npm - @authhero/multi-tenancy - Versions diffs - 14.20.1 → 14.20.3 - Mend

@authhero/multi-tenancy 14.20.1 → 14.20.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/multi-tenancy.cjs +1 -1
package/dist/multi-tenancy.mjs +459 -457
package/dist/types/middleware/settings-inheritance.d.ts.map +1 -1
package/dist/types/routes/tenants.d.ts.map +1 -1
package/package.json +4 -4

package/dist/multi-tenancy.mjs CHANGED Viewed

@@ -1,30 +1,30 @@
-var te = Object.defineProperty;
-var ne = (e, t, n) => t in e ? te(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
-var O = (e, t, n) => ne(e, typeof t != "symbol" ? t + "" : t, n);
-import { Hono as re } from "hono";
-import { MANAGEMENT_API_SCOPES as ae, MANAGEMENT_API_AUDIENCE as X, fetchAll as D, auth0QuerySchema as se, tenantSchema as q, tenantInsertSchema as U, deepMergePatch as oe, connectionSchema as ie, connectionOptionsSchema as ce, init as le } from "authhero";
-import { OpenAPIHono as ue, createRoute as M, z as I } from "@hono/zod-openapi";
-function de(e) {
+var ne = Object.defineProperty;
+var re = (e, t, n) => t in e ? ne(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
+var E = (e, t, n) => re(e, typeof t != "symbol" ? t + "" : t, n);
+import { Hono as se } from "hono";
+import { MANAGEMENT_API_SCOPES as ae, MANAGEMENT_API_AUDIENCE as Y, fetchAll as D, auth0QuerySchema as oe, tenantSchema as O, tenantInsertSchema as G, deepMergePatch as ie, connectionSchema as ce, connectionOptionsSchema as le, init as ue } from "authhero";
+import { OpenAPIHono as de, createRoute as M, z as S } from "@hono/zod-openapi";
+function fe(e) {
   const { controlPlaneTenantId: t, requireOrganizationMatch: n = !0 } = e;
   return {
-    async onTenantAccessValidation(r, a) {
-      if (a === t)
+    async onTenantAccessValidation(r, s) {
+      if (s === t)
         return !0;
       if (n) {
-        const s = r.var.org_name, i = r.var.organization_id, c = s || i;
-        return c ? c.toLowerCase() === a.toLowerCase() : !1;
+        const o = r.var.org_name, i = r.var.organization_id, c = o || i;
+        return c ? c.toLowerCase() === s.toLowerCase() : !1;
       }
       return !0;
     }
   };
 }
-function fe(e, t, n, r) {
+function me(e, t, n, r) {
   if (t === n)
     return !0;
-  const a = r || e;
-  return a ? a.toLowerCase() === t.toLowerCase() : !1;
+  const s = r || e;
+  return s ? s.toLowerCase() === t.toLowerCase() : !1;
 }
-function me(e) {
+function ge(e) {
   return {
     async resolveDataAdapters(t) {
       try {
@@ -39,23 +39,23 @@ function me(e) {
     }
   };
 }
-function ge(e) {
+function we(e) {
   return `urn:authhero:tenant:${e.toLowerCase()}`;
 }
-function Y(e) {
+function Z(e) {
   return {
     async beforeCreate(t, n) {
       return !n.audience && n.id ? {
         ...n,
-        audience: ge(n.id)
+        audience: we(n.id)
       } : n;
     },
     async afterCreate(t, n) {
-      const { accessControl: r, databaseIsolation: a } = e;
-      r && t.ctx && await we(t, n, r), a != null && a.onProvision && await a.onProvision(n.id);
+      const { accessControl: r, databaseIsolation: s } = e;
+      r && t.ctx && await he(t, n, r), s != null && s.onProvision && await s.onProvision(n.id);
     },
     async beforeDelete(t, n) {
-      const { accessControl: r, databaseIsolation: a } = e;
+      const { accessControl: r, databaseIsolation: s } = e;
       if (r)
         try {
           const i = (await t.adapters.organizations.list(
@@ -65,34 +65,34 @@ function Y(e) {
             r.controlPlaneTenantId,
             i.id
           );
-        } catch (s) {
+        } catch (o) {
           console.warn(
             `Failed to remove organization for tenant ${n}:`,
-            s
+            o
           );
         }
-      if (a != null && a.onDeprovision)
+      if (s != null && s.onDeprovision)
         try {
-          await a.onDeprovision(n);
-        } catch (s) {
+          await s.onDeprovision(n);
+        } catch (o) {
           console.warn(
             `Failed to deprovision database for tenant ${n}:`,
-            s
+            o
           );
         }
     }
   };
 }
-async function we(e, t, n) {
+async function he(e, t, n) {
   const {
     controlPlaneTenantId: r,
-    defaultPermissions: a,
-    defaultRoles: s,
+    defaultPermissions: s,
+    defaultRoles: o,
     issuer: i,
     adminRoleName: c = "Tenant Admin",
-    adminRoleDescription: u = "Full access to all tenant management operations",
-    addCreatorToOrganization: o = !0
-  } = n, l = await e.adapters.organizations.create(
+    adminRoleDescription: l = "Full access to all tenant management operations",
+    addCreatorToOrganization: a = !0
+  } = n, u = await e.adapters.organizations.create(
     r,
     {
       name: t.id,
@@ -100,14 +100,14 @@ async function we(e, t, n) {
     }
   );
   let g;
-  if (i && (g = await pe(
+  if (i && (g = await ye(
     e,
     r,
     c,
-    u
-  )), o && e.ctx) {
+    l
+  )), a && e.ctx) {
     const d = e.ctx.var.user;
-    if (d != null && d.sub && !await he(
+    if (d != null && d.sub && !await pe(
       e,
       r,
       d.sub
@@ -115,28 +115,28 @@ async function we(e, t, n) {
       try {
         await e.adapters.userOrganizations.create(r, {
           user_id: d.sub,
-          organization_id: l.id
+          organization_id: u.id
         }), g && await e.adapters.userRoles.create(
           r,
           d.sub,
           g,
-          l.id
+          u.id
           // organizationId
         );
-      } catch (m) {
+      } catch (f) {
         console.warn(
-          `Failed to add creator ${d.sub} to organization ${l.id}:`,
-          m
+          `Failed to add creator ${d.sub} to organization ${u.id}:`,
+          f
         );
       }
   }
-  s && s.length > 0 && console.log(
-    `Would assign roles ${s.join(", ")} to organization ${l.id}`
-  ), a && a.length > 0 && console.log(
-    `Would grant permissions ${a.join(", ")} to organization ${l.id}`
+  o && o.length > 0 && console.log(
+    `Would assign roles ${o.join(", ")} to organization ${u.id}`
+  ), s && s.length > 0 && console.log(
+    `Would grant permissions ${s.join(", ")} to organization ${u.id}`
   );
 }
-async function he(e, t, n) {
+async function pe(e, t, n) {
   const r = await e.adapters.userRoles.list(
     t,
     n,
@@ -144,10 +144,10 @@ async function he(e, t, n) {
     ""
     // Empty string for global roles
   );
-  for (const a of r)
+  for (const s of r)
     if ((await e.adapters.rolePermissions.list(
       t,
-      a.id,
+      s.id,
       { per_page: 1e3 }
     )).some(
       (c) => c.permission_name === "admin:organizations"
@@ -155,127 +155,127 @@ async function he(e, t, n) {
       return !0;
   return !1;
 }
-async function pe(e, t, n, r) {
-  const s = (await e.adapters.roles.list(t, {})).roles.find((o) => o.name === n);
-  if (s)
-    return s.id;
+async function ye(e, t, n, r) {
+  const o = (await e.adapters.roles.list(t, {})).roles.find((a) => a.name === n);
+  if (o)
+    return o.id;
   const i = await e.adapters.roles.create(t, {
     name: n,
     description: r
-  }), c = X, u = ae.map((o) => ({
+  }), c = Y, l = ae.map((a) => ({
     role_id: i.id,
     resource_server_identifier: c,
-    permission_name: o.value
+    permission_name: a.value
   }));
   return await e.adapters.rolePermissions.assign(
     t,
     i.id,
-    u
+    l
   ), i.id;
 }
-function G(e, t, n = () => !0) {
-  const { controlPlaneTenantId: r, getChildTenantIds: a, getAdapters: s } = e, i = /* @__PURE__ */ new Map();
-  async function c(l, g, d) {
-    return (await t(l).list(g, {
+function H(e, t, n = () => !0) {
+  const { controlPlaneTenantId: r, getChildTenantIds: s, getAdapters: o } = e, i = /* @__PURE__ */ new Map();
+  async function c(u, g, d) {
+    return (await t(u).list(g, {
       q: `name:${d}`,
       per_page: 1
     }))[0] ?? null;
   }
-  async function u(l) {
-    const g = await a(), d = t(await s(r));
+  async function l(u) {
+    const g = await s(), d = t(await o(r));
     await Promise.all(
-      g.map(async (f) => {
+      g.map(async (m) => {
         try {
-          const m = await s(f), w = t(m), y = {
-            ...d.transform(l),
+          const f = await o(m), w = t(f), y = {
+            ...d.transform(u),
             is_system: !0
-          }, _ = await c(m, f, l.name), b = _ ? w.getId(_) : void 0;
-          if (_ && b) {
-            const P = w.preserveOnUpdate ? w.preserveOnUpdate(_, y) : y;
-            await w.update(f, b, P);
+          }, _ = await c(f, m, u.name), P = _ ? w.getId(_) : void 0;
+          if (_ && P) {
+            const I = w.preserveOnUpdate ? w.preserveOnUpdate(_, y) : y;
+            await w.update(m, P, I);
           } else
-            await w.create(f, y);
-        } catch (m) {
+            await w.create(m, y);
+        } catch (f) {
           console.error(
-            `Failed to sync ${d.listKey} "${l.name}" to tenant "${f}":`,
-            m
+            `Failed to sync ${d.listKey} "${u.name}" to tenant "${m}":`,
+            f
           );
         }
       })
     );
   }
-  async function o(l) {
-    const g = await a();
+  async function a(u) {
+    const g = await s();
     await Promise.all(
       g.map(async (d) => {
         try {
-          const f = await s(d), m = t(f), w = await c(f, d, l), C = w ? m.getId(w) : void 0;
-          w && C && await m.remove(d, C);
-        } catch (f) {
+          const m = await o(d), f = t(m), w = await c(m, d, u), T = w ? f.getId(w) : void 0;
+          w && T && await f.remove(d, T);
+        } catch (m) {
           console.error(
-            `Failed to delete entity "${l}" from tenant "${d}":`,
-            f
+            `Failed to delete entity "${u}" from tenant "${d}":`,
+            m
           );
         }
       })
     );
   }
   return {
-    afterCreate: async (l, g) => {
-      l.tenantId === r && n(g) && await u(g);
+    afterCreate: async (u, g) => {
+      u.tenantId === r && n(g) && await l(g);
     },
-    afterUpdate: async (l, g, d) => {
-      l.tenantId === r && n(d) && await u(d);
+    afterUpdate: async (u, g, d) => {
+      u.tenantId === r && n(d) && await l(d);
     },
-    beforeDelete: async (l, g) => {
-      if (l.tenantId !== r) return;
-      const f = await t(l.adapters).get(l.tenantId, g);
-      f && n(f) && i.set(g, f);
+    beforeDelete: async (u, g) => {
+      if (u.tenantId !== r) return;
+      const m = await t(u.adapters).get(u.tenantId, g);
+      m && n(m) && i.set(g, m);
     },
-    afterDelete: async (l, g) => {
-      if (l.tenantId !== r) return;
+    afterDelete: async (u, g) => {
+      if (u.tenantId !== r) return;
       const d = i.get(g);
-      d && (i.delete(g), await o(d.name));
+      d && (i.delete(g), await a(d.name));
     }
   };
 }
-function H(e, t, n = () => !0) {
-  const { controlPlaneTenantId: r, getControlPlaneAdapters: a, getAdapters: s } = e;
+function W(e, t, n = () => !0) {
+  const { controlPlaneTenantId: r, getControlPlaneAdapters: s, getAdapters: o } = e;
   return {
     async afterCreate(i, c) {
       if (c.id !== r)
         try {
-          const u = await a(), o = await s(c.id), l = t(u), g = t(o), d = await D(
-            (f) => l.listPaginated(r, f),
-            l.listKey,
+          const l = await s(), a = await o(c.id), u = t(l), g = t(a), d = await D(
+            (m) => u.listPaginated(r, m),
+            u.listKey,
             { cursorField: "id", pageSize: 100 }
           );
           await Promise.all(
-            d.filter((f) => n(f)).map(async (f) => {
+            d.filter((m) => n(m)).map(async (m) => {
               try {
-                const m = l.transform(f);
+                const f = u.transform(m);
                 await g.create(c.id, {
-                  ...m,
+                  ...f,
                   is_system: !0
                 });
-              } catch (m) {
+              } catch (f) {
                 console.error(
                   `Failed to sync entity to new tenant "${c.id}":`,
-                  m
+                  f
                 );
               }
             })
           );
-        } catch (u) {
+        } catch (l) {
           console.error(
             `Failed to sync entities to new tenant "${c.id}":`,
-            u
+            l
           );
         }
     }
   };
 }
-const W = (e) => ({
+const L = (e) => ({
   list: async (t, n) => (await e.resourceServers.list(t, n)).resource_servers,
   listPaginated: (t, n) => e.resourceServers.list(t, n),
   get: (t, n) => e.resourceServers.get(t, n),
@@ -293,7 +293,7 @@ const W = (e) => ({
     token_lifetime: t.token_lifetime,
     token_lifetime_for_web: t.token_lifetime_for_web
   })
-}), L = (e) => ({
+}), K = (e) => ({
   list: async (t, n) => (await e.roles.list(t, n)).roles,
   listPaginated: (t, n) => e.roles.list(t, n),
   get: (t, n) => e.roles.get(t, n),
@@ -308,58 +308,58 @@ const W = (e) => ({
     description: t.description
   })
 });
-function K(e) {
+function Q(e) {
   var t;
   return ((t = e.metadata) == null ? void 0 : t.sync) !== !1;
 }
-function ye(e) {
-  const { sync: t = {}, filters: n = {} } = e, r = t.resourceServers ?? !0, a = t.roles ?? !0, s = (m) => K(m) ? n.resourceServers ? n.resourceServers(m) : !0 : !1, i = (m) => K(m) ? n.roles ? n.roles(m) : !0 : !1, c = r ? G(
-    e,
-    W,
-    s
-  ) : void 0, u = a ? G(e, L, i) : void 0, o = r ? H(
+function ve(e) {
+  const { sync: t = {}, filters: n = {} } = e, r = t.resourceServers ?? !0, s = t.roles ?? !0, o = (f) => Q(f) ? n.resourceServers ? n.resourceServers(f) : !0 : !1, i = (f) => Q(f) ? n.roles ? n.roles(f) : !0 : !1, c = r ? H(
     e,
-    W,
-    s
-  ) : void 0, l = a ? H(
+    L,
+    o
+  ) : void 0, l = s ? H(e, K, i) : void 0, a = r ? W(
     e,
     L,
+    o
+  ) : void 0, u = s ? W(
+    e,
+    K,
     i
-  ) : void 0, g = a ? {
-    async afterCreate(m, w) {
-      var C;
+  ) : void 0, g = s ? {
+    async afterCreate(f, w) {
+      var T;
       if (w.id !== e.controlPlaneTenantId) {
-        await ((C = l == null ? void 0 : l.afterCreate) == null ? void 0 : C.call(l, m, w));
+        await ((T = u == null ? void 0 : u.afterCreate) == null ? void 0 : T.call(u, f, w));
         try {
-          const y = await e.getControlPlaneAdapters(), _ = await e.getAdapters(w.id), b = await D(
+          const y = await e.getControlPlaneAdapters(), _ = await e.getAdapters(w.id), P = await D(
             (h) => y.roles.list(
               e.controlPlaneTenantId,
               h
             ),
             "roles",
             { cursorField: "id", pageSize: 100 }
-          ), P = /* @__PURE__ */ new Map();
-          for (const h of b.filter(
-            (T) => {
+          ), I = /* @__PURE__ */ new Map();
+          for (const h of P.filter(
+            (C) => {
               var p;
-              return ((p = n.roles) == null ? void 0 : p.call(n, T)) ?? !0;
+              return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
             }
           )) {
-            const T = await d(
+            const C = await d(
               _,
               w.id,
               h.name
             );
-            T && P.set(h.name, T.id);
+            C && I.set(h.name, C.id);
           }
-          for (const h of b.filter(
-            (T) => {
+          for (const h of P.filter(
+            (C) => {
               var p;
-              return ((p = n.roles) == null ? void 0 : p.call(n, T)) ?? !0;
+              return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
             }
           )) {
-            const T = P.get(h.name);
-            if (T)
+            const C = I.get(h.name);
+            if (C)
               try {
                 const p = await y.rolePermissions.list(
                   e.controlPlaneTenantId,
@@ -368,11 +368,11 @@ function ye(e) {
                 );
                 p.length > 0 && await _.rolePermissions.assign(
                   w.id,
-                  T,
-                  p.map((z) => ({
-                    role_id: T,
-                    resource_server_identifier: z.resource_server_identifier,
-                    permission_name: z.permission_name
+                  C,
+                  p.map((F) => ({
+                    role_id: C,
+                    resource_server_identifier: F.resource_server_identifier,
+                    permission_name: F.permission_name
                   }))
                 );
               } catch (p) {
@@ -391,29 +391,29 @@ function ye(e) {
       }
     }
   } : void 0;
-  async function d(m, w, C) {
-    return (await m.roles.list(w, {
-      q: `name:${C}`,
+  async function d(f, w, T) {
+    return (await f.roles.list(w, {
+      q: `name:${T}`,
       per_page: 1
     })).roles[0] ?? null;
   }
   return {
     entityHooks: {
       resourceServers: c,
-      roles: u
+      roles: l
     },
     tenantHooks: {
-      async afterCreate(m, w) {
-        const C = [
-          o == null ? void 0 : o.afterCreate,
-          (g == null ? void 0 : g.afterCreate) ?? (l == null ? void 0 : l.afterCreate)
+      async afterCreate(f, w) {
+        const T = [
+          a == null ? void 0 : a.afterCreate,
+          (g == null ? void 0 : g.afterCreate) ?? (u == null ? void 0 : u.afterCreate)
         ], y = [];
-        for (const _ of C)
+        for (const _ of T)
           if (_)
             try {
-              await _(m, w);
-            } catch (b) {
-              y.push(b instanceof Error ? b : new Error(String(b)));
+              await _(f, w);
+            } catch (P) {
+              y.push(P instanceof Error ? P : new Error(String(P)));
             }
         if (y.length === 1) throw y[0];
         if (y.length > 1)
@@ -425,7 +425,7 @@ function ye(e) {
     }
   };
 }
-var A = class extends Error {
+var b = class extends Error {
   /**
    * Creates an instance of `HTTPException`.
    * @param status - HTTP status code for the exception. Defaults to 500.
@@ -433,8 +433,8 @@ var A = class extends Error {
    */
   constructor(t = 500, n) {
     super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
-    O(this, "res");
-    O(this, "status");
+    E(this, "res");
+    E(this, "status");
     this.res = n == null ? void 0 : n.res, this.status = t;
   }
   /**
@@ -452,14 +452,14 @@ var A = class extends Error {
   }
 };
 function N(e, t) {
-  const n = new ue();
+  const n = new de();
   return n.openapi(
     M({
       tags: ["tenants"],
       method: "get",
       path: "/",
       request: {
-        query: se
+        query: oe
       },
       security: [
         {
@@ -470,11 +470,11 @@ function N(e, t) {
         200: {
           content: {
             "application/json": {
-              schema: I.object({
-                tenants: I.array(q),
-                start: I.number().optional(),
-                limit: I.number().optional(),
-                length: I.number().optional()
+              schema: S.object({
+                tenants: S.array(O),
+                start: S.number().optional(),
+                limit: S.number().optional(),
+                length: S.number().optional()
               })
             }
           },
@@ -483,70 +483,74 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      var m, w, C, y, _, b;
-      const a = r.req.valid("query"), { page: s, per_page: i, include_totals: c, q: u } = a, o = r.var.user, l = (o == null ? void 0 : o.permissions) || [];
-      if (l.includes("auth:read") || l.includes("admin:organizations")) {
-        const P = await r.env.data.tenants.list({
-          page: s,
+      var w, T, y, _, P, I;
+      const s = r.req.valid("query"), { page: o, per_page: i, include_totals: c, q: l } = s, a = r.var.user, u = (a == null ? void 0 : a.permissions) || [];
+      if (!!!((a == null ? void 0 : a.org_id) ?? r.var.organization_id) && u.includes("admin:organizations")) {
+        const h = await r.env.data.tenants.list({
+          page: o,
           per_page: i,
           include_totals: c,
-          q: u
+          q: l
         });
         return c ? r.json({
-          tenants: P.tenants,
-          start: ((m = P.totals) == null ? void 0 : m.start) ?? 0,
-          limit: ((w = P.totals) == null ? void 0 : w.limit) ?? i,
-          length: P.tenants.length
-        }) : r.json({ tenants: P.tenants });
+          tenants: h.tenants,
+          start: ((w = h.totals) == null ? void 0 : w.start) ?? 0,
+          limit: ((T = h.totals) == null ? void 0 : T.limit) ?? i,
+          length: h.tenants.length
+        }) : r.json({ tenants: h.tenants });
       }
-      const d = ((C = e.accessControl) == null ? void 0 : C.controlPlaneTenantId) ?? ((y = r.env.data.multiTenancyConfig) == null ? void 0 : y.controlPlaneTenantId);
-      if (d && (o != null && o.sub)) {
-        const h = (await D(
-          (R) => r.env.data.userOrganizations.listUserOrganizations(
-            d,
-            o.sub,
-            R
+      const m = ((y = e.accessControl) == null ? void 0 : y.controlPlaneTenantId) ?? ((_ = r.env.data.multiTenancyConfig) == null ? void 0 : _.controlPlaneTenantId);
+      if (m && !(a != null && a.sub))
+        throw new b(403, {
+          message: "Access denied: token has no subject"
+        });
+      if (m && (a != null && a.sub)) {
+        const C = (await D(
+          (k) => r.env.data.userOrganizations.listUserOrganizations(
+            m,
+            a.sub,
+            k
           ),
           "organizations"
-        )).map((R) => R.name);
-        if (h.length === 0)
+        )).map((k) => k.name);
+        if (C.length === 0)
           return c ? r.json({
             tenants: [],
             start: 0,
             limit: i ?? 50,
             length: 0
           }) : r.json({ tenants: [] });
-        const T = h.length, p = s ?? 0, z = i ?? 50, j = p * z, F = h.slice(j, j + z);
-        if (F.length === 0)
+        const p = C.length, F = o ?? 0, $ = i ?? 50, R = F * $, A = C.slice(R, R + $);
+        if (A.length === 0)
           return c ? r.json({
             tenants: [],
-            start: j,
-            limit: z,
-            length: T
+            start: R,
+            limit: $,
+            length: p
           }) : r.json({ tenants: [] });
-        const S = F.map((R) => `id:${R}`).join(" OR "), v = u ? `(${S}) AND (${u})` : S, $ = await r.env.data.tenants.list({
-          q: v,
-          per_page: z,
+        const v = A.map((k) => `id:${k}`).join(" OR "), j = l ? `(${v}) AND (${l})` : v, z = await r.env.data.tenants.list({
+          q: j,
+          per_page: $,
           include_totals: !1
           // We calculate totals from accessibleTenantIds
         });
         return c ? r.json({
-          tenants: $.tenants,
-          start: j,
-          limit: z,
-          length: T
-        }) : r.json({ tenants: $.tenants });
+          tenants: z.tenants,
+          start: R,
+          limit: $,
+          length: p
+        }) : r.json({ tenants: z.tenants });
       }
       const f = await r.env.data.tenants.list({
-        page: s,
+        page: o,
         per_page: i,
         include_totals: c,
-        q: u
+        q: l
       });
       return c ? r.json({
         tenants: f.tenants,
-        start: ((_ = f.totals) == null ? void 0 : _.start) ?? 0,
-        limit: ((b = f.totals) == null ? void 0 : b.limit) ?? i,
+        start: ((P = f.totals) == null ? void 0 : P.start) ?? 0,
+        limit: ((I = f.totals) == null ? void 0 : I.limit) ?? i,
         length: f.tenants.length
       }) : r.json({ tenants: f.tenants });
     }
@@ -559,7 +563,7 @@ function N(e, t) {
         body: {
           content: {
             "application/json": {
-              schema: U
+              schema: G
             }
           }
         }
@@ -573,7 +577,7 @@ function N(e, t) {
         201: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Tenant created"
@@ -587,20 +591,20 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      var u, o;
-      const a = r.var.user;
-      if (!(a != null && a.sub))
-        throw new A(401, {
+      var l, a;
+      const s = r.var.user;
+      if (!(s != null && s.sub))
+        throw new b(401, {
           message: "Authentication required to create tenants"
         });
-      let s = r.req.valid("json");
+      let o = r.req.valid("json");
       const i = {
         adapters: r.env.data,
         ctx: r
       };
-      (u = t.tenants) != null && u.beforeCreate && (s = await t.tenants.beforeCreate(i, s));
-      const c = await r.env.data.tenants.create(s);
-      return (o = t.tenants) != null && o.afterCreate && await t.tenants.afterCreate(i, c), r.json(c, 201);
+      (l = t.tenants) != null && l.beforeCreate && (o = await t.tenants.beforeCreate(i, o));
+      const c = await r.env.data.tenants.create(o);
+      return (a = t.tenants) != null && a.afterCreate && await t.tenants.afterCreate(i, c), r.json(c, 201);
     }
   ), n.openapi(
     M({
@@ -608,8 +612,8 @@ function N(e, t) {
       method: "delete",
       path: "/{id}",
       request: {
-        params: I.object({
-          id: I.string()
+        params: S.object({
+          id: S.string()
         })
       },
       security: [
@@ -630,39 +634,39 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      var u, o, l, g;
-      const { id: a } = r.req.valid("param"), s = ((u = e.accessControl) == null ? void 0 : u.controlPlaneTenantId) ?? ((o = r.env.data.multiTenancyConfig) == null ? void 0 : o.controlPlaneTenantId);
-      if (s) {
+      var l, a, u, g;
+      const { id: s } = r.req.valid("param"), o = ((l = e.accessControl) == null ? void 0 : l.controlPlaneTenantId) ?? ((a = r.env.data.multiTenancyConfig) == null ? void 0 : a.controlPlaneTenantId);
+      if (o) {
         const d = r.var.user;
         if (!(d != null && d.sub))
-          throw new A(401, {
+          throw new b(401, {
             message: "Authentication required"
           });
-        if (a === s)
-          throw new A(403, {
+        if (s === o)
+          throw new b(403, {
             message: "Cannot delete the control plane"
           });
         if (!(await D(
           (w) => r.env.data.userOrganizations.listUserOrganizations(
-            s,
+            o,
             d.sub,
             w
           ),
           "organizations"
-        )).some((w) => w.name === a))
-          throw new A(403, {
+        )).some((w) => w.name === s))
+          throw new b(403, {
             message: "Access denied to this tenant"
           });
       }
-      if (!await r.env.data.tenants.get(a))
-        throw new A(404, {
+      if (!await r.env.data.tenants.get(s))
+        throw new b(404, {
           message: "Tenant not found"
         });
       const c = {
         adapters: r.env.data,
         ctx: r
       };
-      return (l = t.tenants) != null && l.beforeDelete && await t.tenants.beforeDelete(c, a), await r.env.data.tenants.remove(a), (g = t.tenants) != null && g.afterDelete && await t.tenants.afterDelete(c, a), r.body(null, 204);
+      return (u = t.tenants) != null && u.beforeDelete && await t.tenants.beforeDelete(c, s), await r.env.data.tenants.remove(s), (g = t.tenants) != null && g.afterDelete && await t.tenants.afterDelete(c, s), r.body(null, 204);
     }
   ), n.openapi(
     M({
@@ -670,8 +674,8 @@ function N(e, t) {
       method: "get",
       path: "/settings",
       request: {
-        headers: I.object({
-          "tenant-id": I.string().optional()
+        headers: S.object({
+          "tenant-id": S.string().optional()
         })
       },
       security: [
@@ -683,7 +687,7 @@ function N(e, t) {
         200: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Current tenant settings"
@@ -691,12 +695,12 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      const a = await r.env.data.tenants.get(r.var.tenant_id);
-      if (!a)
-        throw new A(404, {
+      const s = await r.env.data.tenants.get(r.var.tenant_id);
+      if (!s)
+        throw new b(404, {
           message: "Tenant not found"
         });
-      return r.json(a);
+      return r.json(s);
     }
   ), n.openapi(
     M({
@@ -704,13 +708,13 @@ function N(e, t) {
       method: "patch",
       path: "/settings",
       request: {
-        headers: I.object({
-          "tenant-id": I.string().optional()
+        headers: S.object({
+          "tenant-id": S.string().optional()
         }),
         body: {
           content: {
             "application/json": {
-              schema: I.object(U.shape).partial()
+              schema: S.object(G.shape).partial()
             }
           }
         }
@@ -724,7 +728,7 @@ function N(e, t) {
         200: {
           content: {
             "application/json": {
-              schema: q
+              schema: O
             }
           },
           description: "Updated tenant settings"
@@ -732,23 +736,23 @@ function N(e, t) {
       }
     }),
     async (r) => {
-      const a = r.req.valid("json"), { id: s, ...i } = a, c = await r.env.data.tenants.get(r.var.tenant_id);
+      const s = r.req.valid("json"), { id: o, ...i } = s, c = await r.env.data.tenants.get(r.var.tenant_id);
       if (!c)
-        throw new A(404, {
+        throw new b(404, {
           message: "Tenant not found"
         });
-      const u = oe(c, i);
-      await r.env.data.tenants.update(r.var.tenant_id, u);
-      const o = await r.env.data.tenants.get(r.var.tenant_id);
-      if (!o)
-        throw new A(500, {
+      const l = ie(c, i);
+      await r.env.data.tenants.update(r.var.tenant_id, l);
+      const a = await r.env.data.tenants.get(r.var.tenant_id);
+      if (!a)
+        throw new b(500, {
           message: "Failed to retrieve updated tenant"
         });
-      return r.json(o);
+      return r.json(a);
     }
   ), n;
 }
-function ve(e) {
+function _e(e) {
   const t = [
     {
       pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -758,13 +762,13 @@ function ve(e) {
     { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
   ];
   for (const { pattern: n, type: r } of t) {
-    const a = e.match(n);
-    if (a && a[1])
-      return { type: r, id: a[1] };
+    const s = e.match(n);
+    if (s && s[1])
+      return { type: r, id: s[1] };
   }
   return null;
 }
-async function _e(e, t, n) {
+async function Ce(e, t, n) {
   try {
     switch (n.type) {
       case "resource_server": {
@@ -786,50 +790,50 @@ async function _e(e, t, n) {
     return !1;
   }
 }
-function Ce(e) {
+function Te(e) {
   return {
     resource_server: "resource server",
     role: "role",
     connection: "connection"
   }[e];
 }
-function Te() {
+function be() {
   return async (e, t) => {
     if (!["PATCH", "PUT", "DELETE"].includes(e.req.method))
       return t();
-    const n = ve(e.req.path);
+    const n = _e(e.req.path);
     if (!n)
       return t();
     const r = e.var.tenant_id || e.req.header("x-tenant-id") || e.req.header("tenant-id");
     if (!r)
       return t();
-    if (await _e(e.env.data, r, n))
-      throw new A(403, {
-        message: `This ${Ce(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
+    if (await Ce(e.env.data, r, n))
+      throw new b(403, {
+        message: `This ${Te(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
       });
     return t();
   };
 }
-function E(e, t) {
+function B(e, t) {
   const n = t.find(
-    (a) => a.strategy === e.strategy
+    (s) => s.strategy === e.strategy
   );
   if (!(n != null && n.options))
     return e;
-  const r = ie.passthrough().parse({
+  const r = ce.passthrough().parse({
     ...n,
     ...e
   });
-  return r.options = ce.passthrough().parse({
+  return r.options = le.passthrough().parse({
     ...n.options || {},
     ...e.options
   }), r;
 }
-function k(e, t) {
+function q(e, t) {
   const n = [...t || [], ...e || []];
   return [...new Set(n)];
 }
-function be(e, t) {
+function Pe(e, t) {
   if (!(t != null && t.length))
     return e || [];
   if (!(e != null && e.length))
@@ -841,91 +845,91 @@ function be(e, t) {
     n.set(r.value, r);
   return Array.from(n.values());
 }
-function Q(e, t) {
+function V(e, t) {
   return t ? {
     ...e,
-    scopes: be(
+    scopes: Pe(
       e.scopes,
       t.scopes
     )
   } : e;
 }
-function V(e, t) {
+function J(e, t) {
   return t ? {
     ...e,
-    callbacks: k(e.callbacks, t.callbacks),
-    web_origins: k(
+    callbacks: q(e.callbacks, t.callbacks),
+    web_origins: q(
       e.web_origins,
       t.web_origins
     ),
-    allowed_logout_urls: k(
+    allowed_logout_urls: q(
       e.allowed_logout_urls,
       t.allowed_logout_urls
     ),
-    allowed_origins: k(
+    allowed_origins: q(
       e.allowed_origins,
       t.allowed_origins
     )
   } : e;
 }
-function Z(e, t) {
+function x(e, t) {
   return {
     ...e.resourceServers,
     get: async (n, r) => {
-      const a = await e.resourceServers.get(
+      const s = await e.resourceServers.get(
         n,
         r
       );
-      if (!a || !t || n === t || !a.is_system)
-        return a;
-      const s = await e.resourceServers.get(
+      if (!s || !t || n === t || !s.is_system)
+        return s;
+      const o = await e.resourceServers.get(
         t,
         r
       );
-      return Q(
-        a,
-        s
+      return V(
+        s,
+        o
       );
     },
     list: async (n, r) => {
-      const a = await e.resourceServers.list(n, r);
+      const s = await e.resourceServers.list(n, r);
       if (!t || n === t)
-        return a;
-      const s = t, i = a.resource_servers.filter(
-        (o) => !!(o.is_system && o.id)
-      ).map((o) => o.id);
+        return s;
+      const o = t, i = s.resource_servers.filter(
+        (a) => !!(a.is_system && a.id)
+      ).map((a) => a.id);
       if (i.length === 0)
-        return a;
+        return s;
       const c = /* @__PURE__ */ new Map();
       await Promise.all(
-        i.map(async (o) => {
-          const l = await e.resourceServers.get(s, o);
-          l && c.set(o, l);
+        i.map(async (a) => {
+          const u = await e.resourceServers.get(o, a);
+          u && c.set(a, u);
         })
       );
-      const u = a.resource_servers.map(
-        (o) => o.is_system && o.id ? Q(
-          o,
-          c.get(o.id) ?? null
-        ) : o
+      const l = s.resource_servers.map(
+        (a) => a.is_system && a.id ? V(
+          a,
+          c.get(a.id) ?? null
+        ) : a
       );
       return {
-        ...a,
-        resource_servers: u
+        ...s,
+        resource_servers: l
       };
     }
   };
 }
-function Pe(e, t) {
+function Ae(e, t) {
   return {
     ...e,
-    resourceServers: Z(
+    resourceServers: x(
       e,
       t.controlPlaneTenantId
     )
   };
 }
-function Ae(e, t) {
+function Se(e, t) {
   const { controlPlaneTenantId: n, controlPlaneClientId: r } = t;
   return {
     ...e,
@@ -936,48 +940,48 @@ function Ae(e, t) {
     },
     connections: {
       ...e.connections,
-      get: async (a, s) => {
+      get: async (s, o) => {
         const i = await e.connections.get(
-          a,
-          s
+          s,
+          o
         );
-        if (!i || !n || a === n)
+        if (!i || !n || s === n)
           return i;
         const c = await e.connections.list(n);
-        return E(
+        return B(
           i,
           c.connections || []
         );
       },
-      list: async (a, s) => {
-        const i = await e.connections.list(a, s);
-        if (!n || a === n)
+      list: async (s, o) => {
+        const i = await e.connections.list(s, o);
+        if (!n || s === n)
           return i;
-        const c = await e.connections.list(n), u = i.connections.map(
-          (o) => E(
-            o,
+        const c = await e.connections.list(n), l = i.connections.map(
+          (a) => B(
+            a,
             c.connections || []
           )
         );
         return {
           ...i,
-          connections: u
+          connections: l
         };
       }
     },
     clientConnections: {
       ...e.clientConnections,
-      listByClient: async (a, s) => {
+      listByClient: async (s, o) => {
         let i = await e.clientConnections.listByClient(
-          a,
-          s
+          s,
+          o
         );
-        if (i.length === 0 && (i = (await e.connections.list(a)).connections || []), !n || a === n)
+        if (i.length === 0 && (i = (await e.connections.list(s)).connections || []), !n || s === n)
           return i;
         const c = await e.connections.list(n);
         return i.map(
-          (u) => E(
-            u,
+          (l) => B(
+            l,
             c.connections || []
           )
         );
@@ -985,248 +989,246 @@ function Ae(e, t) {
     },
     clients: {
       ...e.clients,
-      get: async (a, s) => {
-        const i = await e.clients.get(a, s);
+      get: async (s, o) => {
+        const i = await e.clients.get(s, o);
         if (!i)
           return null;
-        if (!n || !r || a === n && s === r)
+        if (!n || !r || s === n && o === r)
           return i;
         const c = await e.clients.get(
           n,
           r
         );
-        return V(i, c);
+        return J(i, c);
       },
-      getByClientId: async (a) => {
-        const s = await e.clients.getByClientId(a);
-        if (!s)
+      getByClientId: async (s) => {
+        const o = await e.clients.getByClientId(s);
+        if (!o)
           return null;
-        if (!n || !r || s.tenant_id === n && s.client_id === r)
-          return s;
+        if (!n || !r || o.tenant_id === n && o.client_id === r)
+          return o;
         const i = await e.clients.get(
           n,
           r
         );
         return {
-          ...V(s, i),
-          tenant_id: s.tenant_id
+          ...J(o, i),
+          tenant_id: o.tenant_id
         };
       }
     },
     emailProviders: {
       ...e.emailProviders,
-      get: async (a) => {
-        const s = await e.emailProviders.get(a);
-        return s || (!n || a === n ? null : e.emailProviders.get(n));
+      get: async (s) => {
+        const o = await e.emailProviders.get(s);
+        return o || (!n || s === n ? null : e.emailProviders.get(n));
       }
     },
-    resourceServers: Z(
+    resourceServers: x(
       e,
       n
     ),
-    hooks: Se(e, n)
+    hooks: Ie(e, n)
     // Note: Additional adapters can be extended here for runtime fallback:
     // - promptSettings: Fall back to control plane prompts
     // - branding: Fall back to control plane branding/themes
   };
 }
-function J(e) {
+function X(e) {
   if (!e || typeof e != "object") return !1;
   const t = e.metadata;
   return !t || typeof t != "object" ? !1 : t.inheritable === !0;
 }
-function Se(e, t) {
+function Ie(e, t) {
   return {
     ...e.hooks,
     list: async (n, r) => {
-      const a = await e.hooks.list(n, r);
+      const s = await e.hooks.list(n, r);
       if (!t || n === t)
-        return a;
+        return s;
       const i = ((await e.hooks.list(
         t,
         r
       )).hooks || []).filter(
-        J
+        X
       );
       if (i.length === 0)
-        return a;
-      const c = new Set(
-        (a.hooks || []).map((o) => o.hook_id)
-      ), u = i.filter((o) => !c.has(o.hook_id));
+        return s;
+      const c = new Set((s.hooks || []).map((a) => a.hook_id)), l = i.filter((a) => !c.has(a.hook_id));
       return {
-        ...a,
-        hooks: [...a.hooks || [], ...u],
-        length: typeof a.length == "number" ? a.length + u.length : a.length
+        ...s,
+        hooks: [...s.hooks || [], ...l],
+        length: typeof s.length == "number" ? s.length + l.length : s.length
       };
     },
     get: async (n, r) => {
-      const a = await e.hooks.get(n, r);
-      if (a || !t || n === t)
-        return a;
-      const s = await e.hooks.get(
+      const s = await e.hooks.get(n, r);
+      if (s || !t || n === t)
+        return s;
+      const o = await e.hooks.get(
         t,
         r
       );
-      return s && J(s) ? s : null;
+      return o && X(o) ? o : null;
     }
   };
 }
-function x(e, t) {
-  return Ae(e, t);
+function ee(e, t) {
+  return Se(e, t);
 }
-function Ie(e) {
+function Re(e) {
   return async (t, n) => {
     const r = t.var.user;
     return (r == null ? void 0 : r.tenant_id) === e && r.org_name && t.set("tenant_id", r.org_name), n();
   };
 }
-function Re(e) {
+function ze(e) {
   return async (t, n) => {
     if (!e.accessControl)
       return n();
-    const { controlPlaneTenantId: r } = e.accessControl, a = t.var.org_name, s = t.var.organization_id, i = a || s;
+    const { controlPlaneTenantId: r } = e.accessControl, s = t.var.org_name, o = t.var.organization_id, i = s || o;
     let c = t.var.tenant_id;
-    const u = t.var.user, l = (u != null && u.aud ? Array.isArray(u.aud) ? u.aud : [u.aud] : []).includes(X);
-    if (!c && i && l && (t.set("tenant_id", i), c = i), !c)
-      throw new A(400, {
+    const l = t.var.user, u = (l != null && l.aud ? Array.isArray(l.aud) ? l.aud : [l.aud] : []).includes(Y);
+    if (!c && i && u && (t.set("tenant_id", i), c = i), !c)
+      throw new b(400, {
         message: "Tenant ID not found in request"
       });
-    if (!fe(
-      s,
+    if (!me(
+      o,
       c,
       r,
-      a
+      s
     ))
-      throw new A(403, {
+      throw new b(403, {
         message: `Access denied to tenant ${c}`
       });
     return n();
   };
 }
-function ze(e) {
+function $e(e) {
   return async (t, n) => {
     if (!e.subdomainRouting)
       return n();
     const {
       baseDomain: r,
-      reservedSubdomains: a = [],
-      resolveSubdomain: s
+      reservedSubdomains: s = [],
+      resolveSubdomain: o
     } = e.subdomainRouting, i = t.req.header("x-forwarded-host") || t.req.header("host") || "";
     let c = null;
     if (i.endsWith(r)) {
-      const o = i.slice(0, -(r.length + 1));
-      o && !o.includes(".") && (c = o);
+      const a = i.slice(0, -(r.length + 1));
+      a && !a.includes(".") && (c = a);
     }
-    if (c && a.includes(c) && (c = null), !c)
+    if (c && s.includes(c) && (c = null), !c)
       return e.accessControl && t.set("tenant_id", e.accessControl.controlPlaneTenantId), n();
-    let u = null;
-    if (s)
-      u = await s(c);
+    let l = null;
+    if (o)
+      l = await o(c);
     else if (e.subdomainRouting.useOrganizations !== !1 && e.accessControl)
       try {
-        const o = await t.env.data.organizations.get(
+        const a = await t.env.data.organizations.get(
           e.accessControl.controlPlaneTenantId,
           c
         );
-        o && (u = o.id);
+        a && (l = a.id);
       } catch {
       }
-    if (!u)
-      throw new A(404, {
+    if (!l)
+      throw new b(404, {
         message: `Tenant not found for subdomain: ${c}`
       });
-    return t.set("tenant_id", u), n();
+    return t.set("tenant_id", l), n();
   };
 }
-function $e(e) {
+function je(e) {
   return async (t, n) => {
     if (!e.databaseIsolation)
       return n();
     const r = t.var.tenant_id;
     if (!r)
-      throw new A(400, {
+      throw new b(400, {
         message: "Tenant ID not found in request"
       });
     try {
-      const a = await e.databaseIsolation.getAdapters(r);
-      t.env.data = a;
-    } catch (a) {
+      const s = await e.databaseIsolation.getAdapters(r);
+      t.env.data = s;
+    } catch (s) {
       throw console.error(
         `Failed to resolve database for tenant ${r}:`,
-        a
-      ), new A(500, {
+        s
+      ), new b(500, {
         message: "Failed to resolve tenant database"
       });
     }
     return n();
   };
 }
-function ee(e) {
-  const t = ze(e), n = Re(e), r = $e(e);
-  return async (a, s) => (await t(a, async () => {
-  }), await n(a, async () => {
-  }), await r(a, async () => {
-  }), s());
+function te(e) {
+  const t = $e(e), n = ze(e), r = je(e);
+  return async (s, o) => (await t(s, async () => {
+  }), await n(s, async () => {
+  }), await r(s, async () => {
+  }), o());
 }
-function ke(e) {
+function qe(e) {
   const {
     dataAdapter: t,
     controlPlane: n,
     controlPlane: {
       tenantId: r = "control_plane",
-      clientId: a
+      clientId: s
     } = {},
-    sync: s = { resourceServers: !0, roles: !0 },
+    sync: o = { resourceServers: !0, roles: !0 },
     defaultPermissions: i = ["tenant:admin"],
     requireOrganizationMatch: c = !1,
-    managementApiExtensions: u = [],
-    entityHooks: o,
-    getChildTenantIds: l,
+    managementApiExtensions: l = [],
+    entityHooks: a,
+    getChildTenantIds: u,
     getAdapters: g,
     ...d
   } = e;
-  let f = t, m = t;
-  n && (f = x(t, {
+  let m = t, f = t;
+  n && (m = ee(t, {
     controlPlaneTenantId: r,
-    controlPlaneClientId: a
-  }), m = {
-    ...Pe(t, {
+    controlPlaneClientId: s
+  }), f = {
+    ...Ae(t, {
       controlPlaneTenantId: r
     }),
     multiTenancyConfig: {
       controlPlaneTenantId: r,
-      controlPlaneClientId: a
+      controlPlaneClientId: s
     }
   });
-  const w = s !== !1, C = w ? {
-    resourceServers: s.resourceServers ?? !0,
-    roles: s.roles ?? !0
-  } : { resourceServers: !1, roles: !1 }, b = {
+  const w = o !== !1, T = w ? {
+    resourceServers: o.resourceServers ?? !0,
+    roles: o.roles ?? !0
+  } : { resourceServers: !1, roles: !1 }, P = {
     controlPlaneTenantId: r,
-    getChildTenantIds: l ?? (async () => (await D(
-      (v) => f.tenants.list(v),
+    getChildTenantIds: u ?? (async () => (await D(
+      (v) => m.tenants.list(v),
       "tenants",
       { cursorField: "id", pageSize: 100 }
     )).filter((v) => v.id !== r).map((v) => v.id)),
-    getAdapters: g ?? (async () => f),
-    getControlPlaneAdapters: async () => f,
-    sync: C
-  }, { entityHooks: P, tenantHooks: h } = ye(b), T = {
+    getAdapters: g ?? (async () => m),
+    getControlPlaneAdapters: async () => m,
+    sync: T
+  }, { entityHooks: I, tenantHooks: h } = ve(P), C = {
     resourceServers: [
-      P.resourceServers,
-      ...(o == null ? void 0 : o.resourceServers) ?? []
+      I.resourceServers,
+      ...(a == null ? void 0 : a.resourceServers) ?? []
     ],
-    roles: [P.roles, ...(o == null ? void 0 : o.roles) ?? []],
-    connections: (o == null ? void 0 : o.connections) ?? [],
-    tenants: (o == null ? void 0 : o.tenants) ?? [],
-    rolePermissions: (o == null ? void 0 : o.rolePermissions) ?? []
-  }, p = Y({
+    roles: [I.roles, ...(a == null ? void 0 : a.roles) ?? []],
+    connections: (a == null ? void 0 : a.connections) ?? [],
+    tenants: (a == null ? void 0 : a.tenants) ?? [],
+    rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
+  }, p = Z({
     accessControl: {
       controlPlaneTenantId: r,
       requireOrganizationMatch: c,
       defaultPermissions: i
     }
-  }), j = N(
+  }), $ = N(
     {
       accessControl: {
         controlPlaneTenantId: r,
@@ -1235,39 +1237,39 @@ function ke(e) {
       }
     },
     { tenants: {
-      async beforeCreate(S, v) {
-        return p.beforeCreate && (v = await p.beforeCreate(S, v)), h.beforeCreate && (v = await h.beforeCreate(S, v)), v;
+      async beforeCreate(A, v) {
+        return p.beforeCreate && (v = await p.beforeCreate(A, v)), h.beforeCreate && (v = await h.beforeCreate(A, v)), v;
       },
-      async afterCreate(S, v) {
-        var $, R;
-        await (($ = p.afterCreate) == null ? void 0 : $.call(p, S, v)), await ((R = h.afterCreate) == null ? void 0 : R.call(h, S, v));
+      async afterCreate(A, v) {
+        var j, z;
+        await ((j = p.afterCreate) == null ? void 0 : j.call(p, A, v)), await ((z = h.afterCreate) == null ? void 0 : z.call(h, A, v));
       },
-      async beforeDelete(S, v) {
-        var $, R;
-        await (($ = p.beforeDelete) == null ? void 0 : $.call(p, S, v)), await ((R = h.beforeDelete) == null ? void 0 : R.call(h, S, v));
+      async beforeDelete(A, v) {
+        var j, z;
+        await ((j = p.beforeDelete) == null ? void 0 : j.call(p, A, v)), await ((z = h.beforeDelete) == null ? void 0 : z.call(h, A, v));
       }
     } }
-  ), { app: F } = le({
-    dataAdapter: f,
-    managementDataAdapter: m,
+  ), { app: R } = ue({
+    dataAdapter: m,
+    managementDataAdapter: f,
     ...d,
-    entityHooks: T,
+    entityHooks: C,
     managementApiExtensions: [
-      ...u,
-      { path: "/tenants", router: j }
+      ...l,
+      { path: "/tenants", router: $ }
     ]
   });
-  return F.use(
+  return R.use(
     "/api/v2/*",
-    Ie(r)
-  ), w && F.use("/api/v2/*", Te()), { app: F, controlPlaneTenantId: r };
+    Re(r)
+  ), w && R.use("/api/v2/*", be()), { app: R, controlPlaneTenantId: r };
 }
-function Oe(e) {
-  const t = B(e);
+function Ee(e) {
+  const t = U(e);
   return {
     name: "multi-tenancy",
     // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
-    middleware: ee(e),
+    middleware: te(e),
     // Provide lifecycle hooks
     hooks: t,
     // Mount tenant management routes
@@ -1287,23 +1289,23 @@ function Oe(e) {
     }
   };
 }
-function B(e) {
-  const t = e.accessControl ? de(e.accessControl) : {}, n = e.databaseIsolation ? me(e.databaseIsolation) : {}, r = Y(e);
+function U(e) {
+  const t = e.accessControl ? fe(e.accessControl) : {}, n = e.databaseIsolation ? ge(e.databaseIsolation) : {}, r = Z(e);
   return {
     ...t,
     ...n,
     tenants: r
   };
 }
-function je(e) {
-  const t = new re(), n = B(e);
+function Fe(e) {
+  const t = new se(), n = U(e);
   return t.route("/tenants", N(e, n)), t;
 }
-function Ee(e) {
+function Be(e) {
   return {
-    hooks: B(e),
-    middleware: ee(e),
-    app: je(e),
+    hooks: U(e),
+    middleware: te(e),
+    app: Fe(e),
     config: e,
     /**
      * Wraps data adapters with runtime fallback from the control plane.
@@ -1315,7 +1317,7 @@ function Ee(e) {
      */
     wrapAdapters: (t, n) => {
       var r;
-      return x(t, {
+      return ee(t, {
         controlPlaneTenantId: (r = e.accessControl) == null ? void 0 : r.controlPlaneTenantId,
         controlPlaneClientId: n == null ? void 0 : n.controlPlaneClientId
       });
@@ -1323,24 +1325,24 @@ function Ee(e) {
   };
 }
 export {
-  de as createAccessControlHooks,
-  Re as createAccessControlMiddleware,
-  Ie as createControlPlaneTenantMiddleware,
-  me as createDatabaseHooks,
-  $e as createDatabaseMiddleware,
-  je as createMultiTenancy,
-  B as createMultiTenancyHooks,
-  ee as createMultiTenancyMiddleware,
-  Oe as createMultiTenancyPlugin,
-  Te as createProtectSyncedMiddleware,
-  Y as createProvisioningHooks,
-  Ae as createRuntimeFallbackAdapter,
-  ze as createSubdomainMiddleware,
-  ye as createSyncHooks,
+  fe as createAccessControlHooks,
+  ze as createAccessControlMiddleware,
+  Re as createControlPlaneTenantMiddleware,
+  ge as createDatabaseHooks,
+  je as createDatabaseMiddleware,
+  Fe as createMultiTenancy,
+  U as createMultiTenancyHooks,
+  te as createMultiTenancyMiddleware,
+  Ee as createMultiTenancyPlugin,
+  be as createProtectSyncedMiddleware,
+  Z as createProvisioningHooks,
+  Se as createRuntimeFallbackAdapter,
+  $e as createSubdomainMiddleware,
+  ve as createSyncHooks,
   N as createTenantsOpenAPIRouter,
-  ke as initMultiTenant,
-  Ee as setupMultiTenancy,
-  fe as validateTenantAccess,
-  x as withRuntimeFallback,
-  Pe as withSystemResourceServerInheritance
+  qe as initMultiTenant,
+  Be as setupMultiTenancy,
+  me as validateTenantAccess,
+  ee as withRuntimeFallback,
+  Ae as withSystemResourceServerInheritance
 };