@mohasinac/appkit 2.6.5 → 2.6.6

package/dist/features/stores/repository/store.repository.js

@@ -8,10 +8,35 @@ import { BaseRepository, prepareForFirestore, applySieveToFirestore, } from "../
 import { increment } from "../../../contracts/field-ops";
 import { STORE_COLLECTION, STORE_FIELDS, DEFAULT_STORE_DATA, StoreStatusValues, } from "../schemas";
 import { DatabaseError } from "../../../errors";
+import { encryptSecret, decryptSecret, } from "../../../security/settings-encryption";
 export class StoreRepository extends BaseRepository {
     constructor() {
         super(STORE_COLLECTION);
     }
+    encryptSecrets(data) {
+        const token = data.whatsappConfig?.accessToken;
+        if (!token)
+            return data;
+        return {
+            ...data,
+            whatsappConfig: { ...data.whatsappConfig, accessToken: encryptSecret(token) },
+        };
+    }
+    decryptSecrets(data) {
+        const token = data.whatsappConfig?.accessToken;
+        if (!token)
+            return data;
+        return {
+            ...data,
+            whatsappConfig: { ...data.whatsappConfig, accessToken: decryptSecret(token) },
+        };
+    }
+    mapDoc(snap) {
+        return this.decryptSecrets(super.mapDoc(snap));
+    }
+    async update(id, data) {
+        return super.update(id, this.encryptSecrets(data));
+    }
     /**
      * Create a new store.
      * The document ID is set to storeSlug for easy URL-based lookups.
@@ -37,7 +62,7 @@ export class StoreRepository extends BaseRepository {
             await this.db
                 .collection(this.collection)
                 .doc(input.storeSlug)
-                .create(prepareForFirestore(storeData));
+                .create(prepareForFirestore(this.encryptSecrets(storeData)));
         }
         catch (err) {
             // gRPC ALREADY_EXISTS = code 6
@@ -210,7 +235,7 @@ export class StoreRepository extends BaseRepository {
         const batch = this.db.batch();
         const newRef = this.db.collection(this.collection).doc(newSlug);
         const oldRef = this.db.collection(this.collection).doc(currentSlug);
-        batch.create(newRef, prepareForFirestore(newDoc));
+        batch.create(newRef, prepareForFirestore(this.encryptSecrets(newDoc)));
         batch.delete(oldRef);
         await batch.commit();
         return { id: newSlug, ...newDoc };

package/dist/features/support/repository/support.repository.d.ts

@@ -0,0 +1,18 @@
+import { BaseRepository } from "../../../providers/db-firebase";
+import type { FirebaseSieveFields, FirebaseSieveResult, SieveModel } from "../../../providers/db-firebase";
+import { type SupportTicketDocument, type SupportTicketCreateInput, type SupportTicketUpdateInput, type TicketMessage, type TicketStatus } from "../schemas/firestore";
+export declare class SupportRepository extends BaseRepository<SupportTicketDocument> {
+    static readonly SIEVE_FIELDS: FirebaseSieveFields;
+    constructor();
+    createTicket(input: SupportTicketCreateInput): Promise<SupportTicketDocument>;
+    getUserTickets(userId: string, page?: number, pageSize?: number): Promise<FirebaseSieveResult<SupportTicketDocument>>;
+    getTicketById(ticketId: string): Promise<SupportTicketDocument | null>;
+    countActiveTickets(userId: string): Promise<number>;
+    getActiveOrderTicket(userId: string, orderId: string): Promise<SupportTicketDocument | null>;
+    getActiveCategoryTicket(userId: string, category: string): Promise<SupportTicketDocument | null>;
+    updateTicketStatus(ticketId: string, update: SupportTicketUpdateInput): Promise<SupportTicketDocument>;
+    addMessage(ticketId: string, message: TicketMessage, newStatus?: TicketStatus): Promise<void>;
+    assignTicket(ticketId: string, assignedTo: string, assignedToName: string): Promise<SupportTicketDocument>;
+    listAll(model: SieveModel): Promise<FirebaseSieveResult<SupportTicketDocument>>;
+}
+export declare const supportRepository: SupportRepository;

package/dist/features/support/repository/support.repository.js

@@ -0,0 +1,117 @@
+import { firebaseFieldOps } from "../../../providers/db-firebase";
+import { BaseRepository, prepareForFirestore, } from "../../../providers/db-firebase";
+import { DatabaseError } from "../../../errors";
+import { SUPPORT_TICKET_COLLECTION, ACTIVE_TICKET_STATUSES, } from "../schemas/firestore";
+export class SupportRepository extends BaseRepository {
+    constructor() {
+        super(SUPPORT_TICKET_COLLECTION);
+    }
+    async createTicket(input) {
+        try {
+            const now = new Date();
+            const data = {
+                ...input,
+                status: "open",
+                priority: "normal",
+                messages: [],
+                createdAt: now,
+                updatedAt: now,
+            };
+            return this.create(data);
+        }
+        catch (err) {
+            throw new DatabaseError("Failed to create support ticket", err);
+        }
+    }
+    async getUserTickets(userId, page = 1, pageSize = 20) {
+        const model = {
+            filters: `userId==${userId}`,
+            sorts: "-createdAt",
+            page,
+            pageSize,
+        };
+        return this.sieveQuery(model, SupportRepository.SIEVE_FIELDS, { defaultPageSize: pageSize, maxPageSize: 50 });
+    }
+    async getTicketById(ticketId) {
+        return this.findById(ticketId);
+    }
+    async countActiveTickets(userId) {
+        const col = this.db.collection(SUPPORT_TICKET_COLLECTION);
+        const snaps = await Promise.all(ACTIVE_TICKET_STATUSES.map((s) => col
+            .where("userId", "==", userId)
+            .where("status", "==", s)
+            .select()
+            .get()));
+        return snaps.reduce((total, snap) => total + snap.size, 0);
+    }
+    async getActiveOrderTicket(userId, orderId) {
+        const col = this.db.collection(SUPPORT_TICKET_COLLECTION);
+        const snap = await col
+            .where("userId", "==", userId)
+            .where("orderId", "==", orderId)
+            .where("status", "in", ACTIVE_TICKET_STATUSES)
+            .limit(1)
+            .get();
+        if (snap.empty)
+            return null;
+        const doc = snap.docs[0];
+        return { id: doc.id, ...doc.data() };
+    }
+    async getActiveCategoryTicket(userId, category) {
+        const col = this.db.collection(SUPPORT_TICKET_COLLECTION);
+        const snap = await col
+            .where("userId", "==", userId)
+            .where("category", "==", category)
+            .where("status", "==", "waiting_on_user")
+            .limit(1)
+            .get();
+        if (snap.empty)
+            return null;
+        const doc = snap.docs[0];
+        return { id: doc.id, ...doc.data() };
+    }
+    async updateTicketStatus(ticketId, update) {
+        return this.update(ticketId, {
+            ...update,
+            updatedAt: new Date(),
+        });
+    }
+    async addMessage(ticketId, message, newStatus) {
+        try {
+            const ref = this.db
+                .collection(SUPPORT_TICKET_COLLECTION)
+                .doc(ticketId);
+            const updateData = {
+                messages: firebaseFieldOps.arrayUnion(prepareForFirestore(message)),
+                updatedAt: new Date(),
+            };
+            if (newStatus)
+                updateData.status = newStatus;
+            await ref.update(updateData);
+        }
+        catch (err) {
+            throw new DatabaseError("Failed to add message to ticket", err);
+        }
+    }
+    async assignTicket(ticketId, assignedTo, assignedToName) {
+        return this.update(ticketId, {
+            assignedTo,
+            assignedToName,
+            updatedAt: new Date(),
+        });
+    }
+    async listAll(model) {
+        return this.sieveQuery(model, SupportRepository.SIEVE_FIELDS, { defaultPageSize: 25, maxPageSize: 100 });
+    }
+}
+SupportRepository.SIEVE_FIELDS = {
+    userId: { canFilter: true, canSort: false },
+    status: { canFilter: true, canSort: false },
+    category: { canFilter: true, canSort: false },
+    priority: { canFilter: true, canSort: false },
+    assignedTo: { canFilter: true, canSort: false },
+    orderId: { canFilter: true, canSort: false },
+    createdAt: { canFilter: true, canSort: true },
+    updatedAt: { canFilter: true, canSort: true },
+};
+export const supportRepository = new SupportRepository();

package/dist/index.d.ts

@@ -526,6 +526,9 @@ export { siteSettingsRepository } from "./repositories/index";
 export { smsCounterRepository } from "./repositories/index";
 export { storeRepository } from "./repositories/index";
 export { scammerRepository } from "./repositories/index";
+export { supportRepository, SupportRepository } from "./repositories/index";
+export type { SupportTicketDocument, SupportTicketCreateInput, SupportTicketUpdateInput, TicketMessage, TicketCategory, TicketStatus, TicketPriority, } from "./repositories/index";
+export { ELIGIBLE_ORDER_STATUSES_FOR_TICKET } from "./features/support/schemas/firestore";
 export { productFeaturesRepository } from "./repositories/index";
 export type { ProductFeatureListFilter } from "./repositories/index";
 export { loadProductFeaturesForStore } from "./repositories/index";
@@ -1134,6 +1137,10 @@ export { DEFAULT_SITE_SETTINGS_DATA } from "./features/admin/index";
 export { DEFAULT_TRUST_BAR_ITEMS } from "./features/admin/index";
 export { DashboardStatsGrid } from "./features/admin/index";
 export { DemoSeedView } from "./features/admin/index";
+export { AdminTeamView } from "./features/admin/index";
+export { AdminEmployeeEditorView } from "./features/admin/index";
+export { AdminSupportTicketsView } from "./features/admin/index";
+export { AdminSupportTicketDetailView } from "./features/admin/index";
 export { DrawerFormFooter } from "./features/admin/index";
 export { FEATURE_FLAG_META } from "./features/admin/index";
 export { NOTIFICATIONS_COLLECTION } from "./features/admin/index";
@@ -1208,6 +1215,10 @@ export type { ChatRoomDocument } from "./features/admin/index";
 export type { ChatRoomUpdateInput } from "./features/admin/index";
 export type { DashboardStats } from "./features/admin/index";
 export type { DemoSeedViewProps } from "./features/admin/index";
+export type { AdminTeamViewProps } from "./features/admin/index";
+export type { AdminEmployeeEditorViewProps } from "./features/admin/index";
+export type { AdminSupportTicketsViewProps } from "./features/admin/index";
+export type { AdminSupportTicketDetailViewProps } from "./features/admin/index";
 export type { DrawerFormFooterProps } from "./features/admin/index";
 export type { FeatureFlagKey } from "./features/admin/index";
 export type { FeatureFlagMeta } from "./features/admin/index";
@@ -2973,6 +2984,7 @@ export { formatFileSize } from "./utils/number.formatter";
 export { formatMonthYear } from "./utils/date.formatter";
 export { generateMediaFilename } from "./utils/id-generators";
 export type { MediaFilenameContext } from "./utils/id-generators";
+export { resolveMediaUrl } from "./utils/media-url";
 export { generateFAQId } from "./utils/id-generators";
 export type { GenerateFAQIdInput } from "./utils/id-generators";
 export { generateCroppedImageFilename } from "./utils/id-generators";

package/dist/index.js

@@ -1082,6 +1082,9 @@ export { storeRepository } from "./repositories/index";
 // [DB]-Database layer — uses firebase-admin or another server-side DB SDK; can only run in a trusted server environment.
 // scammerRepository - Shared export for scammer profiles repository.
 export { scammerRepository } from "./repositories/index";
+// supportRepository - Server-only repository for support tickets (BAN1).
+export { supportRepository, SupportRepository } from "./repositories/index";
+export { ELIGIBLE_ORDER_STATUSES_FOR_TICKET } from "./features/support/schemas/firestore";
 // SB-UNI-B — sublistingCategoriesRepository + SublistingCategoryDocument deleted.
 // Use categoriesRepository.findBySlugAndType(slug, "sublisting") and CategoryDocument with categoryType:"sublisting".
 // [DB]-Database layer — uses firebase-admin; server-only.
@@ -2234,6 +2237,14 @@ export { DashboardStatsGrid } from "./features/admin/index";
 // [CLIENT-SSR]-Runs in both SSR and browser — React component or hook that does not depend on browser-only APIs.
 // DemoSeedView - Component for demo seed view.
 export { DemoSeedView } from "./features/admin/index";
+// AdminTeamView - Employee management list view.
+export { AdminTeamView } from "./features/admin/index";
+// AdminEmployeeEditorView - Invite/edit employee permissions SideDrawer.
+export { AdminEmployeeEditorView } from "./features/admin/index";
+// AdminSupportTicketsView - Admin support ticket list view.
+export { AdminSupportTicketsView } from "./features/admin/index";
+// AdminSupportTicketDetailView - Admin support ticket detail/reply SideDrawer.
+export { AdminSupportTicketDetailView } from "./features/admin/index";
 // [CLIENT-SSR]-Runs in both SSR and browser — React component or hook that does not depend on browser-only APIs.
 // DrawerFormFooter - Shared export for drawer form footer.
 export { DrawerFormFooter } from "./features/admin/index";
@@ -5433,6 +5444,7 @@ export { buildSieveFilters } from "./utils/filter.helper";
 export { formatFileSize } from "./utils/number.formatter";
 export { formatMonthYear } from "./utils/date.formatter";
 export { generateMediaFilename } from "./utils/id-generators"; // generateProductImageFilename already exported from "./utils/id-generators";
+export { resolveMediaUrl } from "./utils/media-url";
 export { generateFAQId } from "./utils/id-generators";
 export { generateCroppedImageFilename } from "./utils/id-generators";
 // Messages / Conversations feature schemas

package/dist/next/api/routeHandler.d.ts

@@ -48,6 +48,14 @@ interface RouteHandlerOptions<TInput = unknown, TParams = Record<string, string>
      * Implies `auth: true`.
      */
     roles?: string[];
+    /**
+     * Fine-grained permission required for this route.
+     * When set: also allows `"employee"` role through the role check, then
+     * verifies the permission via the registered `rbac` provider.
+     * Admin role always bypasses. Requires `rbac` provider to be registered.
+     * Implies `auth: true`.
+     */
+    permission?: string;
     /** Zod schema to validate + parse the JSON request body. */
     schema?: ParseableSchema<TInput>;
     /**

package/dist/next/api/routeHandler.js

@@ -68,7 +68,9 @@ export function createRouteHandler(options) {
         try {
             // -- Auth --------------------------------------------------------------
             let user;
-            const needsAuth = options.auth || (options.roles && options.roles.length > 0);
+            const needsAuth = options.auth ||
+                (options.roles && options.roles.length > 0) ||
+                !!options.permission;
             if (needsAuth) {
                 user = await verifySession(request);
             }
@@ -80,8 +82,27 @@ export function createRouteHandler(options) {
                     // No valid session — continue as anonymous
                 }
             }
-            if (options.roles && options.roles.length > 0) {
-                if (!user || !options.roles.includes(user.role ?? "")) {
+            // Role check — when `permission` is set, also allow "employee" through
+            const effectiveRoles = options.roles
+                ? options.permission
+                    ? [...new Set([...options.roles, "employee"])]
+                    : options.roles
+                : options.permission
+                    ? ["admin", "employee"]
+                    : [];
+            if (effectiveRoles.length > 0) {
+                if (!user || !effectiveRoles.includes(user.role ?? "")) {
+                    return NextResponse.json({ success: false, error: "Insufficient permissions" }, { status: 403 });
+                }
+            }
+            // -- Permission check (employee fine-grained) --------------------------
+            if (options.permission && user && user.role !== "admin") {
+                const { rbac } = getProviders();
+                if (!rbac) {
+                    return NextResponse.json({ success: false, error: "RBAC provider not configured" }, { status: 503 });
+                }
+                const perms = await rbac.getPermissions(user.uid);
+                if (!perms.includes(options.permission)) {
                     return NextResponse.json({ success: false, error: "Insufficient permissions" }, { status: 403 });
                 }
             }

package/dist/next/routing/route-map.d.ts

@@ -230,6 +230,7 @@ export declare const DEFAULT_ROUTE_MAP: {
         readonly BUNDLES_EDIT: (id: string) => string;
         readonly PRIZE_DRAWS: "/admin/prize-draws";
         readonly PRIZE_DRAWS_EDIT: (id: string) => string;
+        readonly TEAM: "/admin/team";
     };
     readonly DEMO: {
         readonly SEED: "/demo/seed";
@@ -459,6 +460,7 @@ export declare const ROUTES: {
         readonly BUNDLES_EDIT: (id: string) => string;
         readonly PRIZE_DRAWS: "/admin/prize-draws";
         readonly PRIZE_DRAWS_EDIT: (id: string) => string;
+        readonly TEAM: "/admin/team";
     };
     readonly DEMO: {
         readonly SEED: "/demo/seed";

package/dist/next/routing/route-map.js

@@ -221,6 +221,7 @@ export const DEFAULT_ROUTE_MAP = {
         BUNDLES_EDIT: (id) => `/admin/bundles/${id}/edit`,
         PRIZE_DRAWS: "/admin/prize-draws",
         PRIZE_DRAWS_EDIT: (id) => `/admin/prize-draws/${id}/edit`,
+        TEAM: "/admin/team",
     },
     DEMO: {
         SEED: "/demo/seed",

package/dist/repositories/index.d.ts

@@ -37,6 +37,8 @@ export type { NewsletterSubscriberDocument, NewsletterSubscriberCreateInput, New
 export { CopilotLogRepository, copilotLogRepository } from "../core";
 export type { CopilotFeedback, CopilotLogDocument, CopilotLogCreateInput, } from "../core";
 export { ScammerRepository, scammerRepository, } from "../features/scams/repository/scammer.repository";
+export { SupportRepository, supportRepository, } from "../features/support/repository/support.repository";
+export type { SupportTicketDocument, SupportTicketCreateInput, SupportTicketUpdateInput, TicketMessage, TicketCategory, TicketStatus, TicketPriority, } from "../features/support/schemas/firestore";
 export { ProductTemplateRepository, productTemplateRepository, } from "../features/products/repository/product-templates.repository";
 export type { ProductTemplateDocument, ProductTemplateCreateInput, ProductTemplateUpdateInput, } from "../features/products/schemas/product-templates";
 export { ProductFeaturesRepository, productFeaturesRepository, } from "../features/products/repository/product-features.repository";

package/dist/repositories/index.js

@@ -43,6 +43,7 @@ export { EventEntryRepository, EventEntriesRepository, eventEntryRepository, } f
 export { NewsletterRepository, newsletterRepository, } from "../core/newsletter.repository";
 export { CopilotLogRepository, copilotLogRepository } from "../core";
 export { ScammerRepository, scammerRepository, } from "../features/scams/repository/scammer.repository";
+export { SupportRepository, supportRepository, } from "../features/support/repository/support.repository";
 // SB-UNI-B — SublistingCategoriesRepository deleted; sublistings now live on
 // categoriesRepository with categoryType:"sublisting".
 export { ProductTemplateRepository, productTemplateRepository, } from "../features/products/repository/product-templates.repository";

package/dist/security/pii-schemas.d.ts

@@ -36,3 +36,5 @@ export declare const OFFER_PII_FIELDS: readonly ["buyerName", "buyerEmail", "sel
 export declare const CHAT_PII_FIELDS: readonly ["buyerName", "sellerName"];
 /** PII fields in event entries */
 export declare const EVENT_ENTRY_PII_FIELDS: readonly ["userDisplayName", "userEmail", "ipAddress"];
+/** Store OAuth bearer tokens — encrypted via SETTINGS_ENCRYPTION_KEY */
+export declare const STORE_SECRET_FIELDS: readonly ["whatsappConfig.accessToken"];

package/dist/security/pii-schemas.js

@@ -60,3 +60,5 @@ export const EVENT_ENTRY_PII_FIELDS = [
     "userEmail",
     "ipAddress",
 ];
+/** Store OAuth bearer tokens — encrypted via SETTINGS_ENCRYPTION_KEY */
+export const STORE_SECRET_FIELDS = ["whatsappConfig.accessToken"];

package/dist/seed/stores-seed-data.js

@@ -59,6 +59,7 @@ export const storesSeedData = [
             totalReviews: 0,
             averageRating: 0,
         },
+        capabilities: ["host_auctions", "host_preorders", "suggest_brands", "create_coupons", "bulk_listing_import", "verified_seller", "featured_placement", "promotional_banner", "advanced_analytics", "api_access", "multiple_stores", "early_access_features", "whatsapp_catalog_sync"],
         createdAt: daysAgo(400),
         updatedAt: daysAgo(1),
     },
@@ -119,6 +120,7 @@ export const storesSeedData = [
             totalReviews: 42,
             averageRating: 4.8,
         },
+        capabilities: ["host_auctions", "host_preorders", "suggest_brands", "create_coupons", "verified_seller", "featured_placement", "extended_return_window"],
         createdAt: daysAgo(380),
         updatedAt: daysAgo(2),
     },
@@ -148,6 +150,7 @@ export const storesSeedData = [
             totalReviews: 31,
             averageRating: 4.6,
         },
+        capabilities: ["suggest_brands", "create_coupons", "verified_seller", "extended_return_window"],
         createdAt: daysAgo(350),
         updatedAt: daysAgo(3),
     },
@@ -178,6 +181,7 @@ export const storesSeedData = [
             totalReviews: 58,
             averageRating: 4.9,
         },
+        capabilities: ["suggest_brands", "create_coupons"],
         createdAt: daysAgo(320),
         updatedAt: daysAgo(1),
     },
@@ -207,6 +211,7 @@ export const storesSeedData = [
             totalReviews: 47,
             averageRating: 4.7,
         },
+        capabilities: ["host_auctions", "suggest_brands", "create_coupons", "extended_return_window"],
         createdAt: daysAgo(290),
         updatedAt: daysAgo(2),
     },
@@ -237,6 +242,7 @@ export const storesSeedData = [
             totalReviews: 28,
             averageRating: 4.8,
         },
+        capabilities: ["suggest_brands", "create_coupons", "whatsapp_catalog_sync"],
         createdAt: daysAgo(260),
         updatedAt: daysAgo(1),
     },
@@ -267,6 +273,7 @@ export const storesSeedData = [
             totalReviews: 22,
             averageRating: 4.7,
         },
+        capabilities: ["host_preorders", "suggest_brands", "create_coupons", "extended_return_window"],
         createdAt: daysAgo(230),
         updatedAt: daysAgo(2),
     },
@@ -296,6 +303,7 @@ export const storesSeedData = [
             totalReviews: 19,
             averageRating: 4.9,
         },
+        capabilities: ["suggest_brands", "create_coupons", "featured_placement"],
         createdAt: daysAgo(200),
         updatedAt: daysAgo(3),
     },

package/dist/server.d.ts

@@ -477,3 +477,9 @@ export { applyMediaContextGuards, CONTEXT_LIMITS, } from "./_internal/server/fea
 export type { GuardResult, GuardError, GuardSuccess } from "./_internal/server/features/media/contextGuards";
 export { MEGABYTE, MAX_IMAGE_BYTES, MAX_PDF_BYTES, MAX_VIDEO_BYTES, MAX_LABEL, MAX_BYTES, ALLOWED_IMAGE_MIMES, ALLOWED_VIDEO_MIMES, ALLOWED_DOC_MIMES, ALLOWED_MIMES, ALLOWED_TYPES_LABEL, MIME_TO_EXT, PDF_MAGIC, VIDEO_CONVERSION_HINTS, classifyMime, isAllowedMime, maxBytesFor, getConversionHint, } from "./_internal/shared/media/limits";
 export type { MediaKind, AllowedImageMime, AllowedVideoMime, AllowedDocMime, AllowedMime, } from "./_internal/shared/media/limits";
+export { getServerPermissions, checkPermission, checkAnyPermission, makeAdminSectionLayout, } from "./_internal/server/features/auth/permissions";
+export type { ResolvedPermissions, AdminSectionLayoutOpts, } from "./_internal/server/features/auth/permissions";
+export { getStoreCapabilities, storeHasCapability, } from "./_internal/server/features/auth/capabilities";
+export { isSoftBanned, getBanSummary } from "./features/auth/server/checkSoftBan";
+export type { UserSoftBan } from "./features/auth/schemas/firestore";
+export type { BannedAction } from "./features/auth/permissions/constants";

package/dist/server.js

@@ -1350,3 +1350,9 @@ export { LISTING_TYPE_REGISTRY, pluginFor } from "./_internal/shared/listing-typ
 export { applyMediaContextGuards, CONTEXT_LIMITS, } from "./_internal/server/features/media/contextGuards";
 // Media upload limits — shared by /api/media/sign + /api/media/finalize + /api/media/upload.
 export { MEGABYTE, MAX_IMAGE_BYTES, MAX_PDF_BYTES, MAX_VIDEO_BYTES, MAX_LABEL, MAX_BYTES, ALLOWED_IMAGE_MIMES, ALLOWED_VIDEO_MIMES, ALLOWED_DOC_MIMES, ALLOWED_MIMES, ALLOWED_TYPES_LABEL, MIME_TO_EXT, PDF_MAGIC, VIDEO_CONVERSION_HINTS, classifyMime, isAllowedMime, maxBytesFor, getConversionHint, } from "./_internal/shared/media/limits";
+// ── RBAC server helpers ───────────────────────────────────────────────────────
+// getServerPermissions, checkPermission, makeAdminSectionLayout
+export { getServerPermissions, checkPermission, checkAnyPermission, makeAdminSectionLayout, } from "./_internal/server/features/auth/permissions";
+export { getStoreCapabilities, storeHasCapability, } from "./_internal/server/features/auth/capabilities";
+// ── Soft ban helpers ──────────────────────────────────────────────────────────
+export { isSoftBanned, getBanSummary } from "./features/auth/server/checkSoftBan";