@open-mercato/core 0.4.6-develop-bbfd75b1c8 → 0.4.6-develop-2ba4e02ffb

package/src/modules/integrations/backend/integrations/bundle/[id]/page.tsx

@@ -12,12 +12,18 @@ import { Spinner } from '@open-mercato/ui/primitives/spinner'
 import { apiCall } from '@open-mercato/ui/backend/utils/apiCall'
 import { flash } from '@open-mercato/ui/backend/FlashMessages'
 import { useT } from '@open-mercato/shared/lib/i18n/context'
-import type { IntegrationCredentialField } from '@open-mercato/shared/modules/integrations/types'
+import type { CredentialFieldType, IntegrationCredentialField } from '@open-mercato/shared/modules/integrations/types'
 import { LoadingMessage } from '@open-mercato/ui/backend/detail'
 import { ErrorMessage } from '@open-mercato/ui/backend/detail'
 
 type CredentialField = IntegrationCredentialField
 
+const UNSUPPORTED_CREDENTIAL_FIELD_TYPES = new Set<CredentialFieldType>(['oauth', 'ssh_keypair'])
+
+function isEditableCredentialField(field: CredentialField): boolean {
+  return !UNSUPPORTED_CREDENTIAL_FIELD_TYPES.has(field.type)
+}
+
 type BundleIntegration = {
   id: string
   title: string
@@ -131,7 +137,7 @@ export default function BundleConfigPage() {
   if (isLoading) return <Page><PageBody><LoadingMessage label={t('integrations.bundle.title')} /></PageBody></Page>
   if (error || !detail?.bundle) return <Page><PageBody><ErrorMessage label={error ?? t('integrations.detail.loadError')} /></PageBody></Page>
 
-  const credFields = detail.bundle.credentials?.fields ?? []
+  const credFields = (detail.bundle.credentials?.fields ?? []).filter(isEditableCredentialField)
 
   return (
     <Page>

package/src/modules/integrations/lib/credentials-service.ts

@@ -3,10 +3,14 @@ import type { EntityManager } from '@mikro-orm/postgresql'
 import { decryptWithAesGcm, encryptWithAesGcm } from '@open-mercato/shared/lib/encryption/aes'
 import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import { createKmsService } from '@open-mercato/shared/lib/encryption/kms'
-import { getBundle, getIntegration, resolveIntegrationCredentialsSchema } from '@open-mercato/shared/modules/integrations/types'
+import {
+  getBundle,
+  getIntegration,
+  resolveIntegrationCredentialsSchema,
+  type IntegrationScope,
+} from '@open-mercato/shared/modules/integrations/types'
 import { EncryptionMap } from '../../entities/data/entities'
 import { IntegrationCredentials } from '../data/entities'
-import type { IntegrationScope } from './types'
 
 const ENCRYPTED_CREDENTIALS_BLOB_KEY = '__om_encrypted_credentials_blob_v1'
 const DERIVED_KEY_CONTEXT = 'integrations.credentials'

package/src/modules/integrations/lib/health-service.ts

@@ -1,8 +1,7 @@
 import type { AwilixContainer } from 'awilix'
 import type { IntegrationStateService } from './state-service'
 import type { IntegrationLogService } from './log-service'
-import { getIntegration, getBundle } from '@open-mercato/shared/modules/integrations/types'
-import type { IntegrationScope } from './types'
+import { getIntegration, getBundle, type IntegrationScope } from '@open-mercato/shared/modules/integrations/types'
 
 type HealthCheckResult = {
   status: 'healthy' | 'degraded' | 'unhealthy'

package/src/modules/integrations/lib/log-service.ts

@@ -1,8 +1,8 @@
 import type { EntityManager, FilterQuery } from '@mikro-orm/postgresql'
 import { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import type { IntegrationScope } from '@open-mercato/shared/modules/integrations/types'
 import type { ListIntegrationLogsQuery } from '../data/validators'
 import { IntegrationLog } from '../data/entities'
-import type { IntegrationScope } from './types'
 
 type LogInput = {
   integrationId: string

package/src/modules/integrations/lib/state-service.ts

@@ -1,7 +1,7 @@
 import type { EntityManager } from '@mikro-orm/postgresql'
 import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import type { IntegrationScope } from '@open-mercato/shared/modules/integrations/types'
 import { IntegrationState } from '../data/entities'
-import type { IntegrationScope } from './types'
 
 export function createIntegrationStateService(em: EntityManager) {
   return {

package/src/modules/sales/api/quotes/convert/route.ts

@@ -9,10 +9,11 @@ import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
 import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import {
-  runCrudMutationGuardAfterSuccess,
-  validateCrudMutationGuard,
-  type CrudMutationGuardValidationResult,
-} from '@open-mercato/shared/lib/crud/mutation-guard'
+  bridgeLegacyGuard,
+  runMutationGuards,
+  type MutationGuard,
+  type MutationGuardInput,
+} from '@open-mercato/shared/lib/crud/mutation-guard-registry'
 import { withScopedPayload } from '../../utils'
 
 const convertSchema = z.object({
@@ -29,9 +30,51 @@ type RequestContext = {
   ctx: CommandRuntimeContext
 }
 
-function buildMutationGuardErrorResponse(validation: CrudMutationGuardValidationResult): NextResponse | null {
-  if (validation.ok) return null
-  return NextResponse.json(validation.body, { status: validation.status })
+function resolveUserFeatures(auth: unknown): string[] {
+  const features = (auth as { features?: unknown })?.features
+  if (!Array.isArray(features)) return []
+  return features.filter((value): value is string => typeof value === 'string')
+}
+
+async function runGuards(
+  ctx: CommandRuntimeContext,
+  input: MutationGuardInput,
+): Promise<{
+  ok: boolean
+  errorBody?: Record<string, unknown>
+  errorStatus?: number
+  afterSuccessCallbacks: Array<{ guard: MutationGuard; metadata: Record<string, unknown> | null }>
+}> {
+  const legacyGuard = bridgeLegacyGuard(ctx.container)
+  if (!legacyGuard) {
+    return { ok: true, afterSuccessCallbacks: [] }
+  }
+
+  return runMutationGuards([legacyGuard], input, {
+    userFeatures: resolveUserFeatures(ctx.auth),
+  })
+}
+
+async function runGuardAfterSuccessCallbacks(
+  callbacks: Array<{ guard: MutationGuard; metadata: Record<string, unknown> | null }>,
+  input: {
+    tenantId: string
+    organizationId: string | null
+    userId: string
+    resourceKind: string
+    resourceId: string
+    operation: 'create' | 'update' | 'delete'
+    requestMethod: string
+    requestHeaders: Headers
+  },
+): Promise<void> {
+  for (const callback of callbacks) {
+    if (!callback.guard.afterSuccess) continue
+    await callback.guard.afterSuccess({
+      ...input,
+      metadata: callback.metadata ?? null,
+    })
+  }
 }
 
 async function resolveRequestContext(req: Request): Promise<RequestContext> {
@@ -70,7 +113,7 @@ export async function POST(req: Request) {
     const payload = await req.json().catch(() => ({}))
     const scoped = withScopedPayload(payload ?? {}, ctx, translate)
     const input = convertSchema.parse(scoped)
-    const mutationGuardValidation = await validateCrudMutationGuard(ctx.container, {
+    const guardResult = await runGuards(ctx, {
       tenantId: ctx.auth?.tenantId ?? '',
       organizationId: ctx.selectedOrganizationId ?? ctx.auth?.orgId ?? null,
       userId: ctx.auth?.sub ?? '',
@@ -80,9 +123,8 @@ export async function POST(req: Request) {
       requestMethod: req.method,
       requestHeaders: req.headers,
     })
-    if (mutationGuardValidation) {
-      const lockErrorResponse = buildMutationGuardErrorResponse(mutationGuardValidation)
-      if (lockErrorResponse) return lockErrorResponse
+    if (!guardResult.ok) {
+      return NextResponse.json(guardResult.errorBody ?? { error: 'Operation blocked by guard' }, { status: guardResult.errorStatus ?? 422 })
     }
     const commandBus = ctx.container.resolve('commandBus') as CommandBus
     const { result, logEntry } = await commandBus.execute<
@@ -112,8 +154,8 @@ export async function POST(req: Request) {
       )
     }
 
-    if (mutationGuardValidation?.ok && mutationGuardValidation.shouldRunAfterSuccess) {
-      await runCrudMutationGuardAfterSuccess(ctx.container, {
+    if (guardResult.afterSuccessCallbacks.length) {
+      await runGuardAfterSuccessCallbacks(guardResult.afterSuccessCallbacks, {
         tenantId: ctx.auth?.tenantId ?? '',
         organizationId: ctx.selectedOrganizationId ?? ctx.auth?.orgId ?? null,
         userId: ctx.auth?.sub ?? '',
@@ -122,7 +164,6 @@ export async function POST(req: Request) {
         operation: 'update',
         requestMethod: req.method,
         requestHeaders: req.headers,
-        metadata: mutationGuardValidation.metadata ?? null,
       })
     }
 

package/src/modules/sales/api/quotes/send/route.ts

@@ -8,10 +8,11 @@ import { resolveTranslations, detectLocale } from '@open-mercato/shared/lib/i18n
 import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import {
-  runCrudMutationGuardAfterSuccess,
-  validateCrudMutationGuard,
-  type CrudMutationGuardValidationResult,
-} from '@open-mercato/shared/lib/crud/mutation-guard'
+  bridgeLegacyGuard,
+  runMutationGuards,
+  type MutationGuard,
+  type MutationGuardInput,
+} from '@open-mercato/shared/lib/crud/mutation-guard-registry'
 import type { EntityManager } from '@mikro-orm/postgresql'
 import crypto from 'node:crypto'
 import { withScopedPayload } from '../../utils'
@@ -29,9 +30,51 @@ type RequestContext = {
   ctx: CommandRuntimeContext
 }
 
-function buildMutationGuardErrorResponse(validation: CrudMutationGuardValidationResult): NextResponse | null {
-  if (validation.ok) return null
-  return NextResponse.json(validation.body, { status: validation.status })
+function resolveUserFeatures(auth: unknown): string[] {
+  const features = (auth as { features?: unknown })?.features
+  if (!Array.isArray(features)) return []
+  return features.filter((value): value is string => typeof value === 'string')
+}
+
+async function runGuards(
+  ctx: CommandRuntimeContext,
+  input: MutationGuardInput,
+): Promise<{
+  ok: boolean
+  errorBody?: Record<string, unknown>
+  errorStatus?: number
+  afterSuccessCallbacks: Array<{ guard: MutationGuard; metadata: Record<string, unknown> | null }>
+}> {
+  const legacyGuard = bridgeLegacyGuard(ctx.container)
+  if (!legacyGuard) {
+    return { ok: true, afterSuccessCallbacks: [] }
+  }
+
+  return runMutationGuards([legacyGuard], input, {
+    userFeatures: resolveUserFeatures(ctx.auth),
+  })
+}
+
+async function runGuardAfterSuccessCallbacks(
+  callbacks: Array<{ guard: MutationGuard; metadata: Record<string, unknown> | null }>,
+  input: {
+    tenantId: string
+    organizationId: string | null
+    userId: string
+    resourceKind: string
+    resourceId: string
+    operation: 'create' | 'update' | 'delete'
+    requestMethod: string
+    requestHeaders: Headers
+  },
+): Promise<void> {
+  for (const callback of callbacks) {
+    if (!callback.guard.afterSuccess) continue
+    await callback.guard.afterSuccess({
+      ...input,
+      metadata: callback.metadata ?? null,
+    })
+  }
 }
 
 async function resolveRequestContext(req: Request): Promise<RequestContext> {
@@ -85,7 +128,7 @@ export async function POST(req: Request) {
     const payload = await req.json().catch(() => ({}))
     const scoped = withScopedPayload(payload ?? {}, ctx, translate)
     const input = quoteSendSchema.parse(scoped)
-    const mutationGuardValidation = await validateCrudMutationGuard(ctx.container, {
+    const guardResult = await runGuards(ctx, {
       tenantId: ctx.auth?.tenantId ?? '',
       organizationId: ctx.selectedOrganizationId ?? ctx.auth?.orgId ?? null,
       userId: ctx.auth?.sub ?? '',
@@ -95,9 +138,8 @@ export async function POST(req: Request) {
       requestMethod: req.method,
       requestHeaders: req.headers,
     })
-    if (mutationGuardValidation) {
-      const lockErrorResponse = buildMutationGuardErrorResponse(mutationGuardValidation)
-      if (lockErrorResponse) return lockErrorResponse
+    if (!guardResult.ok) {
+      return NextResponse.json(guardResult.errorBody ?? { error: 'Operation blocked by guard' }, { status: guardResult.errorStatus ?? 422 })
     }
 
     const em = (ctx.container.resolve('em') as EntityManager).fork()
@@ -163,8 +205,8 @@ export async function POST(req: Request) {
       react: QuoteSentEmail({ url, copy }),
     })
 
-    if (mutationGuardValidation?.ok && mutationGuardValidation.shouldRunAfterSuccess) {
-      await runCrudMutationGuardAfterSuccess(ctx.container, {
+    if (guardResult.afterSuccessCallbacks.length) {
+      await runGuardAfterSuccessCallbacks(guardResult.afterSuccessCallbacks, {
         tenantId: ctx.auth?.tenantId ?? '',
         organizationId: ctx.selectedOrganizationId ?? ctx.auth?.orgId ?? null,
         userId: ctx.auth?.sub ?? '',
@@ -173,7 +215,6 @@ export async function POST(req: Request) {
         operation: 'update',
         requestMethod: req.method,
         requestHeaders: req.headers,
-        metadata: mutationGuardValidation.metadata ?? null,
       })
     }
 

package/dist/modules/integrations/lib/types.js

@@ -1 +0,0 @@
-//# sourceMappingURL=types.js.map

package/dist/modules/integrations/lib/types.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": [],
-  "sourcesContent": [],
-  "mappings": "",
-  "names": []
-}

package/src/modules/integrations/lib/types.ts

@@ -1,4 +0,0 @@
-export type IntegrationScope = {
-  organizationId: string
-  tenantId: string
-}