@ezcoder.dev/sdk 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/{DatabaseProvider-DalP-KHC.d.ts → DatabaseProvider-DaBP5XUs.d.ts} +16 -2
  2. package/dist/analytics/index.js +7 -5
  3. package/dist/analytics/index.js.map +1 -1
  4. package/dist/auth/index.d.ts +1 -0
  5. package/dist/auth/index.js +25 -6
  6. package/dist/auth/index.js.map +1 -1
  7. package/dist/chunk-CQKYANAW.js +44 -0
  8. package/dist/chunk-CQKYANAW.js.map +1 -0
  9. package/dist/{chunk-GPF4AYNG.js → chunk-HJ2EIZ4S.js} +2 -2
  10. package/dist/{chunk-2WG4O4J2.js → chunk-I2YGB7Z6.js} +14 -50
  11. package/dist/chunk-I2YGB7Z6.js.map +1 -0
  12. package/dist/chunk-LIUE7M7K.js +72 -0
  13. package/dist/chunk-LIUE7M7K.js.map +1 -0
  14. package/dist/{chunk-AWU47M6N.js → chunk-QHB7LGCA.js} +91 -8
  15. package/dist/chunk-QHB7LGCA.js.map +1 -0
  16. package/dist/{chunk-7VGYFCQC.js → chunk-TQC4ROTL.js} +110 -7
  17. package/dist/chunk-TQC4ROTL.js.map +1 -0
  18. package/dist/cms/index.js +4 -2
  19. package/dist/cms/index.js.map +1 -1
  20. package/dist/cron/index.d.ts +17 -0
  21. package/dist/cron/index.js +26 -12
  22. package/dist/cron/index.js.map +1 -1
  23. package/dist/database/index.d.ts +1 -1
  24. package/dist/database/index.js +4 -3
  25. package/dist/email/index.d.ts +18 -0
  26. package/dist/email/index.js +27 -12
  27. package/dist/email/index.js.map +1 -1
  28. package/dist/index.d.ts +168 -2
  29. package/dist/index.js +263 -7
  30. package/dist/index.js.map +1 -1
  31. package/dist/notifications/index.d.ts +27 -2
  32. package/dist/notifications/index.js +53 -18
  33. package/dist/notifications/index.js.map +1 -1
  34. package/dist/payments/index.js +6 -4
  35. package/dist/payments/index.js.map +1 -1
  36. package/dist/roles/index.js +6 -4
  37. package/dist/roles/index.js.map +1 -1
  38. package/dist/storage/index.js +7 -5
  39. package/dist/storage/index.js.map +1 -1
  40. package/package.json +148 -120
  41. package/dist/chunk-2WG4O4J2.js.map +0 -1
  42. package/dist/chunk-7VGYFCQC.js.map +0 -1
  43. package/dist/chunk-AWU47M6N.js.map +0 -1
  44. /package/dist/{chunk-GPF4AYNG.js.map → chunk-HJ2EIZ4S.js.map} +0 -0
package/dist/index.js CHANGED
@@ -2,21 +2,276 @@ import {
2
2
  DatabaseClient,
3
3
  DatabaseProvider,
4
4
  useDatabase
5
- } from "./chunk-7VGYFCQC.js";
5
+ } from "./chunk-TQC4ROTL.js";
6
6
  import {
7
7
  ezcoder,
8
8
  ezcoderAuthIntegration
9
- } from "./chunk-GPF4AYNG.js";
9
+ } from "./chunk-HJ2EIZ4S.js";
10
10
  import {
11
- env,
12
- features,
13
- isFeatureConfigured,
14
11
  isSupabaseConfigured,
15
12
  supabase
16
- } from "./chunk-2WG4O4J2.js";
13
+ } from "./chunk-I2YGB7Z6.js";
14
+ import {
15
+ env,
16
+ features,
17
+ isFeatureConfigured
18
+ } from "./chunk-LIUE7M7K.js";
19
+
20
+ // src/manifest-consumer.ts
21
+ var manifestCache = /* @__PURE__ */ new Map();
22
+ var inflightLoads = /* @__PURE__ */ new Map();
23
+ var PERMISSIVE_DEFAULT_MODULES = Object.freeze({
24
+ auth: true,
25
+ storage: true,
26
+ payments: true,
27
+ email: true,
28
+ cron: true,
29
+ database: true,
30
+ notifications: true
31
+ });
32
+ var EzCoderManifest = class _EzCoderManifest {
33
+ constructor(manifest, source) {
34
+ this.manifest = manifest;
35
+ this.source = source;
36
+ }
37
+ /**
38
+ * Fetch the manifest at runtime from the platform API. Returns a
39
+ * cached instance for the lifetime of the page; concurrent callers share
40
+ * a single in-flight fetch. Falls back to a permissive (all-modules-on)
41
+ * instance on any error.
42
+ */
43
+ static async load() {
44
+ const projectId = env.EZC_PROJECT_ID;
45
+ const apiUrl = env.EZCODER_API_URL;
46
+ const publicToken = readPublicToken();
47
+ if (!projectId || !apiUrl) {
48
+ return new _EzCoderManifest(null, "fallback");
49
+ }
50
+ const cacheKey = `${projectId}::${apiUrl}`;
51
+ const cached = manifestCache.get(cacheKey);
52
+ if (cached) return cached;
53
+ const inflight = inflightLoads.get(cacheKey);
54
+ if (inflight) return inflight;
55
+ const loadPromise = fetchManifest(apiUrl, publicToken).then((m) => {
56
+ const instance = new _EzCoderManifest(m, "runtime");
57
+ manifestCache.set(cacheKey, instance);
58
+ return instance;
59
+ }).catch((err) => {
60
+ const message = err instanceof Error ? err.message : "unknown";
61
+ if (typeof console !== "undefined") {
62
+ console.warn(`[EzCoder SDK] manifest fetch failed (${message}); falling back to permissive mode.`);
63
+ }
64
+ const fallback = new _EzCoderManifest(null, "fallback");
65
+ manifestCache.set(cacheKey, fallback);
66
+ return fallback;
67
+ }).finally(() => {
68
+ inflightLoads.delete(cacheKey);
69
+ });
70
+ inflightLoads.set(cacheKey, loadPromise);
71
+ return loadPromise;
72
+ }
73
+ /**
74
+ * Read a manifest written by the build-time codegen step (see
75
+ * scripts/fetch-build-manifest.js). Used by SSG callers that want to
76
+ * avoid a runtime network round-trip. Returns null when no build-time
77
+ * manifest is present — callers should fall back to `load()`.
78
+ *
79
+ * Implementation note: we deliberately avoid a static `import` because
80
+ * (a) the file may not exist, which would be a hard module-resolution
81
+ * error, and (b) browser bundles must not pull in the JSON. We probe
82
+ * `process` to detect Node, then read the file from disk via the eval'd
83
+ * dynamic require — the eval indirection keeps bundlers from following
84
+ * the path at build time.
85
+ */
86
+ static loadFromBuildOutput() {
87
+ try {
88
+ if (typeof process === "undefined" || !process.versions?.node) {
89
+ return null;
90
+ }
91
+ const getRequire = new Function(
92
+ 'return typeof require === "function" ? require : null;'
93
+ );
94
+ const dynamicRequire = getRequire();
95
+ if (!dynamicRequire) return null;
96
+ const fs = dynamicRequire("fs");
97
+ const path = dynamicRequire("path");
98
+ const cwd = process.cwd();
99
+ const full = path.resolve(cwd, "node_modules", ".ezcoder", "manifest.json");
100
+ const raw = fs.readFileSync(full, "utf8");
101
+ const payload = JSON.parse(raw);
102
+ const parsed = parseManifestPayload(payload);
103
+ if (!parsed) return null;
104
+ return new _EzCoderManifest(parsed, "build");
105
+ } catch {
106
+ return null;
107
+ }
108
+ }
109
+ /**
110
+ * Returns the boolean enablement map for each SDK module. When no
111
+ * manifest is loaded, returns the permissive default (everything on) so
112
+ * legacy behaviour is preserved.
113
+ */
114
+ getRequiredModules() {
115
+ if (!this.manifest) {
116
+ return { ...PERMISSIVE_DEFAULT_MODULES };
117
+ }
118
+ const sr = this.manifest.service_requirements;
119
+ return {
120
+ auth: Boolean(sr.auth),
121
+ storage: Boolean(sr.storage),
122
+ payments: Boolean(sr.payments),
123
+ email: Boolean(sr.email),
124
+ cron: Boolean(sr.cron),
125
+ database: Boolean(sr.database),
126
+ // notifications is not in service_requirements v0; derive from email
127
+ // OR auth so the existing notifications module behaves sensibly.
128
+ notifications: Boolean(sr.email || sr.auth)
129
+ };
130
+ }
131
+ /**
132
+ * Returns the env refs declared by the manifest. The `secret` array is
133
+ * always empty when the manifest came from the public SDK endpoint —
134
+ * server-only refs are stripped before transit (see pages/api/sdk/manifest.js).
135
+ */
136
+ getEnvRefs() {
137
+ if (!this.manifest) {
138
+ return { public: [], secret: [] };
139
+ }
140
+ return {
141
+ public: this.manifest.env_refs.public,
142
+ secret: []
143
+ };
144
+ }
145
+ /**
146
+ * Convenience: is a given module required by this app?
147
+ */
148
+ has(module) {
149
+ return this.getRequiredModules()[module];
150
+ }
151
+ /**
152
+ * Where the manifest was loaded from. Useful for debugging and for
153
+ * surface-level telemetry (`fallback` means we never got the real one).
154
+ */
155
+ getSource() {
156
+ return this.source;
157
+ }
158
+ /**
159
+ * Test-only helper: wipe the page-lifetime cache. Never call this in
160
+ * production code.
161
+ */
162
+ static __resetCacheForTests() {
163
+ manifestCache.clear();
164
+ inflightLoads.clear();
165
+ }
166
+ };
167
+ function readPublicToken() {
168
+ const fromVite = safeEnv("VITE_EZC_PROJECT_TOKEN_PUBLIC");
169
+ if (fromVite) return fromVite;
170
+ const fromNext = safeEnv("NEXT_PUBLIC_EZC_PROJECT_TOKEN_PUBLIC");
171
+ if (fromNext) return fromNext;
172
+ return safeEnv("EZC_PROJECT_TOKEN_PUBLIC");
173
+ }
174
+ function safeEnv(key) {
175
+ try {
176
+ if (typeof import.meta !== "undefined" && import.meta.env) {
177
+ const v = import.meta.env[key];
178
+ if (typeof v === "string") return v;
179
+ }
180
+ } catch {
181
+ }
182
+ try {
183
+ if (typeof process !== "undefined" && process.env) {
184
+ return process.env[key] || "";
185
+ }
186
+ } catch {
187
+ }
188
+ return "";
189
+ }
190
+ async function fetchManifest(apiUrl, publicToken) {
191
+ const headers = {
192
+ "Accept": "application/json"
193
+ };
194
+ if (publicToken) {
195
+ headers["X-EzCoder-Public-Token"] = publicToken;
196
+ }
197
+ const res = await fetch(`${apiUrl}/api/sdk/manifest`, {
198
+ method: "GET",
199
+ headers,
200
+ // Browsers will fold the 5-minute cache header automatically; this hint
201
+ // is here for non-browser runtimes that respect it.
202
+ cache: "default"
203
+ });
204
+ if (!res.ok) {
205
+ throw new Error(`HTTP ${res.status}`);
206
+ }
207
+ const body = await res.json();
208
+ const parsed = parseManifestPayload(body);
209
+ if (!parsed) {
210
+ throw new Error("manifest payload failed shape validation");
211
+ }
212
+ return parsed;
213
+ }
214
+ function parseManifestPayload(input) {
215
+ if (!isRecord(input)) return null;
216
+ const projectId = input.project_id;
217
+ const serviceReqs = input.service_requirements;
218
+ const envRefs = input.env_refs;
219
+ const gates = input.validation_gates;
220
+ if (typeof projectId !== "string" || projectId.length === 0) return null;
221
+ if (!isRecord(serviceReqs)) return null;
222
+ if (!isRecord(envRefs) || !Array.isArray(envRefs.public)) return null;
223
+ if (!Array.isArray(gates)) return null;
224
+ const manifestVersion = typeof input.manifest_version === "number" ? input.manifest_version : 0;
225
+ return {
226
+ manifest_version: manifestVersion,
227
+ project_id: projectId,
228
+ service_requirements: serviceReqs,
229
+ env_refs: { public: envRefs.public.filter((v) => typeof v === "string") },
230
+ validation_gates: gates.filter((v) => typeof v === "string")
231
+ };
232
+ }
233
+ function isRecord(value) {
234
+ return typeof value === "object" && value !== null && !Array.isArray(value);
235
+ }
236
+
237
+ // src/useEzCoderManifest.ts
238
+ import { useEffect, useState } from "react";
239
+ function useEzCoderManifest() {
240
+ const [manifest, setManifest] = useState(
241
+ () => EzCoderManifest.loadFromBuildOutput()
242
+ );
243
+ const [loading, setLoading] = useState(manifest === null);
244
+ useEffect(() => {
245
+ if (manifest) return;
246
+ let cancelled = false;
247
+ EzCoderManifest.load().then((m) => {
248
+ if (cancelled) return;
249
+ setManifest(m);
250
+ setLoading(false);
251
+ }).catch(() => {
252
+ if (cancelled) return;
253
+ setLoading(false);
254
+ });
255
+ return () => {
256
+ cancelled = true;
257
+ };
258
+ }, []);
259
+ return {
260
+ manifest,
261
+ modules: manifest ? manifest.getRequiredModules() : null,
262
+ loading,
263
+ source: manifest ? manifest.getSource() : null
264
+ };
265
+ }
266
+
267
+ // src/index.ts
268
+ if (typeof window !== "undefined") {
269
+ void EzCoderManifest.load();
270
+ }
17
271
  export {
18
272
  DatabaseClient,
19
273
  DatabaseProvider,
274
+ EzCoderManifest,
20
275
  env,
21
276
  ezcoder,
22
277
  ezcoderAuthIntegration,
@@ -24,6 +279,7 @@ export {
24
279
  isFeatureConfigured,
25
280
  isSupabaseConfigured,
26
281
  supabase,
27
- useDatabase
282
+ useDatabase,
283
+ useEzCoderManifest
28
284
  };
29
285
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
1
+ {"version":3,"sources":["../src/manifest-consumer.ts","../src/useEzCoderManifest.ts","../src/index.ts"],"sourcesContent":["/**\r\n * @module manifest-consumer\r\n * @description Runtime + build-time consumer of the EzCoder Capability Manifest.\r\n *\r\n * Track B (B7) — the user-app SDK reads the project's Capability Manifest so\r\n * it knows which feature modules are actually required (auth, storage,\r\n * payments, email, cron, notifications, database) and which env refs to\r\n * expect. The SDK historically auto-registered everything regardless of\r\n * project needs; this consumer adds *opt-in* awareness without breaking\r\n * existing consumers.\r\n *\r\n * Failure mode is deliberately permissive: any fetch/parse error falls\r\n * through to \"all modules considered required\" so a flaky network blip on\r\n * the user's deployed site never silently disables a feature.\r\n */\r\n\r\nimport { env } from './core/config';\r\n\r\n// ─── Public surface ───────────────────────────────────────────────────────\r\n\r\n/**\r\n * The seven modules the SDK can register. Mirrors the keys of\r\n * `service_requirements` in lib/manifest/schema.ts plus `database` derived\r\n * from the `database` requirement block.\r\n */\r\nexport interface RequiredModules {\r\n auth: boolean;\r\n storage: boolean;\r\n payments: boolean;\r\n email: boolean;\r\n cron: boolean;\r\n database: boolean;\r\n notifications: boolean;\r\n}\r\n\r\n/**\r\n * Public + (publicly-visible names of) secret env refs. The server-side\r\n * endpoint deliberately strips `secret` before returning, but we keep the\r\n * field on the consumer type as an empty array for forward-compat — once a\r\n * privileged consumer path exists it can populate it.\r\n */\r\nexport interface EnvRefs {\r\n public: ReadonlyArray<string>;\r\n secret: ReadonlyArray<string>;\r\n}\r\n\r\n/**\r\n * The shape the SDK actually consumes. A trimmed projection of the full\r\n * Capability Manifest; the server endpoint enforces the projection so the\r\n * SDK can never see secret-ref names even if it asks for them.\r\n */\r\nexport interface SanitizedManifest {\r\n manifest_version: number;\r\n project_id: string;\r\n service_requirements: {\r\n database?: { provider: string; rls_required: boolean; tables: ReadonlyArray<string> };\r\n auth?: { provider: string; flows: ReadonlyArray<string> };\r\n storage?: { buckets: ReadonlyArray<string> };\r\n payments?: { mode: string };\r\n email?: { provider: string };\r\n cron?: { jobs: ReadonlyArray<{ name: string; schedule: string }> };\r\n };\r\n env_refs: { public: ReadonlyArray<string> };\r\n validation_gates: ReadonlyArray<string>;\r\n}\r\n\r\n// ─── Module-level cache (keyed by projectId) ──────────────────────────────\r\n\r\nconst manifestCache: Map<string, EzCoderManifest> = new Map();\r\nconst inflightLoads: Map<string, Promise<EzCoderManifest>> = new Map();\r\n\r\n/**\r\n * Default-on RequiredModules — used as the safe fallback when no manifest\r\n * is available. Preserves the SDK's historical behaviour (everything wired)\r\n * so a missing/failed manifest never silently disables a feature in\r\n * already-deployed user apps.\r\n */\r\nconst PERMISSIVE_DEFAULT_MODULES: Readonly<RequiredModules> = Object.freeze({\r\n auth: true,\r\n storage: true,\r\n payments: true,\r\n email: true,\r\n cron: true,\r\n database: true,\r\n notifications: true,\r\n});\r\n\r\n// ─── EzCoderManifest class ────────────────────────────────────────────────\r\n\r\n/**\r\n * Wraps a sanitized manifest payload and exposes module/env-ref queries.\r\n * Instances are immutable — `manifest` is captured at construction time and\r\n * never mutated. Use the static `load()` / `loadFromBuildOutput()` factories\r\n * rather than calling `new` directly so the page-lifetime cache is honoured.\r\n */\r\nexport class EzCoderManifest {\r\n private readonly manifest: SanitizedManifest | null;\r\n private readonly source: 'runtime' | 'build' | 'fallback';\r\n\r\n constructor(manifest: SanitizedManifest | null, source: 'runtime' | 'build' | 'fallback') {\r\n this.manifest = manifest;\r\n this.source = source;\r\n }\r\n\r\n /**\r\n * Fetch the manifest at runtime from the platform API. Returns a\r\n * cached instance for the lifetime of the page; concurrent callers share\r\n * a single in-flight fetch. Falls back to a permissive (all-modules-on)\r\n * instance on any error.\r\n */\r\n static async load(): Promise<EzCoderManifest> {\r\n const projectId = env.EZC_PROJECT_ID;\r\n const apiUrl = env.EZCODER_API_URL;\r\n const publicToken = readPublicToken();\r\n\r\n if (!projectId || !apiUrl) {\r\n return new EzCoderManifest(null, 'fallback');\r\n }\r\n\r\n const cacheKey = `${projectId}::${apiUrl}`;\r\n const cached = manifestCache.get(cacheKey);\r\n if (cached) return cached;\r\n\r\n const inflight = inflightLoads.get(cacheKey);\r\n if (inflight) return inflight;\r\n\r\n const loadPromise = fetchManifest(apiUrl, publicToken)\r\n .then((m) => {\r\n const instance = new EzCoderManifest(m, 'runtime');\r\n manifestCache.set(cacheKey, instance);\r\n return instance;\r\n })\r\n .catch((err: unknown) => {\r\n const message = err instanceof Error ? err.message : 'unknown';\r\n if (typeof console !== 'undefined') {\r\n console.warn(`[EzCoder SDK] manifest fetch failed (${message}); falling back to permissive mode.`);\r\n }\r\n const fallback = new EzCoderManifest(null, 'fallback');\r\n manifestCache.set(cacheKey, fallback);\r\n return fallback;\r\n })\r\n .finally(() => {\r\n inflightLoads.delete(cacheKey);\r\n });\r\n\r\n inflightLoads.set(cacheKey, loadPromise);\r\n return loadPromise;\r\n }\r\n\r\n /**\r\n * Read a manifest written by the build-time codegen step (see\r\n * scripts/fetch-build-manifest.js). Used by SSG callers that want to\r\n * avoid a runtime network round-trip. Returns null when no build-time\r\n * manifest is present — callers should fall back to `load()`.\r\n *\r\n * Implementation note: we deliberately avoid a static `import` because\r\n * (a) the file may not exist, which would be a hard module-resolution\r\n * error, and (b) browser bundles must not pull in the JSON. We probe\r\n * `process` to detect Node, then read the file from disk via the eval'd\r\n * dynamic require — the eval indirection keeps bundlers from following\r\n * the path at build time.\r\n */\r\n static loadFromBuildOutput(): EzCoderManifest | null {\r\n try {\r\n if (typeof process === 'undefined' || !process.versions?.node) {\r\n return null;\r\n }\r\n // Avoid a static `import('fs')` because (a) the file may not exist,\r\n // (b) bundlers would attempt to resolve it for browser targets, and\r\n // (c) we want a Node-only branch the bundler can drop. Construct the\r\n // require lookup via the Function constructor so the literal \"require\"\r\n // identifier never appears in any statically-analyzable position.\r\n const getRequire = new Function(\r\n 'return typeof require === \"function\" ? require : null;',\r\n ) as () => ((id: string) => unknown) | null;\r\n const dynamicRequire = getRequire();\r\n if (!dynamicRequire) return null;\r\n const fs = dynamicRequire('fs') as { readFileSync: (p: string, enc: string) => string };\r\n const path = dynamicRequire('path') as { resolve: (...segments: string[]) => string };\r\n const cwd = process.cwd();\r\n const full = path.resolve(cwd, 'node_modules', '.ezcoder', 'manifest.json');\r\n const raw = fs.readFileSync(full, 'utf8');\r\n const payload: unknown = JSON.parse(raw);\r\n const parsed = parseManifestPayload(payload);\r\n if (!parsed) return null;\r\n return new EzCoderManifest(parsed, 'build');\r\n } catch {\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * Returns the boolean enablement map for each SDK module. When no\r\n * manifest is loaded, returns the permissive default (everything on) so\r\n * legacy behaviour is preserved.\r\n */\r\n getRequiredModules(): RequiredModules {\r\n if (!this.manifest) {\r\n return { ...PERMISSIVE_DEFAULT_MODULES };\r\n }\r\n const sr = this.manifest.service_requirements;\r\n return {\r\n auth: Boolean(sr.auth),\r\n storage: Boolean(sr.storage),\r\n payments: Boolean(sr.payments),\r\n email: Boolean(sr.email),\r\n cron: Boolean(sr.cron),\r\n database: Boolean(sr.database),\r\n // notifications is not in service_requirements v0; derive from email\r\n // OR auth so the existing notifications module behaves sensibly.\r\n notifications: Boolean(sr.email || sr.auth),\r\n };\r\n }\r\n\r\n /**\r\n * Returns the env refs declared by the manifest. The `secret` array is\r\n * always empty when the manifest came from the public SDK endpoint —\r\n * server-only refs are stripped before transit (see pages/api/sdk/manifest.js).\r\n */\r\n getEnvRefs(): EnvRefs {\r\n if (!this.manifest) {\r\n return { public: [], secret: [] };\r\n }\r\n return {\r\n public: this.manifest.env_refs.public,\r\n secret: [],\r\n };\r\n }\r\n\r\n /**\r\n * Convenience: is a given module required by this app?\r\n */\r\n has(module: keyof RequiredModules): boolean {\r\n return this.getRequiredModules()[module];\r\n }\r\n\r\n /**\r\n * Where the manifest was loaded from. Useful for debugging and for\r\n * surface-level telemetry (`fallback` means we never got the real one).\r\n */\r\n getSource(): 'runtime' | 'build' | 'fallback' {\r\n return this.source;\r\n }\r\n\r\n /**\r\n * Test-only helper: wipe the page-lifetime cache. Never call this in\r\n * production code.\r\n */\r\n static __resetCacheForTests(): void {\r\n manifestCache.clear();\r\n inflightLoads.clear();\r\n }\r\n}\r\n\r\n// ─── Internals ────────────────────────────────────────────────────────────\r\n\r\nfunction readPublicToken(): string {\r\n // The PUBLIC token is intentionally distinct from the server-only secret\r\n // key. We accept both Vite and Next env shapes; both must be safe to\r\n // expose to the browser (i.e. namespaced as PUBLIC).\r\n const fromVite = safeEnv('VITE_EZC_PROJECT_TOKEN_PUBLIC');\r\n if (fromVite) return fromVite;\r\n const fromNext = safeEnv('NEXT_PUBLIC_EZC_PROJECT_TOKEN_PUBLIC');\r\n if (fromNext) return fromNext;\r\n return safeEnv('EZC_PROJECT_TOKEN_PUBLIC');\r\n}\r\n\r\nfunction safeEnv(key: string): string {\r\n try {\r\n if (typeof import.meta !== 'undefined' && import.meta.env) {\r\n const v = (import.meta.env as Record<string, unknown>)[key];\r\n if (typeof v === 'string') return v;\r\n }\r\n } catch {\r\n // import.meta unavailable in this runtime — fall through.\r\n }\r\n try {\r\n if (typeof process !== 'undefined' && process.env) {\r\n return process.env[key] || '';\r\n }\r\n } catch {\r\n // process unavailable — fall through.\r\n }\r\n return '';\r\n}\r\n\r\nasync function fetchManifest(apiUrl: string, publicToken: string): Promise<SanitizedManifest> {\r\n const headers: Record<string, string> = {\r\n 'Accept': 'application/json',\r\n };\r\n if (publicToken) {\r\n headers['X-EzCoder-Public-Token'] = publicToken;\r\n }\r\n const res = await fetch(`${apiUrl}/api/sdk/manifest`, {\r\n method: 'GET',\r\n headers,\r\n // Browsers will fold the 5-minute cache header automatically; this hint\r\n // is here for non-browser runtimes that respect it.\r\n cache: 'default',\r\n });\r\n if (!res.ok) {\r\n throw new Error(`HTTP ${res.status}`);\r\n }\r\n const body: unknown = await res.json();\r\n const parsed = parseManifestPayload(body);\r\n if (!parsed) {\r\n throw new Error('manifest payload failed shape validation');\r\n }\r\n return parsed;\r\n}\r\n\r\n/**\r\n * Permissive boundary parser. We deliberately do NOT pull Zod into the SDK\r\n * bundle — instead we run a lightweight shape check and let unknown fields\r\n * pass through. The server has already validated the manifest with Zod\r\n * before sending; this is just defense-in-depth against a malformed\r\n * response (e.g. an HTML error page).\r\n */\r\nfunction parseManifestPayload(input: unknown): SanitizedManifest | null {\r\n if (!isRecord(input)) return null;\r\n const projectId = input.project_id;\r\n const serviceReqs = input.service_requirements;\r\n const envRefs = input.env_refs;\r\n const gates = input.validation_gates;\r\n if (typeof projectId !== 'string' || projectId.length === 0) return null;\r\n if (!isRecord(serviceReqs)) return null;\r\n if (!isRecord(envRefs) || !Array.isArray(envRefs.public)) return null;\r\n if (!Array.isArray(gates)) return null;\r\n const manifestVersion =\r\n typeof input.manifest_version === 'number' ? input.manifest_version : 0;\r\n return {\r\n manifest_version: manifestVersion,\r\n project_id: projectId,\r\n service_requirements: serviceReqs as SanitizedManifest['service_requirements'],\r\n env_refs: { public: envRefs.public.filter((v): v is string => typeof v === 'string') },\r\n validation_gates: gates.filter((v): v is string => typeof v === 'string'),\r\n };\r\n}\r\n\r\nfunction isRecord(value: unknown): value is Record<string, unknown> {\r\n return typeof value === 'object' && value !== null && !Array.isArray(value);\r\n}\r\n","/**\r\n * @module useEzCoderManifest\r\n * @description React hook that exposes the loaded Capability Manifest to\r\n * components so they can branch on whether a feature module is required by\r\n * the current project.\r\n *\r\n * Importing this file pulls `react` as a peer dep — kept in a dedicated\r\n * file so SSR / non-React entries can consume `manifest-consumer.ts`\r\n * without touching React.\r\n */\r\n\r\nimport { useEffect, useState } from 'react';\r\nimport { EzCoderManifest, type RequiredModules } from './manifest-consumer';\r\n\r\nexport interface UseEzCoderManifestResult {\r\n manifest: EzCoderManifest | null;\r\n modules: RequiredModules | null;\r\n loading: boolean;\r\n source: 'runtime' | 'build' | 'fallback' | null;\r\n}\r\n\r\n/**\r\n * Synchronously prefers a build-time manifest (avoids a render-blocking\r\n * fetch on SSG/SSR); otherwise kicks off the async runtime load. Until the\r\n * load resolves, `modules` is null and callers should treat features as\r\n * unknown (recommended: render the historical default, then re-render once\r\n * `modules` settles).\r\n */\r\nexport function useEzCoderManifest(): UseEzCoderManifestResult {\r\n // Lazy initializer — `loadFromBuildOutput` touches the filesystem on Node\r\n // and must NOT run on every render. Memoized once across the mount.\r\n const [manifest, setManifest] = useState<EzCoderManifest | null>(\r\n () => EzCoderManifest.loadFromBuildOutput(),\r\n );\r\n const [loading, setLoading] = useState<boolean>(manifest === null);\r\n\r\n useEffect(() => {\r\n // If we already have a build-time manifest, no need to fetch.\r\n if (manifest) return;\r\n\r\n let cancelled = false;\r\n EzCoderManifest.load()\r\n .then((m) => {\r\n if (cancelled) return;\r\n setManifest(m);\r\n setLoading(false);\r\n })\r\n .catch(() => {\r\n if (cancelled) return;\r\n // load() already handles errors and returns a fallback, but be\r\n // defensive: ensure we never leave the UI stuck in loading state.\r\n setLoading(false);\r\n });\r\n\r\n return () => {\r\n cancelled = true;\r\n };\r\n // We only want this effect to run on mount; once `manifest` settles,\r\n // re-running would re-fetch unnecessarily.\r\n // eslint-disable-next-line react-hooks/exhaustive-deps\r\n }, []);\r\n\r\n return {\r\n manifest,\r\n modules: manifest ? manifest.getRequiredModules() : null,\r\n loading,\r\n source: manifest ? manifest.getSource() : null,\r\n };\r\n}\r\n","export { env, features, isFeatureConfigured } from './core/config';\r\nexport { supabase, isSupabaseConfigured } from './core/supabase';\r\nexport { ezcoder, ezcoderAuthIntegration } from './core/platform';\r\nexport { DatabaseProvider, useDatabase, DatabaseClient } from './database';\r\nexport type {\r\n AuthUser,\r\n UserProfile,\r\n SubscriptionTier,\r\n SubscriptionStatus,\r\n StorageResult,\r\n StorageFile,\r\n CheckoutOptions,\r\n EzcoderClient,\r\n AnalyticsResult,\r\n AuthIntegration,\r\n} from './core/types';\r\n\r\n// ─── Capability Manifest (B7) ────────────────────────────────────────────\r\n//\r\n// Manifest awareness is OPT-IN. The legacy module auto-registration is\r\n// preserved, so existing consumers see no behavioural change. New code can\r\n// import these to gate features:\r\n//\r\n// import { EzCoderManifest, useEzCoderManifest } from '@ezcoder.dev/sdk';\r\n// const { modules, loading } = useEzCoderManifest();\r\n// if (!loading && modules?.payments) renderCheckout();\r\n//\r\nexport { EzCoderManifest } from './manifest-consumer';\r\nexport type { RequiredModules, EnvRefs, SanitizedManifest } from './manifest-consumer';\r\nexport { useEzCoderManifest } from './useEzCoderManifest';\r\nexport type { UseEzCoderManifestResult } from './useEzCoderManifest';\r\n\r\n// Kick off an opportunistic load on import so the cache is warm by the\r\n// time components call useEzCoderManifest(). Errors are swallowed inside\r\n// load() and produce a fallback instance — never throws.\r\nimport { EzCoderManifest as _EzCoderManifestForBoot } from './manifest-consumer';\r\nif (typeof window !== 'undefined') {\r\n // Browser only. SSR/SSG paths that want the manifest should call\r\n // loadFromBuildOutput() or load() explicitly to control timing.\r\n void _EzCoderManifestForBoot.load();\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAoEA,IAAM,gBAA8C,oBAAI,IAAI;AAC5D,IAAM,gBAAuD,oBAAI,IAAI;AAQrE,IAAM,6BAAwD,OAAO,OAAO;AAAA,EAC1E,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AAAA,EACV,OAAO;AAAA,EACP,MAAM;AAAA,EACN,UAAU;AAAA,EACV,eAAe;AACjB,CAAC;AAUM,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EAI3B,YAAY,UAAoC,QAA0C;AACxF,SAAK,WAAW;AAChB,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,OAAiC;AAC5C,UAAM,YAAY,IAAI;AACtB,UAAM,SAAS,IAAI;AACnB,UAAM,cAAc,gBAAgB;AAEpC,QAAI,CAAC,aAAa,CAAC,QAAQ;AACzB,aAAO,IAAI,iBAAgB,MAAM,UAAU;AAAA,IAC7C;AAEA,UAAM,WAAW,GAAG,SAAS,KAAK,MAAM;AACxC,UAAM,SAAS,cAAc,IAAI,QAAQ;AACzC,QAAI,OAAQ,QAAO;AAEnB,UAAM,WAAW,cAAc,IAAI,QAAQ;AAC3C,QAAI,SAAU,QAAO;AAErB,UAAM,cAAc,cAAc,QAAQ,WAAW,EAClD,KAAK,CAAC,MAAM;AACX,YAAM,WAAW,IAAI,iBAAgB,GAAG,SAAS;AACjD,oBAAc,IAAI,UAAU,QAAQ;AACpC,aAAO;AAAA,IACT,CAAC,EACA,MAAM,CAAC,QAAiB;AACvB,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,UAAI,OAAO,YAAY,aAAa;AAClC,gBAAQ,KAAK,wCAAwC,OAAO,qCAAqC;AAAA,MACnG;AACA,YAAM,WAAW,IAAI,iBAAgB,MAAM,UAAU;AACrD,oBAAc,IAAI,UAAU,QAAQ;AACpC,aAAO;AAAA,IACT,CAAC,EACA,QAAQ,MAAM;AACb,oBAAc,OAAO,QAAQ;AAAA,IAC/B,CAAC;AAEH,kBAAc,IAAI,UAAU,WAAW;AACvC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,sBAA8C;AACnD,QAAI;AACF,UAAI,OAAO,YAAY,eAAe,CAAC,QAAQ,UAAU,MAAM;AAC7D,eAAO;AAAA,MACT;AAMA,YAAM,aAAa,IAAI;AAAA,QACrB;AAAA,MACF;AACA,YAAM,iBAAiB,WAAW;AAClC,UAAI,CAAC,eAAgB,QAAO;AAC5B,YAAM,KAAK,eAAe,IAAI;AAC9B,YAAM,OAAO,eAAe,MAAM;AAClC,YAAM,MAAM,QAAQ,IAAI;AACxB,YAAM,OAAO,KAAK,QAAQ,KAAK,gBAAgB,YAAY,eAAe;AAC1E,YAAM,MAAM,GAAG,aAAa,MAAM,MAAM;AACxC,YAAM,UAAmB,KAAK,MAAM,GAAG;AACvC,YAAM,SAAS,qBAAqB,OAAO;AAC3C,UAAI,CAAC,OAAQ,QAAO;AACpB,aAAO,IAAI,iBAAgB,QAAQ,OAAO;AAAA,IAC5C,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,qBAAsC;AACpC,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,EAAE,GAAG,2BAA2B;AAAA,IACzC;AACA,UAAM,KAAK,KAAK,SAAS;AACzB,WAAO;AAAA,MACL,MAAM,QAAQ,GAAG,IAAI;AAAA,MACrB,SAAS,QAAQ,GAAG,OAAO;AAAA,MAC3B,UAAU,QAAQ,GAAG,QAAQ;AAAA,MAC7B,OAAO,QAAQ,GAAG,KAAK;AAAA,MACvB,MAAM,QAAQ,GAAG,IAAI;AAAA,MACrB,UAAU,QAAQ,GAAG,QAAQ;AAAA;AAAA;AAAA,MAG7B,eAAe,QAAQ,GAAG,SAAS,GAAG,IAAI;AAAA,IAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAsB;AACpB,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAC,EAAE;AAAA,IAClC;AACA,WAAO;AAAA,MACL,QAAQ,KAAK,SAAS,SAAS;AAAA,MAC/B,QAAQ,CAAC;AAAA,IACX;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAwC;AAC1C,WAAO,KAAK,mBAAmB,EAAE,MAAM;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAA8C;AAC5C,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,uBAA6B;AAClC,kBAAc,MAAM;AACpB,kBAAc,MAAM;AAAA,EACtB;AACF;AAIA,SAAS,kBAA0B;AAIjC,QAAM,WAAW,QAAQ,+BAA+B;AACxD,MAAI,SAAU,QAAO;AACrB,QAAM,WAAW,QAAQ,sCAAsC;AAC/D,MAAI,SAAU,QAAO;AACrB,SAAO,QAAQ,0BAA0B;AAC3C;AAEA,SAAS,QAAQ,KAAqB;AACpC,MAAI;AACF,QAAI,OAAO,gBAAgB,eAAe,YAAY,KAAK;AACzD,YAAM,IAAK,YAAY,IAAgC,GAAG;AAC1D,UAAI,OAAO,MAAM,SAAU,QAAO;AAAA,IACpC;AAAA,EACF,QAAQ;AAAA,EAER;AACA,MAAI;AACF,QAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,aAAO,QAAQ,IAAI,GAAG,KAAK;AAAA,IAC7B;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,eAAe,cAAc,QAAgB,aAAiD;AAC5F,QAAM,UAAkC;AAAA,IACtC,UAAU;AAAA,EACZ;AACA,MAAI,aAAa;AACf,YAAQ,wBAAwB,IAAI;AAAA,EACtC;AACA,QAAM,MAAM,MAAM,MAAM,GAAG,MAAM,qBAAqB;AAAA,IACpD,QAAQ;AAAA,IACR;AAAA;AAAA;AAAA,IAGA,OAAO;AAAA,EACT,CAAC;AACD,MAAI,CAAC,IAAI,IAAI;AACX,UAAM,IAAI,MAAM,QAAQ,IAAI,MAAM,EAAE;AAAA,EACtC;AACA,QAAM,OAAgB,MAAM,IAAI,KAAK;AACrC,QAAM,SAAS,qBAAqB,IAAI;AACxC,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,SAAO;AACT;AASA,SAAS,qBAAqB,OAA0C;AACtE,MAAI,CAAC,SAAS,KAAK,EAAG,QAAO;AAC7B,QAAM,YAAY,MAAM;AACxB,QAAM,cAAc,MAAM;AAC1B,QAAM,UAAU,MAAM;AACtB,QAAM,QAAQ,MAAM;AACpB,MAAI,OAAO,cAAc,YAAY,UAAU,WAAW,EAAG,QAAO;AACpE,MAAI,CAAC,SAAS,WAAW,EAAG,QAAO;AACnC,MAAI,CAAC,SAAS,OAAO,KAAK,CAAC,MAAM,QAAQ,QAAQ,MAAM,EAAG,QAAO;AACjE,MAAI,CAAC,MAAM,QAAQ,KAAK,EAAG,QAAO;AAClC,QAAM,kBACJ,OAAO,MAAM,qBAAqB,WAAW,MAAM,mBAAmB;AACxE,SAAO;AAAA,IACL,kBAAkB;AAAA,IAClB,YAAY;AAAA,IACZ,sBAAsB;AAAA,IACtB,UAAU,EAAE,QAAQ,QAAQ,OAAO,OAAO,CAAC,MAAmB,OAAO,MAAM,QAAQ,EAAE;AAAA,IACrF,kBAAkB,MAAM,OAAO,CAAC,MAAmB,OAAO,MAAM,QAAQ;AAAA,EAC1E;AACF;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;;;AC1UA,SAAS,WAAW,gBAAgB;AAiB7B,SAAS,qBAA+C;AAG7D,QAAM,CAAC,UAAU,WAAW,IAAI;AAAA,IAC9B,MAAM,gBAAgB,oBAAoB;AAAA,EAC5C;AACA,QAAM,CAAC,SAAS,UAAU,IAAI,SAAkB,aAAa,IAAI;AAEjE,YAAU,MAAM;AAEd,QAAI,SAAU;AAEd,QAAI,YAAY;AAChB,oBAAgB,KAAK,EAClB,KAAK,CAAC,MAAM;AACX,UAAI,UAAW;AACf,kBAAY,CAAC;AACb,iBAAW,KAAK;AAAA,IAClB,CAAC,EACA,MAAM,MAAM;AACX,UAAI,UAAW;AAGf,iBAAW,KAAK;AAAA,IAClB,CAAC;AAEH,WAAO,MAAM;AACX,kBAAY;AAAA,IACd;AAAA,EAIF,GAAG,CAAC,CAAC;AAEL,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW,SAAS,mBAAmB,IAAI;AAAA,IACpD;AAAA,IACA,QAAQ,WAAW,SAAS,UAAU,IAAI;AAAA,EAC5C;AACF;;;AChCA,IAAI,OAAO,WAAW,aAAa;AAGjC,OAAK,gBAAwB,KAAK;AACpC;","names":[]}
package/dist/notifications/index.d.ts CHANGED
@@ -27,13 +27,38 @@ interface NotificationCenterProps {
27
27
  }
28
28
  declare function NotificationCenter({ className }: NotificationCenterProps): react_jsx_runtime.JSX.Element;
29
29
 
30
+ /**
31
+ * SDK sendNotification (B1).
32
+ *
33
+ * Routes to /api/project-notifications/send using the SERVER-class project
34
+ * token.
35
+ *
36
+ * BEFORE B1, this function called a Supabase RPC (`sdk_create_notification`)
37
+ * directly. That bypassed the platform auth surface entirely, so quota and
38
+ * per-tier limits could not be enforced.
39
+ *
40
+ * AFTER B1:
41
+ * - Reads EZC_PROJECT_TOKEN_SERVER from server-side env.
42
+ * - Sends via `X-EzCoder-Server-Token` header to the new
43
+ * /api/project-notifications/send endpoint.
44
+ * - Refuses to run from browser bundles with a clear, actionable error.
45
+ * - Per-project rate limits, audit logging, and the credential class check
46
+ * are enforced server-side.
47
+ *
48
+ * For READING notifications (browser-friendly), see `useNotifications`,
49
+ * which targets /api/project-notifications/list using the PUBLIC-class
50
+ * token via `resolvePublicToken()`.
51
+ */
30
52
  interface SendNotificationOptions {
31
53
  type?: 'info' | 'success' | 'warning' | 'error' | 'system';
32
54
  data?: Record<string, unknown>;
33
55
  }
34
- declare function sendNotification(userId: string, title: string, message: string, options?: SendNotificationOptions): Promise<{
56
+ interface SendNotificationResult {
35
57
  success: boolean;
58
+ id?: string;
36
59
  error?: string;
37
- }>;
60
+ code?: string;
61
+ }
62
+ declare function sendNotification(userId: string, title: string, message: string, options?: SendNotificationOptions): Promise<SendNotificationResult>;
38
63
 
39
64
  export { NotificationCenter, sendNotification, useNotifications };
package/dist/notifications/index.js CHANGED
@@ -1,12 +1,17 @@
1
+ import {
2
+ resolveServerToken
3
+ } from "../chunk-CQKYANAW.js";
1
4
  import {
2
5
  AuthContext
3
- } from "../chunk-AWU47M6N.js";
4
- import "../chunk-GPF4AYNG.js";
6
+ } from "../chunk-QHB7LGCA.js";
7
+ import "../chunk-HJ2EIZ4S.js";
5
8
  import {
6
- env,
7
- features,
8
9
  supabase
9
- } from "../chunk-2WG4O4J2.js";
10
+ } from "../chunk-I2YGB7Z6.js";
11
+ import {
12
+ env,
13
+ features
14
+ } from "../chunk-LIUE7M7K.js";
10
15
 
11
16
  // src/notifications/useNotifications.ts
12
17
  import { useState, useEffect, useCallback, useContext } from "react";
@@ -188,22 +193,52 @@ function NotificationCenter({ className = "" }) {
188
193
 
189
194
  // src/notifications/sendNotification.ts
190
195
  async function sendNotification(userId, title, message, options = {}) {
196
+ const apiUrl = env.EZCODER_API_URL;
191
197
  const projectId = env.EZC_PROJECT_ID;
192
- if (!projectId) {
193
- return { success: false, error: "EZC_PROJECT_ID not configured" };
198
+ if (!apiUrl || !projectId) {
199
+ return {
200
+ success: false,
201
+ error: "EZCODER_API_URL and EZC_PROJECT_ID are required",
202
+ code: "sdk_misconfigured"
203
+ };
194
204
  }
195
- const { data, error } = await supabase.rpc("sdk_create_notification", {
196
- p_project_id: projectId,
197
- p_user_id: userId,
198
- p_title: title,
199
- p_message: message,
200
- p_type: options.type || "info",
201
- p_data: options.data || {}
202
- });
203
- if (error) {
204
- return { success: false, error: error.message };
205
+ const tokenResolution = resolveServerToken();
206
+ if (!tokenResolution.ok) {
207
+ return { success: false, error: tokenResolution.reason, code: "no_server_token" };
208
+ }
209
+ try {
210
+ const res = await fetch(`${apiUrl}/api/project-notifications/send`, {
211
+ method: "POST",
212
+ headers: {
213
+ "Content-Type": "application/json",
214
+ "X-EzCoder-Server-Token": tokenResolution.token
215
+ },
216
+ body: JSON.stringify({
217
+ projectId,
218
+ userId,
219
+ title,
220
+ message,
221
+ type: options.type ?? "info",
222
+ data: options.data ?? {}
223
+ })
224
+ });
225
+ const raw = await res.json().catch(() => ({}));
226
+ const data = raw && typeof raw === "object" ? raw : {};
227
+ if (!res.ok) {
228
+ return {
229
+ success: false,
230
+ error: data.error ?? `HTTP ${res.status}`,
231
+ code: data.code
232
+ };
233
+ }
234
+ return { success: true, id: data.id };
235
+ } catch (err) {
236
+ return {
237
+ success: false,
238
+ error: err instanceof Error ? err.message : "Network error",
239
+ code: "network_error"
240
+ };
205
241
  }
206
- return data || { success: true };
207
242
  }
208
243
  export {
209
244
  NotificationCenter,
package/dist/notifications/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/notifications/useNotifications.ts","../../src/notifications/NotificationCenter.tsx","../../src/notifications/sendNotification.ts"],"sourcesContent":["import { useState, useEffect, useCallback, useContext } from 'react';\r\nimport { supabase } from '../core/supabase';\r\nimport { features } from '../core/config';\r\nimport { AuthContext } from '../auth/AuthProvider';\r\n\r\ninterface Notification {\r\n id: string;\r\n type: string;\r\n title: string;\r\n message: string;\r\n data?: Record<string, unknown>;\r\n read: boolean;\r\n read_at?: string;\r\n created_at: string;\r\n}\r\n\r\nconst DEMO_NOTIFICATIONS: Notification[] = [\r\n {\r\n id: 'demo-1',\r\n type: 'info',\r\n title: 'Welcome!',\r\n message: 'Connect a database to enable real-time notifications.',\r\n read: false,\r\n created_at: new Date().toISOString(),\r\n },\r\n];\r\n\r\ninterface UseNotificationsReturn {\r\n notifications: Notification[];\r\n unreadCount: number;\r\n loading: boolean;\r\n isConfigured: boolean;\r\n markAsRead: (notificationId: string) => Promise<void>;\r\n markAllAsRead: () => Promise<void>;\r\n deleteNotification: (notificationId: string) => Promise<void>;\r\n refetch: () => Promise<void>;\r\n}\r\n\r\nexport function useNotifications(): UseNotificationsReturn {\r\n const auth = useContext(AuthContext);\r\n const [notifications, setNotifications] = useState<Notification[]>([]);\r\n const [loading, setLoading] = useState(true);\r\n\r\n const userId = auth?.user?.id;\r\n\r\n const fetchNotifications = useCallback(async () => {\r\n if (!features.auth || !userId) {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n setLoading(false);\r\n return;\r\n }\r\n\r\n try {\r\n const { data, error } = await supabase\r\n .from('notifications')\r\n .select('*')\r\n .eq('user_id', userId)\r\n .order('created_at', { ascending: false })\r\n .limit(50);\r\n\r\n if (error) {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n } else {\r\n setNotifications((data as Notification[]) || []);\r\n }\r\n } catch {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n } finally {\r\n setLoading(false);\r\n }\r\n }, [userId]);\r\n\r\n useEffect(() => {\r\n fetchNotifications();\r\n }, [fetchNotifications]);\r\n\r\n useEffect(() => {\r\n if (!features.auth || !userId) return;\r\n\r\n const channel = supabase\r\n .channel(`notifications_${userId}`)\r\n .on(\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n 'postgres_changes' as any,\r\n {\r\n event: 'INSERT',\r\n schema: 'public',\r\n table: 'notifications',\r\n filter: `user_id=eq.${userId}`,\r\n },\r\n (payload: { new: Notification }) => {\r\n setNotifications((prev) => [payload.new, ...prev]);\r\n }\r\n )\r\n .subscribe();\r\n\r\n return () => {\r\n supabase.removeChannel(channel);\r\n };\r\n }, [userId]);\r\n\r\n const markAsRead = useCallback(async (notificationId: string) => {\r\n if (!features.auth) return;\r\n\r\n await supabase\r\n .from('notifications')\r\n .update({ read: true, read_at: new Date().toISOString() })\r\n .eq('id', notificationId);\r\n\r\n setNotifications((prev) =>\r\n prev.map((n) => (n.id === notificationId ? { ...n, read: true } : n))\r\n );\r\n }, []);\r\n\r\n const markAllAsRead = useCallback(async () => {\r\n if (!features.auth || !userId) return;\r\n\r\n await supabase\r\n .from('notifications')\r\n .update({ read: true, read_at: new Date().toISOString() })\r\n .eq('user_id', userId)\r\n .eq('read', false);\r\n\r\n setNotifications((prev) => prev.map((n) => ({ ...n, read: true })));\r\n }, [userId]);\r\n\r\n const deleteNotification = useCallback(async (notificationId: string) => {\r\n if (!features.auth) return;\r\n\r\n await supabase.from('notifications').delete().eq('id', notificationId);\r\n setNotifications((prev) => prev.filter((n) => n.id !== notificationId));\r\n }, []);\r\n\r\n const unreadCount = notifications.filter((n) => !n.read).length;\r\n\r\n return {\r\n notifications,\r\n unreadCount,\r\n loading,\r\n isConfigured: features.auth,\r\n markAsRead,\r\n markAllAsRead,\r\n deleteNotification,\r\n refetch: fetchNotifications,\r\n };\r\n}\r\n","import { useState } from 'react';\r\nimport { useNotifications } from './useNotifications';\r\n\r\ninterface NotificationCenterProps {\r\n className?: string;\r\n}\r\n\r\nexport function NotificationCenter({ className = '' }: NotificationCenterProps) {\r\n const { notifications, unreadCount, markAsRead, markAllAsRead, deleteNotification } = useNotifications();\r\n const [open, setOpen] = useState(false);\r\n\r\n return (\r\n <div className={className} style={{ position: 'relative', display: 'inline-block' }}>\r\n <button\r\n onClick={() => setOpen(!open)}\r\n style={{\r\n background: 'none', border: 'none', cursor: 'pointer',\r\n position: 'relative', padding: '8px', fontSize: '20px',\r\n }}\r\n >\r\n 🔔\r\n {unreadCount > 0 && (\r\n <span style={{\r\n position: 'absolute', top: '2px', right: '2px',\r\n backgroundColor: '#dc2626', color: 'white', fontSize: '10px',\r\n borderRadius: '50%', width: '18px', height: '18px',\r\n display: 'flex', alignItems: 'center', justifyContent: 'center',\r\n }}>\r\n {unreadCount > 9 ? '9+' : unreadCount}\r\n </span>\r\n )}\r\n </button>\r\n\r\n {open && (\r\n <div style={{\r\n position: 'absolute', right: 0, top: '100%', width: '320px',\r\n backgroundColor: 'white', border: '1px solid #e5e7eb',\r\n borderRadius: '8px', boxShadow: '0 4px 12px rgba(0,0,0,0.1)',\r\n zIndex: 50, maxHeight: '400px', overflow: 'auto',\r\n }}>\r\n <div style={{ padding: '12px 16px', borderBottom: '1px solid #e5e7eb', display: 'flex', justifyContent: 'space-between', alignItems: 'center' }}>\r\n <span style={{ fontWeight: 600 }}>Notifications</span>\r\n {unreadCount > 0 && (\r\n <button onClick={() => markAllAsRead()} style={{ background: 'none', border: 'none', color: '#3b82f6', cursor: 'pointer', fontSize: '12px' }}>\r\n Mark all read\r\n </button>\r\n )}\r\n </div>\r\n\r\n {notifications.length === 0 ? (\r\n <div style={{ padding: '24px', textAlign: 'center', color: '#9ca3af' }}>\r\n No notifications\r\n </div>\r\n ) : (\r\n notifications.map((n) => (\r\n <div\r\n key={n.id}\r\n style={{\r\n padding: '12px 16px', borderBottom: '1px solid #f3f4f6',\r\n backgroundColor: n.read ? 'transparent' : '#eff6ff',\r\n cursor: 'pointer',\r\n }}\r\n onClick={() => !n.read && markAsRead(n.id)}\r\n >\r\n <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'flex-start' }}>\r\n <div>\r\n <p style={{ fontWeight: 500, fontSize: '14px', marginBottom: '2px' }}>{n.title}</p>\r\n <p style={{ color: '#6b7280', fontSize: '13px' }}>{n.message}</p>\r\n <p style={{ color: '#9ca3af', fontSize: '11px', marginTop: '4px' }}>\r\n {new Date(n.created_at).toLocaleDateString()}\r\n </p>\r\n </div>\r\n <button\r\n onClick={(e) => { e.stopPropagation(); deleteNotification(n.id); }}\r\n style={{ background: 'none', border: 'none', color: '#9ca3af', cursor: 'pointer', fontSize: '16px' }}\r\n >\r\n ×\r\n </button>\r\n </div>\r\n </div>\r\n ))\r\n )}\r\n </div>\r\n )}\r\n </div>\r\n );\r\n}\r\n","import { supabase } from '../core/supabase';\r\nimport { env } from '../core/config';\r\n\r\ninterface SendNotificationOptions {\r\n type?: 'info' | 'success' | 'warning' | 'error' | 'system';\r\n data?: Record<string, unknown>;\r\n}\r\n\r\nexport async function sendNotification(\r\n userId: string,\r\n title: string,\r\n message: string,\r\n options: SendNotificationOptions = {},\r\n): Promise<{ success: boolean; error?: string }> {\r\n const projectId = env.EZC_PROJECT_ID;\r\n if (!projectId) {\r\n return { success: false, error: 'EZC_PROJECT_ID not configured' };\r\n }\r\n\r\n const { data, error } = await supabase.rpc('sdk_create_notification', {\r\n p_project_id: projectId,\r\n p_user_id: userId,\r\n p_title: title,\r\n p_message: message,\r\n p_type: options.type || 'info',\r\n p_data: options.data || {},\r\n });\r\n\r\n if (error) {\r\n return { success: false, error: error.message };\r\n }\r\n\r\n return (data as { success: boolean; error?: string }) || { success: true };\r\n}\r\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,UAAU,WAAW,aAAa,kBAAkB;AAgB7D,IAAM,qBAAqC;AAAA,EACzC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM;AAAA,IACN,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,EACrC;AACF;AAaO,SAAS,mBAA2C;AACzD,QAAM,OAAO,WAAW,WAAW;AACnC,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,IAAI;AAE3C,QAAM,SAAS,MAAM,MAAM;AAE3B,QAAM,qBAAqB,YAAY,YAAY;AACjD,QAAI,CAAC,SAAS,QAAQ,CAAC,QAAQ;AAC7B,uBAAiB,kBAAkB;AACnC,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,EAAE;AAEX,UAAI,OAAO;AACT,yBAAiB,kBAAkB;AAAA,MACrC,OAAO;AACL,yBAAkB,QAA2B,CAAC,CAAC;AAAA,MACjD;AAAA,IACF,QAAQ;AACN,uBAAiB,kBAAkB;AAAA,IACrC,UAAE;AACA,iBAAW,KAAK;AAAA,IAClB;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,YAAU,MAAM;AACd,uBAAmB;AAAA,EACrB,GAAG,CAAC,kBAAkB,CAAC;AAEvB,YAAU,MAAM;AACd,QAAI,CAAC,SAAS,QAAQ,CAAC,OAAQ;AAE/B,UAAM,UAAU,SACb,QAAQ,iBAAiB,MAAM,EAAE,EACjC;AAAA;AAAA,MAEC;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,cAAc,MAAM;AAAA,MAC9B;AAAA,MACA,CAAC,YAAmC;AAClC,yBAAiB,CAAC,SAAS,CAAC,QAAQ,KAAK,GAAG,IAAI,CAAC;AAAA,MACnD;AAAA,IACF,EACC,UAAU;AAEb,WAAO,MAAM;AACX,eAAS,cAAc,OAAO;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,QAAM,aAAa,YAAY,OAAO,mBAA2B;AAC/D,QAAI,CAAC,SAAS,KAAM;AAEpB,UAAM,SACH,KAAK,eAAe,EACpB,OAAO,EAAE,MAAM,MAAM,UAAS,oBAAI,KAAK,GAAE,YAAY,EAAE,CAAC,EACxD,GAAG,MAAM,cAAc;AAE1B;AAAA,MAAiB,CAAC,SAChB,KAAK,IAAI,CAAC,MAAO,EAAE,OAAO,iBAAiB,EAAE,GAAG,GAAG,MAAM,KAAK,IAAI,CAAE;AAAA,IACtE;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,YAAY;AAC5C,QAAI,CAAC,SAAS,QAAQ,CAAC,OAAQ;AAE/B,UAAM,SACH,KAAK,eAAe,EACpB,OAAO,EAAE,MAAM,MAAM,UAAS,oBAAI,KAAK,GAAE,YAAY,EAAE,CAAC,EACxD,GAAG,WAAW,MAAM,EACpB,GAAG,QAAQ,KAAK;AAEnB,qBAAiB,CAAC,SAAS,KAAK,IAAI,CAAC,OAAO,EAAE,GAAG,GAAG,MAAM,KAAK,EAAE,CAAC;AAAA,EACpE,GAAG,CAAC,MAAM,CAAC;AAEX,QAAM,qBAAqB,YAAY,OAAO,mBAA2B;AACvE,QAAI,CAAC,SAAS,KAAM;AAEpB,UAAM,SAAS,KAAK,eAAe,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc;AACrE,qBAAiB,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,EAAE,OAAO,cAAc,CAAC;AAAA,EACxE,GAAG,CAAC,CAAC;AAEL,QAAM,cAAc,cAAc,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE;AAEzD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc,SAAS;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACjJA,SAAS,YAAAA,iBAAgB;AAanB,SASI,KATJ;AANC,SAAS,mBAAmB,EAAE,YAAY,GAAG,GAA4B;AAC9E,QAAM,EAAE,eAAe,aAAa,YAAY,eAAe,mBAAmB,IAAI,iBAAiB;AACvG,QAAM,CAAC,MAAM,OAAO,IAAIC,UAAS,KAAK;AAEtC,SACE,qBAAC,SAAI,WAAsB,OAAO,EAAE,UAAU,YAAY,SAAS,eAAe,GAChF;AAAA;AAAA,MAAC;AAAA;AAAA,QACC,SAAS,MAAM,QAAQ,CAAC,IAAI;AAAA,QAC5B,OAAO;AAAA,UACL,YAAY;AAAA,UAAQ,QAAQ;AAAA,UAAQ,QAAQ;AAAA,UAC5C,UAAU;AAAA,UAAY,SAAS;AAAA,UAAO,UAAU;AAAA,QAClD;AAAA,QACD;AAAA;AAAA,UAEE,cAAc,KACb,oBAAC,UAAK,OAAO;AAAA,YACX,UAAU;AAAA,YAAY,KAAK;AAAA,YAAO,OAAO;AAAA,YACzC,iBAAiB;AAAA,YAAW,OAAO;AAAA,YAAS,UAAU;AAAA,YACtD,cAAc;AAAA,YAAO,OAAO;AAAA,YAAQ,QAAQ;AAAA,YAC5C,SAAS;AAAA,YAAQ,YAAY;AAAA,YAAU,gBAAgB;AAAA,UACzD,GACG,wBAAc,IAAI,OAAO,aAC5B;AAAA;AAAA;AAAA,IAEJ;AAAA,IAEC,QACC,qBAAC,SAAI,OAAO;AAAA,MACV,UAAU;AAAA,MAAY,OAAO;AAAA,MAAG,KAAK;AAAA,MAAQ,OAAO;AAAA,MACpD,iBAAiB;AAAA,MAAS,QAAQ;AAAA,MAClC,cAAc;AAAA,MAAO,WAAW;AAAA,MAChC,QAAQ;AAAA,MAAI,WAAW;AAAA,MAAS,UAAU;AAAA,IAC5C,GACE;AAAA,2BAAC,SAAI,OAAO,EAAE,SAAS,aAAa,cAAc,qBAAqB,SAAS,QAAQ,gBAAgB,iBAAiB,YAAY,SAAS,GAC5I;AAAA,4BAAC,UAAK,OAAO,EAAE,YAAY,IAAI,GAAG,2BAAa;AAAA,QAC9C,cAAc,KACb,oBAAC,YAAO,SAAS,MAAM,cAAc,GAAG,OAAO,EAAE,YAAY,QAAQ,QAAQ,QAAQ,OAAO,WAAW,QAAQ,WAAW,UAAU,OAAO,GAAG,2BAE9I;AAAA,SAEJ;AAAA,MAEC,cAAc,WAAW,IACxB,oBAAC,SAAI,OAAO,EAAE,SAAS,QAAQ,WAAW,UAAU,OAAO,UAAU,GAAG,8BAExE,IAEA,cAAc,IAAI,CAAC,MACjB;AAAA,QAAC;AAAA;AAAA,UAEC,OAAO;AAAA,YACL,SAAS;AAAA,YAAa,cAAc;AAAA,YACpC,iBAAiB,EAAE,OAAO,gBAAgB;AAAA,YAC1C,QAAQ;AAAA,UACV;AAAA,UACA,SAAS,MAAM,CAAC,EAAE,QAAQ,WAAW,EAAE,EAAE;AAAA,UAEzC,+BAAC,SAAI,OAAO,EAAE,SAAS,QAAQ,gBAAgB,iBAAiB,YAAY,aAAa,GACvF;AAAA,iCAAC,SACC;AAAA,kCAAC,OAAE,OAAO,EAAE,YAAY,KAAK,UAAU,QAAQ,cAAc,MAAM,GAAI,YAAE,OAAM;AAAA,cAC/E,oBAAC,OAAE,OAAO,EAAE,OAAO,WAAW,UAAU,OAAO,GAAI,YAAE,SAAQ;AAAA,cAC7D,oBAAC,OAAE,OAAO,EAAE,OAAO,WAAW,UAAU,QAAQ,WAAW,MAAM,GAC9D,cAAI,KAAK,EAAE,UAAU,EAAE,mBAAmB,GAC7C;AAAA,eACF;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS,CAAC,MAAM;AAAE,oBAAE,gBAAgB;AAAG,qCAAmB,EAAE,EAAE;AAAA,gBAAG;AAAA,gBACjE,OAAO,EAAE,YAAY,QAAQ,QAAQ,QAAQ,OAAO,WAAW,QAAQ,WAAW,UAAU,OAAO;AAAA,gBACpG;AAAA;AAAA,YAED;AAAA,aACF;AAAA;AAAA,QAtBK,EAAE;AAAA,MAuBT,CACD;AAAA,OAEL;AAAA,KAEJ;AAEJ;;;AC9EA,eAAsB,iBACpB,QACA,OACA,SACA,UAAmC,CAAC,GACW;AAC/C,QAAM,YAAY,IAAI;AACtB,MAAI,CAAC,WAAW;AACd,WAAO,EAAE,SAAS,OAAO,OAAO,gCAAgC;AAAA,EAClE;AAEA,QAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAAS,IAAI,2BAA2B;AAAA,IACpE,cAAc;AAAA,IACd,WAAW;AAAA,IACX,SAAS;AAAA,IACT,WAAW;AAAA,IACX,QAAQ,QAAQ,QAAQ;AAAA,IACxB,QAAQ,QAAQ,QAAQ,CAAC;AAAA,EAC3B,CAAC;AAED,MAAI,OAAO;AACT,WAAO,EAAE,SAAS,OAAO,OAAO,MAAM,QAAQ;AAAA,EAChD;AAEA,SAAQ,QAAiD,EAAE,SAAS,KAAK;AAC3E;","names":["useState","useState"]}
1
+ {"version":3,"sources":["../../src/notifications/useNotifications.ts","../../src/notifications/NotificationCenter.tsx","../../src/notifications/sendNotification.ts"],"sourcesContent":["import { useState, useEffect, useCallback, useContext } from 'react';\r\nimport { supabase } from '../core/supabase';\r\nimport { features } from '../core/config';\r\nimport { AuthContext } from '../auth/AuthProvider';\r\n\r\ninterface Notification {\r\n id: string;\r\n type: string;\r\n title: string;\r\n message: string;\r\n data?: Record<string, unknown>;\r\n read: boolean;\r\n read_at?: string;\r\n created_at: string;\r\n}\r\n\r\nconst DEMO_NOTIFICATIONS: Notification[] = [\r\n {\r\n id: 'demo-1',\r\n type: 'info',\r\n title: 'Welcome!',\r\n message: 'Connect a database to enable real-time notifications.',\r\n read: false,\r\n created_at: new Date().toISOString(),\r\n },\r\n];\r\n\r\ninterface UseNotificationsReturn {\r\n notifications: Notification[];\r\n unreadCount: number;\r\n loading: boolean;\r\n isConfigured: boolean;\r\n markAsRead: (notificationId: string) => Promise<void>;\r\n markAllAsRead: () => Promise<void>;\r\n deleteNotification: (notificationId: string) => Promise<void>;\r\n refetch: () => Promise<void>;\r\n}\r\n\r\nexport function useNotifications(): UseNotificationsReturn {\r\n const auth = useContext(AuthContext);\r\n const [notifications, setNotifications] = useState<Notification[]>([]);\r\n const [loading, setLoading] = useState(true);\r\n\r\n const userId = auth?.user?.id;\r\n\r\n const fetchNotifications = useCallback(async () => {\r\n if (!features.auth || !userId) {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n setLoading(false);\r\n return;\r\n }\r\n\r\n try {\r\n const { data, error } = await supabase\r\n .from('notifications')\r\n .select('*')\r\n .eq('user_id', userId)\r\n .order('created_at', { ascending: false })\r\n .limit(50);\r\n\r\n if (error) {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n } else {\r\n setNotifications((data as Notification[]) || []);\r\n }\r\n } catch {\r\n setNotifications(DEMO_NOTIFICATIONS);\r\n } finally {\r\n setLoading(false);\r\n }\r\n }, [userId]);\r\n\r\n useEffect(() => {\r\n fetchNotifications();\r\n }, [fetchNotifications]);\r\n\r\n useEffect(() => {\r\n if (!features.auth || !userId) return;\r\n\r\n const channel = supabase\r\n .channel(`notifications_${userId}`)\r\n .on(\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n 'postgres_changes' as any,\r\n {\r\n event: 'INSERT',\r\n schema: 'public',\r\n table: 'notifications',\r\n filter: `user_id=eq.${userId}`,\r\n },\r\n (payload: { new: Notification }) => {\r\n setNotifications((prev) => [payload.new, ...prev]);\r\n }\r\n )\r\n .subscribe();\r\n\r\n return () => {\r\n supabase.removeChannel(channel);\r\n };\r\n }, [userId]);\r\n\r\n const markAsRead = useCallback(async (notificationId: string) => {\r\n if (!features.auth) return;\r\n\r\n await supabase\r\n .from('notifications')\r\n .update({ read: true, read_at: new Date().toISOString() })\r\n .eq('id', notificationId);\r\n\r\n setNotifications((prev) =>\r\n prev.map((n) => (n.id === notificationId ? { ...n, read: true } : n))\r\n );\r\n }, []);\r\n\r\n const markAllAsRead = useCallback(async () => {\r\n if (!features.auth || !userId) return;\r\n\r\n await supabase\r\n .from('notifications')\r\n .update({ read: true, read_at: new Date().toISOString() })\r\n .eq('user_id', userId)\r\n .eq('read', false);\r\n\r\n setNotifications((prev) => prev.map((n) => ({ ...n, read: true })));\r\n }, [userId]);\r\n\r\n const deleteNotification = useCallback(async (notificationId: string) => {\r\n if (!features.auth) return;\r\n\r\n await supabase.from('notifications').delete().eq('id', notificationId);\r\n setNotifications((prev) => prev.filter((n) => n.id !== notificationId));\r\n }, []);\r\n\r\n const unreadCount = notifications.filter((n) => !n.read).length;\r\n\r\n return {\r\n notifications,\r\n unreadCount,\r\n loading,\r\n isConfigured: features.auth,\r\n markAsRead,\r\n markAllAsRead,\r\n deleteNotification,\r\n refetch: fetchNotifications,\r\n };\r\n}\r\n","import { useState } from 'react';\r\nimport { useNotifications } from './useNotifications';\r\n\r\ninterface NotificationCenterProps {\r\n className?: string;\r\n}\r\n\r\nexport function NotificationCenter({ className = '' }: NotificationCenterProps) {\r\n const { notifications, unreadCount, markAsRead, markAllAsRead, deleteNotification } = useNotifications();\r\n const [open, setOpen] = useState(false);\r\n\r\n return (\r\n <div className={className} style={{ position: 'relative', display: 'inline-block' }}>\r\n <button\r\n onClick={() => setOpen(!open)}\r\n style={{\r\n background: 'none', border: 'none', cursor: 'pointer',\r\n position: 'relative', padding: '8px', fontSize: '20px',\r\n }}\r\n >\r\n 🔔\r\n {unreadCount > 0 && (\r\n <span style={{\r\n position: 'absolute', top: '2px', right: '2px',\r\n backgroundColor: '#dc2626', color: 'white', fontSize: '10px',\r\n borderRadius: '50%', width: '18px', height: '18px',\r\n display: 'flex', alignItems: 'center', justifyContent: 'center',\r\n }}>\r\n {unreadCount > 9 ? '9+' : unreadCount}\r\n </span>\r\n )}\r\n </button>\r\n\r\n {open && (\r\n <div style={{\r\n position: 'absolute', right: 0, top: '100%', width: '320px',\r\n backgroundColor: 'white', border: '1px solid #e5e7eb',\r\n borderRadius: '8px', boxShadow: '0 4px 12px rgba(0,0,0,0.1)',\r\n zIndex: 50, maxHeight: '400px', overflow: 'auto',\r\n }}>\r\n <div style={{ padding: '12px 16px', borderBottom: '1px solid #e5e7eb', display: 'flex', justifyContent: 'space-between', alignItems: 'center' }}>\r\n <span style={{ fontWeight: 600 }}>Notifications</span>\r\n {unreadCount > 0 && (\r\n <button onClick={() => markAllAsRead()} style={{ background: 'none', border: 'none', color: '#3b82f6', cursor: 'pointer', fontSize: '12px' }}>\r\n Mark all read\r\n </button>\r\n )}\r\n </div>\r\n\r\n {notifications.length === 0 ? (\r\n <div style={{ padding: '24px', textAlign: 'center', color: '#9ca3af' }}>\r\n No notifications\r\n </div>\r\n ) : (\r\n notifications.map((n) => (\r\n <div\r\n key={n.id}\r\n style={{\r\n padding: '12px 16px', borderBottom: '1px solid #f3f4f6',\r\n backgroundColor: n.read ? 'transparent' : '#eff6ff',\r\n cursor: 'pointer',\r\n }}\r\n onClick={() => !n.read && markAsRead(n.id)}\r\n >\r\n <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'flex-start' }}>\r\n <div>\r\n <p style={{ fontWeight: 500, fontSize: '14px', marginBottom: '2px' }}>{n.title}</p>\r\n <p style={{ color: '#6b7280', fontSize: '13px' }}>{n.message}</p>\r\n <p style={{ color: '#9ca3af', fontSize: '11px', marginTop: '4px' }}>\r\n {new Date(n.created_at).toLocaleDateString()}\r\n </p>\r\n </div>\r\n <button\r\n onClick={(e) => { e.stopPropagation(); deleteNotification(n.id); }}\r\n style={{ background: 'none', border: 'none', color: '#9ca3af', cursor: 'pointer', fontSize: '16px' }}\r\n >\r\n ×\r\n </button>\r\n </div>\r\n </div>\r\n ))\r\n )}\r\n </div>\r\n )}\r\n </div>\r\n );\r\n}\r\n","/**\r\n * SDK sendNotification (B1).\r\n *\r\n * Routes to /api/project-notifications/send using the SERVER-class project\r\n * token.\r\n *\r\n * BEFORE B1, this function called a Supabase RPC (`sdk_create_notification`)\r\n * directly. That bypassed the platform auth surface entirely, so quota and\r\n * per-tier limits could not be enforced.\r\n *\r\n * AFTER B1:\r\n * - Reads EZC_PROJECT_TOKEN_SERVER from server-side env.\r\n * - Sends via `X-EzCoder-Server-Token` header to the new\r\n * /api/project-notifications/send endpoint.\r\n * - Refuses to run from browser bundles with a clear, actionable error.\r\n * - Per-project rate limits, audit logging, and the credential class check\r\n * are enforced server-side.\r\n *\r\n * For READING notifications (browser-friendly), see `useNotifications`,\r\n * which targets /api/project-notifications/list using the PUBLIC-class\r\n * token via `resolvePublicToken()`.\r\n */\r\n\r\nimport { env } from '../core/config';\r\nimport { resolveServerToken } from '../core/projectToken';\r\n\r\ninterface SendNotificationOptions {\r\n type?: 'info' | 'success' | 'warning' | 'error' | 'system';\r\n data?: Record<string, unknown>;\r\n}\r\n\r\ninterface SendNotificationResult {\r\n success: boolean;\r\n id?: string;\r\n error?: string;\r\n code?: string;\r\n}\r\n\r\nexport async function sendNotification(\r\n userId: string,\r\n title: string,\r\n message: string,\r\n options: SendNotificationOptions = {},\r\n): Promise<SendNotificationResult> {\r\n const apiUrl = env.EZCODER_API_URL;\r\n const projectId = env.EZC_PROJECT_ID;\r\n\r\n if (!apiUrl || !projectId) {\r\n return {\r\n success: false,\r\n error: 'EZCODER_API_URL and EZC_PROJECT_ID are required',\r\n code: 'sdk_misconfigured',\r\n };\r\n }\r\n\r\n const tokenResolution = resolveServerToken();\r\n if (!tokenResolution.ok) {\r\n return { success: false, error: tokenResolution.reason, code: 'no_server_token' };\r\n }\r\n\r\n try {\r\n const res = await fetch(`${apiUrl}/api/project-notifications/send`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'X-EzCoder-Server-Token': tokenResolution.token,\r\n },\r\n body: JSON.stringify({\r\n projectId,\r\n userId,\r\n title,\r\n message,\r\n type: options.type ?? 'info',\r\n data: options.data ?? {},\r\n }),\r\n });\r\n\r\n const raw: unknown = await res.json().catch(() => ({}));\r\n const data = (raw && typeof raw === 'object' ? raw : {}) as {\r\n id?: string;\r\n error?: string;\r\n code?: string;\r\n };\r\n\r\n if (!res.ok) {\r\n return {\r\n success: false,\r\n error: data.error ?? `HTTP ${res.status}`,\r\n code: data.code,\r\n };\r\n }\r\n\r\n return { success: true, id: data.id };\r\n } catch (err: unknown) {\r\n return {\r\n success: false,\r\n error: err instanceof Error ? err.message : 'Network error',\r\n code: 'network_error',\r\n };\r\n }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;AAAA,SAAS,UAAU,WAAW,aAAa,kBAAkB;AAgB7D,IAAM,qBAAqC;AAAA,EACzC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,OAAO;AAAA,IACP,SAAS;AAAA,IACT,MAAM;AAAA,IACN,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,EACrC;AACF;AAaO,SAAS,mBAA2C;AACzD,QAAM,OAAO,WAAW,WAAW;AACnC,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,IAAI;AAE3C,QAAM,SAAS,MAAM,MAAM;AAE3B,QAAM,qBAAqB,YAAY,YAAY;AACjD,QAAI,CAAC,SAAS,QAAQ,CAAC,QAAQ;AAC7B,uBAAiB,kBAAkB;AACnC,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,EAAE;AAEX,UAAI,OAAO;AACT,yBAAiB,kBAAkB;AAAA,MACrC,OAAO;AACL,yBAAkB,QAA2B,CAAC,CAAC;AAAA,MACjD;AAAA,IACF,QAAQ;AACN,uBAAiB,kBAAkB;AAAA,IACrC,UAAE;AACA,iBAAW,KAAK;AAAA,IAClB;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,YAAU,MAAM;AACd,uBAAmB;AAAA,EACrB,GAAG,CAAC,kBAAkB,CAAC;AAEvB,YAAU,MAAM;AACd,QAAI,CAAC,SAAS,QAAQ,CAAC,OAAQ;AAE/B,UAAM,UAAU,SACb,QAAQ,iBAAiB,MAAM,EAAE,EACjC;AAAA;AAAA,MAEC;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,QAAQ,cAAc,MAAM;AAAA,MAC9B;AAAA,MACA,CAAC,YAAmC;AAClC,yBAAiB,CAAC,SAAS,CAAC,QAAQ,KAAK,GAAG,IAAI,CAAC;AAAA,MACnD;AAAA,IACF,EACC,UAAU;AAEb,WAAO,MAAM;AACX,eAAS,cAAc,OAAO;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,QAAM,aAAa,YAAY,OAAO,mBAA2B;AAC/D,QAAI,CAAC,SAAS,KAAM;AAEpB,UAAM,SACH,KAAK,eAAe,EACpB,OAAO,EAAE,MAAM,MAAM,UAAS,oBAAI,KAAK,GAAE,YAAY,EAAE,CAAC,EACxD,GAAG,MAAM,cAAc;AAE1B;AAAA,MAAiB,CAAC,SAChB,KAAK,IAAI,CAAC,MAAO,EAAE,OAAO,iBAAiB,EAAE,GAAG,GAAG,MAAM,KAAK,IAAI,CAAE;AAAA,IACtE;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,YAAY;AAC5C,QAAI,CAAC,SAAS,QAAQ,CAAC,OAAQ;AAE/B,UAAM,SACH,KAAK,eAAe,EACpB,OAAO,EAAE,MAAM,MAAM,UAAS,oBAAI,KAAK,GAAE,YAAY,EAAE,CAAC,EACxD,GAAG,WAAW,MAAM,EACpB,GAAG,QAAQ,KAAK;AAEnB,qBAAiB,CAAC,SAAS,KAAK,IAAI,CAAC,OAAO,EAAE,GAAG,GAAG,MAAM,KAAK,EAAE,CAAC;AAAA,EACpE,GAAG,CAAC,MAAM,CAAC;AAEX,QAAM,qBAAqB,YAAY,OAAO,mBAA2B;AACvE,QAAI,CAAC,SAAS,KAAM;AAEpB,UAAM,SAAS,KAAK,eAAe,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc;AACrE,qBAAiB,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,EAAE,OAAO,cAAc,CAAC;AAAA,EACxE,GAAG,CAAC,CAAC;AAEL,QAAM,cAAc,cAAc,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE;AAEzD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc,SAAS;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,EACX;AACF;;;ACjJA,SAAS,YAAAA,iBAAgB;AAanB,SASI,KATJ;AANC,SAAS,mBAAmB,EAAE,YAAY,GAAG,GAA4B;AAC9E,QAAM,EAAE,eAAe,aAAa,YAAY,eAAe,mBAAmB,IAAI,iBAAiB;AACvG,QAAM,CAAC,MAAM,OAAO,IAAIC,UAAS,KAAK;AAEtC,SACE,qBAAC,SAAI,WAAsB,OAAO,EAAE,UAAU,YAAY,SAAS,eAAe,GAChF;AAAA;AAAA,MAAC;AAAA;AAAA,QACC,SAAS,MAAM,QAAQ,CAAC,IAAI;AAAA,QAC5B,OAAO;AAAA,UACL,YAAY;AAAA,UAAQ,QAAQ;AAAA,UAAQ,QAAQ;AAAA,UAC5C,UAAU;AAAA,UAAY,SAAS;AAAA,UAAO,UAAU;AAAA,QAClD;AAAA,QACD;AAAA;AAAA,UAEE,cAAc,KACb,oBAAC,UAAK,OAAO;AAAA,YACX,UAAU;AAAA,YAAY,KAAK;AAAA,YAAO,OAAO;AAAA,YACzC,iBAAiB;AAAA,YAAW,OAAO;AAAA,YAAS,UAAU;AAAA,YACtD,cAAc;AAAA,YAAO,OAAO;AAAA,YAAQ,QAAQ;AAAA,YAC5C,SAAS;AAAA,YAAQ,YAAY;AAAA,YAAU,gBAAgB;AAAA,UACzD,GACG,wBAAc,IAAI,OAAO,aAC5B;AAAA;AAAA;AAAA,IAEJ;AAAA,IAEC,QACC,qBAAC,SAAI,OAAO;AAAA,MACV,UAAU;AAAA,MAAY,OAAO;AAAA,MAAG,KAAK;AAAA,MAAQ,OAAO;AAAA,MACpD,iBAAiB;AAAA,MAAS,QAAQ;AAAA,MAClC,cAAc;AAAA,MAAO,WAAW;AAAA,MAChC,QAAQ;AAAA,MAAI,WAAW;AAAA,MAAS,UAAU;AAAA,IAC5C,GACE;AAAA,2BAAC,SAAI,OAAO,EAAE,SAAS,aAAa,cAAc,qBAAqB,SAAS,QAAQ,gBAAgB,iBAAiB,YAAY,SAAS,GAC5I;AAAA,4BAAC,UAAK,OAAO,EAAE,YAAY,IAAI,GAAG,2BAAa;AAAA,QAC9C,cAAc,KACb,oBAAC,YAAO,SAAS,MAAM,cAAc,GAAG,OAAO,EAAE,YAAY,QAAQ,QAAQ,QAAQ,OAAO,WAAW,QAAQ,WAAW,UAAU,OAAO,GAAG,2BAE9I;AAAA,SAEJ;AAAA,MAEC,cAAc,WAAW,IACxB,oBAAC,SAAI,OAAO,EAAE,SAAS,QAAQ,WAAW,UAAU,OAAO,UAAU,GAAG,8BAExE,IAEA,cAAc,IAAI,CAAC,MACjB;AAAA,QAAC;AAAA;AAAA,UAEC,OAAO;AAAA,YACL,SAAS;AAAA,YAAa,cAAc;AAAA,YACpC,iBAAiB,EAAE,OAAO,gBAAgB;AAAA,YAC1C,QAAQ;AAAA,UACV;AAAA,UACA,SAAS,MAAM,CAAC,EAAE,QAAQ,WAAW,EAAE,EAAE;AAAA,UAEzC,+BAAC,SAAI,OAAO,EAAE,SAAS,QAAQ,gBAAgB,iBAAiB,YAAY,aAAa,GACvF;AAAA,iCAAC,SACC;AAAA,kCAAC,OAAE,OAAO,EAAE,YAAY,KAAK,UAAU,QAAQ,cAAc,MAAM,GAAI,YAAE,OAAM;AAAA,cAC/E,oBAAC,OAAE,OAAO,EAAE,OAAO,WAAW,UAAU,OAAO,GAAI,YAAE,SAAQ;AAAA,cAC7D,oBAAC,OAAE,OAAO,EAAE,OAAO,WAAW,UAAU,QAAQ,WAAW,MAAM,GAC9D,cAAI,KAAK,EAAE,UAAU,EAAE,mBAAmB,GAC7C;AAAA,eACF;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,SAAS,CAAC,MAAM;AAAE,oBAAE,gBAAgB;AAAG,qCAAmB,EAAE,EAAE;AAAA,gBAAG;AAAA,gBACjE,OAAO,EAAE,YAAY,QAAQ,QAAQ,QAAQ,OAAO,WAAW,QAAQ,WAAW,UAAU,OAAO;AAAA,gBACpG;AAAA;AAAA,YAED;AAAA,aACF;AAAA;AAAA,QAtBK,EAAE;AAAA,MAuBT,CACD;AAAA,OAEL;AAAA,KAEJ;AAEJ;;;AChDA,eAAsB,iBACpB,QACA,OACA,SACA,UAAmC,CAAC,GACH;AACjC,QAAM,SAAS,IAAI;AACnB,QAAM,YAAY,IAAI;AAEtB,MAAI,CAAC,UAAU,CAAC,WAAW;AACzB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,MACP,MAAM;AAAA,IACR;AAAA,EACF;AAEA,QAAM,kBAAkB,mBAAmB;AAC3C,MAAI,CAAC,gBAAgB,IAAI;AACvB,WAAO,EAAE,SAAS,OAAO,OAAO,gBAAgB,QAAQ,MAAM,kBAAkB;AAAA,EAClF;AAEA,MAAI;AACF,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,mCAAmC;AAAA,MAClE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,0BAA0B,gBAAgB;AAAA,MAC5C;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,QAAQ,QAAQ;AAAA,QACtB,MAAM,QAAQ,QAAQ,CAAC;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AAED,UAAM,MAAe,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACtD,UAAM,OAAQ,OAAO,OAAO,QAAQ,WAAW,MAAM,CAAC;AAMtD,QAAI,CAAC,IAAI,IAAI;AACX,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,KAAK,SAAS,QAAQ,IAAI,MAAM;AAAA,QACvC,MAAM,KAAK;AAAA,MACb;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,MAAM,IAAI,KAAK,GAAG;AAAA,EACtC,SAAS,KAAc;AACrB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO,eAAe,QAAQ,IAAI,UAAU;AAAA,MAC5C,MAAM;AAAA,IACR;AAAA,EACF;AACF;","names":["useState","useState"]}
package/dist/payments/index.js CHANGED
@@ -1,13 +1,15 @@
1
1
  import {
2
2
  AuthContext
3
- } from "../chunk-AWU47M6N.js";
3
+ } from "../chunk-QHB7LGCA.js";
4
4
  import {
5
5
  ezcoder
6
- } from "../chunk-GPF4AYNG.js";
6
+ } from "../chunk-HJ2EIZ4S.js";
7
7
  import {
8
- features,
9
8
  supabase
10
- } from "../chunk-2WG4O4J2.js";
9
+ } from "../chunk-I2YGB7Z6.js";
10
+ import {
11
+ features
12
+ } from "../chunk-LIUE7M7K.js";
11
13
 
12
14
  // src/payments/useSubscription.ts
13
15
  import { useState, useEffect, useCallback, useContext } from "react";