@uniforge/portal 0.1.0-alpha.2

package/dist/auth/index.d.cts

@@ -0,0 +1,104 @@
+/**
+ * Portal authentication and authorization types.
+ */
+type PortalRole = 'owner' | 'admin' | 'developer' | 'viewer';
+interface PortalUser {
+    id: string;
+    email: string;
+    name: string;
+    role: PortalRole;
+    avatarUrl?: string;
+    teamId?: string;
+}
+interface PortalTeam {
+    id: string;
+    name: string;
+    memberCount: number;
+}
+interface PortalContext {
+    user: PortalUser;
+    team: PortalTeam;
+    permissions: string[];
+}
+interface PortalSessionData {
+    userId: string;
+    email: string;
+    role: PortalRole;
+    teamId: string;
+    createdAt: number;
+    expiresAt: number;
+}
+
+/**
+ * Portal permission definitions and role-based access mappings.
+ */
+
+declare const PORTAL_PERMISSIONS: {
+    readonly 'dashboard.view': "dashboard.view";
+    readonly 'merchants.view': "merchants.view";
+    readonly 'merchants.manage': "merchants.manage";
+    readonly 'settings.view': "settings.view";
+    readonly 'settings.manage': "settings.manage";
+    readonly 'team.view': "team.view";
+    readonly 'team.manage': "team.manage";
+    readonly 'billing.view': "billing.view";
+    readonly 'billing.manage': "billing.manage";
+    readonly 'webhooks.view': "webhooks.view";
+    readonly 'api.view': "api.view";
+};
+declare const ROLE_PERMISSIONS: Record<PortalRole, readonly string[]>;
+declare function getPermissionsForRole(role: PortalRole): string[];
+declare function hasPermission(role: PortalRole, permission: string): boolean;
+
+/**
+ * Portal session store interface and in-memory implementation.
+ */
+
+interface PortalSessionStore {
+    get(sessionId: string): Promise<PortalSessionData | null>;
+    set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+declare class InMemoryPortalSessionStore implements PortalSessionStore {
+    private readonly store;
+    get(sessionId: string): Promise<PortalSessionData | null>;
+    set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+
+/**
+ * Developer authentication service for portal access.
+ */
+
+interface PortalAuthConfig {
+    validateApiKey: (apiKey: string) => Promise<PortalUser | null>;
+    sessionStore: PortalSessionStore;
+    getTeam: (teamId: string) => Promise<PortalTeam | null>;
+    getUser: (userId: string) => Promise<PortalUser | null>;
+}
+declare class DeveloperAuthService {
+    private readonly config;
+    constructor(config: PortalAuthConfig);
+    authenticate(token: string): Promise<PortalUser | null>;
+    validateApiKey(apiKey: string): Promise<PortalUser | null>;
+    getPortalContext(userId: string): Promise<PortalContext | null>;
+}
+
+/**
+ * Permission guard for portal access control.
+ */
+
+declare class PermissionGuardError extends Error {
+    readonly requiredPermission: string;
+    constructor(permission: string);
+}
+declare class PermissionGuard {
+    requirePermission(context: PortalContext, permission: string): void;
+    requireAnyPermission(context: PortalContext, permissions: string[]): void;
+    requireAllPermissions(context: PortalContext, permissions: string[]): void;
+    canAccess(context: PortalContext, permission: string): boolean;
+}
+
+export { DeveloperAuthService, InMemoryPortalSessionStore, PORTAL_PERMISSIONS, PermissionGuard, PermissionGuardError, type PortalAuthConfig, type PortalContext, type PortalRole, type PortalSessionData, type PortalSessionStore, type PortalTeam, type PortalUser, ROLE_PERMISSIONS, getPermissionsForRole, hasPermission };

package/dist/auth/index.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Portal authentication and authorization types.
+ */
+type PortalRole = 'owner' | 'admin' | 'developer' | 'viewer';
+interface PortalUser {
+    id: string;
+    email: string;
+    name: string;
+    role: PortalRole;
+    avatarUrl?: string;
+    teamId?: string;
+}
+interface PortalTeam {
+    id: string;
+    name: string;
+    memberCount: number;
+}
+interface PortalContext {
+    user: PortalUser;
+    team: PortalTeam;
+    permissions: string[];
+}
+interface PortalSessionData {
+    userId: string;
+    email: string;
+    role: PortalRole;
+    teamId: string;
+    createdAt: number;
+    expiresAt: number;
+}
+
+/**
+ * Portal permission definitions and role-based access mappings.
+ */
+
+declare const PORTAL_PERMISSIONS: {
+    readonly 'dashboard.view': "dashboard.view";
+    readonly 'merchants.view': "merchants.view";
+    readonly 'merchants.manage': "merchants.manage";
+    readonly 'settings.view': "settings.view";
+    readonly 'settings.manage': "settings.manage";
+    readonly 'team.view': "team.view";
+    readonly 'team.manage': "team.manage";
+    readonly 'billing.view': "billing.view";
+    readonly 'billing.manage': "billing.manage";
+    readonly 'webhooks.view': "webhooks.view";
+    readonly 'api.view': "api.view";
+};
+declare const ROLE_PERMISSIONS: Record<PortalRole, readonly string[]>;
+declare function getPermissionsForRole(role: PortalRole): string[];
+declare function hasPermission(role: PortalRole, permission: string): boolean;
+
+/**
+ * Portal session store interface and in-memory implementation.
+ */
+
+interface PortalSessionStore {
+    get(sessionId: string): Promise<PortalSessionData | null>;
+    set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+declare class InMemoryPortalSessionStore implements PortalSessionStore {
+    private readonly store;
+    get(sessionId: string): Promise<PortalSessionData | null>;
+    set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    exists(sessionId: string): Promise<boolean>;
+}
+
+/**
+ * Developer authentication service for portal access.
+ */
+
+interface PortalAuthConfig {
+    validateApiKey: (apiKey: string) => Promise<PortalUser | null>;
+    sessionStore: PortalSessionStore;
+    getTeam: (teamId: string) => Promise<PortalTeam | null>;
+    getUser: (userId: string) => Promise<PortalUser | null>;
+}
+declare class DeveloperAuthService {
+    private readonly config;
+    constructor(config: PortalAuthConfig);
+    authenticate(token: string): Promise<PortalUser | null>;
+    validateApiKey(apiKey: string): Promise<PortalUser | null>;
+    getPortalContext(userId: string): Promise<PortalContext | null>;
+}
+
+/**
+ * Permission guard for portal access control.
+ */
+
+declare class PermissionGuardError extends Error {
+    readonly requiredPermission: string;
+    constructor(permission: string);
+}
+declare class PermissionGuard {
+    requirePermission(context: PortalContext, permission: string): void;
+    requireAnyPermission(context: PortalContext, permissions: string[]): void;
+    requireAllPermissions(context: PortalContext, permissions: string[]): void;
+    canAccess(context: PortalContext, permission: string): boolean;
+}
+
+export { DeveloperAuthService, InMemoryPortalSessionStore, PORTAL_PERMISSIONS, PermissionGuard, PermissionGuardError, type PortalAuthConfig, type PortalContext, type PortalRole, type PortalSessionData, type PortalSessionStore, type PortalTeam, type PortalUser, ROLE_PERMISSIONS, getPermissionsForRole, hasPermission };

package/dist/auth/index.js

@@ -0,0 +1,194 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/index.ts
+var auth_exports = {};
+__export(auth_exports, {
+  DeveloperAuthService: () => DeveloperAuthService,
+  InMemoryPortalSessionStore: () => InMemoryPortalSessionStore,
+  PORTAL_PERMISSIONS: () => PORTAL_PERMISSIONS,
+  PermissionGuard: () => PermissionGuard,
+  PermissionGuardError: () => PermissionGuardError,
+  ROLE_PERMISSIONS: () => ROLE_PERMISSIONS,
+  getPermissionsForRole: () => getPermissionsForRole,
+  hasPermission: () => hasPermission
+});
+module.exports = __toCommonJS(auth_exports);
+
+// src/auth/permissions.ts
+var PORTAL_PERMISSIONS = {
+  "dashboard.view": "dashboard.view",
+  "merchants.view": "merchants.view",
+  "merchants.manage": "merchants.manage",
+  "settings.view": "settings.view",
+  "settings.manage": "settings.manage",
+  "team.view": "team.view",
+  "team.manage": "team.manage",
+  "billing.view": "billing.view",
+  "billing.manage": "billing.manage",
+  "webhooks.view": "webhooks.view",
+  "api.view": "api.view"
+};
+var ALL_PERMISSIONS = Object.values(PORTAL_PERMISSIONS);
+var ADMIN_PERMISSIONS = ALL_PERMISSIONS.filter(
+  (p) => p !== PORTAL_PERMISSIONS["team.manage"]
+);
+var DEVELOPER_PERMISSIONS = [
+  PORTAL_PERMISSIONS["dashboard.view"],
+  PORTAL_PERMISSIONS["merchants.view"],
+  PORTAL_PERMISSIONS["merchants.manage"],
+  PORTAL_PERMISSIONS["settings.view"],
+  PORTAL_PERMISSIONS["webhooks.view"],
+  PORTAL_PERMISSIONS["api.view"]
+];
+var VIEWER_PERMISSIONS = [
+  PORTAL_PERMISSIONS["dashboard.view"],
+  PORTAL_PERMISSIONS["merchants.view"],
+  PORTAL_PERMISSIONS["settings.view"],
+  PORTAL_PERMISSIONS["billing.view"],
+  PORTAL_PERMISSIONS["webhooks.view"],
+  PORTAL_PERMISSIONS["api.view"]
+];
+var ROLE_PERMISSIONS = {
+  owner: ALL_PERMISSIONS,
+  admin: ADMIN_PERMISSIONS,
+  developer: DEVELOPER_PERMISSIONS,
+  viewer: VIEWER_PERMISSIONS
+};
+function getPermissionsForRole(role) {
+  return [...ROLE_PERMISSIONS[role]];
+}
+function hasPermission(role, permission) {
+  return ROLE_PERMISSIONS[role].includes(permission);
+}
+
+// src/auth/session-store.ts
+var InMemoryPortalSessionStore = class {
+  store = /* @__PURE__ */ new Map();
+  async get(sessionId) {
+    const entry = this.store.get(sessionId);
+    if (!entry) {
+      return null;
+    }
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.store.delete(sessionId);
+      return null;
+    }
+    return entry.data;
+  }
+  async set(sessionId, data, ttl) {
+    const expiresAt = ttl !== void 0 && ttl > 0 ? Date.now() + ttl * 1e3 : null;
+    this.store.set(sessionId, { data, expiresAt });
+  }
+  async delete(sessionId) {
+    this.store.delete(sessionId);
+  }
+  async exists(sessionId) {
+    const entry = this.store.get(sessionId);
+    if (!entry) {
+      return false;
+    }
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.store.delete(sessionId);
+      return false;
+    }
+    return true;
+  }
+};
+
+// src/auth/developer-auth-service.ts
+var DeveloperAuthService = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async authenticate(token) {
+    if (!token) {
+      return null;
+    }
+    return this.config.validateApiKey(token);
+  }
+  async validateApiKey(apiKey) {
+    if (!apiKey) {
+      return null;
+    }
+    return this.config.validateApiKey(apiKey);
+  }
+  async getPortalContext(userId) {
+    const user = await this.config.getUser(userId);
+    if (!user) {
+      return null;
+    }
+    const teamId = user.teamId;
+    if (teamId === void 0) {
+      return null;
+    }
+    const team = await this.config.getTeam(teamId);
+    if (!team) {
+      return null;
+    }
+    const permissions = getPermissionsForRole(user.role);
+    return { user, team, permissions };
+  }
+};
+
+// src/auth/permission-guard.ts
+var PermissionGuardError = class extends Error {
+  requiredPermission;
+  constructor(permission) {
+    super(`Missing required permission: ${permission}`);
+    this.name = "PermissionGuardError";
+    this.requiredPermission = permission;
+  }
+};
+var PermissionGuard = class {
+  requirePermission(context, permission) {
+    if (!context.permissions.includes(permission)) {
+      throw new PermissionGuardError(permission);
+    }
+  }
+  requireAnyPermission(context, permissions) {
+    const hasAny = permissions.some((p) => context.permissions.includes(p));
+    if (!hasAny) {
+      throw new PermissionGuardError(permissions.join(" | "));
+    }
+  }
+  requireAllPermissions(context, permissions) {
+    for (const p of permissions) {
+      if (!context.permissions.includes(p)) {
+        throw new PermissionGuardError(p);
+      }
+    }
+  }
+  canAccess(context, permission) {
+    return context.permissions.includes(permission);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DeveloperAuthService,
+  InMemoryPortalSessionStore,
+  PORTAL_PERMISSIONS,
+  PermissionGuard,
+  PermissionGuardError,
+  ROLE_PERMISSIONS,
+  getPermissionsForRole,
+  hasPermission
+});
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/index.ts","../../src/auth/permissions.ts","../../src/auth/session-store.ts","../../src/auth/developer-auth-service.ts","../../src/auth/permission-guard.ts"],"sourcesContent":["export type {\n  PortalRole,\n  PortalUser,\n  PortalTeam,\n  PortalContext,\n  PortalSessionData,\n} from './types.js';\n\nexport {\n  PORTAL_PERMISSIONS,\n  ROLE_PERMISSIONS,\n  hasPermission,\n  getPermissionsForRole,\n} from './permissions.js';\n\nexport type { PortalSessionStore } from './session-store.js';\nexport { InMemoryPortalSessionStore } from './session-store.js';\n\nexport type { PortalAuthConfig } from './developer-auth-service.js';\nexport { DeveloperAuthService } from './developer-auth-service.js';\n\nexport { PermissionGuard, PermissionGuardError } from './permission-guard.js';\n","/**\n * Portal permission definitions and role-based access mappings.\n */\n\nimport type { PortalRole } from './types.js';\n\nexport const PORTAL_PERMISSIONS = {\n  'dashboard.view': 'dashboard.view',\n  'merchants.view': 'merchants.view',\n  'merchants.manage': 'merchants.manage',\n  'settings.view': 'settings.view',\n  'settings.manage': 'settings.manage',\n  'team.view': 'team.view',\n  'team.manage': 'team.manage',\n  'billing.view': 'billing.view',\n  'billing.manage': 'billing.manage',\n  'webhooks.view': 'webhooks.view',\n  'api.view': 'api.view',\n} as const satisfies Record<string, string>;\n\nconst ALL_PERMISSIONS = Object.values(PORTAL_PERMISSIONS);\n\nconst ADMIN_PERMISSIONS = ALL_PERMISSIONS.filter(\n  (p) => p !== PORTAL_PERMISSIONS['team.manage']\n);\n\nconst DEVELOPER_PERMISSIONS: string[] = [\n  PORTAL_PERMISSIONS['dashboard.view'],\n  PORTAL_PERMISSIONS['merchants.view'],\n  PORTAL_PERMISSIONS['merchants.manage'],\n  PORTAL_PERMISSIONS['settings.view'],\n  PORTAL_PERMISSIONS['webhooks.view'],\n  PORTAL_PERMISSIONS['api.view'],\n];\n\nconst VIEWER_PERMISSIONS: string[] = [\n  PORTAL_PERMISSIONS['dashboard.view'],\n  PORTAL_PERMISSIONS['merchants.view'],\n  PORTAL_PERMISSIONS['settings.view'],\n  PORTAL_PERMISSIONS['billing.view'],\n  PORTAL_PERMISSIONS['webhooks.view'],\n  PORTAL_PERMISSIONS['api.view'],\n];\n\nexport const ROLE_PERMISSIONS: Record<PortalRole, readonly string[]> = {\n  owner: ALL_PERMISSIONS,\n  admin: ADMIN_PERMISSIONS,\n  developer: DEVELOPER_PERMISSIONS,\n  viewer: VIEWER_PERMISSIONS,\n};\n\nexport function getPermissionsForRole(role: PortalRole): string[] {\n  return [...ROLE_PERMISSIONS[role]];\n}\n\nexport function hasPermission(role: PortalRole, permission: string): boolean {\n  return ROLE_PERMISSIONS[role].includes(permission);\n}\n","/**\n * Portal session store interface and in-memory implementation.\n */\n\nimport type { PortalSessionData } from './types.js';\n\nexport interface PortalSessionStore {\n  get(sessionId: string): Promise<PortalSessionData | null>;\n  set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;\n  delete(sessionId: string): Promise<void>;\n  exists(sessionId: string): Promise<boolean>;\n}\n\ninterface StoredEntry {\n  data: PortalSessionData;\n  expiresAt: number | null;\n}\n\nexport class InMemoryPortalSessionStore implements PortalSessionStore {\n  private readonly store = new Map<string, StoredEntry>();\n\n  async get(sessionId: string): Promise<PortalSessionData | null> {\n    const entry = this.store.get(sessionId);\n    if (!entry) {\n      return null;\n    }\n    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {\n      this.store.delete(sessionId);\n      return null;\n    }\n    return entry.data;\n  }\n\n  async set(\n    sessionId: string,\n    data: PortalSessionData,\n    ttl?: number\n  ): Promise<void> {\n    const expiresAt =\n      ttl !== undefined && ttl > 0 ? Date.now() + ttl * 1000 : null;\n    this.store.set(sessionId, { data, expiresAt });\n  }\n\n  async delete(sessionId: string): Promise<void> {\n    this.store.delete(sessionId);\n  }\n\n  async exists(sessionId: string): Promise<boolean> {\n    const entry = this.store.get(sessionId);\n    if (!entry) {\n      return false;\n    }\n    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {\n      this.store.delete(sessionId);\n      return false;\n    }\n    return true;\n  }\n}\n","/**\n * Developer authentication service for portal access.\n */\n\nimport type {\n  PortalContext,\n  PortalTeam,\n  PortalUser,\n} from './types.js';\nimport { getPermissionsForRole } from './permissions.js';\nimport type { PortalSessionStore } from './session-store.js';\n\nexport interface PortalAuthConfig {\n  validateApiKey: (apiKey: string) => Promise<PortalUser | null>;\n  sessionStore: PortalSessionStore;\n  getTeam: (teamId: string) => Promise<PortalTeam | null>;\n  getUser: (userId: string) => Promise<PortalUser | null>;\n}\n\nexport class DeveloperAuthService {\n  private readonly config: PortalAuthConfig;\n\n  constructor(config: PortalAuthConfig) {\n    this.config = config;\n  }\n\n  async authenticate(token: string): Promise<PortalUser | null> {\n    if (!token) {\n      return null;\n    }\n    return this.config.validateApiKey(token);\n  }\n\n  async validateApiKey(apiKey: string): Promise<PortalUser | null> {\n    if (!apiKey) {\n      return null;\n    }\n    return this.config.validateApiKey(apiKey);\n  }\n\n  async getPortalContext(userId: string): Promise<PortalContext | null> {\n    const user = await this.config.getUser(userId);\n    if (!user) {\n      return null;\n    }\n\n    const teamId = user.teamId;\n    if (teamId === undefined) {\n      return null;\n    }\n\n    const team = await this.config.getTeam(teamId);\n    if (!team) {\n      return null;\n    }\n\n    const permissions = getPermissionsForRole(user.role);\n\n    return { user, team, permissions };\n  }\n}\n","/**\n * Permission guard for portal access control.\n */\n\nimport type { PortalContext } from './types.js';\n\nexport class PermissionGuardError extends Error {\n  public readonly requiredPermission: string;\n\n  constructor(permission: string) {\n    super(`Missing required permission: ${permission}`);\n    this.name = 'PermissionGuardError';\n    this.requiredPermission = permission;\n  }\n}\n\nexport class PermissionGuard {\n  requirePermission(context: PortalContext, permission: string): void {\n    if (!context.permissions.includes(permission)) {\n      throw new PermissionGuardError(permission);\n    }\n  }\n\n  requireAnyPermission(\n    context: PortalContext,\n    permissions: string[]\n  ): void {\n    const hasAny = permissions.some((p) => context.permissions.includes(p));\n    if (!hasAny) {\n      throw new PermissionGuardError(permissions.join(' | '));\n    }\n  }\n\n  requireAllPermissions(\n    context: PortalContext,\n    permissions: string[]\n  ): void {\n    for (const p of permissions) {\n      if (!context.permissions.includes(p)) {\n        throw new PermissionGuardError(p);\n      }\n    }\n  }\n\n  canAccess(context: PortalContext, permission: string): boolean {\n    return context.permissions.includes(permission);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,qBAAqB;AAAA,EAChC,kBAAkB;AAAA,EAClB,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,mBAAmB;AAAA,EACnB,aAAa;AAAA,EACb,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,YAAY;AACd;AAEA,IAAM,kBAAkB,OAAO,OAAO,kBAAkB;AAExD,IAAM,oBAAoB,gBAAgB;AAAA,EACxC,CAAC,MAAM,MAAM,mBAAmB,aAAa;AAC/C;AAEA,IAAM,wBAAkC;AAAA,EACtC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,kBAAkB;AAAA,EACrC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,UAAU;AAC/B;AAEA,IAAM,qBAA+B;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,cAAc;AAAA,EACjC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,UAAU;AAC/B;AAEO,IAAM,mBAA0D;AAAA,EACrE,OAAO;AAAA,EACP,OAAO;AAAA,EACP,WAAW;AAAA,EACX,QAAQ;AACV;AAEO,SAAS,sBAAsB,MAA4B;AAChE,SAAO,CAAC,GAAG,iBAAiB,IAAI,CAAC;AACnC;AAEO,SAAS,cAAc,MAAkB,YAA6B;AAC3E,SAAO,iBAAiB,IAAI,EAAE,SAAS,UAAU;AACnD;;;ACvCO,IAAM,6BAAN,MAA+D;AAAA,EACnD,QAAQ,oBAAI,IAAyB;AAAA,EAEtD,MAAM,IAAI,WAAsD;AAC9D,UAAM,QAAQ,KAAK,MAAM,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,QAAI,MAAM,cAAc,QAAQ,KAAK,IAAI,IAAI,MAAM,WAAW;AAC5D,WAAK,MAAM,OAAO,SAAS;AAC3B,aAAO;AAAA,IACT;AACA,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,MAAM,IACJ,WACA,MACA,KACe;AACf,UAAM,YACJ,QAAQ,UAAa,MAAM,IAAI,KAAK,IAAI,IAAI,MAAM,MAAO;AAC3D,SAAK,MAAM,IAAI,WAAW,EAAE,MAAM,UAAU,CAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,WAAkC;AAC7C,SAAK,MAAM,OAAO,SAAS;AAAA,EAC7B;AAAA,EAEA,MAAM,OAAO,WAAqC;AAChD,UAAM,QAAQ,KAAK,MAAM,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,QAAI,MAAM,cAAc,QAAQ,KAAK,IAAI,IAAI,MAAM,WAAW;AAC5D,WAAK,MAAM,OAAO,SAAS;AAC3B,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AACF;;;ACvCO,IAAM,uBAAN,MAA2B;AAAA,EACf;AAAA,EAEjB,YAAY,QAA0B;AACpC,SAAK,SAAS;AAAA,EAChB;AAAA,EAEA,MAAM,aAAa,OAA2C;AAC5D,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,eAAe,KAAK;AAAA,EACzC;AAAA,EAEA,MAAM,eAAe,QAA4C;AAC/D,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,eAAe,MAAM;AAAA,EAC1C;AAAA,EAEA,MAAM,iBAAiB,QAA+C;AACpE,UAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,MAAM;AAC7C,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK;AACpB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,MAAM;AAC7C,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,sBAAsB,KAAK,IAAI;AAEnD,WAAO,EAAE,MAAM,MAAM,YAAY;AAAA,EACnC;AACF;;;ACtDO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9B;AAAA,EAEhB,YAAY,YAAoB;AAC9B,UAAM,gCAAgC,UAAU,EAAE;AAClD,SAAK,OAAO;AACZ,SAAK,qBAAqB;AAAA,EAC5B;AACF;AAEO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,kBAAkB,SAAwB,YAA0B;AAClE,QAAI,CAAC,QAAQ,YAAY,SAAS,UAAU,GAAG;AAC7C,YAAM,IAAI,qBAAqB,UAAU;AAAA,IAC3C;AAAA,EACF;AAAA,EAEA,qBACE,SACA,aACM;AACN,UAAM,SAAS,YAAY,KAAK,CAAC,MAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACtE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,qBAAqB,YAAY,KAAK,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AAAA,EAEA,sBACE,SACA,aACM;AACN,eAAW,KAAK,aAAa;AAC3B,UAAI,CAAC,QAAQ,YAAY,SAAS,CAAC,GAAG;AACpC,cAAM,IAAI,qBAAqB,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,UAAU,SAAwB,YAA6B;AAC7D,WAAO,QAAQ,YAAY,SAAS,UAAU;AAAA,EAChD;AACF;","names":[]}

package/dist/auth/index.mjs

@@ -0,0 +1,160 @@
+// src/auth/permissions.ts
+var PORTAL_PERMISSIONS = {
+  "dashboard.view": "dashboard.view",
+  "merchants.view": "merchants.view",
+  "merchants.manage": "merchants.manage",
+  "settings.view": "settings.view",
+  "settings.manage": "settings.manage",
+  "team.view": "team.view",
+  "team.manage": "team.manage",
+  "billing.view": "billing.view",
+  "billing.manage": "billing.manage",
+  "webhooks.view": "webhooks.view",
+  "api.view": "api.view"
+};
+var ALL_PERMISSIONS = Object.values(PORTAL_PERMISSIONS);
+var ADMIN_PERMISSIONS = ALL_PERMISSIONS.filter(
+  (p) => p !== PORTAL_PERMISSIONS["team.manage"]
+);
+var DEVELOPER_PERMISSIONS = [
+  PORTAL_PERMISSIONS["dashboard.view"],
+  PORTAL_PERMISSIONS["merchants.view"],
+  PORTAL_PERMISSIONS["merchants.manage"],
+  PORTAL_PERMISSIONS["settings.view"],
+  PORTAL_PERMISSIONS["webhooks.view"],
+  PORTAL_PERMISSIONS["api.view"]
+];
+var VIEWER_PERMISSIONS = [
+  PORTAL_PERMISSIONS["dashboard.view"],
+  PORTAL_PERMISSIONS["merchants.view"],
+  PORTAL_PERMISSIONS["settings.view"],
+  PORTAL_PERMISSIONS["billing.view"],
+  PORTAL_PERMISSIONS["webhooks.view"],
+  PORTAL_PERMISSIONS["api.view"]
+];
+var ROLE_PERMISSIONS = {
+  owner: ALL_PERMISSIONS,
+  admin: ADMIN_PERMISSIONS,
+  developer: DEVELOPER_PERMISSIONS,
+  viewer: VIEWER_PERMISSIONS
+};
+function getPermissionsForRole(role) {
+  return [...ROLE_PERMISSIONS[role]];
+}
+function hasPermission(role, permission) {
+  return ROLE_PERMISSIONS[role].includes(permission);
+}
+
+// src/auth/session-store.ts
+var InMemoryPortalSessionStore = class {
+  store = /* @__PURE__ */ new Map();
+  async get(sessionId) {
+    const entry = this.store.get(sessionId);
+    if (!entry) {
+      return null;
+    }
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.store.delete(sessionId);
+      return null;
+    }
+    return entry.data;
+  }
+  async set(sessionId, data, ttl) {
+    const expiresAt = ttl !== void 0 && ttl > 0 ? Date.now() + ttl * 1e3 : null;
+    this.store.set(sessionId, { data, expiresAt });
+  }
+  async delete(sessionId) {
+    this.store.delete(sessionId);
+  }
+  async exists(sessionId) {
+    const entry = this.store.get(sessionId);
+    if (!entry) {
+      return false;
+    }
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.store.delete(sessionId);
+      return false;
+    }
+    return true;
+  }
+};
+
+// src/auth/developer-auth-service.ts
+var DeveloperAuthService = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  async authenticate(token) {
+    if (!token) {
+      return null;
+    }
+    return this.config.validateApiKey(token);
+  }
+  async validateApiKey(apiKey) {
+    if (!apiKey) {
+      return null;
+    }
+    return this.config.validateApiKey(apiKey);
+  }
+  async getPortalContext(userId) {
+    const user = await this.config.getUser(userId);
+    if (!user) {
+      return null;
+    }
+    const teamId = user.teamId;
+    if (teamId === void 0) {
+      return null;
+    }
+    const team = await this.config.getTeam(teamId);
+    if (!team) {
+      return null;
+    }
+    const permissions = getPermissionsForRole(user.role);
+    return { user, team, permissions };
+  }
+};
+
+// src/auth/permission-guard.ts
+var PermissionGuardError = class extends Error {
+  requiredPermission;
+  constructor(permission) {
+    super(`Missing required permission: ${permission}`);
+    this.name = "PermissionGuardError";
+    this.requiredPermission = permission;
+  }
+};
+var PermissionGuard = class {
+  requirePermission(context, permission) {
+    if (!context.permissions.includes(permission)) {
+      throw new PermissionGuardError(permission);
+    }
+  }
+  requireAnyPermission(context, permissions) {
+    const hasAny = permissions.some((p) => context.permissions.includes(p));
+    if (!hasAny) {
+      throw new PermissionGuardError(permissions.join(" | "));
+    }
+  }
+  requireAllPermissions(context, permissions) {
+    for (const p of permissions) {
+      if (!context.permissions.includes(p)) {
+        throw new PermissionGuardError(p);
+      }
+    }
+  }
+  canAccess(context, permission) {
+    return context.permissions.includes(permission);
+  }
+};
+export {
+  DeveloperAuthService,
+  InMemoryPortalSessionStore,
+  PORTAL_PERMISSIONS,
+  PermissionGuard,
+  PermissionGuardError,
+  ROLE_PERMISSIONS,
+  getPermissionsForRole,
+  hasPermission
+};
+//# sourceMappingURL=index.mjs.map

package/dist/auth/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/permissions.ts","../../src/auth/session-store.ts","../../src/auth/developer-auth-service.ts","../../src/auth/permission-guard.ts"],"sourcesContent":["/**\n * Portal permission definitions and role-based access mappings.\n */\n\nimport type { PortalRole } from './types.js';\n\nexport const PORTAL_PERMISSIONS = {\n  'dashboard.view': 'dashboard.view',\n  'merchants.view': 'merchants.view',\n  'merchants.manage': 'merchants.manage',\n  'settings.view': 'settings.view',\n  'settings.manage': 'settings.manage',\n  'team.view': 'team.view',\n  'team.manage': 'team.manage',\n  'billing.view': 'billing.view',\n  'billing.manage': 'billing.manage',\n  'webhooks.view': 'webhooks.view',\n  'api.view': 'api.view',\n} as const satisfies Record<string, string>;\n\nconst ALL_PERMISSIONS = Object.values(PORTAL_PERMISSIONS);\n\nconst ADMIN_PERMISSIONS = ALL_PERMISSIONS.filter(\n  (p) => p !== PORTAL_PERMISSIONS['team.manage']\n);\n\nconst DEVELOPER_PERMISSIONS: string[] = [\n  PORTAL_PERMISSIONS['dashboard.view'],\n  PORTAL_PERMISSIONS['merchants.view'],\n  PORTAL_PERMISSIONS['merchants.manage'],\n  PORTAL_PERMISSIONS['settings.view'],\n  PORTAL_PERMISSIONS['webhooks.view'],\n  PORTAL_PERMISSIONS['api.view'],\n];\n\nconst VIEWER_PERMISSIONS: string[] = [\n  PORTAL_PERMISSIONS['dashboard.view'],\n  PORTAL_PERMISSIONS['merchants.view'],\n  PORTAL_PERMISSIONS['settings.view'],\n  PORTAL_PERMISSIONS['billing.view'],\n  PORTAL_PERMISSIONS['webhooks.view'],\n  PORTAL_PERMISSIONS['api.view'],\n];\n\nexport const ROLE_PERMISSIONS: Record<PortalRole, readonly string[]> = {\n  owner: ALL_PERMISSIONS,\n  admin: ADMIN_PERMISSIONS,\n  developer: DEVELOPER_PERMISSIONS,\n  viewer: VIEWER_PERMISSIONS,\n};\n\nexport function getPermissionsForRole(role: PortalRole): string[] {\n  return [...ROLE_PERMISSIONS[role]];\n}\n\nexport function hasPermission(role: PortalRole, permission: string): boolean {\n  return ROLE_PERMISSIONS[role].includes(permission);\n}\n","/**\n * Portal session store interface and in-memory implementation.\n */\n\nimport type { PortalSessionData } from './types.js';\n\nexport interface PortalSessionStore {\n  get(sessionId: string): Promise<PortalSessionData | null>;\n  set(sessionId: string, data: PortalSessionData, ttl?: number): Promise<void>;\n  delete(sessionId: string): Promise<void>;\n  exists(sessionId: string): Promise<boolean>;\n}\n\ninterface StoredEntry {\n  data: PortalSessionData;\n  expiresAt: number | null;\n}\n\nexport class InMemoryPortalSessionStore implements PortalSessionStore {\n  private readonly store = new Map<string, StoredEntry>();\n\n  async get(sessionId: string): Promise<PortalSessionData | null> {\n    const entry = this.store.get(sessionId);\n    if (!entry) {\n      return null;\n    }\n    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {\n      this.store.delete(sessionId);\n      return null;\n    }\n    return entry.data;\n  }\n\n  async set(\n    sessionId: string,\n    data: PortalSessionData,\n    ttl?: number\n  ): Promise<void> {\n    const expiresAt =\n      ttl !== undefined && ttl > 0 ? Date.now() + ttl * 1000 : null;\n    this.store.set(sessionId, { data, expiresAt });\n  }\n\n  async delete(sessionId: string): Promise<void> {\n    this.store.delete(sessionId);\n  }\n\n  async exists(sessionId: string): Promise<boolean> {\n    const entry = this.store.get(sessionId);\n    if (!entry) {\n      return false;\n    }\n    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {\n      this.store.delete(sessionId);\n      return false;\n    }\n    return true;\n  }\n}\n","/**\n * Developer authentication service for portal access.\n */\n\nimport type {\n  PortalContext,\n  PortalTeam,\n  PortalUser,\n} from './types.js';\nimport { getPermissionsForRole } from './permissions.js';\nimport type { PortalSessionStore } from './session-store.js';\n\nexport interface PortalAuthConfig {\n  validateApiKey: (apiKey: string) => Promise<PortalUser | null>;\n  sessionStore: PortalSessionStore;\n  getTeam: (teamId: string) => Promise<PortalTeam | null>;\n  getUser: (userId: string) => Promise<PortalUser | null>;\n}\n\nexport class DeveloperAuthService {\n  private readonly config: PortalAuthConfig;\n\n  constructor(config: PortalAuthConfig) {\n    this.config = config;\n  }\n\n  async authenticate(token: string): Promise<PortalUser | null> {\n    if (!token) {\n      return null;\n    }\n    return this.config.validateApiKey(token);\n  }\n\n  async validateApiKey(apiKey: string): Promise<PortalUser | null> {\n    if (!apiKey) {\n      return null;\n    }\n    return this.config.validateApiKey(apiKey);\n  }\n\n  async getPortalContext(userId: string): Promise<PortalContext | null> {\n    const user = await this.config.getUser(userId);\n    if (!user) {\n      return null;\n    }\n\n    const teamId = user.teamId;\n    if (teamId === undefined) {\n      return null;\n    }\n\n    const team = await this.config.getTeam(teamId);\n    if (!team) {\n      return null;\n    }\n\n    const permissions = getPermissionsForRole(user.role);\n\n    return { user, team, permissions };\n  }\n}\n","/**\n * Permission guard for portal access control.\n */\n\nimport type { PortalContext } from './types.js';\n\nexport class PermissionGuardError extends Error {\n  public readonly requiredPermission: string;\n\n  constructor(permission: string) {\n    super(`Missing required permission: ${permission}`);\n    this.name = 'PermissionGuardError';\n    this.requiredPermission = permission;\n  }\n}\n\nexport class PermissionGuard {\n  requirePermission(context: PortalContext, permission: string): void {\n    if (!context.permissions.includes(permission)) {\n      throw new PermissionGuardError(permission);\n    }\n  }\n\n  requireAnyPermission(\n    context: PortalContext,\n    permissions: string[]\n  ): void {\n    const hasAny = permissions.some((p) => context.permissions.includes(p));\n    if (!hasAny) {\n      throw new PermissionGuardError(permissions.join(' | '));\n    }\n  }\n\n  requireAllPermissions(\n    context: PortalContext,\n    permissions: string[]\n  ): void {\n    for (const p of permissions) {\n      if (!context.permissions.includes(p)) {\n        throw new PermissionGuardError(p);\n      }\n    }\n  }\n\n  canAccess(context: PortalContext, permission: string): boolean {\n    return context.permissions.includes(permission);\n  }\n}\n"],"mappings":";AAMO,IAAM,qBAAqB;AAAA,EAChC,kBAAkB;AAAA,EAClB,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,iBAAiB;AAAA,EACjB,mBAAmB;AAAA,EACnB,aAAa;AAAA,EACb,eAAe;AAAA,EACf,gBAAgB;AAAA,EAChB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,YAAY;AACd;AAEA,IAAM,kBAAkB,OAAO,OAAO,kBAAkB;AAExD,IAAM,oBAAoB,gBAAgB;AAAA,EACxC,CAAC,MAAM,MAAM,mBAAmB,aAAa;AAC/C;AAEA,IAAM,wBAAkC;AAAA,EACtC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,kBAAkB;AAAA,EACrC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,UAAU;AAC/B;AAEA,IAAM,qBAA+B;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,gBAAgB;AAAA,EACnC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,cAAc;AAAA,EACjC,mBAAmB,eAAe;AAAA,EAClC,mBAAmB,UAAU;AAC/B;AAEO,IAAM,mBAA0D;AAAA,EACrE,OAAO;AAAA,EACP,OAAO;AAAA,EACP,WAAW;AAAA,EACX,QAAQ;AACV;AAEO,SAAS,sBAAsB,MAA4B;AAChE,SAAO,CAAC,GAAG,iBAAiB,IAAI,CAAC;AACnC;AAEO,SAAS,cAAc,MAAkB,YAA6B;AAC3E,SAAO,iBAAiB,IAAI,EAAE,SAAS,UAAU;AACnD;;;ACvCO,IAAM,6BAAN,MAA+D;AAAA,EACnD,QAAQ,oBAAI,IAAyB;AAAA,EAEtD,MAAM,IAAI,WAAsD;AAC9D,UAAM,QAAQ,KAAK,MAAM,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,QAAI,MAAM,cAAc,QAAQ,KAAK,IAAI,IAAI,MAAM,WAAW;AAC5D,WAAK,MAAM,OAAO,SAAS;AAC3B,aAAO;AAAA,IACT;AACA,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,MAAM,IACJ,WACA,MACA,KACe;AACf,UAAM,YACJ,QAAQ,UAAa,MAAM,IAAI,KAAK,IAAI,IAAI,MAAM,MAAO;AAC3D,SAAK,MAAM,IAAI,WAAW,EAAE,MAAM,UAAU,CAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,WAAkC;AAC7C,SAAK,MAAM,OAAO,SAAS;AAAA,EAC7B;AAAA,EAEA,MAAM,OAAO,WAAqC;AAChD,UAAM,QAAQ,KAAK,MAAM,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,QAAI,MAAM,cAAc,QAAQ,KAAK,IAAI,IAAI,MAAM,WAAW;AAC5D,WAAK,MAAM,OAAO,SAAS;AAC3B,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AACF;;;ACvCO,IAAM,uBAAN,MAA2B;AAAA,EACf;AAAA,EAEjB,YAAY,QAA0B;AACpC,SAAK,SAAS;AAAA,EAChB;AAAA,EAEA,MAAM,aAAa,OAA2C;AAC5D,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,eAAe,KAAK;AAAA,EACzC;AAAA,EAEA,MAAM,eAAe,QAA4C;AAC/D,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,IACT;AACA,WAAO,KAAK,OAAO,eAAe,MAAM;AAAA,EAC1C;AAAA,EAEA,MAAM,iBAAiB,QAA+C;AACpE,UAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,MAAM;AAC7C,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK;AACpB,QAAI,WAAW,QAAW;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,KAAK,OAAO,QAAQ,MAAM;AAC7C,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,sBAAsB,KAAK,IAAI;AAEnD,WAAO,EAAE,MAAM,MAAM,YAAY;AAAA,EACnC;AACF;;;ACtDO,IAAM,uBAAN,cAAmC,MAAM;AAAA,EAC9B;AAAA,EAEhB,YAAY,YAAoB;AAC9B,UAAM,gCAAgC,UAAU,EAAE;AAClD,SAAK,OAAO;AACZ,SAAK,qBAAqB;AAAA,EAC5B;AACF;AAEO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,kBAAkB,SAAwB,YAA0B;AAClE,QAAI,CAAC,QAAQ,YAAY,SAAS,UAAU,GAAG;AAC7C,YAAM,IAAI,qBAAqB,UAAU;AAAA,IAC3C;AAAA,EACF;AAAA,EAEA,qBACE,SACA,aACM;AACN,UAAM,SAAS,YAAY,KAAK,CAAC,MAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACtE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,qBAAqB,YAAY,KAAK,KAAK,CAAC;AAAA,IACxD;AAAA,EACF;AAAA,EAEA,sBACE,SACA,aACM;AACN,eAAW,KAAK,aAAa;AAC3B,UAAI,CAAC,QAAQ,YAAY,SAAS,CAAC,GAAG;AACpC,cAAM,IAAI,qBAAqB,CAAC;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,UAAU,SAAwB,YAA6B;AAC7D,WAAO,QAAQ,YAAY,SAAS,UAAU;AAAA,EAChD;AACF;","names":[]}

package/dist/dashboard/index.d.cts

@@ -0,0 +1,76 @@
+interface DashboardMetrics {
+    totalInstalls: number;
+    activeMerchants: number;
+    monthlyRevenue: string;
+    churnRate: number;
+}
+interface DashboardActivity {
+    id: string;
+    title: string;
+    description?: string;
+    timestamp: Date;
+    type: 'install' | 'uninstall' | 'upgrade' | 'downgrade' | 'payment' | 'error';
+    shopDomain?: string;
+}
+type DashboardTimeRange = 'day' | 'week' | 'month' | 'quarter' | 'year';
+interface MetricsSnapshot {
+    metrics: DashboardMetrics;
+    timestamp: Date;
+    timeRange: DashboardTimeRange;
+}
+interface DashboardConfig {
+    metricsDataSource: MetricsDataSource;
+    activityDataSource: ActivityDataSource;
+    defaultTimeRange?: DashboardTimeRange;
+    defaultActivityLimit?: number;
+}
+interface MetricsDataSource {
+    countShops(filter?: string): Promise<number>;
+    countActiveShops(): Promise<number>;
+    sumRevenue(since: Date): Promise<number>;
+    countChurned(since: Date): Promise<number>;
+    getInstallTimeline(range: DashboardTimeRange): Promise<{
+        date: string;
+        count: number;
+    }[]>;
+}
+interface ActivityDataSource {
+    getRecentActivities(limit: number): Promise<DashboardActivity[]>;
+    getActivitiesByShop(shopDomain: string, limit: number): Promise<DashboardActivity[]>;
+    getActivitiesByType(type: string, limit: number): Promise<DashboardActivity[]>;
+}
+
+declare class MetricsService {
+    private readonly dataSource;
+    constructor(dataSource: MetricsDataSource);
+    getMetrics(range?: DashboardTimeRange): Promise<DashboardMetrics>;
+    getMetricsSnapshot(range?: DashboardTimeRange): Promise<MetricsSnapshot>;
+    calculateChurnRate(totalShops: number, churnedShops: number): number;
+    formatRevenue(amount: number, currency?: string): string;
+    private getStartDate;
+}
+
+declare class ActivityService {
+    private readonly dataSource;
+    constructor(dataSource: ActivityDataSource);
+    getRecentActivity(limit?: number): Promise<DashboardActivity[]>;
+    getActivityByShop(shopDomain: string, limit?: number): Promise<DashboardActivity[]>;
+    getActivityFeed(options?: {
+        limit?: number;
+        types?: string[];
+        shopDomain?: string;
+    }): Promise<DashboardActivity[]>;
+}
+
+interface DashboardData {
+    metrics: DashboardMetrics;
+    recentActivity: DashboardActivity[];
+}
+declare class DashboardService {
+    private readonly metricsService;
+    private readonly activityService;
+    constructor(metricsDataSource: MetricsDataSource, activityDataSource: ActivityDataSource);
+    getDashboardData(range?: DashboardTimeRange): Promise<DashboardData>;
+}
+
+export { type ActivityDataSource, ActivityService, type DashboardActivity, type DashboardConfig, type DashboardData, type DashboardMetrics, DashboardService, type DashboardTimeRange, type MetricsDataSource, MetricsService, type MetricsSnapshot };