@unifiedcommerce/core 0.3.3 → 0.4.0

package/dist/auth/setup.d.ts

@@ -1,70 +1,29 @@
+import { betterAuth } from "better-auth";
+import { apiKey } from "@better-auth/api-key";
+import { organization, twoFactor, phoneNumber, jwt, bearer } from "better-auth/plugins";
 import type { CommerceConfig } from "../config/types.js";
 import type { DatabaseAdapter } from "../kernel/database/adapter.js";
-/** Member shape returned by Better Auth's organization plugin */
-export interface OrgMember {
-    id: string;
-    userId: string;
-    organizationId: string;
-    role: string;
-    createdAt: string;
-}
-export interface AuthInstance {
-    handler(request: Request): Promise<Response>;
-    api: {
-        getSession(input: {
-            headers: Headers;
-        }): Promise<unknown>;
-        getActiveMemberRole?: (input: {
-            headers: Headers;
-        }) => Promise<{
-            role: string;
-        } | null>;
-        getFullOrganization?: (input: {
-            query: {
-                organizationId: string;
-            };
-            headers: Headers;
-        }) => Promise<{
-            id: string;
-            name: string;
-            members: OrgMember[];
-        } | null>;
-        listMembers?: (input: {
-            query: {
-                organizationId: string;
-            };
-        }) => Promise<OrgMember[]>;
-        verifyApiKey?: (input: {
-            body: {
-                key: string;
-                permissions?: Record<string, string[]>;
-            };
-        }) => Promise<{
-            valid: boolean;
-            error: {
-                message: string;
-                code: string;
-            } | null;
-            key: Record<string, unknown> | null;
-        }>;
-        createApiKey?: (input: {
-            body: {
-                configId?: string;
-                name?: string;
-                permissions?: Record<string, string[]>;
-                userId?: string;
-                organizationId?: string;
-            };
-            headers?: Headers;
-        }) => Promise<{
-            key: string;
-            id: string;
-        }>;
-        /** Allow access to other Better Auth API methods added by plugins */
-        [key: string]: unknown;
-    };
-    options?: Record<string, unknown>;
-    $context?: Promise<unknown>;
-}
+/**
+ * The auth type is inferred from `typeof betterAuth(...)` with all plugins enabled.
+ * This gives us the full API surface without manual interface maintenance.
+ *
+ * We use a type-level-only reference (never executed) to capture the complete type.
+ */
+type FullBetterAuth = ReturnType<typeof betterAuth<{
+    plugins: [
+        ReturnType<typeof organization>,
+        ReturnType<typeof bearer>,
+        ReturnType<typeof jwt>,
+        ReturnType<typeof twoFactor>,
+        ReturnType<typeof apiKey>,
+        ReturnType<typeof phoneNumber>
+    ];
+}>>;
+/**
+ * AuthInstance — inferred from Better Auth with all plugins.
+ * No manual type maintenance needed.
+ */
+export type AuthInstance = FullBetterAuth;
 export declare function createAuth(db: DatabaseAdapter, config: CommerceConfig): AuthInstance;
+export {};
 //# sourceMappingURL=setup.d.ts.map

package/dist/auth/setup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgCrE,iEAAiE;AACjE,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,EAAE;QACH,UAAU,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAG1D,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC,CAAC;QACxF,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,KAAK,EAAE;gBAAE,cAAc,EAAE,MAAM,CAAA;aAAE,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;YAChG,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,SAAS,EAAE,CAAC;SACtB,GAAG,IAAI,CAAC,CAAC;QACV,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,KAAK,EAAE;gBAAE,cAAc,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAGrF,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;aAAE,CAAC;SAC/D,KAAK,OAAO,CAAC;YACZ,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YAChD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;SACrC,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBACJ,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAClB,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACvC,MAAM,CAAC,EAAE,MAAM,CAAC;gBAChB,cAAc,CAAC,EAAE,MAAM,CAAC;aACzB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,KAAK,OAAO,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAE3C,qEAAqE;QACrE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B;AAED,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,CAuHd"}
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AACxF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAiBrE;;;;;GAKG;AACH,KAAK,cAAc,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC;IACjD,OAAO,EAAE;QACP,UAAU,CAAC,OAAO,YAAY,CAAC;QAC/B,UAAU,CAAC,OAAO,MAAM,CAAC;QACzB,UAAU,CAAC,OAAO,GAAG,CAAC;QACtB,UAAU,CAAC,OAAO,SAAS,CAAC;QAC5B,UAAU,CAAC,OAAO,MAAM,CAAC;QACzB,UAAU,CAAC,OAAO,WAAW,CAAC;KAC/B,CAAC;CACH,CAAC,CAAC,CAAC;AAEJ;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,cAAc,CAAC;AAE1C,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,CA+Gd"}

package/dist/auth/setup.js

@@ -4,24 +4,17 @@ import { apiKey } from "@better-auth/api-key";
 import { organization, twoFactor, phoneNumber, jwt, bearer } from "better-auth/plugins";
 import * as authSchema from "./auth-schema.js";
 function resolveAuthDbProvider(provider) {
-    if (provider === "postgres" ||
-        provider === "postgresql" ||
-        provider === "pg") {
+    if (provider === "postgres" || provider === "postgresql" || provider === "pg")
         return "pg";
-    }
-    if (provider === "mysql") {
+    if (provider === "mysql")
         return "mysql";
-    }
-    if (provider === "sqlite") {
+    if (provider === "sqlite")
         return "sqlite";
-    }
-    throw new Error(`Unsupported auth database provider "${provider}". Expected one of: postgres, mysql, sqlite.`);
+    throw new Error(`Unsupported auth database provider "${provider}".`);
 }
 export function createAuth(db, config) {
     const plugins = [
         organization({
-            // Better Auth's Role includes `authorize` and `statements` fields that
-            // our RoleDefinition doesn't have. Double-cast is required — upstream type gap.
             roles: (config.auth?.roles ?? {}),
         }),
         bearer(),
@@ -30,7 +23,6 @@ export function createAuth(db, config) {
     if (config.auth?.twoFactor?.enabled) {
         plugins.push(twoFactor({ issuer: config.storeName ?? "UnifiedCommerce" }));
     }
-    // Configure API key plugin — one config per defined scope, or a single default config.
     const scopes = config.auth?.apiKeyScopes;
     if (scopes && Object.keys(scopes).length > 0) {
         const apiKeyConfigs = Object.entries(scopes).map(([scopeId, scope]) => ({
@@ -62,11 +54,8 @@ export function createAuth(db, config) {
             },
         }));
     }
-    // API key support can be attached via external plugin package in newer better-auth versions.
     try {
         const auth = betterAuth({
-            // Better Auth's drizzle adapter expects a plain object, not PgDatabase.
-            // Double-cast required — PgDatabase has no index signature.
             database: drizzleAdapter(db.db, {
                 provider: resolveAuthDbProvider(db.provider),
                 schema: authSchema,
@@ -100,7 +89,7 @@ export function createAuth(db, config) {
                 updateAge: 60 * 60 * 24,
                 cookieCache: {
                     enabled: true,
-                    maxAge: 60 * 5, // 5 minute cookie cache for performance
+                    maxAge: 60 * 5,
                 },
             },
             advanced: {
@@ -115,10 +104,8 @@ export function createAuth(db, config) {
                 },
             },
         });
-        // Better Auth's plugin-extended return type is structurally incompatible with
-        // our simplified AuthInstance interface (upstream generic union vs our narrowed shape).
-        // Double-cast is the accepted pattern — same approach used by PayloadCMS.
-        // @see https://github.com/better-auth/better-auth/discussions
+        // The runtime return matches FullBetterAuth structurally — plugins may differ
+        // at runtime (conditional) but the API surface is a superset.
         return auth;
     }
     catch (error) {

package/dist/interfaces/mcp/tools/webhooks.d.ts

@@ -2,8 +2,8 @@ import { z } from "zod";
 import type { ToolDefinition } from "./registry.js";
 export declare const webhooksManage: ToolDefinition<z.ZodObject<{
     action: z.ZodEnum<{
-        delete: "delete";
         create: "create";
+        delete: "delete";
         list: "list";
     }>;
     url: z.ZodOptional<z.ZodString>;

package/dist/interfaces/rest/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/interfaces/rest/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGhD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAezC,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,gCAsD9C"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/interfaces/rest/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGhD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAgBzC,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,gCAmE9C"}

package/dist/interfaces/rest/index.js

@@ -1,5 +1,5 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import { swaggerUI } from "@hono/swagger-ui";
+import { Scalar } from "@scalar/hono-api-reference";
 import { sql } from "drizzle-orm";
 import { catalogRoutes } from "./routes/catalog.js";
 import { inventoryRoutes } from "./routes/inventory.js";
@@ -14,6 +14,7 @@ import { promotionRoutes } from "./routes/promotions.js";
 import { searchRoutes } from "./routes/search.js";
 import { auditRoutes } from "./routes/audit.js";
 import { adminJobRoutes } from "./routes/admin-jobs.js";
+import { customerRoutes } from "./routes/customers.js";
 export function createRestRoutes(kernel) {
     const router = new OpenAPIHono({
         // Standardize Zod validation error responses across all routes
@@ -57,12 +58,22 @@ export function createRestRoutes(kernel) {
     router.route("/pricing", pricingRoutes(kernel));
     router.route("/promotions", promotionRoutes(kernel));
     router.route("/search", searchRoutes(kernel));
+    router.route("/customers", customerRoutes(kernel));
     router.route("/audit", auditRoutes(kernel));
     router.route("/admin", adminJobRoutes(kernel));
-    // Swagger UI — disabled in production unless config.exposeOpenApiSpec is true
+    // API Reference (Scalar) — disabled in production unless config.exposeOpenApiSpec is true
     const exposeSpec = kernel.config.exposeOpenApiSpec ?? (process.env.NODE_ENV !== "production");
     if (exposeSpec) {
-        router.get("/reference", swaggerUI({ url: "/api/doc" }));
+        router.get("/reference", Scalar({
+            url: "/api/doc-ext",
+            theme: "kepler",
+            layout: "modern",
+            darkMode: true,
+            hideModels: true,
+            tagsSorter: "alpha",
+            defaultHttpClient: { targetKey: "js", clientKey: "fetch" },
+            metaData: { title: "UnifiedCommerce API Reference" },
+        }));
     }
     return router;
 }

package/dist/interfaces/rest/routes/customers.d.ts

@@ -0,0 +1,5 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import type { Kernel } from "../../../runtime/kernel.js";
+import { type AppEnv } from "../utils.js";
+export declare function customerRoutes(kernel: Kernel): OpenAPIHono<AppEnv, {}, "/">;
+//# sourceMappingURL=customers.d.ts.map

package/dist/interfaces/rest/routes/customers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"customers.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/rest/routes/customers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAQzD,OAAO,EAAE,KAAK,MAAM,EAAyD,MAAM,aAAa,CAAC;AAEjG,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,gCAkF5C"}

package/dist/interfaces/rest/routes/customers.js

@@ -0,0 +1,74 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { listCustomersRoute, getCustomerRoute, updateCustomerRoute, getCustomerOrdersRoute, getCustomerAddressesRoute, } from "../schemas/customers.js";
+import { mapErrorToResponse, mapErrorToStatus, parsePagination } from "../utils.js";
+export function customerRoutes(kernel) {
+    const router = new OpenAPIHono();
+    // @ts-expect-error -- openapi handler union return type
+    router.openapi(listCustomersRoute, async (c) => {
+        const actor = c.get("actor");
+        const { page, limit } = parsePagination(c.req.query());
+        const result = await kernel.services.customers.list(actor);
+        if (!result.ok)
+            return c.json(mapErrorToResponse(result.error), mapErrorToStatus(result.error));
+        const all = result.value;
+        const total = all.length;
+        const start = (page - 1) * limit;
+        const paged = all.slice(start, start + limit);
+        return c.json({
+            data: paged,
+            meta: {
+                pagination: { page, limit, total, totalPages: Math.ceil(total / limit) },
+            },
+        });
+    });
+    // @ts-expect-error -- openapi handler union return type
+    router.openapi(getCustomerRoute, async (c) => {
+        const { id } = c.req.valid("param");
+        const actor = c.get("actor");
+        const result = await kernel.services.customers.getById(id, actor);
+        if (!result.ok)
+            return c.json(mapErrorToResponse(result.error), mapErrorToStatus(result.error));
+        return c.json({ data: result.value });
+    });
+    // @ts-expect-error -- openapi handler union return type
+    router.openapi(updateCustomerRoute, async (c) => {
+        const { id } = c.req.valid("param");
+        const body = c.req.valid("json");
+        const actor = c.get("actor");
+        // Strip undefined values — exactOptionalPropertyTypes requires omission, not undefined
+        const updates = {};
+        for (const [k, v] of Object.entries(body)) {
+            if (v !== undefined)
+                updates[k] = v;
+        }
+        const result = await kernel.services.customers.update(id, updates, actor);
+        if (!result.ok)
+            return c.json(mapErrorToResponse(result.error), mapErrorToStatus(result.error));
+        return c.json({ data: result.value });
+    });
+    // @ts-expect-error -- openapi handler union return type
+    router.openapi(getCustomerOrdersRoute, async (c) => {
+        const { id } = c.req.valid("param");
+        const actor = c.get("actor");
+        const { page, limit } = parsePagination(c.req.query());
+        const status = c.req.query("status") || undefined;
+        const result = await kernel.services.orders.listByCustomer(id, { page, limit, ...(status ? { status } : {}) }, actor);
+        if (!result.ok)
+            return c.json(mapErrorToResponse(result.error), mapErrorToStatus(result.error));
+        return c.json({ data: result.value.items, meta: { pagination: result.value.pagination } });
+    });
+    // @ts-expect-error -- openapi handler union return type
+    router.openapi(getCustomerAddressesRoute, async (c) => {
+        const { id } = c.req.valid("param");
+        const actor = c.get("actor");
+        // Get customer first, then use their userId for address lookup
+        const customerResult = await kernel.services.customers.getById(id, actor);
+        if (!customerResult.ok)
+            return c.json(mapErrorToResponse(customerResult.error), mapErrorToStatus(customerResult.error));
+        const addressResult = await kernel.services.customers.getAddresses(customerResult.value.userId, actor);
+        if (!addressResult.ok)
+            return c.json(mapErrorToResponse(addressResult.error), mapErrorToStatus(addressResult.error));
+        return c.json({ data: addressResult.value });
+    });
+    return router;
+}

package/dist/interfaces/rest/routes/inventory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"inventory.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/rest/routes/inventory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AASzD,OAAO,EAAE,KAAK,MAAM,EAAwC,MAAM,aAAa,CAAC;AAEhF,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,gCAyD7C"}
+{"version":3,"file":"inventory.d.ts","sourceRoot":"","sources":["../../../../src/interfaces/rest/routes/inventory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAUzD,OAAO,EAAE,KAAK,MAAM,EAAwC,MAAM,aAAa,CAAC;AAEhF,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,gCAyE7C"}

package/dist/interfaces/rest/routes/inventory.js

@@ -1,9 +1,22 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
-import { inventoryAdjustRoute, inventoryReserveRoute, inventoryReleaseRoute, createWarehouseRoute, inventoryCheckRoute, listWarehousesRoute, } from "../schemas/inventory.js";
+import { inventoryAdjustRoute, inventoryReserveRoute, inventoryReleaseRoute, createWarehouseRoute, inventoryCheckRoute, listWarehousesRoute, listInventoryLevelsRoute, } from "../schemas/inventory.js";
 import { mapErrorToResponse, mapErrorToStatus } from "../utils.js";
 export function inventoryRoutes(kernel) {
     const router = new OpenAPIHono();
     // @ts-expect-error -- openapi handler union return type
+    router.openapi(listInventoryLevelsRoute, async (c) => {
+        const actor = c.get("actor");
+        const warehouseId = c.req.query("warehouseId");
+        const entityId = c.req.query("entityId");
+        const result = await kernel.services.inventory.listLevels({
+            ...(warehouseId ? { warehouseId } : {}),
+            ...(entityId ? { entityId } : {}),
+        }, actor);
+        if (!result.ok)
+            return c.json(mapErrorToResponse(result.error), mapErrorToStatus(result.error));
+        return c.json({ data: result.value });
+    });
+    // @ts-expect-error -- openapi handler union return type
     router.openapi(inventoryCheckRoute, async (c) => {
         const entityIds = (c.req.query("entityIds") ?? "")
             .split(",")