@wopr-network/platform-core 1.70.0 → 1.72.0

package/dist/server/boot-config.d.ts

@@ -20,8 +20,18 @@ export interface RoutePlugin {
 export interface BootConfig {
     /** Short product identifier (e.g. "paperclip", "wopr", "holyship"). */
     slug: string;
-    /** PostgreSQL connection string. */
+    /** PostgreSQL connection string. Required unless `pool` is provided. */
     databaseUrl: string;
+    /**
+     * Pre-created PostgreSQL connection pool. When provided, buildContainer
+     * reuses this pool and skips pool creation + Drizzle migrations. The
+     * caller is responsible for running their own migrations before calling
+     * buildContainer.
+     *
+     * Use this when the product has its own migration set (e.g. wopr-platform
+     * generates migrations locally from the shared schema).
+     */
+    pool?: import("pg").Pool;
     /** Bind host (default "0.0.0.0"). */
     host?: string;
     /** Bind port (default 3001). */

package/dist/server/container.d.ts

@@ -18,6 +18,7 @@ import type { FleetManager } from "../fleet/fleet-manager.js";
 import type { IProfileStore } from "../fleet/profile-store.js";
 import type { IServiceKeyRepository } from "../gateway/service-key-repository.js";
 import type { ProductConfig } from "../product-config/repository-types.js";
+import type { ProductConfigService } from "../product-config/service.js";
 import type { ProxyManagerInterface } from "../proxy/types.js";
 import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
 import type { OrgService } from "../tenancy/org-service.js";
@@ -68,6 +69,7 @@ export interface PlatformContainer {
     db: DrizzleDb;
     pool: Pool;
     productConfig: ProductConfig;
+    productConfigService: ProductConfigService;
     creditLedger: ILedger;
     orgMemberRepo: IOrgMemberRepository;
     orgService: OrgService;

package/dist/server/container.js

@@ -20,23 +20,32 @@
  * `bootConfig.features`. Disabled features yield `null`.
  */
 export async function buildContainer(bootConfig) {
-    if (!bootConfig.databaseUrl) {
-        throw new Error("buildContainer: databaseUrl is required");
+    // 1. Database pool — reuse existing or create new
+    let pool;
+    if (bootConfig.pool) {
+        pool = bootConfig.pool;
+    }
+    else {
+        if (!bootConfig.databaseUrl) {
+            throw new Error("buildContainer: databaseUrl is required when pool is not provided");
+        }
+        const { Pool: PgPool } = await import("pg");
+        pool = new PgPool({ connectionString: bootConfig.databaseUrl });
     }
-    // 1. Database pool
-    const { Pool: PgPool } = await import("pg");
-    const pool = new PgPool({ connectionString: bootConfig.databaseUrl });
     // 2. Drizzle ORM instance
     const { createDb } = await import("../db/index.js");
     const db = createDb(pool);
-    // 3. Run Drizzle migrations
-    const { migrate } = await import("drizzle-orm/node-postgres/migrator");
-    const path = await import("node:path");
-    const migrationsFolder = path.resolve(path.dirname(new URL(import.meta.url).pathname), "../../drizzle");
-    await migrate(db, { migrationsFolder });
+    // 3. Run Drizzle migrations (skip when caller provided their own pool —
+    //    they are responsible for running product-specific migrations first)
+    if (!bootConfig.pool) {
+        const { migrate } = await import("drizzle-orm/node-postgres/migrator");
+        const path = await import("node:path");
+        const migrationsFolder = path.resolve(path.dirname(new URL(import.meta.url).pathname), "../../drizzle");
+        await migrate(db, { migrationsFolder });
+    }
     // 4. Bootstrap product config from DB (auto-seeds from presets if needed)
     const { platformBoot } = await import("../product-config/boot.js");
-    const { config: productConfig } = await platformBoot({ slug: bootConfig.slug, db });
+    const { config: productConfig, service: productConfigService } = await platformBoot({ slug: bootConfig.slug, db });
     // 5. Credit ledger
     const { DrizzleLedger } = await import("../credits/ledger.js");
     const creditLedger = new DrizzleLedger(db);
@@ -120,6 +129,7 @@ export async function buildContainer(bootConfig) {
         db,
         pool,
         productConfig,
+        productConfigService,
         creditLedger,
         orgMemberRepo,
         orgService,

package/dist/server/services/__tests__/hot-pool.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Tests for hot pool service functions (getPoolSize, setPoolSize).
+ *
+ * Uses InMemoryPoolRepository to test service logic without Docker or DB.
+ */
+export {};

package/dist/server/services/__tests__/hot-pool.test.js

@@ -0,0 +1,26 @@
+/**
+ * Tests for hot pool service functions (getPoolSize, setPoolSize).
+ *
+ * Uses InMemoryPoolRepository to test service logic without Docker or DB.
+ */
+import { describe, expect, it } from "vitest";
+import { getPoolSize, setPoolSize } from "../hot-pool.js";
+import { InMemoryPoolRepository } from "./in-memory-pool-repository.js";
+describe("hot pool service", () => {
+    describe("getPoolSize / setPoolSize", () => {
+        it("returns default pool size", async () => {
+            const repo = new InMemoryPoolRepository();
+            expect(await getPoolSize(repo)).toBe(2);
+        });
+        it("sets and reads pool size", async () => {
+            const repo = new InMemoryPoolRepository();
+            await setPoolSize(repo, 10);
+            expect(await getPoolSize(repo)).toBe(10);
+        });
+        it("pool size of 0 is valid", async () => {
+            const repo = new InMemoryPoolRepository();
+            await setPoolSize(repo, 0);
+            expect(await getPoolSize(repo)).toBe(0);
+        });
+    });
+});

package/dist/server/services/__tests__/in-memory-pool-repository.d.ts

@@ -0,0 +1,21 @@
+/**
+ * In-memory IPoolRepository for testing.
+ * FIFO claiming, dead instance handling — no DB required.
+ */
+import type { IPoolRepository, PoolInstance } from "../pool-repository.js";
+export declare class InMemoryPoolRepository implements IPoolRepository {
+    private poolSize;
+    private instances;
+    getPoolSize(): Promise<number>;
+    setPoolSize(size: number): Promise<void>;
+    warmCount(): Promise<number>;
+    insertWarm(id: string, containerId: string): Promise<void>;
+    listWarm(): Promise<PoolInstance[]>;
+    markDead(id: string): Promise<void>;
+    deleteDead(): Promise<void>;
+    claimWarm(tenantId: string, name: string): Promise<{
+        id: string;
+        containerId: string;
+    } | null>;
+    updateInstanceStatus(id: string, status: string): Promise<void>;
+}

package/dist/server/services/__tests__/in-memory-pool-repository.js

@@ -0,0 +1,57 @@
+/**
+ * In-memory IPoolRepository for testing.
+ * FIFO claiming, dead instance handling — no DB required.
+ */
+export class InMemoryPoolRepository {
+    poolSize = 2;
+    instances = [];
+    async getPoolSize() {
+        return this.poolSize;
+    }
+    async setPoolSize(size) {
+        this.poolSize = size;
+    }
+    async warmCount() {
+        return this.instances.filter((i) => i.status === "warm").length;
+    }
+    async insertWarm(id, containerId) {
+        this.instances.push({
+            id,
+            containerId,
+            status: "warm",
+            tenantId: null,
+            name: null,
+            createdAt: new Date(),
+            claimedAt: null,
+        });
+    }
+    async listWarm() {
+        return this.instances.filter((i) => i.status === "warm").map(({ createdAt, claimedAt, ...rest }) => rest);
+    }
+    async markDead(id) {
+        const inst = this.instances.find((i) => i.id === id);
+        if (inst)
+            inst.status = "dead";
+    }
+    async deleteDead() {
+        this.instances = this.instances.filter((i) => i.status !== "dead");
+    }
+    async claimWarm(tenantId, name) {
+        const warm = this.instances
+            .filter((i) => i.status === "warm")
+            .sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
+        if (warm.length === 0)
+            return null;
+        const target = warm[0];
+        target.status = "claimed";
+        target.tenantId = tenantId;
+        target.name = name;
+        target.claimedAt = new Date();
+        return { id: target.id, containerId: target.containerId };
+    }
+    async updateInstanceStatus(id, status) {
+        const inst = this.instances.find((i) => i.id === id);
+        if (inst)
+            inst.status = status;
+    }
+}

package/dist/server/services/__tests__/pool-repository.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Tests for IPoolRepository interface contract.
+ *
+ * Uses an in-memory implementation to verify the interface
+ * behavior without requiring a real database.
+ */
+export {};

package/dist/server/services/__tests__/pool-repository.test.js

@@ -0,0 +1,108 @@
+/**
+ * Tests for IPoolRepository interface contract.
+ *
+ * Uses an in-memory implementation to verify the interface
+ * behavior without requiring a real database.
+ */
+import { describe, expect, it } from "vitest";
+import { InMemoryPoolRepository } from "./in-memory-pool-repository.js";
+describe("IPoolRepository (InMemory)", () => {
+    it("returns default pool size of 2", async () => {
+        const repo = new InMemoryPoolRepository();
+        expect(await repo.getPoolSize()).toBe(2);
+    });
+    it("sets and gets pool size", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.setPoolSize(5);
+        expect(await repo.getPoolSize()).toBe(5);
+    });
+    it("inserts and counts warm instances", async () => {
+        const repo = new InMemoryPoolRepository();
+        expect(await repo.warmCount()).toBe(0);
+        await repo.insertWarm("a", "container-a");
+        await repo.insertWarm("b", "container-b");
+        expect(await repo.warmCount()).toBe(2);
+    });
+    it("lists warm instances", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("a", "container-a");
+        await repo.insertWarm("b", "container-b");
+        const warm = await repo.listWarm();
+        expect(warm).toHaveLength(2);
+        expect(warm[0].id).toBe("a");
+        expect(warm[0].containerId).toBe("container-a");
+        expect(warm[0].status).toBe("warm");
+    });
+    it("claims warm instance FIFO", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("first", "c-first");
+        await repo.insertWarm("second", "c-second");
+        const claimed = await repo.claimWarm("tenant-1", "my-bot");
+        expect(claimed).not.toBeNull();
+        expect(claimed?.id).toBe("first");
+        expect(claimed?.containerId).toBe("c-first");
+        // Warm count drops by 1
+        expect(await repo.warmCount()).toBe(1);
+    });
+    it("returns null when claiming from empty pool", async () => {
+        const repo = new InMemoryPoolRepository();
+        const result = await repo.claimWarm("tenant-1", "bot");
+        expect(result).toBeNull();
+    });
+    it("does not re-claim already claimed instances", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("only", "c-only");
+        const first = await repo.claimWarm("t1", "bot1");
+        expect(first).not.toBeNull();
+        const second = await repo.claimWarm("t2", "bot2");
+        expect(second).toBeNull();
+    });
+    it("marks instances dead", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("a", "c-a");
+        await repo.markDead("a");
+        expect(await repo.warmCount()).toBe(0);
+        const warm = await repo.listWarm();
+        expect(warm).toHaveLength(0);
+    });
+    it("deletes dead instances", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("a", "c-a");
+        await repo.insertWarm("b", "c-b");
+        await repo.markDead("a");
+        await repo.deleteDead();
+        // Only 'b' remains (warm)
+        expect(await repo.warmCount()).toBe(1);
+        const warm = await repo.listWarm();
+        expect(warm[0].id).toBe("b");
+    });
+    it("updates instance status", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("a", "c-a");
+        await repo.updateInstanceStatus("a", "provisioning");
+        // No longer warm
+        expect(await repo.warmCount()).toBe(0);
+    });
+    it("handles multiple claims in order", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("1", "c-1");
+        await repo.insertWarm("2", "c-2");
+        await repo.insertWarm("3", "c-3");
+        const c1 = await repo.claimWarm("t-a", "bot-a");
+        const c2 = await repo.claimWarm("t-b", "bot-b");
+        const c3 = await repo.claimWarm("t-c", "bot-c");
+        const c4 = await repo.claimWarm("t-d", "bot-d");
+        expect(c1?.id).toBe("1");
+        expect(c2?.id).toBe("2");
+        expect(c3?.id).toBe("3");
+        expect(c4).toBeNull();
+        expect(await repo.warmCount()).toBe(0);
+    });
+    it("dead instances are not claimable", async () => {
+        const repo = new InMemoryPoolRepository();
+        await repo.insertWarm("a", "c-a");
+        await repo.markDead("a");
+        const result = await repo.claimWarm("t1", "bot");
+        expect(result).toBeNull();
+    });
+});

package/dist/server/test-container.js

@@ -7,6 +7,7 @@
  *   const c = createTestContainer();
  *   const c2 = createTestContainer({ creditLedger: myCustomLedger });
  */
+import { ProductConfigService } from "../product-config/service.js";
 // ---------------------------------------------------------------------------
 // Stub factories (satisfy interface contracts with no-op implementations)
 // ---------------------------------------------------------------------------
@@ -76,6 +77,18 @@ function stubProductConfig() {
         billing: null,
     };
 }
+function stubProductConfigService() {
+    const stubRepo = {
+        getBySlug: async () => stubProductConfig(),
+        listAll: async () => [],
+        upsertProduct: async () => stubProductConfig().product,
+        replaceNavItems: async () => { },
+        upsertFeatures: async () => { },
+        upsertFleetConfig: async () => { },
+        upsertBillingConfig: async () => { },
+    };
+    return new ProductConfigService(stubRepo);
+}
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------
@@ -88,6 +101,7 @@ export function createTestContainer(overrides) {
         db: {},
         pool: { end: async () => { } },
         productConfig: stubProductConfig(),
+        productConfigService: stubProductConfigService(),
         creditLedger: stubLedger(),
         orgMemberRepo: stubOrgMemberRepo(),
         orgService: {},

package/dist/trpc/index.d.ts

@@ -3,7 +3,10 @@ export { createAssertOrgAdminOrOwner } from "./auth-helpers.js";
 export { authSocialRouter } from "./auth-social-router.js";
 export { createAdminFleetUpdateRouterFromContainer, createFleetUpdateConfigRouterFromContainer, createNotificationTemplateRouterFromContainer, createOrgRemovePaymentMethodRouterFromContainer, createProductConfigRouterFromContainer, initTrpcFromContainer, } from "./container-factories.js";
 export { createFleetUpdateConfigRouter } from "./fleet-update-config-router.js";
-export { adminProcedure, createCallerFactory, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, type TRPCContext, tenantProcedure, } from "./init.js";
+export { adminProcedure, createCallerFactory, createTRPCContext, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, type TRPCContext, tenantProcedure, } from "./init.js";
 export { createNotificationTemplateRouter } from "./notification-template-router.js";
 export { createOrgRemovePaymentMethodRouter, type OrgRemovePaymentMethodDeps, } from "./org-remove-payment-method-router.js";
 export { createProductConfigRouter } from "./product-config-router.js";
+export { type PageContextRouterDeps, pageContextRouter, setPageContextRouterDeps } from "./routers/page-context.js";
+export { type ProfileRouterDeps, profileRouter, setProfileRouterDeps } from "./routers/profile.js";
+export { type SettingsRouterDeps, setSettingsRouterDeps, settingsRouter } from "./routers/settings.js";

package/dist/trpc/index.js

@@ -3,7 +3,10 @@ export { createAssertOrgAdminOrOwner } from "./auth-helpers.js";
 export { authSocialRouter } from "./auth-social-router.js";
 export { createAdminFleetUpdateRouterFromContainer, createFleetUpdateConfigRouterFromContainer, createNotificationTemplateRouterFromContainer, createOrgRemovePaymentMethodRouterFromContainer, createProductConfigRouterFromContainer, initTrpcFromContainer, } from "./container-factories.js";
 export { createFleetUpdateConfigRouter } from "./fleet-update-config-router.js";
-export { adminProcedure, createCallerFactory, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";
+export { adminProcedure, createCallerFactory, createTRPCContext, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";
 export { createNotificationTemplateRouter } from "./notification-template-router.js";
 export { createOrgRemovePaymentMethodRouter, } from "./org-remove-payment-method-router.js";
 export { createProductConfigRouter } from "./product-config-router.js";
+export { pageContextRouter, setPageContextRouterDeps } from "./routers/page-context.js";
+export { profileRouter, setProfileRouterDeps } from "./routers/profile.js";
+export { setSettingsRouterDeps, settingsRouter } from "./routers/settings.js";

package/dist/trpc/init.d.ts

@@ -12,6 +12,11 @@ export interface TRPCContext {
     /** Tenant ID associated with the bearer token, if any. */
     tenantId: string | undefined;
 }
+/**
+ * Create a TRPCContext from an incoming request.
+ * Resolves the user from BetterAuth session cookies.
+ */
+export declare function createTRPCContext(req: Request): Promise<TRPCContext>;
 /** Wire the org member repository for tRPC tenant validation. Called from services.ts on startup. */
 export declare function setTrpcOrgMemberRepo(repo: IOrgMemberRepository): void;
 export declare const router: import("@trpc/server").TRPCRouterBuilder<{

package/dist/trpc/init.js

@@ -8,6 +8,34 @@ import { initTRPC, TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { validateTenantAccess } from "../auth/index.js";
 // ---------------------------------------------------------------------------
+// Context factory — resolves BetterAuth session into TRPCContext
+// ---------------------------------------------------------------------------
+/**
+ * Create a TRPCContext from an incoming request.
+ * Resolves the user from BetterAuth session cookies.
+ */
+export async function createTRPCContext(req) {
+    let user;
+    let tenantId;
+    try {
+        const { getAuth } = await import("../auth/better-auth.js");
+        const auth = getAuth();
+        const session = await auth.api.getSession({ headers: req.headers });
+        if (session?.user) {
+            const sessionUser = session.user;
+            const roles = [];
+            if (sessionUser.role)
+                roles.push(sessionUser.role);
+            user = { id: sessionUser.id, roles };
+            tenantId = req.headers.get("x-tenant-id") || sessionUser.id;
+        }
+    }
+    catch {
+        // No session — unauthenticated request
+    }
+    return { user, tenantId: tenantId ?? "" };
+}
+// ---------------------------------------------------------------------------
 // tRPC init
 // ---------------------------------------------------------------------------
 const t = initTRPC.context().create();

package/dist/trpc/routers/page-context.d.ts

@@ -0,0 +1,37 @@
+/**
+ * tRPC page-context router — stores and retrieves per-user page context.
+ *
+ * Pure platform-core — no product-specific imports.
+ */
+import type { IPageContextRepository } from "../../fleet/page-context-repository.js";
+export interface PageContextRouterDeps {
+    repo: IPageContextRepository;
+}
+export declare function setPageContextRouterDeps(deps: PageContextRouterDeps): void;
+export declare const pageContextRouter: import("@trpc/server").TRPCBuiltRouter<{
+    ctx: import("../init.js").TRPCContext;
+    meta: object;
+    errorShape: import("@trpc/server").TRPCDefaultErrorShape;
+    transformer: false;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    /** Update the page context for the current user. Called on route change. */
+    update: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            currentPage: string;
+            pagePrompt: string | null;
+        };
+        output: {
+            ok: true;
+        };
+        meta: object;
+    }>;
+    /** Get the current page context for the authenticated user. */
+    current: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            currentPage: string;
+            pagePrompt: string | null;
+        } | null;
+        meta: object;
+    }>;
+}>>;

package/dist/trpc/routers/page-context.js

@@ -0,0 +1,41 @@
+/**
+ * tRPC page-context router — stores and retrieves per-user page context.
+ *
+ * Pure platform-core — no product-specific imports.
+ */
+import { TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { protectedProcedure, router } from "../init.js";
+let _deps = null;
+export function setPageContextRouterDeps(deps) {
+    _deps = deps;
+}
+function deps() {
+    if (!_deps)
+        throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Page context not initialized" });
+    return _deps;
+}
+// ---------------------------------------------------------------------------
+// Schema
+// ---------------------------------------------------------------------------
+const updatePageContextSchema = z.object({
+    currentPage: z.string().min(1).max(500),
+    pagePrompt: z.string().max(2000).nullable(),
+});
+// ---------------------------------------------------------------------------
+// Router
+// ---------------------------------------------------------------------------
+export const pageContextRouter = router({
+    /** Update the page context for the current user. Called on route change. */
+    update: protectedProcedure.input(updatePageContextSchema).mutation(async ({ ctx, input }) => {
+        await deps().repo.set(ctx.user.id, input.currentPage, input.pagePrompt);
+        return { ok: true };
+    }),
+    /** Get the current page context for the authenticated user. */
+    current: protectedProcedure.query(async ({ ctx }) => {
+        const pc = await deps().repo.get(ctx.user.id);
+        if (!pc)
+            return null;
+        return { currentPage: pc.currentPage, pagePrompt: pc.pagePrompt };
+    }),
+});

package/dist/trpc/routers/profile.d.ts

@@ -0,0 +1,71 @@
+/**
+ * tRPC profile router — get/update user profile and change password.
+ *
+ * Pure platform-core — no product-specific imports.
+ */
+export interface ProfileRouterDeps {
+    getUser: (userId: string) => Promise<{
+        id: string;
+        name: string;
+        email: string;
+        image: string | null;
+        twoFactorEnabled: boolean;
+    } | null>;
+    updateUser: (userId: string, data: {
+        name?: string;
+        image?: string | null;
+    }) => Promise<{
+        id: string;
+        name: string;
+        email: string;
+        image: string | null;
+        twoFactorEnabled: boolean;
+    }>;
+    changePassword: (userId: string, currentPassword: string, newPassword: string) => Promise<boolean>;
+}
+export declare function setProfileRouterDeps(deps: ProfileRouterDeps): void;
+export declare const profileRouter: import("@trpc/server").TRPCBuiltRouter<{
+    ctx: import("../init.js").TRPCContext;
+    meta: object;
+    errorShape: import("@trpc/server").TRPCDefaultErrorShape;
+    transformer: false;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    /** Get the authenticated user's profile. */
+    getProfile: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            id: string;
+            name: string;
+            email: string;
+            image: string | null;
+            twoFactorEnabled: boolean;
+        };
+        meta: object;
+    }>;
+    /** Update the authenticated user's display name and/or avatar. */
+    updateProfile: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            name?: string | undefined;
+            image?: string | null | undefined;
+        };
+        output: {
+            id: string;
+            name: string;
+            email: string;
+            image: string | null;
+            twoFactorEnabled: boolean;
+        };
+        meta: object;
+    }>;
+    /** Change the authenticated user's password. */
+    changePassword: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            currentPassword: string;
+            newPassword: string;
+        };
+        output: {
+            ok: true;
+        };
+        meta: object;
+    }>;
+}>>;

package/dist/trpc/routers/profile.js

@@ -0,0 +1,68 @@
+/**
+ * tRPC profile router — get/update user profile and change password.
+ *
+ * Pure platform-core — no product-specific imports.
+ */
+import { TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { protectedProcedure, router } from "../init.js";
+let _deps = null;
+export function setProfileRouterDeps(deps) {
+    _deps = deps;
+}
+function deps() {
+    if (!_deps)
+        throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "Profile router not initialized" });
+    return _deps;
+}
+// ---------------------------------------------------------------------------
+// Router
+// ---------------------------------------------------------------------------
+export const profileRouter = router({
+    /** Get the authenticated user's profile. */
+    getProfile: protectedProcedure.query(async ({ ctx }) => {
+        const user = await deps().getUser(ctx.user.id);
+        if (!user) {
+            throw new TRPCError({ code: "NOT_FOUND", message: "User not found" });
+        }
+        return {
+            id: user.id,
+            name: user.name,
+            email: user.email,
+            image: user.image,
+            twoFactorEnabled: user.twoFactorEnabled,
+        };
+    }),
+    /** Update the authenticated user's display name and/or avatar. */
+    updateProfile: protectedProcedure
+        .input(z.object({
+        name: z.string().min(1).max(128).optional(),
+        image: z.string().url().max(2048).nullable().optional(),
+    }))
+        .mutation(async ({ input, ctx }) => {
+        const updated = await deps().updateUser(ctx.user.id, {
+            ...(input.name !== undefined && { name: input.name }),
+            ...(input.image !== undefined && { image: input.image }),
+        });
+        return {
+            id: updated.id,
+            name: updated.name,
+            email: updated.email,
+            image: updated.image,
+            twoFactorEnabled: updated.twoFactorEnabled,
+        };
+    }),
+    /** Change the authenticated user's password. */
+    changePassword: protectedProcedure
+        .input(z.object({
+        currentPassword: z.string().min(1),
+        newPassword: z.string().min(8, "Password must be at least 8 characters"),
+    }))
+        .mutation(async ({ input, ctx }) => {
+        const ok = await deps().changePassword(ctx.user.id, input.currentPassword, input.newPassword);
+        if (!ok) {
+            throw new TRPCError({ code: "BAD_REQUEST", message: "Current password is incorrect" });
+        }
+        return { ok: true };
+    }),
+});