npm - @offerkit/sdk - Versions diffs - 0.1.0 - Mend

@offerkit/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,1585 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+import { createORPCClient } from "@orpc/client";
+import { OpenAPILink } from "@orpc/openapi-client/fetch";
+import { oc } from "@orpc/contract";
+import { z } from "zod";
+//#region ../contract/src/schemas/api-key.ts
+const apiKeyOutput = z.object({
+	id: z.string(),
+	name: z.string(),
+	prefix: z.string(),
+	scopes: z.array(z.string()),
+	rateLimitRps: z.number().int(),
+	lastUsedAt: z.string().datetime().nullable(),
+	disabledAt: z.string().datetime().nullable(),
+	createdAt: z.string().datetime()
+});
+const apiKeyCreateInput = z.object({
+	name: z.string().min(1).max(100),
+	scopes: z.array(z.string()).optional(),
+	rateLimitRps: z.number().int().min(1).max(1e4).optional()
+});
+const apiKeyCreateOutput = apiKeyOutput.extend({
+/** The plaintext token. Shown once at creation; never returned again. */
+token: z.string() });
+//#endregion
+//#region ../contract/src/routes/api-keys.ts
+const apiKeys = {
+	list: oc.route({
+		method: "GET",
+		path: "/api-keys",
+		summary: "List API keys"
+	}).output(z.object({ data: z.array(apiKeyOutput) })),
+	create: oc.route({
+		method: "POST",
+		path: "/api-keys",
+		summary: "Mint a new API key"
+	}).input(apiKeyCreateInput).output(apiKeyCreateOutput),
+	revoke: oc.route({
+		method: "DELETE",
+		path: "/api-keys/{id}",
+		summary: "Disable an API key (cannot be re-enabled)"
+	}).input(z.object({ id: z.string() })).output(z.object({ ok: z.literal(true) }))
+};
+//#endregion
+//#region ../contract/src/mcp.ts
+/**
+* Returns a `meta` object that attaches MCP exposure to a procedure.
+* Wrapping in a helper keeps the call sites typed and uniform.
+*/
+function mcpMeta(meta) {
+	return { mcp: meta };
+}
+//#endregion
+//#region ../contract/src/schemas/campaign.ts
+const campaignType = z.enum([
+	"DISCOUNT",
+	"GIFT_VOUCHERS",
+	"LOYALTY_PROGRAM",
+	"REFERRAL_PROGRAM",
+	"PROMOTION"
+]);
+const campaignStatus = z.enum([
+	"draft",
+	"active",
+	"paused",
+	"ended"
+]);
+const codeConfig = z.object({
+	length: z.number().int().min(4).max(32).optional(),
+	prefix: z.string().max(20).optional(),
+	suffix: z.string().max(20).optional(),
+	charset: z.enum([
+		"alphanumeric",
+		"uppercase",
+		"lowercase",
+		"numeric"
+	]).optional(),
+	excludeConfusable: z.boolean().optional()
+});
+const campaignOutput = z.object({
+	id: z.string().uuid(),
+	name: z.string(),
+	description: z.string().nullable(),
+	type: campaignType,
+	status: campaignStatus,
+	currency: z.string().length(3),
+	timezone: z.string(),
+	startDate: z.string().datetime().nullable(),
+	endDate: z.string().datetime().nullable(),
+	codeConfig,
+	validationRuleId: z.string().uuid().nullable(),
+	autoApply: z.boolean(),
+	voucherCount: z.number().int(),
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const campaignCreateInput = z.object({
+	name: z.string().min(1).max(100),
+	description: z.string().max(500).optional(),
+	type: campaignType,
+	currency: z.string().length(3),
+	timezone: z.string().optional(),
+	startDate: z.string().datetime().optional(),
+	endDate: z.string().datetime().optional(),
+	codeConfig: codeConfig.optional(),
+	validationRuleId: z.string().uuid().nullable().optional(),
+	autoApply: z.boolean().optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const campaignUpdateInput = campaignCreateInput.omit({ type: true }).partial().extend({ status: campaignStatus.optional() });
+//#endregion
+//#region ../contract/src/schemas/pagination.ts
+const limit = z.union([z.number(), z.string().regex(/^\d+$/)]).transform((v) => typeof v === "string" ? Number.parseInt(v, 10) : v).pipe(z.number().int().min(1).max(100)).default(20);
+const paginationInput = z.object({
+	cursor: z.string().optional(),
+	limit
+});
+function paginatedOutput(item) {
+	return z.object({
+		data: z.array(item),
+		next: z.string().optional(),
+		prev: z.string().optional()
+	});
+}
+//#endregion
+//#region ../contract/src/routes/campaigns.ts
+const campaigns = {
+	list: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/campaigns",
+		summary: "List campaigns"
+	}).input(paginationInput.extend({ search: z.string().optional() })).output(paginatedOutput(campaignOutput)),
+	get: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/campaigns/{id}",
+		summary: "Get campaign"
+	}).input(z.object({ id: z.string().uuid() })).output(campaignOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/campaigns",
+		summary: "Create campaign"
+	}).input(campaignCreateInput).output(campaignOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/campaigns/{id}",
+		summary: "Update campaign"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: campaignUpdateInput
+	})).output(campaignOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/campaigns/{id}",
+		summary: "Soft-delete campaign"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+};
+//#endregion
+//#region ../contract/src/schemas/customer.ts
+const customerAddress = z.object({
+	line1: z.string().optional(),
+	line2: z.string().optional(),
+	city: z.string().optional(),
+	state: z.string().optional(),
+	postalCode: z.string().optional(),
+	country: z.string().length(2).optional()
+});
+const customerSummary = z.object({
+	totalSpent: z.number().int().nonnegative().optional(),
+	redemptionCount: z.number().int().nonnegative().optional(),
+	lastRedeemedAt: z.string().datetime().optional()
+});
+const customerOutput = z.object({
+	id: z.string().uuid(),
+	email: z.string().email().nullable(),
+	name: z.string().nullable(),
+	phone: z.string().nullable(),
+	address: customerAddress.nullable(),
+	metadata: z.record(z.string(), z.unknown()),
+	summary: customerSummary,
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const customerCreateInput = z.object({
+	email: z.string().email().optional(),
+	name: z.string().optional(),
+	phone: z.string().optional(),
+	address: customerAddress.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const customerUpdateInput = customerCreateInput.partial();
+//#endregion
+//#region ../contract/src/routes/customers.ts
+const customers = {
+	list: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/customers",
+		summary: "List customers"
+	}).input(paginationInput.extend({ search: z.string().optional() })).output(paginatedOutput(customerOutput)),
+	get: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/customers/{id}",
+		summary: "Get customer"
+	}).input(z.object({ id: z.string().uuid() })).output(customerOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/customers",
+		summary: "Create customer"
+	}).input(customerCreateInput).output(customerOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/customers/{id}",
+		summary: "Update customer"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: customerUpdateInput
+	})).output(customerOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/customers/{id}",
+		summary: "Soft-delete customer"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+};
+//#endregion
+//#region ../contract/src/schemas/loyalty.ts
+const loyaltyProgramOutput = z.object({
+	id: z.string().uuid(),
+	campaignId: z.string().uuid(),
+	pointsExpiryDays: z.number().int().nullable(),
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const loyaltyProgramCreateInput = z.object({
+	campaignId: z.string().uuid(),
+	pointsExpiryDays: z.number().int().min(1).optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const loyaltyProgramUpdateInput = z.object({
+	pointsExpiryDays: z.number().int().min(1).nullable().optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+}).partial();
+const loyaltyTierOutput = z.object({
+	id: z.string().uuid(),
+	programId: z.string().uuid(),
+	name: z.string(),
+	threshold: z.number().int(),
+	earnMultiplier: z.number().int(),
+	sortOrder: z.number().int()
+});
+const loyaltyTierCreateInput = z.object({
+	programId: z.string().uuid(),
+	name: z.string().min(1).max(100),
+	threshold: z.number().int().min(0),
+	earnMultiplier: z.number().int().min(0).default(1e4),
+	sortOrder: z.number().int().default(0)
+});
+const loyaltyTierUpdateInput = loyaltyTierCreateInput.omit({ programId: true }).partial();
+const loyaltyEarningRuleFormula = z.object({
+	kind: z.enum([
+		"fixed",
+		"per_cents",
+		"custom"
+	]),
+	value: z.number().int().min(0).optional(),
+	divisor: z.number().int().min(1).optional()
+});
+const loyaltyEarningRuleOutput = z.object({
+	id: z.string().uuid(),
+	programId: z.string().uuid(),
+	name: z.string(),
+	event: z.string(),
+	validationRuleId: z.string().uuid().nullable(),
+	formula: loyaltyEarningRuleFormula,
+	active: z.enum(["yes", "no"])
+});
+const loyaltyEarningRuleCreateInput = z.object({
+	programId: z.string().uuid(),
+	name: z.string().min(1).max(100),
+	event: z.string().min(1).max(100),
+	validationRuleId: z.string().uuid().optional(),
+	formula: loyaltyEarningRuleFormula,
+	active: z.enum(["yes", "no"]).optional()
+});
+const loyaltyEarningRuleUpdateInput = loyaltyEarningRuleCreateInput.omit({ programId: true }).partial();
+const loyaltyRewardPayload = z.object({
+	kind: z.enum([
+		"discount",
+		"gift_card",
+		"custom"
+	]),
+	discount: z.object({
+		type: z.enum(["AMOUNT", "PERCENTAGE"]),
+		amount: z.number().int().min(0).optional(),
+		percent: z.number().int().min(0).max(1e4).optional(),
+		maxDiscountAmount: z.number().int().min(0).optional()
+	}).optional(),
+	creditCents: z.number().int().min(0).optional(),
+	typeKey: z.string().optional(),
+	payload: z.record(z.string(), z.unknown()).optional()
+});
+const loyaltyRewardOutput = z.object({
+	id: z.string().uuid(),
+	programId: z.string().uuid(),
+	name: z.string(),
+	description: z.string().nullable(),
+	cost: z.number().int(),
+	payload: loyaltyRewardPayload
+});
+const loyaltyRewardCreateInput = z.object({
+	programId: z.string().uuid(),
+	name: z.string().min(1).max(100),
+	description: z.string().max(500).optional(),
+	cost: z.number().int().min(1),
+	payload: loyaltyRewardPayload
+});
+const loyaltyRewardUpdateInput = loyaltyRewardCreateInput.omit({ programId: true }).partial();
+const loyaltyMemberOutput = z.object({
+	id: z.string().uuid(),
+	customerId: z.string().uuid(),
+	programId: z.string().uuid(),
+	balance: z.number().int(),
+	lifetimePoints: z.number().int(),
+	currentTierId: z.string().uuid().nullable(),
+	enrolledAt: z.string().datetime()
+});
+const loyaltyMemberEnrollInput = z.object({
+	programId: z.string().uuid(),
+	customerId: z.string().uuid()
+});
+const loyaltyEarnInput = z.object({
+	memberId: z.string().uuid(),
+	basePoints: z.number().int().min(1),
+	earningRuleId: z.string().uuid().optional(),
+	eventId: z.string().optional(),
+	note: z.string().max(500).optional(),
+	expiresAt: z.string().datetime().optional(),
+	applyMultiplier: z.boolean().optional()
+});
+const loyaltyAdjustInput = z.object({
+	memberId: z.string().uuid(),
+	delta: z.number().int(),
+	note: z.string().max(500).optional()
+});
+const loyaltyRedeemInput = z.object({
+	memberId: z.string().uuid(),
+	rewardId: z.string().uuid(),
+	note: z.string().max(500).optional()
+});
+const loyaltyTransactionOutput = z.object({
+	id: z.string().uuid(),
+	memberId: z.string().uuid(),
+	delta: z.number().int(),
+	balanceAfter: z.number().int(),
+	reason: z.enum([
+		"EARN",
+		"REDEEM",
+		"ADJUSTMENT",
+		"EXPIRY",
+		"ROLLBACK"
+	]),
+	rewardId: z.string().uuid().nullable(),
+	earningRuleId: z.string().uuid().nullable(),
+	eventId: z.string().nullable(),
+	note: z.string().nullable(),
+	expiresAt: z.string().datetime().nullable(),
+	expiredAt: z.string().datetime().nullable(),
+	createdAt: z.string().datetime()
+});
+const loyalty = {
+	programs: {
+		list: oc.route({
+			method: "GET",
+			path: "/loyalty/programs",
+			summary: "List loyalty programs"
+		}).input(paginationInput).output(paginatedOutput(loyaltyProgramOutput)),
+		get: oc.route({
+			method: "GET",
+			path: "/loyalty/programs/{id}",
+			summary: "Get loyalty program"
+		}).input(z.object({ id: z.string().uuid() })).output(loyaltyProgramOutput),
+		create: oc.route({
+			method: "POST",
+			path: "/loyalty/programs",
+			summary: "Create loyalty program"
+		}).input(loyaltyProgramCreateInput).output(loyaltyProgramOutput),
+		update: oc.route({
+			method: "PATCH",
+			path: "/loyalty/programs/{id}",
+			summary: "Update loyalty program"
+		}).input(z.object({
+			id: z.string().uuid(),
+			patch: loyaltyProgramUpdateInput
+		})).output(loyaltyProgramOutput),
+		delete: oc.route({
+			method: "DELETE",
+			path: "/loyalty/programs/{id}",
+			summary: "Soft-delete program"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+	},
+	tiers: {
+		list: oc.route({
+			method: "GET",
+			path: "/loyalty/programs/{programId}/tiers",
+			summary: "List tiers"
+		}).input(z.object({ programId: z.string().uuid() })).output(z.object({ data: z.array(loyaltyTierOutput) })),
+		create: oc.route({
+			method: "POST",
+			path: "/loyalty/tiers",
+			summary: "Create tier"
+		}).input(loyaltyTierCreateInput).output(loyaltyTierOutput),
+		update: oc.route({
+			method: "PATCH",
+			path: "/loyalty/tiers/{id}",
+			summary: "Update tier"
+		}).input(z.object({
+			id: z.string().uuid(),
+			patch: loyaltyTierUpdateInput
+		})).output(loyaltyTierOutput),
+		delete: oc.route({
+			method: "DELETE",
+			path: "/loyalty/tiers/{id}",
+			summary: "Delete tier"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+	},
+	earningRules: {
+		list: oc.route({
+			method: "GET",
+			path: "/loyalty/programs/{programId}/earning-rules",
+			summary: "List earning rules"
+		}).input(z.object({ programId: z.string().uuid() })).output(z.object({ data: z.array(loyaltyEarningRuleOutput) })),
+		create: oc.route({
+			method: "POST",
+			path: "/loyalty/earning-rules",
+			summary: "Create earning rule"
+		}).input(loyaltyEarningRuleCreateInput).output(loyaltyEarningRuleOutput),
+		update: oc.route({
+			method: "PATCH",
+			path: "/loyalty/earning-rules/{id}",
+			summary: "Update earning rule"
+		}).input(z.object({
+			id: z.string().uuid(),
+			patch: loyaltyEarningRuleUpdateInput
+		})).output(loyaltyEarningRuleOutput),
+		delete: oc.route({
+			method: "DELETE",
+			path: "/loyalty/earning-rules/{id}",
+			summary: "Delete earning rule"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+	},
+	rewards: {
+		list: oc.route({
+			method: "GET",
+			path: "/loyalty/programs/{programId}/rewards",
+			summary: "List rewards"
+		}).input(z.object({ programId: z.string().uuid() })).output(z.object({ data: z.array(loyaltyRewardOutput) })),
+		create: oc.route({
+			method: "POST",
+			path: "/loyalty/rewards",
+			summary: "Create reward"
+		}).input(loyaltyRewardCreateInput).output(loyaltyRewardOutput),
+		update: oc.route({
+			method: "PATCH",
+			path: "/loyalty/rewards/{id}",
+			summary: "Update reward"
+		}).input(z.object({
+			id: z.string().uuid(),
+			patch: loyaltyRewardUpdateInput
+		})).output(loyaltyRewardOutput),
+		delete: oc.route({
+			method: "DELETE",
+			path: "/loyalty/rewards/{id}",
+			summary: "Soft-delete reward"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+	},
+	members: {
+		list: oc.route({
+			method: "GET",
+			path: "/loyalty/programs/{programId}/members",
+			summary: "List members of a program"
+		}).input(paginationInput.extend({ programId: z.string().uuid() })).output(paginatedOutput(loyaltyMemberOutput)),
+		get: oc.route({
+			method: "GET",
+			path: "/loyalty/members/{id}",
+			summary: "Get member"
+		}).input(z.object({ id: z.string().uuid() })).output(loyaltyMemberOutput),
+		enroll: oc.route({
+			method: "POST",
+			path: "/loyalty/members",
+			summary: "Enroll a customer"
+		}).input(loyaltyMemberEnrollInput).output(loyaltyMemberOutput),
+		earn: oc.route({
+			method: "POST",
+			path: "/loyalty/members/earn",
+			summary: "Earn points"
+		}).input(loyaltyEarnInput).output(z.object({
+			ok: z.boolean(),
+			transactionId: z.string().uuid().optional(),
+			delta: z.number().int().optional(),
+			balance: z.number().int().optional(),
+			lifetimePoints: z.number().int().optional(),
+			tierId: z.string().uuid().nullable().optional(),
+			code: z.string().optional(),
+			message: z.string().optional()
+		})),
+		adjust: oc.route({
+			method: "POST",
+			path: "/loyalty/members/adjust",
+			summary: "Manual adjustment"
+		}).input(loyaltyAdjustInput).output(z.object({
+			ok: z.boolean(),
+			transactionId: z.string().uuid().optional(),
+			balance: z.number().int().optional(),
+			code: z.string().optional(),
+			message: z.string().optional()
+		})),
+		redeem: oc.route({
+			method: "POST",
+			path: "/loyalty/members/redeem",
+			summary: "Redeem a reward"
+		}).input(loyaltyRedeemInput).output(z.object({
+			ok: z.boolean(),
+			transactionId: z.string().uuid().optional(),
+			rewardId: z.string().uuid().optional(),
+			cost: z.number().int().optional(),
+			balance: z.number().int().optional(),
+			payload: loyaltyRewardPayload.optional(),
+			code: z.string().optional(),
+			message: z.string().optional()
+		})),
+		history: oc.meta(mcpMeta({
+			expose: true,
+			riskLevel: "safe",
+			description: "List a loyalty member's transaction history (earn / redeem / adjust / expiry)."
+		})).route({
+			method: "GET",
+			path: "/loyalty/members/{id}/transactions",
+			summary: "Member transaction ledger"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ data: z.array(loyaltyTransactionOutput) }))
+	}
+};
+//#endregion
+//#region ../contract/src/schemas/referral.ts
+const referralReward = z.object({
+	kind: z.enum([
+		"discount",
+		"gift_card",
+		"loyalty_points",
+		"custom"
+	]),
+	discount: z.object({
+		type: z.enum(["AMOUNT", "PERCENTAGE"]),
+		amount: z.number().int().min(0).optional(),
+		percent: z.number().int().min(0).max(1e4).optional(),
+		maxDiscountAmount: z.number().int().min(0).optional()
+	}).optional(),
+	creditCents: z.number().int().min(0).optional(),
+	loyaltyProgramId: z.string().uuid().optional(),
+	loyaltyPoints: z.number().int().min(0).optional(),
+	typeKey: z.string().optional(),
+	payload: z.record(z.string(), z.unknown()).optional()
+});
+const referralProgramOutput = z.object({
+	id: z.string().uuid(),
+	campaignId: z.string().uuid(),
+	referrerReward: referralReward,
+	refereeReward: referralReward,
+	codeLength: z.number().int(),
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const referralProgramCreateInput = z.object({
+	campaignId: z.string().uuid(),
+	referrerReward: referralReward,
+	refereeReward: referralReward,
+	codeLength: z.number().int().min(4).max(32).optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const referralProgramUpdateInput = referralProgramCreateInput.omit({ campaignId: true }).partial();
+const referralOutcome = z.object({
+	kind: z.enum([
+		"discount",
+		"gift_card",
+		"loyalty_points",
+		"custom"
+	]),
+	voucherCode: z.string().optional(),
+	loyaltyTransactionId: z.string().uuid().optional(),
+	payload: z.record(z.string(), z.unknown()).optional()
+});
+const referralCodeOutput = z.object({
+	id: z.string().uuid(),
+	programId: z.string().uuid(),
+	referrerCustomerId: z.string().uuid(),
+	code: z.string(),
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const referralConversionStatus = z.enum(["converted", "rejected"]);
+const referralConversionOutput = z.object({
+	id: z.string().uuid(),
+	codeId: z.string().uuid(),
+	refereeCustomerId: z.string().uuid(),
+	status: referralConversionStatus,
+	convertedAt: z.string().datetime(),
+	conversionEventId: z.string().nullable(),
+	referrerOutcome: referralOutcome,
+	refereeOutcome: referralOutcome,
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const referralIssueInput = z.object({
+	programId: z.string().uuid(),
+	referrerCustomerId: z.string().uuid(),
+	prefix: z.string().min(1).max(12).optional()
+});
+const referralConvertInput = z.object({
+	code: z.string().min(1),
+	refereeCustomerId: z.string().uuid(),
+	conversionEventId: z.string().optional()
+});
+const referralIssueOutput = z.object({
+	ok: z.boolean(),
+	codeId: z.string().uuid().optional(),
+	code: z.string().optional(),
+	errorCode: z.string().optional(),
+	message: z.string().optional()
+});
+const referralConvertOutput = z.object({
+	ok: z.boolean(),
+	conversionId: z.string().uuid().optional(),
+	codeId: z.string().uuid().optional(),
+	code: z.string().optional(),
+	referrerCustomerId: z.string().uuid().optional(),
+	refereeCustomerId: z.string().uuid().optional(),
+	referrerReward: referralOutcome.optional(),
+	refereeReward: referralOutcome.optional(),
+	idempotent: z.boolean().optional(),
+	errorCode: z.string().optional(),
+	message: z.string().optional()
+});
+const referrals = {
+	programs: {
+		list: oc.route({
+			method: "GET",
+			path: "/referral-programs",
+			summary: "List referral programs"
+		}).input(paginationInput).output(paginatedOutput(referralProgramOutput)),
+		get: oc.route({
+			method: "GET",
+			path: "/referral-programs/{id}",
+			summary: "Get referral program"
+		}).input(z.object({ id: z.string().uuid() })).output(referralProgramOutput),
+		create: oc.route({
+			method: "POST",
+			path: "/referral-programs",
+			summary: "Create referral program"
+		}).input(referralProgramCreateInput).output(referralProgramOutput),
+		update: oc.route({
+			method: "PATCH",
+			path: "/referral-programs/{id}",
+			summary: "Update referral program"
+		}).input(z.object({
+			id: z.string().uuid(),
+			patch: referralProgramUpdateInput
+		})).output(referralProgramOutput),
+		delete: oc.route({
+			method: "DELETE",
+			path: "/referral-programs/{id}",
+			summary: "Soft-delete referral program"
+		}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+	},
+	listCodes: oc.route({
+		method: "GET",
+		path: "/referral-programs/{programId}/codes",
+		summary: "List referral codes in a program"
+	}).input(paginationInput.extend({ programId: z.string().uuid() })).output(paginatedOutput(referralCodeOutput)),
+	listConversions: oc.route({
+		method: "GET",
+		path: "/referral-codes/{codeId}/conversions",
+		summary: "List conversions for a referral code"
+	}).input(paginationInput.extend({ codeId: z.string().uuid() })).output(paginatedOutput(referralConversionOutput)),
+	getByCode: oc.route({
+		method: "GET",
+		path: "/referrals/{code}",
+		summary: "Look up a referral code"
+	}).input(z.object({ code: z.string() })).output(referralCodeOutput),
+	issue: oc.route({
+		method: "POST",
+		path: "/referrals/issue",
+		summary: "Issue (or fetch) a referral code for a customer"
+	}).input(referralIssueInput).output(referralIssueOutput),
+	convert: oc.route({
+		method: "POST",
+		path: "/referrals/convert",
+		summary: "Convert a referral and issue both rewards"
+	}).input(referralConvertInput).output(referralConvertOutput)
+};
+//#endregion
+//#region ../contract/src/schemas/reward-type.ts
+const rewardTypeOutput = z.object({
+	id: z.string().uuid(),
+	key: z.string(),
+	name: z.string(),
+	description: z.string().nullable(),
+	payloadSchema: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const rewardTypeCreateInput = z.object({
+	key: z.string().min(2).max(50).regex(/^[A-Z][A-Z0-9_]*$/, "Use SCREAMING_SNAKE_CASE: e.g. FREE_SHIPPING"),
+	name: z.string().min(1).max(100),
+	description: z.string().max(500).optional(),
+	payloadSchema: z.record(z.string(), z.unknown())
+});
+const rewardTypeUpdateInput = rewardTypeCreateInput.omit({ key: true }).partial();
+//#endregion
+//#region ../contract/src/routes/reward-types.ts
+const rewardTypes = {
+	list: oc.route({
+		method: "GET",
+		path: "/reward-types",
+		summary: "List reward types"
+	}).input(paginationInput.extend({ search: z.string().optional() })).output(paginatedOutput(rewardTypeOutput)),
+	get: oc.route({
+		method: "GET",
+		path: "/reward-types/{id}",
+		summary: "Get reward type"
+	}).input(z.object({ id: z.string().uuid() })).output(rewardTypeOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/reward-types",
+		summary: "Create reward type"
+	}).input(rewardTypeCreateInput).output(rewardTypeOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/reward-types/{id}",
+		summary: "Update reward type"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: rewardTypeUpdateInput
+	})).output(rewardTypeOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/reward-types/{id}",
+		summary: "Soft-delete reward type"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+};
+//#endregion
+//#region ../contract/src/schemas/segment.ts
+const segmentRule = z.record(z.string(), z.unknown());
+const segmentOutput = z.object({
+	id: z.string().uuid(),
+	name: z.string(),
+	description: z.string().nullable(),
+	rule: segmentRule,
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const segmentCreateInput = z.object({
+	name: z.string().min(1).max(100),
+	description: z.string().max(500).optional(),
+	rule: segmentRule
+});
+const segmentUpdateInput = segmentCreateInput.partial();
+//#endregion
+//#region ../contract/src/routes/segments.ts
+const segments = {
+	list: oc.route({
+		method: "GET",
+		path: "/segments",
+		summary: "List segments"
+	}).input(paginationInput.extend({ search: z.string().optional() })).output(paginatedOutput(segmentOutput)),
+	get: oc.route({
+		method: "GET",
+		path: "/segments/{id}",
+		summary: "Get segment"
+	}).input(z.object({ id: z.string().uuid() })).output(segmentOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/segments",
+		summary: "Create segment"
+	}).input(segmentCreateInput).output(segmentOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/segments/{id}",
+		summary: "Update segment"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: segmentUpdateInput
+	})).output(segmentOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/segments/{id}",
+		summary: "Soft-delete segment"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) })),
+	preview: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe",
+		description: "Run a JSON Logic rule against existing customers and report match count plus a sample."
+	})).route({
+		method: "POST",
+		path: "/segments/preview",
+		summary: "Preview rule against customers"
+	}).input(z.object({
+		rule: segmentRule,
+		sampleSize: z.number().int().min(1).max(50).default(10)
+	})).output(z.object({
+		matchedCount: z.number().int().nonnegative(),
+		sample: z.array(customerOutput)
+	}))
+};
+//#endregion
+//#region ../contract/src/schemas/validation-rule.ts
+const validationRuleAppliesTo = z.enum([
+	"voucher",
+	"promotion",
+	"earn",
+	"reward"
+]);
+const validationRuleOutput = z.object({
+	id: z.string().uuid(),
+	name: z.string(),
+	description: z.string().nullable(),
+	rule: z.record(z.string(), z.unknown()),
+	appliesTo: validationRuleAppliesTo,
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const validationRuleCreateInput = z.object({
+	name: z.string().min(1).max(100),
+	description: z.string().max(500).optional(),
+	rule: z.record(z.string(), z.unknown()),
+	appliesTo: validationRuleAppliesTo.optional()
+});
+const validationRuleUpdateInput = validationRuleCreateInput.partial();
+//#endregion
+//#region ../contract/src/routes/validation-rules.ts
+const validationRules = {
+	list: oc.route({
+		method: "GET",
+		path: "/validation-rules",
+		summary: "List validation rules"
+	}).input(paginationInput.extend({ search: z.string().optional() })).output(paginatedOutput(validationRuleOutput)),
+	get: oc.route({
+		method: "GET",
+		path: "/validation-rules/{id}",
+		summary: "Get validation rule"
+	}).input(z.object({ id: z.string().uuid() })).output(validationRuleOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/validation-rules",
+		summary: "Create validation rule"
+	}).input(validationRuleCreateInput).output(validationRuleOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/validation-rules/{id}",
+		summary: "Update validation rule"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: validationRuleUpdateInput
+	})).output(validationRuleOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/validation-rules/{id}",
+		summary: "Soft-delete validation rule"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+};
+//#endregion
+//#region ../contract/src/schemas/voucher.ts
+const voucherType = z.enum(["DISCOUNT", "GIFT_CARD"]);
+const voucherDiscount = z.object({
+	type: z.enum(["AMOUNT", "PERCENTAGE"]),
+	amount: z.number().int().min(0).optional(),
+	percent: z.number().int().min(0).max(1e4).optional(),
+	maxDiscountAmount: z.number().int().min(0).optional(),
+	appliesTo: z.object({
+		productIds: z.array(z.string()).optional(),
+		collectionIds: z.array(z.string()).optional()
+	}).optional()
+});
+const customReward = z.object({
+	typeKey: z.string().min(1),
+	payload: z.record(z.string(), z.unknown())
+});
+const voucherOutput = z.object({
+	id: z.string().uuid(),
+	code: z.string(),
+	campaignId: z.string().uuid().nullable(),
+	type: voucherType,
+	discount: voucherDiscount.nullable(),
+	customRewards: z.array(customReward),
+	giftBalance: z.number().int().nullable(),
+	redemptionLimit: z.number().int().nullable(),
+	redemptionCount: z.number().int(),
+	priority: z.number().int(),
+	exclusive: z.boolean(),
+	active: z.boolean(),
+	startDate: z.string().datetime().nullable(),
+	endDate: z.string().datetime().nullable(),
+	customerId: z.string().uuid().nullable(),
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const voucherCreateInput = z.object({
+	code: z.string().min(1).optional(),
+	campaignId: z.string().uuid().optional(),
+	type: voucherType,
+	discount: voucherDiscount.optional(),
+	customRewards: z.array(customReward).optional(),
+	giftBalance: z.number().int().min(0).optional(),
+	redemptionLimit: z.number().int().min(1).optional(),
+	priority: z.number().int().optional(),
+	exclusive: z.boolean().optional(),
+	startDate: z.string().datetime().optional(),
+	endDate: z.string().datetime().optional(),
+	customerId: z.string().uuid().optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const voucherUpdateInput = voucherCreateInput.omit({
+	type: true,
+	code: true
+}).partial().extend({ active: z.boolean().optional() });
+const voucherBulkCreateInput = z.object({
+	campaignId: z.string().uuid(),
+	count: z.number().int().min(1).max(1e5)
+});
+//#endregion
+//#region ../contract/src/schemas/redemption.ts
+const orderItem$1 = z.object({
+	productId: z.string(),
+	collectionId: z.string().optional(),
+	quantity: z.number().int().min(1),
+	unitPrice: z.number().int().min(0)
+});
+const orderInput = z.object({
+	amount: z.number().int().min(0),
+	currency: z.string().length(3),
+	items: z.array(orderItem$1).optional()
+});
+const validateInput = z.object({
+	code: z.string().min(1),
+	customerId: z.string().uuid().optional(),
+	order: orderInput.optional()
+});
+const redeemInput = validateInput.extend({
+	/** uuid of an `order` row created via the orders API. */
+	orderId: z.string().uuid().optional(),
+	/** Free-form integrator order reference (Shopify id, etc). */
+	externalOrderId: z.string().min(1).max(120).optional(),
+	idempotencyKey: z.string().min(1).max(128).optional()
+});
+const breakdownEntry = z.object({
+	voucherId: z.string().uuid(),
+	code: z.string(),
+	amount: z.number().int(),
+	type: z.enum(["AMOUNT", "PERCENTAGE"]).optional(),
+	reason: z.enum(["exclusivity_lost", "zero_after_running_total"]).optional()
+});
+const validateOutput = z.object({
+	valid: z.boolean(),
+	code: z.string().optional(),
+	message: z.string().optional(),
+	preview: z.object({
+		amount: z.number().int(),
+		finalOrder: z.object({
+			amount: z.number().int(),
+			currency: z.string()
+		}),
+		breakdown: z.array(breakdownEntry)
+	}).optional()
+});
+const redeemOutput = z.object({
+	ok: z.boolean(),
+	redemptionId: z.string().uuid().optional(),
+	amount: z.number().int().optional(),
+	finalOrder: z.object({
+		amount: z.number().int(),
+		currency: z.string()
+	}).optional(),
+	breakdown: z.array(breakdownEntry).optional(),
+	idempotent: z.boolean().optional(),
+	code: z.string().optional(),
+	message: z.string().optional()
+});
+const stackRedeemInput = z.object({
+	codes: z.array(z.string().min(1)).min(1).max(20),
+	customerId: z.string().uuid().optional(),
+	orderId: z.string().uuid().optional(),
+	externalOrderId: z.string().min(1).max(120).optional(),
+	order: orderInput,
+	idempotencyKey: z.string().min(1).max(128).optional()
+});
+const stackEntry = z.object({
+	voucherCode: z.string(),
+	voucherId: z.string().uuid(),
+	redemptionId: z.string().uuid(),
+	amount: z.number().int()
+});
+const stackRedeemOutput = z.object({
+	ok: z.boolean(),
+	batchId: z.string().uuid().optional(),
+	amount: z.number().int().optional(),
+	finalOrder: z.object({
+		amount: z.number().int(),
+		currency: z.string()
+	}).optional(),
+	breakdown: z.array(breakdownEntry).optional(),
+	entries: z.array(stackEntry).optional(),
+	idempotent: z.boolean().optional(),
+	code: z.string().optional(),
+	message: z.string().optional()
+});
+//#endregion
+//#region ../contract/src/routes/vouchers.ts
+const vouchers = {
+	list: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/vouchers",
+		summary: "List vouchers"
+	}).input(paginationInput.extend({
+		search: z.string().optional(),
+		campaignId: z.string().uuid().optional(),
+		active: z.boolean().optional(),
+		customerId: z.string().uuid().optional()
+	})).output(paginatedOutput(voucherOutput)),
+	get: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "GET",
+		path: "/vouchers/{code}",
+		summary: "Get voucher by code"
+	}).input(z.object({ code: z.string() })).output(voucherOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/vouchers",
+		summary: "Create voucher"
+	}).input(voucherCreateInput).output(voucherOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/vouchers/{code}",
+		summary: "Update voucher"
+	}).input(z.object({
+		code: z.string(),
+		patch: voucherUpdateInput
+	})).output(voucherOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/vouchers/{code}",
+		summary: "Soft-delete voucher"
+	}).input(z.object({ code: z.string() })).output(z.object({ ok: z.literal(true) })),
+	bulk: oc.route({
+		method: "POST",
+		path: "/vouchers/bulk",
+		summary: "Generate vouchers in bulk"
+	}).input(voucherBulkCreateInput).output(z.object({
+		campaignId: z.string().uuid(),
+		generated: z.number().int(),
+		jobId: z.string().uuid().optional()
+	})),
+	validate: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "safe"
+	})).route({
+		method: "POST",
+		path: "/vouchers/{code}/validate",
+		summary: "Validate a voucher against an optional order context"
+	}).input(validateInput).output(validateOutput),
+	redeem: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "mutating",
+		description: "Commit a redemption against an order. Confirm with the user before calling. Use idempotencyKey to safely retry."
+	})).route({
+		method: "POST",
+		path: "/vouchers/{code}/redemption",
+		summary: "Redeem a voucher"
+	}).input(redeemInput).output(redeemOutput),
+	stackRedeem: oc.meta(mcpMeta({
+		expose: true,
+		riskLevel: "mutating",
+		description: "Apply N codes to one order atomically. Either every voucher commits or none. Confirm with the user before calling."
+	})).route({
+		method: "POST",
+		path: "/redemptions/stack",
+		summary: "Redeem multiple vouchers against one order in a single transaction"
+	}).input(stackRedeemInput).output(stackRedeemOutput),
+	transactions: oc.route({
+		method: "GET",
+		path: "/vouchers/{code}/transactions",
+		summary: "Gift card balance ledger"
+	}).input(z.object({ code: z.string() })).output(z.object({ data: z.array(z.object({
+		id: z.string().uuid(),
+		redemptionId: z.string().uuid().nullable(),
+		delta: z.number().int(),
+		balanceAfter: z.number().int(),
+		reason: z.enum([
+			"CREDIT",
+			"REDEMPTION",
+			"ROLLBACK",
+			"ADJUSTMENT"
+		]),
+		createdAt: z.string().datetime()
+	})) }))
+};
+//#endregion
+//#region ../contract/src/schemas/webhook.ts
+const webhookOutput = z.object({
+	id: z.string().uuid(),
+	name: z.string(),
+	url: z.string().url(),
+	secretPrefix: z.string(),
+	events: z.array(z.string()),
+	active: z.boolean(),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const webhookCreateInput = z.object({
+	name: z.string().min(1).max(100),
+	url: z.string().url(),
+	events: z.array(z.string()).min(1).default(["*"]),
+	active: z.boolean().default(true)
+});
+const webhookCreateOutput = webhookOutput.extend({
+/** Plaintext signing secret. Shown once. */
+secret: z.string() });
+const webhookUpdateInput = z.object({
+	name: z.string().min(1).max(100).optional(),
+	url: z.string().url().optional(),
+	events: z.array(z.string()).optional(),
+	active: z.boolean().optional()
+});
+const webhookDeliveryOutput = z.object({
+	id: z.string().uuid(),
+	webhookId: z.string().uuid(),
+	eventId: z.string().uuid(),
+	eventType: z.string(),
+	status: z.enum([
+		"pending",
+		"succeeded",
+		"failed",
+		"dead"
+	]),
+	attempts: z.number().int(),
+	responseStatus: z.number().int().nullable(),
+	responseBody: z.string().nullable(),
+	error: z.string().nullable(),
+	nextRetryAt: z.string().datetime().nullable(),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const eventOutput = z.object({
+	id: z.string().uuid(),
+	type: z.string(),
+	payload: z.record(z.string(), z.unknown()),
+	entityId: z.string().nullable(),
+	createdAt: z.string().datetime()
+});
+//#endregion
+//#region ../contract/src/routes/webhooks.ts
+const webhooks$1 = {
+	list: oc.route({
+		method: "GET",
+		path: "/webhooks",
+		summary: "List webhooks"
+	}).output(z.object({ data: z.array(webhookOutput) })),
+	get: oc.route({
+		method: "GET",
+		path: "/webhooks/{id}",
+		summary: "Get webhook"
+	}).input(z.object({ id: z.string().uuid() })).output(webhookOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/webhooks",
+		summary: "Create webhook"
+	}).input(webhookCreateInput).output(webhookCreateOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/webhooks/{id}",
+		summary: "Update webhook"
+	}).input(z.object({
+		id: z.string().uuid(),
+		patch: webhookUpdateInput
+	})).output(webhookOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/webhooks/{id}",
+		summary: "Soft-delete webhook"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) })),
+	deliveries: oc.route({
+		method: "GET",
+		path: "/webhooks/{id}/deliveries",
+		summary: "Recent deliveries for a webhook"
+	}).input(z.object({
+		id: z.string().uuid(),
+		limit: z.number().int().min(1).max(100).default(50)
+	})).output(z.object({ data: z.array(webhookDeliveryOutput) })),
+	replay: oc.route({
+		method: "POST",
+		path: "/webhooks/deliveries/{id}/replay",
+		summary: "Re-enqueue a delivery (succeeded or otherwise)"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) }))
+};
+const events = {
+	list: oc.route({
+		method: "GET",
+		path: "/events",
+		summary: "List events"
+	}).input(paginationInput.extend({ type: z.string().optional() })).output(paginatedOutput(eventOutput)),
+	get: oc.route({
+		method: "GET",
+		path: "/events/{id}",
+		summary: "Get event"
+	}).input(z.object({ id: z.string().uuid() })).output(eventOutput)
+};
+//#endregion
+//#region ../contract/src/routes/insights.ts
+const counters = z.object({
+	redemptionsToday: z.number().int(),
+	redemptions7d: z.number().int(),
+	redemptions30d: z.number().int()
+});
+const daily = z.array(z.object({
+	day: z.string(),
+	total: z.number().int()
+}));
+const topCampaigns = z.array(z.object({
+	campaignId: z.string().uuid(),
+	campaignName: z.string(),
+	redemptions: z.number().int()
+}));
+const failures = z.array(z.object({
+	reason: z.string(),
+	total: z.number().int()
+}));
+const webhooks = z.array(z.object({
+	status: z.enum([
+		"pending",
+		"succeeded",
+		"failed",
+		"dead"
+	]),
+	total: z.number().int()
+}));
+const insights = { summary: oc.route({
+	method: "GET",
+	path: "/insights/summary",
+	summary: "Headline metrics for the dashboard insights page"
+}).output(z.object({
+	sinceDays: z.number().int(),
+	counters,
+	daily,
+	topCampaigns,
+	failures,
+	webhooks
+})) };
+//#endregion
+//#region ../contract/src/schemas/user.ts
+const userRole = z.enum(["admin", "member"]);
+const userOutput = z.object({
+	id: z.string(),
+	email: z.string().email(),
+	name: z.string().nullable(),
+	role: userRole,
+	mustChangePassword: z.boolean(),
+	disabledAt: z.string().datetime().nullable(),
+	createdAt: z.string().datetime()
+});
+const userCreateInput = z.object({
+	email: z.string().email(),
+	name: z.string().max(120).optional(),
+	role: userRole.default("member")
+});
+const userCreateOutput = userOutput.extend({
+/** Generated password. Shown once at creation. */
+password: z.string() });
+//#endregion
+//#region ../contract/src/routes/users.ts
+const users = {
+	list: oc.route({
+		method: "GET",
+		path: "/users",
+		summary: "List staff users (admin)"
+	}).output(z.object({ data: z.array(userOutput) })),
+	create: oc.route({
+		method: "POST",
+		path: "/users",
+		summary: "Create staff user (admin)"
+	}).input(userCreateInput).output(userCreateOutput),
+	resetPassword: oc.route({
+		method: "POST",
+		path: "/users/{id}/reset-password",
+		summary: "Reset a staff user's password (admin)"
+	}).input(z.object({ id: z.string() })).output(userCreateOutput),
+	setRole: oc.route({
+		method: "PATCH",
+		path: "/users/{id}/role",
+		summary: "Change a staff user's role (admin)"
+	}).input(z.object({
+		id: z.string(),
+		role: userRole
+	})).output(userOutput),
+	disable: oc.route({
+		method: "POST",
+		path: "/users/{id}/disable",
+		summary: "Disable a staff user (admin)"
+	}).input(z.object({ id: z.string() })).output(userOutput),
+	enable: oc.route({
+		method: "POST",
+		path: "/users/{id}/enable",
+		summary: "Re-enable a staff user (admin)"
+	}).input(z.object({ id: z.string() })).output(userOutput)
+};
+//#endregion
+//#region ../contract/src/schemas/order.ts
+const orderStatus = z.enum([
+	"CREATED",
+	"PAID",
+	"CANCELED",
+	"FULFILLED"
+]);
+const orderItem = z.object({
+	productId: z.string().optional(),
+	sku: z.string().optional(),
+	name: z.string().min(1),
+	quantity: z.number().int().positive(),
+	unitPrice: z.number().int().nonnegative()
+});
+const orderOutput = z.object({
+	id: z.string().uuid(),
+	externalId: z.string().nullable(),
+	customerId: z.string().uuid().nullable(),
+	items: z.array(orderItem),
+	amount: z.number().int(),
+	discountAmount: z.number().int(),
+	currency: z.string(),
+	status: orderStatus,
+	metadata: z.record(z.string(), z.unknown()),
+	createdAt: z.string().datetime(),
+	updatedAt: z.string().datetime()
+});
+const orderCreateInput = z.object({
+	externalId: z.string().min(1).max(120).optional(),
+	customerId: z.string().uuid().optional(),
+	items: z.array(orderItem).min(1),
+	amount: z.number().int().nonnegative(),
+	discountAmount: z.number().int().nonnegative().optional(),
+	currency: z.string().length(3),
+	status: orderStatus.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
+const orderUpdateInput = z.object({
+	id: z.string().uuid(),
+	patch: z.object({
+		status: orderStatus.optional(),
+		discountAmount: z.number().int().nonnegative().optional(),
+		metadata: z.record(z.string(), z.unknown()).optional()
+	})
+});
+const orderListInput = z.object({
+	limit: z.number().int().min(1).max(100).default(20),
+	cursor: z.string().optional(),
+	customerId: z.string().uuid().optional(),
+	status: orderStatus.optional(),
+	search: z.string().optional()
+});
+//#endregion
+//#region ../contract/src/routes/orders.ts
+const orders = {
+	list: oc.route({
+		method: "GET",
+		path: "/orders",
+		summary: "List orders"
+	}).input(orderListInput).output(paginatedOutput(orderOutput)),
+	get: oc.route({
+		method: "GET",
+		path: "/orders/{id}",
+		summary: "Fetch one order"
+	}).input(z.object({ id: z.string().uuid() })).output(orderOutput),
+	create: oc.route({
+		method: "POST",
+		path: "/orders",
+		summary: "Create an order"
+	}).input(orderCreateInput).output(orderOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/orders/{id}",
+		summary: "Update an order"
+	}).input(orderUpdateInput).output(orderOutput),
+	cancel: oc.route({
+		method: "POST",
+		path: "/orders/{id}/cancel",
+		summary: "Cancel an order"
+	}).input(z.object({ id: z.string().uuid() })).output(orderOutput),
+	fulfill: oc.route({
+		method: "POST",
+		path: "/orders/{id}/fulfill",
+		summary: "Mark order fulfilled"
+	}).input(z.object({ id: z.string().uuid() })).output(orderOutput),
+	delete: oc.route({
+		method: "DELETE",
+		path: "/orders/{id}",
+		summary: "Soft-delete an order"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ ok: z.literal(true) })),
+	redemptions: oc.route({
+		method: "GET",
+		path: "/orders/{id}/redemptions",
+		summary: "List redemptions attached to an order"
+	}).input(z.object({ id: z.string().uuid() })).output(z.object({ data: z.array(z.object({
+		id: z.string().uuid(),
+		voucherCode: z.string(),
+		voucherId: z.string().uuid(),
+		customerId: z.string().uuid().nullable(),
+		result: z.enum([
+			"SUCCESS",
+			"FAILURE",
+			"ROLLBACK"
+		]),
+		failureReason: z.string().nullable(),
+		amount: z.number().int().nullable(),
+		createdAt: z.string().datetime()
+	})) }))
+};
+//#endregion
+//#region ../contract/src/schemas/audit-log.ts
+const auditActor = z.enum([
+	"user",
+	"api_key",
+	"system"
+]);
+const auditLogOutput = z.object({
+	id: z.string().uuid(),
+	actor: auditActor,
+	actorId: z.string().nullable(),
+	action: z.string(),
+	entity: z.string(),
+	entityId: z.string().nullable(),
+	before: z.unknown().nullable(),
+	after: z.unknown().nullable(),
+	ip: z.string().nullable(),
+	userAgent: z.string().nullable(),
+	createdAt: z.string().datetime()
+});
+const auditLogListInput = z.object({
+	limit: z.number().int().min(1).max(100).default(50),
+	cursor: z.string().optional(),
+	actor: auditActor.optional(),
+	entity: z.string().optional(),
+	action: z.string().optional(),
+	entityId: z.string().optional()
+});
+//#endregion
+//#region ../contract/src/routes/audit-log.ts
+const auditLog = { list: oc.route({
+	method: "GET",
+	path: "/audit-log",
+	summary: "List audit log entries (admin)"
+}).input(auditLogListInput).output(z.object({
+	data: z.array(auditLogOutput),
+	next: z.string().optional()
+})) };
+//#endregion
+//#region ../contract/src/routes/workspace.ts
+const workspaceOutput = z.object({
+	name: z.string(),
+	defaultCurrency: z.string(),
+	defaultTimezone: z.string(),
+	emailProvider: z.enum(["resend", "log"]),
+	updatedAt: z.string().datetime()
+});
+const workspaceUpdateInput = z.object({
+	name: z.string().min(1).max(120).optional(),
+	defaultCurrency: z.string().length(3).optional(),
+	defaultTimezone: z.string().min(1).max(64).optional()
+});
+const workspace = {
+	get: oc.route({
+		method: "GET",
+		path: "/workspace",
+		summary: "Workspace settings"
+	}).output(workspaceOutput),
+	update: oc.route({
+		method: "PATCH",
+		path: "/workspace",
+		summary: "Update workspace settings (admin)"
+	}).input(workspaceUpdateInput).output(workspaceOutput)
+};
+//#endregion
+//#region ../contract/src/router.ts
+const healthOutput = z.object({
+	status: z.literal("ok"),
+	version: z.string()
+});
+const contract = {
+	health: oc.route({
+		method: "GET",
+		path: "/health",
+		summary: "Liveness probe"
+	}).output(healthOutput),
+	ready: oc.route({
+		method: "GET",
+		path: "/ready",
+		summary: "Readiness probe (db + worker)"
+	}).output(z.object({
+		status: z.enum(["ok", "degraded"]),
+		checks: z.object({
+			db: z.boolean(),
+			worker: z.boolean()
+		})
+	})),
+	customers,
+	segments,
+	campaigns,
+	vouchers,
+	validationRules,
+	rewardTypes,
+	loyalty,
+	referrals,
+	apiKeys,
+	webhooks: webhooks$1,
+	events,
+	insights,
+	users,
+	orders,
+	auditLog,
+	workspace
+};
+//#endregion
+//#region src/index.ts
+function createClient(options) {
+	return createORPCClient(new OpenAPILink(contract, {
+		url: `${options.baseUrl.replace(/\/$/, "")}/api/v1`,
+		headers: () => {
+			const headers = {};
+			if (options.apiKey) headers["Authorization"] = `Bearer ${options.apiKey}`;
+			return headers;
+		},
+		...options.fetch ? { fetch: options.fetch } : {}
+	}));
+}
+/**
+* Verify the X-Offerkit-Signature header against the raw request body.
+*
+* Format: `t=<unix-seconds>,v1=<hex>`. v1 = HMAC-SHA256(secret, "${t}.${rawBody}").
+* Returns true on match within the tolerance window.
+*/
+function verifyWebhook(rawBody, signature, secret, options = {}) {
+	const tolerance = options.toleranceSeconds ?? 300;
+	const now = options.now ?? Date.now();
+	const parts = {};
+	for (const segment of signature.split(",")) {
+		const idx = segment.indexOf("=");
+		if (idx <= 0) continue;
+		parts[segment.slice(0, idx)] = segment.slice(idx + 1);
+	}
+	const t = Number(parts["t"]);
+	const v1 = parts["v1"];
+	if (!Number.isFinite(t) || !v1) return false;
+	if (Math.abs(now / 1e3 - t) > tolerance) return false;
+	const expected = createHmac("sha256", secret).update(`${String(t)}.${rawBody}`).digest("hex");
+	if (expected.length !== v1.length) return false;
+	return timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(v1, "hex"));
+}
+//#endregion
+export { createClient, verifyWebhook };
+//# sourceMappingURL=index.mjs.map