@wopr-network/platform-core 1.0.0 → 1.0.2

package/src/auth/better-auth.ts

@@ -11,25 +11,84 @@
 import { type BetterAuthOptions, betterAuth } from "better-auth";
 import { twoFactor } from "better-auth/plugins";
 import type { Pool } from "pg";
-import type { PlatformDb } from "../db/index.js";
 import { RoleStore } from "../admin/role-store.js";
 import { logger } from "../config/logger.js";
 import { initTwoFactorSchema } from "../db/auth-user-repository.js";
+import type { PlatformDb } from "../db/index.js";
 import { getEmailClient } from "../email/client.js";
 import { passwordResetEmailTemplate, verifyEmailTemplate } from "../email/templates.js";
 import { generateVerificationToken, initVerificationSchema, PgEmailVerifier } from "../email/verification.js";
 import { createUserCreator, type IUserCreator } from "./user-creator.js";
 
+/** OAuth provider credentials. */
+export interface OAuthProvider {
+  clientId: string;
+  clientSecret: string;
+}
+
+/** Rate limit rule for a specific auth endpoint. */
+export interface AuthRateLimitRule {
+  window: number;
+  max: number;
+}
+
 /** Configuration for initializing Better Auth in platform-core. */
 export interface BetterAuthConfig {
   pool: Pool;
   db: PlatformDb;
+
+  // --- Required ---
+  /** HMAC secret for session tokens. Falls back to BETTER_AUTH_SECRET env var. */
+  secret?: string;
+  /** Base URL for OAuth callbacks. Falls back to BETTER_AUTH_URL env var. */
+  baseURL?: string;
+
+  // --- Auth features ---
+  /** Route prefix. Default: "/api/auth" */
+  basePath?: string;
+  /** Email+password config. Default: enabled with 12-char min. */
+  emailAndPassword?: { enabled: boolean; minPasswordLength?: number };
+  /** OAuth providers. Default: reads GITHUB/DISCORD/GOOGLE env vars. */
+  socialProviders?: {
+    github?: OAuthProvider;
+    discord?: OAuthProvider;
+    google?: OAuthProvider;
+  };
+  /** Trusted providers for account linking. Default: ["github", "google"] */
+  trustedProviders?: string[];
+  /** Enable 2FA plugin. Default: true */
+  twoFactor?: boolean;
+
+  // --- Session & cookies ---
+  /** Cookie cache max age in seconds. Default: 300 (5 min) */
+  sessionCacheMaxAge?: number;
+  /** Cookie prefix. Default: "better-auth" */
+  cookiePrefix?: string;
+  /** Cookie domain (e.g., ".wopr.bot"). Falls back to COOKIE_DOMAIN env var. */
+  cookieDomain?: string;
+
+  // --- Rate limiting ---
+  /** Global rate limit window in seconds. Default: 60 */
+  rateLimitWindow?: number;
+  /** Global rate limit max requests. Default: 100 */
+  rateLimitMax?: number;
+  /** Per-endpoint rate limit overrides. Default: sign-in/sign-up/reset limits. */
+  rateLimitRules?: Record<string, AuthRateLimitRule>;
+
+  // --- Origins ---
+  /** Trusted origins for CORS. Falls back to UI_ORIGIN env var. */
+  trustedOrigins?: string[];
+
+  // --- Lifecycle hooks ---
   /** Called after a new user signs up (e.g., create personal tenant). */
   onUserCreated?: (userId: string, userName: string, email: string) => Promise<void>;
 }
 
-const BETTER_AUTH_SECRET = process.env.BETTER_AUTH_SECRET || "";
-const BETTER_AUTH_URL = process.env.BETTER_AUTH_URL || "http://localhost:3100";
+const DEFAULT_RATE_LIMIT_RULES: Record<string, AuthRateLimitRule> = {
+  "/sign-in/email": { window: 900, max: 5 },
+  "/sign-up/email": { window: 3600, max: 10 },
+  "/request-password-reset": { window: 3600, max: 3 },
+};
 
 let _config: BetterAuthConfig | null = null;
 let _userCreator: IUserCreator | null = null;
@@ -47,32 +106,59 @@ async function getUserCreator(): Promise<IUserCreator> {
   return _userCreatorPromise;
 }
 
-function authOptions(pool: Pool): BetterAuthOptions {
+/** Resolve OAuth providers from config or env vars. */
+function resolveSocialProviders(cfg: BetterAuthConfig): BetterAuthOptions["socialProviders"] {
+  if (cfg.socialProviders) return cfg.socialProviders;
+  return {
+    ...(process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET
+      ? { github: { clientId: process.env.GITHUB_CLIENT_ID, clientSecret: process.env.GITHUB_CLIENT_SECRET } }
+      : {}),
+    ...(process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET
+      ? { discord: { clientId: process.env.DISCORD_CLIENT_ID, clientSecret: process.env.DISCORD_CLIENT_SECRET } }
+      : {}),
+    ...(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET
+      ? { google: { clientId: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET } }
+      : {}),
+  };
+}
+
+function authOptions(cfg: BetterAuthConfig): BetterAuthOptions {
+  const pool = cfg.pool;
+  const secret = cfg.secret || process.env.BETTER_AUTH_SECRET;
+  if (!secret) {
+    if (process.env.NODE_ENV === "production") {
+      throw new Error("BETTER_AUTH_SECRET is required in production");
+    }
+    logger.warn("BetterAuth secret not configured — sessions may be insecure");
+  }
+  const baseURL = cfg.baseURL || process.env.BETTER_AUTH_URL || "http://localhost:3100";
+  const basePath = cfg.basePath || "/api/auth";
+  const cookieDomain = cfg.cookieDomain || process.env.COOKIE_DOMAIN;
+  const trustedOrigins =
+    cfg.trustedOrigins ||
+    (process.env.UI_ORIGIN || "http://localhost:3001")
+      .split(",")
+      .map((o) => o.trim())
+      .filter(Boolean);
+  // Default minPasswordLength: 12 — caller must explicitly override, not accidentally omit
+  const emailAndPassword = cfg.emailAndPassword
+    ? { minPasswordLength: 12, ...cfg.emailAndPassword }
+    : { enabled: true, minPasswordLength: 12 };
+
   return {
     database: pool,
-    secret: BETTER_AUTH_SECRET,
-    baseURL: BETTER_AUTH_URL,
-    basePath: "/api/auth",
-    socialProviders: {
-      ...(process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET
-        ? { github: { clientId: process.env.GITHUB_CLIENT_ID, clientSecret: process.env.GITHUB_CLIENT_SECRET } }
-        : {}),
-      ...(process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET
-        ? { discord: { clientId: process.env.DISCORD_CLIENT_ID, clientSecret: process.env.DISCORD_CLIENT_SECRET } }
-        : {}),
-      ...(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET
-        ? { google: { clientId: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET } }
-        : {}),
-    },
+    secret: secret || "",
+    baseURL,
+    basePath,
+    socialProviders: resolveSocialProviders(cfg),
     account: {
       accountLinking: {
         enabled: true,
-        trustedProviders: ["github", "google"],
+        trustedProviders: cfg.trustedProviders ?? ["github", "google"],
       },
     },
     emailAndPassword: {
-      enabled: true,
-      minPasswordLength: 12,
+      ...emailAndPassword,
       sendResetPassword: async ({ user, url }) => {
         try {
           const emailClient = getEmailClient();
@@ -99,12 +185,20 @@ function authOptions(pool: Pool): BetterAuthOptions {
               logger.error("Failed to run user creator:", error);
             }
 
+            if (cfg.onUserCreated) {
+              try {
+                await cfg.onUserCreated(user.id, user.name || user.email, user.email);
+              } catch (error) {
+                logger.error("Failed to run onUserCreated callback:", error);
+              }
+            }
+
             if (user.emailVerified) return;
 
             try {
               await initVerificationSchema(pool);
               const { token } = await generateVerificationToken(pool, user.id);
-              const verifyUrl = `${BETTER_AUTH_URL}/auth/verify?token=${token}`;
+              const verifyUrl = `${baseURL}${basePath}/verify?token=${token}`;
               const emailClient = getEmailClient();
               const template = verifyEmailTemplate(verifyUrl, user.email);
               await emailClient.send({
@@ -116,45 +210,30 @@ function authOptions(pool: Pool): BetterAuthOptions {
             } catch (error) {
               logger.error("Failed to send verification email:", error);
             }
-
-            // Delegate personal tenant creation to the consumer
-            if (_config?.onUserCreated) {
-              try {
-                await _config.onUserCreated(user.id, user.name || user.email, user.email);
-              } catch (error) {
-                logger.error("Failed to run onUserCreated callback:", error);
-              }
-            }
           },
         },
       },
     },
     session: {
-      cookieCache: { enabled: true, maxAge: 5 * 60 },
+      cookieCache: { enabled: true, maxAge: cfg.sessionCacheMaxAge ?? 300 },
     },
     advanced: {
-      cookiePrefix: "better-auth",
+      cookiePrefix: cfg.cookiePrefix || "better-auth",
       cookies: {
         session_token: {
-          attributes: {
-            domain: process.env.COOKIE_DOMAIN || ".wopr.bot",
-          },
+          attributes: cookieDomain ? { domain: cookieDomain } : {},
         },
       },
     },
-    plugins: [twoFactor()],
+    plugins: cfg.twoFactor !== false ? [twoFactor()] : [],
     rateLimit: {
       enabled: true,
-      window: 60,
-      max: 100,
-      customRules: {
-        "/sign-in/email": { window: 900, max: 5 },
-        "/sign-up/email": { window: 3600, max: 10 },
-        "/request-password-reset": { window: 3600, max: 3 },
-      },
+      window: cfg.rateLimitWindow ?? 60,
+      max: cfg.rateLimitMax ?? 100,
+      customRules: { ...DEFAULT_RATE_LIMIT_RULES, ...cfg.rateLimitRules },
       storage: "memory",
     },
-    trustedOrigins: (process.env.UI_ORIGIN || "http://localhost:3001").split(","),
+    trustedOrigins,
   };
 }
 
@@ -174,9 +253,11 @@ export async function runAuthMigrations(): Promise<void> {
   if (!_config) throw new Error("BetterAuth not initialized — call initBetterAuth() first");
   type DbModule = { getMigrations: (opts: BetterAuthOptions) => Promise<{ runMigrations: () => Promise<void> }> };
   const { getMigrations } = (await import("better-auth/db")) as unknown as DbModule;
-  const { runMigrations } = await getMigrations(authOptions(_config.pool));
+  const { runMigrations } = await getMigrations(authOptions(_config));
   await runMigrations();
-  await initTwoFactorSchema(_config.pool);
+  if (_config.twoFactor !== false) {
+    await initTwoFactorSchema(_config.pool);
+  }
 }
 
 let _auth: Auth | null = null;
@@ -188,7 +269,7 @@ let _auth: Auth | null = null;
 export function getAuth(): Auth {
   if (!_auth) {
     if (!_config) throw new Error("BetterAuth not initialized — call initBetterAuth() first");
-    _auth = betterAuth(authOptions(_config.pool));
+    _auth = betterAuth(authOptions(_config));
   }
   return _auth;
 }

package/src/auth/index.ts

@@ -518,3 +518,34 @@ export async function validateTenantAccess(
   const member = await orgMemberRepo.findMember(requestedTenantId, userId);
   return member !== null;
 }
+
+// ---------------------------------------------------------------------------
+// Re-exports — Better Auth factory, middleware, and repositories
+// ---------------------------------------------------------------------------
+
+export type { IApiKeyRepository } from "./api-key-repository.js";
+export { DrizzleApiKeyRepository } from "./api-key-repository.js";
+export type {
+  Auth,
+  AuthRateLimitRule,
+  BetterAuthConfig,
+  OAuthProvider,
+} from "./better-auth.js";
+// Test utilities — do not call in production code
+export {
+  getAuth,
+  getEmailVerifier,
+  initBetterAuth,
+  resetAuth,
+  resetUserCreator,
+  runAuthMigrations,
+  setAuth,
+} from "./better-auth.js";
+export type { ILoginHistoryRepository, LoginHistoryEntry } from "./login-history-repository.js";
+export { BetterAuthLoginHistoryRepository } from "./login-history-repository.js";
+export type { SessionAuthEnv } from "./middleware.js";
+export { dualAuth, sessionAuth } from "./middleware.js";
+export type { IUserCreator } from "./user-creator.js";
+export { createUserCreator } from "./user-creator.js";
+export type { IUserRoleRepository } from "./user-role-repository.js";
+export { DrizzleUserRoleRepository } from "./user-role-repository.js";

package/src/billing/drizzle-webhook-seen-repository.ts

@@ -1,7 +1,7 @@
 import { and, eq, lt } from "drizzle-orm";
+import type { WebhookSeenEvent } from "../credits/repository-types.js";
 import type { PlatformDb } from "../db/index.js";
 import { webhookSeenEvents } from "../db/schema/index.js";
-import type { WebhookSeenEvent } from "../credits/repository-types.js";
 import type { IWebhookSeenRepository } from "./webhook-seen-repository.js";
 
 export class DrizzleWebhookSeenRepository implements IWebhookSeenRepository {

package/src/billing/index.ts

@@ -1,22 +1,20 @@
+export { DrizzleWebhookSeenRepository } from "./drizzle-webhook-seen-repository.js";
 export type {
-  SavedPaymentMethod,
-  CheckoutOpts,
-  CheckoutSession,
   ChargeOpts,
   ChargeResult,
-  SetupResult,
+  CheckoutOpts,
+  CheckoutSession,
+  Invoice,
+  IPaymentProcessor,
   PortalOpts,
+  SavedPaymentMethod,
+  SetupResult,
   WebhookResult,
-  IPaymentProcessor,
-  Invoice,
 } from "./payment-processor.js";
 export { PaymentMethodOwnershipError } from "./payment-processor.js";
-export type { IWebhookSeenRepository } from "./webhook-seen-repository.js";
-export { noOpReplayGuard } from "./webhook-seen-repository.js";
-export { DrizzleWebhookSeenRepository } from "./drizzle-webhook-seen-repository.js";
-
-// Stripe
-export * from "./stripe/index.js";
-
 // PayRam
 export * from "./payram/index.js";
+// Stripe
+export * from "./stripe/index.js";
+export type { IWebhookSeenRepository } from "./webhook-seen-repository.js";
+export { noOpReplayGuard } from "./webhook-seen-repository.js";

package/src/billing/payram/webhook.test.ts

@@ -7,9 +7,9 @@
 
 import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { CreditLedger } from "../../credits/credit-ledger.js";
 import type { PlatformDb } from "../../db/index.js";
 import { createTestDb, truncateAllTables } from "../../test/db.js";
-import { CreditLedger } from "../../credits/credit-ledger.js";
 import { DrizzleWebhookSeenRepository } from "../drizzle-webhook-seen-repository.js";
 import { noOpReplayGuard } from "../webhook-seen-repository.js";
 import { PayRamChargeRepository } from "./charge-store.js";

package/src/billing/stripe/index.ts

@@ -1,14 +1,26 @@
 export { createCreditCheckoutSession, createVpsCheckoutSession } from "./checkout.js";
 export { createStripeClient, loadStripeConfig } from "./client.js";
-export type { CreditPricePoint, CreditPriceMap } from "./credit-prices.js";
-export { CREDIT_PRICE_POINTS, loadCreditPriceMap, getCreditAmountForPurchase, lookupCreditPrice, getConfiguredPriceIds } from "./credit-prices.js";
-export { detachPaymentMethod, detachAllPaymentMethods } from "./payment-methods.js";
+export type { CreditPriceMap, CreditPricePoint } from "./credit-prices.js";
+export {
+  CREDIT_PRICE_POINTS,
+  getConfiguredPriceIds,
+  getCreditAmountForPurchase,
+  loadCreditPriceMap,
+  lookupCreditPrice,
+} from "./credit-prices.js";
 export type { DetachPaymentMethodOpts } from "./payment-methods.js";
+export { detachAllPaymentMethods, detachPaymentMethod } from "./payment-methods.js";
 export { createPortalSession } from "./portal.js";
 export type { SetupIntentOpts } from "./setup-intent.js";
 export { createSetupIntent } from "./setup-intent.js";
-export type { StripeWebhookHandlerResult, StripePaymentProcessorDeps } from "./stripe-payment-processor.js";
+export type { StripePaymentProcessorDeps, StripeWebhookHandlerResult } from "./stripe-payment-processor.js";
 export { StripePaymentProcessor } from "./stripe-payment-processor.js";
 export type { ITenantCustomerRepository } from "./tenant-store.js";
 export { DrizzleTenantCustomerRepository, TenantCustomerRepository } from "./tenant-store.js";
-export type { TenantCustomerRow, CreditCheckoutOpts, PortalSessionOpts, VpsCheckoutOpts, StripeBillingConfig } from "./types.js";
+export type {
+  CreditCheckoutOpts,
+  PortalSessionOpts,
+  StripeBillingConfig,
+  TenantCustomerRow,
+  VpsCheckoutOpts,
+} from "./types.js";

package/src/billing/stripe/stripe-payment-processor.test.ts

@@ -1,7 +1,7 @@
 import type Stripe from "stripe";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { Credit } from "../../credits/credit.js";
 import type { IAutoTopupEventLogRepository } from "../../credits/auto-topup-event-log-repository.js";
+import { Credit } from "../../credits/credit.js";
 import type { CreditTransaction, ICreditLedger } from "../../credits/credit-ledger.js";
 import { PaymentMethodOwnershipError } from "../payment-processor.js";
 import type { CreditPriceMap } from "./credit-prices.js";
@@ -309,7 +309,6 @@ describe("StripePaymentProcessor", () => {
         tenantRepo: mocks.tenantRepo,
         webhookSecret: "whsec_test",
         creditLedger: mocks.creditLedger,
-  
       });
 
       await expect(
@@ -447,7 +446,7 @@ describe("StripePaymentProcessor", () => {
         tenantRepo: mocks.tenantRepo,
         webhookSecret: "whsec_test",
         creditLedger: mocks.creditLedger,
-  
+
         priceMap,
       });
 

package/src/billing/stripe/stripe-payment-processor.ts

@@ -1,7 +1,7 @@
 import type Stripe from "stripe";
-import { Credit } from "../../credits/credit.js";
 import { chargeAutoTopup } from "../../credits/auto-topup-charge.js";
 import type { IAutoTopupEventLogRepository } from "../../credits/auto-topup-event-log-repository.js";
+import { Credit } from "../../credits/credit.js";
 import type { ICreditLedger } from "../../credits/credit-ledger.js";
 import {
   type ChargeOpts,

package/src/credits/auto-topup-charge.test.ts

@@ -5,11 +5,11 @@ import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vites
 import type { PlatformDb } from "../db/index.js";
 import { creditAutoTopup } from "../db/schema/credit-auto-topup.js";
 import { createTestDb, truncateAllTables } from "../test/db.js";
-import { Credit } from "./credit.js";
-import type { ITenantCustomerRepository } from "./tenant-customer-repository.js";
 import { type AutoTopupChargeDeps, chargeAutoTopup, MAX_CONSECUTIVE_FAILURES } from "./auto-topup-charge.js";
 import { DrizzleAutoTopupEventLogRepository } from "./auto-topup-event-log-repository.js";
+import { Credit } from "./credit.js";
 import { CreditLedger } from "./credit-ledger.js";
+import type { ITenantCustomerRepository } from "./tenant-customer-repository.js";
 
 function mockStripe(overrides?: {
   paymentIntentId?: string;

package/src/credits/auto-topup-charge.ts

@@ -1,9 +1,9 @@
 import Stripe from "stripe";
 import { logger } from "../config/logger.js";
-import type { Credit } from "./credit.js";
-import type { ITenantCustomerRepository } from "./tenant-customer-repository.js";
 import type { IAutoTopupEventLogRepository } from "./auto-topup-event-log-repository.js";
+import type { Credit } from "./credit.js";
 import type { ICreditLedger } from "./credit-ledger.js";
+import type { ITenantCustomerRepository } from "./tenant-customer-repository.js";
 
 /** After this many consecutive Stripe failures, the auto-topup mode is disabled. */
 export const MAX_CONSECUTIVE_FAILURES = 3;

package/src/credits/auto-topup-schedule.test.ts

@@ -2,9 +2,9 @@ import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import type { PlatformDb } from "../db/index.js";
 import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../test/db.js";
-import { Credit } from "./credit.js";
 import { runScheduledTopups, type ScheduleTopupDeps } from "./auto-topup-schedule.js";
 import { DrizzleAutoTopupSettingsRepository } from "./auto-topup-settings-repository.js";
+import { Credit } from "./credit.js";
 
 describe("runScheduledTopups", () => {
   let pool: PGlite;

package/src/credits/auto-topup-schedule.ts

@@ -1,8 +1,8 @@
 import { logger } from "../config/logger.js";
-import type { Credit } from "./credit.js";
 import type { AutoTopupChargeResult } from "./auto-topup-charge.js";
 import { MAX_CONSECUTIVE_FAILURES } from "./auto-topup-charge.js";
 import type { IAutoTopupSettingsRepository } from "./auto-topup-settings-repository.js";
+import type { Credit } from "./credit.js";
 
 export interface ScheduleTopupDeps {
   settingsRepo: IAutoTopupSettingsRepository;

package/src/credits/auto-topup-settings-repository.test.ts

@@ -2,8 +2,8 @@ import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import type { PlatformDb } from "../db/index.js";
 import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../test/db.js";
-import { Credit } from "./credit.js";
 import { DrizzleAutoTopupSettingsRepository } from "./auto-topup-settings-repository.js";
+import { Credit } from "./credit.js";
 
 describe("DrizzleAutoTopupSettingsRepository", () => {
   let pool: PGlite;

package/src/credits/auto-topup-usage.test.ts

@@ -2,9 +2,9 @@ import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import type { PlatformDb } from "../db/index.js";
 import { createTestDb, truncateAllTables } from "../test/db.js";
-import { Credit } from "./credit.js";
 import { DrizzleAutoTopupSettingsRepository } from "./auto-topup-settings-repository.js";
 import { maybeTriggerUsageTopup, type UsageTopupDeps } from "./auto-topup-usage.js";
+import { Credit } from "./credit.js";
 import { CreditLedger } from "./credit-ledger.js";
 
 describe("maybeTriggerUsageTopup", () => {

package/src/credits/auto-topup-usage.ts

@@ -1,8 +1,8 @@
 import { logger } from "../config/logger.js";
-import type { Credit } from "./credit.js";
 import type { AutoTopupChargeResult } from "./auto-topup-charge.js";
 import { MAX_CONSECUTIVE_FAILURES } from "./auto-topup-charge.js";
 import type { IAutoTopupSettingsRepository } from "./auto-topup-settings-repository.js";
+import type { Credit } from "./credit.js";
 import type { ICreditLedger } from "./credit-ledger.js";
 
 export interface UsageTopupDeps {

package/src/credits/index.ts

@@ -9,6 +9,7 @@ export {
   computeNextScheduleAt,
   DrizzleAutoTopupSettingsRepository,
 } from "./auto-topup-settings-repository.js";
+export { Credit } from "./credit.js";
 export type { CreditExpiryCronConfig, CreditExpiryCronResult } from "./credit-expiry-cron.js";
 export { runCreditExpiryCron } from "./credit-expiry-cron.js";
 export type {
@@ -21,5 +22,4 @@ export type {
 } from "./credit-ledger.js";
 export { CreditLedger, DrizzleCreditLedger, InsufficientBalanceError } from "./credit-ledger.js";
 export { grantSignupCredits, SIGNUP_GRANT } from "./signup-grant.js";
-export { Credit } from "./credit.js";
 export type { ITenantCustomerRepository, TenantCustomerRow } from "./tenant-customer-repository.js";

package/src/db/schema/index.ts

@@ -5,9 +5,9 @@ export * from "./admin-users.js";
 export * from "./affiliate.js";
 export * from "./affiliate-fraud.js";
 export * from "./coupon-codes.js";
-export * from "./credits.js";
 export * from "./credit-auto-topup.js";
 export * from "./credit-auto-topup-settings.js";
+export * from "./credits.js";
 export * from "./dividend-distributions.js";
 export * from "./email-notifications.js";
 export * from "./meter-events.js";

package/src/email/index.ts

@@ -20,12 +20,12 @@ export { DrizzleNotificationPreferencesStore } from "./notification-preferences-
 export type { INotificationQueueRepository } from "./notification-queue-store.js";
 export { DrizzleNotificationQueueStore } from "./notification-queue-store.js";
 export type {
-  NotificationPrefs,
-  NotificationStatus,
-  QueuedNotification,
   NotificationEmailType,
   NotificationInput,
+  NotificationPrefs,
   NotificationRow,
+  NotificationStatus,
+  QueuedNotification,
 } from "./notification-repository-types.js";
 export { NotificationService } from "./notification-service.js";
 export type { TemplateName as NotificationTemplateName } from "./notification-templates.js";

package/src/index.ts

@@ -1,36 +1,32 @@
 // Database
-export type { PlatformDb, PlatformSchema } from "./db/index.js";
-export { createDb, schema } from "./db/index.js";
 
 // Admin
 export * from "./admin/index.js";
-
 // Auth
 export * from "./auth/index.js";
-
 // Billing (selective — ITenantCustomerRepository/TenantCustomerRow also in credits)
 export {
-  PaymentMethodOwnershipError,
-  noOpReplayGuard,
-  DrizzleWebhookSeenRepository,
-  type SavedPaymentMethod,
-  type CheckoutOpts,
-  type CheckoutSession,
   type ChargeOpts,
   type ChargeResult,
-  type SetupResult,
-  type PortalOpts,
-  type WebhookResult,
-  type IPaymentProcessor,
+  type CheckoutOpts,
+  type CheckoutSession,
+  DrizzleWebhookSeenRepository,
   type Invoice,
+  type IPaymentProcessor,
   type IWebhookSeenRepository,
+  noOpReplayGuard,
+  PaymentMethodOwnershipError,
+  type PortalOpts,
+  type SavedPaymentMethod,
+  type SetupResult,
+  type WebhookResult,
 } from "./billing/index.js";
-
 // Config
-export { config, billingConfigSchema, type PlatformConfig } from "./config/index.js";
-
+export { billingConfigSchema, config, type PlatformConfig } from "./config/index.js";
 // Credits
 export * from "./credits/index.js";
+export type { PlatformDb, PlatformSchema } from "./db/index.js";
+export { createDb, schema } from "./db/index.js";
 
 // Email
 export * from "./email/index.js";

package/src/metering/aggregator.test.ts

@@ -1,10 +1,10 @@
 import crypto from "node:crypto";
 import type { PGlite } from "@electric-sql/pglite";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { Credit } from "../credits/credit.js";
 import type { PlatformDb } from "../db/index.js";
 import { meterEvents, usageSummaries } from "../db/schema/meter-events.js";
 import { createTestDb } from "../test/db.js";
-import { Credit } from "../credits/credit.js";
 import { DrizzleMeterAggregator } from "./aggregator.js";
 import { DrizzleUsageSummaryRepository } from "./drizzle-usage-summary-repository.js";
 

package/src/metering/emitter.test.ts

@@ -3,9 +3,9 @@ import { tmpdir } from "node:os";
 import { join } from "node:path";
 import type { PGlite } from "@electric-sql/pglite";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { Credit } from "../credits/credit.js";
 import type { PlatformDb } from "../db/index.js";
 import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../test/db.js";
-import { Credit } from "../credits/credit.js";
 import { MeterDLQ } from "./dlq.js";
 import { DrizzleMeterEmitter } from "./emitter.js";
 import { DrizzleMeterEventRepository } from "./meter-event-repository.js";

package/src/metering/load-test.bench.ts

@@ -1,9 +1,9 @@
 import { unlinkSync } from "node:fs";
 import type { PGlite } from "@electric-sql/pglite";
 import { afterEach, beforeEach, bench, describe } from "vitest";
+import { Credit } from "../credits/credit.js";
 import type { PlatformDb } from "../db/index.js";
 import { createTestDb } from "../test/db.js";
-import { Credit } from "../credits/credit.js";
 import { MeterAggregator } from "./aggregator.js";
 import { DrizzleUsageSummaryRepository } from "./drizzle-usage-summary-repository.js";
 import { MeterEmitter } from "./emitter.js";

package/src/metering/metering.test.ts

@@ -2,10 +2,10 @@ import { existsSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
 import type { PGlite } from "@electric-sql/pglite";
 import { eq, sql } from "drizzle-orm";
 import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it } from "vitest";
+import { Credit } from "../credits/credit.js";
 import type { PlatformDb } from "../db/index.js";
 import { meterEvents } from "../db/schema/meter-events.js";
 import { createTestDb, truncateAllTables } from "../test/db.js";
-import { Credit } from "../credits/credit.js";
 import { MeterAggregator } from "./aggregator.js";
 import { DrizzleUsageSummaryRepository } from "./drizzle-usage-summary-repository.js";
 import { MeterEmitter } from "./emitter.js";