npm - @open-mercato/core - Versions diffs - 0.6.5-develop.4384.1.ce2ec6eaaa → 0.6.5-develop.4397.1.9a65481757 - Mend

@open-mercato/core 0.6.5-develop.4384.1.ce2ec6eaaa → 0.6.5-develop.4397.1.9a65481757

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (533) hide show

package/dist/modules/communication_channels/api/post/channels/[id]/set-primary/route.js ADDED Viewed

@@ -0,0 +1,99 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import {
+  COMMUNICATION_CHANNELS_SET_PRIMARY_COMMAND_ID
+} from "../../../../../commands/set-primary-channel.js";
+import { validateRouteMutationGuard } from "../../../../../lib/route-mutation-guard.js";
+const metadata = {
+  path: "/communication_channels/channels/[id]/set-primary",
+  POST: {
+    // Owner self-service: every email user controls their own channels. The
+    // set-primary command enforces strict ownership (`not_owner` → 404), and
+    // "primary" only applies to per-user channels, so `connect_user_channel`
+    // is the correct gate (not `manage`).
+    requireAuth: true,
+    requireFeatures: ["communication_channels.connect_user_channel"]
+  }
+};
+async function POST(req, context) {
+  const { id } = await context.params;
+  if (!z.string().uuid().safeParse(id).success) {
+    return NextResponse.json({ error: "Invalid channel id" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const guard = await validateRouteMutationGuard({
+    container,
+    req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.channel",
+      resourceId: id,
+      operation: "custom",
+      mutationPayload: { isPrimary: true }
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const commandBus = container.resolve("commandBus");
+  const input = {
+    channelId: id,
+    userId: auth.sub,
+    scope: {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId ?? null
+    }
+  };
+  const { result } = await commandBus.execute(COMMUNICATION_CHANNELS_SET_PRIMARY_COMMAND_ID, {
+    input,
+    ctx: {
+      container,
+      auth,
+      organizationScope: null,
+      selectedOrganizationId: auth.orgId ?? null,
+      organizationIds: auth.orgId ? [auth.orgId] : null
+    }
+  });
+  if (result.status === "not_owner") {
+    return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+  }
+  if (result.status === "noop") {
+    return NextResponse.json({ channelId: id, isPrimary: true, unchanged: true }, { status: 200 });
+  }
+  await guard.afterSuccess();
+  return NextResponse.json(
+    {
+      channelId: result.channelId,
+      isPrimary: true,
+      previousPrimaryChannelId: result.previousPrimaryChannelId
+    },
+    { status: 200 }
+  );
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    POST: {
+      summary: "Mark a per-user channel as primary",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 200, description: "Channel set as primary (or already primary)" },
+        { status: 400, description: "Invalid channel id" },
+        { status: 401, description: "Unauthorized" },
+        { status: 404, description: "Channel not found or not owned by current user" }
+      ]
+    }
+  }
+};
+var route_default = POST;
+export {
+  POST,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/post/channels/[id]/set-primary/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/communication_channels/api/post/channels/%5Bid%5D/set-primary/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport {\n  COMMUNICATION_CHANNELS_SET_PRIMARY_COMMAND_ID,\n  type SetPrimaryChannelInput,\n  type SetPrimaryChannelResult,\n} from '../../../../../commands/set-primary-channel'\nimport { validateRouteMutationGuard } from '../../../../../lib/route-mutation-guard'\n\nexport const metadata = {\n  path: '/communication_channels/channels/[id]/set-primary',\n  POST: {\n    // Owner self-service: every email user controls their own channels. The\n    // set-primary command enforces strict ownership (`not_owner` \u2192 404), and\n    // \"primary\" only applies to per-user channels, so `connect_user_channel`\n    // is the correct gate (not `manage`).\n    requireAuth: true,\n    requireFeatures: ['communication_channels.connect_user_channel'],\n  },\n}\n\ntype RouteContext = {\n  params: Promise<{ id: string }> | { id: string }\n}\n\nexport async function POST(req: Request, context: RouteContext): Promise<Response> {\n  const { id } = await context.params\n  if (!z.string().uuid().safeParse(id).success) {\n    return NextResponse.json({ error: 'Invalid channel id' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const guard = await validateRouteMutationGuard({\n    container,\n    req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.channel',\n      resourceId: id,\n      operation: 'custom',\n      mutationPayload: { isPrimary: true },\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const commandBus = container.resolve('commandBus') as CommandBus\n\n  const input: SetPrimaryChannelInput = {\n    channelId: id,\n    userId: auth.sub as string,\n    scope: {\n      tenantId: auth.tenantId as string,\n      organizationId: (auth as { orgId?: string | null }).orgId ?? null,\n    },\n  }\n  const { result } = await commandBus.execute<\n    SetPrimaryChannelInput,\n    SetPrimaryChannelResult\n  >(COMMUNICATION_CHANNELS_SET_PRIMARY_COMMAND_ID, {\n    input,\n    ctx: {\n      container,\n      auth: auth as never,\n      organizationScope: null,\n      selectedOrganizationId: (auth as { orgId?: string | null }).orgId ?? null,\n      organizationIds: (auth as { orgId?: string | null }).orgId\n        ? [(auth as { orgId?: string | null }).orgId!]\n        : null,\n    },\n  })\n\n  // Non-ownership maps to 404 (existence masking), consistent with the other\n  // channel-scoped routes (GET [id], poll-now, import-history, test-send, DELETE).\n  if (result.status === 'not_owner') {\n    return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n  }\n  if (result.status === 'noop') {\n    return NextResponse.json({ channelId: id, isPrimary: true, unchanged: true }, { status: 200 })\n  }\n  await guard.afterSuccess()\n  return NextResponse.json(\n    {\n      channelId: result.channelId,\n      isPrimary: true,\n      previousPrimaryChannelId: result.previousPrimaryChannelId,\n    },\n    { status: 200 },\n  )\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    POST: {\n      summary: 'Mark a per-user channel as primary',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 200, description: 'Channel set as primary (or already primary)' },\n        { status: 400, description: 'Invalid channel id' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 404, description: 'Channel not found or not owned by current user' },\n      ],\n    },\n  },\n}\nexport default POST\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC;AAAA,EACE;AAAA,OAGK;AACP,SAAS,kCAAkC;AAEpC,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA,IAKJ,aAAa;AAAA,IACb,iBAAiB,CAAC,6CAA6C;AAAA,EACjE;AACF;AAMA,eAAsB,KAAK,KAAc,SAA0C;AACjF,QAAM,EAAE,GAAG,IAAI,MAAM,QAAQ;AAC7B,MAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,SAAS;AAC5C,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3E;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,iBAAiB,EAAE,WAAW,KAAK;AAAA,IACrC;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,aAAa,UAAU,QAAQ,YAAY;AAEjD,QAAM,QAAgC;AAAA,IACpC,WAAW;AAAA,IACX,QAAQ,KAAK;AAAA,IACb,OAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,gBAAiB,KAAmC,SAAS;AAAA,IAC/D;AAAA,EACF;AACA,QAAM,EAAE,OAAO,IAAI,MAAM,WAAW,QAGlC,+CAA+C;AAAA,IAC/C;AAAA,IACA,KAAK;AAAA,MACH;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,MACnB,wBAAyB,KAAmC,SAAS;AAAA,MACrE,iBAAkB,KAAmC,QACjD,CAAE,KAAmC,KAAM,IAC3C;AAAA,IACN;AAAA,EACF,CAAC;AAID,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AACA,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,aAAa,KAAK,EAAE,WAAW,IAAI,WAAW,MAAM,WAAW,KAAK,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC/F;AACA,QAAM,MAAM,aAAa;AACzB,SAAO,aAAa;AAAA,IAClB;AAAA,MACE,WAAW,OAAO;AAAA,MAClB,WAAW;AAAA,MACX,0BAA0B,OAAO;AAAA,IACnC;AAAA,IACA,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,8CAA8C;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,qBAAqB;AAAA,QACjD,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,iDAAiD;AAAA,MAC/E;AAAA,IACF;AAAA,EACF;AACF;AACA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/post/channels/[id]/test-send/route.js ADDED Viewed

@@ -0,0 +1,197 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { readJsonSafe } from "@open-mercato/shared/lib/http/readJsonSafe";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { CommunicationChannel } from "../../../../../data/entities.js";
+import { getChannelAdapter } from "../../../../../lib/adapter-registry-singleton.js";
+import { ChannelAccessDeniedError, assertCanManageChannel } from "../../../../../lib/access-control.js";
+import { refreshCredentialsIfNeeded } from "../../../../../lib/credential-refresh.js";
+import { validateRouteMutationGuard } from "../../../../../lib/route-mutation-guard.js";
+const metadata = {
+  path: "/communication_channels/channels/[id]/test-send",
+  POST: {
+    // Owner self-service: a user may send a test from their OWN mailbox (gated
+    // by `connect_user_channel`). Test-sending from a shared/tenant-wide channel
+    // still requires `manage` — enforced per channel type by `assertCanManageChannel`.
+    requireAuth: true,
+    requireFeatures: ["communication_channels.connect_user_channel"]
+  }
+};
+const bodySchema = z.object({
+  to: z.string().email(),
+  subject: z.string().min(1).max(500).optional(),
+  body: z.string().max(5e4).optional()
+});
+async function POST(req, context) {
+  const { id } = await context.params;
+  if (!z.string().uuid().safeParse(id).success) {
+    return NextResponse.json({ error: "Invalid channel id" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  let body;
+  try {
+    body = bodySchema.parse(await readJsonSafe(req, null));
+  } catch (err) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Invalid request body" },
+      { status: 422 }
+    );
+  }
+  const container = await createRequestContainer();
+  const em = container.resolve("em").fork();
+  const organizationId = auth.orgId ?? null;
+  const dscope = { tenantId: auth.tenantId, organizationId };
+  const channel = await findOneWithDecryption(
+    em,
+    CommunicationChannel,
+    {
+      id,
+      tenantId: auth.tenantId,
+      organizationId,
+      deletedAt: null
+    },
+    void 0,
+    dscope
+  );
+  if (!channel) {
+    return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+  }
+  let userFeatures = [];
+  try {
+    const rbac = container.resolve("rbacService");
+    const acl = await rbac.loadAcl(auth.sub, {
+      tenantId: auth.tenantId,
+      organizationId
+    });
+    userFeatures = acl?.isSuperAdmin ? ["*"] : Array.isArray(acl?.features) ? acl.features : [];
+  } catch {
+    userFeatures = [];
+  }
+  try {
+    assertCanManageChannel(
+      { userId: channel.userId },
+      auth.sub,
+      userFeatures,
+      "communication_channels.manage"
+    );
+  } catch (err) {
+    if (err instanceof ChannelAccessDeniedError) {
+      return NextResponse.json({ error: "Channel not found" }, { status: 404 });
+    }
+    const status = err.statusCode ?? 403;
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Access denied" },
+      { status }
+    );
+  }
+  if (!channel.isActive || channel.status !== "connected") {
+    return NextResponse.json(
+      { error: `Channel is in status '${channel.status}' (not connected)` },
+      { status: 409 }
+    );
+  }
+  const guard = await validateRouteMutationGuard({
+    container,
+    req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.channel",
+      resourceId: channel.id,
+      operation: "custom",
+      mutationPayload: body
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const adapter = getChannelAdapter(channel.providerKey);
+  if (!adapter) {
+    return NextResponse.json(
+      { error: `No adapter registered for provider '${channel.providerKey}'` },
+      { status: 404 }
+    );
+  }
+  let credentials = {};
+  let credentialsService = null;
+  try {
+    credentialsService = container.resolve("integrationCredentialsService");
+  } catch {
+    credentialsService = null;
+  }
+  if (channel.credentialsRef && credentialsService) {
+    credentials = await credentialsService.resolve(`channel_${channel.providerKey}`, {
+      tenantId: auth.tenantId,
+      organizationId: organizationId ?? auth.tenantId,
+      userId: channel.userId ?? null
+    }).catch(() => null) ?? {};
+  }
+  const credentialScope = {
+    tenantId: auth.tenantId,
+    organizationId: organizationId ?? auth.tenantId,
+    userId: channel.userId ?? null
+  };
+  const refreshed = await refreshCredentialsIfNeeded(
+    {
+      adapter,
+      channelId: channel.id,
+      credentials,
+      scope: credentialScope
+    },
+    { credentialsService }
+  );
+  credentials = refreshed.credentials;
+  try {
+    const converted = await adapter.convertOutbound({
+      body: body.body ?? "Test message from Open Mercato",
+      bodyFormat: "text"
+    });
+    const result = await adapter.sendMessage({
+      content: converted.content,
+      credentials,
+      scope: {
+        tenantId: auth.tenantId,
+        organizationId: organizationId ?? auth.tenantId
+      },
+      metadata: { to: body.to, subject: body.subject ?? "Test send", testSend: true }
+    });
+    await guard.afterSuccess();
+    return NextResponse.json({
+      status: result.status,
+      externalMessageId: result.externalMessageId,
+      providerError: result.error ?? null
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "send failed";
+    return NextResponse.json({ status: "failed", error: message }, { status: 502 });
+  }
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    POST: {
+      summary: "Diagnostic \u2014 send a test message through the channel without persisting",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 200, description: "Test send result" },
+        { status: 400, description: "Invalid channel id" },
+        { status: 401, description: "Unauthorized" },
+        { status: 403, description: "Not allowed to manage this channel" },
+        { status: 404, description: "Channel or adapter not found" },
+        { status: 409, description: "Channel not connected" },
+        { status: 422, description: "Invalid request body" },
+        { status: 502, description: "Provider error" }
+      ]
+    }
+  }
+};
+var route_default = POST;
+export {
+  POST,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/post/channels/[id]/test-send/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/communication_channels/api/post/channels/%5Bid%5D/test-send/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { CommunicationChannel } from '../../../../../data/entities'\nimport { getChannelAdapter } from '../../../../../lib/adapter-registry-singleton'\nimport { ChannelAccessDeniedError, assertCanManageChannel } from '../../../../../lib/access-control'\nimport { refreshCredentialsIfNeeded } from '../../../../../lib/credential-refresh'\nimport { validateRouteMutationGuard } from '../../../../../lib/route-mutation-guard'\n\ntype RbacServiceLike = {\n  loadAcl: (\n    userId: string,\n    scope: { tenantId: string | null; organizationId: string | null },\n  ) => Promise<{ isSuperAdmin: boolean; features: string[]; organizations: string[] | null }>\n}\n\nexport const metadata = {\n  path: '/communication_channels/channels/[id]/test-send',\n  POST: {\n    // Owner self-service: a user may send a test from their OWN mailbox (gated\n    // by `connect_user_channel`). Test-sending from a shared/tenant-wide channel\n    // still requires `manage` \u2014 enforced per channel type by `assertCanManageChannel`.\n    requireAuth: true,\n    requireFeatures: ['communication_channels.connect_user_channel'],\n  },\n}\n\nconst bodySchema = z.object({\n  to: z.string().email(),\n  subject: z.string().min(1).max(500).optional(),\n  body: z.string().max(50_000).optional(),\n})\n\ntype RouteContext = {\n  params: Promise<{ id: string }> | { id: string }\n}\n\ntype CredentialsServiceLike = {\n  resolve: (\n    integrationId: string,\n    scope: { organizationId: string; tenantId: string; userId?: string | null },\n  ) => Promise<Record<string, unknown> | null>\n  save?: (\n    integrationId: string,\n    credentials: Record<string, unknown>,\n    scope: { organizationId: string; tenantId: string; userId?: string | null },\n  ) => Promise<void>\n}\n\n/**\n * Admin diagnostic \u2014 send a test message via the adapter without creating a\n * platform `Message`. Useful for verifying credentials + outbound connectivity\n * after a channel is configured.\n *\n * The result is NOT persisted to `ExternalMessage` / `MessageChannelLink` \u2014 it\n * is a one-shot probe.\n */\nexport async function POST(req: Request, context: RouteContext): Promise<Response> {\n  const { id } = await context.params\n  if (!z.string().uuid().safeParse(id).success) {\n    return NextResponse.json({ error: 'Invalid channel id' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  let body: z.infer<typeof bodySchema>\n  try {\n    body = bodySchema.parse(await readJsonSafe(req, null))\n  } catch (err) {\n    return NextResponse.json(\n      { error: err instanceof Error ? err.message : 'Invalid request body' },\n      { status: 422 },\n    )\n  }\n\n  const container = await createRequestContainer()\n  const em = (container.resolve('em') as EntityManager).fork()\n  const organizationId = (auth as { orgId?: string | null }).orgId ?? null\n  const dscope = { tenantId: auth.tenantId as string, organizationId }\n  const channel = await findOneWithDecryption(\n    em,\n    CommunicationChannel,\n    {\n      id,\n      tenantId: auth.tenantId as string,\n      organizationId,\n      deletedAt: null,\n    },\n    undefined,\n    dscope,\n  )\n  if (!channel) {\n    return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n  }\n  // Load features via RBAC service so admin bypass (`communication_channels.admin`,\n  // wildcards, super-admin) is honoured. The `auth` object from\n  // `getAuthFromRequest` carries identity only \u2014 feature ACLs live in the RBAC\n  // service and must be loaded per request.\n  let userFeatures: string[] = []\n  try {\n    const rbac = container.resolve('rbacService') as RbacServiceLike\n    const acl = await rbac.loadAcl(auth.sub as string, {\n      tenantId: auth.tenantId as string,\n      organizationId,\n    })\n    userFeatures = acl?.isSuperAdmin ? ['*'] : Array.isArray(acl?.features) ? acl.features : []\n  } catch {\n    userFeatures = []\n  }\n  try {\n    assertCanManageChannel(\n      { userId: channel.userId },\n      auth.sub as string,\n      userFeatures,\n      'communication_channels.manage',\n    )\n  } catch (err) {\n    if (err instanceof ChannelAccessDeniedError) {\n      return NextResponse.json({ error: 'Channel not found' }, { status: 404 })\n    }\n    const status = (err as { statusCode?: number }).statusCode ?? 403\n    return NextResponse.json(\n      { error: err instanceof Error ? err.message : 'Access denied' },\n      { status },\n    )\n  }\n  if (!channel.isActive || channel.status !== 'connected') {\n    return NextResponse.json(\n      { error: `Channel is in status '${channel.status}' (not connected)` },\n      { status: 409 },\n    )\n  }\n\n  const guard = await validateRouteMutationGuard({\n    container,\n    req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.channel',\n      resourceId: channel.id,\n      operation: 'custom',\n      mutationPayload: body as unknown as Record<string, unknown>,\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const adapter = getChannelAdapter(channel.providerKey)\n  if (!adapter) {\n    return NextResponse.json(\n      { error: `No adapter registered for provider '${channel.providerKey}'` },\n      { status: 404 },\n    )\n  }\n\n  // Resolve credentials + optionally refresh.\n  let credentials: Record<string, unknown> = {}\n  let credentialsService: CredentialsServiceLike | null = null\n  try {\n    credentialsService = container.resolve('integrationCredentialsService') as CredentialsServiceLike\n  } catch {\n    credentialsService = null\n  }\n  if (channel.credentialsRef && credentialsService) {\n    credentials =\n      (await credentialsService\n        .resolve(`channel_${channel.providerKey}`, {\n          tenantId: auth.tenantId as string,\n          organizationId: organizationId ?? (auth.tenantId as string),\n          userId: channel.userId ?? null,\n        })\n        .catch(() => null)) ?? {}\n  }\n  const credentialScope = {\n    tenantId: auth.tenantId as string,\n    organizationId: organizationId ?? (auth.tenantId as string),\n    userId: channel.userId ?? null,\n  }\n  const refreshed = await refreshCredentialsIfNeeded(\n    {\n      adapter,\n      channelId: channel.id,\n      credentials,\n      scope: credentialScope,\n    },\n    { credentialsService },\n  )\n  credentials = refreshed.credentials\n\n  try {\n    const converted = await adapter.convertOutbound({\n      body: body.body ?? 'Test message from Open Mercato',\n      bodyFormat: 'text',\n    })\n    const result = await adapter.sendMessage({\n      content: converted.content,\n      credentials,\n      scope: {\n        tenantId: auth.tenantId as string,\n        organizationId: organizationId ?? (auth.tenantId as string),\n      },\n      metadata: { to: body.to, subject: body.subject ?? 'Test send', testSend: true },\n    })\n    await guard.afterSuccess()\n    return NextResponse.json({\n      status: result.status,\n      externalMessageId: result.externalMessageId,\n      providerError: result.error ?? null,\n    })\n  } catch (err) {\n    const message = err instanceof Error ? err.message : 'send failed'\n    return NextResponse.json({ status: 'failed', error: message }, { status: 502 })\n  }\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    POST: {\n      summary: 'Diagnostic \u2014 send a test message through the channel without persisting',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 200, description: 'Test send result' },\n        { status: 400, description: 'Invalid channel id' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 403, description: 'Not allowed to manage this channel' },\n        { status: 404, description: 'Channel or adapter not found' },\n        { status: 409, description: 'Channel not connected' },\n        { status: 422, description: 'Invalid request body' },\n        { status: 502, description: 'Provider error' },\n      ],\n    },\n  },\n}\nexport default POST\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,oBAAoB;AAE7B,SAAS,6BAA6B;AACtC,SAAS,4BAA4B;AACrC,SAAS,yBAAyB;AAClC,SAAS,0BAA0B,8BAA8B;AACjE,SAAS,kCAAkC;AAC3C,SAAS,kCAAkC;AASpC,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,MAAM;AAAA;AAAA;AAAA;AAAA,IAIJ,aAAa;AAAA,IACb,iBAAiB,CAAC,6CAA6C;AAAA,EACjE;AACF;AAEA,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,IAAI,EAAE,OAAO,EAAE,MAAM;AAAA,EACrB,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,EAC7C,MAAM,EAAE,OAAO,EAAE,IAAI,GAAM,EAAE,SAAS;AACxC,CAAC;AA0BD,eAAsB,KAAK,KAAc,SAA0C;AACjF,QAAM,EAAE,GAAG,IAAI,MAAM,QAAQ;AAC7B,MAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,SAAS;AAC5C,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3E;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,WAAW,MAAM,MAAM,aAAa,KAAK,IAAI,CAAC;AAAA,EACvD,SAAS,KAAK;AACZ,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,uBAAuB;AAAA,MACrE,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,QAAM,iBAAkB,KAAmC,SAAS;AACpE,QAAM,SAAS,EAAE,UAAU,KAAK,UAAoB,eAAe;AACnE,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA,UAAU,KAAK;AAAA,MACf;AAAA,MACA,WAAW;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,CAAC,SAAS;AACZ,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAKA,MAAI,eAAyB,CAAC;AAC9B,MAAI;AACF,UAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,UAAM,MAAM,MAAM,KAAK,QAAQ,KAAK,KAAe;AAAA,MACjD,UAAU,KAAK;AAAA,MACf;AAAA,IACF,CAAC;AACD,mBAAe,KAAK,eAAe,CAAC,GAAG,IAAI,MAAM,QAAQ,KAAK,QAAQ,IAAI,IAAI,WAAW,CAAC;AAAA,EAC5F,QAAQ;AACN,mBAAe,CAAC;AAAA,EAClB;AACA,MAAI;AACF;AAAA,MACE,EAAE,QAAQ,QAAQ,OAAO;AAAA,MACzB,KAAK;AAAA,MACL;AAAA,MACA;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,QAAI,eAAe,0BAA0B;AAC3C,aAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC1E;AACA,UAAM,SAAU,IAAgC,cAAc;AAC9D,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,gBAAgB;AAAA,MAC9D,EAAE,OAAO;AAAA,IACX;AAAA,EACF;AACA,MAAI,CAAC,QAAQ,YAAY,QAAQ,WAAW,aAAa;AACvD,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,yBAAyB,QAAQ,MAAM,oBAAoB;AAAA,MACpE,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,WAAW;AAAA,MACX,iBAAiB;AAAA,IACnB;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,UAAU,kBAAkB,QAAQ,WAAW;AACrD,MAAI,CAAC,SAAS;AACZ,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,uCAAuC,QAAQ,WAAW,IAAI;AAAA,MACvE,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAGA,MAAI,cAAuC,CAAC;AAC5C,MAAI,qBAAoD;AACxD,MAAI;AACF,yBAAqB,UAAU,QAAQ,+BAA+B;AAAA,EACxE,QAAQ;AACN,yBAAqB;AAAA,EACvB;AACA,MAAI,QAAQ,kBAAkB,oBAAoB;AAChD,kBACG,MAAM,mBACJ,QAAQ,WAAW,QAAQ,WAAW,IAAI;AAAA,MACzC,UAAU,KAAK;AAAA,MACf,gBAAgB,kBAAmB,KAAK;AAAA,MACxC,QAAQ,QAAQ,UAAU;AAAA,IAC5B,CAAC,EACA,MAAM,MAAM,IAAI,KAAM,CAAC;AAAA,EAC9B;AACA,QAAM,kBAAkB;AAAA,IACtB,UAAU,KAAK;AAAA,IACf,gBAAgB,kBAAmB,KAAK;AAAA,IACxC,QAAQ,QAAQ,UAAU;AAAA,EAC5B;AACA,QAAM,YAAY,MAAM;AAAA,IACtB;AAAA,MACE;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,OAAO;AAAA,IACT;AAAA,IACA,EAAE,mBAAmB;AAAA,EACvB;AACA,gBAAc,UAAU;AAExB,MAAI;AACF,UAAM,YAAY,MAAM,QAAQ,gBAAgB;AAAA,MAC9C,MAAM,KAAK,QAAQ;AAAA,MACnB,YAAY;AAAA,IACd,CAAC;AACD,UAAM,SAAS,MAAM,QAAQ,YAAY;AAAA,MACvC,SAAS,UAAU;AAAA,MACnB;AAAA,MACA,OAAO;AAAA,QACL,UAAU,KAAK;AAAA,QACf,gBAAgB,kBAAmB,KAAK;AAAA,MAC1C;AAAA,MACA,UAAU,EAAE,IAAI,KAAK,IAAI,SAAS,KAAK,WAAW,aAAa,UAAU,KAAK;AAAA,IAChF,CAAC;AACD,UAAM,MAAM,aAAa;AACzB,WAAO,aAAa,KAAK;AAAA,MACvB,QAAQ,OAAO;AAAA,MACf,mBAAmB,OAAO;AAAA,MAC1B,eAAe,OAAO,SAAS;AAAA,IACjC,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,UAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,WAAO,aAAa,KAAK,EAAE,QAAQ,UAAU,OAAO,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChF;AACF;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,qBAAqB;AAAA,QACjD,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,qCAAqC;AAAA,QACjE,EAAE,QAAQ,KAAK,aAAa,+BAA+B;AAAA,QAC3D,EAAE,QAAQ,KAAK,aAAa,wBAAwB;AAAA,QACpD,EAAE,QAAQ,KAAK,aAAa,uBAAuB;AAAA,QACnD,EAAE,QAAQ,KAAK,aAAa,iBAAiB;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACF;AACA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/post/channels/connect/credentials/route.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { readJsonSafe } from "@open-mercato/shared/lib/http/readJsonSafe";
+import {
+  COMMUNICATION_CHANNELS_CONNECT_CREDENTIAL_CHANNEL_COMMAND_ID
+} from "../../../../../commands/connect-credential-channel.js";
+import { validateRouteMutationGuard } from "../../../../../lib/route-mutation-guard.js";
+const metadata = {
+  path: "/communication_channels/channels/connect/credentials",
+  POST: {
+    requireAuth: true,
+    requireFeatures: ["communication_channels.connect_user_channel"]
+  }
+};
+const bodySchema = z.object({
+  providerKey: z.string().min(1).max(64),
+  displayName: z.string().min(1).max(255),
+  credentials: z.record(z.string(), z.unknown()),
+  pollIntervalSeconds: z.number().int().positive().max(86400).optional()
+});
+async function POST(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  let body;
+  try {
+    const json = await readJsonSafe(req, null);
+    body = bodySchema.parse(json);
+  } catch (err) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Invalid request body" },
+      { status: 422 }
+    );
+  }
+  const container = await createRequestContainer();
+  const guard = await validateRouteMutationGuard({
+    container,
+    req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.channel",
+      resourceId: `new:${body.providerKey}`,
+      operation: "create",
+      mutationPayload: {
+        providerKey: body.providerKey,
+        displayName: body.displayName,
+        pollIntervalSeconds: body.pollIntervalSeconds
+      }
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const commandBus = container.resolve("commandBus");
+  const input = {
+    providerKey: body.providerKey,
+    displayName: body.displayName,
+    credentials: body.credentials,
+    pollIntervalSeconds: body.pollIntervalSeconds,
+    userId: auth.sub,
+    scope: {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId ?? null
+    }
+  };
+  const { result } = await commandBus.execute(COMMUNICATION_CHANNELS_CONNECT_CREDENTIAL_CHANNEL_COMMAND_ID, {
+    input,
+    ctx: {
+      container,
+      auth,
+      organizationScope: null,
+      selectedOrganizationId: auth.orgId ?? null,
+      organizationIds: auth.orgId ? [auth.orgId] : null
+    }
+  });
+  if (result.status === "no_adapter") {
+    return NextResponse.json({ error: result.reason }, { status: 404 });
+  }
+  if (result.status === "validation_failed") {
+    return NextResponse.json({ error: "Credential validation failed", fieldErrors: result.errors }, { status: 422 });
+  }
+  if (result.status === "duplicate_mailbox") {
+    return NextResponse.json(
+      {
+        error: `This mailbox is already connected via "${result.existingProviderKey}". Disconnect it there before connecting it again with a different provider.`,
+        code: "mailbox_already_connected"
+      },
+      { status: 409 }
+    );
+  }
+  await guard.afterSuccess();
+  return NextResponse.json(
+    {
+      channelId: result.channelId,
+      externalIdentifier: result.externalIdentifier
+    },
+    { status: 201 }
+  );
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    POST: {
+      summary: "Connect a credential-based per-user channel (IMAP/SMTP)",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 201, description: "Channel connected" },
+        { status: 401, description: "Unauthorized" },
+        { status: 404, description: "Unknown provider" },
+        { status: 409, description: "Mailbox already connected via another provider" },
+        { status: 422, description: "Invalid body or credential validation failed" }
+      ]
+    }
+  }
+};
+var route_default = POST;
+export {
+  POST,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/post/channels/connect/credentials/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/communication_channels/api/post/channels/connect/credentials/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport {\n  COMMUNICATION_CHANNELS_CONNECT_CREDENTIAL_CHANNEL_COMMAND_ID,\n  type ConnectCredentialChannelInput,\n  type ConnectCredentialChannelResult,\n} from '../../../../../commands/connect-credential-channel'\nimport { validateRouteMutationGuard } from '../../../../../lib/route-mutation-guard'\n\nexport const metadata = {\n  path: '/communication_channels/channels/connect/credentials',\n  POST: {\n    requireAuth: true,\n    requireFeatures: ['communication_channels.connect_user_channel'],\n  },\n}\n\nconst bodySchema = z.object({\n  providerKey: z.string().min(1).max(64),\n  displayName: z.string().min(1).max(255),\n  credentials: z.record(z.string(), z.unknown()),\n  pollIntervalSeconds: z.number().int().positive().max(86_400).optional(),\n})\n\nexport async function POST(req: Request): Promise<Response> {\n  const auth = await getAuthFromRequest(req)\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  let body: z.infer<typeof bodySchema>\n  try {\n    const json = await readJsonSafe(req, null)\n    body = bodySchema.parse(json)\n  } catch (err) {\n    return NextResponse.json(\n      { error: err instanceof Error ? err.message : 'Invalid request body' },\n      { status: 422 },\n    )\n  }\n\n  const container = await createRequestContainer()\n  const guard = await validateRouteMutationGuard({\n    container,\n    req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.channel',\n      resourceId: `new:${body.providerKey}`,\n      operation: 'create',\n      mutationPayload: {\n        providerKey: body.providerKey,\n        displayName: body.displayName,\n        pollIntervalSeconds: body.pollIntervalSeconds,\n      },\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const commandBus = container.resolve('commandBus') as CommandBus\n\n  const input: ConnectCredentialChannelInput = {\n    providerKey: body.providerKey,\n    displayName: body.displayName,\n    credentials: body.credentials,\n    pollIntervalSeconds: body.pollIntervalSeconds,\n    userId: auth.sub as string,\n    scope: {\n      tenantId: auth.tenantId as string,\n      organizationId: (auth as { orgId?: string | null }).orgId ?? null,\n    },\n  }\n  const { result } = await commandBus.execute<\n    ConnectCredentialChannelInput,\n    ConnectCredentialChannelResult\n  >(COMMUNICATION_CHANNELS_CONNECT_CREDENTIAL_CHANNEL_COMMAND_ID, {\n    input,\n    ctx: {\n      container,\n      auth: auth as never,\n      organizationScope: null,\n      selectedOrganizationId: (auth as { orgId?: string | null }).orgId ?? null,\n      organizationIds: (auth as { orgId?: string | null }).orgId\n        ? [(auth as { orgId?: string | null }).orgId!]\n        : null,\n    },\n  })\n\n  if (result.status === 'no_adapter') {\n    return NextResponse.json({ error: result.reason }, { status: 404 })\n  }\n  if (result.status === 'validation_failed') {\n    return NextResponse.json({ error: 'Credential validation failed', fieldErrors: result.errors }, { status: 422 })\n  }\n  if (result.status === 'duplicate_mailbox') {\n    return NextResponse.json(\n      {\n        error: `This mailbox is already connected via \"${result.existingProviderKey}\". Disconnect it there before connecting it again with a different provider.`,\n        code: 'mailbox_already_connected',\n      },\n      { status: 409 },\n    )\n  }\n  await guard.afterSuccess()\n  return NextResponse.json(\n    {\n      channelId: result.channelId,\n      externalIdentifier: result.externalIdentifier,\n    },\n    { status: 201 },\n  )\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    POST: {\n      summary: 'Connect a credential-based per-user channel (IMAP/SMTP)',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 201, description: 'Channel connected' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 404, description: 'Unknown provider' },\n        { status: 409, description: 'Mailbox already connected via another provider' },\n        { status: 422, description: 'Invalid body or credential validation failed' },\n      ],\n    },\n  },\n}\nexport default POST\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,oBAAoB;AAC7B;AAAA,EACE;AAAA,OAGK;AACP,SAAS,kCAAkC;AAEpC,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,MAAM;AAAA,IACJ,aAAa;AAAA,IACb,iBAAiB,CAAC,6CAA6C;AAAA,EACjE;AACF;AAEA,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,EACrC,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG;AAAA,EACtC,aAAa,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC;AAAA,EAC7C,qBAAqB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,KAAM,EAAE,SAAS;AACxE,CAAC;AAED,eAAsB,KAAK,KAAiC;AAC1D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACJ,MAAI;AACF,UAAM,OAAO,MAAM,aAAa,KAAK,IAAI;AACzC,WAAO,WAAW,MAAM,IAAI;AAAA,EAC9B,SAAS,KAAK;AACZ,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,uBAAuB;AAAA,MACrE,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY,OAAO,KAAK,WAAW;AAAA,MACnC,WAAW;AAAA,MACX,iBAAiB;AAAA,QACf,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,QAClB,qBAAqB,KAAK;AAAA,MAC5B;AAAA,IACF;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,aAAa,UAAU,QAAQ,YAAY;AAEjD,QAAM,QAAuC;AAAA,IAC3C,aAAa,KAAK;AAAA,IAClB,aAAa,KAAK;AAAA,IAClB,aAAa,KAAK;AAAA,IAClB,qBAAqB,KAAK;AAAA,IAC1B,QAAQ,KAAK;AAAA,IACb,OAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,gBAAiB,KAAmC,SAAS;AAAA,IAC/D;AAAA,EACF;AACA,QAAM,EAAE,OAAO,IAAI,MAAM,WAAW,QAGlC,8DAA8D;AAAA,IAC9D;AAAA,IACA,KAAK;AAAA,MACH;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,MACnB,wBAAyB,KAAmC,SAAS;AAAA,MACrE,iBAAkB,KAAmC,QACjD,CAAE,KAAmC,KAAM,IAC3C;AAAA,IACN;AAAA,EACF,CAAC;AAED,MAAI,OAAO,WAAW,cAAc;AAClC,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,qBAAqB;AACzC,WAAO,aAAa,KAAK,EAAE,OAAO,gCAAgC,aAAa,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjH;AACA,MAAI,OAAO,WAAW,qBAAqB;AACzC,WAAO,aAAa;AAAA,MAClB;AAAA,QACE,OAAO,0CAA0C,OAAO,mBAAmB;AAAA,QAC3E,MAAM;AAAA,MACR;AAAA,MACA,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACA,QAAM,MAAM,aAAa;AACzB,SAAO,aAAa;AAAA,IAClB;AAAA,MACE,WAAW,OAAO;AAAA,MAClB,oBAAoB,OAAO;AAAA,IAC7B;AAAA,IACA,EAAE,QAAQ,IAAI;AAAA,EAChB;AACF;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB;AAAA,QAChD,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,iDAAiD;AAAA,QAC7E,EAAE,QAAQ,KAAK,aAAa,+CAA+C;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AACF;AACA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/communication_channels/api/post/messages/[messageId]/reactions/route.js ADDED Viewed

@@ -0,0 +1,120 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { readJsonSafe } from "@open-mercato/shared/lib/http/readJsonSafe";
+import {
+  COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID
+} from "../../../../../commands/toggle-outbound-reaction.js";
+import { validateRouteMutationGuard } from "../../../../../lib/route-mutation-guard.js";
+const bodySchema = z.object({
+  emoji: z.string().min(1).max(64)
+});
+const metadata = {
+  path: "/communication_channels/messages/[messageId]/reactions",
+  POST: {
+    requireAuth: true,
+    requireFeatures: ["communication_channels.react"]
+  }
+};
+async function POST(req, context) {
+  const { messageId } = await context.params;
+  if (!messageId || !z.string().uuid().safeParse(messageId).success) {
+    return NextResponse.json({ error: "Invalid messageId" }, { status: 400 });
+  }
+  const auth = context.auth;
+  if (!auth?.sub || !auth?.tenantId) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  let body;
+  try {
+    const json = await readJsonSafe(req, null);
+    body = bodySchema.parse(json);
+  } catch (err) {
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Invalid request body" },
+      { status: 422 }
+    );
+  }
+  const container = await createRequestContainer();
+  const guard = await validateRouteMutationGuard({
+    container,
+    req,
+    auth,
+    input: {
+      resourceKind: "communication_channels.message",
+      resourceId: messageId,
+      operation: "custom",
+      mutationPayload: body
+    }
+  });
+  if ("response" in guard) return guard.response;
+  const commandBus = container.resolve("commandBus");
+  const input = {
+    messageId,
+    emoji: body.emoji,
+    action: "add",
+    reactedByUserId: auth.sub,
+    scope: {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId ?? null
+    }
+  };
+  const { result } = await commandBus.execute(COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID, {
+    input,
+    ctx: {
+      container,
+      auth,
+      organizationScope: null,
+      selectedOrganizationId: auth.orgId ?? null,
+      organizationIds: auth.orgId ? [auth.orgId] : null
+    }
+  });
+  if (result.status === "no_channel_link") {
+    return NextResponse.json({ error: result.reason }, { status: 409 });
+  }
+  if (result.status === "not_owner") {
+    return NextResponse.json({ error: result.reason }, { status: 403 });
+  }
+  if (result.status === "noop") {
+    return NextResponse.json({ error: result.reason }, { status: 409 });
+  }
+  if (result.status === "added") {
+    await guard.afterSuccess();
+    return NextResponse.json(
+      {
+        id: result.reactionId,
+        messageId: result.messageId,
+        emoji: result.emoji,
+        replaced: result.replaced,
+        enqueued: result.enqueued
+      },
+      { status: 201 }
+    );
+  }
+  return NextResponse.json({ error: "Unexpected result" }, { status: 500 });
+}
+const openApi = {
+  tags: ["CommunicationChannels"],
+  methods: {
+    POST: {
+      summary: "Add a reaction to a channel-linked message",
+      tags: ["CommunicationChannels"],
+      responses: [
+        { status: 201, description: "Reaction added" },
+        { status: 400, description: "Invalid messageId" },
+        { status: 401, description: "Unauthorized" },
+        { status: 403, description: "Channel is owned by another user" },
+        { status: 409, description: "Message not channel-linked or duplicate reaction" },
+        { status: 422, description: "Invalid request body" }
+      ]
+    }
+  }
+};
+var route_default = POST;
+export {
+  POST,
+  route_default as default,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/communication_channels/api/post/messages/[messageId]/reactions/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/communication_channels/api/post/messages/%5BmessageId%5D/reactions/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { CommandBus } from '@open-mercato/shared/lib/commands'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport {\n  COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID,\n  type ToggleOutboundReactionInput,\n  type ToggleOutboundReactionResult,\n} from '../../../../../commands/toggle-outbound-reaction'\nimport { validateRouteMutationGuard } from '../../../../../lib/route-mutation-guard'\n\nconst bodySchema = z.object({\n  emoji: z.string().min(1).max(64),\n})\n\nexport const metadata = {\n  path: '/communication_channels/messages/[messageId]/reactions',\n  POST: {\n    requireAuth: true,\n    requireFeatures: ['communication_channels.react'],\n  },\n}\n\ntype RouteContext = {\n  params: Promise<{ messageId: string }> | { messageId: string }\n  auth?: {\n    sub?: string\n    tenantId?: string\n    /**\n     * AuthContext (`packages/shared/src/lib/auth/server.ts`) exposes the\n     * selected organization as `orgId`, not `organizationId`. Round-2 F3 fix.\n     */\n    orgId?: string | null\n  } | null\n}\n\nexport async function POST(req: Request, context: RouteContext): Promise<Response> {\n  const { messageId } = await context.params\n  if (!messageId || !z.string().uuid().safeParse(messageId).success) {\n    return NextResponse.json({ error: 'Invalid messageId' }, { status: 400 })\n  }\n\n  const auth = context.auth\n  if (!auth?.sub || !auth?.tenantId) {\n    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  }\n\n  let body: z.infer<typeof bodySchema>\n  try {\n    const json = await readJsonSafe(req, null)\n    body = bodySchema.parse(json)\n  } catch (err) {\n    return NextResponse.json(\n      { error: err instanceof Error ? err.message : 'Invalid request body' },\n      { status: 422 },\n    )\n  }\n\n  const container = await createRequestContainer()\n  const guard = await validateRouteMutationGuard({\n    container,\n    req,\n    auth,\n    input: {\n      resourceKind: 'communication_channels.message',\n      resourceId: messageId,\n      operation: 'custom',\n      mutationPayload: body,\n    },\n  })\n  if ('response' in guard) return guard.response\n\n  const commandBus = container.resolve('commandBus') as CommandBus\n\n  const input: ToggleOutboundReactionInput = {\n    messageId,\n    emoji: body.emoji,\n    action: 'add',\n    reactedByUserId: auth.sub,\n    scope: {\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId ?? null,\n    },\n  }\n  const { result } = await commandBus.execute<\n    ToggleOutboundReactionInput,\n    ToggleOutboundReactionResult\n  >(COMMUNICATION_CHANNELS_TOGGLE_OUTBOUND_REACTION_COMMAND_ID, {\n    input,\n    ctx: {\n      container,\n      auth: auth as never,\n      organizationScope: null,\n      selectedOrganizationId: auth.orgId ?? null,\n      organizationIds: auth.orgId ? [auth.orgId] : null,\n    },\n  })\n\n  if (result.status === 'no_channel_link') {\n    return NextResponse.json({ error: result.reason }, { status: 409 })\n  }\n  if (result.status === 'not_owner') {\n    // Reacting would send from another user's connected account \u2014 refuse.\n    return NextResponse.json({ error: result.reason }, { status: 403 })\n  }\n  if (result.status === 'noop') {\n    return NextResponse.json({ error: result.reason }, { status: 409 })\n  }\n  if (result.status === 'added') {\n    await guard.afterSuccess()\n    return NextResponse.json(\n      {\n        id: result.reactionId,\n        messageId: result.messageId,\n        emoji: result.emoji,\n        replaced: result.replaced,\n        enqueued: result.enqueued,\n      },\n      { status: 201 },\n    )\n  }\n  return NextResponse.json({ error: 'Unexpected result' }, { status: 500 })\n}\n\nexport const openApi = {\n  tags: ['CommunicationChannels'],\n  methods: {\n    POST: {\n      summary: 'Add a reaction to a channel-linked message',\n      tags: ['CommunicationChannels'],\n      responses: [\n        { status: 201, description: 'Reaction added' },\n        { status: 400, description: 'Invalid messageId' },\n        { status: 401, description: 'Unauthorized' },\n        { status: 403, description: 'Channel is owned by another user' },\n        { status: 409, description: 'Message not channel-linked or duplicate reaction' },\n        { status: 422, description: 'Invalid request body' },\n      ],\n    },\n  },\n}\nexport default POST\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AAEvC,SAAS,oBAAoB;AAC7B;AAAA,EACE;AAAA,OAGK;AACP,SAAS,kCAAkC;AAE3C,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AACjC,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,MAAM;AAAA,EACN,MAAM;AAAA,IACJ,aAAa;AAAA,IACb,iBAAiB,CAAC,8BAA8B;AAAA,EAClD;AACF;AAeA,eAAsB,KAAK,KAAc,SAA0C;AACjF,QAAM,EAAE,UAAU,IAAI,MAAM,QAAQ;AACpC,MAAI,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,SAAS,EAAE,SAAS;AACjE,WAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1E;AAEA,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,UAAU;AACjC,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACJ,MAAI;AACF,UAAM,OAAO,MAAM,aAAa,KAAK,IAAI;AACzC,WAAO,WAAW,MAAM,IAAI;AAAA,EAC9B,SAAS,KAAK;AACZ,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,eAAe,QAAQ,IAAI,UAAU,uBAAuB;AAAA,MACrE,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,QAAQ,MAAM,2BAA2B;AAAA,IAC7C;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACL,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,iBAAiB;AAAA,IACnB;AAAA,EACF,CAAC;AACD,MAAI,cAAc,MAAO,QAAO,MAAM;AAEtC,QAAM,aAAa,UAAU,QAAQ,YAAY;AAEjD,QAAM,QAAqC;AAAA,IACzC;AAAA,IACA,OAAO,KAAK;AAAA,IACZ,QAAQ;AAAA,IACR,iBAAiB,KAAK;AAAA,IACtB,OAAO;AAAA,MACL,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAAA,EACF;AACA,QAAM,EAAE,OAAO,IAAI,MAAM,WAAW,QAGlC,4DAA4D;AAAA,IAC5D;AAAA,IACA,KAAK;AAAA,MACH;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,MACnB,wBAAwB,KAAK,SAAS;AAAA,MACtC,iBAAiB,KAAK,QAAQ,CAAC,KAAK,KAAK,IAAI;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,MAAI,OAAO,WAAW,mBAAmB;AACvC,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,aAAa;AAEjC,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,aAAa,KAAK,EAAE,OAAO,OAAO,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACpE;AACA,MAAI,OAAO,WAAW,SAAS;AAC7B,UAAM,MAAM,aAAa;AACzB,WAAO,aAAa;AAAA,MAClB;AAAA,QACE,IAAI,OAAO;AAAA,QACX,WAAW,OAAO;AAAA,QAClB,OAAO,OAAO;AAAA,QACd,UAAU,OAAO;AAAA,QACjB,UAAU,OAAO;AAAA,MACnB;AAAA,MACA,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACA,SAAO,aAAa,KAAK,EAAE,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAC1E;AAEO,MAAM,UAAU;AAAA,EACrB,MAAM,CAAC,uBAAuB;AAAA,EAC9B,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,MAAM,CAAC,uBAAuB;AAAA,MAC9B,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iBAAiB;AAAA,QAC7C,EAAE,QAAQ,KAAK,aAAa,oBAAoB;AAAA,QAChD,EAAE,QAAQ,KAAK,aAAa,eAAe;AAAA,QAC3C,EAAE,QAAQ,KAAK,aAAa,mCAAmC;AAAA,QAC/D,EAAE,QAAQ,KAAK,aAAa,mDAAmD;AAAA,QAC/E,EAAE,QAAQ,KAAK,aAAa,uBAAuB;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AACF;AACA,IAAO,gBAAQ;",
+  "names": []
+}