npm - @open-mercato/core - Versions diffs - 0.4.2-canary-ed15f2e753 → 0.4.2-canary-f075c3eb92 - Mend

@open-mercato/core 0.4.2-canary-ed15f2e753 → 0.4.2-canary-f075c3eb92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/dist/modules/business_rules/lib/rule-engine.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/business_rules/lib/rule-engine.ts"],
-  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/core'\nimport { BusinessRule, RuleExecutionLog, type RuleType } from '../data/entities'\nimport * as ruleEvaluator from './rule-evaluator'\nimport * as actionExecutor from './action-executor'\nimport type { RuleEvaluationContext } from './rule-evaluator'\nimport type { ActionContext, ActionExecutionOutcome } from './action-executor'\nimport { ruleEngineContextSchema, ruleDiscoveryOptionsSchema, directRuleExecutionContextSchema, ruleIdExecutionContextSchema } from '../data/validators'\n\n/**\n * Constants\n */\nconst DEFAULT_ENTITY_ID = 'unknown'\nconst RULE_TYPE_GUARD = 'GUARD'\nconst EXECUTION_RESULT_ERROR = 'ERROR'\nconst EXECUTION_RESULT_SUCCESS = 'SUCCESS'\nconst EXECUTION_RESULT_FAILURE = 'FAILURE'\n\n/**\n * Execution limits\n */\nconst MAX_RULES_PER_EXECUTION = 100\nconst MAX_SINGLE_RULE_TIMEOUT_MS = 30000  // 30 seconds\nconst MAX_TOTAL_EXECUTION_TIMEOUT_MS = 60000  // 60 seconds\n\n/**\n * Rule execution context\n */\nexport interface RuleEngineContext {\n  entityType: string\n  entityId?: string\n  eventType?: string\n  data: any\n  user?: {\n    id?: string\n    email?: string\n    role?: string\n    [key: string]: any\n  }\n  tenant?: {\n    id?: string\n    [key: string]: any\n  }\n  organization?: {\n    id?: string\n    [key: string]: any\n  }\n  tenantId: string\n  organizationId: string\n  executedBy?: string\n  dryRun?: boolean\n  [key: string]: any\n}\n\n/**\n * Single rule execution result\n */\nexport interface RuleExecutionResult {\n  rule: BusinessRule\n  conditionResult: boolean\n  actionsExecuted: ActionExecutionOutcome | null\n  executionTime: number\n  error?: string\n  logId?: string  // Database log ID (if logged)\n}\n\n/**\n * Overall rule engine result\n */\nexport interface RuleEngineResult {\n  allowed: boolean\n  executedRules: RuleExecutionResult[]\n  totalExecutionTime: number\n  errors?: string[]\n  logIds?: string[]\n}\n\n/**\n * Rule discovery options\n */\nexport interface RuleDiscoveryOptions {\n  entityType: string\n  eventType?: string\n  tenantId: string\n  organizationId: string\n  ruleType?: RuleType\n}\n\n/**\n * Direct rule execution context (for executing a specific rule by ID)\n */\nexport interface DirectRuleExecutionContext {\n  ruleId: string  // Database UUID of the rule\n  data: any\n  user?: {\n    id?: string\n    email?: string\n    role?: string\n    [key: string]: any\n  }\n  tenantId: string\n  organizationId: string\n  executedBy?: string\n  dryRun?: boolean\n  // Optional for logging (falls back to rule's entityType)\n  entityType?: string\n  entityId?: string\n  eventType?: string\n}\n\n/**\n * Direct rule execution result\n */\nexport interface DirectRuleExecutionResult {\n  success: boolean\n  ruleId: string\n  ruleName: string\n  conditionResult: boolean\n  actionsExecuted: ActionExecutionOutcome | null\n  executionTime: number\n  error?: string\n  logId?: string\n}\n\n/**\n * Context for executing a rule by its string rule_id identifier\n * Unlike DirectRuleExecutionContext which uses database UUID,\n * this uses the string identifier (e.g., \"workflow_checkout_inventory_available\")\n */\nexport interface RuleIdExecutionContext {\n  ruleId: string  // String identifier (e.g., \"workflow_checkout_inventory_available\")\n  data: any\n  user?: {\n    id?: string\n    email?: string\n    role?: string\n    [key: string]: any\n  }\n  tenantId: string\n  organizationId: string\n  executedBy?: string\n  dryRun?: boolean\n  entityType?: string\n  entityId?: string\n  eventType?: string\n}\n\n/**\n * Execute a function with a timeout\n */\nasync function withTimeout<T>(\n  promise: Promise<T>,\n  timeoutMs: number,\n  errorMessage: string\n): Promise<T> {\n  let timeoutId: NodeJS.Timeout\n\n  const timeoutPromise = new Promise<never>((_, reject) => {\n    timeoutId = setTimeout(() => {\n      reject(new Error(`${errorMessage} (timeout: ${timeoutMs}ms)`))\n    }, timeoutMs)\n  })\n\n  try {\n    return await Promise.race([promise, timeoutPromise])\n  } finally {\n    clearTimeout(timeoutId!)\n  }\n}\n\n/**\n * Execute all applicable rules for the given context\n */\nexport async function executeRules(\n  em: EntityManager,\n  context: RuleEngineContext\n): Promise<RuleEngineResult> {\n  // Validate input\n  const validation = ruleEngineContextSchema.safeParse(context)\n  if (!validation.success) {\n    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return {\n      allowed: false,\n      executedRules: [],\n      totalExecutionTime: 0,\n      errors: validationErrors,\n    }\n  }\n\n  const startTime = Date.now()\n  const executedRules: RuleExecutionResult[] = []\n  const errors: string[] = []\n  const logIds: string[] = []\n\n  try {\n    // Discover applicable rules\n    const rules = await findApplicableRules(em, {\n      entityType: context.entityType,\n      eventType: context.eventType,\n      tenantId: context.tenantId,\n      organizationId: context.organizationId,\n    })\n\n    // Check rule count limit\n    if (rules.length > MAX_RULES_PER_EXECUTION) {\n      errors.push(\n        `Rule count limit exceeded: ${rules.length} rules found, maximum is ${MAX_RULES_PER_EXECUTION}`\n      )\n      return {\n        allowed: false,\n        executedRules: [],\n        totalExecutionTime: Date.now() - startTime,\n        errors,\n      }\n    }\n\n    // Rules already sorted by database query (priority DESC, ruleId ASC)\n    // Execute each rule with total timeout\n    const executionPromise = (async () => {\n      for (const rule of rules) {\n      try {\n        const ruleResult = await executeSingleRule(em, rule, context)\n        executedRules.push(ruleResult)\n\n        if (ruleResult.logId) {\n          logIds.push(ruleResult.logId)\n        }\n\n        if (ruleResult.error) {\n          errors.push(\n            `Rule execution failed [ruleId=${rule.ruleId}, type=${rule.ruleType}, entityType=${context.entityType}]: ${ruleResult.error}`\n          )\n        }\n      } catch (error) {\n        const errorMessage = error instanceof Error ? error.message : String(error)\n        errors.push(\n          `Unexpected error in rule execution [ruleId=${rule.ruleId}, type=${rule.ruleType}]: ${errorMessage}`\n        )\n\n        executedRules.push({\n          rule,\n          conditionResult: false,\n          actionsExecuted: null,\n          executionTime: 0,\n          error: errorMessage,\n        })\n      }\n      }\n    })()\n\n    // Execute with timeout\n    await withTimeout(\n      executionPromise,\n      MAX_TOTAL_EXECUTION_TIMEOUT_MS,\n      `Total rule execution timeout [entityType=${context.entityType}]`\n    )\n\n    // Determine overall allowed status\n    // For GUARD rules: all must pass for operation to be allowed\n    const guardRules = executedRules.filter((r) => r.rule.ruleType === RULE_TYPE_GUARD)\n    const allowed = guardRules.length === 0 || guardRules.every((r) => r.conditionResult)\n\n    const totalExecutionTime = Date.now() - startTime\n\n    return {\n      allowed,\n      executedRules,\n      totalExecutionTime,\n      errors: errors.length > 0 ? errors : undefined,\n      logIds: logIds.length > 0 ? logIds : undefined,\n    }\n  } catch (error) {\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    const stack = error instanceof Error ? error.stack : undefined\n    errors.push(\n      `Critical rule engine error [entityType=${context.entityType}, entityId=${context.entityId || 'unknown'}]: ${errorMessage}${stack ? `\\nStack: ${stack}` : ''}`\n    )\n\n    const totalExecutionTime = Date.now() - startTime\n\n    return {\n      allowed: false,\n      executedRules,\n      totalExecutionTime,\n      errors,\n    }\n  }\n}\n\n/**\n * Execute a single rule\n */\nexport async function executeSingleRule(\n  em: EntityManager,\n  rule: BusinessRule,\n  context: RuleEngineContext\n): Promise<RuleExecutionResult> {\n  const startTime = Date.now()\n\n  try {\n    // Wrap execution in timeout\n    const executeWithTimeout = async () => {\n      // Build evaluation context\n      const evalContext: RuleEvaluationContext = {\n        entityType: context.entityType,\n        entityId: context.entityId,\n        eventType: context.eventType,\n        user: context.user,\n        tenant: context.tenant,\n        organization: context.organization,\n      }\n\n      // Evaluate rule conditions\n      const result = await ruleEvaluator.evaluateSingleRule(rule, context.data, evalContext)\n\n      // Check if evaluation completed (not just if conditions passed)\n      if (!result.evaluationCompleted) {\n        const executionTime = Date.now() - startTime\n\n        let logId: string | undefined\n\n        // Log failure if not dry run\n        if (!context.dryRun) {\n          logId = await logRuleExecution(em, {\n            rule,\n            context,\n            conditionResult: false,\n            actionsExecuted: null,\n            executionTime,\n            error: result.error,\n          })\n        }\n\n        return {\n          rule,\n          conditionResult: false,\n          actionsExecuted: null,\n          executionTime,\n          error: result.error,\n          logId,\n        }\n      }\n\n      // Evaluation completed successfully - determine which actions to execute\n      const actions = result.conditionsPassed ? rule.successActions : rule.failureActions\n\n      let actionsExecuted: ActionExecutionOutcome | null = null\n\n      if (actions && Array.isArray(actions) && actions.length > 0) {\n        // Build action context\n        const actionContext: ActionContext = {\n          ...evalContext,\n          data: context.data,\n          ruleId: rule.ruleId,\n          ruleName: rule.ruleName,\n        }\n\n        // Execute actions\n        actionsExecuted = await actionExecutor.executeActions(actions, actionContext)\n      }\n\n      const executionTime = Date.now() - startTime\n\n      let logId: string | undefined\n\n      // Log execution if not dry run\n      if (!context.dryRun) {\n        logId = await logRuleExecution(em, {\n          rule,\n          context,\n          conditionResult: result.conditionsPassed,\n          actionsExecuted,\n          executionTime,\n        })\n      }\n\n      return {\n        rule,\n        conditionResult: result.conditionsPassed,\n        actionsExecuted,\n        executionTime,\n        logId,\n      }\n    }\n\n    // Execute with single rule timeout\n    return await withTimeout(\n      executeWithTimeout(),\n      MAX_SINGLE_RULE_TIMEOUT_MS,\n      `Single rule execution timeout [ruleId=${rule.ruleId}]`\n    )\n  } catch (error) {\n    const executionTime = Date.now() - startTime\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    const enhancedError = `Failed to execute rule [ruleId=${rule.ruleId}, entityType=${context.entityType}]: ${errorMessage}`\n\n    let logId: string | undefined\n\n    // Log error if not dry run\n    if (!context.dryRun) {\n      logId = await logRuleExecution(em, {\n        rule,\n        context,\n        conditionResult: false,\n        actionsExecuted: null,\n        executionTime,\n        error: enhancedError,\n      })\n    }\n\n    return {\n      rule,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime,\n      error: enhancedError,\n      logId,\n    }\n  }\n}\n\n/**\n * Find all applicable rules for the given criteria\n */\nexport async function findApplicableRules(\n  em: EntityManager,\n  options: RuleDiscoveryOptions\n): Promise<BusinessRule[]> {\n  // Validate input\n  ruleDiscoveryOptionsSchema.parse(options)\n\n  const { entityType, eventType, tenantId, organizationId, ruleType } = options\n\n  const where: Partial<BusinessRule> = {\n    entityType,\n    tenantId,\n    organizationId,\n    enabled: true,\n    deletedAt: null,\n  }\n\n  if (eventType) {\n    where.eventType = eventType\n  }\n\n  if (ruleType) {\n    where.ruleType = ruleType\n  }\n\n  const rules = await em.find(BusinessRule, where, {\n    orderBy: { priority: 'DESC', ruleId: 'ASC' },\n  })\n\n  // Filter by effective date range\n  const now = new Date()\n  return rules.filter((rule) => {\n    if (rule.effectiveFrom && rule.effectiveFrom > now) {\n      return false\n    }\n    if (rule.effectiveTo && rule.effectiveTo < now) {\n      return false\n    }\n    return true\n  })\n}\n\n/**\n * Execute a specific rule by its database UUID\n * This bypasses the entityType/eventType discovery mechanism and directly executes the rule\n */\nexport async function executeRuleById(\n  em: EntityManager,\n  context: DirectRuleExecutionContext\n): Promise<DirectRuleExecutionResult> {\n  const startTime = Date.now()\n\n  // Validate input\n  const validation = directRuleExecutionContextSchema.safeParse(context)\n  if (!validation.success) {\n    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return {\n      success: false,\n      ruleId: context.ruleId,\n      ruleName: 'Unknown',\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Validation failed: ${validationErrors.join(', ')}`,\n    }\n  }\n\n  // Fetch rule by ID with tenant/org validation\n  const rule = await em.findOne(BusinessRule, {\n    id: context.ruleId,\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    deletedAt: null,\n  })\n\n  if (!rule) {\n    return {\n      success: false,\n      ruleId: context.ruleId,\n      ruleName: 'Unknown',\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: 'Rule not found',\n    }\n  }\n\n  if (!rule.enabled) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: 'Rule is disabled',\n    }\n  }\n\n  // Check effective date range\n  const now = new Date()\n  if (rule.effectiveFrom && rule.effectiveFrom > now) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`,\n    }\n  }\n  if (rule.effectiveTo && rule.effectiveTo < now) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`,\n    }\n  }\n\n  // Build RuleEngineContext (use provided entityType or fall back to rule's)\n  const engineContext: RuleEngineContext = {\n    entityType: context.entityType || rule.entityType,\n    entityId: context.entityId,\n    eventType: context.eventType || rule.eventType || undefined,\n    data: context.data,\n    user: context.user,\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    executedBy: context.executedBy,\n    dryRun: context.dryRun,\n  }\n\n  // Execute via existing executeSingleRule\n  const result = await executeSingleRule(em, rule, engineContext)\n\n  return {\n    success: !result.error,\n    ruleId: rule.ruleId,\n    ruleName: rule.ruleName,\n    conditionResult: result.conditionResult,\n    actionsExecuted: result.actionsExecuted,\n    executionTime: result.executionTime,\n    error: result.error,\n    logId: result.logId,\n  }\n}\n\n/**\n * Execute a rule by its string rule_id identifier\n * Looks up rule by rule_id (string column) + tenant_id (unique constraint)\n * This is useful for workflow conditions that reference rules by their string identifiers\n */\nexport async function executeRuleByRuleId(\n  em: EntityManager,\n  context: RuleIdExecutionContext\n): Promise<DirectRuleExecutionResult> {\n  const startTime = Date.now()\n\n  // Validate input\n  const validation = ruleIdExecutionContextSchema.safeParse(context)\n  if (!validation.success) {\n    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return {\n      success: false,\n      ruleId: context.ruleId || 'unknown',\n      ruleName: 'Unknown',\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Validation failed: ${validationErrors.join(', ')}`,\n    }\n  }\n\n  // Fetch rule by rule_id (string identifier) + tenant/org\n  const rule = await em.findOne(BusinessRule, {\n    ruleId: context.ruleId,  // String identifier column\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    deletedAt: null,\n  })\n\n  if (!rule) {\n    return {\n      success: false,\n      ruleId: context.ruleId,\n      ruleName: 'Unknown',\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: 'Rule not found',\n    }\n  }\n\n  if (!rule.enabled) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: 'Rule is disabled',\n    }\n  }\n\n  // Check effective date range\n  const now = new Date()\n  if (rule.effectiveFrom && rule.effectiveFrom > now) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Rule is not yet effective (starts ${rule.effectiveFrom.toISOString()})`,\n    }\n  }\n  if (rule.effectiveTo && rule.effectiveTo < now) {\n    return {\n      success: false,\n      ruleId: rule.ruleId,\n      ruleName: rule.ruleName,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime: Date.now() - startTime,\n      error: `Rule has expired (ended ${rule.effectiveTo.toISOString()})`,\n    }\n  }\n\n  // Build RuleEngineContext (use provided entityType or fall back to rule's)\n  const engineContext: RuleEngineContext = {\n    entityType: context.entityType || rule.entityType,\n    entityId: context.entityId,\n    eventType: context.eventType || rule.eventType || undefined,\n    data: context.data,\n    user: context.user,\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    executedBy: context.executedBy,\n    dryRun: context.dryRun,\n  }\n\n  // Execute via existing executeSingleRule\n  const result = await executeSingleRule(em, rule, engineContext)\n\n  return {\n    success: !result.error,\n    ruleId: rule.ruleId,\n    ruleName: rule.ruleName,\n    conditionResult: result.conditionResult,\n    actionsExecuted: result.actionsExecuted,\n    executionTime: result.executionTime,\n    error: result.error,\n    logId: result.logId,\n  }\n}\n\n/**\n * Sensitive field patterns to exclude from logs\n */\nconst SENSITIVE_FIELD_PATTERNS = [\n  /password/i,\n  /passwd/i,\n  /pwd/i,\n  /secret/i,\n  /token/i,\n  /api[_-]?key/i,\n  /auth/i,\n  /credit[_-]?card/i,\n  /card[_-]?number/i,\n  /cvv/i,\n  /ssn/i,\n  /social[_-]?security/i,\n  /tax[_-]?id/i,\n  /driver[_-]?license/i,\n  /passport/i,\n]\n\n/**\n * Maximum depth for nested object sanitization\n */\nconst MAX_SANITIZATION_DEPTH = 5\n\n/**\n * Sanitize data for logging by removing sensitive fields\n */\nfunction sanitizeForLogging(data: any, depth: number = 0): any {\n  // Prevent infinite recursion\n  if (depth > MAX_SANITIZATION_DEPTH) {\n    return '[Max depth exceeded]'\n  }\n\n  // Handle null/undefined\n  if (data === null || data === undefined) {\n    return data\n  }\n\n  // Handle primitives\n  if (typeof data !== 'object') {\n    return data\n  }\n\n  // Handle arrays\n  if (Array.isArray(data)) {\n    return data.map(item => sanitizeForLogging(item, depth + 1))\n  }\n\n  // Handle objects\n  const sanitized: Record<string, any> = {}\n\n  for (const [key, value] of Object.entries(data)) {\n    // Check if field name matches sensitive patterns\n    const isSensitive = SENSITIVE_FIELD_PATTERNS.some(pattern => pattern.test(key))\n\n    if (isSensitive) {\n      sanitized[key] = '[REDACTED]'\n    } else if (typeof value === 'object' && value !== null) {\n      sanitized[key] = sanitizeForLogging(value, depth + 1)\n    } else {\n      sanitized[key] = value\n    }\n  }\n\n  return sanitized\n}\n\n/**\n * Sanitize user object for logging (keep only safe fields)\n */\nfunction sanitizeUser(user: any): any {\n  if (!user) {\n    return undefined\n  }\n\n  // Only log safe user fields\n  return {\n    id: user.id,\n    role: user.role,\n    // Don't log: email, name, phone, address, etc.\n  }\n}\n\n/**\n * Log rule execution to database\n */\ninterface LogExecutionOptions {\n  rule: BusinessRule\n  context: RuleEngineContext\n  conditionResult: boolean\n  actionsExecuted: ActionExecutionOutcome | null\n  executionTime: number\n  error?: string\n}\n\nexport async function logRuleExecution(\n  em: EntityManager,\n  options: LogExecutionOptions\n): Promise<string> {\n  const { rule, context, conditionResult, actionsExecuted, executionTime, error } = options\n\n  const executionResult: 'SUCCESS' | 'FAILURE' | 'ERROR' = error\n    ? EXECUTION_RESULT_ERROR\n    : conditionResult\n      ? EXECUTION_RESULT_SUCCESS\n      : EXECUTION_RESULT_FAILURE\n\n  const log = em.create(RuleExecutionLog, {\n    rule,\n    entityId: context.entityId || DEFAULT_ENTITY_ID,\n    entityType: context.entityType,\n    executionResult,\n    inputContext: {\n      data: sanitizeForLogging(context.data),\n      eventType: context.eventType,\n      user: sanitizeUser(context.user),\n    },\n    outputContext: actionsExecuted\n      ? {\n          conditionResult,\n          actionsExecuted: actionsExecuted.results.map((r) => ({\n            type: r.action.type,\n            success: r.success,\n            error: r.error,\n          })),\n        }\n      : null,\n    errorMessage: error || null,\n    executionTimeMs: executionTime,\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    executedBy: context.executedBy || null,\n  })\n\n  await em.persistAndFlush(log)\n\n  return log.id\n}\n"],
-  "mappings": "AACA,SAAS,cAAc,wBAAuC;AAC9D,YAAY,mBAAmB;AAC/B,YAAY,oBAAoB;AAGhC,SAAS,yBAAyB,4BAA4B,kCAAkC,oCAAoC;AAKpI,MAAM,oBAAoB;AAC1B,MAAM,kBAAkB;AACxB,MAAM,yBAAyB;AAC/B,MAAM,2BAA2B;AACjC,MAAM,2BAA2B;AAKjC,MAAM,0BAA0B;AAChC,MAAM,6BAA6B;AACnC,MAAM,iCAAiC;AA+HvC,eAAe,YACb,SACA,WACA,cACY;AACZ,MAAI;AAEJ,QAAM,iBAAiB,IAAI,QAAe,CAAC,GAAG,WAAW;AACvD,gBAAY,WAAW,MAAM;AAC3B,aAAO,IAAI,MAAM,GAAG,YAAY,cAAc,SAAS,KAAK,CAAC;AAAA,IAC/D,GAAG,SAAS;AAAA,EACd,CAAC;AAED,MAAI;AACF,WAAO,MAAM,QAAQ,KAAK,CAAC,SAAS,cAAc,CAAC;AAAA,EACrD,UAAE;AACA,iBAAa,SAAU;AAAA,EACzB;AACF;AAKA,eAAsB,aACpB,IACA,SAC2B;AAE3B,QAAM,aAAa,wBAAwB,UAAU,OAAO;AAC5D,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,mBAAmB,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7F,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe,CAAC;AAAA,MAChB,oBAAoB;AAAA,MACpB,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,gBAAuC,CAAC;AAC9C,QAAM,SAAmB,CAAC;AAC1B,QAAM,SAAmB,CAAC;AAE1B,MAAI;AAEF,UAAM,QAAQ,MAAM,oBAAoB,IAAI;AAAA,MAC1C,YAAY,QAAQ;AAAA,MACpB,WAAW,QAAQ;AAAA,MACnB,UAAU,QAAQ;AAAA,MAClB,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AAGD,QAAI,MAAM,SAAS,yBAAyB;AAC1C,aAAO;AAAA,QACL,8BAA8B,MAAM,MAAM,4BAA4B,uBAAuB;AAAA,MAC/F;AACA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe,CAAC;AAAA,QAChB,oBAAoB,KAAK,IAAI,IAAI;AAAA,QACjC;AAAA,MACF;AAAA,IACF;AAIA,UAAM,oBAAoB,YAAY;AACpC,iBAAW,QAAQ,OAAO;AAC1B,YAAI;AACF,gBAAM,aAAa,MAAM,kBAAkB,IAAI,MAAM,OAAO;AAC5D,wBAAc,KAAK,UAAU;AAE7B,cAAI,WAAW,OAAO;AACpB,mBAAO,KAAK,WAAW,KAAK;AAAA,UAC9B;AAEA,cAAI,WAAW,OAAO;AACpB,mBAAO;AAAA,cACL,iCAAiC,KAAK,MAAM,UAAU,KAAK,QAAQ,gBAAgB,QAAQ,UAAU,MAAM,WAAW,KAAK;AAAA,YAC7H;AAAA,UACF;AAAA,QACF,SAAS,OAAO;AACd,gBAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,iBAAO;AAAA,YACL,8CAA8C,KAAK,MAAM,UAAU,KAAK,QAAQ,MAAM,YAAY;AAAA,UACpG;AAEA,wBAAc,KAAK;AAAA,YACjB;AAAA,YACA,iBAAiB;AAAA,YACjB,iBAAiB;AAAA,YACjB,eAAe;AAAA,YACf,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACA;AAAA,IACF,GAAG;AAGH,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,4CAA4C,QAAQ,UAAU;AAAA,IAChE;AAIA,UAAM,aAAa,cAAc,OAAO,CAAC,MAAM,EAAE,KAAK,aAAa,eAAe;AAClF,UAAM,UAAU,WAAW,WAAW,KAAK,WAAW,MAAM,CAAC,MAAM,EAAE,eAAe;AAEpF,UAAM,qBAAqB,KAAK,IAAI,IAAI;AAExC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ,OAAO,SAAS,IAAI,SAAS;AAAA,MACrC,QAAQ,OAAO,SAAS,IAAI,SAAS;AAAA,IACvC;AAAA,EACF,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,UAAM,QAAQ,iBAAiB,QAAQ,MAAM,QAAQ;AACrD,WAAO;AAAA,MACL,0CAA0C,QAAQ,UAAU,cAAc,QAAQ,YAAY,SAAS,MAAM,YAAY,GAAG,QAAQ;AAAA,SAAY,KAAK,KAAK,EAAE;AAAA,IAC9J;AAEA,UAAM,qBAAqB,KAAK,IAAI,IAAI;AAExC,WAAO;AAAA,MACL,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAKA,eAAsB,kBACpB,IACA,MACA,SAC8B;AAC9B,QAAM,YAAY,KAAK,IAAI;AAE3B,MAAI;AAEF,UAAM,qBAAqB,YAAY;AAErC,YAAM,cAAqC;AAAA,QACzC,YAAY,QAAQ;AAAA,QACpB,UAAU,QAAQ;AAAA,QAClB,WAAW,QAAQ;AAAA,QACnB,MAAM,QAAQ;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,cAAc,QAAQ;AAAA,MACxB;AAGA,YAAM,SAAS,MAAM,cAAc,mBAAmB,MAAM,QAAQ,MAAM,WAAW;AAGrF,UAAI,CAAC,OAAO,qBAAqB;AAC/B,cAAMA,iBAAgB,KAAK,IAAI,IAAI;AAEnC,YAAIC;AAGJ,YAAI,CAAC,QAAQ,QAAQ;AACnB,UAAAA,SAAQ,MAAM,iBAAiB,IAAI;AAAA,YACjC;AAAA,YACA;AAAA,YACA,iBAAiB;AAAA,YACjB,iBAAiB;AAAA,YACjB,eAAAD;AAAA,YACA,OAAO,OAAO;AAAA,UAChB,CAAC;AAAA,QACH;AAEA,eAAO;AAAA,UACL;AAAA,UACA,iBAAiB;AAAA,UACjB,iBAAiB;AAAA,UACjB,eAAAA;AAAA,UACA,OAAO,OAAO;AAAA,UACd,OAAAC;AAAA,QACF;AAAA,MACF;AAGA,YAAM,UAAU,OAAO,mBAAmB,KAAK,iBAAiB,KAAK;AAErE,UAAI,kBAAiD;AAErD,UAAI,WAAW,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAE3D,cAAM,gBAA+B;AAAA,UACnC,GAAG;AAAA,UACH,MAAM,QAAQ;AAAA,UACd,QAAQ,KAAK;AAAA,UACb,UAAU,KAAK;AAAA,QACjB;AAGA,0BAAkB,MAAM,eAAe,eAAe,SAAS,aAAa;AAAA,MAC9E;AAEA,YAAM,gBAAgB,KAAK,IAAI,IAAI;AAEnC,UAAI;AAGJ,UAAI,CAAC,QAAQ,QAAQ;AACnB,gBAAQ,MAAM,iBAAiB,IAAI;AAAA,UACjC;AAAA,UACA;AAAA,UACA,iBAAiB,OAAO;AAAA,UACxB;AAAA,UACA;AAAA,QACF,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL;AAAA,QACA,iBAAiB,OAAO;AAAA,QACxB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,WAAO,MAAM;AAAA,MACX,mBAAmB;AAAA,MACnB;AAAA,MACA,yCAAyC,KAAK,MAAM;AAAA,IACtD;AAAA,EACF,SAAS,OAAO;AACd,UAAM,gBAAgB,KAAK,IAAI,IAAI;AACnC,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,UAAM,gBAAgB,kCAAkC,KAAK,MAAM,gBAAgB,QAAQ,UAAU,MAAM,YAAY;AAEvH,QAAI;AAGJ,QAAI,CAAC,QAAQ,QAAQ;AACnB,cAAQ,MAAM,iBAAiB,IAAI;AAAA,QACjC;AAAA,QACA;AAAA,QACA,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,QACjB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB;AAAA,MACA,OAAO;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKA,eAAsB,oBACpB,IACA,SACyB;AAEzB,6BAA2B,MAAM,OAAO;AAExC,QAAM,EAAE,YAAY,WAAW,UAAU,gBAAgB,SAAS,IAAI;AAEtE,QAAM,QAA+B;AAAA,IACnC;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AAEA,MAAI,WAAW;AACb,UAAM,YAAY;AAAA,EACpB;AAEA,MAAI,UAAU;AACZ,UAAM,WAAW;AAAA,EACnB;AAEA,QAAM,QAAQ,MAAM,GAAG,KAAK,cAAc,OAAO;AAAA,IAC/C,SAAS,EAAE,UAAU,QAAQ,QAAQ,MAAM;AAAA,EAC7C,CAAC;AAGD,QAAM,MAAM,oBAAI,KAAK;AACrB,SAAO,MAAM,OAAO,CAAC,SAAS;AAC5B,QAAI,KAAK,iBAAiB,KAAK,gBAAgB,KAAK;AAClD,aAAO;AAAA,IACT;AACA,QAAI,KAAK,eAAe,KAAK,cAAc,KAAK;AAC9C,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,CAAC;AACH;AAMA,eAAsB,gBACpB,IACA,SACoC;AACpC,QAAM,YAAY,KAAK,IAAI;AAG3B,QAAM,aAAa,iCAAiC,UAAU,OAAO;AACrE,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,mBAAmB,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7F,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,QAAQ;AAAA,MAChB,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,sBAAsB,iBAAiB,KAAK,IAAI,CAAC;AAAA,IAC1D;AAAA,EACF;AAGA,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,QAAQ;AAAA,IACZ,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,QAAQ;AAAA,MAChB,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,KAAK,SAAS;AACjB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO;AAAA,IACT;AAAA,EACF;AAGA,QAAM,MAAM,oBAAI,KAAK;AACrB,MAAI,KAAK,iBAAiB,KAAK,gBAAgB,KAAK;AAClD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,qCAAqC,KAAK,cAAc,YAAY,CAAC;AAAA,IAC9E;AAAA,EACF;AACA,MAAI,KAAK,eAAe,KAAK,cAAc,KAAK;AAC9C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,2BAA2B,KAAK,YAAY,YAAY,CAAC;AAAA,IAClE;AAAA,EACF;AAGA,QAAM,gBAAmC;AAAA,IACvC,YAAY,QAAQ,cAAc,KAAK;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,WAAW,QAAQ,aAAa,KAAK,aAAa;AAAA,IAClD,MAAM,QAAQ;AAAA,IACd,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ;AAAA,IACpB,QAAQ,QAAQ;AAAA,EAClB;AAGA,QAAM,SAAS,MAAM,kBAAkB,IAAI,MAAM,aAAa;AAE9D,SAAO;AAAA,IACL,SAAS,CAAC,OAAO;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,iBAAiB,OAAO;AAAA,IACxB,iBAAiB,OAAO;AAAA,IACxB,eAAe,OAAO;AAAA,IACtB,OAAO,OAAO;AAAA,IACd,OAAO,OAAO;AAAA,EAChB;AACF;AAOA,eAAsB,oBACpB,IACA,SACoC;AACpC,QAAM,YAAY,KAAK,IAAI;AAG3B,QAAM,aAAa,6BAA6B,UAAU,OAAO;AACjE,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,mBAAmB,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7F,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,QAAQ,UAAU;AAAA,MAC1B,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,sBAAsB,iBAAiB,KAAK,IAAI,CAAC;AAAA,IAC1D;AAAA,EACF;AAGA,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,QAAQ,QAAQ;AAAA;AAAA,IAChB,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,QAAQ;AAAA,MAChB,UAAU;AAAA,MACV,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,CAAC,KAAK,SAAS;AACjB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO;AAAA,IACT;AAAA,EACF;AAGA,QAAM,MAAM,oBAAI,KAAK;AACrB,MAAI,KAAK,iBAAiB,KAAK,gBAAgB,KAAK;AAClD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,qCAAqC,KAAK,cAAc,YAAY,CAAC;AAAA,IAC9E;AAAA,EACF;AACA,MAAI,KAAK,eAAe,KAAK,cAAc,KAAK;AAC9C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB,eAAe,KAAK,IAAI,IAAI;AAAA,MAC5B,OAAO,2BAA2B,KAAK,YAAY,YAAY,CAAC;AAAA,IAClE;AAAA,EACF;AAGA,QAAM,gBAAmC;AAAA,IACvC,YAAY,QAAQ,cAAc,KAAK;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,WAAW,QAAQ,aAAa,KAAK,aAAa;AAAA,IAClD,MAAM,QAAQ;AAAA,IACd,MAAM,QAAQ;AAAA,IACd,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ;AAAA,IACpB,QAAQ,QAAQ;AAAA,EAClB;AAGA,QAAM,SAAS,MAAM,kBAAkB,IAAI,MAAM,aAAa;AAE9D,SAAO;AAAA,IACL,SAAS,CAAC,OAAO;AAAA,IACjB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,iBAAiB,OAAO;AAAA,IACxB,iBAAiB,OAAO;AAAA,IACxB,eAAe,OAAO;AAAA,IACtB,OAAO,OAAO;AAAA,IACd,OAAO,OAAO;AAAA,EAChB;AACF;AAKA,MAAM,2BAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,MAAM,yBAAyB;AAK/B,SAAS,mBAAmB,MAAW,QAAgB,GAAQ;AAE7D,MAAI,QAAQ,wBAAwB;AAClC,WAAO;AAAA,EACT;AAGA,MAAI,SAAS,QAAQ,SAAS,QAAW;AACvC,WAAO;AAAA,EACT;AAGA,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO;AAAA,EACT;AAGA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,KAAK,IAAI,UAAQ,mBAAmB,MAAM,QAAQ,CAAC,CAAC;AAAA,EAC7D;AAGA,QAAM,YAAiC,CAAC;AAExC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAE/C,UAAM,cAAc,yBAAyB,KAAK,aAAW,QAAQ,KAAK,GAAG,CAAC;AAE9E,QAAI,aAAa;AACf,gBAAU,GAAG,IAAI;AAAA,IACnB,WAAW,OAAO,UAAU,YAAY,UAAU,MAAM;AACtD,gBAAU,GAAG,IAAI,mBAAmB,OAAO,QAAQ,CAAC;AAAA,IACtD,OAAO;AACL,gBAAU,GAAG,IAAI;AAAA,IACnB;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,aAAa,MAAgB;AACpC,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AAGA,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA;AAAA,EAEb;AACF;AAcA,eAAsB,iBACpB,IACA,SACiB;AACjB,QAAM,EAAE,MAAM,SAAS,iBAAiB,iBAAiB,eAAe,MAAM,IAAI;AAElF,QAAM,kBAAmD,QACrD,yBACA,kBACE,2BACA;AAEN,QAAM,MAAM,GAAG,OAAO,kBAAkB;AAAA,IACtC;AAAA,IACA,UAAU,QAAQ,YAAY;AAAA,IAC9B,YAAY,QAAQ;AAAA,IACpB;AAAA,IACA,cAAc;AAAA,MACZ,MAAM,mBAAmB,QAAQ,IAAI;AAAA,MACrC,WAAW,QAAQ;AAAA,MACnB,MAAM,aAAa,QAAQ,IAAI;AAAA,IACjC;AAAA,IACA,eAAe,kBACX;AAAA,MACE;AAAA,MACA,iBAAiB,gBAAgB,QAAQ,IAAI,CAAC,OAAO;AAAA,QACnD,MAAM,EAAE,OAAO;AAAA,QACf,SAAS,EAAE;AAAA,QACX,OAAO,EAAE;AAAA,MACX,EAAE;AAAA,IACJ,IACA;AAAA,IACJ,cAAc,SAAS;AAAA,IACvB,iBAAiB;AAAA,IACjB,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ,cAAc;AAAA,EACpC,CAAC;AAED,QAAM,GAAG,gBAAgB,GAAG;AAE5B,SAAO,IAAI;AACb;",
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/core'\nimport { BusinessRule, RuleExecutionLog, type RuleType } from '../data/entities'\nimport * as ruleEvaluator from './rule-evaluator'\nimport * as actionExecutor from './action-executor'\nimport type { RuleEvaluationContext } from './rule-evaluator'\nimport type { ActionContext, ActionExecutionOutcome } from './action-executor'\nimport { ruleEngineContextSchema, ruleDiscoveryOptionsSchema } from '../data/validators'\n\n/**\n * Constants\n */\nconst DEFAULT_ENTITY_ID = 'unknown'\nconst RULE_TYPE_GUARD = 'GUARD'\nconst EXECUTION_RESULT_ERROR = 'ERROR'\nconst EXECUTION_RESULT_SUCCESS = 'SUCCESS'\nconst EXECUTION_RESULT_FAILURE = 'FAILURE'\n\n/**\n * Execution limits\n */\nconst MAX_RULES_PER_EXECUTION = 100\nconst MAX_SINGLE_RULE_TIMEOUT_MS = 30000  // 30 seconds\nconst MAX_TOTAL_EXECUTION_TIMEOUT_MS = 60000  // 60 seconds\n\n/**\n * Rule execution context\n */\nexport interface RuleEngineContext {\n  entityType: string\n  entityId?: string\n  eventType?: string\n  data: any\n  user?: {\n    id?: string\n    email?: string\n    role?: string\n    [key: string]: any\n  }\n  tenant?: {\n    id?: string\n    [key: string]: any\n  }\n  organization?: {\n    id?: string\n    [key: string]: any\n  }\n  tenantId: string\n  organizationId: string\n  executedBy?: string\n  dryRun?: boolean\n  [key: string]: any\n}\n\n/**\n * Single rule execution result\n */\nexport interface RuleExecutionResult {\n  rule: BusinessRule\n  conditionResult: boolean\n  actionsExecuted: ActionExecutionOutcome | null\n  executionTime: number\n  error?: string\n  logId?: string  // Database log ID (if logged)\n}\n\n/**\n * Overall rule engine result\n */\nexport interface RuleEngineResult {\n  allowed: boolean\n  executedRules: RuleExecutionResult[]\n  totalExecutionTime: number\n  errors?: string[]\n  logIds?: string[]\n}\n\n/**\n * Rule discovery options\n */\nexport interface RuleDiscoveryOptions {\n  entityType: string\n  eventType?: string\n  tenantId: string\n  organizationId: string\n  ruleType?: RuleType\n}\n\n/**\n * Execute a function with a timeout\n */\nasync function withTimeout<T>(\n  promise: Promise<T>,\n  timeoutMs: number,\n  errorMessage: string\n): Promise<T> {\n  let timeoutId: NodeJS.Timeout\n\n  const timeoutPromise = new Promise<never>((_, reject) => {\n    timeoutId = setTimeout(() => {\n      reject(new Error(`${errorMessage} (timeout: ${timeoutMs}ms)`))\n    }, timeoutMs)\n  })\n\n  try {\n    return await Promise.race([promise, timeoutPromise])\n  } finally {\n    clearTimeout(timeoutId!)\n  }\n}\n\n/**\n * Execute all applicable rules for the given context\n */\nexport async function executeRules(\n  em: EntityManager,\n  context: RuleEngineContext\n): Promise<RuleEngineResult> {\n  // Validate input\n  const validation = ruleEngineContextSchema.safeParse(context)\n  if (!validation.success) {\n    const validationErrors = validation.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)\n    return {\n      allowed: false,\n      executedRules: [],\n      totalExecutionTime: 0,\n      errors: validationErrors,\n    }\n  }\n\n  const startTime = Date.now()\n  const executedRules: RuleExecutionResult[] = []\n  const errors: string[] = []\n  const logIds: string[] = []\n\n  try {\n    // Discover applicable rules\n    const rules = await findApplicableRules(em, {\n      entityType: context.entityType,\n      eventType: context.eventType,\n      tenantId: context.tenantId,\n      organizationId: context.organizationId,\n    })\n\n    // Check rule count limit\n    if (rules.length > MAX_RULES_PER_EXECUTION) {\n      errors.push(\n        `Rule count limit exceeded: ${rules.length} rules found, maximum is ${MAX_RULES_PER_EXECUTION}`\n      )\n      return {\n        allowed: false,\n        executedRules: [],\n        totalExecutionTime: Date.now() - startTime,\n        errors,\n      }\n    }\n\n    // Rules already sorted by database query (priority DESC, ruleId ASC)\n    // Execute each rule with total timeout\n    const executionPromise = (async () => {\n      for (const rule of rules) {\n      try {\n        const ruleResult = await executeSingleRule(em, rule, context)\n        executedRules.push(ruleResult)\n\n        if (ruleResult.logId) {\n          logIds.push(ruleResult.logId)\n        }\n\n        if (ruleResult.error) {\n          errors.push(\n            `Rule execution failed [ruleId=${rule.ruleId}, type=${rule.ruleType}, entityType=${context.entityType}]: ${ruleResult.error}`\n          )\n        }\n      } catch (error) {\n        const errorMessage = error instanceof Error ? error.message : String(error)\n        errors.push(\n          `Unexpected error in rule execution [ruleId=${rule.ruleId}, type=${rule.ruleType}]: ${errorMessage}`\n        )\n\n        executedRules.push({\n          rule,\n          conditionResult: false,\n          actionsExecuted: null,\n          executionTime: 0,\n          error: errorMessage,\n        })\n      }\n      }\n    })()\n\n    // Execute with timeout\n    await withTimeout(\n      executionPromise,\n      MAX_TOTAL_EXECUTION_TIMEOUT_MS,\n      `Total rule execution timeout [entityType=${context.entityType}]`\n    )\n\n    // Determine overall allowed status\n    // For GUARD rules: all must pass for operation to be allowed\n    const guardRules = executedRules.filter((r) => r.rule.ruleType === RULE_TYPE_GUARD)\n    const allowed = guardRules.length === 0 || guardRules.every((r) => r.conditionResult)\n\n    const totalExecutionTime = Date.now() - startTime\n\n    return {\n      allowed,\n      executedRules,\n      totalExecutionTime,\n      errors: errors.length > 0 ? errors : undefined,\n      logIds: logIds.length > 0 ? logIds : undefined,\n    }\n  } catch (error) {\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    const stack = error instanceof Error ? error.stack : undefined\n    errors.push(\n      `Critical rule engine error [entityType=${context.entityType}, entityId=${context.entityId || 'unknown'}]: ${errorMessage}${stack ? `\\nStack: ${stack}` : ''}`\n    )\n\n    const totalExecutionTime = Date.now() - startTime\n\n    return {\n      allowed: false,\n      executedRules,\n      totalExecutionTime,\n      errors,\n    }\n  }\n}\n\n/**\n * Execute a single rule\n */\nexport async function executeSingleRule(\n  em: EntityManager,\n  rule: BusinessRule,\n  context: RuleEngineContext\n): Promise<RuleExecutionResult> {\n  const startTime = Date.now()\n\n  try {\n    // Wrap execution in timeout\n    const executeWithTimeout = async () => {\n      // Build evaluation context\n      const evalContext: RuleEvaluationContext = {\n        entityType: context.entityType,\n        entityId: context.entityId,\n        eventType: context.eventType,\n        user: context.user,\n        tenant: context.tenant,\n        organization: context.organization,\n      }\n\n      // Evaluate rule conditions\n      const result = await ruleEvaluator.evaluateSingleRule(rule, context.data, evalContext)\n\n      // Check if evaluation completed (not just if conditions passed)\n      if (!result.evaluationCompleted) {\n        const executionTime = Date.now() - startTime\n\n        let logId: string | undefined\n\n        // Log failure if not dry run\n        if (!context.dryRun) {\n          logId = await logRuleExecution(em, {\n            rule,\n            context,\n            conditionResult: false,\n            actionsExecuted: null,\n            executionTime,\n            error: result.error,\n          })\n        }\n\n        return {\n          rule,\n          conditionResult: false,\n          actionsExecuted: null,\n          executionTime,\n          error: result.error,\n          logId,\n        }\n      }\n\n      // Evaluation completed successfully - determine which actions to execute\n      const actions = result.conditionsPassed ? rule.successActions : rule.failureActions\n\n      let actionsExecuted: ActionExecutionOutcome | null = null\n\n      if (actions && Array.isArray(actions) && actions.length > 0) {\n        // Build action context\n        const actionContext: ActionContext = {\n          ...evalContext,\n          data: context.data,\n          ruleId: rule.ruleId,\n          ruleName: rule.ruleName,\n        }\n\n        // Execute actions\n        actionsExecuted = await actionExecutor.executeActions(actions, actionContext)\n      }\n\n      const executionTime = Date.now() - startTime\n\n      let logId: string | undefined\n\n      // Log execution if not dry run\n      if (!context.dryRun) {\n        logId = await logRuleExecution(em, {\n          rule,\n          context,\n          conditionResult: result.conditionsPassed,\n          actionsExecuted,\n          executionTime,\n        })\n      }\n\n      return {\n        rule,\n        conditionResult: result.conditionsPassed,\n        actionsExecuted,\n        executionTime,\n        logId,\n      }\n    }\n\n    // Execute with single rule timeout\n    return await withTimeout(\n      executeWithTimeout(),\n      MAX_SINGLE_RULE_TIMEOUT_MS,\n      `Single rule execution timeout [ruleId=${rule.ruleId}]`\n    )\n  } catch (error) {\n    const executionTime = Date.now() - startTime\n    const errorMessage = error instanceof Error ? error.message : String(error)\n    const enhancedError = `Failed to execute rule [ruleId=${rule.ruleId}, entityType=${context.entityType}]: ${errorMessage}`\n\n    let logId: string | undefined\n\n    // Log error if not dry run\n    if (!context.dryRun) {\n      logId = await logRuleExecution(em, {\n        rule,\n        context,\n        conditionResult: false,\n        actionsExecuted: null,\n        executionTime,\n        error: enhancedError,\n      })\n    }\n\n    return {\n      rule,\n      conditionResult: false,\n      actionsExecuted: null,\n      executionTime,\n      error: enhancedError,\n      logId,\n    }\n  }\n}\n\n/**\n * Find all applicable rules for the given criteria\n */\nexport async function findApplicableRules(\n  em: EntityManager,\n  options: RuleDiscoveryOptions\n): Promise<BusinessRule[]> {\n  // Validate input\n  ruleDiscoveryOptionsSchema.parse(options)\n\n  const { entityType, eventType, tenantId, organizationId, ruleType } = options\n\n  const where: Partial<BusinessRule> = {\n    entityType,\n    tenantId,\n    organizationId,\n    enabled: true,\n    deletedAt: null,\n  }\n\n  if (eventType) {\n    where.eventType = eventType\n  }\n\n  if (ruleType) {\n    where.ruleType = ruleType\n  }\n\n  const rules = await em.find(BusinessRule, where, {\n    orderBy: { priority: 'DESC', ruleId: 'ASC' },\n  })\n\n  // Filter by effective date range\n  const now = new Date()\n  return rules.filter((rule) => {\n    if (rule.effectiveFrom && rule.effectiveFrom > now) {\n      return false\n    }\n    if (rule.effectiveTo && rule.effectiveTo < now) {\n      return false\n    }\n    return true\n  })\n}\n\n/**\n * Sensitive field patterns to exclude from logs\n */\nconst SENSITIVE_FIELD_PATTERNS = [\n  /password/i,\n  /passwd/i,\n  /pwd/i,\n  /secret/i,\n  /token/i,\n  /api[_-]?key/i,\n  /auth/i,\n  /credit[_-]?card/i,\n  /card[_-]?number/i,\n  /cvv/i,\n  /ssn/i,\n  /social[_-]?security/i,\n  /tax[_-]?id/i,\n  /driver[_-]?license/i,\n  /passport/i,\n]\n\n/**\n * Maximum depth for nested object sanitization\n */\nconst MAX_SANITIZATION_DEPTH = 5\n\n/**\n * Sanitize data for logging by removing sensitive fields\n */\nfunction sanitizeForLogging(data: any, depth: number = 0): any {\n  // Prevent infinite recursion\n  if (depth > MAX_SANITIZATION_DEPTH) {\n    return '[Max depth exceeded]'\n  }\n\n  // Handle null/undefined\n  if (data === null || data === undefined) {\n    return data\n  }\n\n  // Handle primitives\n  if (typeof data !== 'object') {\n    return data\n  }\n\n  // Handle arrays\n  if (Array.isArray(data)) {\n    return data.map(item => sanitizeForLogging(item, depth + 1))\n  }\n\n  // Handle objects\n  const sanitized: Record<string, any> = {}\n\n  for (const [key, value] of Object.entries(data)) {\n    // Check if field name matches sensitive patterns\n    const isSensitive = SENSITIVE_FIELD_PATTERNS.some(pattern => pattern.test(key))\n\n    if (isSensitive) {\n      sanitized[key] = '[REDACTED]'\n    } else if (typeof value === 'object' && value !== null) {\n      sanitized[key] = sanitizeForLogging(value, depth + 1)\n    } else {\n      sanitized[key] = value\n    }\n  }\n\n  return sanitized\n}\n\n/**\n * Sanitize user object for logging (keep only safe fields)\n */\nfunction sanitizeUser(user: any): any {\n  if (!user) {\n    return undefined\n  }\n\n  // Only log safe user fields\n  return {\n    id: user.id,\n    role: user.role,\n    // Don't log: email, name, phone, address, etc.\n  }\n}\n\n/**\n * Log rule execution to database\n */\ninterface LogExecutionOptions {\n  rule: BusinessRule\n  context: RuleEngineContext\n  conditionResult: boolean\n  actionsExecuted: ActionExecutionOutcome | null\n  executionTime: number\n  error?: string\n}\n\nexport async function logRuleExecution(\n  em: EntityManager,\n  options: LogExecutionOptions\n): Promise<string> {\n  const { rule, context, conditionResult, actionsExecuted, executionTime, error } = options\n\n  const executionResult: 'SUCCESS' | 'FAILURE' | 'ERROR' = error\n    ? EXECUTION_RESULT_ERROR\n    : conditionResult\n      ? EXECUTION_RESULT_SUCCESS\n      : EXECUTION_RESULT_FAILURE\n\n  const log = em.create(RuleExecutionLog, {\n    rule,\n    entityId: context.entityId || DEFAULT_ENTITY_ID,\n    entityType: context.entityType,\n    executionResult,\n    inputContext: {\n      data: sanitizeForLogging(context.data),\n      eventType: context.eventType,\n      user: sanitizeUser(context.user),\n    },\n    outputContext: actionsExecuted\n      ? {\n          conditionResult,\n          actionsExecuted: actionsExecuted.results.map((r) => ({\n            type: r.action.type,\n            success: r.success,\n            error: r.error,\n          })),\n        }\n      : null,\n    errorMessage: error || null,\n    executionTimeMs: executionTime,\n    tenantId: context.tenantId,\n    organizationId: context.organizationId,\n    executedBy: context.executedBy || null,\n  })\n\n  await em.persistAndFlush(log)\n\n  return log.id\n}\n"],
+  "mappings": "AACA,SAAS,cAAc,wBAAuC;AAC9D,YAAY,mBAAmB;AAC/B,YAAY,oBAAoB;AAGhC,SAAS,yBAAyB,kCAAkC;AAKpE,MAAM,oBAAoB;AAC1B,MAAM,kBAAkB;AACxB,MAAM,yBAAyB;AAC/B,MAAM,2BAA2B;AACjC,MAAM,2BAA2B;AAKjC,MAAM,0BAA0B;AAChC,MAAM,6BAA6B;AACnC,MAAM,iCAAiC;AAoEvC,eAAe,YACb,SACA,WACA,cACY;AACZ,MAAI;AAEJ,QAAM,iBAAiB,IAAI,QAAe,CAAC,GAAG,WAAW;AACvD,gBAAY,WAAW,MAAM;AAC3B,aAAO,IAAI,MAAM,GAAG,YAAY,cAAc,SAAS,KAAK,CAAC;AAAA,IAC/D,GAAG,SAAS;AAAA,EACd,CAAC;AAED,MAAI;AACF,WAAO,MAAM,QAAQ,KAAK,CAAC,SAAS,cAAc,CAAC;AAAA,EACrD,UAAE;AACA,iBAAa,SAAU;AAAA,EACzB;AACF;AAKA,eAAsB,aACpB,IACA,SAC2B;AAE3B,QAAM,aAAa,wBAAwB,UAAU,OAAO;AAC5D,MAAI,CAAC,WAAW,SAAS;AACvB,UAAM,mBAAmB,WAAW,MAAM,OAAO,IAAI,OAAK,GAAG,EAAE,KAAK,KAAK,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7F,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe,CAAC;AAAA,MAChB,oBAAoB;AAAA,MACpB,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,gBAAuC,CAAC;AAC9C,QAAM,SAAmB,CAAC;AAC1B,QAAM,SAAmB,CAAC;AAE1B,MAAI;AAEF,UAAM,QAAQ,MAAM,oBAAoB,IAAI;AAAA,MAC1C,YAAY,QAAQ;AAAA,MACpB,WAAW,QAAQ;AAAA,MACnB,UAAU,QAAQ;AAAA,MAClB,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AAGD,QAAI,MAAM,SAAS,yBAAyB;AAC1C,aAAO;AAAA,QACL,8BAA8B,MAAM,MAAM,4BAA4B,uBAAuB;AAAA,MAC/F;AACA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe,CAAC;AAAA,QAChB,oBAAoB,KAAK,IAAI,IAAI;AAAA,QACjC;AAAA,MACF;AAAA,IACF;AAIA,UAAM,oBAAoB,YAAY;AACpC,iBAAW,QAAQ,OAAO;AAC1B,YAAI;AACF,gBAAM,aAAa,MAAM,kBAAkB,IAAI,MAAM,OAAO;AAC5D,wBAAc,KAAK,UAAU;AAE7B,cAAI,WAAW,OAAO;AACpB,mBAAO,KAAK,WAAW,KAAK;AAAA,UAC9B;AAEA,cAAI,WAAW,OAAO;AACpB,mBAAO;AAAA,cACL,iCAAiC,KAAK,MAAM,UAAU,KAAK,QAAQ,gBAAgB,QAAQ,UAAU,MAAM,WAAW,KAAK;AAAA,YAC7H;AAAA,UACF;AAAA,QACF,SAAS,OAAO;AACd,gBAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,iBAAO;AAAA,YACL,8CAA8C,KAAK,MAAM,UAAU,KAAK,QAAQ,MAAM,YAAY;AAAA,UACpG;AAEA,wBAAc,KAAK;AAAA,YACjB;AAAA,YACA,iBAAiB;AAAA,YACjB,iBAAiB;AAAA,YACjB,eAAe;AAAA,YACf,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACA;AAAA,IACF,GAAG;AAGH,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA,4CAA4C,QAAQ,UAAU;AAAA,IAChE;AAIA,UAAM,aAAa,cAAc,OAAO,CAAC,MAAM,EAAE,KAAK,aAAa,eAAe;AAClF,UAAM,UAAU,WAAW,WAAW,KAAK,WAAW,MAAM,CAAC,MAAM,EAAE,eAAe;AAEpF,UAAM,qBAAqB,KAAK,IAAI,IAAI;AAExC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ,OAAO,SAAS,IAAI,SAAS;AAAA,MACrC,QAAQ,OAAO,SAAS,IAAI,SAAS;AAAA,IACvC;AAAA,EACF,SAAS,OAAO;AACd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,UAAM,QAAQ,iBAAiB,QAAQ,MAAM,QAAQ;AACrD,WAAO;AAAA,MACL,0CAA0C,QAAQ,UAAU,cAAc,QAAQ,YAAY,SAAS,MAAM,YAAY,GAAG,QAAQ;AAAA,SAAY,KAAK,KAAK,EAAE;AAAA,IAC9J;AAEA,UAAM,qBAAqB,KAAK,IAAI,IAAI;AAExC,WAAO;AAAA,MACL,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAKA,eAAsB,kBACpB,IACA,MACA,SAC8B;AAC9B,QAAM,YAAY,KAAK,IAAI;AAE3B,MAAI;AAEF,UAAM,qBAAqB,YAAY;AAErC,YAAM,cAAqC;AAAA,QACzC,YAAY,QAAQ;AAAA,QACpB,UAAU,QAAQ;AAAA,QAClB,WAAW,QAAQ;AAAA,QACnB,MAAM,QAAQ;AAAA,QACd,QAAQ,QAAQ;AAAA,QAChB,cAAc,QAAQ;AAAA,MACxB;AAGA,YAAM,SAAS,MAAM,cAAc,mBAAmB,MAAM,QAAQ,MAAM,WAAW;AAGrF,UAAI,CAAC,OAAO,qBAAqB;AAC/B,cAAMA,iBAAgB,KAAK,IAAI,IAAI;AAEnC,YAAIC;AAGJ,YAAI,CAAC,QAAQ,QAAQ;AACnB,UAAAA,SAAQ,MAAM,iBAAiB,IAAI;AAAA,YACjC;AAAA,YACA;AAAA,YACA,iBAAiB;AAAA,YACjB,iBAAiB;AAAA,YACjB,eAAAD;AAAA,YACA,OAAO,OAAO;AAAA,UAChB,CAAC;AAAA,QACH;AAEA,eAAO;AAAA,UACL;AAAA,UACA,iBAAiB;AAAA,UACjB,iBAAiB;AAAA,UACjB,eAAAA;AAAA,UACA,OAAO,OAAO;AAAA,UACd,OAAAC;AAAA,QACF;AAAA,MACF;AAGA,YAAM,UAAU,OAAO,mBAAmB,KAAK,iBAAiB,KAAK;AAErE,UAAI,kBAAiD;AAErD,UAAI,WAAW,MAAM,QAAQ,OAAO,KAAK,QAAQ,SAAS,GAAG;AAE3D,cAAM,gBAA+B;AAAA,UACnC,GAAG;AAAA,UACH,MAAM,QAAQ;AAAA,UACd,QAAQ,KAAK;AAAA,UACb,UAAU,KAAK;AAAA,QACjB;AAGA,0BAAkB,MAAM,eAAe,eAAe,SAAS,aAAa;AAAA,MAC9E;AAEA,YAAM,gBAAgB,KAAK,IAAI,IAAI;AAEnC,UAAI;AAGJ,UAAI,CAAC,QAAQ,QAAQ;AACnB,gBAAQ,MAAM,iBAAiB,IAAI;AAAA,UACjC;AAAA,UACA;AAAA,UACA,iBAAiB,OAAO;AAAA,UACxB;AAAA,UACA;AAAA,QACF,CAAC;AAAA,MACH;AAEA,aAAO;AAAA,QACL;AAAA,QACA,iBAAiB,OAAO;AAAA,QACxB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAGA,WAAO,MAAM;AAAA,MACX,mBAAmB;AAAA,MACnB;AAAA,MACA,yCAAyC,KAAK,MAAM;AAAA,IACtD;AAAA,EACF,SAAS,OAAO;AACd,UAAM,gBAAgB,KAAK,IAAI,IAAI;AACnC,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,UAAM,gBAAgB,kCAAkC,KAAK,MAAM,gBAAgB,QAAQ,UAAU,MAAM,YAAY;AAEvH,QAAI;AAGJ,QAAI,CAAC,QAAQ,QAAQ;AACnB,cAAQ,MAAM,iBAAiB,IAAI;AAAA,QACjC;AAAA,QACA;AAAA,QACA,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,QACjB;AAAA,QACA,OAAO;AAAA,MACT,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB;AAAA,MACjB,iBAAiB;AAAA,MACjB;AAAA,MACA,OAAO;AAAA,MACP;AAAA,IACF;AAAA,EACF;AACF;AAKA,eAAsB,oBACpB,IACA,SACyB;AAEzB,6BAA2B,MAAM,OAAO;AAExC,QAAM,EAAE,YAAY,WAAW,UAAU,gBAAgB,SAAS,IAAI;AAEtE,QAAM,QAA+B;AAAA,IACnC;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,WAAW;AAAA,EACb;AAEA,MAAI,WAAW;AACb,UAAM,YAAY;AAAA,EACpB;AAEA,MAAI,UAAU;AACZ,UAAM,WAAW;AAAA,EACnB;AAEA,QAAM,QAAQ,MAAM,GAAG,KAAK,cAAc,OAAO;AAAA,IAC/C,SAAS,EAAE,UAAU,QAAQ,QAAQ,MAAM;AAAA,EAC7C,CAAC;AAGD,QAAM,MAAM,oBAAI,KAAK;AACrB,SAAO,MAAM,OAAO,CAAC,SAAS;AAC5B,QAAI,KAAK,iBAAiB,KAAK,gBAAgB,KAAK;AAClD,aAAO;AAAA,IACT;AACA,QAAI,KAAK,eAAe,KAAK,cAAc,KAAK;AAC9C,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,CAAC;AACH;AAKA,MAAM,2BAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,MAAM,yBAAyB;AAK/B,SAAS,mBAAmB,MAAW,QAAgB,GAAQ;AAE7D,MAAI,QAAQ,wBAAwB;AAClC,WAAO;AAAA,EACT;AAGA,MAAI,SAAS,QAAQ,SAAS,QAAW;AACvC,WAAO;AAAA,EACT;AAGA,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO;AAAA,EACT;AAGA,MAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,WAAO,KAAK,IAAI,UAAQ,mBAAmB,MAAM,QAAQ,CAAC,CAAC;AAAA,EAC7D;AAGA,QAAM,YAAiC,CAAC;AAExC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,IAAI,GAAG;AAE/C,UAAM,cAAc,yBAAyB,KAAK,aAAW,QAAQ,KAAK,GAAG,CAAC;AAE9E,QAAI,aAAa;AACf,gBAAU,GAAG,IAAI;AAAA,IACnB,WAAW,OAAO,UAAU,YAAY,UAAU,MAAM;AACtD,gBAAU,GAAG,IAAI,mBAAmB,OAAO,QAAQ,CAAC;AAAA,IACtD,OAAO;AACL,gBAAU,GAAG,IAAI;AAAA,IACnB;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,aAAa,MAAgB;AACpC,MAAI,CAAC,MAAM;AACT,WAAO;AAAA,EACT;AAGA,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA;AAAA,EAEb;AACF;AAcA,eAAsB,iBACpB,IACA,SACiB;AACjB,QAAM,EAAE,MAAM,SAAS,iBAAiB,iBAAiB,eAAe,MAAM,IAAI;AAElF,QAAM,kBAAmD,QACrD,yBACA,kBACE,2BACA;AAEN,QAAM,MAAM,GAAG,OAAO,kBAAkB;AAAA,IACtC;AAAA,IACA,UAAU,QAAQ,YAAY;AAAA,IAC9B,YAAY,QAAQ;AAAA,IACpB;AAAA,IACA,cAAc;AAAA,MACZ,MAAM,mBAAmB,QAAQ,IAAI;AAAA,MACrC,WAAW,QAAQ;AAAA,MACnB,MAAM,aAAa,QAAQ,IAAI;AAAA,IACjC;AAAA,IACA,eAAe,kBACX;AAAA,MACE;AAAA,MACA,iBAAiB,gBAAgB,QAAQ,IAAI,CAAC,OAAO;AAAA,QACnD,MAAM,EAAE,OAAO;AAAA,QACf,SAAS,EAAE;AAAA,QACX,OAAO,EAAE;AAAA,MACX,EAAE;AAAA,IACJ,IACA;AAAA,IACJ,cAAc,SAAS;AAAA,IACvB,iBAAiB;AAAA,IACjB,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,IACxB,YAAY,QAAQ,cAAc;AAAA,EACpC,CAAC;AAED,QAAM,GAAG,gBAAgB,GAAG;AAE5B,SAAO,IAAI;AACb;",
   "names": ["executionTime", "logId"]
 }

package/dist/modules/business_rules/setup.js ADDED Viewed

@@ -0,0 +1,11 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["business_rules.*"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/business_rules/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/business_rules/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['business_rules.*'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,kBAAkB;AAAA,EAC5B;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/catalog/setup.js ADDED Viewed

@@ -0,0 +1,22 @@
+import { seedCatalogUnits, seedCatalogPriceKinds, seedCatalogExamplesForScope } from "./lib/seeds.js";
+const setup = {
+  seedDefaults: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId };
+    await seedCatalogUnits(ctx.em, scope);
+    await seedCatalogPriceKinds(ctx.em, scope);
+  },
+  seedExamples: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId };
+    await seedCatalogExamplesForScope(ctx.em, ctx.container, scope);
+  },
+  defaultRoleFeatures: {
+    admin: ["catalog.*", "catalog.variants.manage", "catalog.pricing.manage"],
+    employee: ["catalog.*", "catalog.variants.manage", "catalog.pricing.manage"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/catalog/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/catalog/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\nimport { seedCatalogUnits, seedCatalogPriceKinds, seedCatalogExamplesForScope } from './lib/seeds'\n\nexport const setup: ModuleSetupConfig = {\n  seedDefaults: async (ctx) => {\n    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }\n    await seedCatalogUnits(ctx.em, scope)\n    await seedCatalogPriceKinds(ctx.em, scope)\n  },\n\n  seedExamples: async (ctx) => {\n    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }\n    await seedCatalogExamplesForScope(ctx.em, ctx.container, scope)\n  },\n\n  defaultRoleFeatures: {\n    admin: ['catalog.*', 'catalog.variants.manage', 'catalog.pricing.manage'],\n    employee: ['catalog.*', 'catalog.variants.manage', 'catalog.pricing.manage'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AACA,SAAS,kBAAkB,uBAAuB,mCAAmC;AAE9E,MAAM,QAA2B;AAAA,EACtC,cAAc,OAAO,QAAQ;AAC3B,UAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAC3E,UAAM,iBAAiB,IAAI,IAAI,KAAK;AACpC,UAAM,sBAAsB,IAAI,IAAI,KAAK;AAAA,EAC3C;AAAA,EAEA,cAAc,OAAO,QAAQ;AAC3B,UAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAC3E,UAAM,4BAA4B,IAAI,IAAI,IAAI,WAAW,KAAK;AAAA,EAChE;AAAA,EAEA,qBAAqB;AAAA,IACnB,OAAO,CAAC,aAAa,2BAA2B,wBAAwB;AAAA,IACxE,UAAU,CAAC,aAAa,2BAA2B,wBAAwB;AAAA,EAC7E;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/configs/lib/upgrade-actions.js CHANGED Viewed

@@ -1,13 +1,6 @@
 import { runWithCacheTenant } from "@open-mercato/cache";
 import { Role, RoleAcl } from "@open-mercato/core/modules/auth/data/entities";
 import { reindexModules } from "@open-mercato/core/modules/configs/lib/reindex-helpers";
-import { installExampleCatalogData } from "@open-mercato/core/modules/catalog/lib/seeds";
-import { seedSalesExamples } from "@open-mercato/core/modules/sales/seed/examples";
-import { seedExampleCurrencies } from "@open-mercato/core/modules/currencies/lib/seeds";
-import { seedExampleWorkflows } from "@open-mercato/core/modules/workflows/lib/seeds";
-import { seedPlannerAvailabilityRuleSetDefaults, seedPlannerUnavailabilityReasons } from "@open-mercato/core/modules/planner/lib/seeds";
-import { seedResourcesAddressTypes, seedResourcesCapacityUnits, seedResourcesResourceExamples } from "@open-mercato/core/modules/resources/lib/seeds";
-import { seedStaffTeamExamples } from "@open-mercato/core/modules/staff/lib/seeds";
 import { collectCrudCacheStats, purgeCrudCacheSegment } from "@open-mercato/shared/lib/crud/cache-stats";
 import { isCrudCacheEnabled, resolveCrudCache } from "@open-mercato/shared/lib/crud/cache";
 import * as semver from "semver";
@@ -114,6 +107,14 @@ const upgradeActions = [
     successKey: "upgrades.v034.success",
     loadingKey: "upgrades.v034.loading",
     async run({ container, em, tenantId, organizationId }) {
+      let installExampleCatalogData;
+      try {
+        const catalogSeeds = await import("@open-mercato/core/modules/catalog/lib/seeds");
+        installExampleCatalogData = catalogSeeds.installExampleCatalogData;
+      } catch {
+        console.warn("[upgrade-actions] catalog module not available, skipping catalog example data");
+        return;
+      }
       await installExampleCatalogData(container, { tenantId, organizationId }, em);
       const vectorService = resolveVectorService(container);
       await reindexModules(em, ["catalog"], { tenantId, organizationId, vectorService });
@@ -169,6 +170,14 @@ const upgradeActions = [
     successKey: "upgrades.v036.success",
     loadingKey: "upgrades.v036.loading",
     async run({ container, em, tenantId, organizationId }) {
+      let seedSalesExamples;
+      try {
+        const salesSeeds = await import("@open-mercato/core/modules/sales/seed/examples");
+        seedSalesExamples = salesSeeds.seedSalesExamples;
+      } catch {
+        console.warn("[upgrade-actions] sales module not available, skipping sales example data");
+        return;
+      }
       await em.transactional(async (tem) => {
         await seedSalesExamples(tem, container, { tenantId, organizationId });
       });
@@ -213,9 +222,23 @@ const upgradeActions = [
     async run({ container, em, tenantId, organizationId }) {
       const normalizedTenantId = tenantId.trim();
       const scope = { tenantId, organizationId };
+      let seedExampleCurrencies;
+      try {
+        const currenciesSeeds = await import("@open-mercato/core/modules/currencies/lib/seeds");
+        seedExampleCurrencies = currenciesSeeds.seedExampleCurrencies;
+      } catch {
+        console.warn("[upgrade-actions] currencies module not available, skipping currency seeding");
+      }
+      let seedExampleWorkflows;
+      try {
+        const workflowsSeeds = await import("@open-mercato/core/modules/workflows/lib/seeds");
+        seedExampleWorkflows = workflowsSeeds.seedExampleWorkflows;
+      } catch {
+        console.warn("[upgrade-actions] workflows module not available, skipping workflow seeding");
+      }
       await em.transactional(async (tem) => {
-        await seedExampleCurrencies(tem, scope);
-        await seedExampleWorkflows(tem, scope);
+        if (seedExampleCurrencies) await seedExampleCurrencies(tem, scope);
+        if (seedExampleWorkflows) await seedExampleWorkflows(tem, scope);
         const adminRole = await tem.findOne(Role, { name: "admin", tenantId: normalizedTenantId, deletedAt: null });
         if (!adminRole) return;
         const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null });
@@ -262,13 +285,40 @@ const upgradeActions = [
     async run({ container, em, tenantId, organizationId }) {
       const normalizedTenantId = tenantId.trim();
       const scope = { tenantId, organizationId };
+      let seedPlannerAvailabilityRuleSetDefaults;
+      let seedPlannerUnavailabilityReasons;
+      try {
+        const plannerSeeds = await import("@open-mercato/core/modules/planner/lib/seeds");
+        seedPlannerAvailabilityRuleSetDefaults = plannerSeeds.seedPlannerAvailabilityRuleSetDefaults;
+        seedPlannerUnavailabilityReasons = plannerSeeds.seedPlannerUnavailabilityReasons;
+      } catch {
+        console.warn("[upgrade-actions] planner module not available, skipping planner seeding");
+      }
+      let seedStaffTeamExamples;
+      try {
+        const staffSeeds = await import("@open-mercato/core/modules/staff/lib/seeds");
+        seedStaffTeamExamples = staffSeeds.seedStaffTeamExamples;
+      } catch {
+        console.warn("[upgrade-actions] staff module not available, skipping staff seeding");
+      }
+      let seedResourcesAddressTypes;
+      let seedResourcesCapacityUnits;
+      let seedResourcesResourceExamples;
+      try {
+        const resourcesSeeds = await import("@open-mercato/core/modules/resources/lib/seeds");
+        seedResourcesAddressTypes = resourcesSeeds.seedResourcesAddressTypes;
+        seedResourcesCapacityUnits = resourcesSeeds.seedResourcesCapacityUnits;
+        seedResourcesResourceExamples = resourcesSeeds.seedResourcesResourceExamples;
+      } catch {
+        console.warn("[upgrade-actions] resources module not available, skipping resources seeding");
+      }
       await em.transactional(async (tem) => {
-        await seedPlannerAvailabilityRuleSetDefaults(tem, scope);
-        await seedPlannerUnavailabilityReasons(tem, scope);
-        await seedStaffTeamExamples(tem, scope);
-        await seedResourcesCapacityUnits(tem, scope);
-        await seedResourcesAddressTypes(tem, scope);
-        await seedResourcesResourceExamples(tem, scope);
+        if (seedPlannerAvailabilityRuleSetDefaults) await seedPlannerAvailabilityRuleSetDefaults(tem, scope);
+        if (seedPlannerUnavailabilityReasons) await seedPlannerUnavailabilityReasons(tem, scope);
+        if (seedStaffTeamExamples) await seedStaffTeamExamples(tem, scope);
+        if (seedResourcesCapacityUnits) await seedResourcesCapacityUnits(tem, scope);
+        if (seedResourcesAddressTypes) await seedResourcesAddressTypes(tem, scope);
+        if (seedResourcesResourceExamples) await seedResourcesResourceExamples(tem, scope);
         const adminRole = await tem.findOne(Role, { name: "admin", tenantId: normalizedTenantId, deletedAt: null });
         if (!adminRole) return;
         const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null });

package/dist/modules/configs/lib/upgrade-actions.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/configs/lib/upgrade-actions.ts"],
-  "sourcesContent": ["import { runWithCacheTenant } from '@open-mercato/cache'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { AwilixContainer } from 'awilix'\nimport { Role, RoleAcl } from '@open-mercato/core/modules/auth/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { reindexModules } from '@open-mercato/core/modules/configs/lib/reindex-helpers'\nimport { installExampleCatalogData, type CatalogSeedScope } from '@open-mercato/core/modules/catalog/lib/seeds'\nimport { seedSalesExamples } from '@open-mercato/core/modules/sales/seed/examples'\nimport { seedExampleCurrencies } from '@open-mercato/core/modules/currencies/lib/seeds'\nimport { seedExampleWorkflows } from '@open-mercato/core/modules/workflows/lib/seeds'\nimport { seedPlannerAvailabilityRuleSetDefaults, seedPlannerUnavailabilityReasons } from '@open-mercato/core/modules/planner/lib/seeds'\nimport { seedResourcesAddressTypes, seedResourcesCapacityUnits, seedResourcesResourceExamples } from '@open-mercato/core/modules/resources/lib/seeds'\nimport { seedStaffTeamExamples } from '@open-mercato/core/modules/staff/lib/seeds'\nimport { collectCrudCacheStats, purgeCrudCacheSegment } from '@open-mercato/shared/lib/crud/cache-stats'\nimport { isCrudCacheEnabled, resolveCrudCache } from '@open-mercato/shared/lib/crud/cache'\nimport * as semver from 'semver'\nimport type { VectorIndexService } from '@open-mercato/search/vector'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport type { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\n\nfunction resolveVectorService(container: AwilixContainer): VectorIndexService | null {\n  try {\n    return container.resolve<VectorIndexService>('vectorIndexService')\n  } catch {\n    return null\n  }\n}\n\nfunction resolveEncryptionService(container: AwilixContainer): TenantDataEncryptionService | null {\n  try {\n    return container.resolve<TenantDataEncryptionService>('tenantEncryptionService')\n  } catch {\n    return null\n  }\n}\n\nasync function ensureVectorSearchEncryptionMap(\n  em: EntityManager,\n  tenantId: string,\n  organizationId: string | null,\n): Promise<boolean> {\n  const spec = DEFAULT_ENCRYPTION_MAPS.find((entry) => entry.entityId === 'vector:vector_search')\n  const required = spec?.fields ?? []\n  if (!required.length) return false\n\n  const repo = em.getRepository(EncryptionMap)\n  const existing = await repo.findOne({\n    entityId: 'vector:vector_search',\n    tenantId,\n    organizationId,\n    deletedAt: null,\n  })\n\n  if (!existing) {\n    em.persist(\n      em.create(EncryptionMap, {\n        entityId: 'vector:vector_search',\n        tenantId,\n        organizationId,\n        fieldsJson: required,\n        isActive: true,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      }),\n    )\n    await em.flush()\n    return true\n  }\n\n  const existingFields = Array.isArray(existing.fieldsJson) ? existing.fieldsJson : []\n  const byField = new Map<string, { field: string; hashField?: string | null }>()\n  for (const item of existingFields) {\n    if (!item?.field) continue\n    byField.set(item.field, item)\n  }\n  for (const req of required) {\n    if (!req?.field) continue\n    if (byField.has(req.field)) continue\n    byField.set(req.field, req)\n  }\n\n  const merged = Array.from(byField.values())\n  const changed = merged.length !== existingFields.length\n  if (!changed && existing.isActive) return false\n\n  existing.fieldsJson = merged\n  existing.isActive = true\n  existing.updatedAt = new Date()\n  await em.flush()\n  return true\n}\n\nexport type UpgradeActionContext = CatalogSeedScope & {\n  container: AwilixContainer\n  em: EntityManager\n}\n\nexport type UpgradeActionDefinition = {\n  id: string\n  version: string\n  messageKey: string\n  ctaKey: string\n  successKey: string\n  loadingKey?: string\n  run: (ctx: UpgradeActionContext) => Promise<void>\n}\n\n/**\n * Compare two semantic version strings.\n * Uses the semver library for robust version comparison.\n * Returns negative if a < b, positive if a > b, 0 if equal.\n * Throws an error if either version string is invalid.\n */\nexport function compareVersions(a: string, b: string): number {\n  const cleanA = semver.valid(semver.coerce(a))\n  const cleanB = semver.valid(semver.coerce(b))\n  if (!cleanA) {\n    throw new Error(`Invalid version string: \"${a}\". Expected a valid semver format (e.g., \"1.2.3\").`)\n  }\n  if (!cleanB) {\n    throw new Error(`Invalid version string: \"${b}\". Expected a valid semver format (e.g., \"1.2.3\").`)\n  }\n  return semver.compare(cleanA, cleanB)\n}\n\nasync function purgeCatalogCrudCache(container: AwilixContainer, tenantId: string | null) {\n  if (!isCrudCacheEnabled()) return\n  const cache = resolveCrudCache(container)\n  if (!cache) return\n  await runWithCacheTenant(tenantId ?? null, async () => {\n    const stats = await collectCrudCacheStats(cache)\n    const catalogSegments = stats.segments.filter((segment) => segment.resource?.startsWith('catalog.'))\n    if (!catalogSegments.length) return\n    for (const segment of catalogSegments) {\n      try {\n        await purgeCrudCacheSegment(cache, segment.segment)\n      } catch (error) {\n        console.warn('[upgrade-actions] failed to purge catalog cache segment', {\n          tenantId,\n          segment: segment.segment,\n          error,\n        })\n      }\n    }\n  })\n}\n\nexport const upgradeActions: UpgradeActionDefinition[] = [\n  {\n    id: 'configs.upgrades.catalog.examples',\n    version: '0.3.4',\n    messageKey: 'upgrades.v034.message',\n    ctaKey: 'upgrades.v034.cta',\n    successKey: 'upgrades.v034.success',\n    loadingKey: 'upgrades.v034.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      await installExampleCatalogData(container, { tenantId, organizationId }, em)\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['catalog'], { tenantId, organizationId, vectorService })\n    },\n  },\n  {\n    id: 'configs.upgrades.auth.admin_business_rules_acl',\n    version: '0.3.5',\n    messageKey: 'upgrades.v035.message',\n    ctaKey: 'upgrades.v035.cta',\n    successKey: 'upgrades.v035.success',\n    loadingKey: 'upgrades.v035.loading',\n    async run({ container, em, tenantId }) {\n      const normalizedTenantId = tenantId.trim()\n      await em.transactional(async (tem) => {\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: ['business_rules.*'],\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          if (features.includes('business_rules.*')) continue\n          acl.featuresJson = [...features, 'business_rules.*']\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.sales.examples',\n    version: '0.3.6',\n    messageKey: 'upgrades.v036.message',\n    ctaKey: 'upgrades.v036.cta',\n    successKey: 'upgrades.v036.success',\n    loadingKey: 'upgrades.v036.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      await em.transactional(async (tem) => {\n        await seedSalesExamples(tem, container, { tenantId, organizationId })\n      })\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['sales', 'catalog'], { tenantId, organizationId, vectorService })\n      await purgeCatalogCrudCache(container, tenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.vector.encryption_vector_search',\n    version: '0.3.6',\n    messageKey: 'upgrades.v036_vector_encryption.message',\n    ctaKey: 'upgrades.v036_vector_encryption.cta',\n    successKey: 'upgrades.v036_vector_encryption.success',\n    loadingKey: 'upgrades.v036_vector_encryption.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const normalizedOrgId = organizationId ?? null\n\n      const encryptionService = resolveEncryptionService(container)\n      if (!encryptionService?.isEnabled?.()) {\n        return\n      }\n\n      const updated = await em.transactional(async (tem) => {\n        return ensureVectorSearchEncryptionMap(tem, normalizedTenantId, normalizedOrgId)\n      })\n\n      if (updated) {\n        await encryptionService.invalidateMap('vector:vector_search', normalizedTenantId, normalizedOrgId)\n      }\n\n      const vectorService = resolveVectorService(container)\n      if (vectorService) {\n        await vectorService.reindexAll({ tenantId: normalizedTenantId, organizationId: normalizedOrgId, purgeFirst: false })\n      }\n    },\n  },\n  {\n    id: 'configs.upgrades.examples.currencies_workflows',\n    version: '0.3.13',\n    messageKey: 'upgrades.v0313.message',\n    ctaKey: 'upgrades.v0313.cta',\n    successKey: 'upgrades.v0313.success',\n    loadingKey: 'upgrades.v0313.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const scope = { tenantId, organizationId }\n      await em.transactional(async (tem) => {\n        await seedExampleCurrencies(tem, scope)\n        await seedExampleWorkflows(tem, scope)\n\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: ['search.*', 'feature_toggles.*', 'currencies.*'],\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          const nextFeatures = new Set(features)\n          nextFeatures.add('search.*')\n          nextFeatures.add('feature_toggles.*')\n          nextFeatures.add('currencies.*')\n          if (nextFeatures.size === features.length) continue\n          acl.featuresJson = Array.from(nextFeatures)\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.examples.planner_staff_resources',\n    version: '0.4.1',\n    messageKey: 'upgrades.v041.message',\n    ctaKey: 'upgrades.v041.cta',\n    successKey: 'upgrades.v041.success',\n    loadingKey: 'upgrades.v041.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const scope = { tenantId, organizationId }\n      await em.transactional(async (tem) => {\n        await seedPlannerAvailabilityRuleSetDefaults(tem, scope)\n        await seedPlannerUnavailabilityReasons(tem, scope)\n        await seedStaffTeamExamples(tem, scope)\n        await seedResourcesCapacityUnits(tem, scope)\n        await seedResourcesAddressTypes(tem, scope)\n        await seedResourcesResourceExamples(tem, scope)\n\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        const addedFeatures = [\n          'staff.*',\n          'staff.leave_requests.manage',\n          'resources.*',\n          'planner.*',\n        ]\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: addedFeatures,\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          const nextFeatures = new Set(features)\n          for (const feature of addedFeatures) nextFeatures.add(feature)\n          if (nextFeatures.size === features.length) continue\n          acl.featuresJson = Array.from(nextFeatures)\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['planner', 'staff', 'resources'], { tenantId, organizationId, vectorService })\n    },\n  },\n]\n\nexport function actionsUpToVersion(version: string): UpgradeActionDefinition[] {\n  return upgradeActions\n    .filter((action) => compareVersions(action.version, version) <= 0)\n    .sort((a, b) => compareVersions(a.version, b.version) || a.id.localeCompare(b.id))\n}\n\nexport function findUpgradeAction(actionId: string, maxVersion: string): UpgradeActionDefinition | undefined {\n  const matches = actionsUpToVersion(maxVersion).filter((action) => action.id === actionId)\n  if (!matches.length) return undefined\n  return matches[matches.length - 1]\n}\n"],
-  "mappings": "AAAA,SAAS,0BAA0B;AAGnC,SAAS,MAAM,eAAe;AAE9B,SAAS,sBAAsB;AAC/B,SAAS,iCAAwD;AACjE,SAAS,yBAAyB;AAClC,SAAS,6BAA6B;AACtC,SAAS,4BAA4B;AACrC,SAAS,wCAAwC,wCAAwC;AACzF,SAAS,2BAA2B,4BAA4B,qCAAqC;AACrG,SAAS,6BAA6B;AACtC,SAAS,uBAAuB,6BAA6B;AAC7D,SAAS,oBAAoB,wBAAwB;AACrD,YAAY,YAAY;AAExB,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AAGxC,SAAS,qBAAqB,WAAuD;AACnF,MAAI;AACF,WAAO,UAAU,QAA4B,oBAAoB;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,yBAAyB,WAAgE;AAChG,MAAI;AACF,WAAO,UAAU,QAAqC,yBAAyB;AAAA,EACjF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,gCACb,IACA,UACA,gBACkB;AAClB,QAAM,OAAO,wBAAwB,KAAK,CAAC,UAAU,MAAM,aAAa,sBAAsB;AAC9F,QAAM,WAAW,MAAM,UAAU,CAAC;AAClC,MAAI,CAAC,SAAS,OAAQ,QAAO;AAE7B,QAAM,OAAO,GAAG,cAAc,aAAa;AAC3C,QAAM,WAAW,MAAM,KAAK,QAAQ;AAAA,IAClC,UAAU;AAAA,IACV;AAAA,IACA;AAAA,IACA,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,UAAU;AACb,OAAG;AAAA,MACD,GAAG,OAAO,eAAe;AAAA,QACvB,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AAAA,IACH;AACA,UAAM,GAAG,MAAM;AACf,WAAO;AAAA,EACT;AAEA,QAAM,iBAAiB,MAAM,QAAQ,SAAS,UAAU,IAAI,SAAS,aAAa,CAAC;AACnF,QAAM,UAAU,oBAAI,IAA0D;AAC9E,aAAW,QAAQ,gBAAgB;AACjC,QAAI,CAAC,MAAM,MAAO;AAClB,YAAQ,IAAI,KAAK,OAAO,IAAI;AAAA,EAC9B;AACA,aAAW,OAAO,UAAU;AAC1B,QAAI,CAAC,KAAK,MAAO;AACjB,QAAI,QAAQ,IAAI,IAAI,KAAK,EAAG;AAC5B,YAAQ,IAAI,IAAI,OAAO,GAAG;AAAA,EAC5B;AAEA,QAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,CAAC;AAC1C,QAAM,UAAU,OAAO,WAAW,eAAe;AACjD,MAAI,CAAC,WAAW,SAAS,SAAU,QAAO;AAE1C,WAAS,aAAa;AACtB,WAAS,WAAW;AACpB,WAAS,YAAY,oBAAI,KAAK;AAC9B,QAAM,GAAG,MAAM;AACf,SAAO;AACT;AAuBO,SAAS,gBAAgB,GAAW,GAAmB;AAC5D,QAAM,SAAS,OAAO,MAAM,OAAO,OAAO,CAAC,CAAC;AAC5C,QAAM,SAAS,OAAO,MAAM,OAAO,OAAO,CAAC,CAAC;AAC5C,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,4BAA4B,CAAC,oDAAoD;AAAA,EACnG;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,4BAA4B,CAAC,oDAAoD;AAAA,EACnG;AACA,SAAO,OAAO,QAAQ,QAAQ,MAAM;AACtC;AAEA,eAAe,sBAAsB,WAA4B,UAAyB;AACxF,MAAI,CAAC,mBAAmB,EAAG;AAC3B,QAAM,QAAQ,iBAAiB,SAAS;AACxC,MAAI,CAAC,MAAO;AACZ,QAAM,mBAAmB,YAAY,MAAM,YAAY;AACrD,UAAM,QAAQ,MAAM,sBAAsB,KAAK;AAC/C,UAAM,kBAAkB,MAAM,SAAS,OAAO,CAAC,YAAY,QAAQ,UAAU,WAAW,UAAU,CAAC;AACnG,QAAI,CAAC,gBAAgB,OAAQ;AAC7B,eAAW,WAAW,iBAAiB;AACrC,UAAI;AACF,cAAM,sBAAsB,OAAO,QAAQ,OAAO;AAAA,MACpD,SAAS,OAAO;AACd,gBAAQ,KAAK,2DAA2D;AAAA,UACtE;AAAA,UACA,SAAS,QAAQ;AAAA,UACjB;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEO,MAAM,iBAA4C;AAAA,EACvD;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,0BAA0B,WAAW,EAAE,UAAU,eAAe,GAAG,EAAE;AAC3E,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,SAAS,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAAA,IACnF;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,SAAS,GAAG;AACrC,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc,CAAC,kBAAkB;AAAA,cACjC,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,cAAI,SAAS,SAAS,kBAAkB,EAAG;AAC3C,cAAI,eAAe,CAAC,GAAG,UAAU,kBAAkB;AACnD,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AAED,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAAA,IACrD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,kBAAkB,KAAK,WAAW,EAAE,UAAU,eAAe,CAAC;AAAA,MACtE,CAAC;AACD,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,SAAS,SAAS,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAC1F,YAAM,sBAAsB,WAAW,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,kBAAkB,kBAAkB;AAE1C,YAAM,oBAAoB,yBAAyB,SAAS;AAC5D,UAAI,CAAC,mBAAmB,YAAY,GAAG;AACrC;AAAA,MACF;AAEA,YAAM,UAAU,MAAM,GAAG,cAAc,OAAO,QAAQ;AACpD,eAAO,gCAAgC,KAAK,oBAAoB,eAAe;AAAA,MACjF,CAAC;AAED,UAAI,SAAS;AACX,cAAM,kBAAkB,cAAc,wBAAwB,oBAAoB,eAAe;AAAA,MACnG;AAEA,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,UAAI,eAAe;AACjB,cAAM,cAAc,WAAW,EAAE,UAAU,oBAAoB,gBAAgB,iBAAiB,YAAY,MAAM,CAAC;AAAA,MACrH;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,sBAAsB,KAAK,KAAK;AACtC,cAAM,qBAAqB,KAAK,KAAK;AAErC,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc,CAAC,YAAY,qBAAqB,cAAc;AAAA,cAC9D,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,gBAAM,eAAe,IAAI,IAAI,QAAQ;AACrC,uBAAa,IAAI,UAAU;AAC3B,uBAAa,IAAI,mBAAmB;AACpC,uBAAa,IAAI,cAAc;AAC/B,cAAI,aAAa,SAAS,SAAS,OAAQ;AAC3C,cAAI,eAAe,MAAM,KAAK,YAAY;AAC1C,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AACD,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAAA,IACrD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,QAAQ,EAAE,UAAU,eAAe;AACzC,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,uCAAuC,KAAK,KAAK;AACvD,cAAM,iCAAiC,KAAK,KAAK;AACjD,cAAM,sBAAsB,KAAK,KAAK;AACtC,cAAM,2BAA2B,KAAK,KAAK;AAC3C,cAAM,0BAA0B,KAAK,KAAK;AAC1C,cAAM,8BAA8B,KAAK,KAAK;AAE9C,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,cAAM,gBAAgB;AAAA,UACpB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc;AAAA,cACd,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,gBAAM,eAAe,IAAI,IAAI,QAAQ;AACrC,qBAAW,WAAW,cAAe,cAAa,IAAI,OAAO;AAC7D,cAAI,aAAa,SAAS,SAAS,OAAQ;AAC3C,cAAI,eAAe,MAAM,KAAK,YAAY;AAC1C,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AAED,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAEnD,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,WAAW,SAAS,WAAW,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAAA,IACzG;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,SAA4C;AAC7E,SAAO,eACJ,OAAO,CAAC,WAAW,gBAAgB,OAAO,SAAS,OAAO,KAAK,CAAC,EAChE,KAAK,CAAC,GAAG,MAAM,gBAAgB,EAAE,SAAS,EAAE,OAAO,KAAK,EAAE,GAAG,cAAc,EAAE,EAAE,CAAC;AACrF;AAEO,SAAS,kBAAkB,UAAkB,YAAyD;AAC3G,QAAM,UAAU,mBAAmB,UAAU,EAAE,OAAO,CAAC,WAAW,OAAO,OAAO,QAAQ;AACxF,MAAI,CAAC,QAAQ,OAAQ,QAAO;AAC5B,SAAO,QAAQ,QAAQ,SAAS,CAAC;AACnC;",
+  "sourcesContent": ["import { runWithCacheTenant } from '@open-mercato/cache'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { AwilixContainer } from 'awilix'\nimport { Role, RoleAcl } from '@open-mercato/core/modules/auth/data/entities'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { reindexModules } from '@open-mercato/core/modules/configs/lib/reindex-helpers'\n// Optional module imports are loaded dynamically inside each upgrade action\n// so the app does not crash when a module is disabled.\nimport { collectCrudCacheStats, purgeCrudCacheSegment } from '@open-mercato/shared/lib/crud/cache-stats'\nimport { isCrudCacheEnabled, resolveCrudCache } from '@open-mercato/shared/lib/crud/cache'\nimport * as semver from 'semver'\nimport type { VectorIndexService } from '@open-mercato/search/vector'\nimport { EncryptionMap } from '@open-mercato/core/modules/entities/data/entities'\nimport { DEFAULT_ENCRYPTION_MAPS } from '@open-mercato/core/modules/entities/lib/encryptionDefaults'\nimport type { TenantDataEncryptionService } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\n\nfunction resolveVectorService(container: AwilixContainer): VectorIndexService | null {\n  try {\n    return container.resolve<VectorIndexService>('vectorIndexService')\n  } catch {\n    return null\n  }\n}\n\nfunction resolveEncryptionService(container: AwilixContainer): TenantDataEncryptionService | null {\n  try {\n    return container.resolve<TenantDataEncryptionService>('tenantEncryptionService')\n  } catch {\n    return null\n  }\n}\n\nasync function ensureVectorSearchEncryptionMap(\n  em: EntityManager,\n  tenantId: string,\n  organizationId: string | null,\n): Promise<boolean> {\n  const spec = DEFAULT_ENCRYPTION_MAPS.find((entry) => entry.entityId === 'vector:vector_search')\n  const required = spec?.fields ?? []\n  if (!required.length) return false\n\n  const repo = em.getRepository(EncryptionMap)\n  const existing = await repo.findOne({\n    entityId: 'vector:vector_search',\n    tenantId,\n    organizationId,\n    deletedAt: null,\n  })\n\n  if (!existing) {\n    em.persist(\n      em.create(EncryptionMap, {\n        entityId: 'vector:vector_search',\n        tenantId,\n        organizationId,\n        fieldsJson: required,\n        isActive: true,\n        createdAt: new Date(),\n        updatedAt: new Date(),\n      }),\n    )\n    await em.flush()\n    return true\n  }\n\n  const existingFields = Array.isArray(existing.fieldsJson) ? existing.fieldsJson : []\n  const byField = new Map<string, { field: string; hashField?: string | null }>()\n  for (const item of existingFields) {\n    if (!item?.field) continue\n    byField.set(item.field, item)\n  }\n  for (const req of required) {\n    if (!req?.field) continue\n    if (byField.has(req.field)) continue\n    byField.set(req.field, req)\n  }\n\n  const merged = Array.from(byField.values())\n  const changed = merged.length !== existingFields.length\n  if (!changed && existing.isActive) return false\n\n  existing.fieldsJson = merged\n  existing.isActive = true\n  existing.updatedAt = new Date()\n  await em.flush()\n  return true\n}\n\nexport type UpgradeActionContext = {\n  tenantId: string\n  organizationId: string\n  container: AwilixContainer\n  em: EntityManager\n}\n\nexport type UpgradeActionDefinition = {\n  id: string\n  version: string\n  messageKey: string\n  ctaKey: string\n  successKey: string\n  loadingKey?: string\n  run: (ctx: UpgradeActionContext) => Promise<void>\n}\n\n/**\n * Compare two semantic version strings.\n * Uses the semver library for robust version comparison.\n * Returns negative if a < b, positive if a > b, 0 if equal.\n * Throws an error if either version string is invalid.\n */\nexport function compareVersions(a: string, b: string): number {\n  const cleanA = semver.valid(semver.coerce(a))\n  const cleanB = semver.valid(semver.coerce(b))\n  if (!cleanA) {\n    throw new Error(`Invalid version string: \"${a}\". Expected a valid semver format (e.g., \"1.2.3\").`)\n  }\n  if (!cleanB) {\n    throw new Error(`Invalid version string: \"${b}\". Expected a valid semver format (e.g., \"1.2.3\").`)\n  }\n  return semver.compare(cleanA, cleanB)\n}\n\nasync function purgeCatalogCrudCache(container: AwilixContainer, tenantId: string | null) {\n  if (!isCrudCacheEnabled()) return\n  const cache = resolveCrudCache(container)\n  if (!cache) return\n  await runWithCacheTenant(tenantId ?? null, async () => {\n    const stats = await collectCrudCacheStats(cache)\n    const catalogSegments = stats.segments.filter((segment) => segment.resource?.startsWith('catalog.'))\n    if (!catalogSegments.length) return\n    for (const segment of catalogSegments) {\n      try {\n        await purgeCrudCacheSegment(cache, segment.segment)\n      } catch (error) {\n        console.warn('[upgrade-actions] failed to purge catalog cache segment', {\n          tenantId,\n          segment: segment.segment,\n          error,\n        })\n      }\n    }\n  })\n}\n\nexport const upgradeActions: UpgradeActionDefinition[] = [\n  {\n    id: 'configs.upgrades.catalog.examples',\n    version: '0.3.4',\n    messageKey: 'upgrades.v034.message',\n    ctaKey: 'upgrades.v034.cta',\n    successKey: 'upgrades.v034.success',\n    loadingKey: 'upgrades.v034.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      let installExampleCatalogData: typeof import('@open-mercato/core/modules/catalog/lib/seeds')['installExampleCatalogData'] | undefined\n      try {\n        const catalogSeeds = await import('@open-mercato/core/modules/catalog/lib/seeds')\n        installExampleCatalogData = catalogSeeds.installExampleCatalogData\n      } catch {\n        console.warn('[upgrade-actions] catalog module not available, skipping catalog example data')\n        return\n      }\n      await installExampleCatalogData(container, { tenantId, organizationId }, em)\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['catalog'], { tenantId, organizationId, vectorService })\n    },\n  },\n  {\n    id: 'configs.upgrades.auth.admin_business_rules_acl',\n    version: '0.3.5',\n    messageKey: 'upgrades.v035.message',\n    ctaKey: 'upgrades.v035.cta',\n    successKey: 'upgrades.v035.success',\n    loadingKey: 'upgrades.v035.loading',\n    async run({ container, em, tenantId }) {\n      const normalizedTenantId = tenantId.trim()\n      await em.transactional(async (tem) => {\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: ['business_rules.*'],\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          if (features.includes('business_rules.*')) continue\n          acl.featuresJson = [...features, 'business_rules.*']\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.sales.examples',\n    version: '0.3.6',\n    messageKey: 'upgrades.v036.message',\n    ctaKey: 'upgrades.v036.cta',\n    successKey: 'upgrades.v036.success',\n    loadingKey: 'upgrades.v036.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      let seedSalesExamples: typeof import('@open-mercato/core/modules/sales/seed/examples')['seedSalesExamples'] | undefined\n      try {\n        const salesSeeds = await import('@open-mercato/core/modules/sales/seed/examples')\n        seedSalesExamples = salesSeeds.seedSalesExamples\n      } catch {\n        console.warn('[upgrade-actions] sales module not available, skipping sales example data')\n        return\n      }\n      await em.transactional(async (tem) => {\n        await seedSalesExamples!(tem, container, { tenantId, organizationId })\n      })\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['sales', 'catalog'], { tenantId, organizationId, vectorService })\n      await purgeCatalogCrudCache(container, tenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.vector.encryption_vector_search',\n    version: '0.3.6',\n    messageKey: 'upgrades.v036_vector_encryption.message',\n    ctaKey: 'upgrades.v036_vector_encryption.cta',\n    successKey: 'upgrades.v036_vector_encryption.success',\n    loadingKey: 'upgrades.v036_vector_encryption.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const normalizedOrgId = organizationId ?? null\n\n      const encryptionService = resolveEncryptionService(container)\n      if (!encryptionService?.isEnabled?.()) {\n        return\n      }\n\n      const updated = await em.transactional(async (tem) => {\n        return ensureVectorSearchEncryptionMap(tem, normalizedTenantId, normalizedOrgId)\n      })\n\n      if (updated) {\n        await encryptionService.invalidateMap('vector:vector_search', normalizedTenantId, normalizedOrgId)\n      }\n\n      const vectorService = resolveVectorService(container)\n      if (vectorService) {\n        await vectorService.reindexAll({ tenantId: normalizedTenantId, organizationId: normalizedOrgId, purgeFirst: false })\n      }\n    },\n  },\n  {\n    id: 'configs.upgrades.examples.currencies_workflows',\n    version: '0.3.13',\n    messageKey: 'upgrades.v0313.message',\n    ctaKey: 'upgrades.v0313.cta',\n    successKey: 'upgrades.v0313.success',\n    loadingKey: 'upgrades.v0313.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const scope = { tenantId, organizationId }\n\n      let seedExampleCurrencies: typeof import('@open-mercato/core/modules/currencies/lib/seeds')['seedExampleCurrencies'] | undefined\n      try {\n        const currenciesSeeds = await import('@open-mercato/core/modules/currencies/lib/seeds')\n        seedExampleCurrencies = currenciesSeeds.seedExampleCurrencies\n      } catch {\n        console.warn('[upgrade-actions] currencies module not available, skipping currency seeding')\n      }\n\n      let seedExampleWorkflows: typeof import('@open-mercato/core/modules/workflows/lib/seeds')['seedExampleWorkflows'] | undefined\n      try {\n        const workflowsSeeds = await import('@open-mercato/core/modules/workflows/lib/seeds')\n        seedExampleWorkflows = workflowsSeeds.seedExampleWorkflows\n      } catch {\n        console.warn('[upgrade-actions] workflows module not available, skipping workflow seeding')\n      }\n\n      await em.transactional(async (tem) => {\n        if (seedExampleCurrencies) await seedExampleCurrencies(tem, scope)\n        if (seedExampleWorkflows) await seedExampleWorkflows(tem, scope)\n\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: ['search.*', 'feature_toggles.*', 'currencies.*'],\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          const nextFeatures = new Set(features)\n          nextFeatures.add('search.*')\n          nextFeatures.add('feature_toggles.*')\n          nextFeatures.add('currencies.*')\n          if (nextFeatures.size === features.length) continue\n          acl.featuresJson = Array.from(nextFeatures)\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n    },\n  },\n  {\n    id: 'configs.upgrades.examples.planner_staff_resources',\n    version: '0.4.1',\n    messageKey: 'upgrades.v041.message',\n    ctaKey: 'upgrades.v041.cta',\n    successKey: 'upgrades.v041.success',\n    loadingKey: 'upgrades.v041.loading',\n    async run({ container, em, tenantId, organizationId }) {\n      const normalizedTenantId = tenantId.trim()\n      const scope = { tenantId, organizationId }\n\n      let seedPlannerAvailabilityRuleSetDefaults: typeof import('@open-mercato/core/modules/planner/lib/seeds')['seedPlannerAvailabilityRuleSetDefaults'] | undefined\n      let seedPlannerUnavailabilityReasons: typeof import('@open-mercato/core/modules/planner/lib/seeds')['seedPlannerUnavailabilityReasons'] | undefined\n      try {\n        const plannerSeeds = await import('@open-mercato/core/modules/planner/lib/seeds')\n        seedPlannerAvailabilityRuleSetDefaults = plannerSeeds.seedPlannerAvailabilityRuleSetDefaults\n        seedPlannerUnavailabilityReasons = plannerSeeds.seedPlannerUnavailabilityReasons\n      } catch {\n        console.warn('[upgrade-actions] planner module not available, skipping planner seeding')\n      }\n\n      let seedStaffTeamExamples: typeof import('@open-mercato/core/modules/staff/lib/seeds')['seedStaffTeamExamples'] | undefined\n      try {\n        const staffSeeds = await import('@open-mercato/core/modules/staff/lib/seeds')\n        seedStaffTeamExamples = staffSeeds.seedStaffTeamExamples\n      } catch {\n        console.warn('[upgrade-actions] staff module not available, skipping staff seeding')\n      }\n\n      let seedResourcesAddressTypes: typeof import('@open-mercato/core/modules/resources/lib/seeds')['seedResourcesAddressTypes'] | undefined\n      let seedResourcesCapacityUnits: typeof import('@open-mercato/core/modules/resources/lib/seeds')['seedResourcesCapacityUnits'] | undefined\n      let seedResourcesResourceExamples: typeof import('@open-mercato/core/modules/resources/lib/seeds')['seedResourcesResourceExamples'] | undefined\n      try {\n        const resourcesSeeds = await import('@open-mercato/core/modules/resources/lib/seeds')\n        seedResourcesAddressTypes = resourcesSeeds.seedResourcesAddressTypes\n        seedResourcesCapacityUnits = resourcesSeeds.seedResourcesCapacityUnits\n        seedResourcesResourceExamples = resourcesSeeds.seedResourcesResourceExamples\n      } catch {\n        console.warn('[upgrade-actions] resources module not available, skipping resources seeding')\n      }\n\n      await em.transactional(async (tem) => {\n        if (seedPlannerAvailabilityRuleSetDefaults) await seedPlannerAvailabilityRuleSetDefaults(tem, scope)\n        if (seedPlannerUnavailabilityReasons) await seedPlannerUnavailabilityReasons(tem, scope)\n        if (seedStaffTeamExamples) await seedStaffTeamExamples(tem, scope)\n        if (seedResourcesCapacityUnits) await seedResourcesCapacityUnits(tem, scope)\n        if (seedResourcesAddressTypes) await seedResourcesAddressTypes(tem, scope)\n        if (seedResourcesResourceExamples) await seedResourcesResourceExamples(tem, scope)\n\n        const adminRole = await tem.findOne(Role, { name: 'admin', tenantId: normalizedTenantId, deletedAt: null })\n        if (!adminRole) return\n\n        const roleAcls = await tem.find(RoleAcl, { role: adminRole, tenantId: normalizedTenantId, deletedAt: null })\n        const addedFeatures = [\n          'staff.*',\n          'staff.leave_requests.manage',\n          'resources.*',\n          'planner.*',\n        ]\n        let touched = false\n        if (!roleAcls.length) {\n          tem.persist(\n            tem.create(RoleAcl, {\n              role: adminRole,\n              tenantId: normalizedTenantId,\n              featuresJson: addedFeatures,\n              isSuperAdmin: false,\n              createdAt: new Date(),\n              updatedAt: new Date(),\n            }),\n          )\n          touched = true\n        }\n\n        for (const acl of roleAcls) {\n          const features = Array.isArray(acl.featuresJson) ? [...acl.featuresJson] : []\n          const nextFeatures = new Set(features)\n          for (const feature of addedFeatures) nextFeatures.add(feature)\n          if (nextFeatures.size === features.length) continue\n          acl.featuresJson = Array.from(nextFeatures)\n          acl.updatedAt = new Date()\n          touched = true\n        }\n\n        if (touched) {\n          await tem.flush()\n        }\n      })\n\n      const rbac = container.resolve<RbacService>('rbacService')\n      await rbac.invalidateTenantCache(normalizedTenantId)\n\n      const vectorService = resolveVectorService(container)\n      await reindexModules(em, ['planner', 'staff', 'resources'], { tenantId, organizationId, vectorService })\n    },\n  },\n]\n\nexport function actionsUpToVersion(version: string): UpgradeActionDefinition[] {\n  return upgradeActions\n    .filter((action) => compareVersions(action.version, version) <= 0)\n    .sort((a, b) => compareVersions(a.version, b.version) || a.id.localeCompare(b.id))\n}\n\nexport function findUpgradeAction(actionId: string, maxVersion: string): UpgradeActionDefinition | undefined {\n  const matches = actionsUpToVersion(maxVersion).filter((action) => action.id === actionId)\n  if (!matches.length) return undefined\n  return matches[matches.length - 1]\n}\n"],
+  "mappings": "AAAA,SAAS,0BAA0B;AAGnC,SAAS,MAAM,eAAe;AAE9B,SAAS,sBAAsB;AAG/B,SAAS,uBAAuB,6BAA6B;AAC7D,SAAS,oBAAoB,wBAAwB;AACrD,YAAY,YAAY;AAExB,SAAS,qBAAqB;AAC9B,SAAS,+BAA+B;AAGxC,SAAS,qBAAqB,WAAuD;AACnF,MAAI;AACF,WAAO,UAAU,QAA4B,oBAAoB;AAAA,EACnE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,yBAAyB,WAAgE;AAChG,MAAI;AACF,WAAO,UAAU,QAAqC,yBAAyB;AAAA,EACjF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,gCACb,IACA,UACA,gBACkB;AAClB,QAAM,OAAO,wBAAwB,KAAK,CAAC,UAAU,MAAM,aAAa,sBAAsB;AAC9F,QAAM,WAAW,MAAM,UAAU,CAAC;AAClC,MAAI,CAAC,SAAS,OAAQ,QAAO;AAE7B,QAAM,OAAO,GAAG,cAAc,aAAa;AAC3C,QAAM,WAAW,MAAM,KAAK,QAAQ;AAAA,IAClC,UAAU;AAAA,IACV;AAAA,IACA;AAAA,IACA,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,UAAU;AACb,OAAG;AAAA,MACD,GAAG,OAAO,eAAe;AAAA,QACvB,UAAU;AAAA,QACV;AAAA,QACA;AAAA,QACA,YAAY;AAAA,QACZ,UAAU;AAAA,QACV,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAC;AAAA,IACH;AACA,UAAM,GAAG,MAAM;AACf,WAAO;AAAA,EACT;AAEA,QAAM,iBAAiB,MAAM,QAAQ,SAAS,UAAU,IAAI,SAAS,aAAa,CAAC;AACnF,QAAM,UAAU,oBAAI,IAA0D;AAC9E,aAAW,QAAQ,gBAAgB;AACjC,QAAI,CAAC,MAAM,MAAO;AAClB,YAAQ,IAAI,KAAK,OAAO,IAAI;AAAA,EAC9B;AACA,aAAW,OAAO,UAAU;AAC1B,QAAI,CAAC,KAAK,MAAO;AACjB,QAAI,QAAQ,IAAI,IAAI,KAAK,EAAG;AAC5B,YAAQ,IAAI,IAAI,OAAO,GAAG;AAAA,EAC5B;AAEA,QAAM,SAAS,MAAM,KAAK,QAAQ,OAAO,CAAC;AAC1C,QAAM,UAAU,OAAO,WAAW,eAAe;AACjD,MAAI,CAAC,WAAW,SAAS,SAAU,QAAO;AAE1C,WAAS,aAAa;AACtB,WAAS,WAAW;AACpB,WAAS,YAAY,oBAAI,KAAK;AAC9B,QAAM,GAAG,MAAM;AACf,SAAO;AACT;AAyBO,SAAS,gBAAgB,GAAW,GAAmB;AAC5D,QAAM,SAAS,OAAO,MAAM,OAAO,OAAO,CAAC,CAAC;AAC5C,QAAM,SAAS,OAAO,MAAM,OAAO,OAAO,CAAC,CAAC;AAC5C,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,4BAA4B,CAAC,oDAAoD;AAAA,EACnG;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,4BAA4B,CAAC,oDAAoD;AAAA,EACnG;AACA,SAAO,OAAO,QAAQ,QAAQ,MAAM;AACtC;AAEA,eAAe,sBAAsB,WAA4B,UAAyB;AACxF,MAAI,CAAC,mBAAmB,EAAG;AAC3B,QAAM,QAAQ,iBAAiB,SAAS;AACxC,MAAI,CAAC,MAAO;AACZ,QAAM,mBAAmB,YAAY,MAAM,YAAY;AACrD,UAAM,QAAQ,MAAM,sBAAsB,KAAK;AAC/C,UAAM,kBAAkB,MAAM,SAAS,OAAO,CAAC,YAAY,QAAQ,UAAU,WAAW,UAAU,CAAC;AACnG,QAAI,CAAC,gBAAgB,OAAQ;AAC7B,eAAW,WAAW,iBAAiB;AACrC,UAAI;AACF,cAAM,sBAAsB,OAAO,QAAQ,OAAO;AAAA,MACpD,SAAS,OAAO;AACd,gBAAQ,KAAK,2DAA2D;AAAA,UACtE;AAAA,UACA,SAAS,QAAQ;AAAA,UACjB;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEO,MAAM,iBAA4C;AAAA,EACvD;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,UAAI;AACJ,UAAI;AACF,cAAM,eAAe,MAAM,OAAO,8CAA8C;AAChF,oCAA4B,aAAa;AAAA,MAC3C,QAAQ;AACN,gBAAQ,KAAK,+EAA+E;AAC5F;AAAA,MACF;AACA,YAAM,0BAA0B,WAAW,EAAE,UAAU,eAAe,GAAG,EAAE;AAC3E,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,SAAS,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAAA,IACnF;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,SAAS,GAAG;AACrC,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc,CAAC,kBAAkB;AAAA,cACjC,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,cAAI,SAAS,SAAS,kBAAkB,EAAG;AAC3C,cAAI,eAAe,CAAC,GAAG,UAAU,kBAAkB;AACnD,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AAED,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAAA,IACrD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,UAAI;AACJ,UAAI;AACF,cAAM,aAAa,MAAM,OAAO,gDAAgD;AAChF,4BAAoB,WAAW;AAAA,MACjC,QAAQ;AACN,gBAAQ,KAAK,2EAA2E;AACxF;AAAA,MACF;AACA,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,cAAM,kBAAmB,KAAK,WAAW,EAAE,UAAU,eAAe,CAAC;AAAA,MACvE,CAAC;AACD,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,SAAS,SAAS,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAC1F,YAAM,sBAAsB,WAAW,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,kBAAkB,kBAAkB;AAE1C,YAAM,oBAAoB,yBAAyB,SAAS;AAC5D,UAAI,CAAC,mBAAmB,YAAY,GAAG;AACrC;AAAA,MACF;AAEA,YAAM,UAAU,MAAM,GAAG,cAAc,OAAO,QAAQ;AACpD,eAAO,gCAAgC,KAAK,oBAAoB,eAAe;AAAA,MACjF,CAAC;AAED,UAAI,SAAS;AACX,cAAM,kBAAkB,cAAc,wBAAwB,oBAAoB,eAAe;AAAA,MACnG;AAEA,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,UAAI,eAAe;AACjB,cAAM,cAAc,WAAW,EAAE,UAAU,oBAAoB,gBAAgB,iBAAiB,YAAY,MAAM,CAAC;AAAA,MACrH;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,QAAQ,EAAE,UAAU,eAAe;AAEzC,UAAI;AACJ,UAAI;AACF,cAAM,kBAAkB,MAAM,OAAO,iDAAiD;AACtF,gCAAwB,gBAAgB;AAAA,MAC1C,QAAQ;AACN,gBAAQ,KAAK,8EAA8E;AAAA,MAC7F;AAEA,UAAI;AACJ,UAAI;AACF,cAAM,iBAAiB,MAAM,OAAO,gDAAgD;AACpF,+BAAuB,eAAe;AAAA,MACxC,QAAQ;AACN,gBAAQ,KAAK,6EAA6E;AAAA,MAC5F;AAEA,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAI,sBAAuB,OAAM,sBAAsB,KAAK,KAAK;AACjE,YAAI,qBAAsB,OAAM,qBAAqB,KAAK,KAAK;AAE/D,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc,CAAC,YAAY,qBAAqB,cAAc;AAAA,cAC9D,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,gBAAM,eAAe,IAAI,IAAI,QAAQ;AACrC,uBAAa,IAAI,UAAU;AAC3B,uBAAa,IAAI,mBAAmB;AACpC,uBAAa,IAAI,cAAc;AAC/B,cAAI,aAAa,SAAS,SAAS,OAAQ;AAC3C,cAAI,eAAe,MAAM,KAAK,YAAY;AAC1C,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AACD,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAAA,IACrD;AAAA,EACF;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,MAAM,IAAI,EAAE,WAAW,IAAI,UAAU,eAAe,GAAG;AACrD,YAAM,qBAAqB,SAAS,KAAK;AACzC,YAAM,QAAQ,EAAE,UAAU,eAAe;AAEzC,UAAI;AACJ,UAAI;AACJ,UAAI;AACF,cAAM,eAAe,MAAM,OAAO,8CAA8C;AAChF,iDAAyC,aAAa;AACtD,2CAAmC,aAAa;AAAA,MAClD,QAAQ;AACN,gBAAQ,KAAK,0EAA0E;AAAA,MACzF;AAEA,UAAI;AACJ,UAAI;AACF,cAAM,aAAa,MAAM,OAAO,4CAA4C;AAC5E,gCAAwB,WAAW;AAAA,MACrC,QAAQ;AACN,gBAAQ,KAAK,sEAAsE;AAAA,MACrF;AAEA,UAAI;AACJ,UAAI;AACJ,UAAI;AACJ,UAAI;AACF,cAAM,iBAAiB,MAAM,OAAO,gDAAgD;AACpF,oCAA4B,eAAe;AAC3C,qCAA6B,eAAe;AAC5C,wCAAgC,eAAe;AAAA,MACjD,QAAQ;AACN,gBAAQ,KAAK,8EAA8E;AAAA,MAC7F;AAEA,YAAM,GAAG,cAAc,OAAO,QAAQ;AACpC,YAAI,uCAAwC,OAAM,uCAAuC,KAAK,KAAK;AACnG,YAAI,iCAAkC,OAAM,iCAAiC,KAAK,KAAK;AACvF,YAAI,sBAAuB,OAAM,sBAAsB,KAAK,KAAK;AACjE,YAAI,2BAA4B,OAAM,2BAA2B,KAAK,KAAK;AAC3E,YAAI,0BAA2B,OAAM,0BAA0B,KAAK,KAAK;AACzE,YAAI,8BAA+B,OAAM,8BAA8B,KAAK,KAAK;AAEjF,cAAM,YAAY,MAAM,IAAI,QAAQ,MAAM,EAAE,MAAM,SAAS,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC1G,YAAI,CAAC,UAAW;AAEhB,cAAM,WAAW,MAAM,IAAI,KAAK,SAAS,EAAE,MAAM,WAAW,UAAU,oBAAoB,WAAW,KAAK,CAAC;AAC3G,cAAM,gBAAgB;AAAA,UACpB;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AACA,YAAI,UAAU;AACd,YAAI,CAAC,SAAS,QAAQ;AACpB,cAAI;AAAA,YACF,IAAI,OAAO,SAAS;AAAA,cAClB,MAAM;AAAA,cACN,UAAU;AAAA,cACV,cAAc;AAAA,cACd,cAAc;AAAA,cACd,WAAW,oBAAI,KAAK;AAAA,cACpB,WAAW,oBAAI,KAAK;AAAA,YACtB,CAAC;AAAA,UACH;AACA,oBAAU;AAAA,QACZ;AAEA,mBAAW,OAAO,UAAU;AAC1B,gBAAM,WAAW,MAAM,QAAQ,IAAI,YAAY,IAAI,CAAC,GAAG,IAAI,YAAY,IAAI,CAAC;AAC5E,gBAAM,eAAe,IAAI,IAAI,QAAQ;AACrC,qBAAW,WAAW,cAAe,cAAa,IAAI,OAAO;AAC7D,cAAI,aAAa,SAAS,SAAS,OAAQ;AAC3C,cAAI,eAAe,MAAM,KAAK,YAAY;AAC1C,cAAI,YAAY,oBAAI,KAAK;AACzB,oBAAU;AAAA,QACZ;AAEA,YAAI,SAAS;AACX,gBAAM,IAAI,MAAM;AAAA,QAClB;AAAA,MACF,CAAC;AAED,YAAM,OAAO,UAAU,QAAqB,aAAa;AACzD,YAAM,KAAK,sBAAsB,kBAAkB;AAEnD,YAAM,gBAAgB,qBAAqB,SAAS;AACpD,YAAM,eAAe,IAAI,CAAC,WAAW,SAAS,WAAW,GAAG,EAAE,UAAU,gBAAgB,cAAc,CAAC;AAAA,IACzG;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,SAA4C;AAC7E,SAAO,eACJ,OAAO,CAAC,WAAW,gBAAgB,OAAO,SAAS,OAAO,KAAK,CAAC,EAChE,KAAK,CAAC,GAAG,MAAM,gBAAgB,EAAE,SAAS,EAAE,OAAO,KAAK,EAAE,GAAG,cAAc,EAAE,EAAE,CAAC;AACrF;AAEO,SAAS,kBAAkB,UAAkB,YAAyD;AAC3G,QAAM,UAAU,mBAAmB,UAAU,EAAE,OAAO,CAAC,WAAW,OAAO,OAAO,QAAQ;AACxF,MAAI,CAAC,QAAQ,OAAQ,QAAO;AAC5B,SAAO,QAAQ,QAAQ,SAAS,CAAC;AACnC;",
   "names": []
 }

package/dist/modules/configs/setup.js ADDED Viewed

@@ -0,0 +1,16 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: [
+      "configs.system_status.view",
+      "configs.cache.view",
+      "configs.cache.manage",
+      "configs.manage"
+    ]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/configs/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/configs/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: [\n      'configs.system_status.view',\n      'configs.cache.view',\n      'configs.cache.manage',\n      'configs.manage',\n    ],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/currencies/setup.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { seedExampleCurrencies } from "./lib/seeds.js";
+const setup = {
+  seedDefaults: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId };
+    await seedExampleCurrencies(ctx.em, scope);
+  },
+  defaultRoleFeatures: {
+    admin: ["currencies.*"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/currencies/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/currencies/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\nimport { seedExampleCurrencies } from './lib/seeds'\n\nexport const setup: ModuleSetupConfig = {\n  seedDefaults: async (ctx) => {\n    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }\n    await seedExampleCurrencies(ctx.em, scope)\n  },\n\n  defaultRoleFeatures: {\n    admin: ['currencies.*'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AACA,SAAS,6BAA6B;AAE/B,MAAM,QAA2B;AAAA,EACtC,cAAc,OAAO,QAAQ;AAC3B,UAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAC3E,UAAM,sBAAsB,IAAI,IAAI,KAAK;AAAA,EAC3C;AAAA,EAEA,qBAAqB;AAAA,IACnB,OAAO,CAAC,cAAc;AAAA,EACxB;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/customers/setup.js ADDED Viewed

@@ -0,0 +1,36 @@
+import { seedCustomerDictionaries, seedCurrencyDictionary, seedCustomerExamples } from "./cli.js";
+const setup = {
+  seedDefaults: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId };
+    await seedCustomerDictionaries(ctx.em, scope);
+    await seedCurrencyDictionary(ctx.em, scope);
+  },
+  seedExamples: async (ctx) => {
+    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId };
+    await seedCustomerExamples(ctx.em, ctx.container, scope);
+  },
+  defaultRoleFeatures: {
+    admin: [
+      "customers.*",
+      "customers.people.view",
+      "customers.people.manage",
+      "customers.companies.view",
+      "customers.companies.manage",
+      "customers.deals.view",
+      "customers.deals.manage"
+    ],
+    employee: [
+      "customers.*",
+      "customers.people.view",
+      "customers.people.manage",
+      "customers.companies.view",
+      "customers.companies.manage"
+    ]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/customers/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/customers/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\nimport { seedCustomerDictionaries, seedCurrencyDictionary, seedCustomerExamples } from './cli'\n\nexport const setup: ModuleSetupConfig = {\n  seedDefaults: async (ctx) => {\n    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }\n    await seedCustomerDictionaries(ctx.em, scope)\n    await seedCurrencyDictionary(ctx.em, scope)\n  },\n\n  seedExamples: async (ctx) => {\n    const scope = { tenantId: ctx.tenantId, organizationId: ctx.organizationId }\n    await seedCustomerExamples(ctx.em, ctx.container, scope)\n  },\n\n  defaultRoleFeatures: {\n    admin: [\n      'customers.*',\n      'customers.people.view',\n      'customers.people.manage',\n      'customers.companies.view',\n      'customers.companies.manage',\n      'customers.deals.view',\n      'customers.deals.manage',\n    ],\n    employee: [\n      'customers.*',\n      'customers.people.view',\n      'customers.people.manage',\n      'customers.companies.view',\n      'customers.companies.manage',\n    ],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AACA,SAAS,0BAA0B,wBAAwB,4BAA4B;AAEhF,MAAM,QAA2B;AAAA,EACtC,cAAc,OAAO,QAAQ;AAC3B,UAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAC3E,UAAM,yBAAyB,IAAI,IAAI,KAAK;AAC5C,UAAM,uBAAuB,IAAI,IAAI,KAAK;AAAA,EAC5C;AAAA,EAEA,cAAc,OAAO,QAAQ;AAC3B,UAAM,QAAQ,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAC3E,UAAM,qBAAqB,IAAI,IAAI,IAAI,WAAW,KAAK;AAAA,EACzD;AAAA,EAEA,qBAAqB;AAAA,IACnB,OAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/dashboards/setup.js ADDED Viewed

@@ -0,0 +1,12 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["dashboards.*", "dashboards.admin.assign-widgets", "analytics.view"],
+    employee: ["dashboards.view", "dashboards.configure", "analytics.view"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/dashboards/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/dashboards/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['dashboards.*', 'dashboards.admin.assign-widgets', 'analytics.view'],\n    employee: ['dashboards.view', 'dashboards.configure', 'analytics.view'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,gBAAgB,mCAAmC,gBAAgB;AAAA,IAC3E,UAAU,CAAC,mBAAmB,wBAAwB,gBAAgB;AAAA,EACxE;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/dictionaries/setup.js ADDED Viewed

@@ -0,0 +1,12 @@
+const setup = {
+  defaultRoleFeatures: {
+    admin: ["dictionaries.view", "dictionaries.manage"],
+    employee: ["dictionaries.view"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/dictionaries/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/dictionaries/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    admin: ['dictionaries.view', 'dictionaries.manage'],\n    employee: ['dictionaries.view'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,OAAO,CAAC,qBAAqB,qBAAqB;AAAA,IAClD,UAAU,CAAC,mBAAmB;AAAA,EAChC;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/directory/setup.js ADDED Viewed

@@ -0,0 +1,12 @@
+const setup = {
+  defaultRoleFeatures: {
+    superadmin: ["directory.tenants.*"],
+    admin: ["directory.organizations.view", "directory.organizations.manage"]
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/directory/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/directory/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig } from '@open-mercato/shared/modules/setup'\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    superadmin: ['directory.tenants.*'],\n    admin: ['directory.organizations.view', 'directory.organizations.manage'],\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,YAAY,CAAC,qBAAqB;AAAA,IAClC,OAAO,CAAC,gCAAgC,gCAAgC;AAAA,EAC1E;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}