npm - @open-mercato/core - Versions diffs - 0.4.2-canary-ed15f2e753 → 0.4.2-canary-f075c3eb92 - Mend

@open-mercato/core 0.4.2-canary-ed15f2e753 → 0.4.2-canary-f075c3eb92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/src/modules/auth/lib/setup-app.ts CHANGED Viewed

@@ -4,12 +4,8 @@ import { Role, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/d
 import { Tenant, Organization } from '@open-mercato/core/modules/directory/data/entities'
 import { rebuildHierarchyForTenant } from '@open-mercato/core/modules/directory/lib/hierarchy'
 import { normalizeTenantId } from './tenantAccess'
-import { SalesSettings, SalesDocumentSequence } from '@open-mercato/core/modules/sales/data/entities'
-import {
-  DEFAULT_ORDER_NUMBER_FORMAT,
-  DEFAULT_QUOTE_NUMBER_FORMAT,
-} from '@open-mercato/core/modules/sales/lib/documentNumberTokens'
 import { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'
+import type { Module } from '@open-mercato/shared/modules/registry'
 import { isEncryptionDebugEnabled, isTenantDataEncryptionEnabled } from '@open-mercato/shared/lib/encryption/toggles'
 import { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'
 import { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'
@@ -95,6 +91,8 @@ export type SetupInitialTenantOptions = {
   failIfUserExists?: boolean
   primaryUserRoles?: string[]
   includeSuperadminRole?: boolean
+  /** Optional list of enabled modules. When provided, module setup hooks are called. */
+  modules?: Module[]
 }
 export type SetupInitialTenantResult = {
@@ -321,9 +319,16 @@ export async function setupInitialTenant(
     await rebuildHierarchyForTenant(em, tenantId)
   }
-  await ensureDefaultRoleAcls(em, tenantId, { includeSuperadminRole })
+  const resolvedModules = options.modules ?? tryGetModules()
+  await ensureDefaultRoleAcls(em, tenantId, resolvedModules, { includeSuperadminRole })
   await deactivateDemoSuperAdminIfSelfOnboardingEnabled(em)
-  await ensureSalesNumberingDefaults(em, { tenantId, organizationId })
+  // Call module onTenantCreated hooks
+  for (const mod of resolvedModules) {
+    if (mod.setup?.onTenantCreated) {
+      await mod.setup.onTenantCreated({ em, tenantId, organizationId })
+    }
+  }
   return {
     tenantId,
@@ -349,6 +354,7 @@ async function resolvePasswordHash(input: PrimaryUserInput): Promise<string | nu
 async function ensureDefaultRoleAcls(
   em: EntityManager,
   tenantId: string,
+  modules: Module[],
   options: { includeSuperadminRole?: boolean } = {},
 ) {
   const includeSuperadminRole = options.includeSuperadminRole ?? true
@@ -357,84 +363,27 @@ async function ensureDefaultRoleAcls(
   const adminRole = await findRoleByName(em, 'admin', roleTenantId)
   const employeeRole = await findRoleByName(em, 'employee', roleTenantId)
+  // Merge features from all enabled modules' setup configs
+  const superadminFeatures: string[] = []
+  const adminFeatures: string[] = []
+  const employeeFeatures: string[] = []
+  for (const mod of modules) {
+    const roleFeatures = mod.setup?.defaultRoleFeatures
+    if (!roleFeatures) continue
+    if (roleFeatures.superadmin) superadminFeatures.push(...roleFeatures.superadmin)
+    if (roleFeatures.admin) adminFeatures.push(...roleFeatures.admin)
+    if (roleFeatures.employee) employeeFeatures.push(...roleFeatures.employee)
+  }
   if (includeSuperadminRole && superadminRole) {
-    await ensureRoleAclFor(em, superadminRole, tenantId, ['directory.tenants.*'], { isSuperAdmin: true })
+    await ensureRoleAclFor(em, superadminRole, tenantId, superadminFeatures, { isSuperAdmin: true })
   }
   if (adminRole) {
-    const adminFeatures = [
-      'auth.*',
-      'entities.*',
-      'attachments.*',
-      'attachments.view',
-      'attachments.manage',
-      'query_index.*',
-      'search.*',
-      'vector.*',
-      'feature_toggles.*',
-      'configs.system_status.view',
-      'configs.cache.view',
-      'configs.cache.manage',
-      'configs.manage',
-      'catalog.*',
-      'catalog.variants.manage',
-      'catalog.pricing.manage',
-      'sales.*',
-      'audit_logs.*',
-      'directory.organizations.view',
-      'directory.organizations.manage',
-      'customers.*',
-      'customers.people.view',
-      'customers.people.manage',
-      'customers.companies.view',
-      'customers.companies.manage',
-      'customers.deals.view',
-      'customers.deals.manage',
-      'dictionaries.view',
-      'dictionaries.manage',
-      'example.*',
-      'dashboards.*',
-      'dashboards.admin.assign-widgets',
-      'analytics.view',
-      'api_keys.*',
-      'perspectives.use',
-      'perspectives.role_defaults',
-      'business_rules.*',
-      'workflows.*',
-      'currencies.*',
-      'staff.*',
-      'staff.leave_requests.manage',
-      'resources.*',
-      'planner.*',
-    ]
-    await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures, { remove: ['directory.organizations.*', 'directory.tenants.*'] })
+    await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures)
   }
   if (employeeRole) {
-    await ensureRoleAclFor(em, employeeRole, tenantId, [
-      'customers.*',
-      'customers.people.view',
-      'customers.people.manage',
-      'customers.companies.view',
-      'customers.companies.manage',
-      'vector.*',
-      'catalog.*',
-      'catalog.variants.manage',
-      'catalog.pricing.manage',
-      'sales.*',
-      'dictionaries.view',
-      'example.*',
-      'example.widgets.*',
-      'dashboards.view',
-      'dashboards.configure',
-      'analytics.view',
-      'audit_logs.undo_self',
-      'perspectives.use',
-      'staff.leave_requests.send',
-      'staff.my_availability.view',
-      'staff.my_availability.manage',
-      'staff.my_leave_requests.view',
-      'staff.my_leave_requests.send',
-      'planner.view',
-    ])
+    await ensureRoleAclFor(em, employeeRole, tenantId, employeeFeatures)
   }
 }
@@ -443,7 +392,7 @@ async function ensureRoleAclFor(
   role: Role,
   tenantId: string,
   features: string[],
-  options: { isSuperAdmin?: boolean; remove?: string[] } = {},
+  options: { isSuperAdmin?: boolean } = {},
 ) {
   const existing = await em.findOne(RoleAcl, { role, tenantId })
   if (!existing) {
@@ -459,24 +408,10 @@ async function ensureRoleAclFor(
   }
   const currentFeatures = Array.isArray(existing.featuresJson) ? existing.featuresJson : []
   const merged = Array.from(new Set([...currentFeatures, ...features]))
-  const removeSet = new Set(options.remove ?? [])
-  const sanitized =
-    removeSet.size
-      ? merged.filter((value) => {
-        if (removeSet.has(value)) return false
-        for (const entry of removeSet) {
-          if (entry.endsWith('.*')) {
-            const prefix = entry.slice(0, -1) // keep trailing dot
-            if (value === entry || value.startsWith(prefix)) return false
-          }
-        }
-        return true
-      })
-      : merged
   const changed =
-    sanitized.length !== currentFeatures.length ||
-    sanitized.some((value, index) => value !== currentFeatures[index])
-  if (changed) existing.featuresJson = sanitized
+    merged.length !== currentFeatures.length ||
+    merged.some((value, index) => value !== currentFeatures[index])
+  if (changed) existing.featuresJson = merged
   if (options.isSuperAdmin && !existing.isSuperAdmin) {
     existing.isSuperAdmin = true
   }
@@ -507,84 +442,12 @@ async function deactivateDemoSuperAdminIfSelfOnboardingEnabled(em: EntityManager
   }
 }
-async function ensureSalesNumberingDefaults(
-  em: EntityManager,
-  scope: { tenantId: string; organizationId: string },
-) {
-  const repo = (em as any).getRepository?.(SalesSettings)
-  const findSettings = async () =>
-    repo?.findOne({
-      tenantId: scope.tenantId,
-      organizationId: scope.organizationId,
-    }) ??
-    (em as any).findOne?.(SalesSettings, {
-      tenantId: scope.tenantId,
-      organizationId: scope.organizationId,
-    })
-  const exists = await findSettings()
-  if (!exists) {
-    const settings =
-      repo?.create?.({
-        tenantId: scope.tenantId,
-        organizationId: scope.organizationId,
-        orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,
-        quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      }) ??
-      (em as any).create?.(SalesSettings, {
-        tenantId: scope.tenantId,
-        organizationId: scope.organizationId,
-        orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,
-        quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,
-        createdAt: new Date(),
-        updatedAt: new Date(),
-      })
-    if (settings && (em as any).persist) {
-      em.persist(settings)
-    }
-  }
-  const sequenceRepo = (em as any).getRepository?.(SalesDocumentSequence)
-  const kinds: Array<'order' | 'quote'> = ['order', 'quote']
-  for (const kind of kinds) {
-    const seq =
-      sequenceRepo?.findOne({
-        tenantId: scope.tenantId,
-        organizationId: scope.organizationId,
-        documentKind: kind,
-      }) ??
-      (em as any).findOne?.(SalesDocumentSequence, {
-        tenantId: scope.tenantId,
-        organizationId: scope.organizationId,
-        documentKind: kind,
-      })
-    if (!seq) {
-      const entry =
-        sequenceRepo?.create?.({
-          tenantId: scope.tenantId,
-          organizationId: scope.organizationId,
-          documentKind: kind,
-          currentValue: 0,
-          createdAt: new Date(),
-          updatedAt: new Date(),
-        }) ??
-        (em as any).create?.(SalesDocumentSequence, {
-          tenantId: scope.tenantId,
-          organizationId: scope.organizationId,
-          documentKind: kind,
-          currentValue: 0,
-          createdAt: new Date(),
-          updatedAt: new Date(),
-        })
-      if (entry && (em as any).persist) {
-        em.persist(entry)
-      }
-    }
-  }
-  if ((em as any).flush) {
-    await em.flush()
+/** Try to get modules from runtime registry; returns empty array if not yet registered. */
+function tryGetModules(): Module[] {
+  try {
+    const { getModules } = require('@open-mercato/shared/lib/modules/registry')
+    return getModules()
+  } catch {
+    return []
   }
 }

package/src/modules/auth/setup.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'
+export const setup: ModuleSetupConfig = {
+  defaultRoleFeatures: {
+    admin: ['auth.*'],
+  },
+}
+export default setup

package/src/modules/business_rules/data/validators.ts CHANGED Viewed

@@ -287,43 +287,3 @@ export const ruleDiscoveryOptionsSchema = z.object({
 })
 export type RuleDiscoveryOptionsInput = z.infer<typeof ruleDiscoveryOptionsSchema>
-// Direct Rule Execution Context Schema (for executing a specific rule by ID)
-export const directRuleExecutionContextSchema = z.object({
-  ruleId: z.uuid('ruleId must be a valid UUID'),
-  data: z.any(),
-  user: z.looseObject({
-    id: z.string().optional(),
-    email: z.string().optional(),
-    role: z.string().optional(),
-  }).optional(),
-  tenantId: z.uuid('tenantId must be a valid UUID'),
-  organizationId: z.uuid('organizationId must be a valid UUID'),
-  executedBy: z.string().optional(),
-  dryRun: z.boolean().optional(),
-  entityType: z.string().optional(),
-  entityId: z.string().optional(),
-  eventType: z.string().optional(),
-})
-export type DirectRuleExecutionContextInput = z.infer<typeof directRuleExecutionContextSchema>
-// Rule ID Execution Context Schema (for executing a specific rule by its string rule_id identifier)
-export const ruleIdExecutionContextSchema = z.object({
-  ruleId: z.string().min(1, 'ruleId must be a non-empty string').max(50),
-  data: z.any(),
-  user: z.looseObject({
-    id: z.string().optional(),
-    email: z.string().optional(),
-    role: z.string().optional(),
-  }).optional(),
-  tenantId: z.uuid('tenantId must be a valid UUID'),
-  organizationId: z.uuid('organizationId must be a valid UUID'),
-  executedBy: z.string().optional(),
-  dryRun: z.boolean().optional(),
-  entityType: z.string().optional(),
-  entityId: z.string().optional(),
-  eventType: z.string().optional(),
-})
-export type RuleIdExecutionContextInput = z.infer<typeof ruleIdExecutionContextSchema>

package/src/modules/business_rules/index.ts CHANGED Viewed

@@ -8,28 +8,3 @@ export const metadata: ModuleInfo = {
   author: 'Patryk Lewczuk',
   license: 'Proprietary',
 }
-// Export rule engine types and functions for programmatic usage
-export {
-  executeRules,
-  executeRuleById,
-  executeRuleByRuleId,
-  executeSingleRule,
-  findApplicableRules,
-  logRuleExecution,
-  type RuleEngineContext,
-  type RuleEngineResult,
-  type RuleExecutionResult,
-  type RuleDiscoveryOptions,
-  type DirectRuleExecutionContext,
-  type DirectRuleExecutionResult,
-  type RuleIdExecutionContext,
-} from './lib/rule-engine'
-// Export validator schemas
-export {
-  directRuleExecutionContextSchema,
-  ruleIdExecutionContextSchema,
-  type DirectRuleExecutionContextInput,
-  type RuleIdExecutionContextInput,
-} from './data/validators'

package/src/modules/business_rules/lib/rule-engine.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import * as ruleEvaluator from './rule-evaluator'
 import * as actionExecutor from './action-executor'
 import type { RuleEvaluationContext } from './rule-evaluator'
 import type { ActionContext, ActionExecutionOutcome } from './action-executor'
-import { ruleEngineContextSchema, ruleDiscoveryOptionsSchema, directRuleExecutionContextSchema, ruleIdExecutionContextSchema } from '../data/validators'
+import { ruleEngineContextSchema, ruleDiscoveryOptionsSchema } from '../data/validators'
 /**
  * Constants
@@ -85,65 +85,6 @@ export interface RuleDiscoveryOptions {
   ruleType?: RuleType
 }
-/**
- * Direct rule execution context (for executing a specific rule by ID)
- */
-export interface DirectRuleExecutionContext {
-  ruleId: string  // Database UUID of the rule
-  data: any
-  user?: {
-    id?: string
-    email?: string
-    role?: string
-    [key: string]: any
-  }
-  tenantId: string
-  organizationId: string
-  executedBy?: string
-  dryRun?: boolean
-  // Optional for logging (falls back to rule's entityType)
-  entityType?: string
-  entityId?: string
-  eventType?: string
-}
-/**
- * Direct rule execution result
- */
-export interface DirectRuleExecutionResult {
-  success: boolean
-  ruleId: string
-  ruleName: string
-  conditionResult: boolean
-  actionsExecuted: ActionExecutionOutcome | null
-  executionTime: number
-  error?: string
-  logId?: string
-}
-/**
- * Context for executing a rule by its string rule_id identifier
- * Unlike DirectRuleExecutionContext which uses database UUID,
- * this uses the string identifier (e.g., "workflow_checkout_inventory_available")
- */
-export interface RuleIdExecutionContext {
-  ruleId: string  // String identifier (e.g., "workflow_checkout_inventory_available")
-  data: any
-  user?: {
-    id?: string
-    email?: string
-    role?: string
-    [key: string]: any
-  }
-  tenantId: string
-  organizationId: string
-  executedBy?: string
-  dryRun?: boolean
-  entityType?: string
-  entityId?: string
-  eventType?: string
-}
 /**
  * Execute a function with a timeout
  */
@@ -463,227 +404,6 @@ export async function findApplicableRules(
   })
 }
-/**
- * Execute a specific rule by its database UUID
- * This bypasses the entityType/eventType discovery mechanism and directly executes the rule
- */
-export async function executeRuleById(
-  em: EntityManager,
-  context: DirectRuleExecutionContext
-): Promise<DirectRuleExecutionResult> {
-  const startTime = Date.now()
-  // Validate input
-  const validation = directRuleExecutionContextSchema.safeParse(context)
-  if (!validation.success) {
-    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)
-    return {
-      success: false,
-      ruleId: context.ruleId,
-      ruleName: 'Unknown',
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Validation failed: ${validationErrors.join(', ')}`,
-    }
-  }
-  // Fetch rule by ID with tenant/org validation
-  const rule = await em.findOne(BusinessRule, {
-    id: context.ruleId,
-    tenantId: context.tenantId,
-    organizationId: context.organizationId,
-    deletedAt: null,
-  })
-  if (!rule) {
-    return {
-      success: false,
-      ruleId: context.ruleId,
-      ruleName: 'Unknown',
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: 'Rule not found',
-    }
-  }
-  if (!rule.enabled) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: 'Rule is disabled',
-    }
-  }
-  // Check effective date range
-  const now = new Date()
-  if (rule.effectiveFrom && rule.effectiveFrom > now) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`,
-    }
-  }
-  if (rule.effectiveTo && rule.effectiveTo < now) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`,
-    }
-  }
-  // Build RuleEngineContext (use provided entityType or fall back to rule's)
-  const engineContext: RuleEngineContext = {
-    entityType: context.entityType || rule.entityType,
-    entityId: context.entityId,
-    eventType: context.eventType || rule.eventType || undefined,
-    data: context.data,
-    user: context.user,
-    tenantId: context.tenantId,
-    organizationId: context.organizationId,
-    executedBy: context.executedBy,
-    dryRun: context.dryRun,
-  }
-  // Execute via existing executeSingleRule
-  const result = await executeSingleRule(em, rule, engineContext)
-  return {
-    success: !result.error,
-    ruleId: rule.ruleId,
-    ruleName: rule.ruleName,
-    conditionResult: result.conditionResult,
-    actionsExecuted: result.actionsExecuted,
-    executionTime: result.executionTime,
-    error: result.error,
-    logId: result.logId,
-  }
-}
-/**
- * Execute a rule by its string rule_id identifier
- * Looks up rule by rule_id (string column) + tenant_id (unique constraint)
- * This is useful for workflow conditions that reference rules by their string identifiers
- */
-export async function executeRuleByRuleId(
-  em: EntityManager,
-  context: RuleIdExecutionContext
-): Promise<DirectRuleExecutionResult> {
-  const startTime = Date.now()
-  // Validate input
-  const validation = ruleIdExecutionContextSchema.safeParse(context)
-  if (!validation.success) {
-    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)
-    return {
-      success: false,
-      ruleId: context.ruleId || 'unknown',
-      ruleName: 'Unknown',
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Validation failed: ${validationErrors.join(', ')}`,
-    }
-  }
-  // Fetch rule by rule_id (string identifier) + tenant/org
-  const rule = await em.findOne(BusinessRule, {
-    ruleId: context.ruleId,  // String identifier column
-    tenantId: context.tenantId,
-    organizationId: context.organizationId,
-    deletedAt: null,
-  })
-  if (!rule) {
-    return {
-      success: false,
-      ruleId: context.ruleId,
-      ruleName: 'Unknown',
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: 'Rule not found',
-    }
-  }
-  if (!rule.enabled) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: 'Rule is disabled',
-    }
-  }
-  // Check effective date range
-  const now = new Date()
-  if (rule.effectiveFrom && rule.effectiveFrom > now) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`,
-    }
-  }
-  if (rule.effectiveTo && rule.effectiveTo < now) {
-    return {
-      success: false,
-      ruleId: rule.ruleId,
-      ruleName: rule.ruleName,
-      conditionResult: false,
-      actionsExecuted: null,
-      executionTime: Date.now() - startTime,
-      error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`,
-    }
-  }
-  // Build RuleEngineContext (use provided entityType or fall back to rule's)
-  const engineContext: RuleEngineContext = {
-    entityType: context.entityType || rule.entityType,
-    entityId: context.entityId,
-    eventType: context.eventType || rule.eventType || undefined,
-    data: context.data,
-    user: context.user,
-    tenantId: context.tenantId,
-    organizationId: context.organizationId,
-    executedBy: context.executedBy,
-    dryRun: context.dryRun,
-  }
-  // Execute via existing executeSingleRule
-  const result = await executeSingleRule(em, rule, engineContext)
-  return {
-    success: !result.error,
-    ruleId: rule.ruleId,
-    ruleName: rule.ruleName,
-    conditionResult: result.conditionResult,
-    actionsExecuted: result.actionsExecuted,
-    executionTime: result.executionTime,
-    error: result.error,
-    logId: result.logId,
-  }
-}
 /**
  * Sensitive field patterns to exclude from logs
  */

package/src/modules/business_rules/setup.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'
+export const setup: ModuleSetupConfig = {
+  defaultRoleFeatures: {
+    admin: ['business_rules.*'],
+  },
+}
+export default setup

package/src/modules/catalog/setup.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'
+import { seedCatalogUnits, seedCatalogPriceKinds, seedCatalogExamplesForScope } from './lib/seeds'
+export const setup: ModuleSetupConfig = {
+  seedDefaults: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }
+    await seedCatalogUnits(ctx.em, scope)
+    await seedCatalogPriceKinds(ctx.em, scope)
+  },
+  seedExamples: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }
+    await seedCatalogExamplesForScope(ctx.em, ctx.container, scope)
+  },
+  defaultRoleFeatures: {
+    admin: ['catalog.*', 'catalog.variants.manage', 'catalog.pricing.manage'],
+    employee: ['catalog.*', 'catalog.variants.manage', 'catalog.pricing.manage'],
+  },
+}
+export default setup