kaven-cli 0.3.0 → 0.4.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/commands/config/features.js +1059 -0
  2. package/dist/commands/init/index.js +21 -0
  3. package/dist/commands/module/activate.js +204 -0
  4. package/dist/core/ModuleDoctor.js +4 -4
  5. package/dist/core/ProjectInitializer.js +28 -0
  6. package/dist/core/SchemaActivator.js +257 -0
  7. package/dist/core/SignatureVerifier.js +7 -4
  8. package/dist/index.js +63 -1
  9. package/package.json +1 -1
package/dist/commands/config/features.js ADDED
@@ -0,0 +1,1059 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ var __importDefault = (this && this.__importDefault) || function (mod) {
36
+ return (mod && mod.__esModule) ? mod : { "default": mod };
37
+ };
38
+ Object.defineProperty(exports, "__esModule", { value: true });
39
+ exports.ALL_CAPABILITIES = void 0;
40
+ exports.generateSeedFile = generateSeedFile;
41
+ exports.configFeatures = configFeatures;
42
+ const chalk_1 = __importDefault(require("chalk"));
43
+ const fs_extra_1 = __importDefault(require("fs-extra"));
44
+ const path_1 = __importDefault(require("path"));
45
+ // ---------------------------------------------------------------------------
46
+ // Capability catalog (63 capabilities, 5 categories)
47
+ // Mirrors packages/database/prisma/seeds/capabilities.seed.ts in kaven-framework
48
+ // Support: 14 | DevOps: 15 | Finance: 12 | Marketing: 10 | Management: 12
49
+ // ---------------------------------------------------------------------------
50
+ exports.ALL_CAPABILITIES = [
51
+ // ===========================
52
+ // SUPPORT (14 capabilities)
53
+ // ===========================
54
+ {
55
+ code: "tickets.read",
56
+ resource: "tickets",
57
+ action: "read",
58
+ description: "View support tickets",
59
+ category: "Support",
60
+ sensitivity: "NORMAL",
61
+ scope: "SPACE",
62
+ },
63
+ {
64
+ code: "tickets.create",
65
+ resource: "tickets",
66
+ action: "create",
67
+ description: "Create new tickets",
68
+ category: "Support",
69
+ sensitivity: "NORMAL",
70
+ scope: "SPACE",
71
+ },
72
+ {
73
+ code: "tickets.update",
74
+ resource: "tickets",
75
+ action: "update",
76
+ description: "Update existing tickets",
77
+ category: "Support",
78
+ sensitivity: "NORMAL",
79
+ scope: "ASSIGNED",
80
+ },
81
+ {
82
+ code: "tickets.delete",
83
+ resource: "tickets",
84
+ action: "delete",
85
+ description: "Delete tickets",
86
+ category: "Support",
87
+ sensitivity: "SENSITIVE",
88
+ scope: "SPACE",
89
+ requiresApproval: true,
90
+ },
91
+ {
92
+ code: "tickets.assign",
93
+ resource: "tickets",
94
+ action: "assign",
95
+ description: "Assign tickets to agents",
96
+ category: "Support",
97
+ sensitivity: "NORMAL",
98
+ scope: "SPACE",
99
+ },
100
+ {
101
+ code: "tickets.close",
102
+ resource: "tickets",
103
+ action: "close",
104
+ description: "Close resolved tickets",
105
+ category: "Support",
106
+ sensitivity: "NORMAL",
107
+ scope: "ASSIGNED",
108
+ },
109
+ {
110
+ code: "tickets.reopen",
111
+ resource: "tickets",
112
+ action: "reopen",
113
+ description: "Reopen closed tickets",
114
+ category: "Support",
115
+ sensitivity: "NORMAL",
116
+ scope: "SPACE",
117
+ },
118
+ {
119
+ code: "tickets.export",
120
+ resource: "tickets",
121
+ action: "export",
122
+ description: "Export ticket data",
123
+ category: "Support",
124
+ sensitivity: "SENSITIVE",
125
+ scope: "SPACE",
126
+ },
127
+ {
128
+ code: "customers.read",
129
+ resource: "customers",
130
+ action: "read",
131
+ description: "View customer data",
132
+ category: "Support",
133
+ sensitivity: "SENSITIVE",
134
+ scope: "TENANT",
135
+ },
136
+ {
137
+ code: "customers.update",
138
+ resource: "customers",
139
+ action: "update",
140
+ description: "Update customer data",
141
+ category: "Support",
142
+ sensitivity: "SENSITIVE",
143
+ scope: "TENANT",
144
+ },
145
+ {
146
+ code: "kb.read",
147
+ resource: "kb",
148
+ action: "read",
149
+ description: "View knowledge base",
150
+ category: "Support",
151
+ sensitivity: "NORMAL",
152
+ scope: "GLOBAL",
153
+ },
154
+ {
155
+ code: "kb.manage",
156
+ resource: "kb",
157
+ action: "manage",
158
+ description: "Manage knowledge base articles",
159
+ category: "Support",
160
+ sensitivity: "NORMAL",
161
+ scope: "SPACE",
162
+ },
163
+ {
164
+ code: "auth.2fa_reset.request",
165
+ resource: "auth",
166
+ action: "2fa_reset_request",
167
+ description: "Request 2FA reset for a user",
168
+ category: "Support",
169
+ sensitivity: "HIGHLY_SENSITIVE",
170
+ scope: "TENANT",
171
+ },
172
+ {
173
+ code: "auth.2fa_reset.execute",
174
+ resource: "auth",
175
+ action: "2fa_reset_execute",
176
+ description: "Execute 2FA reset for a user",
177
+ category: "Support",
178
+ sensitivity: "CRITICAL",
179
+ scope: "TENANT",
180
+ requiresMFA: true,
181
+ requiresApproval: true,
182
+ },
183
+ // ===========================
184
+ // DEVOPS (15 capabilities)
185
+ // ===========================
186
+ {
187
+ code: "servers.read",
188
+ resource: "servers",
189
+ action: "read",
190
+ description: "View server information",
191
+ category: "DevOps",
192
+ sensitivity: "SENSITIVE",
193
+ scope: "GLOBAL",
194
+ },
195
+ {
196
+ code: "servers.manage",
197
+ resource: "servers",
198
+ action: "manage",
199
+ description: "Manage server configurations",
200
+ category: "DevOps",
201
+ sensitivity: "CRITICAL",
202
+ scope: "GLOBAL",
203
+ requiresMFA: true,
204
+ requiresApproval: true,
205
+ },
206
+ {
207
+ code: "deployments.read",
208
+ resource: "deployments",
209
+ action: "read",
210
+ description: "View deployment history",
211
+ category: "DevOps",
212
+ sensitivity: "NORMAL",
213
+ scope: "GLOBAL",
214
+ },
215
+ {
216
+ code: "deployments.create",
217
+ resource: "deployments",
218
+ action: "create",
219
+ description: "Create new deployments",
220
+ category: "DevOps",
221
+ sensitivity: "CRITICAL",
222
+ scope: "GLOBAL",
223
+ requiresMFA: true,
224
+ },
225
+ {
226
+ code: "deployments.rollback",
227
+ resource: "deployments",
228
+ action: "rollback",
229
+ description: "Rollback deployments",
230
+ category: "DevOps",
231
+ sensitivity: "CRITICAL",
232
+ scope: "GLOBAL",
233
+ requiresMFA: true,
234
+ requiresApproval: true,
235
+ },
236
+ {
237
+ code: "logs.read",
238
+ resource: "logs",
239
+ action: "read",
240
+ description: "View system logs",
241
+ category: "DevOps",
242
+ sensitivity: "SENSITIVE",
243
+ scope: "GLOBAL",
244
+ },
245
+ {
246
+ code: "logs.export",
247
+ resource: "logs",
248
+ action: "export",
249
+ description: "Export system logs",
250
+ category: "DevOps",
251
+ sensitivity: "HIGHLY_SENSITIVE",
252
+ scope: "GLOBAL",
253
+ requiresApproval: true,
254
+ },
255
+ {
256
+ code: "monitoring.read",
257
+ resource: "monitoring",
258
+ action: "read",
259
+ description: "View monitoring metrics",
260
+ category: "DevOps",
261
+ sensitivity: "NORMAL",
262
+ scope: "GLOBAL",
263
+ },
264
+ {
265
+ code: "monitoring.manage",
266
+ resource: "monitoring",
267
+ action: "manage",
268
+ description: "Manage alerts and dashboards",
269
+ category: "DevOps",
270
+ sensitivity: "SENSITIVE",
271
+ scope: "GLOBAL",
272
+ },
273
+ {
274
+ code: "database.read",
275
+ resource: "database",
276
+ action: "read",
277
+ description: "View database information",
278
+ category: "DevOps",
279
+ sensitivity: "HIGHLY_SENSITIVE",
280
+ scope: "GLOBAL",
281
+ requiresMFA: true,
282
+ },
283
+ {
284
+ code: "database.backup",
285
+ resource: "database",
286
+ action: "backup",
287
+ description: "Create database backups",
288
+ category: "DevOps",
289
+ sensitivity: "CRITICAL",
290
+ scope: "GLOBAL",
291
+ requiresMFA: true,
292
+ },
293
+ {
294
+ code: "database.restore",
295
+ resource: "database",
296
+ action: "restore",
297
+ description: "Restore database backups",
298
+ category: "DevOps",
299
+ sensitivity: "CRITICAL",
300
+ scope: "GLOBAL",
301
+ requiresMFA: true,
302
+ requiresApproval: true,
303
+ },
304
+ {
305
+ code: "secrets.read",
306
+ resource: "secrets",
307
+ action: "read",
308
+ description: "View secrets and environment variables",
309
+ category: "DevOps",
310
+ sensitivity: "CRITICAL",
311
+ scope: "GLOBAL",
312
+ requiresMFA: true,
313
+ },
314
+ {
315
+ code: "secrets.manage",
316
+ resource: "secrets",
317
+ action: "manage",
318
+ description: "Manage secrets and environment variables",
319
+ category: "DevOps",
320
+ sensitivity: "CRITICAL",
321
+ scope: "GLOBAL",
322
+ requiresMFA: true,
323
+ requiresApproval: true,
324
+ },
325
+ {
326
+ code: "incidents.manage",
327
+ resource: "incidents",
328
+ action: "manage",
329
+ description: "Manage production incidents",
330
+ category: "DevOps",
331
+ sensitivity: "SENSITIVE",
332
+ scope: "GLOBAL",
333
+ },
334
+ // ===========================
335
+ // FINANCE (12 capabilities)
336
+ // ===========================
337
+ {
338
+ code: "invoices.read",
339
+ resource: "invoices",
340
+ action: "read",
341
+ description: "View invoices",
342
+ category: "Finance",
343
+ sensitivity: "SENSITIVE",
344
+ scope: "TENANT",
345
+ },
346
+ {
347
+ code: "invoices.create",
348
+ resource: "invoices",
349
+ action: "create",
350
+ description: "Create new invoices",
351
+ category: "Finance",
352
+ sensitivity: "SENSITIVE",
353
+ scope: "TENANT",
354
+ },
355
+ {
356
+ code: "invoices.update",
357
+ resource: "invoices",
358
+ action: "update",
359
+ description: "Update existing invoices",
360
+ category: "Finance",
361
+ sensitivity: "SENSITIVE",
362
+ scope: "TENANT",
363
+ requiresApproval: true,
364
+ },
365
+ {
366
+ code: "invoices.delete",
367
+ resource: "invoices",
368
+ action: "delete",
369
+ description: "Delete invoices",
370
+ category: "Finance",
371
+ sensitivity: "HIGHLY_SENSITIVE",
372
+ scope: "TENANT",
373
+ requiresMFA: true,
374
+ requiresApproval: true,
375
+ },
376
+ {
377
+ code: "payments.read",
378
+ resource: "payments",
379
+ action: "read",
380
+ description: "View payments",
381
+ category: "Finance",
382
+ sensitivity: "SENSITIVE",
383
+ scope: "TENANT",
384
+ },
385
+ {
386
+ code: "payments.process",
387
+ resource: "payments",
388
+ action: "process",
389
+ description: "Process payments",
390
+ category: "Finance",
391
+ sensitivity: "HIGHLY_SENSITIVE",
392
+ scope: "TENANT",
393
+ requiresMFA: true,
394
+ },
395
+ {
396
+ code: "refunds.create",
397
+ resource: "refunds",
398
+ action: "create",
399
+ description: "Create refunds",
400
+ category: "Finance",
401
+ sensitivity: "HIGHLY_SENSITIVE",
402
+ scope: "TENANT",
403
+ requiresApproval: true,
404
+ },
405
+ {
406
+ code: "refunds.approve",
407
+ resource: "refunds",
408
+ action: "approve",
409
+ description: "Approve refunds",
410
+ category: "Finance",
411
+ sensitivity: "CRITICAL",
412
+ scope: "TENANT",
413
+ requiresMFA: true,
414
+ },
415
+ {
416
+ code: "subscriptions.read",
417
+ resource: "subscriptions",
418
+ action: "read",
419
+ description: "View subscriptions",
420
+ category: "Finance",
421
+ sensitivity: "SENSITIVE",
422
+ scope: "TENANT",
423
+ },
424
+ {
425
+ code: "subscriptions.manage",
426
+ resource: "subscriptions",
427
+ action: "manage",
428
+ description: "Manage subscriptions",
429
+ category: "Finance",
430
+ sensitivity: "SENSITIVE",
431
+ scope: "TENANT",
432
+ },
433
+ {
434
+ code: "reports.financial",
435
+ resource: "reports",
436
+ action: "financial",
437
+ description: "Generate financial reports",
438
+ category: "Finance",
439
+ sensitivity: "HIGHLY_SENSITIVE",
440
+ scope: "GLOBAL",
441
+ },
442
+ {
443
+ code: "analytics.revenue",
444
+ resource: "analytics",
445
+ action: "revenue",
446
+ description: "View revenue analytics",
447
+ category: "Finance",
448
+ sensitivity: "HIGHLY_SENSITIVE",
449
+ scope: "GLOBAL",
450
+ },
451
+ // ===========================
452
+ // MARKETING (10 capabilities)
453
+ // ===========================
454
+ {
455
+ code: "campaigns.read",
456
+ resource: "campaigns",
457
+ action: "read",
458
+ description: "View marketing campaigns",
459
+ category: "Marketing",
460
+ sensitivity: "NORMAL",
461
+ scope: "SPACE",
462
+ },
463
+ {
464
+ code: "campaigns.create",
465
+ resource: "campaigns",
466
+ action: "create",
467
+ description: "Create new campaigns",
468
+ category: "Marketing",
469
+ sensitivity: "NORMAL",
470
+ scope: "SPACE",
471
+ },
472
+ {
473
+ code: "campaigns.update",
474
+ resource: "campaigns",
475
+ action: "update",
476
+ description: "Update existing campaigns",
477
+ category: "Marketing",
478
+ sensitivity: "NORMAL",
479
+ scope: "SPACE",
480
+ },
481
+ {
482
+ code: "campaigns.delete",
483
+ resource: "campaigns",
484
+ action: "delete",
485
+ description: "Delete campaigns",
486
+ category: "Marketing",
487
+ sensitivity: "SENSITIVE",
488
+ scope: "SPACE",
489
+ requiresApproval: true,
490
+ },
491
+ {
492
+ code: "emails.send",
493
+ resource: "emails",
494
+ action: "send",
495
+ description: "Send marketing emails",
496
+ category: "Marketing",
497
+ sensitivity: "SENSITIVE",
498
+ scope: "SPACE",
499
+ },
500
+ {
501
+ code: "emails.templates",
502
+ resource: "emails",
503
+ action: "templates",
504
+ description: "Manage email templates",
505
+ category: "Marketing",
506
+ sensitivity: "NORMAL",
507
+ scope: "SPACE",
508
+ },
509
+ {
510
+ code: "analytics.marketing",
511
+ resource: "analytics",
512
+ action: "marketing",
513
+ description: "View marketing analytics",
514
+ category: "Marketing",
515
+ sensitivity: "NORMAL",
516
+ scope: "SPACE",
517
+ },
518
+ {
519
+ code: "leads.read",
520
+ resource: "leads",
521
+ action: "read",
522
+ description: "View leads",
523
+ category: "Marketing",
524
+ sensitivity: "SENSITIVE",
525
+ scope: "SPACE",
526
+ },
527
+ {
528
+ code: "leads.manage",
529
+ resource: "leads",
530
+ action: "manage",
531
+ description: "Manage leads",
532
+ category: "Marketing",
533
+ sensitivity: "SENSITIVE",
534
+ scope: "SPACE",
535
+ },
536
+ {
537
+ code: "content.publish",
538
+ resource: "content",
539
+ action: "publish",
540
+ description: "Publish content",
541
+ category: "Marketing",
542
+ sensitivity: "NORMAL",
543
+ scope: "SPACE",
544
+ },
545
+ // ===========================
546
+ // MANAGEMENT (11 capabilities)
547
+ // ===========================
548
+ {
549
+ code: "users.read",
550
+ resource: "users",
551
+ action: "read",
552
+ description: "View users",
553
+ category: "Management",
554
+ sensitivity: "SENSITIVE",
555
+ scope: "TENANT",
556
+ },
557
+ {
558
+ code: "users.create",
559
+ resource: "users",
560
+ action: "create",
561
+ description: "Create new users",
562
+ category: "Management",
563
+ sensitivity: "SENSITIVE",
564
+ scope: "TENANT",
565
+ },
566
+ {
567
+ code: "users.update",
568
+ resource: "users",
569
+ action: "update",
570
+ description: "Update existing users",
571
+ category: "Management",
572
+ sensitivity: "SENSITIVE",
573
+ scope: "TENANT",
574
+ },
575
+ {
576
+ code: "users.delete",
577
+ resource: "users",
578
+ action: "delete",
579
+ description: "Delete users",
580
+ category: "Management",
581
+ sensitivity: "HIGHLY_SENSITIVE",
582
+ scope: "TENANT",
583
+ requiresApproval: true,
584
+ },
585
+ {
586
+ code: "roles.read",
587
+ resource: "roles",
588
+ action: "read",
589
+ description: "View roles and permissions",
590
+ category: "Management",
591
+ sensitivity: "SENSITIVE",
592
+ scope: "SPACE",
593
+ },
594
+ {
595
+ code: "roles.manage",
596
+ resource: "roles",
597
+ action: "manage",
598
+ description: "Manage roles and permissions",
599
+ category: "Management",
600
+ sensitivity: "CRITICAL",
601
+ scope: "SPACE",
602
+ requiresMFA: true,
603
+ requiresApproval: true,
604
+ },
605
+ {
606
+ code: "audit.read",
607
+ resource: "audit",
608
+ action: "read",
609
+ description: "View audit logs",
610
+ category: "Management",
611
+ sensitivity: "HIGHLY_SENSITIVE",
612
+ scope: "GLOBAL",
613
+ },
614
+ {
615
+ code: "audit.export",
616
+ resource: "audit",
617
+ action: "export",
618
+ description: "Export audit logs",
619
+ category: "Management",
620
+ sensitivity: "CRITICAL",
621
+ scope: "GLOBAL",
622
+ requiresMFA: true,
623
+ requiresApproval: true,
624
+ },
625
+ {
626
+ code: "settings.read",
627
+ resource: "settings",
628
+ action: "read",
629
+ description: "View platform settings",
630
+ category: "Management",
631
+ sensitivity: "SENSITIVE",
632
+ scope: "GLOBAL",
633
+ },
634
+ {
635
+ code: "settings.manage",
636
+ resource: "settings",
637
+ action: "manage",
638
+ description: "Manage platform settings",
639
+ category: "Management",
640
+ sensitivity: "CRITICAL",
641
+ scope: "GLOBAL",
642
+ requiresMFA: true,
643
+ requiresApproval: true,
644
+ },
645
+ {
646
+ code: "impersonate.user",
647
+ resource: "impersonate",
648
+ action: "user",
649
+ description: "Impersonate other users",
650
+ category: "Management",
651
+ sensitivity: "CRITICAL",
652
+ scope: "GLOBAL",
653
+ requiresMFA: true,
654
+ requiresApproval: true,
655
+ },
656
+ {
657
+ code: "users.export",
658
+ resource: "users",
659
+ action: "export",
660
+ description: "Export user list (CSV)",
661
+ category: "Management",
662
+ sensitivity: "HIGHLY_SENSITIVE",
663
+ scope: "TENANT",
664
+ requiresMFA: true,
665
+ requiresApproval: true,
666
+ },
667
+ ];
668
+ // ---------------------------------------------------------------------------
669
+ // Tier presets — which capability codes are enabled per tier
670
+ // ---------------------------------------------------------------------------
671
+ const TIER_PRESETS = {
672
+ starter: [
673
+ // Support basics
674
+ "tickets.read",
675
+ "tickets.create",
676
+ "tickets.update",
677
+ "tickets.assign",
678
+ "tickets.close",
679
+ "tickets.reopen",
680
+ "customers.read",
681
+ "kb.read",
682
+ // Management basics
683
+ "users.read",
684
+ "users.create",
685
+ "users.update",
686
+ "roles.read",
687
+ "settings.read",
688
+ ],
689
+ complete: [
690
+ // All Starter capabilities
691
+ "tickets.read",
692
+ "tickets.create",
693
+ "tickets.update",
694
+ "tickets.assign",
695
+ "tickets.close",
696
+ "tickets.reopen",
697
+ "tickets.delete",
698
+ "tickets.export",
699
+ "customers.read",
700
+ "customers.update",
701
+ "kb.read",
702
+ "kb.manage",
703
+ // DevOps basics
704
+ "deployments.read",
705
+ "logs.read",
706
+ "monitoring.read",
707
+ "monitoring.manage",
708
+ "incidents.manage",
709
+ // Finance basics
710
+ "invoices.read",
711
+ "invoices.create",
712
+ "payments.read",
713
+ "subscriptions.read",
714
+ "subscriptions.manage",
715
+ // Marketing
716
+ "campaigns.read",
717
+ "campaigns.create",
718
+ "campaigns.update",
719
+ "emails.templates",
720
+ "analytics.marketing",
721
+ "leads.read",
722
+ "content.publish",
723
+ // Management
724
+ "users.read",
725
+ "users.create",
726
+ "users.update",
727
+ "users.delete",
728
+ "roles.read",
729
+ "roles.manage",
730
+ "settings.read",
731
+ "settings.manage",
732
+ ],
733
+ pro: [
734
+ // All Complete capabilities
735
+ "tickets.read",
736
+ "tickets.create",
737
+ "tickets.update",
738
+ "tickets.assign",
739
+ "tickets.close",
740
+ "tickets.reopen",
741
+ "tickets.delete",
742
+ "tickets.export",
743
+ "customers.read",
744
+ "customers.update",
745
+ "kb.read",
746
+ "kb.manage",
747
+ "auth.2fa_reset.request",
748
+ // DevOps extended
749
+ "servers.read",
750
+ "deployments.read",
751
+ "deployments.create",
752
+ "logs.read",
753
+ "logs.export",
754
+ "monitoring.read",
755
+ "monitoring.manage",
756
+ "database.read",
757
+ "incidents.manage",
758
+ // Finance extended
759
+ "invoices.read",
760
+ "invoices.create",
761
+ "invoices.update",
762
+ "payments.read",
763
+ "payments.process",
764
+ "refunds.create",
765
+ "refunds.approve",
766
+ "subscriptions.read",
767
+ "subscriptions.manage",
768
+ "reports.financial",
769
+ "analytics.revenue",
770
+ // Marketing full
771
+ "campaigns.read",
772
+ "campaigns.create",
773
+ "campaigns.update",
774
+ "campaigns.delete",
775
+ "emails.send",
776
+ "emails.templates",
777
+ "analytics.marketing",
778
+ "leads.read",
779
+ "leads.manage",
780
+ "content.publish",
781
+ // Management extended
782
+ "users.read",
783
+ "users.create",
784
+ "users.update",
785
+ "users.delete",
786
+ "users.export",
787
+ "roles.read",
788
+ "roles.manage",
789
+ "audit.read",
790
+ "settings.read",
791
+ "settings.manage",
792
+ ],
793
+ enterprise: exports.ALL_CAPABILITIES.map((c) => c.code),
794
+ };
795
+ // ---------------------------------------------------------------------------
796
+ // Helpers
797
+ // ---------------------------------------------------------------------------
798
+ function sensitivityBadge(s) {
799
+ switch (s) {
800
+ case "NORMAL":
801
+ return chalk_1.default.green("[NORMAL]");
802
+ case "SENSITIVE":
803
+ return chalk_1.default.yellow("[SENSITIVE]");
804
+ case "HIGHLY_SENSITIVE":
805
+ return chalk_1.default.red("[HIGH]");
806
+ case "CRITICAL":
807
+ return chalk_1.default.bgRed.white("[CRITICAL]");
808
+ }
809
+ }
810
+ function groupByCategory(caps) {
811
+ const map = new Map();
812
+ for (const cap of caps) {
813
+ const existing = map.get(cap.category) ?? [];
814
+ existing.push(cap);
815
+ map.set(cap.category, existing);
816
+ }
817
+ return map;
818
+ }
819
+ function tierLabel(tier) {
820
+ const labels = {
821
+ starter: chalk_1.default.green("Starter"),
822
+ complete: chalk_1.default.yellow("Complete"),
823
+ pro: chalk_1.default.magenta("Pro"),
824
+ enterprise: chalk_1.default.cyan("Enterprise"),
825
+ };
826
+ return labels[tier];
827
+ }
828
+ // ---------------------------------------------------------------------------
829
+ // Seed file generator
830
+ // ---------------------------------------------------------------------------
831
+ function generateSeedFile(selectedCodes) {
832
+ const selectedSet = new Set(selectedCodes);
833
+ const selected = exports.ALL_CAPABILITIES.filter((c) => selectedSet.has(c.code));
834
+ const grouped = groupByCategory(selected);
835
+ const blocks = [];
836
+ for (const [category, caps] of grouped) {
837
+ const items = caps
838
+ .map((c) => {
839
+ const lines = [
840
+ ` {`,
841
+ ` code: '${c.code}',`,
842
+ ` resource: '${c.resource}',`,
843
+ ` action: '${c.action}',`,
844
+ ` description: '${c.description}',`,
845
+ ` category: '${c.category}',`,
846
+ ` sensitivity: CapabilitySensitivity.${c.sensitivity},`,
847
+ ` scope: CapabilityScope.${c.scope},`,
848
+ ];
849
+ if (c.requiresMFA)
850
+ lines.push(` requiresMFA: true,`);
851
+ if (c.requiresApproval)
852
+ lines.push(` requiresApproval: true,`);
853
+ lines.push(` },`);
854
+ return lines.join("\n");
855
+ })
856
+ .join("\n");
857
+ blocks.push(` // ===========================\n // ${category.toUpperCase()} (${caps.length} capabilities)\n // ===========================\n${items}`);
858
+ }
859
+ return `import { PrismaClient, CapabilitySensitivity, CapabilityScope } from '@prisma/client';
860
+
861
+ const prisma = new PrismaClient();
862
+
863
+ /**
864
+ * Seed de Capabilities gerado por: kaven config features
865
+ * Generated at: ${new Date().toISOString()}
866
+ *
867
+ * Total: ${selected.length} capabilities
868
+ * Categories: ${[...grouped.keys()].join(', ')}
869
+ */
870
+
871
+ export async function seedCapabilities() {
872
+ console.log('🔐 Seeding Capabilities...');
873
+
874
+ const capabilities = [
875
+ ${blocks.join("\n\n")}
876
+ ];
877
+
878
+ let created = 0;
879
+ let skipped = 0;
880
+
881
+ for (const capability of capabilities) {
882
+ const existing = await prisma.capability.findUnique({
883
+ where: { code: capability.code },
884
+ });
885
+
886
+ if (existing) {
887
+ skipped++;
888
+ continue;
889
+ }
890
+
891
+ await prisma.capability.create({
892
+ data: capability,
893
+ });
894
+ created++;
895
+ }
896
+
897
+ console.log(\`✅ Capabilities: \${created} criadas, \${skipped} já existiam\`);
898
+ console.log(\`📊 Total de capabilities: \${capabilities.length}\`);
899
+ }
900
+ `;
901
+ }
902
+ // ---------------------------------------------------------------------------
903
+ // --list mode
904
+ // ---------------------------------------------------------------------------
905
+ function printList() {
906
+ const grouped = groupByCategory(exports.ALL_CAPABILITIES);
907
+ console.log();
908
+ console.log(chalk_1.default.bold.underline("Kaven Framework — Capability Catalog"));
909
+ console.log(chalk_1.default.gray(`${exports.ALL_CAPABILITIES.length} capabilities total\n`));
910
+ for (const [category, caps] of grouped) {
911
+ console.log(chalk_1.default.bold.cyan(` ${category} (${caps.length})`));
912
+ for (const cap of caps) {
913
+ const flags = [];
914
+ if (cap.requiresMFA)
915
+ flags.push(chalk_1.default.red("MFA"));
916
+ if (cap.requiresApproval)
917
+ flags.push(chalk_1.default.yellow("APPROVAL"));
918
+ const flagStr = flags.length > 0 ? ` ${flags.join(" ")}` : "";
919
+ console.log(` ${chalk_1.default.white(cap.code.padEnd(30))} ${sensitivityBadge(cap.sensitivity)}${flagStr}`);
920
+ console.log(` ${chalk_1.default.gray(cap.description)}`);
921
+ }
922
+ console.log();
923
+ }
924
+ console.log(chalk_1.default.bold("Tier presets:"));
925
+ for (const tier of ["starter", "complete", "pro", "enterprise"]) {
926
+ console.log(` ${tierLabel(tier).padEnd(20)} ${chalk_1.default.gray(`${TIER_PRESETS[tier].length} capabilities`)}`);
927
+ }
928
+ console.log();
929
+ }
930
+ // ---------------------------------------------------------------------------
931
+ // Non-interactive --tier mode
932
+ // ---------------------------------------------------------------------------
933
+ async function applyTierDirect(tier, outputPath) {
934
+ const codes = TIER_PRESETS[tier];
935
+ console.log();
936
+ console.log(`${chalk_1.default.bold("Applying tier:")} ${tierLabel(tier)} (${codes.length} capabilities)`);
937
+ const content = generateSeedFile(codes);
938
+ await fs_extra_1.default.ensureDir(path_1.default.dirname(outputPath));
939
+ await fs_extra_1.default.writeFile(outputPath, content, "utf-8");
940
+ console.log(chalk_1.default.green(`✅ Seed file written to: ${outputPath}`));
941
+ console.log(chalk_1.default.gray("Run `pnpm prisma db seed` to apply capabilities to your database."));
942
+ console.log();
943
+ }
944
+ // ---------------------------------------------------------------------------
945
+ // Interactive TUI mode
946
+ // ---------------------------------------------------------------------------
947
+ async function runInteractive(outputPath) {
948
+ const { select, confirm } = await Promise.resolve().then(() => __importStar(require("@inquirer/prompts")));
949
+ // checkbox está disponível em runtime via @inquirer/prompts mas a definição de tipos
950
+ // não resolve @inquirer/checkbox no node_modules direto (pacote linkado via pnpm store).
951
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
952
+ const checkboxMod = require("@inquirer/prompts");
953
+ const checkbox = checkboxMod.checkbox;
954
+ console.log();
955
+ console.log(chalk_1.default.bold.underline("Kaven Feature Flag Configuration"));
956
+ console.log(chalk_1.default.gray("Select a base tier and optionally customize individual capabilities.\n"));
957
+ // Step 1: Base tier selection
958
+ const tierChoices = ["starter", "complete", "pro", "enterprise"].map((t) => ({
959
+ name: `${tierLabel(t)} — ${TIER_PRESETS[t].length} capabilities`,
960
+ value: t,
961
+ }));
962
+ tierChoices.push({ name: chalk_1.default.red("Cancel"), value: "cancel" });
963
+ const selectedTier = await select({
964
+ message: "Select a base tier:",
965
+ choices: tierChoices,
966
+ });
967
+ if (selectedTier === "cancel") {
968
+ console.log(chalk_1.default.yellow("Cancelled."));
969
+ return;
970
+ }
971
+ const baseCodes = new Set(TIER_PRESETS[selectedTier]);
972
+ console.log(`\n${chalk_1.default.green("✓")} Base: ${tierLabel(selectedTier)} — ${baseCodes.size} capabilities loaded\n`);
973
+ // Step 2: Optional customization per category
974
+ const customize = await confirm({
975
+ message: "Customize individual capabilities?",
976
+ default: false,
977
+ });
978
+ let finalCodes;
979
+ if (!customize) {
980
+ finalCodes = [...baseCodes];
981
+ }
982
+ else {
983
+ const grouped = groupByCategory(exports.ALL_CAPABILITIES);
984
+ const customSelected = [];
985
+ for (const [category, caps] of grouped) {
986
+ console.log(`\n${chalk_1.default.bold.cyan(` ${category}`)}`);
987
+ const choices = caps.map((c) => {
988
+ const flags = [];
989
+ if (c.requiresMFA)
990
+ flags.push("MFA");
991
+ if (c.requiresApproval)
992
+ flags.push("APPROVAL");
993
+ const flagStr = flags.length > 0 ? ` [${flags.join(",")}]` : "";
994
+ return {
995
+ name: `${c.code.padEnd(32)} ${sensitivityBadge(c.sensitivity)}${flagStr} — ${c.description}`,
996
+ value: c.code,
997
+ checked: baseCodes.has(c.code),
998
+ };
999
+ });
1000
+ const selected = await checkbox({
1001
+ message: `${category} capabilities:`,
1002
+ choices,
1003
+ });
1004
+ customSelected.push(...selected);
1005
+ }
1006
+ finalCodes = customSelected;
1007
+ }
1008
+ if (finalCodes.length === 0) {
1009
+ console.log(chalk_1.default.yellow("\nNo capabilities selected. Seed file not written."));
1010
+ return;
1011
+ }
1012
+ // Step 3: Preview and confirm
1013
+ const grouped = groupByCategory(exports.ALL_CAPABILITIES.filter((c) => finalCodes.includes(c.code)));
1014
+ console.log();
1015
+ console.log(chalk_1.default.bold.underline("Summary:"));
1016
+ for (const [category, caps] of grouped) {
1017
+ console.log(` ${chalk_1.default.cyan(category)}: ${caps.length} capabilities`);
1018
+ }
1019
+ console.log(` ${chalk_1.default.bold("Total:")} ${finalCodes.length} capabilities`);
1020
+ console.log(` ${chalk_1.default.bold("Output:")} ${chalk_1.default.dim(outputPath)}`);
1021
+ console.log();
1022
+ const proceed = await confirm({
1023
+ message: "Write capabilities.seed.ts?",
1024
+ default: true,
1025
+ });
1026
+ if (!proceed) {
1027
+ console.log(chalk_1.default.yellow("Cancelled."));
1028
+ return;
1029
+ }
1030
+ const content = generateSeedFile(finalCodes);
1031
+ await fs_extra_1.default.ensureDir(path_1.default.dirname(outputPath));
1032
+ await fs_extra_1.default.writeFile(outputPath, content, "utf-8");
1033
+ console.log(chalk_1.default.green(`\n✅ Seed file written to: ${outputPath}`));
1034
+ console.log(chalk_1.default.gray("Run `pnpm prisma db seed` to apply capabilities to your database.\n"));
1035
+ }
1036
+ // ---------------------------------------------------------------------------
1037
+ // Public entry point
1038
+ // ---------------------------------------------------------------------------
1039
+ async function configFeatures(options) {
1040
+ const outputPath = options.outputPath ??
1041
+ path_1.default.join(process.cwd(), "packages", "database", "prisma", "seeds", "capabilities.seed.ts");
1042
+ // --list: just print the catalog, no writes
1043
+ if (options.list) {
1044
+ printList();
1045
+ return;
1046
+ }
1047
+ // --tier: non-interactive direct apply
1048
+ if (options.tier) {
1049
+ const validTiers = ["starter", "complete", "pro", "enterprise"];
1050
+ if (!validTiers.includes(options.tier)) {
1051
+ console.error(chalk_1.default.red(`Error: Invalid tier "${options.tier}". Valid options: ${validTiers.join(", ")}`));
1052
+ process.exit(1);
1053
+ }
1054
+ await applyTierDirect(options.tier, outputPath);
1055
+ return;
1056
+ }
1057
+ // Interactive TUI
1058
+ await runInteractive(outputPath);
1059
+ }