@revenexx/cover 0.1.0 → 0.1.1

package/app/interfaces/validation.ts

@@ -1,6 +1,6 @@
 import type { CrossFieldValidator, SimpleValidator } from "../validations/types";
 
-export type FormKey = "login" | "register" | "forgotPassword" | "resetPassword" | "accountProfile" | "accountAddress";
+export type FormKey = "login" | "forgotPassword" | "resetPassword";
 
 export interface FieldValidationRule {
 	readonly kind: "simple" | "cross";

package/app/validations/formValidationConfig.ts

@@ -1,30 +1,15 @@
 import type { FieldConfig, FormKey } from "../interfaces/validation";
 
-import { companyName } from "./companyName";
 import { emailFormat } from "./emailFormat";
-import { maxLength } from "./maxLength";
 import { minLength } from "./minLength";
-import { optionalCompanyName } from "./optionalCompanyName";
 import { passwordsMatch } from "./passwordsMatch";
-import { phoneNumber } from "./phoneNumber";
 import { required } from "./required";
-import { termsRequired } from "./termsRequired";
-import { zipCode } from "./zipCode";
 
 export const formValidationConfig: Record<FormKey, FieldConfig[]> = {
 	login: [
 		{ field: "email", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: emailFormat }] },
 		{ field: "password", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 8 } }] },
 	],
-	register: [
-		{ field: "email", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: emailFormat }] },
-		{ field: "password", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 8 } }] },
-		{ field: "passwordConfirm", rules: [{ kind: "cross", fn: passwordsMatch }] },
-		{ field: "firstName", rules: [{ kind: "simple", fn: required }] },
-		{ field: "lastName", rules: [{ kind: "simple", fn: required }] },
-		{ field: "company", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: companyName }] },
-		{ field: "acceptTerms", rules: [{ kind: "simple", fn: termsRequired }] },
-	],
 	forgotPassword: [
 		{ field: "email", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: emailFormat }] },
 	],
@@ -32,19 +17,4 @@ export const formValidationConfig: Record<FormKey, FieldConfig[]> = {
 		{ field: "password", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 8 } }] },
 		{ field: "passwordConfirm", rules: [{ kind: "cross", fn: passwordsMatch }] },
 	],
-	accountProfile: [
-		{ field: "phone", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: maxLength, options: { max: 16 } }, { kind: "simple", fn: phoneNumber }, { kind: "simple", fn: minLength, options: { min: 8 } }] },
-		{ field: "company", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: maxLength, options: { max: 64 } }, { kind: "simple", fn: minLength, options: { min: 3 } }, { kind: "simple", fn: companyName }] },
-	],
-	accountAddress: [
-		{ field: "label", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 2 } }] },
-		{ field: "firstName", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 2 } }] },
-		{ field: "lastName", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 2 } }] },
-		{ field: "street", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 2 } }] },
-		{ field: "streetNumber", rules: [{ kind: "simple", fn: required }] },
-		{ field: "city", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: minLength, options: { min: 2 } }] },
-		{ field: "zip", rules: [{ kind: "simple", fn: required }, { kind: "simple", fn: zipCode }] },
-		{ field: "country", rules: [{ kind: "simple", fn: required }] },
-		{ field: "company", rules: [{ kind: "simple", fn: optionalCompanyName, options: { min: 3, max: 64 } }] },
-	],
 };

package/nuxt.config.ts

@@ -62,9 +62,6 @@ export default defineNuxtConfig({
 	// Defaults for the BFF's live backends — consuming apps override these
 	// via NUXT_* environment variables (web SDK identity, Typesense search).
 	runtimeConfig: {
-		webSdkApiUrl: "",
-		webSdkProject: "",
-		webSdkDevKey: "",
 		// Public revenexx API (gateway) — the live "api" service registry
 		// implementations. Stand-in for the generated web SDKs; the key is a
 		// tenant API key and stays server-side only.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@revenexx/cover",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Cover \u2014 revenexx design system for Nuxt. Distributed as a Nuxt layer: generic UI components, theming tokens and stores shared by the demo shop, custom storefronts and the Blokkli theme.",
   "type": "module",
   "main": "./nuxt.config.ts",
@@ -38,7 +38,7 @@
     "@formkit/vue": "^1.6.0",
     "@iconify-json/lucide": "^1.2.111",
     "@internationalized/date": "^3.12.0",
-    "@revenexx/sdk": "^0.0.2",
+    "@revenexx/sdk": "^0.0.5",
     "@vueuse/core": "^14.3.0",
     "typesense": "^3.0.5"
   },

package/server/api/account/orders.get.ts

@@ -10,15 +10,16 @@ export default defineEventHandler(async (event): Promise<AccountOrderListRespons
 			return { orders: [] };
 		}
 		try {
-			const api = useRevenexxApi();
-			const { items } = await api.get<{ items: LiveOrder[] }>("/v1/orders", {
-				contact_id: refs.contact_id,
-				limit: LIVE_HISTORY_LIMIT,
+			const sdk = useRevenexxSdk();
+			// Raw call: orders.list does not declare its query parameters in
+			// the contract yet, so ordersList() cannot filter by contact.
+			const { items } = await sdk.call<{ items: LiveOrder[] }>("GET", "/v1/orders", {
+				query: { contact_id: refs.contact_id, limit: LIVE_HISTORY_LIMIT },
 			});
 			// The list rows carry no positions — load the aggregates (the
 			// history is capped, so this stays a bounded fan-out).
 			const aggregates = await Promise.all(
-				items.map(row => api.get<LiveOrder>(`/v1/orders/${row.id}`)),
+				items.map(async row => await sdk.orders.ordersGet({ id: row.id }) as unknown as LiveOrder),
 			);
 			const orders = aggregates
 				.sort((a, b) => (b.placed_at ?? b.created_at).localeCompare(a.placed_at ?? a.created_at))

package/server/api/account/profile.get.ts

@@ -33,13 +33,13 @@ export default defineEventHandler(async (event): Promise<AccountProfileResponse>
 		deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
 		throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
 	}
-	if (!session.fallbackCookie && !session.personaId) {
+	if (!session.personaId && !session.userId) {
 		deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
 		throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
 	}
 
-	// Identity comes from the registry: "mock" serves the demo user, "sdk"
-	// resolves the real account through the platform.
+	// Identity comes from the registry: "mock" serves the demo user, "api"
+	// resolves the real customer through the public API.
 	const user = await getAccountService(event).getUser(event);
 
 	// Profile extras (phone, company) live in the mutable demo store until a

package/server/api/account/profile.put.ts

@@ -73,15 +73,17 @@ export default defineEventHandler(async (event): Promise<AccountProfileResponse>
 		throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
 	}
 
-	if (!session.fallbackCookie) {
+	if (!session.personaId && !session.userId) {
 		deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
 		throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
 	}
 
-	let user: { $id: string; name: string; email: string };
+	// Identity comes from the registry: "mock" serves the demo user, "api"
+	// resolves the real customer through the public API.
+	let user: { $id: string | number; name: string; email: string };
 	try {
-		const accountUser = await useAuthenticatedAccount(session.fallbackCookie).accountGet();
-		user = { $id: accountUser.$id, name: accountUser.name, email: accountUser.email };
+		const accountUser = await getAccountService(event).getUser(event);
+		user = { $id: accountUser.id, name: accountUser.name, email: accountUser.email };
 	}
 	catch {
 		deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());

package/server/api/auth/login.post.ts

@@ -22,16 +22,13 @@ export default defineEventHandler(async (event) => {
 		return result;
 	}
 	catch (err) {
-		if (isSdkUserError(err)) {
-			throw createError({ statusCode: err.code, data: { type: err.type } });
-		}
 		if (isApiUserError(err)) {
-			throw createError({ statusCode: err.statusCode, data: { type: apiAuthErrorType(err) } });
+			throw createError({ statusCode: err.code, data: { type: apiAuthErrorType(err) } });
 		}
 		if (isError(err)) {
 			throw err;
 		}
-		getLogService().error("Auth request failed: login", sdkErrorContext(err));
+		getLogService().error("Auth request failed: login", apiErrorContext(err));
 		throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
 	}
 });

package/server/api/auth/recovery.post.ts

@@ -6,27 +6,19 @@ export default defineEventHandler(async (event) => {
 	// what the reset-password page expects.
 	if (resolveAuthServiceKey(event) === "api") {
 		try {
-			await useRevenexxApi().post("/v1/customers/auth/recovery", { email, url });
+			await useRevenexxSdk().customers.customersAuthRecovery({ email, url });
 			return { ok: true };
 		}
 		catch (err) {
 			if (isApiUserError(err)) {
-				throw createError({ statusCode: err.statusCode, data: { type: apiAuthErrorType(err) } });
+				throw createError({ statusCode: err.code, data: { type: apiAuthErrorType(err) } });
 			}
 			getLogService().error("API request failed: recovery", apiErrorContext(err));
 			throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
 		}
 	}
 
-	try {
-		await useShopSdkAccount().accountCreateRecovery({ email, url });
-		return { ok: true };
-	}
-	catch (err) {
-		if (isSdkUserError(err)) {
-			throw createError({ statusCode: err.code, data: { type: err.type } });
-		}
-		getLogService().error("SDK request failed: recovery", sdkErrorContext(err));
-		throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
-	}
+	// Mock mode: no mail infrastructure — acknowledge so the demo flow
+	// (form → success state) stays walkable offline.
+	return { ok: true };
 });

package/server/api/auth/recovery.put.ts

@@ -7,8 +7,8 @@ export default defineEventHandler(async (event) => {
 	// Public-API mode: confirm the recovery through the customers app.
 	if (resolveAuthServiceKey(event) === "api") {
 		try {
-			await useRevenexxApi().put("/v1/customers/auth/recovery", {
-				user_id: userId,
+			await useRevenexxSdk().customers.customersAuthRecoveryConfirm({
+				userId,
 				secret,
 				password,
 			});
@@ -16,22 +16,13 @@ export default defineEventHandler(async (event) => {
 		}
 		catch (err) {
 			if (isApiUserError(err)) {
-				throw createError({ statusCode: err.statusCode, data: { type: apiAuthErrorType(err) } });
+				throw createError({ statusCode: err.code, data: { type: apiAuthErrorType(err) } });
 			}
 			getLogService().error("API request failed: recovery-confirm", apiErrorContext(err));
 			throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
 		}
 	}
 
-	try {
-		await useShopSdkAccount().accountUpdateRecovery({ userId, secret, password });
-		return { ok: true };
-	}
-	catch (err) {
-		if (isSdkUserError(err)) {
-			throw createError({ statusCode: err.code, data: { type: err.type } });
-		}
-		getLogService().error("SDK request failed: recovery-confirm", sdkErrorContext(err));
-		throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
-	}
+	// Mock mode: accept the reset so the demo flow completes offline.
+	return { ok: true };
 });

package/server/api/auth/register.post.ts

@@ -1,5 +1,3 @@
-import { ID } from "@revenexx/sdk";
-
 interface RegistrationProfilePayload {
 	mode: "new" | "existing";
 	company: string;
@@ -68,59 +66,38 @@ export default defineEventHandler(async (event) => {
 	// Public-API mode: the customers app is the system of record. A company
 	// registration creates the organization (and its platform team) in the
 	// same call; the contact mirrors to a platform user behind the scenes.
-	if (serviceKey === "api") {
-		const fullName = (name ?? "").trim();
-		const splitAt = fullName.lastIndexOf(" ");
-		const firstName = splitAt > 0 ? fullName.slice(0, splitAt) : fullName;
-		const lastName = splitAt > 0 ? fullName.slice(splitAt + 1) : "";
-
-		try {
-			const { contact, user_id: userId } = await useRevenexxApi().post<{
-				contact: { id: string; email: string };
-				user_id: string;
-			}>("/v1/customers/auth/register", {
-				email,
-				password,
-				first_name: firstName || undefined,
-				last_name: lastName || undefined,
-				organization_name: profile?.company || undefined,
-				locale: resolveLocale(event),
-			});
-
-			const user = { $id: userId, name: fullName || email, email: contact.email };
-			if (profile?.company) {
-				await persistRegistrationRequest(user, profile);
-			}
-			return user;
-		}
-		catch (err) {
-			if (isApiUserError(err)) {
-				throw createError({ statusCode: err.statusCode, data: { type: apiAuthErrorType(err) } });
-			}
-			getLogService().error("API request failed: register", apiErrorContext(err));
-			throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
-		}
-	}
+	// Public-API mode: the customers app is the system of record. A company
+	// registration creates the organization (and its platform team) in the
+	// same call; the contact mirrors to a platform user behind the scenes.
+	const fullName = (name ?? "").trim();
+	const splitAt = fullName.lastIndexOf(" ");
+	const firstName = splitAt > 0 ? fullName.slice(0, splitAt) : fullName;
+	const lastName = splitAt > 0 ? fullName.slice(splitAt + 1) : "";
 
 	try {
-		const user = await useShopSdkAccount().accountCreate({
-			userId: ID.unique(),
+		const { contact, user_id: userId } = await useRevenexxSdk().customers.customersAuthRegister({
 			email,
 			password,
-			name,
-		});
+			...(firstName ? { firstName } : {}),
+			...(lastName ? { lastName } : {}),
+			...(profile?.company ? { organizationName: profile.company } : {}),
+			locale: resolveLocale(event),
+		}) as unknown as {
+			contact: { id: string; email: string };
+			user_id: string;
+		};
 
+		const user = { $id: userId, name: fullName || email, email: contact.email };
 		if (profile?.company) {
 			await persistRegistrationRequest(user, profile);
 		}
-
-		return { $id: user.$id, name: user.name, email: user.email };
+		return user;
 	}
 	catch (err) {
-		if (isSdkUserError(err)) {
-			throw createError({ statusCode: err.code, data: { type: err.type } });
+		if (isApiUserError(err)) {
+			throw createError({ statusCode: err.code, data: { type: apiAuthErrorType(err) } });
 		}
-		getLogService().error("SDK request failed: register", sdkErrorContext(err));
+		getLogService().error("API request failed: register", apiErrorContext(err));
 		throw createError({ statusCode: 503, data: { type: "service_unavailable" } });
 	}
 });

package/server/api/orders/index.post.ts

@@ -1,3 +1,6 @@
+import { OrderPaymentStatus } from "@revenexx/sdk";
+import type { Models } from "@revenexx/sdk";
+
 // Method codes are generic — live mode validates them against the
 // payments app; the demo-only methods keep their extra fields.
 interface OrderPayment {
@@ -140,11 +143,11 @@ export default defineEventHandler(async (event) => {
 		if (liveShipping && body.deliveryMethod) {
 			const address = body.address as Record<string, unknown> | undefined;
 			try {
-				const { rates } = await useRevenexxApi().post<{ rates: Array<{ code: string; price: number }> }>("/v1/shipping/rates", {
-					order_value: calculation.totals.find(row => row.key === "subtotal")?.amount
+				const { rates } = await useRevenexxSdk().shipping.shippingRates({
+					orderValue: calculation.totals.find(row => row.key === "subtotal")?.amount
 						?? calculation.totals.find(row => row.key === "total")?.amount ?? 0,
 					country: String(address?.country ?? ""),
-				});
+				}) as unknown as { rates: Array<{ code: string; price: number }> };
 				const rate = rates.find(r => r.code === body.deliveryMethod);
 				if (!rate) {
 					throw createError({ status: 422, message: `Delivery method '${body.deliveryMethod}' is not available for this order` });
@@ -177,13 +180,15 @@ export default defineEventHandler(async (event) => {
 			const totalRow = calculation.totals.find(row => row.key === "total");
 			const shippingRow = calculation.totals.find(row => row.key === "shipping");
 			try {
-				const placed = await useRevenexxApi().post<{ id: string; number: string }>("/v1/orders/place", {
-					...sessionOrderRefs(event),
+				const refs = sessionOrderRefs(event);
+				const placed = await useRevenexxSdk().orders.ordersPlace({
+					...(refs.contact_id ? { contactId: refs.contact_id } : {}),
+					...(refs.organization_id ? { organizationId: refs.organization_id } : {}),
 					currency: calculation.currency,
-					...(body.orderNumber ? { customer_order_number: body.orderNumber } : {}),
+					...(body.orderNumber ? { customerOrderNumber: body.orderNumber } : {}),
 					buyer: user ? { name: user.name, email: user.email } : { email: body.contactEmail ?? null },
-					billing_address: billing ?? null,
-					shipping_address: address ?? null,
+					billingAddress: (billing ?? null) as object,
+					shippingAddress: (address ?? null) as object,
 					payment: { method: payment.method },
 					shipping: {
 						method: body.deliveryMethod ?? "standard",
@@ -191,7 +196,7 @@ export default defineEventHandler(async (event) => {
 					},
 					// The order carries what the customer saw (and the payment
 					// charges): the checkout calculation's total.
-					grand_total: Math.max(0, Math.round(((totalRow?.amount ?? 0) + liveShippingAdjustment) * 100) / 100),
+					grandTotal: Math.max(0, Math.round(((totalRow?.amount ?? 0) + liveShippingAdjustment) * 100) / 100),
 					items: (body.items as Array<Record<string, unknown>>).map((item, index) => ({
 						product_id: String(item.id),
 						sku: String(item.sku ?? "") || undefined,
@@ -204,19 +209,19 @@ export default defineEventHandler(async (event) => {
 							...(item.categorySlug ? { categorySlug: String(item.categorySlug) } : {}),
 							...(item.subcategorySlug ? { subcategorySlug: String(item.subcategorySlug) } : {}),
 						},
-					})),
-					user_data: {
+					})) as unknown as Models.OrderItemCreateRequest[],
+					userData: {
 						...(body.deliveryNote ? { delivery_note: body.deliveryNote } : {}),
 						...(body.orderNote ? { order_note: body.orderNote } : {}),
 						...(body.partialDelivery !== undefined ? { partial_delivery: body.partialDelivery } : {}),
 						...(body.requestedDate ? { requested_date: body.requestedDate } : {}),
 					},
-				});
+				}) as unknown as { id: string; number: string };
 				orderId = placed.number;
 				liveOrderUuid = placed.id;
 			}
 			catch (err) {
-				if (err instanceof RevenexxApiError && (err.statusCode === 400 || err.statusCode === 422)) {
+				if (err instanceof RevenexxException && (err.code === 400 || err.code === 422)) {
 					throw createError({ status: 422, message: err.message });
 				}
 				getLogService().error("Order placement failed", apiErrorContext(err));
@@ -237,19 +242,18 @@ export default defineEventHandler(async (event) => {
 				: address;
 			const country = String(body.billingCountry ?? billing?.country ?? "");
 			try {
-				const created = await useRevenexxApi().post<{ id: string; status: string; error_message?: string | null }>("/v1/payments", {
-					method_code: payment.method,
+				const created = await useRevenexxSdk().payments.paymentsCreate({
+					methodCode: payment.method,
 					amount: Math.max(0, Math.round(((totalRow?.amount ?? 0) + liveShippingAdjustment) * 100) / 100),
 					currency: calculation.currency,
 					country,
-					order_ref: orderId,
-					contact_id: undefined,
-					idempotency_key: body.checkoutSessionToken,
+					orderRef: orderId,
+					idempotencyKey: body.checkoutSessionToken,
 					metadata: {
 						...(payment.poNumber ? { po_number: payment.poNumber } : {}),
 						...(payment.costCenter ? { cost_center: payment.costCenter } : {}),
 					},
-				});
+				}) as unknown as { id: string; status: string; error_message?: string | null };
 				if (created.status === "failed") {
 					throw createError({ status: 402, message: created.error_message ?? "Payment was declined" });
 				}
@@ -259,7 +263,7 @@ export default defineEventHandler(async (event) => {
 				// A placed live order must not survive a failed payment.
 				if (liveOrderUuid) {
 					try {
-						await useRevenexxApi().post(`/v1/orders/${liveOrderUuid}/cancel`, { reason: "payment failed" });
+						await useRevenexxSdk().orders.ordersCancel({ id: liveOrderUuid, reason: "payment failed" });
 					}
 					catch (cancelErr) {
 						getLogService().error("Order cancel after payment failure failed", apiErrorContext(cancelErr));
@@ -268,7 +272,7 @@ export default defineEventHandler(async (event) => {
 				if (isError(err)) {
 					throw err;
 				}
-				if (err instanceof RevenexxApiError && (err.statusCode === 400 || err.statusCode === 422)) {
+				if (err instanceof RevenexxException && (err.code === 400 || err.code === 422)) {
 					throw createError({ status: 422, message: err.message });
 				}
 				getLogService().error("Payment creation failed", apiErrorContext(err));
@@ -279,10 +283,10 @@ export default defineEventHandler(async (event) => {
 		// The payment dimension of the live order follows the payment outcome.
 		if (liveOrderUuid && livePaymentStatus) {
 			const mapped = livePaymentStatus === "succeeded" || livePaymentStatus === "paid"
-				? "paid"
-				: livePaymentStatus === "authorized" ? "authorized" : "pending";
+				? OrderPaymentStatus.Paid
+				: livePaymentStatus === "authorized" ? OrderPaymentStatus.Authorized : OrderPaymentStatus.Pending;
 			try {
-				await useRevenexxApi().post(`/v1/orders/${liveOrderUuid}/payment-status`, { status: mapped });
+				await useRevenexxSdk().orders.ordersPaymentStatusUpdate({ id: liveOrderUuid, status: mapped });
 			}
 			catch (err) {
 				getLogService().error("Order payment-status sync failed", apiErrorContext(err));

package/server/api/payment/methods.post.ts

@@ -38,10 +38,11 @@ export default defineEventHandler(async (event) => {
 
 	const locale: Locale = resolveLocale(event);
 	try {
-		const { methods } = await useRevenexxApi().post<{ methods: ApiEligibleMethod[] }>(
-			"/v1/payments/methods/eligible",
-			{ amount, country, currency },
-		);
+		const { methods } = await useRevenexxSdk().payments.paymentsMethodsEligible({
+			amount,
+			country,
+			currency,
+		}) as unknown as { methods: ApiEligibleMethod[] };
 
 		const options: PaymentOption[] = methods.map(m => ({
 			method: m.code,

package/server/api/shipping/rates.post.ts

@@ -45,10 +45,12 @@ export default defineEventHandler(async (event) => {
 
 	const locale: Locale = resolveLocale(event);
 	try {
-		const { rates } = await useRevenexxApi().post<{ rates: ApiShippingRate[] }>(
-			"/v1/shipping/rates",
-			{ order_value: amount, country, weight, quantity },
-		);
+		const { rates } = await useRevenexxSdk().shipping.shippingRates({
+			orderValue: amount,
+			country,
+			...(weight !== undefined ? { weight } : {}),
+			...(quantity !== undefined ? { quantity } : {}),
+		}) as unknown as { rates: ApiShippingRate[] };
 
 		const methods: DeliveryOption[] = rates.map(rate => ({
 			method: rate.code,

package/server/interfaces/auth.ts

@@ -21,7 +21,7 @@ export interface AuthLoginResult {
  * Service contract for authentication.
  * - "mock" signs B2B demo personas in without any external dependency
  *   (see server/config/account/personas.json)
- * - "sdk" authenticates against the platform via the revenexx web SDK
+ * - "api" authenticates against the platform via the public revenexx API
  * Both implementations manage the same session cookie, so the client-side
  * auth flow (store, guards, middleware) is identical.
  */

package/server/services/ApiAccountService.ts

@@ -0,0 +1,44 @@
+import type { H3Event } from "h3";
+
+import { ApiAuthService } from "./ApiAuthService";
+import type { AccountUser, IAccountService } from "../interfaces/account";
+
+function createInitials(name: string): string {
+	const parts = name
+		.trim()
+		.split(/\s+/)
+		.filter(Boolean);
+	if (parts.length === 0) {
+		return "";
+	}
+	return parts
+		.slice(0, 2)
+		.map(part => part[0]?.toUpperCase() ?? "")
+		.join("");
+}
+
+/**
+ * Live identity via the public revenexx API (customers app): resolves
+ * the current user from the request session through the same
+ * `/v1/customers/auth/me` path the auth service uses.
+ * Register via app.config → accountService: "api".
+ */
+export class ApiAccountService implements IAccountService {
+	private readonly auth = new ApiAuthService();
+
+	async getUser(event?: H3Event): Promise<AccountUser> {
+		if (!event) {
+			throw createError({ statusCode: 500, statusMessage: "ApiAccountService requires the request event" });
+		}
+		const user = await this.auth.me(event);
+		if (!user) {
+			throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
+		}
+		return {
+			id: user.$id,
+			name: user.name,
+			email: user.email,
+			initials: createInitials(user.name),
+		};
+	}
+}

package/server/services/ApiAuthService.ts

@@ -34,9 +34,9 @@ function contactName(contact: ApiContact | null, fallback: string): string {
 
 /**
  * Live authentication via the public revenexx API (customers app):
- *   POST /v1/customers/auth/login   → platform session (incl. secret) + contact
- *   POST /v1/customers/auth/me      → platform user + contact
- *   POST /v1/customers/auth/logout  → revokes the platform session
+ *   customersAuthLogin   → platform session (incl. secret) + contact
+ *   auth/me (raw call)   → platform user + contact
+ *   customersAuthLogout  → revokes the platform session
  *
  * Session state lives in the same cookie as the other implementations, so
  * the client-side auth flow (store, guards, middleware) is identical. The
@@ -44,11 +44,10 @@ function contactName(contact: ApiContact | null, fallback: string): string {
  */
 export class ApiAuthService implements IAuthService {
 	async login(event: H3Event, email: string, password: string): Promise<AuthLoginResult> {
-		const api = useRevenexxApi();
-		const { session, contact } = await api.post<{ session: ApiSession; contact: ApiContact | null }>(
-			"/v1/customers/auth/login",
-			{ email, password },
-		);
+		const { session, contact } = await useRevenexxSdk().customers.customersAuthLogin({ email, password }) as unknown as {
+			session: ApiSession;
+			contact: ApiContact | null;
+		};
 
 		const storedSession: StoredSession = {
 			id: session.$id,
@@ -94,11 +93,13 @@ export class ApiAuthService implements IAuthService {
 
 		try {
 			// session_id makes the customers app validate the session is still
-			// alive — a logged-out/revoked session answers 401 here.
-			const { user, contact } = await useRevenexxApi().post<{
+			// alive — a logged-out/revoked session answers 401 here. Raw call:
+			// the AuthMeRequest contract does not declare session_id yet, so
+			// the generated customersAuthMe() would drop the session check.
+			const { user, contact } = await useRevenexxSdk().call<{
 				user: { $id: string; name?: string; email: string };
 				contact: ApiContact | null;
-			}>("/v1/customers/auth/me", { user_id: parsed.userId, session_id: parsed.id });
+			}>("POST", "/v1/customers/auth/me", { body: { user_id: parsed.userId, session_id: parsed.id } });
 
 			return {
 				$id: user.$id,
@@ -122,9 +123,9 @@ export class ApiAuthService implements IAuthService {
 			try {
 				const parsed = JSON.parse(raw) as StoredSession;
 				if (parsed.userId && parsed.id) {
-					await useRevenexxApi().post("/v1/customers/auth/logout", {
-						user_id: parsed.userId,
-						session_id: parsed.id,
+					await useRevenexxSdk().customers.customersAuthLogout({
+						userId: parsed.userId,
+						sessionId: parsed.id,
 					});
 				}
 			}