backend-manager 5.9.5 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (244) hide show
  1. package/package.json +8 -1
  2. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  3. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  4. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  5. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  6. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  7. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  8. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  13. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  20. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  21. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  22. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  23. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  24. package/.codeclimate.yml +0 -32
  25. package/.nvmrc +0 -1
  26. package/CHANGELOG.md +0 -1440
  27. package/PROGRESS.md +0 -93
  28. package/TODO-2.md +0 -121
  29. package/TODO-CHARGEBLAST.md +0 -32
  30. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  31. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  32. package/TODO-email-auth.md +0 -14
  33. package/TODO.md +0 -187
  34. package/plans/mcp2.md +0 -247
  35. package/plans/suspended-subscription-dead-zone.md +0 -97
  36. package/scripts/test-helper-providers.js +0 -162
  37. package/scripts/update-disposable-domains.js +0 -44
  38. package/templates/_.env +0 -42
  39. package/templates/_.gitignore +0 -60
  40. package/templates/backend-manager-config.json +0 -249
  41. package/templates/database.rules.json +0 -83
  42. package/templates/firebase.json +0 -66
  43. package/templates/firestore.indexes.json +0 -4
  44. package/templates/firestore.rules +0 -112
  45. package/templates/public/404.html +0 -26
  46. package/templates/public/index.html +0 -24
  47. package/templates/remoteconfig.template.json +0 -1
  48. package/templates/storage-lifecycle-config-1-day.json +0 -9
  49. package/templates/storage-lifecycle-config-30-days.json +0 -9
  50. package/templates/storage.rules +0 -8
  51. package/test/_init/accounts-validation.js +0 -58
  52. package/test/_legacy/ai/index.js +0 -231
  53. package/test/_legacy/ai/test.jpg +0 -0
  54. package/test/_legacy/ai/test.pdf +0 -0
  55. package/test/_legacy/index.js +0 -31
  56. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  57. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  58. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  59. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  60. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  61. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  62. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  63. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  64. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  66. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  67. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  68. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  69. package/test/_legacy/payment-resolver/index.js +0 -1558
  70. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  71. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  72. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  73. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  74. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  75. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  76. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  77. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  78. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  84. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  85. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  86. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  87. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  88. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  89. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  90. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  91. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  92. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  94. package/test/_legacy/test-new +0 -1178
  95. package/test/_legacy/test.md +0 -89
  96. package/test/_legacy/usage.js +0 -175
  97. package/test/_legacy/user.js +0 -31
  98. package/test/ai/tools-live.js +0 -170
  99. package/test/boot/emulator-boots.js +0 -37
  100. package/test/content/blog-generate.js +0 -160
  101. package/test/email/campaign-send.js +0 -45
  102. package/test/email/consent-lifecycle.js +0 -257
  103. package/test/email/feedback-and-plain-send.js +0 -52
  104. package/test/email/fixtures/editorial.json +0 -30
  105. package/test/email/fixtures/field-report.json +0 -53
  106. package/test/email/marketing-lifecycle.js +0 -132
  107. package/test/email/newsletter-generate.js +0 -819
  108. package/test/email/newsletter-templates.js +0 -491
  109. package/test/email/templates.js +0 -207
  110. package/test/email/transactional-send.js +0 -34
  111. package/test/email/transactional.js +0 -560
  112. package/test/email/validation.js +0 -710
  113. package/test/events/auth-delete-race.js +0 -201
  114. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  115. package/test/events/payments/journey-payments-cancel.js +0 -182
  116. package/test/events/payments/journey-payments-discount.js +0 -89
  117. package/test/events/payments/journey-payments-failure.js +0 -146
  118. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  119. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  120. package/test/events/payments/journey-payments-one-time.js +0 -136
  121. package/test/events/payments/journey-payments-plan-change.js +0 -144
  122. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  123. package/test/events/payments/journey-payments-suspend.js +0 -181
  124. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  125. package/test/events/payments/journey-payments-trial.js +0 -171
  126. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  127. package/test/events/payments/journey-payments-upgrade.js +0 -135
  128. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  129. package/test/fixtures/chargebee/subscription-active.json +0 -44
  130. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  131. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  132. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  133. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  134. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  135. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  136. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  137. package/test/fixtures/paypal/order-approved.json +0 -62
  138. package/test/fixtures/paypal/order-completed.json +0 -110
  139. package/test/fixtures/paypal/subscription-active.json +0 -76
  140. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  141. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  142. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  143. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  144. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  145. package/test/fixtures/stripe/subscription-active.json +0 -161
  146. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  147. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  148. package/test/functions/admin/database-read.js +0 -134
  149. package/test/functions/admin/database-write.js +0 -159
  150. package/test/functions/admin/edit-post.js +0 -366
  151. package/test/functions/admin/firestore-query.js +0 -207
  152. package/test/functions/admin/firestore-read.js +0 -129
  153. package/test/functions/admin/firestore-write.js +0 -105
  154. package/test/functions/admin/get-stats.js +0 -115
  155. package/test/functions/admin/send-email.js +0 -119
  156. package/test/functions/admin/send-notification.js +0 -208
  157. package/test/functions/admin/write-repo-content.js +0 -223
  158. package/test/functions/general/add-marketing-contact.js +0 -335
  159. package/test/functions/general/fetch-post.js +0 -54
  160. package/test/functions/general/generate-uuid.js +0 -114
  161. package/test/functions/test/authenticate.js +0 -64
  162. package/test/functions/user/create-custom-token.js +0 -73
  163. package/test/functions/user/delete.js +0 -135
  164. package/test/functions/user/get-active-sessions.js +0 -111
  165. package/test/functions/user/get-subscription-info.js +0 -99
  166. package/test/functions/user/regenerate-api-keys.js +0 -156
  167. package/test/functions/user/resolve.js +0 -52
  168. package/test/functions/user/sign-out-all-sessions.js +0 -94
  169. package/test/functions/user/sign-up.js +0 -252
  170. package/test/functions/user/submit-feedback.js +0 -104
  171. package/test/functions/user/validate-settings.js +0 -82
  172. package/test/helpers/ai-request-payload.js +0 -300
  173. package/test/helpers/ai-test-provider.js +0 -202
  174. package/test/helpers/ai-tools-format.js +0 -383
  175. package/test/helpers/content/blog-auto-publisher.js +0 -484
  176. package/test/helpers/content/feed-parser.js +0 -528
  177. package/test/helpers/content/ghostii-blocks.js +0 -134
  178. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  179. package/test/helpers/content/ghostii-write-article.js +0 -243
  180. package/test/helpers/environment.js +0 -230
  181. package/test/helpers/infer-contact.js +0 -113
  182. package/test/helpers/merge-line-files.js +0 -271
  183. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  184. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  185. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  186. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  187. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  188. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  189. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  190. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  191. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  192. package/test/helpers/sanitize.js +0 -222
  193. package/test/helpers/slugify.js +0 -394
  194. package/test/helpers/storage.js +0 -194
  195. package/test/helpers/user.js +0 -755
  196. package/test/helpers/webhook-forward.js +0 -418
  197. package/test/mcp/discovery.js +0 -53
  198. package/test/mcp/oauth.js +0 -161
  199. package/test/mcp/protocol.js +0 -268
  200. package/test/mcp/roles.js +0 -188
  201. package/test/mcp/utils.js +0 -245
  202. package/test/routes/admin/create-post.js +0 -364
  203. package/test/routes/admin/database.js +0 -131
  204. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  205. package/test/routes/admin/email.js +0 -114
  206. package/test/routes/admin/firestore-query.js +0 -204
  207. package/test/routes/admin/firestore.js +0 -127
  208. package/test/routes/admin/infer-contact.js +0 -218
  209. package/test/routes/admin/notification.js +0 -198
  210. package/test/routes/admin/post-resize-image.js +0 -184
  211. package/test/routes/admin/post.js +0 -368
  212. package/test/routes/admin/repo-content.js +0 -223
  213. package/test/routes/admin/stats.js +0 -112
  214. package/test/routes/content/post.js +0 -54
  215. package/test/routes/general/uuid.js +0 -115
  216. package/test/routes/marketing/campaign.js +0 -125
  217. package/test/routes/marketing/contact.js +0 -370
  218. package/test/routes/marketing/email-preferences.js +0 -292
  219. package/test/routes/marketing/push-send.js +0 -32
  220. package/test/routes/marketing/webhook-forward.js +0 -61
  221. package/test/routes/marketing/webhook.js +0 -639
  222. package/test/routes/payments/cancel.js +0 -163
  223. package/test/routes/payments/discount.js +0 -80
  224. package/test/routes/payments/dispute-alert.js +0 -320
  225. package/test/routes/payments/intent.js +0 -336
  226. package/test/routes/payments/portal.js +0 -92
  227. package/test/routes/payments/refund.js +0 -179
  228. package/test/routes/payments/trial-eligibility.js +0 -71
  229. package/test/routes/payments/webhook.js +0 -107
  230. package/test/routes/test/authenticate.js +0 -59
  231. package/test/routes/test/schema.js +0 -554
  232. package/test/routes/test/usage.js +0 -342
  233. package/test/routes/user/api-keys.js +0 -156
  234. package/test/routes/user/delete.js +0 -136
  235. package/test/routes/user/feedback.js +0 -104
  236. package/test/routes/user/sessions.js +0 -199
  237. package/test/routes/user/settings-validate.js +0 -82
  238. package/test/routes/user/signup.js +0 -542
  239. package/test/routes/user/subscription.js +0 -99
  240. package/test/routes/user/token.js +0 -73
  241. package/test/routes/user/user.js +0 -157
  242. package/test/rules/notifications.js +0 -410
  243. package/test/rules/payments-carts.js +0 -371
  244. package/test/rules/user.js +0 -396
package/PROGRESS.md DELETED
@@ -1,93 +0,0 @@
1
- # Project Progress Tracker
2
- > Agents and maintainers should update this file regularly to reflect the current state of the project.
3
-
4
- ## 🎯 Current Focus
5
- * **Goal:** Fix suspended subscription dead zone — users with `suspended` status couldn't cancel or re-subscribe
6
- * **Current Phase:** Fix applied + tested (24/24 passing), pending commit + publish
7
- * **Priority:** High
8
- * **Last Updated:** 2026-06-21 5:50 PM PDT
9
- * **Notes:** Cancel endpoint now accepts `suspended` subscriptions. Added fallback: if processor rejects (subscription already dead on their end), directly resets user doc to `cancelled`. Traced from live Somiibo user `t9AeAe7QUhNXAUYRV1vUbOU0QVV2` stuck in limbo. Needs BEM publish + Somiibo deploy.
10
-
11
- ## 📌 Active Task List
12
- * [ ] Phase 6: Setup scaffolds essential configs for fresh projects
13
- * [x] Task 6.1: Add `templates/firebase.json` standard template
14
- * [x] Task 6.2: Add `scaffoldConfigs()` + `resolveProjectId()` to setup.js (runs before config resolution)
15
- * [x] Task 6.3: Auto-fix `engines.node` instead of throwing
16
- * [x] Task 6.4: Fix `dependencies['backend-manager']` crash when BEM is in devDependencies
17
- * [x] Task 6.5: Verify fix on truly bare project (dailyembers-backend — 13/14 pass, only service-account expected)
18
- * [x] Task 6.6: Optimize — consolidate scattered scaffolding into one `[DEFAULTS]` pass with `loadFiles()` DRY extraction
19
- * [x] Task 6.7: Regression test on existing project (ultimate-jekyll-backend — all pass)
20
- * [x] Task 6.8: Update docs (CLAUDE.md, CHANGELOG.md)
21
- * [ ] Task 6.9: Publish new BEM version
22
- * [ ] Phase 5: Ghostii feed-based article system
23
- * [x] Task 5.1: Create `feed-parser.js` (RSS 2.0, Atom 1.0, JSON Feed parser + article extractor)
24
- * [x] Task 5.2: Add `fast-xml-parser` dependency to BEM
25
- * [x] Task 5.3: Add `sourceContent` field to Ghostii backend schema (16KB)
26
- * [x] Task 5.4: Update Ghostii outline prompt (Step 2 only) with sourceContent for efficient spinning
27
- * [x] Task 5.5: Update `writeArticle()` to accept `sourceContent` and per-entry `overrides`
28
- * [x] Task 5.6: Upgrade `ghostii-auto-publisher.js` — `$feed:` source type, feed processing, Firestore tracking, fallback
29
- * [x] Task 5.7: Update config template with new source types and overrides
30
- * [x] Task 5.8: Write extensive test suite (4 test files: unit, integration, extended E2E)
31
- * [x] Task 5.9: Verify all tests pass (84 standard + 8 extended against real RSS feeds)
32
- * [x] Task 5.10: Create `docs/ghostii.md` deep reference, update CLAUDE.md + CHANGELOG.md
33
- * [x] Task 5.11: Verify all recommended feed URLs work (The Verge removed — CDN blocks programmatic access)
34
- * [x] Task 5.12: Write ghostii-backend tests for sourceContent (4 schema + 1 extended generation)
35
- * [x] Task 5.13: Ghostii sourceContent accepts URL (auto-fetches + extracts article text)
36
- * [x] Task 5.14: Add fact paraphrasing to outline prompt + newsletter writer
37
- * [x] Task 5.15: Fix Step 3 prompts — assertive link insertion + blockquote in every body section
38
- * [x] Task 5.16: Fix humanizer stripping links — `injectBurstiness` was breaking `[text](url)` syntax; added protect-and-restore pattern + tests
39
- * [x] Task 5.17: Fix 403 links treated as "working" in link verification step
40
- * [x] Task 5.18: Add detective-level `[LINKS]` diagnostic logging to article pipeline
41
- * [x] Task 5.19: Ship BEM v5.8.0 to npm
42
- * [x] Task 5.20: Ship Ghostii-backend v1.0.5 + deploy to Firebase
43
- * [ ] Task 5.17: Publish BEM with feed support
44
- * [ ] Task 5.12: Publish BEM with feed support
45
- * [ ] Task 5.13: Configure consumer project(s) with `$feed:` sources
46
- * [x] Phase 7: Fix suspended subscription cancel dead zone
47
- * [x] Task 7.1: Trace user `t9AeAe7QUhNXAUYRV1vUbOU0QVV2` — identified asymmetric status gates
48
- * [x] Task 7.2: Update cancel gate to accept `suspended` alongside `active`
49
- * [x] Task 7.3: Add fallback — direct Firestore reset when processor rejects suspended cancel
50
- * [x] Task 7.4: Add `cancel-suspended` test account + `allows-suspended-subscription` test
51
- * [x] Task 7.5: All 24 payment tests passing
52
- * [ ] Task 7.6: Publish BEM + deploy Somiibo
53
- * [ ] Phase 3: Post-audit bug fixes
54
- * [x] Newsletter ReferenceError: `beehiivConfig` → `newsletterRoleConfig` (committed v5.7.1)
55
- * [x] HTTPS proxy: `serve.js` returns boolean, caller uses `httpsReady` not `httpsEnabled`
56
- * [x] AI normalizeOptions: array-content system messages now get rules injected
57
- * [x] Setup warn handling: `warnCount` tracked separately, warns don't trigger retry
58
- * [x] Copy-paste fix: `sender: 'electron-manager'` → `'backend-manager'`
59
- * [x] Test: AI array-content-blocks test added + passing (20/20)
60
- * [x] Fix: consent rules test — write `'forged'` instead of `'granted'` to avoid value collision with prior email-preferences tests
61
- * [x] Fix: `cancel-too-young` account `timestampUNIX` uses seconds (was ms)
62
- * [x] Fix: auth on-delete race condition — `deleteTestUsers` uses emulator bulk-clear REST API instead of individual `deleteUser()` calls (eliminates async on-delete triggers that clobbered freshly-created accounts)
63
- * [x] Diagnostic: auth-delete-race test — proved the race condition (80-100% clobber rate without mitigation), removed after fix verified
64
- * [x] Commit + publish framework fixes (v5.7.2)
65
- * [ ] Deploy somiibo-backend + advance stuck sendAt
66
- * [ ] Phase 4: Root package.json proxy scripts
67
- * [x] Task 4.1: Create `root-package-json.js` setup test (proxies `projectScripts` with `cd functions &&` prefix + `preinstall` guard)
68
- * [x] Task 4.2: Register in setup test index (after `npm-project-scripts`)
69
- * [ ] Task 4.3: Test in consumer project (`npx mgr setup` from ultimate-jekyll-backend)
70
- * [ ] Task 4.4: Verify `npm test` / `npm start` work from project root
71
-
72
- ## ✅ Completed Task List
73
- * [x] Phase 1: MCP role-based tool scoping + consumer extensibility
74
- * [x] Foundation utilities (`src/mcp/utils.js`)
75
- * [x] Add `role` to all 19 tools (`src/mcp/tools.js`)
76
- * [x] User token support in HTTP client (`src/mcp/client.js`)
77
- * [x] Stdio server role filtering + consumer tools (`src/mcp/index.js`)
78
- * [x] CLI `--token` flag + `cwd` passthrough (`src/cli/commands/mcp.js`)
79
- * [x] HTTP handler — role filtering, OAuth user flow, consumer tool execution (`src/mcp/handler.js`)
80
- * [x] Test suite — 44 tests across 5 files
81
- * [x] Documentation — `docs/mcp.md`, `CLAUDE.md`
82
- * [x] UJM `/token` page update (separate repo)
83
- * [x] Phase 2: HTTPS local dev + Claude Desktop MCP testing
84
- * [x] HTTPS proxy in `npx mgr serve` (mkcert certs, port 5002 → 5443)
85
- * [x] `getApiUrl()` returns `https://` when `BEM_HTTPS_PORT` is set
86
- * [x] Fix OAuth discovery (root-level issuer per RFC 8414)
87
- * [x] Add dynamic client registration (`POST /mcp/register`)
88
- * [x] Fix 401 trigger for OAuth flow
89
- * [x] Tool annotations (title, readOnlyHint, destructiveHint, etc.)
90
- * [x] Role reassignment (cancel/refund/uuid → admin, user = read-only)
91
- * [x] Consumer tool override bug fix (listing/execution sync)
92
- * [x] Test MCP connection in Claude Desktop — verified end-to-end
93
- * [x] Update tests (44 passing) + docs
package/TODO-2.md DELETED
@@ -1,121 +0,0 @@
1
- TODO
2
- * pdate deps LIKE WF, PP, ETC
3
-
4
- TODO
5
- * remove shim in
6
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/libraries/email/transactional/index.js:59-61 — legacy template name map
7
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/libraries/email/transactional/index.js:132-135 — data.body → data.content shim
8
- ONly needed for about 10 days after Jue 6th 2026, then safe to remove (queued emails)
9
-
10
- PAYMENT SYSTEM
11
- * Ensure attribution is working (utm but also the AD ID shit like from adwords, tiktok ads, meta etc)
12
- * ensure legacy plan RESOLVING is working
13
-
14
- payments/reactivate
15
- * takes a subscription id and reactivates a cancelled subscription. this can only be done if the subscription is still within its billing period, otherwise the user would have to create a new subscription.
16
- payments/upgrade
17
- * takes a subscription id and a new plan id and upgrades the user's subscription to the new plan. this can only be done if the user has an active subscription.
18
-
19
- I'd call that cancellation-reversed — it pairs naturally with the existing cancellation-requested transition and clearly communicates the action (they reversed/undid the pending cancellation).
20
-
21
- on the email we send, for payment recovered what is the category
22
- Let me check the handler.
23
-
24
- Read payment-recovered.js
25
- The category is order/payment-recovered (line 13).
26
-
27
- TODO-2.md
28
- waht about when they request a cancel
29
- Read cancellation-requested.js
30
- The category is order/cancellation-requested (line 13).
31
-
32
- ----
33
- add a dedicated BEM JSON field for usage to reset
34
- * this way we can have clear LIMITS with their definitions like
35
- * [
36
- {
37
- name: 'credits'
38
- reset: true,
39
- },
40
- {
41
- name: 'agents',
42
- reset: false,
43
- }
44
- ]
45
- * mirrors: [
46
- {
47
- collection: 'agents',
48
- fields: ['usage.credits.daily', 'runs.replies.daily],
49
- }
50
- ]
51
-
52
- ---
53
- MIRROR settigns in BEM JSON so that usage reset can properly get MIRRED DOCS liek slapform forms or chatsy agents DOCS
54
-
55
- ---
56
- GHOSTII REVAMP
57
- * better logic for generating posts. better model? claude?
58
-
59
- ---- MCP
60
- * ability for consuming prjec to specify MCP functions
61
-
62
- -------
63
- UPSELL
64
- * products in BEM can have an UPSELL where you link another product ID and it allows you to add it to your cart OR shows you after checkout?
65
-
66
- -------
67
- USER OBJECT UPDGRADE --> INSTANCE?
68
-
69
- const User = require('backend-manager/src/manager/helpers/user');
70
- +
71
- User.resolveSubscription(self.request.user);
72
- -->
73
- one object that cna do resolveSubscription(), getAccount(), etc
74
-
75
- since you changed some things, do all tests in all projects align still?
76
-
77
- after that, udpate README, CLAUDE.md and ANY TOPLEVLE CLAUDE SKILLS so that we never make this mistake again
78
-
79
- including
80
-
81
- ---------
82
-
83
- TEST NEWSLETTER
84
- POST /admin/cron { id: 'daily/marketing-newsletter-generate' }
85
-
86
-
87
- SIGNUP HANDLER
88
- Here are the instructions for BEM:
89
-
90
- Update updateReferral() in sign-up.js to resolve all legacy affiliate code formats:
91
-
92
- The affiliateCode value coming from the client could be in 3 formats:
93
-
94
- Format Example How to resolve
95
- Affiliate code (7-14 alphanumeric) rmUKlC4z1 Query users where affiliate.code == value (current behavior)
96
- UID (28 chars) 6sNjQFxTsObA73D8lkF01gcWdP92 Direct doc lookup: users/{value}
97
- Base64 email (e.g. cG9ldH...Lm_2) cG9ldHJ5aW5hY3Rpb24yMDE4QGdtYWlsLmNvbQ_2 Strip _\d+ suffix, base64-decode, query users where auth.email == decoded
98
- Any other format → ignore (resolve with no referrer).
99
-
100
- The resolution logic should go at the top of updateReferral(), before the current where('affiliate.code', '==', affiliateCode) query. Try each format in order:
101
-
102
- If affiliateCode matches /^[0-9a-zA-Z_-]{7,14}$/ → query by affiliate.code (current path)
103
- Else if affiliateCode.length === 28 → direct doc get users/{affiliateCode}, use that as the referrer
104
- Else try base64 decode: strip trailing _\d+, decode, if result contains @ → query by auth.email
105
- Else → log and return (unrecognized format)
106
- Once the referrer doc is found (by any method), the rest stays the same: push to affiliate.referrals.
107
-
108
- * if the usage was used and the user is actuall authenticated (uid, not just an admin or unauthed user),
109
- * set the user's context (ip, location, etc)
110
-
111
- Payment attribution
112
- * can you ensure the the user's attribution (utm etc) is assocaited with the purchase
113
- * mostly i am referring to the payent events sent to GA4, tiktok, meta
114
- * i think we should make it so if the attribution was set less than 30 days ago (the date is in the attribution) then it counts
115
- * it shouldbe attached to the payments-orders and then ALL FUTURE EVENTS should send that (thats a good idea right??)
116
-
117
- Payment disputes
118
- * automatic dispute handling
119
- * during bm_cron daily, we should check for open disputes for pypal stripe etc... we should then FILL THEM WITH INFORMATION USEFUL FOR WINNING
120
- * we should attach USAGE LOGS, IP logs, etc. you should take inspiration from my previous attmept at this (/Users/ian/Developer/Repositories/ITW-Creative-Works/subscription-profile-sync/main/disputes)
121
- * HOWEVER, i know for a fact i got a lot of it wrong. so JUST USE AS INSPO, you should recreate it full
@@ -1,32 +0,0 @@
1
- As for the AMEX enrollment, AMEX alerts are not supported on Stripe/Shopify. To enable them, you’ll need a dedicated AMEX MID and a payment orchestrator to route all AMEX transactions through that dedicated MID. Using a dedicated AMEX MID allows for a dispute rate of up to 5%, so routing all AMEX traffic through it will significantly reduce your dispute rate on Stripe.
2
-
3
- 06:44 PM
4
- For Discover,
5
-
6
- In order to enroll in Discover coverage, you will need to do the following:
7
-
8
- First, provide us with details about your business below:
9
- - Merchant Legal Name:
10
- - Merchant DBA Name:
11
- - Merchant Registered Street Address:
12
- - City:
13
- - Country:
14
- - State/Province:
15
- - ZIP/Postal Code:
16
-
17
- Second, you must request from your payment processor’s support for a few pieces of information. To do so, please follow the steps below and send them the email template below.
18
-
19
- ""I am enrolling for Discover Ethoca Alerts via my third-party vendor, Chargeblast. I need my 15-Digit Discover SE number. Can you please provide these pieces of information to me ASAP? Let me know if you need any additional info from me. Please feel free to provide me with these pieces of information piecemeal.”
20
-
21
- 06:44 PM
22
- For AMEX If you’d like to proceed with obtaining a dedicated AMEX MID, we’d be happy to arrange an introduction for you.
23
-
24
- 06:45 PM
25
- Avatar of Zander
26
- Zander
27
- Are we still connected?
28
-
29
- 06:56 PM
30
- Avatar of Zander
31
- Zander
32
- Since this chat has been inactive, I’ll close it for now. If you have more questions, feel free to contact us at any time. Have a great day ahead!
@@ -1,15 +0,0 @@
1
- # TODO: Remove legacy BACKEND_MANAGER_KEY acceptance from webhook routes
2
-
3
- When v5.2.x shipped, the two payment-webhook routes were switched to prefer `BACKEND_MANAGER_WEBHOOK_KEY` but still accept `BACKEND_MANAGER_KEY` as a transitional fallback so existing provider URLs (registered with the old key) keep working until OMEGA re-registers them with the new key.
4
-
5
- Once every brand's provider URLs (Stripe / PayPal / Chargebee / Chargeblast / Coinbase / etc.) have been re-registered via OMEGA to use `BACKEND_MANAGER_WEBHOOK_KEY`, drop the legacy fallback:
6
-
7
- ## Files to update
8
-
9
- - `src/manager/routes/payments/webhook/post.js` — line ~28: remove the `|| key === process.env.BACKEND_MANAGER_KEY` half of the validation check.
10
- - `src/manager/routes/payments/dispute-alert/post.js` — line ~20: same removal. Also update the docstring at line ~11 to drop the "BACKEND_MANAGER_KEY accepted as legacy fallback" note.
11
- - `docs/stripe-webhook-forwarding.md` — drop the "BACKEND_MANAGER_KEY also accepted as a legacy fallback" parenthetical.
12
-
13
- ## How to verify it's safe
14
-
15
- Grep production logs (`npx mgr logs:read --fn bm_api --grep "payments/webhook" --limit 1000`) and confirm zero `401 Invalid key` hits over a meaningful window. If there are any, those are providers still on the old URL — re-register them via OMEGA before dropping the fallback.
@@ -1,138 +0,0 @@
1
- # TODO: Payment Webhook Key Upgrade — `BACKEND_MANAGER_KEY` → `BACKEND_MANAGER_WEBHOOK_KEY`
2
-
3
- ## Context
4
-
5
- In BEM v5.2.0 we introduced `BACKEND_MANAGER_WEBHOOK_KEY` as a dedicated env var for third-party webhook authentication, scoped narrowly so it can be rotated independently of the admin key. The marketing routes (`/marketing/webhook`, `/marketing/webhook/forward`) use it correctly.
6
-
7
- The **payment webhook** (`/payments/webhook`) and **dispute-alert webhook** (`/payments/dispute-alert`) still validate against `BACKEND_MANAGER_KEY` — the general-purpose admin key. This is a security misalignment: a leaked admin key could forge payment webhooks, and rotating the admin key forces every Stripe/PayPal/Chargebee webhook URL to be re-registered.
8
-
9
- Plan: gradual rollout. Phase 1 (this BEM release) makes the payment routes accept **either** key so existing brand deploys (with only `BACKEND_MANAGER_KEY` set) keep working AND new brands can start using `BACKEND_MANAGER_WEBHOOK_KEY` immediately. Phase 2 (a later BEM release) drops the legacy fallback after every brand has been migrated.
10
-
11
- ## Files needing the dual-key check
12
-
13
- | File | Line | Current |
14
- |---|---|---|
15
- | [src/manager/routes/payments/webhook/post.js](src/manager/routes/payments/webhook/post.js) | 28 | `if (!key \|\| key !== process.env.BACKEND_MANAGER_KEY)` |
16
- | [src/manager/routes/payments/dispute-alert/post.js](src/manager/routes/payments/dispute-alert/post.js) | 20 | `if (!key \|\| key !== process.env.BACKEND_MANAGER_KEY)` |
17
- | [src/manager/routes/payments/intent/processors/test.js](src/manager/routes/payments/intent/processors/test.js) | 158 | `key=${process.env.BACKEND_MANAGER_KEY}` |
18
-
19
- ## Phase 1 — Dual-key acceptance (this BEM release)
20
-
21
- ### Validation change (webhook + dispute-alert)
22
-
23
- Replace the single-key check with a dual-key check. Accept the request if `key` matches EITHER `BACKEND_MANAGER_WEBHOOK_KEY` OR the legacy `BACKEND_MANAGER_KEY`.
24
-
25
- ```js
26
- // Before
27
- if (!key || key !== process.env.BACKEND_MANAGER_KEY) {
28
- return assistant.respond('Invalid key', { code: 401 });
29
- }
30
-
31
- // After (Phase 1 — dual-key fallback)
32
- const validKeys = [
33
- process.env.BACKEND_MANAGER_WEBHOOK_KEY,
34
- process.env.BACKEND_MANAGER_KEY, // legacy — remove in Phase 2
35
- ].filter(Boolean);
36
-
37
- if (!key || !validKeys.includes(key)) {
38
- return assistant.respond('Invalid key', { code: 401 });
39
- }
40
- ```
41
-
42
- Notes:
43
- - `.filter(Boolean)` matters — if a brand hasn't set `BACKEND_MANAGER_WEBHOOK_KEY` yet, `validKeys` becomes `[BACKEND_MANAGER_KEY]` (single-element). If a brand HAS set it, both are accepted.
44
- - If BOTH env vars are unset (misconfigured brand), `validKeys` is `[]` and every request 401s. That's the right behavior — explicit failure beats silent acceptance.
45
- - Update the route header comments (lines 11 and 27 of dispute-alert, 27 of webhook) to mention both keys.
46
-
47
- ### Test processor self-fire URL
48
-
49
- Switch [src/manager/routes/payments/intent/processors/test.js:158](src/manager/routes/payments/intent/processors/test.js#L158) to PREFER `BACKEND_MANAGER_WEBHOOK_KEY` and fall back to `BACKEND_MANAGER_KEY`:
50
-
51
- ```js
52
- const webhookKey = process.env.BACKEND_MANAGER_WEBHOOK_KEY || process.env.BACKEND_MANAGER_KEY;
53
- const webhookUrl = `${assistant.Manager.project.apiUrl}/backend-manager/payments/webhook?processor=test&key=${webhookKey}`;
54
- ```
55
-
56
- This way the test processor exercises the new key when it's set, and falls back to the legacy key on brands that haven't migrated yet.
57
-
58
- ### Test infrastructure updates
59
-
60
- **`src/test/utils/http-client.js`** — add `backendManagerWebhookKey` field alongside the existing `backendManagerKey`.
61
-
62
- **`src/test/runner.js`** — thread `backendManagerWebhookKey` through the runner context the same way `backendManagerKey` is threaded today (3 sites).
63
-
64
- **`src/cli/commands/test.js`** — read `BACKEND_MANAGER_WEBHOOK_KEY` from env (parallel to the existing `BACKEND_MANAGER_KEY` read), pass it through to the runner, fall back to the admin key if unset.
65
-
66
- **Route + journey tests** — update test fixtures to prefer `BACKEND_MANAGER_WEBHOOK_KEY` when set:
67
- - `test/routes/payments/webhook.js` — all `${config.backendManagerKey}` interpolations in `payments/webhook?...&key=` URLs
68
- - `test/routes/payments/dispute-alert.js` — same (13 sites)
69
- - `test/events/payments/journey-*.js` — only the `payments/webhook?...&key=` URLs (NOT the admin-auth uses elsewhere in journey tests)
70
-
71
- Use `config.backendManagerWebhookKey || config.backendManagerKey` everywhere so both keys are exercised.
72
-
73
- ### Docs
74
-
75
- - **`docs/stripe-webhook-forwarding.md`** — line 7 + 18 — note the dual-key acceptance, recommend `BACKEND_MANAGER_WEBHOOK_KEY` for new setups, note legacy `BACKEND_MANAGER_KEY` is still accepted for backwards compatibility.
76
- - **`CHANGELOG.md`** — entry under the next version. Categorize under `Changed` (NOT `BREAKING` — that's reserved for Phase 2). Spell out: "Payment webhook + dispute-alert routes now accept either `BACKEND_MANAGER_WEBHOOK_KEY` (preferred) or `BACKEND_MANAGER_KEY` (legacy). Set `BACKEND_MANAGER_WEBHOOK_KEY` in every consumer brand's `.env` and run OMEGA payment ensure before Phase 2 ships."
77
- - **`templates/_.env`** — already declares both keys, no change.
78
-
79
- ### Verification (manual)
80
-
81
- 1. **Local test (no `BACKEND_MANAGER_WEBHOOK_KEY` set)** — confirm legacy fallback still passes:
82
- ```bash
83
- npx mgr test routes/payments/webhook routes/payments/dispute-alert events/payments
84
- ```
85
- Expect green.
86
-
87
- 2. **Local test (`BACKEND_MANAGER_WEBHOOK_KEY` set to a different value)** — confirm the new key is accepted AND the legacy key still works:
88
- ```bash
89
- BACKEND_MANAGER_WEBHOOK_KEY=test-webhook-key npx mgr test routes/payments/webhook routes/payments/dispute-alert events/payments
90
- ```
91
- Expect green.
92
-
93
- 3. **Live spot-check on one brand (Somiibo)** — deploy this BEM release to Somiibo (whose `.env` currently only has `BACKEND_MANAGER_KEY` set OR has both), trigger a Stripe test event, confirm the webhook doc lands in Firestore.
94
-
95
- ## Phase 2 — Drop legacy fallback (future BEM release)
96
-
97
- **Do NOT do this until every consumer brand has been migrated and verified.** Tracking checklist for migration readiness:
98
-
99
- - [ ] Every consumer `.env` has `BACKEND_MANAGER_WEBHOOK_KEY` set (spot-check via OMEGA across all brands)
100
- - [ ] OMEGA `payment/ensure/{stripe,paypal,chargebee}-webhook.js` updated to use `BACKEND_MANAGER_WEBHOOK_KEY` when constructing webhook URLs (see "OMEGA changes" below)
101
- - [ ] OMEGA `--service payment` run across every brand to re-register webhook URLs at Stripe/PayPal/Chargebee with the new key
102
- - [ ] Stale webhook URLs (the old ones with `key=BACKEND_MANAGER_KEY`) deleted from each provider — these will start 401-ing the moment Phase 2 ships
103
- - [ ] At least one live billing cycle (Stripe charge, refund, dispute) observed working end-to-end on the new key for at least 3 brands
104
-
105
- When all boxes are checked, Phase 2 ships as a **breaking change**:
106
-
107
- ```js
108
- // Phase 2 — single-key (legacy removed)
109
- if (!key || key !== process.env.BACKEND_MANAGER_WEBHOOK_KEY) {
110
- return assistant.respond('Invalid key', { code: 401 });
111
- }
112
- ```
113
-
114
- Phase 2 CHANGELOG entry goes under `BREAKING`.
115
-
116
- ## OMEGA changes (separate repo, needed for Phase 2 prep)
117
-
118
- Touched files (do NOT do these in Phase 1 — they're for Phase 2 prep):
119
-
120
- | File | Change |
121
- |---|---|
122
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/stripe-webhook.js` | Line 38: swap `BACKEND_MANAGER_KEY` → `BACKEND_MANAGER_WEBHOOK_KEY`. Line 76 check + line 77 message + line 64 doc comment: update env var name. |
123
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/paypal-webhook.js` | Same change at lines 40, 66, 77, 78, 79. |
124
- | `/Users/ian/Developer/Repositories/ITW-Creative-Works/omega-manager/src/services/payment/ensure/chargebee-webhook.js` | Same change at lines 34, 45, 57, 58, 59. |
125
-
126
- **Idempotent re-registration + stale cleanup:** Each ensure file looks up existing webhooks **by URL**. Since the URL will change (the `key=` query param differs), the existing webhook will NOT match and a new one will be created. The OLD webhook (with the admin key) needs to be cleaned up — otherwise the third party will deliver to both and the old one will start failing 401 once Phase 2 ships.
127
-
128
- Cleanup approach in each ensure file: after creating the new webhook, scan for any other webhook whose URL points at `/payments/webhook?processor={name}` (regardless of key) and delete the stale ones. Match on path prefix, not full URL. Stripe + PayPal + Chargebee all support webhook deletion via the same API methods these files already use for listing.
129
-
130
- Helper: extract a `pathMatchesOurProcessor(url, processor)` in each ensure file — strip query string, match the path-and-processor segment.
131
-
132
- ## Known constraints / gotchas
133
-
134
- 1. **Phase 1 is non-breaking.** Any consumer can deploy this BEM release without touching their `.env` — the legacy key still works.
135
- 2. **`BACKEND_MANAGER_KEY` continues to grant admin via `assistant.authenticate()`.** That hasn't changed; it's still the admin secret for internal API calls (newsletter, send-email, user/delete, ghostii cron, electron-client, oauth2 state encryption). This TODO is *only* about scoping webhook endpoints to a separate key.
136
- 3. **`UNSUBSCRIBE_HMAC_KEY` is unrelated** and stays separate.
137
- 4. **Admin grant is NOT triggered by the webhook routes.** Middleware auto-runs `assistant.authenticate()` via `Usage.init()`, which reads `data.backendManagerKey` from the request body. The three webhook routes get their key via `?key=` query string (NOT body), and their request bodies are third-party payloads (Stripe events, PayPal events, Chargeblast alerts) that can't contain the real admin secret. So switching the routes' validation does NOT remove any admin-grant the handlers depend on — they write to Firestore via `libraries.admin` (Admin SDK, always full access) anyway.
138
- 5. **Test processor self-fire** must use the same key the BEM endpoint accepts, which is why the test processor URL also gets updated in Phase 1.
@@ -1,14 +0,0 @@
1
- https://github.com/disposable-email-domains/disposable-email-domains?tab=readme-ov-file
2
- https://www.npmjs.com/package/disposable-domains
3
- https://github.com/tompec/disposable-email-domains
4
-
5
- Two repos:
6
-
7
- Repo Domains Approach
8
- disposable-email-domains/disposable-email-domains 5,359 Curated, conservative, high confidence
9
- ivolo/disposable-email-domains 121,569 Aggressive, aggregated from many sources, more false positives
10
- Our current list has 854 — so even the smaller curated list is 6x larger.
11
-
12
- For our use case (currently only used to skip marketing sync, not blocking signups), I'd recommend the 5,359 curated list — it's comprehensive enough without being overly aggressive. And if we ever do use it for blocking signups, the false positive risk is much lower.
13
-
14
- Want to swap to that one?
package/TODO.md DELETED
@@ -1,187 +0,0 @@
1
- ????
2
- // Attach assistant to req and res
3
- if (ref.req && ref.res) {
4
- ref.req.assistant = self;
5
- ref.res.assistant = self;
6
- }
7
-
8
- console.log('*** err', err);
9
- console.log('*** req.assistant', req.assistant);
10
- console.log('*** res.assistant', res.assistant);
11
-
12
- # OAUTH2 (INBOUND + OUTBOUND)
13
- UJM + BEM CHANGE
14
- * UJM /oauth2 = for conencting OTHER accounts to user account
15
- * UJM /token = for connecting user account to OTHER accounts
16
- * we should rename this (requires backend change too)
17
- * /authorize (most common says claude) or /connect
18
-
19
- # PAYMETNS
20
- https://github.com/invertase/stripe-firebase-extensions/tree/next/firestore-stripe-payments
21
-
22
- # Make new BEM API using middleware system
23
-
24
- # BEM Test
25
- * Create test accounts (admin, free user, user with paid plan)
26
- * Run tests to ensure each account has correct access to features
27
-
28
- BEM
29
- * Teach it how to mock requests and use test user's SECRET API KEYS to authenticate requests
30
- * BEM should create a few test accounts: basic, then one for each plan level
31
-
32
- TODO
33
- Update deps!!!! theres lots
34
- * we culd have a test that TRIES EACH IMPORT ?? incase updating it fails due to ESM VULLSHIT?
35
-
36
-
37
- TODO
38
- PAYMENT
39
- https://hookdeck.com/webhooks/platforms/guide-to-paypal-webhooks-features-and-best-practices
40
-
41
-
42
- # TEST REWRRK
43
- btw... the account.json needs to be removed. remove it from BEM and the consumong project. when we make our test system, we DO NOT NEED TO STORE THE ACCOUBT IN A JSON file. we just need a source of truth in BEM for what uid/emails to look for
44
-
45
- need a "projectScripts" that creates the npm start, npm test, etc scripts in the consuming project.
46
-
47
- during test run, we need to check that the test accounts exist. we also need to ALWAYS reset them at the begining of the run to ensure they are in the proper format, specifically by resetting their usage, roles, amd subscriptipn
48
-
49
- needa new account type that we can change the subscription level of to test the sub events? maybe _test-upgrade that starts free and we test how it progresses from free to paid to canceled?
50
-
51
- # Use gitignore from backend-manager-tempalte
52
-
53
- # CLEAN
54
- having different ID and UID is messy and annoying, just make it the same
55
- admin: {
56
- id: 'admin',
57
- uid: '_test-admin',
58
- email: '_test.admin@{domain}',
59
-
60
- should be "admin" for ALL
61
-
62
-
63
- # TODO
64
- Update deps
65
- Remove unused deps like
66
- * node-fetch
67
-
68
- # MOVE LEGACY BEM INDIVIDUAL FUNCTIONS TO AN _OLD FOLDER
69
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/create-post-handler.js
70
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/generate-uuid.js
71
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/actions/sign-up-handler.js
72
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/test
73
- /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/src/manager/functions/core/admin
74
-
75
- # Things to deprecate
76
- * api manager
77
-
78
- # Email
79
- Move the sendEmail function to HERE instead of calling ITW
80
-
81
- # BEM TESTS
82
- # User Auth rules
83
- * User can only access their own user doc
84
- * fails when trying to access another user's doc
85
- * succeeds when accessing their own,
86
- * fails when NOT authed
87
- * fails when trying to perform an admin action (can create/use the test:admin http event to test this)
88
- * fails when a user tries to write to a restricted field/key like roles, subscription, usage, etc (SEE RULES)
89
- * Any other rules: /Users/ian/Developer/Repositories/ITW-Creative-Works/backend-manager/templates/firestore.rules
90
- * User can delete their own user doc (can use _test-delete via user:delete http event)
91
- * fails when trying to delete another user's doc
92
- * succeeds when deleting their own,
93
- * fails when NOT authed
94
-
95
- # Signup Flow
96
- * Create a referrer user and a referred user then use user:signup http event on the referred user to test that
97
- * the referral code works and the bonus is applied to the referrer
98
- * something is added to the account to denote it received the signup event??? not sure
99
- * context data is added to the referred user's account
100
- * a second signup event
101
-
102
- # Test
103
- * test:authenticate http event
104
- * success when valid uid
105
- * fail when invalid uid
106
- * fail when no uid
107
- * test admin
108
- * all admin functions fail when not authed as admin
109
- * test each admin function
110
-
111
- # Usage
112
- * Using an account with a specific plan, test that the usage limits are enforced
113
- * success if user has access to the plan
114
- * success if the user is within the usage limits
115
- * fail if the user exceeds the usage limits
116
- * fail if the user is on a plan that does not allow usage (free plan)
117
- * successful usage should increment the usage count
118
-
119
- # Events
120
- * trigger cron daily
121
- * it should reset temp usage for all users
122
- * reset userdocs to current usage = 0
123
-
124
- # Payment
125
- * test subscription upgrade flow via http event
126
- * start with free plan
127
- * upgrade to paid plan
128
- * verify plan is updated
129
- * verify usage limits are updated
130
- * downgrade back to free plan
131
- * verify plan is updated
132
- * verify usage limits are updated
133
-
134
- # BEM API
135
- # Admin
136
- * All functions need to fail when not authed as admin
137
- * then test each one
138
-
139
- # Advanced
140
- * test sub accounts
141
-
142
- # payment system
143
- * dont store a "resolved" status, but make a universal library that frontend and backend use to determine whther a user has access to a plan currently
144
-
145
- # New bem api and test to make
146
- # test:usage
147
- * the fnction itself just utilizes the usage API to increment an arbitrary usage item
148
-
149
- the test should check the usage storage and ensure that it was incremented successfully
150
-
151
- # test for bm_cronDaily
152
- then, we need to test the bm_cronDaily function to ensure that it does its things like clearing the usage storage properly
153
-
154
- # test for schema
155
- * a comprehesive schema with fields that test EVERY possible field type including required, default, min, max, "value" etc (both static and FUNCTIONS)
156
- * test multiple plan levels including unathenticated, basic, & premium
157
-
158
- # quetsion
159
- * how does usage get reset? does it reset daily? or monthly?
160
- * how do we set usage limits?
161
- * per plan? or when users prmeium is updated do we set it inside their doc?
162
- * if we store it per plan, where should we store the plan data? firestore or in code?
163
- * if its firestore we will use lots of reads, if we store in code we have to push new code to update plan limits (not a huge issue)
164
-
165
-
166
- change name from routes/content/post to maye routes/blog/post??? whatfdo you think??
167
-
168
-
169
- # MIGRATIONS
170
- ## user
171
- affiliate: {
172
- referrer: affiliateCode,
173
- },
174
- -->
175
- attribution.affiliate.code
176
-
177
-
178
-
179
-
180
- ## OLD TESTS
181
- "_test": "npm run prepare && ./node_modules/mocha/bin/mocha test/ --recursive --timeout=10000",
182
- "test": "./node_modules/mocha/bin/mocha test/ --recursive --timeout=10000",
183
- "test:cli": "./node_modules/mocha/bin/mocha test/cli-commands.test.js --timeout=10000",
184
- "test:usage": "./node_modules/mocha/bin/mocha test/usage.js --timeout=10000",
185
- "test:payment-resolver": "./node_modules/mocha/bin/mocha test/payment-resolver/index.js --timeout=10000",
186
- "test:user": "./node_modules/mocha/bin/mocha test/user.js --timeout=10000",
187
- "test:ai": "./node_modules/mocha/bin/mocha test/ai/index.js --timeout=10000",