npm - @authhero/multi-tenancy - Versions diffs - 14.20.1 → 14.20.2 - Mend

@authhero/multi-tenancy 14.20.1 → 14.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/multi-tenancy.cjs +1 -1
package/dist/multi-tenancy.mjs +253 -255
package/dist/types/middleware/settings-inheritance.d.ts.map +1 -1
package/dist/types/routes/tenants.d.ts.map +1 -1
package/package.json +4 -4

package/dist/multi-tenancy.mjs CHANGED Viewed

@@ -1,10 +1,10 @@
-var te = Object.defineProperty;
-var ne = (e, t, n) => t in e ? te(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
-var O = (e, t, n) => ne(e, typeof t != "symbol" ? t + "" : t, n);
-import { Hono as re } from "hono";
-import { MANAGEMENT_API_SCOPES as ae, MANAGEMENT_API_AUDIENCE as X, fetchAll as D, auth0QuerySchema as se, tenantSchema as q, tenantInsertSchema as U, deepMergePatch as oe, connectionSchema as ie, connectionOptionsSchema as ce, init as le } from "authhero";
-import { OpenAPIHono as ue, createRoute as M, z as I } from "@hono/zod-openapi";
-function de(e) {
+var ne = Object.defineProperty;
+var re = (e, t, n) => t in e ? ne(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
+var E = (e, t, n) => re(e, typeof t != "symbol" ? t + "" : t, n);
+import { Hono as ae } from "hono";
+import { MANAGEMENT_API_SCOPES as se, MANAGEMENT_API_AUDIENCE as Y, fetchAll as D, auth0QuerySchema as oe, tenantSchema as O, tenantInsertSchema as G, deepMergePatch as ie, connectionSchema as ce, connectionOptionsSchema as le, init as ue } from "authhero";
+import { OpenAPIHono as de, createRoute as k, z as A } from "@hono/zod-openapi";
+function fe(e) {
   const { controlPlaneTenantId: t, requireOrganizationMatch: n = !0 } = e;
   return {
     async onTenantAccessValidation(r, a) {
@@ -18,13 +18,13 @@ function de(e) {
     }
   };
 }
-function fe(e, t, n, r) {
+function me(e, t, n, r) {
   if (t === n)
     return !0;
   const a = r || e;
   return a ? a.toLowerCase() === t.toLowerCase() : !1;
 }
-function me(e) {
+function ge(e) {
   return {
     async resolveDataAdapters(t) {
       try {
@@ -39,20 +39,20 @@ function me(e) {
     }
   };
 }
-function ge(e) {
+function we(e) {
   return `urn:authhero:tenant:${e.toLowerCase()}`;
 }
-function Y(e) {
+function Z(e) {
   return {
     async beforeCreate(t, n) {
       return !n.audience && n.id ? {
         ...n,
-        audience: ge(n.id)
+        audience: we(n.id)
       } : n;
     },
     async afterCreate(t, n) {
       const { accessControl: r, databaseIsolation: a } = e;
-      r && t.ctx && await we(t, n, r), a != null && a.onProvision && await a.onProvision(n.id);
+      r && t.ctx && await he(t, n, r), a != null && a.onProvision && await a.onProvision(n.id);
     },
     async beforeDelete(t, n) {
       const { accessControl: r, databaseIsolation: a } = e;
@@ -83,7 +83,7 @@ function Y(e) {
     }
   };
 }
-async function we(e, t, n) {
+async function he(e, t, n) {
   const {
     controlPlaneTenantId: r,
     defaultPermissions: a,
@@ -100,14 +100,14 @@ async function we(e, t, n) {
     }
   );
   let g;
-  if (i && (g = await pe(
+  if (i && (g = await ye(
     e,
     r,
     c,
     u
   )), o && e.ctx) {
     const d = e.ctx.var.user;
-    if (d != null && d.sub && !await he(
+    if (d != null && d.sub && !await pe(
       e,
       r,
       d.sub
@@ -123,10 +123,10 @@ async function we(e, t, n) {
           l.id
           // organizationId
         );
-      } catch (m) {
+      } catch (f) {
         console.warn(
           `Failed to add creator ${d.sub} to organization ${l.id}:`,
-          m
+          f
         );
       }
   }
@@ -136,7 +136,7 @@ async function we(e, t, n) {
     `Would grant permissions ${a.join(", ")} to organization ${l.id}`
   );
 }
-async function he(e, t, n) {
+async function pe(e, t, n) {
   const r = await e.adapters.userRoles.list(
     t,
     n,
@@ -155,14 +155,14 @@ async function he(e, t, n) {
       return !0;
   return !1;
 }
-async function pe(e, t, n, r) {
+async function ye(e, t, n, r) {
   const s = (await e.adapters.roles.list(t, {})).roles.find((o) => o.name === n);
   if (s)
     return s.id;
   const i = await e.adapters.roles.create(t, {
     name: n,
     description: r
-  }), c = X, u = ae.map((o) => ({
+  }), c = Y, u = se.map((o) => ({
     role_id: i.id,
     resource_server_identifier: c,
     permission_name: o.value
@@ -173,7 +173,7 @@ async function pe(e, t, n, r) {
     u
   ), i.id;
 }
-function G(e, t, n = () => !0) {
+function H(e, t, n = () => !0) {
   const { controlPlaneTenantId: r, getChildTenantIds: a, getAdapters: s } = e, i = /* @__PURE__ */ new Map();
   async function c(l, g, d) {
     return (await t(l).list(g, {
@@ -184,21 +184,21 @@ function G(e, t, n = () => !0) {
   async function u(l) {
     const g = await a(), d = t(await s(r));
     await Promise.all(
-      g.map(async (f) => {
+      g.map(async (m) => {
         try {
-          const m = await s(f), w = t(m), y = {
+          const f = await s(m), w = t(f), y = {
             ...d.transform(l),
             is_system: !0
-          }, _ = await c(m, f, l.name), b = _ ? w.getId(_) : void 0;
+          }, _ = await c(f, m, l.name), b = _ ? w.getId(_) : void 0;
           if (_ && b) {
-            const P = w.preserveOnUpdate ? w.preserveOnUpdate(_, y) : y;
-            await w.update(f, b, P);
+            const I = w.preserveOnUpdate ? w.preserveOnUpdate(_, y) : y;
+            await w.update(m, b, I);
           } else
-            await w.create(f, y);
-        } catch (m) {
+            await w.create(m, y);
+        } catch (f) {
           console.error(
-            `Failed to sync ${d.listKey} "${l.name}" to tenant "${f}":`,
-            m
+            `Failed to sync ${d.listKey} "${l.name}" to tenant "${m}":`,
+            f
           );
         }
       })
@@ -209,12 +209,12 @@ function G(e, t, n = () => !0) {
     await Promise.all(
       g.map(async (d) => {
         try {
-          const f = await s(d), m = t(f), w = await c(f, d, l), C = w ? m.getId(w) : void 0;
-          w && C && await m.remove(d, C);
-        } catch (f) {
+          const m = await s(d), f = t(m), w = await c(m, d, l), T = w ? f.getId(w) : void 0;
+          w && T && await f.remove(d, T);
+        } catch (m) {
           console.error(
             `Failed to delete entity "${l}" from tenant "${d}":`,
-            f
+            m
           );
         }
       })
@@ -229,8 +229,8 @@ function G(e, t, n = () => !0) {
     },
     beforeDelete: async (l, g) => {
       if (l.tenantId !== r) return;
-      const f = await t(l.adapters).get(l.tenantId, g);
-      f && n(f) && i.set(g, f);
+      const m = await t(l.adapters).get(l.tenantId, g);
+      m && n(m) && i.set(g, m);
     },
     afterDelete: async (l, g) => {
       if (l.tenantId !== r) return;
@@ -239,29 +239,29 @@ function G(e, t, n = () => !0) {
     }
   };
 }
-function H(e, t, n = () => !0) {
+function W(e, t, n = () => !0) {
   const { controlPlaneTenantId: r, getControlPlaneAdapters: a, getAdapters: s } = e;
   return {
     async afterCreate(i, c) {
       if (c.id !== r)
         try {
           const u = await a(), o = await s(c.id), l = t(u), g = t(o), d = await D(
-            (f) => l.listPaginated(r, f),
+            (m) => l.listPaginated(r, m),
             l.listKey,
             { cursorField: "id", pageSize: 100 }
           );
           await Promise.all(
-            d.filter((f) => n(f)).map(async (f) => {
+            d.filter((m) => n(m)).map(async (m) => {
               try {
-                const m = l.transform(f);
+                const f = l.transform(m);
                 await g.create(c.id, {
-                  ...m,
+                  ...f,
                   is_system: !0
                 });
-              } catch (m) {
+              } catch (f) {
                 console.error(
                   `Failed to sync entity to new tenant "${c.id}":`,
-                  m
+                  f
                 );
               }
             })
@@ -275,7 +275,7 @@ function H(e, t, n = () => !0) {
     }
   };
 }
-const W = (e) => ({
+const L = (e) => ({
   list: async (t, n) => (await e.resourceServers.list(t, n)).resource_servers,
   listPaginated: (t, n) => e.resourceServers.list(t, n),
   get: (t, n) => e.resourceServers.get(t, n),
@@ -293,7 +293,7 @@ const W = (e) => ({
     token_lifetime: t.token_lifetime,
     token_lifetime_for_web: t.token_lifetime_for_web
   })
-}), L = (e) => ({
+}), K = (e) => ({
   list: async (t, n) => (await e.roles.list(t, n)).roles,
   listPaginated: (t, n) => e.roles.list(t, n),
   get: (t, n) => e.roles.get(t, n),
@@ -308,28 +308,28 @@ const W = (e) => ({
     description: t.description
   })
 });
-function K(e) {
+function Q(e) {
   var t;
   return ((t = e.metadata) == null ? void 0 : t.sync) !== !1;
 }
-function ye(e) {
-  const { sync: t = {}, filters: n = {} } = e, r = t.resourceServers ?? !0, a = t.roles ?? !0, s = (m) => K(m) ? n.resourceServers ? n.resourceServers(m) : !0 : !1, i = (m) => K(m) ? n.roles ? n.roles(m) : !0 : !1, c = r ? G(
+function ve(e) {
+  const { sync: t = {}, filters: n = {} } = e, r = t.resourceServers ?? !0, a = t.roles ?? !0, s = (f) => Q(f) ? n.resourceServers ? n.resourceServers(f) : !0 : !1, i = (f) => Q(f) ? n.roles ? n.roles(f) : !0 : !1, c = r ? H(
     e,
-    W,
+    L,
     s
-  ) : void 0, u = a ? G(e, L, i) : void 0, o = r ? H(
+  ) : void 0, u = a ? H(e, K, i) : void 0, o = r ? W(
     e,
-    W,
+    L,
     s
-  ) : void 0, l = a ? H(
+  ) : void 0, l = a ? W(
     e,
-    L,
+    K,
     i
   ) : void 0, g = a ? {
-    async afterCreate(m, w) {
-      var C;
+    async afterCreate(f, w) {
+      var T;
       if (w.id !== e.controlPlaneTenantId) {
-        await ((C = l == null ? void 0 : l.afterCreate) == null ? void 0 : C.call(l, m, w));
+        await ((T = l == null ? void 0 : l.afterCreate) == null ? void 0 : T.call(l, f, w));
         try {
           const y = await e.getControlPlaneAdapters(), _ = await e.getAdapters(w.id), b = await D(
             (h) => y.roles.list(
@@ -338,28 +338,28 @@ function ye(e) {
             ),
             "roles",
             { cursorField: "id", pageSize: 100 }
-          ), P = /* @__PURE__ */ new Map();
+          ), I = /* @__PURE__ */ new Map();
           for (const h of b.filter(
-            (T) => {
+            (C) => {
               var p;
-              return ((p = n.roles) == null ? void 0 : p.call(n, T)) ?? !0;
+              return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
             }
           )) {
-            const T = await d(
+            const C = await d(
               _,
               w.id,
               h.name
             );
-            T && P.set(h.name, T.id);
+            C && I.set(h.name, C.id);
           }
           for (const h of b.filter(
-            (T) => {
+            (C) => {
               var p;
-              return ((p = n.roles) == null ? void 0 : p.call(n, T)) ?? !0;
+              return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
             }
           )) {
-            const T = P.get(h.name);
-            if (T)
+            const C = I.get(h.name);
+            if (C)
               try {
                 const p = await y.rolePermissions.list(
                   e.controlPlaneTenantId,
@@ -368,11 +368,11 @@ function ye(e) {
                 );
                 p.length > 0 && await _.rolePermissions.assign(
                   w.id,
-                  T,
-                  p.map((z) => ({
-                    role_id: T,
-                    resource_server_identifier: z.resource_server_identifier,
-                    permission_name: z.permission_name
+                  C,
+                  p.map((F) => ({
+                    role_id: C,
+                    resource_server_identifier: F.resource_server_identifier,
+                    permission_name: F.permission_name
                   }))
                 );
               } catch (p) {
@@ -391,9 +391,9 @@ function ye(e) {
       }
     }
   } : void 0;
-  async function d(m, w, C) {
-    return (await m.roles.list(w, {
-      q: `name:${C}`,
+  async function d(f, w, T) {
+    return (await f.roles.list(w, {
+      q: `name:${T}`,
       per_page: 1
     })).roles[0] ?? null;
   }
@@ -403,15 +403,15 @@ function ye(e) {
       roles: u
     },
     tenantHooks: {
-      async afterCreate(m, w) {
-        const C = [
+      async afterCreate(f, w) {
+        const T = [
           o == null ? void 0 : o.afterCreate,
           (g == null ? void 0 : g.afterCreate) ?? (l == null ? void 0 : l.afterCreate)
         ], y = [];
-        for (const _ of C)
+        for (const _ of T)
           if (_)
             try {
-              await _(m, w);
+              await _(f, w);
             } catch (b) {
               y.push(b instanceof Error ? b : new Error(String(b)));
             }
@@ -425,7 +425,7 @@ function ye(e) {
     }
   };
 }
-var A = class extends Error {
+var P = class extends Error {
   /**
    * Creates an instance of `HTTPException`.
    * @param status - HTTP status code for the exception. Defaults to 500.
@@ -433,8 +433,8 @@ var A = class extends Error {
    */
   constructor(t = 500, n) {
     super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
-    O(this, "res");
-    O(this, "status");
+    E(this, "res");
+    E(this, "status");
     this.res = n == null ? void 0 : n.res, this.status = t;
   }
   /**
@@ -452,29 +452,29 @@ var A = class extends Error {
   }
 };
 function N(e, t) {
-  const n = new ue();
+  const n = new de();
   return n.openapi(
-    M({
+    k({
       tags: ["tenants"],
       method: "get",
       path: "/",
       request: {
-        query: se
+        query: oe
       },
       security: [
         {
-          Bearer: []
+          Bearer: ["read:tenants", "auth:read"]
         }
       ],
       responses: {
         200: {
           content: {
             "application/json": {
-              schema: I.object({
-                tenants: I.array(q),
-                start: I.number().optional(),
-                limit: I.number().optional(),
-                length: I.number().optional()
+              schema: A.object({
+                tenants: A.array(O),
+                start: A.number().optional(),
+                limit: A.number().optional(),
+                length: A.number().optional()
               })
             }
           },
@@ -483,59 +483,59 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      var m, w, C, y, _, b;
+      var w, T, y, _, b, I;
       const a = r.req.valid("query"), { page: s, per_page: i, include_totals: c, q: u } = a, o = r.var.user, l = (o == null ? void 0 : o.permissions) || [];
-      if (l.includes("auth:read") || l.includes("admin:organizations")) {
-        const P = await r.env.data.tenants.list({
+      if (!!!((o == null ? void 0 : o.org_id) ?? r.var.organization_id) && (l.includes("auth:read") || l.includes("admin:organizations"))) {
+        const h = await r.env.data.tenants.list({
           page: s,
           per_page: i,
           include_totals: c,
           q: u
         });
         return c ? r.json({
-          tenants: P.tenants,
-          start: ((m = P.totals) == null ? void 0 : m.start) ?? 0,
-          limit: ((w = P.totals) == null ? void 0 : w.limit) ?? i,
-          length: P.tenants.length
-        }) : r.json({ tenants: P.tenants });
+          tenants: h.tenants,
+          start: ((w = h.totals) == null ? void 0 : w.start) ?? 0,
+          limit: ((T = h.totals) == null ? void 0 : T.limit) ?? i,
+          length: h.tenants.length
+        }) : r.json({ tenants: h.tenants });
       }
-      const d = ((C = e.accessControl) == null ? void 0 : C.controlPlaneTenantId) ?? ((y = r.env.data.multiTenancyConfig) == null ? void 0 : y.controlPlaneTenantId);
-      if (d && (o != null && o.sub)) {
-        const h = (await D(
-          (R) => r.env.data.userOrganizations.listUserOrganizations(
-            d,
+      const m = ((y = e.accessControl) == null ? void 0 : y.controlPlaneTenantId) ?? ((_ = r.env.data.multiTenancyConfig) == null ? void 0 : _.controlPlaneTenantId);
+      if (m && (o != null && o.sub)) {
+        const C = (await D(
+          (M) => r.env.data.userOrganizations.listUserOrganizations(
+            m,
             o.sub,
-            R
+            M
           ),
           "organizations"
-        )).map((R) => R.name);
-        if (h.length === 0)
+        )).map((M) => M.name);
+        if (C.length === 0)
           return c ? r.json({
             tenants: [],
             start: 0,
             limit: i ?? 50,
             length: 0
           }) : r.json({ tenants: [] });
-        const T = h.length, p = s ?? 0, z = i ?? 50, j = p * z, F = h.slice(j, j + z);
-        if (F.length === 0)
+        const p = C.length, F = s ?? 0, $ = i ?? 50, R = F * $, S = C.slice(R, R + $);
+        if (S.length === 0)
           return c ? r.json({
             tenants: [],
-            start: j,
-            limit: z,
-            length: T
+            start: R,
+            limit: $,
+            length: p
           }) : r.json({ tenants: [] });
-        const S = F.map((R) => `id:${R}`).join(" OR "), v = u ? `(${S}) AND (${u})` : S, $ = await r.env.data.tenants.list({
-          q: v,
-          per_page: z,
+        const v = S.map((M) => `id:${M}`).join(" OR "), j = u ? `(${v}) AND (${u})` : v, z = await r.env.data.tenants.list({
+          q: j,
+          per_page: $,
           include_totals: !1
           // We calculate totals from accessibleTenantIds
         });
         return c ? r.json({
-          tenants: $.tenants,
-          start: j,
-          limit: z,
-          length: T
-        }) : r.json({ tenants: $.tenants });
+          tenants: z.tenants,
+          start: R,
+          limit: $,
+          length: p
+        }) : r.json({ tenants: z.tenants });
       }
       const f = await r.env.data.tenants.list({
         page: s,
@@ -545,13 +545,13 @@ function N(e, t) {
       });
       return c ? r.json({
         tenants: f.tenants,
-        start: ((_ = f.totals) == null ? void 0 : _.start) ?? 0,
-        limit: ((b = f.totals) == null ? void 0 : b.limit) ?? i,
+        start: ((b = f.totals) == null ? void 0 : b.start) ?? 0,
+        limit: ((I = f.totals) == null ? void 0 : I.limit) ?? i,
         length: f.tenants.length
       }) : r.json({ tenants: f.tenants });
     }
   ), n.openapi(
-    M({
+    k({
       tags: ["tenants"],
       method: "post",
       path: "/",
@@ -559,7 +559,7 @@ function N(e, t) {
         body: {
           content: {
             "application/json": {
-              schema: U
+              schema: G
             }
           }
         }
@@ -573,7 +573,7 @@ function N(e, t) {
         201: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Tenant created"
@@ -590,7 +590,7 @@ function N(e, t) {
       var u, o;
       const a = r.var.user;
       if (!(a != null && a.sub))
-        throw new A(401, {
+        throw new P(401, {
           message: "Authentication required to create tenants"
         });
       let s = r.req.valid("json");
@@ -603,13 +603,13 @@ function N(e, t) {
       return (o = t.tenants) != null && o.afterCreate && await t.tenants.afterCreate(i, c), r.json(c, 201);
     }
   ), n.openapi(
-    M({
+    k({
       tags: ["tenants"],
       method: "delete",
       path: "/{id}",
       request: {
-        params: I.object({
-          id: I.string()
+        params: A.object({
+          id: A.string()
         })
       },
       security: [
@@ -635,11 +635,11 @@ function N(e, t) {
       if (s) {
         const d = r.var.user;
         if (!(d != null && d.sub))
-          throw new A(401, {
+          throw new P(401, {
             message: "Authentication required"
           });
         if (a === s)
-          throw new A(403, {
+          throw new P(403, {
             message: "Cannot delete the control plane"
           });
         if (!(await D(
@@ -650,12 +650,12 @@ function N(e, t) {
           ),
           "organizations"
         )).some((w) => w.name === a))
-          throw new A(403, {
+          throw new P(403, {
             message: "Access denied to this tenant"
           });
       }
       if (!await r.env.data.tenants.get(a))
-        throw new A(404, {
+        throw new P(404, {
           message: "Tenant not found"
         });
       const c = {
@@ -665,13 +665,13 @@ function N(e, t) {
       return (l = t.tenants) != null && l.beforeDelete && await t.tenants.beforeDelete(c, a), await r.env.data.tenants.remove(a), (g = t.tenants) != null && g.afterDelete && await t.tenants.afterDelete(c, a), r.body(null, 204);
     }
   ), n.openapi(
-    M({
+    k({
       tags: ["tenants", "settings"],
       method: "get",
       path: "/settings",
       request: {
-        headers: I.object({
-          "tenant-id": I.string().optional()
+        headers: A.object({
+          "tenant-id": A.string().optional()
         })
       },
       security: [
@@ -683,7 +683,7 @@ function N(e, t) {
         200: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Current tenant settings"
@@ -693,24 +693,24 @@ function N(e, t) {
     async (r) => {
       const a = await r.env.data.tenants.get(r.var.tenant_id);
       if (!a)
-        throw new A(404, {
+        throw new P(404, {
           message: "Tenant not found"
         });
       return r.json(a);
     }
   ), n.openapi(
-    M({
+    k({
       tags: ["tenants", "settings"],
       method: "patch",
       path: "/settings",
       request: {
-        headers: I.object({
-          "tenant-id": I.string().optional()
+        headers: A.object({
+          "tenant-id": A.string().optional()
         }),
         body: {
           content: {
             "application/json": {
-              schema: I.object(U.shape).partial()
+              schema: A.object(G.shape).partial()
             }
           }
         }
@@ -724,7 +724,7 @@ function N(e, t) {
         200: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Updated tenant settings"
@@ -734,21 +734,21 @@ function N(e, t) {
     async (r) => {
       const a = r.req.valid("json"), { id: s, ...i } = a, c = await r.env.data.tenants.get(r.var.tenant_id);
       if (!c)
-        throw new A(404, {
+        throw new P(404, {
           message: "Tenant not found"
         });
-      const u = oe(c, i);
+      const u = ie(c, i);
       await r.env.data.tenants.update(r.var.tenant_id, u);
       const o = await r.env.data.tenants.get(r.var.tenant_id);
       if (!o)
-        throw new A(500, {
+        throw new P(500, {
           message: "Failed to retrieve updated tenant"
         });
       return r.json(o);
     }
   ), n;
 }
-function ve(e) {
+function _e(e) {
   const t = [
     {
       pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -764,7 +764,7 @@ function ve(e) {
   }
   return null;
 }
-async function _e(e, t, n) {
+async function Ce(e, t, n) {
   try {
     switch (n.type) {
       case "resource_server": {
@@ -786,50 +786,50 @@ async function _e(e, t, n) {
     return !1;
   }
 }
-function Ce(e) {
+function Te(e) {
   return {
     resource_server: "resource server",
     role: "role",
     connection: "connection"
   }[e];
 }
-function Te() {
+function be() {
   return async (e, t) => {
     if (!["PATCH", "PUT", "DELETE"].includes(e.req.method))
       return t();
-    const n = ve(e.req.path);
+    const n = _e(e.req.path);
     if (!n)
       return t();
     const r = e.var.tenant_id || e.req.header("x-tenant-id") || e.req.header("tenant-id");
     if (!r)
       return t();
-    if (await _e(e.env.data, r, n))
-      throw new A(403, {
-        message: `This ${Ce(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
+    if (await Ce(e.env.data, r, n))
+      throw new P(403, {
+        message: `This ${Te(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
       });
     return t();
   };
 }
-function E(e, t) {
+function B(e, t) {
   const n = t.find(
     (a) => a.strategy === e.strategy
   );
   if (!(n != null && n.options))
     return e;
-  const r = ie.passthrough().parse({
+  const r = ce.passthrough().parse({
     ...n,
     ...e
   });
-  return r.options = ce.passthrough().parse({
+  return r.options = le.passthrough().parse({
     ...n.options || {},
     ...e.options
   }), r;
 }
-function k(e, t) {
+function q(e, t) {
   const n = [...t || [], ...e || []];
   return [...new Set(n)];
 }
-function be(e, t) {
+function Pe(e, t) {
   if (!(t != null && t.length))
     return e || [];
   if (!(e != null && e.length))
@@ -841,34 +841,34 @@ function be(e, t) {
     n.set(r.value, r);
   return Array.from(n.values());
 }
-function Q(e, t) {
+function V(e, t) {
   return t ? {
     ...e,
-    scopes: be(
+    scopes: Pe(
       e.scopes,
       t.scopes
     )
   } : e;
 }
-function V(e, t) {
+function J(e, t) {
   return t ? {
     ...e,
-    callbacks: k(e.callbacks, t.callbacks),
-    web_origins: k(
+    callbacks: q(e.callbacks, t.callbacks),
+    web_origins: q(
       e.web_origins,
       t.web_origins
     ),
-    allowed_logout_urls: k(
+    allowed_logout_urls: q(
       e.allowed_logout_urls,
       t.allowed_logout_urls
     ),
-    allowed_origins: k(
+    allowed_origins: q(
       e.allowed_origins,
       t.allowed_origins
     )
   } : e;
 }
-function Z(e, t) {
+function x(e, t) {
   return {
     ...e.resourceServers,
     get: async (n, r) => {
@@ -882,7 +882,7 @@ function Z(e, t) {
         t,
         r
       );
-      return Q(
+      return V(
         a,
         s
       );
@@ -904,7 +904,7 @@ function Z(e, t) {
         })
       );
       const u = a.resource_servers.map(
-        (o) => o.is_system && o.id ? Q(
+        (o) => o.is_system && o.id ? V(
           o,
           c.get(o.id) ?? null
         ) : o
@@ -916,10 +916,10 @@ function Z(e, t) {
     }
   };
 }
-function Pe(e, t) {
+function Se(e, t) {
   return {
     ...e,
-    resourceServers: Z(
+    resourceServers: x(
       e,
       t.controlPlaneTenantId
     )
@@ -944,7 +944,7 @@ function Ae(e, t) {
         if (!i || !n || a === n)
           return i;
         const c = await e.connections.list(n);
-        return E(
+        return B(
           i,
           c.connections || []
         );
@@ -954,7 +954,7 @@ function Ae(e, t) {
         if (!n || a === n)
           return i;
         const c = await e.connections.list(n), u = i.connections.map(
-          (o) => E(
+          (o) => B(
             o,
             c.connections || []
           )
@@ -976,7 +976,7 @@ function Ae(e, t) {
           return i;
         const c = await e.connections.list(n);
         return i.map(
-          (u) => E(
+          (u) => B(
             u,
             c.connections || []
           )
@@ -995,7 +995,7 @@ function Ae(e, t) {
           n,
           r
         );
-        return V(i, c);
+        return J(i, c);
       },
       getByClientId: async (a) => {
         const s = await e.clients.getByClientId(a);
@@ -1008,7 +1008,7 @@ function Ae(e, t) {
           r
         );
         return {
-          ...V(s, i),
+          ...J(s, i),
           tenant_id: s.tenant_id
         };
       }
@@ -1020,22 +1020,22 @@ function Ae(e, t) {
         return s || (!n || a === n ? null : e.emailProviders.get(n));
       }
     },
-    resourceServers: Z(
+    resourceServers: x(
       e,
       n
     ),
-    hooks: Se(e, n)
+    hooks: Ie(e, n)
     // Note: Additional adapters can be extended here for runtime fallback:
     // - promptSettings: Fall back to control plane prompts
     // - branding: Fall back to control plane branding/themes
   };
 }
-function J(e) {
+function X(e) {
   if (!e || typeof e != "object") return !1;
   const t = e.metadata;
   return !t || typeof t != "object" ? !1 : t.inheritable === !0;
 }
-function Se(e, t) {
+function Ie(e, t) {
   return {
     ...e.hooks,
     list: async (n, r) => {
@@ -1046,13 +1046,11 @@ function Se(e, t) {
         t,
         r
       )).hooks || []).filter(
-        J
+        X
       );
       if (i.length === 0)
         return a;
-      const c = new Set(
-        (a.hooks || []).map((o) => o.hook_id)
-      ), u = i.filter((o) => !c.has(o.hook_id));
+      const c = new Set((a.hooks || []).map((o) => o.hook_id)), u = i.filter((o) => !c.has(o.hook_id));
       return {
         ...a,
         hooks: [...a.hooks || [], ...u],
@@ -1067,43 +1065,43 @@ function Se(e, t) {
         t,
         r
       );
-      return s && J(s) ? s : null;
+      return s && X(s) ? s : null;
     }
   };
 }
-function x(e, t) {
+function ee(e, t) {
   return Ae(e, t);
 }
-function Ie(e) {
+function Re(e) {
   return async (t, n) => {
     const r = t.var.user;
     return (r == null ? void 0 : r.tenant_id) === e && r.org_name && t.set("tenant_id", r.org_name), n();
   };
 }
-function Re(e) {
+function ze(e) {
   return async (t, n) => {
     if (!e.accessControl)
       return n();
     const { controlPlaneTenantId: r } = e.accessControl, a = t.var.org_name, s = t.var.organization_id, i = a || s;
     let c = t.var.tenant_id;
-    const u = t.var.user, l = (u != null && u.aud ? Array.isArray(u.aud) ? u.aud : [u.aud] : []).includes(X);
+    const u = t.var.user, l = (u != null && u.aud ? Array.isArray(u.aud) ? u.aud : [u.aud] : []).includes(Y);
     if (!c && i && l && (t.set("tenant_id", i), c = i), !c)
-      throw new A(400, {
+      throw new P(400, {
         message: "Tenant ID not found in request"
       });
-    if (!fe(
+    if (!me(
       s,
       c,
       r,
       a
     ))
-      throw new A(403, {
+      throw new P(403, {
         message: `Access denied to tenant ${c}`
       });
     return n();
   };
 }
-function ze(e) {
+function $e(e) {
   return async (t, n) => {
     if (!e.subdomainRouting)
       return n();
@@ -1132,19 +1130,19 @@ function ze(e) {
       } catch {
       }
     if (!u)
-      throw new A(404, {
+      throw new P(404, {
         message: `Tenant not found for subdomain: ${c}`
       });
     return t.set("tenant_id", u), n();
   };
 }
-function $e(e) {
+function je(e) {
   return async (t, n) => {
     if (!e.databaseIsolation)
       return n();
     const r = t.var.tenant_id;
     if (!r)
-      throw new A(400, {
+      throw new P(400, {
         message: "Tenant ID not found in request"
       });
     try {
@@ -1154,21 +1152,21 @@ function $e(e) {
       throw console.error(
         `Failed to resolve database for tenant ${r}:`,
         a
-      ), new A(500, {
+      ), new P(500, {
         message: "Failed to resolve tenant database"
       });
     }
     return n();
   };
 }
-function ee(e) {
-  const t = ze(e), n = Re(e), r = $e(e);
+function te(e) {
+  const t = $e(e), n = ze(e), r = je(e);
   return async (a, s) => (await t(a, async () => {
   }), await n(a, async () => {
   }), await r(a, async () => {
   }), s());
 }
-function ke(e) {
+function qe(e) {
   const {
     dataAdapter: t,
     controlPlane: n,
@@ -1185,12 +1183,12 @@ function ke(e) {
     getAdapters: g,
     ...d
   } = e;
-  let f = t, m = t;
-  n && (f = x(t, {
+  let m = t, f = t;
+  n && (m = ee(t, {
     controlPlaneTenantId: r,
     controlPlaneClientId: a
-  }), m = {
-    ...Pe(t, {
+  }), f = {
+    ...Se(t, {
       controlPlaneTenantId: r
     }),
     multiTenancyConfig: {
@@ -1198,35 +1196,35 @@ function ke(e) {
       controlPlaneClientId: a
     }
   });
-  const w = s !== !1, C = w ? {
+  const w = s !== !1, T = w ? {
     resourceServers: s.resourceServers ?? !0,
     roles: s.roles ?? !0
   } : { resourceServers: !1, roles: !1 }, b = {
     controlPlaneTenantId: r,
     getChildTenantIds: l ?? (async () => (await D(
-      (v) => f.tenants.list(v),
+      (v) => m.tenants.list(v),
       "tenants",
       { cursorField: "id", pageSize: 100 }
     )).filter((v) => v.id !== r).map((v) => v.id)),
-    getAdapters: g ?? (async () => f),
-    getControlPlaneAdapters: async () => f,
-    sync: C
-  }, { entityHooks: P, tenantHooks: h } = ye(b), T = {
+    getAdapters: g ?? (async () => m),
+    getControlPlaneAdapters: async () => m,
+    sync: T
+  }, { entityHooks: I, tenantHooks: h } = ve(b), C = {
     resourceServers: [
-      P.resourceServers,
+      I.resourceServers,
       ...(o == null ? void 0 : o.resourceServers) ?? []
     ],
-    roles: [P.roles, ...(o == null ? void 0 : o.roles) ?? []],
+    roles: [I.roles, ...(o == null ? void 0 : o.roles) ?? []],
     connections: (o == null ? void 0 : o.connections) ?? [],
     tenants: (o == null ? void 0 : o.tenants) ?? [],
     rolePermissions: (o == null ? void 0 : o.rolePermissions) ?? []
-  }, p = Y({
+  }, p = Z({
     accessControl: {
       controlPlaneTenantId: r,
       requireOrganizationMatch: c,
       defaultPermissions: i
     }
-  }), j = N(
+  }), $ = N(
     {
       accessControl: {
         controlPlaneTenantId: r,
@@ -1239,35 +1237,35 @@ function ke(e) {
         return p.beforeCreate && (v = await p.beforeCreate(S, v)), h.beforeCreate && (v = await h.beforeCreate(S, v)), v;
       },
       async afterCreate(S, v) {
-        var $, R;
-        await (($ = p.afterCreate) == null ? void 0 : $.call(p, S, v)), await ((R = h.afterCreate) == null ? void 0 : R.call(h, S, v));
+        var j, z;
+        await ((j = p.afterCreate) == null ? void 0 : j.call(p, S, v)), await ((z = h.afterCreate) == null ? void 0 : z.call(h, S, v));
       },
       async beforeDelete(S, v) {
-        var $, R;
-        await (($ = p.beforeDelete) == null ? void 0 : $.call(p, S, v)), await ((R = h.beforeDelete) == null ? void 0 : R.call(h, S, v));
+        var j, z;
+        await ((j = p.beforeDelete) == null ? void 0 : j.call(p, S, v)), await ((z = h.beforeDelete) == null ? void 0 : z.call(h, S, v));
       }
     } }
-  ), { app: F } = le({
-    dataAdapter: f,
-    managementDataAdapter: m,
+  ), { app: R } = ue({
+    dataAdapter: m,
+    managementDataAdapter: f,
     ...d,
-    entityHooks: T,
+    entityHooks: C,
     managementApiExtensions: [
       ...u,
-      { path: "/tenants", router: j }
+      { path: "/tenants", router: $ }
     ]
   });
-  return F.use(
+  return R.use(
     "/api/v2/*",
-    Ie(r)
-  ), w && F.use("/api/v2/*", Te()), { app: F, controlPlaneTenantId: r };
+    Re(r)
+  ), w && R.use("/api/v2/*", be()), { app: R, controlPlaneTenantId: r };
 }
-function Oe(e) {
-  const t = B(e);
+function Ee(e) {
+  const t = U(e);
   return {
     name: "multi-tenancy",
     // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
-    middleware: ee(e),
+    middleware: te(e),
     // Provide lifecycle hooks
     hooks: t,
     // Mount tenant management routes
@@ -1287,23 +1285,23 @@ function Oe(e) {
     }
   };
 }
-function B(e) {
-  const t = e.accessControl ? de(e.accessControl) : {}, n = e.databaseIsolation ? me(e.databaseIsolation) : {}, r = Y(e);
+function U(e) {
+  const t = e.accessControl ? fe(e.accessControl) : {}, n = e.databaseIsolation ? ge(e.databaseIsolation) : {}, r = Z(e);
   return {
     ...t,
     ...n,
     tenants: r
   };
 }
-function je(e) {
-  const t = new re(), n = B(e);
+function Fe(e) {
+  const t = new ae(), n = U(e);
   return t.route("/tenants", N(e, n)), t;
 }
-function Ee(e) {
+function Be(e) {
   return {
-    hooks: B(e),
-    middleware: ee(e),
-    app: je(e),
+    hooks: U(e),
+    middleware: te(e),
+    app: Fe(e),
     config: e,
     /**
      * Wraps data adapters with runtime fallback from the control plane.
@@ -1315,7 +1313,7 @@ function Ee(e) {
      */
     wrapAdapters: (t, n) => {
       var r;
-      return x(t, {
+      return ee(t, {
         controlPlaneTenantId: (r = e.accessControl) == null ? void 0 : r.controlPlaneTenantId,
         controlPlaneClientId: n == null ? void 0 : n.controlPlaneClientId
       });
@@ -1323,24 +1321,24 @@ function Ee(e) {
   };
 }
 export {
-  de as createAccessControlHooks,
-  Re as createAccessControlMiddleware,
-  Ie as createControlPlaneTenantMiddleware,
-  me as createDatabaseHooks,
-  $e as createDatabaseMiddleware,
-  je as createMultiTenancy,
-  B as createMultiTenancyHooks,
-  ee as createMultiTenancyMiddleware,
-  Oe as createMultiTenancyPlugin,
-  Te as createProtectSyncedMiddleware,
-  Y as createProvisioningHooks,
+  fe as createAccessControlHooks,
+  ze as createAccessControlMiddleware,
+  Re as createControlPlaneTenantMiddleware,
+  ge as createDatabaseHooks,
+  je as createDatabaseMiddleware,
+  Fe as createMultiTenancy,
+  U as createMultiTenancyHooks,
+  te as createMultiTenancyMiddleware,
+  Ee as createMultiTenancyPlugin,
+  be as createProtectSyncedMiddleware,
+  Z as createProvisioningHooks,
   Ae as createRuntimeFallbackAdapter,
-  ze as createSubdomainMiddleware,
-  ye as createSyncHooks,
+  $e as createSubdomainMiddleware,
+  ve as createSyncHooks,
   N as createTenantsOpenAPIRouter,
-  ke as initMultiTenant,
-  Ee as setupMultiTenancy,
-  fe as validateTenantAccess,
-  x as withRuntimeFallback,
-  Pe as withSystemResourceServerInheritance
+  qe as initMultiTenant,
+  Be as setupMultiTenancy,
+  me as validateTenantAccess,
+  ee as withRuntimeFallback,
+  Se as withSystemResourceServerInheritance
 };