npm - @open-mercato/core - Versions diffs - 0.4.2-canary-ed15f2e753 → 0.4.2-canary-e2aeb1a7bf - Mend

@open-mercato/core 0.4.2-canary-ed15f2e753 → 0.4.2-canary-e2aeb1a7bf

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (711) hide show

package/dist/modules/auth/lib/setup-app.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/lib/setup-app.ts"],
-  "sourcesContent": ["import { hash } from 'bcryptjs'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Role, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { Tenant, Organization } from '@open-mercato/core/modules/directory/data/entities'\nimport { rebuildHierarchyForTenant } from '@open-mercato/core/modules/directory/lib/hierarchy'\nimport { normalizeTenantId } from './tenantAccess'\nimport { SalesSettings, SalesDocumentSequence } from '@open-mercato/core/modules/sales/data/entities'\nimport {\n  DEFAULT_ORDER_NUMBER_FORMAT,\n  DEFAULT_QUOTE_NUMBER_FORMAT,\n} from '@open-mercato/core/modules/sales/lib/documentNumberTokens'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { isEncryptionDebugEnabled, isTenantDataEncryptionEnabled } from '@open-mercato/shared/lib/encryption/toggles'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport { createKmsService } from '@open-mercato/shared/lib/encryption/kms'\nimport { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nconst DEFAULT_ROLE_NAMES = ['employee', 'admin', 'superadmin'] as const\nconst DEMO_SUPERADMIN_EMAIL = 'superadmin@acme.com'\n\nexport type EnsureRolesOptions = {\n  roleNames?: string[]\n  tenantId?: string | null\n}\n\nasync function ensureRolesInContext(\n  em: EntityManager,\n  roleNames: string[],\n  tenantId: string | null,\n) {\n  for (const name of roleNames) {\n    const existing = await em.findOne(Role, { name, tenantId })\n    if (existing) continue\n    if (tenantId !== null) {\n      const globalRole = await em.findOne(Role, { name, tenantId: null })\n      if (globalRole) {\n        globalRole.tenantId = tenantId\n        em.persist(globalRole)\n        continue\n      }\n    }\n    em.persist(em.create(Role, { name, tenantId, createdAt: new Date() }))\n  }\n}\n\nexport async function ensureRoles(em: EntityManager, options: EnsureRolesOptions = {}) {\n  const roleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n  const tenantId = normalizeTenantId(options.tenantId ?? null) ?? null\n  await em.transactional(async (tem) => {\n    await ensureRolesInContext(tem, roleNames, tenantId)\n    await tem.flush()\n  })\n}\n\nasync function findRoleByName(\n  em: EntityManager,\n  name: string,\n  tenantId: string | null,\n): Promise<Role | null> {\n  const normalizedTenant = normalizeTenantId(tenantId ?? null) ?? null\n  let role = await em.findOne(Role, { name, tenantId: normalizedTenant })\n  if (!role && normalizedTenant !== null) {\n    role = await em.findOne(Role, { name, tenantId: null })\n  }\n  return role\n}\n\nasync function findRoleByNameOrFail(\n  em: EntityManager,\n  name: string,\n  tenantId: string | null,\n): Promise<Role> {\n  const role = await findRoleByName(em, name, tenantId)\n  if (!role) throw new Error(`ROLE_NOT_FOUND:${name}`)\n  return role\n}\n\ntype PrimaryUserInput = {\n  email: string\n  password?: string\n  hashedPassword?: string | null\n  firstName?: string | null\n  lastName?: string | null\n  displayName?: string | null\n  confirm?: boolean\n}\n\nexport type SetupInitialTenantOptions = {\n  orgName: string\n  primaryUser: PrimaryUserInput\n  roleNames?: string[]\n  includeDerivedUsers?: boolean\n  failIfUserExists?: boolean\n  primaryUserRoles?: string[]\n  includeSuperadminRole?: boolean\n}\n\nexport type SetupInitialTenantResult = {\n  tenantId: string\n  organizationId: string\n  users: Array<{ user: User; roles: string[]; created: boolean }>\n  reusedExistingUser: boolean\n}\n\nexport async function setupInitialTenant(\n  em: EntityManager,\n  options: SetupInitialTenantOptions,\n): Promise<SetupInitialTenantResult> {\n  const {\n    primaryUser,\n    includeDerivedUsers = true,\n    failIfUserExists = false,\n    primaryUserRoles,\n    includeSuperadminRole = true,\n  } = options\n  const primaryRolesInput = primaryUserRoles && primaryUserRoles.length ? primaryUserRoles : ['superadmin']\n  const primaryRoles = includeSuperadminRole\n    ? primaryRolesInput\n    : primaryRolesInput.filter((role) => role !== 'superadmin')\n  if (primaryRoles.length === 0) {\n    throw new Error('PRIMARY_ROLES_REQUIRED')\n  }\n  const defaultRoleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n  const resolvedRoleNames = includeSuperadminRole\n    ? defaultRoleNames\n    : defaultRoleNames.filter((role) => role !== 'superadmin')\n  const roleNames = Array.from(new Set([...resolvedRoleNames, ...primaryRoles]))\n\n  const mainEmail = primaryUser.email\n  const existingUser = await em.findOne(User, { email: mainEmail })\n  if (existingUser && failIfUserExists) {\n    throw new Error('USER_EXISTS')\n  }\n\n  let tenantId: string | undefined\n  let organizationId: string | undefined\n  let reusedExistingUser = false\n  const userSnapshots: Array<{ user: User; roles: string[]; created: boolean }> = []\n\n  await em.transactional(async (tem) => {\n    if (!existingUser) return\n    reusedExistingUser = true\n    tenantId = existingUser.tenantId ? String(existingUser.tenantId) : undefined\n    organizationId = existingUser.organizationId ? String(existingUser.organizationId) : undefined\n    const roleTenantId = normalizeTenantId(existingUser.tenantId ?? null) ?? null\n\n    await ensureRolesInContext(tem, roleNames, roleTenantId)\n    await tem.flush()\n\n    const requiredRoleSet = new Set([...roleNames, ...primaryRoles])\n    const links = await findWithDecryption(\n      tem,\n      UserRole,\n      { user: existingUser },\n      { populate: ['role'] },\n      { tenantId: roleTenantId, organizationId: null },\n    )\n    const currentRoles = new Set(links.map((link) => link.role.name))\n    for (const roleName of requiredRoleSet) {\n      if (!currentRoles.has(roleName)) {\n        const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n        tem.persist(tem.create(UserRole, { user: existingUser, role, createdAt: new Date() }))\n      }\n    }\n    await tem.flush()\n    const roles = Array.from(new Set([...currentRoles, ...roleNames]))\n    userSnapshots.push({ user: existingUser, roles, created: false })\n  })\n\n  if (!existingUser) {\n    const baseUsers: Array<{ email: string; roles: string[]; name?: string | null }> = [\n      { email: primaryUser.email, roles: primaryRoles, name: resolvePrimaryName(primaryUser) },\n    ]\n    if (includeDerivedUsers) {\n      const [local, domain] = String(primaryUser.email).split('@')\n      const isSuperadminLocal = (local || '').toLowerCase() === 'superadmin' && !!domain\n      if (isSuperadminLocal) {\n        baseUsers.push({ email: `admin@${domain}`, roles: ['admin'] })\n        baseUsers.push({ email: `employee@${domain}`, roles: ['employee'] })\n      }\n    }\n    const passwordHash = await resolvePasswordHash(primaryUser)\n\n    await em.transactional(async (tem) => {\n      const tenant = tem.create(Tenant, {\n        name: `${options.orgName} Tenant`,\n        isActive: true,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      })\n      tem.persist(tenant)\n      await tem.flush()\n\n      const organization = tem.create(Organization, {\n        name: options.orgName,\n        tenant,\n        isActive: true,\n        depth: 0,\n        ancestorIds: [],\n        childIds: [],\n        descendantIds: [],\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      })\n      tem.persist(organization)\n      await tem.flush()\n\n      tenantId = String(tenant.id)\n      organizationId = String(organization.id)\n      const roleTenantId = tenantId\n\n      if (isTenantDataEncryptionEnabled()) {\n        try {\n          const kms = createKmsService()\n          if (kms.isHealthy()) {\n            if (isEncryptionDebugEnabled()) {\n              console.info('\uD83D\uDD11 [encryption][setup] provisioning tenant DEK', { tenantId: String(tenant.id) })\n            }\n            await kms.createTenantDek(String(tenant.id))\n            if (isEncryptionDebugEnabled()) {\n              console.info('\uD83D\uDD11 [encryption][setup] created tenant DEK during setup', { tenantId: String(tenant.id) })\n            }\n          } else {\n            if (isEncryptionDebugEnabled()) {\n              console.warn('\u26A0\uFE0F [encryption][setup] KMS not healthy, skipping tenant DEK creation', { tenantId: String(tenant.id) })\n            }\n          }\n        } catch (err) {\n          if (isEncryptionDebugEnabled()) {\n            console.warn('\u26A0\uFE0F [encryption][setup] Failed to create tenant DEK', err)\n          }\n        }\n      }\n\n      await ensureRolesInContext(tem, roleNames, roleTenantId)\n      await tem.flush()\n\n      if (isTenantDataEncryptionEnabled()) {\n        for (const spec of DEFAULT_ENCRYPTION_MAPS) {\n          const existing = await tem.findOne(EncryptionMap, { entityId: spec.entityId, tenantId: tenant.id, organizationId: organization.id, deletedAt: null })\n          if (!existing) {\n            tem.persist(tem.create(EncryptionMap, {\n              entityId: spec.entityId,\n              tenantId: tenant.id,\n              organizationId: organization.id,\n              fieldsJson: spec.fields,\n              isActive: true,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }))\n          } else {\n            existing.fieldsJson = spec.fields\n            existing.isActive = true\n          }\n        }\n        await tem.flush()\n      }\n    })\n\n    await em.transactional(async (tem) => {\n      if (!tenantId || !organizationId) return\n      const roleTenantId = tenantId\n      const encryptionService = isTenantDataEncryptionEnabled()\n        ? new TenantDataEncryptionService(tem as any, { kms: createKmsService() })\n        : null\n      if (encryptionService) {\n        await encryptionService.invalidateMap('auth:user', String(tenantId), String(organizationId))\n        await encryptionService.invalidateMap('auth:user', String(tenantId), null)\n      }\n\n      for (const base of baseUsers) {\n        let user = await tem.findOne(User, { email: base.email })\n        const confirm = primaryUser.confirm ?? true\n        const encryptedPayload = encryptionService\n          ? await encryptionService.encryptEntityPayload('auth:user', { email: base.email }, tenantId, organizationId)\n          : { email: base.email, emailHash: computeEmailHash(base.email) }\n        if (user) {\n          user.passwordHash = passwordHash\n          user.organizationId = organizationId\n          user.tenantId = tenantId\n          if (isTenantDataEncryptionEnabled()) {\n            user.email = encryptedPayload.email as any\n            user.emailHash = (encryptedPayload as any).emailHash ?? computeEmailHash(base.email)\n          }\n          if (base.name) user.name = base.name\n          if (confirm) user.isConfirmed = true\n          tem.persist(user)\n          userSnapshots.push({ user, roles: base.roles, created: false })\n        } else {\n          user = tem.create(User, {\n            email: (encryptedPayload as any).email ?? base.email,\n            emailHash: isTenantDataEncryptionEnabled() ? (encryptedPayload as any).emailHash ?? computeEmailHash(base.email) : undefined,\n            passwordHash,\n            organizationId,\n            tenantId,\n            name: base.name ?? undefined,\n            isConfirmed: confirm,\n            createdAt: new Date(),\n          })\n          tem.persist(user)\n          userSnapshots.push({ user, roles: base.roles, created: true })\n        }\n        await tem.flush()\n        for (const roleName of base.roles) {\n          const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n          const existingLink = await tem.findOne(UserRole, { user, role })\n          if (!existingLink) tem.persist(tem.create(UserRole, { user, role, createdAt: new Date() }))\n        }\n        await tem.flush()\n      }\n    })\n  }\n\n  if (!tenantId || !organizationId) {\n    throw new Error('SETUP_FAILED')\n  }\n\n  if (!reusedExistingUser) {\n    await rebuildHierarchyForTenant(em, tenantId)\n  }\n\n  await ensureDefaultRoleAcls(em, tenantId, { includeSuperadminRole })\n  await deactivateDemoSuperAdminIfSelfOnboardingEnabled(em)\n  await ensureSalesNumberingDefaults(em, { tenantId, organizationId })\n\n  return {\n    tenantId,\n    organizationId,\n    users: userSnapshots,\n    reusedExistingUser,\n  }\n}\n\nfunction resolvePrimaryName(input: PrimaryUserInput): string | null {\n  if (input.displayName && input.displayName.trim()) return input.displayName.trim()\n  const parts = [input.firstName, input.lastName].map((value) => value?.trim()).filter(Boolean)\n  if (parts.length) return parts.join(' ')\n  return null\n}\n\nasync function resolvePasswordHash(input: PrimaryUserInput): Promise<string | null> {\n  if (typeof input.hashedPassword === 'string') return input.hashedPassword\n  if (input.password) return hash(input.password, 10)\n  return null\n}\n\nasync function ensureDefaultRoleAcls(\n  em: EntityManager,\n  tenantId: string,\n  options: { includeSuperadminRole?: boolean } = {},\n) {\n  const includeSuperadminRole = options.includeSuperadminRole ?? true\n  const roleTenantId = normalizeTenantId(tenantId) ?? null\n  const superadminRole = includeSuperadminRole ? await findRoleByName(em, 'superadmin', roleTenantId) : null\n  const adminRole = await findRoleByName(em, 'admin', roleTenantId)\n  const employeeRole = await findRoleByName(em, 'employee', roleTenantId)\n\n  if (includeSuperadminRole && superadminRole) {\n    await ensureRoleAclFor(em, superadminRole, tenantId, ['directory.tenants.*'], { isSuperAdmin: true })\n  }\n  if (adminRole) {\n    const adminFeatures = [\n      'auth.*',\n      'entities.*',\n      'attachments.*',\n      'attachments.view',\n      'attachments.manage',\n      'query_index.*',\n      'search.*',\n      'vector.*',\n      'feature_toggles.*',\n      'configs.system_status.view',\n      'configs.cache.view',\n      'configs.cache.manage',\n      'configs.manage',\n      'catalog.*',\n      'catalog.variants.manage',\n      'catalog.pricing.manage',\n      'sales.*',\n      'audit_logs.*',\n      'directory.organizations.view',\n      'directory.organizations.manage',\n      'customers.*',\n      'customers.people.view',\n      'customers.people.manage',\n      'customers.companies.view',\n      'customers.companies.manage',\n      'customers.deals.view',\n      'customers.deals.manage',\n      'dictionaries.view',\n      'dictionaries.manage',\n      'example.*',\n      'dashboards.*',\n      'dashboards.admin.assign-widgets',\n      'analytics.view',\n      'api_keys.*',\n      'perspectives.use',\n      'perspectives.role_defaults',\n      'business_rules.*',\n      'workflows.*',\n      'currencies.*',\n      'staff.*',\n      'staff.leave_requests.manage',\n      'resources.*',\n      'planner.*',\n    ]\n    await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures, { remove: ['directory.organizations.*', 'directory.tenants.*'] })\n  }\n  if (employeeRole) {\n    await ensureRoleAclFor(em, employeeRole, tenantId, [\n      'customers.*',\n      'customers.people.view',\n      'customers.people.manage',\n      'customers.companies.view',\n      'customers.companies.manage',\n      'vector.*',\n      'catalog.*',\n      'catalog.variants.manage',\n      'catalog.pricing.manage',\n      'sales.*',\n      'dictionaries.view',\n      'example.*',\n      'example.widgets.*',\n      'dashboards.view',\n      'dashboards.configure',\n      'analytics.view',\n      'audit_logs.undo_self',\n      'perspectives.use',\n      'staff.leave_requests.send',\n      'staff.my_availability.view',\n      'staff.my_availability.manage',\n      'staff.my_leave_requests.view',\n      'staff.my_leave_requests.send',\n      'planner.view',\n    ])\n  }\n}\n\nasync function ensureRoleAclFor(\n  em: EntityManager,\n  role: Role,\n  tenantId: string,\n  features: string[],\n  options: { isSuperAdmin?: boolean; remove?: string[] } = {},\n) {\n  const existing = await em.findOne(RoleAcl, { role, tenantId })\n  if (!existing) {\n    const acl = em.create(RoleAcl, {\n      role,\n      tenantId,\n      featuresJson: features,\n      isSuperAdmin: !!options.isSuperAdmin,\n      createdAt: new Date(),\n    })\n    await em.persistAndFlush(acl)\n    return\n  }\n  const currentFeatures = Array.isArray(existing.featuresJson) ? existing.featuresJson : []\n  const merged = Array.from(new Set([...currentFeatures, ...features]))\n  const removeSet = new Set(options.remove ?? [])\n  const sanitized =\n    removeSet.size\n      ? merged.filter((value) => {\n        if (removeSet.has(value)) return false\n        for (const entry of removeSet) {\n          if (entry.endsWith('.*')) {\n            const prefix = entry.slice(0, -1) // keep trailing dot\n            if (value === entry || value.startsWith(prefix)) return false\n          }\n        }\n        return true\n      })\n      : merged\n  const changed =\n    sanitized.length !== currentFeatures.length ||\n    sanitized.some((value, index) => value !== currentFeatures[index])\n  if (changed) existing.featuresJson = sanitized\n  if (options.isSuperAdmin && !existing.isSuperAdmin) {\n    existing.isSuperAdmin = true\n  }\n  if (changed || options.isSuperAdmin) {\n    await em.persistAndFlush(existing)\n  }\n}\n\nasync function deactivateDemoSuperAdminIfSelfOnboardingEnabled(em: EntityManager) {\n  if (process.env.SELF_SERVICE_ONBOARDING_ENABLED !== 'true') return\n  try {\n    const user = await em.findOne(User, { email: DEMO_SUPERADMIN_EMAIL })\n    if (!user) return\n    let dirty = false\n    if (user.passwordHash) {\n      user.passwordHash = null\n      dirty = true\n    }\n    if (user.isConfirmed !== false) {\n      user.isConfirmed = false\n      dirty = true\n    }\n    if (dirty) {\n      await em.persistAndFlush(user)\n    }\n  } catch (error) {\n    console.error('[auth.setup] failed to deactivate demo superadmin user', error)\n  }\n}\n\nasync function ensureSalesNumberingDefaults(\n  em: EntityManager,\n  scope: { tenantId: string; organizationId: string },\n) {\n  const repo = (em as any).getRepository?.(SalesSettings)\n  const findSettings = async () =>\n    repo?.findOne({\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n    }) ??\n    (em as any).findOne?.(SalesSettings, {\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n    })\n\n  const exists = await findSettings()\n  if (!exists) {\n    const settings =\n      repo?.create?.({\n        tenantId: scope.tenantId,\n        organizationId: scope.organizationId,\n        orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n        quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      }) ??\n      (em as any).create?.(SalesSettings, {\n        tenantId: scope.tenantId,\n        organizationId: scope.organizationId,\n        orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n        quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      })\n    if (settings && (em as any).persist) {\n      em.persist(settings)\n    }\n  }\n\n  const sequenceRepo = (em as any).getRepository?.(SalesDocumentSequence)\n  const kinds: Array<'order' | 'quote'> = ['order', 'quote']\n  for (const kind of kinds) {\n    const seq =\n      sequenceRepo?.findOne({\n        tenantId: scope.tenantId,\n        organizationId: scope.organizationId,\n        documentKind: kind,\n      }) ??\n      (em as any).findOne?.(SalesDocumentSequence, {\n        tenantId: scope.tenantId,\n        organizationId: scope.organizationId,\n        documentKind: kind,\n      })\n    if (!seq) {\n      const entry =\n        sequenceRepo?.create?.({\n          tenantId: scope.tenantId,\n          organizationId: scope.organizationId,\n          documentKind: kind,\n          currentValue: 0,\n          createdAt: new Date(),\n          updatedAt: new Date(),\n        }) ??\n        (em as any).create?.(SalesDocumentSequence, {\n          tenantId: scope.tenantId,\n          organizationId: scope.organizationId,\n          documentKind: kind,\n          currentValue: 0,\n          createdAt: new Date(),\n          updatedAt: new Date(),\n        })\n      if (entry && (em as any).persist) {\n        em.persist(entry)\n      }\n    }\n  }\n\n  if ((em as any).flush) {\n    await em.flush()\n  }\n}\n"],
-  "mappings": "AAAA,SAAS,YAAY;AAErB,SAAS,MAAM,SAAS,MAAM,gBAAgB;AAC9C,SAAS,QAAQ,oBAAoB;AACrC,SAAS,iCAAiC;AAC1C,SAAS,yBAAyB;AAClC,SAAS,eAAe,6BAA6B;AACrD;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,wBAAwB;AACjC,SAAS,0BAA0B,qCAAqC;AACxE,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AACxC,SAAS,wBAAwB;AACjC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AAEnC,MAAM,qBAAqB,CAAC,YAAY,SAAS,YAAY;AAC7D,MAAM,wBAAwB;AAO9B,eAAe,qBACb,IACA,WACA,UACA;AACA,aAAW,QAAQ,WAAW;AAC5B,UAAM,WAAW,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,QAAI,SAAU;AACd,QAAI,aAAa,MAAM;AACrB,YAAM,aAAa,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAClE,UAAI,YAAY;AACd,mBAAW,WAAW;AACtB,WAAG,QAAQ,UAAU;AACrB;AAAA,MACF;AAAA,IACF;AACA,OAAG,QAAQ,GAAG,OAAO,MAAM,EAAE,MAAM,UAAU,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,EACvE;AACF;AAEA,eAAsB,YAAY,IAAmB,UAA8B,CAAC,GAAG;AACrF,QAAM,YAAY,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AAC7D,QAAM,WAAW,kBAAkB,QAAQ,YAAY,IAAI,KAAK;AAChE,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,qBAAqB,KAAK,WAAW,QAAQ;AACnD,UAAM,IAAI,MAAM;AAAA,EAClB,CAAC;AACH;AAEA,eAAe,eACb,IACA,MACA,UACsB;AACtB,QAAM,mBAAmB,kBAAkB,YAAY,IAAI,KAAK;AAChE,MAAI,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,iBAAiB,CAAC;AACtE,MAAI,CAAC,QAAQ,qBAAqB,MAAM;AACtC,WAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD;AACA,SAAO;AACT;AAEA,eAAe,qBACb,IACA,MACA,UACe;AACf,QAAM,OAAO,MAAM,eAAe,IAAI,MAAM,QAAQ;AACpD,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,kBAAkB,IAAI,EAAE;AACnD,SAAO;AACT;AA6BA,eAAsB,mBACpB,IACA,SACmC;AACnC,QAAM;AAAA,IACJ;AAAA,IACA,sBAAsB;AAAA,IACtB,mBAAmB;AAAA,IACnB;AAAA,IACA,wBAAwB;AAAA,EAC1B,IAAI;AACJ,QAAM,oBAAoB,oBAAoB,iBAAiB,SAAS,mBAAmB,CAAC,YAAY;AACxG,QAAM,eAAe,wBACjB,oBACA,kBAAkB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC5D,MAAI,aAAa,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACA,QAAM,mBAAmB,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AACpE,QAAM,oBAAoB,wBACtB,mBACA,iBAAiB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC3D,QAAM,YAAY,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,mBAAmB,GAAG,YAAY,CAAC,CAAC;AAE7E,QAAM,YAAY,YAAY;AAC9B,QAAM,eAAe,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,UAAU,CAAC;AAChE,MAAI,gBAAgB,kBAAkB;AACpC,UAAM,IAAI,MAAM,aAAa;AAAA,EAC/B;AAEA,MAAI;AACJ,MAAI;AACJ,MAAI,qBAAqB;AACzB,QAAM,gBAA0E,CAAC;AAEjF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,QAAI,CAAC,aAAc;AACnB,yBAAqB;AACrB,eAAW,aAAa,WAAW,OAAO,aAAa,QAAQ,IAAI;AACnE,qBAAiB,aAAa,iBAAiB,OAAO,aAAa,cAAc,IAAI;AACrF,UAAM,eAAe,kBAAkB,aAAa,YAAY,IAAI,KAAK;AAEzE,UAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,UAAM,IAAI,MAAM;AAEhB,UAAM,kBAAkB,oBAAI,IAAI,CAAC,GAAG,WAAW,GAAG,YAAY,CAAC;AAC/D,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,aAAa;AAAA,MACrB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,cAAc,gBAAgB,KAAK;AAAA,IACjD;AACA,UAAM,eAAe,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC;AAChE,eAAW,YAAY,iBAAiB;AACtC,UAAI,CAAC,aAAa,IAAI,QAAQ,GAAG;AAC/B,cAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,YAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,cAAc,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,MACvF;AAAA,IACF;AACA,UAAM,IAAI,MAAM;AAChB,UAAM,QAAQ,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,cAAc,GAAG,SAAS,CAAC,CAAC;AACjE,kBAAc,KAAK,EAAE,MAAM,cAAc,OAAO,SAAS,MAAM,CAAC;AAAA,EAClE,CAAC;AAED,MAAI,CAAC,cAAc;AACjB,UAAM,YAA6E;AAAA,MACjF,EAAE,OAAO,YAAY,OAAO,OAAO,cAAc,MAAM,mBAAmB,WAAW,EAAE;AAAA,IACzF;AACA,QAAI,qBAAqB;AACvB,YAAM,CAAC,OAAO,MAAM,IAAI,OAAO,YAAY,KAAK,EAAE,MAAM,GAAG;AAC3D,YAAM,qBAAqB,SAAS,IAAI,YAAY,MAAM,gBAAgB,CAAC,CAAC;AAC5E,UAAI,mBAAmB;AACrB,kBAAU,KAAK,EAAE,OAAO,SAAS,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;AAC7D,kBAAU,KAAK,EAAE,OAAO,YAAY,MAAM,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;AAAA,MACrE;AAAA,IACF;AACA,UAAM,eAAe,MAAM,oBAAoB,WAAW;AAE1D,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAM,SAAS,IAAI,OAAO,QAAQ;AAAA,QAChC,MAAM,GAAG,QAAQ,OAAO;AAAA,QACxB,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,MAAM;AAClB,YAAM,IAAI,MAAM;AAEhB,YAAM,eAAe,IAAI,OAAO,cAAc;AAAA,QAC5C,MAAM,QAAQ;AAAA,QACd;AAAA,QACA,UAAU;AAAA,QACV,OAAO;AAAA,QACP,aAAa,CAAC;AAAA,QACd,UAAU,CAAC;AAAA,QACX,eAAe,CAAC;AAAA,QAChB,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,YAAY;AACxB,YAAM,IAAI,MAAM;AAEhB,iBAAW,OAAO,OAAO,EAAE;AAC3B,uBAAiB,OAAO,aAAa,EAAE;AACvC,YAAM,eAAe;AAErB,UAAI,8BAA8B,GAAG;AACnC,YAAI;AACF,gBAAM,MAAM,iBAAiB;AAC7B,cAAI,IAAI,UAAU,GAAG;AACnB,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,yDAAkD,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YAChG;AACA,kBAAM,IAAI,gBAAgB,OAAO,OAAO,EAAE,CAAC;AAC3C,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,iEAA0D,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACxG;AAAA,UACF,OAAO;AACL,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,kFAAwE,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACtH;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,yBAAyB,GAAG;AAC9B,oBAAQ,KAAK,gEAAsD,GAAG;AAAA,UACxE;AAAA,QACF;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,YAAM,IAAI,MAAM;AAEhB,UAAI,8BAA8B,GAAG;AACnC,mBAAW,QAAQ,yBAAyB;AAC1C,gBAAM,WAAW,MAAM,IAAI,QAAQ,eAAe,EAAE,UAAU,KAAK,UAAU,UAAU,OAAO,IAAI,gBAAgB,aAAa,IAAI,WAAW,KAAK,CAAC;AACpJ,cAAI,CAAC,UAAU;AACb,gBAAI,QAAQ,IAAI,OAAO,eAAe;AAAA,cACpC,UAAU,KAAK;AAAA,cACf,UAAU,OAAO;AAAA,cACjB,gBAAgB,aAAa;AAAA,cAC7B,YAAY,KAAK;AAAA,cACjB,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC,CAAC;AAAA,UACJ,OAAO;AACL,qBAAS,aAAa,KAAK;AAC3B,qBAAS,WAAW;AAAA,UACtB;AAAA,QACF;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAED,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAI,CAAC,YAAY,CAAC,eAAgB;AAClC,YAAM,eAAe;AACrB,YAAM,oBAAoB,8BAA8B,IACpD,IAAI,4BAA4B,KAAY,EAAE,KAAK,iBAAiB,EAAE,CAAC,IACvE;AACJ,UAAI,mBAAmB;AACrB,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,OAAO,cAAc,CAAC;AAC3F,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,IAAI;AAAA,MAC3E;AAEA,iBAAW,QAAQ,WAAW;AAC5B,YAAI,OAAO,MAAM,IAAI,QAAQ,MAAM,EAAE,OAAO,KAAK,MAAM,CAAC;AACxD,cAAM,UAAU,YAAY,WAAW;AACvC,cAAM,mBAAmB,oBACrB,MAAM,kBAAkB,qBAAqB,aAAa,EAAE,OAAO,KAAK,MAAM,GAAG,UAAU,cAAc,IACzG,EAAE,OAAO,KAAK,OAAO,WAAW,iBAAiB,KAAK,KAAK,EAAE;AACjE,YAAI,MAAM;AACR,eAAK,eAAe;AACpB,eAAK,iBAAiB;AACtB,eAAK,WAAW;AAChB,cAAI,8BAA8B,GAAG;AACnC,iBAAK,QAAQ,iBAAiB;AAC9B,iBAAK,YAAa,iBAAyB,aAAa,iBAAiB,KAAK,KAAK;AAAA,UACrF;AACA,cAAI,KAAK,KAAM,MAAK,OAAO,KAAK;AAChC,cAAI,QAAS,MAAK,cAAc;AAChC,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,MAAM,CAAC;AAAA,QAChE,OAAO;AACL,iBAAO,IAAI,OAAO,MAAM;AAAA,YACtB,OAAQ,iBAAyB,SAAS,KAAK;AAAA,YAC/C,WAAW,8BAA8B,IAAK,iBAAyB,aAAa,iBAAiB,KAAK,KAAK,IAAI;AAAA,YACnH;AAAA,YACA;AAAA,YACA;AAAA,YACA,MAAM,KAAK,QAAQ;AAAA,YACnB,aAAa;AAAA,YACb,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AACD,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,KAAK,CAAC;AAAA,QAC/D;AACA,cAAM,IAAI,MAAM;AAChB,mBAAW,YAAY,KAAK,OAAO;AACjC,gBAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,gBAAM,eAAe,MAAM,IAAI,QAAQ,UAAU,EAAE,MAAM,KAAK,CAAC;AAC/D,cAAI,CAAC,aAAc,KAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,QAC5F;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,UAAM,IAAI,MAAM,cAAc;AAAA,EAChC;AAEA,MAAI,CAAC,oBAAoB;AACvB,UAAM,0BAA0B,IAAI,QAAQ;AAAA,EAC9C;AAEA,QAAM,sBAAsB,IAAI,UAAU,EAAE,sBAAsB,CAAC;AACnE,QAAM,gDAAgD,EAAE;AACxD,QAAM,6BAA6B,IAAI,EAAE,UAAU,eAAe,CAAC;AAEnE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,OAAwC;AAClE,MAAI,MAAM,eAAe,MAAM,YAAY,KAAK,EAAG,QAAO,MAAM,YAAY,KAAK;AACjF,QAAM,QAAQ,CAAC,MAAM,WAAW,MAAM,QAAQ,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC,EAAE,OAAO,OAAO;AAC5F,MAAI,MAAM,OAAQ,QAAO,MAAM,KAAK,GAAG;AACvC,SAAO;AACT;AAEA,eAAe,oBAAoB,OAAiD;AAClF,MAAI,OAAO,MAAM,mBAAmB,SAAU,QAAO,MAAM;AAC3D,MAAI,MAAM,SAAU,QAAO,KAAK,MAAM,UAAU,EAAE;AAClD,SAAO;AACT;AAEA,eAAe,sBACb,IACA,UACA,UAA+C,CAAC,GAChD;AACA,QAAM,wBAAwB,QAAQ,yBAAyB;AAC/D,QAAM,eAAe,kBAAkB,QAAQ,KAAK;AACpD,QAAM,iBAAiB,wBAAwB,MAAM,eAAe,IAAI,cAAc,YAAY,IAAI;AACtG,QAAM,YAAY,MAAM,eAAe,IAAI,SAAS,YAAY;AAChE,QAAM,eAAe,MAAM,eAAe,IAAI,YAAY,YAAY;AAEtE,MAAI,yBAAyB,gBAAgB;AAC3C,UAAM,iBAAiB,IAAI,gBAAgB,UAAU,CAAC,qBAAqB,GAAG,EAAE,cAAc,KAAK,CAAC;AAAA,EACtG;AACA,MAAI,WAAW;AACb,UAAM,gBAAgB;AAAA,MACpB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,iBAAiB,IAAI,WAAW,UAAU,eAAe,EAAE,QAAQ,CAAC,6BAA6B,qBAAqB,EAAE,CAAC;AAAA,EACjI;AACA,MAAI,cAAc;AAChB,UAAM,iBAAiB,IAAI,cAAc,UAAU;AAAA,MACjD;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,eAAe,iBACb,IACA,MACA,UACA,UACA,UAAyD,CAAC,GAC1D;AACA,QAAM,WAAW,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7D,MAAI,CAAC,UAAU;AACb,UAAM,MAAM,GAAG,OAAO,SAAS;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc,CAAC,CAAC,QAAQ;AAAA,MACxB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACD,UAAM,GAAG,gBAAgB,GAAG;AAC5B;AAAA,EACF;AACA,QAAM,kBAAkB,MAAM,QAAQ,SAAS,YAAY,IAAI,SAAS,eAAe,CAAC;AACxF,QAAM,SAAS,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,iBAAiB,GAAG,QAAQ,CAAC,CAAC;AACpE,QAAM,YAAY,IAAI,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC9C,QAAM,YACJ,UAAU,OACN,OAAO,OAAO,CAAC,UAAU;AACzB,QAAI,UAAU,IAAI,KAAK,EAAG,QAAO;AACjC,eAAW,SAAS,WAAW;AAC7B,UAAI,MAAM,SAAS,IAAI,GAAG;AACxB,cAAM,SAAS,MAAM,MAAM,GAAG,EAAE;AAChC,YAAI,UAAU,SAAS,MAAM,WAAW,MAAM,EAAG,QAAO;AAAA,MAC1D;AAAA,IACF;AACA,WAAO;AAAA,EACT,CAAC,IACC;AACN,QAAM,UACJ,UAAU,WAAW,gBAAgB,UACrC,UAAU,KAAK,CAAC,OAAO,UAAU,UAAU,gBAAgB,KAAK,CAAC;AACnE,MAAI,QAAS,UAAS,eAAe;AACrC,MAAI,QAAQ,gBAAgB,CAAC,SAAS,cAAc;AAClD,aAAS,eAAe;AAAA,EAC1B;AACA,MAAI,WAAW,QAAQ,cAAc;AACnC,UAAM,GAAG,gBAAgB,QAAQ;AAAA,EACnC;AACF;AAEA,eAAe,gDAAgD,IAAmB;AAChF,MAAI,QAAQ,IAAI,oCAAoC,OAAQ;AAC5D,MAAI;AACF,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,sBAAsB,CAAC;AACpE,QAAI,CAAC,KAAM;AACX,QAAI,QAAQ;AACZ,QAAI,KAAK,cAAc;AACrB,WAAK,eAAe;AACpB,cAAQ;AAAA,IACV;AACA,QAAI,KAAK,gBAAgB,OAAO;AAC9B,WAAK,cAAc;AACnB,cAAQ;AAAA,IACV;AACA,QAAI,OAAO;AACT,YAAM,GAAG,gBAAgB,IAAI;AAAA,IAC/B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0DAA0D,KAAK;AAAA,EAC/E;AACF;AAEA,eAAe,6BACb,IACA,OACA;AACA,QAAM,OAAQ,GAAW,gBAAgB,aAAa;AACtD,QAAM,eAAe,YACnB,MAAM,QAAQ;AAAA,IACZ,UAAU,MAAM;AAAA,IAChB,gBAAgB,MAAM;AAAA,EACxB,CAAC,KACA,GAAW,UAAU,eAAe;AAAA,IACnC,UAAU,MAAM;AAAA,IAChB,gBAAgB,MAAM;AAAA,EACxB,CAAC;AAEH,QAAM,SAAS,MAAM,aAAa;AAClC,MAAI,CAAC,QAAQ;AACX,UAAM,WACJ,MAAM,SAAS;AAAA,MACb,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,mBAAmB;AAAA,MACnB,mBAAmB;AAAA,MACnB,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC,KACA,GAAW,SAAS,eAAe;AAAA,MAClC,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,mBAAmB;AAAA,MACnB,mBAAmB;AAAA,MACnB,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACH,QAAI,YAAa,GAAW,SAAS;AACnC,SAAG,QAAQ,QAAQ;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,eAAgB,GAAW,gBAAgB,qBAAqB;AACtE,QAAM,QAAkC,CAAC,SAAS,OAAO;AACzD,aAAW,QAAQ,OAAO;AACxB,UAAM,MACJ,cAAc,QAAQ;AAAA,MACpB,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,cAAc;AAAA,IAChB,CAAC,KACA,GAAW,UAAU,uBAAuB;AAAA,MAC3C,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,cAAc;AAAA,IAChB,CAAC;AACH,QAAI,CAAC,KAAK;AACR,YAAM,QACJ,cAAc,SAAS;AAAA,QACrB,UAAU,MAAM;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC,KACA,GAAW,SAAS,uBAAuB;AAAA,QAC1C,UAAU,MAAM;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACH,UAAI,SAAU,GAAW,SAAS;AAChC,WAAG,QAAQ,KAAK;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,MAAK,GAAW,OAAO;AACrB,UAAM,GAAG,MAAM;AAAA,EACjB;AACF;",
+  "sourcesContent": ["import { hash } from 'bcryptjs'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Role, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { Tenant, Organization } from '@open-mercato/core/modules/directory/data/entities'\nimport { rebuildHierarchyForTenant } from '@open-mercato/core/modules/directory/lib/hierarchy'\nimport { normalizeTenantId } from './tenantAccess'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport type { Module } from '@open-mercato/shared/modules/registry'\nimport { isEncryptionDebugEnabled, isTenantDataEncryptionEnabled } from '@open-mercato/shared/lib/encryption/toggles'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport { createKmsService } from '@open-mercato/shared/lib/encryption/kms'\nimport { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { parseBooleanToken } from '@open-mercato/shared/lib/boolean'\n\nconst DEFAULT_ROLE_NAMES = ['employee', 'admin', 'superadmin'] as const\nconst DEMO_SUPERADMIN_EMAIL = 'superadmin@acme.com'\n\nexport type EnsureRolesOptions = {\n  roleNames?: string[]\n  tenantId?: string | null\n}\n\nasync function ensureRolesInContext(\n  em: EntityManager,\n  roleNames: string[],\n  tenantId: string | null,\n) {\n  for (const name of roleNames) {\n    const existing = await em.findOne(Role, { name, tenantId })\n    if (existing) continue\n    if (tenantId !== null) {\n      const globalRole = await em.findOne(Role, { name, tenantId: null })\n      if (globalRole) {\n        globalRole.tenantId = tenantId\n        em.persist(globalRole)\n        continue\n      }\n    }\n    em.persist(em.create(Role, { name, tenantId, createdAt: new Date() }))\n  }\n}\n\nexport async function ensureRoles(em: EntityManager, options: EnsureRolesOptions = {}) {\n  const roleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n  const tenantId = normalizeTenantId(options.tenantId ?? null) ?? null\n  await em.transactional(async (tem) => {\n    await ensureRolesInContext(tem, roleNames, tenantId)\n    await tem.flush()\n  })\n}\n\nasync function findRoleByName(\n  em: EntityManager,\n  name: string,\n  tenantId: string | null,\n): Promise<Role | null> {\n  const normalizedTenant = normalizeTenantId(tenantId ?? null) ?? null\n  let role = await em.findOne(Role, { name, tenantId: normalizedTenant })\n  if (!role && normalizedTenant !== null) {\n    role = await em.findOne(Role, { name, tenantId: null })\n  }\n  return role\n}\n\nasync function findRoleByNameOrFail(\n  em: EntityManager,\n  name: string,\n  tenantId: string | null,\n): Promise<Role> {\n  const role = await findRoleByName(em, name, tenantId)\n  if (!role) throw new Error(`ROLE_NOT_FOUND:${name}`)\n  return role\n}\n\ntype PrimaryUserInput = {\n  email: string\n  password?: string\n  hashedPassword?: string | null\n  firstName?: string | null\n  lastName?: string | null\n  displayName?: string | null\n  confirm?: boolean\n}\n\nconst DERIVED_EMAIL_ENV = {\n  admin: 'OM_INIT_ADMIN_EMAIL',\n  employee: 'OM_INIT_EMPLOYEE_EMAIL',\n} as const\n\nexport type SetupInitialTenantOptions = {\n  orgName: string\n  primaryUser: PrimaryUserInput\n  roleNames?: string[]\n  includeDerivedUsers?: boolean\n  failIfUserExists?: boolean\n  primaryUserRoles?: string[]\n  includeSuperadminRole?: boolean\n  /** Optional list of enabled modules. When provided, module setup hooks are called. */\n  modules?: Module[]\n}\n\nexport type SetupInitialTenantResult = {\n  tenantId: string\n  organizationId: string\n  users: Array<{ user: User; roles: string[]; created: boolean }>\n  reusedExistingUser: boolean\n}\n\nexport async function setupInitialTenant(\n  em: EntityManager,\n  options: SetupInitialTenantOptions,\n): Promise<SetupInitialTenantResult> {\n  const {\n    primaryUser,\n    includeDerivedUsers = true,\n    failIfUserExists = false,\n    primaryUserRoles,\n    includeSuperadminRole = true,\n  } = options\n  const primaryRolesInput = primaryUserRoles && primaryUserRoles.length ? primaryUserRoles : ['superadmin']\n  const primaryRoles = includeSuperadminRole\n    ? primaryRolesInput\n    : primaryRolesInput.filter((role) => role !== 'superadmin')\n  if (primaryRoles.length === 0) {\n    throw new Error('PRIMARY_ROLES_REQUIRED')\n  }\n  const defaultRoleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n  const resolvedRoleNames = includeSuperadminRole\n    ? defaultRoleNames\n    : defaultRoleNames.filter((role) => role !== 'superadmin')\n  const roleNames = Array.from(new Set([...resolvedRoleNames, ...primaryRoles]))\n\n  const mainEmail = primaryUser.email\n  const existingUser = await em.findOne(User, { email: mainEmail })\n  if (existingUser && failIfUserExists) {\n    throw new Error('USER_EXISTS')\n  }\n\n  let tenantId: string | undefined\n  let organizationId: string | undefined\n  let reusedExistingUser = false\n  const userSnapshots: Array<{ user: User; roles: string[]; created: boolean }> = []\n\n  await em.transactional(async (tem) => {\n    if (!existingUser) return\n    reusedExistingUser = true\n    tenantId = existingUser.tenantId ? String(existingUser.tenantId) : undefined\n    organizationId = existingUser.organizationId ? String(existingUser.organizationId) : undefined\n    const roleTenantId = normalizeTenantId(existingUser.tenantId ?? null) ?? null\n\n    await ensureRolesInContext(tem, roleNames, roleTenantId)\n    await tem.flush()\n\n    const requiredRoleSet = new Set([...roleNames, ...primaryRoles])\n    const links = await findWithDecryption(\n      tem,\n      UserRole,\n      { user: existingUser },\n      { populate: ['role'] },\n      { tenantId: roleTenantId, organizationId: null },\n    )\n    const currentRoles = new Set(links.map((link) => link.role.name))\n    for (const roleName of requiredRoleSet) {\n      if (!currentRoles.has(roleName)) {\n        const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n        tem.persist(tem.create(UserRole, { user: existingUser, role, createdAt: new Date() }))\n      }\n    }\n    await tem.flush()\n    const roles = Array.from(new Set([...currentRoles, ...roleNames]))\n    userSnapshots.push({ user: existingUser, roles, created: false })\n  })\n\n  if (!existingUser) {\n    const baseUsers: Array<{\n      email: string\n      roles: string[]\n      name?: string | null\n      passwordHash?: string | null\n    }> = [\n      { email: primaryUser.email, roles: primaryRoles, name: resolvePrimaryName(primaryUser) },\n    ]\n    if (includeDerivedUsers) {\n      const [, domain] = String(primaryUser.email).split('@')\n      const adminOverride = readEnvValue(DERIVED_EMAIL_ENV.admin)\n      const employeeOverride = readEnvValue(DERIVED_EMAIL_ENV.employee)\n      const adminEmail = adminOverride ?? (domain ? `admin@${domain}` : '')\n      const employeeEmail = employeeOverride ?? (domain ? `employee@${domain}` : '')\n      const adminPassword = readEnvValue('OM_INIT_ADMIN_PASSWORD') || 'secret'\n      const employeePassword = readEnvValue('OM_INIT_EMPLOYEE_PASSWORD') || 'secret'\n      const adminPasswordHash = adminPassword ? await resolvePasswordHash({ email: adminEmail, password: adminPassword }) : null\n      const employeePasswordHash = employeePassword\n        ? await resolvePasswordHash({ email: employeeEmail, password: employeePassword })\n        : null\n      addUniqueBaseUser(baseUsers, { email: adminEmail, roles: ['admin'], passwordHash: adminPasswordHash })\n      addUniqueBaseUser(baseUsers, { email: employeeEmail, roles: ['employee'], passwordHash: employeePasswordHash })\n    }\n    const passwordHash = await resolvePasswordHash(primaryUser)\n\n    await em.transactional(async (tem) => {\n      const tenant = tem.create(Tenant, {\n        name: `${options.orgName} Tenant`,\n        isActive: true,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      })\n      tem.persist(tenant)\n      await tem.flush()\n\n      const organization = tem.create(Organization, {\n        name: options.orgName,\n        tenant,\n        isActive: true,\n        depth: 0,\n        ancestorIds: [],\n        childIds: [],\n        descendantIds: [],\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      })\n      tem.persist(organization)\n      await tem.flush()\n\n      tenantId = String(tenant.id)\n      organizationId = String(organization.id)\n      const roleTenantId = tenantId\n\n      if (isTenantDataEncryptionEnabled()) {\n        try {\n          const kms = createKmsService()\n          if (kms.isHealthy()) {\n            if (isEncryptionDebugEnabled()) {\n              console.info('\uD83D\uDD11 [encryption][setup] provisioning tenant DEK', { tenantId: String(tenant.id) })\n            }\n            await kms.createTenantDek(String(tenant.id))\n            if (isEncryptionDebugEnabled()) {\n              console.info('\uD83D\uDD11 [encryption][setup] created tenant DEK during setup', { tenantId: String(tenant.id) })\n            }\n          } else {\n            if (isEncryptionDebugEnabled()) {\n              console.warn('\u26A0\uFE0F [encryption][setup] KMS not healthy, skipping tenant DEK creation', { tenantId: String(tenant.id) })\n            }\n          }\n        } catch (err) {\n          if (isEncryptionDebugEnabled()) {\n            console.warn('\u26A0\uFE0F [encryption][setup] Failed to create tenant DEK', err)\n          }\n        }\n      }\n\n      await ensureRolesInContext(tem, roleNames, roleTenantId)\n      await tem.flush()\n\n      if (isTenantDataEncryptionEnabled()) {\n        for (const spec of DEFAULT_ENCRYPTION_MAPS) {\n          const existing = await tem.findOne(EncryptionMap, { entityId: spec.entityId, tenantId: tenant.id, organizationId: organization.id, deletedAt: null })\n          if (!existing) {\n            tem.persist(tem.create(EncryptionMap, {\n              entityId: spec.entityId,\n              tenantId: tenant.id,\n              organizationId: organization.id,\n              fieldsJson: spec.fields,\n              isActive: true,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }))\n          } else {\n            existing.fieldsJson = spec.fields\n            existing.isActive = true\n          }\n        }\n        await tem.flush()\n      }\n    })\n\n    await em.transactional(async (tem) => {\n      if (!tenantId || !organizationId) return\n      const roleTenantId = tenantId\n      const encryptionService = isTenantDataEncryptionEnabled()\n        ? new TenantDataEncryptionService(tem as any, { kms: createKmsService() })\n        : null\n      if (encryptionService) {\n        await encryptionService.invalidateMap('auth:user', String(tenantId), String(organizationId))\n        await encryptionService.invalidateMap('auth:user', String(tenantId), null)\n      }\n\n      for (const base of baseUsers) {\n        const resolvedPasswordHash = base.passwordHash ?? passwordHash\n        let user = await tem.findOne(User, { email: base.email })\n        const confirm = primaryUser.confirm ?? true\n        const encryptedPayload = encryptionService\n          ? await encryptionService.encryptEntityPayload('auth:user', { email: base.email }, tenantId, organizationId)\n          : { email: base.email, emailHash: computeEmailHash(base.email) }\n        if (user) {\n          user.passwordHash = resolvedPasswordHash\n          user.organizationId = organizationId\n          user.tenantId = tenantId\n          if (isTenantDataEncryptionEnabled()) {\n            user.email = encryptedPayload.email as any\n            user.emailHash = (encryptedPayload as any).emailHash ?? computeEmailHash(base.email)\n          }\n          if (base.name) user.name = base.name\n          if (confirm) user.isConfirmed = true\n          tem.persist(user)\n          userSnapshots.push({ user, roles: base.roles, created: false })\n        } else {\n          user = tem.create(User, {\n            email: (encryptedPayload as any).email ?? base.email,\n            emailHash: isTenantDataEncryptionEnabled() ? (encryptedPayload as any).emailHash ?? computeEmailHash(base.email) : undefined,\n            passwordHash: resolvedPasswordHash,\n            organizationId,\n            tenantId,\n            name: base.name ?? undefined,\n            isConfirmed: confirm,\n            createdAt: new Date(),\n          })\n          tem.persist(user)\n          userSnapshots.push({ user, roles: base.roles, created: true })\n        }\n        await tem.flush()\n        for (const roleName of base.roles) {\n          const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n          const existingLink = await tem.findOne(UserRole, { user, role })\n          if (!existingLink) tem.persist(tem.create(UserRole, { user, role, createdAt: new Date() }))\n        }\n        await tem.flush()\n      }\n    })\n  }\n\n  if (!tenantId || !organizationId) {\n    throw new Error('SETUP_FAILED')\n  }\n\n  if (!reusedExistingUser) {\n    await rebuildHierarchyForTenant(em, tenantId)\n  }\n\n  const resolvedModules = options.modules ?? tryGetModules()\n  await ensureDefaultRoleAcls(em, tenantId, resolvedModules, { includeSuperadminRole })\n  await deactivateDemoSuperAdminIfSelfOnboardingEnabled(em)\n\n  // Call module onTenantCreated hooks\n  for (const mod of resolvedModules) {\n    if (mod.setup?.onTenantCreated) {\n      await mod.setup.onTenantCreated({ em, tenantId, organizationId })\n    }\n  }\n\n  return {\n    tenantId,\n    organizationId,\n    users: userSnapshots,\n    reusedExistingUser,\n  }\n}\n\nfunction resolvePrimaryName(input: PrimaryUserInput): string | null {\n  if (input.displayName && input.displayName.trim()) return input.displayName.trim()\n  const parts = [input.firstName, input.lastName].map((value) => value?.trim()).filter(Boolean)\n  if (parts.length) return parts.join(' ')\n  return null\n}\n\nfunction readEnvValue(key: string): string | undefined {\n  const value = process.env[key]\n  if (typeof value !== 'string') return undefined\n  const trimmed = value.trim()\n  return trimmed.length > 0 ? trimmed : undefined\n}\n\nfunction addUniqueBaseUser(\n  baseUsers: Array<{ email: string; roles: string[]; name?: string | null; passwordHash?: string | null }>,\n  entry: { email: string; roles: string[]; name?: string | null; passwordHash?: string | null },\n) {\n  if (!entry.email) return\n  const normalized = entry.email.toLowerCase()\n  if (baseUsers.some((user) => user.email.toLowerCase() === normalized)) return\n  baseUsers.push(entry)\n}\n\nfunction isDemoModeEnabled(): boolean {\n  const parsed = parseBooleanToken(process.env.DEMO_MODE ?? '')\n  return parsed === false ? false : true\n}\n\nfunction shouldKeepDemoSuperadminDuringInit(): boolean {\n  if (process.env.OM_INIT_FLOW !== 'true') return false\n  if (!readEnvValue('OM_INIT_SUPERADMIN_EMAIL')) return false\n  return isDemoModeEnabled()\n}\n\nasync function resolvePasswordHash(input: PrimaryUserInput): Promise<string | null> {\n  if (typeof input.hashedPassword === 'string') return input.hashedPassword\n  if (input.password) return hash(input.password, 10)\n  return null\n}\n\nasync function ensureDefaultRoleAcls(\n  em: EntityManager,\n  tenantId: string,\n  modules: Module[],\n  options: { includeSuperadminRole?: boolean } = {},\n) {\n  const includeSuperadminRole = options.includeSuperadminRole ?? true\n  const roleTenantId = normalizeTenantId(tenantId) ?? null\n  const superadminRole = includeSuperadminRole ? await findRoleByName(em, 'superadmin', roleTenantId) : null\n  const adminRole = await findRoleByName(em, 'admin', roleTenantId)\n  const employeeRole = await findRoleByName(em, 'employee', roleTenantId)\n\n  // Merge features from all enabled modules' setup configs\n  const superadminFeatures: string[] = []\n  const adminFeatures: string[] = []\n  const employeeFeatures: string[] = []\n\n  for (const mod of modules) {\n    const roleFeatures = mod.setup?.defaultRoleFeatures\n    if (!roleFeatures) continue\n    if (roleFeatures.superadmin) superadminFeatures.push(...roleFeatures.superadmin)\n    if (roleFeatures.admin) adminFeatures.push(...roleFeatures.admin)\n    if (roleFeatures.employee) employeeFeatures.push(...roleFeatures.employee)\n  }\n\n  if (includeSuperadminRole && superadminRole) {\n    await ensureRoleAclFor(em, superadminRole, tenantId, superadminFeatures, { isSuperAdmin: true })\n  }\n  if (adminRole) {\n    await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures)\n  }\n  if (employeeRole) {\n    await ensureRoleAclFor(em, employeeRole, tenantId, employeeFeatures)\n  }\n}\n\nasync function ensureRoleAclFor(\n  em: EntityManager,\n  role: Role,\n  tenantId: string,\n  features: string[],\n  options: { isSuperAdmin?: boolean } = {},\n) {\n  const existing = await em.findOne(RoleAcl, { role, tenantId })\n  if (!existing) {\n    const acl = em.create(RoleAcl, {\n      role,\n      tenantId,\n      featuresJson: features,\n      isSuperAdmin: !!options.isSuperAdmin,\n      createdAt: new Date(),\n    })\n    await em.persistAndFlush(acl)\n    return\n  }\n  const currentFeatures = Array.isArray(existing.featuresJson) ? existing.featuresJson : []\n  const merged = Array.from(new Set([...currentFeatures, ...features]))\n  const changed =\n    merged.length !== currentFeatures.length ||\n    merged.some((value, index) => value !== currentFeatures[index])\n  if (changed) existing.featuresJson = merged\n  if (options.isSuperAdmin && !existing.isSuperAdmin) {\n    existing.isSuperAdmin = true\n  }\n  if (changed || options.isSuperAdmin) {\n    await em.persistAndFlush(existing)\n  }\n}\n\nasync function deactivateDemoSuperAdminIfSelfOnboardingEnabled(em: EntityManager) {\n  if (process.env.SELF_SERVICE_ONBOARDING_ENABLED !== 'true') return\n  if (shouldKeepDemoSuperadminDuringInit()) return\n  try {\n    const user = await em.findOne(User, { email: DEMO_SUPERADMIN_EMAIL })\n    if (!user) return\n    let dirty = false\n    if (user.passwordHash) {\n      user.passwordHash = null\n      dirty = true\n    }\n    if (user.isConfirmed !== false) {\n      user.isConfirmed = false\n      dirty = true\n    }\n    if (dirty) {\n      await em.persistAndFlush(user)\n    }\n  } catch (error) {\n    console.error('[auth.setup] failed to deactivate demo superadmin user', error)\n  }\n}\n\n/** Try to get modules from runtime registry; returns empty array if not yet registered. */\nfunction tryGetModules(): Module[] {\n  try {\n    const { getModules } = require('@open-mercato/shared/lib/modules/registry')\n    return getModules()\n  } catch {\n    return []\n  }\n}\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAErB,SAAS,MAAM,SAAS,MAAM,gBAAgB;AAC9C,SAAS,QAAQ,oBAAoB;AACrC,SAAS,iCAAiC;AAC1C,SAAS,yBAAyB;AAClC,SAAS,wBAAwB;AAEjC,SAAS,0BAA0B,qCAAqC;AACxE,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AACxC,SAAS,wBAAwB;AACjC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AACnC,SAAS,yBAAyB;AAElC,MAAM,qBAAqB,CAAC,YAAY,SAAS,YAAY;AAC7D,MAAM,wBAAwB;AAO9B,eAAe,qBACb,IACA,WACA,UACA;AACA,aAAW,QAAQ,WAAW;AAC5B,UAAM,WAAW,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,QAAI,SAAU;AACd,QAAI,aAAa,MAAM;AACrB,YAAM,aAAa,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAClE,UAAI,YAAY;AACd,mBAAW,WAAW;AACtB,WAAG,QAAQ,UAAU;AACrB;AAAA,MACF;AAAA,IACF;AACA,OAAG,QAAQ,GAAG,OAAO,MAAM,EAAE,MAAM,UAAU,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,EACvE;AACF;AAEA,eAAsB,YAAY,IAAmB,UAA8B,CAAC,GAAG;AACrF,QAAM,YAAY,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AAC7D,QAAM,WAAW,kBAAkB,QAAQ,YAAY,IAAI,KAAK;AAChE,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,qBAAqB,KAAK,WAAW,QAAQ;AACnD,UAAM,IAAI,MAAM;AAAA,EAClB,CAAC;AACH;AAEA,eAAe,eACb,IACA,MACA,UACsB;AACtB,QAAM,mBAAmB,kBAAkB,YAAY,IAAI,KAAK;AAChE,MAAI,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,iBAAiB,CAAC;AACtE,MAAI,CAAC,QAAQ,qBAAqB,MAAM;AACtC,WAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD;AACA,SAAO;AACT;AAEA,eAAe,qBACb,IACA,MACA,UACe;AACf,QAAM,OAAO,MAAM,eAAe,IAAI,MAAM,QAAQ;AACpD,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,kBAAkB,IAAI,EAAE;AACnD,SAAO;AACT;AAYA,MAAM,oBAAoB;AAAA,EACxB,OAAO;AAAA,EACP,UAAU;AACZ;AAqBA,eAAsB,mBACpB,IACA,SACmC;AACnC,QAAM;AAAA,IACJ;AAAA,IACA,sBAAsB;AAAA,IACtB,mBAAmB;AAAA,IACnB;AAAA,IACA,wBAAwB;AAAA,EAC1B,IAAI;AACJ,QAAM,oBAAoB,oBAAoB,iBAAiB,SAAS,mBAAmB,CAAC,YAAY;AACxG,QAAM,eAAe,wBACjB,oBACA,kBAAkB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC5D,MAAI,aAAa,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACA,QAAM,mBAAmB,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AACpE,QAAM,oBAAoB,wBACtB,mBACA,iBAAiB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC3D,QAAM,YAAY,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,mBAAmB,GAAG,YAAY,CAAC,CAAC;AAE7E,QAAM,YAAY,YAAY;AAC9B,QAAM,eAAe,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,UAAU,CAAC;AAChE,MAAI,gBAAgB,kBAAkB;AACpC,UAAM,IAAI,MAAM,aAAa;AAAA,EAC/B;AAEA,MAAI;AACJ,MAAI;AACJ,MAAI,qBAAqB;AACzB,QAAM,gBAA0E,CAAC;AAEjF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,QAAI,CAAC,aAAc;AACnB,yBAAqB;AACrB,eAAW,aAAa,WAAW,OAAO,aAAa,QAAQ,IAAI;AACnE,qBAAiB,aAAa,iBAAiB,OAAO,aAAa,cAAc,IAAI;AACrF,UAAM,eAAe,kBAAkB,aAAa,YAAY,IAAI,KAAK;AAEzE,UAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,UAAM,IAAI,MAAM;AAEhB,UAAM,kBAAkB,oBAAI,IAAI,CAAC,GAAG,WAAW,GAAG,YAAY,CAAC;AAC/D,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,aAAa;AAAA,MACrB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,cAAc,gBAAgB,KAAK;AAAA,IACjD;AACA,UAAM,eAAe,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC;AAChE,eAAW,YAAY,iBAAiB;AACtC,UAAI,CAAC,aAAa,IAAI,QAAQ,GAAG;AAC/B,cAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,YAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,cAAc,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,MACvF;AAAA,IACF;AACA,UAAM,IAAI,MAAM;AAChB,UAAM,QAAQ,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,cAAc,GAAG,SAAS,CAAC,CAAC;AACjE,kBAAc,KAAK,EAAE,MAAM,cAAc,OAAO,SAAS,MAAM,CAAC;AAAA,EAClE,CAAC;AAED,MAAI,CAAC,cAAc;AACjB,UAAM,YAKD;AAAA,MACH,EAAE,OAAO,YAAY,OAAO,OAAO,cAAc,MAAM,mBAAmB,WAAW,EAAE;AAAA,IACzF;AACA,QAAI,qBAAqB;AACvB,YAAM,CAAC,EAAE,MAAM,IAAI,OAAO,YAAY,KAAK,EAAE,MAAM,GAAG;AACtD,YAAM,gBAAgB,aAAa,kBAAkB,KAAK;AAC1D,YAAM,mBAAmB,aAAa,kBAAkB,QAAQ;AAChE,YAAM,aAAa,kBAAkB,SAAS,SAAS,MAAM,KAAK;AAClE,YAAM,gBAAgB,qBAAqB,SAAS,YAAY,MAAM,KAAK;AAC3E,YAAM,gBAAgB,aAAa,wBAAwB,KAAK;AAChE,YAAM,mBAAmB,aAAa,2BAA2B,KAAK;AACtE,YAAM,oBAAoB,gBAAgB,MAAM,oBAAoB,EAAE,OAAO,YAAY,UAAU,cAAc,CAAC,IAAI;AACtH,YAAM,uBAAuB,mBACzB,MAAM,oBAAoB,EAAE,OAAO,eAAe,UAAU,iBAAiB,CAAC,IAC9E;AACJ,wBAAkB,WAAW,EAAE,OAAO,YAAY,OAAO,CAAC,OAAO,GAAG,cAAc,kBAAkB,CAAC;AACrG,wBAAkB,WAAW,EAAE,OAAO,eAAe,OAAO,CAAC,UAAU,GAAG,cAAc,qBAAqB,CAAC;AAAA,IAChH;AACA,UAAM,eAAe,MAAM,oBAAoB,WAAW;AAE1D,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAM,SAAS,IAAI,OAAO,QAAQ;AAAA,QAChC,MAAM,GAAG,QAAQ,OAAO;AAAA,QACxB,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,MAAM;AAClB,YAAM,IAAI,MAAM;AAEhB,YAAM,eAAe,IAAI,OAAO,cAAc;AAAA,QAC5C,MAAM,QAAQ;AAAA,QACd;AAAA,QACA,UAAU;AAAA,QACV,OAAO;AAAA,QACP,aAAa,CAAC;AAAA,QACd,UAAU,CAAC;AAAA,QACX,eAAe,CAAC;AAAA,QAChB,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,YAAY;AACxB,YAAM,IAAI,MAAM;AAEhB,iBAAW,OAAO,OAAO,EAAE;AAC3B,uBAAiB,OAAO,aAAa,EAAE;AACvC,YAAM,eAAe;AAErB,UAAI,8BAA8B,GAAG;AACnC,YAAI;AACF,gBAAM,MAAM,iBAAiB;AAC7B,cAAI,IAAI,UAAU,GAAG;AACnB,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,yDAAkD,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YAChG;AACA,kBAAM,IAAI,gBAAgB,OAAO,OAAO,EAAE,CAAC;AAC3C,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,iEAA0D,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACxG;AAAA,UACF,OAAO;AACL,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,kFAAwE,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACtH;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,yBAAyB,GAAG;AAC9B,oBAAQ,KAAK,gEAAsD,GAAG;AAAA,UACxE;AAAA,QACF;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,YAAM,IAAI,MAAM;AAEhB,UAAI,8BAA8B,GAAG;AACnC,mBAAW,QAAQ,yBAAyB;AAC1C,gBAAM,WAAW,MAAM,IAAI,QAAQ,eAAe,EAAE,UAAU,KAAK,UAAU,UAAU,OAAO,IAAI,gBAAgB,aAAa,IAAI,WAAW,KAAK,CAAC;AACpJ,cAAI,CAAC,UAAU;AACb,gBAAI,QAAQ,IAAI,OAAO,eAAe;AAAA,cACpC,UAAU,KAAK;AAAA,cACf,UAAU,OAAO;AAAA,cACjB,gBAAgB,aAAa;AAAA,cAC7B,YAAY,KAAK;AAAA,cACjB,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC,CAAC;AAAA,UACJ,OAAO;AACL,qBAAS,aAAa,KAAK;AAC3B,qBAAS,WAAW;AAAA,UACtB;AAAA,QACF;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAED,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAI,CAAC,YAAY,CAAC,eAAgB;AAClC,YAAM,eAAe;AACrB,YAAM,oBAAoB,8BAA8B,IACpD,IAAI,4BAA4B,KAAY,EAAE,KAAK,iBAAiB,EAAE,CAAC,IACvE;AACJ,UAAI,mBAAmB;AACrB,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,OAAO,cAAc,CAAC;AAC3F,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,IAAI;AAAA,MAC3E;AAEA,iBAAW,QAAQ,WAAW;AAC5B,cAAM,uBAAuB,KAAK,gBAAgB;AAClD,YAAI,OAAO,MAAM,IAAI,QAAQ,MAAM,EAAE,OAAO,KAAK,MAAM,CAAC;AACxD,cAAM,UAAU,YAAY,WAAW;AACvC,cAAM,mBAAmB,oBACrB,MAAM,kBAAkB,qBAAqB,aAAa,EAAE,OAAO,KAAK,MAAM,GAAG,UAAU,cAAc,IACzG,EAAE,OAAO,KAAK,OAAO,WAAW,iBAAiB,KAAK,KAAK,EAAE;AACjE,YAAI,MAAM;AACR,eAAK,eAAe;AACpB,eAAK,iBAAiB;AACtB,eAAK,WAAW;AAChB,cAAI,8BAA8B,GAAG;AACnC,iBAAK,QAAQ,iBAAiB;AAC9B,iBAAK,YAAa,iBAAyB,aAAa,iBAAiB,KAAK,KAAK;AAAA,UACrF;AACA,cAAI,KAAK,KAAM,MAAK,OAAO,KAAK;AAChC,cAAI,QAAS,MAAK,cAAc;AAChC,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,MAAM,CAAC;AAAA,QAChE,OAAO;AACL,iBAAO,IAAI,OAAO,MAAM;AAAA,YACtB,OAAQ,iBAAyB,SAAS,KAAK;AAAA,YAC/C,WAAW,8BAA8B,IAAK,iBAAyB,aAAa,iBAAiB,KAAK,KAAK,IAAI;AAAA,YACnH,cAAc;AAAA,YACd;AAAA,YACA;AAAA,YACA,MAAM,KAAK,QAAQ;AAAA,YACnB,aAAa;AAAA,YACb,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AACD,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,KAAK,CAAC;AAAA,QAC/D;AACA,cAAM,IAAI,MAAM;AAChB,mBAAW,YAAY,KAAK,OAAO;AACjC,gBAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,gBAAM,eAAe,MAAM,IAAI,QAAQ,UAAU,EAAE,MAAM,KAAK,CAAC;AAC/D,cAAI,CAAC,aAAc,KAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,QAC5F;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,UAAM,IAAI,MAAM,cAAc;AAAA,EAChC;AAEA,MAAI,CAAC,oBAAoB;AACvB,UAAM,0BAA0B,IAAI,QAAQ;AAAA,EAC9C;AAEA,QAAM,kBAAkB,QAAQ,WAAW,cAAc;AACzD,QAAM,sBAAsB,IAAI,UAAU,iBAAiB,EAAE,sBAAsB,CAAC;AACpF,QAAM,gDAAgD,EAAE;AAGxD,aAAW,OAAO,iBAAiB;AACjC,QAAI,IAAI,OAAO,iBAAiB;AAC9B,YAAM,IAAI,MAAM,gBAAgB,EAAE,IAAI,UAAU,eAAe,CAAC;AAAA,IAClE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,OAAwC;AAClE,MAAI,MAAM,eAAe,MAAM,YAAY,KAAK,EAAG,QAAO,MAAM,YAAY,KAAK;AACjF,QAAM,QAAQ,CAAC,MAAM,WAAW,MAAM,QAAQ,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC,EAAE,OAAO,OAAO;AAC5F,MAAI,MAAM,OAAQ,QAAO,MAAM,KAAK,GAAG;AACvC,SAAO;AACT;AAEA,SAAS,aAAa,KAAiC;AACrD,QAAM,QAAQ,QAAQ,IAAI,GAAG;AAC7B,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,QAAM,UAAU,MAAM,KAAK;AAC3B,SAAO,QAAQ,SAAS,IAAI,UAAU;AACxC;AAEA,SAAS,kBACP,WACA,OACA;AACA,MAAI,CAAC,MAAM,MAAO;AAClB,QAAM,aAAa,MAAM,MAAM,YAAY;AAC3C,MAAI,UAAU,KAAK,CAAC,SAAS,KAAK,MAAM,YAAY,MAAM,UAAU,EAAG;AACvE,YAAU,KAAK,KAAK;AACtB;AAEA,SAAS,oBAA6B;AACpC,QAAM,SAAS,kBAAkB,QAAQ,IAAI,aAAa,EAAE;AAC5D,SAAO,WAAW,QAAQ,QAAQ;AACpC;AAEA,SAAS,qCAA8C;AACrD,MAAI,QAAQ,IAAI,iBAAiB,OAAQ,QAAO;AAChD,MAAI,CAAC,aAAa,0BAA0B,EAAG,QAAO;AACtD,SAAO,kBAAkB;AAC3B;AAEA,eAAe,oBAAoB,OAAiD;AAClF,MAAI,OAAO,MAAM,mBAAmB,SAAU,QAAO,MAAM;AAC3D,MAAI,MAAM,SAAU,QAAO,KAAK,MAAM,UAAU,EAAE;AAClD,SAAO;AACT;AAEA,eAAe,sBACb,IACA,UACA,SACA,UAA+C,CAAC,GAChD;AACA,QAAM,wBAAwB,QAAQ,yBAAyB;AAC/D,QAAM,eAAe,kBAAkB,QAAQ,KAAK;AACpD,QAAM,iBAAiB,wBAAwB,MAAM,eAAe,IAAI,cAAc,YAAY,IAAI;AACtG,QAAM,YAAY,MAAM,eAAe,IAAI,SAAS,YAAY;AAChE,QAAM,eAAe,MAAM,eAAe,IAAI,YAAY,YAAY;AAGtE,QAAM,qBAA+B,CAAC;AACtC,QAAM,gBAA0B,CAAC;AACjC,QAAM,mBAA6B,CAAC;AAEpC,aAAW,OAAO,SAAS;AACzB,UAAM,eAAe,IAAI,OAAO;AAChC,QAAI,CAAC,aAAc;AACnB,QAAI,aAAa,WAAY,oBAAmB,KAAK,GAAG,aAAa,UAAU;AAC/E,QAAI,aAAa,MAAO,eAAc,KAAK,GAAG,aAAa,KAAK;AAChE,QAAI,aAAa,SAAU,kBAAiB,KAAK,GAAG,aAAa,QAAQ;AAAA,EAC3E;AAEA,MAAI,yBAAyB,gBAAgB;AAC3C,UAAM,iBAAiB,IAAI,gBAAgB,UAAU,oBAAoB,EAAE,cAAc,KAAK,CAAC;AAAA,EACjG;AACA,MAAI,WAAW;AACb,UAAM,iBAAiB,IAAI,WAAW,UAAU,aAAa;AAAA,EAC/D;AACA,MAAI,cAAc;AAChB,UAAM,iBAAiB,IAAI,cAAc,UAAU,gBAAgB;AAAA,EACrE;AACF;AAEA,eAAe,iBACb,IACA,MACA,UACA,UACA,UAAsC,CAAC,GACvC;AACA,QAAM,WAAW,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7D,MAAI,CAAC,UAAU;AACb,UAAM,MAAM,GAAG,OAAO,SAAS;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc,CAAC,CAAC,QAAQ;AAAA,MACxB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACD,UAAM,GAAG,gBAAgB,GAAG;AAC5B;AAAA,EACF;AACA,QAAM,kBAAkB,MAAM,QAAQ,SAAS,YAAY,IAAI,SAAS,eAAe,CAAC;AACxF,QAAM,SAAS,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,iBAAiB,GAAG,QAAQ,CAAC,CAAC;AACpE,QAAM,UACJ,OAAO,WAAW,gBAAgB,UAClC,OAAO,KAAK,CAAC,OAAO,UAAU,UAAU,gBAAgB,KAAK,CAAC;AAChE,MAAI,QAAS,UAAS,eAAe;AACrC,MAAI,QAAQ,gBAAgB,CAAC,SAAS,cAAc;AAClD,aAAS,eAAe;AAAA,EAC1B;AACA,MAAI,WAAW,QAAQ,cAAc;AACnC,UAAM,GAAG,gBAAgB,QAAQ;AAAA,EACnC;AACF;AAEA,eAAe,gDAAgD,IAAmB;AAChF,MAAI,QAAQ,IAAI,oCAAoC,OAAQ;AAC5D,MAAI,mCAAmC,EAAG;AAC1C,MAAI;AACF,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,sBAAsB,CAAC;AACpE,QAAI,CAAC,KAAM;AACX,QAAI,QAAQ;AACZ,QAAI,KAAK,cAAc;AACrB,WAAK,eAAe;AACpB,cAAQ;AAAA,IACV;AACA,QAAI,KAAK,gBAAgB,OAAO;AAC9B,WAAK,cAAc;AACnB,cAAQ;AAAA,IACV;AACA,QAAI,OAAO;AACT,YAAM,GAAG,gBAAgB,IAAI;AAAA,IAC/B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0DAA0D,KAAK;AAAA,EAC/E;AACF;AAGA,SAAS,gBAA0B;AACjC,MAAI;AACF,UAAM,EAAE,WAAW,IAAI,QAAQ,2CAA2C;AAC1E,WAAO,WAAW;AAAA,EACpB,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;",
   "names": []
 }

package/dist/modules/auth/notifications.js ADDED Viewed

@@ -0,0 +1,112 @@
+const notificationTypes = [
+  {
+    type: "auth.password_reset.requested",
+    module: "auth",
+    titleKey: "auth.notifications.passwordReset.requested.title",
+    bodyKey: "auth.notifications.passwordReset.requested.body",
+    icon: "key",
+    severity: "info",
+    actions: [
+      {
+        id: "view",
+        labelKey: "common.view",
+        variant: "outline",
+        href: "/backend/auth/profile",
+        icon: "external-link"
+      }
+    ],
+    linkHref: "/backend/auth/profile",
+    expiresAfterHours: 24
+  },
+  {
+    type: "auth.password_reset.completed",
+    module: "auth",
+    titleKey: "auth.notifications.passwordReset.completed.title",
+    bodyKey: "auth.notifications.passwordReset.completed.body",
+    icon: "check-circle",
+    severity: "success",
+    actions: [],
+    expiresAfterHours: 72
+  },
+  {
+    type: "auth.account.locked",
+    module: "auth",
+    titleKey: "auth.notifications.account.locked.title",
+    bodyKey: "auth.notifications.account.locked.body",
+    icon: "lock",
+    severity: "warning",
+    actions: [
+      {
+        id: "contact_support",
+        labelKey: "auth.actions.contactSupport",
+        variant: "default",
+        href: "/backend/support",
+        icon: "mail"
+      }
+    ],
+    linkHref: "/backend/support"
+  },
+  {
+    type: "auth.login.new_device",
+    module: "auth",
+    titleKey: "auth.notifications.login.newDevice.title",
+    bodyKey: "auth.notifications.login.newDevice.body",
+    icon: "smartphone",
+    severity: "info",
+    actions: [
+      {
+        id: "view_sessions",
+        labelKey: "auth.actions.viewSessions",
+        variant: "outline",
+        href: "/backend/auth/sessions",
+        icon: "list"
+      }
+    ],
+    linkHref: "/backend/auth/sessions",
+    expiresAfterHours: 168
+    // 7 days
+  },
+  {
+    type: "auth.role.assigned",
+    module: "auth",
+    titleKey: "auth.notifications.role.assigned.title",
+    bodyKey: "auth.notifications.role.assigned.body",
+    icon: "user-plus",
+    severity: "success",
+    actions: [
+      {
+        id: "view_permissions",
+        labelKey: "auth.actions.viewPermissions",
+        variant: "outline",
+        href: "/backend/auth/profile",
+        icon: "shield"
+      }
+    ],
+    linkHref: "/backend/auth/profile",
+    expiresAfterHours: 168
+  },
+  {
+    type: "auth.role.revoked",
+    module: "auth",
+    titleKey: "auth.notifications.role.revoked.title",
+    bodyKey: "auth.notifications.role.revoked.body",
+    icon: "user-minus",
+    severity: "warning",
+    actions: [
+      {
+        id: "view_profile",
+        labelKey: "common.view",
+        variant: "outline",
+        href: "/backend/auth/profile"
+      }
+    ],
+    linkHref: "/backend/auth/profile",
+    expiresAfterHours: 168
+  }
+];
+var notifications_default = notificationTypes;
+export {
+  notifications_default as default,
+  notificationTypes
+};
+//# sourceMappingURL=notifications.js.map

package/dist/modules/auth/notifications.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/auth/notifications.ts"],
+  "sourcesContent": ["import type { NotificationTypeDefinition } from '@open-mercato/shared/modules/notifications/types'\n\nexport const notificationTypes: NotificationTypeDefinition[] = [\n  {\n    type: 'auth.password_reset.requested',\n    module: 'auth',\n    titleKey: 'auth.notifications.passwordReset.requested.title',\n    bodyKey: 'auth.notifications.passwordReset.requested.body',\n    icon: 'key',\n    severity: 'info',\n    actions: [\n      {\n        id: 'view',\n        labelKey: 'common.view',\n        variant: 'outline',\n        href: '/backend/auth/profile',\n        icon: 'external-link',\n      },\n    ],\n    linkHref: '/backend/auth/profile',\n    expiresAfterHours: 24,\n  },\n  {\n    type: 'auth.password_reset.completed',\n    module: 'auth',\n    titleKey: 'auth.notifications.passwordReset.completed.title',\n    bodyKey: 'auth.notifications.passwordReset.completed.body',\n    icon: 'check-circle',\n    severity: 'success',\n    actions: [],\n    expiresAfterHours: 72,\n  },\n  {\n    type: 'auth.account.locked',\n    module: 'auth',\n    titleKey: 'auth.notifications.account.locked.title',\n    bodyKey: 'auth.notifications.account.locked.body',\n    icon: 'lock',\n    severity: 'warning',\n    actions: [\n      {\n        id: 'contact_support',\n        labelKey: 'auth.actions.contactSupport',\n        variant: 'default',\n        href: '/backend/support',\n        icon: 'mail',\n      },\n    ],\n    linkHref: '/backend/support',\n  },\n  {\n    type: 'auth.login.new_device',\n    module: 'auth',\n    titleKey: 'auth.notifications.login.newDevice.title',\n    bodyKey: 'auth.notifications.login.newDevice.body',\n    icon: 'smartphone',\n    severity: 'info',\n    actions: [\n      {\n        id: 'view_sessions',\n        labelKey: 'auth.actions.viewSessions',\n        variant: 'outline',\n        href: '/backend/auth/sessions',\n        icon: 'list',\n      },\n    ],\n    linkHref: '/backend/auth/sessions',\n    expiresAfterHours: 168, // 7 days\n  },\n  {\n    type: 'auth.role.assigned',\n    module: 'auth',\n    titleKey: 'auth.notifications.role.assigned.title',\n    bodyKey: 'auth.notifications.role.assigned.body',\n    icon: 'user-plus',\n    severity: 'success',\n    actions: [\n      {\n        id: 'view_permissions',\n        labelKey: 'auth.actions.viewPermissions',\n        variant: 'outline',\n        href: '/backend/auth/profile',\n        icon: 'shield',\n      },\n    ],\n    linkHref: '/backend/auth/profile',\n    expiresAfterHours: 168,\n  },\n  {\n    type: 'auth.role.revoked',\n    module: 'auth',\n    titleKey: 'auth.notifications.role.revoked.title',\n    bodyKey: 'auth.notifications.role.revoked.body',\n    icon: 'user-minus',\n    severity: 'warning',\n    actions: [\n      {\n        id: 'view_profile',\n        labelKey: 'common.view',\n        variant: 'outline',\n        href: '/backend/auth/profile',\n      },\n    ],\n    linkHref: '/backend/auth/profile',\n    expiresAfterHours: 168,\n  },\n]\n\nexport default notificationTypes\n"],
+  "mappings": "AAEO,MAAM,oBAAkD;AAAA,EAC7D;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS;AAAA,MACP;AAAA,QACE,IAAI;AAAA,QACJ,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,mBAAmB;AAAA,EACrB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS,CAAC;AAAA,IACV,mBAAmB;AAAA,EACrB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS;AAAA,MACP;AAAA,QACE,IAAI;AAAA,QACJ,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS;AAAA,MACP;AAAA,QACE,IAAI;AAAA,QACJ,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,mBAAmB;AAAA;AAAA,EACrB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS;AAAA,MACP;AAAA,QACE,IAAI;AAAA,QACJ,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAM;AAAA,QACN,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,mBAAmB;AAAA,EACrB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,SAAS;AAAA,MACP;AAAA,QACE,IAAI;AAAA,QACJ,UAAU;AAAA,QACV,SAAS;AAAA,QACT,MAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,UAAU;AAAA,IACV,mBAAmB;AAAA,EACrB;AACF;AAEA,IAAO,wBAAQ;",
+  "names": []
+}

package/dist/modules/auth/services/authService.js CHANGED Viewed

@@ -16,6 +16,27 @@ class AuthService {
       ]
     });
   }
+  async findUsersByEmail(email) {
+    const emailHash = computeEmailHash(email);
+    return this.em.find(User, {
+      deletedAt: null,
+      $or: [
+        { email },
+        { emailHash }
+      ]
+    });
+  }
+  async findUserByEmailAndTenant(email, tenantId) {
+    const emailHash = computeEmailHash(email);
+    return this.em.findOne(User, {
+      tenantId,
+      deletedAt: null,
+      $or: [
+        { email },
+        { emailHash }
+      ]
+    });
+  }
   async verifyPassword(user, password) {
     if (!user.passwordHash) return false;
     return compare(password, user.passwordHash);
@@ -67,13 +88,13 @@ class AuthService {
   async confirmPasswordReset(token, newPassword) {
     const now = /* @__PURE__ */ new Date();
     const row = await this.em.findOne(PasswordReset, { token });
-    if (!row || row.usedAt && row.usedAt <= now || row.expiresAt <= now) return false;
+    if (!row || row.usedAt && row.usedAt <= now || row.expiresAt <= now) return null;
     const user = await this.em.findOne(User, { id: row.user.id });
-    if (!user) return false;
+    if (!user) return null;
     user.passwordHash = await hash(newPassword, 10);
     row.usedAt = /* @__PURE__ */ new Date();
     await this.em.flush();
-    return true;
+    return user;
   }
 }
 export {

package/dist/modules/auth/services/authService.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/services/authService.ts"],
-  "sourcesContent": ["import { EntityManager } from '@mikro-orm/postgresql'\nimport { compare, hash } from 'bcryptjs'\nimport { User, Role, UserRole, Session, PasswordReset } from '@open-mercato/core/modules/auth/data/entities'\nimport crypto from 'node:crypto'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport class AuthService {\n  constructor(private em: EntityManager) {}\n\n  async findUserByEmail(email: string) {\n    const emailHash = computeEmailHash(email)\n    return this.em.findOne(User, {\n      $or: [\n        { email },\n        { emailHash },\n      ],\n    } as any)\n  }\n\n  async verifyPassword(user: User, password: string) {\n    if (!user.passwordHash) return false\n    return compare(password, user.passwordHash)\n  }\n\n  async updateLastLoginAt(user: User) {\n    const now = new Date()\n    // Use native update to avoid flushing unrelated entities that might be pending in this EM\n    await this.em.nativeUpdate(User, { id: user.id }, { lastLoginAt: now })\n    user.lastLoginAt = now\n  }\n\n  async getUserRoles(user: User, tenantId?: string | null): Promise<string[]> {\n    const resolvedTenantId = tenantId ?? user.tenantId ?? null\n    if (!resolvedTenantId) return []\n    const links = await findWithDecryption(\n      this.em,\n      UserRole,\n      { user, role: { tenantId: resolvedTenantId } as any },\n      { populate: ['role'] },\n      { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null },\n    )\n    return links.map((l) => l.role.name)\n  }\n\n\n  async createSession(user: User, expiresAt: Date): Promise<Session> {\n    const token = crypto.randomBytes(32).toString('hex')\n    const sess = this.em.create(Session as any, { user, token, expiresAt, createdAt: new Date() } as any)\n    await this.em.persistAndFlush(sess)\n    return sess as Session\n  }\n\n  async deleteSessionByToken(token: string) {\n    await this.em.nativeDelete(Session, { token })\n  }\n\n  async refreshFromSessionToken(token: string) {\n    const now = new Date()\n    const sess = await this.em.findOne(Session, { token })\n    if (!sess || sess.expiresAt <= now) return null\n    const user = await this.em.findOne(User, { id: sess.user.id })\n    if (!user) return null\n    const roles = await this.getUserRoles(user, user.tenantId ?? null)\n    return { user, roles }\n  }\n\n  async requestPasswordReset(email: string) {\n    const user = await this.findUserByEmail(email)\n    if (!user) return null\n    const token = crypto.randomBytes(32).toString('hex')\n    const expiresAt = new Date(Date.now() + 60 * 60 * 1000)\n    const row = this.em.create(PasswordReset as any, { user, token, expiresAt, createdAt: new Date() } as any)\n    await this.em.persistAndFlush(row)\n    return { user, token }\n  }\n\n  async confirmPasswordReset(token: string, newPassword: string) {\n    const now = new Date()\n    const row = await this.em.findOne(PasswordReset, { token })\n    if (!row || (row.usedAt && row.usedAt <= now) || row.expiresAt <= now) return false\n    const user = await this.em.findOne(User, { id: row.user.id })\n    if (!user) return false\n    user.passwordHash = await hash(newPassword, 10)\n    row.usedAt = new Date()\n    await this.em.flush()\n    return true\n  }\n}\n"],
-  "mappings": "AACA,SAAS,SAAS,YAAY;AAC9B,SAAS,MAAY,UAAU,SAAS,qBAAqB;AAC7D,OAAO,YAAY;AACnB,SAAS,wBAAwB;AACjC,SAAS,0BAA0B;AAE5B,MAAM,YAAY;AAAA,EACvB,YAAoB,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAExC,MAAM,gBAAgB,OAAe;AACnC,UAAM,YAAY,iBAAiB,KAAK;AACxC,WAAO,KAAK,GAAG,QAAQ,MAAM;AAAA,MAC3B,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,UAAU;AAAA,MACd;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,eAAe,MAAY,UAAkB;AACjD,QAAI,CAAC,KAAK,aAAc,QAAO;AAC/B,WAAO,QAAQ,UAAU,KAAK,YAAY;AAAA,EAC5C;AAAA,EAEA,MAAM,kBAAkB,MAAY;AAClC,UAAM,MAAM,oBAAI,KAAK;AAErB,UAAM,KAAK,GAAG,aAAa,MAAM,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,IAAI,CAAC;AACtE,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,MAAM,aAAa,MAAY,UAA6C;AAC1E,UAAM,mBAAmB,YAAY,KAAK,YAAY;AACtD,QAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,UAAM,QAAQ,MAAM;AAAA,MAClB,KAAK;AAAA,MACL;AAAA,MACA,EAAE,MAAM,MAAM,EAAE,UAAU,iBAAiB,EAAS;AAAA,MACpD,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,kBAAkB,gBAAgB,KAAK,kBAAkB,KAAK;AAAA,IAC5E;AACA,WAAO,MAAM,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI;AAAA,EACrC;AAAA,EAGA,MAAM,cAAc,MAAY,WAAmC;AACjE,UAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,UAAM,OAAO,KAAK,GAAG,OAAO,SAAgB,EAAE,MAAM,OAAO,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACpG,UAAM,KAAK,GAAG,gBAAgB,IAAI;AAClC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,MAAM,CAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,wBAAwB,OAAe;AAC3C,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,MAAM,CAAC;AACrD,QAAI,CAAC,QAAQ,KAAK,aAAa,IAAK,QAAO;AAC3C,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,IAAI,KAAK,KAAK,GAAG,CAAC;AAC7D,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,MAAM,KAAK,aAAa,MAAM,KAAK,YAAY,IAAI;AACjE,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAC7C,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,GAAI;AACtD,UAAM,MAAM,KAAK,GAAG,OAAO,eAAsB,EAAE,MAAM,OAAO,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACzG,UAAM,KAAK,GAAG,gBAAgB,GAAG;AACjC,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,qBAAqB,OAAe,aAAqB;AAC7D,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,MAAM,MAAM,KAAK,GAAG,QAAQ,eAAe,EAAE,MAAM,CAAC;AAC1D,QAAI,CAAC,OAAQ,IAAI,UAAU,IAAI,UAAU,OAAQ,IAAI,aAAa,IAAK,QAAO;AAC9E,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,IAAI,IAAI,KAAK,GAAG,CAAC;AAC5D,QAAI,CAAC,KAAM,QAAO;AAClB,SAAK,eAAe,MAAM,KAAK,aAAa,EAAE;AAC9C,QAAI,SAAS,oBAAI,KAAK;AACtB,UAAM,KAAK,GAAG,MAAM;AACpB,WAAO;AAAA,EACT;AACF;",
+  "sourcesContent": ["import { EntityManager } from '@mikro-orm/postgresql'\nimport { compare, hash } from 'bcryptjs'\nimport { User, Role, UserRole, Session, PasswordReset } from '@open-mercato/core/modules/auth/data/entities'\nimport crypto from 'node:crypto'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport class AuthService {\n  constructor(private em: EntityManager) {}\n\n  async findUserByEmail(email: string) {\n    const emailHash = computeEmailHash(email)\n    return this.em.findOne(User, {\n      $or: [\n        { email },\n        { emailHash },\n      ],\n    } as any)\n  }\n\n  async findUsersByEmail(email: string) {\n    const emailHash = computeEmailHash(email)\n    return this.em.find(User, {\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash },\n      ],\n    } as any)\n  }\n\n  async findUserByEmailAndTenant(email: string, tenantId: string) {\n    const emailHash = computeEmailHash(email)\n    return this.em.findOne(User, {\n      tenantId,\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash },\n      ],\n    } as any)\n  }\n\n  async verifyPassword(user: User, password: string) {\n    if (!user.passwordHash) return false\n    return compare(password, user.passwordHash)\n  }\n\n  async updateLastLoginAt(user: User) {\n    const now = new Date()\n    // Use native update to avoid flushing unrelated entities that might be pending in this EM\n    await this.em.nativeUpdate(User, { id: user.id }, { lastLoginAt: now })\n    user.lastLoginAt = now\n  }\n\n  async getUserRoles(user: User, tenantId?: string | null): Promise<string[]> {\n    const resolvedTenantId = tenantId ?? user.tenantId ?? null\n    if (!resolvedTenantId) return []\n    const links = await findWithDecryption(\n      this.em,\n      UserRole,\n      { user, role: { tenantId: resolvedTenantId } as any },\n      { populate: ['role'] },\n      { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null },\n    )\n    return links.map((l) => l.role.name)\n  }\n\n\n  async createSession(user: User, expiresAt: Date): Promise<Session> {\n    const token = crypto.randomBytes(32).toString('hex')\n    const sess = this.em.create(Session as any, { user, token, expiresAt, createdAt: new Date() } as any)\n    await this.em.persistAndFlush(sess)\n    return sess as Session\n  }\n\n  async deleteSessionByToken(token: string) {\n    await this.em.nativeDelete(Session, { token })\n  }\n\n  async refreshFromSessionToken(token: string) {\n    const now = new Date()\n    const sess = await this.em.findOne(Session, { token })\n    if (!sess || sess.expiresAt <= now) return null\n    const user = await this.em.findOne(User, { id: sess.user.id })\n    if (!user) return null\n    const roles = await this.getUserRoles(user, user.tenantId ?? null)\n    return { user, roles }\n  }\n\n  async requestPasswordReset(email: string) {\n    const user = await this.findUserByEmail(email)\n    if (!user) return null\n    const token = crypto.randomBytes(32).toString('hex')\n    const expiresAt = new Date(Date.now() + 60 * 60 * 1000)\n    const row = this.em.create(PasswordReset as any, { user, token, expiresAt, createdAt: new Date() } as any)\n    await this.em.persistAndFlush(row)\n    return { user, token }\n  }\n\n  async confirmPasswordReset(token: string, newPassword: string): Promise<User | null> {\n    const now = new Date()\n    const row = await this.em.findOne(PasswordReset, { token })\n    if (!row || (row.usedAt && row.usedAt <= now) || row.expiresAt <= now) return null\n    const user = await this.em.findOne(User, { id: row.user.id })\n    if (!user) return null\n    user.passwordHash = await hash(newPassword, 10)\n    row.usedAt = new Date()\n    await this.em.flush()\n    return user\n  }\n}\n"],
+  "mappings": "AACA,SAAS,SAAS,YAAY;AAC9B,SAAS,MAAY,UAAU,SAAS,qBAAqB;AAC7D,OAAO,YAAY;AACnB,SAAS,wBAAwB;AACjC,SAAS,0BAA0B;AAE5B,MAAM,YAAY;AAAA,EACvB,YAAoB,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAExC,MAAM,gBAAgB,OAAe;AACnC,UAAM,YAAY,iBAAiB,KAAK;AACxC,WAAO,KAAK,GAAG,QAAQ,MAAM;AAAA,MAC3B,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,UAAU;AAAA,MACd;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,iBAAiB,OAAe;AACpC,UAAM,YAAY,iBAAiB,KAAK;AACxC,WAAO,KAAK,GAAG,KAAK,MAAM;AAAA,MACxB,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,UAAU;AAAA,MACd;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,yBAAyB,OAAe,UAAkB;AAC9D,UAAM,YAAY,iBAAiB,KAAK;AACxC,WAAO,KAAK,GAAG,QAAQ,MAAM;AAAA,MAC3B;AAAA,MACA,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,UAAU;AAAA,MACd;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,eAAe,MAAY,UAAkB;AACjD,QAAI,CAAC,KAAK,aAAc,QAAO;AAC/B,WAAO,QAAQ,UAAU,KAAK,YAAY;AAAA,EAC5C;AAAA,EAEA,MAAM,kBAAkB,MAAY;AAClC,UAAM,MAAM,oBAAI,KAAK;AAErB,UAAM,KAAK,GAAG,aAAa,MAAM,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,IAAI,CAAC;AACtE,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,MAAM,aAAa,MAAY,UAA6C;AAC1E,UAAM,mBAAmB,YAAY,KAAK,YAAY;AACtD,QAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,UAAM,QAAQ,MAAM;AAAA,MAClB,KAAK;AAAA,MACL;AAAA,MACA,EAAE,MAAM,MAAM,EAAE,UAAU,iBAAiB,EAAS;AAAA,MACpD,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,kBAAkB,gBAAgB,KAAK,kBAAkB,KAAK;AAAA,IAC5E;AACA,WAAO,MAAM,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI;AAAA,EACrC;AAAA,EAGA,MAAM,cAAc,MAAY,WAAmC;AACjE,UAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,UAAM,OAAO,KAAK,GAAG,OAAO,SAAgB,EAAE,MAAM,OAAO,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACpG,UAAM,KAAK,GAAG,gBAAgB,IAAI;AAClC,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,MAAM,CAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,wBAAwB,OAAe;AAC3C,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,MAAM,CAAC;AACrD,QAAI,CAAC,QAAQ,KAAK,aAAa,IAAK,QAAO;AAC3C,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,IAAI,KAAK,KAAK,GAAG,CAAC;AAC7D,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,MAAM,KAAK,aAAa,MAAM,KAAK,YAAY,IAAI;AACjE,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAC7C,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,GAAI;AACtD,UAAM,MAAM,KAAK,GAAG,OAAO,eAAsB,EAAE,MAAM,OAAO,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACzG,UAAM,KAAK,GAAG,gBAAgB,GAAG;AACjC,WAAO,EAAE,MAAM,MAAM;AAAA,EACvB;AAAA,EAEA,MAAM,qBAAqB,OAAe,aAA2C;AACnF,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,MAAM,MAAM,KAAK,GAAG,QAAQ,eAAe,EAAE,MAAM,CAAC;AAC1D,QAAI,CAAC,OAAQ,IAAI,UAAU,IAAI,UAAU,OAAQ,IAAI,aAAa,IAAK,QAAO;AAC9E,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,IAAI,IAAI,KAAK,GAAG,CAAC;AAC5D,QAAI,CAAC,KAAM,QAAO;AAClB,SAAK,eAAe,MAAM,KAAK,aAAa,EAAE;AAC9C,QAAI,SAAS,oBAAI,KAAK;AACtB,UAAM,KAAK,GAAG,MAAM;AACpB,WAAO;AAAA,EACT;AACF;",
   "names": []
 }

package/dist/modules/auth/setup.js ADDED Viewed

@@ -0,0 +1,11 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["auth.*"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/auth/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/auth/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['auth.*'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,QAAQ;AAAA,EAClB;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/business_rules/api/execute/route.js CHANGED Viewed

@@ -37,6 +37,12 @@ async function POST(req) {
   }
   const container = await createRequestContainer();
   const em = container.resolve("em");
+  let eventBus = null;
+  try {
+    eventBus = container.resolve("eventBus");
+  } catch {
+    eventBus = null;
+  }
   let body;
   try {
     body = await req.json();
@@ -70,7 +76,7 @@ async function POST(req) {
     return NextResponse.json({ error: `Invalid execution context: ${errors.join(", ")}` }, { status: 400 });
   }
   try {
-    const result = await ruleEngine.executeRules(em, context);
+    const result = await ruleEngine.executeRules(em, context, { eventBus });
     const response = {
       allowed: result.allowed,
       executedRules: result.executedRules.map((r) => ({

package/dist/modules/business_rules/api/execute/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/business_rules/api/execute/route.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { ruleEngineContextSchema } from '../../data/validators'\nimport * as ruleEngine from '../../lib/rule-engine'\n\nconst executeRequestSchema = z.object({\n  entityType: z.string().min(1, 'entityType is required'),\n  entityId: z.string().optional(),\n  eventType: z.string().optional(),\n  data: z.any(),\n  dryRun: z.boolean().optional().default(false),\n})\n\nconst executeResponseSchema = z.object({\n  allowed: z.boolean(),\n  executedRules: z.array(z.object({\n    ruleId: z.string(),\n    ruleName: z.string(),\n    conditionResult: z.boolean(),\n    executionTime: z.number(),\n    error: z.string().optional(),\n  })),\n  totalExecutionTime: z.number(),\n  errors: z.array(z.string()).optional(),\n})\n\nconst errorResponseSchema = z.object({\n  error: z.string(),\n})\n\nconst routeMetadata = {\n  POST: { requireAuth: true, requireFeatures: ['business_rules.execute'] },\n}\n\nexport const metadata = routeMetadata\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as EntityManager\n\n  let body: any\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 })\n  }\n\n  const parsed = executeRequestSchema.safeParse(body)\n  if (!parsed.success) {\n    const errors = parsed.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return NextResponse.json({ error: `Validation failed: ${errors.join(', ')}` }, { status: 400 })\n  }\n\n  const { entityType, entityId, eventType, data, dryRun } = parsed.data\n\n  const context: ruleEngine.RuleEngineContext = {\n    entityType,\n    entityId,\n    eventType,\n    data,\n    user: {\n      id: auth.sub,\n      email: auth.email,\n      role: (auth.role as string) ?? undefined,\n    },\n    tenantId: auth.tenantId ?? '',\n    organizationId: auth.orgId ?? '',\n    executedBy: auth.sub ?? auth.email ?? null,\n    dryRun,\n  }\n\n  const validation = ruleEngineContextSchema.safeParse(context)\n  if (!validation.success) {\n    const errors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return NextResponse.json({ error: `Invalid execution context: ${errors.join(', ')}` }, { status: 400 })\n  }\n\n  try {\n    const result = await ruleEngine.executeRules(em, context)\n\n    const response = {\n      allowed: result.allowed,\n      executedRules: result.executedRules.map(r => ({\n        ruleId: r.rule.ruleId,\n        ruleName: r.rule.ruleName,\n        ruleType: r.rule.ruleType,\n        conditionResult: r.conditionResult,\n        actionsExecuted: r.actionsExecuted ? {\n          success: r.actionsExecuted.success,\n          results: r.actionsExecuted.results.map(ar => ({\n            type: ar.action.type,\n            success: ar.success,\n            error: ar.error,\n          })),\n        } : null,\n        executionTime: r.executionTime,\n        error: r.error,\n        logId: r.logId,\n      })),\n      totalExecutionTime: result.totalExecutionTime,\n      errors: result.errors,\n      logIds: result.logIds,\n    }\n\n    return NextResponse.json(response, { status: 200 })\n  } catch (error) {\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    return NextResponse.json(\n      { error: `Rule execution failed: ${errorMessage}` },\n      { status: 500 }\n    )\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Business Rules',\n  summary: 'Execute business rules',\n  methods: {\n    POST: {\n      summary: 'Execute rules for given context',\n      description: 'Manually executes applicable business rules for the specified entity type, event, and data. Supports dry-run mode to test rules without executing actions.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: executeRequestSchema,\n      },\n      responses: [\n        {\n          status: 200,\n          description: 'Rules executed successfully',\n          schema: executeResponseSchema,\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid request payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 500, description: 'Execution error', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,+BAA+B;AACxC,YAAY,gBAAgB;AAE5B,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK;AAC9C,CAAC;AAED,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,QAAQ;AAAA,EACnB,eAAe,EAAE,MAAM,EAAE,OAAO;AAAA,IAC9B,QAAQ,EAAE,OAAO;AAAA,IACjB,UAAU,EAAE,OAAO;AAAA,IACnB,iBAAiB,EAAE,QAAQ;AAAA,IAC3B,eAAe,EAAE,OAAO;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC,CAAC;AAAA,EACF,oBAAoB,EAAE,OAAO;AAAA,EAC7B,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACvC,CAAC;AAED,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,gBAAgB;AAAA,EACpB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AACzE;AAEO,MAAM,WAAW;AAExB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAEA,QAAM,SAAS,qBAAqB,UAAU,IAAI;AAClD,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,OAAO,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC/E,WAAO,aAAa,KAAK,EAAE,OAAO,sBAAsB,OAAO,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChG;AAEA,QAAM,EAAE,YAAY,UAAU,WAAW,MAAM,OAAO,IAAI,OAAO;AAEjE,QAAM,UAAwC;AAAA,IAC5C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,MAAO,KAAK,QAAmB;AAAA,IACjC;AAAA,IACA,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B,YAAY,KAAK,OAAO,KAAK,SAAS;AAAA,IACtC;AAAA,EACF;AAEA,QAAM,aAAa,wBAAwB,UAAU,OAAO;AAC5D,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,SAAS,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AACnF,WAAO,aAAa,KAAK,EAAE,OAAO,8BAA8B,OAAO,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,WAAW,aAAa,IAAI,OAAO;AAExD,UAAM,WAAW;AAAA,MACf,SAAS,OAAO;AAAA,MAChB,eAAe,OAAO,cAAc,IAAI,QAAM;AAAA,QAC5C,QAAQ,EAAE,KAAK;AAAA,QACf,UAAU,EAAE,KAAK;AAAA,QACjB,UAAU,EAAE,KAAK;AAAA,QACjB,iBAAiB,EAAE;AAAA,QACnB,iBAAiB,EAAE,kBAAkB;AAAA,UACnC,SAAS,EAAE,gBAAgB;AAAA,UAC3B,SAAS,EAAE,gBAAgB,QAAQ,IAAI,SAAO;AAAA,YAC5C,MAAM,GAAG,OAAO;AAAA,YAChB,SAAS,GAAG;AAAA,YACZ,OAAO,GAAG;AAAA,UACZ,EAAE;AAAA,QACJ,IAAI;AAAA,QACJ,eAAe,EAAE;AAAA,QACjB,OAAO,EAAE;AAAA,QACT,OAAO,EAAE;AAAA,MACX,EAAE;AAAA,MACF,oBAAoB,OAAO;AAAA,MAC3B,QAAQ,OAAO;AAAA,MACf,QAAQ,OAAO;AAAA,IACjB;AAEA,WAAO,aAAa,KAAK,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpD,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,0BAA0B,YAAY,GAAG;AAAA,MAClD,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,oBAAoB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { EventBus } from '@open-mercato/events'\nimport { ruleEngineContextSchema } from '../../data/validators'\nimport * as ruleEngine from '../../lib/rule-engine'\n\nconst executeRequestSchema = z.object({\n  entityType: z.string().min(1, 'entityType is required'),\n  entityId: z.string().optional(),\n  eventType: z.string().optional(),\n  data: z.any(),\n  dryRun: z.boolean().optional().default(false),\n})\n\nconst executeResponseSchema = z.object({\n  allowed: z.boolean(),\n  executedRules: z.array(z.object({\n    ruleId: z.string(),\n    ruleName: z.string(),\n    conditionResult: z.boolean(),\n    executionTime: z.number(),\n    error: z.string().optional(),\n  })),\n  totalExecutionTime: z.number(),\n  errors: z.array(z.string()).optional(),\n})\n\nconst errorResponseSchema = z.object({\n  error: z.string(),\n})\n\nconst routeMetadata = {\n  POST: { requireAuth: true, requireFeatures: ['business_rules.execute'] },\n}\n\nexport const metadata = routeMetadata\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as EntityManager\n  let eventBus: EventBus | null = null\n  try {\n    eventBus = container.resolve('eventBus') as EventBus\n  } catch {\n    eventBus = null\n  }\n\n  let body: any\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 })\n  }\n\n  const parsed = executeRequestSchema.safeParse(body)\n  if (!parsed.success) {\n    const errors = parsed.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return NextResponse.json({ error: `Validation failed: ${errors.join(', ')}` }, { status: 400 })\n  }\n\n  const { entityType, entityId, eventType, data, dryRun } = parsed.data\n\n  const context: ruleEngine.RuleEngineContext = {\n    entityType,\n    entityId,\n    eventType,\n    data,\n    user: {\n      id: auth.sub,\n      email: auth.email,\n      role: (auth.role as string) ?? undefined,\n    },\n    tenantId: auth.tenantId ?? '',\n    organizationId: auth.orgId ?? '',\n    executedBy: auth.sub ?? auth.email ?? null,\n    dryRun,\n  }\n\n  const validation = ruleEngineContextSchema.safeParse(context)\n  if (!validation.success) {\n    const errors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return NextResponse.json({ error: `Invalid execution context: ${errors.join(', ')}` }, { status: 400 })\n  }\n\n  try {\n    const result = await ruleEngine.executeRules(em, context, { eventBus })\n\n    const response = {\n      allowed: result.allowed,\n      executedRules: result.executedRules.map(r => ({\n        ruleId: r.rule.ruleId,\n        ruleName: r.rule.ruleName,\n        ruleType: r.rule.ruleType,\n        conditionResult: r.conditionResult,\n        actionsExecuted: r.actionsExecuted ? {\n          success: r.actionsExecuted.success,\n          results: r.actionsExecuted.results.map(ar => ({\n            type: ar.action.type,\n            success: ar.success,\n            error: ar.error,\n          })),\n        } : null,\n        executionTime: r.executionTime,\n        error: r.error,\n        logId: r.logId,\n      })),\n      totalExecutionTime: result.totalExecutionTime,\n      errors: result.errors,\n      logIds: result.logIds,\n    }\n\n    return NextResponse.json(response, { status: 200 })\n  } catch (error) {\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    return NextResponse.json(\n      { error: `Rule execution failed: ${errorMessage}` },\n      { status: 500 }\n    )\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Business Rules',\n  summary: 'Execute business rules',\n  methods: {\n    POST: {\n      summary: 'Execute rules for given context',\n      description: 'Manually executes applicable business rules for the specified entity type, event, and data. Supports dry-run mode to test rules without executing actions.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: executeRequestSchema,\n      },\n      responses: [\n        {\n          status: 200,\n          description: 'Rules executed successfully',\n          schema: executeResponseSchema,\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid request payload', schema: errorResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: errorResponseSchema },\n        { status: 500, description: 'Execution error', schema: errorResponseSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,+BAA+B;AACxC,YAAY,gBAAgB;AAE5B,MAAM,uBAAuB,EAAE,OAAO;AAAA,EACpC,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK;AAC9C,CAAC;AAED,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,QAAQ;AAAA,EACnB,eAAe,EAAE,MAAM,EAAE,OAAO;AAAA,IAC9B,QAAQ,EAAE,OAAO;AAAA,IACjB,UAAU,EAAE,OAAO;AAAA,IACnB,iBAAiB,EAAE,QAAQ;AAAA,IAC3B,eAAe,EAAE,OAAO;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC,CAAC;AAAA,EACF,oBAAoB,EAAE,OAAO;AAAA,EAC7B,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACvC,CAAC;AAED,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,gBAAgB;AAAA,EACpB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,wBAAwB,EAAE;AACzE;AAEO,MAAM,WAAW;AAExB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,MAAI,WAA4B;AAChC,MAAI;AACF,eAAW,UAAU,QAAQ,UAAU;AAAA,EACzC,QAAQ;AACN,eAAW;AAAA,EACb;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAEA,QAAM,SAAS,qBAAqB,UAAU,IAAI;AAClD,MAAI,CAAC,OAAO,SAAS;AACnB,UAAM,SAAS,OAAO,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC/E,WAAO,aAAa,KAAK,EAAE,OAAO,sBAAsB,OAAO,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChG;AAEA,QAAM,EAAE,YAAY,UAAU,WAAW,MAAM,OAAO,IAAI,OAAO;AAEjE,QAAM,UAAwC;AAAA,IAC5C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,MAAO,KAAK,QAAmB;AAAA,IACjC;AAAA,IACA,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B,YAAY,KAAK,OAAO,KAAK,SAAS;AAAA,IACtC;AAAA,EACF;AAEA,QAAM,aAAa,wBAAwB,UAAU,OAAO;AAC5D,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,SAAS,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AACnF,WAAO,aAAa,KAAK,EAAE,OAAO,8BAA8B,OAAO,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxG;AAEA,MAAI;AACF,UAAM,SAAS,MAAM,WAAW,aAAa,IAAI,SAAS,EAAE,SAAS,CAAC;AAEtE,UAAM,WAAW;AAAA,MACf,SAAS,OAAO;AAAA,MAChB,eAAe,OAAO,cAAc,IAAI,QAAM;AAAA,QAC5C,QAAQ,EAAE,KAAK;AAAA,QACf,UAAU,EAAE,KAAK;AAAA,QACjB,UAAU,EAAE,KAAK;AAAA,QACjB,iBAAiB,EAAE;AAAA,QACnB,iBAAiB,EAAE,kBAAkB;AAAA,UACnC,SAAS,EAAE,gBAAgB;AAAA,UAC3B,SAAS,EAAE,gBAAgB,QAAQ,IAAI,SAAO;AAAA,YAC5C,MAAM,GAAG,OAAO;AAAA,YAChB,SAAS,GAAG;AAAA,YACZ,OAAO,GAAG;AAAA,UACZ,EAAE;AAAA,QACJ,IAAI;AAAA,QACJ,eAAe,EAAE;AAAA,QACjB,OAAO,EAAE;AAAA,QACT,OAAO,EAAE;AAAA,MACX,EAAE;AAAA,MACF,oBAAoB,OAAO;AAAA,MAC3B,QAAQ,OAAO;AAAA,MACf,QAAQ,OAAO;AAAA,IACjB;AAEA,WAAO,aAAa,KAAK,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpD,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,0BAA0B,YAAY,GAAG;AAAA,MAClD,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,oBAAoB;AAAA,QACnF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,oBAAoB;AAAA,QACxE,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,oBAAoB;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/business_rules/backend/rules/page.js CHANGED Viewed

@@ -203,20 +203,24 @@ function RulesListPage() {
         {
           items: [
             {
+              id: "edit",
               label: t("common.edit"),
               href: `/backend/rules/${row.original.id}`
             },
             {
+              id: row.original.enabled ? "disable" : "enable",
               label: row.original.enabled ? t("common.disable") : t("common.enable"),
               onSelect: () => handleToggleEnabled(row.original.id, row.original.enabled)
             },
             {
+              id: "duplicate",
               label: t("common.duplicate"),
               onSelect: () => {
                 flash(t("business_rules.messages.duplicateNotYetImplemented"), "info");
               }
             },
             {
+              id: "delete",
               label: t("common.delete"),
               onSelect: () => handleDelete(row.original.id, row.original.ruleName),
               destructive: true

package/dist/modules/business_rules/backend/rules/page.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/business_rules/backend/rules/page.tsx"],
-  "sourcesContent": ["\"use client\"\n\nimport * as React from 'react'\nimport Link from 'next/link'\nimport { useRouter } from 'next/navigation'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { DataTable } from '@open-mercato/ui/backend/DataTable'\nimport type { ColumnDef } from '@tanstack/react-table'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { RowActions } from '@open-mercato/ui/backend/RowActions'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { useQuery, useQueryClient } from '@tanstack/react-query'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport type { FilterDef, FilterValues } from '@open-mercato/ui/backend/FilterBar'\n\ntype Rule = {\n  id: string\n  ruleId: string\n  ruleName: string\n  description: string | null\n  ruleType: 'GUARD' | 'VALIDATION' | 'CALCULATION' | 'ACTION' | 'ASSIGNMENT'\n  ruleCategory: string | null\n  entityType: string\n  eventType: string | null\n  enabled: boolean\n  priority: number\n  version: number\n  effectiveFrom: string | null\n  effectiveTo: string | null\n  tenantId: string\n  organizationId: string\n  createdAt: string\n  updatedAt: string\n}\n\ntype RulesResponse = {\n  items: Rule[]\n  total: number\n  totalPages: number\n}\n\nexport default function RulesListPage() {\n  const [page, setPage] = React.useState(1)\n  const [pageSize] = React.useState(20)\n  const [total, setTotal] = React.useState(0)\n  const [totalPages, setTotalPages] = React.useState(1)\n  const t = useT()\n  const router = useRouter()\n  const queryClient = useQueryClient()\n  const [filterValues, setFilterValues] = React.useState<FilterValues>({})\n\n  const { data, isLoading, error } = useQuery({\n    queryKey: ['business-rules', 'list', filterValues, page],\n    queryFn: async () => {\n      const params = new URLSearchParams()\n      params.set('page', page.toString())\n      params.set('pageSize', pageSize.toString())\n      params.set('sortField', 'priority')\n      params.set('sortDir', 'desc')\n\n      if (filterValues.enabled) params.set('enabled', filterValues.enabled as string)\n      if (filterValues.ruleType) params.set('ruleType', filterValues.ruleType as string)\n      if (filterValues.entityType) params.set('entityType', filterValues.entityType as string)\n      if (filterValues.eventType) params.set('eventType', filterValues.eventType as string)\n      if (filterValues.search) params.set('search', filterValues.search as string)\n\n      const result = await apiCall<RulesResponse>(\n        `/api/business_rules/rules?${params.toString()}`\n      )\n\n      if (!result.ok) {\n        throw new Error('Failed to fetch rules')\n      }\n\n      const response = result.result\n      if (response) {\n        setTotal(response.total || 0)\n        setTotalPages(response.totalPages || 1)\n      }\n\n      return response?.items || []\n    },\n  })\n\n  const handleDelete = async (id: string, ruleName: string) => {\n    if (!confirm(t('business_rules.confirm.delete', { name: ruleName }))) {\n      return\n    }\n\n    const result = await apiCall(`/api/business_rules/rules?id=${id}`, {\n      method: 'DELETE',\n    })\n\n    if (result.ok) {\n      flash(t('business_rules.messages.deleted'), 'success')\n      queryClient.invalidateQueries({ queryKey: ['business-rules'] })\n    } else {\n      flash(t('business_rules.messages.deleteFailed'), 'error')\n    }\n  }\n\n  const handleToggleEnabled = async (id: string, currentEnabled: boolean) => {\n    const result = await apiCall('/api/business_rules/rules', {\n      method: 'PUT',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({\n        id,\n        enabled: !currentEnabled,\n      }),\n    })\n\n    if (result.ok) {\n      flash(t('business_rules.messages.updated'), 'success')\n      queryClient.invalidateQueries({ queryKey: ['business-rules'] })\n    } else {\n      flash(t('business_rules.messages.updateFailed'), 'error')\n    }\n  }\n\n  const handleFiltersApply = React.useCallback((values: FilterValues) => {\n    const next: FilterValues = {}\n    Object.entries(values).forEach(([key, value]) => {\n      if (value !== undefined) next[key] = value\n    })\n    setFilterValues(next)\n    setPage(1)\n  }, [setFilterValues, setPage])\n\n  const handleFiltersClear = React.useCallback(() => {\n    setFilterValues({})\n    setPage(1)\n  }, [setFilterValues, setPage])\n\n  const filters: FilterDef[] = [\n    {\n      id: 'search',\n      type: 'text',\n      label: t('business_rules.filters.search'),\n      placeholder: t('business_rules.filters.searchPlaceholder'),\n    },\n    {\n      id: 'enabled',\n      type: 'select',\n      label: t('business_rules.filters.status'),\n      options: [\n        { label: t('common.all'), value: '' },\n        { label: t('common.enabled'), value: 'true' },\n        { label: t('common.disabled'), value: 'false' },\n      ],\n    },\n    {\n      id: 'ruleType',\n      type: 'select',\n      label: t('business_rules.filters.type'),\n      options: [\n        { label: t('common.all'), value: '' },\n        { label: t('business_rules.types.guard'), value: 'GUARD' },\n        { label: t('business_rules.types.validation'), value: 'VALIDATION' },\n        { label: t('business_rules.types.calculation'), value: 'CALCULATION' },\n        { label: t('business_rules.types.action'), value: 'ACTION' },\n        { label: t('business_rules.types.assignment'), value: 'ASSIGNMENT' },\n      ],\n    },\n    {\n      id: 'entityType',\n      type: 'text',\n      label: t('business_rules.filters.entityType'),\n      placeholder: t('business_rules.filters.entityTypePlaceholder'),\n    },\n    {\n      id: 'eventType',\n      type: 'text',\n      label: t('business_rules.filters.eventType'),\n      placeholder: t('business_rules.filters.eventTypePlaceholder'),\n    },\n  ]\n\n  const columns: ColumnDef<Rule>[] = [\n    {\n      id: 'ruleId',\n      header: t('business_rules.fields.ruleId'),\n      accessorKey: 'ruleId',\n      cell: ({ row }) => (\n        <span className=\"font-mono text-sm\">{row.original.ruleId}</span>\n      ),\n    },\n    {\n      id: 'ruleName',\n      header: t('business_rules.fields.ruleName'),\n      accessorKey: 'ruleName',\n      cell: ({ row }) => (\n        <div>\n          <div className=\"font-medium\">{row.original.ruleName}</div>\n          {row.original.description && (\n            <div className=\"text-xs text-muted-foreground line-clamp-1\">\n              {row.original.description}\n            </div>\n          )}\n        </div>\n      ),\n    },\n    {\n      id: 'ruleType',\n      header: t('business_rules.fields.ruleType'),\n      accessorKey: 'ruleType',\n      cell: ({ row }) => {\n        const typeColors = {\n          GUARD: 'bg-red-100 text-red-800',\n          VALIDATION: 'bg-yellow-100 text-yellow-800',\n          CALCULATION: 'bg-blue-100 text-blue-800',\n          ACTION: 'bg-green-100 text-green-800',\n          ASSIGNMENT: 'bg-purple-100 text-purple-800',\n        }\n        const color = typeColors[row.original.ruleType] || 'bg-muted text-foreground'\n        return (\n          <span className={`inline-flex items-center px-2 py-1 rounded text-xs font-medium ${color}`}>\n            {row.original.ruleType}\n          </span>\n        )\n      },\n    },\n    {\n      id: 'entityType',\n      header: t('business_rules.fields.entityType'),\n      accessorKey: 'entityType',\n    },\n    {\n      id: 'eventType',\n      header: t('business_rules.fields.eventType'),\n      accessorKey: 'eventType',\n      cell: ({ row }) => row.original.eventType || '-',\n    },\n    {\n      id: 'enabled',\n      header: t('business_rules.fields.enabled'),\n      accessorKey: 'enabled',\n      cell: ({ row }) => (\n        <button\n          onClick={() => handleToggleEnabled(row.original.id, row.original.enabled)}\n          className={`inline-flex items-center px-2 py-1 rounded text-xs font-medium cursor-pointer ${\n            row.original.enabled\n              ? 'bg-green-100 text-green-800 hover:bg-green-200 dark:bg-green-900 dark:text-green-300 dark:hover:bg-green-800'\n              : 'bg-muted text-muted-foreground hover:bg-muted/80'\n          }`}\n          title={t('business_rules.actions.toggleEnabled')}\n        >\n          {row.original.enabled ? t('common.yes') : t('common.no')}\n        </button>\n      ),\n    },\n    {\n      id: 'priority',\n      header: t('business_rules.fields.priority'),\n      accessorKey: 'priority',\n      cell: ({ row }) => (\n        <span className=\"font-mono text-sm\">{row.original.priority}</span>\n      ),\n    },\n    {\n      id: 'actions',\n      header: '',\n      cell: ({ row }) => (\n        <RowActions\n          items={[\n            {\n              label: t('common.edit'),\n              href: `/backend/rules/${row.original.id}`,\n            },\n            {\n              label: row.original.enabled ? t('common.disable') : t('common.enable'),\n              onSelect: () => handleToggleEnabled(row.original.id, row.original.enabled),\n            },\n            {\n              label: t('common.duplicate'),\n              onSelect: () => {\n                // TODO: Implement duplicate functionality in Step 5.2\n                flash(t('business_rules.messages.duplicateNotYetImplemented'), 'info')\n              },\n            },\n            {\n              label: t('common.delete'),\n              onSelect: () => handleDelete(row.original.id, row.original.ruleName),\n              destructive: true,\n            },\n          ]}\n        />\n      ),\n    },\n  ]\n\n  if (error) {\n    return (\n      <Page>\n        <PageBody>\n          <div className=\"p-8 text-center\">\n            <p className=\"text-red-600\">{t('business_rules.messages.loadFailed')}</p>\n            <Button onClick={() => queryClient.invalidateQueries({ queryKey: ['business-rules'] })} className=\"mt-4\">\n              {t('common.retry')}\n            </Button>\n          </div>\n        </PageBody>\n      </Page>\n    )\n  }\n\n  return (\n    <Page>\n      <PageBody>\n        <DataTable\n          title={t('business_rules.list.title')}\n          actions={(\n            <Button asChild>\n              <Link href=\"/backend/rules/create\">\n                {t('business_rules.actions.create')}\n              </Link>\n            </Button>\n          )}\n          columns={columns}\n          data={data || []}\n          filters={filters}\n          filterValues={filterValues}\n          onFiltersApply={handleFiltersApply}\n          onFiltersClear={handleFiltersClear}\n          perspective={{\n            tableId: 'business-rules.rules.list',\n          }}\n          pagination={{ page, pageSize, total, totalPages, onPageChange: setPage }}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
-  "mappings": ";AAwLQ,cAQA,YARA;AAtLR,YAAY,WAAW;AACvB,OAAO,UAAU;AACjB,SAAS,iBAAiB;AAC1B,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAE1B,SAAS,cAAc;AACvB,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AACxB,SAAS,aAAa;AACtB,SAAS,UAAU,sBAAsB;AACzC,SAAS,YAAY;AA6BN,SAAR,gBAAiC;AACtC,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAS,CAAC;AACxC,QAAM,CAAC,QAAQ,IAAI,MAAM,SAAS,EAAE;AACpC,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,CAAC;AAC1C,QAAM,CAAC,YAAY,aAAa,IAAI,MAAM,SAAS,CAAC;AACpD,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,cAAc,eAAe;AACnC,QAAM,CAAC,cAAc,eAAe,IAAI,MAAM,SAAuB,CAAC,CAAC;AAEvE,QAAM,EAAE,MAAM,WAAW,MAAM,IAAI,SAAS;AAAA,IAC1C,UAAU,CAAC,kBAAkB,QAAQ,cAAc,IAAI;AAAA,IACvD,SAAS,YAAY;AACnB,YAAM,SAAS,IAAI,gBAAgB;AACnC,aAAO,IAAI,QAAQ,KAAK,SAAS,CAAC;AAClC,aAAO,IAAI,YAAY,SAAS,SAAS,CAAC;AAC1C,aAAO,IAAI,aAAa,UAAU;AAClC,aAAO,IAAI,WAAW,MAAM;AAE5B,UAAI,aAAa,QAAS,QAAO,IAAI,WAAW,aAAa,OAAiB;AAC9E,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAkB;AACjF,UAAI,aAAa,WAAY,QAAO,IAAI,cAAc,aAAa,UAAoB;AACvF,UAAI,aAAa,UAAW,QAAO,IAAI,aAAa,aAAa,SAAmB;AACpF,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,aAAa,MAAgB;AAE3E,YAAM,SAAS,MAAM;AAAA,QACnB,6BAA6B,OAAO,SAAS,CAAC;AAAA,MAChD;AAEA,UAAI,CAAC,OAAO,IAAI;AACd,cAAM,IAAI,MAAM,uBAAuB;AAAA,MACzC;AAEA,YAAM,WAAW,OAAO;AACxB,UAAI,UAAU;AACZ,iBAAS,SAAS,SAAS,CAAC;AAC5B,sBAAc,SAAS,cAAc,CAAC;AAAA,MACxC;AAEA,aAAO,UAAU,SAAS,CAAC;AAAA,IAC7B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,OAAO,IAAY,aAAqB;AAC3D,QAAI,CAAC,QAAQ,EAAE,iCAAiC,EAAE,MAAM,SAAS,CAAC,CAAC,GAAG;AACpE;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,QAAQ,gCAAgC,EAAE,IAAI;AAAA,MACjE,QAAQ;AAAA,IACV,CAAC;AAED,QAAI,OAAO,IAAI;AACb,YAAM,EAAE,iCAAiC,GAAG,SAAS;AACrD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC;AAAA,IAChE,OAAO;AACL,YAAM,EAAE,sCAAsC,GAAG,OAAO;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,sBAAsB,OAAO,IAAY,mBAA4B;AACzE,UAAM,SAAS,MAAM,QAAQ,6BAA6B;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB;AAAA,QACA,SAAS,CAAC;AAAA,MACZ,CAAC;AAAA,IACH,CAAC;AAED,QAAI,OAAO,IAAI;AACb,YAAM,EAAE,iCAAiC,GAAG,SAAS;AACrD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC;AAAA,IAChE,OAAO;AACL,YAAM,EAAE,sCAAsC,GAAG,OAAO;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,qBAAqB,MAAM,YAAY,CAAC,WAAyB;AACrE,UAAM,OAAqB,CAAC;AAC5B,WAAO,QAAQ,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC/C,UAAI,UAAU,OAAW,MAAK,GAAG,IAAI;AAAA,IACvC,CAAC;AACD,oBAAgB,IAAI;AACpB,YAAQ,CAAC;AAAA,EACX,GAAG,CAAC,iBAAiB,OAAO,CAAC;AAE7B,QAAM,qBAAqB,MAAM,YAAY,MAAM;AACjD,oBAAgB,CAAC,CAAC;AAClB,YAAQ,CAAC;AAAA,EACX,GAAG,CAAC,iBAAiB,OAAO,CAAC;AAE7B,QAAM,UAAuB;AAAA,IAC3B;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,+BAA+B;AAAA,MACxC,aAAa,EAAE,0CAA0C;AAAA,IAC3D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,+BAA+B;AAAA,MACxC,SAAS;AAAA,QACP,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG;AAAA,QACpC,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,OAAO;AAAA,QAC5C,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,QAAQ;AAAA,MAChD;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,6BAA6B;AAAA,MACtC,SAAS;AAAA,QACP,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG;AAAA,QACpC,EAAE,OAAO,EAAE,4BAA4B,GAAG,OAAO,QAAQ;AAAA,QACzD,EAAE,OAAO,EAAE,iCAAiC,GAAG,OAAO,aAAa;AAAA,QACnE,EAAE,OAAO,EAAE,kCAAkC,GAAG,OAAO,cAAc;AAAA,QACrE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,SAAS;AAAA,QAC3D,EAAE,OAAO,EAAE,iCAAiC,GAAG,OAAO,aAAa;AAAA,MACrE;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,mCAAmC;AAAA,MAC5C,aAAa,EAAE,8CAA8C;AAAA,IAC/D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,kCAAkC;AAAA,MAC3C,aAAa,EAAE,6CAA6C;AAAA,IAC9D;AAAA,EACF;AAEA,QAAM,UAA6B;AAAA,IACjC;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,8BAA8B;AAAA,MACxC,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,oBAAC,UAAK,WAAU,qBAAqB,cAAI,SAAS,QAAO;AAAA,IAE7D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,qBAAC,SACC;AAAA,4BAAC,SAAI,WAAU,eAAe,cAAI,SAAS,UAAS;AAAA,QACnD,IAAI,SAAS,eACZ,oBAAC,SAAI,WAAU,8CACZ,cAAI,SAAS,aAChB;AAAA,SAEJ;AAAA,IAEJ;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MAAM;AACjB,cAAM,aAAa;AAAA,UACjB,OAAO;AAAA,UACP,YAAY;AAAA,UACZ,aAAa;AAAA,UACb,QAAQ;AAAA,UACR,YAAY;AAAA,QACd;AACA,cAAM,QAAQ,WAAW,IAAI,SAAS,QAAQ,KAAK;AACnD,eACE,oBAAC,UAAK,WAAW,kEAAkE,KAAK,IACrF,cAAI,SAAS,UAChB;AAAA,MAEJ;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,kCAAkC;AAAA,MAC5C,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,iCAAiC;AAAA,MAC3C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MAAM,IAAI,SAAS,aAAa;AAAA,IAC/C;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,+BAA+B;AAAA,MACzC,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX;AAAA,QAAC;AAAA;AAAA,UACC,SAAS,MAAM,oBAAoB,IAAI,SAAS,IAAI,IAAI,SAAS,OAAO;AAAA,UACxE,WAAW,iFACT,IAAI,SAAS,UACT,iHACA,kDACN;AAAA,UACA,OAAO,EAAE,sCAAsC;AAAA,UAE9C,cAAI,SAAS,UAAU,EAAE,YAAY,IAAI,EAAE,WAAW;AAAA;AAAA,MACzD;AAAA,IAEJ;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,oBAAC,UAAK,WAAU,qBAAqB,cAAI,SAAS,UAAS;AAAA,IAE/D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,MAAM,CAAC,EAAE,IAAI,MACX;AAAA,QAAC;AAAA;AAAA,UACC,OAAO;AAAA,YACL;AAAA,cACE,OAAO,EAAE,aAAa;AAAA,cACtB,MAAM,kBAAkB,IAAI,SAAS,EAAE;AAAA,YACzC;AAAA,YACA;AAAA,cACE,OAAO,IAAI,SAAS,UAAU,EAAE,gBAAgB,IAAI,EAAE,eAAe;AAAA,cACrE,UAAU,MAAM,oBAAoB,IAAI,SAAS,IAAI,IAAI,SAAS,OAAO;AAAA,YAC3E;AAAA,YACA;AAAA,cACE,OAAO,EAAE,kBAAkB;AAAA,cAC3B,UAAU,MAAM;AAEd,sBAAM,EAAE,oDAAoD,GAAG,MAAM;AAAA,cACvE;AAAA,YACF;AAAA,YACA;AAAA,cACE,OAAO,EAAE,eAAe;AAAA,cACxB,UAAU,MAAM,aAAa,IAAI,SAAS,IAAI,IAAI,SAAS,QAAQ;AAAA,cACnE,aAAa;AAAA,YACf;AAAA,UACF;AAAA;AAAA,MACF;AAAA,IAEJ;AAAA,EACF;AAEA,MAAI,OAAO;AACT,WACE,oBAAC,QACC,8BAAC,YACC,+BAAC,SAAI,WAAU,mBACb;AAAA,0BAAC,OAAE,WAAU,gBAAgB,YAAE,oCAAoC,GAAE;AAAA,MACrE,oBAAC,UAAO,SAAS,MAAM,YAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC,GAAG,WAAU,QAC/F,YAAE,cAAc,GACnB;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,2BAA2B;AAAA,MACpC,SACE,oBAAC,UAAO,SAAO,MACb,8BAAC,QAAK,MAAK,yBACR,YAAE,+BAA+B,GACpC,GACF;AAAA,MAEF;AAAA,MACA,MAAM,QAAQ,CAAC;AAAA,MACf;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,aAAa;AAAA,QACX,SAAS;AAAA,MACX;AAAA,MACA,YAAY,EAAE,MAAM,UAAU,OAAO,YAAY,cAAc,QAAQ;AAAA;AAAA,EACzE,GACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\n\nimport * as React from 'react'\nimport Link from 'next/link'\nimport { useRouter } from 'next/navigation'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { DataTable } from '@open-mercato/ui/backend/DataTable'\nimport type { ColumnDef } from '@tanstack/react-table'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { RowActions } from '@open-mercato/ui/backend/RowActions'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { useQuery, useQueryClient } from '@tanstack/react-query'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport type { FilterDef, FilterValues } from '@open-mercato/ui/backend/FilterBar'\n\ntype Rule = {\n  id: string\n  ruleId: string\n  ruleName: string\n  description: string | null\n  ruleType: 'GUARD' | 'VALIDATION' | 'CALCULATION' | 'ACTION' | 'ASSIGNMENT'\n  ruleCategory: string | null\n  entityType: string\n  eventType: string | null\n  enabled: boolean\n  priority: number\n  version: number\n  effectiveFrom: string | null\n  effectiveTo: string | null\n  tenantId: string\n  organizationId: string\n  createdAt: string\n  updatedAt: string\n}\n\ntype RulesResponse = {\n  items: Rule[]\n  total: number\n  totalPages: number\n}\n\nexport default function RulesListPage() {\n  const [page, setPage] = React.useState(1)\n  const [pageSize] = React.useState(20)\n  const [total, setTotal] = React.useState(0)\n  const [totalPages, setTotalPages] = React.useState(1)\n  const t = useT()\n  const router = useRouter()\n  const queryClient = useQueryClient()\n  const [filterValues, setFilterValues] = React.useState<FilterValues>({})\n\n  const { data, isLoading, error } = useQuery({\n    queryKey: ['business-rules', 'list', filterValues, page],\n    queryFn: async () => {\n      const params = new URLSearchParams()\n      params.set('page', page.toString())\n      params.set('pageSize', pageSize.toString())\n      params.set('sortField', 'priority')\n      params.set('sortDir', 'desc')\n\n      if (filterValues.enabled) params.set('enabled', filterValues.enabled as string)\n      if (filterValues.ruleType) params.set('ruleType', filterValues.ruleType as string)\n      if (filterValues.entityType) params.set('entityType', filterValues.entityType as string)\n      if (filterValues.eventType) params.set('eventType', filterValues.eventType as string)\n      if (filterValues.search) params.set('search', filterValues.search as string)\n\n      const result = await apiCall<RulesResponse>(\n        `/api/business_rules/rules?${params.toString()}`\n      )\n\n      if (!result.ok) {\n        throw new Error('Failed to fetch rules')\n      }\n\n      const response = result.result\n      if (response) {\n        setTotal(response.total || 0)\n        setTotalPages(response.totalPages || 1)\n      }\n\n      return response?.items || []\n    },\n  })\n\n  const handleDelete = async (id: string, ruleName: string) => {\n    if (!confirm(t('business_rules.confirm.delete', { name: ruleName }))) {\n      return\n    }\n\n    const result = await apiCall(`/api/business_rules/rules?id=${id}`, {\n      method: 'DELETE',\n    })\n\n    if (result.ok) {\n      flash(t('business_rules.messages.deleted'), 'success')\n      queryClient.invalidateQueries({ queryKey: ['business-rules'] })\n    } else {\n      flash(t('business_rules.messages.deleteFailed'), 'error')\n    }\n  }\n\n  const handleToggleEnabled = async (id: string, currentEnabled: boolean) => {\n    const result = await apiCall('/api/business_rules/rules', {\n      method: 'PUT',\n      headers: { 'Content-Type': 'application/json' },\n      body: JSON.stringify({\n        id,\n        enabled: !currentEnabled,\n      }),\n    })\n\n    if (result.ok) {\n      flash(t('business_rules.messages.updated'), 'success')\n      queryClient.invalidateQueries({ queryKey: ['business-rules'] })\n    } else {\n      flash(t('business_rules.messages.updateFailed'), 'error')\n    }\n  }\n\n  const handleFiltersApply = React.useCallback((values: FilterValues) => {\n    const next: FilterValues = {}\n    Object.entries(values).forEach(([key, value]) => {\n      if (value !== undefined) next[key] = value\n    })\n    setFilterValues(next)\n    setPage(1)\n  }, [setFilterValues, setPage])\n\n  const handleFiltersClear = React.useCallback(() => {\n    setFilterValues({})\n    setPage(1)\n  }, [setFilterValues, setPage])\n\n  const filters: FilterDef[] = [\n    {\n      id: 'search',\n      type: 'text',\n      label: t('business_rules.filters.search'),\n      placeholder: t('business_rules.filters.searchPlaceholder'),\n    },\n    {\n      id: 'enabled',\n      type: 'select',\n      label: t('business_rules.filters.status'),\n      options: [\n        { label: t('common.all'), value: '' },\n        { label: t('common.enabled'), value: 'true' },\n        { label: t('common.disabled'), value: 'false' },\n      ],\n    },\n    {\n      id: 'ruleType',\n      type: 'select',\n      label: t('business_rules.filters.type'),\n      options: [\n        { label: t('common.all'), value: '' },\n        { label: t('business_rules.types.guard'), value: 'GUARD' },\n        { label: t('business_rules.types.validation'), value: 'VALIDATION' },\n        { label: t('business_rules.types.calculation'), value: 'CALCULATION' },\n        { label: t('business_rules.types.action'), value: 'ACTION' },\n        { label: t('business_rules.types.assignment'), value: 'ASSIGNMENT' },\n      ],\n    },\n    {\n      id: 'entityType',\n      type: 'text',\n      label: t('business_rules.filters.entityType'),\n      placeholder: t('business_rules.filters.entityTypePlaceholder'),\n    },\n    {\n      id: 'eventType',\n      type: 'text',\n      label: t('business_rules.filters.eventType'),\n      placeholder: t('business_rules.filters.eventTypePlaceholder'),\n    },\n  ]\n\n  const columns: ColumnDef<Rule>[] = [\n    {\n      id: 'ruleId',\n      header: t('business_rules.fields.ruleId'),\n      accessorKey: 'ruleId',\n      cell: ({ row }) => (\n        <span className=\"font-mono text-sm\">{row.original.ruleId}</span>\n      ),\n    },\n    {\n      id: 'ruleName',\n      header: t('business_rules.fields.ruleName'),\n      accessorKey: 'ruleName',\n      cell: ({ row }) => (\n        <div>\n          <div className=\"font-medium\">{row.original.ruleName}</div>\n          {row.original.description && (\n            <div className=\"text-xs text-muted-foreground line-clamp-1\">\n              {row.original.description}\n            </div>\n          )}\n        </div>\n      ),\n    },\n    {\n      id: 'ruleType',\n      header: t('business_rules.fields.ruleType'),\n      accessorKey: 'ruleType',\n      cell: ({ row }) => {\n        const typeColors = {\n          GUARD: 'bg-red-100 text-red-800',\n          VALIDATION: 'bg-yellow-100 text-yellow-800',\n          CALCULATION: 'bg-blue-100 text-blue-800',\n          ACTION: 'bg-green-100 text-green-800',\n          ASSIGNMENT: 'bg-purple-100 text-purple-800',\n        }\n        const color = typeColors[row.original.ruleType] || 'bg-muted text-foreground'\n        return (\n          <span className={`inline-flex items-center px-2 py-1 rounded text-xs font-medium ${color}`}>\n            {row.original.ruleType}\n          </span>\n        )\n      },\n    },\n    {\n      id: 'entityType',\n      header: t('business_rules.fields.entityType'),\n      accessorKey: 'entityType',\n    },\n    {\n      id: 'eventType',\n      header: t('business_rules.fields.eventType'),\n      accessorKey: 'eventType',\n      cell: ({ row }) => row.original.eventType || '-',\n    },\n    {\n      id: 'enabled',\n      header: t('business_rules.fields.enabled'),\n      accessorKey: 'enabled',\n      cell: ({ row }) => (\n        <button\n          onClick={() => handleToggleEnabled(row.original.id, row.original.enabled)}\n          className={`inline-flex items-center px-2 py-1 rounded text-xs font-medium cursor-pointer ${\n            row.original.enabled\n              ? 'bg-green-100 text-green-800 hover:bg-green-200 dark:bg-green-900 dark:text-green-300 dark:hover:bg-green-800'\n              : 'bg-muted text-muted-foreground hover:bg-muted/80'\n          }`}\n          title={t('business_rules.actions.toggleEnabled')}\n        >\n          {row.original.enabled ? t('common.yes') : t('common.no')}\n        </button>\n      ),\n    },\n    {\n      id: 'priority',\n      header: t('business_rules.fields.priority'),\n      accessorKey: 'priority',\n      cell: ({ row }) => (\n        <span className=\"font-mono text-sm\">{row.original.priority}</span>\n      ),\n    },\n    {\n      id: 'actions',\n      header: '',\n      cell: ({ row }) => (\n        <RowActions\n          items={[\n            {\n              id: 'edit',\n              label: t('common.edit'),\n              href: `/backend/rules/${row.original.id}`,\n            },\n            {\n              id: row.original.enabled ? 'disable' : 'enable',\n              label: row.original.enabled ? t('common.disable') : t('common.enable'),\n              onSelect: () => handleToggleEnabled(row.original.id, row.original.enabled),\n            },\n            {\n              id: 'duplicate',\n              label: t('common.duplicate'),\n              onSelect: () => {\n                // TODO: Implement duplicate functionality in Step 5.2\n                flash(t('business_rules.messages.duplicateNotYetImplemented'), 'info')\n              },\n            },\n            {\n              id: 'delete',\n              label: t('common.delete'),\n              onSelect: () => handleDelete(row.original.id, row.original.ruleName),\n              destructive: true,\n            },\n          ]}\n        />\n      ),\n    },\n  ]\n\n  if (error) {\n    return (\n      <Page>\n        <PageBody>\n          <div className=\"p-8 text-center\">\n            <p className=\"text-red-600\">{t('business_rules.messages.loadFailed')}</p>\n            <Button onClick={() => queryClient.invalidateQueries({ queryKey: ['business-rules'] })} className=\"mt-4\">\n              {t('common.retry')}\n            </Button>\n          </div>\n        </PageBody>\n      </Page>\n    )\n  }\n\n  return (\n    <Page>\n      <PageBody>\n        <DataTable\n          title={t('business_rules.list.title')}\n          actions={(\n            <Button asChild>\n              <Link href=\"/backend/rules/create\">\n                {t('business_rules.actions.create')}\n              </Link>\n            </Button>\n          )}\n          columns={columns}\n          data={data || []}\n          filters={filters}\n          filterValues={filterValues}\n          onFiltersApply={handleFiltersApply}\n          onFiltersClear={handleFiltersClear}\n          perspective={{\n            tableId: 'business-rules.rules.list',\n          }}\n          pagination={{ page, pageSize, total, totalPages, onPageChange: setPage }}\n        />\n      </PageBody>\n    </Page>\n  )\n}\n"],
+  "mappings": ";AAwLQ,cAQA,YARA;AAtLR,YAAY,WAAW;AACvB,OAAO,UAAU;AACjB,SAAS,iBAAiB;AAC1B,SAAS,MAAM,gBAAgB;AAC/B,SAAS,iBAAiB;AAE1B,SAAS,cAAc;AACvB,SAAS,kBAAkB;AAC3B,SAAS,eAAe;AACxB,SAAS,aAAa;AACtB,SAAS,UAAU,sBAAsB;AACzC,SAAS,YAAY;AA6BN,SAAR,gBAAiC;AACtC,QAAM,CAAC,MAAM,OAAO,IAAI,MAAM,SAAS,CAAC;AACxC,QAAM,CAAC,QAAQ,IAAI,MAAM,SAAS,EAAE;AACpC,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,CAAC;AAC1C,QAAM,CAAC,YAAY,aAAa,IAAI,MAAM,SAAS,CAAC;AACpD,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,cAAc,eAAe;AACnC,QAAM,CAAC,cAAc,eAAe,IAAI,MAAM,SAAuB,CAAC,CAAC;AAEvE,QAAM,EAAE,MAAM,WAAW,MAAM,IAAI,SAAS;AAAA,IAC1C,UAAU,CAAC,kBAAkB,QAAQ,cAAc,IAAI;AAAA,IACvD,SAAS,YAAY;AACnB,YAAM,SAAS,IAAI,gBAAgB;AACnC,aAAO,IAAI,QAAQ,KAAK,SAAS,CAAC;AAClC,aAAO,IAAI,YAAY,SAAS,SAAS,CAAC;AAC1C,aAAO,IAAI,aAAa,UAAU;AAClC,aAAO,IAAI,WAAW,MAAM;AAE5B,UAAI,aAAa,QAAS,QAAO,IAAI,WAAW,aAAa,OAAiB;AAC9E,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAkB;AACjF,UAAI,aAAa,WAAY,QAAO,IAAI,cAAc,aAAa,UAAoB;AACvF,UAAI,aAAa,UAAW,QAAO,IAAI,aAAa,aAAa,SAAmB;AACpF,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,aAAa,MAAgB;AAE3E,YAAM,SAAS,MAAM;AAAA,QACnB,6BAA6B,OAAO,SAAS,CAAC;AAAA,MAChD;AAEA,UAAI,CAAC,OAAO,IAAI;AACd,cAAM,IAAI,MAAM,uBAAuB;AAAA,MACzC;AAEA,YAAM,WAAW,OAAO;AACxB,UAAI,UAAU;AACZ,iBAAS,SAAS,SAAS,CAAC;AAC5B,sBAAc,SAAS,cAAc,CAAC;AAAA,MACxC;AAEA,aAAO,UAAU,SAAS,CAAC;AAAA,IAC7B;AAAA,EACF,CAAC;AAED,QAAM,eAAe,OAAO,IAAY,aAAqB;AAC3D,QAAI,CAAC,QAAQ,EAAE,iCAAiC,EAAE,MAAM,SAAS,CAAC,CAAC,GAAG;AACpE;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,QAAQ,gCAAgC,EAAE,IAAI;AAAA,MACjE,QAAQ;AAAA,IACV,CAAC;AAED,QAAI,OAAO,IAAI;AACb,YAAM,EAAE,iCAAiC,GAAG,SAAS;AACrD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC;AAAA,IAChE,OAAO;AACL,YAAM,EAAE,sCAAsC,GAAG,OAAO;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,sBAAsB,OAAO,IAAY,mBAA4B;AACzE,UAAM,SAAS,MAAM,QAAQ,6BAA6B;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB;AAAA,QACA,SAAS,CAAC;AAAA,MACZ,CAAC;AAAA,IACH,CAAC;AAED,QAAI,OAAO,IAAI;AACb,YAAM,EAAE,iCAAiC,GAAG,SAAS;AACrD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC;AAAA,IAChE,OAAO;AACL,YAAM,EAAE,sCAAsC,GAAG,OAAO;AAAA,IAC1D;AAAA,EACF;AAEA,QAAM,qBAAqB,MAAM,YAAY,CAAC,WAAyB;AACrE,UAAM,OAAqB,CAAC;AAC5B,WAAO,QAAQ,MAAM,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC/C,UAAI,UAAU,OAAW,MAAK,GAAG,IAAI;AAAA,IACvC,CAAC;AACD,oBAAgB,IAAI;AACpB,YAAQ,CAAC;AAAA,EACX,GAAG,CAAC,iBAAiB,OAAO,CAAC;AAE7B,QAAM,qBAAqB,MAAM,YAAY,MAAM;AACjD,oBAAgB,CAAC,CAAC;AAClB,YAAQ,CAAC;AAAA,EACX,GAAG,CAAC,iBAAiB,OAAO,CAAC;AAE7B,QAAM,UAAuB;AAAA,IAC3B;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,+BAA+B;AAAA,MACxC,aAAa,EAAE,0CAA0C;AAAA,IAC3D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,+BAA+B;AAAA,MACxC,SAAS;AAAA,QACP,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG;AAAA,QACpC,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,OAAO;AAAA,QAC5C,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,QAAQ;AAAA,MAChD;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,6BAA6B;AAAA,MACtC,SAAS;AAAA,QACP,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,GAAG;AAAA,QACpC,EAAE,OAAO,EAAE,4BAA4B,GAAG,OAAO,QAAQ;AAAA,QACzD,EAAE,OAAO,EAAE,iCAAiC,GAAG,OAAO,aAAa;AAAA,QACnE,EAAE,OAAO,EAAE,kCAAkC,GAAG,OAAO,cAAc;AAAA,QACrE,EAAE,OAAO,EAAE,6BAA6B,GAAG,OAAO,SAAS;AAAA,QAC3D,EAAE,OAAO,EAAE,iCAAiC,GAAG,OAAO,aAAa;AAAA,MACrE;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,mCAAmC;AAAA,MAC5C,aAAa,EAAE,8CAA8C;AAAA,IAC/D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,MAAM;AAAA,MACN,OAAO,EAAE,kCAAkC;AAAA,MAC3C,aAAa,EAAE,6CAA6C;AAAA,IAC9D;AAAA,EACF;AAEA,QAAM,UAA6B;AAAA,IACjC;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,8BAA8B;AAAA,MACxC,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,oBAAC,UAAK,WAAU,qBAAqB,cAAI,SAAS,QAAO;AAAA,IAE7D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,qBAAC,SACC;AAAA,4BAAC,SAAI,WAAU,eAAe,cAAI,SAAS,UAAS;AAAA,QACnD,IAAI,SAAS,eACZ,oBAAC,SAAI,WAAU,8CACZ,cAAI,SAAS,aAChB;AAAA,SAEJ;AAAA,IAEJ;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MAAM;AACjB,cAAM,aAAa;AAAA,UACjB,OAAO;AAAA,UACP,YAAY;AAAA,UACZ,aAAa;AAAA,UACb,QAAQ;AAAA,UACR,YAAY;AAAA,QACd;AACA,cAAM,QAAQ,WAAW,IAAI,SAAS,QAAQ,KAAK;AACnD,eACE,oBAAC,UAAK,WAAW,kEAAkE,KAAK,IACrF,cAAI,SAAS,UAChB;AAAA,MAEJ;AAAA,IACF;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,kCAAkC;AAAA,MAC5C,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,iCAAiC;AAAA,MAC3C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MAAM,IAAI,SAAS,aAAa;AAAA,IAC/C;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,+BAA+B;AAAA,MACzC,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX;AAAA,QAAC;AAAA;AAAA,UACC,SAAS,MAAM,oBAAoB,IAAI,SAAS,IAAI,IAAI,SAAS,OAAO;AAAA,UACxE,WAAW,iFACT,IAAI,SAAS,UACT,iHACA,kDACN;AAAA,UACA,OAAO,EAAE,sCAAsC;AAAA,UAE9C,cAAI,SAAS,UAAU,EAAE,YAAY,IAAI,EAAE,WAAW;AAAA;AAAA,MACzD;AAAA,IAEJ;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ,EAAE,gCAAgC;AAAA,MAC1C,aAAa;AAAA,MACb,MAAM,CAAC,EAAE,IAAI,MACX,oBAAC,UAAK,WAAU,qBAAqB,cAAI,SAAS,UAAS;AAAA,IAE/D;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,MAAM,CAAC,EAAE,IAAI,MACX;AAAA,QAAC;AAAA;AAAA,UACC,OAAO;AAAA,YACL;AAAA,cACE,IAAI;AAAA,cACJ,OAAO,EAAE,aAAa;AAAA,cACtB,MAAM,kBAAkB,IAAI,SAAS,EAAE;AAAA,YACzC;AAAA,YACA;AAAA,cACE,IAAI,IAAI,SAAS,UAAU,YAAY;AAAA,cACvC,OAAO,IAAI,SAAS,UAAU,EAAE,gBAAgB,IAAI,EAAE,eAAe;AAAA,cACrE,UAAU,MAAM,oBAAoB,IAAI,SAAS,IAAI,IAAI,SAAS,OAAO;AAAA,YAC3E;AAAA,YACA;AAAA,cACE,IAAI;AAAA,cACJ,OAAO,EAAE,kBAAkB;AAAA,cAC3B,UAAU,MAAM;AAEd,sBAAM,EAAE,oDAAoD,GAAG,MAAM;AAAA,cACvE;AAAA,YACF;AAAA,YACA;AAAA,cACE,IAAI;AAAA,cACJ,OAAO,EAAE,eAAe;AAAA,cACxB,UAAU,MAAM,aAAa,IAAI,SAAS,IAAI,IAAI,SAAS,QAAQ;AAAA,cACnE,aAAa;AAAA,YACf;AAAA,UACF;AAAA;AAAA,MACF;AAAA,IAEJ;AAAA,EACF;AAEA,MAAI,OAAO;AACT,WACE,oBAAC,QACC,8BAAC,YACC,+BAAC,SAAI,WAAU,mBACb;AAAA,0BAAC,OAAE,WAAU,gBAAgB,YAAE,oCAAoC,GAAE;AAAA,MACrE,oBAAC,UAAO,SAAS,MAAM,YAAY,kBAAkB,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC,GAAG,WAAU,QAC/F,YAAE,cAAc,GACnB;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,oBAAC,QACC,8BAAC,YACC;AAAA,IAAC;AAAA;AAAA,MACC,OAAO,EAAE,2BAA2B;AAAA,MACpC,SACE,oBAAC,UAAO,SAAO,MACb,8BAAC,QAAK,MAAK,yBACR,YAAE,+BAA+B,GACpC,GACF;AAAA,MAEF;AAAA,MACA,MAAM,QAAQ,CAAC;AAAA,MACf;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB,gBAAgB;AAAA,MAChB,aAAa;AAAA,QACX,SAAS;AAAA,MACX;AAAA,MACA,YAAY,EAAE,MAAM,UAAU,OAAO,YAAY,cAAc,QAAQ;AAAA;AAAA,EACzE,GACF,GACF;AAEJ;",
   "names": []
 }

package/dist/modules/business_rules/backend/sets/page.js CHANGED Viewed

@@ -149,14 +149,17 @@ function RuleSetsListPage() {
         {
           items: [
             {
+              id: "edit",
               label: t("common.edit"),
               href: `/backend/sets/${row.original.id}`
             },
             {
+              id: row.original.enabled ? "disable" : "enable",
               label: row.original.enabled ? t("common.disable") : t("common.enable"),
               onSelect: () => handleToggleEnabled(row.original.id, row.original.enabled)
             },
             {
+              id: "delete",
               label: t("common.delete"),
               onSelect: () => handleDelete(row.original.id, row.original.setName),
               destructive: true