backend-manager 5.9.4 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CLAUDE.md +6 -0
  2. package/package.json +8 -1
  3. package/src/cli/commands/install.js +4 -3
  4. package/src/cli/commands/setup-tests/backend-manager.js +2 -1
  5. package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
  6. package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
  7. package/src/cli/utils/safe-install.js +13 -0
  8. package/src/manager/routes/payments/cancel/post.js +22 -2
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  13. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  22. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  23. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  24. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  25. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  26. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  27. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  28. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  29. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  30. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  31. package/src/test/test-accounts.js +9 -0
  32. package/.codeclimate.yml +0 -32
  33. package/.nvmrc +0 -1
  34. package/CHANGELOG.md +0 -1432
  35. package/PROGRESS.md +0 -86
  36. package/TODO-2.md +0 -121
  37. package/TODO-CHARGEBLAST.md +0 -32
  38. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  39. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  40. package/TODO-email-auth.md +0 -14
  41. package/TODO.md +0 -187
  42. package/plans/mcp2.md +0 -247
  43. package/scripts/test-helper-providers.js +0 -162
  44. package/scripts/update-disposable-domains.js +0 -44
  45. package/templates/_.env +0 -42
  46. package/templates/_.gitignore +0 -60
  47. package/templates/backend-manager-config.json +0 -249
  48. package/templates/database.rules.json +0 -83
  49. package/templates/firebase.json +0 -66
  50. package/templates/firestore.indexes.json +0 -4
  51. package/templates/firestore.rules +0 -112
  52. package/templates/public/404.html +0 -26
  53. package/templates/public/index.html +0 -24
  54. package/templates/remoteconfig.template.json +0 -1
  55. package/templates/storage-lifecycle-config-1-day.json +0 -9
  56. package/templates/storage-lifecycle-config-30-days.json +0 -9
  57. package/templates/storage.rules +0 -8
  58. package/test/_init/accounts-validation.js +0 -58
  59. package/test/_legacy/ai/index.js +0 -231
  60. package/test/_legacy/ai/test.jpg +0 -0
  61. package/test/_legacy/ai/test.pdf +0 -0
  62. package/test/_legacy/index.js +0 -31
  63. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  64. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  68. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  69. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  70. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  71. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  72. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  73. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  74. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  75. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  76. package/test/_legacy/payment-resolver/index.js +0 -1558
  77. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  78. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  86. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  87. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  88. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  89. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  90. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  91. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  92. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  96. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  97. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  98. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  99. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  100. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  101. package/test/_legacy/test-new +0 -1178
  102. package/test/_legacy/test.md +0 -89
  103. package/test/_legacy/usage.js +0 -175
  104. package/test/_legacy/user.js +0 -31
  105. package/test/ai/tools-live.js +0 -170
  106. package/test/boot/emulator-boots.js +0 -37
  107. package/test/content/blog-generate.js +0 -160
  108. package/test/email/campaign-send.js +0 -45
  109. package/test/email/consent-lifecycle.js +0 -257
  110. package/test/email/feedback-and-plain-send.js +0 -52
  111. package/test/email/fixtures/editorial.json +0 -30
  112. package/test/email/fixtures/field-report.json +0 -53
  113. package/test/email/marketing-lifecycle.js +0 -132
  114. package/test/email/newsletter-generate.js +0 -819
  115. package/test/email/newsletter-templates.js +0 -491
  116. package/test/email/templates.js +0 -207
  117. package/test/email/transactional-send.js +0 -34
  118. package/test/email/transactional.js +0 -560
  119. package/test/email/validation.js +0 -710
  120. package/test/events/auth-delete-race.js +0 -201
  121. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  122. package/test/events/payments/journey-payments-cancel.js +0 -182
  123. package/test/events/payments/journey-payments-discount.js +0 -89
  124. package/test/events/payments/journey-payments-failure.js +0 -146
  125. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  126. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  127. package/test/events/payments/journey-payments-one-time.js +0 -136
  128. package/test/events/payments/journey-payments-plan-change.js +0 -144
  129. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  130. package/test/events/payments/journey-payments-suspend.js +0 -181
  131. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  132. package/test/events/payments/journey-payments-trial.js +0 -171
  133. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  134. package/test/events/payments/journey-payments-upgrade.js +0 -135
  135. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  136. package/test/fixtures/chargebee/subscription-active.json +0 -44
  137. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  138. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  139. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  140. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  141. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  142. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  143. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  144. package/test/fixtures/paypal/order-approved.json +0 -62
  145. package/test/fixtures/paypal/order-completed.json +0 -110
  146. package/test/fixtures/paypal/subscription-active.json +0 -76
  147. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  148. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  149. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  150. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  151. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  152. package/test/fixtures/stripe/subscription-active.json +0 -161
  153. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  154. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  155. package/test/functions/admin/database-read.js +0 -134
  156. package/test/functions/admin/database-write.js +0 -159
  157. package/test/functions/admin/edit-post.js +0 -366
  158. package/test/functions/admin/firestore-query.js +0 -207
  159. package/test/functions/admin/firestore-read.js +0 -129
  160. package/test/functions/admin/firestore-write.js +0 -105
  161. package/test/functions/admin/get-stats.js +0 -115
  162. package/test/functions/admin/send-email.js +0 -119
  163. package/test/functions/admin/send-notification.js +0 -208
  164. package/test/functions/admin/write-repo-content.js +0 -223
  165. package/test/functions/general/add-marketing-contact.js +0 -335
  166. package/test/functions/general/fetch-post.js +0 -54
  167. package/test/functions/general/generate-uuid.js +0 -114
  168. package/test/functions/test/authenticate.js +0 -64
  169. package/test/functions/user/create-custom-token.js +0 -73
  170. package/test/functions/user/delete.js +0 -135
  171. package/test/functions/user/get-active-sessions.js +0 -111
  172. package/test/functions/user/get-subscription-info.js +0 -99
  173. package/test/functions/user/regenerate-api-keys.js +0 -156
  174. package/test/functions/user/resolve.js +0 -52
  175. package/test/functions/user/sign-out-all-sessions.js +0 -94
  176. package/test/functions/user/sign-up.js +0 -252
  177. package/test/functions/user/submit-feedback.js +0 -104
  178. package/test/functions/user/validate-settings.js +0 -82
  179. package/test/helpers/ai-request-payload.js +0 -300
  180. package/test/helpers/ai-test-provider.js +0 -202
  181. package/test/helpers/ai-tools-format.js +0 -383
  182. package/test/helpers/content/blog-auto-publisher.js +0 -484
  183. package/test/helpers/content/feed-parser.js +0 -528
  184. package/test/helpers/content/ghostii-blocks.js +0 -134
  185. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  186. package/test/helpers/content/ghostii-write-article.js +0 -243
  187. package/test/helpers/environment.js +0 -230
  188. package/test/helpers/infer-contact.js +0 -113
  189. package/test/helpers/merge-line-files.js +0 -271
  190. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  191. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  192. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  193. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  194. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  195. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  196. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  197. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  198. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  199. package/test/helpers/sanitize.js +0 -222
  200. package/test/helpers/slugify.js +0 -394
  201. package/test/helpers/storage.js +0 -194
  202. package/test/helpers/user.js +0 -755
  203. package/test/helpers/webhook-forward.js +0 -418
  204. package/test/mcp/discovery.js +0 -53
  205. package/test/mcp/oauth.js +0 -161
  206. package/test/mcp/protocol.js +0 -268
  207. package/test/mcp/roles.js +0 -188
  208. package/test/mcp/utils.js +0 -245
  209. package/test/routes/admin/create-post.js +0 -364
  210. package/test/routes/admin/database.js +0 -131
  211. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  212. package/test/routes/admin/email.js +0 -114
  213. package/test/routes/admin/firestore-query.js +0 -204
  214. package/test/routes/admin/firestore.js +0 -127
  215. package/test/routes/admin/infer-contact.js +0 -218
  216. package/test/routes/admin/notification.js +0 -198
  217. package/test/routes/admin/post-resize-image.js +0 -184
  218. package/test/routes/admin/post.js +0 -368
  219. package/test/routes/admin/repo-content.js +0 -223
  220. package/test/routes/admin/stats.js +0 -112
  221. package/test/routes/content/post.js +0 -54
  222. package/test/routes/general/uuid.js +0 -115
  223. package/test/routes/marketing/campaign.js +0 -125
  224. package/test/routes/marketing/contact.js +0 -370
  225. package/test/routes/marketing/email-preferences.js +0 -292
  226. package/test/routes/marketing/push-send.js +0 -32
  227. package/test/routes/marketing/webhook-forward.js +0 -61
  228. package/test/routes/marketing/webhook.js +0 -639
  229. package/test/routes/payments/cancel.js +0 -140
  230. package/test/routes/payments/discount.js +0 -80
  231. package/test/routes/payments/dispute-alert.js +0 -320
  232. package/test/routes/payments/intent.js +0 -336
  233. package/test/routes/payments/portal.js +0 -92
  234. package/test/routes/payments/refund.js +0 -179
  235. package/test/routes/payments/trial-eligibility.js +0 -71
  236. package/test/routes/payments/webhook.js +0 -107
  237. package/test/routes/test/authenticate.js +0 -59
  238. package/test/routes/test/schema.js +0 -554
  239. package/test/routes/test/usage.js +0 -342
  240. package/test/routes/user/api-keys.js +0 -156
  241. package/test/routes/user/delete.js +0 -136
  242. package/test/routes/user/feedback.js +0 -104
  243. package/test/routes/user/sessions.js +0 -199
  244. package/test/routes/user/settings-validate.js +0 -82
  245. package/test/routes/user/signup.js +0 -542
  246. package/test/routes/user/subscription.js +0 -99
  247. package/test/routes/user/token.js +0 -73
  248. package/test/routes/user/user.js +0 -157
  249. package/test/rules/notifications.js +0 -410
  250. package/test/rules/payments-carts.js +0 -371
  251. package/test/rules/user.js +0 -396
package/PROGRESS.md DELETED
@@ -1,86 +0,0 @@
1
- # Project Progress Tracker
2
- > Agents and maintainers should update this file regularly to reflect the current state of the project.
3
-
4
- ## 🎯 Current Focus
5
- * **Goal:** Ghostii feed sources cleanup + Somiibo consumer config
6
- * **Current Phase:** Fixes applied + tested, pending commit + publish
7
- * **Priority:** High
8
- * **Last Updated:** 2026-06-19 3:05 AM PDT
9
- * **Notes:** Renamed Firestore collection `ghostii-feed-items` → `ghostii-sources`. Fixed `FieldValue.serverTimestamp()` → BEM metadata pattern. Added 5 marketing/social feeds to extended tests. All tests passing (20/20 standard, 9/9 extended). Somiibo consumer has feeds configured + `ghostii-sources.md` evaluation doc. Needs BEM publish + consumer deploy.
10
-
11
- ## 📌 Active Task List
12
- * [ ] Phase 6: Setup scaffolds essential configs for fresh projects
13
- * [x] Task 6.1: Add `templates/firebase.json` standard template
14
- * [x] Task 6.2: Add `scaffoldConfigs()` + `resolveProjectId()` to setup.js (runs before config resolution)
15
- * [x] Task 6.3: Auto-fix `engines.node` instead of throwing
16
- * [x] Task 6.4: Fix `dependencies['backend-manager']` crash when BEM is in devDependencies
17
- * [x] Task 6.5: Verify fix on truly bare project (dailyembers-backend — 13/14 pass, only service-account expected)
18
- * [x] Task 6.6: Optimize — consolidate scattered scaffolding into one `[DEFAULTS]` pass with `loadFiles()` DRY extraction
19
- * [x] Task 6.7: Regression test on existing project (ultimate-jekyll-backend — all pass)
20
- * [x] Task 6.8: Update docs (CLAUDE.md, CHANGELOG.md)
21
- * [ ] Task 6.9: Publish new BEM version
22
- * [ ] Phase 5: Ghostii feed-based article system
23
- * [x] Task 5.1: Create `feed-parser.js` (RSS 2.0, Atom 1.0, JSON Feed parser + article extractor)
24
- * [x] Task 5.2: Add `fast-xml-parser` dependency to BEM
25
- * [x] Task 5.3: Add `sourceContent` field to Ghostii backend schema (16KB)
26
- * [x] Task 5.4: Update Ghostii outline prompt (Step 2 only) with sourceContent for efficient spinning
27
- * [x] Task 5.5: Update `writeArticle()` to accept `sourceContent` and per-entry `overrides`
28
- * [x] Task 5.6: Upgrade `ghostii-auto-publisher.js` — `$feed:` source type, feed processing, Firestore tracking, fallback
29
- * [x] Task 5.7: Update config template with new source types and overrides
30
- * [x] Task 5.8: Write extensive test suite (4 test files: unit, integration, extended E2E)
31
- * [x] Task 5.9: Verify all tests pass (84 standard + 8 extended against real RSS feeds)
32
- * [x] Task 5.10: Create `docs/ghostii.md` deep reference, update CLAUDE.md + CHANGELOG.md
33
- * [x] Task 5.11: Verify all recommended feed URLs work (The Verge removed — CDN blocks programmatic access)
34
- * [x] Task 5.12: Write ghostii-backend tests for sourceContent (4 schema + 1 extended generation)
35
- * [x] Task 5.13: Ghostii sourceContent accepts URL (auto-fetches + extracts article text)
36
- * [x] Task 5.14: Add fact paraphrasing to outline prompt + newsletter writer
37
- * [x] Task 5.15: Fix Step 3 prompts — assertive link insertion + blockquote in every body section
38
- * [x] Task 5.16: Fix humanizer stripping links — `injectBurstiness` was breaking `[text](url)` syntax; added protect-and-restore pattern + tests
39
- * [x] Task 5.17: Fix 403 links treated as "working" in link verification step
40
- * [x] Task 5.18: Add detective-level `[LINKS]` diagnostic logging to article pipeline
41
- * [x] Task 5.19: Ship BEM v5.8.0 to npm
42
- * [x] Task 5.20: Ship Ghostii-backend v1.0.5 + deploy to Firebase
43
- * [ ] Task 5.17: Publish BEM with feed support
44
- * [ ] Task 5.12: Publish BEM with feed support
45
- * [ ] Task 5.13: Configure consumer project(s) with `$feed:` sources
46
- * [ ] Phase 3: Post-audit bug fixes
47
- * [x] Newsletter ReferenceError: `beehiivConfig` → `newsletterRoleConfig` (committed v5.7.1)
48
- * [x] HTTPS proxy: `serve.js` returns boolean, caller uses `httpsReady` not `httpsEnabled`
49
- * [x] AI normalizeOptions: array-content system messages now get rules injected
50
- * [x] Setup warn handling: `warnCount` tracked separately, warns don't trigger retry
51
- * [x] Copy-paste fix: `sender: 'electron-manager'` → `'backend-manager'`
52
- * [x] Test: AI array-content-blocks test added + passing (20/20)
53
- * [x] Fix: consent rules test — write `'forged'` instead of `'granted'` to avoid value collision with prior email-preferences tests
54
- * [x] Fix: `cancel-too-young` account `timestampUNIX` uses seconds (was ms)
55
- * [x] Fix: auth on-delete race condition — `deleteTestUsers` uses emulator bulk-clear REST API instead of individual `deleteUser()` calls (eliminates async on-delete triggers that clobbered freshly-created accounts)
56
- * [x] Diagnostic: auth-delete-race test — proved the race condition (80-100% clobber rate without mitigation), removed after fix verified
57
- * [x] Commit + publish framework fixes (v5.7.2)
58
- * [ ] Deploy somiibo-backend + advance stuck sendAt
59
- * [ ] Phase 4: Root package.json proxy scripts
60
- * [x] Task 4.1: Create `root-package-json.js` setup test (proxies `projectScripts` with `cd functions &&` prefix + `preinstall` guard)
61
- * [x] Task 4.2: Register in setup test index (after `npm-project-scripts`)
62
- * [ ] Task 4.3: Test in consumer project (`npx mgr setup` from ultimate-jekyll-backend)
63
- * [ ] Task 4.4: Verify `npm test` / `npm start` work from project root
64
-
65
- ## ✅ Completed Task List
66
- * [x] Phase 1: MCP role-based tool scoping + consumer extensibility
67
- * [x] Foundation utilities (`src/mcp/utils.js`)
68
- * [x] Add `role` to all 19 tools (`src/mcp/tools.js`)
69
- * [x] User token support in HTTP client (`src/mcp/client.js`)
70
- * [x] Stdio server role filtering + consumer tools (`src/mcp/index.js`)
71
- * [x] CLI `--token` flag + `cwd` passthrough (`src/cli/commands/mcp.js`)
72
- * [x] HTTP handler — role filtering, OAuth user flow, consumer tool execution (`src/mcp/handler.js`)
73
- * [x] Test suite — 44 tests across 5 files
74
- * [x] Documentation — `docs/mcp.md`, `CLAUDE.md`
75
- * [x] UJM `/token` page update (separate repo)
76
- * [x] Phase 2: HTTPS local dev + Claude Desktop MCP testing
77
- * [x] HTTPS proxy in `npx mgr serve` (mkcert certs, port 5002 → 5443)
78
- * [x] `getApiUrl()` returns `https://` when `BEM_HTTPS_PORT` is set
79
- * [x] Fix OAuth discovery (root-level issuer per RFC 8414)
80
- * [x] Add dynamic client registration (`POST /mcp/register`)
81
- * [x] Fix 401 trigger for OAuth flow
82
- * [x] Tool annotations (title, readOnlyHint, destructiveHint, etc.)
83
- * [x] Role reassignment (cancel/refund/uuid → admin, user = read-only)
84
- * [x] Consumer tool override bug fix (listing/execution sync)
85
- * [x] Test MCP connection in Claude Desktop — verified end-to-end
86
- * [x] Update tests (44 passing) + docs
package/TODO-2.md DELETED
@@ -1,121 +0,0 @@
1
- TODO
2
- * pdate deps LIKE WF, PP, ETC
3
-
4
- TODO
5
- * remove shim in
6
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/libraries/email/transactional/index.js:59-61 — legacy template name map
7
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/libraries/email/transactional/index.js:132-135 — data.body → data.content shim
8
- ONly needed for about 10 days after Jue 6th 2026, then safe to remove (queued emails)
9
-
10
- PAYMENT SYSTEM
11
- * Ensure attribution is working (utm but also the AD ID shit like from adwords, tiktok ads, meta etc)
12
- * ensure legacy plan RESOLVING is working
13
-
14
- payments/reactivate
15
- * takes a subscription id and reactivates a cancelled subscription. this can only be done if the subscription is still within its billing period, otherwise the user would have to create a new subscription.
16
- payments/upgrade
17
- * takes a subscription id and a new plan id and upgrades the user's subscription to the new plan. this can only be done if the user has an active subscription.
18
-
19
- I'd call that cancellation-reversed — it pairs naturally with the existing cancellation-requested transition and clearly communicates the action (they reversed/undid the pending cancellation).
20
-
21
- on the email we send, for payment recovered what is the category
22
- Let me check the handler.
23
-
24
- Read payment-recovered.js
25
- The category is order/payment-recovered (line 13).
26
-
27
- TODO-2.md
28
- waht about when they request a cancel
29
- Read cancellation-requested.js
30
- The category is order/cancellation-requested (line 13).
31
-
32
- ----
33
- add a dedicated BEM JSON field for usage to reset
34
- * this way we can have clear LIMITS with their definitions like
35
- * [
36
- {
37
- name: 'credits'
38
- reset: true,
39
- },
40
- {
41
- name: 'agents',
42
- reset: false,
43
- }
44
- ]
45
- * mirrors: [
46
- {
47
- collection: 'agents',
48
- fields: ['usage.credits.daily', 'runs.replies.daily],
49
- }
50
- ]
51
-
52
- ---
53
- MIRROR settigns in BEM JSON so that usage reset can properly get MIRRED DOCS liek slapform forms or chatsy agents DOCS
54
-
55
- ---
56
- GHOSTII REVAMP
57
- * better logic for generating posts. better model? claude?
58
-
59
- ---- MCP
60
- * ability for consuming prjec to specify MCP functions
61
-
62
- -------
63
- UPSELL
64
- * products in BEM can have an UPSELL where you link another product ID and it allows you to add it to your cart OR shows you after checkout?
65
-
66
- -------
67
- USER OBJECT UPDGRADE --> INSTANCE?
68
-
69
- const User = require('backend-manager/src/manager/helpers/user');
70
- +
71
- User.resolveSubscription(self.request.user);
72
- -->
73
- one object that cna do resolveSubscription(), getAccount(), etc
74
-
75
- since you changed some things, do all tests in all projects align still?
76
-
77
- after that, udpate README, CLAUDE.md and ANY TOPLEVLE CLAUDE SKILLS so that we never make this mistake again
78
-
79
- including
80
-
81
- ---------
82
-
83
- TEST NEWSLETTER
84
- POST /admin/cron { id: 'daily/marketing-newsletter-generate' }
85
-
86
-
87
- SIGNUP HANDLER
88
- Here are the instructions for BEM:
89
-
90
- Update updateReferral() in sign-up.js to resolve all legacy affiliate code formats:
91
-
92
- The affiliateCode value coming from the client could be in 3 formats:
93
-
94
- Format Example How to resolve
95
- Affiliate code (7-14 alphanumeric) rmUKlC4z1 Query users where affiliate.code == value (current behavior)
96
- UID (28 chars) 6sNjQFxTsObA73D8lkF01gcWdP92 Direct doc lookup: users/{value}
97
- Base64 email (e.g. cG9ldH...Lm_2) cG9ldHJ5aW5hY3Rpb24yMDE4QGdtYWlsLmNvbQ_2 Strip _\d+ suffix, base64-decode, query users where auth.email == decoded
98
- Any other format → ignore (resolve with no referrer).
99
-
100
- The resolution logic should go at the top of updateReferral(), before the current where('affiliate.code', '==', affiliateCode) query. Try each format in order:
101
-
102
- If affiliateCode matches /^[0-9a-zA-Z_-]{7,14}$/ → query by affiliate.code (current path)
103
- Else if affiliateCode.length === 28 → direct doc get users/{affiliateCode}, use that as the referrer
104
- Else try base64 decode: strip trailing _\d+, decode, if result contains @ → query by auth.email
105
- Else → log and return (unrecognized format)
106
- Once the referrer doc is found (by any method), the rest stays the same: push to affiliate.referrals.
107
-
108
- * if the usage was used and the user is actuall authenticated (uid, not just an admin or unauthed user),
109
- * set the user's context (ip, location, etc)
110
-
111
- Payment attribution
112
- * can you ensure the the user's attribution (utm etc) is assocaited with the purchase
113
- * mostly i am referring to the payent events sent to GA4, tiktok, meta
114
- * i think we should make it so if the attribution was set less than 30 days ago (the date is in the attribution) then it counts
115
- * it shouldbe attached to the payments-orders and then ALL FUTURE EVENTS should send that (thats a good idea right??)
116
-
117
- Payment disputes
118
- * automatic dispute handling
119
- * during bm_cron daily, we should check for open disputes for pypal stripe etc... we should then FILL THEM WITH INFORMATION USEFUL FOR WINNING
120
- * we should attach USAGE LOGS, IP logs, etc. you should take inspiration from my previous attmept at this (/Users/ian/Developer/Repositories/ITW-Creative-Works/subscription-profile-sync/main/disputes)
121
- * HOWEVER, i know for a fact i got a lot of it wrong. so JUST USE AS INSPO, you should recreate it full
@@ -1,32 +0,0 @@
1
- As for the AMEX enrollment, AMEX alerts are not supported on Stripe/Shopify. To enable them, you’ll need a dedicated AMEX MID and a payment orchestrator to route all AMEX transactions through that dedicated MID. Using a dedicated AMEX MID allows for a dispute rate of up to 5%, so routing all AMEX traffic through it will significantly reduce your dispute rate on Stripe.
2
-
3
- 06:44 PM
4
- For Discover,
5
-
6
- In order to enroll in Discover coverage, you will need to do the following:
7
-
8
- First, provide us with details about your business below:
9
- - Merchant Legal Name:
10
- - Merchant DBA Name:
11
- - Merchant Registered Street Address:
12
- - City:
13
- - Country:
14
- - State/Province:
15
- - ZIP/Postal Code:
16
-
17
- Second, you must request from your payment processor’s support for a few pieces of information. To do so, please follow the steps below and send them the email template below.
18
-
19
- ""I am enrolling for Discover Ethoca Alerts via my third-party vendor, Chargeblast. I need my 15-Digit Discover SE number. Can you please provide these pieces of information to me ASAP? Let me know if you need any additional info from me. Please feel free to provide me with these pieces of information piecemeal.”
20
-
21
- 06:44 PM
22
- For AMEX If you’d like to proceed with obtaining a dedicated AMEX MID, we’d be happy to arrange an introduction for you.
23
-
24
- 06:45 PM
25
- Avatar of Zander
26
- Zander
27
- Are we still connected?
28
-
29
- 06:56 PM
30
- Avatar of Zander
31
- Zander
32
- Since this chat has been inactive, I’ll close it for now. If you have more questions, feel free to contact us at any time. Have a great day ahead!
@@ -1,15 +0,0 @@
1
- # TODO: Remove legacy BACKEND_MANAGER_KEY acceptance from webhook routes
2
-
3
- When v5.2.x shipped, the two payment-webhook routes were switched to prefer `BACKEND_MANAGER_WEBHOOK_KEY` but still accept `BACKEND_MANAGER_KEY` as a transitional fallback so existing provider URLs (registered with the old key) keep working until OMEGA re-registers them with the new key.
4
-
5
- Once every brand's provider URLs (Stripe / PayPal / Chargebee / Chargeblast / Coinbase / etc.) have been re-registered via OMEGA to use `BACKEND_MANAGER_WEBHOOK_KEY`, drop the legacy fallback:
6
-
7
- ## Files to update
8
-
9
- - `src/manager/routes/payments/webhook/post.js` — line ~28: remove the `|| key === process.env.BACKEND_MANAGER_KEY` half of the validation check.
10
- - `src/manager/routes/payments/dispute-alert/post.js` — line ~20: same removal. Also update the docstring at line ~11 to drop the "BACKEND_MANAGER_KEY accepted as legacy fallback" note.
11
- - `docs/stripe-webhook-forwarding.md` — drop the "BACKEND_MANAGER_KEY also accepted as a legacy fallback" parenthetical.
12
-
13
- ## How to verify it's safe
14
-
15
- Grep production logs (`npx mgr logs:read --fn bm_api --grep "payments/webhook" --limit 1000`) and confirm zero `401 Invalid key` hits over a meaningful window. If there are any, those are providers still on the old URL — re-register them via OMEGA before dropping the fallback.
@@ -1,138 +0,0 @@
1
- # TODO: Payment Webhook Key Upgrade — `BACKEND_MANAGER_KEY` → `BACKEND_MANAGER_WEBHOOK_KEY`
2
-
3
- ## Context
4
-
5
- In BEM v5.2.0 we introduced `BACKEND_MANAGER_WEBHOOK_KEY` as a dedicated env var for third-party webhook authentication, scoped narrowly so it can be rotated independently of the admin key. The marketing routes (`/marketing/webhook`, `/marketing/webhook/forward`) use it correctly.
6
-
7
- The **payment webhook** (`/payments/webhook`) and **dispute-alert webhook** (`/payments/dispute-alert`) still validate against `BACKEND_MANAGER_KEY` — the general-purpose admin key. This is a security misalignment: a leaked admin key could forge payment webhooks, and rotating the admin key forces every Stripe/PayPal/Chargebee webhook URL to be re-registered.
8
-
9
- Plan: gradual rollout. Phase 1 (this BEM release) makes the payment routes accept **either** key so existing brand deploys (with only `BACKEND_MANAGER_KEY` set) keep working AND new brands can start using `BACKEND_MANAGER_WEBHOOK_KEY` immediately. Phase 2 (a later BEM release) drops the legacy fallback after every brand has been migrated.
10
-
11
- ## Files needing the dual-key check
12
-
13
- | File | Line | Current |
14
- |---|---|---|
15
- | [src/manager/routes/payments/webhook/post.js](src/manager/routes/payments/webhook/post.js) | 28 | `if (!key \|\| key !== process.env.BACKEND_MANAGER_KEY)` |
16
- | [src/manager/routes/payments/dispute-alert/post.js](src/manager/routes/payments/dispute-alert/post.js) | 20 | `if (!key \|\| key !== process.env.BACKEND_MANAGER_KEY)` |
17
- | [src/manager/routes/payments/intent/processors/test.js](src/manager/routes/payments/intent/processors/test.js) | 158 | `key=${process.env.BACKEND_MANAGER_KEY}` |
18
-
19
- ## Phase 1 — Dual-key acceptance (this BEM release)
20
-
21
- ### Validation change (webhook + dispute-alert)
22
-
23
- Replace the single-key check with a dual-key check. Accept the request if `key` matches EITHER `BACKEND_MANAGER_WEBHOOK_KEY` OR the legacy `BACKEND_MANAGER_KEY`.
24
-
25
- ```js
26
- // Before
27
- if (!key || key !== process.env.BACKEND_MANAGER_KEY) {
28
- return assistant.respond('Invalid key', { code: 401 });
29
- }
30
-
31
- // After (Phase 1 — dual-key fallback)
32
- const validKeys = [
33
- process.env.BACKEND_MANAGER_WEBHOOK_KEY,
34
- process.env.BACKEND_MANAGER_KEY, // legacy — remove in Phase 2
35
- ].filter(Boolean);
36
-
37
- if (!key || !validKeys.includes(key)) {
38
- return assistant.respond('Invalid key', { code: 401 });
39
- }
40
- ```
41
-
42
- Notes:
43
- - `.filter(Boolean)` matters — if a brand hasn't set `BACKEND_MANAGER_WEBHOOK_KEY` yet, `validKeys` becomes `[BACKEND_MANAGER_KEY]` (single-element). If a brand HAS set it, both are accepted.
44
- - If BOTH env vars are unset (misconfigured brand), `validKeys` is `[]` and every request 401s. That's the right behavior — explicit failure beats silent acceptance.
45
- - Update the route header comments (lines 11 and 27 of dispute-alert, 27 of webhook) to mention both keys.
46
-
47
- ### Test processor self-fire URL
48
-
49
- Switch [src/manager/routes/payments/intent/processors/test.js:158](src/manager/routes/payments/intent/processors/test.js#L158) to PREFER `BACKEND_MANAGER_WEBHOOK_KEY` and fall back to `BACKEND_MANAGER_KEY`:
50
-
51
- ```js
52
- const webhookKey = process.env.BACKEND_MANAGER_WEBHOOK_KEY || process.env.BACKEND_MANAGER_KEY;
53
- const webhookUrl = `${assistant.Manager.project.apiUrl}/backend-manager/payments/webhook?processor=test&key=${webhookKey}`;
54
- ```
55
-
56
- This way the test processor exercises the new key when it's set, and falls back to the legacy key on brands that haven't migrated yet.
57
-
58
- ### Test infrastructure updates
59
-
60
- **`src/test/utils/http-client.js`** — add `backendManagerWebhookKey` field alongside the existing `backendManagerKey`.
61
-
62
- **`src/test/runner.js`** — thread `backendManagerWebhookKey` through the runner context the same way `backendManagerKey` is threaded today (3 sites).
63
-
64
- **`src/cli/commands/test.js`** — read `BACKEND_MANAGER_WEBHOOK_KEY` from env (parallel to the existing `BACKEND_MANAGER_KEY` read), pass it through to the runner, fall back to the admin key if unset.
65
-
66
- **Route + journey tests** — update test fixtures to prefer `BACKEND_MANAGER_WEBHOOK_KEY` when set:
67
- - `test/routes/payments/webhook.js` — all `${config.backendManagerKey}` interpolations in `payments/webhook?...&key=` URLs
68
- - `test/routes/payments/dispute-alert.js` — same (13 sites)
69
- - `test/events/payments/journey-*.js` — only the `payments/webhook?...&key=` URLs (NOT the admin-auth uses elsewhere in journey tests)
70
-
71
- Use `config.backendManagerWebhookKey || config.backendManagerKey` everywhere so both keys are exercised.
72
-
73
- ### Docs
74
-
75
- - **`docs/stripe-webhook-forwarding.md`** — line 7 + 18 — note the dual-key acceptance, recommend `BACKEND_MANAGER_WEBHOOK_KEY` for new setups, note legacy `BACKEND_MANAGER_KEY` is still accepted for backwards compatibility.
76
- - **`CHANGELOG.md`** — entry under the next version. Categorize under `Changed` (NOT `BREAKING` — that's reserved for Phase 2). Spell out: "Payment webhook + dispute-alert routes now accept either `BACKEND_MANAGER_WEBHOOK_KEY` (preferred) or `BACKEND_MANAGER_KEY` (legacy). Set `BACKEND_MANAGER_WEBHOOK_KEY` in every consumer brand's `.env` and run OMEGA payment ensure before Phase 2 ships."
77
- - **`templates/_.env`** — already declares both keys, no change.
78
-
79
- ### Verification (manual)
80
-
81
- 1. **Local test (no `BACKEND_MANAGER_WEBHOOK_KEY` set)** — confirm legacy fallback still passes:
82
- ```bash
83
- npx mgr test routes/payments/webhook routes/payments/dispute-alert events/payments
84
- ```
85
- Expect green.
86
-
87
- 2. **Local test (`BACKEND_MANAGER_WEBHOOK_KEY` set to a different value)** — confirm the new key is accepted AND the legacy key still works:
88
- ```bash
89
- BACKEND_MANAGER_WEBHOOK_KEY=test-webhook-key npx mgr test routes/payments/webhook routes/payments/dispute-alert events/payments
90
- ```
91
- Expect green.
92
-
93
- 3. **Live spot-check on one brand (Somiibo)** — deploy this BEM release to Somiibo (whose `.env` currently only has `BACKEND_MANAGER_KEY` set OR has both), trigger a Stripe test event, confirm the webhook doc lands in Firestore.
94
-
95
- ## Phase 2 — Drop legacy fallback (future BEM release)
96
-
97
- **Do NOT do this until every consumer brand has been migrated and verified.** Tracking checklist for migration readiness:
98
-
99
- - [ ] Every consumer `.env` has `BACKEND_MANAGER_WEBHOOK_KEY` set (spot-check via OMEGA across all brands)
100
- - [ ] OMEGA `payment/ensure/{stripe,paypal,chargebee}-webhook.js` updated to use `BACKEND_MANAGER_WEBHOOK_KEY` when constructing webhook URLs (see "OMEGA changes" below)
101
- - [ ] OMEGA `--service payment` run across every brand to re-register webhook URLs at Stripe/PayPal/Chargebee with the new key
102
- - [ ] Stale webhook URLs (the old ones with `key=BACKEND_MANAGER_KEY`) deleted from each provider — these will start 401-ing the moment Phase 2 ships
103
- - [ ] At least one live billing cycle (Stripe charge, refund, dispute) observed working end-to-end on the new key for at least 3 brands
104
-
105
- When all boxes are checked, Phase 2 ships as a **breaking change**:
106
-
107
- ```js
108
- // Phase 2 — single-key (legacy removed)
109
- if (!key || key !== process.env.BACKEND_MANAGER_WEBHOOK_KEY) {
110
- return assistant.respond('Invalid key', { code: 401 });
111
- }
112
- ```
113
-
114
- Phase 2 CHANGELOG entry goes under `BREAKING`.
115
-
116
- ## OMEGA changes (separate repo, needed for Phase 2 prep)
117
-
118
- Touched files (do NOT do these in Phase 1 — they're for Phase 2 prep):
119
-
120
- | File | Change |
121
- |---|---|
122
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/stripe-webhook.js` | Line 38: swap `BACKEND_MANAGER_KEY` → `BACKEND_MANAGER_WEBHOOK_KEY`. Line 76 check + line 77 message + line 64 doc comment: update env var name. |
123
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/paypal-webhook.js` | Same change at lines 40, 66, 77, 78, 79. |
124
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/chargebee-webhook.js` | Same change at lines 34, 45, 57, 58, 59. |
125
-
126
- **Idempotent re-registration + stale cleanup:** Each ensure file looks up existing webhooks **by URL**. Since the URL will change (the `key=` query param differs), the existing webhook will NOT match and a new one will be created. The OLD webhook (with the admin key) needs to be cleaned up — otherwise the third party will deliver to both and the old one will start failing 401 once Phase 2 ships.
127
-
128
- Cleanup approach in each ensure file: after creating the new webhook, scan for any other webhook whose URL points at `/payments/webhook?processor={name}` (regardless of key) and delete the stale ones. Match on path prefix, not full URL. Stripe + PayPal + Chargebee all support webhook deletion via the same API methods these files already use for listing.
129
-
130
- Helper: extract a `pathMatchesOurProcessor(url, processor)` in each ensure file — strip query string, match the path-and-processor segment.
131
-
132
- ## Known constraints / gotchas
133
-
134
- 1. **Phase 1 is non-breaking.** Any consumer can deploy this BEM release without touching their `.env` — the legacy key still works.
135
- 2. **`BACKEND_MANAGER_KEY` continues to grant admin via `assistant.authenticate()`.** That hasn't changed; it's still the admin secret for internal API calls (newsletter, send-email, user/delete, ghostii cron, electron-client, oauth2 state encryption). This TODO is *only* about scoping webhook endpoints to a separate key.
136
- 3. **`UNSUBSCRIBE_HMAC_KEY` is unrelated** and stays separate.
137
- 4. **Admin grant is NOT triggered by the webhook routes.** Middleware auto-runs `assistant.authenticate()` via `Usage.init()`, which reads `data.backendManagerKey` from the request body. The three webhook routes get their key via `?key=` query string (NOT body), and their request bodies are third-party payloads (Stripe events, PayPal events, Chargeblast alerts) that can't contain the real admin secret. So switching the routes' validation does NOT remove any admin-grant the handlers depend on — they write to Firestore via `libraries.admin` (Admin SDK, always full access) anyway.
138
- 5. **Test processor self-fire** must use the same key the BEM endpoint accepts, which is why the test processor URL also gets updated in Phase 1.
@@ -1,14 +0,0 @@
1
- https://github.com/disposable-email-domains/disposable-email-domains?tab=readme-ov-file
2
- https://www.npmjs.com/package/disposable-domains
3
- https://github.com/tompec/disposable-email-domains
4
-
5
- Two repos:
6
-
7
- Repo Domains Approach
8
- disposable-email-domains/disposable-email-domains 5,359 Curated, conservative, high confidence
9
- ivolo/disposable-email-domains 121,569 Aggressive, aggregated from many sources, more false positives
10
- Our current list has 854 — so even the smaller curated list is 6x larger.
11
-
12
- For our use case (currently only used to skip marketing sync, not blocking signups), I'd recommend the 5,359 curated list — it's comprehensive enough without being overly aggressive. And if we ever do use it for blocking signups, the false positive risk is much lower.
13
-
14
- Want to swap to that one?
package/TODO.md DELETED
@@ -1,187 +0,0 @@
1
- ????
2
- // Attach assistant to req and res
3
- if (ref.req && ref.res) {
4
- ref.req.assistant = self;
5
- ref.res.assistant = self;
6
- }
7
-
8
- console.log('*** err', err);
9
- console.log('*** req.assistant', req.assistant);
10
- console.log('*** res.assistant', res.assistant);
11
-
12
- # OAUTH2 (INBOUND + OUTBOUND)
13
- UJM + BEM CHANGE
14
- * UJM /oauth2 = for conencting OTHER accounts to user account
15
- * UJM /token = for connecting user account to OTHER accounts
16
- * we should rename this (requires backend change too)
17
- * /authorize (most common says claude) or /connect
18
-
19
- # PAYMETNS
20
- https://github.com/invertase/stripe-firebase-extensions/tree/next/firestore-stripe-payments
21
-
22
- # Make new BEM API using middleware system
23
-
24
- # BEM Test
25
- * Create test accounts (admin, free user, user with paid plan)
26
- * Run tests to ensure each account has correct access to features
27
-
28
- BEM
29
- * Teach it how to mock requests and use test user's SECRET API KEYS to authenticate requests
30
- * BEM should create a few test accounts: basic, then one for each plan level
31
-
32
- TODO
33
- Update deps!!!! theres lots
34
- * we culd have a test that TRIES EACH IMPORT ?? incase updating it fails due to ESM VULLSHIT?
35
-
36
-
37
- TODO
38
- PAYMENT
39
- https://hookdeck.com/webhooks/platforms/guide-to-paypal-webhooks-features-and-best-practices
40
-
41
-
42
- # TEST REWRRK
43
- btw... the account.json needs to be removed. remove it from BEM and the consumong project. when we make our test system, we DO NOT NEED TO STORE THE ACCOUBT IN A JSON file. we just need a source of truth in BEM for what uid/emails to look for
44
-
45
- need a "projectScripts" that creates the npm start, npm test, etc scripts in the consuming project.
46
-
47
- during test run, we need to check that the test accounts exist. we also need to ALWAYS reset them at the begining of the run to ensure they are in the proper format, specifically by resetting their usage, roles, amd subscriptipn
48
-
49
- needa new account type that we can change the subscription level of to test the sub events? maybe _test-upgrade that starts free and we test how it progresses from free to paid to canceled?
50
-
51
- # Use gitignore from backend-manager-tempalte
52
-
53
- # CLEAN
54
- having different ID and UID is messy and annoying, just make it the same
55
- admin: {
56
- id: 'admin',
57
- uid: '_test-admin',
58
- email: '_test.admin@{domain}',
59
-
60
- should be "admin" for ALL
61
-
62
-
63
- # TODO
64
- Update deps
65
- Remove unused deps like
66
- * node-fetch
67
-
68
- # MOVE LEGACY BEM INDIVIDUAL FUNCTIONS TO AN _OLD FOLDER
69
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/create-post-handler.js
70
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/generate-uuid.js
71
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/sign-up-handler.js
72
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/test
73
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/admin
74
-
75
- # Things to deprecate
76
- * api manager
77
-
78
- # Email
79
- Move the sendEmail function to HERE instead of calling ITW
80
-
81
- # BEM TESTS
82
- # User Auth rules
83
- * User can only access their own user doc
84
- * fails when trying to access another user's doc
85
- * succeeds when accessing their own,
86
- * fails when NOT authed
87
- * fails when trying to perform an admin action (can create/use the test:admin http event to test this)
88
- * fails when a user tries to write to a restricted field/key like roles, subscription, usage, etc (SEE RULES)
89
- * Any other rules: /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/templates/firestore.rules
90
- * User can delete their own user doc (can use _test-delete via user:delete http event)
91
- * fails when trying to delete another user's doc
92
- * succeeds when deleting their own,
93
- * fails when NOT authed
94
-
95
- # Signup Flow
96
- * Create a referrer user and a referred user then use user:signup http event on the referred user to test that
97
- * the referral code works and the bonus is applied to the referrer
98
- * something is added to the account to denote it received the signup event??? not sure
99
- * context data is added to the referred user's account
100
- * a second signup event
101
-
102
- # Test
103
- * test:authenticate http event
104
- * success when valid uid
105
- * fail when invalid uid
106
- * fail when no uid
107
- * test admin
108
- * all admin functions fail when not authed as admin
109
- * test each admin function
110
-
111
- # Usage
112
- * Using an account with a specific plan, test that the usage limits are enforced
113
- * success if user has access to the plan
114
- * success if the user is within the usage limits
115
- * fail if the user exceeds the usage limits
116
- * fail if the user is on a plan that does not allow usage (free plan)
117
- * successful usage should increment the usage count
118
-
119
- # Events
120
- * trigger cron daily
121
- * it should reset temp usage for all users
122
- * reset userdocs to current usage = 0
123
-
124
- # Payment
125
- * test subscription upgrade flow via http event
126
- * start with free plan
127
- * upgrade to paid plan
128
- * verify plan is updated
129
- * verify usage limits are updated
130
- * downgrade back to free plan
131
- * verify plan is updated
132
- * verify usage limits are updated
133
-
134
- # BEM API
135
- # Admin
136
- * All functions need to fail when not authed as admin
137
- * then test each one
138
-
139
- # Advanced
140
- * test sub accounts
141
-
142
- # payment system
143
- * dont store a "resolved" status, but make a universal library that frontend and backend use to determine whther a user has access to a plan currently
144
-
145
- # New bem api and test to make
146
- # test:usage
147
- * the fnction itself just utilizes the usage API to increment an arbitrary usage item
148
-
149
- the test should check the usage storage and ensure that it was incremented successfully
150
-
151
- # test for bm_cronDaily
152
- then, we need to test the bm_cronDaily function to ensure that it does its things like clearing the usage storage properly
153
-
154
- # test for schema
155
- * a comprehesive schema with fields that test EVERY possible field type including required, default, min, max, "value" etc (both static and FUNCTIONS)
156
- * test multiple plan levels including unathenticated, basic, & premium
157
-
158
- # quetsion
159
- * how does usage get reset? does it reset daily? or monthly?
160
- * how do we set usage limits?
161
- * per plan? or when users prmeium is updated do we set it inside their doc?
162
- * if we store it per plan, where should we store the plan data? firestore or in code?
163
- * if its firestore we will use lots of reads, if we store in code we have to push new code to update plan limits (not a huge issue)
164
-
165
-
166
- change name from routes/content/post to maye routes/blog/post??? whatfdo you think??
167
-
168
-
169
- # MIGRATIONS
170
- ## user
171
- affiliate: {
172
- referrer: affiliateCode,
173
- },
174
- -->
175
- attribution.affiliate.code
176
-
177
-
178
-
179
-
180
- ## OLD TESTS
181
- "_test": "npm run prepare && ./node_modules/mocha/bin/mocha test/ --recursive --timeout=10000",
182
- "test": "./node_modules/mocha/bin/mocha test/ --recursive --timeout=10000",
183
- "test:cli": "./node_modules/mocha/bin/mocha test/cli-commands.test.js --timeout=10000",
184
- "test:usage": "./node_modules/mocha/bin/mocha test/usage.js --timeout=10000",
185
- "test:payment-resolver": "./node_modules/mocha/bin/mocha test/payment-resolver/index.js --timeout=10000",
186
- "test:user": "./node_modules/mocha/bin/mocha test/user.js --timeout=10000",
187
- "test:ai": "./node_modules/mocha/bin/mocha test/ai/index.js --timeout=10000",