npm - @wopr-network/platform-core - Versions diffs - 0.1.0 - Mend

@wopr-network/platform-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (694) hide show

package/biome.json +61 -0
package/dist/admin/admin-audit-log-repository.d.ts +33 -0
package/dist/admin/admin-audit-log-repository.js +102 -0
package/dist/admin/audit-log.d.ts +49 -0
package/dist/admin/audit-log.js +63 -0
package/dist/admin/index.d.ts +6 -0
package/dist/admin/index.js +3 -0
package/dist/admin/role-store.d.ts +37 -0
package/dist/admin/role-store.js +106 -0
package/dist/auth/api-key-repository.d.ts +11 -0
package/dist/auth/api-key-repository.js +33 -0
package/dist/auth/api-key-repository.test.d.ts +1 -0
package/dist/auth/api-key-repository.test.js +46 -0
package/dist/auth/auth.test.d.ts +1 -0
package/dist/auth/auth.test.js +140 -0
package/dist/auth/better-auth.d.ts +42 -0
package/dist/auth/better-auth.js +196 -0
package/dist/auth/index.d.ts +186 -0
package/dist/auth/index.js +422 -0
package/dist/auth/login-history-repository.d.ts +14 -0
package/dist/auth/login-history-repository.js +15 -0
package/dist/auth/login-history-repository.test.d.ts +1 -0
package/dist/auth/login-history-repository.test.js +47 -0
package/dist/auth/middleware.d.ts +55 -0
package/dist/auth/middleware.js +101 -0
package/dist/auth/middleware.test.d.ts +1 -0
package/dist/auth/middleware.test.js +213 -0
package/dist/auth/scoped-tokens.test.d.ts +1 -0
package/dist/auth/scoped-tokens.test.js +306 -0
package/dist/auth/tenant-access.test.d.ts +1 -0
package/dist/auth/tenant-access.test.js +62 -0
package/dist/auth/user-creator.d.ts +9 -0
package/dist/auth/user-creator.js +47 -0
package/dist/auth/user-creator.test.d.ts +1 -0
package/dist/auth/user-creator.test.js +78 -0
package/dist/auth/user-role-repository.d.ts +31 -0
package/dist/auth/user-role-repository.js +53 -0
package/dist/auth/user-role-repository.test.d.ts +1 -0
package/dist/auth/user-role-repository.test.js +122 -0
package/dist/billing/drizzle-webhook-seen-repository.d.ts +10 -0
package/dist/billing/drizzle-webhook-seen-repository.js +28 -0
package/dist/billing/index.d.ts +7 -0
package/dist/billing/index.js +7 -0
package/dist/billing/payment-processor.d.ts +127 -0
package/dist/billing/payment-processor.js +8 -0
package/dist/billing/payment-processor.test.d.ts +1 -0
package/dist/billing/payment-processor.test.js +71 -0
package/dist/billing/payram/cents-credits-boundary.test.d.ts +1 -0
package/dist/billing/payram/cents-credits-boundary.test.js +75 -0
package/dist/billing/payram/charge-store.d.ts +41 -0
package/dist/billing/payram/charge-store.js +72 -0
package/dist/billing/payram/charge-store.test.d.ts +1 -0
package/dist/billing/payram/charge-store.test.js +64 -0
package/dist/billing/payram/checkout.d.ts +15 -0
package/dist/billing/payram/checkout.js +24 -0
package/dist/billing/payram/checkout.test.d.ts +1 -0
package/dist/billing/payram/checkout.test.js +74 -0
package/dist/billing/payram/client.d.ts +7 -0
package/dist/billing/payram/client.js +15 -0
package/dist/billing/payram/client.test.d.ts +1 -0
package/dist/billing/payram/client.test.js +52 -0
package/dist/billing/payram/index.d.ts +8 -0
package/dist/billing/payram/index.js +4 -0
package/dist/billing/payram/types.d.ts +40 -0
package/dist/billing/payram/types.js +1 -0
package/dist/billing/payram/webhook.d.ts +19 -0
package/dist/billing/payram/webhook.js +67 -0
package/dist/billing/payram/webhook.test.d.ts +7 -0
package/dist/billing/payram/webhook.test.js +248 -0
package/dist/billing/stripe/cents-credits-boundary.test.d.ts +1 -0
package/dist/billing/stripe/cents-credits-boundary.test.js +62 -0
package/dist/billing/stripe/checkout.d.ts +20 -0
package/dist/billing/stripe/checkout.js +63 -0
package/dist/billing/stripe/checkout.test.d.ts +1 -0
package/dist/billing/stripe/checkout.test.js +148 -0
package/dist/billing/stripe/client.d.ts +14 -0
package/dist/billing/stripe/client.js +33 -0
package/dist/billing/stripe/client.test.d.ts +1 -0
package/dist/billing/stripe/client.test.js +58 -0
package/dist/billing/stripe/credit-prices.d.ts +63 -0
package/dist/billing/stripe/credit-prices.js +81 -0
package/dist/billing/stripe/credit-prices.test.d.ts +1 -0
package/dist/billing/stripe/credit-prices.test.js +87 -0
package/dist/billing/stripe/index.d.ts +14 -0
package/dist/billing/stripe/index.js +8 -0
package/dist/billing/stripe/payment-methods-detach-all.test.d.ts +1 -0
package/dist/billing/stripe/payment-methods-detach-all.test.js +40 -0
package/dist/billing/stripe/payment-methods.d.ts +25 -0
package/dist/billing/stripe/payment-methods.js +53 -0
package/dist/billing/stripe/payment-methods.test.d.ts +1 -0
package/dist/billing/stripe/payment-methods.test.js +122 -0
package/dist/billing/stripe/portal.d.ts +10 -0
package/dist/billing/stripe/portal.js +16 -0
package/dist/billing/stripe/portal.test.d.ts +1 -0
package/dist/billing/stripe/portal.test.js +48 -0
package/dist/billing/stripe/setup-intent.d.ts +16 -0
package/dist/billing/stripe/setup-intent.js +22 -0
package/dist/billing/stripe/setup-intent.test.d.ts +1 -0
package/dist/billing/stripe/setup-intent.test.js +58 -0
package/dist/billing/stripe/stripe-payment-processor.d.ts +49 -0
package/dist/billing/stripe/stripe-payment-processor.js +166 -0
package/dist/billing/stripe/stripe-payment-processor.test.d.ts +1 -0
package/dist/billing/stripe/stripe-payment-processor.test.js +413 -0
package/dist/billing/stripe/tenant-store.d.ts +56 -0
package/dist/billing/stripe/tenant-store.js +119 -0
package/dist/billing/stripe/tenant-store.test.d.ts +1 -0
package/dist/billing/stripe/tenant-store.test.js +97 -0
package/dist/billing/stripe/types.d.ts +49 -0
package/dist/billing/stripe/types.js +1 -0
package/dist/billing/webhook-seen-repository.d.ts +14 -0
package/dist/billing/webhook-seen-repository.js +13 -0
package/dist/config/billing-env.test.d.ts +1 -0
package/dist/config/billing-env.test.js +48 -0
package/dist/config/index.d.ts +46 -0
package/dist/config/index.js +38 -0
package/dist/config/logger.d.ts +2 -0
package/dist/config/logger.js +11 -0
package/dist/config/provider-endpoints.d.ts +6 -0
package/dist/config/provider-endpoints.js +12 -0
package/dist/credits/auto-topup-charge.d.ts +27 -0
package/dist/credits/auto-topup-charge.js +139 -0
package/dist/credits/auto-topup-charge.test.d.ts +1 -0
package/dist/credits/auto-topup-charge.test.js +242 -0
package/dist/credits/auto-topup-event-log-repository.d.ts +16 -0
package/dist/credits/auto-topup-event-log-repository.js +18 -0
package/dist/credits/auto-topup-event-log-repository.test.d.ts +1 -0
package/dist/credits/auto-topup-event-log-repository.test.js +83 -0
package/dist/credits/auto-topup-schedule.d.ts +27 -0
package/dist/credits/auto-topup-schedule.js +66 -0
package/dist/credits/auto-topup-schedule.test.d.ts +1 -0
package/dist/credits/auto-topup-schedule.test.js +145 -0
package/dist/credits/auto-topup-settings-repository.d.ts +54 -0
package/dist/credits/auto-topup-settings-repository.js +184 -0
package/dist/credits/auto-topup-settings-repository.test.d.ts +1 -0
package/dist/credits/auto-topup-settings-repository.test.js +104 -0
package/dist/credits/auto-topup-usage.d.ts +22 -0
package/dist/credits/auto-topup-usage.js +56 -0
package/dist/credits/auto-topup-usage.test.d.ts +1 -0
package/dist/credits/auto-topup-usage.test.js +181 -0
package/dist/credits/credit-expiry-cron.d.ts +19 -0
package/dist/credits/credit-expiry-cron.js +50 -0
package/dist/credits/credit-expiry-cron.test.d.ts +1 -0
package/dist/credits/credit-expiry-cron.test.js +67 -0
package/dist/credits/credit-ledger-extra.test.d.ts +1 -0
package/dist/credits/credit-ledger-extra.test.js +40 -0
package/dist/credits/credit-ledger.bench.d.ts +1 -0
package/dist/credits/credit-ledger.bench.js +33 -0
package/dist/credits/credit-ledger.d.ts +130 -0
package/dist/credits/credit-ledger.js +293 -0
package/dist/credits/credit-ledger.test.d.ts +4 -0
package/dist/credits/credit-ledger.test.js +203 -0
package/dist/credits/credit-transaction-repository.d.ts +17 -0
package/dist/credits/credit-transaction-repository.js +35 -0
package/dist/credits/credit-transaction-repository.test.d.ts +1 -0
package/dist/credits/credit-transaction-repository.test.js +232 -0
package/dist/credits/credit.d.ts +75 -0
package/dist/credits/credit.js +139 -0
package/dist/credits/credit.test.d.ts +1 -0
package/dist/credits/credit.test.js +196 -0
package/dist/credits/dividend-cron.d.ts +29 -0
package/dist/credits/dividend-cron.js +88 -0
package/dist/credits/dividend-cron.test.d.ts +1 -0
package/dist/credits/dividend-cron.test.js +128 -0
package/dist/credits/dividend-repository.d.ts +29 -0
package/dist/credits/dividend-repository.js +126 -0
package/dist/credits/dividend-repository.test.d.ts +1 -0
package/dist/credits/dividend-repository.test.js +176 -0
package/dist/credits/index.d.ts +9 -0
package/dist/credits/index.js +5 -0
package/dist/credits/repository-types.d.ts +29 -0
package/dist/credits/repository-types.js +1 -0
package/dist/credits/signup-grant.d.ts +12 -0
package/dist/credits/signup-grant.js +35 -0
package/dist/credits/signup-grant.test.d.ts +1 -0
package/dist/credits/signup-grant.test.js +51 -0
package/dist/credits/tenant-customer-repository.d.ts +30 -0
package/dist/credits/tenant-customer-repository.js +5 -0
package/dist/db/auth-user-repository.d.ts +46 -0
package/dist/db/auth-user-repository.js +90 -0
package/dist/db/credit-column.d.ts +27 -0
package/dist/db/credit-column.js +13 -0
package/dist/db/index.d.ts +14 -0
package/dist/db/index.js +8 -0
package/dist/db/schema/account-deletion-requests.d.ts +203 -0
package/dist/db/schema/account-deletion-requests.js +36 -0
package/dist/db/schema/account-export-requests.d.ts +148 -0
package/dist/db/schema/account-export-requests.js +19 -0
package/dist/db/schema/admin-audit.d.ts +194 -0
package/dist/db/schema/admin-audit.js +21 -0
package/dist/db/schema/admin-users.d.ts +177 -0
package/dist/db/schema/admin-users.js +23 -0
package/dist/db/schema/affiliate-fraud.d.ts +160 -0
package/dist/db/schema/affiliate-fraud.js +18 -0
package/dist/db/schema/affiliate.d.ts +277 -0
package/dist/db/schema/affiliate.js +32 -0
package/dist/db/schema/coupon-codes.d.ts +143 -0
package/dist/db/schema/coupon-codes.js +17 -0
package/dist/db/schema/credit-auto-topup-settings.d.ts +232 -0
package/dist/db/schema/credit-auto-topup-settings.js +27 -0
package/dist/db/schema/credit-auto-topup.d.ts +130 -0
package/dist/db/schema/credit-auto-topup.js +21 -0
package/dist/db/schema/credits.d.ts +283 -0
package/dist/db/schema/credits.js +38 -0
package/dist/db/schema/dividend-distributions.d.ts +130 -0
package/dist/db/schema/dividend-distributions.js +19 -0
package/dist/db/schema/email-notifications.d.ts +99 -0
package/dist/db/schema/email-notifications.js +21 -0
package/dist/db/schema/index.d.ts +33 -0
package/dist/db/schema/index.js +33 -0
package/dist/db/schema/meter-events.d.ts +599 -0
package/dist/db/schema/meter-events.js +55 -0
package/dist/db/schema/notification-preferences.d.ts +165 -0
package/dist/db/schema/notification-preferences.js +18 -0
package/dist/db/schema/notification-queue.d.ts +236 -0
package/dist/db/schema/notification-queue.js +40 -0
package/dist/db/schema/org-memberships.d.ts +63 -0
package/dist/db/schema/org-memberships.js +15 -0
package/dist/db/schema/organization-members.d.ts +235 -0
package/dist/db/schema/organization-members.js +27 -0
package/dist/db/schema/payram.d.ts +164 -0
package/dist/db/schema/payram.js +21 -0
package/dist/db/schema/platform-api-keys.d.ts +143 -0
package/dist/db/schema/platform-api-keys.js +20 -0
package/dist/db/schema/promotion-redemptions.d.ts +143 -0
package/dist/db/schema/promotion-redemptions.js +18 -0
package/dist/db/schema/promotions.d.ts +445 -0
package/dist/db/schema/promotions.js +48 -0
package/dist/db/schema/provider-credentials.d.ts +201 -0
package/dist/db/schema/provider-credentials.js +36 -0
package/dist/db/schema/rate-limit-entries.d.ts +75 -0
package/dist/db/schema/rate-limit-entries.js +7 -0
package/dist/db/schema/secret-audit-log.d.ts +109 -0
package/dist/db/schema/secret-audit-log.js +15 -0
package/dist/db/schema/session-usage.d.ts +194 -0
package/dist/db/schema/session-usage.js +19 -0
package/dist/db/schema/spending-limits.d.ts +92 -0
package/dist/db/schema/spending-limits.js +8 -0
package/dist/db/schema/tenant-addons.d.ts +58 -0
package/dist/db/schema/tenant-addons.js +9 -0
package/dist/db/schema/tenant-api-keys.d.ts +131 -0
package/dist/db/schema/tenant-api-keys.js +21 -0
package/dist/db/schema/tenant-capability-settings.d.ts +79 -0
package/dist/db/schema/tenant-capability-settings.js +12 -0
package/dist/db/schema/tenant-customers.d.ts +303 -0
package/dist/db/schema/tenant-customers.js +25 -0
package/dist/db/schema/tenants.d.ts +126 -0
package/dist/db/schema/tenants.js +18 -0
package/dist/db/schema/user-roles.d.ts +98 -0
package/dist/db/schema/user-roles.js +18 -0
package/dist/db/schema/webhook-seen-events.d.ts +58 -0
package/dist/db/schema/webhook-seen-events.js +9 -0
package/dist/email/billing-emails.d.ts +51 -0
package/dist/email/billing-emails.js +163 -0
package/dist/email/billing-emails.test.d.ts +1 -0
package/dist/email/billing-emails.test.js +162 -0
package/dist/email/client.d.ts +51 -0
package/dist/email/client.js +102 -0
package/dist/email/client.test.d.ts +1 -0
package/dist/email/client.test.js +120 -0
package/dist/email/drizzle-billing-email-repository.d.ts +21 -0
package/dist/email/drizzle-billing-email-repository.js +36 -0
package/dist/email/drizzle-billing-email-repository.test.d.ts +1 -0
package/dist/email/drizzle-billing-email-repository.test.js +42 -0
package/dist/email/index.d.ts +33 -0
package/dist/email/index.js +22 -0
package/dist/email/notification-preferences-store.d.ts +12 -0
package/dist/email/notification-preferences-store.js +82 -0
package/dist/email/notification-preferences-store.test.d.ts +1 -0
package/dist/email/notification-preferences-store.test.js +86 -0
package/dist/email/notification-queue-store.d.ts +25 -0
package/dist/email/notification-queue-store.js +97 -0
package/dist/email/notification-queue-store.test.d.ts +1 -0
package/dist/email/notification-queue-store.test.js +177 -0
package/dist/email/notification-repository-types.d.ts +70 -0
package/dist/email/notification-repository-types.js +6 -0
package/dist/email/notification-service.d.ts +41 -0
package/dist/email/notification-service.js +196 -0
package/dist/email/notification-service.test.d.ts +1 -0
package/dist/email/notification-service.test.js +160 -0
package/dist/email/notification-templates.d.ts +18 -0
package/dist/email/notification-templates.js +574 -0
package/dist/email/notification-templates.test.d.ts +1 -0
package/dist/email/notification-templates.test.js +238 -0
package/dist/email/notification-worker.d.ts +24 -0
package/dist/email/notification-worker.js +109 -0
package/dist/email/notification-worker.test.d.ts +1 -0
package/dist/email/notification-worker.test.js +153 -0
package/dist/email/require-verified.d.ts +25 -0
package/dist/email/require-verified.js +52 -0
package/dist/email/require-verified.test.d.ts +1 -0
package/dist/email/require-verified.test.js +62 -0
package/dist/email/resend-adapter.d.ts +47 -0
package/dist/email/resend-adapter.js +137 -0
package/dist/email/resend-adapter.test.d.ts +1 -0
package/dist/email/resend-adapter.test.js +190 -0
package/dist/email/templates.d.ts +22 -0
package/dist/email/templates.js +359 -0
package/dist/email/templates.test.d.ts +1 -0
package/dist/email/templates.test.js +170 -0
package/dist/email/verification.d.ts +42 -0
package/dist/email/verification.js +83 -0
package/dist/email/verification.test.d.ts +1 -0
package/dist/email/verification.test.js +141 -0
package/dist/index.d.ts +13 -0
package/dist/index.js +23 -0
package/dist/metering/aggregator.d.ts +54 -0
package/dist/metering/aggregator.js +123 -0
package/dist/metering/aggregator.test.d.ts +1 -0
package/dist/metering/aggregator.test.js +179 -0
package/dist/metering/dlq.d.ts +31 -0
package/dist/metering/dlq.js +82 -0
package/dist/metering/dlq.test.d.ts +1 -0
package/dist/metering/dlq.test.js +117 -0
package/dist/metering/drizzle-usage-summary-repository.d.ts +67 -0
package/dist/metering/drizzle-usage-summary-repository.js +98 -0
package/dist/metering/emitter.d.ts +66 -0
package/dist/metering/emitter.js +185 -0
package/dist/metering/emitter.test.d.ts +1 -0
package/dist/metering/emitter.test.js +171 -0
package/dist/metering/index.d.ts +11 -0
package/dist/metering/index.js +5 -0
package/dist/metering/load-test.bench.d.ts +1 -0
package/dist/metering/load-test.bench.js +103 -0
package/dist/metering/meter-event-repository.d.ts +33 -0
package/dist/metering/meter-event-repository.js +58 -0
package/dist/metering/meter-repositories.test.d.ts +1 -0
package/dist/metering/meter-repositories.test.js +419 -0
package/dist/metering/metering.test.d.ts +1 -0
package/dist/metering/metering.test.js +1046 -0
package/dist/metering/reconciliation-cron.d.ts +37 -0
package/dist/metering/reconciliation-cron.js +85 -0
package/dist/metering/reconciliation-cron.test.d.ts +1 -0
package/dist/metering/reconciliation-cron.test.js +162 -0
package/dist/metering/reconciliation-repository.d.ts +27 -0
package/dist/metering/reconciliation-repository.js +43 -0
package/dist/metering/reconciliation-repository.test.d.ts +1 -0
package/dist/metering/reconciliation-repository.test.js +160 -0
package/dist/metering/types.d.ts +88 -0
package/dist/metering/types.js +1 -0
package/dist/metering/wal.d.ts +49 -0
package/dist/metering/wal.js +124 -0
package/dist/metering/wal.test.d.ts +1 -0
package/dist/metering/wal.test.js +175 -0
package/dist/middleware/csrf.d.ts +24 -0
package/dist/middleware/csrf.js +80 -0
package/dist/middleware/csrf.test.d.ts +1 -0
package/dist/middleware/csrf.test.js +152 -0
package/dist/middleware/drizzle-rate-limit-repository.d.ts +9 -0
package/dist/middleware/drizzle-rate-limit-repository.js +52 -0
package/dist/middleware/drizzle-rate-limit-repository.test.d.ts +1 -0
package/dist/middleware/drizzle-rate-limit-repository.test.js +74 -0
package/dist/middleware/get-client-ip.d.ts +22 -0
package/dist/middleware/get-client-ip.js +51 -0
package/dist/middleware/get-client-ip.test.d.ts +1 -0
package/dist/middleware/get-client-ip.test.js +40 -0
package/dist/middleware/index.d.ts +5 -0
package/dist/middleware/index.js +4 -0
package/dist/middleware/rate-limit-repository.d.ts +19 -0
package/dist/middleware/rate-limit-repository.js +1 -0
package/dist/middleware/rate-limit.d.ts +57 -0
package/dist/middleware/rate-limit.js +109 -0
package/dist/middleware/rate-limit.test.d.ts +1 -0
package/dist/middleware/rate-limit.test.js +247 -0
package/dist/security/credential-vault/audit-repository.d.ts +27 -0
package/dist/security/credential-vault/audit-repository.js +42 -0
package/dist/security/credential-vault/audit-repository.test.d.ts +1 -0
package/dist/security/credential-vault/audit-repository.test.js +78 -0
package/dist/security/credential-vault/credential-repository.d.ts +94 -0
package/dist/security/credential-vault/credential-repository.js +145 -0
package/dist/security/credential-vault/credential-repository.test.d.ts +1 -0
package/dist/security/credential-vault/credential-repository.test.js +206 -0
package/dist/security/credential-vault/index.d.ts +12 -0
package/dist/security/credential-vault/index.js +6 -0
package/dist/security/credential-vault/key-rotation.d.ts +18 -0
package/dist/security/credential-vault/key-rotation.js +52 -0
package/dist/security/credential-vault/key-rotation.test.d.ts +1 -0
package/dist/security/credential-vault/key-rotation.test.js +95 -0
package/dist/security/credential-vault/migrate-plaintext.d.ts +15 -0
package/dist/security/credential-vault/migrate-plaintext.js +80 -0
package/dist/security/credential-vault/migrate-plaintext.test.d.ts +1 -0
package/dist/security/credential-vault/migrate-plaintext.test.js +111 -0
package/dist/security/credential-vault/migration-check.d.ts +15 -0
package/dist/security/credential-vault/migration-check.js +71 -0
package/dist/security/credential-vault/migration-check.test.d.ts +1 -0
package/dist/security/credential-vault/migration-check.test.js +457 -0
package/dist/security/credential-vault/store.d.ts +106 -0
package/dist/security/credential-vault/store.js +181 -0
package/dist/security/credential-vault/store.test.d.ts +1 -0
package/dist/security/credential-vault/store.test.js +482 -0
package/dist/security/encryption.d.ts +22 -0
package/dist/security/encryption.js +53 -0
package/dist/security/encryption.test.d.ts +1 -0
package/dist/security/encryption.test.js +95 -0
package/dist/security/host-validation.d.ts +11 -0
package/dist/security/host-validation.js +108 -0
package/dist/security/host-validation.test.d.ts +1 -0
package/dist/security/host-validation.test.js +106 -0
package/dist/security/index.d.ts +11 -0
package/dist/security/index.js +11 -0
package/dist/security/key-audit.d.ts +16 -0
package/dist/security/key-audit.js +35 -0
package/dist/security/key-audit.test.d.ts +1 -0
package/dist/security/key-audit.test.js +50 -0
package/dist/security/key-injection.d.ts +28 -0
package/dist/security/key-injection.js +57 -0
package/dist/security/key-injection.test.d.ts +1 -0
package/dist/security/key-injection.test.js +97 -0
package/dist/security/key-validation.d.ts +16 -0
package/dist/security/key-validation.js +78 -0
package/dist/security/key-validation.test.d.ts +1 -0
package/dist/security/key-validation.test.js +87 -0
package/dist/security/redirect-allowlist.d.ts +6 -0
package/dist/security/redirect-allowlist.js +36 -0
package/dist/security/redirect-allowlist.test.d.ts +1 -0
package/dist/security/redirect-allowlist.test.js +55 -0
package/dist/security/tenant-keys/capability-settings-store.d.ts +22 -0
package/dist/security/tenant-keys/capability-settings-store.js +33 -0
package/dist/security/tenant-keys/capability-settings-store.test.d.ts +1 -0
package/dist/security/tenant-keys/capability-settings-store.test.js +77 -0
package/dist/security/tenant-keys/index.d.ts +10 -0
package/dist/security/tenant-keys/index.js +5 -0
package/dist/security/tenant-keys/key-resolution-repository.d.ts +15 -0
package/dist/security/tenant-keys/key-resolution-repository.js +18 -0
package/dist/security/tenant-keys/key-resolution-repository.test.d.ts +1 -0
package/dist/security/tenant-keys/key-resolution-repository.test.js +72 -0
package/dist/security/tenant-keys/key-resolution.d.ts +39 -0
package/dist/security/tenant-keys/key-resolution.js +59 -0
package/dist/security/tenant-keys/key-resolution.test.d.ts +1 -0
package/dist/security/tenant-keys/key-resolution.test.js +97 -0
package/dist/security/tenant-keys/org-key-resolution.d.ts +30 -0
package/dist/security/tenant-keys/org-key-resolution.js +50 -0
package/dist/security/tenant-keys/org-key-resolution.test.d.ts +1 -0
package/dist/security/tenant-keys/org-key-resolution.test.js +103 -0
package/dist/security/tenant-keys/tenant-key-repository.d.ts +36 -0
package/dist/security/tenant-keys/tenant-key-repository.js +96 -0
package/dist/security/tenant-keys/tenant-key-repository.test.d.ts +1 -0
package/dist/security/tenant-keys/tenant-key-repository.test.js +114 -0
package/dist/security/types.d.ts +35 -0
package/dist/security/types.js +15 -0
package/dist/tenancy/drizzle-org-repository.d.ts +40 -0
package/dist/tenancy/drizzle-org-repository.js +126 -0
package/dist/tenancy/index.d.ts +6 -0
package/dist/tenancy/index.js +3 -0
package/dist/tenancy/org-member-repository.d.ts +57 -0
package/dist/tenancy/org-member-repository.js +99 -0
package/dist/tenancy/org-repository.test.d.ts +1 -0
package/dist/tenancy/org-repository.test.js +143 -0
package/dist/tenancy/org-service.d.ts +70 -0
package/dist/tenancy/org-service.js +223 -0
package/dist/tenancy/org-service.test.d.ts +1 -0
package/dist/tenancy/org-service.test.js +550 -0
package/dist/test/db.d.ts +33 -0
package/dist/test/db.js +65 -0
package/dist/trpc/index.d.ts +1 -0
package/dist/trpc/index.js +1 -0
package/dist/trpc/init.d.ts +49 -0
package/dist/trpc/init.js +108 -0
package/dist/trpc/init.test.d.ts +1 -0
package/dist/trpc/init.test.js +154 -0
package/drizzle/migrations/0000_slippery_mandrill.sql +559 -0
package/drizzle/migrations/meta/0000_snapshot.json +4374 -0
package/drizzle/migrations/meta/_journal.json +13 -0
package/drizzle.config.ts +41 -0
package/package.json +64 -0
package/src/admin/admin-audit-log-repository.ts +135 -0
package/src/admin/audit-log.ts +111 -0
package/src/admin/index.ts +6 -0
package/src/admin/role-store.ts +134 -0
package/src/auth/api-key-repository.test.ts +63 -0
package/src/auth/api-key-repository.ts +46 -0
package/src/auth/auth.test.ts +166 -0
package/src/auth/better-auth.ts +216 -0
package/src/auth/index.ts +520 -0
package/src/auth/login-history-repository.test.ts +54 -0
package/src/auth/login-history-repository.ts +28 -0
package/src/auth/middleware.test.ts +264 -0
package/src/auth/middleware.ts +117 -0
package/src/auth/scoped-tokens.test.ts +362 -0
package/src/auth/tenant-access.test.ts +69 -0
package/src/auth/user-creator.test.ts +98 -0
package/src/auth/user-creator.ts +54 -0
package/src/auth/user-role-repository.test.ts +149 -0
package/src/auth/user-role-repository.ts +67 -0
package/src/billing/drizzle-webhook-seen-repository.ts +34 -0
package/src/billing/index.ts +22 -0
package/src/billing/payment-processor.test.ts +93 -0
package/src/billing/payment-processor.ts +150 -0
package/src/billing/payram/cents-credits-boundary.test.ts +84 -0
package/src/billing/payram/charge-store.test.ts +84 -0
package/src/billing/payram/charge-store.ts +109 -0
package/src/billing/payram/checkout.test.ts +99 -0
package/src/billing/payram/checkout.ts +40 -0
package/src/billing/payram/client.test.ts +62 -0
package/src/billing/payram/client.ts +21 -0
package/src/billing/payram/index.ts +14 -0
package/src/billing/payram/types.ts +44 -0
package/src/billing/payram/webhook.test.ts +318 -0
package/src/billing/payram/webhook.ts +97 -0
package/src/billing/stripe/cents-credits-boundary.test.ts +70 -0
package/src/billing/stripe/checkout.test.ts +186 -0
package/src/billing/stripe/checkout.ts +82 -0
package/src/billing/stripe/client.test.ts +64 -0
package/src/billing/stripe/client.ts +39 -0
package/src/billing/stripe/credit-prices.test.ts +114 -0
package/src/billing/stripe/credit-prices.ts +113 -0
package/src/billing/stripe/index.ts +14 -0
package/src/billing/stripe/payment-methods-detach-all.test.ts +53 -0
package/src/billing/stripe/payment-methods.test.ts +157 -0
package/src/billing/stripe/payment-methods.ts +76 -0
package/src/billing/stripe/portal.test.ts +63 -0
package/src/billing/stripe/portal.ts +25 -0
package/src/billing/stripe/setup-intent.test.ts +78 -0
package/src/billing/stripe/setup-intent.ts +34 -0
package/src/billing/stripe/stripe-payment-processor.test.ts +517 -0
package/src/billing/stripe/stripe-payment-processor.ts +255 -0
package/src/billing/stripe/tenant-store.test.ts +124 -0
package/src/billing/stripe/tenant-store.ts +151 -0
package/src/billing/stripe/types.ts +53 -0
package/src/billing/webhook-seen-repository.ts +24 -0
package/src/config/billing-env.test.ts +54 -0
package/src/config/index.ts +44 -0
package/src/config/logger.ts +12 -0
package/src/config/provider-endpoints.ts +14 -0
package/src/credits/auto-topup-charge.test.ts +292 -0
package/src/credits/auto-topup-charge.ts +171 -0
package/src/credits/auto-topup-event-log-repository.test.ts +99 -0
package/src/credits/auto-topup-event-log-repository.ts +30 -0
package/src/credits/auto-topup-schedule.test.ts +179 -0
package/src/credits/auto-topup-schedule.ts +93 -0
package/src/credits/auto-topup-settings-repository.test.ts +123 -0
package/src/credits/auto-topup-settings-repository.ts +245 -0
package/src/credits/auto-topup-usage.test.ts +220 -0
package/src/credits/auto-topup-usage.ts +68 -0
package/src/credits/credit-expiry-cron.test.ts +125 -0
package/src/credits/credit-expiry-cron.ts +76 -0
package/src/credits/credit-ledger-extra.test.ts +57 -0
package/src/credits/credit-ledger.bench.ts +56 -0
package/src/credits/credit-ledger.test.ts +276 -0
package/src/credits/credit-ledger.ts +450 -0
package/src/credits/credit-transaction-repository.test.ts +274 -0
package/src/credits/credit-transaction-repository.ts +62 -0
package/src/credits/credit.test.ts +234 -0
package/src/credits/credit.ts +160 -0
package/src/credits/dividend-cron.test.ts +158 -0
package/src/credits/dividend-cron.ts +127 -0
package/src/credits/dividend-repository.test.ts +223 -0
package/src/credits/dividend-repository.ts +182 -0
package/src/credits/index.ts +25 -0
package/src/credits/repository-types.ts +33 -0
package/src/credits/signup-grant.test.ts +63 -0
package/src/credits/signup-grant.ts +44 -0
package/src/credits/tenant-customer-repository.ts +28 -0
package/src/db/auth-user-repository.ts +124 -0
package/src/db/credit-column.ts +17 -0
package/src/db/index.ts +21 -0
package/src/db/schema/account-deletion-requests.ts +41 -0
package/src/db/schema/account-export-requests.ts +24 -0
package/src/db/schema/admin-audit.ts +26 -0
package/src/db/schema/admin-users.ts +31 -0
package/src/db/schema/affiliate-fraud.ts +23 -0
package/src/db/schema/affiliate.ts +38 -0
package/src/db/schema/coupon-codes.ts +22 -0
package/src/db/schema/credit-auto-topup-settings.ts +32 -0
package/src/db/schema/credit-auto-topup.ts +26 -0
package/src/db/schema/credits.ts +44 -0
package/src/db/schema/dividend-distributions.ts +24 -0
package/src/db/schema/email-notifications.ts +26 -0
package/src/db/schema/index.ts +33 -0
package/src/db/schema/meter-events.ts +70 -0
package/src/db/schema/notification-preferences.ts +19 -0
package/src/db/schema/notification-queue.ts +45 -0
package/src/db/schema/org-memberships.ts +20 -0
package/src/db/schema/organization-members.ts +37 -0
package/src/db/schema/payram.ts +26 -0
package/src/db/schema/platform-api-keys.ts +25 -0
package/src/db/schema/promotion-redemptions.ts +23 -0
package/src/db/schema/promotions.ts +57 -0
package/src/db/schema/provider-credentials.ts +41 -0
package/src/db/schema/rate-limit-entries.ts +12 -0
package/src/db/schema/secret-audit-log.ts +20 -0
package/src/db/schema/session-usage.ts +24 -0
package/src/db/schema/spending-limits.ts +9 -0
package/src/db/schema/tenant-addons.ts +14 -0
package/src/db/schema/tenant-api-keys.ts +26 -0
package/src/db/schema/tenant-capability-settings.ts +17 -0
package/src/db/schema/tenant-customers.ts +35 -0
package/src/db/schema/tenants.ts +23 -0
package/src/db/schema/user-roles.ts +23 -0
package/src/db/schema/webhook-seen-events.ts +14 -0
package/src/email/billing-emails.test.ts +198 -0
package/src/email/billing-emails.ts +211 -0
package/src/email/client.test.ts +149 -0
package/src/email/client.ts +137 -0
package/src/email/drizzle-billing-email-repository.test.ts +52 -0
package/src/email/drizzle-billing-email-repository.ts +59 -0
package/src/email/index.ts +57 -0
package/src/email/notification-preferences-store.test.ts +102 -0
package/src/email/notification-preferences-store.ts +90 -0
package/src/email/notification-queue-store.test.ts +215 -0
package/src/email/notification-queue-store.ts +127 -0
package/src/email/notification-repository-types.ts +101 -0
package/src/email/notification-service.test.ts +178 -0
package/src/email/notification-service.ts +265 -0
package/src/email/notification-templates.test.ts +261 -0
package/src/email/notification-templates.ts +727 -0
package/src/email/notification-worker.test.ts +189 -0
package/src/email/notification-worker.ts +133 -0
package/src/email/require-verified.ts +65 -0
package/src/email/resend-adapter.test.ts +253 -0
package/src/email/resend-adapter.ts +157 -0
package/src/email/templates.test.ts +217 -0
package/src/email/templates.ts +469 -0
package/src/email/verification.test.ts +185 -0
package/src/email/verification.ts +110 -0
package/src/index.ts +51 -0
package/src/metering/aggregator.test.ts +239 -0
package/src/metering/aggregator.ts +160 -0
package/src/metering/dlq.test.ts +134 -0
package/src/metering/dlq.ts +102 -0
package/src/metering/drizzle-usage-summary-repository.ts +167 -0
package/src/metering/emitter.test.ts +202 -0
package/src/metering/emitter.ts +227 -0
package/src/metering/index.ts +21 -0
package/src/metering/load-test.bench.ts +130 -0
package/src/metering/meter-event-repository.ts +87 -0
package/src/metering/meter-repositories.test.ts +491 -0
package/src/metering/metering.test.ts +1317 -0
package/src/metering/reconciliation-cron.test.ts +202 -0
package/src/metering/reconciliation-cron.ts +134 -0
package/src/metering/reconciliation-repository.test.ts +196 -0
package/src/metering/reconciliation-repository.ts +83 -0
package/src/metering/types.ts +93 -0
package/src/metering/wal.test.ts +222 -0
package/src/metering/wal.ts +139 -0
package/src/middleware/csrf.test.ts +178 -0
package/src/middleware/csrf.ts +101 -0
package/src/middleware/drizzle-rate-limit-repository.test.ts +97 -0
package/src/middleware/drizzle-rate-limit-repository.ts +57 -0
package/src/middleware/get-client-ip.test.ts +49 -0
package/src/middleware/get-client-ip.ts +62 -0
package/src/middleware/index.ts +12 -0
package/src/middleware/rate-limit-repository.ts +22 -0
package/src/middleware/rate-limit.test.ts +338 -0
package/src/middleware/rate-limit.ts +169 -0
package/src/security/credential-vault/audit-repository.test.ts +91 -0
package/src/security/credential-vault/audit-repository.ts +64 -0
package/src/security/credential-vault/credential-repository.test.ts +264 -0
package/src/security/credential-vault/credential-repository.ts +233 -0
package/src/security/credential-vault/index.ts +26 -0
package/src/security/credential-vault/key-rotation.test.ts +139 -0
package/src/security/credential-vault/key-rotation.ts +70 -0
package/src/security/credential-vault/migrate-plaintext.test.ts +138 -0
package/src/security/credential-vault/migrate-plaintext.ts +101 -0
package/src/security/credential-vault/migration-check.test.ts +533 -0
package/src/security/credential-vault/migration-check.ts +88 -0
package/src/security/credential-vault/store.test.ts +569 -0
package/src/security/credential-vault/store.ts +284 -0
package/src/security/encryption.test.ts +114 -0
package/src/security/encryption.ts +65 -0
package/src/security/host-validation.test.ts +136 -0
package/src/security/host-validation.ts +116 -0
package/src/security/index.ts +59 -0
package/src/security/key-audit.test.ts +57 -0
package/src/security/key-audit.ts +45 -0
package/src/security/key-injection.test.ts +131 -0
package/src/security/key-injection.ts +71 -0
package/src/security/key-validation.test.ts +111 -0
package/src/security/key-validation.ts +84 -0
package/src/security/redirect-allowlist.test.ts +70 -0
package/src/security/redirect-allowlist.ts +35 -0
package/src/security/tenant-keys/capability-settings-store.test.ts +98 -0
package/src/security/tenant-keys/capability-settings-store.ts +53 -0
package/src/security/tenant-keys/index.ts +10 -0
package/src/security/tenant-keys/key-resolution-repository.test.ts +95 -0
package/src/security/tenant-keys/key-resolution-repository.ts +31 -0
package/src/security/tenant-keys/key-resolution.test.ts +173 -0
package/src/security/tenant-keys/key-resolution.ts +87 -0
package/src/security/tenant-keys/org-key-resolution.test.ts +217 -0
package/src/security/tenant-keys/org-key-resolution.ts +76 -0
package/src/security/tenant-keys/tenant-key-repository.test.ts +143 -0
package/src/security/tenant-keys/tenant-key-repository.ts +130 -0
package/src/security/types.ts +43 -0
package/src/tenancy/drizzle-org-repository.ts +169 -0
package/src/tenancy/index.ts +6 -0
package/src/tenancy/org-member-repository.ts +159 -0
package/src/tenancy/org-repository.test.ts +172 -0
package/src/tenancy/org-service.test.ts +634 -0
package/src/tenancy/org-service.ts +290 -0
package/src/test/db.ts +97 -0
package/src/trpc/index.ts +11 -0
package/src/trpc/init.test.ts +196 -0
package/src/trpc/init.ts +138 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +8 -0

package/src/auth/user-role-repository.test.ts ADDED Viewed

@@ -0,0 +1,149 @@
+import type { PGlite } from "@electric-sql/pglite";
+import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
+import type { PlatformDb } from "../db/index.js";
+import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../test/db.js";
+import { DrizzleUserRoleRepository } from "./user-role-repository.js";
+describe("DrizzleUserRoleRepository", () => {
+  let db: PlatformDb;
+  let pool: PGlite;
+  let repo: DrizzleUserRoleRepository;
+  beforeAll(async () => {
+    ({ db, pool } = await createTestDb());
+    await beginTestTransaction(pool);
+  });
+  afterAll(async () => {
+    await endTestTransaction(pool);
+    await pool.close();
+  });
+  beforeEach(async () => {
+    await rollbackTestTransaction(pool);
+    repo = new DrizzleUserRoleRepository(db);
+  });
+  describe("grantRole", () => {
+    it("assigns a role and subsequent lookup returns it", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", "admin-1");
+      const roles = await repo.listRolesByUser("user-1");
+      expect(roles).toHaveLength(1);
+      expect(roles[0]).toEqual({ tenantId: "tenant-1", role: "user" });
+    });
+  });
+  describe("revokeRole", () => {
+    it("removes a granted role so it is no longer returned", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", "admin-1");
+      const removed = await repo.revokeRole("user-1", "tenant-1");
+      expect(removed).toBe(true);
+      const roles = await repo.listRolesByUser("user-1");
+      expect(roles).toHaveLength(0);
+    });
+    it("returns false when revoking a non-existent role", async () => {
+      const removed = await repo.revokeRole("user-1", "tenant-1");
+      expect(removed).toBe(false);
+    });
+  });
+  describe("listRolesByUser", () => {
+    it("returns only the specified user's roles across tenants", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", null);
+      await repo.grantRole("user-1", "tenant-2", "tenant_admin", null);
+      await repo.grantRole("user-2", "tenant-1", "user", null);
+      const roles = await repo.listRolesByUser("user-1");
+      expect(roles).toHaveLength(2);
+      const tenantIds = roles.map((r) => r.tenantId).sort();
+      expect(tenantIds).toEqual(["tenant-1", "tenant-2"]);
+    });
+    it("returns empty array for user with no roles", async () => {
+      const roles = await repo.listRolesByUser("nobody");
+      expect(roles).toEqual([]);
+    });
+  });
+  describe("listUsersByRole", () => {
+    it("returns all users with a given role in a tenant", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", null);
+      await repo.grantRole("user-2", "tenant-1", "user", null);
+      await repo.grantRole("user-3", "tenant-1", "tenant_admin", null);
+      const users = await repo.listUsersByRole("user", "tenant-1");
+      expect(users).toHaveLength(2);
+      const userIds = users.map((u) => u.userId).sort();
+      expect(userIds).toEqual(["user-1", "user-2"]);
+    });
+    it("does not return users from other tenants", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", null);
+      await repo.grantRole("user-2", "tenant-2", "user", null);
+      const users = await repo.listUsersByRole("user", "tenant-1");
+      expect(users).toHaveLength(1);
+      expect(users[0].userId).toBe("user-1");
+    });
+  });
+  describe("isPlatformAdmin", () => {
+    it("returns true for a user with platform_admin role in sentinel tenant", async () => {
+      await repo.grantRole("admin-1", "*", "platform_admin", null);
+      expect(await repo.isPlatformAdmin("admin-1")).toBe(true);
+    });
+    it("returns false for a user with no roles", async () => {
+      expect(await repo.isPlatformAdmin("nobody")).toBe(false);
+    });
+    it("returns false for a tenant_admin in the sentinel tenant", async () => {
+      await repo.grantRole("user-1", "*", "tenant_admin", null);
+      expect(await repo.isPlatformAdmin("user-1")).toBe(false);
+    });
+    it("returns false for a platform_admin in a regular tenant", async () => {
+      await repo.grantRole("user-1", "tenant-1", "platform_admin", null);
+      expect(await repo.isPlatformAdmin("user-1")).toBe(false);
+    });
+  });
+  describe("idempotent grant", () => {
+    it("granting the same role twice does not error or duplicate", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", "admin-1");
+      await repo.grantRole("user-1", "tenant-1", "user", "admin-1");
+      const roles = await repo.listRolesByUser("user-1");
+      expect(roles).toHaveLength(1);
+    });
+    it("granting a different role to same user+tenant upserts", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", "admin-1");
+      await repo.grantRole("user-1", "tenant-1", "tenant_admin", "admin-2");
+      const roles = await repo.listRolesByUser("user-1");
+      expect(roles).toHaveLength(1);
+      expect(roles[0].role).toBe("tenant_admin");
+    });
+  });
+  describe("getTenantIdByUserId", () => {
+    it("returns the tenant ID for a user with a role", async () => {
+      await repo.grantRole("user-1", "tenant-1", "user", null);
+      const tenantId = await repo.getTenantIdByUserId("user-1");
+      expect(tenantId).toBe("tenant-1");
+    });
+    it("returns null for a user with no roles", async () => {
+      const tenantId = await repo.getTenantIdByUserId("nobody");
+      expect(tenantId).toBeNull();
+    });
+    it("excludes platform admin sentinel tenant", async () => {
+      await repo.grantRole("admin-1", "*", "platform_admin", null);
+      const tenantId = await repo.getTenantIdByUserId("admin-1");
+      expect(tenantId).toBeNull();
+    });
+  });
+});

package/src/auth/user-role-repository.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { and, eq } from "drizzle-orm";
+import type { PlatformDb } from "../db/index.js";
+import { userRoles } from "../db/schema/user-roles.js";
+export interface IUserRoleRepository {
+  getTenantIdByUserId(userId: string): Promise<string | null>;
+  grantRole(userId: string, tenantId: string, role: string, grantedBy: string | null): Promise<void>;
+  revokeRole(userId: string, tenantId: string): Promise<boolean>;
+  listRolesByUser(userId: string): Promise<Array<{ tenantId: string; role: string }>>;
+  listUsersByRole(role: string, tenantId: string): Promise<Array<{ userId: string; role: string }>>;
+  isPlatformAdmin(userId: string): Promise<boolean>;
+}
+export class DrizzleUserRoleRepository implements IUserRoleRepository {
+  constructor(private readonly db: PlatformDb) {}
+  async getTenantIdByUserId(userId: string): Promise<string | null> {
+    const rows = await this.db
+      .select({ tenantId: userRoles.tenantId })
+      .from(userRoles)
+      .where(eq(userRoles.userId, userId))
+      .limit(1);
+    const tenantId = rows[0]?.tenantId ?? null;
+    // Exclude platform-admin sentinel value
+    return tenantId === "*" ? null : tenantId;
+  }
+  async grantRole(userId: string, tenantId: string, role: string, grantedBy: string | null): Promise<void> {
+    await this.db
+      .insert(userRoles)
+      .values({ userId, tenantId, role, grantedBy, grantedAt: Date.now() })
+      .onConflictDoUpdate({
+        target: [userRoles.userId, userRoles.tenantId],
+        set: { role, grantedBy, grantedAt: Date.now() },
+      });
+  }
+  async revokeRole(userId: string, tenantId: string): Promise<boolean> {
+    const result = await this.db
+      .delete(userRoles)
+      .where(and(eq(userRoles.userId, userId), eq(userRoles.tenantId, tenantId)))
+      .returning({ userId: userRoles.userId });
+    return result.length > 0;
+  }
+  async listRolesByUser(userId: string): Promise<Array<{ tenantId: string; role: string }>> {
+    return this.db
+      .select({ tenantId: userRoles.tenantId, role: userRoles.role })
+      .from(userRoles)
+      .where(eq(userRoles.userId, userId));
+  }
+  async listUsersByRole(role: string, tenantId: string): Promise<Array<{ userId: string; role: string }>> {
+    return this.db
+      .select({ userId: userRoles.userId, role: userRoles.role })
+      .from(userRoles)
+      .where(and(eq(userRoles.role, role), eq(userRoles.tenantId, tenantId)));
+  }
+  async isPlatformAdmin(userId: string): Promise<boolean> {
+    const rows = await this.db
+      .select({ userId: userRoles.userId })
+      .from(userRoles)
+      .where(and(eq(userRoles.userId, userId), eq(userRoles.tenantId, "*"), eq(userRoles.role, "platform_admin")));
+    return rows.length > 0;
+  }
+}

package/src/billing/drizzle-webhook-seen-repository.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { and, eq, lt } from "drizzle-orm";
+import type { PlatformDb } from "../db/index.js";
+import { webhookSeenEvents } from "../db/schema/index.js";
+import type { WebhookSeenEvent } from "../credits/repository-types.js";
+import type { IWebhookSeenRepository } from "./webhook-seen-repository.js";
+export class DrizzleWebhookSeenRepository implements IWebhookSeenRepository {
+  constructor(private readonly db: PlatformDb) {}
+  async isDuplicate(eventId: string, source: string): Promise<boolean> {
+    const row = (
+      await this.db
+        .select()
+        .from(webhookSeenEvents)
+        .where(and(eq(webhookSeenEvents.eventId, eventId), eq(webhookSeenEvents.source, source)))
+    )[0];
+    return row !== undefined;
+  }
+  async markSeen(eventId: string, source: string): Promise<WebhookSeenEvent> {
+    const seenAt = Date.now();
+    await this.db.insert(webhookSeenEvents).values({ eventId, source, seenAt }).onConflictDoNothing();
+    return { eventId, source, seenAt };
+  }
+  async purgeExpired(ttlMs: number): Promise<number> {
+    const cutoff = Date.now() - ttlMs;
+    const result = await this.db
+      .delete(webhookSeenEvents)
+      .where(lt(webhookSeenEvents.seenAt, cutoff))
+      .returning({ id: webhookSeenEvents.eventId });
+    return result.length;
+  }
+}

package/src/billing/index.ts ADDED Viewed

@@ -0,0 +1,22 @@
+export type {
+  SavedPaymentMethod,
+  CheckoutOpts,
+  CheckoutSession,
+  ChargeOpts,
+  ChargeResult,
+  SetupResult,
+  PortalOpts,
+  WebhookResult,
+  IPaymentProcessor,
+  Invoice,
+} from "./payment-processor.js";
+export { PaymentMethodOwnershipError } from "./payment-processor.js";
+export type { IWebhookSeenRepository } from "./webhook-seen-repository.js";
+export { noOpReplayGuard } from "./webhook-seen-repository.js";
+export { DrizzleWebhookSeenRepository } from "./drizzle-webhook-seen-repository.js";
+// Stripe
+export * from "./stripe/index.js";
+// PayRam
+export * from "./payram/index.js";

package/src/billing/payment-processor.test.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import { describe, expectTypeOf, it } from "vitest";
+import type {
+  ChargeOpts,
+  ChargeResult,
+  CheckoutOpts,
+  CheckoutSession,
+  IPaymentProcessor,
+  PortalOpts,
+  SavedPaymentMethod,
+  SetupResult,
+  WebhookResult,
+} from "./payment-processor.js";
+describe("IPaymentProcessor types", () => {
+  it("CheckoutOpts has required fields", () => {
+    expectTypeOf<CheckoutOpts>().toHaveProperty("tenant");
+    expectTypeOf<CheckoutOpts>().toHaveProperty("amount");
+    expectTypeOf<CheckoutOpts>().toHaveProperty("successUrl");
+    expectTypeOf<CheckoutOpts>().toHaveProperty("cancelUrl");
+  });
+  it("CheckoutSession has id and url", () => {
+    expectTypeOf<CheckoutSession>().toHaveProperty("id");
+    expectTypeOf<CheckoutSession>().toHaveProperty("url");
+  });
+  it("ChargeResult has success field", () => {
+    expectTypeOf<ChargeResult>().toHaveProperty("success");
+  });
+  it("WebhookResult uses Credit for credited field", () => {
+    expectTypeOf<WebhookResult>().toHaveProperty("handled");
+    expectTypeOf<WebhookResult>().toHaveProperty("eventType");
+  });
+  it("SavedPaymentMethod has id, label, isDefault", () => {
+    expectTypeOf<SavedPaymentMethod>().toHaveProperty("id");
+    expectTypeOf<SavedPaymentMethod>().toHaveProperty("label");
+    expectTypeOf<SavedPaymentMethod>().toHaveProperty("isDefault");
+  });
+  it("IPaymentProcessor has all required methods", () => {
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("name");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("createCheckoutSession");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("handleWebhook");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("supportsPortal");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("setupPaymentMethod");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("listPaymentMethods");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("detachPaymentMethod");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("charge");
+  });
+  it("createPortalSession is required on IPaymentProcessor", () => {
+    // Implementations that don't support portal must still implement createPortalSession (and throw)
+    const processor: IPaymentProcessor = {
+      name: "test",
+      createCheckoutSession: async () => ({ id: "s", url: "u" }),
+      handleWebhook: async () => ({ handled: true, eventType: "test" }),
+      supportsPortal: () => false,
+      createPortalSession: async () => {
+        throw new Error("Billing portal not supported");
+      },
+      setupPaymentMethod: async () => ({ clientSecret: "cs" }),
+      listPaymentMethods: async () => [],
+      detachPaymentMethod: async () => undefined,
+      charge: async () => ({ success: true }),
+      getCustomerEmail: async () => "",
+      updateCustomerEmail: async () => undefined,
+      listInvoices: async () => [],
+    };
+    expectTypeOf(processor).toMatchTypeOf<IPaymentProcessor>();
+  });
+  it("PortalOpts has tenant and returnUrl", () => {
+    expectTypeOf<PortalOpts>().toHaveProperty("tenant");
+    expectTypeOf<PortalOpts>().toHaveProperty("returnUrl");
+  });
+  it("SetupResult has clientSecret", () => {
+    expectTypeOf<SetupResult>().toHaveProperty("clientSecret");
+  });
+  it("ChargeOpts has tenant, amount, source", () => {
+    expectTypeOf<ChargeOpts>().toHaveProperty("tenant");
+    expectTypeOf<ChargeOpts>().toHaveProperty("amount");
+    expectTypeOf<ChargeOpts>().toHaveProperty("source");
+  });
+  it("IPaymentProcessor has getCustomerEmail and updateCustomerEmail", () => {
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("getCustomerEmail");
+    expectTypeOf<IPaymentProcessor>().toHaveProperty("updateCustomerEmail");
+  });
+});

package/src/billing/payment-processor.ts ADDED Viewed

@@ -0,0 +1,150 @@
+import type { Credit } from "../credits/credit.js";
+/** Thrown when a tenant tries to detach a payment method they don't own. */
+export class PaymentMethodOwnershipError extends Error {
+  readonly code = "PAYMENT_METHOD_NOT_OWNED" as const;
+  constructor() {
+    super("Payment method does not belong to this tenant");
+    this.name = "PaymentMethodOwnershipError";
+  }
+}
+/** A saved payment method on file for a tenant (processor-agnostic). */
+export interface SavedPaymentMethod {
+  /** Processor-specific payment method ID (e.g. Stripe pm_xxx, PayRam wallet address). */
+  id: string;
+  /** Human-readable label (e.g. "Visa ending 4242", "ETH wallet"). */
+  label: string;
+  /** Whether this is the tenant's default payment method. */
+  isDefault: boolean;
+}
+/** Options for creating a checkout session. */
+export interface CheckoutOpts {
+  /** Internal tenant ID. */
+  tenant: string;
+  /** Amount to charge. Required when no priceId is provided; may be omitted when priceId resolves the amount. */
+  amount?: Credit;
+  /** URL to redirect to after successful checkout. */
+  successUrl: string;
+  /** URL to redirect to if the user cancels checkout. */
+  cancelUrl: string;
+  /** Processor-specific price ID (e.g. Stripe price_xxx). Processors that don't use price IDs may ignore this. */
+  priceId?: string;
+}
+/** Returned after creating a checkout session. */
+export interface CheckoutSession {
+  /** Processor-specific session ID (for idempotency / correlation). */
+  id: string;
+  /** URL to redirect the user to for payment. */
+  url: string;
+}
+/** Options for charging a saved payment method off-session. */
+export interface ChargeOpts {
+  /** Internal tenant ID. */
+  tenant: string;
+  /** Amount to charge. */
+  amount: Credit;
+  /** Descriptive source tag for ledger entries (e.g. "auto_topup_usage"). */
+  source: string;
+}
+/** Result of an off-session charge attempt. */
+export interface ChargeResult {
+  success: boolean;
+  /** Processor-specific payment reference (e.g. Stripe PaymentIntent ID). */
+  paymentReference?: string;
+  error?: string;
+}
+/** Result of setting up a payment method for future use. */
+export interface SetupResult {
+  /** Processor-specific client secret for frontend completion (e.g. Stripe SetupIntent). */
+  clientSecret: string;
+}
+/** Options for creating a billing portal session. */
+export interface PortalOpts {
+  /** Internal tenant ID. */
+  tenant: string;
+  /** URL to redirect to when the user is done managing billing. */
+  returnUrl: string;
+}
+/** Result of processing an incoming webhook from a payment processor. */
+export interface WebhookResult {
+  handled: boolean;
+  /** Processor-specific event type or status string. */
+  eventType: string;
+  tenant?: string;
+  /** Credits to grant to the tenant's ledger. */
+  credited?: Credit;
+  /** Bot IDs reactivated after credit purchase (WOP-447). */
+  reactivatedBots?: string[];
+  /** True when this event was a duplicate / replay. */
+  duplicate?: boolean;
+}
+/**
+ * Processor-agnostic payment interface.
+ *
+ * Each payment processor (Stripe, PayRam, future processors) implements
+ * this interface. The platform layer programs against IPaymentProcessor
+ * and never imports processor-specific types.
+ */
+export interface IPaymentProcessor {
+  /** Human-readable processor name (e.g. "stripe", "payram"). */
+  readonly name: string;
+  /** Create a checkout session for a one-time credit purchase. */
+  createCheckoutSession(opts: CheckoutOpts): Promise<CheckoutSession>;
+  /** Process an incoming webhook payload. */
+  handleWebhook(payload: Buffer, signature: string): Promise<WebhookResult>;
+  /** Whether this processor supports a self-service billing portal. */
+  supportsPortal(): boolean;
+  /**
+   * Create a billing portal session (only if supportsPortal() is true).
+   * Implementations that return false from supportsPortal() must throw rather than leaving this undefined.
+   */
+  createPortalSession(opts: PortalOpts): Promise<{ url: string }>;
+  /** Save a payment method for future off-session charges. */
+  setupPaymentMethod(tenant: string): Promise<SetupResult>;
+  /** List saved payment methods for a tenant. */
+  listPaymentMethods(tenant: string): Promise<SavedPaymentMethod[]>;
+  /** Charge a saved payment method off-session. */
+  charge(opts: ChargeOpts): Promise<ChargeResult>;
+  /** Detach a payment method from the tenant's account. */
+  detachPaymentMethod(tenant: string, paymentMethodId: string): Promise<void>;
+  /** Get the billing email for a tenant's customer account. Returns "" if no customer exists. */
+  getCustomerEmail(tenantId: string): Promise<string>;
+  /** Update the billing email for a tenant's customer account. */
+  updateCustomerEmail(tenantId: string, email: string): Promise<void>;
+  /** List invoices for a tenant. Returns an empty array if no customer exists. */
+  listInvoices(tenantId: string): Promise<Invoice[]>;
+}
+/** A past invoice for a tenant (processor-agnostic). */
+export interface Invoice {
+  /** Processor-specific invoice ID (e.g. Stripe in_xxx). */
+  id: string;
+  /** ISO 8601 date string for when the invoice was created. */
+  date: string;
+  /** Invoice total in cents. */
+  amountCents: number;
+  /** Invoice status (e.g. "paid", "open", "void", "uncollectible"). */
+  status: string;
+  /** URL to download the invoice PDF. Empty string if unavailable. */
+  downloadUrl: string;
+}

package/src/billing/payram/cents-credits-boundary.test.ts ADDED Viewed

@@ -0,0 +1,84 @@
+import { describe, expect, it } from "vitest";
+/**
+ * Regression tests for PayRam cents/credits boundary (WOP-1058).
+ *
+ * Verifies that the USD-to-cents conversion in checkout and
+ * the cents-to-credits flow in the webhook maintain correct units.
+ *
+ * If any of these tests fail after a rename/refactor, a _cents field was
+ * incorrectly changed to store Credit raw units (nanodollars) instead of
+ * USD cents. See src/monetization/credits/credit-ledger.ts for naming convention.
+ */
+describe("WOP-1058: PayRam cents/credits boundary", () => {
+  it("USD to cents conversion is correct (mirrors checkout.ts pattern)", () => {
+    // This mirrors the conversion in payram/checkout.ts: Math.round(opts.amountUsd * 100)
+    const amountUsd = 25;
+    const amountUsdCents = Math.round(amountUsd * 100);
+    expect(amountUsdCents).toBe(2500);
+    // Must NOT be nanodollar scale
+    expect(amountUsdCents).toBeLessThan(1_000_000);
+  });
+  it("minimum payment amount converts to valid cents", () => {
+    const MIN_PAYMENT_USD = 10;
+    const cents = Math.round(MIN_PAYMENT_USD * 100);
+    expect(cents).toBe(1000);
+    expect(Number.isInteger(cents)).toBe(true);
+    // Sanity: $10 is 1000 cents, NOT 10_000_000_000 nanodollars
+    expect(cents).toBeLessThan(1_000_000);
+  });
+  it("fractional USD amounts round correctly to cents", () => {
+    // Edge case: floating point conversion
+    const amountUsd = 10.99;
+    const cents = Math.round(amountUsd * 100);
+    expect(cents).toBe(1099);
+    expect(cents).toBeLessThan(1_000_000);
+  });
+  it("amountUsdCents stored in charge record equals USD * 100 (not nanodollars)", () => {
+    // The core invariant: payram/checkout.ts stores Math.round(amountUsd * 100)
+    // as amountUsdCents. This test proves the conversion stays at cent scale.
+    const testCases: Array<{ usd: number; expectedCents: number }> = [
+      { usd: 10, expectedCents: 1000 },
+      { usd: 25, expectedCents: 2500 },
+      { usd: 50, expectedCents: 5000 },
+      { usd: 100, expectedCents: 10000 },
+    ];
+    for (const { usd, expectedCents } of testCases) {
+      const amountUsdCents = Math.round(usd * 100);
+      expect(amountUsdCents).toBe(expectedCents);
+      // CREDIT SCALE = 1_000_000_000. If this value approaches that, unit confusion occurred.
+      expect(amountUsdCents).toBeLessThan(1_000_000);
+    }
+  });
+  it("creditedCents in webhook equals amountUsdCents from charge store (1:1 for PayRam)", () => {
+    // payram/webhook.ts: const creditCents = charge.amountUsdCents;
+    // The credited amount always equals the stored USD cents — no bonus tiers for PayRam.
+    const chargeAmountUsdCents = 2500; // $25.00
+    const creditCents = chargeAmountUsdCents; // 1:1 for PayRam
+    expect(creditCents).toBe(2500);
+    // creditedCents must be 2500 (cents), not 25_000_000_000 (nanodollars)
+    expect(creditCents).toBeLessThan(1_000_000);
+  });
+  it("cents-to-nanodollar scale difference is preserved as a sanity constant", () => {
+    // Credit.SCALE = 1_000_000_000 nanodollars per dollar
+    // 1 USD cent = 10_000_000 nanodollars (SCALE / 100)
+    // This test documents the relationship so future developers understand the gap.
+    const CREDIT_SCALE = 1_000_000_000;
+    const CENTS_PER_DOLLAR = 100;
+    const NANODOLLARS_PER_CENT = CREDIT_SCALE / CENTS_PER_DOLLAR;
+    expect(NANODOLLARS_PER_CENT).toBe(10_000_000);
+    // $25 in cents = 2500. $25 in nanodollars = 25_000_000_000.
+    // These are 10_000_000x apart — confirming that mixing the two is catastrophic.
+    const twentyFiveDollarsInCents = 2500;
+    const twentyFiveDollarsInNanodollars = 25 * CREDIT_SCALE;
+    expect(twentyFiveDollarsInNanodollars / twentyFiveDollarsInCents).toBe(NANODOLLARS_PER_CENT);
+  });
+});