@uniforge/platform-core 0.1.0-alpha.2

package/dist/rbac/index.d.cts

@@ -0,0 +1,140 @@
+/**
+ * Platform-agnostic RBAC types.
+ *
+ * Defines roles, permissions, and shop member types used across
+ * all platform adapters for role-based access control.
+ */
+/** Available roles in descending privilege order. */
+type Role = 'owner' | 'admin' | 'staff' | 'collaborator';
+/** Role hierarchy from highest to lowest privilege. */
+declare const ROLE_HIERARCHY: readonly Role[];
+/** A shop member with role and optional custom permissions. */
+interface ShopMember {
+    id: string;
+    shopDomain: string;
+    userId: number;
+    email: string;
+    role: Role;
+    customPermissions: string[] | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+/** Input for creating or updating a shop member (upsert). */
+interface UpsertShopMemberInput {
+    shopDomain: string;
+    userId: number;
+    email: string;
+    role: Role;
+    customPermissions?: string[];
+}
+/** Input for updating an existing shop member. */
+interface UpdateShopMemberInput {
+    role?: Role;
+    email?: string;
+    customPermissions?: string[];
+}
+/** Maps each role to its default set of permissions. */
+type RolePermissionMap = Record<Role, string[]>;
+
+/**
+ * Platform-agnostic RBAC service interface.
+ *
+ * Defines the contract for managing shop members and checking
+ * permissions. Core RBAC service provides the Prisma-backed
+ * implementation.
+ */
+
+/** Core RBAC service for member management and permission checks. */
+interface RBACService {
+    /** Create or update a shop member (upsert by shopDomain + userId). */
+    upsertMember(input: UpsertShopMemberInput): Promise<ShopMember>;
+    /** Get a shop member by shop domain and user ID. */
+    getMember(shopDomain: string, userId: number): Promise<ShopMember | null>;
+    /** List all members for a shop. */
+    listMembers(shopDomain: string): Promise<ShopMember[]>;
+    /** Update an existing shop member's role or permissions. */
+    updateMember(shopDomain: string, userId: number, input: UpdateShopMemberInput): Promise<ShopMember>;
+    /** Remove a shop member. */
+    removeMember(shopDomain: string, userId: number): Promise<void>;
+    /** Check if a member has a specific permission. */
+    hasPermission(shopDomain: string, userId: number, permission: string): Promise<boolean>;
+    /** Get the effective permissions for a member (role defaults + custom). */
+    getEffectivePermissions(shopDomain: string, userId: number): Promise<string[]>;
+    /** Check if a role meets a minimum required role level. */
+    isRoleAtLeast(role: Role, minimumRole: Role): boolean;
+}
+
+/**
+ * RBAC middleware interfaces for route-level permission enforcement.
+ *
+ * Sits after AuthMiddleware and TenantMiddleware in the chain,
+ * enforcing role-based access on protected routes.
+ */
+
+/** Maps a route pattern + HTTP method to a required permission. */
+interface RoutePermission {
+    /** Glob pattern for the route path (e.g., '/api/products/**'). */
+    pattern: string;
+    /** HTTP method to match (e.g., 'GET', 'POST'). Use '*' for all methods. */
+    method: string;
+    /** The permission string required to access this route. */
+    permission: string;
+}
+/** Configuration for the RBAC middleware. */
+interface RBACMiddlewareConfig {
+    /** Route permission rules to enforce. */
+    routes: RoutePermission[];
+    /** Function to look up a shop member by domain and user ID. */
+    getMember: (shopDomain: string, userId: number) => Promise<{
+        role: Role;
+        customPermissions: string[] | null;
+    } | null>;
+    /** Whether to auto-provision account owners as 'owner' role. Defaults to true. */
+    autoProvisionOwner?: boolean;
+    /** Callback for auto-provisioning a new owner member. */
+    onAutoProvision?: (shopDomain: string, userId: number, email: string) => Promise<void>;
+}
+/** RBAC authorization result when access is granted. */
+interface RBACResultGranted {
+    type: 'granted';
+    role: Role;
+    permission: string;
+}
+/** RBAC authorization result when access is denied. */
+interface RBACResultDenied {
+    type: 'denied';
+    role: Role | null;
+    permission: string;
+    reason: string;
+}
+/** RBAC authorization result when check is skipped (e.g., offline session). */
+interface RBACResultSkipped {
+    type: 'skipped';
+    reason: string;
+}
+/** Discriminated union of RBAC authorization results. */
+type RBACResult = RBACResultGranted | RBACResultDenied | RBACResultSkipped;
+/** User identity extracted from the authenticated session. */
+interface SessionUser {
+    userId: number;
+    email: string;
+    isAccountOwner: boolean;
+}
+/** RBAC middleware for route-level permission checks. */
+interface RBACMiddleware {
+    /** Authorize a request against configured route permissions. */
+    authorize(input: {
+        url: string;
+        method: string;
+        shopDomain: string;
+        user: SessionUser | null;
+    }): Promise<RBACResult>;
+}
+/** Error thrown when a permission check fails. */
+declare class PermissionDeniedError extends Error {
+    readonly permission: string;
+    readonly role: Role | null;
+    constructor(permission: string, role: Role | null);
+}
+
+export { PermissionDeniedError, type RBACMiddleware, type RBACMiddlewareConfig, type RBACResult, type RBACResultDenied, type RBACResultGranted, type RBACResultSkipped, type RBACService, ROLE_HIERARCHY, type Role, type RolePermissionMap, type RoutePermission, type SessionUser, type ShopMember, type UpdateShopMemberInput, type UpsertShopMemberInput };

package/dist/rbac/index.d.ts

@@ -0,0 +1,140 @@
+/**
+ * Platform-agnostic RBAC types.
+ *
+ * Defines roles, permissions, and shop member types used across
+ * all platform adapters for role-based access control.
+ */
+/** Available roles in descending privilege order. */
+type Role = 'owner' | 'admin' | 'staff' | 'collaborator';
+/** Role hierarchy from highest to lowest privilege. */
+declare const ROLE_HIERARCHY: readonly Role[];
+/** A shop member with role and optional custom permissions. */
+interface ShopMember {
+    id: string;
+    shopDomain: string;
+    userId: number;
+    email: string;
+    role: Role;
+    customPermissions: string[] | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+/** Input for creating or updating a shop member (upsert). */
+interface UpsertShopMemberInput {
+    shopDomain: string;
+    userId: number;
+    email: string;
+    role: Role;
+    customPermissions?: string[];
+}
+/** Input for updating an existing shop member. */
+interface UpdateShopMemberInput {
+    role?: Role;
+    email?: string;
+    customPermissions?: string[];
+}
+/** Maps each role to its default set of permissions. */
+type RolePermissionMap = Record<Role, string[]>;
+
+/**
+ * Platform-agnostic RBAC service interface.
+ *
+ * Defines the contract for managing shop members and checking
+ * permissions. Core RBAC service provides the Prisma-backed
+ * implementation.
+ */
+
+/** Core RBAC service for member management and permission checks. */
+interface RBACService {
+    /** Create or update a shop member (upsert by shopDomain + userId). */
+    upsertMember(input: UpsertShopMemberInput): Promise<ShopMember>;
+    /** Get a shop member by shop domain and user ID. */
+    getMember(shopDomain: string, userId: number): Promise<ShopMember | null>;
+    /** List all members for a shop. */
+    listMembers(shopDomain: string): Promise<ShopMember[]>;
+    /** Update an existing shop member's role or permissions. */
+    updateMember(shopDomain: string, userId: number, input: UpdateShopMemberInput): Promise<ShopMember>;
+    /** Remove a shop member. */
+    removeMember(shopDomain: string, userId: number): Promise<void>;
+    /** Check if a member has a specific permission. */
+    hasPermission(shopDomain: string, userId: number, permission: string): Promise<boolean>;
+    /** Get the effective permissions for a member (role defaults + custom). */
+    getEffectivePermissions(shopDomain: string, userId: number): Promise<string[]>;
+    /** Check if a role meets a minimum required role level. */
+    isRoleAtLeast(role: Role, minimumRole: Role): boolean;
+}
+
+/**
+ * RBAC middleware interfaces for route-level permission enforcement.
+ *
+ * Sits after AuthMiddleware and TenantMiddleware in the chain,
+ * enforcing role-based access on protected routes.
+ */
+
+/** Maps a route pattern + HTTP method to a required permission. */
+interface RoutePermission {
+    /** Glob pattern for the route path (e.g., '/api/products/**'). */
+    pattern: string;
+    /** HTTP method to match (e.g., 'GET', 'POST'). Use '*' for all methods. */
+    method: string;
+    /** The permission string required to access this route. */
+    permission: string;
+}
+/** Configuration for the RBAC middleware. */
+interface RBACMiddlewareConfig {
+    /** Route permission rules to enforce. */
+    routes: RoutePermission[];
+    /** Function to look up a shop member by domain and user ID. */
+    getMember: (shopDomain: string, userId: number) => Promise<{
+        role: Role;
+        customPermissions: string[] | null;
+    } | null>;
+    /** Whether to auto-provision account owners as 'owner' role. Defaults to true. */
+    autoProvisionOwner?: boolean;
+    /** Callback for auto-provisioning a new owner member. */
+    onAutoProvision?: (shopDomain: string, userId: number, email: string) => Promise<void>;
+}
+/** RBAC authorization result when access is granted. */
+interface RBACResultGranted {
+    type: 'granted';
+    role: Role;
+    permission: string;
+}
+/** RBAC authorization result when access is denied. */
+interface RBACResultDenied {
+    type: 'denied';
+    role: Role | null;
+    permission: string;
+    reason: string;
+}
+/** RBAC authorization result when check is skipped (e.g., offline session). */
+interface RBACResultSkipped {
+    type: 'skipped';
+    reason: string;
+}
+/** Discriminated union of RBAC authorization results. */
+type RBACResult = RBACResultGranted | RBACResultDenied | RBACResultSkipped;
+/** User identity extracted from the authenticated session. */
+interface SessionUser {
+    userId: number;
+    email: string;
+    isAccountOwner: boolean;
+}
+/** RBAC middleware for route-level permission checks. */
+interface RBACMiddleware {
+    /** Authorize a request against configured route permissions. */
+    authorize(input: {
+        url: string;
+        method: string;
+        shopDomain: string;
+        user: SessionUser | null;
+    }): Promise<RBACResult>;
+}
+/** Error thrown when a permission check fails. */
+declare class PermissionDeniedError extends Error {
+    readonly permission: string;
+    readonly role: Role | null;
+    constructor(permission: string, role: Role | null);
+}
+
+export { PermissionDeniedError, type RBACMiddleware, type RBACMiddlewareConfig, type RBACResult, type RBACResultDenied, type RBACResultGranted, type RBACResultSkipped, type RBACService, ROLE_HIERARCHY, type Role, type RolePermissionMap, type RoutePermission, type SessionUser, type ShopMember, type UpdateShopMemberInput, type UpsertShopMemberInput };

package/dist/rbac/index.js

@@ -0,0 +1,55 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/rbac/index.ts
+var rbac_exports = {};
+__export(rbac_exports, {
+  PermissionDeniedError: () => PermissionDeniedError,
+  ROLE_HIERARCHY: () => ROLE_HIERARCHY
+});
+module.exports = __toCommonJS(rbac_exports);
+
+// src/rbac/types.ts
+var ROLE_HIERARCHY = [
+  "owner",
+  "admin",
+  "staff",
+  "collaborator"
+];
+
+// src/rbac/middleware.ts
+var PermissionDeniedError = class extends Error {
+  permission;
+  role;
+  constructor(permission, role) {
+    const roleInfo = role ? `role "${role}"` : "unknown role";
+    super(
+      `Permission "${permission}" denied for ${roleInfo}`
+    );
+    this.name = "PermissionDeniedError";
+    this.permission = permission;
+    this.role = role;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PermissionDeniedError,
+  ROLE_HIERARCHY
+});
+//# sourceMappingURL=index.js.map

package/dist/rbac/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/index.ts","../../src/rbac/types.ts","../../src/rbac/middleware.ts"],"sourcesContent":["/**\n * @uniforge/platform-core/rbac\n *\n * Platform-agnostic RBAC interfaces for role-based access control,\n * shop member management, and route-level permission enforcement.\n */\n\nexport type {\n  Role,\n  ShopMember,\n  UpsertShopMemberInput,\n  UpdateShopMemberInput,\n  RolePermissionMap,\n} from './types.js';\n\nexport { ROLE_HIERARCHY } from './types.js';\n\nexport type { RBACService } from './service.js';\n\nexport type {\n  RoutePermission,\n  RBACMiddlewareConfig,\n  RBACResultGranted,\n  RBACResultDenied,\n  RBACResultSkipped,\n  RBACResult,\n  SessionUser,\n  RBACMiddleware,\n} from './middleware.js';\n\nexport { PermissionDeniedError } from './middleware.js';\n","/**\n * Platform-agnostic RBAC types.\n *\n * Defines roles, permissions, and shop member types used across\n * all platform adapters for role-based access control.\n */\n\n/** Available roles in descending privilege order. */\nexport type Role = 'owner' | 'admin' | 'staff' | 'collaborator';\n\n/** Role hierarchy from highest to lowest privilege. */\nexport const ROLE_HIERARCHY: readonly Role[] = [\n  'owner',\n  'admin',\n  'staff',\n  'collaborator',\n] as const;\n\n/** A shop member with role and optional custom permissions. */\nexport interface ShopMember {\n  id: string;\n  shopDomain: string;\n  userId: number;\n  email: string;\n  role: Role;\n  customPermissions: string[] | null;\n  createdAt: Date;\n  updatedAt: Date;\n}\n\n/** Input for creating or updating a shop member (upsert). */\nexport interface UpsertShopMemberInput {\n  shopDomain: string;\n  userId: number;\n  email: string;\n  role: Role;\n  customPermissions?: string[];\n}\n\n/** Input for updating an existing shop member. */\nexport interface UpdateShopMemberInput {\n  role?: Role;\n  email?: string;\n  customPermissions?: string[];\n}\n\n/** Maps each role to its default set of permissions. */\nexport type RolePermissionMap = Record<Role, string[]>;\n","/**\n * RBAC middleware interfaces for route-level permission enforcement.\n *\n * Sits after AuthMiddleware and TenantMiddleware in the chain,\n * enforcing role-based access on protected routes.\n */\n\nimport type { Role } from './types.js';\n\n/** Maps a route pattern + HTTP method to a required permission. */\nexport interface RoutePermission {\n  /** Glob pattern for the route path (e.g., '/api/products/**'). */\n  pattern: string;\n  /** HTTP method to match (e.g., 'GET', 'POST'). Use '*' for all methods. */\n  method: string;\n  /** The permission string required to access this route. */\n  permission: string;\n}\n\n/** Configuration for the RBAC middleware. */\nexport interface RBACMiddlewareConfig {\n  /** Route permission rules to enforce. */\n  routes: RoutePermission[];\n  /** Function to look up a shop member by domain and user ID. */\n  getMember: (shopDomain: string, userId: number) => Promise<{\n    role: Role;\n    customPermissions: string[] | null;\n  } | null>;\n  /** Whether to auto-provision account owners as 'owner' role. Defaults to true. */\n  autoProvisionOwner?: boolean;\n  /** Callback for auto-provisioning a new owner member. */\n  onAutoProvision?: (shopDomain: string, userId: number, email: string) => Promise<void>;\n}\n\n/** RBAC authorization result when access is granted. */\nexport interface RBACResultGranted {\n  type: 'granted';\n  role: Role;\n  permission: string;\n}\n\n/** RBAC authorization result when access is denied. */\nexport interface RBACResultDenied {\n  type: 'denied';\n  role: Role | null;\n  permission: string;\n  reason: string;\n}\n\n/** RBAC authorization result when check is skipped (e.g., offline session). */\nexport interface RBACResultSkipped {\n  type: 'skipped';\n  reason: string;\n}\n\n/** Discriminated union of RBAC authorization results. */\nexport type RBACResult = RBACResultGranted | RBACResultDenied | RBACResultSkipped;\n\n/** User identity extracted from the authenticated session. */\nexport interface SessionUser {\n  userId: number;\n  email: string;\n  isAccountOwner: boolean;\n}\n\n/** RBAC middleware for route-level permission checks. */\nexport interface RBACMiddleware {\n  /** Authorize a request against configured route permissions. */\n  authorize(input: {\n    url: string;\n    method: string;\n    shopDomain: string;\n    user: SessionUser | null;\n  }): Promise<RBACResult>;\n}\n\n/** Error thrown when a permission check fails. */\nexport class PermissionDeniedError extends Error {\n  public readonly permission: string;\n  public readonly role: Role | null;\n\n  constructor(permission: string, role: Role | null) {\n    const roleInfo = role ? `role \"${role}\"` : 'unknown role';\n    super(\n      `Permission \"${permission}\" denied for ${roleInfo}`,\n    );\n    this.name = 'PermissionDeniedError';\n    this.permission = permission;\n    this.role = role;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACWO,IAAM,iBAAkC;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC6DO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/B;AAAA,EACA;AAAA,EAEhB,YAAY,YAAoB,MAAmB;AACjD,UAAM,WAAW,OAAO,SAAS,IAAI,MAAM;AAC3C;AAAA,MACE,eAAe,UAAU,gBAAgB,QAAQ;AAAA,IACnD;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}

package/dist/rbac/index.mjs

@@ -0,0 +1,27 @@
+// src/rbac/types.ts
+var ROLE_HIERARCHY = [
+  "owner",
+  "admin",
+  "staff",
+  "collaborator"
+];
+
+// src/rbac/middleware.ts
+var PermissionDeniedError = class extends Error {
+  permission;
+  role;
+  constructor(permission, role) {
+    const roleInfo = role ? `role "${role}"` : "unknown role";
+    super(
+      `Permission "${permission}" denied for ${roleInfo}`
+    );
+    this.name = "PermissionDeniedError";
+    this.permission = permission;
+    this.role = role;
+  }
+};
+export {
+  PermissionDeniedError,
+  ROLE_HIERARCHY
+};
+//# sourceMappingURL=index.mjs.map

package/dist/rbac/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/types.ts","../../src/rbac/middleware.ts"],"sourcesContent":["/**\n * Platform-agnostic RBAC types.\n *\n * Defines roles, permissions, and shop member types used across\n * all platform adapters for role-based access control.\n */\n\n/** Available roles in descending privilege order. */\nexport type Role = 'owner' | 'admin' | 'staff' | 'collaborator';\n\n/** Role hierarchy from highest to lowest privilege. */\nexport const ROLE_HIERARCHY: readonly Role[] = [\n  'owner',\n  'admin',\n  'staff',\n  'collaborator',\n] as const;\n\n/** A shop member with role and optional custom permissions. */\nexport interface ShopMember {\n  id: string;\n  shopDomain: string;\n  userId: number;\n  email: string;\n  role: Role;\n  customPermissions: string[] | null;\n  createdAt: Date;\n  updatedAt: Date;\n}\n\n/** Input for creating or updating a shop member (upsert). */\nexport interface UpsertShopMemberInput {\n  shopDomain: string;\n  userId: number;\n  email: string;\n  role: Role;\n  customPermissions?: string[];\n}\n\n/** Input for updating an existing shop member. */\nexport interface UpdateShopMemberInput {\n  role?: Role;\n  email?: string;\n  customPermissions?: string[];\n}\n\n/** Maps each role to its default set of permissions. */\nexport type RolePermissionMap = Record<Role, string[]>;\n","/**\n * RBAC middleware interfaces for route-level permission enforcement.\n *\n * Sits after AuthMiddleware and TenantMiddleware in the chain,\n * enforcing role-based access on protected routes.\n */\n\nimport type { Role } from './types.js';\n\n/** Maps a route pattern + HTTP method to a required permission. */\nexport interface RoutePermission {\n  /** Glob pattern for the route path (e.g., '/api/products/**'). */\n  pattern: string;\n  /** HTTP method to match (e.g., 'GET', 'POST'). Use '*' for all methods. */\n  method: string;\n  /** The permission string required to access this route. */\n  permission: string;\n}\n\n/** Configuration for the RBAC middleware. */\nexport interface RBACMiddlewareConfig {\n  /** Route permission rules to enforce. */\n  routes: RoutePermission[];\n  /** Function to look up a shop member by domain and user ID. */\n  getMember: (shopDomain: string, userId: number) => Promise<{\n    role: Role;\n    customPermissions: string[] | null;\n  } | null>;\n  /** Whether to auto-provision account owners as 'owner' role. Defaults to true. */\n  autoProvisionOwner?: boolean;\n  /** Callback for auto-provisioning a new owner member. */\n  onAutoProvision?: (shopDomain: string, userId: number, email: string) => Promise<void>;\n}\n\n/** RBAC authorization result when access is granted. */\nexport interface RBACResultGranted {\n  type: 'granted';\n  role: Role;\n  permission: string;\n}\n\n/** RBAC authorization result when access is denied. */\nexport interface RBACResultDenied {\n  type: 'denied';\n  role: Role | null;\n  permission: string;\n  reason: string;\n}\n\n/** RBAC authorization result when check is skipped (e.g., offline session). */\nexport interface RBACResultSkipped {\n  type: 'skipped';\n  reason: string;\n}\n\n/** Discriminated union of RBAC authorization results. */\nexport type RBACResult = RBACResultGranted | RBACResultDenied | RBACResultSkipped;\n\n/** User identity extracted from the authenticated session. */\nexport interface SessionUser {\n  userId: number;\n  email: string;\n  isAccountOwner: boolean;\n}\n\n/** RBAC middleware for route-level permission checks. */\nexport interface RBACMiddleware {\n  /** Authorize a request against configured route permissions. */\n  authorize(input: {\n    url: string;\n    method: string;\n    shopDomain: string;\n    user: SessionUser | null;\n  }): Promise<RBACResult>;\n}\n\n/** Error thrown when a permission check fails. */\nexport class PermissionDeniedError extends Error {\n  public readonly permission: string;\n  public readonly role: Role | null;\n\n  constructor(permission: string, role: Role | null) {\n    const roleInfo = role ? `role \"${role}\"` : 'unknown role';\n    super(\n      `Permission \"${permission}\" denied for ${roleInfo}`,\n    );\n    this.name = 'PermissionDeniedError';\n    this.permission = permission;\n    this.role = role;\n  }\n}\n"],"mappings":";AAWO,IAAM,iBAAkC;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;AC6DO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/B;AAAA,EACA;AAAA,EAEhB,YAAY,YAAoB,MAAmB;AACjD,UAAM,WAAW,OAAO,SAAS,IAAI,MAAM;AAC3C;AAAA,MACE,eAAe,UAAU,gBAAgB,QAAQ;AAAA,IACnD;AACA,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,OAAO;AAAA,EACd;AACF;","names":[]}

package/dist/registry-efvajmOd.d.cts

@@ -0,0 +1,118 @@
+/**
+ * Platform abstraction core types.
+ */
+/** Unique identifier for a platform (e.g., 'shopify', 'woocommerce') */
+type PlatformId = string;
+/** Basic platform information */
+interface PlatformInfo {
+    readonly id: PlatformId;
+    readonly name: string;
+    readonly version: string;
+    readonly description: string;
+}
+/** Platform-specific configuration passed to the provider */
+interface PlatformConfig {
+    platformId: PlatformId;
+    [key: string]: unknown;
+}
+/** Result of platform configuration validation */
+interface PlatformValidationResult {
+    valid: boolean;
+    errors: PlatformValidationError[];
+}
+interface PlatformValidationError {
+    field: string;
+    message: string;
+    code: string;
+}
+
+/**
+ * Platform capability detection types.
+ *
+ * Declares what features each platform adapter supports,
+ * enabling graceful feature degradation.
+ */
+interface AuthCapabilities {
+    tokenExchange: boolean;
+    oauth: boolean;
+    apiKeys: boolean;
+    sessionManagement: boolean;
+}
+interface BillingCapabilities {
+    subscriptions: boolean;
+    oneTimeCharges: boolean;
+    usageBased: boolean;
+    trialSupport: boolean;
+}
+interface WebhookCapabilities {
+    supported: boolean;
+    verificationMethod: 'hmac' | 'signature' | 'none';
+    supportsRegistration: boolean;
+}
+interface GraphQLCapabilities {
+    supported: boolean;
+    rateLimiting: boolean;
+    caching: boolean;
+}
+interface CommerceCapabilities {
+    products: boolean;
+    orders: boolean;
+    customers: boolean;
+    inventory: boolean;
+}
+/** Full capability declaration for a platform adapter */
+interface PlatformCapabilities {
+    auth: AuthCapabilities;
+    billing: BillingCapabilities;
+    webhooks: WebhookCapabilities;
+    graphql: GraphQLCapabilities;
+    rbac: boolean;
+    multiStore: boolean;
+    commerce: CommerceCapabilities;
+}
+/** Default capabilities for platforms that don't declare specific support */
+declare const DEFAULT_CAPABILITIES: PlatformCapabilities;
+
+/**
+ * PlatformProvider interface — the main entry point for platform adapters.
+ *
+ * Extends the existing PlatformAdapter with capability detection
+ * and config validation. Each platform adapter (Shopify, WooCommerce, etc.)
+ * implements this interface.
+ */
+
+interface PlatformProvider extends PlatformInfo {
+    /** Get the full capabilities of this platform adapter */
+    getCapabilities(): PlatformCapabilities;
+    /** Validate platform-specific configuration */
+    validateConfig(config: PlatformConfig): PlatformValidationResult;
+    /** Check if the platform supports a specific capability category */
+    supportsAuth(): boolean;
+    supportsBilling(): boolean;
+    supportsWebhooks(): boolean;
+    supportsGraphQL(): boolean;
+    supportsRBAC(): boolean;
+    supportsMultiStore(): boolean;
+    supportsCommerce(): boolean;
+}
+
+/**
+ * PlatformRegistry interface — manages registered platform adapters.
+ *
+ * Allows registering, retrieving, and listing available platform providers.
+ */
+
+interface PlatformRegistry {
+    /** Register a platform provider */
+    register(provider: PlatformProvider): void;
+    /** Get a platform provider by ID */
+    get(platformId: PlatformId): PlatformProvider | undefined;
+    /** Check if a platform is registered */
+    has(platformId: PlatformId): boolean;
+    /** List all registered platform IDs */
+    list(): PlatformId[];
+    /** Get all registered providers */
+    getAll(): PlatformProvider[];
+}
+
+export { type AuthCapabilities as A, type BillingCapabilities as B, type CommerceCapabilities as C, DEFAULT_CAPABILITIES as D, type GraphQLCapabilities as G, type PlatformProvider as P, type WebhookCapabilities as W, type PlatformRegistry as a, type PlatformCapabilities as b, type PlatformId as c, type PlatformInfo as d, type PlatformConfig as e, type PlatformValidationResult as f, type PlatformValidationError as g };

package/dist/registry-efvajmOd.d.ts

@@ -0,0 +1,118 @@
+/**
+ * Platform abstraction core types.
+ */
+/** Unique identifier for a platform (e.g., 'shopify', 'woocommerce') */
+type PlatformId = string;
+/** Basic platform information */
+interface PlatformInfo {
+    readonly id: PlatformId;
+    readonly name: string;
+    readonly version: string;
+    readonly description: string;
+}
+/** Platform-specific configuration passed to the provider */
+interface PlatformConfig {
+    platformId: PlatformId;
+    [key: string]: unknown;
+}
+/** Result of platform configuration validation */
+interface PlatformValidationResult {
+    valid: boolean;
+    errors: PlatformValidationError[];
+}
+interface PlatformValidationError {
+    field: string;
+    message: string;
+    code: string;
+}
+
+/**
+ * Platform capability detection types.
+ *
+ * Declares what features each platform adapter supports,
+ * enabling graceful feature degradation.
+ */
+interface AuthCapabilities {
+    tokenExchange: boolean;
+    oauth: boolean;
+    apiKeys: boolean;
+    sessionManagement: boolean;
+}
+interface BillingCapabilities {
+    subscriptions: boolean;
+    oneTimeCharges: boolean;
+    usageBased: boolean;
+    trialSupport: boolean;
+}
+interface WebhookCapabilities {
+    supported: boolean;
+    verificationMethod: 'hmac' | 'signature' | 'none';
+    supportsRegistration: boolean;
+}
+interface GraphQLCapabilities {
+    supported: boolean;
+    rateLimiting: boolean;
+    caching: boolean;
+}
+interface CommerceCapabilities {
+    products: boolean;
+    orders: boolean;
+    customers: boolean;
+    inventory: boolean;
+}
+/** Full capability declaration for a platform adapter */
+interface PlatformCapabilities {
+    auth: AuthCapabilities;
+    billing: BillingCapabilities;
+    webhooks: WebhookCapabilities;
+    graphql: GraphQLCapabilities;
+    rbac: boolean;
+    multiStore: boolean;
+    commerce: CommerceCapabilities;
+}
+/** Default capabilities for platforms that don't declare specific support */
+declare const DEFAULT_CAPABILITIES: PlatformCapabilities;
+
+/**
+ * PlatformProvider interface — the main entry point for platform adapters.
+ *
+ * Extends the existing PlatformAdapter with capability detection
+ * and config validation. Each platform adapter (Shopify, WooCommerce, etc.)
+ * implements this interface.
+ */
+
+interface PlatformProvider extends PlatformInfo {
+    /** Get the full capabilities of this platform adapter */
+    getCapabilities(): PlatformCapabilities;
+    /** Validate platform-specific configuration */
+    validateConfig(config: PlatformConfig): PlatformValidationResult;
+    /** Check if the platform supports a specific capability category */
+    supportsAuth(): boolean;
+    supportsBilling(): boolean;
+    supportsWebhooks(): boolean;
+    supportsGraphQL(): boolean;
+    supportsRBAC(): boolean;
+    supportsMultiStore(): boolean;
+    supportsCommerce(): boolean;
+}
+
+/**
+ * PlatformRegistry interface — manages registered platform adapters.
+ *
+ * Allows registering, retrieving, and listing available platform providers.
+ */
+
+interface PlatformRegistry {
+    /** Register a platform provider */
+    register(provider: PlatformProvider): void;
+    /** Get a platform provider by ID */
+    get(platformId: PlatformId): PlatformProvider | undefined;
+    /** Check if a platform is registered */
+    has(platformId: PlatformId): boolean;
+    /** List all registered platform IDs */
+    list(): PlatformId[];
+    /** Get all registered providers */
+    getAll(): PlatformProvider[];
+}
+
+export { type AuthCapabilities as A, type BillingCapabilities as B, type CommerceCapabilities as C, DEFAULT_CAPABILITIES as D, type GraphQLCapabilities as G, type PlatformProvider as P, type WebhookCapabilities as W, type PlatformRegistry as a, type PlatformCapabilities as b, type PlatformId as c, type PlatformInfo as d, type PlatformConfig as e, type PlatformValidationResult as f, type PlatformValidationError as g };