@open-mercato/checkout 0.6.3-develop.3810.1.ad92c339f5 → 0.6.3-develop.3811.1.be22750402
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +20 -1
- package/package.json +5 -5
package/AGENTS.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Use `packages/checkout/src/modules/checkout/` for all checkout module work.
|
|
4
4
|
|
|
5
|
-
##
|
|
5
|
+
## Always
|
|
6
6
|
|
|
7
7
|
1. MUST keep checkout isolated from core business modules; use DI, events, and UMES surfaces instead of direct module internals.
|
|
8
8
|
2. MUST treat public pay-page security as server-authoritative. Never trust submitted amount, status, or consent state from the client.
|
|
@@ -10,6 +10,25 @@ Use `packages/checkout/src/modules/checkout/` for all checkout module work.
|
|
|
10
10
|
4. MUST keep pay-page replacement handles and UMES spot IDs stable once released.
|
|
11
11
|
5. MUST follow the pay-links Phase A spec and its companion wireframes before changing checkout UI or API behavior.
|
|
12
12
|
|
|
13
|
+
## Ask First
|
|
14
|
+
|
|
15
|
+
- Ask before changing checkout payment state transitions, public pay-page API contracts, password verification, or allowed-origin behavior.
|
|
16
|
+
- Ask before adding a gateway-specific shortcut outside the provider or integration boundary.
|
|
17
|
+
|
|
18
|
+
## Never
|
|
19
|
+
|
|
20
|
+
- Never trust submitted amount, status, or consent state from the client.
|
|
21
|
+
- Never expose gateway credentials, gateway settings, password hashes, or prior-customer data from public routes.
|
|
22
|
+
- Never make checkout transaction status updates non-idempotent.
|
|
23
|
+
|
|
24
|
+
## Validation Commands
|
|
25
|
+
|
|
26
|
+
```bash
|
|
27
|
+
yarn generate
|
|
28
|
+
yarn workspace @open-mercato/checkout test
|
|
29
|
+
yarn workspace @open-mercato/checkout build
|
|
30
|
+
```
|
|
31
|
+
|
|
13
32
|
## Reference Files
|
|
14
33
|
|
|
15
34
|
- Spec: `.ai/specs/implemented/2026-03-19-checkout-pay-links.md`
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@open-mercato/checkout",
|
|
3
|
-
"version": "0.6.3-develop.
|
|
3
|
+
"version": "0.6.3-develop.3811.1.be22750402",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -61,18 +61,18 @@
|
|
|
61
61
|
}
|
|
62
62
|
},
|
|
63
63
|
"dependencies": {
|
|
64
|
-
"@open-mercato/core": "0.6.3-develop.
|
|
65
|
-
"@open-mercato/ui": "0.6.3-develop.
|
|
64
|
+
"@open-mercato/core": "0.6.3-develop.3811.1.be22750402",
|
|
65
|
+
"@open-mercato/ui": "0.6.3-develop.3811.1.be22750402",
|
|
66
66
|
"bcryptjs": "^3.0.3"
|
|
67
67
|
},
|
|
68
68
|
"peerDependencies": {
|
|
69
69
|
"@mikro-orm/postgresql": "^7.0.14",
|
|
70
|
-
"@open-mercato/shared": "0.6.3-develop.
|
|
70
|
+
"@open-mercato/shared": "0.6.3-develop.3811.1.be22750402",
|
|
71
71
|
"react": "^19.0.0",
|
|
72
72
|
"react-dom": "^19.0.0"
|
|
73
73
|
},
|
|
74
74
|
"devDependencies": {
|
|
75
|
-
"@open-mercato/shared": "0.6.3-develop.
|
|
75
|
+
"@open-mercato/shared": "0.6.3-develop.3811.1.be22750402",
|
|
76
76
|
"@types/jest": "^30.0.0",
|
|
77
77
|
"@types/react": "^19.2.15",
|
|
78
78
|
"@types/react-dom": "^19.2.3",
|