@primocaredentgroup/convex-campaigns-component 0.3.5 → 0.3.9

package/convex/components/campaigns/functions/mutations.ts

@@ -34,8 +34,11 @@ function normalizeScopeClinicIds(
   return [...new Set(scopeClinicIds.map((id) => String(id).trim()).filter(Boolean))];
 }
 
+const trustedUserIdArg = { _trustedUserId: v.optional(v.string()) };
+
 export const createCampaign = mutation({
   args: {
+    ...trustedUserIdArg,
     input: v.object({
       name: v.string(),
       description: v.optional(v.string()),
@@ -47,7 +50,7 @@ export const createCampaign = mutation({
     }),
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     const now = Date.now();
     return ctx.db.insert("campaigns", {
       ...args.input,
@@ -62,6 +65,7 @@ export const createCampaign = mutation({
 
 export const updateCampaign = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     patch: v.object({
       name: v.optional(v.string()),
@@ -74,7 +78,7 @@ export const updateCampaign = mutation({
     }),
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     const campaign = await ctx.db.get(args.campaignId);
     if (!campaign) throw new Error("Campaign not found");
     await ctx.db.patch(args.campaignId, {
@@ -93,11 +97,12 @@ export const updateCampaign = mutation({
 
 export const setCampaignStatus = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     status: campaignStatusValidator,
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     await ctx.db.patch(args.campaignId, { status: args.status, updatedAt: Date.now() });
     await ctx.db.insert("event_log", {
       campaignId: args.campaignId,
@@ -111,6 +116,7 @@ export const setCampaignStatus = mutation({
 
 export const addOrUpdateSteps = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     steps: v.array(
       v.object({
@@ -123,7 +129,7 @@ export const addOrUpdateSteps = mutation({
     ),
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     const now = Date.now();
     const createdOrUpdated: string[] = [];
     for (const step of args.steps) {
@@ -155,12 +161,13 @@ export const addOrUpdateSteps = mutation({
 
 export const previewAudience = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     segmentationRules: segmentationRulesValidator,
     sampleSize: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     const campaign = await ctx.db.get(args.campaignId);
     if (!campaign) throw new Error("Campaign not found");
 
@@ -229,12 +236,13 @@ export const previewAudience = mutation({
 
 export const buildAudienceSnapshot = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     segmentationRules: segmentationRulesValidator,
     runConfig: v.optional(runConfigValidator),
   },
   handler: async (ctx, args) => {
-    await assertAuthorized(ctx, ["Admin", "Marketing"]);
+    await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
     const campaign = await ctx.db.get(args.campaignId);
     if (!campaign) throw new Error("Campaign not found");
 

package/convex/components/campaigns/functions/playground.ts

@@ -11,6 +11,7 @@ import type { RuleGroup } from "../v2/types";
 import { DEFAULT_CALL_POLICY } from "../domain/types";
 
 const MAX_PREVIEW = 5000;
+const trustedUserIdArg = { _trustedUserId: v.optional(v.string()) };
 
 function hashRules(rules: unknown): string {
   const text = JSON.stringify(rules);
@@ -81,12 +82,13 @@ export const getFieldRegistry = query({
 
 export const seedDemoData = mutation({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     clinicIds: v.array(v.string()),
     nPatients: v.number(),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const clinicIds = normalizeClinicIds(args.clinicIds);
     if (clinicIds.length === 0) throw new Error("Almeno una clinicId è obbligatoria.");
 
@@ -185,11 +187,12 @@ export const seedDemoData = mutation({
 
 export const updateCampaignCallPolicy = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     callPolicy: v.any(),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const validation = validateCallPolicyInput(args.callPolicy);
     if (!validation.ok) {
       throw new Error(`CALL_POLICY_VALIDATION_ERROR: ${validation.errors.join(" | ")}`);
@@ -215,10 +218,10 @@ export const updateCampaignCallPolicy = mutation({
 });
 
 export const getCampaignCallPolicy = query({
-  args: { campaignId: v.id("campaigns") },
+  args: { ...trustedUserIdArg, campaignId: v.id("campaigns") },
   handler: async (ctx, args) => {
     try {
-      await assertCanManageCampaigns(ctx);
+      await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
       const campaign = await ctx.db.get(args.campaignId);
       if (!campaign) return null;
       const policy = campaign.callPolicy ?? getDefaultCallPolicy();
@@ -232,6 +235,7 @@ export const getCampaignCallPolicy = query({
 
 export const upsertCampaign = mutation({
   args: {
+    ...trustedUserIdArg,
     id: v.optional(v.id("campaigns")),
     orgId: v.string(),
     name: v.string(),
@@ -243,7 +247,7 @@ export const upsertCampaign = mutation({
     frequencyCapDays: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
 
     const rulesValidation = validateRuleDsl(args.rules);
     if (!rulesValidation.ok) {
@@ -297,11 +301,12 @@ export const upsertCampaign = mutation({
 
 export const setCampaignLifecycleStatus = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     status: v.union(v.literal("draft"), v.literal("ready"), v.literal("archived")),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const campaign = await ctx.db.get(args.campaignId);
     if (!campaign) throw new Error("Campaign non trovata.");
     const statusToV2: Record<string, "draft" | "ready" | "archived"> = {
@@ -333,12 +338,13 @@ export const setCampaignLifecycleStatus = mutation({
 
 export const listCampaignsV2 = query({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     status: v.optional(v.union(v.literal("draft"), v.literal("ready"), v.literal("archived"))),
   },
   handler: async (ctx, args) => {
     try {
-      await assertCanManageCampaigns(ctx);
+      await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
       const rows = args.status
         ? await safeCampaignsByOrgStatus(ctx, args.orgId, args.status)
         : await safeCampaignsByOrg(ctx, args.orgId);
@@ -351,10 +357,10 @@ export const listCampaignsV2 = query({
 });
 
 export const getCampaignV2 = query({
-  args: { id: v.id("campaigns") },
+  args: { ...trustedUserIdArg, id: v.id("campaigns") },
   handler: async (ctx, args) => {
     try {
-      await assertCanManageCampaigns(ctx);
+      await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
       return await ctx.db.get(args.id);
     } catch (error) {
       console.error("[getCampaignV2]", error);
@@ -364,10 +370,10 @@ export const getCampaignV2 = query({
 });
 
 export const listCampaignVersions = query({
-  args: { campaignId: v.id("campaigns") },
+  args: { ...trustedUserIdArg, campaignId: v.id("campaigns") },
   handler: async (ctx, args) => {
     try {
-      await assertCanManageCampaigns(ctx);
+      await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
       const versions = await ctx.db
         .query("campaignVersions")
         .withIndex("by_campaign", (q: any) => q.eq("campaignId", args.campaignId))
@@ -382,6 +388,7 @@ export const listCampaignVersions = query({
 
 export const previewCampaignAudience = query({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.optional(v.id("campaigns")),
     orgId: v.optional(v.string()),
     clinicIds: v.optional(v.array(v.string())),
@@ -389,7 +396,7 @@ export const previewCampaignAudience = query({
     frequencyCapDays: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
 
     let orgId = args.orgId ?? "";
     let clinicIds = normalizeClinicIds(args.clinicIds);
@@ -470,11 +477,12 @@ export const previewCampaignAudience = query({
 
 export const publishCampaignVersion = mutation({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     label: v.optional(v.string()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const campaign = await ctx.db.get(args.campaignId);
     if (!campaign) throw new Error("Campaign non trovata.");
     if (campaign.status !== "ready") {
@@ -588,12 +596,13 @@ async function safeAudienceMembersByOrgPatient(ctx: any, orgId: string, patientI
 
 export const getPatientCampaignMemberships = query({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     patientId: v.string(),
   },
   handler: async (ctx, args) => {
     try {
-      await assertCanManageCampaigns(ctx);
+      await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
       const memberships = await safeAudienceMembersByOrgPatient(
         ctx,
         args.orgId,
@@ -665,13 +674,14 @@ export const getPatientCampaignMemberships = query({
 
 export const getAudiencePage = query({
   args: {
+    ...trustedUserIdArg,
     versionId: v.id("campaignVersions"),
     clinicId: v.optional(v.string()),
     cursor: v.optional(v.string()),
     limit: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const limit = Math.min(200, Math.max(1, args.limit ?? 50));
     if (args.clinicId) {
       const page = await ctx.db
@@ -701,6 +711,7 @@ export const getAudiencePage = query({
 
 export const recordContactAttempt = mutation({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     clinicId: v.string(),
     patientId: v.string(),
@@ -718,7 +729,7 @@ export const recordContactAttempt = mutation({
     ),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const id = await ctx.db.insert("contactLog", {
       ...args,
       createdAt: Date.now(),

package/convex/components/campaigns/functions/public.ts

@@ -10,6 +10,8 @@ import { getDefaultCallPolicy } from "../v2/callPolicy";
 import { normalizeClinicId, normalizeClinicIds } from "../lib/helpers";
 import type { Id } from "../../../_generated/dataModel";
 
+const trustedUserIdArg = { _trustedUserId: v.optional(v.string()) };
+
 async function safeCampaignsByOrgStatus(ctx: any, orgId: string, status: string) {
   try {
     return await ctx.db
@@ -56,11 +58,12 @@ async function safeAudienceMembersByOrgPatient(ctx: any, orgId: string, patientI
 
 export const listActiveCampaignsForOrg = query({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     clinicId: v.optional(v.string()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const campaigns = await safeCampaignsByOrgStatus(ctx, args.orgId, "ready");
     const clinicIdNorm = args.clinicId ? normalizeClinicId(args.clinicId) : null;
 
@@ -107,9 +110,9 @@ export const listActiveCampaignsForOrg = query({
 });
 
 export const getLatestPublishedVersion = query({
-  args: { campaignId: v.id("campaigns") },
+  args: { ...trustedUserIdArg, campaignId: v.id("campaigns") },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const versions = await ctx.db
       .query("campaignVersions")
       .withIndex("by_campaign", (q: any) => q.eq("campaignId", args.campaignId))
@@ -128,9 +131,9 @@ export const getLatestPublishedVersion = query({
 });
 
 export const getPatientCampaignMemberships = query({
-  args: { orgId: v.string(), patientId: v.string() },
+  args: { ...trustedUserIdArg, orgId: v.string(), patientId: v.string() },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const memberships = await safeAudienceMembersByOrgPatient(
       ctx,
       args.orgId,
@@ -184,13 +187,14 @@ export const getPatientCampaignMemberships = query({
 
 export const getAudiencePage = query({
   args: {
+    ...trustedUserIdArg,
     versionId: v.id("campaignVersions"),
     clinicId: v.optional(v.string()),
     cursor: v.optional(v.string()),
     limit: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const limit = Math.min(200, Math.max(1, args.limit ?? 50));
     const clinicIdNorm = args.clinicId ? normalizeClinicId(args.clinicId) : undefined;
 
@@ -214,6 +218,7 @@ export const getAudiencePage = query({
 
 export const recordContactAttempt = mutation({
   args: {
+    ...trustedUserIdArg,
     orgId: v.string(),
     clinicId: v.string(),
     patientId: v.string(),
@@ -231,7 +236,7 @@ export const recordContactAttempt = mutation({
     ),
   },
   handler: async (ctx, args) => {
-    await assertCanManageCampaigns(ctx);
+    await assertCanManageCampaigns(ctx, { trustedUserId: args._trustedUserId });
     const clinicIdNorm = normalizeClinicId(args.clinicId);
     const id = await ctx.db.insert("contactLog", {
       ...args,

package/convex/components/campaigns/functions/queries.ts

@@ -4,6 +4,7 @@ import { assertAuthorized } from "../permissions";
 import { campaignStatusValidator, scopeTypeValidator } from "../domain/types";
 
 const clinicIdFilterValidator = v.union(v.id("clinics"), v.string());
+const trustedUserIdArg = { _trustedUserId: v.optional(v.string()) };
 
 function isRecoverableQueryError(error: unknown): boolean {
   const message = error instanceof Error ? error.message : String(error);
@@ -72,6 +73,7 @@ async function safeCollectMembersBySnapshot(ctx: any, snapshotId: string) {
 
 export const listCampaigns = query({
   args: {
+    ...trustedUserIdArg,
     filters: v.optional(
       v.object({
         status: v.optional(campaignStatusValidator),
@@ -82,7 +84,7 @@ export const listCampaigns = query({
   },
   handler: async (ctx, args) => {
     try {
-      await assertAuthorized(ctx, ["Admin", "Marketing"]);
+      await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
       let campaigns = args.filters?.status
         ? await safeCollectCampaignsByStatus(ctx, args.filters.status)
         : await ctx.db.query("campaigns").collect();
@@ -105,10 +107,10 @@ export const listCampaigns = query({
 });
 
 export const getCampaign = query({
-  args: { campaignId: v.id("campaigns") },
+  args: { ...trustedUserIdArg, campaignId: v.id("campaigns") },
   handler: async (ctx, args) => {
     try {
-      await assertAuthorized(ctx, ["Admin", "Marketing"]);
+      await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
       const campaign = await ctx.db.get(args.campaignId);
       if (!campaign) return null;
 
@@ -129,10 +131,10 @@ export const getCampaign = query({
 });
 
 export const getSnapshot = query({
-  args: { snapshotId: v.id("audience_snapshots") },
+  args: { ...trustedUserIdArg, snapshotId: v.id("audience_snapshots") },
   handler: async (ctx, args) => {
     try {
-      await assertAuthorized(ctx, ["Admin", "Marketing"]);
+      await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
       const snapshot = await ctx.db.get(args.snapshotId);
       if (!snapshot) return null;
 
@@ -152,12 +154,13 @@ export const getSnapshot = query({
 
 export const getSnapshotMemberSample = query({
   args: {
+    ...trustedUserIdArg,
     snapshotId: v.id("audience_snapshots"),
     limit: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
     try {
-      await assertAuthorized(ctx, ["Admin", "Marketing"]);
+      await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
       const limit = Math.min(Math.max(1, args.limit ?? 10), 100);
 
       let members: any[];
@@ -220,6 +223,7 @@ export const getSnapshotMemberSample = query({
 
 export const getCampaignReport = query({
   args: {
+    ...trustedUserIdArg,
     campaignId: v.id("campaigns"),
     range: v.object({
       from: v.number(),
@@ -245,7 +249,7 @@ export const getCampaignReport = query({
     };
 
     try {
-      await assertAuthorized(ctx, ["Admin", "Marketing"]);
+      await assertAuthorized(ctx, ["Admin", "Marketing"], { trustedUserId: args._trustedUserId });
       const snapshots = await safeCollectSnapshotsByCampaign(ctx, args.campaignId);
 
       const inRange = snapshots.filter(

package/convex/components/campaigns/permissions.ts

@@ -115,14 +115,25 @@ async function getUserRoleCodes(ctx: AnyCtx, userId: Id<"users">): Promise<Set<s
   return roles;
 }
 
+type AssertAuthOptions = {
+  trustedUserId?: string;
+};
+
 /**
  * MVP authorization guard.
- * - If auth identity is available: enforces required roles.
- * - If auth identity is missing: currently allows access to avoid blocking service calls
- *   while host identity wiring is being finalized.
- * TODO: tighten unauthenticated fallback once host auth is fully configured.
+ * - Se _trustedUserId è fornito dall'host: bypass completo (l'host ha già validato l'utente).
+ * - Se auth identity è disponibile: enforce dei ruoli richiesti.
+ * - Se auth identity manca: fallback per servizi in fase di wiring.
  */
-export async function assertAuthorized(ctx: AnyCtx, requiredRoles: Role[]): Promise<void> {
+export async function assertAuthorized(
+  ctx: AnyCtx,
+  requiredRoles: Role[],
+  options?: AssertAuthOptions,
+): Promise<void> {
+  if (options?.trustedUserId) {
+    return;
+  }
+
   const identity = await ctx.auth.getUserIdentity();
   if (!identity) {
     if (requiredRoles.includes("System")) {
@@ -180,11 +191,15 @@ export async function assertAuthorized(ctx: AnyCtx, requiredRoles: Role[]): Prom
   }
 }
 
-export async function assertCanManageCampaigns(ctx: AnyCtx): Promise<void> {
+export async function assertCanManageCampaigns(
+  ctx: AnyCtx,
+  options?: AssertAuthOptions,
+): Promise<void> {
+  if (options?.trustedUserId) {
+    return;
+  }
   const identity = await ctx.auth.getUserIdentity();
   if (!identity) {
     throw authError("CAMPAIGNS_UNAUTHORIZED", "Missing identity in request context.");
   }
-  // Placeholder policy: any authenticated user can manage campaigns.
-  // TODO: replace with PrimoCore role checks (admin/marketing).
 }

package/convex.config.ts

@@ -1,13 +1,5 @@
-import { defineApp, defineComponent } from "convex/server";
+import { defineComponent } from "convex/server";
 
 const campaignsComponent = defineComponent("campaigns");
 
-// App per npx convex dev dalla root del package (sviluppo standalone).
-// L'host che installa da npm usa: import campaignsComponent from "package/convex.config"
-// e fa app.use(campaignsComponent) - quindi serve il componente.
-const app = defineApp();
-app.use(campaignsComponent, { name: "campaigns" });
-
-export default app;
-// Per host npm: import { campaignsComponent } from "package/convex.config"
-export { campaignsComponent };
+export default campaignsComponent;

package/package.json

@@ -1,10 +1,14 @@
 {
   "name": "@primocaredentgroup/convex-campaigns-component",
-  "version": "0.3.5",
+  "version": "0.3.9",
   "description": "Convex Campaigns backend component for PrimoCore",
   "license": "UNLICENSED",
   "type": "module",
   "main": "convex.config.ts",
+  "exports": {
+    "./convex.config.js": "./convex.config.ts",
+    "./convex.config": "./convex.config.ts"
+  },
   "files": [
     "convex.config.ts",
     "README.md",
@@ -16,7 +20,7 @@
     "prepack": "npm run sync:from-repo",
     "test": "tsx --test tests/**/*.test.ts",
     "smoke": "node scripts/smoke-test.mjs",
-    "version:patch": "npm version patch --no-git-tag-version",
+    "version:patch": "node scripts/bump-version.mjs",
     "publish:component": "npm run version:patch && npm publish"
   },
   "peerDependencies": {