@naisys/erp 3.0.0-beta.3

package/dist/erpServer.js

@@ -0,0 +1,321 @@
+import "dotenv/config";
+import "./schema-registry.js";
+import { expandNaisysFolder } from "@naisys/common-node";
+expandNaisysFolder();
+// Important to load dotenv before any other imports, to ensure environment variables are available
+import cookie from "@fastify/cookie";
+import cors from "@fastify/cors";
+import multipart from "@fastify/multipart";
+import { fastifyRateLimit as rateLimit } from "@fastify/rate-limit";
+import staticFiles from "@fastify/static";
+import swagger from "@fastify/swagger";
+import { commonErrorHandler, registerLenientJsonParser, registerSecurityHeaders, } from "@naisys/common";
+import { createHubDatabaseClient, deployPrismaMigrations, } from "@naisys/hub-database";
+import { createSupervisorDatabaseClient, handleResetPassword, } from "@naisys/supervisor-database";
+import Fastify from "fastify";
+import { jsonSchemaTransform, jsonSchemaTransformObject, serializerCompiler, validatorCompiler, } from "fastify-type-provider-zod";
+import path from "path";
+import pino from "pino";
+import { fileURLToPath } from "url";
+import { registerApiReference } from "./api-reference.js";
+import { registerAuthMiddleware } from "./auth-middleware.js";
+import { ERP_DB_VERSION, erpDbPath } from "./dbConfig.js";
+import { initErpDb } from "./erpDb.js";
+import adminRoutes from "./routes/admin.js";
+import auditRoutes from "./routes/audit.js";
+import authRoutes from "./routes/auth.js";
+import dispatchRoutes from "./routes/dispatch.js";
+import inventoryRoutes from "./routes/inventory.js";
+import itemFieldRoutes from "./routes/item-fields.js";
+import itemInstanceRoutes from "./routes/item-instances.js";
+import itemRoutes from "./routes/items.js";
+import laborTicketRoutes from "./routes/labor-tickets.js";
+import operationDependencyRoutes from "./routes/operation-dependencies.js";
+import operationFieldRefRoutes from "./routes/operation-field-refs.js";
+import operationRunCommentRoutes from "./routes/operation-run-comments.js";
+import operationRunTransitionRoutes from "./routes/operation-run-transitions.js";
+import operationRunRoutes from "./routes/operation-runs.js";
+import operationRoutes from "./routes/operations.js";
+import orderRevisionTransitionRoutes from "./routes/order-revision-transitions.js";
+import orderRevisionRoutes from "./routes/order-revisions.js";
+import orderRunTransitionRoutes from "./routes/order-run-transitions.js";
+import orderRunRoutes from "./routes/order-runs.js";
+import orderRoutes from "./routes/orders.js";
+import rootRoute from "./routes/root.js";
+import schemaRoutes from "./routes/schemas.js";
+import stepFieldAttachmentRoutes from "./routes/step-field-attachments.js";
+import stepFieldRoutes from "./routes/step-fields.js";
+import stepRunFieldRoutes from "./routes/step-run-fields.js";
+import stepRunTransitionRoutes from "./routes/step-run-transitions.js";
+import stepRunRoutes from "./routes/step-runs.js";
+import stepRoutes from "./routes/steps.js";
+import userPermissionRoutes from "./routes/user-permissions.js";
+import userRoutes from "./routes/users.js";
+import workCenterRoutes from "./routes/work-centers.js";
+import { isSupervisorAuth } from "./supervisorAuth.js";
+import { ensureLocalSuperAdmin, ensureSupervisorSuperAdmin, resetLocalPassword, } from "./userService.js";
+export { enableSupervisorAuth } from "./supervisorAuth.js";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+/**
+ * Fastify plugin that registers ERP routes and static files.
+ * Can be used standalone or registered inside another Fastify app (e.g. supervisor).
+ */
+export const erpPlugin = async (fastify) => {
+    const isProd = process.env.NODE_ENV === "production";
+    // Cookie plugin (guard for supervisor embedding)
+    if (!fastify.hasDecorator("parseCookie")) {
+        await fastify.register(cookie);
+    }
+    // Multipart file upload support
+    if (!fastify.hasContentTypeParser("multipart/form-data")) {
+        await fastify.register(multipart, { limits: { fileSize: 10_000_000 } });
+    }
+    // Rate limiting — moderate global default, strict overrides on sensitive routes
+    await fastify.register(rateLimit, {
+        max: 500,
+        timeWindow: "1 minute",
+        allowList: (request) => !request.url.startsWith("/api/"),
+    });
+    // Auto-migrate ERP database
+    const erpServerDir = path.join(__dirname, "..");
+    await deployPrismaMigrations({
+        packageDir: erpServerDir,
+        databasePath: erpDbPath(),
+        expectedVersion: ERP_DB_VERSION,
+    });
+    // Initialize SQLite pragmas now that the database exists
+    await initErpDb();
+    if (isSupervisorAuth()) {
+        if (!(await createHubDatabaseClient())) {
+            throw new Error("[ERP] Hub database not available. Required for supervisor auth.");
+        }
+        if (!(await createSupervisorDatabaseClient())) {
+            throw new Error("[ERP] Supervisor database not available. Required for supervisor auth.");
+        }
+        await ensureSupervisorSuperAdmin();
+    }
+    else {
+        await ensureLocalSuperAdmin();
+    }
+    fastify.setErrorHandler(commonErrorHandler);
+    registerAuthMiddleware(fastify);
+    // ERP-specific file logger (works in both standalone and hosted mode)
+    const naisysFolder = process.env.NAISYS_FOLDER;
+    if (naisysFolder) {
+        const erpLogDest = path.join(naisysFolder, "logs", "erp.log");
+        const erpFileLogger = pino({ level: "info" }, pino.destination({ dest: erpLogDest, mkdir: true }));
+        erpFileLogger.info("ERP plugin initialized");
+        fastify.addHook("onResponse", async (request, reply) => {
+            if (!request.url.startsWith("/api/erp"))
+                return;
+            const logFn = reply.statusCode >= 400 ? erpFileLogger.error : erpFileLogger.info;
+            logFn.call(erpFileLogger, {
+                responseTime: reply.elapsedTime,
+                statusCode: reply.statusCode,
+            }, `${request.method} ${request.url}`);
+        });
+        fastify.addHook("onError", async (request, _reply, error) => {
+            if (!request.url.startsWith("/api/erp"))
+                return;
+            erpFileLogger.error({
+                err: { message: error.message, stack: error.stack },
+            }, `${request.method} ${request.url} error`);
+        });
+    }
+    // API routes under /api/erp prefix
+    fastify.register(adminRoutes, { prefix: "/api/erp/admin" });
+    fastify.register(auditRoutes, { prefix: "/api/erp/audit" });
+    fastify.register(authRoutes, { prefix: "/api/erp/auth" });
+    fastify.register(dispatchRoutes, { prefix: "/api/erp/dispatch" });
+    fastify.register(inventoryRoutes, { prefix: "/api/erp/inventory" });
+    fastify.register(rootRoute, { prefix: "/api/erp" });
+    fastify.register(itemRoutes, { prefix: "/api/erp/items" });
+    fastify.register(itemFieldRoutes, {
+        prefix: "/api/erp/items/:key/fields",
+    });
+    fastify.register(itemInstanceRoutes, {
+        prefix: "/api/erp/items/:key/instances",
+    });
+    fastify.register(orderRoutes, {
+        prefix: "/api/erp/orders",
+    });
+    fastify.register(orderRevisionRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs",
+    });
+    fastify.register(orderRevisionTransitionRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs",
+    });
+    fastify.register(orderRunRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs",
+    });
+    fastify.register(orderRunTransitionRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs",
+    });
+    fastify.register(operationRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs/:revNo/ops",
+    });
+    fastify.register(operationDependencyRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs/:revNo/ops/:seqNo/deps",
+    });
+    fastify.register(operationFieldRefRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs/:revNo/ops/:seqNo/field-refs",
+    });
+    fastify.register(operationRunRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops",
+    });
+    fastify.register(operationRunTransitionRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops",
+    });
+    fastify.register(laborTicketRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/labor",
+    });
+    fastify.register(operationRunCommentRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/comments",
+    });
+    fastify.register(stepRunRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/steps",
+    });
+    fastify.register(stepRunTransitionRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/steps",
+    });
+    fastify.register(stepRunFieldRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/steps",
+    });
+    fastify.register(stepFieldAttachmentRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/steps/:stepSeqNo/fields/:fieldSeqNo/attachments",
+    });
+    fastify.register(stepFieldAttachmentRoutes, {
+        prefix: "/api/erp/orders/:orderKey/runs/:runNo/ops/:seqNo/steps/:stepSeqNo/sets/:setIndex/fields/:fieldSeqNo/attachments",
+    });
+    fastify.register(stepRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs/:revNo/ops/:seqNo/steps",
+    });
+    fastify.register(stepFieldRoutes, {
+        prefix: "/api/erp/orders/:orderKey/revs/:revNo/ops/:seqNo/steps/:stepSeqNo/fields",
+    });
+    fastify.register(schemaRoutes, { prefix: "/api/erp/schemas" });
+    fastify.register(userRoutes, { prefix: "/api/erp/users" });
+    fastify.register(userPermissionRoutes, { prefix: "/api/erp/users" });
+    fastify.register(workCenterRoutes, { prefix: "/api/erp/work-centers" });
+    // Public endpoint to expose client configuration (publicRead, etc.)
+    fastify.get("/api/erp/client-config", { schema: { hide: true } }, () => ({
+        publicRead: process.env.PUBLIC_READ === "true",
+        supervisorAuth: isSupervisorAuth(),
+    }));
+    registerApiReference(fastify);
+    // In production, serve the client build
+    if (isProd) {
+        const clientDistPath = path.join(__dirname, "../client-dist");
+        // Serve static assets and SPA fallback in an encapsulated context
+        // to avoid decorator conflicts with the supervisor's @fastify/static
+        fastify.register(async (scope) => {
+            await scope.register(staticFiles, {
+                root: clientDistPath,
+                prefix: "/erp/",
+                wildcard: false,
+            });
+            // SPA fallback for /erp/* routes (but not /erp/api-reference)
+            scope.get("/erp/*", (_request, reply) => {
+                const url = _request.url;
+                if (url.startsWith("/erp/api-reference"))
+                    return reply.callNotFound();
+                // If the URL has a file extension, it's a static asset that wasn't matched
+                // by the registered routes — likely because the client was rebuilt while
+                // the server was running. Return 404 instead of silently serving index.html.
+                if (/\.\w+$/.test(url)) {
+                    reply.code(404).send({
+                        error: `Static file not found: ${url} — server restart may be needed after a client rebuild`,
+                    });
+                    return;
+                }
+                reply.sendFile("index.html", clientDistPath);
+            });
+        });
+    }
+};
+async function startServer() {
+    const isProd = process.env.NODE_ENV === "production";
+    const fastify = Fastify({
+        pluginTimeout: 60_000,
+        logger: {
+            transport: {
+                target: "pino-pretty",
+                options: { colorize: true },
+            },
+        },
+    }).withTypeProvider();
+    fastify.setValidatorCompiler(validatorCompiler);
+    fastify.setSerializerCompiler(serializerCompiler);
+    registerLenientJsonParser(fastify);
+    await fastify.register(cors, {
+        origin: isProd ? false : ["http://localhost:3202"],
+        credentials: true,
+    });
+    registerSecurityHeaders(fastify, { enforceHsts: isProd });
+    // Swagger (schema collection); Scalar API reference is served by erpPlugin
+    await fastify.register(swagger, {
+        openapi: {
+            info: {
+                title: "NAISYS ERP API",
+                description: "AI-first ERP system - Order management and definitions",
+                version: "1.0.0",
+            },
+        },
+        transform: jsonSchemaTransform,
+        transformObject: jsonSchemaTransformObject,
+    });
+    fastify.get("/", { schema: { hide: true } }, async (_request, reply) => {
+        return reply.redirect("/erp/");
+    });
+    await fastify.register(erpPlugin);
+    const port = Number(process.env.ERP_PORT) || 3201;
+    const host = isProd ? "0.0.0.0" : "localhost";
+    try {
+        await fastify.listen({ port, host });
+        console.log(`[ERP] Running on http://${host}:${port}/erp`);
+        console.log(`[ERP] API Reference: http://${host}:${port}/erp/api-reference`);
+        console.log(`[ERP] Auth mode: ${isSupervisorAuth() ? "supervisor" : "standalone"}`);
+    }
+    catch (err) {
+        console.error("[ERP] Failed to start:", err);
+        process.exit(1);
+    }
+}
+// Start server if this file is run directly
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+    if (process.argv.includes("--reset-password")) {
+        const usernameIdx = process.argv.indexOf("--username");
+        const passwordIdx = process.argv.indexOf("--password");
+        const username = usernameIdx !== -1 ? process.argv[usernameIdx + 1] : undefined;
+        const password = passwordIdx !== -1 ? process.argv[passwordIdx + 1] : undefined;
+        await initErpDb();
+        if (isSupervisorAuth()) {
+            void handleResetPassword({
+                findLocalUser: async (username) => {
+                    const prisma = (await import("./erpDb.js")).default;
+                    const user = await prisma.user.findUnique({ where: { username } });
+                    return user
+                        ? { id: user.id, username: user.username, uuid: user.uuid }
+                        : null;
+                },
+                updateLocalPassword: async (userId, passwordHash) => {
+                    const prisma = (await import("./erpDb.js")).default;
+                    await prisma.user.update({
+                        where: { id: userId },
+                        data: { passwordHash },
+                    });
+                },
+                username,
+                password,
+            });
+        }
+        else {
+            void resetLocalPassword();
+        }
+    }
+    else {
+        void startServer();
+    }
+}
+//# sourceMappingURL=erpServer.js.map

package/dist/error-handler.d.ts

@@ -0,0 +1,7 @@
+import type { ErrorResponse } from "@naisys/erp-shared";
+import type { FastifyReply } from "fastify";
+export declare function notFound(reply: FastifyReply, message: string): ErrorResponse;
+export declare function conflict(reply: FastifyReply, message: string): ErrorResponse;
+export declare function unauthorized(reply: FastifyReply, message: string): ErrorResponse;
+export declare function unprocessable(reply: FastifyReply, message: string): ErrorResponse;
+//# sourceMappingURL=error-handler.d.ts.map

package/dist/error-handler.js

@@ -0,0 +1,17 @@
+function send(reply, statusCode, error, message) {
+    reply.status(statusCode);
+    return { statusCode, error, message };
+}
+export function notFound(reply, message) {
+    return send(reply, 404, "Not Found", message);
+}
+export function conflict(reply, message) {
+    return send(reply, 409, "Conflict", message);
+}
+export function unauthorized(reply, message) {
+    return send(reply, 401, "Unauthorized", message);
+}
+export function unprocessable(reply, message) {
+    return send(reply, 422, "Unprocessable Entity", message);
+}
+//# sourceMappingURL=error-handler.js.map

package/dist/generated/prisma/client.d.ts

@@ -0,0 +1,154 @@
+import * as runtime from "@prisma/client/runtime/client";
+import * as $Class from "./internal/class.js";
+import * as Prisma from "./internal/prismaNamespace.js";
+export * as $Enums from './enums.js';
+export * from "./enums.js";
+/**
+ * ## Prisma Client
+ *
+ * Type-safe database client for TypeScript
+ * @example
+ * ```
+ * const prisma = new PrismaClient({
+ *   adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL })
+ * })
+ * // Fetch zero or more Orders
+ * const orders = await prisma.order.findMany()
+ * ```
+ *
+ * Read more in our [docs](https://pris.ly/d/client).
+ */
+export declare const PrismaClient: $Class.PrismaClientConstructor;
+export type PrismaClient<LogOpts extends Prisma.LogLevel = never, OmitOpts extends Prisma.PrismaClientOptions["omit"] = Prisma.PrismaClientOptions["omit"], ExtArgs extends runtime.Types.Extensions.InternalArgs = runtime.Types.Extensions.DefaultArgs> = $Class.PrismaClient<LogOpts, OmitOpts, ExtArgs>;
+export { Prisma };
+/**
+ * Model Order
+ *
+ */
+export type Order = Prisma.OrderModel;
+/**
+ * Model OrderRevision
+ *
+ */
+export type OrderRevision = Prisma.OrderRevisionModel;
+/**
+ * Model Operation
+ *
+ */
+export type Operation = Prisma.OperationModel;
+/**
+ * Model OperationFieldRef
+ *
+ */
+export type OperationFieldRef = Prisma.OperationFieldRefModel;
+/**
+ * Model OperationDependency
+ *
+ */
+export type OperationDependency = Prisma.OperationDependencyModel;
+/**
+ * Model WorkCenter
+ *
+ */
+export type WorkCenter = Prisma.WorkCenterModel;
+/**
+ * Model WorkCenterUser
+ *
+ */
+export type WorkCenterUser = Prisma.WorkCenterUserModel;
+/**
+ * Model FieldSet
+ *
+ */
+export type FieldSet = Prisma.FieldSetModel;
+/**
+ * Model FieldRecord
+ *
+ */
+export type FieldRecord = Prisma.FieldRecordModel;
+/**
+ * Model Field
+ *
+ */
+export type Field = Prisma.FieldModel;
+/**
+ * Model Step
+ *
+ */
+export type Step = Prisma.StepModel;
+/**
+ * Model OrderRun
+ *
+ */
+export type OrderRun = Prisma.OrderRunModel;
+/**
+ * Model OperationRun
+ *
+ */
+export type OperationRun = Prisma.OperationRunModel;
+/**
+ * Model StepRun
+ *
+ */
+export type StepRun = Prisma.StepRunModel;
+/**
+ * Model FieldValue
+ *
+ */
+export type FieldValue = Prisma.FieldValueModel;
+/**
+ * Model Item
+ *
+ */
+export type Item = Prisma.ItemModel;
+/**
+ * Model ItemInstance
+ *
+ */
+export type ItemInstance = Prisma.ItemInstanceModel;
+/**
+ * Model User
+ *
+ */
+export type User = Prisma.UserModel;
+/**
+ * Model UserPermission
+ *
+ */
+export type UserPermission = Prisma.UserPermissionModel;
+/**
+ * Model Session
+ *
+ */
+export type Session = Prisma.SessionModel;
+/**
+ * Model SchemaVersion
+ *
+ */
+export type SchemaVersion = Prisma.SchemaVersionModel;
+/**
+ * Model LaborTicket
+ *
+ */
+export type LaborTicket = Prisma.LaborTicketModel;
+/**
+ * Model AuditLog
+ *
+ */
+export type AuditLog = Prisma.AuditLogModel;
+/**
+ * Model Attachment
+ *
+ */
+export type Attachment = Prisma.AttachmentModel;
+/**
+ * Model FieldAttachment
+ *
+ */
+export type FieldAttachment = Prisma.FieldAttachmentModel;
+/**
+ * Model OperationRunComment
+ *
+ */
+export type OperationRunComment = Prisma.OperationRunCommentModel;
+//# sourceMappingURL=client.d.ts.map

package/dist/generated/prisma/client.js

@@ -0,0 +1,35 @@
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file should be your main import to use Prisma. Through it you get access to all the models, enums, and input types.
+ * If you're looking for something you can import in the client-side of your application, please refer to the `browser.ts` file instead.
+ *
+ * 🟢 You can import this file directly.
+ */
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+globalThis['__dirname'] = path.dirname(fileURLToPath(import.meta.url));
+import * as $Class from "./internal/class.js";
+import * as Prisma from "./internal/prismaNamespace.js";
+export * as $Enums from './enums.js';
+export * from "./enums.js";
+/**
+ * ## Prisma Client
+ *
+ * Type-safe database client for TypeScript
+ * @example
+ * ```
+ * const prisma = new PrismaClient({
+ *   adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL })
+ * })
+ * // Fetch zero or more Orders
+ * const orders = await prisma.order.findMany()
+ * ```
+ *
+ * Read more in our [docs](https://pris.ly/d/client).
+ */
+export const PrismaClient = $Class.getPrismaClientClass();
+export { Prisma };
+//# sourceMappingURL=client.js.map