("data-retention :: feature-definition smoke", () => {
   });
 
   test("tenantRetentionOverride-Entity ist registriert", () => {
-    expect(feature.entities["tenant-retention-override"]).toBeDefined();
+    expect(feature.entities?.["tenant-retention-override"]).toBeDefined();
   });
 
   test("Entity-Definition hat UNIQUE(tenantId, entityName) als 1:1-Constraint", () => {
-    const entity = feature.entities["tenant-retention-override"];
+    const entity = feature.entities?.["tenant-retention-override"];
     const indexes = entity?.indexes ?? [];
     const uniqueIndex = indexes.find((i) => i.unique === true);
     expect(uniqueIndex).toBeDefined();

package/src/file-foundation/feature.ts

@@ -85,6 +85,12 @@ export type FileProviderPlugin = {
   readonly build: (ctx: FileProviderContext, tenantId: string) => Promise<FileStorageProvider>;
 };
 
+// extension-usage `options` is engine-payload (unknown) — structurally validate
+// instead of casting blind.
+export function isFileProviderPlugin(o: unknown): o is FileProviderPlugin {
+  return typeof o === "object" && o !== null && "build" in o && typeof o.build === "function";
+}
+
 // =============================================================================
 // Feature-definition
 // =============================================================================
@@ -163,7 +169,11 @@ export async function createFileProviderForTenant(
     );
   }
 
-  // @cast-boundary engine-payload — extension-usage carries unknown options
-  const plugin = usage.options as FileProviderPlugin;
-  return plugin.build(ctx, tenantId);
+  if (!isFileProviderPlugin(usage.options)) {
+    throw new Error(
+      `${FEATURE_NAME}: provider "${provider}" registered without a build() — ` +
+        `extension options must be a FileProviderPlugin.`,
+    );
+  }
+  return usage.options.build(ctx, tenantId);
 }

package/src/file-foundation/index.ts

@@ -5,4 +5,5 @@ export {
   type FileProviderContext,
   type FileProviderPlugin,
   fileFoundationFeature,
+  isFileProviderPlugin,
 } from "./feature";

package/src/file-provider-inmemory/__tests__/feature.test.ts

@@ -1,7 +1,10 @@
 // feature.ts contract tests for file-provider-inmemory.
 
 import { describe, expect, test } from "bun:test";
-import type { FileProviderPlugin } from "@cosmicdrift/kumiko-bundled-features/file-foundation";
+import {
+  type FileProviderPlugin,
+  isFileProviderPlugin,
+} from "@cosmicdrift/kumiko-bundled-features/file-foundation";
 import { clearStorage, fileProviderInMemoryFeature, listKeys } from "../feature";
 
 describe("fileProviderInMemoryFeature — shape", () => {
@@ -35,12 +38,6 @@ describe("listKeys / clearStorage — per-tenant store helpers", () => {
   });
 });
 
-// extension-usage `options` is engine-payload (unknown) — structurally validate
-// instead of casting blind.
-function isFileProviderPlugin(o: unknown): o is FileProviderPlugin {
-  return typeof o === "object" && o !== null && "build" in o && typeof o.build === "function";
-}
-
 function inmemoryPlugin(): FileProviderPlugin {
   const options = fileProviderInMemoryFeature.extensionUsages.find(
     (u) => u.extensionName === "fileProvider" && u.entityName === "inmemory",

package/src/file-provider-s3/__tests__/feature.test.ts

@@ -1,7 +1,10 @@
 // feature.ts contract tests for file-provider-s3.
 
 import { describe, expect, test } from "bun:test";
-import type { FileProviderPlugin } from "@cosmicdrift/kumiko-bundled-features/file-foundation";
+import {
+  type FileProviderPlugin,
+  isFileProviderPlugin,
+} from "@cosmicdrift/kumiko-bundled-features/file-foundation";
 import { fileProviderS3Feature, S3_SECRET_ACCESS_KEY } from "../feature";
 
 describe("fileProviderS3Feature — shape", () => {
@@ -54,11 +57,6 @@ describe("fileProviderS3Feature — plugin-registration", () => {
   });
 });
 
-// extension-usage `options` is engine-payload (unknown) — structurally validate.
-function isFileProviderPlugin(o: unknown): o is FileProviderPlugin {
-  return typeof o === "object" && o !== null && "build" in o && typeof o.build === "function";
-}
-
 function s3Plugin(): FileProviderPlugin {
   const options = fileProviderS3Feature.extensionUsages.find(
     (u) => u.extensionName === "fileProvider" && u.entityName === "s3",

package/src/files/README.md

@@ -46,5 +46,5 @@ Sprint 4).
 
 ## Tests
 
-`__tests__/files.integration.ts` — 5 Tests die beweisen dass die Feature-
+`__tests__/files.integration.test.ts` — 5 Tests die beweisen dass die Feature-
 Definition clean lädt + die PII-Markers + Tabellenname stimmen.

package/src/legal-pages/markdown.ts

@@ -1,3 +1,4 @@
+import { escapeHtml, escapeHtmlAttr } from "@cosmicdrift/kumiko-headless";
 import { Marked } from "marked";
 
 // Markdown→HTML mit eigener `marked`-Instance. GFM aus, breaks aus —
@@ -54,16 +55,3 @@ ${opts.bodyHtml}
 </body>
 </html>`;
 }
-
-function escapeHtml(s: string): string {
-  return s
-    .replace(/&/g, "&amp;")
-    .replace(/</g, "&lt;")
-    .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;")
-    .replace(/'/g, "&#39;");
-}
-
-function escapeHtmlAttr(s: string): string {
-  return escapeHtml(s);
-}

package/src/renderer-simple/simple-renderer.ts

@@ -1,3 +1,4 @@
+import { escapeHtml } from "@cosmicdrift/kumiko-headless";
 import type { NotificationRenderer } from "../delivery";
 
 type Section =
@@ -14,14 +15,6 @@ type EmailTemplateData = {
   readonly body?: string;
 };
 
-function escapeHtml(str: string): string {
-  return str
-    .replace(/&/g, "&")
-    .replace(/</g, "&lt;")
-    .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;");
-}
-
 function renderSection(section: Section): string {
   if ("text" in section) {
     return `<p style="margin:0 0 16px;color:#333;font-size:14px;line-height:1.5">${escapeHtml(section.text)}</p>`;

package/src/subscription-stripe/feature.ts

@@ -65,8 +65,11 @@ export const subscriptionStripeEnvSchema = z.object({
     .meta({ kumiko: { pulumi: { secret: true } } }),
   STRIPE_API_KEY: z
     .string()
-    .regex(/^sk_(test|live)_/, "STRIPE_API_KEY must start with 'sk_test_' or 'sk_live_'")
-    .describe("Stripe API key (`sk_live_...` / `sk_test_...`).")
+    .regex(
+      /^(sk|rk)_(test|live)_/,
+      "STRIPE_API_KEY must start with 'sk_test_'/'sk_live_' or a restricted 'rk_test_'/'rk_live_' key",
+    )
+    .describe("Stripe API key (`sk_live_...` / `sk_test_...`, restricted `rk_...` keys allowed).")
     .meta({ kumiko: { pulumi: { secret: true } } }),
 });
 

package/src/template-resolver/feature.ts

@@ -1,8 +1,7 @@
 import { defineFeature } from "@cosmicdrift/kumiko-framework/engine";
-import { archiveWrite } from "./handlers/archive.write";
 import { findByIdQuery } from "./handlers/find-by-id.query";
 import { listQuery } from "./handlers/list.query";
-import { publishWrite } from "./handlers/publish.write";
+import { archiveWrite, publishWrite } from "./handlers/toggle-status.write";
 import { upsertSystemWrite } from "./handlers/upsert-system.write";
 import { upsertTenantWrite } from "./handlers/upsert-tenant.write";
 import { templateResourceEntity } from "./table";

package/src/template-resolver/handlers/list.query.ts

@@ -1,5 +1,5 @@
 import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
-import { defineQueryHandler, SYSTEM_TENANT_ID } from "@cosmicdrift/kumiko-framework/engine";
+import { defineQueryHandler } from "@cosmicdrift/kumiko-framework/engine";
 import { z } from "zod";
 import { RENDER_KINDS, TEMPLATE_STATUSES } from "../constants";
 import { type TemplateResourceRow, templateResourcesTable } from "../table";
@@ -17,14 +17,13 @@ export const listQuery = defineQueryHandler({
   }),
   access: { roles: ["TenantAdmin", "SystemAdmin", "User"] },
   handler: async (query, ctx) => {
-    const isSystemAdmin = query.user.roles.includes("SystemAdmin");
     const where: Record<string, unknown> = {};
 
-    // TenantDb scopes non-SystemAdmin reads to [own tenant, SYSTEM reference] and
-    // refuses a caller-narrowed where.tenantId (enforced isolation). SystemAdmin
-    // uses a system-scoped db that sees every tenant, so narrow to own explicitly
-    // when they don't want the cross-tenant view.
-    if (isSystemAdmin && !query.payload.includeSystem) {
+    // includeSystem=false narrows to own tenant AT THE DB — for non-SystemAdmin
+    // TenantDb permits narrowing within its enforced [own, SYSTEM] scope, for
+    // SystemAdmin (system-scoped db) the where applies verbatim. Filtering at
+    // the DB keeps the limit meaningful (no post-filter starvation).
+    if (!query.payload.includeSystem) {
       where["tenantId"] = query.user.tenantId;
     }
 
@@ -44,13 +43,7 @@ export const listQuery = defineQueryHandler({
       limit: 500,
     })) as TemplateResourceRow[];
 
-    // TenantDb always surfaces SYSTEM reference rows alongside the tenant's own;
-    // includeSystem=false drops them here since they can't be excluded at the DB.
-    const visible = query.payload.includeSystem
-      ? rows
-      : rows.filter((row) => row.tenantId !== SYSTEM_TENANT_ID);
-
-    return visible.map((row) => ({
+    return rows.map((row) => ({
       id: String(row.id),
       tenantId: row.tenantId,
       slug: row.slug,

package/src/template-resolver/handlers/toggle-status.write.ts

@@ -0,0 +1,37 @@
+import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
+import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
+import { NotFoundError, writeFailure } from "@cosmicdrift/kumiko-framework/errors";
+import { z } from "zod";
+import type { TemplateResourceRow } from "../table";
+import { templateResourcesTable } from "../table";
+import { executor } from "./shared";
+
+type TemplateStatus = "active" | "archived";
+
+function createStatusUpdateHandler(name: string, status: TemplateStatus) {
+  return defineWriteHandler({
+    name,
+    schema: z.object({ id: z.string().min(1) }),
+    access: { roles: ["TenantAdmin", "SystemAdmin"] },
+    handler: async (event, ctx) => {
+      // ctx.db is tenant-scoped: a foreign tenant's id reads as absent → NotFound.
+      // Cross-tenant toggling needs SystemAdmin with tenantIdOverride.
+      const existing = await fetchOne<TemplateResourceRow>(ctx.db, templateResourcesTable, {
+        id: event.payload.id,
+      });
+      if (!existing) {
+        return writeFailure(new NotFoundError("template-resource", event.payload.id));
+      }
+      const result = await executor.update(
+        { id: existing.id, version: existing.version, changes: { status } },
+        event.user,
+        ctx.db,
+      );
+      if (!result.isSuccess) return result;
+      return { isSuccess: true as const, data: { id: String(existing.id), status } };
+    },
+  });
+}
+
+export const archiveWrite = createStatusUpdateHandler("archive", "archived");
+export const publishWrite = createStatusUpdateHandler("publish", "active");

package/src/tenant/command-schemas.ts

@@ -22,8 +22,8 @@
 
 import { addMemberWrite } from "./handlers/add-member.write";
 import { createWrite } from "./handlers/create.write";
-import { disableWrite } from "./handlers/disable.write";
 import { removeMemberWrite } from "./handlers/remove-member.write";
+import { disableWrite } from "./handlers/toggle-enabled.write";
 import { updateWrite } from "./handlers/update.write";
 import { updateMemberRolesWrite } from "./handlers/update-member-roles.write";
 

package/src/tenant/feature.ts

@@ -9,8 +9,6 @@ import { activeTenantIdsQuery } from "./handlers/active-tenant-ids.query";
 import { addMemberWrite } from "./handlers/add-member.write";
 import { cancelInvitationWrite } from "./handlers/cancel-invitation.write";
 import { createWrite } from "./handlers/create.write";
-import { disableWrite } from "./handlers/disable.write";
-import { enableWrite } from "./handlers/enable.write";
 import { invitationsQuery } from "./handlers/invitations.query";
 import { listQuery } from "./handlers/list.query";
 import { meQuery } from "./handlers/me.query";
@@ -18,6 +16,7 @@ import { membersQuery } from "./handlers/members.query";
 import { membershipsQuery } from "./handlers/memberships.query";
 import { removeMemberWrite } from "./handlers/remove-member.write";
 import { resolveUserIdsQuery } from "./handlers/resolve-user-ids.query";
+import { disableWrite, enableWrite } from "./handlers/toggle-enabled.write";
 import { updateWrite } from "./handlers/update.write";
 import { updateMemberRolesWrite } from "./handlers/update-member-roles.write";
 import { tenantInvitationEntity } from "./invitation-table";

package/src/tenant/handlers/toggle-enabled.write.ts

@@ -0,0 +1,23 @@
+import { createEventStoreExecutor } from "@cosmicdrift/kumiko-framework/db";
+import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
+import { z } from "zod";
+import { tenantEntity, tenantTable } from "../schema/tenant";
+
+const crud = createEventStoreExecutor(tenantTable, tenantEntity, { entityName: "tenant" });
+
+// Admin flip: last-writer-wins is fine. SystemAdmin is the only caller and
+// there's no meaningful concurrent-edit race on this single boolean.
+function createToggleTenantHandler(enable: boolean) {
+  return defineWriteHandler({
+    name: enable ? "enable" : "disable",
+    schema: z.object({ id: z.uuid() }),
+    access: { roles: ["SystemAdmin"] },
+    handler: async (event, ctx) =>
+      crud.update({ id: event.payload.id, changes: { isEnabled: enable } }, event.user, ctx.db, {
+        skipOptimisticLock: true,
+      }),
+  });
+}
+
+export const enableWrite = createToggleTenantHandler(true);
+export const disableWrite = createToggleTenantHandler(false);

package/src/user-data-rights/README.md

@@ -90,15 +90,15 @@ weglassen wenn er Custom-Hooks registrieren will.
 
 | Datei | Pinst |
 |-------|-------|
-| `audit-log.integration.ts` | Cross-User-Isolation, Account-weite Sicht, eventType-Filter, Admin-only operator-query, download-attempt 90d-retention |
-| `cross-data-matrix.integration.ts` | 3-Provider-Pipeline (user + fileRef + custom-domain), Cross-Tenant Forget mit user-anonymize, Other-User-Isolation |
-| `download.integration.ts` | HTTP-e2e via `r.httpRoute`: Magic-Link, multi-use, expired, failed-job, storage-cleared, cross-tenant-same-user, malicious-filename |
-| `request-export.integration.ts` | Idempotency, active-job-constraint, cross-tenant-anyMember-userId-pattern |
-| `request-deletion-callback.integration.ts` + `request-cancel-deletion.integration.ts` | Grace + Cancel-Pfad + Email-Callback best-effort |
-| `restriction-flow.integration.ts` | Status-Flip + Auth-Middleware-Block + Lift |
-| `run-{export-jobs,forget-cleanup,user-export}.integration.ts` | Worker-Logic + Idempotency + Email-Callbacks |
+| `audit-log.integration.test.ts` | Cross-User-Isolation, Account-weite Sicht, eventType-Filter, Admin-only operator-query, download-attempt 90d-retention |
+| `cross-data-matrix.integration.test.ts` | 3-Provider-Pipeline (user + fileRef + custom-domain), Cross-Tenant Forget mit user-anonymize, Other-User-Isolation |
+| `download.integration.test.ts` | HTTP-e2e via `r.httpRoute`: Magic-Link, multi-use, expired, failed-job, storage-cleared, cross-tenant-same-user, malicious-filename |
+| `request-export.integration.test.ts` | Idempotency, active-job-constraint, cross-tenant-anyMember-userId-pattern |
+| `request-deletion-callback.integration.test.ts` + `request-cancel-deletion.integration.test.ts` | Grace + Cancel-Pfad + Email-Callback best-effort |
+| `restriction-flow.integration.test.ts` | Status-Flip + Auth-Middleware-Block + Lift |
+| `run-{export-jobs,forget-cleanup,user-export}.integration.test.ts` | Worker-Logic + Idempotency + Email-Callbacks |
 | `policy-to-strategy.test.ts` | Retention.strategy → UserDataDeleteStrategy mapping |
-| `user-data-rights.integration.ts` | Boot-Smoke + Feature-Meta |
+| `user-data-rights.integration.test.ts` | Boot-Smoke + Feature-Meta |
 | `token-helpers.test.ts` + `zip-path.test.ts` | Token-Hashing + Path-Traversal-Schutz |
 | `export-job-{idempotency,schema}.test.ts` | Active-job-uniqueness + Schema-Constraints |
 

package/src/template-resolver/handlers/archive.write.ts

@@ -1,39 +0,0 @@
-import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
-import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { NotFoundError, writeFailure } from "@cosmicdrift/kumiko-framework/errors";
-import { z } from "zod";
-import type { TemplateResourceRow } from "../table";
-import { templateResourcesTable } from "../table";
-import { executor } from "./shared";
-
-// Setzt einen Template-Eintrag auf status='archived'. Resolver liefert
-// archivierte Templates nicht zurück — sie bleiben aber als Audit-Trail
-// in der DB (kein physisches Delete). Reaktivierung via publish.
-export const archiveWrite = defineWriteHandler({
-  name: "archive",
-  schema: z.object({ id: z.string().min(1) }),
-  access: { roles: ["TenantAdmin", "SystemAdmin"] },
-  handler: async (event, ctx) => {
-    const existing = await fetchOne<TemplateResourceRow>(ctx.db, templateResourcesTable, {
-      id: event.payload.id,
-    });
-    // ctx.db ist via createTenantDb tenant-scoped — existing ist null wenn
-    // das Template einem fremden Tenant gehört (SystemAdmin-Cross-Tenant
-    // braucht tenantIdOverride im Schema, M2-Erweiterung).
-    if (!existing) {
-      return writeFailure(new NotFoundError("template-resource", event.payload.id));
-    }
-
-    const result = await executor.update(
-      {
-        id: existing.id,
-        version: existing.version,
-        changes: { status: "archived" as const },
-      },
-      event.user,
-      ctx.db,
-    );
-    if (!result.isSuccess) return result;
-    return { isSuccess: true as const, data: { id: String(existing.id), status: "archived" } };
-  },
-});

package/src/template-resolver/handlers/publish.write.ts

@@ -1,42 +0,0 @@
-import { fetchOne } from "@cosmicdrift/kumiko-framework/bun-db";
-import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { NotFoundError, writeFailure } from "@cosmicdrift/kumiko-framework/errors";
-import { z } from "zod";
-import type { TemplateResourceRow } from "../table";
-import { templateResourcesTable } from "../table";
-import { executor } from "./shared";
-
-// Setzt einen Template-Eintrag auf status='active'. Typischer Workflow:
-// User editiert ein Draft, ist zufrieden, drückt Publish.
-//
-// Tenant-Isolation: Template muss zum event.user.tenantId gehören
-// (oder zu SYSTEM_TENANT wenn SystemAdmin). Cross-Tenant-Publish-
-// Versuche → NotFound (Pattern aus row-level-security).
-export const publishWrite = defineWriteHandler({
-  name: "publish",
-  schema: z.object({ id: z.string().min(1) }),
-  access: { roles: ["TenantAdmin", "SystemAdmin"] },
-  handler: async (event, ctx) => {
-    const existing = await fetchOne<TemplateResourceRow>(ctx.db, templateResourcesTable, {
-      id: event.payload.id,
-    });
-    // ctx.db ist via createTenantDb tenant-scoped — existing ist null wenn
-    // das Template einem fremden Tenant gehört (SystemAdmin-Cross-Tenant
-    // braucht tenantIdOverride im Schema, M2-Erweiterung).
-    if (!existing) {
-      return writeFailure(new NotFoundError("template-resource", event.payload.id));
-    }
-
-    const result = await executor.update(
-      {
-        id: existing.id,
-        version: existing.version,
-        changes: { status: "active" as const },
-      },
-      event.user,
-      ctx.db,
-    );
-    if (!result.isSuccess) return result;
-    return { isSuccess: true as const, data: { id: String(existing.id), status: "active" } };
-  },
-});

package/src/tenant/handlers/disable.write.ts

@@ -1,18 +0,0 @@
-import { createEventStoreExecutor } from "@cosmicdrift/kumiko-framework/db";
-import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { z } from "zod";
-import { tenantEntity, tenantTable } from "../schema/tenant";
-
-const crud = createEventStoreExecutor(tenantTable, tenantEntity, { entityName: "tenant" });
-
-export const disableWrite = defineWriteHandler({
-  name: "disable",
-  schema: z.object({ id: z.uuid() }),
-  access: { roles: ["SystemAdmin"] },
-  // Admin flip: last-writer-wins is fine. SystemAdmin is the only caller and
-  // there's no meaningful concurrent-edit race on this single boolean.
-  handler: async (event, ctx) =>
-    crud.update({ id: event.payload.id, changes: { isEnabled: false } }, event.user, ctx.db, {
-      skipOptimisticLock: true,
-    }),
-});

package/src/tenant/handlers/enable.write.ts

@@ -1,20 +0,0 @@
-import { createEventStoreExecutor } from "@cosmicdrift/kumiko-framework/db";
-import { defineWriteHandler } from "@cosmicdrift/kumiko-framework/engine";
-import { z } from "zod";
-import { tenantEntity, tenantTable } from "../schema/tenant";
-
-const crud = createEventStoreExecutor(tenantTable, tenantEntity, { entityName: "tenant" });
-
-// Recovery-Gegenstück zu disable — ohne enable wäre ein Fehlklick des
-// Operators nur per Event-Hack reversibel.
-export const enableWrite = defineWriteHandler({
-  name: "enable",
-  schema: z.object({ id: z.uuid() }),
-  access: { roles: ["SystemAdmin"] },
-  // Admin flip: last-writer-wins is fine. SystemAdmin is the only caller and
-  // there's no meaningful concurrent-edit race on this single boolean.
-  handler: async (event, ctx) =>
-    crud.update({ id: event.payload.id, changes: { isEnabled: true } }, event.user, ctx.db, {
-      skipOptimisticLock: true,
-    }),
-});