@pipeline-builder/api-core 3.1.0

package/lib/types/common.js

@@ -0,0 +1,53 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VALID_QUOTA_TYPES = void 0;
+exports.isValidQuotaType = isValidQuotaType;
+exports.validateQuotaType = validateQuotaType;
+/**
+ * Valid quota type values.
+ */
+exports.VALID_QUOTA_TYPES = ['plugins', 'pipelines', 'apiCalls'];
+/**
+ * Type guard to check if a value is a valid QuotaType.
+ *
+ * @param value - Value to check
+ * @returns True if value is a valid QuotaType
+ *
+ * @example
+ * ```typescript
+ * if (isValidQuotaType(req.body.quotaType)) {
+ *   // quotaType is guaranteed to be QuotaType
+ * }
+ * ```
+ */
+function isValidQuotaType(value) {
+    return typeof value === 'string' && exports.VALID_QUOTA_TYPES.includes(value);
+}
+/**
+ * Validate and assert that a value is a valid QuotaType.
+ * Throws an error if validation fails.
+ *
+ * @param value - Value to validate
+ * @param fieldName - Name of the field being validated (for error messages)
+ * @returns The validated QuotaType
+ * @throws Error if value is not a valid QuotaType
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   const quotaType = validateQuotaType(req.body.quotaType, 'quotaType');
+ *   // Use quotaType safely
+ * } catch (err) {
+ *   return sendError(res, 400, err.message);
+ * }
+ * ```
+ */
+function validateQuotaType(value, fieldName = 'quotaType') {
+    if (!isValidQuotaType(value)) {
+        throw new Error(`Invalid ${fieldName}: "${value}". Must be one of: ${exports.VALID_QUOTA_TYPES.join(', ')}`);
+    }
+    return value;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tbW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3R5cGVzL2NvbW1vbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsK0NBQStDO0FBQy9DLHNDQUFzQzs7O0FBeUJ0Qyw0Q0FFQztBQXFCRCw4Q0FPQztBQWhERDs7R0FFRztBQUNVLFFBQUEsaUJBQWlCLEdBQUcsQ0FBQyxTQUFTLEVBQUUsV0FBVyxFQUFFLFVBQVUsQ0FBVSxDQUFDO0FBRS9FOzs7Ozs7Ozs7Ozs7R0FZRztBQUNILFNBQWdCLGdCQUFnQixDQUFDLEtBQWM7SUFDN0MsT0FBTyxPQUFPLEtBQUssS0FBSyxRQUFRLElBQUkseUJBQWlCLENBQUMsUUFBUSxDQUFDLEtBQWtCLENBQUMsQ0FBQztBQUNyRixDQUFDO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUNILFNBQWdCLGlCQUFpQixDQUFDLEtBQWMsRUFBRSxTQUFTLEdBQUcsV0FBVztJQUN2RSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUM3QixNQUFNLElBQUksS0FBSyxDQUNiLFdBQVcsU0FBUyxNQUFNLEtBQUssc0JBQXNCLHlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUNwRixDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIENvcHlyaWdodCAyMDI2IFBpcGVsaW5lIEJ1aWxkZXIgQ29udHJpYnV0b3JzXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG4vKipcbiAqIFF1b3RhIHR5cGUgaWRlbnRpZmllcnMuXG4gKi9cbmV4cG9ydCB0eXBlIFF1b3RhVHlwZSA9ICdwbHVnaW5zJyB8ICdwaXBlbGluZXMnIHwgJ2FwaUNhbGxzJztcblxuLyoqXG4gKiBWYWxpZCBxdW90YSB0eXBlIHZhbHVlcy5cbiAqL1xuZXhwb3J0IGNvbnN0IFZBTElEX1FVT1RBX1RZUEVTID0gWydwbHVnaW5zJywgJ3BpcGVsaW5lcycsICdhcGlDYWxscyddIGFzIGNvbnN0O1xuXG4vKipcbiAqIFR5cGUgZ3VhcmQgdG8gY2hlY2sgaWYgYSB2YWx1ZSBpcyBhIHZhbGlkIFF1b3RhVHlwZS5cbiAqXG4gKiBAcGFyYW0gdmFsdWUgLSBWYWx1ZSB0byBjaGVja1xuICogQHJldHVybnMgVHJ1ZSBpZiB2YWx1ZSBpcyBhIHZhbGlkIFF1b3RhVHlwZVxuICpcbiAqIEBleGFtcGxlXG4gKiBgYGB0eXBlc2NyaXB0XG4gKiBpZiAoaXNWYWxpZFF1b3RhVHlwZShyZXEuYm9keS5xdW90YVR5cGUpKSB7XG4gKiAgIC8vIHF1b3RhVHlwZSBpcyBndWFyYW50ZWVkIHRvIGJlIFF1b3RhVHlwZVxuICogfVxuICogYGBgXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc1ZhbGlkUXVvdGFUeXBlKHZhbHVlOiB1bmtub3duKTogdmFsdWUgaXMgUXVvdGFUeXBlIHtcbiAgcmV0dXJuIHR5cGVvZiB2YWx1ZSA9PT0gJ3N0cmluZycgJiYgVkFMSURfUVVPVEFfVFlQRVMuaW5jbHVkZXModmFsdWUgYXMgUXVvdGFUeXBlKTtcbn1cblxuLyoqXG4gKiBWYWxpZGF0ZSBhbmQgYXNzZXJ0IHRoYXQgYSB2YWx1ZSBpcyBhIHZhbGlkIFF1b3RhVHlwZS5cbiAqIFRocm93cyBhbiBlcnJvciBpZiB2YWxpZGF0aW9uIGZhaWxzLlxuICpcbiAqIEBwYXJhbSB2YWx1ZSAtIFZhbHVlIHRvIHZhbGlkYXRlXG4gKiBAcGFyYW0gZmllbGROYW1lIC0gTmFtZSBvZiB0aGUgZmllbGQgYmVpbmcgdmFsaWRhdGVkIChmb3IgZXJyb3IgbWVzc2FnZXMpXG4gKiBAcmV0dXJucyBUaGUgdmFsaWRhdGVkIFF1b3RhVHlwZVxuICogQHRocm93cyBFcnJvciBpZiB2YWx1ZSBpcyBub3QgYSB2YWxpZCBRdW90YVR5cGVcbiAqXG4gKiBAZXhhbXBsZVxuICogYGBgdHlwZXNjcmlwdFxuICogdHJ5IHtcbiAqICAgY29uc3QgcXVvdGFUeXBlID0gdmFsaWRhdGVRdW90YVR5cGUocmVxLmJvZHkucXVvdGFUeXBlLCAncXVvdGFUeXBlJyk7XG4gKiAgIC8vIFVzZSBxdW90YVR5cGUgc2FmZWx5XG4gKiB9IGNhdGNoIChlcnIpIHtcbiAqICAgcmV0dXJuIHNlbmRFcnJvcihyZXMsIDQwMCwgZXJyLm1lc3NhZ2UpO1xuICogfVxuICogYGBgXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiB2YWxpZGF0ZVF1b3RhVHlwZSh2YWx1ZTogdW5rbm93biwgZmllbGROYW1lID0gJ3F1b3RhVHlwZScpOiBRdW90YVR5cGUge1xuICBpZiAoIWlzVmFsaWRRdW90YVR5cGUodmFsdWUpKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYEludmFsaWQgJHtmaWVsZE5hbWV9OiBcIiR7dmFsdWV9XCIuIE11c3QgYmUgb25lIG9mOiAke1ZBTElEX1FVT1RBX1RZUEVTLmpvaW4oJywgJyl9YCxcbiAgICApO1xuICB9XG4gIHJldHVybiB2YWx1ZTtcbn1cblxuLyoqXG4gKiBSZXN1bHQgZnJvbSBxdW90YSBjaGVjayBvcGVyYXRpb24uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgUXVvdGFDaGVja1Jlc3VsdCB7XG4gIC8qKiBXaGV0aGVyIHRoZSByZXF1ZXN0IGlzIGFsbG93ZWQgKi9cbiAgYWxsb3dlZDogYm9vbGVhbjtcbiAgLyoqIE1heGltdW0gcXVvdGEgbGltaXQgKC0xIGZvciB1bmxpbWl0ZWQpICovXG4gIGxpbWl0OiBudW1iZXI7XG4gIC8qKiBDdXJyZW50IHVzYWdlIGNvdW50ICovXG4gIHVzZWQ6IG51bWJlcjtcbiAgLyoqIFJlbWFpbmluZyBxdW90YSAoLTEgZm9yIHVubGltaXRlZCkgKi9cbiAgcmVtYWluaW5nOiBudW1iZXI7XG4gIC8qKiBJU08gdGltZXN0YW1wIHdoZW4gcXVvdGEgcmVzZXRzICovXG4gIHJlc2V0QXQ6IHN0cmluZztcbiAgLyoqIFdoZXRoZXIgcXVvdGEgaXMgdW5saW1pdGVkICovXG4gIHVubGltaXRlZDogYm9vbGVhbjtcbn1cblxuLyoqXG4gKiBRdW90YSBpbmZvcm1hdGlvbiBmb3IgZXJyb3IgcmVzcG9uc2VzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFF1b3RhSW5mbyB7XG4gIHR5cGU6IFF1b3RhVHlwZTtcbiAgbGltaXQ6IG51bWJlcjtcbiAgdXNlZDogbnVtYmVyO1xuICByZW1haW5pbmc6IG51bWJlcjtcbn1cblxuLyoqXG4gKiBTdGFuZGFyZCBBUEkgc3VjY2VzcyByZXNwb25zZS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBBcGlTdWNjZXNzUmVzcG9uc2U8VCA9IHVua25vd24+IHtcbiAgc3VjY2VzczogdHJ1ZTtcbiAgc3RhdHVzQ29kZTogbnVtYmVyO1xuICBkYXRhPzogVDtcbiAgbWVzc2FnZT86IHN0cmluZztcbn1cblxuLyoqXG4gKiBTdGFuZGFyZCBBUEkgZXJyb3IgcmVzcG9uc2UuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQXBpRXJyb3JSZXNwb25zZSB7XG4gIHN1Y2Nlc3M6IGZhbHNlO1xuICBzdGF0dXNDb2RlOiBudW1iZXI7XG4gIG1lc3NhZ2U6IHN0cmluZztcbiAgY29kZT86IHN0cmluZztcbiAgZGV0YWlscz86IHVua25vd247XG4gIHF1b3RhPzogUXVvdGFJbmZvO1xufVxuXG4vKipcbiAqIENvbWJpbmVkIEFQSSByZXNwb25zZSB0eXBlLlxuICovXG5leHBvcnQgdHlwZSBBcGlSZXNwb25zZTxUID0gdW5rbm93bj4gPSBBcGlTdWNjZXNzUmVzcG9uc2U8VD4gfCBBcGlFcnJvclJlc3BvbnNlO1xuXG4vKipcbiAqIEpXVCBwYXlsb2FkIGZyb20gYWNjZXNzIHRva2Vucy5cbiAqXG4gKiBVc2VycyBjYW4gYmVsb25nIHRvIG11bHRpcGxlIG9yZ2FuaXphdGlvbnMuIFRoZSB0b2tlbiBpcyBzY29wZWQgdG8gb25lXG4gKiBhY3RpdmUgb3JnYW5pemF0aW9uIGF0IGEgdGltZS4gVGhlIGByb2xlYCBmaWVsZCBpcyB0aGUgdXNlcidzIHBlci1vcmdcbiAqIHJvbGUgaW4gdGhhdCBvcmdhbml6YXRpb24gKGZyb20gdGhlIFVzZXJPcmdhbml6YXRpb24ganVuY3Rpb24gY29sbGVjdGlvbiksXG4gKiBhbmQgYGlzQWRtaW5gIGlzIGRlcml2ZWQgYXMgYHJvbGUgPT09ICdhZG1pbicgfHwgcm9sZSA9PT0gJ293bmVyJ2AuXG4gKlxuICogVXNlIGBQT1NUIC9hdXRoL3N3aXRjaC1vcmdgIHRvIGNoYW5nZSB0aGUgYWN0aXZlIG9yZ2FuaXphdGlvbiwgd2hpY2hcbiAqIHJlLWlzc3VlcyB0b2tlbnMgd2l0aCB0aGUgbmV3IG9yZydzIHJvbGUgYW5kIGNvbnRleHQuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSnd0UGF5bG9hZCB7XG4gIC8qKiBVc2VyIElEIChzdWJqZWN0KSAqL1xuICBzdWI6IHN0cmluZztcbiAgLyoqIFVzZXJuYW1lICovXG4gIHVzZXJuYW1lOiBzdHJpbmc7XG4gIC8qKiBVc2VyIGVtYWlsICovXG4gIGVtYWlsOiBzdHJpbmc7XG4gIC8qKiBQZXItb3JnIHJvbGUgaW4gdGhlIGFjdGl2ZSBvcmdhbml6YXRpb24gKCdvd25lcicgfCAnYWRtaW4nIHwgJ21lbWJlcicpLiBOb3QgYSBnbG9iYWwgcm9sZS4gKi9cbiAgcm9sZTogJ293bmVyJyB8ICdhZG1pbicgfCAnbWVtYmVyJztcbiAgLyoqIERlcml2ZWQ6IHRydWUgd2hlbiByb2xlIGlzICdhZG1pbicgb3IgJ293bmVyJyBpbiB0aGUgYWN0aXZlIG9yZ2FuaXphdGlvbiAqL1xuICBpc0FkbWluPzogYm9vbGVhbjtcbiAgLyoqIE9yZ2FuaXphdGlvbidzIHF1b3RhIHRpZXIgKCdkZXZlbG9wZXInIHwgJ3BybycgfCAndW5saW1pdGVkJykgKi9cbiAgdGllcj86IHN0cmluZztcbiAgLyoqIFJlc29sdmVkIGZlYXR1cmUgZmxhZ3MgZm9yIHRoaXMgdXNlci9vcmcgKi9cbiAgZmVhdHVyZXM/OiBzdHJpbmdbXTtcbiAgLyoqIEFjdGl2ZSBvcmdhbml6YXRpb24gSUQgKGZyb20gVXNlck9yZ2FuaXphdGlvbiBtZW1iZXJzaGlwKSAqL1xuICBvcmdhbml6YXRpb25JZD86IHN0cmluZztcbiAgLyoqIEFjdGl2ZSBvcmdhbml6YXRpb24gbmFtZSAqL1xuICBvcmdhbml6YXRpb25OYW1lPzogc3RyaW5nO1xuICAvKiogVG9rZW4gdHlwZSAqL1xuICB0eXBlOiAnYWNjZXNzJyB8ICdyZWZyZXNoJztcbiAgLyoqIElzc3VlZCBhdCB0aW1lc3RhbXAgKi9cbiAgaWF0PzogbnVtYmVyO1xuICAvKiogRXhwaXJhdGlvbiB0aW1lc3RhbXAgKi9cbiAgZXhwPzogbnVtYmVyO1xufVxuXG4vKipcbiAqIEV4dGVuZGVkIEV4cHJlc3MgUmVxdWVzdCB3aXRoIHVzZXIgcHJvcGVydHkuXG4gKi9cbmRlY2xhcmUgZ2xvYmFsIHtcbiAgbmFtZXNwYWNlIEV4cHJlc3Mge1xuICAgIGludGVyZmFjZSBSZXF1ZXN0IHtcbiAgICAgIHVzZXI/OiBKd3RQYXlsb2FkO1xuICAgIH1cbiAgfVxufVxuXG4vKipcbiAqIFNlcnZpY2UgY29uZmlndXJhdGlvbiBmb3IgaW50ZXJuYWwgSFRUUCBjbGllbnQuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgU2VydmljZUNvbmZpZyB7XG4gIC8qKiBTZXJ2aWNlIGhvc3RuYW1lICovXG4gIGhvc3Q6IHN0cmluZztcbiAgLyoqIFNlcnZpY2UgcG9ydCAqL1xuICBwb3J0OiBudW1iZXI7XG4gIC8qKiBSZXF1ZXN0IHRpbWVvdXQgaW4gbWlsbGlzZWNvbmRzICovXG4gIHRpbWVvdXQ/OiBudW1iZXI7XG59XG5cbi8qKlxuICogSGVhbHRoIGNoZWNrIHJlc3BvbnNlLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEhlYWx0aENoZWNrUmVzcG9uc2Uge1xuICBzdGF0dXM6ICdoZWFsdGh5JyB8ICd1bmhlYWx0aHknO1xuICBzZXJ2aWNlOiBzdHJpbmc7XG4gIHRpbWVzdGFtcDogc3RyaW5nO1xuICB1cHRpbWU6IG51bWJlcjtcbiAgdmVyc2lvbj86IHN0cmluZztcbiAgZGVwZW5kZW5jaWVzPzogUmVjb3JkPHN0cmluZywgJ2Nvbm5lY3RlZCcgfCAnZGlzY29ubmVjdGVkJyB8ICd1bmtub3duJz47XG59XG4iXX0=

package/lib/types/error-codes.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Standardized error codes used across all API microservices.
+ * Use these codes in error responses for consistent client handling.
+ *
+ * Each HTTP status category has one primary code. Use the `details`
+ * field in error responses for sub-type information (e.g. which quota
+ * was exceeded, which field failed validation).
+ */
+export declare enum ErrorCode {
+    UNAUTHORIZED = "UNAUTHORIZED",
+    TOKEN_EXPIRED = "TOKEN_EXPIRED",
+    TOKEN_INVALID = "TOKEN_INVALID",
+    TOKEN_MISSING = "TOKEN_MISSING",
+    INSUFFICIENT_PERMISSIONS = "INSUFFICIENT_PERMISSIONS",
+    ORG_MISMATCH = "ORG_MISMATCH",
+    COMPLIANCE_VIOLATION = "COMPLIANCE_VIOLATION",
+    NOT_FOUND = "NOT_FOUND",
+    ORG_NOT_FOUND = "ORG_NOT_FOUND",
+    VALIDATION_ERROR = "VALIDATION_ERROR",
+    MISSING_REQUIRED_FIELD = "MISSING_REQUIRED_FIELD",
+    QUOTA_EXCEEDED = "QUOTA_EXCEEDED",
+    RATE_LIMIT_EXCEEDED = "RATE_LIMIT_EXCEEDED",
+    CONFLICT = "CONFLICT",
+    DUPLICATE_ENTRY = "DUPLICATE_ENTRY",
+    SCAN_CONFLICT = "SCAN_CONFLICT",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+    DATABASE_ERROR = "DATABASE_ERROR",
+    SERVICE_UNAVAILABLE = "SERVICE_UNAVAILABLE",
+    COMPLIANCE_SERVICE_UNAVAILABLE = "COMPLIANCE_SERVICE_UNAVAILABLE"
+}
+/**
+ * Maps error codes to their default HTTP status codes.
+ */
+export declare const ErrorCodeStatus: Record<ErrorCode, number>;
+/**
+ * Get the HTTP status code for an error code.
+ */
+export declare function getStatusForErrorCode(code: ErrorCode): number;

package/lib/types/error-codes.js

@@ -0,0 +1,77 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ErrorCodeStatus = exports.ErrorCode = void 0;
+exports.getStatusForErrorCode = getStatusForErrorCode;
+/**
+ * Standardized error codes used across all API microservices.
+ * Use these codes in error responses for consistent client handling.
+ *
+ * Each HTTP status category has one primary code. Use the `details`
+ * field in error responses for sub-type information (e.g. which quota
+ * was exceeded, which field failed validation).
+ */
+var ErrorCode;
+(function (ErrorCode) {
+    // Authentication errors (401)
+    ErrorCode["UNAUTHORIZED"] = "UNAUTHORIZED";
+    ErrorCode["TOKEN_EXPIRED"] = "TOKEN_EXPIRED";
+    ErrorCode["TOKEN_INVALID"] = "TOKEN_INVALID";
+    ErrorCode["TOKEN_MISSING"] = "TOKEN_MISSING";
+    // Authorization errors (403)
+    ErrorCode["INSUFFICIENT_PERMISSIONS"] = "INSUFFICIENT_PERMISSIONS";
+    ErrorCode["ORG_MISMATCH"] = "ORG_MISMATCH";
+    ErrorCode["COMPLIANCE_VIOLATION"] = "COMPLIANCE_VIOLATION";
+    // Not found errors (404)
+    ErrorCode["NOT_FOUND"] = "NOT_FOUND";
+    ErrorCode["ORG_NOT_FOUND"] = "ORG_NOT_FOUND";
+    // Validation errors (400)
+    ErrorCode["VALIDATION_ERROR"] = "VALIDATION_ERROR";
+    ErrorCode["MISSING_REQUIRED_FIELD"] = "MISSING_REQUIRED_FIELD";
+    // Quota/Rate limit errors (429)
+    ErrorCode["QUOTA_EXCEEDED"] = "QUOTA_EXCEEDED";
+    ErrorCode["RATE_LIMIT_EXCEEDED"] = "RATE_LIMIT_EXCEEDED";
+    // Conflict errors (409)
+    ErrorCode["CONFLICT"] = "CONFLICT";
+    ErrorCode["DUPLICATE_ENTRY"] = "DUPLICATE_ENTRY";
+    ErrorCode["SCAN_CONFLICT"] = "SCAN_CONFLICT";
+    // Server errors (500)
+    ErrorCode["INTERNAL_ERROR"] = "INTERNAL_ERROR";
+    ErrorCode["DATABASE_ERROR"] = "DATABASE_ERROR";
+    // Service unavailable (503)
+    ErrorCode["SERVICE_UNAVAILABLE"] = "SERVICE_UNAVAILABLE";
+    ErrorCode["COMPLIANCE_SERVICE_UNAVAILABLE"] = "COMPLIANCE_SERVICE_UNAVAILABLE";
+})(ErrorCode || (exports.ErrorCode = ErrorCode = {}));
+/**
+ * Maps error codes to their default HTTP status codes.
+ */
+exports.ErrorCodeStatus = {
+    [ErrorCode.UNAUTHORIZED]: 401,
+    [ErrorCode.TOKEN_EXPIRED]: 401,
+    [ErrorCode.TOKEN_INVALID]: 401,
+    [ErrorCode.TOKEN_MISSING]: 401,
+    [ErrorCode.INSUFFICIENT_PERMISSIONS]: 403,
+    [ErrorCode.ORG_MISMATCH]: 403,
+    [ErrorCode.COMPLIANCE_VIOLATION]: 403,
+    [ErrorCode.NOT_FOUND]: 404,
+    [ErrorCode.ORG_NOT_FOUND]: 404,
+    [ErrorCode.VALIDATION_ERROR]: 400,
+    [ErrorCode.MISSING_REQUIRED_FIELD]: 400,
+    [ErrorCode.QUOTA_EXCEEDED]: 429,
+    [ErrorCode.RATE_LIMIT_EXCEEDED]: 429,
+    [ErrorCode.CONFLICT]: 409,
+    [ErrorCode.DUPLICATE_ENTRY]: 409,
+    [ErrorCode.SCAN_CONFLICT]: 409,
+    [ErrorCode.INTERNAL_ERROR]: 500,
+    [ErrorCode.DATABASE_ERROR]: 500,
+    [ErrorCode.SERVICE_UNAVAILABLE]: 503,
+    [ErrorCode.COMPLIANCE_SERVICE_UNAVAILABLE]: 503,
+};
+/**
+ * Get the HTTP status code for an error code.
+ */
+function getStatusForErrorCode(code) {
+    return exports.ErrorCodeStatus[code] ?? 500;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3ItY29kZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvZXJyb3ItY29kZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtDQUErQztBQUMvQyxzQ0FBc0M7OztBQTZFdEMsc0RBRUM7QUE3RUQ7Ozs7Ozs7R0FPRztBQUNILElBQVksU0FvQ1g7QUFwQ0QsV0FBWSxTQUFTO0lBQ25CLDhCQUE4QjtJQUM5QiwwQ0FBNkIsQ0FBQTtJQUM3Qiw0Q0FBK0IsQ0FBQTtJQUMvQiw0Q0FBK0IsQ0FBQTtJQUMvQiw0Q0FBK0IsQ0FBQTtJQUUvQiw2QkFBNkI7SUFDN0Isa0VBQXFELENBQUE7SUFDckQsMENBQTZCLENBQUE7SUFDN0IsMERBQTZDLENBQUE7SUFFN0MseUJBQXlCO0lBQ3pCLG9DQUF1QixDQUFBO0lBQ3ZCLDRDQUErQixDQUFBO0lBRS9CLDBCQUEwQjtJQUMxQixrREFBcUMsQ0FBQTtJQUNyQyw4REFBaUQsQ0FBQTtJQUVqRCxnQ0FBZ0M7SUFDaEMsOENBQWlDLENBQUE7SUFDakMsd0RBQTJDLENBQUE7SUFFM0Msd0JBQXdCO0lBQ3hCLGtDQUFxQixDQUFBO0lBQ3JCLGdEQUFtQyxDQUFBO0lBQ25DLDRDQUErQixDQUFBO0lBRS9CLHNCQUFzQjtJQUN0Qiw4Q0FBaUMsQ0FBQTtJQUNqQyw4Q0FBaUMsQ0FBQTtJQUVqQyw0QkFBNEI7SUFDNUIsd0RBQTJDLENBQUE7SUFDM0MsOEVBQWlFLENBQUE7QUFDbkUsQ0FBQyxFQXBDVyxTQUFTLHlCQUFULFNBQVMsUUFvQ3BCO0FBRUQ7O0dBRUc7QUFDVSxRQUFBLGVBQWUsR0FBOEI7SUFDeEQsQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDLEVBQUUsR0FBRztJQUM3QixDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsRUFBRSxHQUFHO0lBQzlCLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxFQUFFLEdBQUc7SUFDOUIsQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLEVBQUUsR0FBRztJQUM5QixDQUFDLFNBQVMsQ0FBQyx3QkFBd0IsQ0FBQyxFQUFFLEdBQUc7SUFDekMsQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDLEVBQUUsR0FBRztJQUM3QixDQUFDLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQyxFQUFFLEdBQUc7SUFDckMsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsR0FBRztJQUMxQixDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsRUFBRSxHQUFHO0lBQzlCLENBQUMsU0FBUyxDQUFDLGdCQUFnQixDQUFDLEVBQUUsR0FBRztJQUNqQyxDQUFDLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxFQUFFLEdBQUc7SUFDdkMsQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLEVBQUUsR0FBRztJQUMvQixDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEdBQUc7SUFDcEMsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsR0FBRztJQUN6QixDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsRUFBRSxHQUFHO0lBQ2hDLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxFQUFFLEdBQUc7SUFDOUIsQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLEVBQUUsR0FBRztJQUMvQixDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUMsRUFBRSxHQUFHO0lBQy9CLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLEVBQUUsR0FBRztJQUNwQyxDQUFDLFNBQVMsQ0FBQyw4QkFBOEIsQ0FBQyxFQUFFLEdBQUc7Q0FDaEQsQ0FBQztBQUVGOztHQUVHO0FBQ0gsU0FBZ0IscUJBQXFCLENBQUMsSUFBZTtJQUNuRCxPQUFPLHVCQUFlLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDO0FBQ3RDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBDb3B5cmlnaHQgMjAyNiBQaXBlbGluZSBCdWlsZGVyIENvbnRyaWJ1dG9yc1xuLy8gU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjBcblxuLyoqXG4gKiBTdGFuZGFyZGl6ZWQgZXJyb3IgY29kZXMgdXNlZCBhY3Jvc3MgYWxsIEFQSSBtaWNyb3NlcnZpY2VzLlxuICogVXNlIHRoZXNlIGNvZGVzIGluIGVycm9yIHJlc3BvbnNlcyBmb3IgY29uc2lzdGVudCBjbGllbnQgaGFuZGxpbmcuXG4gKlxuICogRWFjaCBIVFRQIHN0YXR1cyBjYXRlZ29yeSBoYXMgb25lIHByaW1hcnkgY29kZS4gVXNlIHRoZSBgZGV0YWlsc2BcbiAqIGZpZWxkIGluIGVycm9yIHJlc3BvbnNlcyBmb3Igc3ViLXR5cGUgaW5mb3JtYXRpb24gKGUuZy4gd2hpY2ggcXVvdGFcbiAqIHdhcyBleGNlZWRlZCwgd2hpY2ggZmllbGQgZmFpbGVkIHZhbGlkYXRpb24pLlxuICovXG5leHBvcnQgZW51bSBFcnJvckNvZGUge1xuICAvLyBBdXRoZW50aWNhdGlvbiBlcnJvcnMgKDQwMSlcbiAgVU5BVVRIT1JJWkVEID0gJ1VOQVVUSE9SSVpFRCcsXG4gIFRPS0VOX0VYUElSRUQgPSAnVE9LRU5fRVhQSVJFRCcsXG4gIFRPS0VOX0lOVkFMSUQgPSAnVE9LRU5fSU5WQUxJRCcsXG4gIFRPS0VOX01JU1NJTkcgPSAnVE9LRU5fTUlTU0lORycsXG5cbiAgLy8gQXV0aG9yaXphdGlvbiBlcnJvcnMgKDQwMylcbiAgSU5TVUZGSUNJRU5UX1BFUk1JU1NJT05TID0gJ0lOU1VGRklDSUVOVF9QRVJNSVNTSU9OUycsXG4gIE9SR19NSVNNQVRDSCA9ICdPUkdfTUlTTUFUQ0gnLFxuICBDT01QTElBTkNFX1ZJT0xBVElPTiA9ICdDT01QTElBTkNFX1ZJT0xBVElPTicsXG5cbiAgLy8gTm90IGZvdW5kIGVycm9ycyAoNDA0KVxuICBOT1RfRk9VTkQgPSAnTk9UX0ZPVU5EJyxcbiAgT1JHX05PVF9GT1VORCA9ICdPUkdfTk9UX0ZPVU5EJyxcblxuICAvLyBWYWxpZGF0aW9uIGVycm9ycyAoNDAwKVxuICBWQUxJREFUSU9OX0VSUk9SID0gJ1ZBTElEQVRJT05fRVJST1InLFxuICBNSVNTSU5HX1JFUVVJUkVEX0ZJRUxEID0gJ01JU1NJTkdfUkVRVUlSRURfRklFTEQnLFxuXG4gIC8vIFF1b3RhL1JhdGUgbGltaXQgZXJyb3JzICg0MjkpXG4gIFFVT1RBX0VYQ0VFREVEID0gJ1FVT1RBX0VYQ0VFREVEJyxcbiAgUkFURV9MSU1JVF9FWENFRURFRCA9ICdSQVRFX0xJTUlUX0VYQ0VFREVEJyxcblxuICAvLyBDb25mbGljdCBlcnJvcnMgKDQwOSlcbiAgQ09ORkxJQ1QgPSAnQ09ORkxJQ1QnLFxuICBEVVBMSUNBVEVfRU5UUlkgPSAnRFVQTElDQVRFX0VOVFJZJyxcbiAgU0NBTl9DT05GTElDVCA9ICdTQ0FOX0NPTkZMSUNUJyxcblxuICAvLyBTZXJ2ZXIgZXJyb3JzICg1MDApXG4gIElOVEVSTkFMX0VSUk9SID0gJ0lOVEVSTkFMX0VSUk9SJyxcbiAgREFUQUJBU0VfRVJST1IgPSAnREFUQUJBU0VfRVJST1InLFxuXG4gIC8vIFNlcnZpY2UgdW5hdmFpbGFibGUgKDUwMylcbiAgU0VSVklDRV9VTkFWQUlMQUJMRSA9ICdTRVJWSUNFX1VOQVZBSUxBQkxFJyxcbiAgQ09NUExJQU5DRV9TRVJWSUNFX1VOQVZBSUxBQkxFID0gJ0NPTVBMSUFOQ0VfU0VSVklDRV9VTkFWQUlMQUJMRScsXG59XG5cbi8qKlxuICogTWFwcyBlcnJvciBjb2RlcyB0byB0aGVpciBkZWZhdWx0IEhUVFAgc3RhdHVzIGNvZGVzLlxuICovXG5leHBvcnQgY29uc3QgRXJyb3JDb2RlU3RhdHVzOiBSZWNvcmQ8RXJyb3JDb2RlLCBudW1iZXI+ID0ge1xuICBbRXJyb3JDb2RlLlVOQVVUSE9SSVpFRF06IDQwMSxcbiAgW0Vycm9yQ29kZS5UT0tFTl9FWFBJUkVEXTogNDAxLFxuICBbRXJyb3JDb2RlLlRPS0VOX0lOVkFMSURdOiA0MDEsXG4gIFtFcnJvckNvZGUuVE9LRU5fTUlTU0lOR106IDQwMSxcbiAgW0Vycm9yQ29kZS5JTlNVRkZJQ0lFTlRfUEVSTUlTU0lPTlNdOiA0MDMsXG4gIFtFcnJvckNvZGUuT1JHX01JU01BVENIXTogNDAzLFxuICBbRXJyb3JDb2RlLkNPTVBMSUFOQ0VfVklPTEFUSU9OXTogNDAzLFxuICBbRXJyb3JDb2RlLk5PVF9GT1VORF06IDQwNCxcbiAgW0Vycm9yQ29kZS5PUkdfTk9UX0ZPVU5EXTogNDA0LFxuICBbRXJyb3JDb2RlLlZBTElEQVRJT05fRVJST1JdOiA0MDAsXG4gIFtFcnJvckNvZGUuTUlTU0lOR19SRVFVSVJFRF9GSUVMRF06IDQwMCxcbiAgW0Vycm9yQ29kZS5RVU9UQV9FWENFRURFRF06IDQyOSxcbiAgW0Vycm9yQ29kZS5SQVRFX0xJTUlUX0VYQ0VFREVEXTogNDI5LFxuICBbRXJyb3JDb2RlLkNPTkZMSUNUXTogNDA5LFxuICBbRXJyb3JDb2RlLkRVUExJQ0FURV9FTlRSWV06IDQwOSxcbiAgW0Vycm9yQ29kZS5TQ0FOX0NPTkZMSUNUXTogNDA5LFxuICBbRXJyb3JDb2RlLklOVEVSTkFMX0VSUk9SXTogNTAwLFxuICBbRXJyb3JDb2RlLkRBVEFCQVNFX0VSUk9SXTogNTAwLFxuICBbRXJyb3JDb2RlLlNFUlZJQ0VfVU5BVkFJTEFCTEVdOiA1MDMsXG4gIFtFcnJvckNvZGUuQ09NUExJQU5DRV9TRVJWSUNFX1VOQVZBSUxBQkxFXTogNTAzLFxufTtcblxuLyoqXG4gKiBHZXQgdGhlIEhUVFAgc3RhdHVzIGNvZGUgZm9yIGFuIGVycm9yIGNvZGUuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBnZXRTdGF0dXNGb3JFcnJvckNvZGUoY29kZTogRXJyb3JDb2RlKTogbnVtYmVyIHtcbiAgcmV0dXJuIEVycm9yQ29kZVN0YXR1c1tjb2RlXSA/PyA1MDA7XG59XG4iXX0=

package/lib/types/feature-flags.d.ts

@@ -0,0 +1,38 @@
+import type { QuotaTier } from './quota-tiers';
+/** Canonical feature flag identifiers. */
+export type FeatureFlag = 'priority_support' | 'custom_integrations' | 'ai_generation' | 'bulk_operations' | 'audit_log';
+/** All valid feature flags (order determines display order). */
+export declare const ALL_FEATURE_FLAGS: readonly FeatureFlag[];
+/** Check whether a string is a valid FeatureFlag. */
+export declare function isValidFeatureFlag(value: string): value is FeatureFlag;
+/** Features enabled by default for each tier. */
+export declare const TIER_FEATURES: Record<QuotaTier, readonly FeatureFlag[]>;
+/** Human-readable metadata for each feature flag. */
+export declare const FEATURE_METADATA: Record<FeatureFlag, {
+    label: string;
+    description: string;
+}>;
+/**
+ * Resolve a user's effective feature set.
+ *
+ * 1. System org users always get ALL features.
+ * 2. Start with the tier's default features.
+ * 3. Apply per-user overrides: `true` adds a feature, `false` removes it.
+ * 4. Invalid override keys are silently ignored.
+ *
+ * @param tier - The organization's quota tier
+ * @param featureOverrides - Per-user overrides (key = feature flag, value = enabled)
+ * @param isSystemOrg - Whether the user belongs to the system organization
+ * @returns Sorted array of enabled feature flags
+ */
+export declare function resolveUserFeatures(tier: QuotaTier, featureOverrides?: Record<string, boolean> | null, isSystemOrg?: boolean): FeatureFlag[];
+/**
+ * Check if a specific feature is enabled for a user.
+ *
+ * @param tier - The organization's quota tier
+ * @param feature - The feature flag to check
+ * @param featureOverrides - Per-user overrides
+ * @param isSystemOrg - Whether the user belongs to the system organization
+ * @returns true if the feature is enabled
+ */
+export declare function hasFeature(tier: QuotaTier, feature: FeatureFlag, featureOverrides?: Record<string, boolean> | null, isSystemOrg?: boolean): boolean;

package/lib/types/feature-flags.js

@@ -0,0 +1,107 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FEATURE_METADATA = exports.TIER_FEATURES = exports.ALL_FEATURE_FLAGS = void 0;
+exports.isValidFeatureFlag = isValidFeatureFlag;
+exports.resolveUserFeatures = resolveUserFeatures;
+exports.hasFeature = hasFeature;
+/** All valid feature flags (order determines display order). */
+exports.ALL_FEATURE_FLAGS = [
+    'priority_support',
+    'ai_generation',
+    'bulk_operations',
+    'custom_integrations',
+    'audit_log',
+];
+/** Check whether a string is a valid FeatureFlag. */
+function isValidFeatureFlag(value) {
+    return exports.ALL_FEATURE_FLAGS.includes(value);
+}
+// Tier-to-feature mapping
+/** Features enabled by default for each tier. */
+exports.TIER_FEATURES = {
+    developer: [],
+    pro: ['priority_support', 'ai_generation', 'bulk_operations'],
+    unlimited: [...exports.ALL_FEATURE_FLAGS],
+};
+// Feature metadata (for display)
+/** Human-readable metadata for each feature flag. */
+exports.FEATURE_METADATA = {
+    priority_support: {
+        label: 'Priority Support',
+        description: 'Faster response times and dedicated support channels',
+    },
+    ai_generation: {
+        label: 'AI Generation',
+        description: 'AI-powered pipeline and plugin generation',
+    },
+    bulk_operations: {
+        label: 'Bulk Operations',
+        description: 'Batch create, update, and delete for pipelines and plugins',
+    },
+    custom_integrations: {
+        label: 'Custom Integrations',
+        description: 'Connect to external services and custom webhook endpoints',
+    },
+    audit_log: {
+        label: 'Audit Log',
+        description: 'Detailed audit trail of all user and system actions',
+    },
+};
+// Resolution logic
+/**
+ * Resolve a user's effective feature set.
+ *
+ * 1. System org users always get ALL features.
+ * 2. Start with the tier's default features.
+ * 3. Apply per-user overrides: `true` adds a feature, `false` removes it.
+ * 4. Invalid override keys are silently ignored.
+ *
+ * @param tier - The organization's quota tier
+ * @param featureOverrides - Per-user overrides (key = feature flag, value = enabled)
+ * @param isSystemOrg - Whether the user belongs to the system organization
+ * @returns Sorted array of enabled feature flags
+ */
+function resolveUserFeatures(tier, featureOverrides, isSystemOrg) {
+    // System org always gets everything
+    if (isSystemOrg)
+        return [...exports.ALL_FEATURE_FLAGS];
+    // Start with tier defaults
+    const features = new Set(exports.TIER_FEATURES[tier] ?? []);
+    // Apply per-user overrides
+    if (featureOverrides) {
+        for (const [key, enabled] of Object.entries(featureOverrides)) {
+            if (!isValidFeatureFlag(key))
+                continue;
+            if (enabled) {
+                features.add(key);
+            }
+            else {
+                features.delete(key);
+            }
+        }
+    }
+    // Return in canonical order
+    return exports.ALL_FEATURE_FLAGS.filter(f => features.has(f));
+}
+/**
+ * Check if a specific feature is enabled for a user.
+ *
+ * @param tier - The organization's quota tier
+ * @param feature - The feature flag to check
+ * @param featureOverrides - Per-user overrides
+ * @param isSystemOrg - Whether the user belongs to the system organization
+ * @returns true if the feature is enabled
+ */
+function hasFeature(tier, feature, featureOverrides, isSystemOrg) {
+    if (isSystemOrg)
+        return true;
+    // Check override first
+    if (featureOverrides && feature in featureOverrides) {
+        return featureOverrides[feature];
+    }
+    // Fall back to tier default
+    return (exports.TIER_FEATURES[tier] ?? []).includes(feature);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmVhdHVyZS1mbGFncy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90eXBlcy9mZWF0dXJlLWZsYWdzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSwrQ0FBK0M7QUFDL0Msc0NBQXNDOzs7QUF3QnRDLGdEQUVDO0FBb0RELGtEQXlCQztBQVdELGdDQWVDO0FBbkhELGdFQUFnRTtBQUNuRCxRQUFBLGlCQUFpQixHQUEyQjtJQUN2RCxrQkFBa0I7SUFDbEIsZUFBZTtJQUNmLGlCQUFpQjtJQUNqQixxQkFBcUI7SUFDckIsV0FBVztDQUNaLENBQUM7QUFFRixxREFBcUQ7QUFDckQsU0FBZ0Isa0JBQWtCLENBQUMsS0FBYTtJQUM5QyxPQUFRLHlCQUF1QyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUNsRSxDQUFDO0FBRUQsMEJBQTBCO0FBRTFCLGlEQUFpRDtBQUNwQyxRQUFBLGFBQWEsR0FBOEM7SUFDdEUsU0FBUyxFQUFFLEVBQUU7SUFDYixHQUFHLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxlQUFlLEVBQUUsaUJBQWlCLENBQUM7SUFDN0QsU0FBUyxFQUFFLENBQUMsR0FBRyx5QkFBaUIsQ0FBQztDQUNsQyxDQUFDO0FBRUYsaUNBQWlDO0FBRWpDLHFEQUFxRDtBQUN4QyxRQUFBLGdCQUFnQixHQUFnRTtJQUMzRixnQkFBZ0IsRUFBRTtRQUNoQixLQUFLLEVBQUUsa0JBQWtCO1FBQ3pCLFdBQVcsRUFBRSxzREFBc0Q7S0FDcEU7SUFDRCxhQUFhLEVBQUU7UUFDYixLQUFLLEVBQUUsZUFBZTtRQUN0QixXQUFXLEVBQUUsMkNBQTJDO0tBQ3pEO0lBQ0QsZUFBZSxFQUFFO1FBQ2YsS0FBSyxFQUFFLGlCQUFpQjtRQUN4QixXQUFXLEVBQUUsNERBQTREO0tBQzFFO0lBQ0QsbUJBQW1CLEVBQUU7UUFDbkIsS0FBSyxFQUFFLHFCQUFxQjtRQUM1QixXQUFXLEVBQUUsMkRBQTJEO0tBQ3pFO0lBQ0QsU0FBUyxFQUFFO1FBQ1QsS0FBSyxFQUFFLFdBQVc7UUFDbEIsV0FBVyxFQUFFLHFEQUFxRDtLQUNuRTtDQUNGLENBQUM7QUFFRixtQkFBbUI7QUFFbkI7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsU0FBZ0IsbUJBQW1CLENBQ2pDLElBQWUsRUFDZixnQkFBaUQsRUFDakQsV0FBcUI7SUFFckIsb0NBQW9DO0lBQ3BDLElBQUksV0FBVztRQUFFLE9BQU8sQ0FBQyxHQUFHLHlCQUFpQixDQUFDLENBQUM7SUFFL0MsMkJBQTJCO0lBQzNCLE1BQU0sUUFBUSxHQUFHLElBQUksR0FBRyxDQUFjLHFCQUFhLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7SUFFakUsMkJBQTJCO0lBQzNCLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztRQUNyQixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7WUFDOUQsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQztnQkFBRSxTQUFTO1lBQ3ZDLElBQUksT0FBTyxFQUFFLENBQUM7Z0JBQ1osUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUNwQixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUN2QixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsT0FBTyx5QkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDeEQsQ0FBQztBQUVEOzs7Ozs7OztHQVFHO0FBQ0gsU0FBZ0IsVUFBVSxDQUN4QixJQUFlLEVBQ2YsT0FBb0IsRUFDcEIsZ0JBQWlELEVBQ2pELFdBQXFCO0lBRXJCLElBQUksV0FBVztRQUFFLE9BQU8sSUFBSSxDQUFDO0lBRTdCLHVCQUF1QjtJQUN2QixJQUFJLGdCQUFnQixJQUFJLE9BQU8sSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3BELE9BQU8sZ0JBQWdCLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVELDRCQUE0QjtJQUM1QixPQUFPLENBQUMscUJBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDdkQsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIENvcHlyaWdodCAyMDI2IFBpcGVsaW5lIEJ1aWxkZXIgQ29udHJpYnV0b3JzXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG5pbXBvcnQgdHlwZSB7IFF1b3RhVGllciB9IGZyb20gJy4vcXVvdGEtdGllcnMnO1xuXG4vLyBGZWF0dXJlIGZsYWcgaWRlbnRpZmllcnNcblxuLyoqIENhbm9uaWNhbCBmZWF0dXJlIGZsYWcgaWRlbnRpZmllcnMuICovXG5leHBvcnQgdHlwZSBGZWF0dXJlRmxhZyA9XG4gIHwgJ3ByaW9yaXR5X3N1cHBvcnQnXG4gIHwgJ2N1c3RvbV9pbnRlZ3JhdGlvbnMnXG4gIHwgJ2FpX2dlbmVyYXRpb24nXG4gIHwgJ2J1bGtfb3BlcmF0aW9ucydcbiAgfCAnYXVkaXRfbG9nJztcblxuLyoqIEFsbCB2YWxpZCBmZWF0dXJlIGZsYWdzIChvcmRlciBkZXRlcm1pbmVzIGRpc3BsYXkgb3JkZXIpLiAqL1xuZXhwb3J0IGNvbnN0IEFMTF9GRUFUVVJFX0ZMQUdTOiByZWFkb25seSBGZWF0dXJlRmxhZ1tdID0gW1xuICAncHJpb3JpdHlfc3VwcG9ydCcsXG4gICdhaV9nZW5lcmF0aW9uJyxcbiAgJ2J1bGtfb3BlcmF0aW9ucycsXG4gICdjdXN0b21faW50ZWdyYXRpb25zJyxcbiAgJ2F1ZGl0X2xvZycsXG5dO1xuXG4vKiogQ2hlY2sgd2hldGhlciBhIHN0cmluZyBpcyBhIHZhbGlkIEZlYXR1cmVGbGFnLiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGlzVmFsaWRGZWF0dXJlRmxhZyh2YWx1ZTogc3RyaW5nKTogdmFsdWUgaXMgRmVhdHVyZUZsYWcge1xuICByZXR1cm4gKEFMTF9GRUFUVVJFX0ZMQUdTIGFzIHJlYWRvbmx5IHN0cmluZ1tdKS5pbmNsdWRlcyh2YWx1ZSk7XG59XG5cbi8vIFRpZXItdG8tZmVhdHVyZSBtYXBwaW5nXG5cbi8qKiBGZWF0dXJlcyBlbmFibGVkIGJ5IGRlZmF1bHQgZm9yIGVhY2ggdGllci4gKi9cbmV4cG9ydCBjb25zdCBUSUVSX0ZFQVRVUkVTOiBSZWNvcmQ8UXVvdGFUaWVyLCByZWFkb25seSBGZWF0dXJlRmxhZ1tdPiA9IHtcbiAgZGV2ZWxvcGVyOiBbXSxcbiAgcHJvOiBbJ3ByaW9yaXR5X3N1cHBvcnQnLCAnYWlfZ2VuZXJhdGlvbicsICdidWxrX29wZXJhdGlvbnMnXSxcbiAgdW5saW1pdGVkOiBbLi4uQUxMX0ZFQVRVUkVfRkxBR1NdLFxufTtcblxuLy8gRmVhdHVyZSBtZXRhZGF0YSAoZm9yIGRpc3BsYXkpXG5cbi8qKiBIdW1hbi1yZWFkYWJsZSBtZXRhZGF0YSBmb3IgZWFjaCBmZWF0dXJlIGZsYWcuICovXG5leHBvcnQgY29uc3QgRkVBVFVSRV9NRVRBREFUQTogUmVjb3JkPEZlYXR1cmVGbGFnLCB7IGxhYmVsOiBzdHJpbmc7IGRlc2NyaXB0aW9uOiBzdHJpbmcgfT4gPSB7XG4gIHByaW9yaXR5X3N1cHBvcnQ6IHtcbiAgICBsYWJlbDogJ1ByaW9yaXR5IFN1cHBvcnQnLFxuICAgIGRlc2NyaXB0aW9uOiAnRmFzdGVyIHJlc3BvbnNlIHRpbWVzIGFuZCBkZWRpY2F0ZWQgc3VwcG9ydCBjaGFubmVscycsXG4gIH0sXG4gIGFpX2dlbmVyYXRpb246IHtcbiAgICBsYWJlbDogJ0FJIEdlbmVyYXRpb24nLFxuICAgIGRlc2NyaXB0aW9uOiAnQUktcG93ZXJlZCBwaXBlbGluZSBhbmQgcGx1Z2luIGdlbmVyYXRpb24nLFxuICB9LFxuICBidWxrX29wZXJhdGlvbnM6IHtcbiAgICBsYWJlbDogJ0J1bGsgT3BlcmF0aW9ucycsXG4gICAgZGVzY3JpcHRpb246ICdCYXRjaCBjcmVhdGUsIHVwZGF0ZSwgYW5kIGRlbGV0ZSBmb3IgcGlwZWxpbmVzIGFuZCBwbHVnaW5zJyxcbiAgfSxcbiAgY3VzdG9tX2ludGVncmF0aW9uczoge1xuICAgIGxhYmVsOiAnQ3VzdG9tIEludGVncmF0aW9ucycsXG4gICAgZGVzY3JpcHRpb246ICdDb25uZWN0IHRvIGV4dGVybmFsIHNlcnZpY2VzIGFuZCBjdXN0b20gd2ViaG9vayBlbmRwb2ludHMnLFxuICB9LFxuICBhdWRpdF9sb2c6IHtcbiAgICBsYWJlbDogJ0F1ZGl0IExvZycsXG4gICAgZGVzY3JpcHRpb246ICdEZXRhaWxlZCBhdWRpdCB0cmFpbCBvZiBhbGwgdXNlciBhbmQgc3lzdGVtIGFjdGlvbnMnLFxuICB9LFxufTtcblxuLy8gUmVzb2x1dGlvbiBsb2dpY1xuXG4vKipcbiAqIFJlc29sdmUgYSB1c2VyJ3MgZWZmZWN0aXZlIGZlYXR1cmUgc2V0LlxuICpcbiAqIDEuIFN5c3RlbSBvcmcgdXNlcnMgYWx3YXlzIGdldCBBTEwgZmVhdHVyZXMuXG4gKiAyLiBTdGFydCB3aXRoIHRoZSB0aWVyJ3MgZGVmYXVsdCBmZWF0dXJlcy5cbiAqIDMuIEFwcGx5IHBlci11c2VyIG92ZXJyaWRlczogYHRydWVgIGFkZHMgYSBmZWF0dXJlLCBgZmFsc2VgIHJlbW92ZXMgaXQuXG4gKiA0LiBJbnZhbGlkIG92ZXJyaWRlIGtleXMgYXJlIHNpbGVudGx5IGlnbm9yZWQuXG4gKlxuICogQHBhcmFtIHRpZXIgLSBUaGUgb3JnYW5pemF0aW9uJ3MgcXVvdGEgdGllclxuICogQHBhcmFtIGZlYXR1cmVPdmVycmlkZXMgLSBQZXItdXNlciBvdmVycmlkZXMgKGtleSA9IGZlYXR1cmUgZmxhZywgdmFsdWUgPSBlbmFibGVkKVxuICogQHBhcmFtIGlzU3lzdGVtT3JnIC0gV2hldGhlciB0aGUgdXNlciBiZWxvbmdzIHRvIHRoZSBzeXN0ZW0gb3JnYW5pemF0aW9uXG4gKiBAcmV0dXJucyBTb3J0ZWQgYXJyYXkgb2YgZW5hYmxlZCBmZWF0dXJlIGZsYWdzXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiByZXNvbHZlVXNlckZlYXR1cmVzKFxuICB0aWVyOiBRdW90YVRpZXIsXG4gIGZlYXR1cmVPdmVycmlkZXM/OiBSZWNvcmQ8c3RyaW5nLCBib29sZWFuPiB8IG51bGwsXG4gIGlzU3lzdGVtT3JnPzogYm9vbGVhbixcbik6IEZlYXR1cmVGbGFnW10ge1xuICAvLyBTeXN0ZW0gb3JnIGFsd2F5cyBnZXRzIGV2ZXJ5dGhpbmdcbiAgaWYgKGlzU3lzdGVtT3JnKSByZXR1cm4gWy4uLkFMTF9GRUFUVVJFX0ZMQUdTXTtcblxuICAvLyBTdGFydCB3aXRoIHRpZXIgZGVmYXVsdHNcbiAgY29uc3QgZmVhdHVyZXMgPSBuZXcgU2V0PEZlYXR1cmVGbGFnPihUSUVSX0ZFQVRVUkVTW3RpZXJdID8/IFtdKTtcblxuICAvLyBBcHBseSBwZXItdXNlciBvdmVycmlkZXNcbiAgaWYgKGZlYXR1cmVPdmVycmlkZXMpIHtcbiAgICBmb3IgKGNvbnN0IFtrZXksIGVuYWJsZWRdIG9mIE9iamVjdC5lbnRyaWVzKGZlYXR1cmVPdmVycmlkZXMpKSB7XG4gICAgICBpZiAoIWlzVmFsaWRGZWF0dXJlRmxhZyhrZXkpKSBjb250aW51ZTtcbiAgICAgIGlmIChlbmFibGVkKSB7XG4gICAgICAgIGZlYXR1cmVzLmFkZChrZXkpO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgZmVhdHVyZXMuZGVsZXRlKGtleSk7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLy8gUmV0dXJuIGluIGNhbm9uaWNhbCBvcmRlclxuICByZXR1cm4gQUxMX0ZFQVRVUkVfRkxBR1MuZmlsdGVyKGYgPT4gZmVhdHVyZXMuaGFzKGYpKTtcbn1cblxuLyoqXG4gKiBDaGVjayBpZiBhIHNwZWNpZmljIGZlYXR1cmUgaXMgZW5hYmxlZCBmb3IgYSB1c2VyLlxuICpcbiAqIEBwYXJhbSB0aWVyIC0gVGhlIG9yZ2FuaXphdGlvbidzIHF1b3RhIHRpZXJcbiAqIEBwYXJhbSBmZWF0dXJlIC0gVGhlIGZlYXR1cmUgZmxhZyB0byBjaGVja1xuICogQHBhcmFtIGZlYXR1cmVPdmVycmlkZXMgLSBQZXItdXNlciBvdmVycmlkZXNcbiAqIEBwYXJhbSBpc1N5c3RlbU9yZyAtIFdoZXRoZXIgdGhlIHVzZXIgYmVsb25ncyB0byB0aGUgc3lzdGVtIG9yZ2FuaXphdGlvblxuICogQHJldHVybnMgdHJ1ZSBpZiB0aGUgZmVhdHVyZSBpcyBlbmFibGVkXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBoYXNGZWF0dXJlKFxuICB0aWVyOiBRdW90YVRpZXIsXG4gIGZlYXR1cmU6IEZlYXR1cmVGbGFnLFxuICBmZWF0dXJlT3ZlcnJpZGVzPzogUmVjb3JkPHN0cmluZywgYm9vbGVhbj4gfCBudWxsLFxuICBpc1N5c3RlbU9yZz86IGJvb2xlYW4sXG4pOiBib29sZWFuIHtcbiAgaWYgKGlzU3lzdGVtT3JnKSByZXR1cm4gdHJ1ZTtcblxuICAvLyBDaGVjayBvdmVycmlkZSBmaXJzdFxuICBpZiAoZmVhdHVyZU92ZXJyaWRlcyAmJiBmZWF0dXJlIGluIGZlYXR1cmVPdmVycmlkZXMpIHtcbiAgICByZXR1cm4gZmVhdHVyZU92ZXJyaWRlc1tmZWF0dXJlXTtcbiAgfVxuXG4gIC8vIEZhbGwgYmFjayB0byB0aWVyIGRlZmF1bHRcbiAgcmV0dXJuIChUSUVSX0ZFQVRVUkVTW3RpZXJdID8/IFtdKS5pbmNsdWRlcyhmZWF0dXJlKTtcbn1cbiJdfQ==

package/lib/types/http.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Generic HTTP headers representation.
+ */
+export interface HttpHeaders {
+    [key: string]: string | string[] | undefined;
+}
+/**
+ * Generic HTTP request interface.
+ * Represents the minimal request shape needed by api-core utilities.
+ */
+export interface HttpRequest {
+    /** Request headers */
+    headers: HttpHeaders;
+    /** Route parameters */
+    params: Record<string, string | string[] | undefined>;
+    /** Query parameters */
+    query: Record<string, unknown>;
+    /** Authenticated user (if present) */
+    user?: {
+        organizationId?: string;
+        userId?: string;
+        role?: string;
+        [key: string]: unknown;
+    };
+}
+/**
+ * Generic HTTP response interface.
+ * Represents the minimal response shape needed by api-core utilities.
+ */
+export interface HttpResponse {
+    /** Set HTTP status code */
+    status(code: number): HttpResponse;
+    /** Send JSON response */
+    json(body: unknown): void;
+    /** Set response header */
+    setHeader(name: string, value: string | number): void;
+}

package/lib/types/http.js

@@ -0,0 +1,5 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaHR0cC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90eXBlcy9odHRwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSwrQ0FBK0M7QUFDL0Msc0NBQXNDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gQ29weXJpZ2h0IDIwMjYgUGlwZWxpbmUgQnVpbGRlciBDb250cmlidXRvcnNcbi8vIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG5cbi8qKlxuICogR2VuZXJpYyBIVFRQIGhlYWRlcnMgcmVwcmVzZW50YXRpb24uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgSHR0cEhlYWRlcnMge1xuICBba2V5OiBzdHJpbmddOiBzdHJpbmcgfCBzdHJpbmdbXSB8IHVuZGVmaW5lZDtcbn1cblxuLyoqXG4gKiBHZW5lcmljIEhUVFAgcmVxdWVzdCBpbnRlcmZhY2UuXG4gKiBSZXByZXNlbnRzIHRoZSBtaW5pbWFsIHJlcXVlc3Qgc2hhcGUgbmVlZGVkIGJ5IGFwaS1jb3JlIHV0aWxpdGllcy5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBIdHRwUmVxdWVzdCB7XG4gIC8qKiBSZXF1ZXN0IGhlYWRlcnMgKi9cbiAgaGVhZGVyczogSHR0cEhlYWRlcnM7XG4gIC8qKiBSb3V0ZSBwYXJhbWV0ZXJzICovXG4gIHBhcmFtczogUmVjb3JkPHN0cmluZywgc3RyaW5nIHwgc3RyaW5nW10gfCB1bmRlZmluZWQ+O1xuICAvKiogUXVlcnkgcGFyYW1ldGVycyAqL1xuICBxdWVyeTogUmVjb3JkPHN0cmluZywgdW5rbm93bj47XG4gIC8qKiBBdXRoZW50aWNhdGVkIHVzZXIgKGlmIHByZXNlbnQpICovXG4gIHVzZXI/OiB7XG4gICAgb3JnYW5pemF0aW9uSWQ/OiBzdHJpbmc7XG4gICAgdXNlcklkPzogc3RyaW5nO1xuICAgIHJvbGU/OiBzdHJpbmc7XG4gICAgW2tleTogc3RyaW5nXTogdW5rbm93bjtcbiAgfTtcbn1cblxuLyoqXG4gKiBHZW5lcmljIEhUVFAgcmVzcG9uc2UgaW50ZXJmYWNlLlxuICogUmVwcmVzZW50cyB0aGUgbWluaW1hbCByZXNwb25zZSBzaGFwZSBuZWVkZWQgYnkgYXBpLWNvcmUgdXRpbGl0aWVzLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEh0dHBSZXNwb25zZSB7XG4gIC8qKiBTZXQgSFRUUCBzdGF0dXMgY29kZSAqL1xuICBzdGF0dXMoY29kZTogbnVtYmVyKTogSHR0cFJlc3BvbnNlO1xuICAvKiogU2VuZCBKU09OIHJlc3BvbnNlICovXG4gIGpzb24oYm9keTogdW5rbm93bik6IHZvaWQ7XG4gIC8qKiBTZXQgcmVzcG9uc2UgaGVhZGVyICovXG4gIHNldEhlYWRlcihuYW1lOiBzdHJpbmcsIHZhbHVlOiBzdHJpbmcgfCBudW1iZXIpOiB2b2lkO1xufVxuIl19

package/lib/types/index.d.ts

@@ -0,0 +1,7 @@
+export * from './error-codes';
+export * from './common';
+export * from './pipeline';
+export * from './http';
+export * from './quota-tiers';
+export * from './billing';
+export * from './feature-flags';

package/lib/types/index.js

@@ -0,0 +1,26 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./error-codes"), exports);
+__exportStar(require("./common"), exports);
+__exportStar(require("./pipeline"), exports);
+__exportStar(require("./http"), exports);
+__exportStar(require("./quota-tiers"), exports);
+__exportStar(require("./billing"), exports);
+__exportStar(require("./feature-flags"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtDQUErQztBQUMvQyxzQ0FBc0M7Ozs7Ozs7Ozs7Ozs7Ozs7QUFFdEMsZ0RBQThCO0FBQzlCLDJDQUF5QjtBQUN6Qiw2Q0FBMkI7QUFDM0IseUNBQXVCO0FBQ3ZCLGdEQUE4QjtBQUM5Qiw0Q0FBMEI7QUFDMUIsa0RBQWdDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gQ29weXJpZ2h0IDIwMjYgUGlwZWxpbmUgQnVpbGRlciBDb250cmlidXRvcnNcbi8vIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG5cbmV4cG9ydCAqIGZyb20gJy4vZXJyb3ItY29kZXMnO1xuZXhwb3J0ICogZnJvbSAnLi9jb21tb24nO1xuZXhwb3J0ICogZnJvbSAnLi9waXBlbGluZSc7XG5leHBvcnQgKiBmcm9tICcuL2h0dHAnO1xuZXhwb3J0ICogZnJvbSAnLi9xdW90YS10aWVycyc7XG5leHBvcnQgKiBmcm9tICcuL2JpbGxpbmcnO1xuZXhwb3J0ICogZnJvbSAnLi9mZWF0dXJlLWZsYWdzJztcbiJdfQ==

package/lib/types/pipeline.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Shared pipeline types used by both pipeline-core and pipeline-data
+ */
+/**
+ * Utility type to extract the union of all values from an object type
+ */
+type ValueOf<T> = T[keyof T];
+/**
+ * Access modifier for plugins and resources
+ *
+ * @property PUBLIC - Accessible to all users and organizations
+ * @property PRIVATE - Restricted to specific users or organizations
+ */
+export declare const AccessModifier: {
+    readonly PUBLIC: "public";
+    readonly PRIVATE: "private";
+};
+export type AccessModifier = ValueOf<typeof AccessModifier>;
+/**
+ * AWS CodeBuild compute resource sizes
+ *
+ * @property SMALL - 3 GB memory, 2 vCPUs
+ * @property MEDIUM - 7 GB memory, 4 vCPUs
+ * @property LARGE - 15 GB memory, 8 vCPUs
+ * @property X2_LARGE - 145 GB memory, 72 vCPUs
+ *
+ * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html
+ */
+export declare const ComputeType: {
+    readonly SMALL: "SMALL";
+    readonly MEDIUM: "MEDIUM";
+    readonly LARGE: "LARGE";
+    readonly X2_LARGE: "X2_LARGE";
+};
+export type ComputeType = ValueOf<typeof ComputeType>;
+/**
+ * Types of pipeline steps that can be created by plugins
+ *
+ * @property CODE_BUILD_STEP - Full CodeBuild step with custom build environment
+ * @property SHELL_STEP - Simple shell step without custom build environment
+ * @property MANUAL_APPROVAL_STEP - Native CDK approval gate (no Docker image, no commands)
+ */
+export declare const PluginType: {
+    readonly CODE_BUILD_STEP: "CodeBuildStep";
+    readonly SHELL_STEP: "ShellStep";
+    readonly MANUAL_APPROVAL_STEP: "ManualApprovalStep";
+};
+export type PluginType = ValueOf<typeof PluginType>;
+/**
+ * Metadata type for storing configuration and custom properties
+ *
+ * Supports:
+ * - Standard key-value pairs (string, boolean, number)
+ * - Custom AWS CDK keys with the pattern `aws:cdk:{namespace}:{key}`
+ *   (all lowercase — matches the format produced by `getCustomKey`)
+ *
+ * @example
+ * ```typescript
+ * const metadata: MetaDataType = {
+ *   BUILD_ENV: 'production',
+ *   NODE_VERSION: '18',
+ *   ENABLE_CACHE: true,
+ *   MAX_RETRIES: 3
+ * };
+ * ```
+ */
+export type MetaDataType = Record<string, string | boolean | number> & {
+    [K in `aws:cdk:${string}`]?: unknown;
+};
+export {};

package/lib/types/pipeline.js

@@ -0,0 +1,44 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PluginType = exports.ComputeType = exports.AccessModifier = void 0;
+/**
+ * Access modifier for plugins and resources
+ *
+ * @property PUBLIC - Accessible to all users and organizations
+ * @property PRIVATE - Restricted to specific users or organizations
+ */
+exports.AccessModifier = {
+    PUBLIC: 'public',
+    PRIVATE: 'private',
+};
+/**
+ * AWS CodeBuild compute resource sizes
+ *
+ * @property SMALL - 3 GB memory, 2 vCPUs
+ * @property MEDIUM - 7 GB memory, 4 vCPUs
+ * @property LARGE - 15 GB memory, 8 vCPUs
+ * @property X2_LARGE - 145 GB memory, 72 vCPUs
+ *
+ * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html
+ */
+exports.ComputeType = {
+    SMALL: 'SMALL',
+    MEDIUM: 'MEDIUM',
+    LARGE: 'LARGE',
+    X2_LARGE: 'X2_LARGE',
+};
+/**
+ * Types of pipeline steps that can be created by plugins
+ *
+ * @property CODE_BUILD_STEP - Full CodeBuild step with custom build environment
+ * @property SHELL_STEP - Simple shell step without custom build environment
+ * @property MANUAL_APPROVAL_STEP - Native CDK approval gate (no Docker image, no commands)
+ */
+exports.PluginType = {
+    CODE_BUILD_STEP: 'CodeBuildStep',
+    SHELL_STEP: 'ShellStep',
+    MANUAL_APPROVAL_STEP: 'ManualApprovalStep',
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGlwZWxpbmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvcGlwZWxpbmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtDQUErQztBQUMvQyxzQ0FBc0M7OztBQVd0Qzs7Ozs7R0FLRztBQUNVLFFBQUEsY0FBYyxHQUFHO0lBQzVCLE1BQU0sRUFBRSxRQUFRO0lBQ2hCLE9BQU8sRUFBRSxTQUFTO0NBQ1YsQ0FBQztBQUdYOzs7Ozs7Ozs7R0FTRztBQUNVLFFBQUEsV0FBVyxHQUFHO0lBQ3pCLEtBQUssRUFBRSxPQUFPO0lBQ2QsTUFBTSxFQUFFLFFBQVE7SUFDaEIsS0FBSyxFQUFFLE9BQU87SUFDZCxRQUFRLEVBQUUsVUFBVTtDQUNaLENBQUM7QUFHWDs7Ozs7O0dBTUc7QUFDVSxRQUFBLFVBQVUsR0FBRztJQUN4QixlQUFlLEVBQUUsZUFBZTtJQUNoQyxVQUFVLEVBQUUsV0FBVztJQUN2QixvQkFBb0IsRUFBRSxvQkFBb0I7Q0FDbEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIENvcHlyaWdodCAyMDI2IFBpcGVsaW5lIEJ1aWxkZXIgQ29udHJpYnV0b3JzXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG4vKipcbiAqIFNoYXJlZCBwaXBlbGluZSB0eXBlcyB1c2VkIGJ5IGJvdGggcGlwZWxpbmUtY29yZSBhbmQgcGlwZWxpbmUtZGF0YVxuICovXG5cbi8qKlxuICogVXRpbGl0eSB0eXBlIHRvIGV4dHJhY3QgdGhlIHVuaW9uIG9mIGFsbCB2YWx1ZXMgZnJvbSBhbiBvYmplY3QgdHlwZVxuICovXG50eXBlIFZhbHVlT2Y8VD4gPSBUW2tleW9mIFRdO1xuXG4vKipcbiAqIEFjY2VzcyBtb2RpZmllciBmb3IgcGx1Z2lucyBhbmQgcmVzb3VyY2VzXG4gKlxuICogQHByb3BlcnR5IFBVQkxJQyAtIEFjY2Vzc2libGUgdG8gYWxsIHVzZXJzIGFuZCBvcmdhbml6YXRpb25zXG4gKiBAcHJvcGVydHkgUFJJVkFURSAtIFJlc3RyaWN0ZWQgdG8gc3BlY2lmaWMgdXNlcnMgb3Igb3JnYW5pemF0aW9uc1xuICovXG5leHBvcnQgY29uc3QgQWNjZXNzTW9kaWZpZXIgPSB7XG4gIFBVQkxJQzogJ3B1YmxpYycsXG4gIFBSSVZBVEU6ICdwcml2YXRlJyxcbn0gYXMgY29uc3Q7XG5leHBvcnQgdHlwZSBBY2Nlc3NNb2RpZmllciA9IFZhbHVlT2Y8dHlwZW9mIEFjY2Vzc01vZGlmaWVyPjtcblxuLyoqXG4gKiBBV1MgQ29kZUJ1aWxkIGNvbXB1dGUgcmVzb3VyY2Ugc2l6ZXNcbiAqXG4gKiBAcHJvcGVydHkgU01BTEwgLSAzIEdCIG1lbW9yeSwgMiB2Q1BVc1xuICogQHByb3BlcnR5IE1FRElVTSAtIDcgR0IgbWVtb3J5LCA0IHZDUFVzXG4gKiBAcHJvcGVydHkgTEFSR0UgLSAxNSBHQiBtZW1vcnksIDggdkNQVXNcbiAqIEBwcm9wZXJ0eSBYMl9MQVJHRSAtIDE0NSBHQiBtZW1vcnksIDcyIHZDUFVzXG4gKlxuICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vY29kZWJ1aWxkL2xhdGVzdC91c2VyZ3VpZGUvYnVpbGQtZW52LXJlZi1jb21wdXRlLXR5cGVzLmh0bWxcbiAqL1xuZXhwb3J0IGNvbnN0IENvbXB1dGVUeXBlID0ge1xuICBTTUFMTDogJ1NNQUxMJyxcbiAgTUVESVVNOiAnTUVESVVNJyxcbiAgTEFSR0U6ICdMQVJHRScsXG4gIFgyX0xBUkdFOiAnWDJfTEFSR0UnLFxufSBhcyBjb25zdDtcbmV4cG9ydCB0eXBlIENvbXB1dGVUeXBlID0gVmFsdWVPZjx0eXBlb2YgQ29tcHV0ZVR5cGU+O1xuXG4vKipcbiAqIFR5cGVzIG9mIHBpcGVsaW5lIHN0ZXBzIHRoYXQgY2FuIGJlIGNyZWF0ZWQgYnkgcGx1Z2luc1xuICpcbiAqIEBwcm9wZXJ0eSBDT0RFX0JVSUxEX1NURVAgLSBGdWxsIENvZGVCdWlsZCBzdGVwIHdpdGggY3VzdG9tIGJ1aWxkIGVudmlyb25tZW50XG4gKiBAcHJvcGVydHkgU0hFTExfU1RFUCAtIFNpbXBsZSBzaGVsbCBzdGVwIHdpdGhvdXQgY3VzdG9tIGJ1aWxkIGVudmlyb25tZW50XG4gKiBAcHJvcGVydHkgTUFOVUFMX0FQUFJPVkFMX1NURVAgLSBOYXRpdmUgQ0RLIGFwcHJvdmFsIGdhdGUgKG5vIERvY2tlciBpbWFnZSwgbm8gY29tbWFuZHMpXG4gKi9cbmV4cG9ydCBjb25zdCBQbHVnaW5UeXBlID0ge1xuICBDT0RFX0JVSUxEX1NURVA6ICdDb2RlQnVpbGRTdGVwJyxcbiAgU0hFTExfU1RFUDogJ1NoZWxsU3RlcCcsXG4gIE1BTlVBTF9BUFBST1ZBTF9TVEVQOiAnTWFudWFsQXBwcm92YWxTdGVwJyxcbn0gYXMgY29uc3Q7XG5leHBvcnQgdHlwZSBQbHVnaW5UeXBlID0gVmFsdWVPZjx0eXBlb2YgUGx1Z2luVHlwZT47XG5cbi8qKlxuICogTWV0YWRhdGEgdHlwZSBmb3Igc3RvcmluZyBjb25maWd1cmF0aW9uIGFuZCBjdXN0b20gcHJvcGVydGllc1xuICpcbiAqIFN1cHBvcnRzOlxuICogLSBTdGFuZGFyZCBrZXktdmFsdWUgcGFpcnMgKHN0cmluZywgYm9vbGVhbiwgbnVtYmVyKVxuICogLSBDdXN0b20gQVdTIENESyBrZXlzIHdpdGggdGhlIHBhdHRlcm4gYGF3czpjZGs6e25hbWVzcGFjZX06e2tleX1gXG4gKiAgIChhbGwgbG93ZXJjYXNlIOKAlCBtYXRjaGVzIHRoZSBmb3JtYXQgcHJvZHVjZWQgYnkgYGdldEN1c3RvbUtleWApXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIGNvbnN0IG1ldGFkYXRhOiBNZXRhRGF0YVR5cGUgPSB7XG4gKiAgIEJVSUxEX0VOVjogJ3Byb2R1Y3Rpb24nLFxuICogICBOT0RFX1ZFUlNJT046ICcxOCcsXG4gKiAgIEVOQUJMRV9DQUNIRTogdHJ1ZSxcbiAqICAgTUFYX1JFVFJJRVM6IDNcbiAqIH07XG4gKiBgYGBcbiAqL1xuZXhwb3J0IHR5cGUgTWV0YURhdGFUeXBlID1cbiAgUmVjb3JkPHN0cmluZywgc3RyaW5nIHwgYm9vbGVhbiB8IG51bWJlcj4gJlxuICB7IFtLIGluIGBhd3M6Y2RrOiR7c3RyaW5nfWBdPzogdW5rbm93biB9O1xuIl19

package/lib/types/quota-tiers.d.ts

@@ -0,0 +1,23 @@
+/** Available quota tier identifiers. */
+export type QuotaTier = 'developer' | 'pro' | 'unlimited';
+/** Limit values for each quota type within a tier. */
+export interface QuotaTierLimits {
+    plugins: number;
+    pipelines: number;
+    apiCalls: number;
+}
+/** Full preset for a single tier (label + limits). */
+export interface QuotaTierPreset {
+    label: string;
+    limits: QuotaTierLimits;
+}
+/** Preset limits for each tier. */
+export declare const QUOTA_TIERS: Record<QuotaTier, QuotaTierPreset>;
+/** All valid tier names. */
+export declare const VALID_TIERS: readonly QuotaTier[];
+/** Default tier assigned to new organizations. */
+export declare const DEFAULT_TIER: QuotaTier;
+/** Check whether a string is a valid QuotaTier. */
+export declare function isValidTier(value: string): value is QuotaTier;
+/** Get the default limits for a given tier (falls back to developer). */
+export declare function getTierLimits(tier: string): QuotaTierLimits;

package/lib/types/quota-tiers.js

@@ -0,0 +1,26 @@
+"use strict";
+// Copyright 2026 Pipeline Builder Contributors
+// SPDX-License-Identifier: Apache-2.0
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_TIER = exports.VALID_TIERS = exports.QUOTA_TIERS = void 0;
+exports.isValidTier = isValidTier;
+exports.getTierLimits = getTierLimits;
+/** Preset limits for each tier. */
+exports.QUOTA_TIERS = {
+    developer: { label: 'Developer', limits: { plugins: 100, pipelines: 10, apiCalls: -1 } },
+    pro: { label: 'Pro', limits: { plugins: 1000, pipelines: 100, apiCalls: -1 } },
+    unlimited: { label: 'Unlimited', limits: { plugins: -1, pipelines: -1, apiCalls: -1 } },
+};
+/** All valid tier names. */
+exports.VALID_TIERS = Object.keys(exports.QUOTA_TIERS);
+/** Default tier assigned to new organizations. */
+exports.DEFAULT_TIER = 'developer';
+/** Check whether a string is a valid QuotaTier. */
+function isValidTier(value) {
+    return value in exports.QUOTA_TIERS;
+}
+/** Get the default limits for a given tier (falls back to developer). */
+function getTierLimits(tier) {
+    return isValidTier(tier) ? exports.QUOTA_TIERS[tier].limits : exports.QUOTA_TIERS.developer.limits;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVvdGEtdGllcnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvcXVvdGEtdGllcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtDQUErQztBQUMvQyxzQ0FBc0M7OztBQWdDdEMsa0NBRUM7QUFHRCxzQ0FFQztBQXJCRCxtQ0FBbUM7QUFDdEIsUUFBQSxXQUFXLEdBQXVDO0lBQzdELFNBQVMsRUFBRSxFQUFFLEtBQUssRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFO0lBQ3hGLEdBQUcsRUFBRSxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFO0lBQzlFLFNBQVMsRUFBRSxFQUFFLEtBQUssRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxRQUFRLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRTtDQUN4RixDQUFDO0FBRUYsNEJBQTRCO0FBQ2YsUUFBQSxXQUFXLEdBQXlCLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUJBQVcsQ0FBZ0IsQ0FBQztBQUV6RixrREFBa0Q7QUFDckMsUUFBQSxZQUFZLEdBQWMsV0FBVyxDQUFDO0FBRW5ELG1EQUFtRDtBQUNuRCxTQUFnQixXQUFXLENBQUMsS0FBYTtJQUN2QyxPQUFPLEtBQUssSUFBSSxtQkFBVyxDQUFDO0FBQzlCLENBQUM7QUFFRCx5RUFBeUU7QUFDekUsU0FBZ0IsYUFBYSxDQUFDLElBQVk7SUFDeEMsT0FBTyxXQUFXLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLG1CQUFXLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxtQkFBVyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7QUFDckYsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIENvcHlyaWdodCAyMDI2IFBpcGVsaW5lIEJ1aWxkZXIgQ29udHJpYnV0b3JzXG4vLyBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMFxuXG4vKiogQXZhaWxhYmxlIHF1b3RhIHRpZXIgaWRlbnRpZmllcnMuICovXG5leHBvcnQgdHlwZSBRdW90YVRpZXIgPSAnZGV2ZWxvcGVyJyB8ICdwcm8nIHwgJ3VubGltaXRlZCc7XG5cbi8qKiBMaW1pdCB2YWx1ZXMgZm9yIGVhY2ggcXVvdGEgdHlwZSB3aXRoaW4gYSB0aWVyLiAqL1xuZXhwb3J0IGludGVyZmFjZSBRdW90YVRpZXJMaW1pdHMge1xuICBwbHVnaW5zOiBudW1iZXI7XG4gIHBpcGVsaW5lczogbnVtYmVyO1xuICBhcGlDYWxsczogbnVtYmVyO1xufVxuXG4vKiogRnVsbCBwcmVzZXQgZm9yIGEgc2luZ2xlIHRpZXIgKGxhYmVsICsgbGltaXRzKS4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgUXVvdGFUaWVyUHJlc2V0IHtcbiAgbGFiZWw6IHN0cmluZztcbiAgbGltaXRzOiBRdW90YVRpZXJMaW1pdHM7XG59XG5cbi8qKiBQcmVzZXQgbGltaXRzIGZvciBlYWNoIHRpZXIuICovXG5leHBvcnQgY29uc3QgUVVPVEFfVElFUlM6IFJlY29yZDxRdW90YVRpZXIsIFF1b3RhVGllclByZXNldD4gPSB7XG4gIGRldmVsb3BlcjogeyBsYWJlbDogJ0RldmVsb3BlcicsIGxpbWl0czogeyBwbHVnaW5zOiAxMDAsIHBpcGVsaW5lczogMTAsIGFwaUNhbGxzOiAtMSB9IH0sXG4gIHBybzogeyBsYWJlbDogJ1BybycsIGxpbWl0czogeyBwbHVnaW5zOiAxMDAwLCBwaXBlbGluZXM6IDEwMCwgYXBpQ2FsbHM6IC0xIH0gfSxcbiAgdW5saW1pdGVkOiB7IGxhYmVsOiAnVW5saW1pdGVkJywgbGltaXRzOiB7IHBsdWdpbnM6IC0xLCBwaXBlbGluZXM6IC0xLCBhcGlDYWxsczogLTEgfSB9LFxufTtcblxuLyoqIEFsbCB2YWxpZCB0aWVyIG5hbWVzLiAqL1xuZXhwb3J0IGNvbnN0IFZBTElEX1RJRVJTOiByZWFkb25seSBRdW90YVRpZXJbXSA9IE9iamVjdC5rZXlzKFFVT1RBX1RJRVJTKSBhcyBRdW90YVRpZXJbXTtcblxuLyoqIERlZmF1bHQgdGllciBhc3NpZ25lZCB0byBuZXcgb3JnYW5pemF0aW9ucy4gKi9cbmV4cG9ydCBjb25zdCBERUZBVUxUX1RJRVI6IFF1b3RhVGllciA9ICdkZXZlbG9wZXInO1xuXG4vKiogQ2hlY2sgd2hldGhlciBhIHN0cmluZyBpcyBhIHZhbGlkIFF1b3RhVGllci4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc1ZhbGlkVGllcih2YWx1ZTogc3RyaW5nKTogdmFsdWUgaXMgUXVvdGFUaWVyIHtcbiAgcmV0dXJuIHZhbHVlIGluIFFVT1RBX1RJRVJTO1xufVxuXG4vKiogR2V0IHRoZSBkZWZhdWx0IGxpbWl0cyBmb3IgYSBnaXZlbiB0aWVyIChmYWxscyBiYWNrIHRvIGRldmVsb3BlcikuICovXG5leHBvcnQgZnVuY3Rpb24gZ2V0VGllckxpbWl0cyh0aWVyOiBzdHJpbmcpOiBRdW90YVRpZXJMaW1pdHMge1xuICByZXR1cm4gaXNWYWxpZFRpZXIodGllcikgPyBRVU9UQV9USUVSU1t0aWVyXS5saW1pdHMgOiBRVU9UQV9USUVSUy5kZXZlbG9wZXIubGltaXRzO1xufVxuIl19

package/lib/utils/alias-resolver.d.ts

@@ -0,0 +1,16 @@
+/** Result of alias resolution. */
+export interface AliasResolution {
+    /** The resolved organization ID (e.g., 'system'). */
+    resolvedOrgId: string;
+    /** Whether the input was an alias that got resolved. */
+    wasAlias: boolean;
+    /** The original input value, useful for audit logging. */
+    originalValue: string;
+}
+/**
+ * Resolve an email-like alias to an actual organization ID.
+ *
+ * If the input matches a configured support alias, it resolves to the system
+ * org ID. Otherwise the input is returned as-is (lowercased).
+ */
+export declare function resolveRecipientAlias(recipientOrgId: string): AliasResolution;