npm - @open-mercato/core - Versions diffs - 0.4.2-canary-ed15f2e753 → 0.4.2-canary-e2aeb1a7bf - Mend

@open-mercato/core 0.4.2-canary-ed15f2e753 → 0.4.2-canary-e2aeb1a7bf

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (711) hide show

package/dist/modules/attachments/lib/assignmentDetails.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/attachments/lib/assignmentDetails.ts"],
-  "sourcesContent": ["import type { QueryEngine } from '@open-mercato/shared/lib/query/types'\nimport type { AttachmentAssignment } from './metadata'\nimport type { CustomEntitySpec } from '@open-mercato/shared/modules/entities'\nimport { getEntityIds } from '@open-mercato/shared/lib/encryption/entityIds'\nimport { getModules } from '@open-mercato/shared/lib/i18n/server'\n\ntype AssignmentLinkSpec = {\n  labelFields?: string[]\n  extraFields?: string[]\n  buildHref?: (record: Record<string, unknown>) => string | null | undefined\n}\n\nlet _entityLinkSpecsCache: Record<string, AssignmentLinkSpec> | null = null\n\nfunction getEntityLinkSpecs(): Record<string, AssignmentLinkSpec> {\n  if (_entityLinkSpecsCache) return _entityLinkSpecsCache\n  const E = getEntityIds() as any\n  _entityLinkSpecsCache = {\n    [E.catalog.catalog_product]: {\n      labelFields: ['title', 'sku', 'handle'],\n      buildHref: (record) => buildSimpleHref('/backend/catalog/products', record.id),\n    },\n    [E.catalog.catalog_product_variant]: {\n      labelFields: ['name', 'sku'],\n      extraFields: ['product_id'],\n      buildHref: (record) => {\n        const productId = readRecordValue(record, 'product_id')\n        if (!productId) return null\n        return `/backend/catalog/products/${encodeURIComponent(productId)}/variants/${encodeURIComponent(String(record.id ?? ''))}`\n      },\n    },\n    [E.customers.customer_entity]: {\n      labelFields: ['display_name'],\n      extraFields: ['kind'],\n      buildHref: (record) => {\n        const kind = String(readRecordValue(record, 'kind') || '').toLowerCase()\n        if (kind === 'company') return buildSimpleHref('/backend/customers/companies', record.id)\n        if (kind === 'person') return buildSimpleHref('/backend/customers/people', record.id)\n        return null\n      },\n    },\n    [E.customers.customer_person_profile]: {\n      labelFields: ['preferred_name', 'display_name', 'first_name', 'last_name'],\n      extraFields: ['entity_id', 'first_name', 'last_name'],\n      buildHref: (record) => {\n        const entityId = readRecordValue(record, 'entity_id')\n        return entityId ? buildSimpleHref('/backend/customers/people', entityId) : null\n      },\n    },\n    [E.customers.customer_company_profile]: {\n      labelFields: ['brand_name', 'display_name', 'legal_name'],\n      extraFields: ['entity_id'],\n      buildHref: (record) => {\n        const entityId = readRecordValue(record, 'entity_id')\n        return entityId ? buildSimpleHref('/backend/customers/companies', entityId) : null\n      },\n    },\n    [E.customers.customer_deal]: {\n      labelFields: ['title'],\n      buildHref: (record) => buildSimpleHref('/backend/customers/deals', record.id),\n    },\n    [E.sales.sales_channel]: {\n      labelFields: ['name', 'title'],\n      buildHref: (record) => buildSimpleHref('/backend/sales/channels', record.id, '/edit'),\n    },\n  }\n  return _entityLinkSpecsCache\n}\n\nconst LIBRARY_ENTITY_ID = 'attachments:library'\nconst DEFAULT_LABEL_FIELDS = [\n  'label',\n  'title',\n  'name',\n  'display_name',\n  'displayName',\n  'subject',\n  'sku',\n  'handle',\n  'order_number',\n  'quote_number',\n  'invoice_number',\n  'email',\n  'company_name',\n  'legal_name',\n  'brand_name',\n]\n\nlet entitySpecsPromise: Promise<Map<string, CustomEntitySpec>> | null = null\n\nasync function loadEntitySpecs(): Promise<Map<string, CustomEntitySpec>> {\n  if (!entitySpecsPromise) {\n    entitySpecsPromise = Promise.resolve()\n      .then(() => {\n        const map = new Map<string, CustomEntitySpec>()\n        const mods = getModules()\n        for (const mod of mods) {\n          const specs = ((mod as any).customEntities as CustomEntitySpec[] | undefined) ?? []\n          for (const spec of specs) {\n            if (spec?.id && !map.has(spec.id)) {\n              map.set(spec.id, spec)\n            }\n          }\n        }\n        return map\n      })\n      .catch(() => new Map<string, CustomEntitySpec>())\n  }\n  return entitySpecsPromise\n}\n\nexport type AssignmentEnrichment = {\n  label?: string\n  href?: string\n}\n\nexport type AssignmentEnrichmentMap = Map<string, AssignmentEnrichment>\n\nfunction camelToSnake(value: string): string {\n  return value\n    .replace(/([a-z0-9])([A-Z])/g, '$1_$2')\n    .replace(/[\\s-]+/g, '_')\n    .toLowerCase()\n}\n\nfunction snakeToCamel(value: string): string {\n  return value.replace(/[_-](\\w)/g, (_, c: string) => c.toUpperCase())\n}\n\nfunction normalizeValue(value: unknown): string | null {\n  if (value === undefined || value === null) return null\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    return trimmed.length ? trimmed : null\n  }\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return String(value)\n  }\n  return null\n}\n\nfunction readRecordValue(record: Record<string, unknown>, field: string): string | null {\n  if (!field) return null\n  if (record[field] !== undefined) return normalizeValue(record[field])\n  const snake = camelToSnake(field)\n  if (snake !== field && record[snake] !== undefined) return normalizeValue(record[snake])\n  const camel = snakeToCamel(field)\n  if (camel !== field && record[camel] !== undefined) return normalizeValue(record[camel])\n  return null\n}\n\nfunction buildSimpleHref(base: string, idValue: unknown, suffix: string = ''): string | null {\n  const id = normalizeValue(idValue)\n  if (!id) return null\n  return `${base}/${encodeURIComponent(id)}${suffix}`\n}\n\nfunction isUuid(value: string | null | undefined): boolean {\n  return typeof value === 'string' && /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value.trim())\n}\n\nfunction filterIdsForEntity(entityId: string, ids: string[]): string[] {\n  const E = getEntityIds() as any\n  if (entityId === E.catalog.catalog_product_variant || entityId === E.catalog.catalog_product) {\n    return ids.filter((id) => isUuid(id))\n  }\n  return ids\n}\n\nfunction resolveLabelCandidates(entityId: string, linkSpec: AssignmentLinkSpec | undefined, entitySpecs: Map<string, CustomEntitySpec>): string[] {\n  const candidates = new Set<string>()\n  const spec = entitySpecs.get(entityId)\n  if (spec?.labelField) {\n    candidates.add(spec.labelField)\n    candidates.add(camelToSnake(spec.labelField))\n  }\n  for (const field of linkSpec?.labelFields ?? []) {\n    candidates.add(field)\n    candidates.add(camelToSnake(field))\n  }\n  DEFAULT_LABEL_FIELDS.forEach((field) => {\n    candidates.add(field)\n    candidates.add(camelToSnake(field))\n  })\n  return Array.from(candidates).filter((field) => field.length > 0)\n}\n\nfunction buildLabel(\n  record: Record<string, unknown>,\n  entityId: string,\n  linkSpec: AssignmentLinkSpec | undefined,\n  entitySpecs: Map<string, CustomEntitySpec>\n): string | null {\n  const candidates = resolveLabelCandidates(entityId, linkSpec, entitySpecs)\n  for (const candidate of candidates) {\n    const value = readRecordValue(record, candidate)\n    if (value) return value\n  }\n  const fullName = [readRecordValue(record, 'first_name'), readRecordValue(record, 'last_name')]\n    .filter((part): part is string => Boolean(part))\n    .join(' ')\n    .trim()\n  if (fullName.length) return fullName\n  return null\n}\n\nexport async function resolveAssignmentEnrichments(\n  assignments: AttachmentAssignment[],\n  opts: { queryEngine?: QueryEngine | null; tenantId: string; organizationId: string },\n): Promise<AssignmentEnrichmentMap> {\n  const map: AssignmentEnrichmentMap = new Map()\n  if (!assignments.length || !opts.queryEngine) return map\n  const entitySpecs = await loadEntitySpecs()\n  const grouped = new Map<string, Set<string>>()\n  for (const assignment of assignments) {\n    if (!assignment || assignment.type === LIBRARY_ENTITY_ID) continue\n    const type = assignment.type?.trim()\n    const id = assignment.id?.trim()\n    if (!type || !id) continue\n    if (!grouped.has(type)) grouped.set(type, new Set())\n    grouped.get(type)!.add(id)\n  }\n  if (!grouped.size) return map\n\n  const entityLinkSpecs = getEntityLinkSpecs()\n  for (const [entityId, idsSet] of grouped.entries()) {\n    const ids = filterIdsForEntity(entityId, Array.from(idsSet.values()))\n    if (!ids.length) continue\n    const linkSpec = entityLinkSpecs[entityId]\n    const fields = new Set<string>(['id'])\n    const candidates = resolveLabelCandidates(entityId, linkSpec, entitySpecs)\n    candidates.forEach((field) => fields.add(field))\n    for (const extra of linkSpec?.extraFields ?? []) {\n      fields.add(extra)\n      fields.add(camelToSnake(extra))\n    }\n    try {\n      const result = await opts.queryEngine.query(entityId as any, {\n        fields: Array.from(fields),\n        filters: { id: ids.length === 1 ? { $eq: ids[0] } : { $in: ids } },\n        tenantId: opts.tenantId,\n        organizationId: opts.organizationId,\n        page: { pageSize: Math.max(ids.length, 20) },\n      })\n      for (const record of result.items ?? []) {\n        const recordId = normalizeValue((record as Record<string, unknown>).id)\n        if (!recordId) continue\n        const label = buildLabel(record as Record<string, unknown>, entityId, linkSpec, entitySpecs)\n        const href = linkSpec?.buildHref?.(record as Record<string, unknown>) ?? null\n        if (label || href) {\n          map.set(`${entityId}:${recordId}`, {\n            label: label ?? undefined,\n            href: href ?? undefined,\n          })\n        }\n      }\n    } catch (error) {\n      console.warn('[attachments] Failed to resolve assignment details for', entityId, error)\n    }\n  }\n  return map\n}\n\nexport function applyAssignmentEnrichments(\n  assignments: AttachmentAssignment[],\n  enrichments: AssignmentEnrichmentMap,\n): AttachmentAssignment[] {\n  if (!enrichments.size) return assignments\n  return assignments.map((assignment) => {\n    if (!assignment || !assignment.type || !assignment.id) return assignment\n    const key = `${assignment.type}:${assignment.id}`\n    const detail = enrichments.get(key)\n    if (!detail) return assignment\n    const next: AttachmentAssignment = { ...assignment }\n    if (!next.label && detail.label) next.label = detail.label\n    if (!next.href && detail.href) next.href = detail.href\n    return next\n  })\n}\n"],
-  "mappings": "AAGA,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAQ3B,IAAI,wBAAmE;AAEvE,SAAS,qBAAyD;AAChE,MAAI,sBAAuB,QAAO;AAClC,QAAM,IAAI,aAAa;AACvB,0BAAwB;AAAA,IACtB,CAAC,EAAE,QAAQ,eAAe,GAAG;AAAA,MAC3B,aAAa,CAAC,SAAS,OAAO,QAAQ;AAAA,MACtC,WAAW,CAAC,WAAW,gBAAgB,6BAA6B,OAAO,EAAE;AAAA,IAC/E;AAAA,IACA,CAAC,EAAE,QAAQ,uBAAuB,GAAG;AAAA,MACnC,aAAa,CAAC,QAAQ,KAAK;AAAA,MAC3B,aAAa,CAAC,YAAY;AAAA,MAC1B,WAAW,CAAC,WAAW;AACrB,cAAM,YAAY,gBAAgB,QAAQ,YAAY;AACtD,YAAI,CAAC,UAAW,QAAO;AACvB,eAAO,6BAA6B,mBAAmB,SAAS,CAAC,aAAa,mBAAmB,OAAO,OAAO,MAAM,EAAE,CAAC,CAAC;AAAA,MAC3H;AAAA,IACF;AAAA,IACA,CAAC,EAAE,UAAU,eAAe,GAAG;AAAA,MAC7B,aAAa,CAAC,cAAc;AAAA,MAC5B,aAAa,CAAC,MAAM;AAAA,MACpB,WAAW,CAAC,WAAW;AACrB,cAAM,OAAO,OAAO,gBAAgB,QAAQ,MAAM,KAAK,EAAE,EAAE,YAAY;AACvE,YAAI,SAAS,UAAW,QAAO,gBAAgB,gCAAgC,OAAO,EAAE;AACxF,YAAI,SAAS,SAAU,QAAO,gBAAgB,6BAA6B,OAAO,EAAE;AACpF,eAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,CAAC,EAAE,UAAU,uBAAuB,GAAG;AAAA,MACrC,aAAa,CAAC,kBAAkB,gBAAgB,cAAc,WAAW;AAAA,MACzE,aAAa,CAAC,aAAa,cAAc,WAAW;AAAA,MACpD,WAAW,CAAC,WAAW;AACrB,cAAM,WAAW,gBAAgB,QAAQ,WAAW;AACpD,eAAO,WAAW,gBAAgB,6BAA6B,QAAQ,IAAI;AAAA,MAC7E;AAAA,IACF;AAAA,IACA,CAAC,EAAE,UAAU,wBAAwB,GAAG;AAAA,MACtC,aAAa,CAAC,cAAc,gBAAgB,YAAY;AAAA,MACxD,aAAa,CAAC,WAAW;AAAA,MACzB,WAAW,CAAC,WAAW;AACrB,cAAM,WAAW,gBAAgB,QAAQ,WAAW;AACpD,eAAO,WAAW,gBAAgB,gCAAgC,QAAQ,IAAI;AAAA,MAChF;AAAA,IACF;AAAA,IACA,CAAC,EAAE,UAAU,aAAa,GAAG;AAAA,MAC3B,aAAa,CAAC,OAAO;AAAA,MACrB,WAAW,CAAC,WAAW,gBAAgB,4BAA4B,OAAO,EAAE;AAAA,IAC9E;AAAA,IACA,CAAC,EAAE,MAAM,aAAa,GAAG;AAAA,MACvB,aAAa,CAAC,QAAQ,OAAO;AAAA,MAC7B,WAAW,CAAC,WAAW,gBAAgB,2BAA2B,OAAO,IAAI,OAAO;AAAA,IACtF;AAAA,EACF;AACA,SAAO;AACT;AAEA,MAAM,oBAAoB;AAC1B,MAAM,uBAAuB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAI,qBAAoE;AAExE,eAAe,kBAA0D;AACvE,MAAI,CAAC,oBAAoB;AACvB,yBAAqB,QAAQ,QAAQ,EAClC,KAAK,MAAM;AACV,YAAM,MAAM,oBAAI,IAA8B;AAC9C,YAAM,OAAO,WAAW;AACxB,iBAAW,OAAO,MAAM;AACtB,cAAM,QAAU,IAAY,kBAAqD,CAAC;AAClF,mBAAW,QAAQ,OAAO;AACxB,cAAI,MAAM,MAAM,CAAC,IAAI,IAAI,KAAK,EAAE,GAAG;AACjC,gBAAI,IAAI,KAAK,IAAI,IAAI;AAAA,UACvB;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,CAAC,EACA,MAAM,MAAM,oBAAI,IAA8B,CAAC;AAAA,EACpD;AACA,SAAO;AACT;AASA,SAAS,aAAa,OAAuB;AAC3C,SAAO,MACJ,QAAQ,sBAAsB,OAAO,EACrC,QAAQ,WAAW,GAAG,EACtB,YAAY;AACjB;AAEA,SAAS,aAAa,OAAuB;AAC3C,SAAO,MAAM,QAAQ,aAAa,CAAC,GAAG,MAAc,EAAE,YAAY,CAAC;AACrE;AAEA,SAAS,eAAe,OAA+B;AACrD,MAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,WAAO,QAAQ,SAAS,UAAU;AAAA,EACpC;AACA,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,WAAW;AAC3D,WAAO,OAAO,KAAK;AAAA,EACrB;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,QAAiC,OAA8B;AACtF,MAAI,CAAC,MAAO,QAAO;AACnB,MAAI,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACpE,QAAM,QAAQ,aAAa,KAAK;AAChC,MAAI,UAAU,SAAS,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACvF,QAAM,QAAQ,aAAa,KAAK;AAChC,MAAI,UAAU,SAAS,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACvF,SAAO;AACT;AAEA,SAAS,gBAAgB,MAAc,SAAkB,SAAiB,IAAmB;AAC3F,QAAM,KAAK,eAAe,OAAO;AACjC,MAAI,CAAC,GAAI,QAAO;AAChB,SAAO,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC,GAAG,MAAM;AACnD;AAEA,SAAS,OAAO,OAA2C;AACzD,SAAO,OAAO,UAAU,YAAY,6EAA6E,KAAK,MAAM,KAAK,CAAC;AACpI;AAEA,SAAS,mBAAmB,UAAkB,KAAyB;AACrE,QAAM,IAAI,aAAa;AACvB,MAAI,aAAa,EAAE,QAAQ,2BAA2B,aAAa,EAAE,QAAQ,iBAAiB;AAC5F,WAAO,IAAI,OAAO,CAAC,OAAO,OAAO,EAAE,CAAC;AAAA,EACtC;AACA,SAAO;AACT;AAEA,SAAS,uBAAuB,UAAkB,UAA0C,aAAsD;AAChJ,QAAM,aAAa,oBAAI,IAAY;AACnC,QAAM,OAAO,YAAY,IAAI,QAAQ;AACrC,MAAI,MAAM,YAAY;AACpB,eAAW,IAAI,KAAK,UAAU;AAC9B,eAAW,IAAI,aAAa,KAAK,UAAU,CAAC;AAAA,EAC9C;AACA,aAAW,SAAS,UAAU,eAAe,CAAC,GAAG;AAC/C,eAAW,IAAI,KAAK;AACpB,eAAW,IAAI,aAAa,KAAK,CAAC;AAAA,EACpC;AACA,uBAAqB,QAAQ,CAAC,UAAU;AACtC,eAAW,IAAI,KAAK;AACpB,eAAW,IAAI,aAAa,KAAK,CAAC;AAAA,EACpC,CAAC;AACD,SAAO,MAAM,KAAK,UAAU,EAAE,OAAO,CAAC,UAAU,MAAM,SAAS,CAAC;AAClE;AAEA,SAAS,WACP,QACA,UACA,UACA,aACe;AACf,QAAM,aAAa,uBAAuB,UAAU,UAAU,WAAW;AACzE,aAAW,aAAa,YAAY;AAClC,UAAM,QAAQ,gBAAgB,QAAQ,SAAS;AAC/C,QAAI,MAAO,QAAO;AAAA,EACpB;AACA,QAAM,WAAW,CAAC,gBAAgB,QAAQ,YAAY,GAAG,gBAAgB,QAAQ,WAAW,CAAC,EAC1F,OAAO,CAAC,SAAyB,QAAQ,IAAI,CAAC,EAC9C,KAAK,GAAG,EACR,KAAK;AACR,MAAI,SAAS,OAAQ,QAAO;AAC5B,SAAO;AACT;AAEA,eAAsB,6BACpB,aACA,MACkC;AAClC,QAAM,MAA+B,oBAAI,IAAI;AAC7C,MAAI,CAAC,YAAY,UAAU,CAAC,KAAK,YAAa,QAAO;AACrD,QAAM,cAAc,MAAM,gBAAgB;AAC1C,QAAM,UAAU,oBAAI,IAAyB;AAC7C,aAAW,cAAc,aAAa;AACpC,QAAI,CAAC,cAAc,WAAW,SAAS,kBAAmB;AAC1D,UAAM,OAAO,WAAW,MAAM,KAAK;AACnC,UAAM,KAAK,WAAW,IAAI,KAAK;AAC/B,QAAI,CAAC,QAAQ,CAAC,GAAI;AAClB,QAAI,CAAC,QAAQ,IAAI,IAAI,EAAG,SAAQ,IAAI,MAAM,oBAAI,IAAI,CAAC;AACnD,YAAQ,IAAI,IAAI,EAAG,IAAI,EAAE;AAAA,EAC3B;AACA,MAAI,CAAC,QAAQ,KAAM,QAAO;AAE1B,QAAM,kBAAkB,mBAAmB;AAC3C,aAAW,CAAC,UAAU,MAAM,KAAK,QAAQ,QAAQ,GAAG;AAClD,UAAM,MAAM,mBAAmB,UAAU,MAAM,KAAK,OAAO,OAAO,CAAC,CAAC;AACpE,QAAI,CAAC,IAAI,OAAQ;AACjB,UAAM,WAAW,gBAAgB,QAAQ;AACzC,UAAM,SAAS,oBAAI,IAAY,CAAC,IAAI,CAAC;AACrC,UAAM,aAAa,uBAAuB,UAAU,UAAU,WAAW;AACzE,eAAW,QAAQ,CAAC,UAAU,OAAO,IAAI,KAAK,CAAC;AAC/C,eAAW,SAAS,UAAU,eAAe,CAAC,GAAG;AAC/C,aAAO,IAAI,KAAK;AAChB,aAAO,IAAI,aAAa,KAAK,CAAC;AAAA,IAChC;AACA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,YAAY,MAAM,UAAiB;AAAA,QAC3D,QAAQ,MAAM,KAAK,MAAM;AAAA,QACzB,SAAS,EAAE,IAAI,IAAI,WAAW,IAAI,EAAE,KAAK,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;AAAA,QACjE,UAAU,KAAK;AAAA,QACf,gBAAgB,KAAK;AAAA,QACrB,MAAM,EAAE,UAAU,KAAK,IAAI,IAAI,QAAQ,EAAE,EAAE;AAAA,MAC7C,CAAC;AACD,iBAAW,UAAU,OAAO,SAAS,CAAC,GAAG;AACvC,cAAM,WAAW,eAAgB,OAAmC,EAAE;AACtE,YAAI,CAAC,SAAU;AACf,cAAM,QAAQ,WAAW,QAAmC,UAAU,UAAU,WAAW;AAC3F,cAAM,OAAO,UAAU,YAAY,MAAiC,KAAK;AACzE,YAAI,SAAS,MAAM;AACjB,cAAI,IAAI,GAAG,QAAQ,IAAI,QAAQ,IAAI;AAAA,YACjC,OAAO,SAAS;AAAA,YAChB,MAAM,QAAQ;AAAA,UAChB,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,0DAA0D,UAAU,KAAK;AAAA,IACxF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,2BACd,aACA,aACwB;AACxB,MAAI,CAAC,YAAY,KAAM,QAAO;AAC9B,SAAO,YAAY,IAAI,CAAC,eAAe;AACrC,QAAI,CAAC,cAAc,CAAC,WAAW,QAAQ,CAAC,WAAW,GAAI,QAAO;AAC9D,UAAM,MAAM,GAAG,WAAW,IAAI,IAAI,WAAW,EAAE;AAC/C,UAAM,SAAS,YAAY,IAAI,GAAG;AAClC,QAAI,CAAC,OAAQ,QAAO;AACpB,UAAM,OAA6B,EAAE,GAAG,WAAW;AACnD,QAAI,CAAC,KAAK,SAAS,OAAO,MAAO,MAAK,QAAQ,OAAO;AACrD,QAAI,CAAC,KAAK,QAAQ,OAAO,KAAM,MAAK,OAAO,OAAO;AAClD,WAAO;AAAA,EACT,CAAC;AACH;",
+  "sourcesContent": ["import type { QueryEngine } from '@open-mercato/shared/lib/query/types'\nimport type { AttachmentAssignment } from './metadata'\nimport type { CustomEntitySpec } from '@open-mercato/shared/modules/entities'\nimport { getEntityIds } from '@open-mercato/shared/lib/encryption/entityIds'\nimport { getModules } from '@open-mercato/shared/lib/i18n/server'\n\ntype AssignmentLinkSpec = {\n  labelFields?: string[]\n  extraFields?: string[]\n  buildHref?: (record: Record<string, unknown>) => string | null | undefined\n}\n\nlet _entityLinkSpecsCache: Record<string, AssignmentLinkSpec> | null = null\n\nfunction getEntityLinkSpecs(): Record<string, AssignmentLinkSpec> {\n  if (_entityLinkSpecsCache) return _entityLinkSpecsCache\n  const E = getEntityIds() as any\n  const specs: Record<string, AssignmentLinkSpec> = {}\n\n  if (E.catalog?.catalog_product) {\n    specs[E.catalog.catalog_product] = {\n      labelFields: ['title', 'sku', 'handle'],\n      buildHref: (record) => buildSimpleHref('/backend/catalog/products', record.id),\n    }\n  }\n  if (E.catalog?.catalog_product_variant) {\n    specs[E.catalog.catalog_product_variant] = {\n      labelFields: ['name', 'sku'],\n      extraFields: ['product_id'],\n      buildHref: (record) => {\n        const productId = readRecordValue(record, 'product_id')\n        if (!productId) return null\n        return `/backend/catalog/products/${encodeURIComponent(productId)}/variants/${encodeURIComponent(String(record.id ?? ''))}`\n      },\n    }\n  }\n  if (E.customers?.customer_entity) {\n    specs[E.customers.customer_entity] = {\n      labelFields: ['display_name'],\n      extraFields: ['kind'],\n      buildHref: (record) => {\n        const kind = String(readRecordValue(record, 'kind') || '').toLowerCase()\n        if (kind === 'company') return buildSimpleHref('/backend/customers/companies', record.id)\n        if (kind === 'person') return buildSimpleHref('/backend/customers/people', record.id)\n        return null\n      },\n    }\n  }\n  if (E.customers?.customer_person_profile) {\n    specs[E.customers.customer_person_profile] = {\n      labelFields: ['preferred_name', 'display_name', 'first_name', 'last_name'],\n      extraFields: ['entity_id', 'first_name', 'last_name'],\n      buildHref: (record) => {\n        const entityId = readRecordValue(record, 'entity_id')\n        return entityId ? buildSimpleHref('/backend/customers/people', entityId) : null\n      },\n    }\n  }\n  if (E.customers?.customer_company_profile) {\n    specs[E.customers.customer_company_profile] = {\n      labelFields: ['brand_name', 'display_name', 'legal_name'],\n      extraFields: ['entity_id'],\n      buildHref: (record) => {\n        const entityId = readRecordValue(record, 'entity_id')\n        return entityId ? buildSimpleHref('/backend/customers/companies', entityId) : null\n      },\n    }\n  }\n  if (E.customers?.customer_deal) {\n    specs[E.customers.customer_deal] = {\n      labelFields: ['title'],\n      buildHref: (record) => buildSimpleHref('/backend/customers/deals', record.id),\n    }\n  }\n  if (E.sales?.sales_channel) {\n    specs[E.sales.sales_channel] = {\n      labelFields: ['name', 'title'],\n      buildHref: (record) => buildSimpleHref('/backend/sales/channels', record.id, '/edit'),\n    }\n  }\n\n  _entityLinkSpecsCache = specs\n  return _entityLinkSpecsCache\n}\n\nconst LIBRARY_ENTITY_ID = 'attachments:library'\nconst DEFAULT_LABEL_FIELDS = [\n  'label',\n  'title',\n  'name',\n  'display_name',\n  'displayName',\n  'subject',\n  'sku',\n  'handle',\n  'order_number',\n  'quote_number',\n  'invoice_number',\n  'email',\n  'company_name',\n  'legal_name',\n  'brand_name',\n]\n\nlet entitySpecsPromise: Promise<Map<string, CustomEntitySpec>> | null = null\n\nasync function loadEntitySpecs(): Promise<Map<string, CustomEntitySpec>> {\n  if (!entitySpecsPromise) {\n    entitySpecsPromise = Promise.resolve()\n      .then(() => {\n        const map = new Map<string, CustomEntitySpec>()\n        const mods = getModules()\n        for (const mod of mods) {\n          const specs = ((mod as any).customEntities as CustomEntitySpec[] | undefined) ?? []\n          for (const spec of specs) {\n            if (spec?.id && !map.has(spec.id)) {\n              map.set(spec.id, spec)\n            }\n          }\n        }\n        return map\n      })\n      .catch(() => new Map<string, CustomEntitySpec>())\n  }\n  return entitySpecsPromise\n}\n\nexport type AssignmentEnrichment = {\n  label?: string\n  href?: string\n}\n\nexport type AssignmentEnrichmentMap = Map<string, AssignmentEnrichment>\n\nfunction camelToSnake(value: string): string {\n  return value\n    .replace(/([a-z0-9])([A-Z])/g, '$1_$2')\n    .replace(/[\\s-]+/g, '_')\n    .toLowerCase()\n}\n\nfunction snakeToCamel(value: string): string {\n  return value.replace(/[_-](\\w)/g, (_, c: string) => c.toUpperCase())\n}\n\nfunction normalizeValue(value: unknown): string | null {\n  if (value === undefined || value === null) return null\n  if (typeof value === 'string') {\n    const trimmed = value.trim()\n    return trimmed.length ? trimmed : null\n  }\n  if (typeof value === 'number' || typeof value === 'boolean') {\n    return String(value)\n  }\n  return null\n}\n\nfunction readRecordValue(record: Record<string, unknown>, field: string): string | null {\n  if (!field) return null\n  if (record[field] !== undefined) return normalizeValue(record[field])\n  const snake = camelToSnake(field)\n  if (snake !== field && record[snake] !== undefined) return normalizeValue(record[snake])\n  const camel = snakeToCamel(field)\n  if (camel !== field && record[camel] !== undefined) return normalizeValue(record[camel])\n  return null\n}\n\nfunction buildSimpleHref(base: string, idValue: unknown, suffix: string = ''): string | null {\n  const id = normalizeValue(idValue)\n  if (!id) return null\n  return `${base}/${encodeURIComponent(id)}${suffix}`\n}\n\nfunction isUuid(value: string | null | undefined): boolean {\n  return typeof value === 'string' && /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value.trim())\n}\n\nfunction filterIdsForEntity(entityId: string, ids: string[]): string[] {\n  const E = getEntityIds() as any\n  if (entityId === E.catalog?.catalog_product_variant || entityId === E.catalog?.catalog_product) {\n    return ids.filter((id) => isUuid(id))\n  }\n  return ids\n}\n\nfunction resolveLabelCandidates(entityId: string, linkSpec: AssignmentLinkSpec | undefined, entitySpecs: Map<string, CustomEntitySpec>): string[] {\n  const candidates = new Set<string>()\n  const spec = entitySpecs.get(entityId)\n  if (spec?.labelField) {\n    candidates.add(spec.labelField)\n    candidates.add(camelToSnake(spec.labelField))\n  }\n  for (const field of linkSpec?.labelFields ?? []) {\n    candidates.add(field)\n    candidates.add(camelToSnake(field))\n  }\n  DEFAULT_LABEL_FIELDS.forEach((field) => {\n    candidates.add(field)\n    candidates.add(camelToSnake(field))\n  })\n  return Array.from(candidates).filter((field) => field.length > 0)\n}\n\nfunction buildLabel(\n  record: Record<string, unknown>,\n  entityId: string,\n  linkSpec: AssignmentLinkSpec | undefined,\n  entitySpecs: Map<string, CustomEntitySpec>\n): string | null {\n  const candidates = resolveLabelCandidates(entityId, linkSpec, entitySpecs)\n  for (const candidate of candidates) {\n    const value = readRecordValue(record, candidate)\n    if (value) return value\n  }\n  const fullName = [readRecordValue(record, 'first_name'), readRecordValue(record, 'last_name')]\n    .filter((part): part is string => Boolean(part))\n    .join(' ')\n    .trim()\n  if (fullName.length) return fullName\n  return null\n}\n\nexport async function resolveAssignmentEnrichments(\n  assignments: AttachmentAssignment[],\n  opts: { queryEngine?: QueryEngine | null; tenantId: string; organizationId: string },\n): Promise<AssignmentEnrichmentMap> {\n  const map: AssignmentEnrichmentMap = new Map()\n  if (!assignments.length || !opts.queryEngine) return map\n  const entitySpecs = await loadEntitySpecs()\n  const grouped = new Map<string, Set<string>>()\n  for (const assignment of assignments) {\n    if (!assignment || assignment.type === LIBRARY_ENTITY_ID) continue\n    const type = assignment.type?.trim()\n    const id = assignment.id?.trim()\n    if (!type || !id) continue\n    if (!grouped.has(type)) grouped.set(type, new Set())\n    grouped.get(type)!.add(id)\n  }\n  if (!grouped.size) return map\n\n  const entityLinkSpecs = getEntityLinkSpecs()\n  for (const [entityId, idsSet] of grouped.entries()) {\n    const ids = filterIdsForEntity(entityId, Array.from(idsSet.values()))\n    if (!ids.length) continue\n    const linkSpec = entityLinkSpecs[entityId]\n    const fields = new Set<string>(['id'])\n    const candidates = resolveLabelCandidates(entityId, linkSpec, entitySpecs)\n    candidates.forEach((field) => fields.add(field))\n    for (const extra of linkSpec?.extraFields ?? []) {\n      fields.add(extra)\n      fields.add(camelToSnake(extra))\n    }\n    try {\n      const result = await opts.queryEngine.query(entityId as any, {\n        fields: Array.from(fields),\n        filters: { id: ids.length === 1 ? { $eq: ids[0] } : { $in: ids } },\n        tenantId: opts.tenantId,\n        organizationId: opts.organizationId,\n        page: { pageSize: Math.max(ids.length, 20) },\n      })\n      for (const record of result.items ?? []) {\n        const recordId = normalizeValue((record as Record<string, unknown>).id)\n        if (!recordId) continue\n        const label = buildLabel(record as Record<string, unknown>, entityId, linkSpec, entitySpecs)\n        const href = linkSpec?.buildHref?.(record as Record<string, unknown>) ?? null\n        if (label || href) {\n          map.set(`${entityId}:${recordId}`, {\n            label: label ?? undefined,\n            href: href ?? undefined,\n          })\n        }\n      }\n    } catch (error) {\n      console.warn('[attachments] Failed to resolve assignment details for', entityId, error)\n    }\n  }\n  return map\n}\n\nexport function applyAssignmentEnrichments(\n  assignments: AttachmentAssignment[],\n  enrichments: AssignmentEnrichmentMap,\n): AttachmentAssignment[] {\n  if (!enrichments.size) return assignments\n  return assignments.map((assignment) => {\n    if (!assignment || !assignment.type || !assignment.id) return assignment\n    const key = `${assignment.type}:${assignment.id}`\n    const detail = enrichments.get(key)\n    if (!detail) return assignment\n    const next: AttachmentAssignment = { ...assignment }\n    if (!next.label && detail.label) next.label = detail.label\n    if (!next.href && detail.href) next.href = detail.href\n    return next\n  })\n}\n"],
+  "mappings": "AAGA,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAQ3B,IAAI,wBAAmE;AAEvE,SAAS,qBAAyD;AAChE,MAAI,sBAAuB,QAAO;AAClC,QAAM,IAAI,aAAa;AACvB,QAAM,QAA4C,CAAC;AAEnD,MAAI,EAAE,SAAS,iBAAiB;AAC9B,UAAM,EAAE,QAAQ,eAAe,IAAI;AAAA,MACjC,aAAa,CAAC,SAAS,OAAO,QAAQ;AAAA,MACtC,WAAW,CAAC,WAAW,gBAAgB,6BAA6B,OAAO,EAAE;AAAA,IAC/E;AAAA,EACF;AACA,MAAI,EAAE,SAAS,yBAAyB;AACtC,UAAM,EAAE,QAAQ,uBAAuB,IAAI;AAAA,MACzC,aAAa,CAAC,QAAQ,KAAK;AAAA,MAC3B,aAAa,CAAC,YAAY;AAAA,MAC1B,WAAW,CAAC,WAAW;AACrB,cAAM,YAAY,gBAAgB,QAAQ,YAAY;AACtD,YAAI,CAAC,UAAW,QAAO;AACvB,eAAO,6BAA6B,mBAAmB,SAAS,CAAC,aAAa,mBAAmB,OAAO,OAAO,MAAM,EAAE,CAAC,CAAC;AAAA,MAC3H;AAAA,IACF;AAAA,EACF;AACA,MAAI,EAAE,WAAW,iBAAiB;AAChC,UAAM,EAAE,UAAU,eAAe,IAAI;AAAA,MACnC,aAAa,CAAC,cAAc;AAAA,MAC5B,aAAa,CAAC,MAAM;AAAA,MACpB,WAAW,CAAC,WAAW;AACrB,cAAM,OAAO,OAAO,gBAAgB,QAAQ,MAAM,KAAK,EAAE,EAAE,YAAY;AACvE,YAAI,SAAS,UAAW,QAAO,gBAAgB,gCAAgC,OAAO,EAAE;AACxF,YAAI,SAAS,SAAU,QAAO,gBAAgB,6BAA6B,OAAO,EAAE;AACpF,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,MAAI,EAAE,WAAW,yBAAyB;AACxC,UAAM,EAAE,UAAU,uBAAuB,IAAI;AAAA,MAC3C,aAAa,CAAC,kBAAkB,gBAAgB,cAAc,WAAW;AAAA,MACzE,aAAa,CAAC,aAAa,cAAc,WAAW;AAAA,MACpD,WAAW,CAAC,WAAW;AACrB,cAAM,WAAW,gBAAgB,QAAQ,WAAW;AACpD,eAAO,WAAW,gBAAgB,6BAA6B,QAAQ,IAAI;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACA,MAAI,EAAE,WAAW,0BAA0B;AACzC,UAAM,EAAE,UAAU,wBAAwB,IAAI;AAAA,MAC5C,aAAa,CAAC,cAAc,gBAAgB,YAAY;AAAA,MACxD,aAAa,CAAC,WAAW;AAAA,MACzB,WAAW,CAAC,WAAW;AACrB,cAAM,WAAW,gBAAgB,QAAQ,WAAW;AACpD,eAAO,WAAW,gBAAgB,gCAAgC,QAAQ,IAAI;AAAA,MAChF;AAAA,IACF;AAAA,EACF;AACA,MAAI,EAAE,WAAW,eAAe;AAC9B,UAAM,EAAE,UAAU,aAAa,IAAI;AAAA,MACjC,aAAa,CAAC,OAAO;AAAA,MACrB,WAAW,CAAC,WAAW,gBAAgB,4BAA4B,OAAO,EAAE;AAAA,IAC9E;AAAA,EACF;AACA,MAAI,EAAE,OAAO,eAAe;AAC1B,UAAM,EAAE,MAAM,aAAa,IAAI;AAAA,MAC7B,aAAa,CAAC,QAAQ,OAAO;AAAA,MAC7B,WAAW,CAAC,WAAW,gBAAgB,2BAA2B,OAAO,IAAI,OAAO;AAAA,IACtF;AAAA,EACF;AAEA,0BAAwB;AACxB,SAAO;AACT;AAEA,MAAM,oBAAoB;AAC1B,MAAM,uBAAuB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAI,qBAAoE;AAExE,eAAe,kBAA0D;AACvE,MAAI,CAAC,oBAAoB;AACvB,yBAAqB,QAAQ,QAAQ,EAClC,KAAK,MAAM;AACV,YAAM,MAAM,oBAAI,IAA8B;AAC9C,YAAM,OAAO,WAAW;AACxB,iBAAW,OAAO,MAAM;AACtB,cAAM,QAAU,IAAY,kBAAqD,CAAC;AAClF,mBAAW,QAAQ,OAAO;AACxB,cAAI,MAAM,MAAM,CAAC,IAAI,IAAI,KAAK,EAAE,GAAG;AACjC,gBAAI,IAAI,KAAK,IAAI,IAAI;AAAA,UACvB;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,CAAC,EACA,MAAM,MAAM,oBAAI,IAA8B,CAAC;AAAA,EACpD;AACA,SAAO;AACT;AASA,SAAS,aAAa,OAAuB;AAC3C,SAAO,MACJ,QAAQ,sBAAsB,OAAO,EACrC,QAAQ,WAAW,GAAG,EACtB,YAAY;AACjB;AAEA,SAAS,aAAa,OAAuB;AAC3C,SAAO,MAAM,QAAQ,aAAa,CAAC,GAAG,MAAc,EAAE,YAAY,CAAC;AACrE;AAEA,SAAS,eAAe,OAA+B;AACrD,MAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,UAAU,MAAM,KAAK;AAC3B,WAAO,QAAQ,SAAS,UAAU;AAAA,EACpC;AACA,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,WAAW;AAC3D,WAAO,OAAO,KAAK;AAAA,EACrB;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,QAAiC,OAA8B;AACtF,MAAI,CAAC,MAAO,QAAO;AACnB,MAAI,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACpE,QAAM,QAAQ,aAAa,KAAK;AAChC,MAAI,UAAU,SAAS,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACvF,QAAM,QAAQ,aAAa,KAAK;AAChC,MAAI,UAAU,SAAS,OAAO,KAAK,MAAM,OAAW,QAAO,eAAe,OAAO,KAAK,CAAC;AACvF,SAAO;AACT;AAEA,SAAS,gBAAgB,MAAc,SAAkB,SAAiB,IAAmB;AAC3F,QAAM,KAAK,eAAe,OAAO;AACjC,MAAI,CAAC,GAAI,QAAO;AAChB,SAAO,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC,GAAG,MAAM;AACnD;AAEA,SAAS,OAAO,OAA2C;AACzD,SAAO,OAAO,UAAU,YAAY,6EAA6E,KAAK,MAAM,KAAK,CAAC;AACpI;AAEA,SAAS,mBAAmB,UAAkB,KAAyB;AACrE,QAAM,IAAI,aAAa;AACvB,MAAI,aAAa,EAAE,SAAS,2BAA2B,aAAa,EAAE,SAAS,iBAAiB;AAC9F,WAAO,IAAI,OAAO,CAAC,OAAO,OAAO,EAAE,CAAC;AAAA,EACtC;AACA,SAAO;AACT;AAEA,SAAS,uBAAuB,UAAkB,UAA0C,aAAsD;AAChJ,QAAM,aAAa,oBAAI,IAAY;AACnC,QAAM,OAAO,YAAY,IAAI,QAAQ;AACrC,MAAI,MAAM,YAAY;AACpB,eAAW,IAAI,KAAK,UAAU;AAC9B,eAAW,IAAI,aAAa,KAAK,UAAU,CAAC;AAAA,EAC9C;AACA,aAAW,SAAS,UAAU,eAAe,CAAC,GAAG;AAC/C,eAAW,IAAI,KAAK;AACpB,eAAW,IAAI,aAAa,KAAK,CAAC;AAAA,EACpC;AACA,uBAAqB,QAAQ,CAAC,UAAU;AACtC,eAAW,IAAI,KAAK;AACpB,eAAW,IAAI,aAAa,KAAK,CAAC;AAAA,EACpC,CAAC;AACD,SAAO,MAAM,KAAK,UAAU,EAAE,OAAO,CAAC,UAAU,MAAM,SAAS,CAAC;AAClE;AAEA,SAAS,WACP,QACA,UACA,UACA,aACe;AACf,QAAM,aAAa,uBAAuB,UAAU,UAAU,WAAW;AACzE,aAAW,aAAa,YAAY;AAClC,UAAM,QAAQ,gBAAgB,QAAQ,SAAS;AAC/C,QAAI,MAAO,QAAO;AAAA,EACpB;AACA,QAAM,WAAW,CAAC,gBAAgB,QAAQ,YAAY,GAAG,gBAAgB,QAAQ,WAAW,CAAC,EAC1F,OAAO,CAAC,SAAyB,QAAQ,IAAI,CAAC,EAC9C,KAAK,GAAG,EACR,KAAK;AACR,MAAI,SAAS,OAAQ,QAAO;AAC5B,SAAO;AACT;AAEA,eAAsB,6BACpB,aACA,MACkC;AAClC,QAAM,MAA+B,oBAAI,IAAI;AAC7C,MAAI,CAAC,YAAY,UAAU,CAAC,KAAK,YAAa,QAAO;AACrD,QAAM,cAAc,MAAM,gBAAgB;AAC1C,QAAM,UAAU,oBAAI,IAAyB;AAC7C,aAAW,cAAc,aAAa;AACpC,QAAI,CAAC,cAAc,WAAW,SAAS,kBAAmB;AAC1D,UAAM,OAAO,WAAW,MAAM,KAAK;AACnC,UAAM,KAAK,WAAW,IAAI,KAAK;AAC/B,QAAI,CAAC,QAAQ,CAAC,GAAI;AAClB,QAAI,CAAC,QAAQ,IAAI,IAAI,EAAG,SAAQ,IAAI,MAAM,oBAAI,IAAI,CAAC;AACnD,YAAQ,IAAI,IAAI,EAAG,IAAI,EAAE;AAAA,EAC3B;AACA,MAAI,CAAC,QAAQ,KAAM,QAAO;AAE1B,QAAM,kBAAkB,mBAAmB;AAC3C,aAAW,CAAC,UAAU,MAAM,KAAK,QAAQ,QAAQ,GAAG;AAClD,UAAM,MAAM,mBAAmB,UAAU,MAAM,KAAK,OAAO,OAAO,CAAC,CAAC;AACpE,QAAI,CAAC,IAAI,OAAQ;AACjB,UAAM,WAAW,gBAAgB,QAAQ;AACzC,UAAM,SAAS,oBAAI,IAAY,CAAC,IAAI,CAAC;AACrC,UAAM,aAAa,uBAAuB,UAAU,UAAU,WAAW;AACzE,eAAW,QAAQ,CAAC,UAAU,OAAO,IAAI,KAAK,CAAC;AAC/C,eAAW,SAAS,UAAU,eAAe,CAAC,GAAG;AAC/C,aAAO,IAAI,KAAK;AAChB,aAAO,IAAI,aAAa,KAAK,CAAC;AAAA,IAChC;AACA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,YAAY,MAAM,UAAiB;AAAA,QAC3D,QAAQ,MAAM,KAAK,MAAM;AAAA,QACzB,SAAS,EAAE,IAAI,IAAI,WAAW,IAAI,EAAE,KAAK,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;AAAA,QACjE,UAAU,KAAK;AAAA,QACf,gBAAgB,KAAK;AAAA,QACrB,MAAM,EAAE,UAAU,KAAK,IAAI,IAAI,QAAQ,EAAE,EAAE;AAAA,MAC7C,CAAC;AACD,iBAAW,UAAU,OAAO,SAAS,CAAC,GAAG;AACvC,cAAM,WAAW,eAAgB,OAAmC,EAAE;AACtE,YAAI,CAAC,SAAU;AACf,cAAM,QAAQ,WAAW,QAAmC,UAAU,UAAU,WAAW;AAC3F,cAAM,OAAO,UAAU,YAAY,MAAiC,KAAK;AACzE,YAAI,SAAS,MAAM;AACjB,cAAI,IAAI,GAAG,QAAQ,IAAI,QAAQ,IAAI;AAAA,YACjC,OAAO,SAAS;AAAA,YAChB,MAAM,QAAQ;AAAA,UAChB,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,0DAA0D,UAAU,KAAK;AAAA,IACxF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,2BACd,aACA,aACwB;AACxB,MAAI,CAAC,YAAY,KAAM,QAAO;AAC9B,SAAO,YAAY,IAAI,CAAC,eAAe;AACrC,QAAI,CAAC,cAAc,CAAC,WAAW,QAAQ,CAAC,WAAW,GAAI,QAAO;AAC9D,UAAM,MAAM,GAAG,WAAW,IAAI,IAAI,WAAW,EAAE;AAC/C,UAAM,SAAS,YAAY,IAAI,GAAG;AAClC,QAAI,CAAC,OAAQ,QAAO;AACpB,UAAM,OAA6B,EAAE,GAAG,WAAW;AACnD,QAAI,CAAC,KAAK,SAAS,OAAO,MAAO,MAAK,QAAQ,OAAO;AACrD,QAAI,CAAC,KAAK,QAAQ,OAAO,KAAM,MAAK,OAAO,OAAO;AAClD,WAAO;AAAA,EACT,CAAC;AACH;",
   "names": []
 }

package/dist/modules/attachments/lib/partitions.js CHANGED Viewed

@@ -16,9 +16,9 @@ const DEFAULT_ATTACHMENT_PARTITIONS = [
     isPublic: false
   }
 ];
-const PRODUCT_MEDIA_ENTITY_IDS = /* @__PURE__ */ new Set([
-  E.catalog.catalog_product
-]);
+const PRODUCT_MEDIA_ENTITY_IDS = new Set(
+  [E.catalog?.catalog_product].filter(Boolean)
+);
 const FALLBACK_PARTITION = "privateAttachments";
 function resolveDefaultPartitionCode(entityId) {
   if (!entityId) return FALLBACK_PARTITION;

package/dist/modules/attachments/lib/partitions.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/attachments/lib/partitions.ts"],
-  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { AttachmentPartition } from '../data/entities'\nimport { resolveDefaultAttachmentOcrEnabled } from './ocrConfig'\nimport { parseBooleanToken } from '@open-mercato/shared/lib/boolean'\nimport { E } from '#generated/entities.ids.generated'\n\nexport type AttachmentPartitionSeed = {\n  code: string\n  title: string\n  description?: string | null\n  isPublic?: boolean\n}\n\nexport const DEFAULT_ATTACHMENT_PARTITIONS: AttachmentPartitionSeed[] = [\n  {\n    code: 'productsMedia',\n    title: 'Products media',\n    description: 'Public media uploaded for catalog products.',\n    isPublic: true,\n  },\n  {\n    code: 'privateAttachments',\n    title: 'Private attachments',\n    description: 'Internal attachments scoped to tenants and organizations.',\n    isPublic: false,\n  },\n]\n\nconst PRODUCT_MEDIA_ENTITY_IDS = new Set<string>([\n  E.catalog.catalog_product,\n])\n\nconst FALLBACK_PARTITION = 'privateAttachments'\n\nexport function resolveDefaultPartitionCode(entityId: string | null | undefined): string {\n  if (!entityId) return FALLBACK_PARTITION\n  if (PRODUCT_MEDIA_ENTITY_IDS.has(entityId)) return 'productsMedia'\n  return FALLBACK_PARTITION\n}\n\nexport async function ensureDefaultPartitions(em: EntityManager): Promise<void> {\n  const repo = em.getRepository(AttachmentPartition)\n  const existing = await repo.findAll({ fields: ['code'] })\n  const existingCodes = new Set(existing.map((entry) => entry.code))\n  const pending = DEFAULT_ATTACHMENT_PARTITIONS.filter((seed) => !existingCodes.has(seed.code))\n  if (!pending.length) return\n  for (const seed of pending) {\n    const record = repo.create({\n      code: seed.code,\n      title: seed.title,\n      description: seed.description ?? null,\n      storageDriver: 'local',\n      isPublic: seed.isPublic ?? false,\n      requiresOcr: resolveDefaultAttachmentOcrEnabled(),\n    })\n    em.persist(record)\n  }\n  await em.flush()\n}\n\nexport function sanitizePartitionCode(input: string): string {\n  const trimmed = input.trim()\n  const normalized = trimmed.replace(/[^a-zA-Z0-9_-]/g, '')\n  return normalized\n}\n\nexport function isPartitionSettingsLocked(): boolean {\n  const demoModeParsed = parseBooleanToken(process.env.DEMO_MODE ?? '')\n  const demoModeEnabled = demoModeParsed === false ? false : true\n  const onboardingEnabled = parseBooleanToken(process.env.SELF_SERVICE_ONBOARDING_ENABLED ?? '') === true\n  return demoModeEnabled || onboardingEnabled\n}\n"],
-  "mappings": "AACA,SAAS,2BAA2B;AACpC,SAAS,0CAA0C;AACnD,SAAS,yBAAyB;AAClC,SAAS,SAAS;AASX,MAAM,gCAA2D;AAAA,EACtE;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AACF;AAEA,MAAM,2BAA2B,oBAAI,IAAY;AAAA,EAC/C,EAAE,QAAQ;AACZ,CAAC;AAED,MAAM,qBAAqB;AAEpB,SAAS,4BAA4B,UAA6C;AACvF,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI,yBAAyB,IAAI,QAAQ,EAAG,QAAO;AACnD,SAAO;AACT;AAEA,eAAsB,wBAAwB,IAAkC;AAC9E,QAAM,OAAO,GAAG,cAAc,mBAAmB;AACjD,QAAM,WAAW,MAAM,KAAK,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AACxD,QAAM,gBAAgB,IAAI,IAAI,SAAS,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC;AACjE,QAAM,UAAU,8BAA8B,OAAO,CAAC,SAAS,CAAC,cAAc,IAAI,KAAK,IAAI,CAAC;AAC5F,MAAI,CAAC,QAAQ,OAAQ;AACrB,aAAW,QAAQ,SAAS;AAC1B,UAAM,SAAS,KAAK,OAAO;AAAA,MACzB,MAAM,KAAK;AAAA,MACX,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe;AAAA,MACf,UAAU,KAAK,YAAY;AAAA,MAC3B,aAAa,mCAAmC;AAAA,IAClD,CAAC;AACD,OAAG,QAAQ,MAAM;AAAA,EACnB;AACA,QAAM,GAAG,MAAM;AACjB;AAEO,SAAS,sBAAsB,OAAuB;AAC3D,QAAM,UAAU,MAAM,KAAK;AAC3B,QAAM,aAAa,QAAQ,QAAQ,mBAAmB,EAAE;AACxD,SAAO;AACT;AAEO,SAAS,4BAAqC;AACnD,QAAM,iBAAiB,kBAAkB,QAAQ,IAAI,aAAa,EAAE;AACpE,QAAM,kBAAkB,mBAAmB,QAAQ,QAAQ;AAC3D,QAAM,oBAAoB,kBAAkB,QAAQ,IAAI,mCAAmC,EAAE,MAAM;AACnG,SAAO,mBAAmB;AAC5B;",
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { AttachmentPartition } from '../data/entities'\nimport { resolveDefaultAttachmentOcrEnabled } from './ocrConfig'\nimport { parseBooleanToken } from '@open-mercato/shared/lib/boolean'\nimport { E } from '#generated/entities.ids.generated'\n\nexport type AttachmentPartitionSeed = {\n  code: string\n  title: string\n  description?: string | null\n  isPublic?: boolean\n}\n\nexport const DEFAULT_ATTACHMENT_PARTITIONS: AttachmentPartitionSeed[] = [\n  {\n    code: 'productsMedia',\n    title: 'Products media',\n    description: 'Public media uploaded for catalog products.',\n    isPublic: true,\n  },\n  {\n    code: 'privateAttachments',\n    title: 'Private attachments',\n    description: 'Internal attachments scoped to tenants and organizations.',\n    isPublic: false,\n  },\n]\n\nconst PRODUCT_MEDIA_ENTITY_IDS = new Set<string>(\n  [(E as any).catalog?.catalog_product].filter(Boolean) as string[]\n)\n\nconst FALLBACK_PARTITION = 'privateAttachments'\n\nexport function resolveDefaultPartitionCode(entityId: string | null | undefined): string {\n  if (!entityId) return FALLBACK_PARTITION\n  if (PRODUCT_MEDIA_ENTITY_IDS.has(entityId)) return 'productsMedia'\n  return FALLBACK_PARTITION\n}\n\nexport async function ensureDefaultPartitions(em: EntityManager): Promise<void> {\n  const repo = em.getRepository(AttachmentPartition)\n  const existing = await repo.findAll({ fields: ['code'] })\n  const existingCodes = new Set(existing.map((entry) => entry.code))\n  const pending = DEFAULT_ATTACHMENT_PARTITIONS.filter((seed) => !existingCodes.has(seed.code))\n  if (!pending.length) return\n  for (const seed of pending) {\n    const record = repo.create({\n      code: seed.code,\n      title: seed.title,\n      description: seed.description ?? null,\n      storageDriver: 'local',\n      isPublic: seed.isPublic ?? false,\n      requiresOcr: resolveDefaultAttachmentOcrEnabled(),\n    })\n    em.persist(record)\n  }\n  await em.flush()\n}\n\nexport function sanitizePartitionCode(input: string): string {\n  const trimmed = input.trim()\n  const normalized = trimmed.replace(/[^a-zA-Z0-9_-]/g, '')\n  return normalized\n}\n\nexport function isPartitionSettingsLocked(): boolean {\n  const demoModeParsed = parseBooleanToken(process.env.DEMO_MODE ?? '')\n  const demoModeEnabled = demoModeParsed === false ? false : true\n  const onboardingEnabled = parseBooleanToken(process.env.SELF_SERVICE_ONBOARDING_ENABLED ?? '') === true\n  return demoModeEnabled || onboardingEnabled\n}\n"],
+  "mappings": "AACA,SAAS,2BAA2B;AACpC,SAAS,0CAA0C;AACnD,SAAS,yBAAyB;AAClC,SAAS,SAAS;AASX,MAAM,gCAA2D;AAAA,EACtE;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AACF;AAEA,MAAM,2BAA2B,IAAI;AAAA,EACnC,CAAE,EAAU,SAAS,eAAe,EAAE,OAAO,OAAO;AACtD;AAEA,MAAM,qBAAqB;AAEpB,SAAS,4BAA4B,UAA6C;AACvF,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI,yBAAyB,IAAI,QAAQ,EAAG,QAAO;AACnD,SAAO;AACT;AAEA,eAAsB,wBAAwB,IAAkC;AAC9E,QAAM,OAAO,GAAG,cAAc,mBAAmB;AACjD,QAAM,WAAW,MAAM,KAAK,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AACxD,QAAM,gBAAgB,IAAI,IAAI,SAAS,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC;AACjE,QAAM,UAAU,8BAA8B,OAAO,CAAC,SAAS,CAAC,cAAc,IAAI,KAAK,IAAI,CAAC;AAC5F,MAAI,CAAC,QAAQ,OAAQ;AACrB,aAAW,QAAQ,SAAS;AAC1B,UAAM,SAAS,KAAK,OAAO;AAAA,MACzB,MAAM,KAAK;AAAA,MACX,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe;AAAA,MACf,UAAU,KAAK,YAAY;AAAA,MAC3B,aAAa,mCAAmC;AAAA,IAClD,CAAC;AACD,OAAG,QAAQ,MAAM;AAAA,EACnB;AACA,QAAM,GAAG,MAAM;AACjB;AAEO,SAAS,sBAAsB,OAAuB;AAC3D,QAAM,UAAU,MAAM,KAAK;AAC3B,QAAM,aAAa,QAAQ,QAAQ,mBAAmB,EAAE;AACxD,SAAO;AACT;AAEO,SAAS,4BAAqC;AACnD,QAAM,iBAAiB,kBAAkB,QAAQ,IAAI,aAAa,EAAE;AACpE,QAAM,kBAAkB,mBAAmB,QAAQ,QAAQ;AAC3D,QAAM,oBAAoB,kBAAkB,QAAQ,IAAI,mCAAmC,EAAE,MAAM;AACnG,SAAO,mBAAmB;AAC5B;",
   "names": []
 }

package/dist/modules/attachments/setup.js ADDED Viewed

@@ -0,0 +1,11 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["attachments.*", "attachments.view", "attachments.manage"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/attachments/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/attachments/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['attachments.*', 'attachments.view', 'attachments.manage'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,iBAAiB,oBAAoB,oBAAoB;AAAA,EACnE;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/audit_logs/setup.js ADDED Viewed

@@ -0,0 +1,12 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["audit_logs.*"],
+    employee: ["audit_logs.undo_self"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/audit_logs/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/audit_logs/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['audit_logs.*'],\n    employee: ['audit_logs.undo_self'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,cAAc;AAAA,IACtB,UAAU,CAAC,sBAAsB;AAAA,EACnC;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/auth/api/admin/nav.js CHANGED Viewed

@@ -232,12 +232,13 @@ async function GET(req) {
   }
   const groupsWithRole = rolePreference ? applySidebarPreference(groups, rolePreference) : groups;
   const baseForUser = adoptSidebarDefaults(groupsWithRole);
-  const preference = await loadSidebarPreference(em, {
-    userId: auth.sub,
+  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub;
+  const preference = effectiveUserId ? await loadSidebarPreference(em, {
+    userId: effectiveUserId,
     tenantId: auth.tenantId ?? null,
     organizationId: auth.orgId ?? null,
     locale
-  });
+  }) : null;
   const withPreference = applySidebarPreference(baseForUser, preference);
   const payload = {
     groups: withPreference.map((group) => ({

package/dist/modules/auth/api/admin/nav.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/auth/api/admin/nav.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\nimport { getModules } from '@open-mercato/shared/lib/i18n/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { hasAllFeatures } from '@open-mercato/shared/security/features'\nimport { CustomEntity } from '@open-mercato/core/modules/entities/data/entities'\nimport { slugifySidebarId } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { applySidebarPreference, loadFirstRoleSidebarPreference, loadSidebarPreference } from '../../services/sidebarPreferencesService'\nimport { Role } from '../../data/entities'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n}\n\nconst sidebarNavItemSchema: z.ZodType<{ href: string; title: string; defaultTitle: string; enabled: boolean; hidden?: boolean; children?: any[] }> = z.lazy(() =>\n  z.object({\n    href: z.string(),\n    title: z.string(),\n    defaultTitle: z.string(),\n    enabled: z.boolean(),\n    hidden: z.boolean().optional(),\n    children: z.array(sidebarNavItemSchema).optional(),\n  })\n)\n\nconst adminNavResponseSchema = z.object({\n  groups: z.array(\n    z.object({\n      id: z.string(),\n      name: z.string(),\n      defaultName: z.string(),\n      items: z.array(sidebarNavItemSchema),\n    })\n  ),\n})\n\nconst adminNavErrorSchema = z.object({\n  error: z.string(),\n})\n\ntype SidebarItemNode = {\n  href: string\n  title: string\n  defaultTitle: string\n  enabled: boolean\n  hidden?: boolean\n  children?: SidebarItemNode[]\n}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { translate, locale } = await resolveTranslations()\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n  const cache = resolve('cache') as any\n\n  // Cache key is user + tenant + organization scoped\n  const cacheKey = `nav:sidebar:${locale}:${auth.sub}:${auth.tenantId || 'null'}:${auth.orgId || 'null'}`\n  // try {\n  //   if (cache) {\n  //     const cached = await cache.get(cacheKey)\n  //     if (cached) return NextResponse.json(cached)\n  //   }\n  // } catch {}\n\n  // Load ACL once; we'll evaluate features locally without multiple calls\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n\n  // Build nav entries from discovered backend routes\n  type Entry = {\n    groupId: string\n    groupName: string\n    groupKey?: string\n    title: string\n    titleKey?: string\n    href: string\n    enabled: boolean\n    order?: number\n    priority?: number\n    children?: Entry[]\n  }\n  const entries: Entry[] = []\n\n  function capitalize(s: string) { return s.charAt(0).toUpperCase() + s.slice(1) }\n  function deriveTitleFromPath(p: string) {\n    const seg = p.split('/').filter(Boolean).pop() || ''\n    return seg ? seg.split('-').map(capitalize).join(' ') : 'Home'\n  }\n\n  const ctx = { auth: { roles: auth.roles || [], sub: auth.sub, tenantId: auth.tenantId, orgId: auth.orgId } }\n  const modules = getModules()\n  for (const m of (modules as any[])) {\n    const groupDefault = capitalize(m.id)\n    for (const r of (m.backendRoutes || [])) {\n      const href = (r.pattern ?? r.path ?? '') as string\n      if (!href || href.includes('[')) continue\n      if ((r as any).navHidden) continue\n      const title = (r.title as string) || deriveTitleFromPath(href)\n      const titleKey = (r as any).pageTitleKey ?? (r as any).titleKey\n      const groupName = (r.group as string) || groupDefault\n      const groupKey = (r as any).pageGroupKey ?? (r as any).groupKey\n      const groupId = typeof groupKey === 'string' && groupKey ? groupKey : slugifySidebarId(groupName)\n      const visible = r.visible ? await Promise.resolve(r.visible(ctx)) : true\n      if (!visible) continue\n      const enabled = r.enabled ? await Promise.resolve(r.enabled(ctx)) : true\n      const requiredRoles = (r.requireRoles as string[]) || []\n      if (requiredRoles.length) {\n        const roles = auth.roles || []\n        const ok = requiredRoles.some((role) => roles.includes(role))\n        if (!ok) continue\n      }\n      const features = (r as any).requireFeatures as string[] | undefined\n      if (!acl.isSuperAdmin && !hasAllFeatures(acl.features, features)) continue\n      const order = (r as any).order as number | undefined\n      const priority = ((r as any).priority as number | undefined) ?? order\n      entries.push({ groupId, groupName, groupKey, title, titleKey, href, enabled, order, priority })\n    }\n  }\n\n  // Parent-child relationships within the same group by href prefix\n  const roots: any[] = []\n  for (const e of entries) {\n    let parent: any | undefined\n    for (const p of entries) {\n      if (p === e) continue\n      if (p.groupId !== e.groupId) continue\n      if (!e.href.startsWith(p.href + '/')) continue\n      if (!parent || p.href.length > parent.href.length) parent = p\n    }\n    if (parent) {\n      ;(parent as any).children = (parent as any).children || []\n      ;(parent as any).children.push(e)\n    } else {\n      roots.push(e)\n    }\n  }\n\n  // Add dynamic user entities into Data designer > User Entities\n  const where: any = { isActive: true, showInSidebar: true }\n  where.$and = [\n    { $or: [ { organizationId: auth.orgId ?? undefined as any }, { organizationId: null } ] },\n    { $or: [ { tenantId: auth.tenantId ?? undefined as any }, { tenantId: null } ] },\n  ]\n  try {\n    const entities = await em.find(CustomEntity as any, where as any, { orderBy: { label: 'asc' } as any })\n    const items = (entities as any[]).map((e) => ({\n      entityId: e.entityId,\n      label: e.label,\n      href: `/backend/entities/user/${encodeURIComponent(e.entityId)}/records`\n    }))\n    if (items.length) {\n      const dd = roots.find((it: Entry) => it.groupKey === 'entities.nav.group' && it.titleKey === 'entities.nav.userEntities')\n      if (dd) {\n        const existing = dd.children || []\n        const dynamic = items.map((it) => ({\n          groupId: dd.groupId,\n          groupName: dd.groupName,\n          groupKey: dd.groupKey,\n          title: it.label,\n          href: it.href,\n          enabled: true,\n          order: 1000,\n          priority: 1000,\n        }))\n        const byHref = new Map<string, Entry>()\n        for (const c of existing) if (!byHref.has(c.href)) byHref.set(c.href, c)\n        for (const c of dynamic) if (!byHref.has(c.href)) byHref.set(c.href, c)\n        dd.children = Array.from(byHref.values())\n      }\n    }\n  } catch (e) {\n    console.error('Error loading user entities', e)\n  }\n\n  // Sort roots and children\n  const sortItems = (arr: any[]) => {\n    arr.sort((a, b) => {\n      if (a.group !== b.group) return a.group.localeCompare(b.group)\n      const ap = a.priority ?? a.order ?? 10000\n      const bp = b.priority ?? b.order ?? 10000\n      if (ap !== bp) return ap - bp\n      return String(a.title).localeCompare(String(b.title))\n    })\n    for (const it of arr) if (it.children?.length) sortItems(it.children)\n  }\n  sortItems(roots)\n\n  // Group into sidebar groups\n  type GroupBucket = {\n    id: string\n    rawName: string\n    key?: string\n    weight: number\n    entries: Entry[]\n  }\n\n  const groupBuckets = new Map<string, GroupBucket>()\n  for (const entry of roots) {\n    const weight = entry.priority ?? entry.order ?? 10_000\n    if (!groupBuckets.has(entry.groupId)) {\n      groupBuckets.set(entry.groupId, {\n        id: entry.groupId,\n        rawName: entry.groupName,\n        key: entry.groupKey as string | undefined,\n        weight,\n        entries: [entry],\n      })\n    } else {\n      const bucket = groupBuckets.get(entry.groupId)!\n      bucket.entries.push(entry)\n      if (weight < bucket.weight) bucket.weight = weight\n      if (!bucket.key && entry.groupKey) bucket.key = entry.groupKey as string\n      if (!bucket.rawName && entry.groupName) bucket.rawName = entry.groupName\n    }\n  }\n\n  const toItem = (entry: Entry): SidebarItemNode => {\n    const defaultTitle = entry.titleKey ? translate(entry.titleKey, entry.title) : entry.title\n    return {\n      href: entry.href,\n      title: defaultTitle,\n      defaultTitle,\n      enabled: entry.enabled,\n      children: entry.children?.map((child) => toItem(child)),\n    }\n  }\n\n  const groups = Array.from(groupBuckets.values()).map((bucket) => {\n    const defaultName = bucket.key ? translate(bucket.key, bucket.rawName) : bucket.rawName\n    return {\n      id: bucket.id,\n      key: bucket.key,\n      name: defaultName,\n      defaultName,\n      weight: bucket.weight,\n      items: bucket.entries.map((entry) => toItem(entry)),\n    }\n  })\n  const defaultGroupOrder = [\n    'customers.nav.group',\n    'catalog.nav.group',\n    'customers~sales.nav.group',\n    'resources.nav.group',\n    'staff.nav.group',\n    'entities.nav.group',\n    'directory.nav.group',\n    'customers.storage.nav.group',\n  ]\n  const groupOrderIndex = new Map(defaultGroupOrder.map((id, index) => [id, index]))\n  groups.sort((a, b) => {\n    const aIndex = groupOrderIndex.get(a.id)\n    const bIndex = groupOrderIndex.get(b.id)\n    if (aIndex !== undefined || bIndex !== undefined) {\n      if (aIndex === undefined) return 1\n      if (bIndex === undefined) return -1\n      if (aIndex !== bIndex) return aIndex - bIndex\n    }\n    if (a.weight !== b.weight) return a.weight - b.weight\n    return a.name.localeCompare(b.name)\n  })\n  const defaultGroupCount = defaultGroupOrder.length\n  groups.forEach((group, index) => {\n    const rank = groupOrderIndex.get(group.id)\n    const fallbackWeight = typeof group.weight === 'number' ? group.weight : 10_000\n    const normalized =\n      (rank !== undefined ? rank : defaultGroupCount + index) * 1_000_000 +\n      Math.min(Math.max(fallbackWeight, 0), 999_999)\n    group.weight = normalized\n  })\n\n  let rolePreference = null\n  if (Array.isArray(auth.roles) && auth.roles.length) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roleRecords = await em.find(Role, {\n      name: { $in: auth.roles },\n      ...roleScope,\n    } as any)\n    const roleIds = roleRecords.map((role: Role) => role.id)\n    if (roleIds.length) {\n      rolePreference = await loadFirstRoleSidebarPreference(em, {\n        roleIds,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      })\n    }\n  }\n\n  const groupsWithRole = rolePreference ? applySidebarPreference(groups, rolePreference) : groups\n  const baseForUser = adoptSidebarDefaults(groupsWithRole)\n\n  const preference = await loadSidebarPreference(em, {\n    userId: auth.sub,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  })\n\n  const withPreference = applySidebarPreference(baseForUser, preference)\n\n  const payload = {\n    groups: withPreference.map((group) => ({\n      id: group.id,\n      name: group.name,\n      defaultName: group.defaultName,\n      items: (group.items as SidebarItemNode[]).map((item) => ({\n        href: item.href,\n        title: item.title,\n        defaultTitle: item.defaultTitle,\n        enabled: item.enabled,\n        hidden: item.hidden,\n        children: item.children?.map((child) => ({\n          href: child.href,\n          title: child.title,\n          defaultTitle: child.defaultTitle,\n          enabled: child.enabled,\n          hidden: child.hidden,\n        })),\n      })),\n    })),\n  }\n\n  try {\n    if (cache) {\n      const tags = [\n        `rbac:user:${auth.sub}`,\n        auth.tenantId ? `rbac:tenant:${auth.tenantId}` : undefined,\n        `nav:entities:${auth.tenantId || 'null'}`,\n        `nav:locale:${locale}`,\n        `nav:sidebar:user:${auth.sub}`,\n        `nav:sidebar:scope:${auth.sub}:${auth.tenantId || 'null'}:${auth.orgId || 'null'}:${locale}`,\n        ...(Array.isArray(auth.roles) ? auth.roles.map((role: string) => `nav:sidebar:role:${role}`) : []),\n      ].filter(Boolean) as string[]\n      await cache.set(cacheKey, payload, { tags })\n    }\n  } catch {}\n\n  return NextResponse.json(payload)\n}\n\nfunction adoptSidebarDefaults(groups: ReturnType<typeof applySidebarPreference>) {\n  const adoptItems = <T extends { title: string; defaultTitle?: string; children?: T[] }>(items: T[]): T[] =>\n    items.map((item) => ({\n      ...item,\n      defaultTitle: item.title,\n      children: item.children ? adoptItems(item.children) : undefined,\n    }))\n\n  return groups.map((group) => ({\n    ...group,\n    defaultName: group.name,\n    items: adoptItems(group.items),\n  }))\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Admin sidebar navigation',\n  methods: {\n    GET: {\n      summary: 'Resolve sidebar entries',\n      description:\n        'Returns the backend navigation tree available to the authenticated administrator after applying role and personal sidebar preferences.',\n      responses: [\n        { status: 200, description: 'Sidebar navigation structure', schema: adminNavResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: adminNavErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAE7B,SAAS,SAAS;AAClB,SAAS,kBAAkB;AAC3B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,2BAA2B;AACpC,SAAS,sBAAsB;AAC/B,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB;AACjC,SAAS,wBAAwB,gCAAgC,6BAA6B;AAC9F,SAAS,YAAY;AAEd,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,uBAA+I,EAAE;AAAA,EAAK,MAC1J,EAAE,OAAO;AAAA,IACP,MAAM,EAAE,OAAO;AAAA,IACf,OAAO,EAAE,OAAO;AAAA,IAChB,cAAc,EAAE,OAAO;AAAA,IACvB,SAAS,EAAE,QAAQ;AAAA,IACnB,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,IAC7B,UAAU,EAAE,MAAM,oBAAoB,EAAE,SAAS;AAAA,EACnD,CAAC;AACH;AAEA,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,QAAQ,EAAE;AAAA,IACR,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO;AAAA,MACb,MAAM,EAAE,OAAO;AAAA,MACf,aAAa,EAAE,OAAO;AAAA,MACtB,OAAO,EAAE,MAAM,oBAAoB;AAAA,IACrC,CAAC;AAAA,EACH;AACF,CAAC;AAED,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,OAAO,EAAE,OAAO;AAClB,CAAC;AAWD,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,WAAW,OAAO,IAAI,MAAM,oBAAoB;AAExD,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAClC,QAAM,QAAQ,QAAQ,OAAO;AAG7B,QAAM,WAAW,eAAe,MAAM,IAAI,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM;AASrG,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAehH,QAAM,UAAmB,CAAC;AAE1B,WAAS,WAAW,GAAW;AAAE,WAAO,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC;AAAA,EAAE;AAC/E,WAAS,oBAAoB,GAAW;AACtC,UAAM,MAAM,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO,EAAE,IAAI,KAAK;AAClD,WAAO,MAAM,IAAI,MAAM,GAAG,EAAE,IAAI,UAAU,EAAE,KAAK,GAAG,IAAI;AAAA,EAC1D;AAEA,QAAM,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,SAAS,CAAC,GAAG,KAAK,KAAK,KAAK,UAAU,KAAK,UAAU,OAAO,KAAK,MAAM,EAAE;AAC3G,QAAM,UAAU,WAAW;AAC3B,aAAW,KAAM,SAAmB;AAClC,UAAM,eAAe,WAAW,EAAE,EAAE;AACpC,eAAW,KAAM,EAAE,iBAAiB,CAAC,GAAI;AACvC,YAAM,OAAQ,EAAE,WAAW,EAAE,QAAQ;AACrC,UAAI,CAAC,QAAQ,KAAK,SAAS,GAAG,EAAG;AACjC,UAAK,EAAU,UAAW;AAC1B,YAAM,QAAS,EAAE,SAAoB,oBAAoB,IAAI;AAC7D,YAAM,WAAY,EAAU,gBAAiB,EAAU;AACvD,YAAM,YAAa,EAAE,SAAoB;AACzC,YAAM,WAAY,EAAU,gBAAiB,EAAU;AACvD,YAAM,UAAU,OAAO,aAAa,YAAY,WAAW,WAAW,iBAAiB,SAAS;AAChG,YAAM,UAAU,EAAE,UAAU,MAAM,QAAQ,QAAQ,EAAE,QAAQ,GAAG,CAAC,IAAI;AACpE,UAAI,CAAC,QAAS;AACd,YAAM,UAAU,EAAE,UAAU,MAAM,QAAQ,QAAQ,EAAE,QAAQ,GAAG,CAAC,IAAI;AACpE,YAAM,gBAAiB,EAAE,gBAA6B,CAAC;AACvD,UAAI,cAAc,QAAQ;AACxB,cAAM,QAAQ,KAAK,SAAS,CAAC;AAC7B,cAAM,KAAK,cAAc,KAAK,CAAC,SAAS,MAAM,SAAS,IAAI,CAAC;AAC5D,YAAI,CAAC,GAAI;AAAA,MACX;AACA,YAAM,WAAY,EAAU;AAC5B,UAAI,CAAC,IAAI,gBAAgB,CAAC,eAAe,IAAI,UAAU,QAAQ,EAAG;AAClE,YAAM,QAAS,EAAU;AACzB,YAAM,WAAa,EAAU,YAAmC;AAChE,cAAQ,KAAK,EAAE,SAAS,WAAW,UAAU,OAAO,UAAU,MAAM,SAAS,OAAO,SAAS,CAAC;AAAA,IAChG;AAAA,EACF;AAGA,QAAM,QAAe,CAAC;AACtB,aAAW,KAAK,SAAS;AACvB,QAAI;AACJ,eAAW,KAAK,SAAS;AACvB,UAAI,MAAM,EAAG;AACb,UAAI,EAAE,YAAY,EAAE,QAAS;AAC7B,UAAI,CAAC,EAAE,KAAK,WAAW,EAAE,OAAO,GAAG,EAAG;AACtC,UAAI,CAAC,UAAU,EAAE,KAAK,SAAS,OAAO,KAAK,OAAQ,UAAS;AAAA,IAC9D;AACA,QAAI,QAAQ;AACV;AAAC,MAAC,OAAe,WAAY,OAAe,YAAY,CAAC;AACxD,MAAC,OAAe,SAAS,KAAK,CAAC;AAAA,IAClC,OAAO;AACL,YAAM,KAAK,CAAC;AAAA,IACd;AAAA,EACF;AAGA,QAAM,QAAa,EAAE,UAAU,MAAM,eAAe,KAAK;AACzD,QAAM,OAAO;AAAA,IACX,EAAE,KAAK,CAAE,EAAE,gBAAgB,KAAK,SAAS,OAAiB,GAAG,EAAE,gBAAgB,KAAK,CAAE,EAAE;AAAA,IACxF,EAAE,KAAK,CAAE,EAAE,UAAU,KAAK,YAAY,OAAiB,GAAG,EAAE,UAAU,KAAK,CAAE,EAAE;AAAA,EACjF;AACA,MAAI;AACF,UAAM,WAAW,MAAM,GAAG,KAAK,cAAqB,OAAc,EAAE,SAAS,EAAE,OAAO,MAAM,EAAS,CAAC;AACtG,UAAM,QAAS,SAAmB,IAAI,CAAC,OAAO;AAAA,MAC5C,UAAU,EAAE;AAAA,MACZ,OAAO,EAAE;AAAA,MACT,MAAM,0BAA0B,mBAAmB,EAAE,QAAQ,CAAC;AAAA,IAChE,EAAE;AACF,QAAI,MAAM,QAAQ;AAChB,YAAM,KAAK,MAAM,KAAK,CAAC,OAAc,GAAG,aAAa,wBAAwB,GAAG,aAAa,2BAA2B;AACxH,UAAI,IAAI;AACN,cAAM,WAAW,GAAG,YAAY,CAAC;AACjC,cAAM,UAAU,MAAM,IAAI,CAAC,QAAQ;AAAA,UACjC,SAAS,GAAG;AAAA,UACZ,WAAW,GAAG;AAAA,UACd,UAAU,GAAG;AAAA,UACb,OAAO,GAAG;AAAA,UACV,MAAM,GAAG;AAAA,UACT,SAAS;AAAA,UACT,OAAO;AAAA,UACP,UAAU;AAAA,QACZ,EAAE;AACF,cAAM,SAAS,oBAAI,IAAmB;AACtC,mBAAW,KAAK,SAAU,KAAI,CAAC,OAAO,IAAI,EAAE,IAAI,EAAG,QAAO,IAAI,EAAE,MAAM,CAAC;AACvE,mBAAW,KAAK,QAAS,KAAI,CAAC,OAAO,IAAI,EAAE,IAAI,EAAG,QAAO,IAAI,EAAE,MAAM,CAAC;AACtE,WAAG,WAAW,MAAM,KAAK,OAAO,OAAO,CAAC;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,SAAS,GAAG;AACV,YAAQ,MAAM,+BAA+B,CAAC;AAAA,EAChD;AAGA,QAAM,YAAY,CAAC,QAAe;AAChC,QAAI,KAAK,CAAC,GAAG,MAAM;AACjB,UAAI,EAAE,UAAU,EAAE,MAAO,QAAO,EAAE,MAAM,cAAc,EAAE,KAAK;AAC7D,YAAM,KAAK,EAAE,YAAY,EAAE,SAAS;AACpC,YAAM,KAAK,EAAE,YAAY,EAAE,SAAS;AACpC,UAAI,OAAO,GAAI,QAAO,KAAK;AAC3B,aAAO,OAAO,EAAE,KAAK,EAAE,cAAc,OAAO,EAAE,KAAK,CAAC;AAAA,IACtD,CAAC;AACD,eAAW,MAAM,IAAK,KAAI,GAAG,UAAU,OAAQ,WAAU,GAAG,QAAQ;AAAA,EACtE;AACA,YAAU,KAAK;AAWf,QAAM,eAAe,oBAAI,IAAyB;AAClD,aAAW,SAAS,OAAO;AACzB,UAAM,SAAS,MAAM,YAAY,MAAM,SAAS;AAChD,QAAI,CAAC,aAAa,IAAI,MAAM,OAAO,GAAG;AACpC,mBAAa,IAAI,MAAM,SAAS;AAAA,QAC9B,IAAI,MAAM;AAAA,QACV,SAAS,MAAM;AAAA,QACf,KAAK,MAAM;AAAA,QACX;AAAA,QACA,SAAS,CAAC,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,OAAO;AACL,YAAM,SAAS,aAAa,IAAI,MAAM,OAAO;AAC7C,aAAO,QAAQ,KAAK,KAAK;AACzB,UAAI,SAAS,OAAO,OAAQ,QAAO,SAAS;AAC5C,UAAI,CAAC,OAAO,OAAO,MAAM,SAAU,QAAO,MAAM,MAAM;AACtD,UAAI,CAAC,OAAO,WAAW,MAAM,UAAW,QAAO,UAAU,MAAM;AAAA,IACjE;AAAA,EACF;AAEA,QAAM,SAAS,CAAC,UAAkC;AAChD,UAAM,eAAe,MAAM,WAAW,UAAU,MAAM,UAAU,MAAM,KAAK,IAAI,MAAM;AACrF,WAAO;AAAA,MACL,MAAM,MAAM;AAAA,MACZ,OAAO;AAAA,MACP;AAAA,MACA,SAAS,MAAM;AAAA,MACf,UAAU,MAAM,UAAU,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AAEA,QAAM,SAAS,MAAM,KAAK,aAAa,OAAO,CAAC,EAAE,IAAI,CAAC,WAAW;AAC/D,UAAM,cAAc,OAAO,MAAM,UAAU,OAAO,KAAK,OAAO,OAAO,IAAI,OAAO;AAChF,WAAO;AAAA,MACL,IAAI,OAAO;AAAA,MACX,KAAK,OAAO;AAAA,MACZ,MAAM;AAAA,MACN;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO,QAAQ,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC;AAAA,IACpD;AAAA,EACF,CAAC;AACD,QAAM,oBAAoB;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,kBAAkB,IAAI,IAAI,kBAAkB,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,CAAC;AACjF,SAAO,KAAK,CAAC,GAAG,MAAM;AACpB,UAAM,SAAS,gBAAgB,IAAI,EAAE,EAAE;AACvC,UAAM,SAAS,gBAAgB,IAAI,EAAE,EAAE;AACvC,QAAI,WAAW,UAAa,WAAW,QAAW;AAChD,UAAI,WAAW,OAAW,QAAO;AACjC,UAAI,WAAW,OAAW,QAAO;AACjC,UAAI,WAAW,OAAQ,QAAO,SAAS;AAAA,IACzC;AACA,QAAI,EAAE,WAAW,EAAE,OAAQ,QAAO,EAAE,SAAS,EAAE;AAC/C,WAAO,EAAE,KAAK,cAAc,EAAE,IAAI;AAAA,EACpC,CAAC;AACD,QAAM,oBAAoB,kBAAkB;AAC5C,SAAO,QAAQ,CAAC,OAAO,UAAU;AAC/B,UAAM,OAAO,gBAAgB,IAAI,MAAM,EAAE;AACzC,UAAM,iBAAiB,OAAO,MAAM,WAAW,WAAW,MAAM,SAAS;AACzE,UAAM,cACH,SAAS,SAAY,OAAO,oBAAoB,SAAS,MAC1D,KAAK,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,MAAO;AAC/C,UAAM,SAAS;AAAA,EACjB,CAAC;AAED,MAAI,iBAAiB;AACrB,MAAI,MAAM,QAAQ,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AAClD,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,cAAc,MAAM,GAAG,KAAK,MAAM;AAAA,MACtC,MAAM,EAAE,KAAK,KAAK,MAAM;AAAA,MACxB,GAAG;AAAA,IACL,CAAQ;AACR,UAAM,UAAU,YAAY,IAAI,CAAC,SAAe,KAAK,EAAE;AACvD,QAAI,QAAQ,QAAQ;AAClB,uBAAiB,MAAM,+BAA+B,IAAI;AAAA,QACxD;AAAA,QACA,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,iBAAiB,iBAAiB,uBAAuB,QAAQ,cAAc,IAAI;AACzF,QAAM,cAAc,qBAAqB,cAAc;AAEvD,QAAM,aAAa,MAAM,sBAAsB,IAAI;AAAA,IACjD,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC;AAED,QAAM,iBAAiB,uBAAuB,aAAa,UAAU;AAErE,QAAM,UAAU;AAAA,IACd,QAAQ,eAAe,IAAI,CAAC,WAAW;AAAA,MACrC,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,OAAQ,MAAM,MAA4B,IAAI,CAAC,UAAU;AAAA,QACvD,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,cAAc,KAAK;AAAA,QACnB,SAAS,KAAK;AAAA,QACd,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,UAAU,IAAI,CAAC,WAAW;AAAA,UACvC,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,UACb,cAAc,MAAM;AAAA,UACpB,SAAS,MAAM;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB,EAAE;AAAA,MACJ,EAAE;AAAA,IACJ,EAAE;AAAA,EACJ;AAEA,MAAI;AACF,QAAI,OAAO;AACT,YAAM,OAAO;AAAA,QACX,aAAa,KAAK,GAAG;AAAA,QACrB,KAAK,WAAW,eAAe,KAAK,QAAQ,KAAK;AAAA,QACjD,gBAAgB,KAAK,YAAY,MAAM;AAAA,QACvC,cAAc,MAAM;AAAA,QACpB,oBAAoB,KAAK,GAAG;AAAA,QAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,QAC1F,GAAI,MAAM,QAAQ,KAAK,KAAK,IAAI,KAAK,MAAM,IAAI,CAAC,SAAiB,oBAAoB,IAAI,EAAE,IAAI,CAAC;AAAA,MAClG,EAAE,OAAO,OAAO;AAChB,YAAM,MAAM,IAAI,UAAU,SAAS,EAAE,KAAK,CAAC;AAAA,IAC7C;AAAA,EACF,QAAQ;AAAA,EAAC;AAET,SAAO,aAAa,KAAK,OAAO;AAClC;AAEA,SAAS,qBAAqB,QAAmD;AAC/E,QAAM,aAAa,CAAqE,UACtF,MAAM,IAAI,CAAC,UAAU;AAAA,IACnB,GAAG;AAAA,IACH,cAAc,KAAK;AAAA,IACnB,UAAU,KAAK,WAAW,WAAW,KAAK,QAAQ,IAAI;AAAA,EACxD,EAAE;AAEJ,SAAO,OAAO,IAAI,CAAC,WAAW;AAAA,IAC5B,GAAG;AAAA,IACH,aAAa,MAAM;AAAA,IACnB,OAAO,WAAW,MAAM,KAAK;AAAA,EAC/B,EAAE;AACJ;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gCAAgC,QAAQ,uBAAuB;AAAA,QAC3F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\nimport { getModules } from '@open-mercato/shared/lib/i18n/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { hasAllFeatures } from '@open-mercato/shared/security/features'\nimport { CustomEntity } from '@open-mercato/core/modules/entities/data/entities'\nimport { slugifySidebarId } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { applySidebarPreference, loadFirstRoleSidebarPreference, loadSidebarPreference } from '../../services/sidebarPreferencesService'\nimport { Role } from '../../data/entities'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n}\n\nconst sidebarNavItemSchema: z.ZodType<{ href: string; title: string; defaultTitle: string; enabled: boolean; hidden?: boolean; children?: any[] }> = z.lazy(() =>\n  z.object({\n    href: z.string(),\n    title: z.string(),\n    defaultTitle: z.string(),\n    enabled: z.boolean(),\n    hidden: z.boolean().optional(),\n    children: z.array(sidebarNavItemSchema).optional(),\n  })\n)\n\nconst adminNavResponseSchema = z.object({\n  groups: z.array(\n    z.object({\n      id: z.string(),\n      name: z.string(),\n      defaultName: z.string(),\n      items: z.array(sidebarNavItemSchema),\n    })\n  ),\n})\n\nconst adminNavErrorSchema = z.object({\n  error: z.string(),\n})\n\ntype SidebarItemNode = {\n  href: string\n  title: string\n  defaultTitle: string\n  enabled: boolean\n  hidden?: boolean\n  children?: SidebarItemNode[]\n}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { translate, locale } = await resolveTranslations()\n\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n  const cache = resolve('cache') as any\n\n  // Cache key is user + tenant + organization scoped\n  const cacheKey = `nav:sidebar:${locale}:${auth.sub}:${auth.tenantId || 'null'}:${auth.orgId || 'null'}`\n  // try {\n  //   if (cache) {\n  //     const cached = await cache.get(cacheKey)\n  //     if (cached) return NextResponse.json(cached)\n  //   }\n  // } catch {}\n\n  // Load ACL once; we'll evaluate features locally without multiple calls\n  const acl = await rbac.loadAcl(auth.sub, { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null })\n\n  // Build nav entries from discovered backend routes\n  type Entry = {\n    groupId: string\n    groupName: string\n    groupKey?: string\n    title: string\n    titleKey?: string\n    href: string\n    enabled: boolean\n    order?: number\n    priority?: number\n    children?: Entry[]\n  }\n  const entries: Entry[] = []\n\n  function capitalize(s: string) { return s.charAt(0).toUpperCase() + s.slice(1) }\n  function deriveTitleFromPath(p: string) {\n    const seg = p.split('/').filter(Boolean).pop() || ''\n    return seg ? seg.split('-').map(capitalize).join(' ') : 'Home'\n  }\n\n  const ctx = { auth: { roles: auth.roles || [], sub: auth.sub, tenantId: auth.tenantId, orgId: auth.orgId } }\n  const modules = getModules()\n  for (const m of (modules as any[])) {\n    const groupDefault = capitalize(m.id)\n    for (const r of (m.backendRoutes || [])) {\n      const href = (r.pattern ?? r.path ?? '') as string\n      if (!href || href.includes('[')) continue\n      if ((r as any).navHidden) continue\n      const title = (r.title as string) || deriveTitleFromPath(href)\n      const titleKey = (r as any).pageTitleKey ?? (r as any).titleKey\n      const groupName = (r.group as string) || groupDefault\n      const groupKey = (r as any).pageGroupKey ?? (r as any).groupKey\n      const groupId = typeof groupKey === 'string' && groupKey ? groupKey : slugifySidebarId(groupName)\n      const visible = r.visible ? await Promise.resolve(r.visible(ctx)) : true\n      if (!visible) continue\n      const enabled = r.enabled ? await Promise.resolve(r.enabled(ctx)) : true\n      const requiredRoles = (r.requireRoles as string[]) || []\n      if (requiredRoles.length) {\n        const roles = auth.roles || []\n        const ok = requiredRoles.some((role) => roles.includes(role))\n        if (!ok) continue\n      }\n      const features = (r as any).requireFeatures as string[] | undefined\n      if (!acl.isSuperAdmin && !hasAllFeatures(acl.features, features)) continue\n      const order = (r as any).order as number | undefined\n      const priority = ((r as any).priority as number | undefined) ?? order\n      entries.push({ groupId, groupName, groupKey, title, titleKey, href, enabled, order, priority })\n    }\n  }\n\n  // Parent-child relationships within the same group by href prefix\n  const roots: any[] = []\n  for (const e of entries) {\n    let parent: any | undefined\n    for (const p of entries) {\n      if (p === e) continue\n      if (p.groupId !== e.groupId) continue\n      if (!e.href.startsWith(p.href + '/')) continue\n      if (!parent || p.href.length > parent.href.length) parent = p\n    }\n    if (parent) {\n      ;(parent as any).children = (parent as any).children || []\n      ;(parent as any).children.push(e)\n    } else {\n      roots.push(e)\n    }\n  }\n\n  // Add dynamic user entities into Data designer > User Entities\n  const where: any = { isActive: true, showInSidebar: true }\n  where.$and = [\n    { $or: [ { organizationId: auth.orgId ?? undefined as any }, { organizationId: null } ] },\n    { $or: [ { tenantId: auth.tenantId ?? undefined as any }, { tenantId: null } ] },\n  ]\n  try {\n    const entities = await em.find(CustomEntity as any, where as any, { orderBy: { label: 'asc' } as any })\n    const items = (entities as any[]).map((e) => ({\n      entityId: e.entityId,\n      label: e.label,\n      href: `/backend/entities/user/${encodeURIComponent(e.entityId)}/records`\n    }))\n    if (items.length) {\n      const dd = roots.find((it: Entry) => it.groupKey === 'entities.nav.group' && it.titleKey === 'entities.nav.userEntities')\n      if (dd) {\n        const existing = dd.children || []\n        const dynamic = items.map((it) => ({\n          groupId: dd.groupId,\n          groupName: dd.groupName,\n          groupKey: dd.groupKey,\n          title: it.label,\n          href: it.href,\n          enabled: true,\n          order: 1000,\n          priority: 1000,\n        }))\n        const byHref = new Map<string, Entry>()\n        for (const c of existing) if (!byHref.has(c.href)) byHref.set(c.href, c)\n        for (const c of dynamic) if (!byHref.has(c.href)) byHref.set(c.href, c)\n        dd.children = Array.from(byHref.values())\n      }\n    }\n  } catch (e) {\n    console.error('Error loading user entities', e)\n  }\n\n  // Sort roots and children\n  const sortItems = (arr: any[]) => {\n    arr.sort((a, b) => {\n      if (a.group !== b.group) return a.group.localeCompare(b.group)\n      const ap = a.priority ?? a.order ?? 10000\n      const bp = b.priority ?? b.order ?? 10000\n      if (ap !== bp) return ap - bp\n      return String(a.title).localeCompare(String(b.title))\n    })\n    for (const it of arr) if (it.children?.length) sortItems(it.children)\n  }\n  sortItems(roots)\n\n  // Group into sidebar groups\n  type GroupBucket = {\n    id: string\n    rawName: string\n    key?: string\n    weight: number\n    entries: Entry[]\n  }\n\n  const groupBuckets = new Map<string, GroupBucket>()\n  for (const entry of roots) {\n    const weight = entry.priority ?? entry.order ?? 10_000\n    if (!groupBuckets.has(entry.groupId)) {\n      groupBuckets.set(entry.groupId, {\n        id: entry.groupId,\n        rawName: entry.groupName,\n        key: entry.groupKey as string | undefined,\n        weight,\n        entries: [entry],\n      })\n    } else {\n      const bucket = groupBuckets.get(entry.groupId)!\n      bucket.entries.push(entry)\n      if (weight < bucket.weight) bucket.weight = weight\n      if (!bucket.key && entry.groupKey) bucket.key = entry.groupKey as string\n      if (!bucket.rawName && entry.groupName) bucket.rawName = entry.groupName\n    }\n  }\n\n  const toItem = (entry: Entry): SidebarItemNode => {\n    const defaultTitle = entry.titleKey ? translate(entry.titleKey, entry.title) : entry.title\n    return {\n      href: entry.href,\n      title: defaultTitle,\n      defaultTitle,\n      enabled: entry.enabled,\n      children: entry.children?.map((child) => toItem(child)),\n    }\n  }\n\n  const groups = Array.from(groupBuckets.values()).map((bucket) => {\n    const defaultName = bucket.key ? translate(bucket.key, bucket.rawName) : bucket.rawName\n    return {\n      id: bucket.id,\n      key: bucket.key,\n      name: defaultName,\n      defaultName,\n      weight: bucket.weight,\n      items: bucket.entries.map((entry) => toItem(entry)),\n    }\n  })\n  const defaultGroupOrder = [\n    'customers.nav.group',\n    'catalog.nav.group',\n    'customers~sales.nav.group',\n    'resources.nav.group',\n    'staff.nav.group',\n    'entities.nav.group',\n    'directory.nav.group',\n    'customers.storage.nav.group',\n  ]\n  const groupOrderIndex = new Map(defaultGroupOrder.map((id, index) => [id, index]))\n  groups.sort((a, b) => {\n    const aIndex = groupOrderIndex.get(a.id)\n    const bIndex = groupOrderIndex.get(b.id)\n    if (aIndex !== undefined || bIndex !== undefined) {\n      if (aIndex === undefined) return 1\n      if (bIndex === undefined) return -1\n      if (aIndex !== bIndex) return aIndex - bIndex\n    }\n    if (a.weight !== b.weight) return a.weight - b.weight\n    return a.name.localeCompare(b.name)\n  })\n  const defaultGroupCount = defaultGroupOrder.length\n  groups.forEach((group, index) => {\n    const rank = groupOrderIndex.get(group.id)\n    const fallbackWeight = typeof group.weight === 'number' ? group.weight : 10_000\n    const normalized =\n      (rank !== undefined ? rank : defaultGroupCount + index) * 1_000_000 +\n      Math.min(Math.max(fallbackWeight, 0), 999_999)\n    group.weight = normalized\n  })\n\n  let rolePreference = null\n  if (Array.isArray(auth.roles) && auth.roles.length) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roleRecords = await em.find(Role, {\n      name: { $in: auth.roles },\n      ...roleScope,\n    } as any)\n    const roleIds = roleRecords.map((role: Role) => role.id)\n    if (roleIds.length) {\n      rolePreference = await loadFirstRoleSidebarPreference(em, {\n        roleIds,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      })\n    }\n  }\n\n  const groupsWithRole = rolePreference ? applySidebarPreference(groups, rolePreference) : groups\n  const baseForUser = adoptSidebarDefaults(groupsWithRole)\n\n  // For API key auth, use userId (the actual user) if available; otherwise skip user preferences\n  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub\n  const preference = effectiveUserId\n    ? await loadSidebarPreference(em, {\n        userId: effectiveUserId,\n        tenantId: auth.tenantId ?? null,\n        organizationId: auth.orgId ?? null,\n        locale,\n      })\n    : null\n\n  const withPreference = applySidebarPreference(baseForUser, preference)\n\n  const payload = {\n    groups: withPreference.map((group) => ({\n      id: group.id,\n      name: group.name,\n      defaultName: group.defaultName,\n      items: (group.items as SidebarItemNode[]).map((item) => ({\n        href: item.href,\n        title: item.title,\n        defaultTitle: item.defaultTitle,\n        enabled: item.enabled,\n        hidden: item.hidden,\n        children: item.children?.map((child) => ({\n          href: child.href,\n          title: child.title,\n          defaultTitle: child.defaultTitle,\n          enabled: child.enabled,\n          hidden: child.hidden,\n        })),\n      })),\n    })),\n  }\n\n  try {\n    if (cache) {\n      const tags = [\n        `rbac:user:${auth.sub}`,\n        auth.tenantId ? `rbac:tenant:${auth.tenantId}` : undefined,\n        `nav:entities:${auth.tenantId || 'null'}`,\n        `nav:locale:${locale}`,\n        `nav:sidebar:user:${auth.sub}`,\n        `nav:sidebar:scope:${auth.sub}:${auth.tenantId || 'null'}:${auth.orgId || 'null'}:${locale}`,\n        ...(Array.isArray(auth.roles) ? auth.roles.map((role: string) => `nav:sidebar:role:${role}`) : []),\n      ].filter(Boolean) as string[]\n      await cache.set(cacheKey, payload, { tags })\n    }\n  } catch {}\n\n  return NextResponse.json(payload)\n}\n\nfunction adoptSidebarDefaults(groups: ReturnType<typeof applySidebarPreference>) {\n  const adoptItems = <T extends { title: string; defaultTitle?: string; children?: T[] }>(items: T[]): T[] =>\n    items.map((item) => ({\n      ...item,\n      defaultTitle: item.title,\n      children: item.children ? adoptItems(item.children) : undefined,\n    }))\n\n  return groups.map((group) => ({\n    ...group,\n    defaultName: group.name,\n    items: adoptItems(group.items),\n  }))\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Admin sidebar navigation',\n  methods: {\n    GET: {\n      summary: 'Resolve sidebar entries',\n      description:\n        'Returns the backend navigation tree available to the authenticated administrator after applying role and personal sidebar preferences.',\n      responses: [\n        { status: 200, description: 'Sidebar navigation structure', schema: adminNavResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: adminNavErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAE7B,SAAS,SAAS;AAClB,SAAS,kBAAkB;AAC3B,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,2BAA2B;AACpC,SAAS,sBAAsB;AAC/B,SAAS,oBAAoB;AAC7B,SAAS,wBAAwB;AACjC,SAAS,wBAAwB,gCAAgC,6BAA6B;AAC9F,SAAS,YAAY;AAEd,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,uBAA+I,EAAE;AAAA,EAAK,MAC1J,EAAE,OAAO;AAAA,IACP,MAAM,EAAE,OAAO;AAAA,IACf,OAAO,EAAE,OAAO;AAAA,IAChB,cAAc,EAAE,OAAO;AAAA,IACvB,SAAS,EAAE,QAAQ;AAAA,IACnB,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,IAC7B,UAAU,EAAE,MAAM,oBAAoB,EAAE,SAAS;AAAA,EACnD,CAAC;AACH;AAEA,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,QAAQ,EAAE;AAAA,IACR,EAAE,OAAO;AAAA,MACP,IAAI,EAAE,OAAO;AAAA,MACb,MAAM,EAAE,OAAO;AAAA,MACf,aAAa,EAAE,OAAO;AAAA,MACtB,OAAO,EAAE,MAAM,oBAAoB;AAAA,IACrC,CAAC;AAAA,EACH;AACF,CAAC;AAED,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,OAAO,EAAE,OAAO;AAClB,CAAC;AAWD,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,WAAW,OAAO,IAAI,MAAM,oBAAoB;AAExD,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAClC,QAAM,QAAQ,QAAQ,OAAO;AAG7B,QAAM,WAAW,eAAe,MAAM,IAAI,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM;AASrG,QAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAK,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK,CAAC;AAehH,QAAM,UAAmB,CAAC;AAE1B,WAAS,WAAW,GAAW;AAAE,WAAO,EAAE,OAAO,CAAC,EAAE,YAAY,IAAI,EAAE,MAAM,CAAC;AAAA,EAAE;AAC/E,WAAS,oBAAoB,GAAW;AACtC,UAAM,MAAM,EAAE,MAAM,GAAG,EAAE,OAAO,OAAO,EAAE,IAAI,KAAK;AAClD,WAAO,MAAM,IAAI,MAAM,GAAG,EAAE,IAAI,UAAU,EAAE,KAAK,GAAG,IAAI;AAAA,EAC1D;AAEA,QAAM,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,SAAS,CAAC,GAAG,KAAK,KAAK,KAAK,UAAU,KAAK,UAAU,OAAO,KAAK,MAAM,EAAE;AAC3G,QAAM,UAAU,WAAW;AAC3B,aAAW,KAAM,SAAmB;AAClC,UAAM,eAAe,WAAW,EAAE,EAAE;AACpC,eAAW,KAAM,EAAE,iBAAiB,CAAC,GAAI;AACvC,YAAM,OAAQ,EAAE,WAAW,EAAE,QAAQ;AACrC,UAAI,CAAC,QAAQ,KAAK,SAAS,GAAG,EAAG;AACjC,UAAK,EAAU,UAAW;AAC1B,YAAM,QAAS,EAAE,SAAoB,oBAAoB,IAAI;AAC7D,YAAM,WAAY,EAAU,gBAAiB,EAAU;AACvD,YAAM,YAAa,EAAE,SAAoB;AACzC,YAAM,WAAY,EAAU,gBAAiB,EAAU;AACvD,YAAM,UAAU,OAAO,aAAa,YAAY,WAAW,WAAW,iBAAiB,SAAS;AAChG,YAAM,UAAU,EAAE,UAAU,MAAM,QAAQ,QAAQ,EAAE,QAAQ,GAAG,CAAC,IAAI;AACpE,UAAI,CAAC,QAAS;AACd,YAAM,UAAU,EAAE,UAAU,MAAM,QAAQ,QAAQ,EAAE,QAAQ,GAAG,CAAC,IAAI;AACpE,YAAM,gBAAiB,EAAE,gBAA6B,CAAC;AACvD,UAAI,cAAc,QAAQ;AACxB,cAAM,QAAQ,KAAK,SAAS,CAAC;AAC7B,cAAM,KAAK,cAAc,KAAK,CAAC,SAAS,MAAM,SAAS,IAAI,CAAC;AAC5D,YAAI,CAAC,GAAI;AAAA,MACX;AACA,YAAM,WAAY,EAAU;AAC5B,UAAI,CAAC,IAAI,gBAAgB,CAAC,eAAe,IAAI,UAAU,QAAQ,EAAG;AAClE,YAAM,QAAS,EAAU;AACzB,YAAM,WAAa,EAAU,YAAmC;AAChE,cAAQ,KAAK,EAAE,SAAS,WAAW,UAAU,OAAO,UAAU,MAAM,SAAS,OAAO,SAAS,CAAC;AAAA,IAChG;AAAA,EACF;AAGA,QAAM,QAAe,CAAC;AACtB,aAAW,KAAK,SAAS;AACvB,QAAI;AACJ,eAAW,KAAK,SAAS;AACvB,UAAI,MAAM,EAAG;AACb,UAAI,EAAE,YAAY,EAAE,QAAS;AAC7B,UAAI,CAAC,EAAE,KAAK,WAAW,EAAE,OAAO,GAAG,EAAG;AACtC,UAAI,CAAC,UAAU,EAAE,KAAK,SAAS,OAAO,KAAK,OAAQ,UAAS;AAAA,IAC9D;AACA,QAAI,QAAQ;AACV;AAAC,MAAC,OAAe,WAAY,OAAe,YAAY,CAAC;AACxD,MAAC,OAAe,SAAS,KAAK,CAAC;AAAA,IAClC,OAAO;AACL,YAAM,KAAK,CAAC;AAAA,IACd;AAAA,EACF;AAGA,QAAM,QAAa,EAAE,UAAU,MAAM,eAAe,KAAK;AACzD,QAAM,OAAO;AAAA,IACX,EAAE,KAAK,CAAE,EAAE,gBAAgB,KAAK,SAAS,OAAiB,GAAG,EAAE,gBAAgB,KAAK,CAAE,EAAE;AAAA,IACxF,EAAE,KAAK,CAAE,EAAE,UAAU,KAAK,YAAY,OAAiB,GAAG,EAAE,UAAU,KAAK,CAAE,EAAE;AAAA,EACjF;AACA,MAAI;AACF,UAAM,WAAW,MAAM,GAAG,KAAK,cAAqB,OAAc,EAAE,SAAS,EAAE,OAAO,MAAM,EAAS,CAAC;AACtG,UAAM,QAAS,SAAmB,IAAI,CAAC,OAAO;AAAA,MAC5C,UAAU,EAAE;AAAA,MACZ,OAAO,EAAE;AAAA,MACT,MAAM,0BAA0B,mBAAmB,EAAE,QAAQ,CAAC;AAAA,IAChE,EAAE;AACF,QAAI,MAAM,QAAQ;AAChB,YAAM,KAAK,MAAM,KAAK,CAAC,OAAc,GAAG,aAAa,wBAAwB,GAAG,aAAa,2BAA2B;AACxH,UAAI,IAAI;AACN,cAAM,WAAW,GAAG,YAAY,CAAC;AACjC,cAAM,UAAU,MAAM,IAAI,CAAC,QAAQ;AAAA,UACjC,SAAS,GAAG;AAAA,UACZ,WAAW,GAAG;AAAA,UACd,UAAU,GAAG;AAAA,UACb,OAAO,GAAG;AAAA,UACV,MAAM,GAAG;AAAA,UACT,SAAS;AAAA,UACT,OAAO;AAAA,UACP,UAAU;AAAA,QACZ,EAAE;AACF,cAAM,SAAS,oBAAI,IAAmB;AACtC,mBAAW,KAAK,SAAU,KAAI,CAAC,OAAO,IAAI,EAAE,IAAI,EAAG,QAAO,IAAI,EAAE,MAAM,CAAC;AACvE,mBAAW,KAAK,QAAS,KAAI,CAAC,OAAO,IAAI,EAAE,IAAI,EAAG,QAAO,IAAI,EAAE,MAAM,CAAC;AACtE,WAAG,WAAW,MAAM,KAAK,OAAO,OAAO,CAAC;AAAA,MAC1C;AAAA,IACF;AAAA,EACF,SAAS,GAAG;AACV,YAAQ,MAAM,+BAA+B,CAAC;AAAA,EAChD;AAGA,QAAM,YAAY,CAAC,QAAe;AAChC,QAAI,KAAK,CAAC,GAAG,MAAM;AACjB,UAAI,EAAE,UAAU,EAAE,MAAO,QAAO,EAAE,MAAM,cAAc,EAAE,KAAK;AAC7D,YAAM,KAAK,EAAE,YAAY,EAAE,SAAS;AACpC,YAAM,KAAK,EAAE,YAAY,EAAE,SAAS;AACpC,UAAI,OAAO,GAAI,QAAO,KAAK;AAC3B,aAAO,OAAO,EAAE,KAAK,EAAE,cAAc,OAAO,EAAE,KAAK,CAAC;AAAA,IACtD,CAAC;AACD,eAAW,MAAM,IAAK,KAAI,GAAG,UAAU,OAAQ,WAAU,GAAG,QAAQ;AAAA,EACtE;AACA,YAAU,KAAK;AAWf,QAAM,eAAe,oBAAI,IAAyB;AAClD,aAAW,SAAS,OAAO;AACzB,UAAM,SAAS,MAAM,YAAY,MAAM,SAAS;AAChD,QAAI,CAAC,aAAa,IAAI,MAAM,OAAO,GAAG;AACpC,mBAAa,IAAI,MAAM,SAAS;AAAA,QAC9B,IAAI,MAAM;AAAA,QACV,SAAS,MAAM;AAAA,QACf,KAAK,MAAM;AAAA,QACX;AAAA,QACA,SAAS,CAAC,KAAK;AAAA,MACjB,CAAC;AAAA,IACH,OAAO;AACL,YAAM,SAAS,aAAa,IAAI,MAAM,OAAO;AAC7C,aAAO,QAAQ,KAAK,KAAK;AACzB,UAAI,SAAS,OAAO,OAAQ,QAAO,SAAS;AAC5C,UAAI,CAAC,OAAO,OAAO,MAAM,SAAU,QAAO,MAAM,MAAM;AACtD,UAAI,CAAC,OAAO,WAAW,MAAM,UAAW,QAAO,UAAU,MAAM;AAAA,IACjE;AAAA,EACF;AAEA,QAAM,SAAS,CAAC,UAAkC;AAChD,UAAM,eAAe,MAAM,WAAW,UAAU,MAAM,UAAU,MAAM,KAAK,IAAI,MAAM;AACrF,WAAO;AAAA,MACL,MAAM,MAAM;AAAA,MACZ,OAAO;AAAA,MACP;AAAA,MACA,SAAS,MAAM;AAAA,MACf,UAAU,MAAM,UAAU,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AAEA,QAAM,SAAS,MAAM,KAAK,aAAa,OAAO,CAAC,EAAE,IAAI,CAAC,WAAW;AAC/D,UAAM,cAAc,OAAO,MAAM,UAAU,OAAO,KAAK,OAAO,OAAO,IAAI,OAAO;AAChF,WAAO;AAAA,MACL,IAAI,OAAO;AAAA,MACX,KAAK,OAAO;AAAA,MACZ,MAAM;AAAA,MACN;AAAA,MACA,QAAQ,OAAO;AAAA,MACf,OAAO,OAAO,QAAQ,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC;AAAA,IACpD;AAAA,EACF,CAAC;AACD,QAAM,oBAAoB;AAAA,IACxB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,kBAAkB,IAAI,IAAI,kBAAkB,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,CAAC;AACjF,SAAO,KAAK,CAAC,GAAG,MAAM;AACpB,UAAM,SAAS,gBAAgB,IAAI,EAAE,EAAE;AACvC,UAAM,SAAS,gBAAgB,IAAI,EAAE,EAAE;AACvC,QAAI,WAAW,UAAa,WAAW,QAAW;AAChD,UAAI,WAAW,OAAW,QAAO;AACjC,UAAI,WAAW,OAAW,QAAO;AACjC,UAAI,WAAW,OAAQ,QAAO,SAAS;AAAA,IACzC;AACA,QAAI,EAAE,WAAW,EAAE,OAAQ,QAAO,EAAE,SAAS,EAAE;AAC/C,WAAO,EAAE,KAAK,cAAc,EAAE,IAAI;AAAA,EACpC,CAAC;AACD,QAAM,oBAAoB,kBAAkB;AAC5C,SAAO,QAAQ,CAAC,OAAO,UAAU;AAC/B,UAAM,OAAO,gBAAgB,IAAI,MAAM,EAAE;AACzC,UAAM,iBAAiB,OAAO,MAAM,WAAW,WAAW,MAAM,SAAS;AACzE,UAAM,cACH,SAAS,SAAY,OAAO,oBAAoB,SAAS,MAC1D,KAAK,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,MAAO;AAC/C,UAAM,SAAS;AAAA,EACjB,CAAC;AAED,MAAI,iBAAiB;AACrB,MAAI,MAAM,QAAQ,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AAClD,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,cAAc,MAAM,GAAG,KAAK,MAAM;AAAA,MACtC,MAAM,EAAE,KAAK,KAAK,MAAM;AAAA,MACxB,GAAG;AAAA,IACL,CAAQ;AACR,UAAM,UAAU,YAAY,IAAI,CAAC,SAAe,KAAK,EAAE;AACvD,QAAI,QAAQ,QAAQ;AAClB,uBAAiB,MAAM,+BAA+B,IAAI;AAAA,QACxD;AAAA,QACA,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,iBAAiB,iBAAiB,uBAAuB,QAAQ,cAAc,IAAI;AACzF,QAAM,cAAc,qBAAqB,cAAc;AAGvD,QAAM,kBAAkB,KAAK,WAAW,KAAK,SAAS,KAAK;AAC3D,QAAM,aAAa,kBACf,MAAM,sBAAsB,IAAI;AAAA,IAC9B,QAAQ;AAAA,IACR,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC,IACD;AAEJ,QAAM,iBAAiB,uBAAuB,aAAa,UAAU;AAErE,QAAM,UAAU;AAAA,IACd,QAAQ,eAAe,IAAI,CAAC,WAAW;AAAA,MACrC,IAAI,MAAM;AAAA,MACV,MAAM,MAAM;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,OAAQ,MAAM,MAA4B,IAAI,CAAC,UAAU;AAAA,QACvD,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,cAAc,KAAK;AAAA,QACnB,SAAS,KAAK;AAAA,QACd,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,UAAU,IAAI,CAAC,WAAW;AAAA,UACvC,MAAM,MAAM;AAAA,UACZ,OAAO,MAAM;AAAA,UACb,cAAc,MAAM;AAAA,UACpB,SAAS,MAAM;AAAA,UACf,QAAQ,MAAM;AAAA,QAChB,EAAE;AAAA,MACJ,EAAE;AAAA,IACJ,EAAE;AAAA,EACJ;AAEA,MAAI;AACF,QAAI,OAAO;AACT,YAAM,OAAO;AAAA,QACX,aAAa,KAAK,GAAG;AAAA,QACrB,KAAK,WAAW,eAAe,KAAK,QAAQ,KAAK;AAAA,QACjD,gBAAgB,KAAK,YAAY,MAAM;AAAA,QACvC,cAAc,MAAM;AAAA,QACpB,oBAAoB,KAAK,GAAG;AAAA,QAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,QAC1F,GAAI,MAAM,QAAQ,KAAK,KAAK,IAAI,KAAK,MAAM,IAAI,CAAC,SAAiB,oBAAoB,IAAI,EAAE,IAAI,CAAC;AAAA,MAClG,EAAE,OAAO,OAAO;AAChB,YAAM,MAAM,IAAI,UAAU,SAAS,EAAE,KAAK,CAAC;AAAA,IAC7C;AAAA,EACF,QAAQ;AAAA,EAAC;AAET,SAAO,aAAa,KAAK,OAAO;AAClC;AAEA,SAAS,qBAAqB,QAAmD;AAC/E,QAAM,aAAa,CAAqE,UACtF,MAAM,IAAI,CAAC,UAAU;AAAA,IACnB,GAAG;AAAA,IACH,cAAc,KAAK;AAAA,IACnB,UAAU,KAAK,WAAW,WAAW,KAAK,QAAQ,IAAI;AAAA,EACxD,EAAE;AAEJ,SAAO,OAAO,IAAI,CAAC,WAAW;AAAA,IAC5B,GAAG;AAAA,IACH,aAAa,MAAM;AAAA,IACnB,OAAO,WAAW,MAAM,KAAK;AAAA,EAC/B,EAAE;AACJ;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gCAAgC,QAAQ,uBAAuB;AAAA,QAC3F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/auth/api/login.js CHANGED Viewed

@@ -11,15 +11,33 @@ async function POST(req) {
   const email = String(form.get("email") ?? "");
   const password = String(form.get("password") ?? "");
   const remember = parseBooleanToken(form.get("remember")?.toString()) === true;
+  const tenantIdRaw = String(form.get("tenantId") ?? form.get("tenant") ?? "").trim();
   const requireRoleRaw = String(form.get("requireRole") ?? form.get("role") ?? "").trim();
   const requiredRoles = requireRoleRaw ? requireRoleRaw.split(",").map((s) => s.trim()).filter(Boolean) : [];
-  const parsed = userLoginSchema.pick({ email: true, password: true }).safeParse({ email, password });
+  const parsed = userLoginSchema.pick({ email: true, password: true, tenantId: true }).safeParse({
+    email,
+    password,
+    tenantId: tenantIdRaw || void 0
+  });
   if (!parsed.success) {
     return NextResponse.json({ ok: false, error: translate("auth.login.errors.invalidCredentials", "Invalid credentials") }, { status: 400 });
   }
   const container = await createRequestContainer();
   const auth = container.resolve("authService");
-  const user = await auth.findUserByEmail(parsed.data.email);
+  const tenantId = parsed.data.tenantId ?? null;
+  let user = null;
+  if (tenantId) {
+    user = await auth.findUserByEmailAndTenant(parsed.data.email, tenantId);
+  } else {
+    const users = await auth.findUsersByEmail(parsed.data.email);
+    if (users.length > 1) {
+      return NextResponse.json({
+        ok: false,
+        error: translate("auth.login.errors.tenantRequired", "Use the login link provided with your tenant activation to continue.")
+      }, { status: 400 });
+    }
+    user = users[0] ?? null;
+  }
   if (!user || !user.passwordHash) {
     return NextResponse.json({ ok: false, error: translate("auth.login.errors.invalidCredentials", "Invalid email or password") }, { status: 401 });
   }
@@ -28,24 +46,25 @@ async function POST(req) {
     return NextResponse.json({ ok: false, error: translate("auth.login.errors.invalidCredentials", "Invalid email or password") }, { status: 401 });
   }
   if (requiredRoles.length) {
-    const userRoleNames2 = await auth.getUserRoles(user, user.tenantId ? String(user.tenantId) : null);
+    const userRoleNames2 = await auth.getUserRoles(user, tenantId ?? (user.tenantId ? String(user.tenantId) : null));
     const authorized = requiredRoles.some((r) => userRoleNames2.includes(r));
     if (!authorized) {
       return NextResponse.json({ ok: false, error: translate("auth.login.errors.permissionDenied", "Not authorized for this area") }, { status: 403 });
     }
   }
   await auth.updateLastLoginAt(user);
-  const userRoleNames = await auth.getUserRoles(user, user.tenantId ? String(user.tenantId) : null);
+  const resolvedTenantId = tenantId ?? (user.tenantId ? String(user.tenantId) : null);
+  const userRoleNames = await auth.getUserRoles(user, resolvedTenantId);
   try {
     const eventBus = container.resolve("eventBus");
     void eventBus.emitEvent("query_index.coverage.warmup", {
-      tenantId: user.tenantId ? String(user.tenantId) : null
+      tenantId: resolvedTenantId
     }).catch(() => void 0);
   } catch {
   }
   const token = signJwt({
     sub: String(user.id),
-    tenantId: user.tenantId ? String(user.tenantId) : null,
+    tenantId: resolvedTenantId,
     orgId: user.organizationId ? String(user.organizationId) : null,
     email: user.email,
     roles: userRoleNames

package/dist/modules/auth/api/login.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/api/login.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiMethodDoc, OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { userLoginSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { signJwt } from '@open-mercato/shared/lib/auth/jwt'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport type { EventBus } from '@open-mercato/events/types'\nimport { parseBooleanToken } from '@open-mercato/shared/lib/boolean'\n\n// validation comes from userLoginSchema\n\nexport async function POST(req: Request) {\n  const { translate } = await resolveTranslations()\n  const form = await req.formData()\n  const email = String(form.get('email') ?? '')\n  const password = String(form.get('password') ?? '')\n  const remember = parseBooleanToken(form.get('remember')?.toString()) === true\n  const requireRoleRaw = (String(form.get('requireRole') ?? form.get('role') ?? '')).trim()\n  const requiredRoles = requireRoleRaw ? requireRoleRaw.split(',').map((s) => s.trim()).filter(Boolean) : []\n  const parsed = userLoginSchema.pick({ email: true, password: true }).safeParse({ email, password })\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid credentials') }, { status: 400 })\n  }\n  const container = await createRequestContainer()\n  const auth = (container.resolve('authService') as AuthService)\n  const user = await auth.findUserByEmail(parsed.data.email)\n  if (!user || !user.passwordHash) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid email or password') }, { status: 401 })\n  }\n  const ok = await auth.verifyPassword(user, parsed.data.password)\n  if (!ok) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid email or password') }, { status: 401 })\n  }\n  // Optional role requirement\n  if (requiredRoles.length) {\n    const userRoleNames = await auth.getUserRoles(user, user.tenantId ? String(user.tenantId) : null)\n    const authorized = requiredRoles.some(r => userRoleNames.includes(r))\n    if (!authorized) {\n      return NextResponse.json({ ok: false, error: translate('auth.login.errors.permissionDenied', 'Not authorized for this area') }, { status: 403 })\n    }\n  }\n  await auth.updateLastLoginAt(user)\n  const userRoleNames = await auth.getUserRoles(user, user.tenantId ? String(user.tenantId) : null)\n  try {\n    const eventBus = (container.resolve('eventBus') as EventBus)\n    void eventBus.emitEvent('query_index.coverage.warmup', {\n      tenantId: user.tenantId ? String(user.tenantId) : null,\n    }).catch(() => undefined)\n  } catch {\n    // optional warmup\n  }\n  const token = signJwt({ \n    sub: String(user.id), \n    tenantId: user.tenantId ? String(user.tenantId) : null, \n    orgId: user.organizationId ? String(user.organizationId) : null, \n    email: user.email, \n    roles: userRoleNames \n  })\n  const res = NextResponse.json({ ok: true, token, redirect: '/backend' })\n  res.cookies.set('auth_token', token, { httpOnly: true, path: '/', sameSite: 'lax', secure: process.env.NODE_ENV === 'production', maxAge: 60 * 60 * 8 })\n  if (remember) {\n    const days = Number(process.env.REMEMBER_ME_DAYS || '30')\n    const expiresAt = new Date(Date.now() + days * 24 * 60 * 60 * 1000)\n    const sess = await auth.createSession(user, expiresAt)\n    res.cookies.set('session_token', sess.token, { httpOnly: true, path: '/', sameSite: 'lax', secure: process.env.NODE_ENV === 'production', expires: expiresAt })\n  }\n  return res\n}\n\nconst loginRequestSchema = userLoginSchema.extend({\n  password: z.string().min(6).describe('User password'),\n  remember: z.enum(['on', '1', 'true']).optional().describe('Persist the session (submit `on`, `1`, or `true`).'),\n}).describe('Login form payload')\n\nconst loginSuccessSchema = z.object({\n  ok: z.literal(true),\n  token: z.string().describe('JWT token issued for subsequent API calls'),\n  redirect: z.string().nullable().describe('Next location the client should navigate to'),\n})\n\nconst loginErrorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nconst loginMethodDoc: OpenApiMethodDoc = {\n  summary: 'Authenticate user credentials',\n  description: 'Validates the submitted credentials and issues a bearer token cookie for subsequent API calls.',\n  tags: ['Authentication & Accounts'],\n  requestBody: {\n    contentType: 'application/x-www-form-urlencoded',\n    schema: loginRequestSchema,\n    description: 'Form-encoded payload captured from the login form.',\n  },\n  responses: [\n    {\n      status: 200,\n      description: 'Authentication succeeded',\n      schema: loginSuccessSchema,\n    },\n  ],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: loginErrorSchema },\n    { status: 401, description: 'Invalid credentials', schema: loginErrorSchema },\n    { status: 403, description: 'User lacks required role', schema: loginErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Authenticate user credentials',\n  description: 'Accepts login form submissions and manages cookie/session issuance.',\n  methods: {\n    POST: loginMethodDoc,\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,uBAAuB;AAChC,SAAS,8BAA8B;AAEvC,SAAS,eAAe;AACxB,SAAS,2BAA2B;AAEpC,SAAS,yBAAyB;AAIlC,eAAsB,KAAK,KAAc;AACvC,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,kBAAkB,KAAK,IAAI,UAAU,GAAG,SAAS,CAAC,MAAM;AACzE,QAAM,iBAAkB,OAAO,KAAK,IAAI,aAAa,KAAK,KAAK,IAAI,MAAM,KAAK,EAAE,EAAG,KAAK;AACxF,QAAM,gBAAgB,iBAAiB,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AACzG,QAAM,SAAS,gBAAgB,KAAK,EAAE,OAAO,MAAM,UAAU,KAAK,CAAC,EAAE,UAAU,EAAE,OAAO,SAAS,CAAC;AAClG,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1I;AACA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAQ,UAAU,QAAQ,aAAa;AAC7C,QAAM,OAAO,MAAM,KAAK,gBAAgB,OAAO,KAAK,KAAK;AACzD,MAAI,CAAC,QAAQ,CAAC,KAAK,cAAc;AAC/B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,2BAA2B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChJ;AACA,QAAM,KAAK,MAAM,KAAK,eAAe,MAAM,OAAO,KAAK,QAAQ;AAC/D,MAAI,CAAC,IAAI;AACP,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,2BAA2B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChJ;AAEA,MAAI,cAAc,QAAQ;AACxB,UAAMA,iBAAgB,MAAM,KAAK,aAAa,MAAM,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI,IAAI;AAChG,UAAM,aAAa,cAAc,KAAK,OAAKA,eAAc,SAAS,CAAC,CAAC;AACpE,QAAI,CAAC,YAAY;AACf,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,sCAAsC,8BAA8B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACjJ;AAAA,EACF;AACA,QAAM,KAAK,kBAAkB,IAAI;AACjC,QAAM,gBAAgB,MAAM,KAAK,aAAa,MAAM,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI,IAAI;AAChG,MAAI;AACF,UAAM,WAAY,UAAU,QAAQ,UAAU;AAC9C,SAAK,SAAS,UAAU,+BAA+B;AAAA,MACrD,UAAU,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AAAA,IACpD,CAAC,EAAE,MAAM,MAAM,MAAS;AAAA,EAC1B,QAAQ;AAAA,EAER;AACA,QAAM,QAAQ,QAAQ;AAAA,IACpB,KAAK,OAAO,KAAK,EAAE;AAAA,IACnB,UAAU,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AAAA,IAClD,OAAO,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,IAC3D,OAAO,KAAK;AAAA,IACZ,OAAO;AAAA,EACT,CAAC;AACD,QAAM,MAAM,aAAa,KAAK,EAAE,IAAI,MAAM,OAAO,UAAU,WAAW,CAAC;AACvE,MAAI,QAAQ,IAAI,cAAc,OAAO,EAAE,UAAU,MAAM,MAAM,KAAK,UAAU,OAAO,QAAQ,QAAQ,IAAI,aAAa,cAAc,QAAQ,KAAK,KAAK,EAAE,CAAC;AACvJ,MAAI,UAAU;AACZ,UAAM,OAAO,OAAO,QAAQ,IAAI,oBAAoB,IAAI;AACxD,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,KAAK,GAAI;AAClE,UAAM,OAAO,MAAM,KAAK,cAAc,MAAM,SAAS;AACrD,QAAI,QAAQ,IAAI,iBAAiB,KAAK,OAAO,EAAE,UAAU,MAAM,MAAM,KAAK,UAAU,OAAO,QAAQ,QAAQ,IAAI,aAAa,cAAc,SAAS,UAAU,CAAC;AAAA,EAChK;AACA,SAAO;AACT;AAEA,MAAM,qBAAqB,gBAAgB,OAAO;AAAA,EAChD,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,eAAe;AAAA,EACpD,UAAU,EAAE,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,oDAAoD;AAChH,CAAC,EAAE,SAAS,oBAAoB;AAEhC,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,OAAO,EAAE,OAAO,EAAE,SAAS,2CAA2C;AAAA,EACtE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,6CAA6C;AACxF,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,iBAAmC;AAAA,EACvC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,2BAA2B;AAAA,EAClC,aAAa;AAAA,IACX,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT;AAAA,MACE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,QAAQ;AAAA,IACV;AAAA,EACF;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,iBAAiB;AAAA,IAC1E,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,iBAAiB;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,iBAAiB;AAAA,EACnF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS;AAAA,IACP,MAAM;AAAA,EACR;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiMethodDoc, OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { userLoginSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { signJwt } from '@open-mercato/shared/lib/auth/jwt'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport type { EventBus } from '@open-mercato/events/types'\nimport { parseBooleanToken } from '@open-mercato/shared/lib/boolean'\n\n// validation comes from userLoginSchema\n\nexport async function POST(req: Request) {\n  const { translate } = await resolveTranslations()\n  const form = await req.formData()\n  const email = String(form.get('email') ?? '')\n  const password = String(form.get('password') ?? '')\n  const remember = parseBooleanToken(form.get('remember')?.toString()) === true\n  const tenantIdRaw = String(form.get('tenantId') ?? form.get('tenant') ?? '').trim()\n  const requireRoleRaw = (String(form.get('requireRole') ?? form.get('role') ?? '')).trim()\n  const requiredRoles = requireRoleRaw ? requireRoleRaw.split(',').map((s) => s.trim()).filter(Boolean) : []\n  const parsed = userLoginSchema.pick({ email: true, password: true, tenantId: true }).safeParse({\n    email,\n    password,\n    tenantId: tenantIdRaw || undefined,\n  })\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid credentials') }, { status: 400 })\n  }\n  const container = await createRequestContainer()\n  const auth = (container.resolve('authService') as AuthService)\n  const tenantId = parsed.data.tenantId ?? null\n  let user = null\n  if (tenantId) {\n    user = await auth.findUserByEmailAndTenant(parsed.data.email, tenantId)\n  } else {\n    const users = await auth.findUsersByEmail(parsed.data.email)\n    if (users.length > 1) {\n      return NextResponse.json({\n        ok: false,\n        error: translate('auth.login.errors.tenantRequired', 'Use the login link provided with your tenant activation to continue.'),\n      }, { status: 400 })\n    }\n    user = users[0] ?? null\n  }\n  if (!user || !user.passwordHash) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid email or password') }, { status: 401 })\n  }\n  const ok = await auth.verifyPassword(user, parsed.data.password)\n  if (!ok) {\n    return NextResponse.json({ ok: false, error: translate('auth.login.errors.invalidCredentials', 'Invalid email or password') }, { status: 401 })\n  }\n  // Optional role requirement\n  if (requiredRoles.length) {\n    const userRoleNames = await auth.getUserRoles(user, tenantId ?? (user.tenantId ? String(user.tenantId) : null))\n    const authorized = requiredRoles.some(r => userRoleNames.includes(r))\n    if (!authorized) {\n      return NextResponse.json({ ok: false, error: translate('auth.login.errors.permissionDenied', 'Not authorized for this area') }, { status: 403 })\n    }\n  }\n  await auth.updateLastLoginAt(user)\n  const resolvedTenantId = tenantId ?? (user.tenantId ? String(user.tenantId) : null)\n  const userRoleNames = await auth.getUserRoles(user, resolvedTenantId)\n  try {\n    const eventBus = (container.resolve('eventBus') as EventBus)\n    void eventBus.emitEvent('query_index.coverage.warmup', {\n      tenantId: resolvedTenantId,\n    }).catch(() => undefined)\n  } catch {\n    // optional warmup\n  }\n  const token = signJwt({ \n    sub: String(user.id), \n    tenantId: resolvedTenantId, \n    orgId: user.organizationId ? String(user.organizationId) : null,\n    email: user.email, \n    roles: userRoleNames \n  })\n  const res = NextResponse.json({ ok: true, token, redirect: '/backend' })\n  res.cookies.set('auth_token', token, { httpOnly: true, path: '/', sameSite: 'lax', secure: process.env.NODE_ENV === 'production', maxAge: 60 * 60 * 8 })\n  if (remember) {\n    const days = Number(process.env.REMEMBER_ME_DAYS || '30')\n    const expiresAt = new Date(Date.now() + days * 24 * 60 * 60 * 1000)\n    const sess = await auth.createSession(user, expiresAt)\n    res.cookies.set('session_token', sess.token, { httpOnly: true, path: '/', sameSite: 'lax', secure: process.env.NODE_ENV === 'production', expires: expiresAt })\n  }\n  return res\n}\n\nconst loginRequestSchema = userLoginSchema.extend({\n  password: z.string().min(6).describe('User password'),\n  remember: z.enum(['on', '1', 'true']).optional().describe('Persist the session (submit `on`, `1`, or `true`).'),\n}).describe('Login form payload')\n\nconst loginSuccessSchema = z.object({\n  ok: z.literal(true),\n  token: z.string().describe('JWT token issued for subsequent API calls'),\n  redirect: z.string().nullable().describe('Next location the client should navigate to'),\n})\n\nconst loginErrorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nconst loginMethodDoc: OpenApiMethodDoc = {\n  summary: 'Authenticate user credentials',\n  description: 'Validates the submitted credentials and issues a bearer token cookie for subsequent API calls.',\n  tags: ['Authentication & Accounts'],\n  requestBody: {\n    contentType: 'application/x-www-form-urlencoded',\n    schema: loginRequestSchema,\n    description: 'Form-encoded payload captured from the login form.',\n  },\n  responses: [\n    {\n      status: 200,\n      description: 'Authentication succeeded',\n      schema: loginSuccessSchema,\n    },\n  ],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: loginErrorSchema },\n    { status: 401, description: 'Invalid credentials', schema: loginErrorSchema },\n    { status: 403, description: 'User lacks required role', schema: loginErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Authenticate user credentials',\n  description: 'Accepts login form submissions and manages cookie/session issuance.',\n  methods: {\n    POST: loginMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,uBAAuB;AAChC,SAAS,8BAA8B;AAEvC,SAAS,eAAe;AACxB,SAAS,2BAA2B;AAEpC,SAAS,yBAAyB;AAIlC,eAAsB,KAAK,KAAc;AACvC,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,WAAW,kBAAkB,KAAK,IAAI,UAAU,GAAG,SAAS,CAAC,MAAM;AACzE,QAAM,cAAc,OAAO,KAAK,IAAI,UAAU,KAAK,KAAK,IAAI,QAAQ,KAAK,EAAE,EAAE,KAAK;AAClF,QAAM,iBAAkB,OAAO,KAAK,IAAI,aAAa,KAAK,KAAK,IAAI,MAAM,KAAK,EAAE,EAAG,KAAK;AACxF,QAAM,gBAAgB,iBAAiB,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AACzG,QAAM,SAAS,gBAAgB,KAAK,EAAE,OAAO,MAAM,UAAU,MAAM,UAAU,KAAK,CAAC,EAAE,UAAU;AAAA,IAC7F;AAAA,IACA;AAAA,IACA,UAAU,eAAe;AAAA,EAC3B,CAAC;AACD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1I;AACA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,OAAQ,UAAU,QAAQ,aAAa;AAC7C,QAAM,WAAW,OAAO,KAAK,YAAY;AACzC,MAAI,OAAO;AACX,MAAI,UAAU;AACZ,WAAO,MAAM,KAAK,yBAAyB,OAAO,KAAK,OAAO,QAAQ;AAAA,EACxE,OAAO;AACL,UAAM,QAAQ,MAAM,KAAK,iBAAiB,OAAO,KAAK,KAAK;AAC3D,QAAI,MAAM,SAAS,GAAG;AACpB,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,UAAU,oCAAoC,sEAAsE;AAAA,MAC7H,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACpB;AACA,WAAO,MAAM,CAAC,KAAK;AAAA,EACrB;AACA,MAAI,CAAC,QAAQ,CAAC,KAAK,cAAc;AAC/B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,2BAA2B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChJ;AACA,QAAM,KAAK,MAAM,KAAK,eAAe,MAAM,OAAO,KAAK,QAAQ;AAC/D,MAAI,CAAC,IAAI;AACP,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,wCAAwC,2BAA2B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChJ;AAEA,MAAI,cAAc,QAAQ;AACxB,UAAMA,iBAAgB,MAAM,KAAK,aAAa,MAAM,aAAa,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI,KAAK;AAC9G,UAAM,aAAa,cAAc,KAAK,OAAKA,eAAc,SAAS,CAAC,CAAC;AACpE,QAAI,CAAC,YAAY;AACf,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,UAAU,sCAAsC,8BAA8B,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACjJ;AAAA,EACF;AACA,QAAM,KAAK,kBAAkB,IAAI;AACjC,QAAM,mBAAmB,aAAa,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AAC9E,QAAM,gBAAgB,MAAM,KAAK,aAAa,MAAM,gBAAgB;AACpE,MAAI;AACF,UAAM,WAAY,UAAU,QAAQ,UAAU;AAC9C,SAAK,SAAS,UAAU,+BAA+B;AAAA,MACrD,UAAU;AAAA,IACZ,CAAC,EAAE,MAAM,MAAM,MAAS;AAAA,EAC1B,QAAQ;AAAA,EAER;AACA,QAAM,QAAQ,QAAQ;AAAA,IACpB,KAAK,OAAO,KAAK,EAAE;AAAA,IACnB,UAAU;AAAA,IACV,OAAO,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,IAC3D,OAAO,KAAK;AAAA,IACZ,OAAO;AAAA,EACT,CAAC;AACD,QAAM,MAAM,aAAa,KAAK,EAAE,IAAI,MAAM,OAAO,UAAU,WAAW,CAAC;AACvE,MAAI,QAAQ,IAAI,cAAc,OAAO,EAAE,UAAU,MAAM,MAAM,KAAK,UAAU,OAAO,QAAQ,QAAQ,IAAI,aAAa,cAAc,QAAQ,KAAK,KAAK,EAAE,CAAC;AACvJ,MAAI,UAAU;AACZ,UAAM,OAAO,OAAO,QAAQ,IAAI,oBAAoB,IAAI;AACxD,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,KAAK,GAAI;AAClE,UAAM,OAAO,MAAM,KAAK,cAAc,MAAM,SAAS;AACrD,QAAI,QAAQ,IAAI,iBAAiB,KAAK,OAAO,EAAE,UAAU,MAAM,MAAM,KAAK,UAAU,OAAO,QAAQ,QAAQ,IAAI,aAAa,cAAc,SAAS,UAAU,CAAC;AAAA,EAChK;AACA,SAAO;AACT;AAEA,MAAM,qBAAqB,gBAAgB,OAAO;AAAA,EAChD,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,eAAe;AAAA,EACpD,UAAU,EAAE,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,oDAAoD;AAChH,CAAC,EAAE,SAAS,oBAAoB;AAEhC,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,OAAO,EAAE,OAAO,EAAE,SAAS,2CAA2C;AAAA,EACtE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,6CAA6C;AACxF,CAAC;AAED,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,iBAAmC;AAAA,EACvC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,2BAA2B;AAAA,EAClC,aAAa;AAAA,IACX,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT;AAAA,MACE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,QAAQ;AAAA,IACV;AAAA,EACF;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,iBAAiB;AAAA,IAC1E,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,iBAAiB;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,iBAAiB;AAAA,EACnF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS;AAAA,IACP,MAAM;AAAA,EACR;AACF;",
   "names": ["userRoleNames"]
 }

package/dist/modules/auth/api/profile/route.js ADDED Viewed

@@ -0,0 +1,157 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { signJwt } from "@open-mercato/shared/lib/auth/jwt";
+import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
+import { CrudHttpError } from "@open-mercato/shared/lib/crud/errors";
+import { User } from "@open-mercato/core/modules/auth/data/entities";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { buildPasswordSchema } from "@open-mercato/shared/lib/auth/passwordPolicy";
+const profileResponseSchema = z.object({
+  email: z.string().email()
+});
+const passwordSchema = buildPasswordSchema();
+const updateSchema = z.object({
+  email: z.string().email().optional(),
+  password: passwordSchema.optional()
+}).refine((data) => Boolean(data.email || data.password), {
+  message: "Provide an email or password.",
+  path: ["email"]
+});
+const profileUpdateResponseSchema = z.object({
+  ok: z.literal(true),
+  email: z.string().email()
+});
+const metadata = {
+  GET: { requireAuth: true },
+  PUT: { requireAuth: true }
+};
+function buildCommandContext(container, auth, req) {
+  return {
+    container,
+    auth,
+    organizationScope: null,
+    selectedOrganizationId: auth.orgId ?? null,
+    organizationIds: auth.orgId ? [auth.orgId] : null,
+    request: req
+  };
+}
+async function GET(req) {
+  const { translate } = await resolveTranslations();
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub) {
+    return NextResponse.json({ error: translate("api.errors.unauthorized", "Unauthorized") }, { status: 401 });
+  }
+  try {
+    const container = await createRequestContainer();
+    const em = container.resolve("em");
+    const user = await findOneWithDecryption(
+      em,
+      User,
+      { id: auth.sub, deletedAt: null },
+      void 0,
+      { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null }
+    );
+    if (!user) {
+      return NextResponse.json({ error: translate("auth.users.form.errors.notFound", "User not found") }, { status: 404 });
+    }
+    return NextResponse.json({ email: String(user.email) });
+  } catch (err) {
+    console.error("auth.profile.load failed", err);
+    return NextResponse.json({ error: translate("auth.profile.form.errors.load", "Failed to load profile.") }, { status: 400 });
+  }
+}
+async function PUT(req) {
+  const { translate } = await resolveTranslations();
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub) {
+    return NextResponse.json({ error: translate("api.errors.unauthorized", "Unauthorized") }, { status: 401 });
+  }
+  try {
+    const body = await req.json().catch(() => ({}));
+    const parsed = updateSchema.safeParse(body);
+    if (!parsed.success) {
+      return NextResponse.json(
+        {
+          error: translate("auth.profile.form.errors.invalid", "Invalid profile update."),
+          issues: parsed.error.issues
+        },
+        { status: 400 }
+      );
+    }
+    const container = await createRequestContainer();
+    const commandBus = container.resolve("commandBus");
+    const ctx = buildCommandContext(container, auth, req);
+    const { result } = await commandBus.execute(
+      "auth.users.update",
+      {
+        input: {
+          id: auth.sub,
+          email: parsed.data.email,
+          password: parsed.data.password
+        },
+        ctx
+      }
+    );
+    const authService = container.resolve("authService");
+    const roles = await authService.getUserRoles(result, result.tenantId ? String(result.tenantId) : null);
+    const jwt = signJwt({
+      sub: String(result.id),
+      tenantId: result.tenantId ? String(result.tenantId) : null,
+      orgId: result.organizationId ? String(result.organizationId) : null,
+      email: result.email,
+      roles
+    });
+    const res = NextResponse.json({ ok: true, email: String(result.email) });
+    res.cookies.set("auth_token", jwt, {
+      httpOnly: true,
+      path: "/",
+      sameSite: "lax",
+      secure: process.env.NODE_ENV === "production",
+      maxAge: 60 * 60 * 8
+    });
+    return res;
+  } catch (err) {
+    if (err instanceof CrudHttpError) {
+      return NextResponse.json(err.body, { status: err.status });
+    }
+    console.error("auth.profile.update failed", err);
+    return NextResponse.json({ error: translate("auth.profile.form.errors.save", "Failed to update profile.") }, { status: 400 });
+  }
+}
+const openApi = {
+  tag: "Authentication & Accounts",
+  summary: "Profile settings",
+  methods: {
+    GET: {
+      summary: "Get current profile",
+      description: "Returns the email address for the signed-in user.",
+      responses: [
+        { status: 200, description: "Profile payload", schema: profileResponseSchema },
+        { status: 401, description: "Unauthorized", schema: z.object({ error: z.string() }) },
+        { status: 404, description: "User not found", schema: z.object({ error: z.string() }) }
+      ]
+    },
+    PUT: {
+      summary: "Update current profile",
+      description: "Updates the email address or password for the signed-in user.",
+      requestBody: {
+        contentType: "application/json",
+        schema: updateSchema
+      },
+      responses: [
+        { status: 200, description: "Profile updated", schema: profileUpdateResponseSchema },
+        { status: 400, description: "Invalid payload", schema: z.object({ error: z.string() }) },
+        { status: 401, description: "Unauthorized", schema: z.object({ error: z.string() }) }
+      ]
+    }
+  }
+};
+export {
+  GET,
+  PUT,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map