@thebookingkit/server 0.1.2 → 0.1.3

package/dist/workflows.js

@@ -0,0 +1,251 @@
+/**
+ * Workflow automation engine.
+ *
+ * Trigger-condition-action framework that automates tasks
+ * based on booking lifecycle events.
+ */
+// ---------------------------------------------------------------------------
+// Errors
+// ---------------------------------------------------------------------------
+/** Error thrown when workflow validation fails */
+export class WorkflowValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "WorkflowValidationError";
+    }
+}
+// ---------------------------------------------------------------------------
+// Template Variables
+// ---------------------------------------------------------------------------
+/** Standard template variables available in workflow messages */
+export const TEMPLATE_VARIABLES = [
+    "{booking.title}",
+    "{booking.startTime}",
+    "{booking.endTime}",
+    "{booking.date}",
+    "{attendee.name}",
+    "{attendee.email}",
+    "{host.name}",
+    "{event.location}",
+    "{event.duration}",
+    "{booking.managementUrl}",
+];
+/**
+ * Resolve template variables in a string using workflow context.
+ *
+ * Missing variables are replaced with empty strings.
+ *
+ * @param template - The template string with `{variable}` placeholders
+ * @param context - The workflow context with booking/event data
+ * @returns The resolved string
+ */
+export function resolveTemplateVariables(template, context) {
+    const vars = {
+        "{booking.title}": context.eventTitle ?? "",
+        "{booking.startTime}": context.startsAt
+            ? formatTime(context.startsAt)
+            : "",
+        "{booking.endTime}": context.endsAt ? formatTime(context.endsAt) : "",
+        "{booking.date}": context.startsAt ? formatDate(context.startsAt) : "",
+        "{attendee.name}": context.customerName ?? "",
+        "{attendee.email}": context.customerEmail ?? "",
+        "{host.name}": context.hostName ?? "",
+        "{event.location}": context.eventLocation ?? "",
+        "{event.duration}": context.eventDuration
+            ? `${context.eventDuration} minutes`
+            : "",
+        "{booking.managementUrl}": context.managementUrl ?? "",
+    };
+    let result = template;
+    for (const [key, value] of Object.entries(vars)) {
+        result = result.replaceAll(key, value);
+    }
+    return result;
+}
+function formatTime(date) {
+    return date.toLocaleTimeString("en-US", {
+        hour: "numeric",
+        minute: "2-digit",
+        hour12: true,
+    });
+}
+function formatDate(date) {
+    return date.toLocaleDateString("en-US", {
+        weekday: "long",
+        year: "numeric",
+        month: "long",
+        day: "numeric",
+    });
+}
+// ---------------------------------------------------------------------------
+// Default Templates
+// ---------------------------------------------------------------------------
+/** Default workflow templates for common scenarios */
+export const DEFAULT_TEMPLATES = {
+    confirmation: {
+        subject: "Booking Confirmed: {booking.title}",
+        body: "Hi {attendee.name},\n\nYour booking for {booking.title} on {booking.date} at {booking.startTime} has been confirmed.\n\nDuration: {event.duration}\nLocation: {event.location}\n\nManage your booking: {booking.managementUrl}\n\nBest regards,\n{host.name}",
+    },
+    reminder_24h: {
+        subject: "Reminder: {booking.title} tomorrow",
+        body: "Hi {attendee.name},\n\nThis is a reminder that you have a booking for {booking.title} tomorrow at {booking.startTime}.\n\nLocation: {event.location}\n\nManage your booking: {booking.managementUrl}\n\nSee you soon,\n{host.name}",
+    },
+    reminder_1h: {
+        subject: "Reminder: {booking.title} in 1 hour",
+        body: "Hi {attendee.name},\n\nYour booking for {booking.title} starts in 1 hour at {booking.startTime}.\n\nLocation: {event.location}\n\nSee you soon,\n{host.name}",
+    },
+    cancellation: {
+        subject: "Booking Cancelled: {booking.title}",
+        body: "Hi {attendee.name},\n\nYour booking for {booking.title} on {booking.date} at {booking.startTime} has been cancelled.\n\nIf you'd like to rebook, please visit our booking page.\n\nBest regards,\n{host.name}",
+    },
+    followup: {
+        subject: "How was your {booking.title}?",
+        body: "Hi {attendee.name},\n\nThank you for your recent {booking.title} with {host.name}.\n\nWe hope you had a great experience! If you'd like to book again, we'd love to see you.\n\nBest regards,\n{host.name}",
+    },
+};
+// ---------------------------------------------------------------------------
+// Condition Evaluation
+// ---------------------------------------------------------------------------
+/**
+ * Evaluate whether a workflow's conditions are met for the given context.
+ *
+ * If no conditions are defined, returns true (unconditional trigger).
+ * All conditions must match (AND logic).
+ *
+ * @param conditions - Array of workflow conditions
+ * @param context - The workflow context data
+ * @returns Whether all conditions are satisfied
+ */
+export function evaluateConditions(conditions, context) {
+    if (conditions.length === 0)
+        return true;
+    return conditions.every((condition) => {
+        const fieldValue = String(context[condition.field] ?? "");
+        switch (condition.operator) {
+            case "equals":
+                return fieldValue === String(condition.value);
+            case "not_equals":
+                return fieldValue !== String(condition.value);
+            case "contains":
+                return fieldValue
+                    .toLowerCase()
+                    .includes(String(condition.value).toLowerCase());
+            case "in": {
+                const values = Array.isArray(condition.value)
+                    ? condition.value
+                    : [condition.value];
+                return values.includes(fieldValue);
+            }
+            default:
+                return false;
+        }
+    });
+}
+// ---------------------------------------------------------------------------
+// Workflow Validation
+// ---------------------------------------------------------------------------
+/** Valid triggers for workflows */
+const VALID_TRIGGERS = [
+    "booking_created",
+    "booking_confirmed",
+    "booking_cancelled",
+    "booking_rescheduled",
+    "before_event",
+    "after_event",
+    "payment_received",
+    "payment_failed",
+    "no_show_confirmed",
+    "form_submitted",
+];
+/** Valid action types */
+const VALID_ACTION_TYPES = [
+    "send_email",
+    "send_sms",
+    "fire_webhook",
+    "update_status",
+    "create_calendar_event",
+];
+/**
+ * Validate a workflow definition.
+ *
+ * @param workflow - The workflow to validate
+ * @throws {WorkflowValidationError} If the workflow is invalid
+ */
+export function validateWorkflow(workflow) {
+    if (!workflow.name || workflow.name.trim().length === 0) {
+        throw new WorkflowValidationError("Workflow name is required");
+    }
+    if (!VALID_TRIGGERS.includes(workflow.trigger)) {
+        throw new WorkflowValidationError(`Invalid trigger: "${workflow.trigger}". Must be one of: ${VALID_TRIGGERS.join(", ")}`);
+    }
+    if (!Array.isArray(workflow.actions) || workflow.actions.length === 0) {
+        throw new WorkflowValidationError("Workflow must have at least one action");
+    }
+    for (const action of workflow.actions) {
+        if (!VALID_ACTION_TYPES.includes(action.type)) {
+            throw new WorkflowValidationError(`Invalid action type: "${action.type}"`);
+        }
+        validateAction(action);
+    }
+    for (const condition of workflow.conditions) {
+        if (!condition.field || condition.field.trim().length === 0) {
+            throw new WorkflowValidationError("Condition field is required");
+        }
+        if (!["equals", "not_equals", "contains", "in"].includes(condition.operator)) {
+            throw new WorkflowValidationError(`Invalid condition operator: "${condition.operator}"`);
+        }
+    }
+}
+function validateAction(action) {
+    switch (action.type) {
+        case "send_email":
+            if (!action.to) {
+                throw new WorkflowValidationError("Email action requires 'to' field");
+            }
+            if (!action.subject) {
+                throw new WorkflowValidationError("Email action requires 'subject' field");
+            }
+            if (!action.body) {
+                throw new WorkflowValidationError("Email action requires 'body' field");
+            }
+            break;
+        case "send_sms":
+            if (!action.to) {
+                throw new WorkflowValidationError("SMS action requires 'to' field");
+            }
+            if (!action.body) {
+                throw new WorkflowValidationError("SMS action requires 'body' field");
+            }
+            break;
+        case "fire_webhook":
+            if (!action.url) {
+                throw new WorkflowValidationError("Webhook action requires 'url' field");
+            }
+            break;
+        case "update_status":
+            if (!action.status) {
+                throw new WorkflowValidationError("Status update action requires 'status' field");
+            }
+            break;
+        case "create_calendar_event":
+            // No required fields
+            break;
+    }
+}
+// ---------------------------------------------------------------------------
+// Workflow Matching
+// ---------------------------------------------------------------------------
+/**
+ * Find all active workflows that match a given trigger and context.
+ *
+ * @param workflows - All available workflows
+ * @param trigger - The trigger event that occurred
+ * @param context - The workflow context data
+ * @returns Workflows that should be executed
+ */
+export function matchWorkflows(workflows, trigger, context) {
+    return workflows.filter((w) => w.isActive &&
+        w.trigger === trigger &&
+        evaluateConditions(w.conditions, context));
+}
+//# sourceMappingURL=workflows.js.map

package/dist/workflows.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflows.js","sourceRoot":"","sources":["../src/workflows.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuIH,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,kDAAkD;AAClD,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,iEAAiE;AACjE,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,gBAAgB;IAChB,iBAAiB;IACjB,kBAAkB;IAClB,aAAa;IACb,kBAAkB;IAClB,kBAAkB;IAClB,yBAAyB;CACjB,CAAC;AAEX;;;;;;;;GAQG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,OAAwB;IAExB,MAAM,IAAI,GAA2B;QACnC,iBAAiB,EAAE,OAAO,CAAC,UAAU,IAAI,EAAE;QAC3C,qBAAqB,EAAE,OAAO,CAAC,QAAQ;YACrC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9B,CAAC,CAAC,EAAE;QACN,mBAAmB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;QACrE,gBAAgB,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QACtE,iBAAiB,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE;QAC7C,kBAAkB,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;QAC/C,aAAa,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;QACrC,kBAAkB,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;QAC/C,kBAAkB,EAAE,OAAO,CAAC,aAAa;YACvC,CAAC,CAAC,GAAG,OAAO,CAAC,aAAa,UAAU;YACpC,CAAC,CAAC,EAAE;QACN,yBAAyB,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE;KACvD,CAAC;IAEF,IAAI,MAAM,GAAG,QAAQ,CAAC;IACtB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,UAAU,CAAC,IAAU;IAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE;QACtC,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,IAAI;KACb,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,IAAU;IAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE;QACtC,OAAO,EAAE,MAAM;QACf,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,MAAM;QACb,GAAG,EAAE,SAAS;KACf,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,sDAAsD;AACtD,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,YAAY,EAAE;QACZ,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,8PAA8P;KACrQ;IACD,YAAY,EAAE;QACZ,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,oOAAoO;KAC3O;IACD,WAAW,EAAE;QACX,OAAO,EAAE,qCAAqC;QAC9C,IAAI,EAAE,8JAA8J;KACrK;IACD,YAAY,EAAE;QACZ,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,+MAA+M;KACtN;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,4MAA4M;KACnN;CACO,CAAC;AAEX,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAA+B,EAC/B,OAAwB;IAExB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEzC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE;QACpC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAE1D,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3B,KAAK,QAAQ;gBACX,OAAO,UAAU,KAAK,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAChD,KAAK,YAAY;gBACf,OAAO,UAAU,KAAK,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAChD,KAAK,UAAU;gBACb,OAAO,UAAU;qBACd,WAAW,EAAE;qBACb,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACrD,KAAK,IAAI,CAAC,CAAC,CAAC;gBACV,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC;oBAC3C,CAAC,CAAC,SAAS,CAAC,KAAK;oBACjB,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACtB,OAAO,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACrC,CAAC;YACD;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,mCAAmC;AACnC,MAAM,cAAc,GAAsB;IACxC,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,qBAAqB;IACrB,cAAc;IACd,aAAa;IACb,kBAAkB;IAClB,gBAAgB;IAChB,mBAAmB;IACnB,gBAAgB;CACjB,CAAC;AAEF,yBAAyB;AACzB,MAAM,kBAAkB,GAAyB;IAC/C,YAAY;IACZ,UAAU;IACV,cAAc;IACd,eAAe;IACf,uBAAuB;CACxB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAA4B;IAC3D,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,uBAAuB,CAAC,2BAA2B,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,uBAAuB,CAC/B,qBAAqB,QAAQ,CAAC,OAAO,sBAAsB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,uBAAuB,CAC/B,wCAAwC,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,uBAAuB,CAC/B,yBAAyB,MAAM,CAAC,IAAI,GAAG,CACxC,CAAC;QACJ,CAAC;QAED,cAAc,CAAC,MAAM,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,uBAAuB,CAAC,6BAA6B,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,uBAAuB,CAC/B,gCAAgC,SAAS,CAAC,QAAQ,GAAG,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAsB;IAC5C,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,YAAY;YACf,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,IAAI,uBAAuB,CAAC,kCAAkC,CAAC,CAAC;YACxE,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,uBAAuB,CAC/B,uCAAuC,CACxC,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,IAAI,uBAAuB,CAAC,oCAAoC,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM;QAER,KAAK,UAAU;YACb,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,IAAI,uBAAuB,CAAC,gCAAgC,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,IAAI,uBAAuB,CAAC,kCAAkC,CAAC,CAAC;YACxE,CAAC;YACD,MAAM;QAER,KAAK,cAAc;YACjB,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,IAAI,uBAAuB,CAC/B,qCAAqC,CACtC,CAAC;YACJ,CAAC;YACD,MAAM;QAER,KAAK,eAAe;YAClB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,IAAI,uBAAuB,CAC/B,8CAA8C,CAC/C,CAAC;YACJ,CAAC;YACD,MAAM;QAER,KAAK,uBAAuB;YAC1B,qBAAqB;YACrB,MAAM;IACV,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,SAA+B,EAC/B,OAAwB,EACxB,OAAwB;IAExB,OAAO,SAAS,CAAC,MAAM,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,OAAO,KAAK,OAAO;QACrB,kBAAkB,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,CAC5C,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,21 @@
 {
   "name": "@thebookingkit/server",
-  "version": "0.1.2",
+  "version": "0.1.3",
+  "description": "Backend APIs, auth middleware, webhooks, notifications, and multi-tenant utilities for The Booking Kit",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/thebookingkit/thebookingkit.git",
+    "directory": "packages/server"
+  },
+  "homepage": "https://thebookingkit.com",
+  "keywords": [
+    "thebookingkit",
+    "booking",
+    "scheduling",
+    "server",
+    "api"
+  ],
   "publishConfig": {
     "access": "public"
   },
@@ -14,6 +29,10 @@
       "types": "./dist/index.d.ts"
     }
   },
+  "files": [
+    "dist",
+    "!dist/__tests__"
+  ],
   "scripts": {
     "build": "tsc",
     "prepublishOnly": "npm run build",
@@ -22,7 +41,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@thebookingkit/core": "^0.1.1"
+    "@thebookingkit/core": "^0.1.3"
   },
   "devDependencies": {
     "@types/node": "^25.3.5",

package/CHANGELOG.md

@@ -1,9 +0,0 @@
-# @thebookingkit/server
-
-## 0.1.1
-
-### Patch Changes
-
-- Initial release of The Booking Kit packages.
-- Updated dependencies
-  - @thebookingkit/core@0.1.1

package/src/__tests__/api.test.ts

@@ -1,354 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import {
-  createErrorResponse,
-  createSuccessResponse,
-  createPaginatedResponse,
-  generateApiKey,
-  hashApiKey,
-  verifyApiKey,
-  hasScope,
-  isKeyExpired,
-  checkRateLimit,
-  encodeCursor,
-  decodeCursor,
-  validateSlotQueryParams,
-  parseSortParam,
-  API_ERROR_CODES,
-  type ApiKeyScope,
-} from "../api.js";
-
-// Set the required env var for API key hashing in tests
-process.env.THEBOOKINGKIT_API_KEY_SECRET = "test-secret-for-unit-tests-only";
-
-// ---------------------------------------------------------------------------
-// Response Helpers
-// ---------------------------------------------------------------------------
-
-describe("createErrorResponse", () => {
-  it("creates a standard error envelope", () => {
-    const response = createErrorResponse("NOT_FOUND", "Booking not found");
-    expect(response).toEqual({
-      error: { code: "NOT_FOUND", message: "Booking not found" },
-    });
-  });
-
-  it("includes details when provided", () => {
-    const response = createErrorResponse(
-      "VALIDATION_ERROR",
-      "Invalid input",
-      { field: "email" },
-    );
-    expect(response.error.details).toEqual({ field: "email" });
-  });
-
-  it("omits details when not provided", () => {
-    const response = createErrorResponse("UNAUTHORIZED", "Invalid key");
-    expect(response.error.details).toBeUndefined();
-  });
-});
-
-describe("createSuccessResponse", () => {
-  it("wraps data in a success envelope", () => {
-    const response = createSuccessResponse({ id: "bk-1" });
-    expect(response).toEqual({ data: { id: "bk-1" } });
-  });
-
-  it("includes meta when provided", () => {
-    const response = createSuccessResponse([], {
-      nextCursor: "abc",
-      hasMore: true,
-    });
-    expect(response.meta?.nextCursor).toBe("abc");
-  });
-});
-
-describe("createPaginatedResponse", () => {
-  it("creates paginated response with cursor", () => {
-    const response = createPaginatedResponse(["a", "b"], "cursor123", 10);
-    expect(response.data).toEqual(["a", "b"]);
-    expect(response.meta.nextCursor).toBe("cursor123");
-    expect(response.meta.hasMore).toBe(true);
-    expect(response.meta.total).toBe(10);
-  });
-
-  it("marks hasMore false when nextCursor is null", () => {
-    const response = createPaginatedResponse(["a"], null);
-    expect(response.meta.hasMore).toBe(false);
-    expect(response.meta.nextCursor).toBeNull();
-  });
-});
-
-// ---------------------------------------------------------------------------
-// API Key Management
-// ---------------------------------------------------------------------------
-
-describe("generateApiKey", () => {
-  it("generates a key with the given prefix", () => {
-    const { key } = generateApiKey("sk_live_");
-    expect(key).toMatch(/^sk_live_[0-9a-f]{64}$/);
-  });
-
-  it("generates a display prefix", () => {
-    const { prefix } = generateApiKey("sk_live_");
-    expect(prefix).toContain("...");
-  });
-
-  it("generates a 64-char hex hash", () => {
-    const { hash } = generateApiKey();
-    expect(hash).toMatch(/^[0-9a-f]{64}$/);
-  });
-
-  it("generates unique keys each time", () => {
-    const { key: k1 } = generateApiKey();
-    const { key: k2 } = generateApiKey();
-    expect(k1).not.toBe(k2);
-  });
-});
-
-describe("hashApiKey", () => {
-  it("throws when THEBOOKINGKIT_API_KEY_SECRET is missing", () => {
-    const original = process.env.THEBOOKINGKIT_API_KEY_SECRET;
-    delete process.env.THEBOOKINGKIT_API_KEY_SECRET;
-    try {
-      expect(() => hashApiKey("sk_live_test")).toThrow(
-        "THEBOOKINGKIT_API_KEY_SECRET environment variable is required",
-      );
-    } finally {
-      process.env.THEBOOKINGKIT_API_KEY_SECRET = original;
-    }
-  });
-
-  it("accepts an explicit secret parameter", () => {
-    const hash = hashApiKey("sk_live_test", "my-explicit-secret");
-    expect(hash).toMatch(/^[0-9a-f]{64}$/);
-  });
-});
-
-describe("verifyApiKey", () => {
-  it("returns true for correct key", () => {
-    const { key, hash } = generateApiKey();
-    expect(verifyApiKey(key, hash)).toBe(true);
-  });
-
-  it("returns false for tampered key", () => {
-    const { hash } = generateApiKey();
-    expect(verifyApiKey("sk_live_wrong", hash)).toBe(false);
-  });
-
-  it("returns false for wrong hash", () => {
-    const { key } = generateApiKey();
-    const { hash: otherHash } = generateApiKey();
-    expect(verifyApiKey(key, otherHash)).toBe(false);
-  });
-});
-
-describe("hasScope", () => {
-  it("returns true when scope is present", () => {
-    const scopes: ApiKeyScope[] = ["read:bookings", "write:bookings"];
-    expect(hasScope(scopes, "read:bookings")).toBe(true);
-  });
-
-  it("returns false when scope is absent", () => {
-    const scopes: ApiKeyScope[] = ["read:bookings"];
-    expect(hasScope(scopes, "write:bookings")).toBe(false);
-  });
-
-  it("admin scope grants all permissions", () => {
-    const scopes: ApiKeyScope[] = ["admin"];
-    expect(hasScope(scopes, "read:bookings")).toBe(true);
-    expect(hasScope(scopes, "write:event-types")).toBe(true);
-    expect(hasScope(scopes, "write:webhooks")).toBe(true);
-  });
-});
-
-describe("isKeyExpired", () => {
-  it("returns false for no expiry", () => {
-    expect(isKeyExpired(undefined)).toBe(false);
-    expect(isKeyExpired(null)).toBe(false);
-  });
-
-  it("returns true for past expiry", () => {
-    expect(isKeyExpired(new Date(Date.now() - 1000))).toBe(true);
-  });
-
-  it("returns false for future expiry", () => {
-    expect(isKeyExpired(new Date(Date.now() + 86400000))).toBe(false);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Rate Limiting
-// ---------------------------------------------------------------------------
-
-describe("checkRateLimit", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date("2026-03-15T14:00:00.000Z"));
-  });
-
-  afterEach(() => {
-    vi.useRealTimers();
-  });
-
-  it("allows first request", () => {
-    const { result } = checkRateLimit(null, 120);
-    expect(result.allowed).toBe(true);
-    expect(result.remaining).toBe(119);
-    expect(result.limit).toBe(120);
-  });
-
-  it("tracks requests within a window", () => {
-    const { newState } = checkRateLimit(null, 120);
-    const { result } = checkRateLimit(newState, 120);
-    expect(result.allowed).toBe(true);
-    expect(result.remaining).toBe(118);
-  });
-
-  it("blocks requests when limit exceeded", () => {
-    let state = checkRateLimit(null, 2).newState;
-    state = checkRateLimit(state, 2).newState;
-    const { result } = checkRateLimit(state, 2);
-    expect(result.allowed).toBe(false);
-    expect(result.remaining).toBe(0);
-  });
-
-  it("resets counter in new window", () => {
-    let state = checkRateLimit(null, 2).newState;
-    state = checkRateLimit(state, 2).newState;
-    // Advance to next minute
-    vi.advanceTimersByTime(60 * 1000);
-    const { result } = checkRateLimit(state, 2);
-    expect(result.allowed).toBe(true);
-    expect(result.remaining).toBe(1);
-  });
-});
-
-// ---------------------------------------------------------------------------
-// Cursor Pagination
-// ---------------------------------------------------------------------------
-
-describe("encodeCursor / decodeCursor", () => {
-  it("round-trips cursor data", () => {
-    const data = { id: "bk-1", createdAt: "2026-03-15T14:00:00Z" };
-    const cursor = encodeCursor(data);
-    const decoded = decodeCursor(cursor);
-    expect(decoded).toEqual(data);
-  });
-
-  it("returns null for invalid cursor", () => {
-    expect(decodeCursor("not-valid-base64!!!")).toBeNull();
-  });
-
-  it("returns null for non-JSON cursor", () => {
-    const cursor = Buffer.from("not json").toString("base64url");
-    expect(decodeCursor(cursor)).toBeNull();
-  });
-});
-
-// ---------------------------------------------------------------------------
-// validateSlotQueryParams
-// ---------------------------------------------------------------------------
-
-describe("validateSlotQueryParams", () => {
-  const validParams = {
-    providerId: "prov-1",
-    start: "2026-03-15",
-    end: "2026-04-15",
-    timezone: "America/New_York",
-  };
-
-  it("accepts valid params", () => {
-    const result = validateSlotQueryParams(validParams);
-    expect(result.valid).toBe(true);
-    expect(result.errors).toHaveLength(0);
-  });
-
-  it("accepts teamId instead of providerId", () => {
-    const result = validateSlotQueryParams({
-      teamId: "team-1",
-      start: "2026-03-15",
-      end: "2026-04-15",
-    });
-    expect(result.valid).toBe(true);
-  });
-
-  it("rejects missing providerId and teamId", () => {
-    const result = validateSlotQueryParams({
-      start: "2026-03-15",
-      end: "2026-04-15",
-    });
-    expect(result.valid).toBe(false);
-    expect(result.errors[0].field).toBe("providerId");
-  });
-
-  it("rejects missing start date", () => {
-    const result = validateSlotQueryParams({
-      providerId: "p1",
-      end: "2026-04-15",
-    });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.field === "start")).toBe(true);
-  });
-
-  it("rejects invalid start date", () => {
-    const result = validateSlotQueryParams({
-      providerId: "p1",
-      start: "not-a-date",
-      end: "2026-04-15",
-    });
-    expect(result.valid).toBe(false);
-  });
-
-  it("rejects end before start", () => {
-    const result = validateSlotQueryParams({
-      providerId: "p1",
-      start: "2026-04-15",
-      end: "2026-03-15",
-    });
-    expect(result.valid).toBe(false);
-    expect(result.errors.some((e) => e.message.includes("after start"))).toBe(
-      true,
-    );
-  });
-});
-
-// ---------------------------------------------------------------------------
-// parseSortParam
-// ---------------------------------------------------------------------------
-
-describe("parseSortParam", () => {
-  const allowedFields = ["createdAt", "startsAt", "status"];
-
-  it("parses ascending sort", () => {
-    const result = parseSortParam("startsAt", allowedFields);
-    expect(result).toEqual({ field: "startsAt", direction: "asc" });
-  });
-
-  it("parses descending sort with leading minus", () => {
-    const result = parseSortParam("-createdAt", allowedFields);
-    expect(result).toEqual({ field: "createdAt", direction: "desc" });
-  });
-
-  it("returns null for invalid field", () => {
-    expect(parseSortParam("unknownField", allowedFields)).toBeNull();
-  });
-
-  it("returns null for undefined input", () => {
-    expect(parseSortParam(undefined, allowedFields)).toBeNull();
-  });
-});
-
-// ---------------------------------------------------------------------------
-// API_ERROR_CODES
-// ---------------------------------------------------------------------------
-
-describe("API_ERROR_CODES", () => {
-  it("exports all standard error codes", () => {
-    expect(API_ERROR_CODES.NOT_FOUND).toBe("NOT_FOUND");
-    expect(API_ERROR_CODES.UNAUTHORIZED).toBe("UNAUTHORIZED");
-    expect(API_ERROR_CODES.FORBIDDEN).toBe("FORBIDDEN");
-    expect(API_ERROR_CODES.VALIDATION_ERROR).toBe("VALIDATION_ERROR");
-    expect(API_ERROR_CODES.RATE_LIMITED).toBe("RATE_LIMITED");
-    expect(API_ERROR_CODES.CONFLICT).toBe("CONFLICT");
-  });
-});