@payez/next-mvp 3.0.0

package/dist/config/env.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.API_ENDPOINTS = exports.ENV_CONFIG = void 0;
+exports.ENV_CONFIG = {
+    CLIENT_ID: process.env.CLIENT_ID,
+    INTERNAL_URL: process.env.IDP_URL,
+    IDP_CLIENT_ID: (() => { const raw = process.env.NEXT_PUBLIC_IDP_CLIENT_ID || process.env.IDP_CLIENT_ID; const n = raw ? parseInt(raw, 10) : undefined; return Number.isFinite(n) ? n : undefined; })(),
+    IDP_URL: process.env.IDP_URL,
+    API_URL: process.env.IDP_URL,
+    PAYEZ_CORE_BASE_URL: process.env.NEXT_PUBLIC_PAYEZ_CORE_BASE_URL,
+    SUPPORT_EMAIL: 'support@PayEz.net',
+    LOG_LEVEL: process.env.LOG_LEVEL || 'info',
+    LOG_CONSOLE: process.env.LOG_CONSOLE === 'true' || process.env.NODE_ENV === 'development',
+    GRAYLOG_HOST: process.env.GRAYLOG_HOST || '10.6.10.5',
+    GRAYLOG_PORT: parseInt(process.env.GRAYLOG_PORT || '12201'),
+    // Redis key prefix for multi-tenant session isolation
+    // Each application should have a unique prefix to prevent session conflicts
+    // Example: 'cryptaply:', 'website-membership:', 'myapp:'
+    // Leave empty ('') for backward compatibility
+    REDIS_KEY_PREFIX: process.env.REDIS_KEY_PREFIX || '',
+    // Redirect URLs - configurable per-tenant
+    // LOGOUT_REDIRECT_URL: Where to redirect after logout (default: '/')
+    // UNAUTHENTICATED_REDIRECT_URL: Where to redirect unauthenticated users from root (default: '/account-auth/login')
+    LOGOUT_REDIRECT_URL: process.env.LOGOUT_REDIRECT_URL || '/',
+    UNAUTHENTICATED_REDIRECT_URL: process.env.UNAUTHENTICATED_REDIRECT_URL || '/account-auth/login',
+};
+exports.API_ENDPOINTS = {
+    account: {
+        profile: '/api/account/profile',
+        updateProfile: '/api/account/profile',
+        maskedInfo: '/api/account/masked-info',
+        sendResetCode: '/api/account/send-reset-code',
+        verifyResetCode: '/api/account/verify-reset-code',
+        resetPassword: '/api/account/reset-password',
+        changePassword: '/api/account/change-password',
+        validatePassword: '/api/account/validate-password'
+    },
+    externalAuth: {
+        login: '/api/ExternalAuth/login',
+        refresh: '/api/ExternalAuth/refresh',
+        validate: '/api/ExternalAuth/validate',
+        verifyCode: '/api/ExternalAuth/verify-code',
+        revoke: '/api/ExternalAuth/revoke',
+        roles: (username) => `/api/ExternalAuth/roles/${username}`,
+        jwks: '/api/ExternalAuth/.well-known/jwks.json',
+        openidConfig: '/api/ExternalAuth/.well-known/openid-configuration',
+        passwordless: {
+            sms: { start: '/api/ExternalAuth/passwordless/sms/start', login: '/api/ExternalAuth/passwordless/sms/login', resend: '/api/ExternalAuth/passwordless/sms/resend' },
+            email: { start: '/api/ExternalAuth/passwordless/email/start', login: '/api/ExternalAuth/passwordless/email/login', resend: '/api/ExternalAuth/passwordless/email/resend' }
+        },
+        lead: { registration: '/api/ExternalAuth/lead/registration', verify: '/api/ExternalAuth/lead/verify' }
+    },
+    progressiveAuth: {
+        step1: '/api/ProgressiveAuth/step1', step2: '/api/ProgressiveAuth/step2', step3: '/api/ProgressiveAuth/step3', step4: '/api/ProgressiveAuth/step4', step5: '/api/ProgressiveAuth/step5', verifyEmail: '/api/ProgressiveAuth/verify-email'
+    },
+    azureAuth: { login: '/auth/azure/login', logout: '/auth/azure/logout' }
+};

package/dist/config/logger.d.ts

@@ -0,0 +1,57 @@
+declare let logger: any;
+export declare const log: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    http: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export { logger };
+export declare const authLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const idpLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const apiLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const circuitBreakerLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const tokenLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const tokenSyncLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const tokenRefreshLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};
+export declare const redisLogger: {
+    error: (m: string, meta?: any) => any;
+    warn: (m: string, meta?: any) => any;
+    info: (m: string, meta?: any) => any;
+    debug: (m: string, meta?: any) => any;
+};

package/dist/config/logger.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redisLogger = exports.tokenRefreshLogger = exports.tokenSyncLogger = exports.tokenLogger = exports.circuitBreakerLogger = exports.apiLogger = exports.idpLogger = exports.authLogger = exports.logger = exports.log = void 0;
+const logging_config_1 = require("./logging-config");
+const vibe_log_transport_1 = require("./vibe-log-transport");
+let loggingConfig = (0, logging_config_1.getLoggingConfigSync)();
+(0, logging_config_1.startConfigWatching)();
+const isEdgeRuntime = () => {
+    return typeof globalThis.EdgeRuntime !== 'undefined' || process.env.NEXT_RUNTIME === 'edge';
+};
+const isBrowser = () => typeof window !== 'undefined';
+class EdgeLogger {
+    logLevel = loggingConfig.logLevel;
+    levelOrder = Object.keys(loggingConfig.levels);
+    shouldLog(level) { const currentLevelIndex = this.levelOrder.indexOf(this.logLevel); const messageLevelIndex = this.levelOrder.indexOf(level); return messageLevelIndex <= currentLevelIndex; }
+    format(level, message, meta) { const timestamp = new Date().toISOString(); const metaString = meta ? ` ${JSON.stringify(meta)}` : ''; return `[${timestamp}] ${level.toUpperCase()}: ${message}${metaString}`; }
+    error(m, meta) { if (this.shouldLog('error'))
+        console.error(this.format('error', m, meta)); }
+    warn(m, meta) { if (this.shouldLog('warn'))
+        console.warn(this.format('warn', m, meta)); }
+    info(m, meta) { if (this.shouldLog('info'))
+        console.info(this.format('info', m, meta)); }
+    http(m, meta) { if (this.shouldLog('http'))
+        console.log(this.format('http', m, meta)); }
+    debug(m, meta) { if (this.shouldLog('debug'))
+        console.debug(this.format('debug', m, meta)); }
+}
+const createLogger = () => {
+    if (isEdgeRuntime())
+        return new EdgeLogger();
+    if (isBrowser())
+        return { error: (m, meta) => console.error(m, meta), warn: (m, meta) => console.warn(m, meta), info: (m, meta) => console.info(m, meta), http: (m, meta) => console.log(m, meta), debug: (m, meta) => console.debug(m, meta) };
+    try {
+        const winston = require('winston');
+        const transports = [];
+        if (loggingConfig.console.enabled) {
+            transports.push(new winston.transports.Console({ format: winston.format.combine(winston.format.colorize({ all: true }), winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.printf(({ timestamp, level, message, ...meta }) => { const metaString = Object.keys(meta).length > 0 ? ` ${JSON.stringify(meta)}` : ''; return `[${timestamp}] ${level}: ${message}${metaString}`; })) }));
+        }
+        // Add Vibe log transport (sends warn/error to Redis for drain to Vibe)
+        const vibeTransport = (0, vibe_log_transport_1.createVibeLogTransport)({ minLevel: 'warn' });
+        if (vibeTransport) {
+            transports.push(vibeTransport);
+            console.log('[LOGGER] Vibe Redis transport ENABLED - logs will buffer to Redis');
+        }
+        else {
+            console.log('[LOGGER] Vibe Redis transport DISABLED - no REDIS_URL configured');
+        }
+        return winston.createLogger({ level: loggingConfig.logLevel, levels: loggingConfig.levels, format: winston.format.combine(winston.format.timestamp(), winston.format.errors({ stack: true }), winston.format.json()), transports, exitOnError: false });
+    }
+    catch (error) {
+        console.warn('Failed to initialize Winston logger, falling back to EdgeLogger:', error);
+        return new EdgeLogger();
+    }
+};
+let logger;
+if (!globalThis.process?.browser) {
+    exports.logger = logger = createLogger();
+    (0, logging_config_1.addConfigWatcher)((updatedConfig) => { loggingConfig = updatedConfig; if (logger && logger.level !== undefined) {
+        logger.level = loggingConfig.logLevel;
+    } });
+}
+else {
+    exports.logger = logger = console;
+}
+exports.log = { error: (m, meta) => logger.error(m, meta), warn: (m, meta) => logger.warn(m, meta), info: (m, meta) => logger.info(m, meta), http: (m, meta) => logger.http(m, meta), debug: (m, meta) => logger.debug(m, meta) };
+exports.authLogger = { error: (m, meta) => logger.error(`[AUTH] ${m}`, meta), warn: (m, meta) => logger.warn(`[AUTH] ${m}`, meta), info: (m, meta) => logger.info(`[AUTH] ${m}`, meta), debug: (m, meta) => logger.debug(`[AUTH] ${m}`, meta) };
+exports.idpLogger = { error: (m, meta) => logger.error(`[IDP] ${m}`, meta), warn: (m, meta) => logger.warn(`[IDP] ${m}`, meta), info: (m, meta) => logger.info(`[IDP] ${m}`, meta), debug: (m, meta) => logger.debug(`[IDP] ${m}`, meta) };
+exports.apiLogger = { error: (m, meta) => logger.error(`[API] ${m}`, meta), warn: (m, meta) => logger.warn(`[API] ${m}`, meta), info: (m, meta) => logger.info(`[API] ${m}`, meta), debug: (m, meta) => logger.debug(`[API] ${m}`, meta) };
+exports.circuitBreakerLogger = { error: (m, meta) => logger.error(`[CIRCUIT-BREAKER] ${m}`, meta), warn: (m, meta) => logger.warn(`[CIRCUIT-BREAKER] ${m}`, meta), info: (m, meta) => logger.info(`[CIRCUIT-BREAKER] ${m}`, meta), debug: (m, meta) => logger.debug(`[CIRCUIT-BREAKER] ${m}`, meta) };
+exports.tokenLogger = { error: (m, meta) => logger.error(`[TOKEN] ${m}`, meta), warn: (m, meta) => logger.warn(`[TOKEN] ${m}`, meta), info: (m, meta) => logger.info(`[TOKEN] ${m}`, meta), debug: (m, meta) => logger.debug(`[TOKEN] ${m}`, meta) };
+exports.tokenSyncLogger = { error: (m, meta) => logger.error(`[TOKEN-SYNC] ${m}`, meta), warn: (m, meta) => logger.warn(`[TOKEN-SYNC] ${m}`, meta), info: (m, meta) => logger.info(`[TOKEN-SYNC] ${m}`, meta), debug: (m, meta) => logger.debug(`[TOKEN-SYNC] ${m}`, meta) };
+exports.tokenRefreshLogger = { error: (m, meta) => logger.error(`[TOKEN-REFRESH] ${m}`, meta), warn: (m, meta) => logger.warn(`[TOKEN-REFRESH] ${m}`, meta), info: (m, meta) => logger.info(`[TOKEN-REFRESH] ${m}`, meta), debug: (m, meta) => logger.debug(`[TOKEN-REFRESH] ${m}`, meta) };
+exports.redisLogger = { error: (m, meta) => logger.error(`[REDIS] ${m}`, meta), warn: (m, meta) => logger.warn(`[REDIS] ${m}`, meta), info: (m, meta) => logger.info(`[REDIS] ${m}`, meta), debug: (m, meta) => logger.debug(`[REDIS] ${m}`, meta) };

package/dist/config/logging-config.d.ts

@@ -0,0 +1,30 @@
+import { LoggingConfig } from '../types/logging';
+declare class LoggingConfigManager {
+    private config;
+    private configPath;
+    private watchers;
+    private fileWatcher;
+    private isEdgeRuntime;
+    private isBrowser;
+    constructor();
+    loadConfig(): Promise<LoggingConfig>;
+    getConfig(): Promise<LoggingConfig>;
+    getConfigSync(): LoggingConfig;
+    startWatching(): void;
+    stopWatching(): void;
+    addWatcher(callback: (config: LoggingConfig) => void): void;
+    removeWatcher(callback: (config: LoggingConfig) => void): void;
+    private notifyWatchers;
+    private validateAndMergeConfig;
+    private validateLogLevel;
+    private getHostname;
+    private getDefaultConfig;
+}
+export declare const loggingConfigManager: LoggingConfigManager;
+export declare const getLoggingConfig: () => Promise<LoggingConfig>;
+export declare const getLoggingConfigSync: () => LoggingConfig;
+export declare const startConfigWatching: () => void;
+export declare const stopConfigWatching: () => void;
+export declare const addConfigWatcher: (callback: (config: LoggingConfig) => void) => void;
+export declare const removeConfigWatcher: (callback: (config: LoggingConfig) => void) => void;
+export {};

package/dist/config/logging-config.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.removeConfigWatcher = exports.addConfigWatcher = exports.stopConfigWatching = exports.startConfigWatching = exports.getLoggingConfigSync = exports.getLoggingConfig = exports.loggingConfigManager = void 0;
+const fs_1 = require("fs");
+const fs_2 = require("fs");
+const isEdgeRuntime = typeof globalThis.EdgeRuntime !== 'undefined' || process.env.NEXT_RUNTIME === 'edge';
+class LoggingConfigManager {
+    config = null;
+    configPath;
+    watchers = new Set();
+    fileWatcher = null;
+    isEdgeRuntime;
+    isBrowser;
+    constructor() {
+        this.isBrowser = typeof window !== 'undefined';
+        this.isEdgeRuntime = typeof globalThis.EdgeRuntime !== 'undefined' || process.env.NEXT_RUNTIME === 'edge';
+        if (this.isEdgeRuntime || this.isBrowser) {
+            this.configPath = '/config/logging.json';
+            this.config = this.getDefaultConfig();
+        }
+        else {
+            const cwd = process.cwd().replace(/\\/g, '/');
+            this.configPath = cwd + '/config/logging.json';
+        }
+    }
+    async loadConfig() {
+        if (this.isEdgeRuntime || this.isBrowser) {
+            if (!this.config) {
+                this.config = this.getDefaultConfig();
+            }
+            return this.config;
+        }
+        try {
+            const configContent = await fs_1.promises.readFile(this.configPath, 'utf-8');
+            const rawConfig = JSON.parse(configContent);
+            const config = this.validateAndMergeConfig(rawConfig);
+            this.config = config;
+            this.notifyWatchers(config);
+            return config;
+        }
+        catch (error) {
+            console.warn(`Failed to load logging config from ${this.configPath}:`, error);
+            return this.getDefaultConfig();
+        }
+    }
+    async getConfig() { if (!this.config) {
+        return await this.loadConfig();
+    } return this.config; }
+    getConfigSync() { return this.config || this.getDefaultConfig(); }
+    startWatching() { if (this.isEdgeRuntime || this.isBrowser) {
+        return;
+    } if (this.fileWatcher) {
+        return;
+    } try {
+        if (!(0, fs_2.existsSync)(this.configPath)) {
+            console.warn(`Logging config file not found at ${this.configPath} — watch disabled`);
+            return;
+        }
+        this.fileWatcher = (0, fs_2.watch)(this.configPath, { persistent: false }, (eventType) => { if (eventType === 'change') {
+            this.loadConfig().catch(console.error);
+        } });
+    }
+    catch (error) {
+        console.warn('Failed to start watching logging config file:', error);
+    } }
+    stopWatching() { if (this.isEdgeRuntime || this.isBrowser) {
+        return;
+    } if (this.fileWatcher) {
+        this.fileWatcher.close();
+        this.fileWatcher = null;
+    } }
+    addWatcher(callback) { this.watchers.add(callback); }
+    removeWatcher(callback) { this.watchers.delete(callback); }
+    notifyWatchers(config) { this.watchers.forEach(cb => { try {
+        cb(config);
+    }
+    catch (error) {
+        console.error('Error in logging config watcher:', error);
+    } }); }
+    validateAndMergeConfig(rawConfig) {
+        const defaults = this.getDefaultConfig();
+        const config = {
+            logLevel: this.validateLogLevel(rawConfig.logLevel) || this.validateLogLevel(process.env.LOG_LEVEL) || defaults.logLevel,
+            console: { enabled: rawConfig.console?.enabled ?? (process.env.LOG_CONSOLE === 'true' || process.env.NODE_ENV === 'development'), colors: rawConfig.console?.colors ?? defaults.console.colors },
+            graylog: { enabled: false, host: defaults.graylog.host, port: defaults.graylog.port, facility: defaults.graylog.facility, staticMeta: { ...defaults.graylog.staticMeta } },
+            components: { ...defaults.components, ...rawConfig.components },
+            levels: { ...defaults.levels, ...rawConfig.levels }
+        };
+        return config;
+    }
+    validateLogLevel(level) { const validLevels = ['error', 'warn', 'info', 'http', 'debug']; return validLevels.includes(level) ? level : null; }
+    getHostname() { if (this.isEdgeRuntime)
+        return 'edge-runtime'; if (this.isBrowser)
+        return 'browser-client'; try {
+        return require('os').hostname();
+    }
+    catch {
+        return 'unknown';
+    } }
+    getDefaultConfig() {
+        return {
+            logLevel: 'info',
+            console: { enabled: process.env.NODE_ENV === 'development', colors: true },
+            graylog: { enabled: false, host: '127.0.0.1', port: 12201, facility: 'next-mvp', staticMeta: { service: 'next-mvp', application: 'next-mvp', version: '1.0.0', environment: process.env.NODE_ENV || 'development', hostname: this.getHostname(), instance: process.env.NEXT_INSTANCE_ID || 'unknown' } },
+            components: { auth: { enabled: true, prefix: '[AUTH]' }, idp: { enabled: true, prefix: '[IDP]' }, api: { enabled: true, prefix: '[API]' }, circuitBreaker: { enabled: true, prefix: '[CIRCUIT-BREAKER]' }, token: { enabled: true, prefix: '[TOKEN]' }, tokenSync: { enabled: true, prefix: '[TOKEN-SYNC]' }, tokenRefresh: { enabled: true, prefix: '[TOKEN-REFRESH]' }, redis: { enabled: true, prefix: '[REDIS]' } },
+            levels: { error: 0, warn: 1, info: 2, http: 3, debug: 4 }
+        };
+    }
+}
+exports.loggingConfigManager = new LoggingConfigManager();
+const getLoggingConfig = () => exports.loggingConfigManager.getConfig();
+exports.getLoggingConfig = getLoggingConfig;
+const getLoggingConfigSync = () => exports.loggingConfigManager.getConfigSync();
+exports.getLoggingConfigSync = getLoggingConfigSync;
+const startConfigWatching = () => exports.loggingConfigManager.startWatching();
+exports.startConfigWatching = startConfigWatching;
+const stopConfigWatching = () => exports.loggingConfigManager.stopWatching();
+exports.stopConfigWatching = stopConfigWatching;
+const addConfigWatcher = (callback) => exports.loggingConfigManager.addWatcher(callback);
+exports.addConfigWatcher = addConfigWatcher;
+const removeConfigWatcher = (callback) => exports.loggingConfigManager.removeWatcher(callback);
+exports.removeConfigWatcher = removeConfigWatcher;

package/dist/config/unauthenticated-routes.d.ts

@@ -0,0 +1,17 @@
+export interface UnauthenticatedRouteConfig {
+    pattern: string;
+    description: string;
+    allowDuringCircuitBreakerOpen?: boolean;
+    requiresRateLimit?: boolean;
+}
+export declare const UNAUTHENTICATED_ROUTES: UnauthenticatedRouteConfig[];
+export declare function isUnauthenticatedRoute(pathname: string): boolean;
+export declare function isAllowedDuringCircuitBreakerOpen(pathname: string): boolean;
+export declare function requiresRateLimit(pathname: string): boolean;
+declare const _default: {
+    UNAUTHENTICATED_ROUTES: UnauthenticatedRouteConfig[];
+    isUnauthenticatedRoute: typeof isUnauthenticatedRoute;
+    isAllowedDuringCircuitBreakerOpen: typeof isAllowedDuringCircuitBreakerOpen;
+    requiresRateLimit: typeof requiresRateLimit;
+};
+export default _default;

package/dist/config/unauthenticated-routes.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UNAUTHENTICATED_ROUTES = void 0;
+exports.isUnauthenticatedRoute = isUnauthenticatedRoute;
+exports.isAllowedDuringCircuitBreakerOpen = isAllowedDuringCircuitBreakerOpen;
+exports.requiresRateLimit = requiresRateLimit;
+exports.UNAUTHENTICATED_ROUTES = [
+    { pattern: '/account-auth/*', description: 'All authentication pages', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/account-auth/login', description: 'Login page', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/account-auth/verify-code', description: '2FA page', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/api/auth/*', description: 'Auth API endpoints', allowDuringCircuitBreakerOpen: true, requiresRateLimit: true },
+    { pattern: '/api/session/refresh-viability', description: 'Refresh viability check', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/landing', description: 'Public landing', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/service-unavailable', description: 'Service unavailable', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/favicon.ico', description: 'Favicon', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/robots.txt', description: 'Robots.txt', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/sitemap.xml', description: 'Sitemap', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/_next/*', description: 'Next.js assets', allowDuringCircuitBreakerOpen: true },
+    { pattern: '/public/*', description: 'Public assets', allowDuringCircuitBreakerOpen: true }
+];
+function isUnauthenticatedRoute(pathname) { return exports.UNAUTHENTICATED_ROUTES.some(route => route.pattern.endsWith('*') ? pathname.startsWith(route.pattern.slice(0, -1)) : pathname === route.pattern); }
+function isAllowedDuringCircuitBreakerOpen(pathname) { const route = exports.UNAUTHENTICATED_ROUTES.find(route => route.pattern.endsWith('*') ? pathname.startsWith(route.pattern.slice(0, -1)) : pathname === route.pattern); return route?.allowDuringCircuitBreakerOpen === true; }
+function requiresRateLimit(pathname) { const route = exports.UNAUTHENTICATED_ROUTES.find(route => route.pattern.endsWith('*') ? pathname.startsWith(route.pattern.slice(0, -1)) : pathname === route.pattern); return route?.requiresRateLimit === true; }
+exports.default = { UNAUTHENTICATED_ROUTES: exports.UNAUTHENTICATED_ROUTES, isUnauthenticatedRoute, isAllowedDuringCircuitBreakerOpen, requiresRateLimit };

package/dist/config/vibe-log-transport.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Vibe Log Transport for Winston
+ *
+ * Buffers log entries to Redis for async processing by Vibe log drain.
+ * This avoids the "log database errors to database" chicken-and-egg problem.
+ *
+ * Features:
+ * - Async batch writing (doesn't block main thread)
+ * - Configurable minimum log level
+ * - Redis buffering with 1-week TTL
+ * - Graceful degradation on failure
+ */
+import Transport from 'winston-transport';
+export interface VibeLogTransportOptions extends Transport.TransportStreamOptions {
+    /** Redis URL (optional, uses REDIS_URL env var by default) */
+    redisUrl?: string;
+    /** Vibe client ID (for log metadata) */
+    vibeClientId?: string;
+    /** App slug for identification */
+    appSlug?: string;
+    /** Minimum level to send to Vibe (default: 'warn') */
+    minLevel?: string;
+    /** Batch size before flush (default: 10) */
+    batchSize?: number;
+    /** Flush interval in ms (default: 5000) */
+    flushInterval?: number;
+    /** Enable/disable the transport (default: true if Redis available) */
+    enabled?: boolean;
+}
+/**
+ * Winston transport that buffers logs to Redis for Vibe drain processing
+ */
+export declare class VibeLogTransport extends Transport {
+    private vibeClientId;
+    private appSlug;
+    private minLevelNum;
+    private batchSize;
+    private flushInterval;
+    private enabled;
+    private redisAvailable;
+    private batch;
+    private flushTimer;
+    private isFlushing;
+    constructor(opts?: VibeLogTransportOptions);
+    /**
+     * Winston transport log method
+     */
+    log(info: any, callback: () => void): void;
+    /**
+     * Extract category from message prefix like [AUTH], [IDP], etc.
+     */
+    private extractCategory;
+    /**
+     * Extract metadata from winston info object
+     */
+    private extractMeta;
+    /**
+     * Start the periodic flush timer
+     */
+    private startFlushTimer;
+    /**
+     * Flush batch to Vibe
+     */
+    flush(): Promise<void>;
+    /**
+     * Push log entries to Redis for async drain processing
+     */
+    private sendToVibe;
+    /**
+     * Close transport and flush remaining logs
+     */
+    close(): void;
+}
+/**
+ * Create a configured VibeLogTransport instance
+ * Returns null if Redis is not configured (REDIS_URL env var)
+ */
+export declare function createVibeLogTransport(opts?: VibeLogTransportOptions): VibeLogTransport | null;
+export default VibeLogTransport;

package/dist/config/vibe-log-transport.js

@@ -0,0 +1,203 @@
+"use strict";
+/**
+ * Vibe Log Transport for Winston
+ *
+ * Buffers log entries to Redis for async processing by Vibe log drain.
+ * This avoids the "log database errors to database" chicken-and-egg problem.
+ *
+ * Features:
+ * - Async batch writing (doesn't block main thread)
+ * - Configurable minimum log level
+ * - Redis buffering with 1-week TTL
+ * - Graceful degradation on failure
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VibeLogTransport = void 0;
+exports.createVibeLogTransport = createVibeLogTransport;
+const winston_transport_1 = __importDefault(require("winston-transport"));
+const redis_1 = require("../lib/redis");
+/** Redis key for pending log entries */
+const REDIS_LOG_KEY = 'vibe:logs:pending';
+/** TTL in seconds: 1 week */
+const REDIS_LOG_TTL = 7 * 24 * 60 * 60;
+const LEVEL_ORDER = {
+    error: 0,
+    warn: 1,
+    info: 2,
+    http: 3,
+    debug: 4,
+};
+/**
+ * Winston transport that buffers logs to Redis for Vibe drain processing
+ */
+class VibeLogTransport extends winston_transport_1.default {
+    vibeClientId;
+    appSlug;
+    minLevelNum;
+    batchSize;
+    flushInterval;
+    enabled;
+    redisAvailable = false;
+    batch = [];
+    flushTimer = null;
+    isFlushing = false;
+    constructor(opts = {}) {
+        super(opts);
+        this.vibeClientId = opts.vibeClientId || process.env.VIBE_CLIENT_ID || '';
+        this.appSlug = opts.appSlug || process.env.APP_SLUG || process.env.CLIENT_ID || 'mvp-app';
+        this.minLevelNum = LEVEL_ORDER[opts.minLevel || 'warn'] ?? 1;
+        this.batchSize = opts.batchSize || 10;
+        this.flushInterval = opts.flushInterval || 5000;
+        // Enable if Redis URL is configured
+        const redisUrl = opts.redisUrl || process.env.REDIS_URL || '';
+        this.enabled = opts.enabled !== false && !!redisUrl;
+        this.redisAvailable = !!redisUrl;
+        if (this.enabled) {
+            this.startFlushTimer();
+        }
+    }
+    /**
+     * Winston transport log method
+     */
+    log(info, callback) {
+        setImmediate(() => this.emit('logged', info));
+        if (!this.enabled) {
+            callback();
+            return;
+        }
+        const level = info.level?.replace(/\u001b\[\d+m/g, '') || 'info'; // Strip ANSI codes
+        const levelNum = LEVEL_ORDER[level] ?? 2;
+        // Only batch if at or above minimum level
+        if (levelNum <= this.minLevelNum) {
+            const entry = {
+                level,
+                message: info.message || '',
+                timestamp: info.timestamp || new Date().toISOString(),
+                category: this.extractCategory(info.message),
+                meta: this.extractMeta(info),
+            };
+            this.batch.push(entry);
+            // Flush immediately if batch is full or if error/fatal
+            if (this.batch.length >= this.batchSize || level === 'error') {
+                this.flush().catch(() => { }); // Ignore flush errors
+            }
+        }
+        callback();
+    }
+    /**
+     * Extract category from message prefix like [AUTH], [IDP], etc.
+     */
+    extractCategory(message) {
+        const match = message.match(/^\[([A-Z-]+)\]/);
+        return match ? match[1].toLowerCase() : 'app';
+    }
+    /**
+     * Extract metadata from winston info object
+     */
+    extractMeta(info) {
+        const { level, message, timestamp, ...rest } = info;
+        return Object.keys(rest).length > 0 ? rest : {};
+    }
+    /**
+     * Start the periodic flush timer
+     */
+    startFlushTimer() {
+        if (this.flushTimer)
+            return;
+        this.flushTimer = setInterval(() => {
+            if (this.batch.length > 0) {
+                this.flush().catch(() => { });
+            }
+        }, this.flushInterval);
+        // Don't prevent process exit
+        if (this.flushTimer.unref) {
+            this.flushTimer.unref();
+        }
+    }
+    /**
+     * Flush batch to Vibe
+     */
+    async flush() {
+        if (this.isFlushing || this.batch.length === 0)
+            return;
+        this.isFlushing = true;
+        const entries = [...this.batch];
+        this.batch = [];
+        try {
+            await this.sendToVibe(entries);
+        }
+        catch (err) {
+            // On failure, put entries back (up to limit to prevent memory issues)
+            if (this.batch.length < 100) {
+                this.batch = [...entries, ...this.batch].slice(0, 100);
+            }
+            // Log to console as fallback
+            console.error('[VibeLogTransport] Failed to flush logs:', err);
+        }
+        finally {
+            this.isFlushing = false;
+        }
+    }
+    /**
+     * Push log entries to Redis for async drain processing
+     */
+    async sendToVibe(entries) {
+        if (entries.length === 0)
+            return;
+        const redis = (0, redis_1.getRedis)();
+        // Format entries for the drain to process
+        const logRecords = entries.map(e => JSON.stringify({
+            level: e.level,
+            message: e.message,
+            timestamp: e.timestamp,
+            source: 'next-mvp',
+            app_slug: this.appSlug,
+            vibe_client_id: this.vibeClientId,
+            category: e.category,
+            error_code: e.meta?.errorCode || e.meta?.error_code,
+            stack: e.meta?.stack,
+            request_id: e.meta?.requestId || e.meta?.request_id,
+            user_id: e.meta?.userId || e.meta?.user_id,
+            path: e.meta?.path,
+            method: e.meta?.method,
+            status_code: e.meta?.statusCode || e.meta?.status_code,
+            duration_ms: e.meta?.durationMs || e.meta?.duration_ms,
+            meta: e.meta,
+            queued_at: new Date().toISOString(),
+        }));
+        // LPUSH all entries (newest first, drain will RPOP for FIFO)
+        await redis.lpush(REDIS_LOG_KEY, ...logRecords);
+        // Reset TTL on each write (1 week from last activity)
+        await redis.expire(REDIS_LOG_KEY, REDIS_LOG_TTL);
+    }
+    /**
+     * Close transport and flush remaining logs
+     */
+    close() {
+        if (this.flushTimer) {
+            clearInterval(this.flushTimer);
+            this.flushTimer = null;
+        }
+        // Final flush (best effort)
+        if (this.batch.length > 0) {
+            this.flush().catch(() => { });
+        }
+    }
+}
+exports.VibeLogTransport = VibeLogTransport;
+/**
+ * Create a configured VibeLogTransport instance
+ * Returns null if Redis is not configured (REDIS_URL env var)
+ */
+function createVibeLogTransport(opts) {
+    const transport = new VibeLogTransport(opts);
+    // Return null if transport is disabled (no Redis)
+    if (!transport['enabled']) {
+        return null;
+    }
+    return transport;
+}
+exports.default = VibeLogTransport;