@adventurelabs/scout-core 1.4.74 → 1.4.75

package/dist/providers/ScoutRefreshProvider.js

@@ -1,47 +1,148 @@
 "use client";
 import { jsx as _jsx } from "react/jsx-runtime";
 import { useScoutRefresh, } from "../hooks/useScoutRefresh";
-import { createContext, useContext, useMemo, useRef } from "react";
+import { createContext, useCallback, useContext, useEffect, useMemo, useRef, useState, } from "react";
 import { createBrowserClient } from "@supabase/ssr";
-// Create context for the Supabase client
-const SupabaseContext = createContext(null);
-const ConnectionStatusContext = createContext(null);
-// Hook to use the Supabase client
-export function useSupabase() {
-    const supabase = useContext(SupabaseContext);
-    if (!supabase) {
-        throw new Error("useSupabase must be used within a SupabaseProvider");
+import { CLIENT_ABILITIES_TOKEN_TTL_SEC, } from "../types/client_abilities_token";
+import { EnumWebResponse } from "../types/requests";
+import { get_client_abilities_jwt_public_keys, mint_client_abilities_token, verify_client_abilities_token, } from "../helpers/client_abilities_token";
+const ScoutRefreshContext = createContext(null);
+const DEFAULT_REFRESH_BEFORE_EXPIRY_SEC = 120;
+const DEFAULT_PUBLIC_KEYS_CACHE_MS = 10 * 60 * 1000;
+function mintExpiresAt(mint, ttlSec) {
+    if (mint.exp > mint.iat) {
+        return mint.exp;
     }
-    return supabase;
+    return mint.iat + ttlSec;
 }
-// Hook to use connection status
-export function useConnectionStatus() {
-    const connectionStatus = useContext(ConnectionStatusContext);
-    if (!connectionStatus) {
-        throw new Error("useConnectionStatus must be used within a ScoutRefreshProvider");
+function useScoutRefreshContext() {
+    const ctx = useContext(ScoutRefreshContext);
+    if (!ctx) {
+        throw new Error("Scout refresh hooks must be used within ScoutRefreshProvider");
     }
-    return connectionStatus;
+    return ctx;
+}
+export function useSupabase() {
+    return useScoutRefreshContext().supabase;
+}
+/** Verified client abilities JWT (minted on a schedule by ScoutRefreshProvider). */
+export function useClientAbilitiesMint() {
+    return useScoutRefreshContext().abilities;
+}
+function resolveAbilityParams(abilityParams) {
+    return {
+        mintClientAbilitiesToken: abilityParams?.mintClientAbilitiesToken ?? true,
+        clientAbilitiesTokenTtlSec: abilityParams?.clientAbilitiesTokenTtlSec ??
+            CLIENT_ABILITIES_TOKEN_TTL_SEC,
+        refreshBeforeExpirySec: abilityParams?.refreshBeforeExpirySec ??
+            DEFAULT_REFRESH_BEFORE_EXPIRY_SEC,
+        publicKeysCacheTtlMs: abilityParams?.publicKeysCacheTtlMs ?? DEFAULT_PUBLIC_KEYS_CACHE_MS,
+    };
+}
+function useClientAbilitiesMintLifecycle(supabase, config) {
+    const { mintClientAbilitiesToken: enabled, clientAbilitiesTokenTtlSec: ttlSec, refreshBeforeExpirySec, publicKeysCacheTtlMs, } = config;
+    const [mint, setMint] = useState(null);
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const inFlightRef = useRef(false);
+    const publicKeysRef = useRef(null);
+    const publicKeysAtRef = useRef(0);
+    const loadPublicKeys = useCallback(async (force = false) => {
+        const now = Date.now();
+        if (!force &&
+            publicKeysRef.current?.length &&
+            now - publicKeysAtRef.current < publicKeysCacheTtlMs) {
+            return publicKeysRef.current;
+        }
+        const { status, data, msg } = await get_client_abilities_jwt_public_keys(supabase);
+        if (status !== EnumWebResponse.SUCCESS || !data?.length) {
+            throw new Error(msg ?? "get_client_abilities_jwt_public_keys returned no keys");
+        }
+        publicKeysRef.current = data;
+        publicKeysAtRef.current = now;
+        return data;
+    }, [supabase, publicKeysCacheTtlMs]);
+    const refreshMint = useCallback(async () => {
+        if (!enabled || inFlightRef.current) {
+            return;
+        }
+        inFlightRef.current = true;
+        setIsLoading(true);
+        setError(null);
+        try {
+            const { data: { session }, } = await supabase.auth.getSession();
+            if (!session) {
+                setMint(null);
+                return;
+            }
+            const mintResponse = await mint_client_abilities_token(supabase);
+            if (mintResponse.status !== EnumWebResponse.SUCCESS ||
+                !mintResponse.data) {
+                setMint(null);
+                setError(mintResponse.msg ?? "mint failed");
+                return;
+            }
+            let keys = await loadPublicKeys();
+            let verified;
+            try {
+                verified = await verify_client_abilities_token(mintResponse.data, keys);
+            }
+            catch {
+                keys = await loadPublicKeys(true);
+                verified = await verify_client_abilities_token(mintResponse.data, keys);
+            }
+            setMint(verified);
+        }
+        catch (e) {
+            setMint(null);
+            setError(e instanceof Error ? e.message : "client abilities mint failed");
+        }
+        finally {
+            inFlightRef.current = false;
+            setIsLoading(false);
+        }
+    }, [enabled, supabase, loadPublicKeys]);
+    useEffect(() => {
+        if (!enabled) {
+            setMint(null);
+            setError(null);
+            return;
+        }
+        void refreshMint();
+        const { data: { subscription }, } = supabase.auth.onAuthStateChange((event) => {
+            if (event === "SIGNED_OUT") {
+                setMint(null);
+                setError(null);
+                return;
+            }
+            if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
+                void refreshMint();
+            }
+        });
+        return () => subscription.unsubscribe();
+    }, [enabled, supabase, refreshMint]);
+    useEffect(() => {
+        if (!enabled || !mint) {
+            return;
+        }
+        const nowSec = Math.floor(Date.now() / 1000);
+        const expSec = mintExpiresAt(mint, ttlSec);
+        const refreshAtSec = Math.max(expSec - refreshBeforeExpirySec, mint.iat + 1);
+        const delayMs = Math.max((refreshAtSec - nowSec) * 1000, 1000);
+        const timer = setTimeout(() => {
+            void refreshMint();
+        }, delayMs);
+        return () => clearTimeout(timer);
+    }, [enabled, mint, ttlSec, refreshBeforeExpirySec, refreshMint]);
+    return useMemo(() => ({ mint, isLoading, error, refreshMint }), [mint, isLoading, error, refreshMint]);
 }
-export function ScoutRefreshProvider({ children, ...refreshOptions }) {
-    // Use refs to store the URL and key to prevent unnecessary recreations
-    // Assumes Next.js environment variables (NEXT_PUBLIC_*)
+export function ScoutRefreshProvider({ children, abilityParams, ...refreshOptions }) {
     const urlRef = useRef(process.env.NEXT_PUBLIC_SUPABASE_URL || "");
     const anonKeyRef = useRef(process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY || "");
-    // Create a single Supabase client instance that only runs once
-    const supabaseClient = useMemo(() => {
-        console.log("[ScoutRefreshProvider] Creating Supabase client");
-        return createBrowserClient(urlRef.current, anonKeyRef.current);
-    }, []); // Empty dependency array ensures this only runs once
-    useScoutRefresh({ ...refreshOptions, supabase: supabaseClient });
-    // // Log connection status changes for debugging
-    // if (connectionStatus.lastError) {
-    //   console.warn(
-    //     "[ScoutRefreshProvider] DB Listener error:",
-    //     connectionStatus.lastError
-    //   );
-    // }
-    // if (connectionStatus.isConnected) {
-    //   console.log("[ScoutRefreshProvider] ✅ DB Listener connected");
-    // }
-    return (_jsx(SupabaseContext.Provider, { value: supabaseClient, children: children }));
+    const supabase = useMemo(() => createBrowserClient(urlRef.current, anonKeyRef.current), []);
+    const abilitiesConfig = useMemo(() => resolveAbilityParams(abilityParams), [abilityParams]);
+    useScoutRefresh({ ...refreshOptions, supabase });
+    const abilities = useClientAbilitiesMintLifecycle(supabase, abilitiesConfig);
+    const value = useMemo(() => ({ supabase, abilities }), [supabase, abilities]);
+    return (_jsx(ScoutRefreshContext.Provider, { value: value, children: children }));
 }

package/dist/types/client_abilities_token.d.ts

@@ -0,0 +1,24 @@
+/** Herd entry inside a minted client abilities JWT (matches edge / RPC payload). */
+export interface IClientAbilitiesHerdClaim {
+    herd_id: number;
+    slug: string;
+    abilities: string[];
+}
+/** Response from `mint-client-abilities-token`. */
+export interface IClientAbilitiesTokenMint {
+    token: string;
+    platform_superadmin: boolean;
+    herds: IClientAbilitiesHerdClaim[];
+    iat: number;
+    exp: number;
+}
+/** Entry from `get_client_abilities_jwt_public_keys()`. */
+export interface IClientAbilitiesJwtPublicKeyEntry {
+    kid: string;
+    jwk: Record<string, unknown>;
+}
+export declare const CLIENT_ABILITIES_JWT_AUDIENCE = "scout-client";
+/** Typical edge `CLIENT_ABILITIES_TOKEN_TTL_SEC` (scheduling uses JWT `exp` from mint). */
+export declare const CLIENT_ABILITIES_TOKEN_TTL_SEC = 3600;
+/** UI-only gate; RLS remains authoritative for data access. */
+export declare function can_herd_ability(mint: IClientAbilitiesTokenMint | null | undefined, herd_id: number, ability: string): boolean;

package/dist/types/client_abilities_token.js

@@ -0,0 +1,14 @@
+export const CLIENT_ABILITIES_JWT_AUDIENCE = "scout-client";
+/** Typical edge `CLIENT_ABILITIES_TOKEN_TTL_SEC` (scheduling uses JWT `exp` from mint). */
+export const CLIENT_ABILITIES_TOKEN_TTL_SEC = 3600;
+/** UI-only gate; RLS remains authoritative for data access. */
+export function can_herd_ability(mint, herd_id, ability) {
+    if (!mint?.token) {
+        return false;
+    }
+    if (mint.platform_superadmin) {
+        return true;
+    }
+    const herd = mint.herds.find((h) => h.herd_id === herd_id);
+    return herd?.abilities.includes(ability) ?? false;
+}

package/dist/types/db.d.ts

@@ -1,7 +1,6 @@
 import { SupabaseClient, User } from "@supabase/supabase-js";
 import { Database } from "./supabase";
 export type ScoutDatabaseClient = SupabaseClient<Database, "public">;
-export type Role = Database["public"]["Enums"]["role"];
 export type DeviceType = Database["public"]["Enums"]["device_type"];
 export type MediaType = Database["public"]["Enums"]["media_type"];
 export type TagObservationType = Database["public"]["Enums"]["tag_observation_type"];
@@ -27,6 +26,15 @@ export type ILayer = Database["public"]["Tables"]["layers"]["Row"];
 export type IAction = Database["public"]["Tables"]["actions"]["Row"];
 export type IZone = Database["public"]["Tables"]["zones"]["Row"];
 export type IUserRolePerHerd = Database["public"]["Tables"]["users_roles_per_herd"]["Row"];
+export type IAbility = Database["public"]["Tables"]["abilities"]["Row"];
+export type IHerdRole = Database["public"]["Tables"]["herd_roles"]["Row"];
+export type IHerdRoleAbilityRow = Database["public"]["Tables"]["herd_role_abilities"]["Row"];
+export type IHerdRoleWithAbilities = IHerdRole & {
+    abilities: IAbility[];
+    ability_ids: number[];
+};
+/** Stable machine id on `herd_roles` (e.g. admin, editor, viewer). Not `herds.slug`. */
+export type HerdRoleSystemName = string;
 export type IHerdInvitation = Database["public"]["Tables"]["herd_invitations"]["Row"];
 export type IHerdInvitationWithHerdSlug = Database["public"]["CompositeTypes"]["herd_invitation_with_herd_slug"];
 export type IHerdAllowedDomain = Database["public"]["Tables"]["herd_allowed_domains"]["Row"];
@@ -141,7 +149,8 @@ export interface IEventWithSession extends IEvent {
 }
 export type IUserAndRole = {
     user: IUserProfileRow | null;
-    role: Role;
+    herd_role_id: number;
+    herd_role: IHerdRole | null;
 };
 export interface IApiKeyScout {
     id: string;

package/dist/types/supabase.d.ts

@@ -7,6 +7,30 @@ export type Database = {
     };
     public: {
         Tables: {
+            abilities: {
+                Row: {
+                    description: string | null;
+                    id: number;
+                    inserted_at: string;
+                    is_system: boolean;
+                    key: string;
+                };
+                Insert: {
+                    description?: string | null;
+                    id?: number;
+                    inserted_at?: string;
+                    is_system?: boolean;
+                    key: string;
+                };
+                Update: {
+                    description?: string | null;
+                    id?: number;
+                    inserted_at?: string;
+                    is_system?: boolean;
+                    key?: string;
+                };
+                Relationships: [];
+            };
             actions: {
                 Row: {
                     id: number;
@@ -331,6 +355,27 @@ export type Database = {
                     }
                 ];
             };
+            client_abilities_jwt_public_keys: {
+                Row: {
+                    created_at: string;
+                    kid: string;
+                    public_jwk: Json;
+                    revoked_at: string | null;
+                };
+                Insert: {
+                    created_at?: string;
+                    kid: string;
+                    public_jwk: Json;
+                    revoked_at?: string | null;
+                };
+                Update: {
+                    created_at?: string;
+                    kid?: string;
+                    public_jwk?: Json;
+                    revoked_at?: string | null;
+                };
+                Relationships: [];
+            };
             connectivity: {
                 Row: {
                     altitude: number;
@@ -840,9 +885,9 @@ export type Database = {
                     email: string;
                     expires_at: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status: Database["public"]["Enums"]["herd_invitation_status"];
                 };
                 Insert: {
@@ -851,9 +896,9 @@ export type Database = {
                     email: string;
                     expires_at?: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id?: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status?: Database["public"]["Enums"]["herd_invitation_status"];
                 };
                 Update: {
@@ -862,9 +907,9 @@ export type Database = {
                     email?: string;
                     expires_at?: string | null;
                     herd_id?: number;
+                    herd_role_id?: number;
                     id?: number;
                     invited_by?: string;
-                    role?: Database["public"]["Enums"]["role"];
                     status?: Database["public"]["Enums"]["herd_invitation_status"];
                 };
                 Relationships: [
@@ -875,6 +920,13 @@ export type Database = {
                         referencedRelation: "herds";
                         referencedColumns: ["id"];
                     },
+                    {
+                        foreignKeyName: "herd_invitations_herd_role_id_fkey";
+                        columns: ["herd_role_id"];
+                        isOneToOne: false;
+                        referencedRelation: "herd_roles";
+                        referencedColumns: ["id"];
+                    },
                     {
                         foreignKeyName: "herd_invitations_invited_by_fkey";
                         columns: ["invited_by"];
@@ -884,6 +936,74 @@ export type Database = {
                     }
                 ];
             };
+            herd_role_abilities: {
+                Row: {
+                    ability_id: number;
+                    herd_role_id: number;
+                    id: number;
+                };
+                Insert: {
+                    ability_id: number;
+                    herd_role_id: number;
+                    id?: number;
+                };
+                Update: {
+                    ability_id?: number;
+                    herd_role_id?: number;
+                    id?: number;
+                };
+                Relationships: [
+                    {
+                        foreignKeyName: "herd_role_abilities_ability_id_fkey";
+                        columns: ["ability_id"];
+                        isOneToOne: false;
+                        referencedRelation: "abilities";
+                        referencedColumns: ["id"];
+                    },
+                    {
+                        foreignKeyName: "herd_role_abilities_herd_role_id_fkey";
+                        columns: ["herd_role_id"];
+                        isOneToOne: false;
+                        referencedRelation: "herd_roles";
+                        referencedColumns: ["id"];
+                    }
+                ];
+            };
+            herd_roles: {
+                Row: {
+                    herd_id: number;
+                    id: number;
+                    inserted_at: string;
+                    is_system: boolean;
+                    name: string;
+                    system_name: string;
+                };
+                Insert: {
+                    herd_id: number;
+                    id?: number;
+                    inserted_at?: string;
+                    is_system?: boolean;
+                    name: string;
+                    system_name: string;
+                };
+                Update: {
+                    herd_id?: number;
+                    id?: number;
+                    inserted_at?: string;
+                    is_system?: boolean;
+                    name?: string;
+                    system_name?: string;
+                };
+                Relationships: [
+                    {
+                        foreignKeyName: "herd_roles_herd_id_fkey";
+                        columns: ["herd_id"];
+                        isOneToOne: false;
+                        referencedRelation: "herds";
+                        referencedColumns: ["id"];
+                    }
+                ];
+            };
             herds: {
                 Row: {
                     auto_delete_media_with_humans: boolean | null;
@@ -1685,35 +1805,35 @@ export type Database = {
             users_roles_per_herd: {
                 Row: {
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     inserted_at: string;
                     lifecycle: Database["public"]["Enums"]["entity_lifecycle"];
                     lifecycle_changed_at: string;
                     lifecycle_changed_by: string | null;
                     lifecycle_reason: string | null;
-                    role: Database["public"]["Enums"]["role"];
                     user_id: string;
                 };
                 Insert: {
                     herd_id: number;
+                    herd_role_id: number;
                     id?: number;
                     inserted_at?: string;
                     lifecycle?: Database["public"]["Enums"]["entity_lifecycle"];
                     lifecycle_changed_at?: string;
                     lifecycle_changed_by?: string | null;
                     lifecycle_reason?: string | null;
-                    role: Database["public"]["Enums"]["role"];
                     user_id: string;
                 };
                 Update: {
                     herd_id?: number;
+                    herd_role_id?: number;
                     id?: number;
                     inserted_at?: string;
                     lifecycle?: Database["public"]["Enums"]["entity_lifecycle"];
                     lifecycle_changed_at?: string;
                     lifecycle_changed_by?: string | null;
                     lifecycle_reason?: string | null;
-                    role?: Database["public"]["Enums"]["role"];
                     user_id?: string;
                 };
                 Relationships: [
@@ -1724,6 +1844,13 @@ export type Database = {
                         referencedRelation: "herds";
                         referencedColumns: ["id"];
                     },
+                    {
+                        foreignKeyName: "users_roles_per_herd_herd_role_id_fkey";
+                        columns: ["herd_role_id"];
+                        isOneToOne: false;
+                        referencedRelation: "herd_roles";
+                        referencedColumns: ["id"];
+                    },
                     {
                         foreignKeyName: "users_roles_per_herd_lifecycle_changed_by_fkey";
                         columns: ["lifecycle_changed_by"];
@@ -1941,9 +2068,9 @@ export type Database = {
                     email: string;
                     expires_at: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status: Database["public"]["Enums"]["herd_invitation_status"];
                 }[];
                 SetofOptions: {
@@ -2008,7 +2135,7 @@ export type Database = {
                     p_email: string;
                     p_expires_at?: string;
                     p_herd_id: number;
-                    p_role: Database["public"]["Enums"]["role"];
+                    p_herd_role_id: number;
                 };
                 Returns: {
                     accepted_at: string | null;
@@ -2016,9 +2143,9 @@ export type Database = {
                     email: string;
                     expires_at: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status: Database["public"]["Enums"]["herd_invitation_status"];
                 };
                 SetofOptions: {
@@ -2413,6 +2540,14 @@ export type Database = {
                     isSetofReturn: true;
                 };
             };
+            get_client_abilities_jwt_public_keys: {
+                Args: never;
+                Returns: Json;
+            };
+            get_client_abilities_token_claims: {
+                Args: never;
+                Returns: Json;
+            };
             get_connectivity_for_artifact: {
                 Args: {
                     artifact_id_caller: number;
@@ -3105,36 +3240,13 @@ export type Database = {
                 };
                 Returns: {
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     inserted_at: string;
                     lifecycle: Database["public"]["Enums"]["entity_lifecycle"];
                     lifecycle_changed_at: string;
                     lifecycle_changed_by: string | null;
                     lifecycle_reason: string | null;
-                    role: Database["public"]["Enums"]["role"];
-                    user_id: string;
-                };
-                SetofOptions: {
-                    from: "*";
-                    to: "users_roles_per_herd";
-                    isOneToOne: true;
-                    isSetofReturn: false;
-                };
-            };
-            remove_user_from_herd_for_admin: {
-                Args: {
-                    p_herd_id: number;
-                    p_user_id: string;
-                };
-                Returns: {
-                    herd_id: number;
-                    id: number;
-                    inserted_at: string;
-                    lifecycle: Database["public"]["Enums"]["entity_lifecycle"];
-                    lifecycle_changed_at: string;
-                    lifecycle_changed_by: string | null;
-                    lifecycle_reason: string | null;
-                    role: Database["public"]["Enums"]["role"];
                     user_id: string;
                 };
                 SetofOptions: {
@@ -3255,9 +3367,9 @@ export type Database = {
                     email: string;
                     expires_at: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status: Database["public"]["Enums"]["herd_invitation_status"];
                 }[];
                 SetofOptions: {
@@ -3271,6 +3383,35 @@ export type Database = {
                 Args: never;
                 Returns: undefined;
             };
+            remove_user_from_herd_for_admin: {
+                Args: {
+                    p_herd_id: number;
+                    p_user_id: string;
+                };
+                Returns: {
+                    herd_id: number;
+                    herd_role_id: number;
+                    id: number;
+                    inserted_at: string;
+                    lifecycle: Database["public"]["Enums"]["entity_lifecycle"];
+                    lifecycle_changed_at: string;
+                    lifecycle_changed_by: string | null;
+                    lifecycle_reason: string | null;
+                    user_id: string;
+                };
+                SetofOptions: {
+                    from: "*";
+                    to: "users_roles_per_herd";
+                    isOneToOne: true;
+                    isSetofReturn: false;
+                };
+            };
+            revoke_client_abilities_jwt_public_key: {
+                Args: {
+                    p_kid: string;
+                };
+                Returns: undefined;
+            };
             revoke_herd_invitations: {
                 Args: {
                     p_invitation_ids: number[];
@@ -3281,9 +3422,9 @@ export type Database = {
                     email: string;
                     expires_at: string | null;
                     herd_id: number;
+                    herd_role_id: number;
                     id: number;
                     invited_by: string;
-                    role: Database["public"]["Enums"]["role"];
                     status: Database["public"]["Enums"]["herd_invitation_status"];
                 }[];
                 SetofOptions: {
@@ -3314,6 +3455,12 @@ export type Database = {
                     isSetofReturn: true;
                 };
             };
+            seed_herd_default_roles: {
+                Args: {
+                    p_herd_id: number;
+                };
+                Returns: undefined;
+            };
             set_herd_location: {
                 Args: {
                     p_herd_id: number;
@@ -3343,6 +3490,13 @@ export type Database = {
                 };
                 Returns: undefined;
             };
+            upsert_client_abilities_jwt_public_key: {
+                Args: {
+                    p_kid: string;
+                    p_public_jwk: Json;
+                };
+                Returns: undefined;
+            };
             upsert_pubsub_jwt_public_key: {
                 Args: {
                     p_kid: string;
@@ -3359,7 +3513,6 @@ export type Database = {
             herd_invitation_status: "pending" | "accepted" | "revoked" | "expired";
             media_type: "image" | "video" | "audio" | "text";
             plan_type: "mission" | "fence" | "rally" | "markov";
-            role: "admin" | "editor" | "viewer";
             tag_observation_type: "manual" | "auto";
             user_status: "ONLINE" | "OFFLINE";
         };
@@ -3505,7 +3658,8 @@ export type Database = {
                 id: number | null;
                 email: string | null;
                 herd_id: number | null;
-                role: Database["public"]["Enums"]["role"] | null;
+                herd_role_id: number | null;
+                role_system_name: string | null;
                 invited_by: string | null;
                 status: Database["public"]["Enums"]["herd_invitation_status"] | null;
                 created_at: string | null;
@@ -3686,7 +3840,6 @@ export declare const Constants: {
             readonly herd_invitation_status: readonly ["pending", "accepted", "revoked", "expired"];
             readonly media_type: readonly ["image", "video", "audio", "text"];
             readonly plan_type: readonly ["mission", "fence", "rally", "markov"];
-            readonly role: readonly ["admin", "editor", "viewer"];
             readonly tag_observation_type: readonly ["manual", "auto"];
             readonly user_status: readonly ["ONLINE", "OFFLINE"];
         };