Introduce ActorResolver methods, lightweight storage, and tests

.coderabbit.yaml

@@ -1,17 +1,16 @@
 # CodeRabbit Configuration File
 # Reference: https://docs.coderabbit.ai/spec/configuration
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
 
 language: "en-US"
-tone_instruction: "Review code as a senior Go software engineer with a focus on concurrency safety, modular monolithic design boundaries, and clear error propagation."
 
 reviews:
   profile: "assertive"
+  tone_instructions: "Review code as a senior Go software engineer with a focus on concurrency safety, modular monolithic design boundaries, and clear error propagation."
   auto_review:
     enabled: true
     drafts: false
   high_level_summary: true
-  reviews_per_file: true
-  collapse_dependency_reviews: true
 
 chat:
   auto_reply: true

.github/workflows/ci.yml

@@ -9,23 +9,64 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    env:
-      GOPRIVATE: github.com/GoHyperrr/*
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - name: Checkout hyperrr
+        uses: actions/checkout@v4
         with:
-          go-version: '1.25'
-      - run: go mod download
-      - run: go run ./cmd/builder
-      - run: go vet ./...
-      - run: go test -v -coverprofile=coverage.out ./...
-      - name: Go Coverage Report
-        uses: ncruces/go-coverage-report@v0
+          path: hyperrr
+
+      - name: Checkout mdk
+        uses: actions/checkout@v4
+        with:
+          repository: GoHyperrr/mdk
+          ref: ${{ github.head_ref || github.ref_name }}
+          path: mdk
+
+      - name: Checkout auth
+        uses: actions/checkout@v4
+        with:
+          repository: GoHyperrr/auth
+          ref: ${{ github.head_ref || github.ref_name }}
+          path: auth
+
+      - name: Checkout commerce
+        uses: actions/checkout@v4
+        with:
+          repository: GoHyperrr/commerce
+          ref: ${{ github.head_ref || github.ref_name }}
+          path: commerce
+
+      - name: Checkout file-storage
+        uses: actions/checkout@v4
         with:
-          report: 'true'
-          chart: 'true'
-          amend: 'true'
-        continue-on-error: true
+          repository: GoHyperrr/file-storage
+          ref: ${{ github.head_ref || github.ref_name }}
+          path: file-storage
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+
+      - name: Setup Workspace
+        run: |
+          echo "go 1.25.5" > go.work
+          echo "use (" >> go.work
+          echo "    ./auth" >> go.work
+          echo "    ./commerce" >> go.work
+          echo "    ./file-storage" >> go.work
+          echo "    ./hyperrr" >> go.work
+          echo "    ./mdk" >> go.work
+          echo ")" >> go.work
+
+      - name: Generate Code
+        run: cd hyperrr && go run build_ci.go
+
+      - name: Go Vet
+        run: cd hyperrr && go vet ./...
+
+      - name: Go Test
+        run: cd hyperrr && go test -v ./...
+
+      - name: Go Build
+        run: cd hyperrr && go build ./cmd/hyperrr

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.1.0] - 2026-06-05
+
+### Added
+- Multi-repo local workspace testing CI workflows.
+- Lightweight built-in local disk and memory storage provider.
+- Static plugin Cobra CLI registrations and string-based step resolutions.

README.md

@@ -54,14 +54,16 @@ Hyperrr is a modern, event-native commerce engine designed as a modular monolith
 
 ## 🚥 Getting Started
 
-### 1. Compile the Unified Executable
-Compile the consolidated binary using Go:
+### 1. Run Schema Aggregation & Compile the Executable
+Discover GraphQL schemas, run `gqlgen` code generation, and compile the unified `hyperrr` server executable:
 ```bash
-# Using standard Go
-go build -o bin/hyperrr ./cmd/hyperrr
+go run ./cmd/builder
+```
+This writes the compiled binary to `bin/hyperrr` (or `bin/hyperrr.exe` on Windows).
 
-# Or using Makefile
-make build
+After compiling, you can also use the CLI's built-in build command to rebuild dynamically:
+```bash
+./bin/hyperrr build
 ```
 
 ### 2. Start the Backend Commerce Server
@@ -121,10 +123,10 @@ You can register users via GraphQL or directly from your terminal using the dyna
 
 ```bash
 # Register a user via the CLI
-go run ./cmd/hyperrr auth user register dev@example.com mypassword "Developer User"
+./bin/hyperrr auth user register dev@example.com mypassword "Developer User"
 
 # Generate an API Key for MCP AI Agents
-go run ./cmd/hyperrr auth apikey generate
+./bin/hyperrr auth apikey generate
 ```
 
 To register via the GraphQL Playground (which emits `identity.user_created` to automatically create a customer profile):

SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+For pre-1.0 releases we support the latest release or the latest patch series (e.g., 0.1.x), and for 1.0+ we support the latest major release branch.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within Hyperrr or any of its modules, please do not disclose it publicly. Report it directly by emailing security@hyperrr.org or opening a draft security advisory on GitHub.
+
+We will acknowledge receipt of your report within 48 hours and work with you to patch the issue promptly.

api/gqlgen.yml

@@ -11,6 +11,8 @@ model:
 
 autobind:
   - github.com/GoHyperrr/commerce/product
+  - github.com/GoHyperrr/commerce/seo
+  - github.com/GoHyperrr/commerce/taxonomy
   - github.com/GoHyperrr/commerce/cart
   - github.com/GoHyperrr/commerce/order
   - github.com/GoHyperrr/commerce/customer

api/graph/api_test.go

@@ -153,7 +153,14 @@ func TestResolvers(t *testing.T) {
 
 	t.Run("Product Resolvers", func(t *testing.T) {
 		// Create a product
-		p := &product.Product{ID: "p1", Name: "Product 1", Price: 10.0}
+		p := &product.Product{
+			ID:     "p1",
+			Name:   "Product 1",
+			Handle: "product-1",
+			Variants: []product.ProductVariant{
+				{ID: "v1", Title: "Default", Price: 10.0},
+			},
+		}
 		prodMod.Repo().Save(ctx, p)
 
 		res, err := resolver.Query().GetProduct(ctx, "p1")
@@ -176,9 +183,12 @@ func TestResolvers(t *testing.T) {
 	t.Run("Product Mutations", func(t *testing.T) {
 		// Create
 		createInput := product.CreateProductInput{
-			ID:    "p_new",
-			Name:  "New Product",
-			Price: 50.0,
+			ID:     "p_new",
+			Name:   "New Product",
+			Handle: "new-product",
+			Variants: []product.CreateProductVariantInput{
+				{Title: "Default", Price: 50.0},
+			},
 		}
 		res, err := resolver.Mutation().CreateProduct(ctx, createInput)
 		if err != nil || res.Name != "New Product" {
@@ -199,8 +209,8 @@ func TestResolvers(t *testing.T) {
 			t.Fatalf("DeleteProduct failed: %v", err)
 		}
 
-		// Create failure (missing name)
-		_, err = resolver.Mutation().CreateProduct(ctx, product.CreateProductInput{ID: "fail", Price: 10.0})
+		// Create failure (missing required fields: name and handle)
+		_, err = resolver.Mutation().CreateProduct(ctx, product.CreateProductInput{ID: "fail", Handle: ""})
 		if err == nil {
 			t.Error("expected error for invalid product create")
 		}
@@ -742,7 +752,14 @@ func TestResolvers(t *testing.T) {
 		})
 		badResolver3 := *resolver
 		badResolver3.ProductModule = badProductMod3
-		_, err = badResolver3.Mutation().CreateProduct(ctx, product.CreateProductInput{ID: "p_fail", Name: "Fail", Price: 10})
+		_, err = badResolver3.Mutation().CreateProduct(ctx, product.CreateProductInput{
+			ID:     "p_fail",
+			Name:   "Fail",
+			Handle: "fail",
+			Variants: []product.CreateProductVariantInput{
+				{Title: "Default", Price: 10.0},
+			},
+		})
 		if err == nil || !strings.Contains(err.Error(), "failed to retrieve created product") {
 			t.Errorf("expected 'failed to retrieve created product' error, got %v", err)
 		}

api/mcp/handlers_test.go

@@ -42,7 +42,7 @@ func (m *mockWorkflowRegistry) List() []*workflow.Workflow {
 type mockWorkflowRunner struct {
 	lastExecuted string
 	lastInput    any
-	lastActor    *ident.Actor
+	lastActor    ident.Actor
 }
 
 func (m *mockWorkflowRunner) ExecuteSyncWorkflow(ctx context.Context, id string, wf *workflow.Workflow, input any) (map[string]any, error) {
@@ -88,7 +88,7 @@ func TestMCP_DiscoveryAndExecution(t *testing.T) {
 	})
 
 	t.Run("Tools Call Execution", func(t *testing.T) {
-		actor := &ident.Actor{ID: "agent_1", Type: ident.ActorAIAgent}
+		actor := &ident.BaseActor{ID: "agent_1", Type: ident.ActorAIAgent}
 		params := map[string]any{
 			"name":      "public-tool",
 			"arguments": map[string]any{"id": "123"},
@@ -108,7 +108,7 @@ func TestMCP_DiscoveryAndExecution(t *testing.T) {
 			t.Error("runner was not invoked with the correct tool")
 		}
 
-		if runner.lastActor == nil || runner.lastActor.ID != "agent_1" {
+		if runner.lastActor == nil || runner.lastActor.GetID() != "agent_1" {
 			t.Errorf("expected actor ID agent_1, got %v", runner.lastActor)
 		}
 
@@ -119,7 +119,7 @@ func TestMCP_DiscoveryAndExecution(t *testing.T) {
 	})
 
 	t.Run("Tools Call Unauthorized Tool", func(t *testing.T) {
-		actor := &ident.Actor{ID: "agent_1", Type: ident.ActorAIAgent}
+		actor := &ident.BaseActor{ID: "agent_1", Type: ident.ActorAIAgent}
 		params := map[string]any{"name": "private-tool"}
 
 		_, errRPC := server.handleToolsCall(context.Background(), actor, params)

api/mcp/server.go

@@ -146,15 +146,15 @@ func (s *Server) HandleMessages(w http.ResponseWriter, r *http.Request) {
 		providers = []string{"apikey"} // Default fallback
 	}
 
-	var actor *ident.Actor
+	var actor ident.Actor
 	var authErr error
 	authenticated := false
 
 	for _, p := range providers {
 		switch p {
 		case "none":
 			// Bypass authentication check entirely and mock a developer actor
-			actor = &ident.Actor{
+			actor = &ident.BaseActor{
 				ID:   "act_mcp_developer",
 				Type: ident.ActorAIAgent,
 				Name: "Developer Agent (No Auth)",
@@ -175,7 +175,7 @@ func (s *Server) HandleMessages(w http.ResponseWriter, r *http.Request) {
 				authErr = fmt.Errorf("invalid api key: %w", err)
 				continue
 			}
-			if resActor.Type != ident.ActorAIAgent {
+			if resActor.GetType() != ident.ActorAIAgent {
 				authErr = fmt.Errorf("actor is not an AI agent")
 				continue
 			}
@@ -214,7 +214,7 @@ func (s *Server) HandleMessages(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusAccepted)
 }
 
-func (s *Server) dispatch(ctx context.Context, sessionID string, actor *ident.Actor, req JSONRPCRequest) {
+func (s *Server) dispatch(ctx context.Context, sessionID string, actor ident.Actor, req JSONRPCRequest) {
 	var resp JSONRPCResponse
 	resp.JSONRPC = "2.0"
 	resp.ID = req.ID
@@ -483,7 +483,7 @@ func (s *Server) handleToolsList(ctx context.Context) *ListToolsResult {
 	return &ListToolsResult{Tools: tools}
 }
 
-func (s *Server) handleToolsCall(ctx context.Context, actor *ident.Actor, params map[string]any) (any, *Error) {
+func (s *Server) handleToolsCall(ctx context.Context, actor ident.Actor, params map[string]any) (any, *Error) {
 	name, ok := params["name"].(string)
 	if !ok {
 		return nil, &Error{Code: CodeInvalidParams, Message: "Tool name required"}
@@ -925,14 +925,43 @@ func (s *Server) renderUI(ctx context.Context, appName string) string {
 			content += `<tr><td colspan="5" style="text-align: center; color: var(--text-secondary);">No products registered.</td></tr>`
 		} else {
 			for _, p := range list {
+				currencyCode := "USD"
+				if s.deps.Config != nil && s.deps.Config.Currency != "" {
+					currencyCode = s.deps.Config.Currency
+				}
+				if p.Metadata != nil {
+					if curr, ok := p.Metadata["currency"].(string); ok {
+						currencyCode = curr
+					}
+				}
+
+				priceStr := "N/A"
+				if len(p.Variants) > 0 {
+					priceStr = formatPrice(p.Variants[0].Price, currencyCode)
+					if len(p.Variants) > 1 {
+						minP := p.Variants[0].Price
+						maxP := p.Variants[0].Price
+						for _, v := range p.Variants {
+							if v.Price < minP {
+								minP = v.Price
+							}
+							if v.Price > maxP {
+								maxP = v.Price
+							}
+						}
+						if minP != maxP {
+							priceStr = fmt.Sprintf("%s - %s", formatPrice(minP, currencyCode), formatPrice(maxP, currencyCode))
+						}
+					}
+				}
 				content += fmt.Sprintf(`
 					<tr>
 						<td><code>%s</code></td>
 						<td>%s</td>
 						<td>%s</td>
-						<td class="text-accent">$%.2f</td>
+						<td class="text-accent">%s</td>
 						<td>%s</td>
-					</tr>`, p.ID, p.Name, p.Description, p.Price, p.Currency)
+					</tr>`, p.ID, p.Name, p.Description, priceStr, currencyCode)
 			}
 		}
 		content += `
@@ -1842,3 +1871,20 @@ func (s *Server) renderUI(ctx context.Context, appName string) string {
 
 	return fmt.Sprintf(htmlSkeleton, title, accent, accentGlow, title, content)
 }
+
+func formatPrice(price float64, currencyCode string) string {
+	switch strings.ToUpper(currencyCode) {
+	case "USD":
+		return fmt.Sprintf("$%.2f", price)
+	case "EUR":
+		return fmt.Sprintf("€%.2f", price)
+	case "GBP":
+		return fmt.Sprintf("£%.2f", price)
+	case "JPY":
+		return fmt.Sprintf("¥%.0f", price)
+	case "INR":
+		return fmt.Sprintf("₹%.2f", price)
+	default:
+		return fmt.Sprintf("%.2f %s", price, currencyCode)
+	}
+}