npm - @sakeetech/medusa-payment-viva - Versions diffs - 0.2.2 - Mend

@sakeetech/medusa-payment-viva 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/LICENSE +21 -0
package/README.md +816 -0
package/dist/api/index.d.ts +15 -0
package/dist/api/index.d.ts.map +1 -0
package/dist/api/index.js +22 -0
package/dist/api/index.js.map +1 -0
package/dist/api/middlewares.d.ts +27 -0
package/dist/api/middlewares.d.ts.map +1 -0
package/dist/api/middlewares.js +62 -0
package/dist/api/middlewares.js.map +1 -0
package/dist/api/viva/admin/_admin-auth.d.ts +26 -0
package/dist/api/viva/admin/_admin-auth.d.ts.map +1 -0
package/dist/api/viva/admin/_admin-auth.js +49 -0
package/dist/api/viva/admin/_admin-auth.js.map +1 -0
package/dist/api/viva/admin/_mode-gate.d.ts +28 -0
package/dist/api/viva/admin/_mode-gate.d.ts.map +1 -0
package/dist/api/viva/admin/_mode-gate.js +45 -0
package/dist/api/viva/admin/_mode-gate.js.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.d.ts +21 -0
package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.d.ts.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.js +93 -0
package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.js.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/route.d.ts +18 -0
package/dist/api/viva/admin/connected-accounts/[id]/route.d.ts.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/route.js +59 -0
package/dist/api/viva/admin/connected-accounts/[id]/route.js.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/sources/route.d.ts +34 -0
package/dist/api/viva/admin/connected-accounts/[id]/sources/route.d.ts.map +1 -0
package/dist/api/viva/admin/connected-accounts/[id]/sources/route.js +234 -0
package/dist/api/viva/admin/connected-accounts/[id]/sources/route.js.map +1 -0
package/dist/api/viva/admin/connected-accounts/route.d.ts +19 -0
package/dist/api/viva/admin/connected-accounts/route.d.ts.map +1 -0
package/dist/api/viva/admin/connected-accounts/route.js +78 -0
package/dist/api/viva/admin/connected-accounts/route.js.map +1 -0
package/dist/api/viva/internal/auth-status/route.d.ts +19 -0
package/dist/api/viva/internal/auth-status/route.d.ts.map +1 -0
package/dist/api/viva/internal/auth-status/route.js +91 -0
package/dist/api/viva/internal/auth-status/route.js.map +1 -0
package/dist/api/viva/internal/metrics/route.d.ts +13 -0
package/dist/api/viva/internal/metrics/route.d.ts.map +1 -0
package/dist/api/viva/internal/metrics/route.js +48 -0
package/dist/api/viva/internal/metrics/route.js.map +1 -0
package/dist/api/viva/webhook/health/route.d.ts +16 -0
package/dist/api/viva/webhook/health/route.d.ts.map +1 -0
package/dist/api/viva/webhook/health/route.js +27 -0
package/dist/api/viva/webhook/health/route.js.map +1 -0
package/dist/api/viva/webhook/route.d.ts +57 -0
package/dist/api/viva/webhook/route.d.ts.map +1 -0
package/dist/api/viva/webhook/route.js +269 -0
package/dist/api/viva/webhook/route.js.map +1 -0
package/dist/cli/bin.d.ts +12 -0
package/dist/cli/bin.d.ts.map +1 -0
package/dist/cli/bin.js +78 -0
package/dist/cli/bin.js.map +1 -0
package/dist/cli/index.d.ts +12 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +14 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/plan.d.ts +51 -0
package/dist/cli/plan.d.ts.map +1 -0
package/dist/cli/plan.js +128 -0
package/dist/cli/plan.js.map +1 -0
package/dist/cli/register-webhooks.d.ts +54 -0
package/dist/cli/register-webhooks.d.ts.map +1 -0
package/dist/cli/register-webhooks.js +366 -0
package/dist/cli/register-webhooks.js.map +1 -0
package/dist/cli/types.d.ts +62 -0
package/dist/cli/types.d.ts.map +1 -0
package/dist/cli/types.js +12 -0
package/dist/cli/types.js.map +1 -0
package/dist/config.d.ts +158 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +236 -0
package/dist/config.js.map +1 -0
package/dist/index.d.ts +21 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +29 -0
package/dist/index.js.map +1 -0
package/dist/loaders/viva-oauth2-strategy.d.ts +26 -0
package/dist/loaders/viva-oauth2-strategy.d.ts.map +1 -0
package/dist/loaders/viva-oauth2-strategy.js +58 -0
package/dist/loaders/viva-oauth2-strategy.js.map +1 -0
package/dist/migrations/Migration_20260425000001_init_viva_payments.d.ts +19 -0
package/dist/migrations/Migration_20260425000001_init_viva_payments.d.ts.map +1 -0
package/dist/migrations/Migration_20260425000001_init_viva_payments.js +136 -0
package/dist/migrations/Migration_20260425000001_init_viva_payments.js.map +1 -0
package/dist/migrations/Migration_20260425000002_allow_null_order_code.d.ts +31 -0
package/dist/migrations/Migration_20260425000002_allow_null_order_code.d.ts.map +1 -0
package/dist/migrations/Migration_20260425000002_allow_null_order_code.js +71 -0
package/dist/migrations/Migration_20260425000002_allow_null_order_code.js.map +1 -0
package/dist/migrations/Migration_20260425000003_webhook_retry_count.d.ts +18 -0
package/dist/migrations/Migration_20260425000003_webhook_retry_count.d.ts.map +1 -0
package/dist/migrations/Migration_20260425000003_webhook_retry_count.js +42 -0
package/dist/migrations/Migration_20260425000003_webhook_retry_count.js.map +1 -0
package/dist/migrations/Migration_20260425000004_webhook_error_and_nullable_merchant.d.ts +29 -0
package/dist/migrations/Migration_20260425000004_webhook_error_and_nullable_merchant.d.ts.map +1 -0
package/dist/migrations/Migration_20260425000004_webhook_error_and_nullable_merchant.js +74 -0
package/dist/migrations/Migration_20260425000004_webhook_error_and_nullable_merchant.js.map +1 -0
package/dist/models/index.d.ts +7 -0
package/dist/models/index.d.ts.map +1 -0
package/dist/models/index.js +10 -0
package/dist/models/index.js.map +1 -0
package/dist/models/viva-tenant-merchant.d.ts +11 -0
package/dist/models/viva-tenant-merchant.d.ts.map +1 -0
package/dist/models/viva-tenant-merchant.js +54 -0
package/dist/models/viva-tenant-merchant.js.map +1 -0
package/dist/models/viva-transaction.d.ts +34 -0
package/dist/models/viva-transaction.d.ts.map +1 -0
package/dist/models/viva-transaction.js +104 -0
package/dist/models/viva-transaction.js.map +1 -0
package/dist/models/viva-webhook-event.d.ts +32 -0
package/dist/models/viva-webhook-event.d.ts.map +1 -0
package/dist/models/viva-webhook-event.js +88 -0
package/dist/models/viva-webhook-event.js.map +1 -0
package/dist/observability/config.d.ts +34 -0
package/dist/observability/config.d.ts.map +1 -0
package/dist/observability/config.js +57 -0
package/dist/observability/config.js.map +1 -0
package/dist/observability/index.d.ts +8 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +15 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/prom-metrics.d.ts +41 -0
package/dist/observability/prom-metrics.d.ts.map +1 -0
package/dist/observability/prom-metrics.js +219 -0
package/dist/observability/prom-metrics.js.map +1 -0
package/dist/providers/payment-provider.d.ts +19 -0
package/dist/providers/payment-provider.d.ts.map +1 -0
package/dist/providers/payment-provider.js +24 -0
package/dist/providers/payment-provider.js.map +1 -0
package/dist/resolvers/auth-strategy-factory.d.ts +42 -0
package/dist/resolvers/auth-strategy-factory.d.ts.map +1 -0
package/dist/resolvers/auth-strategy-factory.js +60 -0
package/dist/resolvers/auth-strategy-factory.js.map +1 -0
package/dist/resolvers/tenant-resolver.d.ts +104 -0
package/dist/resolvers/tenant-resolver.d.ts.map +1 -0
package/dist/resolvers/tenant-resolver.js +118 -0
package/dist/resolvers/tenant-resolver.js.map +1 -0
package/dist/service.d.ts +200 -0
package/dist/service.d.ts.map +1 -0
package/dist/service.js +1003 -0
package/dist/service.js.map +1 -0
package/dist/subscribers/index.d.ts +5 -0
package/dist/subscribers/index.d.ts.map +1 -0
package/dist/subscribers/index.js +10 -0
package/dist/subscribers/index.js.map +1 -0
package/dist/subscribers/viva-webhook-event.d.ts +38 -0
package/dist/subscribers/viva-webhook-event.d.ts.map +1 -0
package/dist/subscribers/viva-webhook-event.js +133 -0
package/dist/subscribers/viva-webhook-event.js.map +1 -0
package/dist/workflows/cleanup-old-webhook-events.d.ts +39 -0
package/dist/workflows/cleanup-old-webhook-events.d.ts.map +1 -0
package/dist/workflows/cleanup-old-webhook-events.js +68 -0
package/dist/workflows/cleanup-old-webhook-events.js.map +1 -0
package/dist/workflows/index.d.ts +14 -0
package/dist/workflows/index.d.ts.map +1 -0
package/dist/workflows/index.js +19 -0
package/dist/workflows/index.js.map +1 -0
package/dist/workflows/per-tenant-semaphore.d.ts +47 -0
package/dist/workflows/per-tenant-semaphore.d.ts.map +1 -0
package/dist/workflows/per-tenant-semaphore.js +89 -0
package/dist/workflows/per-tenant-semaphore.js.map +1 -0
package/dist/workflows/process-webhook-event.d.ts +80 -0
package/dist/workflows/process-webhook-event.d.ts.map +1 -0
package/dist/workflows/process-webhook-event.js +280 -0
package/dist/workflows/process-webhook-event.js.map +1 -0
package/dist/workflows/reprocess-unresolved-tenants.d.ts +58 -0
package/dist/workflows/reprocess-unresolved-tenants.d.ts.map +1 -0
package/dist/workflows/reprocess-unresolved-tenants.js +121 -0
package/dist/workflows/reprocess-unresolved-tenants.js.map +1 -0
package/package.json +63 -0

package/dist/api/index.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * api/index.ts — barrel re-export for Medusa v2 API route registration.
+ *
+ * Medusa v2 file-based routing convention: the framework scans `src/api/`
+ * for `route.ts` files and mounts them at the path matching the directory
+ * structure. `middlewares.ts` at the root of `src/api/` is auto-loaded as the
+ * middleware configuration for all routes in this API tree.
+ *
+ * - `src/api/middlewares.ts`            → middleware config (raw body capture)
+ * - `src/api/viva/webhook/route.ts`     → GET + POST handlers at /viva/webhook
+ *
+ * @see @medusajs/framework dist/http/router.d.ts (ApiLoader file-based convention)
+ */
+export { default as middlewares } from './middlewares.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/api/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/api/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * api/index.ts — barrel re-export for Medusa v2 API route registration.
+ *
+ * Medusa v2 file-based routing convention: the framework scans `src/api/`
+ * for `route.ts` files and mounts them at the path matching the directory
+ * structure. `middlewares.ts` at the root of `src/api/` is auto-loaded as the
+ * middleware configuration for all routes in this API tree.
+ *
+ * - `src/api/middlewares.ts`            → middleware config (raw body capture)
+ * - `src/api/viva/webhook/route.ts`     → GET + POST handlers at /viva/webhook
+ *
+ * @see @medusajs/framework dist/http/router.d.ts (ApiLoader file-based convention)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.middlewares = void 0;
+var middlewares_js_1 = require("./middlewares.js");
+Object.defineProperty(exports, "middlewares", { enumerable: true, get: function () { return __importDefault(middlewares_js_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/api/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;AAEH,mDAA0D;AAAjD,8HAAA,OAAO,OAAe"}

package/dist/api/middlewares.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * middlewares.ts — Medusa v2 middleware registration for the Viva webhook route.
+ *
+ * Captures raw request body as Buffer before JSON body-parser runs.
+ * Required for HMAC-SHA256 signature verification of event 7936.
+ *
+ * Convention used: `defineMiddlewares()` from `@medusajs/framework/http`, which
+ * is the standard Medusa v2 plugin middleware pattern.
+ *
+ * @see references/viva-docs/md/webhooks-for-payments.txt:254 (webhook security model P7)
+ * @see references/viva-docs/md/wh-sale-transactions.txt:149 (HMAC raw body requirement)
+ */
+import type { MedusaNextFunction, MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+/**
+ * Express middleware that captures the raw request body as a Buffer.
+ * Must run BEFORE any JSON body-parser so the unmodified bytes are available
+ * for HMAC-SHA256 signature verification (event 7936).
+ *
+ * Attaches the Buffer to `req.rawBody`. Medusa's MedusaRequest type already
+ * declares `rawBody?: any`, so no augmentation is needed.
+ *
+ * @see references/viva-docs/md/wh-sale-transactions.txt:149 (HMAC raw bytes)
+ */
+export declare function vivaWebhookRawBodyMiddleware(): (req: MedusaRequest, _res: MedusaResponse, next: MedusaNextFunction) => void;
+declare const _default: import("@medusajs/framework/http").MiddlewaresConfig;
+export default _default;
+//# sourceMappingURL=middlewares.d.ts.map

package/dist/api/middlewares.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../src/api/middlewares.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAOlG;;;;;;;;;GASG;AACH,wBAAgB,4BAA4B,KAExC,KAAK,aAAa,EAClB,MAAM,cAAc,EACpB,MAAM,kBAAkB,KACvB,IAAI,CAgBR;;AAYD,wBAOG"}

package/dist/api/middlewares.js ADDED Viewed

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * middlewares.ts — Medusa v2 middleware registration for the Viva webhook route.
+ *
+ * Captures raw request body as Buffer before JSON body-parser runs.
+ * Required for HMAC-SHA256 signature verification of event 7936.
+ *
+ * Convention used: `defineMiddlewares()` from `@medusajs/framework/http`, which
+ * is the standard Medusa v2 plugin middleware pattern.
+ *
+ * @see references/viva-docs/md/webhooks-for-payments.txt:254 (webhook security model P7)
+ * @see references/viva-docs/md/wh-sale-transactions.txt:149 (HMAC raw body requirement)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.vivaWebhookRawBodyMiddleware = vivaWebhookRawBodyMiddleware;
+const http_1 = require("@medusajs/framework/http");
+// ---------------------------------------------------------------------------
+// Raw body capture middleware
+// ---------------------------------------------------------------------------
+/**
+ * Express middleware that captures the raw request body as a Buffer.
+ * Must run BEFORE any JSON body-parser so the unmodified bytes are available
+ * for HMAC-SHA256 signature verification (event 7936).
+ *
+ * Attaches the Buffer to `req.rawBody`. Medusa's MedusaRequest type already
+ * declares `rawBody?: any`, so no augmentation is needed.
+ *
+ * @see references/viva-docs/md/wh-sale-transactions.txt:149 (HMAC raw bytes)
+ */
+function vivaWebhookRawBodyMiddleware() {
+    return function captureRawBody(req, _res, next) {
+        const chunks = [];
+        req.on('data', (chunk) => {
+            chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+        });
+        req.on('end', () => {
+            req.rawBody = Buffer.concat(chunks);
+            next();
+        });
+        req.on('error', (err) => {
+            next(err);
+        });
+    };
+}
+// ---------------------------------------------------------------------------
+// Middleware registration (Medusa v2 convention)
+//
+// Medusa v2 loads `src/api/middlewares.ts` and calls the default export to
+// obtain a MiddlewaresConfig. `defineMiddlewares` validates and types the config.
+//
+// `bodyParser: false` disables Medusa's built-in JSON parser for the POST route
+// so we control body consumption ourselves in the raw-body middleware.
+// ---------------------------------------------------------------------------
+exports.default = (0, http_1.defineMiddlewares)([
+    {
+        matcher: '/viva/webhook',
+        methods: ['POST'],
+        bodyParser: false,
+        middlewares: [vivaWebhookRawBodyMiddleware()],
+    },
+]);
+//# sourceMappingURL=middlewares.js.map

package/dist/api/middlewares.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../../src/api/middlewares.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAmBH,oEAqBC;AArCD,mDAA6D;AAE7D,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,SAAgB,4BAA4B;IAC1C,OAAO,SAAS,cAAc,CAC5B,GAAkB,EAClB,IAAoB,EACpB,IAAwB;QAExB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;YACxC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7B,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iDAAiD;AACjD,EAAE;AACF,2EAA2E;AAC3E,kFAAkF;AAClF,EAAE;AACF,gFAAgF;AAChF,uEAAuE;AACvE,8EAA8E;AAE9E,kBAAe,IAAA,wBAAiB,EAAC;IAC/B;QACE,OAAO,EAAE,eAAe;QACxB,OAAO,EAAE,CAAC,MAAM,CAAC;QACjB,UAAU,EAAE,KAAK;QACjB,WAAW,EAAE,CAAC,4BAA4B,EAAE,CAAC;KAC9C;CACF,CAAC,CAAC"}

package/dist/api/viva/admin/_admin-auth.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * _admin-auth.ts — shared admin-token gate for `/viva/admin/*` routes.
+ *
+ * Extracted in slice F so all admin routes share one timing-safe token check.
+ * Behaviour is identical to the inline copies that previously lived in each
+ * route file: reads `VIVA_ADMIN_TOKEN` from the process env, compares it
+ * against the `x-viva-admin-token` request header using `timingSafeEqual`,
+ * and writes a `401 { error: 'unauthorized' }` envelope on mismatch.
+ *
+ * When `VIVA_ADMIN_TOKEN` is unset the gate fails closed with
+ * `{ error: 'unauthorized', reason: 'admin-token-not-configured' }` — same
+ * envelope shape used by `/viva/internal/*` so the operator gets a clear
+ * configuration hint without leaking whether a token was provided.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (admin REST table)
+ */
+import type { MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+/**
+ * Returns `true` and writes a 401 response when the admin token is missing
+ * or invalid. Returns `false` when the request is authorized.
+ *
+ * Reads `VIVA_ADMIN_TOKEN` lazily from `process.env` so tests can swap it
+ * between requests.
+ */
+export declare function reject401IfUnauthorized(req: MedusaRequest, res: MedusaResponse): boolean;
+//# sourceMappingURL=_admin-auth.d.ts.map

package/dist/api/viva/admin/_admin-auth.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"_admin-auth.d.ts","sourceRoot":"","sources":["../../../../src/api/viva/admin/_admin-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAW9E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,aAAa,EAClB,GAAG,EAAE,cAAc,GAClB,OAAO,CAeT"}

package/dist/api/viva/admin/_admin-auth.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * _admin-auth.ts — shared admin-token gate for `/viva/admin/*` routes.
+ *
+ * Extracted in slice F so all admin routes share one timing-safe token check.
+ * Behaviour is identical to the inline copies that previously lived in each
+ * route file: reads `VIVA_ADMIN_TOKEN` from the process env, compares it
+ * against the `x-viva-admin-token` request header using `timingSafeEqual`,
+ * and writes a `401 { error: 'unauthorized' }` envelope on mismatch.
+ *
+ * When `VIVA_ADMIN_TOKEN` is unset the gate fails closed with
+ * `{ error: 'unauthorized', reason: 'admin-token-not-configured' }` — same
+ * envelope shape used by `/viva/internal/*` so the operator gets a clear
+ * configuration hint without leaking whether a token was provided.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (admin REST table)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.reject401IfUnauthorized = reject401IfUnauthorized;
+const node_crypto_1 = require("node:crypto");
+function isTokenValid(provided, expected) {
+    if (provided.length !== expected.length)
+        return false;
+    return (0, node_crypto_1.timingSafeEqual)(Buffer.from(provided, 'utf-8'), Buffer.from(expected, 'utf-8'));
+}
+/**
+ * Returns `true` and writes a 401 response when the admin token is missing
+ * or invalid. Returns `false` when the request is authorized.
+ *
+ * Reads `VIVA_ADMIN_TOKEN` lazily from `process.env` so tests can swap it
+ * between requests.
+ */
+function reject401IfUnauthorized(req, res) {
+    const adminToken = process.env['VIVA_ADMIN_TOKEN'];
+    if (!adminToken) {
+        res
+            .status(401)
+            .json({ error: 'unauthorized', reason: 'admin-token-not-configured' });
+        return true;
+    }
+    const provided = req.headers['x-viva-admin-token'];
+    const providedStr = Array.isArray(provided) ? provided[0] : provided;
+    if (!providedStr || !isTokenValid(providedStr, adminToken)) {
+        res.status(401).json({ error: 'unauthorized' });
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=_admin-auth.js.map

package/dist/api/viva/admin/_admin-auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"_admin-auth.js","sourceRoot":"","sources":["../../../../src/api/viva/admin/_admin-auth.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAoBH,0DAkBC;AAnCD,6CAA8C;AAE9C,SAAS,YAAY,CAAC,QAAgB,EAAE,QAAgB;IACtD,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACtD,OAAO,IAAA,6BAAe,EACpB,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,EAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,GAAkB,EAClB,GAAmB;IAEnB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG;aACA,MAAM,CAAC,GAAG,CAAC;aACX,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACrE,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,CAAC;QAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/api/viva/admin/_mode-gate.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * _mode-gate.ts — shared 404 short-circuit for ISV-only admin routes.
+ *
+ * Medusa v2 uses filesystem-based route registration: every `route.ts` is
+ * mounted unconditionally at boot. There is no clean hook to skip a file
+ * based on plugin config. So ISV-only admin routes use a per-handler
+ * short-circuit instead — when `VivaPluginConfig.mode === 'merchant'`, the
+ * handler returns 404 immediately, mimicking an unmounted route.
+ *
+ * Config is read lazily via `loadConfigFromEnv()` so test code that swaps
+ * env vars between requests sees the change.
+ *
+ * Slice F will add the `/sources` route which uses this same gate.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+import type { MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+/**
+ * Returns `true` and writes a 404 response when the plugin is in merchant
+ * mode (or when config fails to load — fail closed). Returns `false` when
+ * the route should proceed.
+ *
+ * Note: this also implicitly covers misconfigured deployments. If config
+ * cannot be loaded, ISV-only surfaces stay closed rather than crash with a
+ * 500.
+ */
+export declare function reject404IfNotIsv(_req: MedusaRequest, res: MedusaResponse): boolean;
+//# sourceMappingURL=_mode-gate.d.ts.map

package/dist/api/viva/admin/_mode-gate.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"_mode-gate.d.ts","sourceRoot":"","sources":["../../../../src/api/viva/admin/_mode-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG9E;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,aAAa,EACnB,GAAG,EAAE,cAAc,GAClB,OAAO,CAcT"}

package/dist/api/viva/admin/_mode-gate.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+/**
+ * _mode-gate.ts — shared 404 short-circuit for ISV-only admin routes.
+ *
+ * Medusa v2 uses filesystem-based route registration: every `route.ts` is
+ * mounted unconditionally at boot. There is no clean hook to skip a file
+ * based on plugin config. So ISV-only admin routes use a per-handler
+ * short-circuit instead — when `VivaPluginConfig.mode === 'merchant'`, the
+ * handler returns 404 immediately, mimicking an unmounted route.
+ *
+ * Config is read lazily via `loadConfigFromEnv()` so test code that swaps
+ * env vars between requests sees the change.
+ *
+ * Slice F will add the `/sources` route which uses this same gate.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.reject404IfNotIsv = reject404IfNotIsv;
+const config_js_1 = require("../../../config.js");
+/**
+ * Returns `true` and writes a 404 response when the plugin is in merchant
+ * mode (or when config fails to load — fail closed). Returns `false` when
+ * the route should proceed.
+ *
+ * Note: this also implicitly covers misconfigured deployments. If config
+ * cannot be loaded, ISV-only surfaces stay closed rather than crash with a
+ * 500.
+ */
+function reject404IfNotIsv(_req, res) {
+    let isIsv = false;
+    try {
+        const config = (0, config_js_1.loadConfigFromEnv)(process.env);
+        isIsv = config.mode === 'isv';
+    }
+    catch {
+        isIsv = false;
+    }
+    if (!isIsv) {
+        res.status(404).json({ error: 'Not Found' });
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=_mode-gate.js.map

package/dist/api/viva/admin/_mode-gate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"_mode-gate.js","sourceRoot":"","sources":["../../../../src/api/viva/admin/_mode-gate.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAcH,8CAiBC;AA5BD,kDAAuD;AAEvD;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAC/B,IAAmB,EACnB,GAAmB;IAEnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9C,KAAK,GAAG,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,GAAG,KAAK,CAAC;IAChB,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * route.ts — POST /viva/admin/connected-accounts/:id/reconcile
+ *
+ * ISV-only admin endpoint. Forces a re-fetch of the connected-account state
+ * from Viva and applies the latest verification/acquiring flags onto the
+ * local `viva_tenant_merchant` row (when one exists). Used to recover from
+ * missed 8194 webhook deliveries.
+ *
+ *   1. Validates plugin is in ISV mode (404 in merchant mode).
+ *   2. Validates admin token (401 if missing/wrong).
+ *   3. Fetches current state via `IsvAccounts.retrieveConnectedAccount`.
+ *   4. UPDATEs `viva_tenant_merchant.verification_status` when a row matches.
+ *   5. Returns `{ accountId, verified, acquiringEnabled, reconciled }`.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+import type { MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+export declare const POST: (req: MedusaRequest<unknown, {
+    id: string;
+}>, res: MedusaResponse) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/api/viva/admin/connected-accounts/[id]/reconcile/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAU9E,eAAO,MAAM,IAAI,GACf,KAAK,aAAa,CAAC,OAAO,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC,EAC3C,KAAK,cAAc,KAClB,OAAO,CAAC,IAAI,CAoEd,CAAC"}

package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.js ADDED Viewed

@@ -0,0 +1,93 @@
+"use strict";
+/**
+ * route.ts — POST /viva/admin/connected-accounts/:id/reconcile
+ *
+ * ISV-only admin endpoint. Forces a re-fetch of the connected-account state
+ * from Viva and applies the latest verification/acquiring flags onto the
+ * local `viva_tenant_merchant` row (when one exists). Used to recover from
+ * missed 8194 webhook deliveries.
+ *
+ *   1. Validates plugin is in ISV mode (404 in merchant mode).
+ *   2. Validates admin token (401 if missing/wrong).
+ *   3. Fetches current state via `IsvAccounts.retrieveConnectedAccount`.
+ *   4. UPDATEs `viva_tenant_merchant.verification_status` when a row matches.
+ *   5. Returns `{ accountId, verified, acquiringEnabled, reconciled }`.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+const pg_1 = __importDefault(require("pg"));
+const isv_1 = require("@sakeetech/viva-payments-core/isv");
+const errors_1 = require("@sakeetech/viva-payments-core/errors");
+const config_js_1 = require("../../../../../../config.js");
+const auth_strategy_factory_js_1 = require("../../../../../../resolvers/auth-strategy-factory.js");
+const _mode_gate_js_1 = require("../../../_mode-gate.js");
+const _admin_auth_js_1 = require("../../../_admin-auth.js");
+const POST = async (req, res) => {
+    if ((0, _mode_gate_js_1.reject404IfNotIsv)(req, res))
+        return;
+    if ((0, _admin_auth_js_1.reject401IfUnauthorized)(req, res))
+        return;
+    const id = req.params?.id;
+    if (!id) {
+        res.status(400).json({ error: 'id is required' });
+        return;
+    }
+    let pool = null;
+    try {
+        const config = (0, config_js_1.loadConfigFromEnv)(process.env);
+        const authStrategies = (0, auth_strategy_factory_js_1.buildAuthStrategies)(config);
+        const httpClient = new isv_1.IsvHttpClient({
+            environment: config.environment,
+            authStrategy: authStrategies.primary,
+        });
+        const accounts = new isv_1.IsvAccounts(httpClient);
+        const account = await accounts.retrieveConnectedAccount(id);
+        // Best-effort sync to viva_tenant_merchant. If no row matches (account
+        // hasn't been registered locally yet), report reconciled=false.
+        const connString = process.env['DATABASE_URL'] ??
+            `postgresql://${process.env['USER'] ?? 'postgres'}@localhost:5432/postgres`;
+        pool = new pg_1.default.Pool({ connectionString: connString, max: 1 });
+        const verificationStatus = account.verified ? 'verified' : 'unverified';
+        const client = await pool.connect();
+        let rowCount = 0;
+        try {
+            const result = await client.query(`UPDATE viva_tenant_merchant
+            SET verification_status = $1, updated_at = now()
+          WHERE connected_account_id = $2`, [verificationStatus, id]);
+            rowCount = result.rowCount ?? 0;
+        }
+        finally {
+            client.release();
+        }
+        res.status(200).json({
+            accountId: account.accountId,
+            verified: account.verified,
+            acquiringEnabled: account.acquiringEnabled,
+            reconciled: rowCount > 0,
+        });
+    }
+    catch (err) {
+        if (err instanceof errors_1.VivaApiError) {
+            res.status(err.httpStatus ?? 502).json({
+                error: 'viva_api_error',
+                code: err.code,
+                message: err.message,
+            });
+            return;
+        }
+        const logger = req.scope?.resolve?.('logger');
+        logger?.error?.(`[viva] POST /viva/admin/connected-accounts/:id/reconcile failed: ${err instanceof Error ? err.message : String(err)}`);
+        res.status(500).json({ error: 'internal_error' });
+    }
+    finally {
+        if (pool)
+            await pool.end().catch(() => undefined);
+    }
+};
+exports.POST = POST;
+//# sourceMappingURL=route.js.map

package/dist/api/viva/admin/connected-accounts/[id]/reconcile/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../../src/api/viva/admin/connected-accounts/[id]/reconcile/route.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;AAGH,4CAAoB;AACpB,2DAA+E;AAC/E,iEAAoE;AAEpE,2DAAgE;AAChE,mGAA2F;AAC3F,0DAA2D;AAC3D,4DAAkE;AAE3D,MAAM,IAAI,GAAG,KAAK,EACvB,GAA2C,EAC3C,GAAmB,EACJ,EAAE;IACjB,IAAI,IAAA,iCAAiB,EAAC,GAAG,EAAE,GAAG,CAAC;QAAE,OAAO;IACxC,IAAI,IAAA,wCAAuB,EAAC,GAAG,EAAE,GAAG,CAAC;QAAE,OAAO;IAE9C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAC1B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAClD,OAAO;IACT,CAAC;IAED,IAAI,IAAI,GAAmB,IAAI,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAA,8CAAmB,EAAC,MAAM,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,IAAI,mBAAa,CAAC;YACnC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,cAAc,CAAC,OAAO;SACrC,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,iBAAW,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC,EAAwB,CAAC,CAAC;QAElF,uEAAuE;QACvE,gEAAgE;QAChE,MAAM,UAAU,GACd,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;YAC3B,gBAAgB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,UAAU,0BAA0B,CAAC;QAC9E,IAAI,GAAG,IAAI,YAAE,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAE7D,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC;QACxE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACpC,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAC/B;;0CAEkC,EAClC,CAAC,kBAAkB,EAAE,EAAE,CAAC,CACzB,CAAC;YACF,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClC,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,UAAU,EAAE,QAAQ,GAAG,CAAC;SACzB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,qBAAY,EAAE,CAAC;YAChC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACrC,KAAK,EAAE,gBAAgB;gBACvB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,QAAQ,CAE/B,CAAC;QACd,MAAM,EAAE,KAAK,EAAE,CACb,oEAAoE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACvH,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpD,CAAC;YAAS,CAAC;QACT,IAAI,IAAI;YAAE,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC,CAAC;AAvEW,QAAA,IAAI,QAuEf"}

package/dist/api/viva/admin/connected-accounts/[id]/route.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * route.ts — GET /viva/admin/connected-accounts/:id
+ *
+ * ISV-only admin endpoint. Returns the current onboarding/verification status
+ * of a connected account by id.
+ *
+ *   1. Validates plugin is in ISV mode (404 in merchant mode).
+ *   2. Validates admin token (401 if missing/wrong).
+ *   3. Calls `IsvAccounts.retrieveConnectedAccount` against Viva.
+ *   4. Returns the response body.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+import type { MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+export declare const GET: (req: MedusaRequest<unknown, {
+    id: string;
+}>, res: MedusaResponse) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/viva/admin/connected-accounts/[id]/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../src/api/viva/admin/connected-accounts/[id]/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAS9E,eAAO,MAAM,GAAG,GACd,KAAK,aAAa,CAAC,OAAO,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC,EAC3C,KAAK,cAAc,KAClB,OAAO,CAAC,IAAI,CAqCd,CAAC"}

package/dist/api/viva/admin/connected-accounts/[id]/route.js ADDED Viewed

@@ -0,0 +1,59 @@
+"use strict";
+/**
+ * route.ts — GET /viva/admin/connected-accounts/:id
+ *
+ * ISV-only admin endpoint. Returns the current onboarding/verification status
+ * of a connected account by id.
+ *
+ *   1. Validates plugin is in ISV mode (404 in merchant mode).
+ *   2. Validates admin token (401 if missing/wrong).
+ *   3. Calls `IsvAccounts.retrieveConnectedAccount` against Viva.
+ *   4. Returns the response body.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (mode-surface gating)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GET = void 0;
+const isv_1 = require("@sakeetech/viva-payments-core/isv");
+const errors_1 = require("@sakeetech/viva-payments-core/errors");
+const config_js_1 = require("../../../../../config.js");
+const auth_strategy_factory_js_1 = require("../../../../../resolvers/auth-strategy-factory.js");
+const _mode_gate_js_1 = require("../../_mode-gate.js");
+const _admin_auth_js_1 = require("../../_admin-auth.js");
+const GET = async (req, res) => {
+    if ((0, _mode_gate_js_1.reject404IfNotIsv)(req, res))
+        return;
+    if ((0, _admin_auth_js_1.reject401IfUnauthorized)(req, res))
+        return;
+    const id = req.params?.id;
+    if (!id) {
+        res.status(400).json({ error: 'id is required' });
+        return;
+    }
+    try {
+        const config = (0, config_js_1.loadConfigFromEnv)(process.env);
+        const authStrategies = (0, auth_strategy_factory_js_1.buildAuthStrategies)(config);
+        const httpClient = new isv_1.IsvHttpClient({
+            environment: config.environment,
+            authStrategy: authStrategies.primary,
+        });
+        const accounts = new isv_1.IsvAccounts(httpClient);
+        const account = await accounts.retrieveConnectedAccount(id);
+        res.status(200).json(account);
+    }
+    catch (err) {
+        if (err instanceof errors_1.VivaApiError) {
+            res.status(err.httpStatus ?? 502).json({
+                error: 'viva_api_error',
+                code: err.code,
+                message: err.message,
+            });
+            return;
+        }
+        const logger = req.scope?.resolve?.('logger');
+        logger?.error?.(`[viva] GET /viva/admin/connected-accounts/:id failed: ${err instanceof Error ? err.message : String(err)}`);
+        res.status(500).json({ error: 'internal_error' });
+    }
+};
+exports.GET = GET;
+//# sourceMappingURL=route.js.map

package/dist/api/viva/admin/connected-accounts/[id]/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../src/api/viva/admin/connected-accounts/[id]/route.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAGH,2DAA+E;AAC/E,iEAAoE;AAEpE,wDAA6D;AAC7D,gGAAwF;AACxF,uDAAwD;AACxD,yDAA+D;AAExD,MAAM,GAAG,GAAG,KAAK,EACtB,GAA2C,EAC3C,GAAmB,EACJ,EAAE;IACjB,IAAI,IAAA,iCAAiB,EAAC,GAAG,EAAE,GAAG,CAAC;QAAE,OAAO;IACxC,IAAI,IAAA,wCAAuB,EAAC,GAAG,EAAE,GAAG,CAAC;QAAE,OAAO;IAE9C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAC1B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAClD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAA,8CAAmB,EAAC,MAAM,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,IAAI,mBAAa,CAAC;YACnC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,cAAc,CAAC,OAAO;SACrC,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,iBAAW,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC,EAAwB,CAAC,CAAC;QAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,qBAAY,EAAE,CAAC;YAChC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACrC,KAAK,EAAE,gBAAgB;gBACvB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,QAAQ,CAE/B,CAAC;QACd,MAAM,EAAE,KAAK,EAAE,CACb,yDAAyD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC5G,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpD,CAAC;AACH,CAAC,CAAC;AAxCW,QAAA,GAAG,OAwCd"}

package/dist/api/viva/admin/connected-accounts/[id]/sources/route.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * route.ts — POST /viva/admin/connected-accounts/:id/sources
+ *
+ * ISV-only admin endpoint. Creates a payment source (ecommerce or physical)
+ * on a connected merchant's Viva account via `POST /api/sources` on the
+ * legacy host, authenticated with **Reseller Basic** auth.
+ *
+ *   1. Validates plugin is in ISV mode (404 in merchant mode).
+ *   2. Validates admin token (401 if missing/wrong).
+ *   3. Requires `config.reseller` (412 with `VIVA_RESELLER_CREDENTIALS_MISSING`).
+ *   4. Resolves the connected merchant's `merchantId` UUID via
+ *      `IsvAccounts.retrieveConnectedAccount(:id)` — 409 with
+ *      `VIVA_ACCOUNT_NOT_VERIFIED` when `verified !== true` or `merchantId`
+ *      is null.
+ *   5. Builds a per-request `BasicAuthClient` with `authVariant: 'reseller'`
+ *      whose username slot carries `resellerId:account.merchantId` (NOT the
+ *      platform's merchant id — see AUTH.md §1.2 line 98 + ENDPOINTS.md §5.1).
+ *   6. Calls `IsvSources.createEcommerceSource` or `createPhysicalSource`
+ *      based on the body's `kind` discriminator.
+ *   7. Returns 201 + `{ sourceCode, name, kind }`.
+ *
+ * Viva 4xx on `/api/sources` is mapped to 422 with `VIVA_SOURCE_CREATION_FAILED`.
+ * Viva 5xx / non-API errors fall through to the existing 5xx envelope.
+ *
+ * @see docs/plans/multi-mode-v0.md §6 (admin REST table)
+ * @see docs/ENDPOINTS.md §5.1
+ * @see docs/AUTH.md §1.2 (Reseller Basic)
+ * @see docs/ERRORS.md (VIVA_SOURCE_CREATION_FAILED, VIVA_RESELLER_CREDENTIALS_MISSING)
+ */
+import type { MedusaRequest, MedusaResponse } from '@medusajs/framework/http';
+export declare const POST: (req: MedusaRequest<unknown, {
+    id: string;
+}>, res: MedusaResponse) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/viva/admin/connected-accounts/[id]/sources/route.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/api/viva/admin/connected-accounts/[id]/sources/route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAyH9E,eAAO,MAAM,IAAI,GACf,KAAK,aAAa,CAAC,OAAO,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC,EAC3C,KAAK,cAAc,KAClB,OAAO,CAAC,IAAI,CAoId,CAAC"}