npm - @wopr-network/platform-core - Versions diffs - 0.1.0 - Mend

@wopr-network/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (694) hide show

package/biome.json +61 -0
package/dist/admin/admin-audit-log-repository.d.ts +33 -0
package/dist/admin/admin-audit-log-repository.js +102 -0
package/dist/admin/audit-log.d.ts +49 -0
package/dist/admin/audit-log.js +63 -0
package/dist/admin/index.d.ts +6 -0
package/dist/admin/index.js +3 -0
package/dist/admin/role-store.d.ts +37 -0
package/dist/admin/role-store.js +106 -0
package/dist/auth/api-key-repository.d.ts +11 -0
package/dist/auth/api-key-repository.js +33 -0
package/dist/auth/api-key-repository.test.d.ts +1 -0
package/dist/auth/api-key-repository.test.js +46 -0
package/dist/auth/auth.test.d.ts +1 -0
package/dist/auth/auth.test.js +140 -0
package/dist/auth/better-auth.d.ts +42 -0
package/dist/auth/better-auth.js +196 -0
package/dist/auth/index.d.ts +186 -0
package/dist/auth/index.js +422 -0
package/dist/auth/login-history-repository.d.ts +14 -0
package/dist/auth/login-history-repository.js +15 -0
package/dist/auth/login-history-repository.test.d.ts +1 -0
package/dist/auth/login-history-repository.test.js +47 -0
package/dist/auth/middleware.d.ts +55 -0
package/dist/auth/middleware.js +101 -0
package/dist/auth/middleware.test.d.ts +1 -0
package/dist/auth/middleware.test.js +213 -0
package/dist/auth/scoped-tokens.test.d.ts +1 -0
package/dist/auth/scoped-tokens.test.js +306 -0
package/dist/auth/tenant-access.test.d.ts +1 -0
package/dist/auth/tenant-access.test.js +62 -0
package/dist/auth/user-creator.d.ts +9 -0
package/dist/auth/user-creator.js +47 -0
package/dist/auth/user-creator.test.d.ts +1 -0
package/dist/auth/user-creator.test.js +78 -0
package/dist/auth/user-role-repository.d.ts +31 -0
package/dist/auth/user-role-repository.js +53 -0
package/dist/auth/user-role-repository.test.d.ts +1 -0
package/dist/auth/user-role-repository.test.js +122 -0
package/dist/billing/drizzle-webhook-seen-repository.d.ts +10 -0
package/dist/billing/drizzle-webhook-seen-repository.js +28 -0
package/dist/billing/index.d.ts +7 -0
package/dist/billing/index.js +7 -0
package/dist/billing/payment-processor.d.ts +127 -0
package/dist/billing/payment-processor.js +8 -0
package/dist/billing/payment-processor.test.d.ts +1 -0
package/dist/billing/payment-processor.test.js +71 -0
package/dist/billing/payram/cents-credits-boundary.test.d.ts +1 -0
package/dist/billing/payram/cents-credits-boundary.test.js +75 -0
package/dist/billing/payram/charge-store.d.ts +41 -0
package/dist/billing/payram/charge-store.js +72 -0
package/dist/billing/payram/charge-store.test.d.ts +1 -0
package/dist/billing/payram/charge-store.test.js +64 -0
package/dist/billing/payram/checkout.d.ts +15 -0
package/dist/billing/payram/checkout.js +24 -0
package/dist/billing/payram/checkout.test.d.ts +1 -0
package/dist/billing/payram/checkout.test.js +74 -0
package/dist/billing/payram/client.d.ts +7 -0
package/dist/billing/payram/client.js +15 -0
package/dist/billing/payram/client.test.d.ts +1 -0
package/dist/billing/payram/client.test.js +52 -0
package/dist/billing/payram/index.d.ts +8 -0
package/dist/billing/payram/index.js +4 -0
package/dist/billing/payram/types.d.ts +40 -0
package/dist/billing/payram/types.js +1 -0
package/dist/billing/payram/webhook.d.ts +19 -0
package/dist/billing/payram/webhook.js +67 -0
package/dist/billing/payram/webhook.test.d.ts +7 -0
package/dist/billing/payram/webhook.test.js +248 -0
package/dist/billing/stripe/cents-credits-boundary.test.d.ts +1 -0
package/dist/billing/stripe/cents-credits-boundary.test.js +62 -0
package/dist/billing/stripe/checkout.d.ts +20 -0
package/dist/billing/stripe/checkout.js +63 -0
package/dist/billing/stripe/checkout.test.d.ts +1 -0
package/dist/billing/stripe/checkout.test.js +148 -0
package/dist/billing/stripe/client.d.ts +14 -0
package/dist/billing/stripe/client.js +33 -0
package/dist/billing/stripe/client.test.d.ts +1 -0
package/dist/billing/stripe/client.test.js +58 -0
package/dist/billing/stripe/credit-prices.d.ts +63 -0
package/dist/billing/stripe/credit-prices.js +81 -0
package/dist/billing/stripe/credit-prices.test.d.ts +1 -0
package/dist/billing/stripe/credit-prices.test.js +87 -0
package/dist/billing/stripe/index.d.ts +14 -0
package/dist/billing/stripe/index.js +8 -0
package/dist/billing/stripe/payment-methods-detach-all.test.d.ts +1 -0
package/dist/billing/stripe/payment-methods-detach-all.test.js +40 -0
package/dist/billing/stripe/payment-methods.d.ts +25 -0
package/dist/billing/stripe/payment-methods.js +53 -0
package/dist/billing/stripe/payment-methods.test.d.ts +1 -0
package/dist/billing/stripe/payment-methods.test.js +122 -0
package/dist/billing/stripe/portal.d.ts +10 -0
package/dist/billing/stripe/portal.js +16 -0
package/dist/billing/stripe/portal.test.d.ts +1 -0
package/dist/billing/stripe/portal.test.js +48 -0
package/dist/billing/stripe/setup-intent.d.ts +16 -0
package/dist/billing/stripe/setup-intent.js +22 -0
package/dist/billing/stripe/setup-intent.test.d.ts +1 -0
package/dist/billing/stripe/setup-intent.test.js +58 -0
package/dist/billing/stripe/stripe-payment-processor.d.ts +49 -0
package/dist/billing/stripe/stripe-payment-processor.js +166 -0
package/dist/billing/stripe/stripe-payment-processor.test.d.ts +1 -0
package/dist/billing/stripe/stripe-payment-processor.test.js +413 -0
package/dist/billing/stripe/tenant-store.d.ts +56 -0
package/dist/billing/stripe/tenant-store.js +119 -0
package/dist/billing/stripe/tenant-store.test.d.ts +1 -0
package/dist/billing/stripe/tenant-store.test.js +97 -0
package/dist/billing/stripe/types.d.ts +49 -0
package/dist/billing/stripe/types.js +1 -0
package/dist/billing/webhook-seen-repository.d.ts +14 -0
package/dist/billing/webhook-seen-repository.js +13 -0
package/dist/config/billing-env.test.d.ts +1 -0
package/dist/config/billing-env.test.js +48 -0
package/dist/config/index.d.ts +46 -0
package/dist/config/index.js +38 -0
package/dist/config/logger.d.ts +2 -0
package/dist/config/logger.js +11 -0
package/dist/config/provider-endpoints.d.ts +6 -0
package/dist/config/provider-endpoints.js +12 -0
package/dist/credits/auto-topup-charge.d.ts +27 -0
package/dist/credits/auto-topup-charge.js +139 -0
package/dist/credits/auto-topup-charge.test.d.ts +1 -0
package/dist/credits/auto-topup-charge.test.js +242 -0
package/dist/credits/auto-topup-event-log-repository.d.ts +16 -0
package/dist/credits/auto-topup-event-log-repository.js +18 -0
package/dist/credits/auto-topup-event-log-repository.test.d.ts +1 -0
package/dist/credits/auto-topup-event-log-repository.test.js +83 -0
package/dist/credits/auto-topup-schedule.d.ts +27 -0
package/dist/credits/auto-topup-schedule.js +66 -0
package/dist/credits/auto-topup-schedule.test.d.ts +1 -0
package/dist/credits/auto-topup-schedule.test.js +145 -0
package/dist/credits/auto-topup-settings-repository.d.ts +54 -0
package/dist/credits/auto-topup-settings-repository.js +184 -0
package/dist/credits/auto-topup-settings-repository.test.d.ts +1 -0
package/dist/credits/auto-topup-settings-repository.test.js +104 -0
package/dist/credits/auto-topup-usage.d.ts +22 -0
package/dist/credits/auto-topup-usage.js +56 -0
package/dist/credits/auto-topup-usage.test.d.ts +1 -0
package/dist/credits/auto-topup-usage.test.js +181 -0
package/dist/credits/credit-expiry-cron.d.ts +19 -0
package/dist/credits/credit-expiry-cron.js +50 -0
package/dist/credits/credit-expiry-cron.test.d.ts +1 -0
package/dist/credits/credit-expiry-cron.test.js +67 -0
package/dist/credits/credit-ledger-extra.test.d.ts +1 -0
package/dist/credits/credit-ledger-extra.test.js +40 -0
package/dist/credits/credit-ledger.bench.d.ts +1 -0
package/dist/credits/credit-ledger.bench.js +33 -0
package/dist/credits/credit-ledger.d.ts +130 -0
package/dist/credits/credit-ledger.js +293 -0
package/dist/credits/credit-ledger.test.d.ts +4 -0
package/dist/credits/credit-ledger.test.js +203 -0
package/dist/credits/credit-transaction-repository.d.ts +17 -0
package/dist/credits/credit-transaction-repository.js +35 -0
package/dist/credits/credit-transaction-repository.test.d.ts +1 -0
package/dist/credits/credit-transaction-repository.test.js +232 -0
package/dist/credits/credit.d.ts +75 -0
package/dist/credits/credit.js +139 -0
package/dist/credits/credit.test.d.ts +1 -0
package/dist/credits/credit.test.js +196 -0
package/dist/credits/dividend-cron.d.ts +29 -0
package/dist/credits/dividend-cron.js +88 -0
package/dist/credits/dividend-cron.test.d.ts +1 -0
package/dist/credits/dividend-cron.test.js +128 -0
package/dist/credits/dividend-repository.d.ts +29 -0
package/dist/credits/dividend-repository.js +126 -0
package/dist/credits/dividend-repository.test.d.ts +1 -0
package/dist/credits/dividend-repository.test.js +176 -0
package/dist/credits/index.d.ts +9 -0
package/dist/credits/index.js +5 -0
package/dist/credits/repository-types.d.ts +29 -0
package/dist/credits/repository-types.js +1 -0
package/dist/credits/signup-grant.d.ts +12 -0
package/dist/credits/signup-grant.js +35 -0
package/dist/credits/signup-grant.test.d.ts +1 -0
package/dist/credits/signup-grant.test.js +51 -0
package/dist/credits/tenant-customer-repository.d.ts +30 -0
package/dist/credits/tenant-customer-repository.js +5 -0
package/dist/db/auth-user-repository.d.ts +46 -0
package/dist/db/auth-user-repository.js +90 -0
package/dist/db/credit-column.d.ts +27 -0
package/dist/db/credit-column.js +13 -0
package/dist/db/index.d.ts +14 -0
package/dist/db/index.js +8 -0
package/dist/db/schema/account-deletion-requests.d.ts +203 -0
package/dist/db/schema/account-deletion-requests.js +36 -0
package/dist/db/schema/account-export-requests.d.ts +148 -0
package/dist/db/schema/account-export-requests.js +19 -0
package/dist/db/schema/admin-audit.d.ts +194 -0
package/dist/db/schema/admin-audit.js +21 -0
package/dist/db/schema/admin-users.d.ts +177 -0
package/dist/db/schema/admin-users.js +23 -0
package/dist/db/schema/affiliate-fraud.d.ts +160 -0
package/dist/db/schema/affiliate-fraud.js +18 -0
package/dist/db/schema/affiliate.d.ts +277 -0
package/dist/db/schema/affiliate.js +32 -0
package/dist/db/schema/coupon-codes.d.ts +143 -0
package/dist/db/schema/coupon-codes.js +17 -0
package/dist/db/schema/credit-auto-topup-settings.d.ts +232 -0
package/dist/db/schema/credit-auto-topup-settings.js +27 -0
package/dist/db/schema/credit-auto-topup.d.ts +130 -0
package/dist/db/schema/credit-auto-topup.js +21 -0
package/dist/db/schema/credits.d.ts +283 -0
package/dist/db/schema/credits.js +38 -0
package/dist/db/schema/dividend-distributions.d.ts +130 -0
package/dist/db/schema/dividend-distributions.js +19 -0
package/dist/db/schema/email-notifications.d.ts +99 -0
package/dist/db/schema/email-notifications.js +21 -0
package/dist/db/schema/index.d.ts +33 -0
package/dist/db/schema/index.js +33 -0
package/dist/db/schema/meter-events.d.ts +599 -0
package/dist/db/schema/meter-events.js +55 -0
package/dist/db/schema/notification-preferences.d.ts +165 -0
package/dist/db/schema/notification-preferences.js +18 -0
package/dist/db/schema/notification-queue.d.ts +236 -0
package/dist/db/schema/notification-queue.js +40 -0
package/dist/db/schema/org-memberships.d.ts +63 -0
package/dist/db/schema/org-memberships.js +15 -0
package/dist/db/schema/organization-members.d.ts +235 -0
package/dist/db/schema/organization-members.js +27 -0
package/dist/db/schema/payram.d.ts +164 -0
package/dist/db/schema/payram.js +21 -0
package/dist/db/schema/platform-api-keys.d.ts +143 -0
package/dist/db/schema/platform-api-keys.js +20 -0
package/dist/db/schema/promotion-redemptions.d.ts +143 -0
package/dist/db/schema/promotion-redemptions.js +18 -0
package/dist/db/schema/promotions.d.ts +445 -0
package/dist/db/schema/promotions.js +48 -0
package/dist/db/schema/provider-credentials.d.ts +201 -0
package/dist/db/schema/provider-credentials.js +36 -0
package/dist/db/schema/rate-limit-entries.d.ts +75 -0
package/dist/db/schema/rate-limit-entries.js +7 -0
package/dist/db/schema/secret-audit-log.d.ts +109 -0
package/dist/db/schema/secret-audit-log.js +15 -0
package/dist/db/schema/session-usage.d.ts +194 -0
package/dist/db/schema/session-usage.js +19 -0
package/dist/db/schema/spending-limits.d.ts +92 -0
package/dist/db/schema/spending-limits.js +8 -0
package/dist/db/schema/tenant-addons.d.ts +58 -0
package/dist/db/schema/tenant-addons.js +9 -0
package/dist/db/schema/tenant-api-keys.d.ts +131 -0
package/dist/db/schema/tenant-api-keys.js +21 -0
package/dist/db/schema/tenant-capability-settings.d.ts +79 -0
package/dist/db/schema/tenant-capability-settings.js +12 -0
package/dist/db/schema/tenant-customers.d.ts +303 -0
package/dist/db/schema/tenant-customers.js +25 -0
package/dist/db/schema/tenants.d.ts +126 -0
package/dist/db/schema/tenants.js +18 -0
package/dist/db/schema/user-roles.d.ts +98 -0
package/dist/db/schema/user-roles.js +18 -0
package/dist/db/schema/webhook-seen-events.d.ts +58 -0
package/dist/db/schema/webhook-seen-events.js +9 -0
package/dist/email/billing-emails.d.ts +51 -0
package/dist/email/billing-emails.js +163 -0
package/dist/email/billing-emails.test.d.ts +1 -0
package/dist/email/billing-emails.test.js +162 -0
package/dist/email/client.d.ts +51 -0
package/dist/email/client.js +102 -0
package/dist/email/client.test.d.ts +1 -0
package/dist/email/client.test.js +120 -0
package/dist/email/drizzle-billing-email-repository.d.ts +21 -0
package/dist/email/drizzle-billing-email-repository.js +36 -0
package/dist/email/drizzle-billing-email-repository.test.d.ts +1 -0
package/dist/email/drizzle-billing-email-repository.test.js +42 -0
package/dist/email/index.d.ts +33 -0
package/dist/email/index.js +22 -0
package/dist/email/notification-preferences-store.d.ts +12 -0
package/dist/email/notification-preferences-store.js +82 -0
package/dist/email/notification-preferences-store.test.d.ts +1 -0
package/dist/email/notification-preferences-store.test.js +86 -0
package/dist/email/notification-queue-store.d.ts +25 -0
package/dist/email/notification-queue-store.js +97 -0
package/dist/email/notification-queue-store.test.d.ts +1 -0
package/dist/email/notification-queue-store.test.js +177 -0
package/dist/email/notification-repository-types.d.ts +70 -0
package/dist/email/notification-repository-types.js +6 -0
package/dist/email/notification-service.d.ts +41 -0
package/dist/email/notification-service.js +196 -0
package/dist/email/notification-service.test.d.ts +1 -0
package/dist/email/notification-service.test.js +160 -0
package/dist/email/notification-templates.d.ts +18 -0
package/dist/email/notification-templates.js +574 -0
package/dist/email/notification-templates.test.d.ts +1 -0
package/dist/email/notification-templates.test.js +238 -0
package/dist/email/notification-worker.d.ts +24 -0
package/dist/email/notification-worker.js +109 -0
package/dist/email/notification-worker.test.d.ts +1 -0
package/dist/email/notification-worker.test.js +153 -0
package/dist/email/require-verified.d.ts +25 -0
package/dist/email/require-verified.js +52 -0
package/dist/email/require-verified.test.d.ts +1 -0
package/dist/email/require-verified.test.js +62 -0
package/dist/email/resend-adapter.d.ts +47 -0
package/dist/email/resend-adapter.js +137 -0
package/dist/email/resend-adapter.test.d.ts +1 -0
package/dist/email/resend-adapter.test.js +190 -0
package/dist/email/templates.d.ts +22 -0
package/dist/email/templates.js +359 -0
package/dist/email/templates.test.d.ts +1 -0
package/dist/email/templates.test.js +170 -0
package/dist/email/verification.d.ts +42 -0
package/dist/email/verification.js +83 -0
package/dist/email/verification.test.d.ts +1 -0
package/dist/email/verification.test.js +141 -0
package/dist/index.d.ts +13 -0
package/dist/index.js +23 -0
package/dist/metering/aggregator.d.ts +54 -0
package/dist/metering/aggregator.js +123 -0
package/dist/metering/aggregator.test.d.ts +1 -0
package/dist/metering/aggregator.test.js +179 -0
package/dist/metering/dlq.d.ts +31 -0
package/dist/metering/dlq.js +82 -0
package/dist/metering/dlq.test.d.ts +1 -0
package/dist/metering/dlq.test.js +117 -0
package/dist/metering/drizzle-usage-summary-repository.d.ts +67 -0
package/dist/metering/drizzle-usage-summary-repository.js +98 -0
package/dist/metering/emitter.d.ts +66 -0
package/dist/metering/emitter.js +185 -0
package/dist/metering/emitter.test.d.ts +1 -0
package/dist/metering/emitter.test.js +171 -0
package/dist/metering/index.d.ts +11 -0
package/dist/metering/index.js +5 -0
package/dist/metering/load-test.bench.d.ts +1 -0
package/dist/metering/load-test.bench.js +103 -0
package/dist/metering/meter-event-repository.d.ts +33 -0
package/dist/metering/meter-event-repository.js +58 -0
package/dist/metering/meter-repositories.test.d.ts +1 -0
package/dist/metering/meter-repositories.test.js +419 -0
package/dist/metering/metering.test.d.ts +1 -0
package/dist/metering/metering.test.js +1046 -0
package/dist/metering/reconciliation-cron.d.ts +37 -0
package/dist/metering/reconciliation-cron.js +85 -0
package/dist/metering/reconciliation-cron.test.d.ts +1 -0
package/dist/metering/reconciliation-cron.test.js +162 -0
package/dist/metering/reconciliation-repository.d.ts +27 -0
package/dist/metering/reconciliation-repository.js +43 -0
package/dist/metering/reconciliation-repository.test.d.ts +1 -0
package/dist/metering/reconciliation-repository.test.js +160 -0
package/dist/metering/types.d.ts +88 -0
package/dist/metering/types.js +1 -0
package/dist/metering/wal.d.ts +49 -0
package/dist/metering/wal.js +124 -0
package/dist/metering/wal.test.d.ts +1 -0
package/dist/metering/wal.test.js +175 -0
package/dist/middleware/csrf.d.ts +24 -0
package/dist/middleware/csrf.js +80 -0
package/dist/middleware/csrf.test.d.ts +1 -0
package/dist/middleware/csrf.test.js +152 -0
package/dist/middleware/drizzle-rate-limit-repository.d.ts +9 -0
package/dist/middleware/drizzle-rate-limit-repository.js +52 -0
package/dist/middleware/drizzle-rate-limit-repository.test.d.ts +1 -0
package/dist/middleware/drizzle-rate-limit-repository.test.js +74 -0
package/dist/middleware/get-client-ip.d.ts +22 -0
package/dist/middleware/get-client-ip.js +51 -0
package/dist/middleware/get-client-ip.test.d.ts +1 -0
package/dist/middleware/get-client-ip.test.js +40 -0
package/dist/middleware/index.d.ts +5 -0
package/dist/middleware/index.js +4 -0
package/dist/middleware/rate-limit-repository.d.ts +19 -0
package/dist/middleware/rate-limit-repository.js +1 -0
package/dist/middleware/rate-limit.d.ts +57 -0
package/dist/middleware/rate-limit.js +109 -0
package/dist/middleware/rate-limit.test.d.ts +1 -0
package/dist/middleware/rate-limit.test.js +247 -0
package/dist/security/credential-vault/audit-repository.d.ts +27 -0
package/dist/security/credential-vault/audit-repository.js +42 -0
package/dist/security/credential-vault/audit-repository.test.d.ts +1 -0
package/dist/security/credential-vault/audit-repository.test.js +78 -0
package/dist/security/credential-vault/credential-repository.d.ts +94 -0
package/dist/security/credential-vault/credential-repository.js +145 -0
package/dist/security/credential-vault/credential-repository.test.d.ts +1 -0
package/dist/security/credential-vault/credential-repository.test.js +206 -0
package/dist/security/credential-vault/index.d.ts +12 -0
package/dist/security/credential-vault/index.js +6 -0
package/dist/security/credential-vault/key-rotation.d.ts +18 -0
package/dist/security/credential-vault/key-rotation.js +52 -0
package/dist/security/credential-vault/key-rotation.test.d.ts +1 -0
package/dist/security/credential-vault/key-rotation.test.js +95 -0
package/dist/security/credential-vault/migrate-plaintext.d.ts +15 -0
package/dist/security/credential-vault/migrate-plaintext.js +80 -0
package/dist/security/credential-vault/migrate-plaintext.test.d.ts +1 -0
package/dist/security/credential-vault/migrate-plaintext.test.js +111 -0
package/dist/security/credential-vault/migration-check.d.ts +15 -0
package/dist/security/credential-vault/migration-check.js +71 -0
package/dist/security/credential-vault/migration-check.test.d.ts +1 -0
package/dist/security/credential-vault/migration-check.test.js +457 -0
package/dist/security/credential-vault/store.d.ts +106 -0
package/dist/security/credential-vault/store.js +181 -0
package/dist/security/credential-vault/store.test.d.ts +1 -0
package/dist/security/credential-vault/store.test.js +482 -0
package/dist/security/encryption.d.ts +22 -0
package/dist/security/encryption.js +53 -0
package/dist/security/encryption.test.d.ts +1 -0
package/dist/security/encryption.test.js +95 -0
package/dist/security/host-validation.d.ts +11 -0
package/dist/security/host-validation.js +108 -0
package/dist/security/host-validation.test.d.ts +1 -0
package/dist/security/host-validation.test.js +106 -0
package/dist/security/index.d.ts +11 -0
package/dist/security/index.js +11 -0
package/dist/security/key-audit.d.ts +16 -0
package/dist/security/key-audit.js +35 -0
package/dist/security/key-audit.test.d.ts +1 -0
package/dist/security/key-audit.test.js +50 -0
package/dist/security/key-injection.d.ts +28 -0
package/dist/security/key-injection.js +57 -0
package/dist/security/key-injection.test.d.ts +1 -0
package/dist/security/key-injection.test.js +97 -0
package/dist/security/key-validation.d.ts +16 -0
package/dist/security/key-validation.js +78 -0
package/dist/security/key-validation.test.d.ts +1 -0
package/dist/security/key-validation.test.js +87 -0
package/dist/security/redirect-allowlist.d.ts +6 -0
package/dist/security/redirect-allowlist.js +36 -0
package/dist/security/redirect-allowlist.test.d.ts +1 -0
package/dist/security/redirect-allowlist.test.js +55 -0
package/dist/security/tenant-keys/capability-settings-store.d.ts +22 -0
package/dist/security/tenant-keys/capability-settings-store.js +33 -0
package/dist/security/tenant-keys/capability-settings-store.test.d.ts +1 -0
package/dist/security/tenant-keys/capability-settings-store.test.js +77 -0
package/dist/security/tenant-keys/index.d.ts +10 -0
package/dist/security/tenant-keys/index.js +5 -0
package/dist/security/tenant-keys/key-resolution-repository.d.ts +15 -0
package/dist/security/tenant-keys/key-resolution-repository.js +18 -0
package/dist/security/tenant-keys/key-resolution-repository.test.d.ts +1 -0
package/dist/security/tenant-keys/key-resolution-repository.test.js +72 -0
package/dist/security/tenant-keys/key-resolution.d.ts +39 -0
package/dist/security/tenant-keys/key-resolution.js +59 -0
package/dist/security/tenant-keys/key-resolution.test.d.ts +1 -0
package/dist/security/tenant-keys/key-resolution.test.js +97 -0
package/dist/security/tenant-keys/org-key-resolution.d.ts +30 -0
package/dist/security/tenant-keys/org-key-resolution.js +50 -0
package/dist/security/tenant-keys/org-key-resolution.test.d.ts +1 -0
package/dist/security/tenant-keys/org-key-resolution.test.js +103 -0
package/dist/security/tenant-keys/tenant-key-repository.d.ts +36 -0
package/dist/security/tenant-keys/tenant-key-repository.js +96 -0
package/dist/security/tenant-keys/tenant-key-repository.test.d.ts +1 -0
package/dist/security/tenant-keys/tenant-key-repository.test.js +114 -0
package/dist/security/types.d.ts +35 -0
package/dist/security/types.js +15 -0
package/dist/tenancy/drizzle-org-repository.d.ts +40 -0
package/dist/tenancy/drizzle-org-repository.js +126 -0
package/dist/tenancy/index.d.ts +6 -0
package/dist/tenancy/index.js +3 -0
package/dist/tenancy/org-member-repository.d.ts +57 -0
package/dist/tenancy/org-member-repository.js +99 -0
package/dist/tenancy/org-repository.test.d.ts +1 -0
package/dist/tenancy/org-repository.test.js +143 -0
package/dist/tenancy/org-service.d.ts +70 -0
package/dist/tenancy/org-service.js +223 -0
package/dist/tenancy/org-service.test.d.ts +1 -0
package/dist/tenancy/org-service.test.js +550 -0
package/dist/test/db.d.ts +33 -0
package/dist/test/db.js +65 -0
package/dist/trpc/index.d.ts +1 -0
package/dist/trpc/index.js +1 -0
package/dist/trpc/init.d.ts +49 -0
package/dist/trpc/init.js +108 -0
package/dist/trpc/init.test.d.ts +1 -0
package/dist/trpc/init.test.js +154 -0
package/drizzle/migrations/0000_slippery_mandrill.sql +559 -0
package/drizzle/migrations/meta/0000_snapshot.json +4374 -0
package/drizzle/migrations/meta/_journal.json +13 -0
package/drizzle.config.ts +41 -0
package/package.json +64 -0
package/src/admin/admin-audit-log-repository.ts +135 -0
package/src/admin/audit-log.ts +111 -0
package/src/admin/index.ts +6 -0
package/src/admin/role-store.ts +134 -0
package/src/auth/api-key-repository.test.ts +63 -0
package/src/auth/api-key-repository.ts +46 -0
package/src/auth/auth.test.ts +166 -0
package/src/auth/better-auth.ts +216 -0
package/src/auth/index.ts +520 -0
package/src/auth/login-history-repository.test.ts +54 -0
package/src/auth/login-history-repository.ts +28 -0
package/src/auth/middleware.test.ts +264 -0
package/src/auth/middleware.ts +117 -0
package/src/auth/scoped-tokens.test.ts +362 -0
package/src/auth/tenant-access.test.ts +69 -0
package/src/auth/user-creator.test.ts +98 -0
package/src/auth/user-creator.ts +54 -0
package/src/auth/user-role-repository.test.ts +149 -0
package/src/auth/user-role-repository.ts +67 -0
package/src/billing/drizzle-webhook-seen-repository.ts +34 -0
package/src/billing/index.ts +22 -0
package/src/billing/payment-processor.test.ts +93 -0
package/src/billing/payment-processor.ts +150 -0
package/src/billing/payram/cents-credits-boundary.test.ts +84 -0
package/src/billing/payram/charge-store.test.ts +84 -0
package/src/billing/payram/charge-store.ts +109 -0
package/src/billing/payram/checkout.test.ts +99 -0
package/src/billing/payram/checkout.ts +40 -0
package/src/billing/payram/client.test.ts +62 -0
package/src/billing/payram/client.ts +21 -0
package/src/billing/payram/index.ts +14 -0
package/src/billing/payram/types.ts +44 -0
package/src/billing/payram/webhook.test.ts +318 -0
package/src/billing/payram/webhook.ts +97 -0
package/src/billing/stripe/cents-credits-boundary.test.ts +70 -0
package/src/billing/stripe/checkout.test.ts +186 -0
package/src/billing/stripe/checkout.ts +82 -0
package/src/billing/stripe/client.test.ts +64 -0
package/src/billing/stripe/client.ts +39 -0
package/src/billing/stripe/credit-prices.test.ts +114 -0
package/src/billing/stripe/credit-prices.ts +113 -0
package/src/billing/stripe/index.ts +14 -0
package/src/billing/stripe/payment-methods-detach-all.test.ts +53 -0
package/src/billing/stripe/payment-methods.test.ts +157 -0
package/src/billing/stripe/payment-methods.ts +76 -0
package/src/billing/stripe/portal.test.ts +63 -0
package/src/billing/stripe/portal.ts +25 -0
package/src/billing/stripe/setup-intent.test.ts +78 -0
package/src/billing/stripe/setup-intent.ts +34 -0
package/src/billing/stripe/stripe-payment-processor.test.ts +517 -0
package/src/billing/stripe/stripe-payment-processor.ts +255 -0
package/src/billing/stripe/tenant-store.test.ts +124 -0
package/src/billing/stripe/tenant-store.ts +151 -0
package/src/billing/stripe/types.ts +53 -0
package/src/billing/webhook-seen-repository.ts +24 -0
package/src/config/billing-env.test.ts +54 -0
package/src/config/index.ts +44 -0
package/src/config/logger.ts +12 -0
package/src/config/provider-endpoints.ts +14 -0
package/src/credits/auto-topup-charge.test.ts +292 -0
package/src/credits/auto-topup-charge.ts +171 -0
package/src/credits/auto-topup-event-log-repository.test.ts +99 -0
package/src/credits/auto-topup-event-log-repository.ts +30 -0
package/src/credits/auto-topup-schedule.test.ts +179 -0
package/src/credits/auto-topup-schedule.ts +93 -0
package/src/credits/auto-topup-settings-repository.test.ts +123 -0
package/src/credits/auto-topup-settings-repository.ts +245 -0
package/src/credits/auto-topup-usage.test.ts +220 -0
package/src/credits/auto-topup-usage.ts +68 -0
package/src/credits/credit-expiry-cron.test.ts +125 -0
package/src/credits/credit-expiry-cron.ts +76 -0
package/src/credits/credit-ledger-extra.test.ts +57 -0
package/src/credits/credit-ledger.bench.ts +56 -0
package/src/credits/credit-ledger.test.ts +276 -0
package/src/credits/credit-ledger.ts +450 -0
package/src/credits/credit-transaction-repository.test.ts +274 -0
package/src/credits/credit-transaction-repository.ts +62 -0
package/src/credits/credit.test.ts +234 -0
package/src/credits/credit.ts +160 -0
package/src/credits/dividend-cron.test.ts +158 -0
package/src/credits/dividend-cron.ts +127 -0
package/src/credits/dividend-repository.test.ts +223 -0
package/src/credits/dividend-repository.ts +182 -0
package/src/credits/index.ts +25 -0
package/src/credits/repository-types.ts +33 -0
package/src/credits/signup-grant.test.ts +63 -0
package/src/credits/signup-grant.ts +44 -0
package/src/credits/tenant-customer-repository.ts +28 -0
package/src/db/auth-user-repository.ts +124 -0
package/src/db/credit-column.ts +17 -0
package/src/db/index.ts +21 -0
package/src/db/schema/account-deletion-requests.ts +41 -0
package/src/db/schema/account-export-requests.ts +24 -0
package/src/db/schema/admin-audit.ts +26 -0
package/src/db/schema/admin-users.ts +31 -0
package/src/db/schema/affiliate-fraud.ts +23 -0
package/src/db/schema/affiliate.ts +38 -0
package/src/db/schema/coupon-codes.ts +22 -0
package/src/db/schema/credit-auto-topup-settings.ts +32 -0
package/src/db/schema/credit-auto-topup.ts +26 -0
package/src/db/schema/credits.ts +44 -0
package/src/db/schema/dividend-distributions.ts +24 -0
package/src/db/schema/email-notifications.ts +26 -0
package/src/db/schema/index.ts +33 -0
package/src/db/schema/meter-events.ts +70 -0
package/src/db/schema/notification-preferences.ts +19 -0
package/src/db/schema/notification-queue.ts +45 -0
package/src/db/schema/org-memberships.ts +20 -0
package/src/db/schema/organization-members.ts +37 -0
package/src/db/schema/payram.ts +26 -0
package/src/db/schema/platform-api-keys.ts +25 -0
package/src/db/schema/promotion-redemptions.ts +23 -0
package/src/db/schema/promotions.ts +57 -0
package/src/db/schema/provider-credentials.ts +41 -0
package/src/db/schema/rate-limit-entries.ts +12 -0
package/src/db/schema/secret-audit-log.ts +20 -0
package/src/db/schema/session-usage.ts +24 -0
package/src/db/schema/spending-limits.ts +9 -0
package/src/db/schema/tenant-addons.ts +14 -0
package/src/db/schema/tenant-api-keys.ts +26 -0
package/src/db/schema/tenant-capability-settings.ts +17 -0
package/src/db/schema/tenant-customers.ts +35 -0
package/src/db/schema/tenants.ts +23 -0
package/src/db/schema/user-roles.ts +23 -0
package/src/db/schema/webhook-seen-events.ts +14 -0
package/src/email/billing-emails.test.ts +198 -0
package/src/email/billing-emails.ts +211 -0
package/src/email/client.test.ts +149 -0
package/src/email/client.ts +137 -0
package/src/email/drizzle-billing-email-repository.test.ts +52 -0
package/src/email/drizzle-billing-email-repository.ts +59 -0
package/src/email/index.ts +57 -0
package/src/email/notification-preferences-store.test.ts +102 -0
package/src/email/notification-preferences-store.ts +90 -0
package/src/email/notification-queue-store.test.ts +215 -0
package/src/email/notification-queue-store.ts +127 -0
package/src/email/notification-repository-types.ts +101 -0
package/src/email/notification-service.test.ts +178 -0
package/src/email/notification-service.ts +265 -0
package/src/email/notification-templates.test.ts +261 -0
package/src/email/notification-templates.ts +727 -0
package/src/email/notification-worker.test.ts +189 -0
package/src/email/notification-worker.ts +133 -0
package/src/email/require-verified.ts +65 -0
package/src/email/resend-adapter.test.ts +253 -0
package/src/email/resend-adapter.ts +157 -0
package/src/email/templates.test.ts +217 -0
package/src/email/templates.ts +469 -0
package/src/email/verification.test.ts +185 -0
package/src/email/verification.ts +110 -0
package/src/index.ts +51 -0
package/src/metering/aggregator.test.ts +239 -0
package/src/metering/aggregator.ts +160 -0
package/src/metering/dlq.test.ts +134 -0
package/src/metering/dlq.ts +102 -0
package/src/metering/drizzle-usage-summary-repository.ts +167 -0
package/src/metering/emitter.test.ts +202 -0
package/src/metering/emitter.ts +227 -0
package/src/metering/index.ts +21 -0
package/src/metering/load-test.bench.ts +130 -0
package/src/metering/meter-event-repository.ts +87 -0
package/src/metering/meter-repositories.test.ts +491 -0
package/src/metering/metering.test.ts +1317 -0
package/src/metering/reconciliation-cron.test.ts +202 -0
package/src/metering/reconciliation-cron.ts +134 -0
package/src/metering/reconciliation-repository.test.ts +196 -0
package/src/metering/reconciliation-repository.ts +83 -0
package/src/metering/types.ts +93 -0
package/src/metering/wal.test.ts +222 -0
package/src/metering/wal.ts +139 -0
package/src/middleware/csrf.test.ts +178 -0
package/src/middleware/csrf.ts +101 -0
package/src/middleware/drizzle-rate-limit-repository.test.ts +97 -0
package/src/middleware/drizzle-rate-limit-repository.ts +57 -0
package/src/middleware/get-client-ip.test.ts +49 -0
package/src/middleware/get-client-ip.ts +62 -0
package/src/middleware/index.ts +12 -0
package/src/middleware/rate-limit-repository.ts +22 -0
package/src/middleware/rate-limit.test.ts +338 -0
package/src/middleware/rate-limit.ts +169 -0
package/src/security/credential-vault/audit-repository.test.ts +91 -0
package/src/security/credential-vault/audit-repository.ts +64 -0
package/src/security/credential-vault/credential-repository.test.ts +264 -0
package/src/security/credential-vault/credential-repository.ts +233 -0
package/src/security/credential-vault/index.ts +26 -0
package/src/security/credential-vault/key-rotation.test.ts +139 -0
package/src/security/credential-vault/key-rotation.ts +70 -0
package/src/security/credential-vault/migrate-plaintext.test.ts +138 -0
package/src/security/credential-vault/migrate-plaintext.ts +101 -0
package/src/security/credential-vault/migration-check.test.ts +533 -0
package/src/security/credential-vault/migration-check.ts +88 -0
package/src/security/credential-vault/store.test.ts +569 -0
package/src/security/credential-vault/store.ts +284 -0
package/src/security/encryption.test.ts +114 -0
package/src/security/encryption.ts +65 -0
package/src/security/host-validation.test.ts +136 -0
package/src/security/host-validation.ts +116 -0
package/src/security/index.ts +59 -0
package/src/security/key-audit.test.ts +57 -0
package/src/security/key-audit.ts +45 -0
package/src/security/key-injection.test.ts +131 -0
package/src/security/key-injection.ts +71 -0
package/src/security/key-validation.test.ts +111 -0
package/src/security/key-validation.ts +84 -0
package/src/security/redirect-allowlist.test.ts +70 -0
package/src/security/redirect-allowlist.ts +35 -0
package/src/security/tenant-keys/capability-settings-store.test.ts +98 -0
package/src/security/tenant-keys/capability-settings-store.ts +53 -0
package/src/security/tenant-keys/index.ts +10 -0
package/src/security/tenant-keys/key-resolution-repository.test.ts +95 -0
package/src/security/tenant-keys/key-resolution-repository.ts +31 -0
package/src/security/tenant-keys/key-resolution.test.ts +173 -0
package/src/security/tenant-keys/key-resolution.ts +87 -0
package/src/security/tenant-keys/org-key-resolution.test.ts +217 -0
package/src/security/tenant-keys/org-key-resolution.ts +76 -0
package/src/security/tenant-keys/tenant-key-repository.test.ts +143 -0
package/src/security/tenant-keys/tenant-key-repository.ts +130 -0
package/src/security/types.ts +43 -0
package/src/tenancy/drizzle-org-repository.ts +169 -0
package/src/tenancy/index.ts +6 -0
package/src/tenancy/org-member-repository.ts +159 -0
package/src/tenancy/org-repository.test.ts +172 -0
package/src/tenancy/org-service.test.ts +634 -0
package/src/tenancy/org-service.ts +290 -0
package/src/test/db.ts +97 -0
package/src/trpc/index.ts +11 -0
package/src/trpc/init.test.ts +196 -0
package/src/trpc/init.ts +138 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +8 -0

package/dist/security/tenant-keys/tenant-key-repository.test.js ADDED Viewed

@@ -0,0 +1,114 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
+import { createTestDb, truncateAllTables } from "../../test/db.js";
+import { TenantKeyRepository } from "./tenant-key-repository.js";
+const fakeEncrypted = {
+    iv: "aabbccdd",
+    authTag: "11223344",
+    ciphertext: "deadbeef",
+};
+describe("TenantKeyRepository", () => {
+    let db;
+    let pool;
+    let store;
+    beforeAll(async () => {
+        ({ db, pool } = await createTestDb());
+    });
+    afterAll(async () => {
+        await pool.close();
+    });
+    beforeEach(async () => {
+        await truncateAllTables(pool);
+        store = new TenantKeyRepository(db);
+    });
+    describe("upsert", () => {
+        it("inserts a new key and returns the id", async () => {
+            const id = await store.upsert("t1", "anthropic", fakeEncrypted, "My Key");
+            expect(id).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
+            const record = await store.get("t1", "anthropic");
+            expect(record).not.toBeNull();
+            expect(record?.label).toBe("My Key");
+            expect(record?.tenant_id).toBe("t1");
+            expect(record?.provider).toBe("anthropic");
+        });
+        it("updates an existing key for the same tenant+provider", async () => {
+            const id1 = await store.upsert("t1", "anthropic", fakeEncrypted, "Old");
+            const id2 = await store.upsert("t1", "anthropic", { ...fakeEncrypted, ciphertext: "newdata" }, "New");
+            // Same ID reused
+            expect(id2).toBe(id1);
+            const record = await store.get("t1", "anthropic");
+            expect(record?.label).toBe("New");
+            expect(JSON.parse(record?.encrypted_key ?? "{}").ciphertext).toBe("newdata");
+        });
+        it("sets created_at and updated_at timestamps", async () => {
+            await store.upsert("t1", "openai", fakeEncrypted);
+            const record = await store.get("t1", "openai");
+            expect(record?.created_at).toBeGreaterThan(0);
+            expect(record?.updated_at).toBeGreaterThan(0);
+        });
+    });
+    describe("get", () => {
+        it("returns undefined for non-existent key", async () => {
+            expect(await store.get("t1", "anthropic")).toBeUndefined();
+        });
+        it("returns the full record including encrypted_key", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted);
+            const record = await store.get("t1", "anthropic");
+            expect(record?.encrypted_key).toBeTruthy();
+            const parsed = JSON.parse(record?.encrypted_key ?? "{}");
+            expect(parsed.iv).toBe(fakeEncrypted.iv);
+            expect(parsed.authTag).toBe(fakeEncrypted.authTag);
+            expect(parsed.ciphertext).toBe(fakeEncrypted.ciphertext);
+        });
+    });
+    describe("listForTenant", () => {
+        it("returns empty array when tenant has no keys", async () => {
+            expect(await store.listForTenant("t1")).toEqual([]);
+        });
+        it("returns metadata only (no encrypted_key)", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted, "Ant Key");
+            await store.upsert("t1", "openai", fakeEncrypted, "OAI Key");
+            const keys = await store.listForTenant("t1");
+            expect(keys).toHaveLength(2);
+            for (const key of keys) {
+                expect(key).not.toHaveProperty("encrypted_key");
+                expect(key.tenant_id).toBe("t1");
+            }
+        });
+        it("does not return other tenants' keys", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted);
+            await store.upsert("t2", "openai", fakeEncrypted);
+            const keys = await store.listForTenant("t1");
+            expect(keys).toHaveLength(1);
+            expect(keys[0].provider).toBe("anthropic");
+        });
+    });
+    describe("delete", () => {
+        it("returns false when no key exists", async () => {
+            expect(await store.delete("t1", "anthropic")).toBe(false);
+        });
+        it("deletes a key and returns true", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted);
+            expect(await store.delete("t1", "anthropic")).toBe(true);
+            expect(await store.get("t1", "anthropic")).toBeUndefined();
+        });
+        it("does not delete other tenants' keys", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted);
+            await store.upsert("t2", "anthropic", fakeEncrypted);
+            await store.delete("t1", "anthropic");
+            expect(await store.get("t2", "anthropic")).not.toBeNull();
+        });
+    });
+    describe("deleteAllForTenant", () => {
+        it("returns 0 when tenant has no keys", async () => {
+            expect(await store.deleteAllForTenant("t1")).toBe(0);
+        });
+        it("deletes all keys for a tenant", async () => {
+            await store.upsert("t1", "anthropic", fakeEncrypted);
+            await store.upsert("t1", "openai", fakeEncrypted);
+            await store.upsert("t2", "anthropic", fakeEncrypted);
+            expect(await store.deleteAllForTenant("t1")).toBe(2);
+            expect(await store.listForTenant("t1")).toHaveLength(0);
+            expect(await store.listForTenant("t2")).toHaveLength(1);
+        });
+    });
+});

package/dist/security/types.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { z } from "zod";
+/**
+ * Provider identifier — any non-empty string.
+ * Consumers (e.g., wopr-platform) can narrow this with their own enum.
+ */
+export declare const providerSchema: z.ZodString;
+export type Provider = z.infer<typeof providerSchema>;
+/** Request body for the encrypted key validation proxy. */
+export declare const validateKeyRequestSchema: z.ZodObject<{
+    provider: z.ZodString;
+    encryptedKey: z.ZodString;
+}, z.core.$strip>;
+export type ValidateKeyRequest = z.infer<typeof validateKeyRequestSchema>;
+/** Response from key validation. */
+export interface ValidateKeyResponse {
+    valid: boolean;
+    error?: string;
+}
+/** Request body for writing secrets to a running instance. */
+export declare const writeSecretsRequestSchema: z.ZodRecord<z.ZodString, z.ZodString>;
+export type WriteSecretsRequest = z.infer<typeof writeSecretsRequestSchema>;
+/** Encrypted payload structure stored as secrets.enc. */
+export interface EncryptedPayload {
+    /** AES-256-GCM initialization vector (hex). */
+    iv: string;
+    /** AES-256-GCM auth tag (hex). */
+    authTag: string;
+    /** Encrypted ciphertext (hex). */
+    ciphertext: string;
+}
+/** Provider validation endpoint configuration. */
+export interface ProviderEndpoint {
+    url: string;
+    headers: (key: string) => Record<string, string>;
+}

package/dist/security/types.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { z } from "zod";
+/**
+ * Provider identifier — any non-empty string.
+ * Consumers (e.g., wopr-platform) can narrow this with their own enum.
+ */
+export const providerSchema = z.string().min(1);
+/** Request body for the encrypted key validation proxy. */
+export const validateKeyRequestSchema = z.object({
+    provider: providerSchema,
+    encryptedKey: z.string().min(1, "Encrypted key payload is required"),
+});
+/** Request body for writing secrets to a running instance. */
+export const writeSecretsRequestSchema = z
+    .record(z.string().min(1), z.string().min(1))
+    .refine((obj) => Object.keys(obj).length > 0, { message: "At least one secret is required" });

package/dist/tenancy/drizzle-org-repository.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { PlatformDb } from "../db/index.js";
+export interface Tenant {
+    id: string;
+    name: string;
+    slug: string | null;
+    type: "personal" | "org";
+    ownerId: string;
+    billingEmail: string | null;
+    createdAt: number;
+}
+export interface IOrgRepository {
+    createOrg(ownerId: string, name: string, slug?: string): Promise<Tenant>;
+    ensurePersonalTenant(userId: string, displayName: string): Promise<Tenant>;
+    getById(id: string): Promise<Tenant | null>;
+    getBySlug(slug: string): Promise<Tenant | null>;
+    listOrgsByOwner(ownerId: string): Promise<Tenant[]>;
+    updateOrg(orgId: string, data: {
+        name?: string;
+        slug?: string;
+        billingEmail?: string | null;
+    }): Promise<Tenant>;
+    updateOwner(orgId: string, newOwnerId: string): Promise<void>;
+    deleteOrg(orgId: string): Promise<void>;
+}
+export declare class DrizzleOrgRepository implements IOrgRepository {
+    private readonly db;
+    constructor(db: PlatformDb);
+    createOrg(ownerId: string, name: string, slug?: string): Promise<Tenant>;
+    ensurePersonalTenant(userId: string, displayName: string): Promise<Tenant>;
+    getById(id: string): Promise<Tenant | null>;
+    getBySlug(slug: string): Promise<Tenant | null>;
+    listOrgsByOwner(ownerId: string): Promise<Tenant[]>;
+    updateOrg(orgId: string, data: {
+        name?: string;
+        slug?: string;
+        billingEmail?: string | null;
+    }): Promise<Tenant>;
+    updateOwner(orgId: string, newOwnerId: string): Promise<void>;
+    deleteOrg(orgId: string): Promise<void>;
+}

package/dist/tenancy/drizzle-org-repository.js ADDED Viewed

@@ -0,0 +1,126 @@
+import { TRPCError } from "@trpc/server";
+import { eq } from "drizzle-orm";
+import { tenants } from "../db/schema/index.js";
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+function isUniqueConstraintViolation(err) {
+    if (!(err instanceof Error))
+        return false;
+    const code = err.code;
+    const cause = err.cause;
+    const causeCode = cause && typeof cause === "object" ? cause.code : undefined;
+    const causeMsg = cause instanceof Error ? cause.message : "";
+    return (code === "23505" ||
+        causeCode === "23505" ||
+        err.message.includes("duplicate key") ||
+        err.message.includes("UNIQUE") ||
+        causeMsg.includes("duplicate key") ||
+        causeMsg.includes("UNIQUE"));
+}
+/** Slugify a name: lowercase, replace whitespace with hyphens, strip non-alphanumeric. */
+function slugify(name) {
+    return name
+        .toLowerCase()
+        .trim()
+        .replace(/\s+/g, "-")
+        .replace(/[^a-z0-9-]/g, "")
+        .replace(/-+/g, "-")
+        .replace(/^-|-$/g, "");
+}
+function toTenant(row) {
+    return {
+        id: row.id,
+        name: row.name,
+        slug: row.slug,
+        type: row.type,
+        ownerId: row.ownerId,
+        billingEmail: row.billingEmail,
+        createdAt: row.createdAt,
+    };
+}
+export class DrizzleOrgRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async createOrg(ownerId, name, slug) {
+        const id = crypto.randomUUID();
+        const finalSlug = slug || slugify(name);
+        if (!finalSlug) {
+            throw Object.assign(new Error("Org name produces an empty slug; use only letters, numbers, or hyphens"), {
+                status: 400,
+            });
+        }
+        let row;
+        try {
+            row = (await this.db
+                .insert(tenants)
+                .values({
+                id,
+                name,
+                slug: finalSlug,
+                type: "org",
+                ownerId,
+                createdAt: Date.now(),
+            })
+                .returning())[0];
+        }
+        catch (err) {
+            if (isUniqueConstraintViolation(err)) {
+                throw new TRPCError({ code: "CONFLICT", message: "Organization slug already taken" });
+            }
+            throw err;
+        }
+        return toTenant(row);
+    }
+    async ensurePersonalTenant(userId, displayName) {
+        // Use userId as the tenant ID for backward compatibility
+        await this.db
+            .insert(tenants)
+            .values({
+            id: userId,
+            name: displayName,
+            slug: null,
+            type: "personal",
+            ownerId: userId,
+            createdAt: Date.now(),
+        })
+            .onConflictDoNothing({ target: tenants.id });
+        const tenant = await this.getById(userId);
+        if (!tenant)
+            throw new Error(`Personal tenant not found for user ${userId}`);
+        return tenant;
+    }
+    async getById(id) {
+        const row = (await this.db.select().from(tenants).where(eq(tenants.id, id)))[0];
+        return row ? toTenant(row) : null;
+    }
+    async getBySlug(slug) {
+        const row = (await this.db.select().from(tenants).where(eq(tenants.slug, slug)))[0];
+        return row ? toTenant(row) : null;
+    }
+    async listOrgsByOwner(ownerId) {
+        const rows = await this.db.select().from(tenants).where(eq(tenants.ownerId, ownerId));
+        return rows.filter((r) => r.type === "org").map(toTenant);
+    }
+    async updateOrg(orgId, data) {
+        const updates = {};
+        if (data.name !== undefined)
+            updates.name = data.name;
+        if (data.slug !== undefined)
+            updates.slug = data.slug;
+        if (data.billingEmail !== undefined)
+            updates.billingEmail = data.billingEmail;
+        const row = (await this.db.update(tenants).set(updates).where(eq(tenants.id, orgId)).returning())[0];
+        if (!row)
+            throw new Error(`Org not found: ${orgId}`);
+        return toTenant(row);
+    }
+    async updateOwner(orgId, newOwnerId) {
+        await this.db.update(tenants).set({ ownerId: newOwnerId }).where(eq(tenants.id, orgId));
+    }
+    async deleteOrg(orgId) {
+        await this.db.delete(tenants).where(eq(tenants.id, orgId));
+    }
+}

package/dist/tenancy/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export type { Tenant, IOrgRepository } from "./drizzle-org-repository.js";
+export { DrizzleOrgRepository } from "./drizzle-org-repository.js";
+export type { OrgMemberRow, OrgInviteRow, IOrgMemberRepository } from "./org-member-repository.js";
+export { DrizzleOrgMemberRepository } from "./org-member-repository.js";
+export type { OrgWithMembers, OrgMemberWithUser, OrgInvitePublic, OrgServiceOptions } from "./org-service.js";
+export { OrgService } from "./org-service.js";

package/dist/tenancy/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { DrizzleOrgRepository } from "./drizzle-org-repository.js";
+export { DrizzleOrgMemberRepository } from "./org-member-repository.js";
+export { OrgService } from "./org-service.js";

package/dist/tenancy/org-member-repository.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Repository for organization members and invites.
+ *
+ * Follows the mandatory repository pattern: IOrgMemberRepository interface +
+ * DrizzleOrgMemberRepository implementation in the same file.
+ * See: src/fleet/bot-instance-repository.ts
+ */
+import type { PlatformDb } from "../db/index.js";
+export interface OrgMemberRow {
+    id: string;
+    orgId: string;
+    userId: string;
+    role: "owner" | "admin" | "member";
+    joinedAt: number;
+}
+export interface OrgInviteRow {
+    id: string;
+    orgId: string;
+    email: string;
+    role: "admin" | "member";
+    invitedBy: string;
+    token: string;
+    expiresAt: number;
+    createdAt: number;
+}
+export interface IOrgMemberRepository {
+    listMembers(orgId: string): Promise<OrgMemberRow[]>;
+    addMember(member: OrgMemberRow): Promise<void>;
+    updateMemberRole(orgId: string, userId: string, role: "owner" | "admin" | "member"): Promise<void>;
+    removeMember(orgId: string, userId: string): Promise<void>;
+    findMember(orgId: string, userId: string): Promise<OrgMemberRow | null>;
+    countAdminsAndOwners(orgId: string): Promise<number>;
+    listInvites(orgId: string): Promise<OrgInviteRow[]>;
+    createInvite(invite: OrgInviteRow): Promise<void>;
+    findInviteById(inviteId: string): Promise<OrgInviteRow | null>;
+    findInviteByToken(token: string): Promise<OrgInviteRow | null>;
+    deleteInvite(inviteId: string): Promise<void>;
+    deleteAllMembers(orgId: string): Promise<void>;
+    deleteAllInvites(orgId: string): Promise<void>;
+}
+export declare class DrizzleOrgMemberRepository implements IOrgMemberRepository {
+    private readonly db;
+    constructor(db: PlatformDb);
+    listMembers(orgId: string): Promise<OrgMemberRow[]>;
+    addMember(member: OrgMemberRow): Promise<void>;
+    updateMemberRole(orgId: string, userId: string, role: "owner" | "admin" | "member"): Promise<void>;
+    removeMember(orgId: string, userId: string): Promise<void>;
+    findMember(orgId: string, userId: string): Promise<OrgMemberRow | null>;
+    countAdminsAndOwners(orgId: string): Promise<number>;
+    listInvites(orgId: string): Promise<OrgInviteRow[]>;
+    createInvite(invite: OrgInviteRow): Promise<void>;
+    findInviteById(inviteId: string): Promise<OrgInviteRow | null>;
+    findInviteByToken(token: string): Promise<OrgInviteRow | null>;
+    deleteInvite(inviteId: string): Promise<void>;
+    deleteAllMembers(orgId: string): Promise<void>;
+    deleteAllInvites(orgId: string): Promise<void>;
+}

package/dist/tenancy/org-member-repository.js ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * Repository for organization members and invites.
+ *
+ * Follows the mandatory repository pattern: IOrgMemberRepository interface +
+ * DrizzleOrgMemberRepository implementation in the same file.
+ * See: src/fleet/bot-instance-repository.ts
+ */
+import { and, eq, gt, inArray } from "drizzle-orm";
+import { organizationInvites, organizationMembers } from "../db/schema/organization-members.js";
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+function toMember(row) {
+    return {
+        id: row.id,
+        orgId: row.orgId,
+        userId: row.userId,
+        role: row.role,
+        joinedAt: row.joinedAt,
+    };
+}
+function toInvite(row) {
+    return {
+        id: row.id,
+        orgId: row.orgId,
+        email: row.email,
+        role: row.role,
+        invitedBy: row.invitedBy,
+        token: row.token,
+        expiresAt: row.expiresAt,
+        createdAt: row.createdAt,
+    };
+}
+export class DrizzleOrgMemberRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async listMembers(orgId) {
+        const rows = await this.db.select().from(organizationMembers).where(eq(organizationMembers.orgId, orgId));
+        return rows.map(toMember);
+    }
+    async addMember(member) {
+        await this.db.insert(organizationMembers).values(member).onConflictDoNothing();
+    }
+    async updateMemberRole(orgId, userId, role) {
+        await this.db
+            .update(organizationMembers)
+            .set({ role })
+            .where(and(eq(organizationMembers.orgId, orgId), eq(organizationMembers.userId, userId)));
+    }
+    async removeMember(orgId, userId) {
+        await this.db
+            .delete(organizationMembers)
+            .where(and(eq(organizationMembers.orgId, orgId), eq(organizationMembers.userId, userId)));
+    }
+    async findMember(orgId, userId) {
+        const rows = await this.db
+            .select()
+            .from(organizationMembers)
+            .where(and(eq(organizationMembers.orgId, orgId), eq(organizationMembers.userId, userId)));
+        return rows[0] ? toMember(rows[0]) : null;
+    }
+    async countAdminsAndOwners(orgId) {
+        const rows = await this.db
+            .select()
+            .from(organizationMembers)
+            .where(and(eq(organizationMembers.orgId, orgId), inArray(organizationMembers.role, ["admin", "owner"])));
+        return rows.length;
+    }
+    async listInvites(orgId) {
+        const now = Date.now();
+        const rows = await this.db
+            .select()
+            .from(organizationInvites)
+            .where(and(eq(organizationInvites.orgId, orgId), gt(organizationInvites.expiresAt, now)));
+        return rows.map(toInvite);
+    }
+    async createInvite(invite) {
+        await this.db.insert(organizationInvites).values(invite);
+    }
+    async findInviteById(inviteId) {
+        const rows = await this.db.select().from(organizationInvites).where(eq(organizationInvites.id, inviteId));
+        return rows[0] ? toInvite(rows[0]) : null;
+    }
+    async findInviteByToken(token) {
+        const rows = await this.db.select().from(organizationInvites).where(eq(organizationInvites.token, token));
+        return rows[0] ? toInvite(rows[0]) : null;
+    }
+    async deleteInvite(inviteId) {
+        await this.db.delete(organizationInvites).where(eq(organizationInvites.id, inviteId));
+    }
+    async deleteAllMembers(orgId) {
+        await this.db.delete(organizationMembers).where(eq(organizationMembers.orgId, orgId));
+    }
+    async deleteAllInvites(orgId) {
+        await this.db.delete(organizationInvites).where(eq(organizationInvites.orgId, orgId));
+    }
+}

package/dist/tenancy/org-repository.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/tenancy/org-repository.test.js ADDED Viewed

@@ -0,0 +1,143 @@
+import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
+import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../test/db.js";
+import { DrizzleOrgRepository } from "./drizzle-org-repository.js";
+let db;
+let pool;
+beforeAll(async () => {
+    ({ db, pool } = await createTestDb());
+    await beginTestTransaction(pool);
+});
+afterAll(async () => {
+    await endTestTransaction(pool);
+    await pool.close();
+});
+describe("DrizzleOrgRepository", () => {
+    let repo;
+    beforeEach(async () => {
+        await rollbackTestTransaction(pool);
+        repo = new DrizzleOrgRepository(db);
+    });
+    describe("createOrg", () => {
+        it("creates an org tenant and returns it", async () => {
+            const org = await repo.createOrg("user-1", "My Org", "my-org");
+            expect(org.name).toBe("My Org");
+            expect(org.slug).toBe("my-org");
+            expect(org.type).toBe("org");
+            expect(org.ownerId).toBe("user-1");
+            expect(org.id).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
+        });
+        it("throws on duplicate slug", async () => {
+            await repo.createOrg("user-1", "Org A", "same-slug");
+            await expect(repo.createOrg("user-2", "Org B", "same-slug")).rejects.toThrow();
+        });
+        it("auto-generates slug from name when slug is omitted", async () => {
+            const org = await repo.createOrg("user-1", "My Cool Org");
+            expect(org.slug).toBe("my-cool-org");
+        });
+    });
+    describe("ensurePersonalTenant", () => {
+        it("creates a personal tenant for a user", async () => {
+            const tenant = await repo.ensurePersonalTenant("user-1", "Alice");
+            expect(tenant.id).toBe("user-1");
+            expect(tenant.type).toBe("personal");
+            expect(tenant.name).toBe("Alice");
+        });
+        it("is idempotent — second call does not throw", async () => {
+            await repo.ensurePersonalTenant("user-1", "Alice");
+            const tenant = await repo.ensurePersonalTenant("user-1", "Alice");
+            expect(tenant.id).toBe("user-1");
+        });
+    });
+    describe("listByUser", () => {
+        it("returns orgs where user has a role (via userIds)", async () => {
+            const org = await repo.createOrg("user-1", "Org A", "org-a");
+            expect(await repo.getById(org.id)).toBeTruthy();
+        });
+    });
+    describe("getById", () => {
+        it("returns null for non-existent tenant", async () => {
+            expect(await repo.getById("nonexistent")).toBeNull();
+        });
+        it("returns a tenant by ID", async () => {
+            const org = await repo.createOrg("user-1", "Org A", "org-a");
+            const found = await repo.getById(org.id);
+            expect(found?.name).toBe("Org A");
+        });
+    });
+    describe("getBySlug", () => {
+        it("returns null for non-existent slug", async () => {
+            expect(await repo.getBySlug("nonexistent")).toBeNull();
+        });
+        it("finds a tenant by slug", async () => {
+            await repo.createOrg("user-1", "Org A", "org-a");
+            const found = await repo.getBySlug("org-a");
+            expect(found?.name).toBe("Org A");
+        });
+    });
+    describe("listOrgsByOwner", () => {
+        it("returns only org-type tenants for the owner", async () => {
+            await repo.ensurePersonalTenant("user-1", "Alice");
+            await repo.createOrg("user-1", "Org A", "org-a");
+            await repo.createOrg("user-1", "Org B", "org-b");
+            await repo.createOrg("user-2", "Other Org", "other");
+            const orgs = await repo.listOrgsByOwner("user-1");
+            expect(orgs).toHaveLength(2);
+            expect(orgs.map((o) => o.slug).sort()).toEqual(["org-a", "org-b"]);
+        });
+        it("returns empty array when owner has no orgs", async () => {
+            const orgs = await repo.listOrgsByOwner("nobody");
+            expect(orgs).toHaveLength(0);
+        });
+    });
+    describe("createOrg (edge cases)", () => {
+        it("throws when name produces an empty slug", async () => {
+            await expect(repo.createOrg("user-1", "---")).rejects.toThrow(/empty slug/);
+        });
+    });
+    describe("updateOrg", () => {
+        it("updates name and returns updated tenant", async () => {
+            const org = await repo.createOrg("user-1", "Original", "original");
+            const updated = await repo.updateOrg(org.id, { name: "Renamed" });
+            expect(updated.name).toBe("Renamed");
+            expect(updated.slug).toBe("original");
+        });
+        it("updates slug and returns updated tenant", async () => {
+            const org = await repo.createOrg("user-1", "Org", "old-slug");
+            const updated = await repo.updateOrg(org.id, { slug: "new-slug" });
+            expect(updated.slug).toBe("new-slug");
+        });
+        it("throws when org not found", async () => {
+            await expect(repo.updateOrg("nonexistent-id", { name: "X" })).rejects.toThrow(/not found/);
+        });
+        it("updates billingEmail and returns updated tenant", async () => {
+            const org = await repo.createOrg("user-1", "Org", "billing-test");
+            const updated = await repo.updateOrg(org.id, { billingEmail: "billing@example.com" });
+            expect(updated.billingEmail).toBe("billing@example.com");
+        });
+        it("clears billingEmail when set to null", async () => {
+            const org = await repo.createOrg("user-1", "Org", "billing-clear");
+            await repo.updateOrg(org.id, { billingEmail: "billing@example.com" });
+            const updated = await repo.updateOrg(org.id, { billingEmail: null });
+            expect(updated.billingEmail).toBeNull();
+        });
+    });
+    describe("updateOwner", () => {
+        it("persists the new ownerId", async () => {
+            const org = await repo.createOrg("user-1", "Org", "org-slug");
+            await repo.updateOwner(org.id, "user-2");
+            const updated = await repo.getById(org.id);
+            expect(updated?.ownerId).toBe("user-2");
+        });
+    });
+    describe("deleteOrg", () => {
+        it("deletes an existing org", async () => {
+            const org = await repo.createOrg("user-1", "Doomed Org", "doomed-org");
+            await repo.deleteOrg(org.id);
+            const found = await repo.getById(org.id);
+            expect(found).toBeNull();
+        });
+        it("silently succeeds when org does not exist", async () => {
+            await expect(repo.deleteOrg("nonexistent")).resolves.not.toThrow();
+        });
+    });
+});