@wopr-network/platform-core 1.11.0 → 1.12.0

package/dist/account/deletion-executor-repository.d.ts

@@ -7,11 +7,79 @@ export interface IDeletionExecutorRepository {
     markCompleted(id: string, deletionSummary: string): Promise<boolean>;
     /** Find the active (pending) deletion request for a tenant, if any. */
     findPendingByTenant(tenantId: string): Promise<DeletionRequestRow | null>;
+    deleteBotInstances(tenantId: string): Promise<number>;
+    deleteCreditTransactions(tenantId: string): Promise<number>;
+    deleteCreditBalances(tenantId: string): Promise<number>;
+    deleteCreditAdjustments(tenantId: string): Promise<number | null>;
+    deleteMeterEvents(tenantId: string): Promise<number>;
+    deleteUsageSummaries(tenantId: string): Promise<number>;
+    deleteBillingPeriodSummaries(tenantId: string): Promise<number>;
+    deleteStripeUsageReports(tenantId: string): Promise<number>;
+    deleteNotificationQueue(tenantId: string): Promise<number>;
+    deleteNotificationPreferences(tenantId: string): Promise<number>;
+    deleteEmailNotifications(tenantId: string): Promise<number>;
+    deleteAuditLog(tenantId: string): Promise<number>;
+    anonymizeAuditLog(tenantId: string): Promise<number>;
+    deleteAdminNotes(tenantId: string): Promise<number>;
+    listSnapshotS3Keys(tenantId: string): Promise<{
+        id: string;
+        s3Key: string | null;
+    }[]>;
+    deleteSnapshots(tenantId: string): Promise<number>;
+    deleteBackupStatus(tenantId: string): Promise<number>;
+    deletePayramCharges(tenantId: string): Promise<number>;
+    deleteTenantStatus(tenantId: string): Promise<number>;
+    deleteUserRolesByUser(tenantId: string): Promise<number>;
+    deleteUserRolesByTenant(tenantId: string): Promise<number>;
+    deleteTenantCustomers(tenantId: string): Promise<number>;
+    deleteAuthUser(tenantId: string): Promise<{
+        sessionChanges: number;
+        accountChanges: number;
+        verificationChanges: number;
+        userChanges: number;
+    }>;
 }
 export declare class DrizzleDeletionExecutorRepository implements IDeletionExecutorRepository {
     private readonly db;
-    constructor(db: PlatformDb);
+    private readonly authDb?;
+    constructor(db: PlatformDb, authDb?: {
+        query: (sql: string, params?: unknown[]) => Promise<{
+            affectedRows?: number;
+            rowCount?: number;
+        }>;
+    } | undefined);
     findRipe(now: string): Promise<DeletionRequestRow[]>;
     markCompleted(id: string, deletionSummary: string): Promise<boolean>;
     findPendingByTenant(tenantId: string): Promise<DeletionRequestRow | null>;
+    deleteBotInstances(tenantId: string): Promise<number>;
+    deleteCreditTransactions(tenantId: string): Promise<number>;
+    deleteCreditBalances(tenantId: string): Promise<number>;
+    deleteCreditAdjustments(tenantId: string): Promise<number | null>;
+    deleteMeterEvents(tenantId: string): Promise<number>;
+    deleteUsageSummaries(tenantId: string): Promise<number>;
+    deleteBillingPeriodSummaries(tenantId: string): Promise<number>;
+    deleteStripeUsageReports(tenantId: string): Promise<number>;
+    deleteNotificationQueue(tenantId: string): Promise<number>;
+    deleteNotificationPreferences(tenantId: string): Promise<number>;
+    deleteEmailNotifications(tenantId: string): Promise<number>;
+    deleteAuditLog(tenantId: string): Promise<number>;
+    anonymizeAuditLog(tenantId: string): Promise<number>;
+    deleteAdminNotes(tenantId: string): Promise<number>;
+    listSnapshotS3Keys(tenantId: string): Promise<{
+        id: string;
+        s3Key: string | null;
+    }[]>;
+    deleteSnapshots(tenantId: string): Promise<number>;
+    deleteBackupStatus(tenantId: string): Promise<number>;
+    deletePayramCharges(tenantId: string): Promise<number>;
+    deleteTenantStatus(tenantId: string): Promise<number>;
+    deleteUserRolesByUser(tenantId: string): Promise<number>;
+    deleteUserRolesByTenant(tenantId: string): Promise<number>;
+    deleteTenantCustomers(tenantId: string): Promise<number>;
+    deleteAuthUser(tenantId: string): Promise<{
+        sessionChanges: number;
+        accountChanges: number;
+        verificationChanges: number;
+        userChanges: number;
+    }>;
 }

package/dist/account/deletion-executor-repository.js

@@ -1,13 +1,15 @@
-import { and, eq, lte, sql } from "drizzle-orm";
-import { accountDeletionRequests } from "../db/schema/index.js";
+import { and, eq, like, lte, or, sql } from "drizzle-orm";
+import { accountDeletionRequests, adminAuditLog, adminNotes, auditLog, backupStatus, billingPeriodSummaries, botInstances, creditBalances, creditTransactions, emailNotifications, meterEvents, notificationPreferences, notificationQueue, payramCharges, snapshots, stripeUsageReports, tenantCustomers, tenantStatus, usageSummaries, userRoles, } from "../db/schema/index.js";
 import { toRow } from "./deletion-repository.js";
 // ---------------------------------------------------------------------------
 // Implementation
 // ---------------------------------------------------------------------------
 export class DrizzleDeletionExecutorRepository {
     db;
-    constructor(db) {
+    authDb;
+    constructor(db, authDb) {
         this.db = db;
+        this.authDb = authDb;
     }
     async findRipe(now) {
         const rows = await this.db
@@ -38,4 +40,194 @@ export class DrizzleDeletionExecutorRepository {
         const row = rows[0];
         return row ? toRow(row) : null;
     }
+    // --- Data deletion methods ---
+    async deleteBotInstances(tenantId) {
+        const result = await this.db
+            .delete(botInstances)
+            .where(eq(botInstances.tenantId, tenantId))
+            .returning({ id: botInstances.id });
+        return result.length;
+    }
+    async deleteCreditTransactions(tenantId) {
+        const result = await this.db
+            .delete(creditTransactions)
+            .where(eq(creditTransactions.tenantId, tenantId))
+            .returning({ id: creditTransactions.id });
+        return result.length;
+    }
+    async deleteCreditBalances(tenantId) {
+        const result = await this.db
+            .delete(creditBalances)
+            .where(eq(creditBalances.tenantId, tenantId))
+            .returning({ tenantId: creditBalances.tenantId });
+        return result.length;
+    }
+    async deleteCreditAdjustments(tenantId) {
+        // raw SQL: credit_adjustments is not in the Drizzle schema (optional table)
+        try {
+            const result = await this.db.execute(sql `DELETE FROM credit_adjustments WHERE tenant_id = ${tenantId}`);
+            return result.rowCount ?? 0;
+        }
+        catch (err) {
+            const pgCode = err.code;
+            if (pgCode === "42P01")
+                return null; // table does not exist
+            throw err;
+        }
+    }
+    async deleteMeterEvents(tenantId) {
+        const result = await this.db
+            .delete(meterEvents)
+            .where(eq(meterEvents.tenant, tenantId))
+            .returning({ id: meterEvents.id });
+        return result.length;
+    }
+    async deleteUsageSummaries(tenantId) {
+        const result = await this.db
+            .delete(usageSummaries)
+            .where(eq(usageSummaries.tenant, tenantId))
+            .returning({ id: usageSummaries.id });
+        return result.length;
+    }
+    async deleteBillingPeriodSummaries(tenantId) {
+        const result = await this.db
+            .delete(billingPeriodSummaries)
+            .where(eq(billingPeriodSummaries.tenant, tenantId))
+            .returning({ id: billingPeriodSummaries.id });
+        return result.length;
+    }
+    async deleteStripeUsageReports(tenantId) {
+        const result = await this.db
+            .delete(stripeUsageReports)
+            .where(eq(stripeUsageReports.tenant, tenantId))
+            .returning({ id: stripeUsageReports.id });
+        return result.length;
+    }
+    async deleteNotificationQueue(tenantId) {
+        const result = await this.db
+            .delete(notificationQueue)
+            .where(eq(notificationQueue.tenantId, tenantId))
+            .returning({ id: notificationQueue.id });
+        return result.length;
+    }
+    async deleteNotificationPreferences(tenantId) {
+        const result = await this.db
+            .delete(notificationPreferences)
+            .where(eq(notificationPreferences.tenantId, tenantId))
+            .returning({ tenantId: notificationPreferences.tenantId });
+        return result.length;
+    }
+    async deleteEmailNotifications(tenantId) {
+        const result = await this.db
+            .delete(emailNotifications)
+            .where(eq(emailNotifications.tenantId, tenantId))
+            .returning({ id: emailNotifications.id });
+        return result.length;
+    }
+    async deleteAuditLog(tenantId) {
+        const result = await this.db.delete(auditLog).where(eq(auditLog.userId, tenantId)).returning({ id: auditLog.id });
+        return result.length;
+    }
+    async anonymizeAuditLog(tenantId) {
+        const result = await this.db
+            .update(adminAuditLog)
+            .set({ targetTenant: "[deleted]", targetUser: "[deleted]" })
+            .where(or(eq(adminAuditLog.targetTenant, tenantId), eq(adminAuditLog.targetUser, tenantId)))
+            .returning({ id: adminAuditLog.id });
+        return result.length;
+    }
+    async deleteAdminNotes(tenantId) {
+        const result = await this.db
+            .delete(adminNotes)
+            .where(eq(adminNotes.tenantId, tenantId))
+            .returning({ id: adminNotes.id });
+        return result.length;
+    }
+    async listSnapshotS3Keys(tenantId) {
+        const rows = await this.db
+            .select({ id: snapshots.id, s3Key: snapshots.s3Key })
+            .from(snapshots)
+            .where(eq(snapshots.tenant, tenantId));
+        return rows;
+    }
+    async deleteSnapshots(tenantId) {
+        const result = await this.db
+            .delete(snapshots)
+            .where(eq(snapshots.tenant, tenantId))
+            .returning({ id: snapshots.id });
+        return result.length;
+    }
+    async deleteBackupStatus(tenantId) {
+        // Escape LIKE wildcards in tenantId to prevent injection
+        const safeTenantId = tenantId.replace(/%/g, "\\%").replace(/_/g, "\\_");
+        // backup_status uses containerId with pattern "tenant_{id}_..."
+        const result = await this.db
+            .delete(backupStatus)
+            .where(like(backupStatus.containerId, `tenant_${safeTenantId}%`))
+            .returning({ containerId: backupStatus.containerId });
+        return result.length;
+    }
+    async deletePayramCharges(tenantId) {
+        const result = await this.db
+            .delete(payramCharges)
+            .where(eq(payramCharges.tenantId, tenantId))
+            .returning({ referenceId: payramCharges.referenceId });
+        return result.length;
+    }
+    async deleteTenantStatus(tenantId) {
+        const result = await this.db
+            .delete(tenantStatus)
+            .where(eq(tenantStatus.tenantId, tenantId))
+            .returning({ tenantId: tenantStatus.tenantId });
+        return result.length;
+    }
+    async deleteUserRolesByUser(tenantId) {
+        const result = await this.db
+            .delete(userRoles)
+            .where(eq(userRoles.userId, tenantId))
+            .returning({ userId: userRoles.userId });
+        return result.length;
+    }
+    async deleteUserRolesByTenant(tenantId) {
+        const result = await this.db
+            .delete(userRoles)
+            .where(eq(userRoles.tenantId, tenantId))
+            .returning({ userId: userRoles.userId });
+        return result.length;
+    }
+    async deleteTenantCustomers(tenantId) {
+        const result = await this.db
+            .delete(tenantCustomers)
+            .where(eq(tenantCustomers.tenant, tenantId))
+            .returning({ tenant: tenantCustomers.tenant });
+        return result.length;
+    }
+    async deleteAuthUser(tenantId) {
+        if (!this.authDb) {
+            return { sessionChanges: 0, accountChanges: 0, verificationChanges: 0, userChanges: 0 };
+        }
+        const getCount = (result) => result.affectedRows ?? result.rowCount ?? 0;
+        // raw SQL: better-auth tables are not in the Drizzle schema
+        // Wrapped in a transaction — all four DELETEs must succeed or none.
+        await this.authDb.query("BEGIN", []);
+        try {
+            const sessionResult = await this.authDb.query(`DELETE FROM session WHERE user_id = $1`, [tenantId]);
+            const accountResult = await this.authDb.query(`DELETE FROM account WHERE user_id = $1`, [tenantId]);
+            const verificationResult = await this.authDb.query(`DELETE FROM email_verification_tokens WHERE user_id = $1`, [
+                tenantId,
+            ]);
+            const userResult = await this.authDb.query(`DELETE FROM "user" WHERE id = $1`, [tenantId]);
+            await this.authDb.query("COMMIT", []);
+            return {
+                sessionChanges: getCount(sessionResult),
+                accountChanges: getCount(accountResult),
+                verificationChanges: getCount(verificationResult),
+                userChanges: getCount(userResult),
+            };
+        }
+        catch (err) {
+            await this.authDb.query("ROLLBACK", []);
+            throw err;
+        }
+    }
 }

package/dist/account/deletion-repository.d.ts

@@ -1,12 +1,23 @@
 import type { PlatformDb } from "../db/index.js";
 import { accountDeletionRequests } from "../db/schema/index.js";
-import type { DeletionRequestRow, InsertDeletionRequest } from "./repository-types.js";
+import type { DeletionRequestRow, DeletionStatus, InsertDeletionRequest } from "./repository-types.js";
 export type { DeletionRequestRow, InsertDeletionRequest };
 export interface IDeletionRepository {
     insert(data: InsertDeletionRequest): Promise<void>;
     getById(id: string): Promise<DeletionRequestRow | null>;
     listByTenant(tenantId: string): Promise<DeletionRequestRow[]>;
+    getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null>;
     cancel(id: string, cancelReason: string): Promise<boolean>;
+    markCompleted(id: string, summary: string): Promise<void>;
+    findExpired(): Promise<DeletionRequestRow[]>;
+    list(opts: {
+        status?: DeletionStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        requests: DeletionRequestRow[];
+        total: number;
+    }>;
 }
 export declare class DrizzleDeletionRepository implements IDeletionRepository {
     private readonly db;
@@ -14,6 +25,17 @@ export declare class DrizzleDeletionRepository implements IDeletionRepository {
     insert(data: InsertDeletionRequest): Promise<void>;
     getById(id: string): Promise<DeletionRequestRow | null>;
     listByTenant(tenantId: string): Promise<DeletionRequestRow[]>;
+    getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null>;
     cancel(id: string, cancelReason: string): Promise<boolean>;
+    markCompleted(id: string, summary: string): Promise<void>;
+    findExpired(): Promise<DeletionRequestRow[]>;
+    list(opts: {
+        status?: DeletionStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        requests: DeletionRequestRow[];
+        total: number;
+    }>;
 }
 export declare function toRow(row: typeof accountDeletionRequests.$inferSelect): DeletionRequestRow;

package/dist/account/deletion-repository.js

@@ -1,4 +1,4 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, lte, sql } from "drizzle-orm";
 import { accountDeletionRequests } from "../db/schema/index.js";
 // ---------------------------------------------------------------------------
 // Implementation
@@ -9,11 +9,12 @@ export class DrizzleDeletionRepository {
         this.db = db;
     }
     async insert(data) {
+        const deleteAfter = data.deleteAfter ?? new Date(Date.now() + (data.graceDays ?? 30) * 24 * 60 * 60 * 1000).toISOString();
         await this.db.insert(accountDeletionRequests).values({
             id: data.id,
             tenantId: data.tenantId,
             requestedBy: data.requestedBy,
-            deleteAfter: data.deleteAfter,
+            deleteAfter,
             reason: data.reason ?? null,
         });
     }
@@ -29,6 +30,15 @@ export class DrizzleDeletionRepository {
             .where(eq(accountDeletionRequests.tenantId, tenantId));
         return rows.map(toRow);
     }
+    async getPendingForTenant(tenantId) {
+        const rows = await this.db
+            .select()
+            .from(accountDeletionRequests)
+            .where(and(eq(accountDeletionRequests.tenantId, tenantId), eq(accountDeletionRequests.status, "pending")))
+            .limit(1);
+        const row = rows[0];
+        return row ? toRow(row) : null;
+    }
     async cancel(id, cancelReason) {
         const result = await this.db
             .update(accountDeletionRequests)
@@ -41,6 +51,41 @@ export class DrizzleDeletionRepository {
             .returning({ id: accountDeletionRequests.id });
         return result.length > 0;
     }
+    async markCompleted(id, summary) {
+        await this.db
+            .update(accountDeletionRequests)
+            .set({
+            status: "completed",
+            completedAt: sql `now()`,
+            deletionSummary: summary,
+            updatedAt: sql `now()`,
+        })
+            .where(and(eq(accountDeletionRequests.id, id), eq(accountDeletionRequests.status, "pending")));
+    }
+    async findExpired() {
+        const rows = await this.db
+            .select()
+            .from(accountDeletionRequests)
+            .where(and(eq(accountDeletionRequests.status, "pending"), lte(accountDeletionRequests.deleteAfter, sql `now()`)));
+        return rows.map(toRow);
+    }
+    async list(opts) {
+        const conditions = opts.status ? eq(accountDeletionRequests.status, opts.status) : undefined;
+        const [rows, totalResult] = await Promise.all([
+            this.db
+                .select()
+                .from(accountDeletionRequests)
+                .where(conditions)
+                .orderBy(desc(accountDeletionRequests.createdAt))
+                .limit(opts.limit)
+                .offset(opts.offset),
+            this.db.select({ count: count() }).from(accountDeletionRequests).where(conditions),
+        ]);
+        return {
+            requests: rows.map(toRow),
+            total: totalResult[0]?.count ?? 0,
+        };
+    }
 }
 // ---------------------------------------------------------------------------
 // Row mapper

package/dist/account/export-repository.d.ts

@@ -1,5 +1,5 @@
 import type { PlatformDb } from "../db/index.js";
-import type { ExportRequestRow, InsertExportRequest } from "./repository-types.js";
+import type { ExportRequestRow, ExportStatus, InsertExportRequest } from "./repository-types.js";
 export type { ExportRequestRow, InsertExportRequest };
 export interface IExportRepository {
     insert(data: InsertExportRequest): Promise<void>;
@@ -8,6 +8,15 @@ export interface IExportRepository {
     markProcessing(id: string): Promise<boolean>;
     markCompleted(id: string, downloadUrl: string): Promise<boolean>;
     markFailed(id: string, errorMessage?: string): Promise<boolean>;
+    list(filters: {
+        status?: ExportStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        rows: ExportRequestRow[];
+        total: number;
+    }>;
+    updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void>;
 }
 export declare class DrizzleExportRepository implements IExportRepository {
     private readonly db;
@@ -18,4 +27,13 @@ export declare class DrizzleExportRepository implements IExportRepository {
     markProcessing(id: string): Promise<boolean>;
     markCompleted(id: string, downloadUrl: string): Promise<boolean>;
     markFailed(id: string, _errorMessage?: string): Promise<boolean>;
+    list(filters: {
+        status?: ExportStatus;
+        limit: number;
+        offset: number;
+    }): Promise<{
+        rows: ExportRequestRow[];
+        total: number;
+    }>;
+    updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void>;
 }

package/dist/account/export-repository.js

@@ -1,4 +1,4 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, sql } from "drizzle-orm";
 import { accountExportRequests } from "../db/schema/index.js";
 // ---------------------------------------------------------------------------
 // Implementation
@@ -59,6 +59,34 @@ export class DrizzleExportRepository {
             .returning({ id: accountExportRequests.id });
         return result.length > 0;
     }
+    async list(filters) {
+        const conditions = filters.status ? eq(accountExportRequests.status, filters.status) : undefined;
+        const [rows, totalResult] = await Promise.all([
+            this.db
+                .select()
+                .from(accountExportRequests)
+                .where(conditions)
+                .orderBy(desc(accountExportRequests.createdAt))
+                .limit(filters.limit)
+                .offset(filters.offset),
+            this.db.select({ count: count() }).from(accountExportRequests).where(conditions),
+        ]);
+        return {
+            rows: rows.map(toRow),
+            total: totalResult[0]?.count ?? 0,
+        };
+    }
+    async updateStatus(id, status, downloadUrl) {
+        await this.db
+            .update(accountExportRequests)
+            .set({
+            status,
+            // Clear stale downloadUrl when transitioning away from completed
+            downloadUrl: downloadUrl ?? (status === "completed" ? undefined : null),
+            updatedAt: sql `now()`,
+        })
+            .where(eq(accountExportRequests.id, id));
+    }
 }
 // ---------------------------------------------------------------------------
 // Row mapper

package/dist/account/repository-types.d.ts

@@ -17,8 +17,11 @@ export interface InsertDeletionRequest {
     id: string;
     tenantId: string;
     requestedBy: string;
-    deleteAfter: string;
-    reason?: string;
+    /** Explicit ISO timestamp for when deletion should execute. */
+    deleteAfter?: string;
+    /** Number of grace days from now. Used if deleteAfter is not provided. */
+    graceDays?: number;
+    reason?: string | null;
 }
 export interface ExportRequestRow {
     id: string;

package/dist/auth/middleware.d.ts

@@ -15,6 +15,8 @@ import type { Context, Next } from "hono";
 import type { IApiKeyRepository } from "./api-key-repository.js";
 import type { Auth } from "./better-auth.js";
 import type { AuthUser } from "./index.js";
+/** Minimum length for API key tokens (rejects obviously short tokens). */
+export declare const MIN_API_KEY_LENGTH = 22;
 export interface SessionAuthEnv {
     Variables: {
         user: AuthUser;

package/dist/auth/middleware.js

@@ -12,6 +12,8 @@
  * If neither is present, the request is rejected with 401.
  */
 import { createHash } from "node:crypto";
+/** Minimum length for API key tokens (rejects obviously short tokens). */
+export const MIN_API_KEY_LENGTH = 22;
 /**
  * Create middleware that authenticates requests via better-auth session cookies.
  *

package/dist/db/index.d.ts

@@ -15,6 +15,9 @@ export type PlatformDb = DrizzleDb;
 /** Create a Drizzle database instance wrapping the given pg.Pool. */
 export declare function createDb(pool: Pool): PlatformDb;
 export { schema };
+export type { SQL } from "drizzle-orm";
+export { and, asc, count, desc, eq, gt, gte, ilike, inArray, isNull, like, lt, lte, ne, or, sql } from "drizzle-orm";
+export { pgTable, text } from "drizzle-orm/pg-core";
 export type { AuthUser, IAuthUserRepository } from "./auth-user-repository.js";
 export { BetterAuthUserRepository } from "./auth-user-repository.js";
 export { creditColumn } from "./credit-column.js";

package/dist/db/index.js

@@ -5,5 +5,10 @@ export function createDb(pool) {
     return drizzle(pool, { schema });
 }
 export { schema };
+// Re-export commonly used drizzle-orm operators so consumers using pnpm link
+// resolve them from the same drizzle-orm instance as the schema tables.
+export { and, asc, count, desc, eq, gt, gte, ilike, inArray, isNull, like, lt, lte, ne, or, sql } from "drizzle-orm";
+// Re-export pg-core table builders for consumers that define local tables.
+export { pgTable, text } from "drizzle-orm/pg-core";
 export { BetterAuthUserRepository } from "./auth-user-repository.js";
 export { creditColumn } from "./credit-column.js";

package/dist/monetization/socket/socket.js

@@ -97,7 +97,7 @@ export class AdapterSocket {
         const charge = adapterResult.charge ?? withMargin(adapterResult.cost, margin);
         // Emit meter event — BYOK tenants get zero cost/charge (WOP-512)
         const isByok = request.byok === true;
-        this.meter.emit({
+        await this.meter.emit({
             tenant: request.tenantId,
             cost: isByok ? Credit.ZERO : adapterResult.cost,
             charge: isByok ? Credit.ZERO : charge,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.11.0",
+  "version": "1.12.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/account/deletion-executor-repository.ts

@@ -1,6 +1,27 @@
-import { and, eq, lte, sql } from "drizzle-orm";
+import { and, eq, like, lte, or, sql } from "drizzle-orm";
 import type { PlatformDb } from "../db/index.js";
-import { accountDeletionRequests } from "../db/schema/index.js";
+import {
+  accountDeletionRequests,
+  adminAuditLog,
+  adminNotes,
+  auditLog,
+  backupStatus,
+  billingPeriodSummaries,
+  botInstances,
+  creditBalances,
+  creditTransactions,
+  emailNotifications,
+  meterEvents,
+  notificationPreferences,
+  notificationQueue,
+  payramCharges,
+  snapshots,
+  stripeUsageReports,
+  tenantCustomers,
+  tenantStatus,
+  usageSummaries,
+  userRoles,
+} from "../db/schema/index.js";
 import { toRow } from "./deletion-repository.js";
 import type { DeletionRequestRow } from "./repository-types.js";
 
@@ -15,6 +36,36 @@ export interface IDeletionExecutorRepository {
   markCompleted(id: string, deletionSummary: string): Promise<boolean>;
   /** Find the active (pending) deletion request for a tenant, if any. */
   findPendingByTenant(tenantId: string): Promise<DeletionRequestRow | null>;
+
+  // --- Data deletion methods (GDPR purge) ---
+  deleteBotInstances(tenantId: string): Promise<number>;
+  deleteCreditTransactions(tenantId: string): Promise<number>;
+  deleteCreditBalances(tenantId: string): Promise<number>;
+  deleteCreditAdjustments(tenantId: string): Promise<number | null>;
+  deleteMeterEvents(tenantId: string): Promise<number>;
+  deleteUsageSummaries(tenantId: string): Promise<number>;
+  deleteBillingPeriodSummaries(tenantId: string): Promise<number>;
+  deleteStripeUsageReports(tenantId: string): Promise<number>;
+  deleteNotificationQueue(tenantId: string): Promise<number>;
+  deleteNotificationPreferences(tenantId: string): Promise<number>;
+  deleteEmailNotifications(tenantId: string): Promise<number>;
+  deleteAuditLog(tenantId: string): Promise<number>;
+  anonymizeAuditLog(tenantId: string): Promise<number>;
+  deleteAdminNotes(tenantId: string): Promise<number>;
+  listSnapshotS3Keys(tenantId: string): Promise<{ id: string; s3Key: string | null }[]>;
+  deleteSnapshots(tenantId: string): Promise<number>;
+  deleteBackupStatus(tenantId: string): Promise<number>;
+  deletePayramCharges(tenantId: string): Promise<number>;
+  deleteTenantStatus(tenantId: string): Promise<number>;
+  deleteUserRolesByUser(tenantId: string): Promise<number>;
+  deleteUserRolesByTenant(tenantId: string): Promise<number>;
+  deleteTenantCustomers(tenantId: string): Promise<number>;
+  deleteAuthUser(tenantId: string): Promise<{
+    sessionChanges: number;
+    accountChanges: number;
+    verificationChanges: number;
+    userChanges: number;
+  }>;
 }
 
 // ---------------------------------------------------------------------------
@@ -22,7 +73,12 @@ export interface IDeletionExecutorRepository {
 // ---------------------------------------------------------------------------
 
 export class DrizzleDeletionExecutorRepository implements IDeletionExecutorRepository {
-  constructor(private readonly db: PlatformDb) {}
+  constructor(
+    private readonly db: PlatformDb,
+    private readonly authDb?: {
+      query: (sql: string, params?: unknown[]) => Promise<{ affectedRows?: number; rowCount?: number }>;
+    },
+  ) {}
 
   async findRipe(now: string): Promise<DeletionRequestRow[]> {
     const rows = await this.db
@@ -55,4 +111,224 @@ export class DrizzleDeletionExecutorRepository implements IDeletionExecutorRepos
     const row = rows[0];
     return row ? toRow(row) : null;
   }
+
+  // --- Data deletion methods ---
+
+  async deleteBotInstances(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(botInstances)
+      .where(eq(botInstances.tenantId, tenantId))
+      .returning({ id: botInstances.id });
+    return result.length;
+  }
+
+  async deleteCreditTransactions(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(creditTransactions)
+      .where(eq(creditTransactions.tenantId, tenantId))
+      .returning({ id: creditTransactions.id });
+    return result.length;
+  }
+
+  async deleteCreditBalances(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(creditBalances)
+      .where(eq(creditBalances.tenantId, tenantId))
+      .returning({ tenantId: creditBalances.tenantId });
+    return result.length;
+  }
+
+  async deleteCreditAdjustments(tenantId: string): Promise<number | null> {
+    // raw SQL: credit_adjustments is not in the Drizzle schema (optional table)
+    try {
+      const result = await this.db.execute(sql`DELETE FROM credit_adjustments WHERE tenant_id = ${tenantId}`);
+      return (result as unknown as { rowCount?: number }).rowCount ?? 0;
+    } catch (err: unknown) {
+      const pgCode = (err as { code?: string }).code;
+      if (pgCode === "42P01") return null; // table does not exist
+      throw err;
+    }
+  }
+
+  async deleteMeterEvents(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(meterEvents)
+      .where(eq(meterEvents.tenant, tenantId))
+      .returning({ id: meterEvents.id });
+    return result.length;
+  }
+
+  async deleteUsageSummaries(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(usageSummaries)
+      .where(eq(usageSummaries.tenant, tenantId))
+      .returning({ id: usageSummaries.id });
+    return result.length;
+  }
+
+  async deleteBillingPeriodSummaries(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(billingPeriodSummaries)
+      .where(eq(billingPeriodSummaries.tenant, tenantId))
+      .returning({ id: billingPeriodSummaries.id });
+    return result.length;
+  }
+
+  async deleteStripeUsageReports(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(stripeUsageReports)
+      .where(eq(stripeUsageReports.tenant, tenantId))
+      .returning({ id: stripeUsageReports.id });
+    return result.length;
+  }
+
+  async deleteNotificationQueue(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(notificationQueue)
+      .where(eq(notificationQueue.tenantId, tenantId))
+      .returning({ id: notificationQueue.id });
+    return result.length;
+  }
+
+  async deleteNotificationPreferences(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(notificationPreferences)
+      .where(eq(notificationPreferences.tenantId, tenantId))
+      .returning({ tenantId: notificationPreferences.tenantId });
+    return result.length;
+  }
+
+  async deleteEmailNotifications(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(emailNotifications)
+      .where(eq(emailNotifications.tenantId, tenantId))
+      .returning({ id: emailNotifications.id });
+    return result.length;
+  }
+
+  async deleteAuditLog(tenantId: string): Promise<number> {
+    const result = await this.db.delete(auditLog).where(eq(auditLog.userId, tenantId)).returning({ id: auditLog.id });
+    return result.length;
+  }
+
+  async anonymizeAuditLog(tenantId: string): Promise<number> {
+    const result = await this.db
+      .update(adminAuditLog)
+      .set({ targetTenant: "[deleted]", targetUser: "[deleted]" })
+      .where(or(eq(adminAuditLog.targetTenant, tenantId), eq(adminAuditLog.targetUser, tenantId)))
+      .returning({ id: adminAuditLog.id });
+    return result.length;
+  }
+
+  async deleteAdminNotes(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(adminNotes)
+      .where(eq(adminNotes.tenantId, tenantId))
+      .returning({ id: adminNotes.id });
+    return result.length;
+  }
+
+  async listSnapshotS3Keys(tenantId: string): Promise<{ id: string; s3Key: string | null }[]> {
+    const rows = await this.db
+      .select({ id: snapshots.id, s3Key: snapshots.s3Key })
+      .from(snapshots)
+      .where(eq(snapshots.tenant, tenantId));
+    return rows;
+  }
+
+  async deleteSnapshots(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(snapshots)
+      .where(eq(snapshots.tenant, tenantId))
+      .returning({ id: snapshots.id });
+    return result.length;
+  }
+
+  async deleteBackupStatus(tenantId: string): Promise<number> {
+    // Escape LIKE wildcards in tenantId to prevent injection
+    const safeTenantId = tenantId.replace(/%/g, "\\%").replace(/_/g, "\\_");
+    // backup_status uses containerId with pattern "tenant_{id}_..."
+    const result = await this.db
+      .delete(backupStatus)
+      .where(like(backupStatus.containerId, `tenant_${safeTenantId}%`))
+      .returning({ containerId: backupStatus.containerId });
+    return result.length;
+  }
+
+  async deletePayramCharges(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(payramCharges)
+      .where(eq(payramCharges.tenantId, tenantId))
+      .returning({ referenceId: payramCharges.referenceId });
+    return result.length;
+  }
+
+  async deleteTenantStatus(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(tenantStatus)
+      .where(eq(tenantStatus.tenantId, tenantId))
+      .returning({ tenantId: tenantStatus.tenantId });
+    return result.length;
+  }
+
+  async deleteUserRolesByUser(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(userRoles)
+      .where(eq(userRoles.userId, tenantId))
+      .returning({ userId: userRoles.userId });
+    return result.length;
+  }
+
+  async deleteUserRolesByTenant(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(userRoles)
+      .where(eq(userRoles.tenantId, tenantId))
+      .returning({ userId: userRoles.userId });
+    return result.length;
+  }
+
+  async deleteTenantCustomers(tenantId: string): Promise<number> {
+    const result = await this.db
+      .delete(tenantCustomers)
+      .where(eq(tenantCustomers.tenant, tenantId))
+      .returning({ tenant: tenantCustomers.tenant });
+    return result.length;
+  }
+
+  async deleteAuthUser(tenantId: string): Promise<{
+    sessionChanges: number;
+    accountChanges: number;
+    verificationChanges: number;
+    userChanges: number;
+  }> {
+    if (!this.authDb) {
+      return { sessionChanges: 0, accountChanges: 0, verificationChanges: 0, userChanges: 0 };
+    }
+
+    const getCount = (result: { affectedRows?: number; rowCount?: number }): number =>
+      result.affectedRows ?? result.rowCount ?? 0;
+
+    // raw SQL: better-auth tables are not in the Drizzle schema
+    // Wrapped in a transaction — all four DELETEs must succeed or none.
+    await this.authDb.query("BEGIN", []);
+    try {
+      const sessionResult = await this.authDb.query(`DELETE FROM session WHERE user_id = $1`, [tenantId]);
+      const accountResult = await this.authDb.query(`DELETE FROM account WHERE user_id = $1`, [tenantId]);
+      const verificationResult = await this.authDb.query(`DELETE FROM email_verification_tokens WHERE user_id = $1`, [
+        tenantId,
+      ]);
+      const userResult = await this.authDb.query(`DELETE FROM "user" WHERE id = $1`, [tenantId]);
+      await this.authDb.query("COMMIT", []);
+
+      return {
+        sessionChanges: getCount(sessionResult),
+        accountChanges: getCount(accountResult),
+        verificationChanges: getCount(verificationResult),
+        userChanges: getCount(userResult),
+      };
+    } catch (err) {
+      await this.authDb.query("ROLLBACK", []);
+      throw err;
+    }
+  }
 }

package/src/account/deletion-repository.ts

@@ -1,7 +1,7 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, lte, sql } from "drizzle-orm";
 import type { PlatformDb } from "../db/index.js";
 import { accountDeletionRequests } from "../db/schema/index.js";
-import type { DeletionRequestRow, InsertDeletionRequest } from "./repository-types.js";
+import type { DeletionRequestRow, DeletionStatus, InsertDeletionRequest } from "./repository-types.js";
 
 export type { DeletionRequestRow, InsertDeletionRequest };
 
@@ -13,7 +13,15 @@ export interface IDeletionRepository {
   insert(data: InsertDeletionRequest): Promise<void>;
   getById(id: string): Promise<DeletionRequestRow | null>;
   listByTenant(tenantId: string): Promise<DeletionRequestRow[]>;
+  getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null>;
   cancel(id: string, cancelReason: string): Promise<boolean>;
+  markCompleted(id: string, summary: string): Promise<void>;
+  findExpired(): Promise<DeletionRequestRow[]>;
+  list(opts: {
+    status?: DeletionStatus;
+    limit: number;
+    offset: number;
+  }): Promise<{ requests: DeletionRequestRow[]; total: number }>;
 }
 
 // ---------------------------------------------------------------------------
@@ -24,11 +32,13 @@ export class DrizzleDeletionRepository implements IDeletionRepository {
   constructor(private readonly db: PlatformDb) {}
 
   async insert(data: InsertDeletionRequest): Promise<void> {
+    const deleteAfter =
+      data.deleteAfter ?? new Date(Date.now() + (data.graceDays ?? 30) * 24 * 60 * 60 * 1000).toISOString();
     await this.db.insert(accountDeletionRequests).values({
       id: data.id,
       tenantId: data.tenantId,
       requestedBy: data.requestedBy,
-      deleteAfter: data.deleteAfter,
+      deleteAfter,
       reason: data.reason ?? null,
     });
   }
@@ -47,6 +57,16 @@ export class DrizzleDeletionRepository implements IDeletionRepository {
     return rows.map(toRow);
   }
 
+  async getPendingForTenant(tenantId: string): Promise<DeletionRequestRow | null> {
+    const rows = await this.db
+      .select()
+      .from(accountDeletionRequests)
+      .where(and(eq(accountDeletionRequests.tenantId, tenantId), eq(accountDeletionRequests.status, "pending")))
+      .limit(1);
+    const row = rows[0];
+    return row ? toRow(row) : null;
+  }
+
   async cancel(id: string, cancelReason: string): Promise<boolean> {
     const result = await this.db
       .update(accountDeletionRequests)
@@ -59,6 +79,50 @@ export class DrizzleDeletionRepository implements IDeletionRepository {
       .returning({ id: accountDeletionRequests.id });
     return result.length > 0;
   }
+
+  async markCompleted(id: string, summary: string): Promise<void> {
+    await this.db
+      .update(accountDeletionRequests)
+      .set({
+        status: "completed",
+        completedAt: sql`now()`,
+        deletionSummary: summary,
+        updatedAt: sql`now()`,
+      })
+      .where(and(eq(accountDeletionRequests.id, id), eq(accountDeletionRequests.status, "pending")));
+  }
+
+  async findExpired(): Promise<DeletionRequestRow[]> {
+    const rows = await this.db
+      .select()
+      .from(accountDeletionRequests)
+      .where(and(eq(accountDeletionRequests.status, "pending"), lte(accountDeletionRequests.deleteAfter, sql`now()`)));
+    return rows.map(toRow);
+  }
+
+  async list(opts: {
+    status?: DeletionStatus;
+    limit: number;
+    offset: number;
+  }): Promise<{ requests: DeletionRequestRow[]; total: number }> {
+    const conditions = opts.status ? eq(accountDeletionRequests.status, opts.status) : undefined;
+
+    const [rows, totalResult] = await Promise.all([
+      this.db
+        .select()
+        .from(accountDeletionRequests)
+        .where(conditions)
+        .orderBy(desc(accountDeletionRequests.createdAt))
+        .limit(opts.limit)
+        .offset(opts.offset),
+      this.db.select({ count: count() }).from(accountDeletionRequests).where(conditions),
+    ]);
+
+    return {
+      requests: rows.map(toRow),
+      total: totalResult[0]?.count ?? 0,
+    };
+  }
 }
 
 // ---------------------------------------------------------------------------

package/src/account/export-repository.ts

@@ -1,7 +1,7 @@
-import { and, eq, sql } from "drizzle-orm";
+import { and, count, desc, eq, sql } from "drizzle-orm";
 import type { PlatformDb } from "../db/index.js";
 import { accountExportRequests } from "../db/schema/index.js";
-import type { ExportRequestRow, InsertExportRequest } from "./repository-types.js";
+import type { ExportRequestRow, ExportStatus, InsertExportRequest } from "./repository-types.js";
 
 export type { ExportRequestRow, InsertExportRequest };
 
@@ -16,6 +16,12 @@ export interface IExportRepository {
   markProcessing(id: string): Promise<boolean>;
   markCompleted(id: string, downloadUrl: string): Promise<boolean>;
   markFailed(id: string, errorMessage?: string): Promise<boolean>;
+  list(filters: {
+    status?: ExportStatus;
+    limit: number;
+    offset: number;
+  }): Promise<{ rows: ExportRequestRow[]; total: number }>;
+  updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void>;
 }
 
 // ---------------------------------------------------------------------------
@@ -81,6 +87,42 @@ export class DrizzleExportRepository implements IExportRepository {
       .returning({ id: accountExportRequests.id });
     return result.length > 0;
   }
+
+  async list(filters: {
+    status?: ExportStatus;
+    limit: number;
+    offset: number;
+  }): Promise<{ rows: ExportRequestRow[]; total: number }> {
+    const conditions = filters.status ? eq(accountExportRequests.status, filters.status) : undefined;
+
+    const [rows, totalResult] = await Promise.all([
+      this.db
+        .select()
+        .from(accountExportRequests)
+        .where(conditions)
+        .orderBy(desc(accountExportRequests.createdAt))
+        .limit(filters.limit)
+        .offset(filters.offset),
+      this.db.select({ count: count() }).from(accountExportRequests).where(conditions),
+    ]);
+
+    return {
+      rows: rows.map(toRow),
+      total: totalResult[0]?.count ?? 0,
+    };
+  }
+
+  async updateStatus(id: string, status: ExportStatus, downloadUrl?: string): Promise<void> {
+    await this.db
+      .update(accountExportRequests)
+      .set({
+        status,
+        // Clear stale downloadUrl when transitioning away from completed
+        downloadUrl: downloadUrl ?? (status === "completed" ? undefined : null),
+        updatedAt: sql`now()`,
+      })
+      .where(eq(accountExportRequests.id, id));
+  }
 }
 
 // ---------------------------------------------------------------------------

package/src/account/repository-types.ts

@@ -23,8 +23,11 @@ export interface InsertDeletionRequest {
   id: string;
   tenantId: string;
   requestedBy: string;
-  deleteAfter: string;
-  reason?: string;
+  /** Explicit ISO timestamp for when deletion should execute. */
+  deleteAfter?: string;
+  /** Number of grace days from now. Used if deleteAfter is not provided. */
+  graceDays?: number;
+  reason?: string | null;
 }
 
 export interface ExportRequestRow {

package/src/auth/middleware.ts

@@ -18,6 +18,9 @@ import type { IApiKeyRepository } from "./api-key-repository.js";
 import type { Auth } from "./better-auth.js";
 import type { AuthUser } from "./index.js";
 
+/** Minimum length for API key tokens (rejects obviously short tokens). */
+export const MIN_API_KEY_LENGTH = 22;
+
 export interface SessionAuthEnv {
   Variables: {
     user: AuthUser;

package/src/db/index.ts

@@ -24,6 +24,13 @@ export function createDb(pool: Pool): PlatformDb {
 }
 
 export { schema };
+
+export type { SQL } from "drizzle-orm";
+// Re-export commonly used drizzle-orm operators so consumers using pnpm link
+// resolve them from the same drizzle-orm instance as the schema tables.
+export { and, asc, count, desc, eq, gt, gte, ilike, inArray, isNull, like, lt, lte, ne, or, sql } from "drizzle-orm";
+// Re-export pg-core table builders for consumers that define local tables.
+export { pgTable, text } from "drizzle-orm/pg-core";
 export type { AuthUser, IAuthUserRepository } from "./auth-user-repository.js";
 export { BetterAuthUserRepository } from "./auth-user-repository.js";
 export { creditColumn } from "./credit-column.js";

package/src/monetization/socket/socket.ts

@@ -147,7 +147,7 @@ export class AdapterSocket {
 
     // Emit meter event — BYOK tenants get zero cost/charge (WOP-512)
     const isByok = request.byok === true;
-    this.meter.emit({
+    await this.meter.emit({
       tenant: request.tenantId,
       cost: isByok ? Credit.ZERO : adapterResult.cost,
       charge: isByok ? Credit.ZERO : charge,