@ingenx-io/valets-schema-mcp-server 0.1.3 → 0.1.4

package/data/static/openapi.yaml

@@ -20,6 +20,16 @@ info:
 paths: {}
 components:
   schemas:
+    AttentionStatus:
+      type: string
+      enum:
+      - ACTIVE
+      - STALE
+      - ON_HOLD
+      - ESCALATED
+      description: Operational attention status for Order and Booking (D39). Controls
+        home-page queue assignment. Server-owned — set via triggers or callable fn
+        only.
     BookingStatus:
       type: string
       enum:
@@ -135,6 +145,23 @@ components:
       - PARTIALLY_REFUNDED
       description: Payment lifecycle status (D01 amended). Used by Order, Sale/Purchase,
         Booking.
+    PendingIssue:
+      type: string
+      enum:
+      - PAYMENT_PROOF_PENDING
+      - PAYMENT_PROOF_REJECTED
+      - AMOUNT_DISCREPANCY
+      - RETURN_UNRESOLVED
+      - OVERDUE_DELIVERY
+      - SESSION_OVERDUE
+      - PAYMENT_INCOMPLETE
+      - CANCELLATION_REQUESTED
+      - UNREFUNDED_CANCELLATION
+      - UPCOMING_UNPAID
+      - NO_SHOW_UNRESOLVED
+      description: Specific detected conditions on an Order or Booking requiring human
+        action (D39). Stored as an array — multiple issues can be active simultaneously.
+        Server-owned.
     ReturnStatus:
       type: string
       enum:
@@ -180,6 +207,247 @@ components:
       - _nanoseconds
       additionalProperties: false
       description: Firestore Timestamp serialized representation
+    AllowedUser:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          description: (Read-only) Firestore document ID = contact identifier (email
+            or E.164 phone), URL-escaped.
+          type:
+          - string
+          - 'null'
+        companyId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Company document ID.
+        siteId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Site document ID (D40 sub-tenant scope).
+        contact:
+          type: string
+          description: Email or E.164 phone number. Canonical identifier for this
+            user within the site.
+        tier:
+          type: string
+          description: Access tier. Free string per site (ING-304 open question —
+            tier values are site-specific today).
+        amount:
+          type: number
+          description: Amount paid. Generalized from amount_xof per D40 decision.
+        currency:
+          default: XOF
+          description: Currency code (ISO 4217). Defaults to XOF for legacy SR-Single
+            parity.
+          type: string
+        transactionId:
+          type: string
+          description: Payment provider transaction ID (e.g. Wave).
+        paidAt:
+          $ref: '#/components/schemas/FirestoreTimestamp'
+          description: RFC3339Nano UTC when payment was completed.
+      required:
+      - companyId
+      - siteId
+      - contact
+      - tier
+      - amount
+      - currency
+      - transactionId
+      - paidAt
+      additionalProperties: false
+      description: 'AllowedUser model (D40 / ING-304). Collection: companies/{companyId}/sites/{siteId}/allowed_users/{contactId}.
+        Authoritative paid-access allowlist. Upsert semantics — tier upgrades overwrite.
+        Source of truth for access checks and referral code resolution.'
+    AllowedUserCreate:
+      allOf:
+      - $ref: '#/components/schemas/AllowedUser'
+      description: Write payload for creating a new AllowedUser document. Fields marked
+        `readOnly` are server-set and must not be included. Fields marked `x-immutable`
+        may be set once at creation.
+      required:
+      - companyId
+      - siteId
+      - contact
+      - tier
+      - amount
+      - currency
+      - transactionId
+      - paidAt
+    AllowedUserUpdate:
+      allOf:
+      - $ref: '#/components/schemas/AllowedUser'
+      description: Write payload for partial update (PATCH) of a AllowedUser document.
+        All fields optional. Fields marked `readOnly` or `x-immutable` must not be
+        sent.
+    AnalyticsEvent:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          description: (Read-only) Firestore document ID. Equal to eventId.
+          type:
+          - string
+          - 'null'
+        companyId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Company document ID.
+        siteId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Site document ID (D40 sub-tenant scope).
+        eventId:
+          type: string
+          x-immutable: true
+          description: (Immutable) Client-generated UUID. Matches document ID.
+        eventName:
+          type: string
+          description: Event name. Free string; canonical vocabulary is encouraged
+            (see CANONICAL_ANALYTICS_EVENT_NAMES).
+        timestamp:
+          type: string
+          description: Client-side ISO 8601 — "when it happened on device". Can diverge
+            from serverTimestamp for queued offline events.
+        serverTimestamp:
+          $ref: '#/components/schemas/FirestoreTimestamp'
+          description: (Read-only) Firestore serverTimestamp() — authoritative for
+            ordering.
+          readOnly: true
+        sessionId:
+          type: string
+          description: 30-minute rolling session identifier.
+        userId:
+          anyOf:
+          - type: string
+          - type: 'null'
+          description: Stable user ID if identified; explicitly null (not omitted)
+            for anonymous sessions — simplifies querying.
+        properties:
+          type: object
+          propertyNames:
+            type: string
+          additionalProperties: {}
+          description: 'Free-form event-specific payload. Contract is at the event-name
+            level. PII posture: follow-up issue pending.'
+        context:
+          type: object
+          properties:
+            url:
+              description: Full URL at event time.
+              type: string
+            origin:
+              description: Protocol + host.
+              type: string
+            hostname:
+              description: Hostname only — useful for deployment identification.
+              type: string
+            page:
+              description: Current route/pathname.
+              type: string
+            title:
+              description: Page title.
+              type: string
+            referrer:
+              description: Referrer URL.
+              type: string
+            deviceType:
+              type: string
+              enum:
+              - mobile
+              - tablet
+              - desktop
+            platform:
+              description: OS/platform string.
+              type: string
+            screenWidth:
+              description: Viewport width (flattened from screen.width).
+              type: integer
+              minimum: -9007199254740991
+              maximum: 9007199254740991
+            screenHeight:
+              description: Viewport height (flattened from screen.height).
+              type: integer
+              minimum: -9007199254740991
+              maximum: 9007199254740991
+            appVersion:
+              description: Consuming app version.
+              type: string
+            online:
+              description: Connectivity state at event time.
+              type: boolean
+            locale:
+              description: User locale.
+              type: string
+            timezone:
+              description: IANA timezone.
+              type: string
+            utm:
+              description: UTM parameters; null when not a campaign-landed session.
+              anyOf:
+              - type: object
+                properties:
+                  source:
+                    type: string
+                  medium:
+                    type: string
+                  campaign:
+                    type: string
+                  term:
+                    type: string
+                  content:
+                    type: string
+                additionalProperties: false
+              - type: 'null'
+          additionalProperties: false
+          description: Environment context at event time (nested per D40).
+        userTraits:
+          description: 'Optional — included only when includeUserTraits: true on the
+            write. PII posture: follow-up issue pending.'
+          type:
+          - object
+          - 'null'
+          propertyNames:
+            type: string
+          additionalProperties: {}
+      required:
+      - companyId
+      - siteId
+      - eventId
+      - eventName
+      - timestamp
+      - serverTimestamp
+      - sessionId
+      - userId
+      - properties
+      - context
+      additionalProperties: false
+      description: 'AnalyticsEvent model (D40 / ING-304). Collection: companies/{companyId}/sites/{siteId}/analytics_events/{eventId}.
+        Append-only, immutable product/behavior event stream. Event names are free
+        strings; canonical vocabulary in CANONICAL_ANALYTICS_EVENT_NAMES.'
+    AnalyticsEventCreate:
+      allOf:
+      - $ref: '#/components/schemas/AnalyticsEvent'
+      description: Write payload for creating a new AnalyticsEvent document. Fields
+        marked `readOnly` are server-set and must not be included. Fields marked `x-immutable`
+        may be set once at creation.
+      required:
+      - companyId
+      - siteId
+      - eventId
+      - eventName
+      - timestamp
+      - sessionId
+      - userId
+      - properties
+      - context
+    AnalyticsEventUpdate:
+      allOf:
+      - $ref: '#/components/schemas/AnalyticsEvent'
+      description: Write payload for partial update (PATCH) of a AnalyticsEvent document.
+        All fields optional. Fields marked `readOnly` or `x-immutable` must not be
+        sent.
     Booking:
       type: object
       properties:
@@ -1598,6 +1866,112 @@ components:
       description: Write payload for partial update (PATCH) of a LoyaltyTransaction
         document. All fields optional. Fields marked `readOnly` or `x-immutable` must
         not be sent.
+    MagicLinkRequest:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          description: (Read-only) Firestore document ID. 16-byte random hex.
+          type:
+          - string
+          - 'null'
+        companyId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Company document ID.
+        siteId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Site document ID (D40 sub-tenant scope).
+        email:
+          type: string
+          description: Populated if identifier is email; empty string if phone. Mutually
+            exclusive with phone per document.
+        phone:
+          type: string
+          description: Populated if identifier is E.164 format (starts with +); empty
+            string if email.
+        ip:
+          type: string
+          description: Client IP from X-Forwarded-For or RemoteAddr.
+        allowed:
+          type: boolean
+          description: Whether the user passed the access control check.
+        link:
+          type: string
+          description: Magic-link URL — non-empty only when DEV_MODE=true; empty in
+            production (audit integrity).
+        tier:
+          type: string
+          description: Access tier selected by the user. Free string per site (ING-304
+            open question — tier values are site-specific today).
+        authStatusReason:
+          type: string
+          description: 'Outcome reason code: whitelist | allowed_users | payment_redirect
+            | payment_complete | not_allowed | redirected_to_payment.'
+        referredBy:
+          type: string
+          description: Contact identifier of the referrer, resolved from submitted
+            referral_code; empty if none.
+        requestedAt:
+          $ref: '#/components/schemas/FirestoreTimestamp'
+          description: RFC3339Nano UTC at request time.
+        verifyReason:
+          description: 'Verify outcome reason: mirrors authStatusReason on success,
+            or link_expired | link_invalid | not_allowed.'
+          type:
+          - string
+          - 'null'
+        verified:
+          description: Whether the verify attempt succeeded.
+          type:
+          - boolean
+          - 'null'
+        verifiedAt:
+          anyOf:
+          - $ref: '#/components/schemas/FirestoreTimestamp'
+          - type: 'null'
+          description: RFC3339Nano UTC at verify time.
+      required:
+      - companyId
+      - siteId
+      - email
+      - phone
+      - ip
+      - allowed
+      - link
+      - tier
+      - authStatusReason
+      - referredBy
+      - requestedAt
+      additionalProperties: false
+      description: 'MagicLinkRequest model (D40 / ING-304). Collection: companies/{companyId}/sites/{siteId}/magic_link_requests/{requestId}.
+        Authentication audit log — every request is logged regardless of outcome.
+        Two-stage write: Log() then LogVerify().'
+    MagicLinkRequestCreate:
+      allOf:
+      - $ref: '#/components/schemas/MagicLinkRequest'
+      description: Write payload for creating a new MagicLinkRequest document. Fields
+        marked `readOnly` are server-set and must not be included. Fields marked `x-immutable`
+        may be set once at creation.
+      required:
+      - companyId
+      - siteId
+      - email
+      - phone
+      - ip
+      - allowed
+      - link
+      - tier
+      - authStatusReason
+      - referredBy
+      - requestedAt
+    MagicLinkRequestUpdate:
+      allOf:
+      - $ref: '#/components/schemas/MagicLinkRequest'
+      description: Write payload for partial update (PATCH) of a MagicLinkRequest
+        document. All fields optional. Fields marked `readOnly` or `x-immutable` must
+        not be sent.
     MetricsCurrent:
       type: object
       properties:
@@ -2827,6 +3201,83 @@ components:
       - $ref: '#/components/schemas/Sale'
       description: Write payload for partial update (PATCH) of a Sale document. All
         fields optional. Fields marked `readOnly` or `x-immutable` must not be sent.
+    SitePayment:
+      type: object
+      properties:
+        id:
+          readOnly: true
+          description: (Read-only) Firestore document ID, auto-generated.
+          type:
+          - string
+          - 'null'
+        companyId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Company document ID.
+        siteId:
+          type: string
+          x-immutable: true
+          description: (Immutable) FK → Site document ID (D40 sub-tenant scope).
+        contact:
+          type: string
+          description: Email or E.164 phone number. Matches AllowedUser.contact.
+        sessionId:
+          type: string
+          description: Payment provider checkout session ID (e.g. Wave). Usable for
+            dedup across dual writes.
+        transactionId:
+          type: string
+          description: Payment provider transaction ID.
+        tier:
+          type: string
+          description: Access tier. Free string per site (ING-304 open question).
+        amount:
+          type: number
+          description: Amount paid. Generalized from amount_xof per D40 decision.
+        currency:
+          default: XOF
+          description: Currency code (ISO 4217). Defaults to XOF for legacy SR-Single
+            parity.
+          type: string
+        paidAt:
+          $ref: '#/components/schemas/FirestoreTimestamp'
+          description: RFC3339Nano UTC when payment was completed.
+      required:
+      - companyId
+      - siteId
+      - contact
+      - sessionId
+      - transactionId
+      - tier
+      - amount
+      - currency
+      - paidAt
+      additionalProperties: false
+      description: 'SitePayment model (D40 / ING-304). Collection: companies/{companyId}/sites/{siteId}/payments/{paymentId}.
+        Immutable append-only transaction ledger. Distinct from AllowedUser (access
+        state) and CustomerPayment (D22 — customer-level billing).'
+    SitePaymentCreate:
+      allOf:
+      - $ref: '#/components/schemas/SitePayment'
+      description: Write payload for creating a new SitePayment document. Fields marked
+        `readOnly` are server-set and must not be included. Fields marked `x-immutable`
+        may be set once at creation.
+      required:
+      - companyId
+      - siteId
+      - contact
+      - sessionId
+      - transactionId
+      - tier
+      - amount
+      - currency
+      - paidAt
+    SitePaymentUpdate:
+      allOf:
+      - $ref: '#/components/schemas/SitePayment'
+      description: Write payload for partial update (PATCH) of a SitePayment document.
+        All fields optional. Fields marked `readOnly` or `x-immutable` must not be
+        sent.
     Ticket:
       type: object
       properties: