@authhero/kysely-adapter 11.0.0 → 11.1.0

package/dist/kysely-adapter.d.ts

@@ -17508,6 +17508,129 @@ declare const logStreamSchema: z.ZodObject<{
 	isPriority?: boolean | undefined;
 }>;
 export type LogStream = z.infer<typeof logStreamSchema>;
+declare const migrationSourceInsertSchema: z.ZodObject<{
+	id: z.ZodOptional<z.ZodString>;
+	name: z.ZodString;
+	provider: z.ZodEnum<[
+		"auth0",
+		"cognito",
+		"okta",
+		"oidc"
+	]>;
+	connection: z.ZodString;
+	enabled: z.ZodDefault<z.ZodBoolean>;
+	credentials: z.ZodObject<{
+		domain: z.ZodString;
+		client_id: z.ZodString;
+		client_secret: z.ZodString;
+		audience: z.ZodOptional<z.ZodString>;
+		scope: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	}, {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	}>;
+}, "strip", z.ZodTypeAny, {
+	name: string;
+	connection: string;
+	provider: "auth0" | "cognito" | "okta" | "oidc";
+	enabled: boolean;
+	credentials: {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	};
+	id?: string | undefined;
+}, {
+	name: string;
+	connection: string;
+	provider: "auth0" | "cognito" | "okta" | "oidc";
+	credentials: {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	};
+	id?: string | undefined;
+	enabled?: boolean | undefined;
+}>;
+export type MigrationSourceInsert = z.infer<typeof migrationSourceInsertSchema>;
+declare const migrationSourceSchema: z.ZodObject<{
+	created_at: z.ZodString;
+	updated_at: z.ZodString;
+} & {
+	id: z.ZodOptional<z.ZodString>;
+	name: z.ZodString;
+	provider: z.ZodEnum<[
+		"auth0",
+		"cognito",
+		"okta",
+		"oidc"
+	]>;
+	connection: z.ZodString;
+	enabled: z.ZodDefault<z.ZodBoolean>;
+	credentials: z.ZodObject<{
+		domain: z.ZodString;
+		client_id: z.ZodString;
+		client_secret: z.ZodString;
+		audience: z.ZodOptional<z.ZodString>;
+		scope: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	}, {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	}>;
+}, "strip", z.ZodTypeAny, {
+	created_at: string;
+	updated_at: string;
+	name: string;
+	connection: string;
+	provider: "auth0" | "cognito" | "okta" | "oidc";
+	enabled: boolean;
+	credentials: {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	};
+	id?: string | undefined;
+}, {
+	created_at: string;
+	updated_at: string;
+	name: string;
+	connection: string;
+	provider: "auth0" | "cognito" | "okta" | "oidc";
+	credentials: {
+		client_id: string;
+		client_secret: string;
+		domain: string;
+		audience?: string | undefined;
+		scope?: string | undefined;
+	};
+	id?: string | undefined;
+	enabled?: boolean | undefined;
+}>;
+export type MigrationSource = z.infer<typeof migrationSourceSchema>;
 declare const passwordInsertSchema: z.ZodObject<{
 	id: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodString;
@@ -20631,6 +20754,73 @@ declare const dailyStatsSchema: z.ZodObject<{
 	leaked_passwords: number;
 }>;
 export type DailyStats = z.infer<typeof dailyStatsSchema>;
+declare const analyticsResourceSchema: z.ZodEnum<[
+	"active-users",
+	"logins",
+	"signups",
+	"refresh-tokens",
+	"sessions"
+]>;
+export type AnalyticsResource = z.infer<typeof analyticsResourceSchema>;
+declare const analyticsIntervalSchema: z.ZodEnum<[
+	"hour",
+	"day",
+	"week",
+	"month"
+]>;
+export type AnalyticsInterval = z.infer<typeof analyticsIntervalSchema>;
+declare const analyticsGroupBySchema: z.ZodEnum<[
+	"time",
+	"connection",
+	"client_id",
+	"user_type",
+	"event"
+]>;
+export type AnalyticsGroupBy = z.infer<typeof analyticsGroupBySchema>;
+declare const analyticsUserTypeSchema: z.ZodEnum<[
+	"password",
+	"social",
+	"passwordless",
+	"enterprise"
+]>;
+export type AnalyticsUserType = z.infer<typeof analyticsUserTypeSchema>;
+export interface AnalyticsFilters {
+	connection?: string[];
+	client_id?: string[];
+	user_type?: AnalyticsUserType[];
+	user_id?: string[];
+}
+export interface AnalyticsQueryParams {
+	/** Inclusive lower bound, ISO 8601 datetime in UTC */
+	from: string;
+	/** Exclusive upper bound, ISO 8601 datetime in UTC */
+	to: string;
+	interval: AnalyticsInterval;
+	/** IANA timezone for bucket boundaries */
+	tz: string;
+	filters: AnalyticsFilters;
+	group_by: AnalyticsGroupBy[];
+	limit: number;
+	offset: number;
+	/** Column name, prefix with `-` for descending */
+	order_by?: string;
+}
+export interface AnalyticsColumnMeta {
+	name: string;
+	/** ClickHouse-style type label (e.g. "Date", "String", "UInt64", "DateTime") */
+	type: string;
+}
+export interface AnalyticsQueryResponse {
+	meta: AnalyticsColumnMeta[];
+	data: Array<Record<string, unknown>>;
+	rows: number;
+	rows_before_limit_at_least?: number;
+	statistics?: {
+		elapsed: number;
+		rows_read?: number;
+		bytes_read?: number;
+	};
+}
 declare const promptScreenSchema: z.ZodEnum<[
 	"login",
 	"login-id",
@@ -21044,6 +21234,13 @@ export interface LogStreamsAdapter {
 	update(tenant_id: string, id: string, params: Partial<LogStream>): Promise<boolean>;
 	remove(tenant_id: string, id: string): Promise<boolean>;
 }
+export interface MigrationSourcesAdapter {
+	create: (tenant_id: string, migration_source: MigrationSourceInsert) => Promise<MigrationSource>;
+	get: (tenant_id: string, id: string) => Promise<MigrationSource | null>;
+	list: (tenant_id: string) => Promise<MigrationSource[]>;
+	remove: (tenant_id: string, id: string) => Promise<boolean>;
+	update: (tenant_id: string, id: string, migration_source: Partial<MigrationSourceInsert>) => Promise<boolean>;
+}
 export interface ListConnectionsResponse extends Totals {
 	connections: Connection[];
 }
@@ -21287,6 +21484,14 @@ export interface StatsAdapter {
 	 */
 	getActiveUsers(tenantId: string): Promise<number>;
 }
+export interface AnalyticsAdapter {
+	/**
+	 * Run an analytics query for a tenant. The adapter is responsible for
+	 * injecting the tenant_id predicate; the route handler never trusts a
+	 * tenant value from a client-controlled source.
+	 */
+	query(tenantId: string, resource: AnalyticsResource, params: AnalyticsQueryParams): Promise<AnalyticsQueryResponse>;
+}
 export interface UniversalLoginTemplate {
 	body: string;
 }
@@ -21458,6 +21663,12 @@ export interface DataAdapters {
 	loginSessions: LoginSessionsAdapter;
 	logs: LogsDataAdapter;
 	logStreams?: LogStreamsAdapter;
+	/**
+	 * Optional tenant-level migration sources for lazy refresh-token re-mint
+	 * against upstream IdPs (Auth0, Cognito, Okta, generic OIDC). When unset,
+	 * unrecognized refresh tokens fail with `invalid_grant` as usual.
+	 */
+	migrationSources?: MigrationSourcesAdapter;
 	passwords: PasswordsAdapter;
 	promptSettings: PromptSettingsAdapter;
 	refreshTokens: RefreshTokensAdapter;
@@ -21467,6 +21678,12 @@ export interface DataAdapters {
 	roles: RolesAdapter;
 	sessions: SessionsAdapter;
 	stats?: StatsAdapter;
+	/**
+	 * Optional richer analytics surface, exposed via `/api/v2/analytics/*`.
+	 * Returns ClickHouse-style `{ meta, data }` responses with filtering and
+	 * grouping. Unlike `stats`, this is not Auth0 wire-compatible.
+	 */
+	analytics?: AnalyticsAdapter;
 	tenants: TenantsDataAdapter;
 	themes: ThemesAdapter;
 	universalLoginTemplates: UniversalLoginTemplatesAdapter;
@@ -24336,6 +24553,17 @@ export interface Database {
 		created_at: string;
 		updated_at: string;
 	};
+	migration_sources: {
+		id: string;
+		tenant_id: string;
+		name: string;
+		provider: string;
+		connection: string;
+		enabled: number;
+		credentials: string;
+		created_at: string;
+		updated_at: string;
+	};
 	outbox_events: {
 		id: string;
 		tenant_id: string;