@open-mercato/core 0.4.2-canary-ed15f2e753 → 0.4.2-canary-f075c3eb92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (241) hide show
  1. package/dist/generated/entities.ids.generated.js +0 -1
  2. package/dist/generated/entities.ids.generated.js.map +2 -2
  3. package/dist/generated/entity-fields-registry.js +0 -2
  4. package/dist/generated/entity-fields-registry.js.map +2 -2
  5. package/dist/modules/api_keys/setup.js +11 -0
  6. package/dist/modules/api_keys/setup.js.map +7 -0
  7. package/dist/modules/attachments/components/AttachmentLibrary.js +1 -1
  8. package/dist/modules/attachments/components/AttachmentLibrary.js.map +2 -2
  9. package/dist/modules/attachments/lib/assignmentDetails.js +31 -17
  10. package/dist/modules/attachments/lib/assignmentDetails.js.map +2 -2
  11. package/dist/modules/attachments/lib/partitions.js +3 -3
  12. package/dist/modules/attachments/lib/partitions.js.map +2 -2
  13. package/dist/modules/attachments/setup.js +11 -0
  14. package/dist/modules/attachments/setup.js.map +7 -0
  15. package/dist/modules/audit_logs/setup.js +12 -0
  16. package/dist/modules/audit_logs/setup.js.map +7 -0
  17. package/dist/modules/auth/lib/setup-app.js +29 -159
  18. package/dist/modules/auth/lib/setup-app.js.map +2 -2
  19. package/dist/modules/auth/setup.js +11 -0
  20. package/dist/modules/auth/setup.js.map +7 -0
  21. package/dist/modules/business_rules/data/validators.js +0 -34
  22. package/dist/modules/business_rules/data/validators.js.map +2 -2
  23. package/dist/modules/business_rules/index.js +1 -21
  24. package/dist/modules/business_rules/index.js.map +2 -2
  25. package/dist/modules/business_rules/lib/rule-engine.js +1 -182
  26. package/dist/modules/business_rules/lib/rule-engine.js.map +2 -2
  27. package/dist/modules/business_rules/setup.js +11 -0
  28. package/dist/modules/business_rules/setup.js.map +7 -0
  29. package/dist/modules/catalog/setup.js +22 -0
  30. package/dist/modules/catalog/setup.js.map +7 -0
  31. package/dist/modules/configs/lib/upgrade-actions.js +65 -15
  32. package/dist/modules/configs/lib/upgrade-actions.js.map +2 -2
  33. package/dist/modules/configs/setup.js +16 -0
  34. package/dist/modules/configs/setup.js.map +7 -0
  35. package/dist/modules/currencies/setup.js +16 -0
  36. package/dist/modules/currencies/setup.js.map +7 -0
  37. package/dist/modules/customers/setup.js +36 -0
  38. package/dist/modules/customers/setup.js.map +7 -0
  39. package/dist/modules/dashboards/setup.js +12 -0
  40. package/dist/modules/dashboards/setup.js.map +7 -0
  41. package/dist/modules/dictionaries/setup.js +12 -0
  42. package/dist/modules/dictionaries/setup.js.map +7 -0
  43. package/dist/modules/directory/setup.js +12 -0
  44. package/dist/modules/directory/setup.js.map +7 -0
  45. package/dist/modules/entities/setup.js +11 -0
  46. package/dist/modules/entities/setup.js.map +7 -0
  47. package/dist/modules/feature_toggles/setup.js +11 -0
  48. package/dist/modules/feature_toggles/setup.js.map +7 -0
  49. package/dist/modules/perspectives/setup.js +12 -0
  50. package/dist/modules/perspectives/setup.js.map +7 -0
  51. package/dist/modules/planner/setup.js +21 -0
  52. package/dist/modules/planner/setup.js.map +7 -0
  53. package/dist/modules/query_index/setup.js +11 -0
  54. package/dist/modules/query_index/setup.js.map +7 -0
  55. package/dist/modules/resources/setup.js +21 -0
  56. package/dist/modules/resources/setup.js.map +7 -0
  57. package/dist/modules/sales/acl.js +0 -1
  58. package/dist/modules/sales/acl.js.map +2 -2
  59. package/dist/modules/sales/backend/sales/documents/[id]/page.js +0 -12
  60. package/dist/modules/sales/backend/sales/documents/[id]/page.js.map +2 -2
  61. package/dist/modules/sales/commands/documents.js +0 -62
  62. package/dist/modules/sales/commands/documents.js.map +2 -2
  63. package/dist/modules/sales/lib/dictionaries.js +0 -3
  64. package/dist/modules/sales/lib/dictionaries.js.map +2 -2
  65. package/dist/modules/sales/setup.js +99 -0
  66. package/dist/modules/sales/setup.js.map +7 -0
  67. package/dist/modules/staff/setup.js +27 -0
  68. package/dist/modules/staff/setup.js.map +7 -0
  69. package/dist/modules/workflows/acl.js +0 -2
  70. package/dist/modules/workflows/acl.js.map +2 -2
  71. package/dist/modules/workflows/api/instances/route.js +6 -18
  72. package/dist/modules/workflows/api/instances/route.js.map +2 -2
  73. package/dist/modules/workflows/api/tasks/route.js +1 -6
  74. package/dist/modules/workflows/api/tasks/route.js.map +2 -2
  75. package/dist/modules/workflows/backend/definitions/[id]/page.js +1 -9
  76. package/dist/modules/workflows/backend/definitions/[id]/page.js.map +2 -2
  77. package/dist/modules/workflows/backend/definitions/[id]/page.meta.js +1 -1
  78. package/dist/modules/workflows/backend/definitions/[id]/page.meta.js.map +2 -2
  79. package/dist/modules/workflows/backend/definitions/create/page.js +15 -24
  80. package/dist/modules/workflows/backend/definitions/create/page.js.map +2 -2
  81. package/dist/modules/workflows/backend/definitions/create/page.meta.js +1 -1
  82. package/dist/modules/workflows/backend/definitions/create/page.meta.js.map +2 -2
  83. package/dist/modules/workflows/backend/definitions/visual-editor/page.js +132 -150
  84. package/dist/modules/workflows/backend/definitions/visual-editor/page.js.map +2 -2
  85. package/dist/modules/workflows/backend/definitions/visual-editor/page.meta.js +1 -1
  86. package/dist/modules/workflows/backend/definitions/visual-editor/page.meta.js.map +2 -2
  87. package/dist/modules/workflows/backend/events/[id]/page.js +1 -1
  88. package/dist/modules/workflows/backend/events/[id]/page.js.map +2 -2
  89. package/dist/modules/workflows/backend/events/[id]/page.meta.js +2 -2
  90. package/dist/modules/workflows/backend/events/[id]/page.meta.js.map +2 -2
  91. package/dist/modules/workflows/backend/instances/[id]/page.meta.js +2 -2
  92. package/dist/modules/workflows/backend/instances/[id]/page.meta.js.map +2 -2
  93. package/dist/modules/workflows/backend/tasks/[id]/page.js +1 -1
  94. package/dist/modules/workflows/backend/tasks/[id]/page.js.map +2 -2
  95. package/dist/modules/workflows/backend/tasks/[id]/page.meta.js +2 -2
  96. package/dist/modules/workflows/backend/tasks/[id]/page.meta.js.map +2 -2
  97. package/dist/modules/workflows/backend/tasks/page.js +6 -5
  98. package/dist/modules/workflows/backend/tasks/page.js.map +2 -2
  99. package/dist/modules/workflows/cli.js +3 -81
  100. package/dist/modules/workflows/cli.js.map +3 -3
  101. package/dist/modules/workflows/data/entities.js +1 -64
  102. package/dist/modules/workflows/data/entities.js.map +2 -2
  103. package/dist/modules/workflows/data/validators.js +0 -115
  104. package/dist/modules/workflows/data/validators.js.map +2 -2
  105. package/dist/modules/workflows/examples/checkout-demo-definition.json +5 -1
  106. package/dist/modules/workflows/lib/activity-executor.js +13 -75
  107. package/dist/modules/workflows/lib/activity-executor.js.map +2 -2
  108. package/dist/modules/workflows/lib/graph-utils.js +2 -71
  109. package/dist/modules/workflows/lib/graph-utils.js.map +2 -2
  110. package/dist/modules/workflows/lib/seeds.js +7 -36
  111. package/dist/modules/workflows/lib/seeds.js.map +2 -2
  112. package/dist/modules/workflows/lib/start-validator.js +23 -33
  113. package/dist/modules/workflows/lib/start-validator.js.map +2 -2
  114. package/dist/modules/workflows/lib/transition-handler.js +45 -157
  115. package/dist/modules/workflows/lib/transition-handler.js.map +3 -3
  116. package/dist/modules/workflows/migrations/Migration20251207131955.js +76 -72
  117. package/dist/modules/workflows/migrations/Migration20251207131955.js.map +2 -2
  118. package/dist/modules/workflows/setup.js +16 -0
  119. package/dist/modules/workflows/setup.js.map +7 -0
  120. package/generated/entities.ids.generated.ts +0 -1
  121. package/generated/entity-fields-registry.ts +0 -2
  122. package/package.json +2 -2
  123. package/src/__tests__/module-decoupling.test.ts +356 -0
  124. package/src/modules/api_keys/setup.ts +9 -0
  125. package/src/modules/attachments/components/AttachmentLibrary.tsx +2 -2
  126. package/src/modules/attachments/lib/assignmentDetails.ts +32 -16
  127. package/src/modules/attachments/lib/partitions.ts +3 -3
  128. package/src/modules/attachments/setup.ts +9 -0
  129. package/src/modules/audit_logs/setup.ts +10 -0
  130. package/src/modules/auth/__tests__/cli-setup-acl.test.ts +30 -0
  131. package/src/modules/auth/lib/setup-app.ts +40 -177
  132. package/src/modules/auth/setup.ts +9 -0
  133. package/src/modules/business_rules/data/validators.ts +0 -40
  134. package/src/modules/business_rules/index.ts +0 -25
  135. package/src/modules/business_rules/lib/rule-engine.ts +1 -281
  136. package/src/modules/business_rules/setup.ts +9 -0
  137. package/src/modules/catalog/setup.ts +22 -0
  138. package/src/modules/configs/lib/upgrade-actions.ts +78 -17
  139. package/src/modules/configs/setup.ts +14 -0
  140. package/src/modules/currencies/setup.ts +15 -0
  141. package/src/modules/customers/setup.ts +36 -0
  142. package/src/modules/dashboards/setup.ts +10 -0
  143. package/src/modules/dictionaries/setup.ts +10 -0
  144. package/src/modules/directory/setup.ts +10 -0
  145. package/src/modules/entities/setup.ts +9 -0
  146. package/src/modules/feature_toggles/setup.ts +9 -0
  147. package/src/modules/perspectives/setup.ts +10 -0
  148. package/src/modules/planner/setup.ts +21 -0
  149. package/src/modules/query_index/setup.ts +9 -0
  150. package/src/modules/resources/setup.ts +21 -0
  151. package/src/modules/sales/acl.ts +0 -1
  152. package/src/modules/sales/backend/sales/documents/[id]/page.tsx +0 -16
  153. package/src/modules/sales/commands/documents.ts +1 -74
  154. package/src/modules/sales/lib/dictionaries.ts +0 -3
  155. package/src/modules/sales/setup.ts +108 -0
  156. package/src/modules/staff/setup.ts +27 -0
  157. package/src/modules/workflows/acl.ts +0 -2
  158. package/src/modules/workflows/api/__tests__/instances.route.test.ts +2 -5
  159. package/src/modules/workflows/api/instances/route.ts +7 -21
  160. package/src/modules/workflows/api/tasks/route.ts +1 -7
  161. package/src/modules/workflows/backend/definitions/[id]/page.meta.ts +1 -1
  162. package/src/modules/workflows/backend/definitions/[id]/page.tsx +0 -9
  163. package/src/modules/workflows/backend/definitions/create/page.meta.ts +1 -1
  164. package/src/modules/workflows/backend/definitions/create/page.tsx +0 -9
  165. package/src/modules/workflows/backend/definitions/visual-editor/page.meta.ts +1 -1
  166. package/src/modules/workflows/backend/definitions/visual-editor/page.tsx +3 -21
  167. package/src/modules/workflows/backend/events/[id]/page.meta.ts +2 -2
  168. package/src/modules/workflows/backend/events/[id]/page.tsx +1 -1
  169. package/src/modules/workflows/backend/instances/[id]/page.meta.ts +2 -2
  170. package/src/modules/workflows/backend/tasks/[id]/page.meta.ts +2 -2
  171. package/src/modules/workflows/backend/tasks/[id]/page.tsx +1 -1
  172. package/src/modules/workflows/backend/tasks/page.tsx +6 -5
  173. package/src/modules/workflows/cli.ts +0 -111
  174. package/src/modules/workflows/data/entities.ts +0 -124
  175. package/src/modules/workflows/data/validators.ts +0 -138
  176. package/src/modules/workflows/examples/checkout-demo-definition.json +5 -1
  177. package/src/modules/workflows/i18n/en.json +0 -71
  178. package/src/modules/workflows/lib/__tests__/activity-executor.test.ts +36 -43
  179. package/src/modules/workflows/lib/__tests__/transition-handler.test.ts +90 -170
  180. package/src/modules/workflows/lib/activity-executor.ts +16 -129
  181. package/src/modules/workflows/lib/graph-utils.ts +2 -117
  182. package/src/modules/workflows/lib/seeds.ts +12 -50
  183. package/src/modules/workflows/lib/start-validator.ts +28 -38
  184. package/src/modules/workflows/lib/transition-handler.ts +55 -208
  185. package/src/modules/workflows/migrations/Migration20251207131955.ts +77 -143
  186. package/src/modules/workflows/setup.ts +15 -0
  187. package/dist/generated/entities/workflow_event_trigger/index.js +0 -33
  188. package/dist/generated/entities/workflow_event_trigger/index.js.map +0 -7
  189. package/dist/modules/auth/events.js +0 -30
  190. package/dist/modules/auth/events.js.map +0 -7
  191. package/dist/modules/business_rules/api/execute/[ruleId]/route.js +0 -145
  192. package/dist/modules/business_rules/api/execute/[ruleId]/route.js.map +0 -7
  193. package/dist/modules/catalog/events.js +0 -34
  194. package/dist/modules/catalog/events.js.map +0 -7
  195. package/dist/modules/customers/events.js +0 -49
  196. package/dist/modules/customers/events.js.map +0 -7
  197. package/dist/modules/directory/events.js +0 -23
  198. package/dist/modules/directory/events.js.map +0 -7
  199. package/dist/modules/sales/events.js +0 -63
  200. package/dist/modules/sales/events.js.map +0 -7
  201. package/dist/modules/sales/lib/frontend/documentDataEvents.js +0 -25
  202. package/dist/modules/sales/lib/frontend/documentDataEvents.js.map +0 -7
  203. package/dist/modules/workflows/components/DefinitionTriggersEditor.js +0 -481
  204. package/dist/modules/workflows/components/DefinitionTriggersEditor.js.map +0 -7
  205. package/dist/modules/workflows/components/EventTriggersEditor.js +0 -553
  206. package/dist/modules/workflows/components/EventTriggersEditor.js.map +0 -7
  207. package/dist/modules/workflows/events.js +0 -38
  208. package/dist/modules/workflows/events.js.map +0 -7
  209. package/dist/modules/workflows/examples/order-approval-definition.json +0 -257
  210. package/dist/modules/workflows/examples/order-approval-guard-rules.json +0 -32
  211. package/dist/modules/workflows/lib/event-trigger-service.js +0 -308
  212. package/dist/modules/workflows/lib/event-trigger-service.js.map +0 -7
  213. package/dist/modules/workflows/migrations/Migration20260123143500.js +0 -36
  214. package/dist/modules/workflows/migrations/Migration20260123143500.js.map +0 -7
  215. package/dist/modules/workflows/subscribers/event-trigger.js +0 -78
  216. package/dist/modules/workflows/subscribers/event-trigger.js.map +0 -7
  217. package/dist/modules/workflows/widgets/injection/order-approval/widget.client.js +0 -323
  218. package/dist/modules/workflows/widgets/injection/order-approval/widget.client.js.map +0 -7
  219. package/dist/modules/workflows/widgets/injection/order-approval/widget.js +0 -17
  220. package/dist/modules/workflows/widgets/injection/order-approval/widget.js.map +0 -7
  221. package/dist/modules/workflows/widgets/injection-table.js +0 -19
  222. package/dist/modules/workflows/widgets/injection-table.js.map +0 -7
  223. package/generated/entities/workflow_event_trigger/index.ts +0 -15
  224. package/src/modules/auth/events.ts +0 -39
  225. package/src/modules/business_rules/api/execute/[ruleId]/route.ts +0 -163
  226. package/src/modules/catalog/events.ts +0 -45
  227. package/src/modules/customers/events.ts +0 -63
  228. package/src/modules/directory/events.ts +0 -31
  229. package/src/modules/sales/events.ts +0 -82
  230. package/src/modules/sales/lib/frontend/documentDataEvents.ts +0 -28
  231. package/src/modules/workflows/components/DefinitionTriggersEditor.tsx +0 -581
  232. package/src/modules/workflows/components/EventTriggersEditor.tsx +0 -664
  233. package/src/modules/workflows/events.ts +0 -49
  234. package/src/modules/workflows/examples/order-approval-definition.json +0 -257
  235. package/src/modules/workflows/examples/order-approval-guard-rules.json +0 -32
  236. package/src/modules/workflows/lib/event-trigger-service.ts +0 -557
  237. package/src/modules/workflows/migrations/Migration20260123143500.ts +0 -38
  238. package/src/modules/workflows/subscribers/event-trigger.ts +0 -109
  239. package/src/modules/workflows/widgets/injection/order-approval/widget.client.tsx +0 -446
  240. package/src/modules/workflows/widgets/injection/order-approval/widget.ts +0 -16
  241. package/src/modules/workflows/widgets/injection-table.ts +0 -21
package/dist/modules/auth/lib/setup-app.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../src/modules/auth/lib/setup-app.ts"],
4
- "sourcesContent": ["import { hash } from 'bcryptjs'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Role, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { Tenant, Organization } from '@open-mercato/core/modules/directory/data/entities'\nimport { rebuildHierarchyForTenant } from '@open-mercato/core/modules/directory/lib/hierarchy'\nimport { normalizeTenantId } from './tenantAccess'\nimport { SalesSettings, SalesDocumentSequence } from '@open-mercato/core/modules/sales/data/entities'\nimport {\n DEFAULT_ORDER_NUMBER_FORMAT,\n DEFAULT_QUOTE_NUMBER_FORMAT,\n} from '@open-mercato/core/modules/sales/lib/documentNumberTokens'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { isEncryptionDebugEnabled, isTenantDataEncryptionEnabled } from '@open-mercato/shared/lib/encryption/toggles'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport { createKmsService } from '@open-mercato/shared/lib/encryption/kms'\nimport { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nconst DEFAULT_ROLE_NAMES = ['employee', 'admin', 'superadmin'] as const\nconst DEMO_SUPERADMIN_EMAIL = 'superadmin@acme.com'\n\nexport type EnsureRolesOptions = {\n roleNames?: string[]\n tenantId?: string | null\n}\n\nasync function ensureRolesInContext(\n em: EntityManager,\n roleNames: string[],\n tenantId: string | null,\n) {\n for (const name of roleNames) {\n const existing = await em.findOne(Role, { name, tenantId })\n if (existing) continue\n if (tenantId !== null) {\n const globalRole = await em.findOne(Role, { name, tenantId: null })\n if (globalRole) {\n globalRole.tenantId = tenantId\n em.persist(globalRole)\n continue\n }\n }\n em.persist(em.create(Role, { name, tenantId, createdAt: new Date() }))\n }\n}\n\nexport async function ensureRoles(em: EntityManager, options: EnsureRolesOptions = {}) {\n const roleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n const tenantId = normalizeTenantId(options.tenantId ?? null) ?? null\n await em.transactional(async (tem) => {\n await ensureRolesInContext(tem, roleNames, tenantId)\n await tem.flush()\n })\n}\n\nasync function findRoleByName(\n em: EntityManager,\n name: string,\n tenantId: string | null,\n): Promise<Role | null> {\n const normalizedTenant = normalizeTenantId(tenantId ?? null) ?? null\n let role = await em.findOne(Role, { name, tenantId: normalizedTenant })\n if (!role && normalizedTenant !== null) {\n role = await em.findOne(Role, { name, tenantId: null })\n }\n return role\n}\n\nasync function findRoleByNameOrFail(\n em: EntityManager,\n name: string,\n tenantId: string | null,\n): Promise<Role> {\n const role = await findRoleByName(em, name, tenantId)\n if (!role) throw new Error(`ROLE_NOT_FOUND:${name}`)\n return role\n}\n\ntype PrimaryUserInput = {\n email: string\n password?: string\n hashedPassword?: string | null\n firstName?: string | null\n lastName?: string | null\n displayName?: string | null\n confirm?: boolean\n}\n\nexport type SetupInitialTenantOptions = {\n orgName: string\n primaryUser: PrimaryUserInput\n roleNames?: string[]\n includeDerivedUsers?: boolean\n failIfUserExists?: boolean\n primaryUserRoles?: string[]\n includeSuperadminRole?: boolean\n}\n\nexport type SetupInitialTenantResult = {\n tenantId: string\n organizationId: string\n users: Array<{ user: User; roles: string[]; created: boolean }>\n reusedExistingUser: boolean\n}\n\nexport async function setupInitialTenant(\n em: EntityManager,\n options: SetupInitialTenantOptions,\n): Promise<SetupInitialTenantResult> {\n const {\n primaryUser,\n includeDerivedUsers = true,\n failIfUserExists = false,\n primaryUserRoles,\n includeSuperadminRole = true,\n } = options\n const primaryRolesInput = primaryUserRoles && primaryUserRoles.length ? primaryUserRoles : ['superadmin']\n const primaryRoles = includeSuperadminRole\n ? primaryRolesInput\n : primaryRolesInput.filter((role) => role !== 'superadmin')\n if (primaryRoles.length === 0) {\n throw new Error('PRIMARY_ROLES_REQUIRED')\n }\n const defaultRoleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n const resolvedRoleNames = includeSuperadminRole\n ? defaultRoleNames\n : defaultRoleNames.filter((role) => role !== 'superadmin')\n const roleNames = Array.from(new Set([...resolvedRoleNames, ...primaryRoles]))\n\n const mainEmail = primaryUser.email\n const existingUser = await em.findOne(User, { email: mainEmail })\n if (existingUser && failIfUserExists) {\n throw new Error('USER_EXISTS')\n }\n\n let tenantId: string | undefined\n let organizationId: string | undefined\n let reusedExistingUser = false\n const userSnapshots: Array<{ user: User; roles: string[]; created: boolean }> = []\n\n await em.transactional(async (tem) => {\n if (!existingUser) return\n reusedExistingUser = true\n tenantId = existingUser.tenantId ? String(existingUser.tenantId) : undefined\n organizationId = existingUser.organizationId ? String(existingUser.organizationId) : undefined\n const roleTenantId = normalizeTenantId(existingUser.tenantId ?? null) ?? null\n\n await ensureRolesInContext(tem, roleNames, roleTenantId)\n await tem.flush()\n\n const requiredRoleSet = new Set([...roleNames, ...primaryRoles])\n const links = await findWithDecryption(\n tem,\n UserRole,\n { user: existingUser },\n { populate: ['role'] },\n { tenantId: roleTenantId, organizationId: null },\n )\n const currentRoles = new Set(links.map((link) => link.role.name))\n for (const roleName of requiredRoleSet) {\n if (!currentRoles.has(roleName)) {\n const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n tem.persist(tem.create(UserRole, { user: existingUser, role, createdAt: new Date() }))\n }\n }\n await tem.flush()\n const roles = Array.from(new Set([...currentRoles, ...roleNames]))\n userSnapshots.push({ user: existingUser, roles, created: false })\n })\n\n if (!existingUser) {\n const baseUsers: Array<{ email: string; roles: string[]; name?: string | null }> = [\n { email: primaryUser.email, roles: primaryRoles, name: resolvePrimaryName(primaryUser) },\n ]\n if (includeDerivedUsers) {\n const [local, domain] = String(primaryUser.email).split('@')\n const isSuperadminLocal = (local || '').toLowerCase() === 'superadmin' && !!domain\n if (isSuperadminLocal) {\n baseUsers.push({ email: `admin@${domain}`, roles: ['admin'] })\n baseUsers.push({ email: `employee@${domain}`, roles: ['employee'] })\n }\n }\n const passwordHash = await resolvePasswordHash(primaryUser)\n\n await em.transactional(async (tem) => {\n const tenant = tem.create(Tenant, {\n name: `${options.orgName} Tenant`,\n isActive: true,\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n tem.persist(tenant)\n await tem.flush()\n\n const organization = tem.create(Organization, {\n name: options.orgName,\n tenant,\n isActive: true,\n depth: 0,\n ancestorIds: [],\n childIds: [],\n descendantIds: [],\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n tem.persist(organization)\n await tem.flush()\n\n tenantId = String(tenant.id)\n organizationId = String(organization.id)\n const roleTenantId = tenantId\n\n if (isTenantDataEncryptionEnabled()) {\n try {\n const kms = createKmsService()\n if (kms.isHealthy()) {\n if (isEncryptionDebugEnabled()) {\n console.info('\uD83D\uDD11 [encryption][setup] provisioning tenant DEK', { tenantId: String(tenant.id) })\n }\n await kms.createTenantDek(String(tenant.id))\n if (isEncryptionDebugEnabled()) {\n console.info('\uD83D\uDD11 [encryption][setup] created tenant DEK during setup', { tenantId: String(tenant.id) })\n }\n } else {\n if (isEncryptionDebugEnabled()) {\n console.warn('\u26A0\uFE0F [encryption][setup] KMS not healthy, skipping tenant DEK creation', { tenantId: String(tenant.id) })\n }\n }\n } catch (err) {\n if (isEncryptionDebugEnabled()) {\n console.warn('\u26A0\uFE0F [encryption][setup] Failed to create tenant DEK', err)\n }\n }\n }\n\n await ensureRolesInContext(tem, roleNames, roleTenantId)\n await tem.flush()\n\n if (isTenantDataEncryptionEnabled()) {\n for (const spec of DEFAULT_ENCRYPTION_MAPS) {\n const existing = await tem.findOne(EncryptionMap, { entityId: spec.entityId, tenantId: tenant.id, organizationId: organization.id, deletedAt: null })\n if (!existing) {\n tem.persist(tem.create(EncryptionMap, {\n entityId: spec.entityId,\n tenantId: tenant.id,\n organizationId: organization.id,\n fieldsJson: spec.fields,\n isActive: true,\n createdAt: new Date(),\n updatedAt: new Date(),\n }))\n } else {\n existing.fieldsJson = spec.fields\n existing.isActive = true\n }\n }\n await tem.flush()\n }\n })\n\n await em.transactional(async (tem) => {\n if (!tenantId || !organizationId) return\n const roleTenantId = tenantId\n const encryptionService = isTenantDataEncryptionEnabled()\n ? new TenantDataEncryptionService(tem as any, { kms: createKmsService() })\n : null\n if (encryptionService) {\n await encryptionService.invalidateMap('auth:user', String(tenantId), String(organizationId))\n await encryptionService.invalidateMap('auth:user', String(tenantId), null)\n }\n\n for (const base of baseUsers) {\n let user = await tem.findOne(User, { email: base.email })\n const confirm = primaryUser.confirm ?? true\n const encryptedPayload = encryptionService\n ? await encryptionService.encryptEntityPayload('auth:user', { email: base.email }, tenantId, organizationId)\n : { email: base.email, emailHash: computeEmailHash(base.email) }\n if (user) {\n user.passwordHash = passwordHash\n user.organizationId = organizationId\n user.tenantId = tenantId\n if (isTenantDataEncryptionEnabled()) {\n user.email = encryptedPayload.email as any\n user.emailHash = (encryptedPayload as any).emailHash ?? computeEmailHash(base.email)\n }\n if (base.name) user.name = base.name\n if (confirm) user.isConfirmed = true\n tem.persist(user)\n userSnapshots.push({ user, roles: base.roles, created: false })\n } else {\n user = tem.create(User, {\n email: (encryptedPayload as any).email ?? base.email,\n emailHash: isTenantDataEncryptionEnabled() ? (encryptedPayload as any).emailHash ?? computeEmailHash(base.email) : undefined,\n passwordHash,\n organizationId,\n tenantId,\n name: base.name ?? undefined,\n isConfirmed: confirm,\n createdAt: new Date(),\n })\n tem.persist(user)\n userSnapshots.push({ user, roles: base.roles, created: true })\n }\n await tem.flush()\n for (const roleName of base.roles) {\n const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n const existingLink = await tem.findOne(UserRole, { user, role })\n if (!existingLink) tem.persist(tem.create(UserRole, { user, role, createdAt: new Date() }))\n }\n await tem.flush()\n }\n })\n }\n\n if (!tenantId || !organizationId) {\n throw new Error('SETUP_FAILED')\n }\n\n if (!reusedExistingUser) {\n await rebuildHierarchyForTenant(em, tenantId)\n }\n\n await ensureDefaultRoleAcls(em, tenantId, { includeSuperadminRole })\n await deactivateDemoSuperAdminIfSelfOnboardingEnabled(em)\n await ensureSalesNumberingDefaults(em, { tenantId, organizationId })\n\n return {\n tenantId,\n organizationId,\n users: userSnapshots,\n reusedExistingUser,\n }\n}\n\nfunction resolvePrimaryName(input: PrimaryUserInput): string | null {\n if (input.displayName && input.displayName.trim()) return input.displayName.trim()\n const parts = [input.firstName, input.lastName].map((value) => value?.trim()).filter(Boolean)\n if (parts.length) return parts.join(' ')\n return null\n}\n\nasync function resolvePasswordHash(input: PrimaryUserInput): Promise<string | null> {\n if (typeof input.hashedPassword === 'string') return input.hashedPassword\n if (input.password) return hash(input.password, 10)\n return null\n}\n\nasync function ensureDefaultRoleAcls(\n em: EntityManager,\n tenantId: string,\n options: { includeSuperadminRole?: boolean } = {},\n) {\n const includeSuperadminRole = options.includeSuperadminRole ?? true\n const roleTenantId = normalizeTenantId(tenantId) ?? null\n const superadminRole = includeSuperadminRole ? await findRoleByName(em, 'superadmin', roleTenantId) : null\n const adminRole = await findRoleByName(em, 'admin', roleTenantId)\n const employeeRole = await findRoleByName(em, 'employee', roleTenantId)\n\n if (includeSuperadminRole && superadminRole) {\n await ensureRoleAclFor(em, superadminRole, tenantId, ['directory.tenants.*'], { isSuperAdmin: true })\n }\n if (adminRole) {\n const adminFeatures = [\n 'auth.*',\n 'entities.*',\n 'attachments.*',\n 'attachments.view',\n 'attachments.manage',\n 'query_index.*',\n 'search.*',\n 'vector.*',\n 'feature_toggles.*',\n 'configs.system_status.view',\n 'configs.cache.view',\n 'configs.cache.manage',\n 'configs.manage',\n 'catalog.*',\n 'catalog.variants.manage',\n 'catalog.pricing.manage',\n 'sales.*',\n 'audit_logs.*',\n 'directory.organizations.view',\n 'directory.organizations.manage',\n 'customers.*',\n 'customers.people.view',\n 'customers.people.manage',\n 'customers.companies.view',\n 'customers.companies.manage',\n 'customers.deals.view',\n 'customers.deals.manage',\n 'dictionaries.view',\n 'dictionaries.manage',\n 'example.*',\n 'dashboards.*',\n 'dashboards.admin.assign-widgets',\n 'analytics.view',\n 'api_keys.*',\n 'perspectives.use',\n 'perspectives.role_defaults',\n 'business_rules.*',\n 'workflows.*',\n 'currencies.*',\n 'staff.*',\n 'staff.leave_requests.manage',\n 'resources.*',\n 'planner.*',\n ]\n await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures, { remove: ['directory.organizations.*', 'directory.tenants.*'] })\n }\n if (employeeRole) {\n await ensureRoleAclFor(em, employeeRole, tenantId, [\n 'customers.*',\n 'customers.people.view',\n 'customers.people.manage',\n 'customers.companies.view',\n 'customers.companies.manage',\n 'vector.*',\n 'catalog.*',\n 'catalog.variants.manage',\n 'catalog.pricing.manage',\n 'sales.*',\n 'dictionaries.view',\n 'example.*',\n 'example.widgets.*',\n 'dashboards.view',\n 'dashboards.configure',\n 'analytics.view',\n 'audit_logs.undo_self',\n 'perspectives.use',\n 'staff.leave_requests.send',\n 'staff.my_availability.view',\n 'staff.my_availability.manage',\n 'staff.my_leave_requests.view',\n 'staff.my_leave_requests.send',\n 'planner.view',\n ])\n }\n}\n\nasync function ensureRoleAclFor(\n em: EntityManager,\n role: Role,\n tenantId: string,\n features: string[],\n options: { isSuperAdmin?: boolean; remove?: string[] } = {},\n) {\n const existing = await em.findOne(RoleAcl, { role, tenantId })\n if (!existing) {\n const acl = em.create(RoleAcl, {\n role,\n tenantId,\n featuresJson: features,\n isSuperAdmin: !!options.isSuperAdmin,\n createdAt: new Date(),\n })\n await em.persistAndFlush(acl)\n return\n }\n const currentFeatures = Array.isArray(existing.featuresJson) ? existing.featuresJson : []\n const merged = Array.from(new Set([...currentFeatures, ...features]))\n const removeSet = new Set(options.remove ?? [])\n const sanitized =\n removeSet.size\n ? merged.filter((value) => {\n if (removeSet.has(value)) return false\n for (const entry of removeSet) {\n if (entry.endsWith('.*')) {\n const prefix = entry.slice(0, -1) // keep trailing dot\n if (value === entry || value.startsWith(prefix)) return false\n }\n }\n return true\n })\n : merged\n const changed =\n sanitized.length !== currentFeatures.length ||\n sanitized.some((value, index) => value !== currentFeatures[index])\n if (changed) existing.featuresJson = sanitized\n if (options.isSuperAdmin && !existing.isSuperAdmin) {\n existing.isSuperAdmin = true\n }\n if (changed || options.isSuperAdmin) {\n await em.persistAndFlush(existing)\n }\n}\n\nasync function deactivateDemoSuperAdminIfSelfOnboardingEnabled(em: EntityManager) {\n if (process.env.SELF_SERVICE_ONBOARDING_ENABLED !== 'true') return\n try {\n const user = await em.findOne(User, { email: DEMO_SUPERADMIN_EMAIL })\n if (!user) return\n let dirty = false\n if (user.passwordHash) {\n user.passwordHash = null\n dirty = true\n }\n if (user.isConfirmed !== false) {\n user.isConfirmed = false\n dirty = true\n }\n if (dirty) {\n await em.persistAndFlush(user)\n }\n } catch (error) {\n console.error('[auth.setup] failed to deactivate demo superadmin user', error)\n }\n}\n\nasync function ensureSalesNumberingDefaults(\n em: EntityManager,\n scope: { tenantId: string; organizationId: string },\n) {\n const repo = (em as any).getRepository?.(SalesSettings)\n const findSettings = async () =>\n repo?.findOne({\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n }) ??\n (em as any).findOne?.(SalesSettings, {\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n })\n\n const exists = await findSettings()\n if (!exists) {\n const settings =\n repo?.create?.({\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n createdAt: new Date(),\n updatedAt: new Date(),\n }) ??\n (em as any).create?.(SalesSettings, {\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n orderNumberFormat: DEFAULT_ORDER_NUMBER_FORMAT,\n quoteNumberFormat: DEFAULT_QUOTE_NUMBER_FORMAT,\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n if (settings && (em as any).persist) {\n em.persist(settings)\n }\n }\n\n const sequenceRepo = (em as any).getRepository?.(SalesDocumentSequence)\n const kinds: Array<'order' | 'quote'> = ['order', 'quote']\n for (const kind of kinds) {\n const seq =\n sequenceRepo?.findOne({\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n documentKind: kind,\n }) ??\n (em as any).findOne?.(SalesDocumentSequence, {\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n documentKind: kind,\n })\n if (!seq) {\n const entry =\n sequenceRepo?.create?.({\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n documentKind: kind,\n currentValue: 0,\n createdAt: new Date(),\n updatedAt: new Date(),\n }) ??\n (em as any).create?.(SalesDocumentSequence, {\n tenantId: scope.tenantId,\n organizationId: scope.organizationId,\n documentKind: kind,\n currentValue: 0,\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n if (entry && (em as any).persist) {\n em.persist(entry)\n }\n }\n }\n\n if ((em as any).flush) {\n await em.flush()\n }\n}\n"],
5
- "mappings": "AAAA,SAAS,YAAY;AAErB,SAAS,MAAM,SAAS,MAAM,gBAAgB;AAC9C,SAAS,QAAQ,oBAAoB;AACrC,SAAS,iCAAiC;AAC1C,SAAS,yBAAyB;AAClC,SAAS,eAAe,6BAA6B;AACrD;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,wBAAwB;AACjC,SAAS,0BAA0B,qCAAqC;AACxE,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AACxC,SAAS,wBAAwB;AACjC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AAEnC,MAAM,qBAAqB,CAAC,YAAY,SAAS,YAAY;AAC7D,MAAM,wBAAwB;AAO9B,eAAe,qBACb,IACA,WACA,UACA;AACA,aAAW,QAAQ,WAAW;AAC5B,UAAM,WAAW,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,QAAI,SAAU;AACd,QAAI,aAAa,MAAM;AACrB,YAAM,aAAa,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAClE,UAAI,YAAY;AACd,mBAAW,WAAW;AACtB,WAAG,QAAQ,UAAU;AACrB;AAAA,MACF;AAAA,IACF;AACA,OAAG,QAAQ,GAAG,OAAO,MAAM,EAAE,MAAM,UAAU,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,EACvE;AACF;AAEA,eAAsB,YAAY,IAAmB,UAA8B,CAAC,GAAG;AACrF,QAAM,YAAY,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AAC7D,QAAM,WAAW,kBAAkB,QAAQ,YAAY,IAAI,KAAK;AAChE,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,qBAAqB,KAAK,WAAW,QAAQ;AACnD,UAAM,IAAI,MAAM;AAAA,EAClB,CAAC;AACH;AAEA,eAAe,eACb,IACA,MACA,UACsB;AACtB,QAAM,mBAAmB,kBAAkB,YAAY,IAAI,KAAK;AAChE,MAAI,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,iBAAiB,CAAC;AACtE,MAAI,CAAC,QAAQ,qBAAqB,MAAM;AACtC,WAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD;AACA,SAAO;AACT;AAEA,eAAe,qBACb,IACA,MACA,UACe;AACf,QAAM,OAAO,MAAM,eAAe,IAAI,MAAM,QAAQ;AACpD,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,kBAAkB,IAAI,EAAE;AACnD,SAAO;AACT;AA6BA,eAAsB,mBACpB,IACA,SACmC;AACnC,QAAM;AAAA,IACJ;AAAA,IACA,sBAAsB;AAAA,IACtB,mBAAmB;AAAA,IACnB;AAAA,IACA,wBAAwB;AAAA,EAC1B,IAAI;AACJ,QAAM,oBAAoB,oBAAoB,iBAAiB,SAAS,mBAAmB,CAAC,YAAY;AACxG,QAAM,eAAe,wBACjB,oBACA,kBAAkB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC5D,MAAI,aAAa,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACA,QAAM,mBAAmB,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AACpE,QAAM,oBAAoB,wBACtB,mBACA,iBAAiB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC3D,QAAM,YAAY,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,mBAAmB,GAAG,YAAY,CAAC,CAAC;AAE7E,QAAM,YAAY,YAAY;AAC9B,QAAM,eAAe,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,UAAU,CAAC;AAChE,MAAI,gBAAgB,kBAAkB;AACpC,UAAM,IAAI,MAAM,aAAa;AAAA,EAC/B;AAEA,MAAI;AACJ,MAAI;AACJ,MAAI,qBAAqB;AACzB,QAAM,gBAA0E,CAAC;AAEjF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,QAAI,CAAC,aAAc;AACnB,yBAAqB;AACrB,eAAW,aAAa,WAAW,OAAO,aAAa,QAAQ,IAAI;AACnE,qBAAiB,aAAa,iBAAiB,OAAO,aAAa,cAAc,IAAI;AACrF,UAAM,eAAe,kBAAkB,aAAa,YAAY,IAAI,KAAK;AAEzE,UAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,UAAM,IAAI,MAAM;AAEhB,UAAM,kBAAkB,oBAAI,IAAI,CAAC,GAAG,WAAW,GAAG,YAAY,CAAC;AAC/D,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,aAAa;AAAA,MACrB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,cAAc,gBAAgB,KAAK;AAAA,IACjD;AACA,UAAM,eAAe,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC;AAChE,eAAW,YAAY,iBAAiB;AACtC,UAAI,CAAC,aAAa,IAAI,QAAQ,GAAG;AAC/B,cAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,YAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,cAAc,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,MACvF;AAAA,IACF;AACA,UAAM,IAAI,MAAM;AAChB,UAAM,QAAQ,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,cAAc,GAAG,SAAS,CAAC,CAAC;AACjE,kBAAc,KAAK,EAAE,MAAM,cAAc,OAAO,SAAS,MAAM,CAAC;AAAA,EAClE,CAAC;AAED,MAAI,CAAC,cAAc;AACjB,UAAM,YAA6E;AAAA,MACjF,EAAE,OAAO,YAAY,OAAO,OAAO,cAAc,MAAM,mBAAmB,WAAW,EAAE;AAAA,IACzF;AACA,QAAI,qBAAqB;AACvB,YAAM,CAAC,OAAO,MAAM,IAAI,OAAO,YAAY,KAAK,EAAE,MAAM,GAAG;AAC3D,YAAM,qBAAqB,SAAS,IAAI,YAAY,MAAM,gBAAgB,CAAC,CAAC;AAC5E,UAAI,mBAAmB;AACrB,kBAAU,KAAK,EAAE,OAAO,SAAS,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;AAC7D,kBAAU,KAAK,EAAE,OAAO,YAAY,MAAM,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;AAAA,MACrE;AAAA,IACF;AACA,UAAM,eAAe,MAAM,oBAAoB,WAAW;AAE1D,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAM,SAAS,IAAI,OAAO,QAAQ;AAAA,QAChC,MAAM,GAAG,QAAQ,OAAO;AAAA,QACxB,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,MAAM;AAClB,YAAM,IAAI,MAAM;AAEhB,YAAM,eAAe,IAAI,OAAO,cAAc;AAAA,QAC5C,MAAM,QAAQ;AAAA,QACd;AAAA,QACA,UAAU;AAAA,QACV,OAAO;AAAA,QACP,aAAa,CAAC;AAAA,QACd,UAAU,CAAC;AAAA,QACX,eAAe,CAAC;AAAA,QAChB,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,YAAY;AACxB,YAAM,IAAI,MAAM;AAEhB,iBAAW,OAAO,OAAO,EAAE;AAC3B,uBAAiB,OAAO,aAAa,EAAE;AACvC,YAAM,eAAe;AAErB,UAAI,8BAA8B,GAAG;AACnC,YAAI;AACF,gBAAM,MAAM,iBAAiB;AAC7B,cAAI,IAAI,UAAU,GAAG;AACnB,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,yDAAkD,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YAChG;AACA,kBAAM,IAAI,gBAAgB,OAAO,OAAO,EAAE,CAAC;AAC3C,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,iEAA0D,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACxG;AAAA,UACF,OAAO;AACL,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,kFAAwE,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACtH;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,yBAAyB,GAAG;AAC9B,oBAAQ,KAAK,gEAAsD,GAAG;AAAA,UACxE;AAAA,QACF;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,YAAM,IAAI,MAAM;AAEhB,UAAI,8BAA8B,GAAG;AACnC,mBAAW,QAAQ,yBAAyB;AAC1C,gBAAM,WAAW,MAAM,IAAI,QAAQ,eAAe,EAAE,UAAU,KAAK,UAAU,UAAU,OAAO,IAAI,gBAAgB,aAAa,IAAI,WAAW,KAAK,CAAC;AACpJ,cAAI,CAAC,UAAU;AACb,gBAAI,QAAQ,IAAI,OAAO,eAAe;AAAA,cACpC,UAAU,KAAK;AAAA,cACf,UAAU,OAAO;AAAA,cACjB,gBAAgB,aAAa;AAAA,cAC7B,YAAY,KAAK;AAAA,cACjB,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC,CAAC;AAAA,UACJ,OAAO;AACL,qBAAS,aAAa,KAAK;AAC3B,qBAAS,WAAW;AAAA,UACtB;AAAA,QACF;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAED,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAI,CAAC,YAAY,CAAC,eAAgB;AAClC,YAAM,eAAe;AACrB,YAAM,oBAAoB,8BAA8B,IACpD,IAAI,4BAA4B,KAAY,EAAE,KAAK,iBAAiB,EAAE,CAAC,IACvE;AACJ,UAAI,mBAAmB;AACrB,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,OAAO,cAAc,CAAC;AAC3F,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,IAAI;AAAA,MAC3E;AAEA,iBAAW,QAAQ,WAAW;AAC5B,YAAI,OAAO,MAAM,IAAI,QAAQ,MAAM,EAAE,OAAO,KAAK,MAAM,CAAC;AACxD,cAAM,UAAU,YAAY,WAAW;AACvC,cAAM,mBAAmB,oBACrB,MAAM,kBAAkB,qBAAqB,aAAa,EAAE,OAAO,KAAK,MAAM,GAAG,UAAU,cAAc,IACzG,EAAE,OAAO,KAAK,OAAO,WAAW,iBAAiB,KAAK,KAAK,EAAE;AACjE,YAAI,MAAM;AACR,eAAK,eAAe;AACpB,eAAK,iBAAiB;AACtB,eAAK,WAAW;AAChB,cAAI,8BAA8B,GAAG;AACnC,iBAAK,QAAQ,iBAAiB;AAC9B,iBAAK,YAAa,iBAAyB,aAAa,iBAAiB,KAAK,KAAK;AAAA,UACrF;AACA,cAAI,KAAK,KAAM,MAAK,OAAO,KAAK;AAChC,cAAI,QAAS,MAAK,cAAc;AAChC,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,MAAM,CAAC;AAAA,QAChE,OAAO;AACL,iBAAO,IAAI,OAAO,MAAM;AAAA,YACtB,OAAQ,iBAAyB,SAAS,KAAK;AAAA,YAC/C,WAAW,8BAA8B,IAAK,iBAAyB,aAAa,iBAAiB,KAAK,KAAK,IAAI;AAAA,YACnH;AAAA,YACA;AAAA,YACA;AAAA,YACA,MAAM,KAAK,QAAQ;AAAA,YACnB,aAAa;AAAA,YACb,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AACD,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,KAAK,CAAC;AAAA,QAC/D;AACA,cAAM,IAAI,MAAM;AAChB,mBAAW,YAAY,KAAK,OAAO;AACjC,gBAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,gBAAM,eAAe,MAAM,IAAI,QAAQ,UAAU,EAAE,MAAM,KAAK,CAAC;AAC/D,cAAI,CAAC,aAAc,KAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,QAC5F;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,UAAM,IAAI,MAAM,cAAc;AAAA,EAChC;AAEA,MAAI,CAAC,oBAAoB;AACvB,UAAM,0BAA0B,IAAI,QAAQ;AAAA,EAC9C;AAEA,QAAM,sBAAsB,IAAI,UAAU,EAAE,sBAAsB,CAAC;AACnE,QAAM,gDAAgD,EAAE;AACxD,QAAM,6BAA6B,IAAI,EAAE,UAAU,eAAe,CAAC;AAEnE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,OAAwC;AAClE,MAAI,MAAM,eAAe,MAAM,YAAY,KAAK,EAAG,QAAO,MAAM,YAAY,KAAK;AACjF,QAAM,QAAQ,CAAC,MAAM,WAAW,MAAM,QAAQ,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC,EAAE,OAAO,OAAO;AAC5F,MAAI,MAAM,OAAQ,QAAO,MAAM,KAAK,GAAG;AACvC,SAAO;AACT;AAEA,eAAe,oBAAoB,OAAiD;AAClF,MAAI,OAAO,MAAM,mBAAmB,SAAU,QAAO,MAAM;AAC3D,MAAI,MAAM,SAAU,QAAO,KAAK,MAAM,UAAU,EAAE;AAClD,SAAO;AACT;AAEA,eAAe,sBACb,IACA,UACA,UAA+C,CAAC,GAChD;AACA,QAAM,wBAAwB,QAAQ,yBAAyB;AAC/D,QAAM,eAAe,kBAAkB,QAAQ,KAAK;AACpD,QAAM,iBAAiB,wBAAwB,MAAM,eAAe,IAAI,cAAc,YAAY,IAAI;AACtG,QAAM,YAAY,MAAM,eAAe,IAAI,SAAS,YAAY;AAChE,QAAM,eAAe,MAAM,eAAe,IAAI,YAAY,YAAY;AAEtE,MAAI,yBAAyB,gBAAgB;AAC3C,UAAM,iBAAiB,IAAI,gBAAgB,UAAU,CAAC,qBAAqB,GAAG,EAAE,cAAc,KAAK,CAAC;AAAA,EACtG;AACA,MAAI,WAAW;AACb,UAAM,gBAAgB;AAAA,MACpB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,UAAM,iBAAiB,IAAI,WAAW,UAAU,eAAe,EAAE,QAAQ,CAAC,6BAA6B,qBAAqB,EAAE,CAAC;AAAA,EACjI;AACA,MAAI,cAAc;AAChB,UAAM,iBAAiB,IAAI,cAAc,UAAU;AAAA,MACjD;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEA,eAAe,iBACb,IACA,MACA,UACA,UACA,UAAyD,CAAC,GAC1D;AACA,QAAM,WAAW,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7D,MAAI,CAAC,UAAU;AACb,UAAM,MAAM,GAAG,OAAO,SAAS;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc,CAAC,CAAC,QAAQ;AAAA,MACxB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACD,UAAM,GAAG,gBAAgB,GAAG;AAC5B;AAAA,EACF;AACA,QAAM,kBAAkB,MAAM,QAAQ,SAAS,YAAY,IAAI,SAAS,eAAe,CAAC;AACxF,QAAM,SAAS,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,iBAAiB,GAAG,QAAQ,CAAC,CAAC;AACpE,QAAM,YAAY,IAAI,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC9C,QAAM,YACJ,UAAU,OACN,OAAO,OAAO,CAAC,UAAU;AACzB,QAAI,UAAU,IAAI,KAAK,EAAG,QAAO;AACjC,eAAW,SAAS,WAAW;AAC7B,UAAI,MAAM,SAAS,IAAI,GAAG;AACxB,cAAM,SAAS,MAAM,MAAM,GAAG,EAAE;AAChC,YAAI,UAAU,SAAS,MAAM,WAAW,MAAM,EAAG,QAAO;AAAA,MAC1D;AAAA,IACF;AACA,WAAO;AAAA,EACT,CAAC,IACC;AACN,QAAM,UACJ,UAAU,WAAW,gBAAgB,UACrC,UAAU,KAAK,CAAC,OAAO,UAAU,UAAU,gBAAgB,KAAK,CAAC;AACnE,MAAI,QAAS,UAAS,eAAe;AACrC,MAAI,QAAQ,gBAAgB,CAAC,SAAS,cAAc;AAClD,aAAS,eAAe;AAAA,EAC1B;AACA,MAAI,WAAW,QAAQ,cAAc;AACnC,UAAM,GAAG,gBAAgB,QAAQ;AAAA,EACnC;AACF;AAEA,eAAe,gDAAgD,IAAmB;AAChF,MAAI,QAAQ,IAAI,oCAAoC,OAAQ;AAC5D,MAAI;AACF,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,sBAAsB,CAAC;AACpE,QAAI,CAAC,KAAM;AACX,QAAI,QAAQ;AACZ,QAAI,KAAK,cAAc;AACrB,WAAK,eAAe;AACpB,cAAQ;AAAA,IACV;AACA,QAAI,KAAK,gBAAgB,OAAO;AAC9B,WAAK,cAAc;AACnB,cAAQ;AAAA,IACV;AACA,QAAI,OAAO;AACT,YAAM,GAAG,gBAAgB,IAAI;AAAA,IAC/B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0DAA0D,KAAK;AAAA,EAC/E;AACF;AAEA,eAAe,6BACb,IACA,OACA;AACA,QAAM,OAAQ,GAAW,gBAAgB,aAAa;AACtD,QAAM,eAAe,YACnB,MAAM,QAAQ;AAAA,IACZ,UAAU,MAAM;AAAA,IAChB,gBAAgB,MAAM;AAAA,EACxB,CAAC,KACA,GAAW,UAAU,eAAe;AAAA,IACnC,UAAU,MAAM;AAAA,IAChB,gBAAgB,MAAM;AAAA,EACxB,CAAC;AAEH,QAAM,SAAS,MAAM,aAAa;AAClC,MAAI,CAAC,QAAQ;AACX,UAAM,WACJ,MAAM,SAAS;AAAA,MACb,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,mBAAmB;AAAA,MACnB,mBAAmB;AAAA,MACnB,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC,KACA,GAAW,SAAS,eAAe;AAAA,MAClC,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,mBAAmB;AAAA,MACnB,mBAAmB;AAAA,MACnB,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACH,QAAI,YAAa,GAAW,SAAS;AACnC,SAAG,QAAQ,QAAQ;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,eAAgB,GAAW,gBAAgB,qBAAqB;AACtE,QAAM,QAAkC,CAAC,SAAS,OAAO;AACzD,aAAW,QAAQ,OAAO;AACxB,UAAM,MACJ,cAAc,QAAQ;AAAA,MACpB,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,cAAc;AAAA,IAChB,CAAC,KACA,GAAW,UAAU,uBAAuB;AAAA,MAC3C,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,cAAc;AAAA,IAChB,CAAC;AACH,QAAI,CAAC,KAAK;AACR,YAAM,QACJ,cAAc,SAAS;AAAA,QACrB,UAAU,MAAM;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC,KACA,GAAW,SAAS,uBAAuB;AAAA,QAC1C,UAAU,MAAM;AAAA,QAChB,gBAAgB,MAAM;AAAA,QACtB,cAAc;AAAA,QACd,cAAc;AAAA,QACd,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACH,UAAI,SAAU,GAAW,SAAS;AAChC,WAAG,QAAQ,KAAK;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,MAAK,GAAW,OAAO;AACrB,UAAM,GAAG,MAAM;AAAA,EACjB;AACF;",
4
+ "sourcesContent": ["import { hash } from 'bcryptjs'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { Role, RoleAcl, User, UserRole } from '@open-mercato/core/modules/auth/data/entities'\nimport { Tenant, Organization } from '@open-mercato/core/modules/directory/data/entities'\nimport { rebuildHierarchyForTenant } from '@open-mercato/core/modules/directory/lib/hierarchy'\nimport { normalizeTenantId } from './tenantAccess'\nimport { computeEmailHash } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport type { Module } from '@open-mercato/shared/modules/registry'\nimport { isEncryptionDebugEnabled, isTenantDataEncryptionEnabled } from '@open-mercato/shared/lib/encryption/toggles'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport { createKmsService } from '@open-mercato/shared/lib/encryption/kms'\nimport { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nconst DEFAULT_ROLE_NAMES = ['employee', 'admin', 'superadmin'] as const\nconst DEMO_SUPERADMIN_EMAIL = 'superadmin@acme.com'\n\nexport type EnsureRolesOptions = {\n roleNames?: string[]\n tenantId?: string | null\n}\n\nasync function ensureRolesInContext(\n em: EntityManager,\n roleNames: string[],\n tenantId: string | null,\n) {\n for (const name of roleNames) {\n const existing = await em.findOne(Role, { name, tenantId })\n if (existing) continue\n if (tenantId !== null) {\n const globalRole = await em.findOne(Role, { name, tenantId: null })\n if (globalRole) {\n globalRole.tenantId = tenantId\n em.persist(globalRole)\n continue\n }\n }\n em.persist(em.create(Role, { name, tenantId, createdAt: new Date() }))\n }\n}\n\nexport async function ensureRoles(em: EntityManager, options: EnsureRolesOptions = {}) {\n const roleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n const tenantId = normalizeTenantId(options.tenantId ?? null) ?? null\n await em.transactional(async (tem) => {\n await ensureRolesInContext(tem, roleNames, tenantId)\n await tem.flush()\n })\n}\n\nasync function findRoleByName(\n em: EntityManager,\n name: string,\n tenantId: string | null,\n): Promise<Role | null> {\n const normalizedTenant = normalizeTenantId(tenantId ?? null) ?? null\n let role = await em.findOne(Role, { name, tenantId: normalizedTenant })\n if (!role && normalizedTenant !== null) {\n role = await em.findOne(Role, { name, tenantId: null })\n }\n return role\n}\n\nasync function findRoleByNameOrFail(\n em: EntityManager,\n name: string,\n tenantId: string | null,\n): Promise<Role> {\n const role = await findRoleByName(em, name, tenantId)\n if (!role) throw new Error(`ROLE_NOT_FOUND:${name}`)\n return role\n}\n\ntype PrimaryUserInput = {\n email: string\n password?: string\n hashedPassword?: string | null\n firstName?: string | null\n lastName?: string | null\n displayName?: string | null\n confirm?: boolean\n}\n\nexport type SetupInitialTenantOptions = {\n orgName: string\n primaryUser: PrimaryUserInput\n roleNames?: string[]\n includeDerivedUsers?: boolean\n failIfUserExists?: boolean\n primaryUserRoles?: string[]\n includeSuperadminRole?: boolean\n /** Optional list of enabled modules. When provided, module setup hooks are called. */\n modules?: Module[]\n}\n\nexport type SetupInitialTenantResult = {\n tenantId: string\n organizationId: string\n users: Array<{ user: User; roles: string[]; created: boolean }>\n reusedExistingUser: boolean\n}\n\nexport async function setupInitialTenant(\n em: EntityManager,\n options: SetupInitialTenantOptions,\n): Promise<SetupInitialTenantResult> {\n const {\n primaryUser,\n includeDerivedUsers = true,\n failIfUserExists = false,\n primaryUserRoles,\n includeSuperadminRole = true,\n } = options\n const primaryRolesInput = primaryUserRoles && primaryUserRoles.length ? primaryUserRoles : ['superadmin']\n const primaryRoles = includeSuperadminRole\n ? primaryRolesInput\n : primaryRolesInput.filter((role) => role !== 'superadmin')\n if (primaryRoles.length === 0) {\n throw new Error('PRIMARY_ROLES_REQUIRED')\n }\n const defaultRoleNames = options.roleNames ?? [...DEFAULT_ROLE_NAMES]\n const resolvedRoleNames = includeSuperadminRole\n ? defaultRoleNames\n : defaultRoleNames.filter((role) => role !== 'superadmin')\n const roleNames = Array.from(new Set([...resolvedRoleNames, ...primaryRoles]))\n\n const mainEmail = primaryUser.email\n const existingUser = await em.findOne(User, { email: mainEmail })\n if (existingUser && failIfUserExists) {\n throw new Error('USER_EXISTS')\n }\n\n let tenantId: string | undefined\n let organizationId: string | undefined\n let reusedExistingUser = false\n const userSnapshots: Array<{ user: User; roles: string[]; created: boolean }> = []\n\n await em.transactional(async (tem) => {\n if (!existingUser) return\n reusedExistingUser = true\n tenantId = existingUser.tenantId ? String(existingUser.tenantId) : undefined\n organizationId = existingUser.organizationId ? String(existingUser.organizationId) : undefined\n const roleTenantId = normalizeTenantId(existingUser.tenantId ?? null) ?? null\n\n await ensureRolesInContext(tem, roleNames, roleTenantId)\n await tem.flush()\n\n const requiredRoleSet = new Set([...roleNames, ...primaryRoles])\n const links = await findWithDecryption(\n tem,\n UserRole,\n { user: existingUser },\n { populate: ['role'] },\n { tenantId: roleTenantId, organizationId: null },\n )\n const currentRoles = new Set(links.map((link) => link.role.name))\n for (const roleName of requiredRoleSet) {\n if (!currentRoles.has(roleName)) {\n const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n tem.persist(tem.create(UserRole, { user: existingUser, role, createdAt: new Date() }))\n }\n }\n await tem.flush()\n const roles = Array.from(new Set([...currentRoles, ...roleNames]))\n userSnapshots.push({ user: existingUser, roles, created: false })\n })\n\n if (!existingUser) {\n const baseUsers: Array<{ email: string; roles: string[]; name?: string | null }> = [\n { email: primaryUser.email, roles: primaryRoles, name: resolvePrimaryName(primaryUser) },\n ]\n if (includeDerivedUsers) {\n const [local, domain] = String(primaryUser.email).split('@')\n const isSuperadminLocal = (local || '').toLowerCase() === 'superadmin' && !!domain\n if (isSuperadminLocal) {\n baseUsers.push({ email: `admin@${domain}`, roles: ['admin'] })\n baseUsers.push({ email: `employee@${domain}`, roles: ['employee'] })\n }\n }\n const passwordHash = await resolvePasswordHash(primaryUser)\n\n await em.transactional(async (tem) => {\n const tenant = tem.create(Tenant, {\n name: `${options.orgName} Tenant`,\n isActive: true,\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n tem.persist(tenant)\n await tem.flush()\n\n const organization = tem.create(Organization, {\n name: options.orgName,\n tenant,\n isActive: true,\n depth: 0,\n ancestorIds: [],\n childIds: [],\n descendantIds: [],\n createdAt: new Date(),\n updatedAt: new Date(),\n })\n tem.persist(organization)\n await tem.flush()\n\n tenantId = String(tenant.id)\n organizationId = String(organization.id)\n const roleTenantId = tenantId\n\n if (isTenantDataEncryptionEnabled()) {\n try {\n const kms = createKmsService()\n if (kms.isHealthy()) {\n if (isEncryptionDebugEnabled()) {\n console.info('\uD83D\uDD11 [encryption][setup] provisioning tenant DEK', { tenantId: String(tenant.id) })\n }\n await kms.createTenantDek(String(tenant.id))\n if (isEncryptionDebugEnabled()) {\n console.info('\uD83D\uDD11 [encryption][setup] created tenant DEK during setup', { tenantId: String(tenant.id) })\n }\n } else {\n if (isEncryptionDebugEnabled()) {\n console.warn('\u26A0\uFE0F [encryption][setup] KMS not healthy, skipping tenant DEK creation', { tenantId: String(tenant.id) })\n }\n }\n } catch (err) {\n if (isEncryptionDebugEnabled()) {\n console.warn('\u26A0\uFE0F [encryption][setup] Failed to create tenant DEK', err)\n }\n }\n }\n\n await ensureRolesInContext(tem, roleNames, roleTenantId)\n await tem.flush()\n\n if (isTenantDataEncryptionEnabled()) {\n for (const spec of DEFAULT_ENCRYPTION_MAPS) {\n const existing = await tem.findOne(EncryptionMap, { entityId: spec.entityId, tenantId: tenant.id, organizationId: organization.id, deletedAt: null })\n if (!existing) {\n tem.persist(tem.create(EncryptionMap, {\n entityId: spec.entityId,\n tenantId: tenant.id,\n organizationId: organization.id,\n fieldsJson: spec.fields,\n isActive: true,\n createdAt: new Date(),\n updatedAt: new Date(),\n }))\n } else {\n existing.fieldsJson = spec.fields\n existing.isActive = true\n }\n }\n await tem.flush()\n }\n })\n\n await em.transactional(async (tem) => {\n if (!tenantId || !organizationId) return\n const roleTenantId = tenantId\n const encryptionService = isTenantDataEncryptionEnabled()\n ? new TenantDataEncryptionService(tem as any, { kms: createKmsService() })\n : null\n if (encryptionService) {\n await encryptionService.invalidateMap('auth:user', String(tenantId), String(organizationId))\n await encryptionService.invalidateMap('auth:user', String(tenantId), null)\n }\n\n for (const base of baseUsers) {\n let user = await tem.findOne(User, { email: base.email })\n const confirm = primaryUser.confirm ?? true\n const encryptedPayload = encryptionService\n ? await encryptionService.encryptEntityPayload('auth:user', { email: base.email }, tenantId, organizationId)\n : { email: base.email, emailHash: computeEmailHash(base.email) }\n if (user) {\n user.passwordHash = passwordHash\n user.organizationId = organizationId\n user.tenantId = tenantId\n if (isTenantDataEncryptionEnabled()) {\n user.email = encryptedPayload.email as any\n user.emailHash = (encryptedPayload as any).emailHash ?? computeEmailHash(base.email)\n }\n if (base.name) user.name = base.name\n if (confirm) user.isConfirmed = true\n tem.persist(user)\n userSnapshots.push({ user, roles: base.roles, created: false })\n } else {\n user = tem.create(User, {\n email: (encryptedPayload as any).email ?? base.email,\n emailHash: isTenantDataEncryptionEnabled() ? (encryptedPayload as any).emailHash ?? computeEmailHash(base.email) : undefined,\n passwordHash,\n organizationId,\n tenantId,\n name: base.name ?? undefined,\n isConfirmed: confirm,\n createdAt: new Date(),\n })\n tem.persist(user)\n userSnapshots.push({ user, roles: base.roles, created: true })\n }\n await tem.flush()\n for (const roleName of base.roles) {\n const role = await findRoleByNameOrFail(tem, roleName, roleTenantId)\n const existingLink = await tem.findOne(UserRole, { user, role })\n if (!existingLink) tem.persist(tem.create(UserRole, { user, role, createdAt: new Date() }))\n }\n await tem.flush()\n }\n })\n }\n\n if (!tenantId || !organizationId) {\n throw new Error('SETUP_FAILED')\n }\n\n if (!reusedExistingUser) {\n await rebuildHierarchyForTenant(em, tenantId)\n }\n\n const resolvedModules = options.modules ?? tryGetModules()\n await ensureDefaultRoleAcls(em, tenantId, resolvedModules, { includeSuperadminRole })\n await deactivateDemoSuperAdminIfSelfOnboardingEnabled(em)\n\n // Call module onTenantCreated hooks\n for (const mod of resolvedModules) {\n if (mod.setup?.onTenantCreated) {\n await mod.setup.onTenantCreated({ em, tenantId, organizationId })\n }\n }\n\n return {\n tenantId,\n organizationId,\n users: userSnapshots,\n reusedExistingUser,\n }\n}\n\nfunction resolvePrimaryName(input: PrimaryUserInput): string | null {\n if (input.displayName && input.displayName.trim()) return input.displayName.trim()\n const parts = [input.firstName, input.lastName].map((value) => value?.trim()).filter(Boolean)\n if (parts.length) return parts.join(' ')\n return null\n}\n\nasync function resolvePasswordHash(input: PrimaryUserInput): Promise<string | null> {\n if (typeof input.hashedPassword === 'string') return input.hashedPassword\n if (input.password) return hash(input.password, 10)\n return null\n}\n\nasync function ensureDefaultRoleAcls(\n em: EntityManager,\n tenantId: string,\n modules: Module[],\n options: { includeSuperadminRole?: boolean } = {},\n) {\n const includeSuperadminRole = options.includeSuperadminRole ?? true\n const roleTenantId = normalizeTenantId(tenantId) ?? null\n const superadminRole = includeSuperadminRole ? await findRoleByName(em, 'superadmin', roleTenantId) : null\n const adminRole = await findRoleByName(em, 'admin', roleTenantId)\n const employeeRole = await findRoleByName(em, 'employee', roleTenantId)\n\n // Merge features from all enabled modules' setup configs\n const superadminFeatures: string[] = []\n const adminFeatures: string[] = []\n const employeeFeatures: string[] = []\n\n for (const mod of modules) {\n const roleFeatures = mod.setup?.defaultRoleFeatures\n if (!roleFeatures) continue\n if (roleFeatures.superadmin) superadminFeatures.push(...roleFeatures.superadmin)\n if (roleFeatures.admin) adminFeatures.push(...roleFeatures.admin)\n if (roleFeatures.employee) employeeFeatures.push(...roleFeatures.employee)\n }\n\n if (includeSuperadminRole && superadminRole) {\n await ensureRoleAclFor(em, superadminRole, tenantId, superadminFeatures, { isSuperAdmin: true })\n }\n if (adminRole) {\n await ensureRoleAclFor(em, adminRole, tenantId, adminFeatures)\n }\n if (employeeRole) {\n await ensureRoleAclFor(em, employeeRole, tenantId, employeeFeatures)\n }\n}\n\nasync function ensureRoleAclFor(\n em: EntityManager,\n role: Role,\n tenantId: string,\n features: string[],\n options: { isSuperAdmin?: boolean } = {},\n) {\n const existing = await em.findOne(RoleAcl, { role, tenantId })\n if (!existing) {\n const acl = em.create(RoleAcl, {\n role,\n tenantId,\n featuresJson: features,\n isSuperAdmin: !!options.isSuperAdmin,\n createdAt: new Date(),\n })\n await em.persistAndFlush(acl)\n return\n }\n const currentFeatures = Array.isArray(existing.featuresJson) ? existing.featuresJson : []\n const merged = Array.from(new Set([...currentFeatures, ...features]))\n const changed =\n merged.length !== currentFeatures.length ||\n merged.some((value, index) => value !== currentFeatures[index])\n if (changed) existing.featuresJson = merged\n if (options.isSuperAdmin && !existing.isSuperAdmin) {\n existing.isSuperAdmin = true\n }\n if (changed || options.isSuperAdmin) {\n await em.persistAndFlush(existing)\n }\n}\n\nasync function deactivateDemoSuperAdminIfSelfOnboardingEnabled(em: EntityManager) {\n if (process.env.SELF_SERVICE_ONBOARDING_ENABLED !== 'true') return\n try {\n const user = await em.findOne(User, { email: DEMO_SUPERADMIN_EMAIL })\n if (!user) return\n let dirty = false\n if (user.passwordHash) {\n user.passwordHash = null\n dirty = true\n }\n if (user.isConfirmed !== false) {\n user.isConfirmed = false\n dirty = true\n }\n if (dirty) {\n await em.persistAndFlush(user)\n }\n } catch (error) {\n console.error('[auth.setup] failed to deactivate demo superadmin user', error)\n }\n}\n\n/** Try to get modules from runtime registry; returns empty array if not yet registered. */\nfunction tryGetModules(): Module[] {\n try {\n const { getModules } = require('@open-mercato/shared/lib/modules/registry')\n return getModules()\n } catch {\n return []\n }\n}\n"],
5
+ "mappings": "AAAA,SAAS,YAAY;AAErB,SAAS,MAAM,SAAS,MAAM,gBAAgB;AAC9C,SAAS,QAAQ,oBAAoB;AACrC,SAAS,iCAAiC;AAC1C,SAAS,yBAAyB;AAClC,SAAS,wBAAwB;AAEjC,SAAS,0BAA0B,qCAAqC;AACxE,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AACxC,SAAS,wBAAwB;AACjC,SAAS,mCAAmC;AAC5C,SAAS,0BAA0B;AAEnC,MAAM,qBAAqB,CAAC,YAAY,SAAS,YAAY;AAC7D,MAAM,wBAAwB;AAO9B,eAAe,qBACb,IACA,WACA,UACA;AACA,aAAW,QAAQ,WAAW;AAC5B,UAAM,WAAW,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,SAAS,CAAC;AAC1D,QAAI,SAAU;AACd,QAAI,aAAa,MAAM;AACrB,YAAM,aAAa,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAClE,UAAI,YAAY;AACd,mBAAW,WAAW;AACtB,WAAG,QAAQ,UAAU;AACrB;AAAA,MACF;AAAA,IACF;AACA,OAAG,QAAQ,GAAG,OAAO,MAAM,EAAE,MAAM,UAAU,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,EACvE;AACF;AAEA,eAAsB,YAAY,IAAmB,UAA8B,CAAC,GAAG;AACrF,QAAM,YAAY,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AAC7D,QAAM,WAAW,kBAAkB,QAAQ,YAAY,IAAI,KAAK;AAChE,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAM,qBAAqB,KAAK,WAAW,QAAQ;AACnD,UAAM,IAAI,MAAM;AAAA,EAClB,CAAC;AACH;AAEA,eAAe,eACb,IACA,MACA,UACsB;AACtB,QAAM,mBAAmB,kBAAkB,YAAY,IAAI,KAAK;AAChE,MAAI,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,iBAAiB,CAAC;AACtE,MAAI,CAAC,QAAQ,qBAAqB,MAAM;AACtC,WAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,MAAM,UAAU,KAAK,CAAC;AAAA,EACxD;AACA,SAAO;AACT;AAEA,eAAe,qBACb,IACA,MACA,UACe;AACf,QAAM,OAAO,MAAM,eAAe,IAAI,MAAM,QAAQ;AACpD,MAAI,CAAC,KAAM,OAAM,IAAI,MAAM,kBAAkB,IAAI,EAAE;AACnD,SAAO;AACT;AA+BA,eAAsB,mBACpB,IACA,SACmC;AACnC,QAAM;AAAA,IACJ;AAAA,IACA,sBAAsB;AAAA,IACtB,mBAAmB;AAAA,IACnB;AAAA,IACA,wBAAwB;AAAA,EAC1B,IAAI;AACJ,QAAM,oBAAoB,oBAAoB,iBAAiB,SAAS,mBAAmB,CAAC,YAAY;AACxG,QAAM,eAAe,wBACjB,oBACA,kBAAkB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC5D,MAAI,aAAa,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,wBAAwB;AAAA,EAC1C;AACA,QAAM,mBAAmB,QAAQ,aAAa,CAAC,GAAG,kBAAkB;AACpE,QAAM,oBAAoB,wBACtB,mBACA,iBAAiB,OAAO,CAAC,SAAS,SAAS,YAAY;AAC3D,QAAM,YAAY,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,mBAAmB,GAAG,YAAY,CAAC,CAAC;AAE7E,QAAM,YAAY,YAAY;AAC9B,QAAM,eAAe,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,UAAU,CAAC;AAChE,MAAI,gBAAgB,kBAAkB;AACpC,UAAM,IAAI,MAAM,aAAa;AAAA,EAC/B;AAEA,MAAI;AACJ,MAAI;AACJ,MAAI,qBAAqB;AACzB,QAAM,gBAA0E,CAAC;AAEjF,QAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,QAAI,CAAC,aAAc;AACnB,yBAAqB;AACrB,eAAW,aAAa,WAAW,OAAO,aAAa,QAAQ,IAAI;AACnE,qBAAiB,aAAa,iBAAiB,OAAO,aAAa,cAAc,IAAI;AACrF,UAAM,eAAe,kBAAkB,aAAa,YAAY,IAAI,KAAK;AAEzE,UAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,UAAM,IAAI,MAAM;AAEhB,UAAM,kBAAkB,oBAAI,IAAI,CAAC,GAAG,WAAW,GAAG,YAAY,CAAC;AAC/D,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,aAAa;AAAA,MACrB,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,cAAc,gBAAgB,KAAK;AAAA,IACjD;AACA,UAAM,eAAe,IAAI,IAAI,MAAM,IAAI,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC;AAChE,eAAW,YAAY,iBAAiB;AACtC,UAAI,CAAC,aAAa,IAAI,QAAQ,GAAG;AAC/B,cAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,YAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,cAAc,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,MACvF;AAAA,IACF;AACA,UAAM,IAAI,MAAM;AAChB,UAAM,QAAQ,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,cAAc,GAAG,SAAS,CAAC,CAAC;AACjE,kBAAc,KAAK,EAAE,MAAM,cAAc,OAAO,SAAS,MAAM,CAAC;AAAA,EAClE,CAAC;AAED,MAAI,CAAC,cAAc;AACjB,UAAM,YAA6E;AAAA,MACjF,EAAE,OAAO,YAAY,OAAO,OAAO,cAAc,MAAM,mBAAmB,WAAW,EAAE;AAAA,IACzF;AACA,QAAI,qBAAqB;AACvB,YAAM,CAAC,OAAO,MAAM,IAAI,OAAO,YAAY,KAAK,EAAE,MAAM,GAAG;AAC3D,YAAM,qBAAqB,SAAS,IAAI,YAAY,MAAM,gBAAgB,CAAC,CAAC;AAC5E,UAAI,mBAAmB;AACrB,kBAAU,KAAK,EAAE,OAAO,SAAS,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;AAC7D,kBAAU,KAAK,EAAE,OAAO,YAAY,MAAM,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;AAAA,MACrE;AAAA,IACF;AACA,UAAM,eAAe,MAAM,oBAAoB,WAAW;AAE1D,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAM,SAAS,IAAI,OAAO,QAAQ;AAAA,QAChC,MAAM,GAAG,QAAQ,OAAO;AAAA,QACxB,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,MAAM;AAClB,YAAM,IAAI,MAAM;AAEhB,YAAM,eAAe,IAAI,OAAO,cAAc;AAAA,QAC5C,MAAM,QAAQ;AAAA,QACd;AAAA,QACA,UAAU;AAAA,QACV,OAAO;AAAA,QACP,aAAa,CAAC;AAAA,QACd,UAAU,CAAC;AAAA,QACX,eAAe,CAAC;AAAA,QAChB,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AACD,UAAI,QAAQ,YAAY;AACxB,YAAM,IAAI,MAAM;AAEhB,iBAAW,OAAO,OAAO,EAAE;AAC3B,uBAAiB,OAAO,aAAa,EAAE;AACvC,YAAM,eAAe;AAErB,UAAI,8BAA8B,GAAG;AACnC,YAAI;AACF,gBAAM,MAAM,iBAAiB;AAC7B,cAAI,IAAI,UAAU,GAAG;AACnB,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,yDAAkD,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YAChG;AACA,kBAAM,IAAI,gBAAgB,OAAO,OAAO,EAAE,CAAC;AAC3C,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,iEAA0D,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACxG;AAAA,UACF,OAAO;AACL,gBAAI,yBAAyB,GAAG;AAC9B,sBAAQ,KAAK,kFAAwE,EAAE,UAAU,OAAO,OAAO,EAAE,EAAE,CAAC;AAAA,YACtH;AAAA,UACF;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,yBAAyB,GAAG;AAC9B,oBAAQ,KAAK,gEAAsD,GAAG;AAAA,UACxE;AAAA,QACF;AAAA,MACF;AAEA,YAAM,qBAAqB,KAAK,WAAW,YAAY;AACvD,YAAM,IAAI,MAAM;AAEhB,UAAI,8BAA8B,GAAG;AACnC,mBAAW,QAAQ,yBAAyB;AAC1C,gBAAM,WAAW,MAAM,IAAI,QAAQ,eAAe,EAAE,UAAU,KAAK,UAAU,UAAU,OAAO,IAAI,gBAAgB,aAAa,IAAI,WAAW,KAAK,CAAC;AACpJ,cAAI,CAAC,UAAU;AACb,gBAAI,QAAQ,IAAI,OAAO,eAAe;AAAA,cACpC,UAAU,KAAK;AAAA,cACf,UAAU,OAAO;AAAA,cACjB,gBAAgB,aAAa;AAAA,cAC7B,YAAY,KAAK;AAAA,cACjB,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC,CAAC;AAAA,UACJ,OAAO;AACL,qBAAS,aAAa,KAAK;AAC3B,qBAAS,WAAW;AAAA,UACtB;AAAA,QACF;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAED,UAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,UAAI,CAAC,YAAY,CAAC,eAAgB;AAClC,YAAM,eAAe;AACrB,YAAM,oBAAoB,8BAA8B,IACpD,IAAI,4BAA4B,KAAY,EAAE,KAAK,iBAAiB,EAAE,CAAC,IACvE;AACJ,UAAI,mBAAmB;AACrB,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,OAAO,cAAc,CAAC;AAC3F,cAAM,kBAAkB,cAAc,aAAa,OAAO,QAAQ,GAAG,IAAI;AAAA,MAC3E;AAEA,iBAAW,QAAQ,WAAW;AAC5B,YAAI,OAAO,MAAM,IAAI,QAAQ,MAAM,EAAE,OAAO,KAAK,MAAM,CAAC;AACxD,cAAM,UAAU,YAAY,WAAW;AACvC,cAAM,mBAAmB,oBACrB,MAAM,kBAAkB,qBAAqB,aAAa,EAAE,OAAO,KAAK,MAAM,GAAG,UAAU,cAAc,IACzG,EAAE,OAAO,KAAK,OAAO,WAAW,iBAAiB,KAAK,KAAK,EAAE;AACjE,YAAI,MAAM;AACR,eAAK,eAAe;AACpB,eAAK,iBAAiB;AACtB,eAAK,WAAW;AAChB,cAAI,8BAA8B,GAAG;AACnC,iBAAK,QAAQ,iBAAiB;AAC9B,iBAAK,YAAa,iBAAyB,aAAa,iBAAiB,KAAK,KAAK;AAAA,UACrF;AACA,cAAI,KAAK,KAAM,MAAK,OAAO,KAAK;AAChC,cAAI,QAAS,MAAK,cAAc;AAChC,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,MAAM,CAAC;AAAA,QAChE,OAAO;AACL,iBAAO,IAAI,OAAO,MAAM;AAAA,YACtB,OAAQ,iBAAyB,SAAS,KAAK;AAAA,YAC/C,WAAW,8BAA8B,IAAK,iBAAyB,aAAa,iBAAiB,KAAK,KAAK,IAAI;AAAA,YACnH;AAAA,YACA;AAAA,YACA;AAAA,YACA,MAAM,KAAK,QAAQ;AAAA,YACnB,aAAa;AAAA,YACb,WAAW,oBAAI,KAAK;AAAA,UACtB,CAAC;AACD,cAAI,QAAQ,IAAI;AAChB,wBAAc,KAAK,EAAE,MAAM,OAAO,KAAK,OAAO,SAAS,KAAK,CAAC;AAAA,QAC/D;AACA,cAAM,IAAI,MAAM;AAChB,mBAAW,YAAY,KAAK,OAAO;AACjC,gBAAM,OAAO,MAAM,qBAAqB,KAAK,UAAU,YAAY;AACnE,gBAAM,eAAe,MAAM,IAAI,QAAQ,UAAU,EAAE,MAAM,KAAK,CAAC;AAC/D,cAAI,CAAC,aAAc,KAAI,QAAQ,IAAI,OAAO,UAAU,EAAE,MAAM,MAAM,WAAW,oBAAI,KAAK,EAAE,CAAC,CAAC;AAAA,QAC5F;AACA,cAAM,IAAI,MAAM;AAAA,MAClB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,UAAM,IAAI,MAAM,cAAc;AAAA,EAChC;AAEA,MAAI,CAAC,oBAAoB;AACvB,UAAM,0BAA0B,IAAI,QAAQ;AAAA,EAC9C;AAEA,QAAM,kBAAkB,QAAQ,WAAW,cAAc;AACzD,QAAM,sBAAsB,IAAI,UAAU,iBAAiB,EAAE,sBAAsB,CAAC;AACpF,QAAM,gDAAgD,EAAE;AAGxD,aAAW,OAAO,iBAAiB;AACjC,QAAI,IAAI,OAAO,iBAAiB;AAC9B,YAAM,IAAI,MAAM,gBAAgB,EAAE,IAAI,UAAU,eAAe,CAAC;AAAA,IAClE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP;AAAA,EACF;AACF;AAEA,SAAS,mBAAmB,OAAwC;AAClE,MAAI,MAAM,eAAe,MAAM,YAAY,KAAK,EAAG,QAAO,MAAM,YAAY,KAAK;AACjF,QAAM,QAAQ,CAAC,MAAM,WAAW,MAAM,QAAQ,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,CAAC,EAAE,OAAO,OAAO;AAC5F,MAAI,MAAM,OAAQ,QAAO,MAAM,KAAK,GAAG;AACvC,SAAO;AACT;AAEA,eAAe,oBAAoB,OAAiD;AAClF,MAAI,OAAO,MAAM,mBAAmB,SAAU,QAAO,MAAM;AAC3D,MAAI,MAAM,SAAU,QAAO,KAAK,MAAM,UAAU,EAAE;AAClD,SAAO;AACT;AAEA,eAAe,sBACb,IACA,UACA,SACA,UAA+C,CAAC,GAChD;AACA,QAAM,wBAAwB,QAAQ,yBAAyB;AAC/D,QAAM,eAAe,kBAAkB,QAAQ,KAAK;AACpD,QAAM,iBAAiB,wBAAwB,MAAM,eAAe,IAAI,cAAc,YAAY,IAAI;AACtG,QAAM,YAAY,MAAM,eAAe,IAAI,SAAS,YAAY;AAChE,QAAM,eAAe,MAAM,eAAe,IAAI,YAAY,YAAY;AAGtE,QAAM,qBAA+B,CAAC;AACtC,QAAM,gBAA0B,CAAC;AACjC,QAAM,mBAA6B,CAAC;AAEpC,aAAW,OAAO,SAAS;AACzB,UAAM,eAAe,IAAI,OAAO;AAChC,QAAI,CAAC,aAAc;AACnB,QAAI,aAAa,WAAY,oBAAmB,KAAK,GAAG,aAAa,UAAU;AAC/E,QAAI,aAAa,MAAO,eAAc,KAAK,GAAG,aAAa,KAAK;AAChE,QAAI,aAAa,SAAU,kBAAiB,KAAK,GAAG,aAAa,QAAQ;AAAA,EAC3E;AAEA,MAAI,yBAAyB,gBAAgB;AAC3C,UAAM,iBAAiB,IAAI,gBAAgB,UAAU,oBAAoB,EAAE,cAAc,KAAK,CAAC;AAAA,EACjG;AACA,MAAI,WAAW;AACb,UAAM,iBAAiB,IAAI,WAAW,UAAU,aAAa;AAAA,EAC/D;AACA,MAAI,cAAc;AAChB,UAAM,iBAAiB,IAAI,cAAc,UAAU,gBAAgB;AAAA,EACrE;AACF;AAEA,eAAe,iBACb,IACA,MACA,UACA,UACA,UAAsC,CAAC,GACvC;AACA,QAAM,WAAW,MAAM,GAAG,QAAQ,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7D,MAAI,CAAC,UAAU;AACb,UAAM,MAAM,GAAG,OAAO,SAAS;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,cAAc;AAAA,MACd,cAAc,CAAC,CAAC,QAAQ;AAAA,MACxB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAC;AACD,UAAM,GAAG,gBAAgB,GAAG;AAC5B;AAAA,EACF;AACA,QAAM,kBAAkB,MAAM,QAAQ,SAAS,YAAY,IAAI,SAAS,eAAe,CAAC;AACxF,QAAM,SAAS,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,iBAAiB,GAAG,QAAQ,CAAC,CAAC;AACpE,QAAM,UACJ,OAAO,WAAW,gBAAgB,UAClC,OAAO,KAAK,CAAC,OAAO,UAAU,UAAU,gBAAgB,KAAK,CAAC;AAChE,MAAI,QAAS,UAAS,eAAe;AACrC,MAAI,QAAQ,gBAAgB,CAAC,SAAS,cAAc;AAClD,aAAS,eAAe;AAAA,EAC1B;AACA,MAAI,WAAW,QAAQ,cAAc;AACnC,UAAM,GAAG,gBAAgB,QAAQ;AAAA,EACnC;AACF;AAEA,eAAe,gDAAgD,IAAmB;AAChF,MAAI,QAAQ,IAAI,oCAAoC,OAAQ;AAC5D,MAAI;AACF,UAAM,OAAO,MAAM,GAAG,QAAQ,MAAM,EAAE,OAAO,sBAAsB,CAAC;AACpE,QAAI,CAAC,KAAM;AACX,QAAI,QAAQ;AACZ,QAAI,KAAK,cAAc;AACrB,WAAK,eAAe;AACpB,cAAQ;AAAA,IACV;AACA,QAAI,KAAK,gBAAgB,OAAO;AAC9B,WAAK,cAAc;AACnB,cAAQ;AAAA,IACV;AACA,QAAI,OAAO;AACT,YAAM,GAAG,gBAAgB,IAAI;AAAA,IAC/B;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,0DAA0D,KAAK;AAAA,EAC/E;AACF;AAGA,SAAS,gBAA0B;AACjC,MAAI;AACF,UAAM,EAAE,WAAW,IAAI,QAAQ,2CAA2C;AAC1E,WAAO,WAAW;AAAA,EACpB,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;",
6
6
  "names": []
7
7
  }
package/dist/modules/auth/setup.js ADDED
@@ -0,0 +1,11 @@
1
+ const setup = {
2
+ defaultRoleFeatures: {
3
+ admin: ["auth.*"]
4
+ }
5
+ };
6
+ var setup_default = setup;
7
+ export {
8
+ setup_default as default,
9
+ setup
10
+ };
11
+ //# sourceMappingURL=setup.js.map
package/dist/modules/auth/setup.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../../src/modules/auth/setup.ts"],
4
+ "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n defaultRoleFeatures: {\n admin: ['auth.*'],\n },\n}\n\nexport default setup\n"],
5
+ "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,QAAQ;AAAA,EAClB;AACF;AAEA,IAAO,gBAAQ;",
6
+ "names": []
7
+ }
package/dist/modules/business_rules/data/validators.js CHANGED
@@ -191,38 +191,6 @@ const ruleDiscoveryOptionsSchema = z.object({
191
191
  organizationId: z.uuid("organizationId must be a valid UUID"),
192
192
  ruleType: ruleTypeSchema.optional()
193
193
  });
194
- const directRuleExecutionContextSchema = z.object({
195
- ruleId: z.uuid("ruleId must be a valid UUID"),
196
- data: z.any(),
197
- user: z.looseObject({
198
- id: z.string().optional(),
199
- email: z.string().optional(),
200
- role: z.string().optional()
201
- }).optional(),
202
- tenantId: z.uuid("tenantId must be a valid UUID"),
203
- organizationId: z.uuid("organizationId must be a valid UUID"),
204
- executedBy: z.string().optional(),
205
- dryRun: z.boolean().optional(),
206
- entityType: z.string().optional(),
207
- entityId: z.string().optional(),
208
- eventType: z.string().optional()
209
- });
210
- const ruleIdExecutionContextSchema = z.object({
211
- ruleId: z.string().min(1, "ruleId must be a non-empty string").max(50),
212
- data: z.any(),
213
- user: z.looseObject({
214
- id: z.string().optional(),
215
- email: z.string().optional(),
216
- role: z.string().optional()
217
- }).optional(),
218
- tenantId: z.uuid("tenantId must be a valid UUID"),
219
- organizationId: z.uuid("organizationId must be a valid UUID"),
220
- executedBy: z.string().optional(),
221
- dryRun: z.boolean().optional(),
222
- entityType: z.string().optional(),
223
- entityId: z.string().optional(),
224
- eventType: z.string().optional()
225
- });
226
194
  export {
227
195
  actionSchema,
228
196
  actionTriggerSchema,
@@ -236,13 +204,11 @@ export {
236
204
  createRuleSetMemberSchema,
237
205
  createRuleSetSchema,
238
206
  dataTypeSchema,
239
- directRuleExecutionContextSchema,
240
207
  executionResultSchema,
241
208
  logicalOperatorSchema,
242
209
  ruleDiscoveryOptionsSchema,
243
210
  ruleEngineContextSchema,
244
211
  ruleExecutionLogFilterSchema,
245
- ruleIdExecutionContextSchema,
246
212
  ruleSetFilterSchema,
247
213
  ruleSetMemberFilterSchema,
248
214
  ruleTypeSchema,
package/dist/modules/business_rules/data/validators.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../src/modules/business_rules/data/validators.ts"],
4
- "sourcesContent": ["import { z } from 'zod'\nimport {\n validateConditionExpressionForApi,\n validateActionsForApi,\n isSafeExpression,\n} from '../lib/payload-validation'\n\n/**\n * Business Rules Module - Zod Validators\n */\n\nconst uuid = z.uuid()\n\n// Rule Types\nexport const ruleTypeSchema = z.enum(['GUARD', 'VALIDATION', 'CALCULATION', 'ACTION', 'ASSIGNMENT'])\nexport type RuleType = z.infer<typeof ruleTypeSchema>\n\n// Condition Types\nexport const conditionTypeSchema = z.enum(['EXPRESSION', 'GROUP'])\nexport type ConditionType = z.infer<typeof conditionTypeSchema>\n\n// Logical Operators\nexport const logicalOperatorSchema = z.enum(['AND', 'OR', 'NOT'])\nexport type LogicalOperator = z.infer<typeof logicalOperatorSchema>\n\n// Comparison Operators\nexport const comparisonOperatorSchema = z.enum([\n '=',\n '==',\n '!=',\n '>',\n '>=',\n '<',\n '<=',\n 'IN',\n 'NOT_IN',\n 'CONTAINS',\n 'NOT_CONTAINS',\n 'STARTS_WITH',\n 'ENDS_WITH',\n 'MATCHES',\n 'IS_EMPTY',\n 'IS_NOT_EMPTY',\n])\nexport type ComparisonOperator = z.infer<typeof comparisonOperatorSchema>\n\n// Data Types\nexport const dataTypeSchema = z.enum(['STRING', 'NUMBER', 'BOOLEAN', 'DATE', 'ARRAY', 'OBJECT'])\nexport type DataType = z.infer<typeof dataTypeSchema>\n\n// Action Trigger\nexport const actionTriggerSchema = z.enum(['ON_SUCCESS', 'ON_FAILURE', 'ALWAYS'])\nexport type ActionTrigger = z.infer<typeof actionTriggerSchema>\n\n// Execution Result\nexport const executionResultSchema = z.enum(['SUCCESS', 'FAILURE', 'ERROR'])\nexport type ExecutionResult = z.infer<typeof executionResultSchema>\n\n// Condition Expression Schema with Validation\n// Uses runtime validation to check structure, nesting, and field paths\nexport const conditionExpressionSchema = z.any()\n .superRefine((val, ctx) => {\n // Null/undefined is allowed (optional field)\n if (val === null || val === undefined) return\n\n // Check for dangerous patterns first (DoS prevention)\n if (!isSafeExpression(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Condition expression exceeds safety limits (max depth: 10, max rules per group: 50, max field path length: 200)'\n })\n return\n }\n\n // Validate structure and content\n const result = validateConditionExpressionForApi(val)\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid condition expression'\n })\n }\n })\n\n// Action Schema with Validation\n// Validates action type and required config fields\nexport const actionSchema = z.object({\n type: z.string().min(1),\n config: z.record(z.string(), z.any()).optional(),\n})\n\nexport const actionsArraySchema = z.array(actionSchema).optional().nullable()\n .superRefine((val, ctx) => {\n // Null/undefined/empty is allowed (optional field)\n if (!val || (Array.isArray(val) && val.length === 0)) return\n\n const result = validateActionsForApi(val, 'actions')\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid actions'\n })\n }\n })\n\n// Date preprocessing helper\nconst dateOrNull = z.preprocess((value) => {\n if (value === undefined || value === null || value === '') return null\n const date = value instanceof Date ? value : new Date(String(value))\n return Number.isNaN(date.getTime()) ? null : date\n}, z.date().nullable())\n\n// BusinessRule Create Schema\nexport const createBusinessRuleSchema = z.object({\n ruleId: z.string().min(1).max(50),\n ruleName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n ruleType: ruleTypeSchema,\n ruleCategory: z.string().max(50).optional().nullable(),\n entityType: z.string().min(1).max(50),\n eventType: z.string().max(50).optional().nullable(),\n conditionExpression: conditionExpressionSchema,\n successActions: actionsArraySchema,\n failureActions: actionsArraySchema,\n enabled: z.boolean().optional().default(true),\n priority: z.number().int().min(0).max(9999).optional().default(100),\n version: z.number().int().min(1).optional().default(1),\n effectiveFrom: dateOrNull.optional(),\n effectiveTo: dateOrNull.optional(),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateBusinessRuleInput = z.infer<typeof createBusinessRuleSchema>\n\n// BusinessRule Update Schema\nexport const updateBusinessRuleSchema = createBusinessRuleSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateBusinessRuleInput = z.infer<typeof updateBusinessRuleSchema>\n\n// Query/Filter Schema\nexport const businessRuleFilterSchema = z.object({\n ruleId: z.string().optional(),\n ruleName: z.string().optional(),\n ruleType: ruleTypeSchema.optional(),\n ruleCategory: z.string().optional(),\n entityType: z.string().optional(),\n eventType: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type BusinessRuleFilter = z.infer<typeof businessRuleFilterSchema>\n\n// RuleExecutionLog Create Schema\nexport const createRuleExecutionLogSchema = z.object({\n ruleId: uuid,\n entityId: uuid,\n entityType: z.string().min(1).max(50),\n executionResult: executionResultSchema,\n inputContext: z.any().optional().nullable(),\n outputContext: z.any().optional().nullable(),\n errorMessage: z.string().optional().nullable(),\n executionTimeMs: z.number().int().min(0),\n executedAt: z.date().optional(),\n tenantId: uuid,\n organizationId: uuid.optional().nullable(),\n executedBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleExecutionLogInput = z.infer<typeof createRuleExecutionLogSchema>\n\n// RuleExecutionLog Query/Filter Schema\nexport const ruleExecutionLogFilterSchema = z.object({\n ruleId: uuid.optional(),\n entityId: uuid.optional(),\n entityType: z.string().optional(),\n executionResult: executionResultSchema.optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n executedBy: z.string().optional(),\n executedAtFrom: z.date().optional(),\n executedAtTo: z.date().optional(),\n})\n\nexport type RuleExecutionLogFilter = z.infer<typeof ruleExecutionLogFilterSchema>\n\n// RuleSet Create Schema\nexport const createRuleSetSchema = z.object({\n setId: z.string().min(1).max(50),\n setName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleSetInput = z.infer<typeof createRuleSetSchema>\n\n// RuleSet Update Schema\nexport const updateRuleSetSchema = createRuleSetSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateRuleSetInput = z.infer<typeof updateRuleSetSchema>\n\n// RuleSet Query/Filter Schema\nexport const ruleSetFilterSchema = z.object({\n setId: z.string().optional(),\n setName: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetFilter = z.infer<typeof ruleSetFilterSchema>\n\n// RuleSetMember Create Schema\nexport const createRuleSetMemberSchema = z.object({\n ruleSetId: uuid,\n ruleId: uuid,\n sequence: z.number().int().min(0).optional().default(0),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n})\n\nexport type CreateRuleSetMemberInput = z.infer<typeof createRuleSetMemberSchema>\n\n// RuleSetMember Update Schema\nexport const updateRuleSetMemberSchema = z.object({\n id: uuid,\n sequence: z.number().int().min(0).optional(),\n enabled: z.boolean().optional(),\n})\n\nexport type UpdateRuleSetMemberInput = z.infer<typeof updateRuleSetMemberSchema>\n\n// RuleSetMember Query/Filter Schema\nexport const ruleSetMemberFilterSchema = z.object({\n ruleSetId: uuid.optional(),\n ruleId: uuid.optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetMemberFilter = z.infer<typeof ruleSetMemberFilterSchema>\n\n// Rule Engine Context Schema\nexport const ruleEngineContextSchema = z.looseObject({\n entityType: z.string().min(1, 'entityType is required'),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenant: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n organization: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n})\n\nexport type RuleEngineContextInput = z.infer<typeof ruleEngineContextSchema>\n\n// Rule Discovery Options Schema\nexport const ruleDiscoveryOptionsSchema = z.object({\n entityType: z.string().min(1, 'entityType is required'),\n eventType: z.string().optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n ruleType: ruleTypeSchema.optional(),\n})\n\nexport type RuleDiscoveryOptionsInput = z.infer<typeof ruleDiscoveryOptionsSchema>\n\n// Direct Rule Execution Context Schema (for executing a specific rule by ID)\nexport const directRuleExecutionContextSchema = z.object({\n ruleId: z.uuid('ruleId must be a valid UUID'),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n entityType: z.string().optional(),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n})\n\nexport type DirectRuleExecutionContextInput = z.infer<typeof directRuleExecutionContextSchema>\n\n// Rule ID Execution Context Schema (for executing a specific rule by its string rule_id identifier)\nexport const ruleIdExecutionContextSchema = z.object({\n ruleId: z.string().min(1, 'ruleId must be a non-empty string').max(50),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n entityType: z.string().optional(),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n})\n\nexport type RuleIdExecutionContextInput = z.infer<typeof ruleIdExecutionContextSchema>\n"],
5
- "mappings": "AAAA,SAAS,SAAS;AAClB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAMP,MAAM,OAAO,EAAE,KAAK;AAGb,MAAM,iBAAiB,EAAE,KAAK,CAAC,SAAS,cAAc,eAAe,UAAU,YAAY,CAAC;AAI5F,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,OAAO,CAAC;AAI1D,MAAM,wBAAwB,EAAE,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC;AAIzD,MAAM,2BAA2B,EAAE,KAAK;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,MAAM,iBAAiB,EAAE,KAAK,CAAC,UAAU,UAAU,WAAW,QAAQ,SAAS,QAAQ,CAAC;AAIxF,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,cAAc,QAAQ,CAAC;AAIzE,MAAM,wBAAwB,EAAE,KAAK,CAAC,WAAW,WAAW,OAAO,CAAC;AAKpE,MAAM,4BAA4B,EAAE,IAAI,EAC5C,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,QAAQ,QAAQ,QAAQ,OAAW;AAGvC,MAAI,CAAC,iBAAiB,GAAG,GAAG;AAC1B,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS;AAAA,IACX,CAAC;AACD;AAAA,EACF;AAGA,QAAM,SAAS,kCAAkC,GAAG;AACpD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAII,MAAM,eAAe,EAAE,OAAO;AAAA,EACnC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AACjD,CAAC;AAEM,MAAM,qBAAqB,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,SAAS,EACzE,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,CAAC,OAAQ,MAAM,QAAQ,GAAG,KAAK,IAAI,WAAW,EAAI;AAEtD,QAAM,SAAS,sBAAsB,KAAK,SAAS;AACnD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAGH,MAAM,aAAa,EAAE,WAAW,CAAC,UAAU;AACzC,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,QAAM,OAAO,iBAAiB,OAAO,QAAQ,IAAI,KAAK,OAAO,KAAK,CAAC;AACnE,SAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,IAAI,OAAO;AAC/C,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC;AAGf,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACnC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,UAAU;AAAA,EACV,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD,qBAAqB;AAAA,EACrB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAG;AAAA,EAClE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACrD,eAAe,WAAW,SAAS;AAAA,EACnC,aAAa,WAAW,SAAS;AAAA,EACjC,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,2BAA2B,yBAAyB,QAAQ,EAAE,OAAO;AAAA,EAChF,IAAI;AACN,CAAC;AAKM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,UAAU,eAAe,SAAS;AAAA,EAClC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,iBAAiB;AAAA,EACjB,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC;AAAA,EACvC,YAAY,EAAE,KAAK,EAAE,SAAS;AAAA,EAC9B,UAAU;AAAA,EACV,gBAAgB,KAAK,SAAS,EAAE,SAAS;AAAA,EACzC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACrD,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,KAAK,SAAS;AAAA,EACtB,UAAU,KAAK,SAAS;AAAA,EACxB,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAAA,EAC9B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,gBAAgB,EAAE,KAAK,EAAE,SAAS;AAAA,EAClC,cAAc,EAAE,KAAK,EAAE,SAAS;AAClC,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAC/B,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAClC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,sBAAsB,oBAAoB,QAAQ,EAAE,OAAO;AAAA,EACtE,IAAI;AACN,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAClB,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,IAAI;AAAA,EACJ,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW,KAAK,SAAS;AAAA,EACzB,QAAQ,KAAK,SAAS;AAAA,EACtB,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,0BAA0B,EAAE,YAAY;AAAA,EACnD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ,EAAE,YAAY;AAAA,IACpB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,cAAc,EAAE,YAAY;AAAA,IAC1B,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAC/B,CAAC;AAKM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,UAAU,eAAe,SAAS;AACpC,CAAC;AAKM,MAAM,mCAAmC,EAAE,OAAO;AAAA,EACvD,QAAQ,EAAE,KAAK,6BAA6B;AAAA,EAC5C,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,EAAE,OAAO,EAAE,IAAI,GAAG,mCAAmC,EAAE,IAAI,EAAE;AAAA,EACrE,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;",
4
+ "sourcesContent": ["import { z } from 'zod'\nimport {\n validateConditionExpressionForApi,\n validateActionsForApi,\n isSafeExpression,\n} from '../lib/payload-validation'\n\n/**\n * Business Rules Module - Zod Validators\n */\n\nconst uuid = z.uuid()\n\n// Rule Types\nexport const ruleTypeSchema = z.enum(['GUARD', 'VALIDATION', 'CALCULATION', 'ACTION', 'ASSIGNMENT'])\nexport type RuleType = z.infer<typeof ruleTypeSchema>\n\n// Condition Types\nexport const conditionTypeSchema = z.enum(['EXPRESSION', 'GROUP'])\nexport type ConditionType = z.infer<typeof conditionTypeSchema>\n\n// Logical Operators\nexport const logicalOperatorSchema = z.enum(['AND', 'OR', 'NOT'])\nexport type LogicalOperator = z.infer<typeof logicalOperatorSchema>\n\n// Comparison Operators\nexport const comparisonOperatorSchema = z.enum([\n '=',\n '==',\n '!=',\n '>',\n '>=',\n '<',\n '<=',\n 'IN',\n 'NOT_IN',\n 'CONTAINS',\n 'NOT_CONTAINS',\n 'STARTS_WITH',\n 'ENDS_WITH',\n 'MATCHES',\n 'IS_EMPTY',\n 'IS_NOT_EMPTY',\n])\nexport type ComparisonOperator = z.infer<typeof comparisonOperatorSchema>\n\n// Data Types\nexport const dataTypeSchema = z.enum(['STRING', 'NUMBER', 'BOOLEAN', 'DATE', 'ARRAY', 'OBJECT'])\nexport type DataType = z.infer<typeof dataTypeSchema>\n\n// Action Trigger\nexport const actionTriggerSchema = z.enum(['ON_SUCCESS', 'ON_FAILURE', 'ALWAYS'])\nexport type ActionTrigger = z.infer<typeof actionTriggerSchema>\n\n// Execution Result\nexport const executionResultSchema = z.enum(['SUCCESS', 'FAILURE', 'ERROR'])\nexport type ExecutionResult = z.infer<typeof executionResultSchema>\n\n// Condition Expression Schema with Validation\n// Uses runtime validation to check structure, nesting, and field paths\nexport const conditionExpressionSchema = z.any()\n .superRefine((val, ctx) => {\n // Null/undefined is allowed (optional field)\n if (val === null || val === undefined) return\n\n // Check for dangerous patterns first (DoS prevention)\n if (!isSafeExpression(val)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Condition expression exceeds safety limits (max depth: 10, max rules per group: 50, max field path length: 200)'\n })\n return\n }\n\n // Validate structure and content\n const result = validateConditionExpressionForApi(val)\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid condition expression'\n })\n }\n })\n\n// Action Schema with Validation\n// Validates action type and required config fields\nexport const actionSchema = z.object({\n type: z.string().min(1),\n config: z.record(z.string(), z.any()).optional(),\n})\n\nexport const actionsArraySchema = z.array(actionSchema).optional().nullable()\n .superRefine((val, ctx) => {\n // Null/undefined/empty is allowed (optional field)\n if (!val || (Array.isArray(val) && val.length === 0)) return\n\n const result = validateActionsForApi(val, 'actions')\n if (!result.valid) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: result.error || 'Invalid actions'\n })\n }\n })\n\n// Date preprocessing helper\nconst dateOrNull = z.preprocess((value) => {\n if (value === undefined || value === null || value === '') return null\n const date = value instanceof Date ? value : new Date(String(value))\n return Number.isNaN(date.getTime()) ? null : date\n}, z.date().nullable())\n\n// BusinessRule Create Schema\nexport const createBusinessRuleSchema = z.object({\n ruleId: z.string().min(1).max(50),\n ruleName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n ruleType: ruleTypeSchema,\n ruleCategory: z.string().max(50).optional().nullable(),\n entityType: z.string().min(1).max(50),\n eventType: z.string().max(50).optional().nullable(),\n conditionExpression: conditionExpressionSchema,\n successActions: actionsArraySchema,\n failureActions: actionsArraySchema,\n enabled: z.boolean().optional().default(true),\n priority: z.number().int().min(0).max(9999).optional().default(100),\n version: z.number().int().min(1).optional().default(1),\n effectiveFrom: dateOrNull.optional(),\n effectiveTo: dateOrNull.optional(),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateBusinessRuleInput = z.infer<typeof createBusinessRuleSchema>\n\n// BusinessRule Update Schema\nexport const updateBusinessRuleSchema = createBusinessRuleSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateBusinessRuleInput = z.infer<typeof updateBusinessRuleSchema>\n\n// Query/Filter Schema\nexport const businessRuleFilterSchema = z.object({\n ruleId: z.string().optional(),\n ruleName: z.string().optional(),\n ruleType: ruleTypeSchema.optional(),\n ruleCategory: z.string().optional(),\n entityType: z.string().optional(),\n eventType: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type BusinessRuleFilter = z.infer<typeof businessRuleFilterSchema>\n\n// RuleExecutionLog Create Schema\nexport const createRuleExecutionLogSchema = z.object({\n ruleId: uuid,\n entityId: uuid,\n entityType: z.string().min(1).max(50),\n executionResult: executionResultSchema,\n inputContext: z.any().optional().nullable(),\n outputContext: z.any().optional().nullable(),\n errorMessage: z.string().optional().nullable(),\n executionTimeMs: z.number().int().min(0),\n executedAt: z.date().optional(),\n tenantId: uuid,\n organizationId: uuid.optional().nullable(),\n executedBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleExecutionLogInput = z.infer<typeof createRuleExecutionLogSchema>\n\n// RuleExecutionLog Query/Filter Schema\nexport const ruleExecutionLogFilterSchema = z.object({\n ruleId: uuid.optional(),\n entityId: uuid.optional(),\n entityType: z.string().optional(),\n executionResult: executionResultSchema.optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n executedBy: z.string().optional(),\n executedAtFrom: z.date().optional(),\n executedAtTo: z.date().optional(),\n})\n\nexport type RuleExecutionLogFilter = z.infer<typeof ruleExecutionLogFilterSchema>\n\n// RuleSet Create Schema\nexport const createRuleSetSchema = z.object({\n setId: z.string().min(1).max(50),\n setName: z.string().min(1).max(200),\n description: z.string().max(5000).optional().nullable(),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n createdBy: z.string().max(50).optional().nullable(),\n})\n\nexport type CreateRuleSetInput = z.infer<typeof createRuleSetSchema>\n\n// RuleSet Update Schema\nexport const updateRuleSetSchema = createRuleSetSchema.partial().extend({\n id: uuid,\n})\n\nexport type UpdateRuleSetInput = z.infer<typeof updateRuleSetSchema>\n\n// RuleSet Query/Filter Schema\nexport const ruleSetFilterSchema = z.object({\n setId: z.string().optional(),\n setName: z.string().optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetFilter = z.infer<typeof ruleSetFilterSchema>\n\n// RuleSetMember Create Schema\nexport const createRuleSetMemberSchema = z.object({\n ruleSetId: uuid,\n ruleId: uuid,\n sequence: z.number().int().min(0).optional().default(0),\n enabled: z.boolean().optional().default(true),\n tenantId: uuid,\n organizationId: uuid,\n})\n\nexport type CreateRuleSetMemberInput = z.infer<typeof createRuleSetMemberSchema>\n\n// RuleSetMember Update Schema\nexport const updateRuleSetMemberSchema = z.object({\n id: uuid,\n sequence: z.number().int().min(0).optional(),\n enabled: z.boolean().optional(),\n})\n\nexport type UpdateRuleSetMemberInput = z.infer<typeof updateRuleSetMemberSchema>\n\n// RuleSetMember Query/Filter Schema\nexport const ruleSetMemberFilterSchema = z.object({\n ruleSetId: uuid.optional(),\n ruleId: uuid.optional(),\n enabled: z.boolean().optional(),\n tenantId: uuid.optional(),\n organizationId: uuid.optional(),\n})\n\nexport type RuleSetMemberFilter = z.infer<typeof ruleSetMemberFilterSchema>\n\n// Rule Engine Context Schema\nexport const ruleEngineContextSchema = z.looseObject({\n entityType: z.string().min(1, 'entityType is required'),\n entityId: z.string().optional(),\n eventType: z.string().optional(),\n data: z.any(),\n user: z.looseObject({\n id: z.string().optional(),\n email: z.string().optional(),\n role: z.string().optional(),\n }).optional(),\n tenant: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n organization: z.looseObject({\n id: z.string().optional(),\n }).optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n executedBy: z.string().optional(),\n dryRun: z.boolean().optional(),\n})\n\nexport type RuleEngineContextInput = z.infer<typeof ruleEngineContextSchema>\n\n// Rule Discovery Options Schema\nexport const ruleDiscoveryOptionsSchema = z.object({\n entityType: z.string().min(1, 'entityType is required'),\n eventType: z.string().optional(),\n tenantId: z.uuid('tenantId must be a valid UUID'),\n organizationId: z.uuid('organizationId must be a valid UUID'),\n ruleType: ruleTypeSchema.optional(),\n})\n\nexport type RuleDiscoveryOptionsInput = z.infer<typeof ruleDiscoveryOptionsSchema>\n"],
5
+ "mappings": "AAAA,SAAS,SAAS;AAClB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAMP,MAAM,OAAO,EAAE,KAAK;AAGb,MAAM,iBAAiB,EAAE,KAAK,CAAC,SAAS,cAAc,eAAe,UAAU,YAAY,CAAC;AAI5F,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,OAAO,CAAC;AAI1D,MAAM,wBAAwB,EAAE,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC;AAIzD,MAAM,2BAA2B,EAAE,KAAK;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAIM,MAAM,iBAAiB,EAAE,KAAK,CAAC,UAAU,UAAU,WAAW,QAAQ,SAAS,QAAQ,CAAC;AAIxF,MAAM,sBAAsB,EAAE,KAAK,CAAC,cAAc,cAAc,QAAQ,CAAC;AAIzE,MAAM,wBAAwB,EAAE,KAAK,CAAC,WAAW,WAAW,OAAO,CAAC;AAKpE,MAAM,4BAA4B,EAAE,IAAI,EAC5C,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,QAAQ,QAAQ,QAAQ,OAAW;AAGvC,MAAI,CAAC,iBAAiB,GAAG,GAAG;AAC1B,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS;AAAA,IACX,CAAC;AACD;AAAA,EACF;AAGA,QAAM,SAAS,kCAAkC,GAAG;AACpD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAII,MAAM,eAAe,EAAE,OAAO;AAAA,EACnC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACtB,QAAQ,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,IAAI,CAAC,EAAE,SAAS;AACjD,CAAC;AAEM,MAAM,qBAAqB,EAAE,MAAM,YAAY,EAAE,SAAS,EAAE,SAAS,EACzE,YAAY,CAAC,KAAK,QAAQ;AAEzB,MAAI,CAAC,OAAQ,MAAM,QAAQ,GAAG,KAAK,IAAI,WAAW,EAAI;AAEtD,QAAM,SAAS,sBAAsB,KAAK,SAAS;AACnD,MAAI,CAAC,OAAO,OAAO;AACjB,QAAI,SAAS;AAAA,MACX,MAAM,EAAE,aAAa;AAAA,MACrB,SAAS,OAAO,SAAS;AAAA,IAC3B,CAAC;AAAA,EACH;AACF,CAAC;AAGH,MAAM,aAAa,EAAE,WAAW,CAAC,UAAU;AACzC,MAAI,UAAU,UAAa,UAAU,QAAQ,UAAU,GAAI,QAAO;AAClE,QAAM,OAAO,iBAAiB,OAAO,QAAQ,IAAI,KAAK,OAAO,KAAK,CAAC;AACnE,SAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,IAAI,OAAO;AAC/C,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC;AAGf,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAChC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACnC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,UAAU;AAAA,EACV,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EACrD,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAClD,qBAAqB;AAAA,EACrB,gBAAgB;AAAA,EAChB,gBAAgB;AAAA,EAChB,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,QAAQ,GAAG;AAAA,EAClE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACrD,eAAe,WAAW,SAAS;AAAA,EACnC,aAAa,WAAW,SAAS;AAAA,EACjC,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,2BAA2B,yBAAyB,QAAQ,EAAE,OAAO;AAAA,EAChF,IAAI;AACN,CAAC;AAKM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,UAAU,eAAe,SAAS;AAAA,EAClC,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACpC,iBAAiB;AAAA,EACjB,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC;AAAA,EACvC,YAAY,EAAE,KAAK,EAAE,SAAS;AAAA,EAC9B,UAAU;AAAA,EACV,gBAAgB,KAAK,SAAS,EAAE,SAAS;AAAA,EACzC,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACrD,CAAC;AAKM,MAAM,+BAA+B,EAAE,OAAO;AAAA,EACnD,QAAQ,KAAK,SAAS;AAAA,EACtB,UAAU,KAAK,SAAS;AAAA,EACxB,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAAA,EAC9B,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,gBAAgB,EAAE,KAAK,EAAE,SAAS;AAAA,EAClC,cAAc,EAAE,KAAK,EAAE,SAAS;AAClC,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EAC/B,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EAClC,aAAa,EAAE,OAAO,EAAE,IAAI,GAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AACpD,CAAC;AAKM,MAAM,sBAAsB,oBAAoB,QAAQ,EAAE,OAAO;AAAA,EACtE,IAAI;AACN,CAAC;AAKM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW;AAAA,EACX,QAAQ;AAAA,EACR,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC;AAAA,EACtD,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,UAAU;AAAA,EACV,gBAAgB;AAClB,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,IAAI;AAAA,EACJ,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAKM,MAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW,KAAK,SAAS;AAAA,EACzB,QAAQ,KAAK,SAAS;AAAA,EACtB,SAAS,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC9B,UAAU,KAAK,SAAS;AAAA,EACxB,gBAAgB,KAAK,SAAS;AAChC,CAAC;AAKM,MAAM,0BAA0B,EAAE,YAAY;AAAA,EACnD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,MAAM,EAAE,IAAI;AAAA,EACZ,MAAM,EAAE,YAAY;AAAA,IAClB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,IACxB,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,CAAC,EAAE,SAAS;AAAA,EACZ,QAAQ,EAAE,YAAY;AAAA,IACpB,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,cAAc,EAAE,YAAY;AAAA,IAC1B,IAAI,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,CAAC,EAAE,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAC/B,CAAC;AAKM,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,YAAY,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACtD,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,EAAE,KAAK,+BAA+B;AAAA,EAChD,gBAAgB,EAAE,KAAK,qCAAqC;AAAA,EAC5D,UAAU,eAAe,SAAS;AACpC,CAAC;",
6
6
  "names": []
7
7
  }
package/dist/modules/business_rules/index.js CHANGED
@@ -6,27 +6,7 @@ const metadata = {
6
6
  author: "Patryk Lewczuk",
7
7
  license: "Proprietary"
8
8
  };
9
- import {
10
- executeRules,
11
- executeRuleById,
12
- executeRuleByRuleId,
13
- executeSingleRule,
14
- findApplicableRules,
15
- logRuleExecution
16
- } from "./lib/rule-engine.js";
17
- import {
18
- directRuleExecutionContextSchema,
19
- ruleIdExecutionContextSchema
20
- } from "./data/validators.js";
21
9
  export {
22
- directRuleExecutionContextSchema,
23
- executeRuleById,
24
- executeRuleByRuleId,
25
- executeRules,
26
- executeSingleRule,
27
- findApplicableRules,
28
- logRuleExecution,
29
- metadata,
30
- ruleIdExecutionContextSchema
10
+ metadata
31
11
  };
32
12
  //# sourceMappingURL=index.js.map
package/dist/modules/business_rules/index.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../src/modules/business_rules/index.ts"],
4
- "sourcesContent": ["import type { ModuleInfo } from '@open-mercato/shared/modules/registry'\n\nexport const metadata: ModuleInfo = {\n name: 'business_rules',\n title: 'Business Rules',\n version: '0.1.0',\n description: 'Business Rules Engine for defining, managing, and executing business logic and automation rules.',\n author: 'Patryk Lewczuk',\n license: 'Proprietary',\n}\n\n// Export rule engine types and functions for programmatic usage\nexport {\n executeRules,\n executeRuleById,\n executeRuleByRuleId,\n executeSingleRule,\n findApplicableRules,\n logRuleExecution,\n type RuleEngineContext,\n type RuleEngineResult,\n type RuleExecutionResult,\n type RuleDiscoveryOptions,\n type DirectRuleExecutionContext,\n type DirectRuleExecutionResult,\n type RuleIdExecutionContext,\n} from './lib/rule-engine'\n\n// Export validator schemas\nexport {\n directRuleExecutionContextSchema,\n ruleIdExecutionContextSchema,\n type DirectRuleExecutionContextInput,\n type RuleIdExecutionContextInput,\n} from './data/validators'\n"],
5
- "mappings": "AAEO,MAAM,WAAuB;AAAA,EAClC,MAAM;AAAA,EACN,OAAO;AAAA,EACP,SAAS;AAAA,EACT,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AACX;AAGA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAQK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,OAGK;",
4
+ "sourcesContent": ["import type { ModuleInfo } from '@open-mercato/shared/modules/registry'\n\nexport const metadata: ModuleInfo = {\n name: 'business_rules',\n title: 'Business Rules',\n version: '0.1.0',\n description: 'Business Rules Engine for defining, managing, and executing business logic and automation rules.',\n author: 'Patryk Lewczuk',\n license: 'Proprietary',\n}\n"],
5
+ "mappings": "AAEO,MAAM,WAAuB;AAAA,EAClC,MAAM;AAAA,EACN,OAAO;AAAA,EACP,SAAS;AAAA,EACT,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AACX;",
6
6
  "names": []
7
7
  }
package/dist/modules/business_rules/lib/rule-engine.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { BusinessRule, RuleExecutionLog } from "../data/entities.js";
2
2
  import * as ruleEvaluator from "./rule-evaluator.js";
3
3
  import * as actionExecutor from "./action-executor.js";
4
- import { ruleEngineContextSchema, ruleDiscoveryOptionsSchema, directRuleExecutionContextSchema, ruleIdExecutionContextSchema } from "../data/validators.js";
4
+ import { ruleEngineContextSchema, ruleDiscoveryOptionsSchema } from "../data/validators.js";
5
5
  const DEFAULT_ENTITY_ID = "unknown";
6
6
  const RULE_TYPE_GUARD = "GUARD";
7
7
  const EXECUTION_RESULT_ERROR = "ERROR";
@@ -240,185 +240,6 @@ async function findApplicableRules(em, options) {
240
240
  return true;
241
241
  });
242
242
  }
243
- async function executeRuleById(em, context) {
244
- const startTime = Date.now();
245
- const validation = directRuleExecutionContextSchema.safeParse(context);
246
- if (!validation.success) {
247
- const validationErrors = validation.error.issues.map((e) => `${e.path.join(".")}: ${e.message}`);
248
- return {
249
- success: false,
250
- ruleId: context.ruleId,
251
- ruleName: "Unknown",
252
- conditionResult: false,
253
- actionsExecuted: null,
254
- executionTime: Date.now() - startTime,
255
- error: `Validation failed: ${validationErrors.join(", ")}`
256
- };
257
- }
258
- const rule = await em.findOne(BusinessRule, {
259
- id: context.ruleId,
260
- tenantId: context.tenantId,
261
- organizationId: context.organizationId,
262
- deletedAt: null
263
- });
264
- if (!rule) {
265
- return {
266
- success: false,
267
- ruleId: context.ruleId,
268
- ruleName: "Unknown",
269
- conditionResult: false,
270
- actionsExecuted: null,
271
- executionTime: Date.now() - startTime,
272
- error: "Rule not found"
273
- };
274
- }
275
- if (!rule.enabled) {
276
- return {
277
- success: false,
278
- ruleId: rule.ruleId,
279
- ruleName: rule.ruleName,
280
- conditionResult: false,
281
- actionsExecuted: null,
282
- executionTime: Date.now() - startTime,
283
- error: "Rule is disabled"
284
- };
285
- }
286
- const now = /* @__PURE__ */ new Date();
287
- if (rule.effectiveFrom && rule.effectiveFrom > now) {
288
- return {
289
- success: false,
290
- ruleId: rule.ruleId,
291
- ruleName: rule.ruleName,
292
- conditionResult: false,
293
- actionsExecuted: null,
294
- executionTime: Date.now() - startTime,
295
- error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`
296
- };
297
- }
298
- if (rule.effectiveTo && rule.effectiveTo < now) {
299
- return {
300
- success: false,
301
- ruleId: rule.ruleId,
302
- ruleName: rule.ruleName,
303
- conditionResult: false,
304
- actionsExecuted: null,
305
- executionTime: Date.now() - startTime,
306
- error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`
307
- };
308
- }
309
- const engineContext = {
310
- entityType: context.entityType || rule.entityType,
311
- entityId: context.entityId,
312
- eventType: context.eventType || rule.eventType || void 0,
313
- data: context.data,
314
- user: context.user,
315
- tenantId: context.tenantId,
316
- organizationId: context.organizationId,
317
- executedBy: context.executedBy,
318
- dryRun: context.dryRun
319
- };
320
- const result = await executeSingleRule(em, rule, engineContext);
321
- return {
322
- success: !result.error,
323
- ruleId: rule.ruleId,
324
- ruleName: rule.ruleName,
325
- conditionResult: result.conditionResult,
326
- actionsExecuted: result.actionsExecuted,
327
- executionTime: result.executionTime,
328
- error: result.error,
329
- logId: result.logId
330
- };
331
- }
332
- async function executeRuleByRuleId(em, context) {
333
- const startTime = Date.now();
334
- const validation = ruleIdExecutionContextSchema.safeParse(context);
335
- if (!validation.success) {
336
- const validationErrors = validation.error.issues.map((e) => `${e.path.join(".")}: ${e.message}`);
337
- return {
338
- success: false,
339
- ruleId: context.ruleId || "unknown",
340
- ruleName: "Unknown",
341
- conditionResult: false,
342
- actionsExecuted: null,
343
- executionTime: Date.now() - startTime,
344
- error: `Validation failed: ${validationErrors.join(", ")}`
345
- };
346
- }
347
- const rule = await em.findOne(BusinessRule, {
348
- ruleId: context.ruleId,
349
- // String identifier column
350
- tenantId: context.tenantId,
351
- organizationId: context.organizationId,
352
- deletedAt: null
353
- });
354
- if (!rule) {
355
- return {
356
- success: false,
357
- ruleId: context.ruleId,
358
- ruleName: "Unknown",
359
- conditionResult: false,
360
- actionsExecuted: null,
361
- executionTime: Date.now() - startTime,
362
- error: "Rule not found"
363
- };
364
- }
365
- if (!rule.enabled) {
366
- return {
367
- success: false,
368
- ruleId: rule.ruleId,
369
- ruleName: rule.ruleName,
370
- conditionResult: false,
371
- actionsExecuted: null,
372
- executionTime: Date.now() - startTime,
373
- error: "Rule is disabled"
374
- };
375
- }
376
- const now = /* @__PURE__ */ new Date();
377
- if (rule.effectiveFrom && rule.effectiveFrom > now) {
378
- return {
379
- success: false,
380
- ruleId: rule.ruleId,
381
- ruleName: rule.ruleName,
382
- conditionResult: false,
383
- actionsExecuted: null,
384
- executionTime: Date.now() - startTime,
385
- error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`
386
- };
387
- }
388
- if (rule.effectiveTo && rule.effectiveTo < now) {
389
- return {
390
- success: false,
391
- ruleId: rule.ruleId,
392
- ruleName: rule.ruleName,
393
- conditionResult: false,
394
- actionsExecuted: null,
395
- executionTime: Date.now() - startTime,
396
- error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`
397
- };
398
- }
399
- const engineContext = {
400
- entityType: context.entityType || rule.entityType,
401
- entityId: context.entityId,
402
- eventType: context.eventType || rule.eventType || void 0,
403
- data: context.data,
404
- user: context.user,
405
- tenantId: context.tenantId,
406
- organizationId: context.organizationId,
407
- executedBy: context.executedBy,
408
- dryRun: context.dryRun
409
- };
410
- const result = await executeSingleRule(em, rule, engineContext);
411
- return {
412
- success: !result.error,
413
- ruleId: rule.ruleId,
414
- ruleName: rule.ruleName,
415
- conditionResult: result.conditionResult,
416
- actionsExecuted: result.actionsExecuted,
417
- executionTime: result.executionTime,
418
- error: result.error,
419
- logId: result.logId
420
- };
421
- }
422
243
  const SENSITIVE_FIELD_PATTERNS = [
423
244
  /password/i,
424
245
  /passwd/i,
@@ -504,8 +325,6 @@ async function logRuleExecution(em, options) {
504
325
  return log.id;
505
326
  }
506
327
  export {
507
- executeRuleById,
508
- executeRuleByRuleId,
509
328
  executeRules,
510
329
  executeSingleRule,
511
330
  findApplicableRules,