@revealui/services 0.0.3 → 0.1.0

package/dist/api/webhooks/index.js

@@ -0,0 +1,270 @@
+import { generateLicenseKey } from '@revealui/core/license';
+import { logger } from '@revealui/core/utils/logger';
+import { getClient } from '@revealui/db/client';
+import { processedWebhookEvents } from '@revealui/db/schema';
+import { eq } from 'drizzle-orm';
+import { protectedStripe } from '../../stripe/stripeClient.js';
+import { createServerClientFromRequest } from '../../supabase/index.js';
+import { handleInvoicePaymentFailed, handleInvoicePaymentSucceeded, handlePaymentMethodAttached, manageSubscriptionStatusChange, upsertPriceRecord, upsertProductRecord, } from '../utils.js';
+const relevantEvents = new Set([
+    'product.created',
+    'product.updated',
+    'price.created',
+    'price.updated',
+    'checkout.session.completed',
+    'customer.subscription.created',
+    'customer.subscription.updated',
+    'customer.subscription.deleted',
+    'invoice.payment_succeeded',
+    'invoice.payment_failed',
+    'payment_method.attached',
+]);
+/** Maximum webhook payload size (10 MB). Stripe payloads are tiny; this guards against DoS. */
+const MAX_BODY_BYTES = 10 * 1024 * 1024;
+/**
+ * Resolve the webhook secret from environment variables.
+ * Throws at startup/request time if no secret is configured, preventing
+ * unsigned webhook acceptance.
+ */
+function getWebhookSecret() {
+    const secret = (typeof import.meta.env.STRIPE_WEBHOOK_SECRET_LIVE === 'string'
+        ? import.meta.env.STRIPE_WEBHOOK_SECRET_LIVE
+        : undefined) ??
+        (typeof import.meta.env.STRIPE_WEBHOOK_SECRET === 'string'
+            ? import.meta.env.STRIPE_WEBHOOK_SECRET
+            : undefined);
+    if (!secret) {
+        throw new Error('STRIPE_WEBHOOK_SECRET or STRIPE_WEBHOOK_SECRET_LIVE must be configured. ' +
+            'Refusing to process webhooks without signature verification.');
+    }
+    return secret;
+}
+/**
+ * Database-backed idempotency check. Prevents duplicate webhook processing
+ * across Vercel cold starts, multi-region deployments, and server restarts.
+ */
+async function isEventAlreadyProcessed(eventId) {
+    const db = getClient();
+    const [existing] = await db
+        .select({ id: processedWebhookEvents.id })
+        .from(processedWebhookEvents)
+        .where(eq(processedWebhookEvents.id, eventId))
+        .limit(1);
+    return !!existing;
+}
+async function markEventProcessed(eventId, eventType) {
+    const db = getClient();
+    await db.insert(processedWebhookEvents).values({ id: eventId, eventType }).onConflictDoNothing();
+}
+export async function POST(request) {
+    const supabase = createServerClientFromRequest(request);
+    if (!supabase) {
+        return new Response('Supabase client not available', { status: 500 });
+    }
+    let webhookSecret;
+    try {
+        webhookSecret = getWebhookSecret();
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : 'Unknown error';
+        logger.error('Webhook secret not configured', { error: msg });
+        return new Response('Webhook endpoint not configured', { status: 500 });
+    }
+    // Reject oversized payloads before reading into memory (DoS protection).
+    // Content-Length is advisory; we still enforce after reading.
+    const contentLength = request.headers.get('content-length');
+    if (contentLength !== null && Number(contentLength) > MAX_BODY_BYTES) {
+        return new Response('Payload too large', { status: 413 });
+    }
+    const body = await request.text();
+    if (body.length > MAX_BODY_BYTES) {
+        return new Response('Payload too large', { status: 413 });
+    }
+    const sig = request.headers.get('Stripe-Signature');
+    if (!sig) {
+        return new Response('Missing Stripe-Signature header', { status: 400 });
+    }
+    let event;
+    try {
+        event = protectedStripe.webhooks.constructEvent(body, sig, webhookSecret);
+    }
+    catch (err) {
+        const errorMessage = err instanceof Error ? err.message : 'Unknown error';
+        logger.error('Webhook signature verification failed', {
+            error: errorMessage,
+        });
+        return new Response(`Webhook Error: ${errorMessage}`, { status: 400 });
+    }
+    // Idempotency check: skip already-processed events
+    if (await isEventAlreadyProcessed(event.id)) {
+        logger.debug('Skipping duplicate webhook event', { eventId: event.id });
+        return new Response(JSON.stringify({ received: true, duplicate: true }), { status: 200 });
+    }
+    if (relevantEvents.has(event.type)) {
+        try {
+            // Mark event as processing BEFORE handling — prevents duplicate processing
+            // on Stripe retries even if the handler throws below.
+            await markEventProcessed(event.id, event.type);
+            switch (event.type) {
+                case 'product.created':
+                case 'product.updated': {
+                    const product = event.data.object;
+                    if (product.object === 'product') {
+                        await upsertProductRecord(supabase, product);
+                    }
+                    break;
+                }
+                case 'price.created':
+                case 'price.updated': {
+                    const price = event.data.object;
+                    if (price.object === 'price') {
+                        await upsertPriceRecord(supabase, price);
+                    }
+                    break;
+                }
+                case 'customer.subscription.created':
+                case 'customer.subscription.updated':
+                case 'customer.subscription.deleted': {
+                    const subscription = event.data.object;
+                    if (subscription.object === 'subscription') {
+                        const customerId = typeof subscription.customer === 'string'
+                            ? subscription.customer
+                            : subscription.customer?.id;
+                        if (!customerId) {
+                            throw new Error('Subscription missing customer');
+                        }
+                        await manageSubscriptionStatusChange(subscription.id, customerId, event.type === 'customer.subscription.created', supabase);
+                        // Flag license for revocation on subscription cancellation
+                        if (event.type === 'customer.subscription.deleted') {
+                            logger.info('Subscription deleted — license should be revoked', {
+                                customerId,
+                                subscriptionId: subscription.id,
+                            });
+                        }
+                    }
+                    break;
+                }
+                case 'checkout.session.completed': {
+                    const checkoutSession = event.data.object;
+                    if (checkoutSession.object === 'checkout.session') {
+                        const session = checkoutSession;
+                        if (session.mode === 'subscription' && session.subscription) {
+                            const subscriptionId = typeof session.subscription === 'string'
+                                ? session.subscription
+                                : session.subscription.id;
+                            const customerId = typeof session.customer === 'string' ? session.customer : session.customer?.id;
+                            if (subscriptionId && customerId) {
+                                await manageSubscriptionStatusChange(subscriptionId, customerId, true, supabase);
+                                // Retrieve the subscription to:
+                                //   (a) check if a license key was already generated (idempotency across retries)
+                                //   (b) get the actual price ID for authoritative tier resolution
+                                const subscription = await protectedStripe.subscriptions.retrieve(subscriptionId);
+                                if (subscription.metadata?.license_key) {
+                                    // Already generated — Stripe retried the webhook. Safe to skip.
+                                    logger.info('License key already present, skipping generation (idempotent)', {
+                                        customerId,
+                                        subscriptionId,
+                                    });
+                                }
+                                else {
+                                    const priceId = subscription.items.data[0]?.price?.id ?? null;
+                                    const tier = resolveTierFromMetadata(session.metadata, priceId);
+                                    const privateKey = process.env.REVEALUI_LICENSE_PRIVATE_KEY;
+                                    if (!privateKey) {
+                                        // This is a configuration error, not a customer error.
+                                        // The subscription is active but no license can be issued.
+                                        logger.error('CRITICAL: REVEALUI_LICENSE_PRIVATE_KEY not set — license not generated. ' +
+                                            'Manual intervention required.', { customerId, subscriptionId, tier });
+                                    }
+                                    else if (tier !== 'free') {
+                                        try {
+                                            const licenseKey = await generateLicenseKey({ tier, customerId }, privateKey);
+                                            await protectedStripe.subscriptions.update(subscriptionId, {
+                                                metadata: { license_key: licenseKey, license_tier: tier },
+                                            });
+                                            logger.info('License key generated for checkout', { tier, customerId });
+                                        }
+                                        catch (licenseErr) {
+                                            logger.error('CRITICAL: License generation failed after successful checkout. ' +
+                                                'Manual intervention required.', {
+                                                error: licenseErr instanceof Error ? licenseErr.message : 'Unknown error',
+                                                customerId,
+                                                subscriptionId,
+                                                tier,
+                                            });
+                                        }
+                                    }
+                                }
+                                logger.info('Subscription session completed');
+                            }
+                        }
+                    }
+                    break;
+                }
+                case 'invoice.payment_succeeded': {
+                    const invoiceEvent = event;
+                    await handleInvoicePaymentSucceeded(invoiceEvent, supabase);
+                    break;
+                }
+                case 'invoice.payment_failed': {
+                    const invoiceEvent = event;
+                    await handleInvoicePaymentFailed(invoiceEvent, supabase);
+                    break;
+                }
+                case 'payment_method.attached': {
+                    const pmEvent = event;
+                    await handlePaymentMethodAttached(pmEvent, supabase);
+                    break;
+                }
+                default:
+                    throw new Error('Unhandled relevant event!');
+            }
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            logger.error('Webhook handler error', { error: errorMessage });
+            return new Response(`Webhook error: "Webhook handler failed. View logs." Error: ${errorMessage}`, {
+                status: 400,
+            });
+        }
+    }
+    return new Response(JSON.stringify({ received: true }), { status: 200 });
+}
+/**
+ * Resolve license tier from the subscription's actual price ID and checkout metadata.
+ *
+ * Price ID takes precedence — it cannot be spoofed because it comes from
+ * Stripe's own subscription record, not from client-supplied data.
+ * Metadata is a fallback for products that predate the env-var tier mapping.
+ */
+function resolveTierFromMetadata(metadata, priceId) {
+    // Primary: validate against known price IDs from environment
+    if (priceId) {
+        const proPriceId = process.env.STRIPE_PRO_PRICE_ID;
+        const maxPriceId = process.env.STRIPE_MAX_PRICE_ID;
+        const enterprisePriceId = process.env.STRIPE_ENTERPRISE_PRICE_ID;
+        if (proPriceId && priceId === proPriceId)
+            return 'pro';
+        if (maxPriceId && priceId === maxPriceId)
+            return 'max';
+        if (enterprisePriceId && priceId === enterprisePriceId)
+            return 'enterprise';
+    }
+    // Fallback: metadata set server-side during checkout session creation (not customer-supplied)
+    const tier = metadata?.tier;
+    if (tier === 'enterprise')
+        return 'enterprise';
+    if (tier === 'max')
+        return 'max';
+    if (tier === 'pro')
+        return 'pro';
+    // No tier could be resolved — this is a configuration error.
+    // Throw so Stripe retries (500) and the team can investigate.
+    logger.error('Cannot resolve license tier — unknown price ID and no metadata', {
+        priceId,
+        metadata,
+    });
+    throw new Error(`Cannot resolve license tier: price ID "${priceId}" does not match any configured tier. ` +
+        'Check STRIPE_PRO_PRICE_ID, STRIPE_MAX_PRICE_ID, and STRIPE_ENTERPRISE_PRICE_ID env vars.');
+}
+//# sourceMappingURL=index.js.map

package/dist/api/webhooks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/api/webhooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAoB,MAAM,wBAAwB,CAAA;AAC7E,OAAO,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAA;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AAC5D,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAA;AAEhC,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AAC9D,OAAO,EAAE,6BAA6B,EAAE,MAAM,yBAAyB,CAAA;AACvE,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,8BAA8B,EAC9B,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAEpB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,iBAAiB;IACjB,iBAAiB;IACjB,eAAe;IACf,eAAe;IACf,4BAA4B;IAC5B,+BAA+B;IAC/B,+BAA+B;IAC/B,+BAA+B;IAC/B,2BAA2B;IAC3B,wBAAwB;IACxB,yBAAyB;CAC1B,CAAC,CAAA;AAEF,+FAA+F;AAC/F,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAA;AAEvC;;;;GAIG;AACH,SAAS,gBAAgB;IACvB,MAAM,MAAM,GACV,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,0BAA0B,KAAK,QAAQ;QAC7D,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,0BAA0B;QAC5C,CAAC,CAAC,SAAS,CAAC;QACd,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,KAAK,QAAQ;YACxD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB;YACvC,CAAC,CAAC,SAAS,CAAC,CAAA;IAEhB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,8DAA8D,CACjE,CAAA;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CAAC,OAAe;IACpD,MAAM,EAAE,GAAG,SAAS,EAAE,CAAA;IACtB,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;SACxB,MAAM,CAAC,EAAE,EAAE,EAAE,sBAAsB,CAAC,EAAE,EAAE,CAAC;SACzC,IAAI,CAAC,sBAAsB,CAAC;SAC5B,KAAK,CAAC,EAAE,CAAC,sBAAsB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;SAC7C,KAAK,CAAC,CAAC,CAAC,CAAA;IACX,OAAO,CAAC,CAAC,QAAQ,CAAA;AACnB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAe,EAAE,SAAiB;IAClE,MAAM,EAAE,GAAG,SAAS,EAAE,CAAA;IACtB,MAAM,EAAE,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,mBAAmB,EAAE,CAAA;AAClG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAgB;IACzC,MAAM,QAAQ,GAAG,6BAA6B,CAAC,OAAO,CAAC,CAAA;IACvD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,IAAI,QAAQ,CAAC,+BAA+B,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACvE,CAAC;IAED,IAAI,aAAqB,CAAA;IACzB,IAAI,CAAC;QACH,aAAa,GAAG,gBAAgB,EAAE,CAAA;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;QAChE,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;QAC7D,OAAO,IAAI,QAAQ,CAAC,iCAAiC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACzE,CAAC;IAED,yEAAyE;IACzE,8DAA8D;IAC9D,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;IAC3D,IAAI,aAAa,KAAK,IAAI,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,cAAc,EAAE,CAAC;QACrE,OAAO,IAAI,QAAQ,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;IACjC,IAAI,IAAI,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QACjC,OAAO,IAAI,QAAQ,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3D,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAEnD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,QAAQ,CAAC,iCAAiC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACzE,CAAC;IAED,IAAI,KAAmB,CAAA;IACvB,IAAI,CAAC;QACH,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,aAAa,CAAC,CAAA;IAC3E,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;QACzE,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,KAAK,EAAE,YAAY;SACpB,CAAC,CAAA;QACF,OAAO,IAAI,QAAQ,CAAC,kBAAkB,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACxE,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,uBAAuB,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,kCAAkC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;QACvE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3F,CAAC;IAED,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,2EAA2E;YAC3E,sDAAsD;YACtD,MAAM,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;YAE9C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,iBAAiB,CAAC;gBACvB,KAAK,iBAAiB,CAAC,CAAC,CAAC;oBACvB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAA;oBACjC,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBACjC,MAAM,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;oBAC9C,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,eAAe,CAAC;gBACrB,KAAK,eAAe,CAAC,CAAC,CAAC;oBACrB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAA;oBAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;wBAC7B,MAAM,iBAAiB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;oBAC1C,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,+BAA+B,CAAC;gBACrC,KAAK,+BAA+B,CAAC;gBACrC,KAAK,+BAA+B,CAAC,CAAC,CAAC;oBACrC,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAA;oBACtC,IAAI,YAAY,CAAC,MAAM,KAAK,cAAc,EAAE,CAAC;wBAC3C,MAAM,UAAU,GACd,OAAO,YAAY,CAAC,QAAQ,KAAK,QAAQ;4BACvC,CAAC,CAAC,YAAY,CAAC,QAAQ;4BACvB,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAA;wBAC/B,IAAI,CAAC,UAAU,EAAE,CAAC;4BAChB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;wBAClD,CAAC;wBAED,MAAM,8BAA8B,CAClC,YAAY,CAAC,EAAE,EACf,UAAU,EACV,KAAK,CAAC,IAAI,KAAK,+BAA+B,EAC9C,QAAQ,CACT,CAAA;wBAED,2DAA2D;wBAC3D,IAAI,KAAK,CAAC,IAAI,KAAK,+BAA+B,EAAE,CAAC;4BACnD,MAAM,CAAC,IAAI,CAAC,kDAAkD,EAAE;gCAC9D,UAAU;gCACV,cAAc,EAAE,YAAY,CAAC,EAAE;6BAChC,CAAC,CAAA;wBACJ,CAAC;oBACH,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,4BAA4B,CAAC,CAAC,CAAC;oBAClC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAA;oBACzC,IAAI,eAAe,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;wBAClD,MAAM,OAAO,GAAG,eAAe,CAAA;wBAC/B,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;4BAC5D,MAAM,cAAc,GAClB,OAAO,OAAO,CAAC,YAAY,KAAK,QAAQ;gCACtC,CAAC,CAAC,OAAO,CAAC,YAAY;gCACtB,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAA;4BAC7B,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAA;4BAChF,IAAI,cAAc,IAAI,UAAU,EAAE,CAAC;gCACjC,MAAM,8BAA8B,CAAC,cAAc,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;gCAEhF,gCAAgC;gCAChC,kFAAkF;gCAClF,kEAAkE;gCAClE,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;gCAEjF,IAAI,YAAY,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;oCACvC,gEAAgE;oCAChE,MAAM,CAAC,IAAI,CAAC,+DAA+D,EAAE;wCAC3E,UAAU;wCACV,cAAc;qCACf,CAAC,CAAA;gCACJ,CAAC;qCAAM,CAAC;oCACN,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,IAAI,CAAA;oCAC7D,MAAM,IAAI,GAAG,uBAAuB,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;oCAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAA;oCAE3D,IAAI,CAAC,UAAU,EAAE,CAAC;wCAChB,uDAAuD;wCACvD,2DAA2D;wCAC3D,MAAM,CAAC,KAAK,CACV,0EAA0E;4CACxE,+BAA+B,EACjC,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,CACrC,CAAA;oCACH,CAAC;yCAAM,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;wCAC3B,IAAI,CAAC;4CACH,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;4CAC7E,MAAM,eAAe,CAAC,aAAa,CAAC,MAAM,CAAC,cAAc,EAAE;gDACzD,QAAQ,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE;6CAC1D,CAAC,CAAA;4CACF,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;wCACzE,CAAC;wCAAC,OAAO,UAAU,EAAE,CAAC;4CACpB,MAAM,CAAC,KAAK,CACV,iEAAiE;gDAC/D,+BAA+B,EACjC;gDACE,KAAK,EAAE,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;gDACzE,UAAU;gDACV,cAAc;gDACd,IAAI;6CACL,CACF,CAAA;wCACH,CAAC;oCACH,CAAC;gCACH,CAAC;gCAED,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;4BAC/C,CAAC;wBACH,CAAC;oBACH,CAAC;oBACD,MAAK;gBACP,CAAC;gBACD,KAAK,2BAA2B,CAAC,CAAC,CAAC;oBACjC,MAAM,YAAY,GAAG,KAGpB,CAAA;oBACD,MAAM,6BAA6B,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;oBAC3D,MAAK;gBACP,CAAC;gBACD,KAAK,wBAAwB,CAAC,CAAC,CAAC;oBAC9B,MAAM,YAAY,GAAG,KAGpB,CAAA;oBACD,MAAM,0BAA0B,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;oBACxD,MAAK;gBACP,CAAC;gBACD,KAAK,yBAAyB,CAAC,CAAC,CAAC;oBAC/B,MAAM,OAAO,GAAG,KAGf,CAAA;oBACD,MAAM,2BAA2B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;oBACpD,MAAK;gBACP,CAAC;gBACD;oBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;YAC7E,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAA;YAE9D,OAAO,IAAI,QAAQ,CACjB,8DAA8D,YAAY,EAAE,EAC5E;gBACE,MAAM,EAAE,GAAG;aACZ,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;AAC1E,CAAC;AAED;;;;;;GAMG;AACH,SAAS,uBAAuB,CAC9B,QAAmD,EACnD,OAAuB;IAEvB,6DAA6D;IAC7D,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAA;QAClD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAA;QAClD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAA;QAChE,IAAI,UAAU,IAAI,OAAO,KAAK,UAAU;YAAE,OAAO,KAAK,CAAA;QACtD,IAAI,UAAU,IAAI,OAAO,KAAK,UAAU;YAAE,OAAO,KAAK,CAAA;QACtD,IAAI,iBAAiB,IAAI,OAAO,KAAK,iBAAiB;YAAE,OAAO,YAAY,CAAA;IAC7E,CAAC;IACD,8FAA8F;IAC9F,MAAM,IAAI,GAAG,QAAQ,EAAE,IAAI,CAAA;IAC3B,IAAI,IAAI,KAAK,YAAY;QAAE,OAAO,YAAY,CAAA;IAC9C,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IAChC,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IAEhC,6DAA6D;IAC7D,8DAA8D;IAC9D,MAAM,CAAC,KAAK,CAAC,gEAAgE,EAAE;QAC7E,OAAO;QACP,QAAQ;KACT,CAAC,CAAA;IACF,MAAM,IAAI,KAAK,CACb,0CAA0C,OAAO,wCAAwC;QACvF,0FAA0F,CAC7F,CAAA;AACH,CAAC"}

package/dist/client/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * services/client - Client-side Services
+ *
+ * Client-side service integrations for browser environments:
+ * - Browser clients
+ *
+ * These are client-side implementations for use in React
+ * components and browser environments.
+ */
+export { createBrowserClient } from '../supabase/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA"}

package/dist/client/index.js

@@ -0,0 +1,12 @@
+/**
+ * services/client - Client-side Services
+ *
+ * Client-side service integrations for browser environments:
+ * - Browser clients
+ *
+ * These are client-side implementations for use in React
+ * components and browser environments.
+ */
+// Export browser client creation functions
+export { createBrowserClient } from '../supabase/index.js';
+//# sourceMappingURL=index.js.map

package/dist/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,2CAA2C;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA"}

package/dist/index.d.ts

@@ -1,27 +1,35 @@
 /**
- * @revealui/services — type stubs for public repo typecheck
+ * services - Shared Services Package
  *
- * The full implementation is in the Pro package.
- * These stubs satisfy TypeScript while the Pro package awaits
- * its first proper npm publish.
+ * Provides server-side and client-side service integrations:
+ * - Stripe payment processing
+ * - Supabase database and auth
+ * - API routes
+ *
+ * ## Usage
+ *
+ * ### Full Package (Recommended)
+ * ```typescript
+ * import { protectedStripe, createServerClient, createBrowserClient } from 'services'
+ * ```
+ *
+ * ### Core (Server-side)
+ * ```typescript
+ * import { createServerClient, protectedStripe } from 'services/server'
+ * ```
+ *
+ * ### Client (Browser)
+ * ```typescript
+ * import { createBrowserClient } from 'services/client'
+ * ```
+ */
+/**
+ * Check if payment services are licensed for use.
+ * Returns false with a warning log if no Pro/Enterprise license is active.
  */
-import type Stripe from 'stripe'
-
-// ---------------------------------------------------------------------------
-// Stripe
-// ---------------------------------------------------------------------------
-
-/** Stripe client wrapped with circuit-breaker protection */
-export declare const protectedStripe: Stripe
-
-// ---------------------------------------------------------------------------
-// Supabase
-// ---------------------------------------------------------------------------
-
-export declare function createServerClient(...args: unknown[]): unknown
-
-// ---------------------------------------------------------------------------
-// Payments
-// ---------------------------------------------------------------------------
-
-export declare function createPaymentIntent(...args: unknown[]): Promise<unknown>
+export declare function checkServicesLicense(): boolean;
+export * from './api/index.js';
+export * from './client/index.js';
+export * from './stripe/index.js';
+export * from './supabase/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAKH;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAS9C;AAGD,cAAc,gBAAgB,CAAA;AAE9B,cAAc,mBAAmB,CAAA;AACjC,cAAc,mBAAmB,CAAA;AACjC,cAAc,qBAAqB,CAAA"}

package/dist/index.js

@@ -1,42 +1,46 @@
-// @revealui/services — stub for public repo builds
-// Full implementation lives in the Pro package.
-// These stubs export real named values so bundlers can resolve them.
-// Methods throw at call time if the Pro package is not installed.
-
-function notImplemented(name) {
-  return function () {
-    throw new Error(
-      '@revealui/services: ' + name + ' requires the Pro package or STRIPE_SECRET_KEY.'
-    )
-  }
+/**
+ * services - Shared Services Package
+ *
+ * Provides server-side and client-side service integrations:
+ * - Stripe payment processing
+ * - Supabase database and auth
+ * - API routes
+ *
+ * ## Usage
+ *
+ * ### Full Package (Recommended)
+ * ```typescript
+ * import { protectedStripe, createServerClient, createBrowserClient } from 'services'
+ * ```
+ *
+ * ### Core (Server-side)
+ * ```typescript
+ * import { createServerClient, protectedStripe } from 'services/server'
+ * ```
+ *
+ * ### Client (Browser)
+ * ```typescript
+ * import { createBrowserClient } from 'services/client'
+ * ```
+ */
+import { isFeatureEnabled } from '@revealui/core/features';
+import { logger } from '@revealui/core/observability/logger';
+/**
+ * Check if payment services are licensed for use.
+ * Returns false with a warning log if no Pro/Enterprise license is active.
+ */
+export function checkServicesLicense() {
+    if (!isFeatureEnabled('payments')) {
+        logger.warn('[@revealui/services] Payment and service integrations require a Pro or Enterprise license. ' +
+            'Visit https://revealui.com/pricing for details.');
+        return false;
+    }
+    return true;
 }
-
-export const protectedStripe = {
-  billingPortal: { sessions: { create: notImplemented('billingPortal.sessions.create') } },
-  customers: {
-    create: notImplemented('customers.create'),
-    retrieve: notImplemented('customers.retrieve'),
-    update: notImplemented('customers.update'),
-    del: notImplemented('customers.del'),
-    list: notImplemented('customers.list'),
-  },
-  paymentIntents: {
-    create: notImplemented('paymentIntents.create'),
-    retrieve: notImplemented('paymentIntents.retrieve'),
-    update: notImplemented('paymentIntents.update'),
-  },
-  checkout: {
-    sessions: {
-      create: notImplemented('checkout.sessions.create'),
-      retrieve: notImplemented('checkout.sessions.retrieve'),
-    },
-  },
-  products: { create: notImplemented('products.create'), retrieve: notImplemented('products.retrieve'), update: notImplemented('products.update'), list: notImplemented('products.list') },
-  prices: { create: notImplemented('prices.create'), retrieve: notImplemented('prices.retrieve'), update: notImplemented('prices.update'), list: notImplemented('prices.list') },
-  subscriptions: { retrieve: notImplemented('subscriptions.retrieve'), update: notImplemented('subscriptions.update'), cancel: notImplemented('subscriptions.cancel') },
-  webhooks: { constructEvent: notImplemented('webhooks.constructEvent') },
-  balance: { retrieve: notImplemented('balance.retrieve') },
-}
-
-export function createServerClient() { return null }
-export function createPaymentIntent() { return Promise.reject(new Error('@revealui/services stub')) }
+// Re-export core (server-side) exports
+export * from './api/index.js';
+// Re-export client (client-side) exports
+export * from './client/index.js';
+export * from './stripe/index.js';
+export * from './supabase/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,qCAAqC,CAAA;AAE5D;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CACT,6FAA6F;YAC3F,iDAAiD,CACpD,CAAA;QACD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,uCAAuC;AACvC,cAAc,gBAAgB,CAAA;AAC9B,yCAAyC;AACzC,cAAc,mBAAmB,CAAA;AACjC,cAAc,mBAAmB,CAAA;AACjC,cAAc,qBAAqB,CAAA"}

package/dist/stripe/db-circuit-breaker.d.ts

@@ -0,0 +1,47 @@
+/**
+ * DB-Backed Circuit Breaker
+ *
+ * Stores circuit state in NeonDB so all API instances share the same view.
+ *
+ * Architecture:
+ *   - Local in-memory cache (5s TTL) — fast read path, no DB hit per request
+ *   - DB write only on state transitions (open/closed/half-open changes)
+ *   - Fail-open on DB errors: if we can't read state, we let the call through
+ *     rather than blocking all traffic because the circuit state store is down
+ */
+export interface DbCircuitBreakerConfig {
+    /** Number of consecutive failures before tripping. Default: 5 */
+    failureThreshold: number;
+    /** Consecutive successes in half-open to close the circuit. Default: 2 */
+    successThreshold: number;
+    /** Milliseconds to wait in open state before probing. Default: 30_000 */
+    resetTimeout: number;
+    /** Local cache TTL in milliseconds. Default: 5_000 */
+    cacheTtlMs: number;
+}
+export declare class DbCircuitBreaker {
+    private readonly serviceName;
+    private readonly config;
+    constructor(serviceName: string, config?: Partial<DbCircuitBreakerConfig>);
+    /**
+     * Returns true if the circuit is open (requests should be blocked).
+     * Automatically transitions open→half-open when resetTimeout elapses.
+     */
+    isOpen(): Promise<boolean>;
+    /**
+     * Record a successful call. Closes the circuit if enough successes in half-open.
+     */
+    recordSuccess(): Promise<void>;
+    /**
+     * Record a failed call. Trips the circuit when the failure threshold is reached.
+     */
+    recordFailure(): Promise<void>;
+    /** Force-reset state and clear local cache. Primarily for testing. */
+    reset(): Promise<void>;
+    /** Clear only the local cache (forces next read to hit DB). For testing. */
+    clearLocalCache(): void;
+    private readState;
+    private readFromDb;
+    private writeState;
+}
+//# sourceMappingURL=db-circuit-breaker.d.ts.map

package/dist/stripe/db-circuit-breaker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db-circuit-breaker.d.ts","sourceRoot":"","sources":["../../src/stripe/db-circuit-breaker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoBH,MAAM,WAAW,sBAAsB;IACrC,iEAAiE;IACjE,gBAAgB,EAAE,MAAM,CAAC;IACzB,0EAA0E;IAC1E,gBAAgB,EAAE,MAAM,CAAC;IACzB,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,UAAU,EAAE,MAAM,CAAC;CACpB;AAYD,qBAAa,gBAAgB;IAIzB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAH9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyB;gBAG7B,WAAW,EAAE,MAAM,EACpC,MAAM,GAAE,OAAO,CAAC,sBAAsB,CAAM;IAK9C;;;OAGG;IACG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAsBhC;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IA8BpC;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBpC,sEAAsE;IAChE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAY5B,4EAA4E;IAC5E,eAAe,IAAI,IAAI;YAMT,SAAS;YAQT,UAAU;YA+CV,UAAU;CA2CzB"}