npm - @unifiedcommerce/plugin-marketplace - Versions diffs - 0.0.1 - Mend

@unifiedcommerce/plugin-marketplace 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

package/README.md +479 -0
package/dist/analytics-models.d.ts +13 -0
package/dist/analytics-models.d.ts.map +1 -0
package/dist/analytics-models.js +69 -0
package/dist/hooks.d.ts +4 -0
package/dist/hooks.d.ts.map +1 -0
package/dist/hooks.js +187 -0
package/dist/index.d.ts +4 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +105 -0
package/dist/mcp-tools.d.ts +21 -0
package/dist/mcp-tools.d.ts.map +1 -0
package/dist/mcp-tools.js +183 -0
package/dist/routes/b2b.d.ts +9 -0
package/dist/routes/b2b.d.ts.map +1 -0
package/dist/routes/b2b.js +156 -0
package/dist/routes/commission.d.ts +6 -0
package/dist/routes/commission.d.ts.map +1 -0
package/dist/routes/commission.js +85 -0
package/dist/routes/disputes-returns-reviews.d.ts +10 -0
package/dist/routes/disputes-returns-reviews.d.ts.map +1 -0
package/dist/routes/disputes-returns-reviews.js +179 -0
package/dist/routes/payouts.d.ts +6 -0
package/dist/routes/payouts.d.ts.map +1 -0
package/dist/routes/payouts.js +40 -0
package/dist/routes/sub-orders.d.ts +6 -0
package/dist/routes/sub-orders.d.ts.map +1 -0
package/dist/routes/sub-orders.js +44 -0
package/dist/routes/util.d.ts +23 -0
package/dist/routes/util.d.ts.map +1 -0
package/dist/routes/util.js +41 -0
package/dist/routes/vendor-portal.d.ts +14 -0
package/dist/routes/vendor-portal.d.ts.map +1 -0
package/dist/routes/vendor-portal.js +255 -0
package/dist/routes/vendors.d.ts +11 -0
package/dist/routes/vendors.d.ts.map +1 -0
package/dist/routes/vendors.js +185 -0
package/dist/schema.d.ts +3255 -0
package/dist/schema.d.ts.map +1 -0
package/dist/schema.js +225 -0
package/dist/schemas/b2b.d.ts +1009 -0
package/dist/schemas/b2b.d.ts.map +1 -0
package/dist/schemas/b2b.js +208 -0
package/dist/schemas/commission.d.ts +532 -0
package/dist/schemas/commission.d.ts.map +1 -0
package/dist/schemas/commission.js +113 -0
package/dist/schemas/disputes-returns-reviews.d.ts +1405 -0
package/dist/schemas/disputes-returns-reviews.d.ts.map +1 -0
package/dist/schemas/disputes-returns-reviews.js +270 -0
package/dist/schemas/payouts.d.ts +375 -0
package/dist/schemas/payouts.d.ts.map +1 -0
package/dist/schemas/payouts.js +78 -0
package/dist/schemas/sub-orders.d.ts +303 -0
package/dist/schemas/sub-orders.d.ts.map +1 -0
package/dist/schemas/sub-orders.js +67 -0
package/dist/schemas/vendor-portal.d.ts +1785 -0
package/dist/schemas/vendor-portal.d.ts.map +1 -0
package/dist/schemas/vendor-portal.js +294 -0
package/dist/schemas/vendors.d.ts +1348 -0
package/dist/schemas/vendors.d.ts.map +1 -0
package/dist/schemas/vendors.js +245 -0
package/dist/services/commission.d.ts +81 -0
package/dist/services/commission.d.ts.map +1 -0
package/dist/services/commission.js +98 -0
package/dist/services/contract-price.d.ts +64 -0
package/dist/services/contract-price.d.ts.map +1 -0
package/dist/services/contract-price.js +57 -0
package/dist/services/dispute.d.ts +156 -0
package/dist/services/dispute.d.ts.map +1 -0
package/dist/services/dispute.js +77 -0
package/dist/services/payout.d.ts +126 -0
package/dist/services/payout.d.ts.map +1 -0
package/dist/services/payout.js +130 -0
package/dist/services/return.d.ts +181 -0
package/dist/services/return.d.ts.map +1 -0
package/dist/services/return.js +80 -0
package/dist/services/review.d.ts +70 -0
package/dist/services/review.d.ts.map +1 -0
package/dist/services/review.js +60 -0
package/dist/services/rfq.d.ts +122 -0
package/dist/services/rfq.d.ts.map +1 -0
package/dist/services/rfq.js +60 -0
package/dist/services/sub-order.d.ts +336 -0
package/dist/services/sub-order.d.ts.map +1 -0
package/dist/services/sub-order.js +121 -0
package/dist/services/vendor.d.ts +528 -0
package/dist/services/vendor.d.ts.map +1 -0
package/dist/services/vendor.js +119 -0
package/dist/types.d.ts +67 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +13 -0
package/package.json +43 -0
package/src/analytics-models.ts +75 -0
package/src/hooks.ts +215 -0
package/src/index.ts +124 -0
package/src/mcp-tools.ts +210 -0
package/src/routes/b2b.ts +179 -0
package/src/routes/commission.ts +95 -0
package/src/routes/disputes-returns-reviews.ts +209 -0
package/src/routes/payouts.ts +49 -0
package/src/routes/sub-orders.ts +54 -0
package/src/routes/util.ts +42 -0
package/src/routes/vendor-portal.ts +277 -0
package/src/routes/vendors.ts +201 -0
package/src/schema.ts +260 -0
package/src/schemas/b2b.ts +238 -0
package/src/schemas/commission.ts +129 -0
package/src/schemas/disputes-returns-reviews.ts +311 -0
package/src/schemas/payouts.ts +90 -0
package/src/schemas/sub-orders.ts +77 -0
package/src/schemas/vendor-portal.ts +344 -0
package/src/schemas/vendors.ts +281 -0
package/src/services/commission.ts +120 -0
package/src/services/contract-price.ts +80 -0
package/src/services/dispute.ts +92 -0
package/src/services/payout.ts +154 -0
package/src/services/return.ts +92 -0
package/src/services/review.ts +76 -0
package/src/services/rfq.ts +82 -0
package/src/services/sub-order.ts +136 -0
package/src/services/vendor.ts +151 -0
package/src/types.ts +164 -0

package/dist/routes/vendor-portal.js ADDED Viewed

@@ -0,0 +1,255 @@
+import { router } from "@unifiedcommerce/core";
+import { vendorEntities } from "../schema";
+import { eq } from "drizzle-orm";
+import { UpdateVendorProfileBodySchema, UploadVendorDocumentBodySchema, ShipSubOrderBodySchema, CancelSubOrderBodySchema, RespondToReviewBodySchema, ApproveReturnBodySchema, RejectReturnBodySchema, } from "../schemas/vendor-portal";
+import { stripUndefined, stripVendorSecrets } from "./util";
+/** Helper to extract vendorId from actor and throw if missing. */
+function requireVendorId(actor) {
+    const vendorId = actor?.vendorId;
+    if (!vendorId)
+        throw new Error("Forbidden");
+    return vendorId;
+}
+export function buildVendorPortalRoutes(services) {
+    const r = router("Marketplace - Vendor Portal", "/marketplace/vendor/me");
+    // ─── Get my vendor profile ─────────────────────────────────────────────────
+    r.get("/")
+        .summary("Get my vendor profile")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        const vendor = await services.vendor.getById(vendorId);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(vendor);
+    });
+    // ─── Update my vendor profile ──────────────────────────────────────────────
+    r.patch("/")
+        .summary("Update my vendor profile")
+        .auth()
+        .input(UpdateVendorProfileBodySchema)
+        .handler(async ({ actor, input }) => {
+        const vendorId = requireVendorId(actor);
+        const body = input;
+        const updated = await services.vendor.update(vendorId, stripUndefined(body));
+        if (!updated)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(updated);
+    });
+    // ─── Upload document ───────────────────────────────────────────────────────
+    r.post("/documents")
+        .summary("Upload a document for my vendor profile")
+        .auth()
+        .input(UploadVendorDocumentBodySchema)
+        .handler(async ({ actor, input }) => {
+        const vendorId = requireVendorId(actor);
+        const body = input;
+        return services.vendor.uploadDocument(vendorId, {
+            type: body.type,
+            fileUrl: body.fileUrl,
+        });
+    });
+    // ─── List my documents ─────────────────────────────────────────────────────
+    r.get("/documents")
+        .summary("List my vendor documents")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        return services.vendor.listDocuments(vendorId);
+    });
+    // ─── List my products ──────────────────────────────────────────────────────
+    r.get("/products")
+        .summary("List my products")
+        .auth()
+        .handler(async ({ actor, db }) => {
+        const vendorId = requireVendorId(actor);
+        const drizzle = db;
+        const entities = await drizzle
+            .select()
+            .from(vendorEntities)
+            .where(eq(vendorEntities.vendorId, vendorId));
+        return entities;
+    });
+    // ─── List my sub-orders ────────────────────────────────────────────────────
+    r.get("/orders")
+        .summary("List my sub-orders")
+        .auth()
+        .handler(async ({ actor, query }) => {
+        const vendorId = requireVendorId(actor);
+        const status = query.status;
+        return services.subOrder.listByVendor(vendorId, stripUndefined({ status }));
+    });
+    // ─── Get single sub-order ──────────────────────────────────────────────────
+    r.get("/orders/{subOrderId}")
+        .summary("Get a single sub-order")
+        .auth()
+        .handler(async ({ actor, params }) => {
+        const vendorId = requireVendorId(actor);
+        const subOrder = await services.subOrder.getById(params.subOrderId);
+        if (!subOrder)
+            throw new Error("Sub-order not found");
+        if (subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        return subOrder;
+    });
+    // ─── Confirm sub-order ─────────────────────────────────────────────────────
+    r.post("/orders/{subOrderId}/confirm")
+        .summary("Confirm a sub-order")
+        .auth()
+        .handler(async ({ actor, params }) => {
+        const vendorId = requireVendorId(actor);
+        const subOrder = await services.subOrder.getById(params.subOrderId);
+        if (!subOrder)
+            throw new Error("Sub-order not found");
+        if (subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        return services.subOrder.confirm(params.subOrderId);
+    });
+    // ─── Ship sub-order ────────────────────────────────────────────────────────
+    r.post("/orders/{subOrderId}/ship")
+        .summary("Ship a sub-order")
+        .auth()
+        .input(ShipSubOrderBodySchema)
+        .handler(async ({ actor, params, input }) => {
+        const vendorId = requireVendorId(actor);
+        const body = input;
+        const subOrder = await services.subOrder.getById(params.subOrderId);
+        if (!subOrder)
+            throw new Error("Sub-order not found");
+        if (subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        return services.subOrder.ship(params.subOrderId, {
+            trackingNumber: body.trackingNumber,
+            carrier: body.carrier,
+        });
+    });
+    // ─── Deliver sub-order ─────────────────────────────────────────────────────
+    r.post("/orders/{subOrderId}/deliver")
+        .summary("Mark a sub-order as delivered")
+        .auth()
+        .handler(async ({ actor, params }) => {
+        const vendorId = requireVendorId(actor);
+        const subOrder = await services.subOrder.getById(params.subOrderId);
+        if (!subOrder)
+            throw new Error("Sub-order not found");
+        if (subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        return services.subOrder.deliver(params.subOrderId);
+    });
+    // ─── Cancel sub-order ──────────────────────────────────────────────────────
+    r.post("/orders/{subOrderId}/cancel")
+        .summary("Cancel a sub-order")
+        .auth()
+        .input(CancelSubOrderBodySchema)
+        .handler(async ({ actor, params, input }) => {
+        const vendorId = requireVendorId(actor);
+        const body = input;
+        const subOrder = await services.subOrder.getById(params.subOrderId);
+        if (!subOrder)
+            throw new Error("Sub-order not found");
+        if (subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        return services.subOrder.cancel(params.subOrderId, body.reason);
+    });
+    // ─── List my payouts ───────────────────────────────────────────────────────
+    r.get("/payouts")
+        .summary("List my payouts")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        return services.payout.listPayouts({ vendorId });
+    });
+    // ─── My balance ────────────────────────────────────────────────────────────
+    r.get("/balance")
+        .summary("Get my balance")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        const balance = await services.payout.getBalance(vendorId);
+        const ledger = await services.payout.getLedger(vendorId);
+        return { balanceCents: balance, ledger };
+    });
+    // ─── My analytics ──────────────────────────────────────────────────────────
+    r.get("/analytics")
+        .summary("Get my analytics")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        const rating = await services.review.getAggregateRating(vendorId);
+        const balance = await services.payout.getBalance(vendorId);
+        return { rating, balanceCents: balance };
+    });
+    // ─── My reviews ────────────────────────────────────────────────────────────
+    r.get("/reviews")
+        .summary("List my reviews")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        return services.review.getForVendor(vendorId, true);
+    });
+    // ─── Respond to review ─────────────────────────────────────────────────────
+    r.post("/reviews/{id}/respond")
+        .summary("Respond to a review")
+        .auth()
+        .input(RespondToReviewBodySchema)
+        .handler(async ({ actor, params, input }) => {
+        const vendorId = requireVendorId(actor);
+        const body = input;
+        // IDOR prevention: verify the review belongs to this vendor
+        const vendorReviews = await services.review.getForVendor(vendorId, true);
+        const ownsReview = vendorReviews.some((rev) => rev.id === params.id);
+        if (!ownsReview)
+            throw new Error("Forbidden: review does not belong to this vendor");
+        const updated = await services.review.respond(params.id, body.response);
+        if (!updated)
+            throw new Error("Review not found");
+        return updated;
+    });
+    // ─── My returns ────────────────────────────────────────────────────────────
+    r.get("/returns")
+        .summary("List my returns")
+        .auth()
+        .handler(async ({ actor }) => {
+        const vendorId = requireVendorId(actor);
+        return services.return.listByVendor(vendorId);
+    });
+    // ─── Approve return ────────────────────────────────────────────────────────
+    r.post("/returns/{id}/approve")
+        .summary("Approve a return request")
+        .auth()
+        .input(ApproveReturnBodySchema)
+        .handler(async ({ actor, params, input }) => {
+        const vendorId = requireVendorId(actor);
+        const ret = await services.return.getById(params.id);
+        if (!ret)
+            throw new Error("Return not found");
+        const subOrder = await services.subOrder.getById(ret.subOrderId);
+        if (!subOrder || subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        const body = input;
+        const updated = await services.return.vendorApprove(params.id, body.refundAmountCents);
+        if (!updated)
+            throw new Error("Return not found");
+        return updated;
+    });
+    // ─── Reject return ─────────────────────────────────────────────────────────
+    r.post("/returns/{id}/reject")
+        .summary("Reject a return request")
+        .auth()
+        .input(RejectReturnBodySchema)
+        .handler(async ({ actor, params, input }) => {
+        const vendorId = requireVendorId(actor);
+        const ret = await services.return.getById(params.id);
+        if (!ret)
+            throw new Error("Return not found");
+        const subOrder = await services.subOrder.getById(ret.subOrderId);
+        if (!subOrder || subOrder.vendorId !== vendorId)
+            throw new Error("Forbidden");
+        const body = input;
+        const updated = await services.return.vendorReject(params.id, body.notes);
+        if (!updated)
+            throw new Error("Return not found");
+        return updated;
+    });
+    return r.routes();
+}

package/dist/routes/vendors.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { PluginRouteRegistration } from "@unifiedcommerce/core";
+import type { VendorService } from "../services/vendor";
+import type { PayoutService } from "../services/payout";
+import type { ReviewService } from "../services/review";
+import type { MarketplacePluginOptions } from "../types";
+export declare function buildVendorRoutes(services: {
+    vendor: VendorService;
+    payout: PayoutService;
+    review: ReviewService;
+}, options?: MarketplacePluginOptions): PluginRouteRegistration[];
+//# sourceMappingURL=vendors.d.ts.map

package/dist/routes/vendors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vendors.d.ts","sourceRoot":"","sources":["../../src/routes/vendors.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAC;AAUzD,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE;IAC1C,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE,aAAa,CAAC;IACtB,MAAM,EAAE,aAAa,CAAC;CACvB,EAAE,OAAO,CAAC,EAAE,wBAAwB,GAAG,uBAAuB,EAAE,CAoLhE"}

package/dist/routes/vendors.js ADDED Viewed

@@ -0,0 +1,185 @@
+import { router, resolveOrgId } from "@unifiedcommerce/core";
+import { CreateVendorBodySchema, UpdateVendorBodySchema, RejectVendorBodySchema, SuspendVendorBodySchema, UploadDocumentBodySchema, } from "../schemas/vendors";
+import { stripUndefined, stripVendorSecrets } from "./util";
+export function buildVendorRoutes(services, options) {
+    const r = router("Marketplace - Vendors", "/marketplace/vendors");
+    // ─── List vendors ──────────────────────────────────────────────────────────
+    r.get("/")
+        .summary("List all vendors")
+        .permission("marketplace:admin")
+        .handler(async ({ query }) => {
+        const vendors = await services.vendor.list(stripUndefined({
+            status: query.status,
+            tier: query.tier,
+            search: query.search,
+        }));
+        return vendors.map(stripVendorSecrets);
+    });
+    // ─── Create vendor ─────────────────────────────────────────────────────────
+    r.post("/")
+        .summary("Create a vendor")
+        .permission("marketplace:admin")
+        .input(CreateVendorBodySchema)
+        .handler(async ({ input, actor }) => {
+        const body = input;
+        const defaultBps = options?.defaultCommissionRateBps ?? 1000;
+        return services.vendor.create(resolveOrgId(actor), stripUndefined({
+            ...body,
+            commissionRateBps: body.commissionRateBps ?? defaultBps,
+        }));
+    });
+    // ─── Get vendor detail ─────────────────────────────────────────────────────
+    r.get("/{id}")
+        .summary("Get vendor detail")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(vendor);
+    });
+    // ─── Update vendor ─────────────────────────────────────────────────────────
+    r.patch("/{id}")
+        .summary("Update a vendor")
+        .permission("marketplace:admin")
+        .input(UpdateVendorBodySchema)
+        .handler(async ({ params, input }) => {
+        const body = input;
+        const updated = await services.vendor.update(params.id, stripUndefined(body));
+        if (!updated)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(updated);
+    });
+    // ─── Approve vendor ────────────────────────────────────────────────────────
+    r.post("/{id}/approve")
+        .summary("Approve a vendor application")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const approved = await services.vendor.approve(params.id);
+        if (!approved)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(approved);
+    });
+    // ─── Reject vendor ─────────────────────────────────────────────────────────
+    r.post("/{id}/reject")
+        .summary("Reject a vendor application")
+        .permission("marketplace:admin")
+        .input(RejectVendorBodySchema)
+        .handler(async ({ params, input }) => {
+        const body = input;
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const rejected = await services.vendor.reject(params.id, body.reason);
+        if (!rejected)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(rejected);
+    });
+    // ─── Suspend vendor ────────────────────────────────────────────────────────
+    r.post("/{id}/suspend")
+        .summary("Suspend a vendor")
+        .permission("marketplace:admin")
+        .input(SuspendVendorBodySchema)
+        .handler(async ({ params, input }) => {
+        const body = input;
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const suspended = await services.vendor.suspend(params.id, body.reason);
+        if (!suspended)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(suspended);
+    });
+    // ─── Reinstate vendor ──────────────────────────────────────────────────────
+    r.post("/{id}/reinstate")
+        .summary("Reinstate a suspended vendor")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const reinstated = await services.vendor.reinstate(params.id);
+        if (!reinstated)
+            throw new Error("Vendor not found");
+        return stripVendorSecrets(reinstated);
+    });
+    // ─── Upload vendor document ────────────────────────────────────────────────
+    r.post("/{id}/documents")
+        .summary("Upload a vendor document")
+        .permission("marketplace:admin")
+        .input(UploadDocumentBodySchema)
+        .handler(async ({ params, input }) => {
+        const body = input;
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        return services.vendor.uploadDocument(params.id, {
+            type: body.type,
+            fileUrl: body.fileUrl,
+        });
+    });
+    // ─── List vendor documents ─────────────────────────────────────────────────
+    r.get("/{id}/documents")
+        .summary("List vendor documents")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        return services.vendor.listDocuments(params.id);
+    });
+    // ─── Approve document ──────────────────────────────────────────────────────
+    r.post("/{id}/documents/{docId}/approve")
+        .summary("Approve a vendor document")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const updated = await services.vendor.approveDocument(params.docId);
+        if (!updated)
+            throw new Error("Document not found");
+        return updated;
+    });
+    // ─── Reject document ───────────────────────────────────────────────────────
+    r.post("/{id}/documents/{docId}/reject")
+        .summary("Reject a vendor document")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const updated = await services.vendor.rejectDocument(params.docId);
+        if (!updated)
+            throw new Error("Document not found");
+        return updated;
+    });
+    // ─── Vendor balance ────────────────────────────────────────────────────────
+    r.get("/{id}/balance")
+        .summary("Get vendor balance")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const balance = await services.payout.getBalance(params.id);
+        const ledger = await services.payout.getLedger(params.id);
+        return { balanceCents: balance, ledger };
+    });
+    // ─── Vendor performance ────────────────────────────────────────────────────
+    r.get("/{id}/performance")
+        .summary("Get vendor performance metrics")
+        .permission("marketplace:admin")
+        .handler(async ({ params }) => {
+        const vendor = await services.vendor.getById(params.id);
+        if (!vendor)
+            throw new Error("Vendor not found");
+        const rating = await services.review.getAggregateRating(params.id);
+        const balance = await services.payout.getBalance(params.id);
+        return {
+            vendorId: params.id,
+            performanceScore: vendor.performanceScore,
+            tier: vendor.tier,
+            rating,
+            balanceCents: balance,
+        };
+    });
+    return r.routes();
+}