spine-framework 0.1.0

package/dist/functions/auth.d.ts

@@ -0,0 +1,74 @@
+/**
+ * @module auth
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * Authentication context endpoint. Returns the full user session context for
+ * the authenticated principal: person record, account, role, permissions, and
+ * accessible child accounts (via the `get_account_hierarchy` RPC).
+ *
+ * **Routed by:** `GET /.netlify/functions/auth`
+ *
+ * **Actions:**
+ * | method | handler  |
+ * |--------|----------|
+ * | GET    | context  |
+ * | HEALTH | health   |
+ *
+ * **Authorization:** `context` requires a non-anonymous authenticated
+ * principal. `health` is unauthenticated.
+ *
+ * **Returned session shape:**
+ * ```ts
+ * {
+ *   id: string             // person UUID
+ *   email: string
+ *   full_name: string
+ *   account_id: string
+ *   account: { id, slug, display_name, parent_id }
+ *   roles: string[]        // role slugs (e.g. ['system_admin'])
+ *   permissions: string[]  // derived from role.slug or role.permissions
+ *   accessible_accounts: AccountHierarchyRow[]
+ * }
+ * ```
+ *
+ * INVARIANT: `system_admin` role always receives the full permission set
+ *   ['read', 'write', 'admin', 'system'] regardless of `role.permissions`.
+ *
+ * @seeAlso middleware.ts (createHandler builds ctx.principal from JWT)
+ * @seeAlso _shared/db.ts (get_account_hierarchy RPC)
+ * @seeAlso roles.ts (role records referenced by FK)
+ */
+/**
+ * Returns the full authenticated user context. Fetches person, account,
+ * and role in a single query, then calls `get_account_hierarchy` to
+ * resolve accessible child accounts.
+ *
+ * @returns Session object (see module-level shape doc)
+ * @throws Error('Authentication required') if principal is anonymous
+ * @throws Error('User not found: <id>') if person row is inactive or missing
+ * @sideEffects DB read: people table (with account + role joins)
+ * @sideEffects DB read: get_account_hierarchy RPC
+ * @calledBy handler (GET)
+ * @testUnit tests/unit/auth.test.ts — 'context'
+ * @testIntegration tests/integration/auth.test.ts — 'returns valid context'
+ */
+export declare const context: (event: any, context: any) => Promise<any>;
+/**
+ * Lightweight health check for the auth function. Returns service name
+ * and current timestamp. No authentication required.
+ *
+ * @returns `{ status: 'healthy', timestamp: string, service: 'auth' }`
+ * @calledBy handler (HEALTH method)
+ * @calledBy load balancer health probes
+ */
+export declare const health: (event: any, context: any) => Promise<any>;
+/**
+ * Netlify function entry point. Routes by HTTP method:
+ * GET → context | HEALTH → health
+ * @throws Error('Unsupported method: <method>') on unmatched method
+ * @calledBy Netlify function routing
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/functions/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../.framework/functions/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAMH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAiGlB,CAAA;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,MAAM,4CAMjB,CAAA;AAIF;;;;;GAKG;AACH,eAAO,MAAM,OAAO,4CAWlB,CAAA"}

package/dist/functions/debug-auth.d.ts

@@ -0,0 +1,33 @@
+/**
+ * @module debug-auth
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability internal
+ *
+ * Development/diagnostic endpoint for verifying that authentication
+ * middleware is resolving principals correctly. **Never expose this in
+ * production without access controls.**
+ *
+ * **Routed by:** `GET /.netlify/functions/debug-auth`
+ *
+ * **Actions (via ?method):**
+ * | ?method  | handler  | description                         |
+ * |----------|----------|-------------------------------------|
+ * | debug    | debug    | env check + principal presence      |
+ * | testJwt  | testJwt  | validates JWT, returns principal ID |
+ *
+ * **Authorization:** None — intentionally unauthenticated so broken JWT
+ * flows can be diagnosed. Reveals only presence/absence of env vars and
+ * principal shape, never secret values.
+ *
+ * @seeAlso auth.ts (production auth context endpoint)
+ * @seeAlso middleware.ts (createHandler — JWT resolution logic)
+ */
+/**
+ * Netlify function entry point. Routes by ?method (debug | testJwt),
+ * defaulting to debug. Note: uses raw Netlify event/context signature
+ * rather than `createHandler` wrapper to allow unauthenticated access.
+ * @calledBy Netlify function routing (GET)
+ */
+export declare function handler(event: any, context: any): Promise<any>;
+//# sourceMappingURL=debug-auth.d.ts.map

package/dist/functions/debug-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug-auth.d.ts","sourceRoot":"","sources":["../../.framework/functions/debug-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AA6DH;;;;;GAKG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,gBAerD"}

package/dist/functions/embeddings.d.ts

@@ -0,0 +1,205 @@
+/**
+ * @module embeddings
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * CRUD and search API for the `embeddings` table. Embeddings store vector
+ * representations of text chunks for RAG (retrieval-augmented generation)
+ * workloads. Vector similarity search is performed via the
+ * `search_similar_embeddings` Postgres RPC function.
+ *
+ * **Routed by:** `GET/POST/PATCH /.netlify/functions/embeddings`
+ *
+ * **Actions:**
+ * | method | ?action         | handler           |
+ * |--------|-----------------|-------------------|
+ * | GET    | stats           | getStats          |
+ * | POST   | batch-create    | batchCreate       |
+ * | POST   | delete-document | deleteByDocument  |
+ * | POST   | cleanup         | cleanup           |
+ * | POST   | search-similar  | searchSimilar     |
+ * | POST   | search-semantic | searchSemantic    |
+ * | GET    | ?id             | get               |
+ * | GET    | (default)       | list              |
+ * | POST   | —               | create            |
+ * | PATCH  | —               | update            |
+ *
+ * **Authorization:** All operations use `ctx.db` (RLS-scoped). Account context
+ * required for writes. No hard-delete endpoint — use `delete-document` or
+ * `cleanup` for bulk removal.
+ *
+ * INVARIANT: `update` only patches `content` and `metadata`.
+ * INVARIANT: `searchSimilar` requires a pre-computed `query_embedding` vector.
+ *   Use `searchSemantic` for text-based fallback.
+ *
+ * @seeAlso agent-runner.ts (executeSearchKnowledge calls search_similar_embeddings)
+ * @seeAlso pipeline-runner.ts (search_knowledge stage type)
+ * @seeAlso audit.ts (emitLog for embedding.* / embeddings.* events)
+ */
+/**
+ * @chunk-id    EMBEDDINGS_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        929d4ac3030c10ac7a31bef9cad565900a5cd11af2e130ce3e4cfc28bc65d5ab
+ * @macro       Embeddings List Handler
+ * @micro       Lists embeddings with filtering, pagination, and sanitization
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized embedding records
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries, permission sanitization]
+ * @tags        embeddings, list, crud, pagination
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_GET_1_0_0
+ * @version     1.0.0
+ * @hash        261bfd4dd3107ebfbc0a2ee3d870ac449f543699358a03d8bea27f86ba57b5bc
+ * @macro       Embedding Get Handler
+ * @micro       Returns single embedding record with sanitization
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Sanitized embedding record
+ * @depends-on  [createHandler, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        embeddings, get, crud, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        26bc1b478138d27fc02ebeede1b0ede362ef43864591bc7353390d5f60ae81db
+ * @macro       Embedding Create Handler
+ * @micro       Creates embedding record with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Embedding data including model_id, document_id, content
+ * @outputs     Inserted embedding record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB insert, audit logging]
+ * @tags        embeddings, create, crud, audit
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_UPDATE_1_0_0
+ * @version     1.0.0
+ * @hash        e543c87308991159cda8e50f85127884475004bffaedb4508117481375bfaa43
+ * @macro       Embedding Update Handler
+ * @micro       Updates embedding content and/or metadata with audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Embedding updates including id
+ * @outputs     Updated embedding record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB update, audit logging]
+ * @tags        embeddings, update, crud, audit
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_GET_STATS_1_0_0
+ * @version     1.0.0
+ * @hash        176a002d14e89cffb0cb993b554c28e2258f66951901be49a4eccbe7855a2d7a
+ * @macro       Embeddings Statistics Handler
+ * @micro       Returns total embedding count for account with RLS scoping
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     {total_embeddings: number} — Total count of embeddings
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB count query]
+ * @tags        embeddings, stats, count, monitoring
+ */
+export declare const getStats: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_BATCH_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        18f603dbb73e044737283100d6e4cc092597a61645905473d6c6ec1ee67a9d7f
+ * @macro       Embeddings Batch Create Handler
+ * @micro       Bulk inserts multiple embeddings with account stamping and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — embeddings_data array of embedding objects
+ * @outputs     Array of inserted embedding records
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Bulk DB insert, audit logging]
+ * @tags        embeddings, batch-create, bulk, audit
+ */
+export declare const batchCreate: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_DELETE_BY_DOCUMENT_1_0_0
+ * @version     1.0.0
+ * @hash        1f74f199f69f563dbc9e72c0f3906412d6315721212261c5a61da4250cb34909
+ * @macro       Embeddings Document Delete Handler
+ * @micro       Deletes all embeddings for a document with audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — document_id to delete embeddings for
+ * @outputs     {deleted_count: number} — Number of deleted embeddings
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB delete, audit logging]
+ * @tags        embeddings, delete, document, audit
+ */
+export declare const deleteByDocument: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_CLEANUP_1_0_0
+ * @version     1.0.0
+ * @hash        b5caa85d93d7eb232eaf7f81c63f7adc4269898397c4cc1d9186ce868a056223
+ * @macro       Embeddings Cleanup Handler
+ * @micro       Deletes old embeddings beyond retention period with audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — days_to_keep (default 365)
+ * @outputs     {deleted_count: number} — Number of deleted embeddings
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB delete by date, audit logging]
+ * @tags        embeddings, cleanup, retention, audit
+ */
+export declare const cleanup: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_SEARCH_SIMILAR_1_0_0
+ * @version     1.0.0
+ * @hash        e34df64fa1db62cdef551da14b15e6f7183915562ca68763b5ebe28fe889fff7
+ * @macro       Embeddings Vector Search Handler
+ * @micro       Performs vector similarity search using cosine similarity via RPC
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — query_embedding vector and search parameters
+ * @outputs     {results, count, model_id, threshold} — Search results with metadata
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing, agent-runner.ts]
+ * @side-effects [RPC call for vector similarity search]
+ * @tags        embeddings, search, vector, similarity, rpc
+ */
+export declare const searchSimilar: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_SEARCH_SEMANTIC_1_0_0
+ * @version     1.0.0
+ * @hash        26c9cb4da3ddfa47c34afd1c60c2568f760a97d07719a58e9ae2e3d3926e84ce
+ * @macro       Embeddings Text Search Handler
+ * @micro       Performs full-text search on embedding content using Postgres websearch
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — query string and optional filters
+ * @outputs     {results, count, method, query} — Search results with metadata
+ * @depends-on  [createHandler]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB full-text search query]
+ * @tags        embeddings, search, text-search, fallback
+ */
+export declare const searchSemantic: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    EMBEDDINGS_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        5c4c550bcf413d5975c54a1f1cbfbc4641425d663127fa55fac1616085a43644
+ * @macro       Embeddings Router
+ * @micro       Routes HTTP methods and actions to appropriate handlers
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST/PATCH operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/update/batch-create/delete-document/cleanup/search-similar/search-semantic/stats)
+ * @depends-on  [createHandler, list, get, create, update, getStats, batchCreate, deleteByDocument, cleanup, searchSimilar, searchSemantic]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        embeddings, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=embeddings.d.ts.map

package/dist/functions/embeddings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"embeddings.d.ts","sourceRoot":"","sources":["../../.framework/functions/embeddings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AASH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CAoCf,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAgBd,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAgCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CA2BjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,QAAQ,4CAYnB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,WAAW,4CA6BtB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,gBAAgB,4CAqB3B,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAqBlB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,4CA4BxB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,4CAuCzB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAkDlB,CAAA"}

package/dist/functions/integration-routes.d.ts

@@ -0,0 +1,45 @@
+/**
+ * @module integration-routes
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * Unified integration routing system for all integration types.
+ * Handles webhook, API, database, file, and custom integrations
+ * through a single entry point with type-specific handlers.
+ *
+ ** Routed by:** `POST /api/integration-routes?slug=:slug`
+ *
+ * Route patterns:
+ * | method | path                                      | handler                |
+ * |--------|-------------------------------------------|------------------------|
+ * | POST   | /api/integration-routes?slug=:slug        | handleWebhook          |
+ *
+ * **Authorization:** API key authentication with integration permissions
+ * - API key validated via resolvePrincipal
+ * - Integration permissions checked against principal.permissions.integrations[slug]
+ *
+ * **Security Flow:**
+ * 1. API key validation (resolvePrincipal)
+ * 2. Integration permission check
+ * 3. Schema validation (if configured)
+ * 4. Data sanitization
+ * 5. Custom script execution
+ *
+ * INVARIANT: All validation failures return generic { status: "rejected" }
+ * INVARIANT: Detailed errors logged server-side only
+ * INVARIANT: Unknown fields in payload = HARD FAIL (fishing detection)
+ *
+ * @seeAlso integrations.ts (integration configuration)
+ * @seeAlso principal.ts (machine principal resolution)
+ * @seeAlso api-keys.ts (API key permissions)
+ */
+declare const handler: (event: any, _context: any) => Promise<{
+    statusCode: number;
+    headers: {
+        'Content-Type': string;
+    };
+    body: string;
+}>;
+export { handler };
+//# sourceMappingURL=integration-routes.d.ts.map

package/dist/functions/integration-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-routes.d.ts","sourceRoot":"","sources":["../../.framework/functions/integration-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAseH,QAAA,MAAM,OAAO,UA9P4B,GAAG,YAAY,GAAG;;;;;;EA8PzB,CAAA;AAClC,OAAO,EAAE,OAAO,EAAE,CAAA"}

package/dist/functions/integrations.d.ts

@@ -0,0 +1,124 @@
+/**
+ * @module integrations
+ * @audience core-contributor
+ * @layer api-handler
+ * @stability stable
+ *
+ * CRUD API for the `integrations` table. Integration records describe
+ * third-party service connections (API credentials, provider, version,
+ * configuration). Each integration is scoped to an account and optionally
+ * to an app. `is_configured` tracks whether credentials have been set.
+ *
+ * **Routed by:** `GET/POST/PATCH/DELETE /.netlify/functions/integrations`
+ *
+ * **Standard CRUD — routes directly by HTTP method (no ?action switch):**
+ * | method | condition | handler |
+ * |--------|-----------|---------|
+ * | GET    | ?id       | get     |
+ * | GET    | (default) | list    |
+ * | POST   | —         | create  |
+ * | PATCH  | —         | update  |
+ * | DELETE | —         | remove (soft) |
+ *
+ * **Authorization:** All operations use `ctx.db` (RLS-scoped). Authenticated
+ * principal required for writes.
+ *
+ * INVARIANT: `remove` is a soft delete (sets `is_active = false`). Hard deletes
+ *   are not supported to preserve audit trails on integration-linked data.
+ * INVARIANT: `update` only patches the explicit allowlist of fields.
+ *
+ * @seeAlso api-keys.ts (api_keys belong to integrations)
+ * @seeAlso trigger-engine.ts (integration webhooks trigger pipelines)
+ * @seeAlso audit.ts (emitLog for integration.* events)
+ */
+/**
+ * @chunk-id    INTEGRATIONS_LIST_1_0_0
+ * @version     1.0.0
+ * @hash        5faf0b7052d9aac5f764d1fc30ddde1485a0296ad2b209cd2e3a73c09061a1fc
+ * @macro       Integrations List Handler
+ * @micro       Lists integrations with filtering, pagination, and joins
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Array of sanitized integration records with app/createdBy joins
+ * @depends-on  [createHandler, joins, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB queries, permission sanitization]
+ * @tags        integrations, list, crud, pagination
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    INTEGRATIONS_GET_1_0_0
+ * @version     1.0.0
+ * @hash        975126629cff24c75d2b74328d1ae08dd033ed451d3820d828c62b1f7a27413e
+ * @macro       Integration Get Handler
+ * @micro       Returns single integration record with joins and sanitization
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for GET)
+ * @outputs     Sanitized integration record with app/createdBy joins
+ * @depends-on  [createHandler, joins, sanitizeRecordData]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB single row query, permission sanitization]
+ * @tags        integrations, get, crud, single-record
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    INTEGRATIONS_CREATE_1_0_0
+ * @version     1.0.0
+ * @hash        27d2242703930d7eeb33b49bbce4c22681ab891750c4c7a298c1c717a39870d7
+ * @macro       Integration Create Handler
+ * @micro       Creates integration record with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Integration data including name, integration_type, provider
+ * @outputs     Inserted integration record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB insert, audit logging]
+ * @tags        integrations, create, crud, audit
+ */
+export declare const create: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    INTEGRATIONS_UPDATE_1_0_0
+ * @version     1.0.0
+ * @hash        ab5c8404ddec24ff912c55e7e52cd0ecdd220646b0e07f56a49a02ef3288f3e9
+ * @macro       Integration Update Handler
+ * @micro       Updates integration with field allowlist and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: object — Integration updates including id
+ * @outputs     Updated integration record
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB update, audit logging]
+ * @tags        integrations, update, crud, audit
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    INTEGRATIONS_REMOVE_1_0_0
+ * @version     1.0.0
+ * @hash        a8b5f084d745d2ce69a1e29d74903832ed39647ccb779d0f651a99157777a08a
+ * @macro       Integration Remove Handler
+ * @micro       Soft-deletes integration with validation and audit logging
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      _body: any — Request body (unused for DELETE)
+ * @outputs     Updated integration record with is_active: false
+ * @depends-on  [createHandler, emitLog]
+ * @depended-by [Netlify function routing]
+ * @side-effects [DB soft delete, audit logging]
+ * @tags        integrations, remove, crud, audit
+ */
+export declare const remove: (event: any, context: any) => Promise<any>;
+/**
+ * @chunk-id    INTEGRATIONS_HANDLER_1_0_0
+ * @version     1.0.0
+ * @hash        14c00f276a22287ed65c019efe327cbb513f860a408191e299864b05c641833c
+ * @macro       Integrations Router
+ * @micro       Routes HTTP methods to appropriate handlers (no action switch)
+ * @inputs      ctx: CoreContext — Request context with principal and database
+ * @inputs      body: any — Request body for POST/PATCH operations
+ * @outputs     Varies — Depends on routed handler (list/get/create/update/remove)
+ * @depends-on  [createHandler, list, get, create, update, remove]
+ * @depended-by [Netlify function routing]
+ * @side-effects [Delegates to appropriate handler]
+ * @tags        integrations, router, crud, netlify-function
+ */
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=integrations.d.ts.map

package/dist/functions/integrations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrations.d.ts","sourceRoot":"","sources":["../../.framework/functions/integrations.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAUH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,4CAsCf,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,GAAG,4CAgBd,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CAqCjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CA6BjB,CAAA;AAIF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM,4CA8BjB,CAAA;AAMF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,4CAmBlB,CAAA"}

package/dist/functions/item-progress.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @module item-progress
+ * @audience both
+ * @layer api-handler
+ * @stability stable
+ *
+ * CRUD + upsert API for the `item_progress` table. Tracks per-person, per-item
+ * progress state for courses, tasks, onboarding, and any item-based pipeline.
+ *
+ * Routed by: GET/POST/PATCH /.netlify/functions/item-progress
+ *
+ * INVARIANT: (person_id, item_id) is unique — state, not a log.
+ * INVARIANT: status transitions are forward-only unless force: true.
+ * INVARIANT: score must be 0–100 or null.
+ */
+/**
+ * Lists progress records for the authenticated principal.
+ * Query params: person_id, item_id, item_ids (comma-sep), status, limit, offset
+ */
+export declare const list: (event: any, context: any) => Promise<any>;
+/**
+ * Gets a single item_progress record by id.
+ */
+export declare const get: (event: any, context: any) => Promise<any>;
+/**
+ * Upserts a progress record for (person_id, item_id).
+ * Auto-composes title and description. Enforces pipeline transitions.
+ * Sets started_at / completed_at timestamps in data. Increments attempts.
+ *
+ * Body: person_id*, item_id*, type_id*, account_id*, status, score, data,
+ *       title, description, app_id, force (bypass direction check)
+ */
+export declare const upsert: (event: any, context: any) => Promise<any>;
+/**
+ * Partially updates an existing item_progress record.
+ * Body: id (required), plus any updatable fields.
+ * Enforces forward-only status transitions unless force: true.
+ */
+export declare const update: (event: any, context: any) => Promise<any>;
+export declare const handler: (event: any, context: any) => Promise<any>;
+//# sourceMappingURL=item-progress.d.ts.map

package/dist/functions/item-progress.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"item-progress.d.ts","sourceRoot":"","sources":["../../.framework/functions/item-progress.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAuCH;;;GAGG;AACH,eAAO,MAAM,IAAI,4CAkBf,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,GAAG,4CAYd,CAAA;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,MAAM,4CA6FjB,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,MAAM,4CAwDjB,CAAA;AAIF,eAAO,MAAM,OAAO,4CASlB,CAAA"}