npm - @open-mercato/core - Versions diffs - 0.6.5-develop.4384.1.ce2ec6eaaa → 0.6.5-develop.4397.1.9a65481757 - Mend

@open-mercato/core 0.6.5-develop.4384.1.ce2ec6eaaa → 0.6.5-develop.4397.1.9a65481757

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (533) hide show

package/dist/helpers/integration/authFixtures.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { expect } from "@playwright/test";
-import { apiRequest } from "./api.js";
+import { apiRequest, getAuthToken } from "./api.js";
 import { expectId, readJsonSafe } from "./generalFixtures.js";
 const BASE_URL = process.env.BASE_URL?.trim() || null;
 function resolveUrl(path) {
@@ -105,6 +105,7 @@ export {
   deleteOrganizationIfExists,
   deleteRoleIfExists,
   deleteUserIfExists,
+  getAuthToken,
   setRoleAclFeatures,
   setUserAclVisibility
 };

package/dist/helpers/integration/authFixtures.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/helpers/integration/authFixtures.ts"],
-  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\nconst BASE_URL = process.env.BASE_URL?.trim() || null;\n\nfunction resolveUrl(path: string): string {\n  return BASE_URL ? `${BASE_URL}${path}` : path;\n}\n\n/**\n * Variant of {@link apiRequest} that sets the `om_selected_org` cookie so the\n * server resolves `ctx.selectedOrganizationId` to a specific organization.\n * Create routes scope new records to that organization, which lets a test place\n * a fixture in an organization other than the caller's home org.\n */\nexport async function apiRequestWithSelectedOrg(\n  request: APIRequestContext,\n  method: string,\n  path: string,\n  options: { token: string; selectedOrgId: string; data?: unknown },\n) {\n  const headers = {\n    Authorization: `Bearer ${options.token}`,\n    'Content-Type': 'application/json',\n    Cookie: `om_selected_org=${options.selectedOrgId}`,\n  };\n  return request.fetch(resolveUrl(path), { method, headers, data: options.data });\n}\n\nexport async function createRoleFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { name: string; tenantId?: string },\n): Promise<string> {\n  const payload: { name: string; tenantId?: string } = {\n    name: input.name,\n  };\n  if (typeof input.tenantId === 'string' && input.tenantId.length > 0) {\n    payload.tenantId = input.tenantId;\n  }\n  const response = await apiRequest(request, 'POST', '/api/auth/roles', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/roles should return 201').toBe(201);\n  return expectId(body?.id, 'Role creation response should include id');\n}\n\nexport async function deleteRoleIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  roleId: string | null,\n): Promise<void> {\n  if (!token || !roleId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/roles?id=${encodeURIComponent(roleId)}`, { token }).catch(() => undefined);\n}\n\nexport async function createUserFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { email: string; password: string; organizationId: string; roles: string[]; name?: string },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/auth/users', {\n    token,\n    data: input,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/users should return 201').toBe(201);\n  return expectId(body?.id, 'User creation response should include id');\n}\n\nexport async function deleteUserIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  userId: string | null,\n): Promise<void> {\n  if (!token || !userId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/users?id=${encodeURIComponent(userId)}`, { token }).catch(() => undefined);\n}\n\nexport async function createOrganizationFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { name: string; tenantId?: string },\n): Promise<string> {\n  const payload: { name: string; tenantId?: string } = { name: input.name };\n  if (typeof input.tenantId === 'string' && input.tenantId.length > 0) {\n    payload.tenantId = input.tenantId;\n  }\n  const response = await apiRequest(request, 'POST', '/api/directory/organizations', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/directory/organizations should return 201').toBe(201);\n  return expectId(body?.id, 'Organization creation response should include id');\n}\n\nexport async function deleteOrganizationIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  organizationId: string | null,\n): Promise<void> {\n  if (!token || !organizationId) return;\n  await apiRequest(request, 'DELETE', '/api/directory/organizations', {\n    token,\n    data: { id: organizationId },\n  }).catch(() => undefined);\n}\n\nexport async function setRoleAclFeatures(\n  request: APIRequestContext,\n  token: string,\n  input: { roleId: string; features: string[]; organizations?: string[] | null },\n): Promise<void> {\n  const payload: { roleId: string; features: string[]; organizations?: string[] | null } = {\n    roleId: input.roleId,\n    features: input.features,\n  };\n  if (input.organizations !== undefined) {\n    payload.organizations = input.organizations;\n  }\n  const response = await apiRequest(request, 'PUT', '/api/auth/roles/acl', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ ok?: boolean }>(response);\n  expect(response.status(), 'PUT /api/auth/roles/acl should return 200').toBe(200);\n  expect(body?.ok, 'Role ACL update should report ok=true').toBe(true);\n}\n\nexport async function setUserAclVisibility(\n  request: APIRequestContext,\n  token: string,\n  input: { userId: string; organizations: string[] | null; features?: string[] },\n): Promise<void> {\n  const payload: { userId: string; organizations: string[] | null; features?: string[] } = {\n    userId: input.userId,\n    organizations: input.organizations,\n  };\n  if (input.features !== undefined) {\n    payload.features = input.features;\n  }\n  const response = await apiRequest(request, 'PUT', '/api/auth/users/acl', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ ok?: boolean }>(response);\n  expect(response.status(), 'PUT /api/auth/users/acl should return 200').toBe(200);\n  expect(body?.ok, 'User ACL update should report ok=true').toBe(true);\n}\n"],
-  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,UAAU,oBAAoB;AAEvC,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAEjD,SAAS,WAAW,MAAsB;AACxC,SAAO,WAAW,GAAG,QAAQ,GAAG,IAAI,KAAK;AAC3C;AAQA,eAAsB,0BACpB,SACA,QACA,MACA,SACA;AACA,QAAM,UAAU;AAAA,IACd,eAAe,UAAU,QAAQ,KAAK;AAAA,IACtC,gBAAgB;AAAA,IAChB,QAAQ,mBAAmB,QAAQ,aAAa;AAAA,EAClD;AACA,SAAO,QAAQ,MAAM,WAAW,IAAI,GAAG,EAAE,QAAQ,SAAS,MAAM,QAAQ,KAAK,CAAC;AAChF;AAEA,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,UAA+C;AAAA,IACnD,MAAM,MAAM;AAAA,EACd;AACA,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,SAAS,GAAG;AACnE,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;AAEA,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;AAEA,eAAsB,0BACpB,SACA,OACA,OACiB;AACjB,QAAM,UAA+C,EAAE,MAAM,MAAM,KAAK;AACxE,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,SAAS,GAAG;AACnE,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,gCAAgC;AAAA,IACjF;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,qDAAqD,EAAE,KAAK,GAAG;AACzF,SAAO,SAAS,MAAM,IAAI,kDAAkD;AAC9E;AAEA,eAAsB,2BACpB,SACA,OACA,gBACe;AACf,MAAI,CAAC,SAAS,CAAC,eAAgB;AAC/B,QAAM,WAAW,SAAS,UAAU,gCAAgC;AAAA,IAClE;AAAA,IACA,MAAM,EAAE,IAAI,eAAe;AAAA,EAC7B,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1B;AAEA,eAAsB,mBACpB,SACA,OACA,OACe;AACf,QAAM,UAAmF;AAAA,IACvF,QAAQ,MAAM;AAAA,IACd,UAAU,MAAM;AAAA,EAClB;AACA,MAAI,MAAM,kBAAkB,QAAW;AACrC,YAAQ,gBAAgB,MAAM;AAAA,EAChC;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,OAAO,uBAAuB;AAAA,IACvE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA+B,QAAQ;AAC1D,SAAO,SAAS,OAAO,GAAG,2CAA2C,EAAE,KAAK,GAAG;AAC/E,SAAO,MAAM,IAAI,uCAAuC,EAAE,KAAK,IAAI;AACrE;AAEA,eAAsB,qBACpB,SACA,OACA,OACe;AACf,QAAM,UAAmF;AAAA,IACvF,QAAQ,MAAM;AAAA,IACd,eAAe,MAAM;AAAA,EACvB;AACA,MAAI,MAAM,aAAa,QAAW;AAChC,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,OAAO,uBAAuB;AAAA,IACvE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA+B,QAAQ;AAC1D,SAAO,SAAS,OAAO,GAAG,2CAA2C,EAAE,KAAK,GAAG;AAC/E,SAAO,MAAM,IAAI,uCAAuC,EAAE,KAAK,IAAI;AACrE;",
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest, getAuthToken } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\n// Re-exported so tests can import auth helpers from a single fixtures module.\nexport { getAuthToken };\n\nconst BASE_URL = process.env.BASE_URL?.trim() || null;\n\nfunction resolveUrl(path: string): string {\n  return BASE_URL ? `${BASE_URL}${path}` : path;\n}\n\n/**\n * Variant of {@link apiRequest} that sets the `om_selected_org` cookie so the\n * server resolves `ctx.selectedOrganizationId` to a specific organization.\n * Create routes scope new records to that organization, which lets a test place\n * a fixture in an organization other than the caller's home org.\n */\nexport async function apiRequestWithSelectedOrg(\n  request: APIRequestContext,\n  method: string,\n  path: string,\n  options: { token: string; selectedOrgId: string; data?: unknown },\n) {\n  const headers = {\n    Authorization: `Bearer ${options.token}`,\n    'Content-Type': 'application/json',\n    Cookie: `om_selected_org=${options.selectedOrgId}`,\n  };\n  return request.fetch(resolveUrl(path), { method, headers, data: options.data });\n}\n\nexport async function createRoleFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { name: string; tenantId?: string },\n): Promise<string> {\n  const payload: { name: string; tenantId?: string } = {\n    name: input.name,\n  };\n  if (typeof input.tenantId === 'string' && input.tenantId.length > 0) {\n    payload.tenantId = input.tenantId;\n  }\n  const response = await apiRequest(request, 'POST', '/api/auth/roles', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/roles should return 201').toBe(201);\n  return expectId(body?.id, 'Role creation response should include id');\n}\n\nexport async function deleteRoleIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  roleId: string | null,\n): Promise<void> {\n  if (!token || !roleId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/roles?id=${encodeURIComponent(roleId)}`, { token }).catch(() => undefined);\n}\n\nexport async function createUserFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { email: string; password: string; organizationId: string; roles: string[]; name?: string },\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', '/api/auth/users', {\n    token,\n    data: input,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/auth/users should return 201').toBe(201);\n  return expectId(body?.id, 'User creation response should include id');\n}\n\nexport async function deleteUserIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  userId: string | null,\n): Promise<void> {\n  if (!token || !userId) return;\n  await apiRequest(request, 'DELETE', `/api/auth/users?id=${encodeURIComponent(userId)}`, { token }).catch(() => undefined);\n}\n\nexport async function createOrganizationFixture(\n  request: APIRequestContext,\n  token: string,\n  input: { name: string; tenantId?: string },\n): Promise<string> {\n  const payload: { name: string; tenantId?: string } = { name: input.name };\n  if (typeof input.tenantId === 'string' && input.tenantId.length > 0) {\n    payload.tenantId = input.tenantId;\n  }\n  const response = await apiRequest(request, 'POST', '/api/directory/organizations', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ id?: string }>(response);\n  expect(response.status(), 'POST /api/directory/organizations should return 201').toBe(201);\n  return expectId(body?.id, 'Organization creation response should include id');\n}\n\nexport async function deleteOrganizationIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  organizationId: string | null,\n): Promise<void> {\n  if (!token || !organizationId) return;\n  await apiRequest(request, 'DELETE', '/api/directory/organizations', {\n    token,\n    data: { id: organizationId },\n  }).catch(() => undefined);\n}\n\nexport async function setRoleAclFeatures(\n  request: APIRequestContext,\n  token: string,\n  input: { roleId: string; features: string[]; organizations?: string[] | null },\n): Promise<void> {\n  const payload: { roleId: string; features: string[]; organizations?: string[] | null } = {\n    roleId: input.roleId,\n    features: input.features,\n  };\n  if (input.organizations !== undefined) {\n    payload.organizations = input.organizations;\n  }\n  const response = await apiRequest(request, 'PUT', '/api/auth/roles/acl', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ ok?: boolean }>(response);\n  expect(response.status(), 'PUT /api/auth/roles/acl should return 200').toBe(200);\n  expect(body?.ok, 'Role ACL update should report ok=true').toBe(true);\n}\n\nexport async function setUserAclVisibility(\n  request: APIRequestContext,\n  token: string,\n  input: { userId: string; organizations: string[] | null; features?: string[] },\n): Promise<void> {\n  const payload: { userId: string; organizations: string[] | null; features?: string[] } = {\n    userId: input.userId,\n    organizations: input.organizations,\n  };\n  if (input.features !== undefined) {\n    payload.features = input.features;\n  }\n  const response = await apiRequest(request, 'PUT', '/api/auth/users/acl', {\n    token,\n    data: payload,\n  });\n  const body = await readJsonSafe<{ ok?: boolean }>(response);\n  expect(response.status(), 'PUT /api/auth/users/acl should return 200').toBe(200);\n  expect(body?.ok, 'User ACL update should report ok=true').toBe(true);\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,YAAY,oBAAoB;AACzC,SAAS,UAAU,oBAAoB;AAKvC,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAEjD,SAAS,WAAW,MAAsB;AACxC,SAAO,WAAW,GAAG,QAAQ,GAAG,IAAI,KAAK;AAC3C;AAQA,eAAsB,0BACpB,SACA,QACA,MACA,SACA;AACA,QAAM,UAAU;AAAA,IACd,eAAe,UAAU,QAAQ,KAAK;AAAA,IACtC,gBAAgB;AAAA,IAChB,QAAQ,mBAAmB,QAAQ,aAAa;AAAA,EAClD;AACA,SAAO,QAAQ,MAAM,WAAW,IAAI,GAAG,EAAE,QAAQ,SAAS,MAAM,QAAQ,KAAK,CAAC;AAChF;AAEA,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,UAA+C;AAAA,IACnD,MAAM,MAAM;AAAA,EACd;AACA,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,SAAS,GAAG;AACnE,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;AAEA,eAAsB,kBACpB,SACA,OACA,OACiB;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,mBAAmB;AAAA,IACpE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,wCAAwC,EAAE,KAAK,GAAG;AAC5E,SAAO,SAAS,MAAM,IAAI,0CAA0C;AACtE;AAEA,eAAsB,mBACpB,SACA,OACA,QACe;AACf,MAAI,CAAC,SAAS,CAAC,OAAQ;AACvB,QAAM,WAAW,SAAS,UAAU,sBAAsB,mBAAmB,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1H;AAEA,eAAsB,0BACpB,SACA,OACA,OACiB;AACjB,QAAM,UAA+C,EAAE,MAAM,MAAM,KAAK;AACxE,MAAI,OAAO,MAAM,aAAa,YAAY,MAAM,SAAS,SAAS,GAAG;AACnE,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,gCAAgC;AAAA,IACjF;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA8B,QAAQ;AACzD,SAAO,SAAS,OAAO,GAAG,qDAAqD,EAAE,KAAK,GAAG;AACzF,SAAO,SAAS,MAAM,IAAI,kDAAkD;AAC9E;AAEA,eAAsB,2BACpB,SACA,OACA,gBACe;AACf,MAAI,CAAC,SAAS,CAAC,eAAgB;AAC/B,QAAM,WAAW,SAAS,UAAU,gCAAgC;AAAA,IAClE;AAAA,IACA,MAAM,EAAE,IAAI,eAAe;AAAA,EAC7B,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1B;AAEA,eAAsB,mBACpB,SACA,OACA,OACe;AACf,QAAM,UAAmF;AAAA,IACvF,QAAQ,MAAM;AAAA,IACd,UAAU,MAAM;AAAA,EAClB;AACA,MAAI,MAAM,kBAAkB,QAAW;AACrC,YAAQ,gBAAgB,MAAM;AAAA,EAChC;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,OAAO,uBAAuB;AAAA,IACvE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA+B,QAAQ;AAC1D,SAAO,SAAS,OAAO,GAAG,2CAA2C,EAAE,KAAK,GAAG;AAC/E,SAAO,MAAM,IAAI,uCAAuC,EAAE,KAAK,IAAI;AACrE;AAEA,eAAsB,qBACpB,SACA,OACA,OACe;AACf,QAAM,UAAmF;AAAA,IACvF,QAAQ,MAAM;AAAA,IACd,eAAe,MAAM;AAAA,EACvB;AACA,MAAI,MAAM,aAAa,QAAW;AAChC,YAAQ,WAAW,MAAM;AAAA,EAC3B;AACA,QAAM,WAAW,MAAM,WAAW,SAAS,OAAO,uBAAuB;AAAA,IACvE;AAAA,IACA,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,MAAM,aAA+B,QAAQ;AAC1D,SAAO,SAAS,OAAO,GAAG,2CAA2C,EAAE,KAAK,GAAG;AAC/E,SAAO,MAAM,IAAI,uCAAuC,EAAE,KAAK,IAAI;AACrE;",
   "names": []
 }

package/dist/helpers/integration/communicationChannelsFixtures.js ADDED Viewed

@@ -0,0 +1,58 @@
+import { expect } from "@playwright/test";
+import { apiRequest } from "./api.js";
+import { expectId, readJsonSafe } from "./generalFixtures.js";
+const TEST_SEED_PATH = "/api/communication_channels/test-seed";
+async function isChannelSeedingAvailable(request, token) {
+  const response = await apiRequest(request, "POST", TEST_SEED_PATH, {
+    token,
+    data: { action: "__probe__" }
+  });
+  return response.status() !== 404;
+}
+async function seedConnectedChannel(request, token, input = {}) {
+  const response = await apiRequest(request, "POST", TEST_SEED_PATH, {
+    token,
+    data: { action: "connect-channel", ...input }
+  });
+  expect(
+    response.status(),
+    "POST /api/communication_channels/test-seed (connect-channel) should return 201"
+  ).toBe(201);
+  const body = await readJsonSafe(response);
+  return expectId(body?.channelId, "connect-channel response should include channelId");
+}
+async function seedInboundMessage(request, token, input) {
+  const response = await apiRequest(request, "POST", TEST_SEED_PATH, {
+    token,
+    data: { action: "emit-inbound", ...input }
+  });
+  expect(
+    response.status(),
+    "POST /api/communication_channels/test-seed (emit-inbound) should return 201"
+  ).toBe(201);
+  const body = await readJsonSafe(response);
+  return {
+    channelLinkId: expectId(body?.channelLinkId, "emit-inbound response should include channelLinkId"),
+    messageId: expectId(body?.messageId, "emit-inbound response should include messageId"),
+    conversationId: expectId(
+      body?.conversationId,
+      "emit-inbound response should include conversationId"
+    )
+  };
+}
+async function deleteChannelIfExists(request, token, channelId) {
+  if (!token || !channelId) return;
+  await apiRequest(
+    request,
+    "DELETE",
+    `/api/communication_channels/channels/${encodeURIComponent(channelId)}`,
+    { token }
+  ).catch(() => void 0);
+}
+export {
+  deleteChannelIfExists,
+  isChannelSeedingAvailable,
+  seedConnectedChannel,
+  seedInboundMessage
+};
+//# sourceMappingURL=communicationChannelsFixtures.js.map

package/dist/helpers/integration/communicationChannelsFixtures.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/helpers/integration/communicationChannelsFixtures.ts"],
+  "sourcesContent": ["import { expect, type APIRequestContext } from '@playwright/test';\nimport { apiRequest } from './api';\nimport { expectId, readJsonSafe } from './generalFixtures';\n\n/**\n * Communication-channels integration fixtures.\n *\n * These drive the TEST-ONLY seed endpoint `POST /api/communication_channels/test-seed`,\n * which is gated by `OM_ENABLE_TEST_CHANNEL_SEEDING` (inert/404 in production). Use\n * {@link isChannelSeedingAvailable} to skip tests when the gate is off rather than\n * failing them.\n */\n\nexport type SeedAddressField =\n  | string\n  | { address: string; name?: string }\n  | Array<string | { address: string; name?: string }>;\n\nconst TEST_SEED_PATH = '/api/communication_channels/test-seed';\n\n/**\n * Probe whether the env-gated test-seed endpoint is enabled in the target app.\n * Returns false when the route answers 404 (flag off) so callers can `test.skip`.\n * The caller's token must hold `communication_channels.connect_user_channel`.\n */\nexport async function isChannelSeedingAvailable(\n  request: APIRequestContext,\n  token: string,\n): Promise<boolean> {\n  // A malformed body returns 422 when the gate is ON and 404 when it is OFF.\n  const response = await apiRequest(request, 'POST', TEST_SEED_PATH, {\n    token,\n    data: { action: '__probe__' },\n  });\n  return response.status() !== 404;\n}\n\n/**\n * Seed a connected, network-free `__test_seed__` channel owned by the caller.\n * Returns the new channel id. Tear down with {@link deleteChannelIfExists}.\n */\nexport async function seedConnectedChannel(\n  request: APIRequestContext,\n  token: string,\n  input: { displayName?: string; externalIdentifier?: string } = {},\n): Promise<string> {\n  const response = await apiRequest(request, 'POST', TEST_SEED_PATH, {\n    token,\n    data: { action: 'connect-channel', ...input },\n  });\n  expect(\n    response.status(),\n    'POST /api/communication_channels/test-seed (connect-channel) should return 201',\n  ).toBe(201);\n  const body = await readJsonSafe<{ channelId?: string }>(response);\n  return expectId(body?.channelId, 'connect-channel response should include channelId');\n}\n\n/**\n * Seed an inbound `MessageChannelLink` for `channelId` and emit\n * `communication_channels.message.received` through the real event bus. The\n * persistent customers link-channel-message-received subscriber is enqueued to\n * the `events` queue \u2014 drain it with `drainIntegrationQueue('events')`.\n *\n * Returns the created link + message ids (the message id is the platform\n * `messages.message` id, usable as `messageThreadId` to thread a follow-up).\n */\nexport async function seedInboundMessage(\n  request: APIRequestContext,\n  token: string,\n  input: {\n    channelId: string;\n    from?: SeedAddressField;\n    to?: SeedAddressField;\n    cc?: SeedAddressField;\n    subject?: string;\n    bodyText?: string;\n    messageId?: string;\n    inReplyTo?: string;\n    references?: string[];\n    messageThreadId?: string;\n    providerKey?: string;\n  },\n): Promise<{ channelLinkId: string; messageId: string; conversationId: string }> {\n  const response = await apiRequest(request, 'POST', TEST_SEED_PATH, {\n    token,\n    data: { action: 'emit-inbound', ...input },\n  });\n  expect(\n    response.status(),\n    'POST /api/communication_channels/test-seed (emit-inbound) should return 201',\n  ).toBe(201);\n  const body = await readJsonSafe<{\n    channelLinkId?: string;\n    messageId?: string;\n    conversationId?: string;\n  }>(response);\n  return {\n    channelLinkId: expectId(body?.channelLinkId, 'emit-inbound response should include channelLinkId'),\n    messageId: expectId(body?.messageId, 'emit-inbound response should include messageId'),\n    conversationId: expectId(\n      body?.conversationId,\n      'emit-inbound response should include conversationId',\n    ),\n  };\n}\n\n/**\n * Best-effort delete of a seeded channel via the owner-scoped DELETE route.\n * Safe to call with a null id in `finally`.\n */\nexport async function deleteChannelIfExists(\n  request: APIRequestContext,\n  token: string | null,\n  channelId: string | null,\n): Promise<void> {\n  if (!token || !channelId) return;\n  await apiRequest(\n    request,\n    'DELETE',\n    `/api/communication_channels/channels/${encodeURIComponent(channelId)}`,\n    { token },\n  ).catch(() => undefined);\n}\n"],
+  "mappings": "AAAA,SAAS,cAAsC;AAC/C,SAAS,kBAAkB;AAC3B,SAAS,UAAU,oBAAoB;AAgBvC,MAAM,iBAAiB;AAOvB,eAAsB,0BACpB,SACA,OACkB;AAElB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,gBAAgB;AAAA,IACjE;AAAA,IACA,MAAM,EAAE,QAAQ,YAAY;AAAA,EAC9B,CAAC;AACD,SAAO,SAAS,OAAO,MAAM;AAC/B;AAMA,eAAsB,qBACpB,SACA,OACA,QAA+D,CAAC,GAC/C;AACjB,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,gBAAgB;AAAA,IACjE;AAAA,IACA,MAAM,EAAE,QAAQ,mBAAmB,GAAG,MAAM;AAAA,EAC9C,CAAC;AACD;AAAA,IACE,SAAS,OAAO;AAAA,IAChB;AAAA,EACF,EAAE,KAAK,GAAG;AACV,QAAM,OAAO,MAAM,aAAqC,QAAQ;AAChE,SAAO,SAAS,MAAM,WAAW,mDAAmD;AACtF;AAWA,eAAsB,mBACpB,SACA,OACA,OAa+E;AAC/E,QAAM,WAAW,MAAM,WAAW,SAAS,QAAQ,gBAAgB;AAAA,IACjE;AAAA,IACA,MAAM,EAAE,QAAQ,gBAAgB,GAAG,MAAM;AAAA,EAC3C,CAAC;AACD;AAAA,IACE,SAAS,OAAO;AAAA,IAChB;AAAA,EACF,EAAE,KAAK,GAAG;AACV,QAAM,OAAO,MAAM,aAIhB,QAAQ;AACX,SAAO;AAAA,IACL,eAAe,SAAS,MAAM,eAAe,oDAAoD;AAAA,IACjG,WAAW,SAAS,MAAM,WAAW,gDAAgD;AAAA,IACrF,gBAAgB;AAAA,MACd,MAAM;AAAA,MACN;AAAA,IACF;AAAA,EACF;AACF;AAMA,eAAsB,sBACpB,SACA,OACA,WACe;AACf,MAAI,CAAC,SAAS,CAAC,UAAW;AAC1B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,wCAAwC,mBAAmB,SAAS,CAAC;AAAA,IACrE,EAAE,MAAM;AAAA,EACV,EAAE,MAAM,MAAM,MAAS;AACzB;",
+  "names": []
+}

package/dist/modules/communication_channels/acl.js ADDED Viewed

@@ -0,0 +1,47 @@
+const features = [
+  { id: "communication_channels.view", title: "View communication channels", module: "communication_channels" },
+  { id: "communication_channels.manage", title: "Manage communication channels", module: "communication_channels" },
+  { id: "communication_channels.react", title: "React to channel messages", module: "communication_channels" },
+  { id: "communication_channels.assign", title: "Assign channel conversations", module: "communication_channels" },
+  /**
+   * Per-user channel ownership (added by the email integration spec).
+   *
+   * Gates the "Connect my mailbox" flow on the per-user profile page. Split from
+   * `communication_channels.manage` so policy can disable new linking while
+   * preserving existing accounts (e.g. during a security incident response).
+   * Default-granted to all roles in `setup.ts`.
+   */
+  { id: "communication_channels.connect_user_channel", title: "Connect own communication channel", module: "communication_channels" },
+  /**
+   * Reserved for a future v2 team-oversight capability. NOT consulted in v1:
+   * personal mailboxes (`CommunicationChannel.user_id` set) follow the strict
+   * owner-only privacy model, so this feature grants NO cross-user channel view.
+   * The admin channels list (`GET /api/communication_channels/channels`) returns
+   * `user_id IS NULL` rows only; personal mailboxes surface exclusively on the
+   * owner's profile page and are never exposed to admins/superadmins in v1.
+   * Granted to `superadmin` + `admin` only so the inert grant is in place ahead
+   * of the audited v2 oversight feature that will re-activate it.
+   */
+  { id: "communication_channels.admin", title: "Administer all communication channels (tenant-wide)", module: "communication_channels" },
+  /**
+   * Trigger the "Import history" job for a channel — fetch older messages
+   * the channel never saw at bootstrap (Spec B § Phase B6). Separate from
+   * `manage` so policy can gate bulk historical imports during quiet hours
+   * or cost-controlled rollouts while leaving normal channel CRUD open.
+   */
+  { id: "communication_channels.channel.import_history", title: "Import channel history", module: "communication_channels" },
+  /**
+   * Manage provider push delivery (Spec C — Gmail Pub/Sub push
+   * subscriptions). Gates the "Re-register push" operator button and any
+   * future push-status manipulation. Granted to admin + superadmin only —
+   * regular users don't need to think about whether mail arrives via
+   * push or polling, the system handles it.
+   */
+  { id: "communication_channels.channel.push.manage", title: "Manage push delivery", module: "communication_channels" }
+];
+var acl_default = features;
+export {
+  acl_default as default,
+  features
+};
+//# sourceMappingURL=acl.js.map

package/dist/modules/communication_channels/acl.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/communication_channels/acl.ts"],
+  "sourcesContent": ["export const features = [\n  { id: 'communication_channels.view', title: 'View communication channels', module: 'communication_channels' },\n  { id: 'communication_channels.manage', title: 'Manage communication channels', module: 'communication_channels' },\n  { id: 'communication_channels.react', title: 'React to channel messages', module: 'communication_channels' },\n  { id: 'communication_channels.assign', title: 'Assign channel conversations', module: 'communication_channels' },\n  /**\n   * Per-user channel ownership (added by the email integration spec).\n   *\n   * Gates the \"Connect my mailbox\" flow on the per-user profile page. Split from\n   * `communication_channels.manage` so policy can disable new linking while\n   * preserving existing accounts (e.g. during a security incident response).\n   * Default-granted to all roles in `setup.ts`.\n   */\n  { id: 'communication_channels.connect_user_channel', title: 'Connect own communication channel', module: 'communication_channels' },\n  /**\n   * Reserved for a future v2 team-oversight capability. NOT consulted in v1:\n   * personal mailboxes (`CommunicationChannel.user_id` set) follow the strict\n   * owner-only privacy model, so this feature grants NO cross-user channel view.\n   * The admin channels list (`GET /api/communication_channels/channels`) returns\n   * `user_id IS NULL` rows only; personal mailboxes surface exclusively on the\n   * owner's profile page and are never exposed to admins/superadmins in v1.\n   * Granted to `superadmin` + `admin` only so the inert grant is in place ahead\n   * of the audited v2 oversight feature that will re-activate it.\n   */\n  { id: 'communication_channels.admin', title: 'Administer all communication channels (tenant-wide)', module: 'communication_channels' },\n  /**\n   * Trigger the \"Import history\" job for a channel \u2014 fetch older messages\n   * the channel never saw at bootstrap (Spec B \u00A7 Phase B6). Separate from\n   * `manage` so policy can gate bulk historical imports during quiet hours\n   * or cost-controlled rollouts while leaving normal channel CRUD open.\n   */\n  { id: 'communication_channels.channel.import_history', title: 'Import channel history', module: 'communication_channels' },\n  /**\n   * Manage provider push delivery (Spec C \u2014 Gmail Pub/Sub push\n   * subscriptions). Gates the \"Re-register push\" operator button and any\n   * future push-status manipulation. Granted to admin + superadmin only \u2014\n   * regular users don't need to think about whether mail arrives via\n   * push or polling, the system handles it.\n   */\n  { id: 'communication_channels.channel.push.manage', title: 'Manage push delivery', module: 'communication_channels' },\n] as const\n\nexport default features\n"],
+  "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,EAAE,IAAI,+BAA+B,OAAO,+BAA+B,QAAQ,yBAAyB;AAAA,EAC5G,EAAE,IAAI,iCAAiC,OAAO,iCAAiC,QAAQ,yBAAyB;AAAA,EAChH,EAAE,IAAI,gCAAgC,OAAO,6BAA6B,QAAQ,yBAAyB;AAAA,EAC3G,EAAE,IAAI,iCAAiC,OAAO,gCAAgC,QAAQ,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS/G,EAAE,IAAI,+CAA+C,OAAO,qCAAqC,QAAQ,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWlI,EAAE,IAAI,gCAAgC,OAAO,uDAAuD,QAAQ,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOrI,EAAE,IAAI,iDAAiD,OAAO,0BAA0B,QAAQ,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQzH,EAAE,IAAI,8CAA8C,OAAO,wBAAwB,QAAQ,yBAAyB;AACtH;AAEA,IAAO,cAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/delete/channels/[id]/route.js ADDED Viewed

@@ -0,0 +1,133 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { CommunicationChannel } from "../../../../data/entities.js";
+import { ChannelAccessDeniedError, assertCanManageChannel } from "../../../../lib/access-control.js";
+import {
+  COMMUNICATION_CHANNELS_DELETE_CHANNEL_COMMAND_ID
+} from "../../../../commands/delete-channel.js";
+import { validateRouteMutationGuard } from "../../../../lib/route-mutation-guard.js";
+const metadata = {
+  path: "/communication_channels/channels/[id]",
+  DELETE: {
+    // Owner self-service: a user may disconnect their OWN personal mailbox
+    // (gated by `connect_user_channel`). Deleting a shared/tenant-wide channel
+    // still requires `manage` — enforced per channel type by
+    // `assertCanManageChannel` in the handler.
+    requireAuth: true,
+    requireFeatures: ["communication_channels.connect_user_channel"]
+  }
+};
+async function DELETE(req, context) {
+  const { id } = await context.params;
+  if (!z.string().uuid().safeParse(id).success) {
+    return NextResponse.json({ error: "Invalid channel id" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const em = container.resolve("em").fork();
+  const organizationId = auth.orgId ?? null;
+  const dscope = { tenantId: auth.tenantId, organizationId };
+  const channel = await findOneWithDecryption(
+    em,
+    CommunicationChannel,
+    {
+      id,
+      tenantId: auth.tenantId,
+      organizationId,
+      deletedAt: null
+    },
+    void 0,
+    dscope
+  );
+  if (!channel) {
+    return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+  }
+  let userFeatures = [];
+  try {
+    const rbac = container.resolve("rbacService");
+    const acl = await rbac.loadAcl(auth.sub, {
+      tenantId: auth.tenantId,
+      organizationId
+    });
+    userFeatures = acl?.isSuperAdmin ? ["*"] : Array.isArray(acl?.features) ? acl.features : [];
+  } catch {
+    userFeatures = [];
+  }
+  try {
+    assertCanManageChannel(
+      { userId: channel.userId },
+      auth.sub,
+      userFeatures,
+      "communication_channels.manage"
+    );
+  } catch (err) {
+    if (err instanceof ChannelAccessDeniedError) {
+      return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+    }
+    throw err;
+  }
+  const guard = await validateRouteMutationGuard({
+    container,
+    req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.channel",
+      resourceId: id,
+      operation: "delete"
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const commandBus = container.resolve("commandBus");
+  const input = {
+    channelId: id,
+    userId: auth.sub,
+    scope: { tenantId: auth.tenantId, organizationId }
+  };
+  const { result } = await commandBus.execute(
+    COMMUNICATION_CHANNELS_DELETE_CHANNEL_COMMAND_ID,
+    {
+      input,
+      ctx: {
+        container,
+        auth,
+        organizationScope: null,
+        selectedOrganizationId: organizationId,
+        organizationIds: organizationId ? [organizationId] : null
+      }
+    }
+  );
+  if (result.status !== "deleted") {
+    return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+  }
+  await guard.afterSuccess();
+  return new NextResponse(null, { status: 204 });
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    DELETE: {
+      summary: "Delete (soft-delete) a communication channel",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 204, description: "Channel deleted" },
+        { status: 400, description: "Invalid channel id" },
+        { status: 401, description: "Unauthorized" },
+        { status: 404, description: "Channel not found or not owned by current user" }
+      ]
+    }
+  }
+};
+var route_default = DELETE;
+export {
+  DELETE,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/delete/channels/[id]/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/communication_channels/api/delete/channels/%5Bid%5D/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { CommunicationChannel } from '../../../../data/entities'\nimport { ChannelAccessDeniedError, assertCanManageChannel } from '../../../../lib/access-control'\nimport {\n  COMMUNICATION_CHANNELS_DELETE_CHANNEL_COMMAND_ID,\n  type DeleteChannelInput,\n  type DeleteChannelResult,\n} from '../../../../commands/delete-channel'\nimport { validateRouteMutationGuard } from '../../../../lib/route-mutation-guard'\n\ntype RbacServiceLike = {\n  loadAcl: (\n    userId: string,\n    scope: { tenantId: string | null; organizationId: string | null },\n  ) => Promise<{ isSuperAdmin: boolean; features: string[]; organizations: string[] | null }>\n}\n\n/**\n * Soft-delete (remove) a communication channel.\n *\n * Per-user access guard: only the channel owner \u2014 or an admin holding\n * `communication_channels.admin` \u2014 may delete a channel. Non-owners get a 404\n * (existence masking), consistent with the other channel routes. The declarative\n * `communication_channels.manage` feature gates the route itself; deletion is a\n * management operation alongside disconnect/set-primary.\n */\nexport const metadata = {\n  path: '/communication_channels/channels/[id]',\n  DELETE: {\n    // Owner self-service: a user may disconnect their OWN personal mailbox\n    // (gated by `connect_user_channel`). Deleting a shared/tenant-wide channel\n    // still requires `manage` \u2014 enforced per channel type by\n    // `assertCanManageChannel` in the handler.\n    requireAuth: true,\n    requireFeatures: ['communication_channels.connect_user_channel'],\n  },\n}\n\ntype RouteContext = {\n  params: Promise<{ id: string }> | { id: string }\n}\n\nexport async function DELETE(req: Request, context: RouteContext): Promise<Response> {\n  const { id } = await context.params\n  if (!z.string().uuid().safeParse(id).success) {\n    return NextResponse.json({ error: 'Invalid channel id' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager).fork()\n  const organizationId = (auth as { orgId?: string | null }).orgId ?? null\n  const dscope = { tenantId: auth.tenantId as string, organizationId }\n\n  const channel = await findOneWithDecryption(\n    em,\n    CommunicationChannel,\n    {\n      id,\n      tenantId: auth.tenantId as string,\n      organizationId,\n      deletedAt: null,\n    },\n    undefined,\n    dscope,\n  )\n  if (!channel) {\n    return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n  }\n\n  let userFeatures: string[] = []\n  try {\n    const rbac = container.resolve('rbacService') as RbacServiceLike\n    const acl = await rbac.loadAcl(auth.sub as string, {\n      tenantId: auth.tenantId as string,\n      organizationId,\n    })\n    userFeatures = acl?.isSuperAdmin ? ['*'] : Array.isArray(acl?.features) ? acl.features : []\n  } catch {\n    userFeatures = []\n  }\n  try {\n    assertCanManageChannel(\n      { userId: (channel as { userId?: string | null }).userId },\n      auth.sub as string,\n      userFeatures,\n      'communication_channels.manage',\n    )\n  } catch (err) {\n    if (err instanceof ChannelAccessDeniedError) {\n      return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n    }\n    throw err\n  }\n\n  const guard = await validateRouteMutationGuard({\n    container,\n    req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.channel',\n      resourceId: id,\n      operation: 'delete',\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const commandBus = container.resolve('commandBus') as CommandBus\n  const input: DeleteChannelInput = {\n    channelId: id,\n    userId: auth.sub as string,\n    scope: { tenantId: auth.tenantId as string, organizationId },\n  }\n  const { result } = await commandBus.execute<DeleteChannelInput, DeleteChannelResult>(\n    COMMUNICATION_CHANNELS_DELETE_CHANNEL_COMMAND_ID,\n    {\n      input,\n      ctx: {\n        container,\n        auth: auth as never,\n        organizationScope: null,\n        selectedOrganizationId: organizationId,\n        organizationIds: organizationId ? [organizationId] : null,\n      },\n    },\n  )\n\n  // 'noop' (channel vanished between the load and the command) and 'not_owner'\n  // both map to 404 to avoid leaking ownership/existence.\n  if (result.status !== 'deleted') {\n    return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n  }\n  await guard.afterSuccess()\n  return new NextResponse(null, { status: 204 })\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    DELETE: {\n      summary: 'Delete (soft-delete) a communication channel',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 204, description: 'Channel deleted' },\n        { status: 400, description: 'Invalid channel id' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 404, description: 'Channel not found or not owned by current user' },\n      ],\n    },\n  },\n}\n\nexport default DELETE\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,6BAA6B;AACtC,SAAS,4BAA4B;AACrC,SAAS,0BAA0B,8BAA8B;AACjE;AAAA,EACE;AAAA,OAGK;AACP,SAAS,kCAAkC;AAkBpC,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAKN,aAAa;AAAA,IACb,iBAAiB,CAAC,6CAA6C;AAAA,EACjE;AACF;AAMA,eAAsB,OAAO,KAAc,SAA0C;AACnF,QAAM,EAAE,GAAG,IAAI,MAAM,QAAQ;AAC7B,MAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,SAAS;AAC5C,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3E;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,QAAM,iBAAkB,KAAmC,SAAS;AACpE,QAAM,SAAS,EAAE,UAAU,KAAK,UAAoB,eAAe;AAEnE,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA,UAAU,KAAK;AAAA,MACf;AAAA,MACA,WAAW;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,CAAC,SAAS;AACZ,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAEA,MAAI,eAAyB,CAAC;AAC9B,MAAI;AACF,UAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,UAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAe;AAAA,MACjD,UAAU,KAAK;AAAA,MACf;AAAA,IACF,CAAC;AACD,mBAAe,KAAK,eAAe,CAAC,GAAG,IAAI,MAAM,QAAQ,KAAK,QAAQ,IAAI,IAAI,WAAW,CAAC;AAAA,EAC5F,QAAQ;AACN,mBAAe,CAAC;AAAA,EAClB;AACA,MAAI;AACF;AAAA,MACE,EAAE,QAAS,QAAuC,OAAO;AAAA,MACzD,KAAK;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,QAAI,eAAe,0BAA0B;AAC3C,aAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC1E;AACA,UAAM;AAAA,EACR;AAEA,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,WAAW;AAAA,IACb;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,QAAM,QAA4B;AAAA,IAChC,WAAW;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,OAAO,EAAE,UAAU,KAAK,UAAoB,eAAe;AAAA,EAC7D;AACA,QAAM,EAAE,OAAO,IAAI,MAAM,WAAW;AAAA,IAClC;AAAA,IACA;AAAA,MACE;AAAA,MACA,KAAK;AAAA,QACH;AAAA,QACA;AAAA,QACA,mBAAmB;AAAA,QACnB,wBAAwB;AAAA,QACxB,iBAAiB,iBAAiB,CAAC,cAAc,IAAI;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AAIA,MAAI,OAAO,WAAW,WAAW;AAC/B,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AACA,QAAM,MAAM,aAAa;AACzB,SAAO,IAAI,aAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAC/C;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,kBAAkB;AAAA,QAC9C,EAAE,QAAQ,KAAK,aAAa,qBAAqB;AAAA,QACjD,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,iDAAiD;AAAA,MAC/E;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/delete/messages/[messageId]/reactions/[reactionId]/route.js ADDED Viewed

@@ -0,0 +1,113 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import {
+  COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID
+} from "../../../../../../commands/toggle-outbound-reaction.js";
+import { MessageReaction } from "../../../../../../data/entities.js";
+import { validateRouteMutationGuard } from "../../../../../../lib/route-mutation-guard.js";
+const metadata = {
+  path: "/communication_channels/messages/[messageId]/reactions/[reactionId]",
+  DELETE: {
+    requireAuth: true,
+    requireFeatures: ["communication_channels.react"]
+  }
+};
+async function DELETE(_req, context) {
+  const { messageId, reactionId } = await context.params;
+  if (!messageId || !reactionId || !z.string().uuid().safeParse(messageId).success || !z.string().uuid().safeParse(reactionId).success) {
+    return NextResponse.json({ error: "Invalid params" }, { status: 400 });
+  }
+  const auth = context.auth;
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const em = container.resolve("em").fork();
+  const reaction = await findOneWithDecryption(
+    em,
+    MessageReaction,
+    {
+      id: reactionId,
+      messageId,
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId ?? null
+    },
+    void 0,
+    { tenantId: auth.tenantId, organizationId: auth.orgId ?? null }
+  );
+  if (!reaction) {
+    return NextResponse.json({ error: "Reaction not found" }, { status: 404 });
+  }
+  const guard = await validateRouteMutationGuard({
+    container,
+    req: _req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.message",
+      resourceId: messageId,
+      operation: "custom",
+      mutationPayload: { reactionId, emoji: reaction.emoji, action: "remove" }
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const commandBus = container.resolve("commandBus");
+  const input = {
+    messageId,
+    emoji: reaction.emoji,
+    action: "remove",
+    reactionId,
+    reactedByUserId: auth.sub,
+    scope: {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId ?? null
+    }
+  };
+  const { result } = await commandBus.execute(COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID, {
+    input,
+    ctx: {
+      container,
+      auth,
+      organizationScope: null,
+      selectedOrganizationId: auth.orgId ?? null,
+      organizationIds: auth.orgId ? [auth.orgId] : null
+    }
+  });
+  if (result.status === "noop") {
+    return NextResponse.json({ error: result.reason }, { status: 404 });
+  }
+  if (result.status === "not_owner") {
+    return NextResponse.json({ error: result.reason }, { status: 403 });
+  }
+  if (result.status === "no_channel_link") {
+    return NextResponse.json({ error: result.reason }, { status: 409 });
+  }
+  await guard.afterSuccess();
+  return new NextResponse(null, { status: 204 });
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    DELETE: {
+      summary: "Remove a reaction from a channel-linked message",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 204, description: "Reaction removed" },
+        { status: 400, description: "Invalid params" },
+        { status: 401, description: "Unauthorized" },
+        { status: 403, description: "Channel is owned by another user" },
+        { status: 404, description: "Reaction not found or not owned by current user" },
+        { status: 409, description: "Message not channel-linked" }
+      ]
+    }
+  }
+};
+var route_default = DELETE;
+export {
+  DELETE,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/delete/messages/[messageId]/reactions/[reactionId]/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../../src/modules/communication_channels/api/delete/messages/%5BmessageId%5D/reactions/%5BreactionId%5D/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport {\n  COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID,\n  type ToggleOutboundReactionInput,\n  type ToggleOutboundReactionResult,\n} from '../../../../../../commands/toggle-outbound-reaction'\nimport { MessageReaction } from '../../../../../../data/entities'\nimport { validateRouteMutationGuard } from '../../../../../../lib/route-mutation-guard'\n\nexport const metadata = {\n  path: '/communication_channels/messages/[messageId]/reactions/[reactionId]',\n  DELETE: {\n    requireAuth: true,\n    requireFeatures: ['communication_channels.react'],\n  },\n}\n\ntype RouteContext = {\n  params: Promise<{ messageId: string; reactionId: string }> | { messageId: string; reactionId: string }\n  auth?: {\n    sub?: string\n    tenantId?: string\n    /**\n     * AuthContext (`packages/shared/src/lib/auth/server.ts`) exposes the\n     * selected organization as `orgId`, not `organizationId`. Round-2 F3 fix.\n     */\n    orgId?: string | null\n  } | null\n}\n\nexport async function DELETE(_req: Request, context: RouteContext): Promise<Response> {\n  const { messageId, reactionId } = await context.params\n  if (\n    !messageId ||\n    !reactionId ||\n    !z.string().uuid().safeParse(messageId).success ||\n    !z.string().uuid().safeParse(reactionId).success\n  ) {\n    return NextResponse.json({ error: 'Invalid params' }, { status: 400 })\n  }\n\n  const auth = context.auth\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager).fork()\n  const reaction = await findOneWithDecryption(\n    em,\n    MessageReaction,\n    {\n      id: reactionId,\n      messageId,\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId ?? null,\n    },\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId ?? null },\n  )\n  if (!reaction) {\n    return NextResponse.json({ error: 'Reaction not found' }, { status: 404 })\n  }\n\n  const guard = await validateRouteMutationGuard({\n    container,\n    req: _req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.message',\n      resourceId: messageId,\n      operation: 'custom',\n      mutationPayload: { reactionId, emoji: reaction.emoji, action: 'remove' },\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const commandBus = container.resolve('commandBus') as CommandBus\n  const input: ToggleOutboundReactionInput = {\n    messageId,\n    emoji: reaction.emoji,\n    action: 'remove',\n    reactionId,\n    reactedByUserId: auth.sub,\n    scope: {\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId ?? null,\n    },\n  }\n\n  const { result } = await commandBus.execute<\n    ToggleOutboundReactionInput,\n    ToggleOutboundReactionResult\n  >(COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID, {\n    input,\n    ctx: {\n      container,\n      auth: auth as never,\n      organizationScope: null,\n      selectedOrganizationId: auth.orgId ?? null,\n      organizationIds: auth.orgId ? [auth.orgId] : null,\n    },\n  })\n\n  if (result.status === 'noop') {\n    return NextResponse.json({ error: result.reason }, { status: 404 })\n  }\n  if (result.status === 'not_owner') {\n    // The command's ownership gate runs before the remove branch too \u2014 surface it\n    // as 403 (matching the POST reactions route) rather than a false 204 success.\n    return NextResponse.json({ error: result.reason }, { status: 403 })\n  }\n  if (result.status === 'no_channel_link') {\n    return NextResponse.json({ error: result.reason }, { status: 409 })\n  }\n  // 'removed'\n  await guard.afterSuccess()\n  return new NextResponse(null, { status: 204 })\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    DELETE: {\n      summary: 'Remove a reaction from a channel-linked message',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 204, description: 'Reaction removed' },\n        { status: 400, description: 'Invalid params' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 403, description: 'Channel is owned by another user' },\n        { status: 404, description: 'Reaction not found or not owned by current user' },\n        { status: 409, description: 'Message not channel-linked' },\n      ],\n    },\n  },\n}\nexport default DELETE\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AAGvC,SAAS,6BAA6B;AACtC;AAAA,EACE;AAAA,OAGK;AACP,SAAS,uBAAuB;AAChC,SAAS,kCAAkC;AAEpC,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,QAAQ;AAAA,IACN,aAAa;AAAA,IACb,iBAAiB,CAAC,8BAA8B;AAAA,EAClD;AACF;AAeA,eAAsB,OAAO,MAAe,SAA0C;AACpF,QAAM,EAAE,WAAW,WAAW,IAAI,MAAM,QAAQ;AAChD,MACE,CAAC,aACD,CAAC,cACD,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,SAAS,EAAE,WACxC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,UAAU,EAAE,SACzC;AACA,WAAO,aAAa,KAAK,EAAE,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvE;AAEA,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,QAAM,WAAW,MAAM;AAAA,IACrB;AAAA,IACA;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ;AAAA,MACA,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAAA,IACA;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,SAAS,KAAK;AAAA,EAChE;AACA,MAAI,CAAC,UAAU;AACb,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3E;AAEA,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA,KAAK;AAAA,IACL;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,iBAAiB,EAAE,YAAY,OAAO,SAAS,OAAO,QAAQ,SAAS;AAAA,IACzE;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,aAAa,UAAU,QAAQ,YAAY;AACjD,QAAM,QAAqC;AAAA,IACzC;AAAA,IACA,OAAO,SAAS;AAAA,IAChB,QAAQ;AAAA,IACR;AAAA,IACA,iBAAiB,KAAK;AAAA,IACtB,OAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAAA,EACF;AAEA,QAAM,EAAE,OAAO,IAAI,MAAM,WAAW,QAGlC,4DAA4D;AAAA,IAC5D;AAAA,IACA,KAAK;AAAA,MACH;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,MACnB,wBAAwB,KAAK,SAAS;AAAA,MACtC,iBAAiB,KAAK,QAAQ,CAAC,KAAK,KAAK,IAAI;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,aAAa;AAGjC,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,mBAAmB;AACvC,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AAEA,QAAM,MAAM,aAAa;AACzB,SAAO,IAAI,aAAa,MAAM,EAAE,QAAQ,IAAI,CAAC;AAC/C;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,iBAAiB;AAAA,QAC7C,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,mCAAmC;AAAA,QAC/D,EAAE,QAAQ,KAAK,aAAa,kDAAkD;AAAA,QAC9E,EAAE,QAAQ,KAAK,aAAa,6BAA6B;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AACF;AACA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/get/channels/[id]/health/route.js ADDED Viewed

@@ -0,0 +1,138 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { findOneWithDecryption, findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { CommunicationChannel, ExternalConversation, MessageChannelLink } from "../../../../../data/entities.js";
+import { ChannelAccessDeniedError, assertCanAccessChannel } from "../../../../../lib/access-control.js";
+const metadata = {
+  path: "/communication_channels/channels/[id]/health",
+  GET: { requireAuth: true, requireFeatures: ["communication_channels.view"] }
+};
+const WINDOW_HOURS = 24;
+const RECENT_FAILURES_LIMIT = 10;
+async function GET(req, context) {
+  const { id } = await context.params;
+  if (!z.string().uuid().safeParse(id).success) {
+    return NextResponse.json({ error: "Invalid channel id" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const em = container.resolve("em").fork();
+  const dscope = {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId ?? null
+  };
+  const channel = await findOneWithDecryption(
+    em,
+    CommunicationChannel,
+    { id, tenantId: auth.tenantId, organizationId: dscope.organizationId, deletedAt: null },
+    void 0,
+    dscope
+  );
+  if (!channel) {
+    return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+  }
+  let userFeatures = [];
+  try {
+    const rbac = container.resolve("rbacService");
+    const acl = await rbac.loadAcl(auth.sub, {
+      tenantId: auth.tenantId,
+      organizationId: dscope.organizationId
+    });
+    userFeatures = acl?.isSuperAdmin ? ["*"] : Array.isArray(acl?.features) ? acl.features : [];
+  } catch {
+    userFeatures = [];
+  }
+  try {
+    assertCanAccessChannel(channel, auth.sub, userFeatures);
+  } catch (err) {
+    if (err instanceof ChannelAccessDeniedError) {
+      return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+    }
+    throw err;
+  }
+  const conversations = await findWithDecryption(
+    em,
+    ExternalConversation,
+    { channelId: channel.id, tenantId: auth.tenantId },
+    void 0,
+    dscope
+  );
+  const conversationIds = conversations.map((c) => c.id).filter(Boolean);
+  let links = [];
+  let recentFailures = [];
+  if (conversationIds.length > 0) {
+    const since = new Date(Date.now() - WINDOW_HOURS * 60 * 60 * 1e3);
+    links = await findWithDecryption(
+      em,
+      MessageChannelLink,
+      {
+        externalConversationId: { $in: conversationIds },
+        tenantId: auth.tenantId,
+        createdAt: { $gte: since }
+      },
+      void 0,
+      dscope
+    );
+    recentFailures = await findWithDecryption(
+      em,
+      MessageChannelLink,
+      {
+        externalConversationId: { $in: conversationIds },
+        tenantId: auth.tenantId,
+        deliveryStatus: "failed"
+      },
+      { limit: RECENT_FAILURES_LIMIT, orderBy: { createdAt: "desc" } },
+      dscope
+    );
+  }
+  const counts = { sent: 0, delivered: 0, read: 0, failed: 0, pending: 0, queued: 0, other: 0 };
+  for (const link of links) {
+    const key = link.deliveryStatus;
+    if (key in counts) counts[key] += 1;
+    else counts.other += 1;
+  }
+  return NextResponse.json({
+    channelId: channel.id,
+    providerKey: channel.providerKey,
+    channelType: channel.channelType,
+    windowHours: WINDOW_HOURS,
+    counts,
+    totalsLast24h: links.length,
+    recentFailures: recentFailures.map((link) => ({
+      id: link.id,
+      messageId: link.messageId,
+      direction: link.direction,
+      createdAt: link.createdAt?.toISOString?.() ?? null,
+      lastError: link.channelMetadata?.lastError ?? null,
+      transient: link.channelMetadata?.transient ?? null
+    }))
+  });
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    GET: {
+      summary: "Snapshot of channel delivery health (last 24h)",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 200, description: "Health snapshot" },
+        { status: 400, description: "Invalid channel id" },
+        { status: 401, description: "Unauthorized" },
+        { status: 404, description: "Channel not found" }
+      ]
+    }
+  }
+};
+var route_default = GET;
+export {
+  GET,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map