kaven-cli 0.4.0-alpha.1 → 0.4.1-alpha.0

package/dist/commands/config/features.js

@@ -1,1059 +1,161 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ALL_CAPABILITIES = void 0;
-exports.generateSeedFile = generateSeedFile;
 exports.configFeatures = configFeatures;
 const chalk_1 = __importDefault(require("chalk"));
 const fs_extra_1 = __importDefault(require("fs-extra"));
 const path_1 = __importDefault(require("path"));
-// ---------------------------------------------------------------------------
-// Capability catalog (63 capabilities, 5 categories)
-// Mirrors packages/database/prisma/seeds/capabilities.seed.ts in kaven-framework
-// Support: 14 | DevOps: 15 | Finance: 12 | Marketing: 10 | Management: 12
-// ---------------------------------------------------------------------------
-exports.ALL_CAPABILITIES = [
-    // ===========================
-    // SUPPORT (14 capabilities)
-    // ===========================
-    {
-        code: "tickets.read",
-        resource: "tickets",
-        action: "read",
-        description: "View support tickets",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "tickets.create",
-        resource: "tickets",
-        action: "create",
-        description: "Create new tickets",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "tickets.update",
-        resource: "tickets",
-        action: "update",
-        description: "Update existing tickets",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "ASSIGNED",
-    },
-    {
-        code: "tickets.delete",
-        resource: "tickets",
-        action: "delete",
-        description: "Delete tickets",
-        category: "Support",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-        requiresApproval: true,
-    },
-    {
-        code: "tickets.assign",
-        resource: "tickets",
-        action: "assign",
-        description: "Assign tickets to agents",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "tickets.close",
-        resource: "tickets",
-        action: "close",
-        description: "Close resolved tickets",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "ASSIGNED",
-    },
-    {
-        code: "tickets.reopen",
-        resource: "tickets",
-        action: "reopen",
-        description: "Reopen closed tickets",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "tickets.export",
-        resource: "tickets",
-        action: "export",
-        description: "Export ticket data",
-        category: "Support",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-    },
-    {
-        code: "customers.read",
-        resource: "customers",
-        action: "read",
-        description: "View customer data",
-        category: "Support",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "customers.update",
-        resource: "customers",
-        action: "update",
-        description: "Update customer data",
-        category: "Support",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "kb.read",
-        resource: "kb",
-        action: "read",
-        description: "View knowledge base",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "GLOBAL",
-    },
-    {
-        code: "kb.manage",
-        resource: "kb",
-        action: "manage",
-        description: "Manage knowledge base articles",
-        category: "Support",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "auth.2fa_reset.request",
-        resource: "auth",
-        action: "2fa_reset_request",
-        description: "Request 2FA reset for a user",
-        category: "Support",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "auth.2fa_reset.execute",
-        resource: "auth",
-        action: "2fa_reset_execute",
-        description: "Execute 2FA reset for a user",
-        category: "Support",
-        sensitivity: "CRITICAL",
-        scope: "TENANT",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    // ===========================
-    // DEVOPS (15 capabilities)
-    // ===========================
-    {
-        code: "servers.read",
-        resource: "servers",
-        action: "read",
-        description: "View server information",
-        category: "DevOps",
-        sensitivity: "SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "servers.manage",
-        resource: "servers",
-        action: "manage",
-        description: "Manage server configurations",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "deployments.read",
-        resource: "deployments",
-        action: "read",
-        description: "View deployment history",
-        category: "DevOps",
-        sensitivity: "NORMAL",
-        scope: "GLOBAL",
-    },
-    {
-        code: "deployments.create",
-        resource: "deployments",
-        action: "create",
-        description: "Create new deployments",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-    },
-    {
-        code: "deployments.rollback",
-        resource: "deployments",
-        action: "rollback",
-        description: "Rollback deployments",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "logs.read",
-        resource: "logs",
-        action: "read",
-        description: "View system logs",
-        category: "DevOps",
-        sensitivity: "SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "logs.export",
-        resource: "logs",
-        action: "export",
-        description: "Export system logs",
-        category: "DevOps",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "GLOBAL",
-        requiresApproval: true,
-    },
-    {
-        code: "monitoring.read",
-        resource: "monitoring",
-        action: "read",
-        description: "View monitoring metrics",
-        category: "DevOps",
-        sensitivity: "NORMAL",
-        scope: "GLOBAL",
-    },
-    {
-        code: "monitoring.manage",
-        resource: "monitoring",
-        action: "manage",
-        description: "Manage alerts and dashboards",
-        category: "DevOps",
-        sensitivity: "SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "database.read",
-        resource: "database",
-        action: "read",
-        description: "View database information",
-        category: "DevOps",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "GLOBAL",
-        requiresMFA: true,
-    },
-    {
-        code: "database.backup",
-        resource: "database",
-        action: "backup",
-        description: "Create database backups",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-    },
-    {
-        code: "database.restore",
-        resource: "database",
-        action: "restore",
-        description: "Restore database backups",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "secrets.read",
-        resource: "secrets",
-        action: "read",
-        description: "View secrets and environment variables",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-    },
-    {
-        code: "secrets.manage",
-        resource: "secrets",
-        action: "manage",
-        description: "Manage secrets and environment variables",
-        category: "DevOps",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "incidents.manage",
-        resource: "incidents",
-        action: "manage",
-        description: "Manage production incidents",
-        category: "DevOps",
-        sensitivity: "SENSITIVE",
-        scope: "GLOBAL",
-    },
-    // ===========================
-    // FINANCE (12 capabilities)
-    // ===========================
-    {
-        code: "invoices.read",
-        resource: "invoices",
-        action: "read",
-        description: "View invoices",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "invoices.create",
-        resource: "invoices",
-        action: "create",
-        description: "Create new invoices",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "invoices.update",
-        resource: "invoices",
-        action: "update",
-        description: "Update existing invoices",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-        requiresApproval: true,
-    },
-    {
-        code: "invoices.delete",
-        resource: "invoices",
-        action: "delete",
-        description: "Delete invoices",
-        category: "Finance",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "payments.read",
-        resource: "payments",
-        action: "read",
-        description: "View payments",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "payments.process",
-        resource: "payments",
-        action: "process",
-        description: "Process payments",
-        category: "Finance",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-        requiresMFA: true,
-    },
-    {
-        code: "refunds.create",
-        resource: "refunds",
-        action: "create",
-        description: "Create refunds",
-        category: "Finance",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-        requiresApproval: true,
-    },
-    {
-        code: "refunds.approve",
-        resource: "refunds",
-        action: "approve",
-        description: "Approve refunds",
-        category: "Finance",
-        sensitivity: "CRITICAL",
-        scope: "TENANT",
-        requiresMFA: true,
-    },
-    {
-        code: "subscriptions.read",
-        resource: "subscriptions",
-        action: "read",
-        description: "View subscriptions",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "subscriptions.manage",
-        resource: "subscriptions",
-        action: "manage",
-        description: "Manage subscriptions",
-        category: "Finance",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "reports.financial",
-        resource: "reports",
-        action: "financial",
-        description: "Generate financial reports",
-        category: "Finance",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "analytics.revenue",
-        resource: "analytics",
-        action: "revenue",
-        description: "View revenue analytics",
-        category: "Finance",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "GLOBAL",
-    },
-    // ===========================
-    // MARKETING (10 capabilities)
-    // ===========================
-    {
-        code: "campaigns.read",
-        resource: "campaigns",
-        action: "read",
-        description: "View marketing campaigns",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "campaigns.create",
-        resource: "campaigns",
-        action: "create",
-        description: "Create new campaigns",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "campaigns.update",
-        resource: "campaigns",
-        action: "update",
-        description: "Update existing campaigns",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "campaigns.delete",
-        resource: "campaigns",
-        action: "delete",
-        description: "Delete campaigns",
-        category: "Marketing",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-        requiresApproval: true,
-    },
-    {
-        code: "emails.send",
-        resource: "emails",
-        action: "send",
-        description: "Send marketing emails",
-        category: "Marketing",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-    },
-    {
-        code: "emails.templates",
-        resource: "emails",
-        action: "templates",
-        description: "Manage email templates",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "analytics.marketing",
-        resource: "analytics",
-        action: "marketing",
-        description: "View marketing analytics",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    {
-        code: "leads.read",
-        resource: "leads",
-        action: "read",
-        description: "View leads",
-        category: "Marketing",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-    },
-    {
-        code: "leads.manage",
-        resource: "leads",
-        action: "manage",
-        description: "Manage leads",
-        category: "Marketing",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-    },
-    {
-        code: "content.publish",
-        resource: "content",
-        action: "publish",
-        description: "Publish content",
-        category: "Marketing",
-        sensitivity: "NORMAL",
-        scope: "SPACE",
-    },
-    // ===========================
-    // MANAGEMENT (11 capabilities)
-    // ===========================
-    {
-        code: "users.read",
-        resource: "users",
-        action: "read",
-        description: "View users",
-        category: "Management",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "users.create",
-        resource: "users",
-        action: "create",
-        description: "Create new users",
-        category: "Management",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "users.update",
-        resource: "users",
-        action: "update",
-        description: "Update existing users",
-        category: "Management",
-        sensitivity: "SENSITIVE",
-        scope: "TENANT",
-    },
-    {
-        code: "users.delete",
-        resource: "users",
-        action: "delete",
-        description: "Delete users",
-        category: "Management",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-        requiresApproval: true,
-    },
-    {
-        code: "roles.read",
-        resource: "roles",
-        action: "read",
-        description: "View roles and permissions",
-        category: "Management",
-        sensitivity: "SENSITIVE",
-        scope: "SPACE",
-    },
-    {
-        code: "roles.manage",
-        resource: "roles",
-        action: "manage",
-        description: "Manage roles and permissions",
-        category: "Management",
-        sensitivity: "CRITICAL",
-        scope: "SPACE",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "audit.read",
-        resource: "audit",
-        action: "read",
-        description: "View audit logs",
-        category: "Management",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "audit.export",
-        resource: "audit",
-        action: "export",
-        description: "Export audit logs",
-        category: "Management",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "settings.read",
-        resource: "settings",
-        action: "read",
-        description: "View platform settings",
-        category: "Management",
-        sensitivity: "SENSITIVE",
-        scope: "GLOBAL",
-    },
-    {
-        code: "settings.manage",
-        resource: "settings",
-        action: "manage",
-        description: "Manage platform settings",
-        category: "Management",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "impersonate.user",
-        resource: "impersonate",
-        action: "user",
-        description: "Impersonate other users",
-        category: "Management",
-        sensitivity: "CRITICAL",
-        scope: "GLOBAL",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-    {
-        code: "users.export",
-        resource: "users",
-        action: "export",
-        description: "Export user list (CSV)",
-        category: "Management",
-        sensitivity: "HIGHLY_SENSITIVE",
-        scope: "TENANT",
-        requiresMFA: true,
-        requiresApproval: true,
-    },
-];
-// ---------------------------------------------------------------------------
-// Tier presets — which capability codes are enabled per tier
-// ---------------------------------------------------------------------------
-const TIER_PRESETS = {
-    starter: [
-        // Support basics
-        "tickets.read",
-        "tickets.create",
-        "tickets.update",
-        "tickets.assign",
-        "tickets.close",
-        "tickets.reopen",
-        "customers.read",
-        "kb.read",
-        // Management basics
-        "users.read",
-        "users.create",
-        "users.update",
-        "roles.read",
-        "settings.read",
-    ],
-    complete: [
-        // All Starter capabilities
-        "tickets.read",
-        "tickets.create",
-        "tickets.update",
-        "tickets.assign",
-        "tickets.close",
-        "tickets.reopen",
-        "tickets.delete",
-        "tickets.export",
-        "customers.read",
-        "customers.update",
-        "kb.read",
-        "kb.manage",
-        // DevOps basics
-        "deployments.read",
-        "logs.read",
-        "monitoring.read",
-        "monitoring.manage",
-        "incidents.manage",
-        // Finance basics
-        "invoices.read",
-        "invoices.create",
-        "payments.read",
-        "subscriptions.read",
-        "subscriptions.manage",
-        // Marketing
-        "campaigns.read",
-        "campaigns.create",
-        "campaigns.update",
-        "emails.templates",
-        "analytics.marketing",
-        "leads.read",
-        "content.publish",
-        // Management
-        "users.read",
-        "users.create",
-        "users.update",
-        "users.delete",
-        "roles.read",
-        "roles.manage",
-        "settings.read",
-        "settings.manage",
-    ],
-    pro: [
-        // All Complete capabilities
-        "tickets.read",
-        "tickets.create",
-        "tickets.update",
-        "tickets.assign",
-        "tickets.close",
-        "tickets.reopen",
-        "tickets.delete",
-        "tickets.export",
-        "customers.read",
-        "customers.update",
-        "kb.read",
-        "kb.manage",
-        "auth.2fa_reset.request",
-        // DevOps extended
-        "servers.read",
-        "deployments.read",
-        "deployments.create",
-        "logs.read",
-        "logs.export",
-        "monitoring.read",
-        "monitoring.manage",
-        "database.read",
-        "incidents.manage",
-        // Finance extended
-        "invoices.read",
-        "invoices.create",
-        "invoices.update",
-        "payments.read",
-        "payments.process",
-        "refunds.create",
-        "refunds.approve",
-        "subscriptions.read",
-        "subscriptions.manage",
-        "reports.financial",
-        "analytics.revenue",
-        // Marketing full
-        "campaigns.read",
-        "campaigns.create",
-        "campaigns.update",
-        "campaigns.delete",
-        "emails.send",
-        "emails.templates",
-        "analytics.marketing",
-        "leads.read",
-        "leads.manage",
-        "content.publish",
-        // Management extended
-        "users.read",
-        "users.create",
-        "users.update",
-        "users.delete",
-        "users.export",
-        "roles.read",
-        "roles.manage",
-        "audit.read",
-        "settings.read",
-        "settings.manage",
-    ],
-    enterprise: exports.ALL_CAPABILITIES.map((c) => c.code),
-};
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-function sensitivityBadge(s) {
-    switch (s) {
-        case "NORMAL":
-            return chalk_1.default.green("[NORMAL]");
-        case "SENSITIVE":
-            return chalk_1.default.yellow("[SENSITIVE]");
-        case "HIGHLY_SENSITIVE":
-            return chalk_1.default.red("[HIGH]");
-        case "CRITICAL":
-            return chalk_1.default.bgRed.white("[CRITICAL]");
-    }
-}
-function groupByCategory(caps) {
-    const map = new Map();
-    for (const cap of caps) {
-        const existing = map.get(cap.category) ?? [];
-        existing.push(cap);
-        map.set(cap.category, existing);
-    }
-    return map;
-}
-function tierLabel(tier) {
-    const labels = {
-        starter: chalk_1.default.green("Starter"),
-        complete: chalk_1.default.yellow("Complete"),
-        pro: chalk_1.default.magenta("Pro"),
-        enterprise: chalk_1.default.cyan("Enterprise"),
-    };
-    return labels[tier];
-}
-// ---------------------------------------------------------------------------
-// Seed file generator
-// ---------------------------------------------------------------------------
-function generateSeedFile(selectedCodes) {
-    const selectedSet = new Set(selectedCodes);
-    const selected = exports.ALL_CAPABILITIES.filter((c) => selectedSet.has(c.code));
-    const grouped = groupByCategory(selected);
-    const blocks = [];
-    for (const [category, caps] of grouped) {
-        const items = caps
-            .map((c) => {
-            const lines = [
-                `    {`,
-                `      code: '${c.code}',`,
-                `      resource: '${c.resource}',`,
-                `      action: '${c.action}',`,
-                `      description: '${c.description}',`,
-                `      category: '${c.category}',`,
-                `      sensitivity: CapabilitySensitivity.${c.sensitivity},`,
-                `      scope: CapabilityScope.${c.scope},`,
-            ];
-            if (c.requiresMFA)
-                lines.push(`      requiresMFA: true,`);
-            if (c.requiresApproval)
-                lines.push(`      requiresApproval: true,`);
-            lines.push(`    },`);
-            return lines.join("\n");
-        })
-            .join("\n");
-        blocks.push(`    // ===========================\n    // ${category.toUpperCase()} (${caps.length} capabilities)\n    // ===========================\n${items}`);
+const capabilities_catalog_1 = require("../../lib/capabilities-catalog");
+async function configFeatures(options) {
+    const outputPath = options.outputPath ??
+        path_1.default.join(process.cwd(), "packages", "database", "prisma", "seeds", "capabilities.seed.ts");
+    if (options.list) {
+        printList();
+        return;
     }
-    return `import { PrismaClient, CapabilitySensitivity, CapabilityScope } from '@prisma/client';
-
-const prisma = new PrismaClient();
-
-/**
- * Seed de Capabilities gerado por: kaven config features
- * Generated at: ${new Date().toISOString()}
- *
- * Total: ${selected.length} capabilities
- * Categories: ${[...grouped.keys()].join(', ')}
- */
-
-export async function seedCapabilities() {
-  console.log('🔐 Seeding Capabilities...');
-
-  const capabilities = [
-${blocks.join("\n\n")}
-  ];
-
-  let created = 0;
-  let skipped = 0;
-
-  for (const capability of capabilities) {
-    const existing = await prisma.capability.findUnique({
-      where: { code: capability.code },
-    });
-
-    if (existing) {
-      skipped++;
-      continue;
+    if (options.tier) {
+        await applyTierDirect(options.tier, outputPath, options);
+        return;
     }
-
-    await prisma.capability.create({
-      data: capability,
-    });
-    created++;
-  }
-
-  console.log(\`✅ Capabilities: \${created} criadas, \${skipped} já existiam\`);
-  console.log(\`📊 Total de capabilities: \${capabilities.length}\`);
-}
-`;
+    await runInteractive(outputPath, options);
 }
-// ---------------------------------------------------------------------------
-// --list mode
-// ---------------------------------------------------------------------------
 function printList() {
-    const grouped = groupByCategory(exports.ALL_CAPABILITIES);
     console.log();
     console.log(chalk_1.default.bold.underline("Kaven Framework — Capability Catalog"));
-    console.log(chalk_1.default.gray(`${exports.ALL_CAPABILITIES.length} capabilities total\n`));
-    for (const [category, caps] of grouped) {
+    console.log(chalk_1.default.gray(`${capabilities_catalog_1.ALL_CAPABILITIES.length} capabilities total\n`));
+    const categories = [...new Set(capabilities_catalog_1.ALL_CAPABILITIES.map(c => c.category))];
+    for (const category of categories) {
+        const caps = capabilities_catalog_1.ALL_CAPABILITIES.filter(c => c.category === category);
         console.log(chalk_1.default.bold.cyan(`  ${category} (${caps.length})`));
         for (const cap of caps) {
-            const flags = [];
-            if (cap.requiresMFA)
-                flags.push(chalk_1.default.red("MFA"));
-            if (cap.requiresApproval)
-                flags.push(chalk_1.default.yellow("APPROVAL"));
-            const flagStr = flags.length > 0 ? ` ${flags.join(" ")}` : "";
-            console.log(`    ${chalk_1.default.white(cap.code.padEnd(30))} ${sensitivityBadge(cap.sensitivity)}${flagStr}`);
+            console.log(`    ${chalk_1.default.white(cap.key.padEnd(30))} ${chalk_1.default.gray(`[${cap.type}]`)}`);
             console.log(`      ${chalk_1.default.gray(cap.description)}`);
         }
         console.log();
     }
     console.log(chalk_1.default.bold("Tier presets:"));
     for (const tier of ["starter", "complete", "pro", "enterprise"]) {
-        console.log(`  ${tierLabel(tier).padEnd(20)} ${chalk_1.default.gray(`${TIER_PRESETS[tier].length} capabilities`)}`);
+        console.log(`  ${chalk_1.default.white(tier.padEnd(12))}`);
     }
     console.log();
 }
-// ---------------------------------------------------------------------------
-// Non-interactive --tier mode
-// ---------------------------------------------------------------------------
-async function applyTierDirect(tier, outputPath) {
-    const codes = TIER_PRESETS[tier];
-    console.log();
-    console.log(`${chalk_1.default.bold("Applying tier:")} ${tierLabel(tier)} (${codes.length} capabilities)`);
-    const content = generateSeedFile(codes);
-    await fs_extra_1.default.ensureDir(path_1.default.dirname(outputPath));
-    await fs_extra_1.default.writeFile(outputPath, content, "utf-8");
-    console.log(chalk_1.default.green(`✅ Seed file written to: ${outputPath}`));
-    console.log(chalk_1.default.gray("Run `pnpm prisma db seed` to apply capabilities to your database."));
-    console.log();
+async function applyTierDirect(tier, outputPath, options) {
+    const defaults = capabilities_catalog_1.TIER_DEFAULTS[tier] || {};
+    const selections = {};
+    for (const cap of capabilities_catalog_1.ALL_CAPABILITIES) {
+        if (tier === "enterprise") {
+            selections[cap.key] = cap.type === "boolean" ? true : "-1";
+        }
+        else {
+            selections[cap.key] = defaults[cap.key] ?? (cap.type === "boolean" ? false : cap.defaultValue);
+        }
+    }
+    await saveSeedFile(selections, outputPath, options, tier);
 }
-// ---------------------------------------------------------------------------
-// Interactive TUI mode
-// ---------------------------------------------------------------------------
-async function runInteractive(outputPath) {
-    const { select, confirm } = await Promise.resolve().then(() => __importStar(require("@inquirer/prompts")));
-    // checkbox está disponível em runtime via @inquirer/prompts mas a definição de tipos
-    // não resolve @inquirer/checkbox no node_modules direto (pacote linkado via pnpm store).
+async function runInteractive(outputPath, options) {
+    const { select, confirm, input } = await import("@inquirer/prompts");
     // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const checkboxMod = require("@inquirer/prompts");
-    const checkbox = checkboxMod.checkbox;
+    const prompts = require("@inquirer/prompts");
+    const checkbox = prompts.checkbox;
     console.log();
-    console.log(chalk_1.default.bold.underline("Kaven Feature Flag Configuration"));
-    console.log(chalk_1.default.gray("Select a base tier and optionally customize individual capabilities.\n"));
-    // Step 1: Base tier selection
-    const tierChoices = ["starter", "complete", "pro", "enterprise"].map((t) => ({
-        name: `${tierLabel(t)} — ${TIER_PRESETS[t].length} capabilities`,
-        value: t,
-    }));
-    tierChoices.push({ name: chalk_1.default.red("Cancel"), value: "cancel" });
+    console.log(chalk_1.default.bold.underline("🛡️ Kaven Feature Flag Configuration"));
     const selectedTier = await select({
         message: "Select a base tier:",
-        choices: tierChoices,
+        choices: [
+            { name: "Starter (Essential SaaS features)", value: "starter" },
+            { name: "Complete (White-label + Custom Domains)", value: "complete" },
+            { name: "Pro (Extended API + Limits)", value: "pro" },
+            { name: "Enterprise (Unlimited everything)", value: "enterprise" },
+            { name: "Cancel", value: "cancel" },
+        ],
     });
-    if (selectedTier === "cancel") {
-        console.log(chalk_1.default.yellow("Cancelled."));
+    if (selectedTier === "cancel")
         return;
-    }
-    const baseCodes = new Set(TIER_PRESETS[selectedTier]);
-    console.log(`\n${chalk_1.default.green("✓")} Base: ${tierLabel(selectedTier)} — ${baseCodes.size} capabilities loaded\n`);
-    // Step 2: Optional customization per category
+    const tier = selectedTier;
+    const defaults = capabilities_catalog_1.TIER_DEFAULTS[tier] || {};
+    const selections = {};
     const customize = await confirm({
         message: "Customize individual capabilities?",
         default: false,
     });
-    let finalCodes;
     if (!customize) {
-        finalCodes = [...baseCodes];
+        return applyTierDirect(tier, outputPath, options);
     }
-    else {
-        const grouped = groupByCategory(exports.ALL_CAPABILITIES);
-        const customSelected = [];
-        for (const [category, caps] of grouped) {
-            console.log(`\n${chalk_1.default.bold.cyan(`  ${category}`)}`);
-            const choices = caps.map((c) => {
-                const flags = [];
-                if (c.requiresMFA)
-                    flags.push("MFA");
-                if (c.requiresApproval)
-                    flags.push("APPROVAL");
-                const flagStr = flags.length > 0 ? ` [${flags.join(",")}]` : "";
-                return {
-                    name: `${c.code.padEnd(32)} ${sensitivityBadge(c.sensitivity)}${flagStr} — ${c.description}`,
-                    value: c.code,
-                    checked: baseCodes.has(c.code),
-                };
-            });
+    const categories = [...new Set(capabilities_catalog_1.ALL_CAPABILITIES.map(c => c.category))];
+    for (const category of categories) {
+        const caps = capabilities_catalog_1.ALL_CAPABILITIES.filter(c => c.category === category);
+        const boolCaps = caps.filter(c => c.type === "boolean");
+        const numCaps = caps.filter(c => c.type === "numeric");
+        if (boolCaps.length > 0) {
+            const choices = boolCaps.map(c => ({
+                name: `${c.key.padEnd(30)} — ${c.description}`,
+                value: c.key,
+                checked: tier === "enterprise" ? true : (defaults[c.key] === true),
+            }));
             const selected = await checkbox({
-                message: `${category} capabilities:`,
+                message: `${category} features:`,
                 choices,
             });
-            customSelected.push(...selected);
+            for (const cap of boolCaps) {
+                selections[cap.key] = selected.includes(cap.key);
+            }
+        }
+        for (const cap of numCaps) {
+            const defVal = tier === "enterprise" ? "-1" : (defaults[cap.key] || cap.defaultValue);
+            const val = await input({
+                message: `${cap.key} (${cap.description}):`,
+                default: defVal,
+            });
+            selections[cap.key] = val;
         }
-        finalCodes = customSelected;
-    }
-    if (finalCodes.length === 0) {
-        console.log(chalk_1.default.yellow("\nNo capabilities selected. Seed file not written."));
-        return;
-    }
-    // Step 3: Preview and confirm
-    const grouped = groupByCategory(exports.ALL_CAPABILITIES.filter((c) => finalCodes.includes(c.code)));
-    console.log();
-    console.log(chalk_1.default.bold.underline("Summary:"));
-    for (const [category, caps] of grouped) {
-        console.log(`  ${chalk_1.default.cyan(category)}: ${caps.length} capabilities`);
     }
-    console.log(`  ${chalk_1.default.bold("Total:")} ${finalCodes.length} capabilities`);
-    console.log(`  ${chalk_1.default.bold("Output:")} ${chalk_1.default.dim(outputPath)}`);
-    console.log();
-    const proceed = await confirm({
-        message: "Write capabilities.seed.ts?",
-        default: true,
+    await saveSeedFile(selections, outputPath, options, tier);
+}
+async function saveSeedFile(selections, outputPath, options, tier) {
+    const items = capabilities_catalog_1.ALL_CAPABILITIES.map(c => {
+        const val = selections[c.key];
+        return `    { key: "${c.key}", type: "${c.type}", defaultValue: "${val}", description: "${c.description}" },`;
+    }).join("\n");
+    const content = `// packages/database/prisma/seeds/capabilities.seed.ts
+// Generated by kaven config features — ${new Date().toISOString()}
+// Tier: ${tier}
+
+import { PrismaClient } from "@prisma/client";
+
+export async function seedCapabilities(prisma: PrismaClient) {
+  const capabilities = [
+${items}
+  ];
+
+  console.log("🔐 Seeding ${capabilities_catalog_1.ALL_CAPABILITIES.length} Capabilities...");
+
+  for (const cap of capabilities) {
+    await prisma.capability.upsert({
+      where: { key: cap.key },
+      update: cap,
+      create: cap,
     });
-    if (!proceed) {
-        console.log(chalk_1.default.yellow("Cancelled."));
+  }
+}
+`;
+    if (options.dryRun) {
+        console.log(chalk_1.default.bold("\n--- DRY RUN: Generated Content ---"));
+        console.log(content);
         return;
     }
-    const content = generateSeedFile(finalCodes);
+    if (fs_extra_1.default.existsSync(outputPath) && !options.force) {
+        const { confirm: confirmOverwrite } = await import("@inquirer/prompts");
+        const overwrite = await confirmOverwrite({
+            message: "Seed file already exists. Overwrite?",
+            default: false,
+        });
+        if (!overwrite)
+            return;
+    }
     await fs_extra_1.default.ensureDir(path_1.default.dirname(outputPath));
     await fs_extra_1.default.writeFile(outputPath, content, "utf-8");
     console.log(chalk_1.default.green(`\n✅ Seed file written to: ${outputPath}`));
-    console.log(chalk_1.default.gray("Run `pnpm prisma db seed` to apply capabilities to your database.\n"));
-}
-// ---------------------------------------------------------------------------
-// Public entry point
-// ---------------------------------------------------------------------------
-async function configFeatures(options) {
-    const outputPath = options.outputPath ??
-        path_1.default.join(process.cwd(), "packages", "database", "prisma", "seeds", "capabilities.seed.ts");
-    // --list: just print the catalog, no writes
-    if (options.list) {
-        printList();
-        return;
-    }
-    // --tier: non-interactive direct apply
-    if (options.tier) {
-        const validTiers = ["starter", "complete", "pro", "enterprise"];
-        if (!validTiers.includes(options.tier)) {
-            console.error(chalk_1.default.red(`Error: Invalid tier "${options.tier}". Valid options: ${validTiers.join(", ")}`));
-            process.exit(1);
-        }
-        await applyTierDirect(options.tier, outputPath);
-        return;
-    }
-    // Interactive TUI
-    await runInteractive(outputPath);
+    console.log(chalk_1.default.gray("Run pnpm prisma db seed to apply capabilities to your database."));
 }