chore(integration): NaaP wave-1 preview — DO NOT MERGE (C0+NAAP-0+NAAP-A)#370
Draft
seanhanca wants to merge 5 commits into
Draft
chore(integration): NaaP wave-1 preview — DO NOT MERGE (C0+NAAP-0+NAAP-A)#370seanhanca wants to merge 5 commits into
seanhanca wants to merge 5 commits into
Conversation
…rovider + conformance suite C0 (first-wave). Author the provider-neutral BPP seams as JSON Schema (2020-12) under contracts/billing-provider-protocol/: ② validate, ④ plans, ⑤ account+member (+ billingAccountRef), ⑥ usage ingest, ⑦ discovery response, ⑧ curated list + token bundle, and ⑨ provider-internal OpenMeter documented explicitly as NOT part of the BPP. Add a tiny in-memory stub billing provider (the second BPP implementation) and a conformance suite (ajv) that: - compiles every schema (schema-lint guardrail), - validates a provider's ②④⑤⑥⑧ payloads against the schemas, - asserts seam isolation: no provider-internal field names (e.g. openmeter_subscription_id, network_fee_usd_micros) leak through ② or ⑥. Runs in NaaP CI via vitest. No runtime/route changes; zero regression. Co-authored-by: Cursor <cursoragent@cursor.com>
…AP-0) NAAP-0 (first-wave). Add a server-only verifier for the PYMTHOUSE_* env wiring and the pymthouse BillingProvider seed: - verifyPymthouseEnv() reports presence booleans + missing vars and whether the configured issuer origin / public client id match the staging reference (https://staging.pymthouse.com, app_2d89999406f9be57dd0233de). It NEVER reads, returns, or logs the M2M client secret value — only a boolean "is it set". - logPymthouseEnvStatus() emits a single structured log line (with correlation id) of presence booleans only; a test asserts the secret value never appears. - Seed verify: assert the canonical @naap/database seed declares BillingProvider{slug:pymthouse, enabled:true} (already present). - Document staging PYMTHOUSE_* values in the env example (secret via env only). No runtime/route changes; zero regression. Co-authored-by: Cursor <cursoragent@cursor.com>
…er route (NAAP-A) NAAP-A (first-wave). Introduce the provider-neutral seam so NaaP never imports a billing provider directly. - adapter.ts: BillingProviderAdapter SPI (the BPP method surface) + types + AdapterNotImplementedError. - pymthouse-adapter.ts: reference adapter wrapping the existing getPmtHouseServerClient() BEHIND the SPI (the only place importing the client). Implemented: usage (me/app) + mintSignerSession; validate/getPlans/curation/ manifest throw NotImplemented (PYMT-3/5/7 pending) rather than fabricating. - stub-adapter.ts: tiny in-memory second adapter so the registry resolves ≥2 providers (Phase 0 gate). - registry.ts: slug → adapter resolution (adapterType defaults to slug). - feature-flags.ts: add provider_adapters flag (default OFF) + isFeatureEnabled(). - api/v1/billing/[provider]/[...path]/route.ts: generic routing that delegates to the registry for usage (GET) + token (POST). Gated behind provider_adapters: OFF = 404 no-op (checked before any DB/session work), so the existing explicit /billing/pymthouse/* routes remain the only billing surface and are byte-for-byte unchanged. Structured logs with correlation ids; never logs secrets/tokens/PII. Zero regression: flag OFF is a no-op; existing routes untouched. Static /billing/pymthouse/* segments take routing precedence over [provider] when ON. Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
scope/shell
|
|
seanhanca
changed the title
- conformance: capture each seam payload once and reuse for the ⑨ leak
checks (no second provider call) so stateful providers can't be flaky
- conformance: reject non-string x-bpp-forbidden-field-names entries
instead of silently String()-coercing malformed schema values
- conformance: enforce ⑤ account.id/providerSlug == billingAccountRef
identity invariant (JSON Schema 2020-12 can't express cross-field
equality); surfaced as report.accountRefMismatches + a $comment
- plans.schema: constrain price.currency to ISO-4217 (^[A-Z]{3}$)
- tests: add negative cases for usage-ingest leak and account-ref drift
- declare ajv + ajv-formats as web-next devDependencies (were only
available transitively); lockfile already had the resolved versions
Co-authored-by: Cursor <cursoragent@cursor.com>
seanhanca
force-pushed
the
preview/wave-1-integration
branch
from
1bf7065 to
f8a481b
Compare
|
This PR has conflicts with the base branch. Please rebase to resolve them: git fetch origin
git rebase origin/main
# resolve conflicts, then:
git push --force-with-leaseThe |
github-actions
Bot
added
needs-rebase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DO NOT MERGE — for integration testing only.
This is an aggregated preview integration branch that merges the three NaaP wave-1 feature branches together so Vercel produces a single preview deployment for end-to-end integration testing. It is not intended to be merged into
main; the individual PRs below are the real review/merge units (gated by D0).Aggregated PRs
feat/bpp-contractsfeat/naap-pymthouse-provider-configfeat/billing-provider-adapter-spiNotes
--no-ffoctopus merge of the three branches offorigin/main; no conflicts.provider_adapters, default OFF); contracts/tests are additive.Made with Cursor