@aooth/arbac-moost 0.1.19 → 0.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
- import { t as AoothArbacUserCredentials } from "../user-Dzu_08g0.mjs";
2
1
  import { r as AoothArbacClaims, t as ArbacUserProvider } from "../user.provider-CKPMp3G8.mjs";
3
- import { TAtscriptAnnotatedType } from "@atscript/typescript/utils";
2
+ import { TAtscriptAnnotatedType, TAtscriptTypeObject, TMetadataMap, TValidatorOptions, Validator } from "@atscript/typescript/utils";
3
+ import { AoothUserCredentials } from "@aooth/user/atscript-db/model.as";
4
4
 
5
5
  //#region src/atscript/auto-provider.d.ts
6
6
  /**
@@ -141,6 +141,44 @@ declare function validateAttenuationTargets(credType: TAtscriptAnnotatedType, va
141
141
  */
142
142
  declare function extractAttenuation(credType: TAtscriptAnnotatedType, record: object | null | undefined): AoothArbacClaims | undefined;
143
143
  //#endregion
144
+ //#region src/atscript/credential-metadata-spec.d.ts
145
+ /**
146
+ * Resolved credential-METADATA column for a credential model, discovered from
147
+ * the `@aooth.auth.metadata` annotation (registered by `arbacPlugin`).
148
+ * Computed once per `TAtscriptAnnotatedType` and cached.
149
+ *
150
+ * - `metadataField` — the field annotated `@aooth.auth.metadata` **and**
151
+ * carrying `@db.json`. `undefined` when no field is annotated, or when the
152
+ * annotated field lacks `@db.json` (metadata persistence is then DISABLED —
153
+ * see `warnings`). Pass it straight to `CredentialStoreAtscriptDb` as its
154
+ * `metadataField` option — the store stays name-agnostic; this spec owns the
155
+ * annotation semantics (same split as `getAoothUserHandleSpec` /
156
+ * `UserStore.handleFields`).
157
+ * - `warnings` — non-fatal misconfig notes (an annotated field without
158
+ * `@db.json` → metadata persistence disabled, not fatal). The wiring layer
159
+ * should log these at boot. Ambiguity (more than one annotated field) is
160
+ * fatal and throws.
161
+ *
162
+ * The `@db.json` gate mirrors the handle spec's unique-index posture: metadata
163
+ * is a structured object, and a non-json column would either reject the write
164
+ * or silently stringify it engine-dependently — so a missing `@db.json`
165
+ * disables rather than silently accepts. A model with no annotated field
166
+ * resolves to `undefined` with NO warning here (graceful degradation — the
167
+ * consumer may simply not persist metadata); the wiring layer decides whether
168
+ * that deserves a boot-time note.
169
+ */
170
+ interface AoothCredentialMetadataSpec {
171
+ metadataField: string | undefined;
172
+ warnings: string[];
173
+ }
174
+ /**
175
+ * Walk a credential model's `@aooth.auth.metadata` annotation into a cached
176
+ * {@link AoothCredentialMetadataSpec}. Mirrors {@link getAoothUserHandleSpec}:
177
+ * structural, computed once, fail-loud on ambiguity, warn-and-disable on a
178
+ * misconfigured (non-`@db.json`) field.
179
+ */
180
+ declare function getAoothCredentialMetadataSpec(credentialType: TAtscriptAnnotatedType): AoothCredentialMetadataSpec;
181
+ //#endregion
144
182
  //#region src/atscript/handle-spec.d.ts
145
183
  /**
146
184
  * Resolved login/recovery HANDLE fields for a user credential model, discovered
@@ -180,4 +218,21 @@ interface AoothUserHandleSpec {
180
218
  */
181
219
  declare function getAoothUserHandleSpec(userType: TAtscriptAnnotatedType): AoothUserHandleSpec;
182
220
  //#endregion
183
- export { AoothArbacUserCredentials, type AoothUserHandleSpec, type ArbacAttenuationSpec, type ArbacUserTable, AtscriptArbacUserProvider, extractAttenuation, getAoothUserHandleSpec, getArbacAttenuationSpec, validateAttenuationTargets };
221
+ //#region src/atscript/models/user.as.d.ts
222
+ /**
223
+ * Atscript interface **AoothArbacUserCredentials**
224
+ * @see {@link ./user.as:7:18}
225
+ */
226
+ declare class AoothArbacUserCredentials extends AoothUserCredentials {
227
+ roles: string[];
228
+ static __is_atscript_annotated_type: true;
229
+ static type: TAtscriptTypeObject<keyof AoothArbacUserCredentials, AoothArbacUserCredentials>;
230
+ static metadata: TMetadataMap<AtscriptMetadata>;
231
+ static validator: (opts?: Partial<TValidatorOptions>) => Validator<typeof AoothArbacUserCredentials>;
232
+ /** @deprecated JSON Schema support is disabled. Calling this method will throw a runtime error. To enable, set `jsonSchema: 'lazy'` or `jsonSchema: 'bundle'` in tsPlugin options, or add `@emit.jsonSchema` annotation to individual interfaces. */
233
+ static toJsonSchema: () => any;
234
+ /** @deprecated Example Data support is disabled. To enable, set `exampleData: true` in tsPlugin options. */
235
+ static toExampleData?: () => any;
236
+ }
237
+ //#endregion
238
+ export { AoothArbacUserCredentials, type AoothCredentialMetadataSpec, type AoothUserHandleSpec, type ArbacAttenuationSpec, type ArbacUserTable, AtscriptArbacUserProvider, extractAttenuation, getAoothCredentialMetadataSpec, getAoothUserHandleSpec, getArbacAttenuationSpec, validateAttenuationTargets };
@@ -1,7 +1,8 @@
1
1
  import { r as __decorate, t as ArbacUserProvider } from "../user.provider-BiM5P8fl.mjs";
2
- import { t as AoothArbacUserCredentials } from "../user-Dzu_08g0.mjs";
3
2
  import { defineWook, key } from "@wooksjs/event-core";
4
3
  import { Injectable } from "moost";
4
+ import { defineAnnotatedType, throwFeatureDisabled } from "@atscript/typescript/utils";
5
+ import "@aooth/user/atscript-db/model.as";
5
6
  //#region src/atscript/role-list.ts
6
7
  /**
7
8
  * Collect unique, non-empty strings from an iterable of unknown values,
@@ -27,7 +28,7 @@ function __decorateMetadata(k, v) {
27
28
  }
28
29
  //#endregion
29
30
  //#region src/atscript/auto-provider.ts
30
- const specCache$2 = /* @__PURE__ */ new WeakMap();
31
+ const specCache$3 = /* @__PURE__ */ new WeakMap();
31
32
  /**
32
33
  * Resolve the identifier field on an object type using the three-step chain
33
34
  * documented on `ArbacExtractSpec.userIdField`. Used for the user type AND
@@ -66,7 +67,7 @@ function resolveIdentifierField(type) {
66
67
  return metaId;
67
68
  }
68
69
  function getArbacExtractSpec(type) {
69
- const cached = specCache$2.get(type);
70
+ const cached = specCache$3.get(type);
70
71
  if (cached !== void 0) return cached;
71
72
  const spec = {
72
73
  userIdField: void 0,
@@ -75,7 +76,7 @@ function getArbacExtractSpec(type) {
75
76
  };
76
77
  const def = type.type;
77
78
  if (def.kind !== "object") {
78
- specCache$2.set(type, spec);
79
+ specCache$3.set(type, spec);
79
80
  return spec;
80
81
  }
81
82
  const roleCandidates = [];
@@ -106,7 +107,7 @@ function getArbacExtractSpec(type) {
106
107
  };
107
108
  }
108
109
  spec.userIdField = resolveIdentifierField(type);
109
- specCache$2.set(type, spec);
110
+ specCache$3.set(type, spec);
110
111
  return spec;
111
112
  }
112
113
  /**
@@ -236,14 +237,14 @@ let AtscriptArbacUserProvider = class AtscriptArbacUserProvider extends ArbacUse
236
237
  AtscriptArbacUserProvider = __decorate([Injectable(), __decorateMetadata("design:paramtypes", [Object, Object])], AtscriptArbacUserProvider);
237
238
  //#endregion
238
239
  //#region src/atscript/attenuation-extract.ts
239
- const specCache$1 = /* @__PURE__ */ new WeakMap();
240
+ const specCache$2 = /* @__PURE__ */ new WeakMap();
240
241
  /**
241
242
  * Walk a credential model's `@arbac.attenuate.*` annotations into a cached
242
243
  * {@link ArbacAttenuationSpec}. Mirrors the user-side `getArbacExtractSpec`:
243
244
  * structural, computed once, fail-loud on an ambiguous (multiple) role field.
244
245
  */
245
246
  function getArbacAttenuationSpec(credType) {
246
- const cached = specCache$1.get(credType);
247
+ const cached = specCache$2.get(credType);
247
248
  if (cached !== void 0) return cached;
248
249
  const spec = {
249
250
  roleField: void 0,
@@ -251,7 +252,7 @@ function getArbacAttenuationSpec(credType) {
251
252
  };
252
253
  const def = credType.type;
253
254
  if (def.kind !== "object") {
254
- specCache$1.set(credType, spec);
255
+ specCache$2.set(credType, spec);
255
256
  return spec;
256
257
  }
257
258
  const roleCandidates = [];
@@ -266,7 +267,7 @@ function getArbacAttenuationSpec(credType) {
266
267
  }
267
268
  if (roleCandidates.length > 1) throw new Error(`getArbacAttenuationSpec: multiple @arbac.attenuate.role fields declared (${roleCandidates.join(", ")}). Exactly one assumed-role source is supported — drop @arbac.attenuate.role from all but the canonical field.`);
268
269
  if (roleCandidates.length === 1) spec.roleField = roleCandidates[0];
269
- specCache$1.set(credType, spec);
270
+ specCache$2.set(credType, spec);
270
271
  return spec;
271
272
  }
272
273
  /**
@@ -330,6 +331,44 @@ function extractAttenuation(credType, record) {
330
331
  return out;
331
332
  }
332
333
  //#endregion
334
+ //#region src/atscript/credential-metadata-spec.ts
335
+ const specCache$1 = /* @__PURE__ */ new WeakMap();
336
+ /**
337
+ * Walk a credential model's `@aooth.auth.metadata` annotation into a cached
338
+ * {@link AoothCredentialMetadataSpec}. Mirrors {@link getAoothUserHandleSpec}:
339
+ * structural, computed once, fail-loud on ambiguity, warn-and-disable on a
340
+ * misconfigured (non-`@db.json`) field.
341
+ */
342
+ function getAoothCredentialMetadataSpec(credentialType) {
343
+ const cached = specCache$1.get(credentialType);
344
+ if (cached !== void 0) return cached;
345
+ const spec = {
346
+ metadataField: void 0,
347
+ warnings: []
348
+ };
349
+ const def = credentialType.type;
350
+ if (def.kind !== "object") {
351
+ specCache$1.set(credentialType, spec);
352
+ return spec;
353
+ }
354
+ const candidates = [];
355
+ for (const [fieldName, fieldType] of def.props) {
356
+ const md = fieldType.metadata;
357
+ if (md.get("aooth.auth.metadata")) candidates.push({
358
+ field: fieldName,
359
+ md
360
+ });
361
+ }
362
+ if (candidates.length > 1) throw new Error(`getAoothCredentialMetadataSpec: multiple @aooth.auth.metadata fields declared (${candidates.map((c) => c.field).join(", ")}). Exactly one credential-metadata column is supported — drop @aooth.auth.metadata from all but the canonical field.`);
363
+ if (candidates.length === 1) {
364
+ const { field, md } = candidates[0];
365
+ if (md.get("db.json")) spec.metadataField = field;
366
+ else spec.warnings.push(`@aooth.auth.metadata on field "${field}" has no @db.json — a structured metadata object needs a json column, so metadata persistence is DISABLED (the atscript-db credential store will not persist/read metadata). Add @db.json to the field to enable it.`);
367
+ }
368
+ specCache$1.set(credentialType, spec);
369
+ return spec;
370
+ }
371
+ //#endregion
333
372
  //#region src/atscript/handle-spec.ts
334
373
  const specCache = /* @__PURE__ */ new WeakMap();
335
374
  /** A `@db.index.unique` annotation is a non-empty `(string | true)[]`. */
@@ -393,4 +432,16 @@ function getAoothUserHandleSpec(userType) {
393
432
  return spec;
394
433
  }
395
434
  //#endregion
396
- export { AoothArbacUserCredentials, AtscriptArbacUserProvider, extractAttenuation, getAoothUserHandleSpec, getArbacAttenuationSpec, validateAttenuationTargets };
435
+ //#region src/atscript/models/user.as
436
+ var AoothArbacUserCredentials = class {
437
+ static __is_atscript_annotated_type = true;
438
+ static type = {};
439
+ static metadata = /* @__PURE__ */ new Map();
440
+ static id = "AoothArbacUserCredentials";
441
+ static toJsonSchema() {
442
+ throwFeatureDisabled("JSON Schema", "jsonSchema", "emit.jsonSchema");
443
+ }
444
+ };
445
+ defineAnnotatedType("object", AoothArbacUserCredentials).prop("id", defineAnnotatedType().designType("string").tags("string").annotate("meta.id", true).annotate("db.default.uuid", true).$type).prop("username", defineAnnotatedType().designType("string").tags("string").annotate("db.index.unique", "username_idx", true).$type).prop("version", defineAnnotatedType().designType("number").tags("int", "number").annotate("db.column.version", true).annotate("expect.int", true).$type).prop("password", defineAnnotatedType("object").prop("hash", defineAnnotatedType().designType("string").tags("string").$type).prop("history", defineAnnotatedType("array").of(defineAnnotatedType().designType("string").tags("string").$type).$type).prop("lastChanged", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("isInitial", defineAnnotatedType().designType("boolean").tags("boolean").$type).annotate("db.patch.strategy", "merge").$type).prop("account", defineAnnotatedType("object").prop("active", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("locked", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("lockReason", defineAnnotatedType().designType("string").tags("string").$type).prop("lockEnds", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("failedLoginAttempts", defineAnnotatedType().designType("number").tags("number").$type).prop("lastLogin", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("pendingInvitation", defineAnnotatedType().designType("boolean").tags("boolean").optional().$type).prop("verifiedEmail", defineAnnotatedType().designType("string").tags("string").optional().$type).annotate("db.patch.strategy", "merge").$type).prop("mfa", defineAnnotatedType("object").prop("methods", defineAnnotatedType("array").of(defineAnnotatedType("object").prop("name", defineAnnotatedType().designType("string").tags("string").$type).prop("confirmed", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("value", defineAnnotatedType().designType("string").tags("string").$type).prop("lastUsedWindow", defineAnnotatedType().designType("number").tags("int", "number").annotate("expect.int", true).optional().$type).$type).$type).prop("defaultMethod", defineAnnotatedType().designType("string").tags("string").$type).prop("autoSend", defineAnnotatedType().designType("boolean").tags("boolean").$type).annotate("db.patch.strategy", "merge").$type).prop("trustedDevices", defineAnnotatedType("array").of(defineAnnotatedType("object").prop("token", defineAnnotatedType().designType("string").tags("string").$type).prop("ip", defineAnnotatedType().designType("string").tags("string").optional().$type).prop("issuedAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("expiresAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("name", defineAnnotatedType().designType("string").tags("string").optional().$type).$type).annotate("db.patch.strategy", "merge").optional().$type).prop("seenDevices", defineAnnotatedType("array").of(defineAnnotatedType("object").prop("token", defineAnnotatedType().designType("string").tags("string").$type).prop("ip", defineAnnotatedType().designType("string").tags("string").optional().$type).prop("issuedAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("expiresAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("name", defineAnnotatedType().designType("string").tags("string").optional().$type).$type).annotate("db.patch.strategy", "merge").optional().$type).prop("roles", defineAnnotatedType("array").of(defineAnnotatedType().designType("string").tags("string").$type).annotate("arbac.role", true).$type);
446
+ //#endregion
447
+ export { AoothArbacUserCredentials, AtscriptArbacUserProvider, extractAttenuation, getAoothCredentialMetadataSpec, getAoothUserHandleSpec, getArbacAttenuationSpec, validateAttenuationTargets };
package/dist/plugin.mjs CHANGED
@@ -84,18 +84,25 @@ function arbacPlugin() {
84
84
  })
85
85
  }
86
86
  },
87
- aooth: { user: {
88
- email: new AnnotationSpec({
89
- description: "Marks this field as the EMAIL login/recovery handle. The framework resolves the field by this annotation (name-agnostic) for findByHandle / recovery / signup. The field MUST carry @db.index.unique (unique-when-present) — a handle must resolve to at most one row; without a unique index the email handle is DISABLED with a warning. At most one @aooth.user.email field per type — multiple declarations throw at boot.",
90
- nodeType: ["prop"],
91
- multiple: false
92
- }),
93
- phone: new AnnotationSpec({
94
- description: "Marks this field as the PHONE login/recovery handle. Same resolution + unique-index contract as @aooth.user.email (disabled with a warning when the field lacks @db.index.unique). At most one @aooth.user.phone field per type — multiple throw at boot.",
87
+ aooth: {
88
+ user: {
89
+ email: new AnnotationSpec({
90
+ description: "Marks this field as the EMAIL login/recovery handle. The framework resolves the field by this annotation (name-agnostic) for findByHandle / recovery / signup. The field MUST carry @db.index.unique (unique-when-present) — a handle must resolve to at most one row; without a unique index the email handle is DISABLED with a warning. At most one @aooth.user.email field per type — multiple declarations throw at boot.",
91
+ nodeType: ["prop"],
92
+ multiple: false
93
+ }),
94
+ phone: new AnnotationSpec({
95
+ description: "Marks this field as the PHONE login/recovery handle. Same resolution + unique-index contract as @aooth.user.email (disabled with a warning when the field lacks @db.index.unique). At most one @aooth.user.phone field per type — multiple throw at boot.",
96
+ nodeType: ["prop"],
97
+ multiple: false
98
+ })
99
+ },
100
+ auth: { metadata: new AnnotationSpec({
101
+ description: "Marks the consumer's fully-typed credential-metadata column (@db.json) on their `extends AoothAuthCredential` model — the runtime/validation twin of the `CredentialMetadata` declaration merge. Resolved by `getAoothCredentialMetadataSpec` and threaded to `CredentialStoreAtscriptDb` as `metadataField`. The field MUST carry @db.json (a structured metadata object needs a json column — without it, metadata persistence is DISABLED with a warning). At most one @aooth.auth.metadata field per type — multiple declarations throw at boot. Absent → the atscript-db credential store persists no metadata (non-fatal, warned at boot by the wiring).",
95
102
  nodeType: ["prop"],
96
103
  multiple: false
97
- })
98
- } }
104
+ }) }
105
+ }
99
106
  } };
100
107
  }
101
108
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aooth/arbac-moost",
3
- "version": "0.1.19",
3
+ "version": "0.1.20",
4
4
  "description": "Moost RBAC integration for aoothjs (migrated from @moostjs/arbac)",
5
5
  "keywords": [
6
6
  "abac",
@@ -60,31 +60,31 @@
60
60
  "access": "public"
61
61
  },
62
62
  "dependencies": {
63
- "@aooth/arbac": "0.1.19",
64
- "@aooth/user": "0.1.19",
65
- "@aooth/arbac-core": "0.1.19"
63
+ "@aooth/arbac": "0.1.20",
64
+ "@aooth/arbac-core": "0.1.20",
65
+ "@aooth/user": "0.1.20"
66
66
  },
67
67
  "devDependencies": {
68
- "@atscript/core": "^0.1.75",
69
- "@atscript/db": "^0.1.104",
70
- "@atscript/db-sql-tools": "^0.1.104",
71
- "@atscript/db-sqlite": "^0.1.104",
72
- "@atscript/moost-db": "^0.1.104",
73
- "@atscript/typescript": "^0.1.75",
74
- "@moostjs/event-http": "^0.6.26",
68
+ "@atscript/core": "^0.1.76",
69
+ "@atscript/db": "^0.1.105",
70
+ "@atscript/db-sql-tools": "^0.1.105",
71
+ "@atscript/db-sqlite": "^0.1.105",
72
+ "@atscript/moost-db": "^0.1.105",
73
+ "@atscript/typescript": "^0.1.76",
74
+ "@moostjs/event-http": "^0.6.27",
75
75
  "@types/better-sqlite3": "^7.6.13",
76
76
  "@uniqu/core": "^0.1.6",
77
77
  "better-sqlite3": "^12.6.2",
78
- "unplugin-atscript": "^0.1.75"
78
+ "unplugin-atscript": "^0.1.76"
79
79
  },
80
80
  "peerDependencies": {
81
- "@atscript/db": "^0.1.104",
82
- "@atscript/moost-db": "^0.1.104",
83
- "@atscript/typescript": "^0.1.75",
84
- "@moostjs/event-http": "^0.6.26",
81
+ "@atscript/db": "^0.1.105",
82
+ "@atscript/moost-db": "^0.1.105",
83
+ "@atscript/typescript": "^0.1.76",
84
+ "@moostjs/event-http": "^0.6.27",
85
85
  "@wooksjs/event-core": "^0.7.19",
86
86
  "@wooksjs/event-http": "^0.7.19",
87
- "moost": "^0.6.26"
87
+ "moost": "^0.6.27"
88
88
  },
89
89
  "peerDependenciesMeta": {
90
90
  "@atscript/db": {
@@ -1,15 +0,0 @@
1
- import { defineAnnotatedType, throwFeatureDisabled } from "@atscript/typescript/utils";
2
- import "@aooth/user/atscript-db/model.as";
3
- //#region src/atscript/models/user.as
4
- var AoothArbacUserCredentials = class {
5
- static __is_atscript_annotated_type = true;
6
- static type = {};
7
- static metadata = /* @__PURE__ */ new Map();
8
- static id = "AoothArbacUserCredentials";
9
- static toJsonSchema() {
10
- throwFeatureDisabled("JSON Schema", "jsonSchema", "emit.jsonSchema");
11
- }
12
- };
13
- defineAnnotatedType("object", AoothArbacUserCredentials).prop("id", defineAnnotatedType().designType("string").tags("string").annotate("meta.id", true).annotate("db.default.uuid", true).$type).prop("username", defineAnnotatedType().designType("string").tags("string").annotate("db.index.unique", "username_idx", true).$type).prop("version", defineAnnotatedType().designType("number").tags("int", "number").annotate("db.column.version", true).annotate("expect.int", true).$type).prop("password", defineAnnotatedType("object").prop("hash", defineAnnotatedType().designType("string").tags("string").$type).prop("history", defineAnnotatedType("array").of(defineAnnotatedType().designType("string").tags("string").$type).$type).prop("lastChanged", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("isInitial", defineAnnotatedType().designType("boolean").tags("boolean").$type).annotate("db.patch.strategy", "merge").$type).prop("account", defineAnnotatedType("object").prop("active", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("locked", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("lockReason", defineAnnotatedType().designType("string").tags("string").$type).prop("lockEnds", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("failedLoginAttempts", defineAnnotatedType().designType("number").tags("number").$type).prop("lastLogin", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("pendingInvitation", defineAnnotatedType().designType("boolean").tags("boolean").optional().$type).annotate("db.patch.strategy", "merge").$type).prop("mfa", defineAnnotatedType("object").prop("methods", defineAnnotatedType("array").of(defineAnnotatedType("object").prop("name", defineAnnotatedType().designType("string").tags("string").$type).prop("confirmed", defineAnnotatedType().designType("boolean").tags("boolean").$type).prop("value", defineAnnotatedType().designType("string").tags("string").$type).prop("lastUsedWindow", defineAnnotatedType().designType("number").tags("int", "number").annotate("expect.int", true).optional().$type).$type).$type).prop("defaultMethod", defineAnnotatedType().designType("string").tags("string").$type).prop("autoSend", defineAnnotatedType().designType("boolean").tags("boolean").$type).annotate("db.patch.strategy", "merge").$type).prop("trustedDevices", defineAnnotatedType("array").of(defineAnnotatedType("object").prop("token", defineAnnotatedType().designType("string").tags("string").$type).prop("ip", defineAnnotatedType().designType("string").tags("string").optional().$type).prop("issuedAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("expiresAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("name", defineAnnotatedType().designType("string").tags("string").optional().$type).$type).annotate("db.patch.strategy", "merge").optional().$type).prop("roles", defineAnnotatedType("array").of(defineAnnotatedType().designType("string").tags("string").$type).annotate("arbac.role", true).$type);
14
- //#endregion
15
- export { AoothArbacUserCredentials as t };