spine-framework 0.1.0

package/dist/functions/admin-data.d.ts

@@ -0,0 +1,178 @@
+/**
+ * @module admin-data
+ * @audience both
+ * @layer api-handler
+ * @stability stable
+ *
+ * Generic CRUD API for all runtime entities. Provides list, get, create,
+ * update, delete, and stats operations over a validated set of entity tables.
+ *
+ * **Routed by:** `GET/POST/PATCH/DELETE /.netlify/functions/admin-data`
+ *
+ * **Dispatch table (query params → handler):**
+ * | method | ?action | ?id present | Handler |
+ * |--------|---------|-------------|---------|
+ * | GET    | list    | any         | `list`  |
+ * | GET    | get     | any         | `get`   |
+ * | GET    | stats   | any         | `stats` |
+ * | GET    | —       | yes         | `get`   |
+ * | GET    | —       | no          | `list`  |
+ * | POST   | —       | —           | `create`|
+ * | PATCH  | —       | —           | `update`|
+ * | DELETE | —       | —           | `remove`|
+ *
+ * **Authorization:** All DB reads/writes use `ctx.db` (RLS-scoped client).
+ * RLS policies on each table enforce account hierarchy access automatically.
+ * `adminDb` is used only for lookups that need bypass (type resolution).
+ *
+ * **Valid entities:** `accounts`, `people`, `items`, `threads`, `messages`,
+ * `links`, `attachments`, `watchers`.
+ *
+ * INVARIANT: every `create` call requires `type_id` in the body — all runtime
+ *   records must reference a type.
+ * INVARIANT: trigger dispatch (create/update/delete) is fire-and-forget —
+ *   trigger failures are logged but never surface to the caller.
+ * INVARIANT: all returned records are passed through `sanitizeRecordData`
+ *   before being returned — field-level permission stripping is always applied.
+ *
+ * @seeAlso middleware.ts (createHandler, CoreContext)
+ * @seeAlso permissions.ts (sanitizeRecordData)
+ * @seeAlso trigger-engine.ts (fire*Triggers)
+ * @seeAlso types.ts (types table, design_schema, validation_schema)
+ */
+/**
+ * @chunk-id    ADMIN_DATA_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        780f1f0c81ea3bff78d40970ba4b03e3211d892bb883e6a099c6e0a55ee53b0c
+ * @macro       Entity List Handler
+ * @micro       Lists records with filtering, search, sorting, and pagination
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized records or {data, schema, view} with view config
+ * @depends-on  [createHandler, sanitizeRecordData, adminDb, getSearchField]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries, permission sanitization]
+ * @tags        admin, crud, list, pagination, search
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    ADMIN_DATA_GET_1_0_0
+ * @version     1.0.0
+ * @hash        7ee27702615d7ebd144e065d399635ddf7664845685345d8a8f316449f11a7cf
+ * @macro       Entity Get Handler
+ * @micro       Returns a single record by ID with optional view configuration
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Sanitized record or {data, schema, view} with view config
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        admin, crud, get, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * Creates a new record for an entity. Stamps `design_schema`,
+ * `validation_schema`, audit fields, and `account_id` from the resolved type.
+ * Fires `*_created` triggers asynchronously after DB insert.
+ *
+ * Body params:
+ *   - `entity` (required) — one of VALID_ENTITIES
+ *   - `type_id` (required) — UUID of an active type record
+ *   - all other fields are passed through to the insert
+ *
+ * @returns Sanitized created record
+ * @throws Error('Valid entity parameter is required')
+ * @throws Error('type_id is required')
+ * @throws Error('type_id not found') — if type UUID doesn't exist
+ * @throws Error('type_id references an inactive type')
+ * @throws PostgREST error on RLS INSERT denial
+ * @inputSpec type_id: string — valid UUID of active type record
+ * @inputSpec body fields: Record<string, any> — record field values
+ * @outputSpec sanitized created record
+ * @sideEffects DB write: entity table (INSERT)
+ * @sideEffects DB read: types table (type resolution)
+ * @sideEffects fire-and-forget: fireCreateTriggers
+ * @calledBy handler (POST)
+ * @calls sanitizeRecordData, adminDb (type lookup), fireCreateTriggers
+ * @testUnit tests/unit/admin-data.test.ts — 'create'
+ * @testIntegration tests/integration/admin-data.test.ts — 'create'
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * Updates an existing record by ID. Stamps `updated_by` and `updated_at`.
+ * Fires `*_updated` triggers asynchronously after DB update.
+ *
+ * Query params: `entity` (required), `id` (required)
+ * Body: partial record fields to update (no schema re-stamping on update)
+ *
+ * @returns Sanitized updated record
+ * @throws Error('Valid entity parameter is required')
+ * @throws Error('ID is required for update')
+ * @throws PostgREST error on RLS UPDATE denial
+ * @inputSpec id: string — valid UUID of existing record
+ * @inputSpec body: Partial<Record> — fields to patch
+ * @outputSpec sanitized updated record
+ * @sideEffects DB write: entity table (UPDATE)
+ * @sideEffects fire-and-forget: fireUpdateTriggers
+ * @calledBy handler (PATCH)
+ * @calls sanitizeRecordData, fireUpdateTriggers
+ * @testUnit tests/unit/admin-data.test.ts — 'update'
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+/**
+ * Deletes a record by ID. Defaults to soft delete (`is_active = false`) for
+ * entities that support it; falls back to hard delete otherwise.
+ *
+ * Query params:
+ *   - `entity` (required) — one of VALID_ENTITIES
+ *   - `id` (required) — UUID of the record
+ *   - `soft` (default: 'true') — set to 'false' to force hard delete
+ *
+ * Soft-delete-capable entities: `accounts`, `people`, `items`, `threads`,
+ * `messages`, `watchers`. All others always receive a hard delete.
+ *
+ * @returns `{ deleted: true, soft: true, data }` (soft) or `{ deleted: true, soft: false }` (hard)
+ * @throws Error('Valid entity parameter is required')
+ * @throws Error('ID is required for delete')
+ * @throws PostgREST error on RLS DELETE denial
+ * @inputSpec id: string — valid UUID
+ * @inputSpec soft: 'true' | 'false'
+ * @outputSpec { deleted: boolean, soft: boolean, data?: sanitizedRecord }
+ * @sideEffects DB write: UPDATE is_active=false (soft) or DELETE (hard)
+ * @sideEffects fire-and-forget: fireDeleteTriggers
+ * @calledBy handler (DELETE)
+ * @calls sanitizeRecordData, entitySupportsSoftDelete, fireDeleteTriggers
+ * @testUnit tests/unit/admin-data.test.ts — 'remove'
+ */
+export declare const remove: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    ADMIN_DATA_STATS_1_0_0
+ * @version     1.0.0
+ * @hash        0bed523a260ab3959cb4e7150cca044f4e97ce91d7ae3386ab14b5f4182d74d7
+ * @macro       Entity Stats Handler
+ * @micro       Returns total record count for an entity scoped by account
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     {entity: string, count: number} — Entity name and record count
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB count query with RLS filtering]
+ * @tags        admin, stats, count, entity
+ */
+export declare const stats: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    ADMIN_DATA_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        edceffa0d5c8b3c05b1a89188a274a586b6ebe8793ede427e2326876d7090df9
+ * @macro       Admin Data Router
+ * @micro       Routes HTTP methods and actions to appropriate CRUD handlers
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST/PATCH operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/update/remove/stats)
+ * @depends-on  [createHandler, list, get, create, update, remove, stats]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        admin, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=admin-data.d.ts.map

package/dist/functions/admin-data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-data.d.ts","sourceRoot":"","sources":["../../.framework/functions/admin-data.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAuBH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CA2Ff,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAiCd,CAAA;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,MAAM,4CAyFjB,CAAA;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,MAAM,4CAkCjB,CAAA;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,MAAM,4CAsCjB,CAAA;AA6DF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,KAAK,4CAchB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAmClB,CAAA"}

package/dist/functions/ai-agents.d.ts

@@ -0,0 +1,125 @@
+/**
+ * @module ai-agents
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * CRUD API for the `ai_agents` table. AI agent records define the configuration
+ * for agentic inference workloads: model settings, system prompts, available
+ * tools, capabilities, and constraints. The runtime execution is handled by
+ * `_shared/agent-runner.ts`.
+ *
+ * **Routed by:** `GET/POST/PATCH/DELETE /.netlify/functions/ai-agents`
+ *
+ * **Actions (standard CRUD only):**
+ * | method | condition | handler |
+ * |--------|-----------|---------|
+ * | GET    | ?id       | get     |
+ * | GET    | (default) | list    |
+ * | POST   | —         | create  |
+ * | PATCH  | —         | update  |
+ * | DELETE | —         | remove  |
+ *
+ * **Authorization:** All operations use `ctx.db` (RLS-scoped). Authenticated
+ * principal required for writes.
+ *
+ * INVARIANT: `remove` is a hard delete.
+ * INVARIANT: `update` only patches allowed fields: name, description,
+ *   model_config, system_prompt, tools, capabilities, constraints, metadata,
+ *   is_active.
+ *
+ * @seeAlso agent-runner.ts (runAgent — runtime execution using these configs)
+ * @seeAlso prompt-configs.ts (prompt_configs referenced by agent configs)
+ * @seeAlso audit.ts (emitLog for ai_agent.* events)
+ */
+/**
+ * @chunk-id    AI_AGENTS_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        237972d65e86f5d432f55b602ac5e6f2dcfaefa83c662c10b7d3437ac906ff0d
+ * @macro       AI Agents List Handler
+ * @micro       Lists AI agents with filtering and pagination
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized AI agent records
+ * @depends-on  [createHandler, joins, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries, permission sanitization]
+ * @tags        ai-agents, list, crud, pagination
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    AI_AGENTS_GET_1_0_0
+ * @version     1.0.0
+ * @hash        62f283668d9a90ff81e2cbf8c437298206b355d2dd96fb559b2848fc4ffbc5cd
+ * @macro       AI Agent Get Handler
+ * @micro       Returns a single AI agent by UUID with joins
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Sanitized AI agent record with app and createdBy joins
+ * @depends-on  [createHandler, joins, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        ai-agents, get, crud, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    AI_AGENTS_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        355c8ceb1f33e033616480827141a2f33cde8e18fa4e9f9d94f4866af6fe66f6
+ * @macro       AI Agent Create Handler
+ * @micro       Creates new AI agent configuration with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Agent configuration data
+ * @outputs     Inserted AI agent record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB insert, audit logging]
+ * @tags        ai-agents, create, crud, audit
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    AI_AGENTS_UPDATE_1_0_0
+ * @version     1.0.0
+ * @hash        07e173626958a0ef032cc4c80719c49df5990756e08ecdb70a4168ab73544f10
+ * @macro       AI Agent Update Handler
+ * @micro       Updates AI agent with field validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Agent updates including id
+ * @outputs     Updated AI agent record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB update, audit logging]
+ * @tags        ai-agents, update, crud, audit
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    AI_AGENTS_REMOVE_1_0_0
+ * @version     1.0.0
+ * @hash        7d990350b55b85945cc2148908618d6cd1dad27d1fc8343eab6966bedd9d84fa
+ * @macro       AI Agent Remove Handler
+ * @micro       Hard-deletes AI agent with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for DELETE)
+ * @outputs     {success: true} — Success confirmation
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB delete, audit logging]
+ * @tags        ai-agents, remove, crud, audit
+ */
+export declare const remove: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    AI_AGENTS_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        a49f4917dd07295e0ba9815bf929cccc5cffcbe4dcf6852aa4bd84d6cba1b690
+ * @macro       AI Agents Router
+ * @micro       Routes HTTP methods to appropriate CRUD handlers
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST/PATCH operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/update/remove)
+ * @depends-on  [createHandler, list, get, create, update, remove]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        ai-agents, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=ai-agents.d.ts.map

package/dist/functions/ai-agents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-agents.d.ts","sourceRoot":"","sources":["../../.framework/functions/ai-agents.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAYH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CAiCf,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAgBd,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAsCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAiCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CA4BjB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAsBlB,CAAA"}

package/dist/functions/api-keys.d.ts

@@ -0,0 +1,140 @@
+/**
+ * @module api-keys
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * Management and validation API for the `api_keys` table. API keys are
+ * issued per-integration and optionally scoped to specific permissions.
+ * Key material is generated and stored by the `create_api_key` Postgres
+ * RPC, which handles hashing internally. Validation also delegates to the
+ * `validate_api_key` RPC.
+ *
+ * **Routed by:** `GET/POST /.netlify/functions/api-keys`
+ *
+ * **Actions:**
+ * | method | ?action    | handler       |
+ * |--------|------------|---------------|
+ * | POST   | validate   | validate      |
+ * | POST   | revoke     | revoke        |
+ * | GET    | usage-logs | listUsageLogs |
+ * | GET    | ?id        | get           |
+ * | GET    | (default)  | list          |
+ * | POST   | —          | create        |
+ *
+ * **Authorization:** All operations use `ctx.db` (RLS-scoped). Account context
+ * required for creates. No PATCH/DELETE — use `revoke` for deactivation.
+ *
+ * INVARIANT: Raw key material is never stored. Only the hash is persisted.
+ *   `create` returns the plaintext key once via RPC response.
+ * INVARIANT: `revoke` soft-deactivates by setting `is_active = false`.
+ *
+ * @seeAlso integrations.ts (integration_id FK on api_keys)
+ * @seeAlso audit.ts (emitLog for api_key.* events)
+ */
+/**
+ * @chunk-id    API_KEYS_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        f825d8f4bbabe21071b61fe41e5e4e1b87482d501bf4078fab70906b7a5f5e78
+ * @macro       API Keys List Handler
+ * @micro       Lists API keys with filtering, pagination, and joins
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized API key records with integration joins
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries, permission sanitization]
+ * @tags        api-keys, list, crud, pagination
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_GET_1_0_0
+ * @version     1.0.0
+ * @hash        357f926aeb833ad0ca755e48350534771f491890645134a1b43d2f2a8e4be037
+ * @macro       API Key Get Handler
+ * @micro       Returns a single API key record with joins (no raw key material)
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Sanitized API key record with integration and createdBy joins
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        api-keys, get, crud, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        8d00c97111cddebc2b3821a1fee3e6cf4c6b7c55fc20cd19d70865d728c3387c
+ * @macro       API Key Create Handler
+ * @micro       Creates new API key via RPC with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — API key configuration data
+ * @outputs     RPC result containing api_key_id and plaintext key_value
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [RPC call, audit logging]
+ * @tags        api-keys, create, crud, rpc, audit
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_VALIDATE_1_0_0
+ * @version     1.0.0
+ * @hash        05791f9b2c23bfebed01dffaa1430e896b89d311c5a51409704d731200eb621a
+ * @macro       API Key Validation Handler
+ * @micro       Validates API key and checks permissions via RPC
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — key_value and optional required_permissions
+ * @outputs     RPC validation result with is_valid, account_id, permissions
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing, middleware]
+ * @side-effects [RPC validation call]
+ * @tags        api-keys, validate, rpc, authentication
+ */
+export declare const validate: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_REVOKE_1_0_0
+ * @version     1.0.0
+ * @hash        3302286a12c1315616470fcfbd3cbdc8dcf63dd00211a71159f3325bab95607a
+ * @macro       API Key Revoke Handler
+ * @micro       Soft-deactivates API key with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — API key ID to revoke
+ * @outputs     Updated API key record with is_active: false
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB update, audit logging]
+ * @tags        api-keys, revoke, crud, audit
+ */
+export declare const revoke: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_LIST_USAGE_LOGS_1_0_0
+ * @version     1.0.0
+ * @hash        f21e004490dd983c8f20dc1d1f4db33e158334d19e38a4ace5e99389a8a96ded
+ * @macro       API Key Usage Logs Handler
+ * @micro       Lists paginated API key usage logs with filtering and joins
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of usage log records with api_key joins
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries with filtering]
+ * @tags        api-keys, usage-logs, pagination, monitoring
+ */
+export declare const listUsageLogs: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    API_KEYS_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        6c2da419bea6f12b0fe654e2aad6c5ebac3d5993c2547a47d239f44197d90a68
+ * @macro       API Keys Router
+ * @micro       Routes HTTP methods and actions to appropriate handlers
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/validate/revoke/usage-logs)
+ * @depends-on  [createHandler, list, get, create, validate, revoke, listUsageLogs]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        api-keys, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=api-keys.d.ts.map

package/dist/functions/api-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../.framework/functions/api-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AASH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CA6Cf,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAoBd,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAiCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,QAAQ,4CAgBnB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAsBjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,4CAuCxB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAiClB,CAAA"}

package/dist/functions/apps.d.ts

@@ -0,0 +1,163 @@
+/**
+ * @module apps
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * CRUD API for the `apps` table. Apps are the installable units of functionality
+ * in Spine v2. They group types, roles, integrations, and nav configuration.
+ *
+ * **Routed by:** `GET/POST/PATCH/DELETE /.netlify/functions/apps`
+ *
+ * **Authorization model:**
+ * - `list` / `get` / `getSchema` / `checkAvailability`: any authenticated principal
+ *   (RLS-scoped via `ctx.db`). Returns sanitized records.
+ * - `create`: requires `isSystemAdmin` or first-surface `canCreate` permission.
+ * - `update` / `remove`: requires authenticated principal + field-level permission
+ *   check via `validateUpdatePermissions`.
+ * - `updateVersion`: authenticated principal via RPC.
+ *
+ * INVARIANT: app slugs are globally unique across the `apps` table.
+ * INVARIANT: `is_system` apps can only be manipulated by system admins.
+ *
+ * @seeAlso middleware.ts (createHandler)
+ * @seeAlso permissions.ts (PermissionEngine, sanitizeRecordData)
+ * @seeAlso audit.ts (emitLog for app.created / app.updated / app.deleted)
+ * @seeAlso types.ts (types reference apps via app_id)
+ */
+/**
+ * @chunk-id    APPS_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        8eaac3c01786fadeb3c4acb34c9725378f2055766213493859835cadf2bb3963
+ * @macro       Apps List Handler
+ * @micro       Lists accessible apps via RPC with filtering and sanitization
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized app records
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [RPC call, permission sanitization]
+ * @tags        apps, list, crud, rpc
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_GET_1_0_0
+ * @version     1.0.0
+ * @hash        5449bb3ac8726775412df541e1f2abf2400fb18751e3c9aad5f0aafb09cc7f60
+ * @macro       App Get Handler
+ * @micro       Returns single app by ID or slug with owner account join
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body (unused for GET)
+ * @outputs     Sanitized app record with ownerAccount join
+ * @depends-on  [createHandler, joins, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        apps, get, crud, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_GET_SCHEMA_1_0_0
+ * @version     1.0.0
+ * @hash        8b6b7bb419114cbb699ad841dc4ba760ff36a626e8a9513de24715229e5a064b
+ * @macro       App Schema Handler
+ * @micro       Returns full app schema via RPC with types, roles, views, integrations
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body (unused for GET)
+ * @outputs     App schema object with complete configuration
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [RPC call for schema retrieval]
+ * @tags        apps, schema, rpc, configuration
+ */
+export declare const getSchema: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        f440efbf4a020b2d0d21ed7d90c5995538dd76d631f1b16fc53c1f2e9a1e4f91
+ * @macro       App Create Handler
+ * @micro       Creates new app with permission validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — App configuration data including slug and name
+ * @outputs     Inserted app record
+ * @depends-on  [createHandler, permissions, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB insert, permission checks, audit logging]
+ * @tags        apps, create, crud, permissions, audit
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_UPDATE_1_0_0
+ * @version     1.0.0
+ * @hash        77029f18737fee801ff5ebdde199d6b52454fd9fe3842694b072181fc713b937
+ * @macro       App Update Handler
+ * @micro       Updates app with field-level permission validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — App updates including id
+ * @outputs     Updated app record
+ * @depends-on  [createHandler, permissions, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB update, permission validation, audit logging]
+ * @tags        apps, update, crud, permissions, audit
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_REMOVE_1_0_0
+ * @version     1.0.0
+ * @hash        b2c79779820861406f1adabc2279e332727b936abab4c6f5e5762a62d1373169
+ * @macro       App Remove Handler
+ * @micro       Soft-deletes app with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body with app ID
+ * @outputs     Updated app record with is_active: false
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB soft delete, audit logging]
+ * @tags        apps, remove, crud, audit
+ */
+export declare const remove: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_CHECK_AVAILABILITY_1_0_0
+ * @version     1.0.0
+ * @hash        db7d52bcb1002d923dac039a99e6f6fb0eb9889e9b4a44994bf7bb75477ac9a4
+ * @macro       App Availability Checker
+ * @micro       Checks if app is available for account via RPC
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body (unused for GET)
+ * @outputs     {available: boolean} — Availability status
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [RPC call for availability check]
+ * @tags        apps, availability, rpc, check
+ */
+export declare const checkAvailability: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_UPDATE_VERSION_1_0_0
+ * @version     1.0.0
+ * @hash        04a1a3367e4b8ca0f58e0719e73b0ccda378e84b4b874f3f7e07ee0faa423bfd
+ * @macro       App Version Update Handler
+ * @micro       Updates app version string via RPC with audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — App ID and new version string
+ * @outputs     {success: true} — Success confirmation
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [RPC call, audit logging]
+ * @tags        apps, version, update, rpc, audit
+ */
+export declare const updateVersion: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    APPS_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        361e1ba86b38a4611f3170526e4ff7f456d58b929c1d39bf847135afdebf3867
+ * @macro       Apps Router
+ * @micro       Routes HTTP methods and actions to appropriate handlers
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST/PATCH operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/update/remove/schema/available/version)
+ * @depends-on  [createHandler, list, get, getSchema, checkAvailability, create, update, remove, updateVersion]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        apps, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=apps.d.ts.map

package/dist/functions/apps.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apps.d.ts","sourceRoot":"","sources":["../../.framework/functions/apps.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAYH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CA0Bf,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAwBd,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,SAAS,4CAapB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAkEjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAkDjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAqCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,4CAoB5B,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,4CAkBxB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CA6BlB,CAAA"}