02 — Module catalog
Not a black box, not arbitrary generated code. Each module ships maturity labels, schema, routes, permissions, events, tests, and typed hooks — read before your agent composes. Maturity is taken straight from the public registry; nothing is overstated.
Schema-driven admin CRUD over your existing D1 tables: a resource registry plus generic list/get/create/update/delete with RBAC, soft-delete, search/pagination, and audit hooks. UI is host-rendered.
Append-only audit trail. Pure event sink: records domain events from a signed queue or direct calls.
EdDSA service-token mint/verify, scope checks, and JWKS for auth-gated inter-service communication.
Recurring plans and subscription state on top of Stripe: a complete status state machine, idempotent webhook application, plan changes, metered usage, and dunning hooks.
Service booking, availability, booking records, domain events, and booking admin data access.
Google Calendar sync for Cloudflare Workers + D1: single-flight OAuth token refresh, watch-channel renewal before the ~7-day expiry, incremental syncToken sync with 410-Gone full-resync fallback, pure RRULE expansion, and push+poll dedup.
Customer profiles, contact fields, notes, lifecycle events, and customer admin data access.
Transactional email module with provider-neutral ports and Resend and StackSuite (AWS SES) HTTP adapters.
R2-backed file uploads with tenant-scoped keys, validated upload tickets, orphan cleanup, and soft-deletes. Async image variants fan out through jobs-workflows.
Dynamic form builder + intake: serializable field schemas with validation rules and conditional visibility, pure submission validation, idempotent submissions, optional Turnstile spam protection, and content-type/size-validated attachment references.
Public trust boundary: API-key authentication, rate limiting, scope narrowing, and token exchange via auth.
Invoices with gapless atomic numbering, per-line tax, an enforced draft->open->paid->void lifecycle, idempotent payment application, and dunning hooks.
Durable background jobs with idempotent execution, exponential-backoff retries, a dead-letter sink, and catch-up scheduling. The async backbone other modules build on.
Per-user in-app notification feed: user-scoped lists/counts, read/unread state, polymorphic typed payloads, reconnect catch-up (listSince), and idempotent delivery via dedupKey. Owns persistence; the realtime push layer is the host's concern.
Multi-tenant organizations, memberships, roles, and invitations with a permission-resolution gate. Enforces tenant isolation and single-use, expiring invites — the B2B foundation other modules scope against.
Stripe-backed payment provider: create payment intents, record payments, and verify signed Stripe webhooks. Emits payment lifecycle events.
Outbound mirror of the event bus: registers external endpoints (per-endpoint signing secret), delivers HMAC-signed domain events, and logs delivery attempts.
No module matches . Try a different term or .
Planned modules have no public registry listing yet — they appear here for roadmap clarity, not as available code.