@authhero/multi-tenancy 14.20.3 → 14.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.mjs +651 -622
  3. package/dist/types/index.d.ts +2 -2
  4. package/dist/types/index.d.ts.map +1 -1
  5. package/dist/types/init.d.ts +28 -0
  6. package/dist/types/init.d.ts.map +1 -1
  7. package/dist/types/middleware/index.d.ts +2 -2
  8. package/dist/types/middleware/index.d.ts.map +1 -1
  9. package/dist/types/middleware/settings-inheritance.d.ts +48 -1
  10. package/dist/types/middleware/settings-inheritance.d.ts.map +1 -1
  11. package/package.json +4 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,38 +1,38 @@
1
1
  var ne = Object.defineProperty;
2
- var re = (e, t, n) => t in e ? ne(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
3
- var E = (e, t, n) => re(e, typeof t != "symbol" ? t + "" : t, n);
4
- import { Hono as se } from "hono";
5
- import { MANAGEMENT_API_SCOPES as ae, MANAGEMENT_API_AUDIENCE as Y, fetchAll as D, auth0QuerySchema as oe, tenantSchema as O, tenantInsertSchema as G, deepMergePatch as ie, connectionSchema as ce, connectionOptionsSchema as le, init as ue } from "authhero";
2
+ var re = (e, t, r) => t in e ? ne(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
3
+ var E = (e, t, r) => re(e, typeof t != "symbol" ? t + "" : t, r);
4
+ import { Hono as ae } from "hono";
5
+ import { MANAGEMENT_API_SCOPES as se, MANAGEMENT_API_AUDIENCE as X, fetchAll as q, auth0QuerySchema as oe, tenantSchema as D, tenantInsertSchema as G, deepMergePatch as ie, connectionSchema as ce, connectionOptionsSchema as le, init as ue } from "authhero";
6
6
  import { OpenAPIHono as de, createRoute as M, z as S } from "@hono/zod-openapi";
7
7
  function fe(e) {
8
- const { controlPlaneTenantId: t, requireOrganizationMatch: n = !0 } = e;
8
+ const { controlPlaneTenantId: t, requireOrganizationMatch: r = !0 } = e;
9
9
  return {
10
- async onTenantAccessValidation(r, s) {
11
- if (s === t)
10
+ async onTenantAccessValidation(n, a) {
11
+ if (a === t)
12
12
  return !0;
13
- if (n) {
14
- const o = r.var.org_name, i = r.var.organization_id, c = o || i;
15
- return c ? c.toLowerCase() === s.toLowerCase() : !1;
13
+ if (r) {
14
+ const o = n.var.org_name, c = n.var.organization_id, i = o || c;
15
+ return i ? i.toLowerCase() === a.toLowerCase() : !1;
16
16
  }
17
17
  return !0;
18
18
  }
19
19
  };
20
20
  }
21
- function me(e, t, n, r) {
22
- if (t === n)
21
+ function me(e, t, r, n) {
22
+ if (t === r)
23
23
  return !0;
24
- const s = r || e;
25
- return s ? s.toLowerCase() === t.toLowerCase() : !1;
24
+ const a = n || e;
25
+ return a ? a.toLowerCase() === t.toLowerCase() : !1;
26
26
  }
27
27
  function ge(e) {
28
28
  return {
29
29
  async resolveDataAdapters(t) {
30
30
  try {
31
31
  return await e.getAdapters(t);
32
- } catch (n) {
32
+ } catch (r) {
33
33
  console.error(
34
34
  `Failed to resolve data adapters for tenant ${t}:`,
35
- n
35
+ r
36
36
  );
37
37
  return;
38
38
  }
@@ -42,225 +42,225 @@ function ge(e) {
42
42
  function we(e) {
43
43
  return `urn:authhero:tenant:${e.toLowerCase()}`;
44
44
  }
45
- function Z(e) {
45
+ function Y(e) {
46
46
  return {
47
- async beforeCreate(t, n) {
48
- return !n.audience && n.id ? {
49
- ...n,
50
- audience: we(n.id)
51
- } : n;
47
+ async beforeCreate(t, r) {
48
+ return !r.audience && r.id ? {
49
+ ...r,
50
+ audience: we(r.id)
51
+ } : r;
52
52
  },
53
- async afterCreate(t, n) {
54
- const { accessControl: r, databaseIsolation: s } = e;
55
- r && t.ctx && await he(t, n, r), s != null && s.onProvision && await s.onProvision(n.id);
53
+ async afterCreate(t, r) {
54
+ const { accessControl: n, databaseIsolation: a } = e;
55
+ n && t.ctx && await pe(t, r, n), a != null && a.onProvision && await a.onProvision(r.id);
56
56
  },
57
- async beforeDelete(t, n) {
58
- const { accessControl: r, databaseIsolation: s } = e;
59
- if (r)
57
+ async beforeDelete(t, r) {
58
+ const { accessControl: n, databaseIsolation: a } = e;
59
+ if (n)
60
60
  try {
61
- const i = (await t.adapters.organizations.list(
62
- r.controlPlaneTenantId
63
- )).organizations.find((c) => c.name === n);
64
- i && await t.adapters.organizations.remove(
65
- r.controlPlaneTenantId,
66
- i.id
61
+ const c = (await t.adapters.organizations.list(
62
+ n.controlPlaneTenantId
63
+ )).organizations.find((i) => i.name === r);
64
+ c && await t.adapters.organizations.remove(
65
+ n.controlPlaneTenantId,
66
+ c.id
67
67
  );
68
68
  } catch (o) {
69
69
  console.warn(
70
- `Failed to remove organization for tenant ${n}:`,
70
+ `Failed to remove organization for tenant ${r}:`,
71
71
  o
72
72
  );
73
73
  }
74
- if (s != null && s.onDeprovision)
74
+ if (a != null && a.onDeprovision)
75
75
  try {
76
- await s.onDeprovision(n);
76
+ await a.onDeprovision(r);
77
77
  } catch (o) {
78
78
  console.warn(
79
- `Failed to deprovision database for tenant ${n}:`,
79
+ `Failed to deprovision database for tenant ${r}:`,
80
80
  o
81
81
  );
82
82
  }
83
83
  }
84
84
  };
85
85
  }
86
- async function he(e, t, n) {
86
+ async function pe(e, t, r) {
87
87
  const {
88
- controlPlaneTenantId: r,
89
- defaultPermissions: s,
88
+ controlPlaneTenantId: n,
89
+ defaultPermissions: a,
90
90
  defaultRoles: o,
91
- issuer: i,
92
- adminRoleName: c = "Tenant Admin",
91
+ issuer: c,
92
+ adminRoleName: i = "Tenant Admin",
93
93
  adminRoleDescription: l = "Full access to all tenant management operations",
94
- addCreatorToOrganization: a = !0
95
- } = n, u = await e.adapters.organizations.create(
96
- r,
94
+ addCreatorToOrganization: u = !0
95
+ } = r, s = await e.adapters.organizations.create(
96
+ n,
97
97
  {
98
98
  name: t.id,
99
99
  display_name: t.friendly_name || t.id
100
100
  }
101
101
  );
102
- let g;
103
- if (i && (g = await ye(
102
+ let d;
103
+ if (c && (d = await ye(
104
104
  e,
105
- r,
106
- c,
105
+ n,
106
+ i,
107
107
  l
108
- )), a && e.ctx) {
109
- const d = e.ctx.var.user;
110
- if (d != null && d.sub && !await pe(
108
+ )), u && e.ctx) {
109
+ const m = e.ctx.var.user;
110
+ if (m != null && m.sub && !await he(
111
111
  e,
112
- r,
113
- d.sub
112
+ n,
113
+ m.sub
114
114
  ))
115
115
  try {
116
- await e.adapters.userOrganizations.create(r, {
117
- user_id: d.sub,
118
- organization_id: u.id
119
- }), g && await e.adapters.userRoles.create(
120
- r,
121
- d.sub,
122
- g,
123
- u.id
116
+ await e.adapters.userOrganizations.create(n, {
117
+ user_id: m.sub,
118
+ organization_id: s.id
119
+ }), d && await e.adapters.userRoles.create(
120
+ n,
121
+ m.sub,
122
+ d,
123
+ s.id
124
124
  // organizationId
125
125
  );
126
126
  } catch (f) {
127
127
  console.warn(
128
- `Failed to add creator ${d.sub} to organization ${u.id}:`,
128
+ `Failed to add creator ${m.sub} to organization ${s.id}:`,
129
129
  f
130
130
  );
131
131
  }
132
132
  }
133
133
  o && o.length > 0 && console.log(
134
- `Would assign roles ${o.join(", ")} to organization ${u.id}`
135
- ), s && s.length > 0 && console.log(
136
- `Would grant permissions ${s.join(", ")} to organization ${u.id}`
134
+ `Would assign roles ${o.join(", ")} to organization ${s.id}`
135
+ ), a && a.length > 0 && console.log(
136
+ `Would grant permissions ${a.join(", ")} to organization ${s.id}`
137
137
  );
138
138
  }
139
- async function pe(e, t, n) {
140
- const r = await e.adapters.userRoles.list(
139
+ async function he(e, t, r) {
140
+ const n = await e.adapters.userRoles.list(
141
141
  t,
142
- n,
142
+ r,
143
143
  void 0,
144
144
  ""
145
145
  // Empty string for global roles
146
146
  );
147
- for (const s of r)
147
+ for (const a of n)
148
148
  if ((await e.adapters.rolePermissions.list(
149
149
  t,
150
- s.id,
150
+ a.id,
151
151
  { per_page: 1e3 }
152
152
  )).some(
153
- (c) => c.permission_name === "admin:organizations"
153
+ (i) => i.permission_name === "admin:organizations"
154
154
  ))
155
155
  return !0;
156
156
  return !1;
157
157
  }
158
- async function ye(e, t, n, r) {
159
- const o = (await e.adapters.roles.list(t, {})).roles.find((a) => a.name === n);
158
+ async function ye(e, t, r, n) {
159
+ const o = (await e.adapters.roles.list(t, {})).roles.find((u) => u.name === r);
160
160
  if (o)
161
161
  return o.id;
162
- const i = await e.adapters.roles.create(t, {
163
- name: n,
164
- description: r
165
- }), c = Y, l = ae.map((a) => ({
166
- role_id: i.id,
167
- resource_server_identifier: c,
168
- permission_name: a.value
162
+ const c = await e.adapters.roles.create(t, {
163
+ name: r,
164
+ description: n
165
+ }), i = X, l = se.map((u) => ({
166
+ role_id: c.id,
167
+ resource_server_identifier: i,
168
+ permission_name: u.value
169
169
  }));
170
170
  return await e.adapters.rolePermissions.assign(
171
171
  t,
172
- i.id,
172
+ c.id,
173
173
  l
174
- ), i.id;
174
+ ), c.id;
175
175
  }
176
- function H(e, t, n = () => !0) {
177
- const { controlPlaneTenantId: r, getChildTenantIds: s, getAdapters: o } = e, i = /* @__PURE__ */ new Map();
178
- async function c(u, g, d) {
179
- return (await t(u).list(g, {
180
- q: `name:${d}`,
176
+ function H(e, t, r = () => !0) {
177
+ const { controlPlaneTenantId: n, getChildTenantIds: a, getAdapters: o } = e, c = /* @__PURE__ */ new Map();
178
+ async function i(s, d, m) {
179
+ return (await t(s).list(d, {
180
+ q: `name:${m}`,
181
181
  per_page: 1
182
182
  }))[0] ?? null;
183
183
  }
184
- async function l(u) {
185
- const g = await s(), d = t(await o(r));
184
+ async function l(s) {
185
+ const d = await a(), m = t(await o(n));
186
186
  await Promise.all(
187
- g.map(async (m) => {
187
+ d.map(async (w) => {
188
188
  try {
189
- const f = await o(m), w = t(f), y = {
190
- ...d.transform(u),
189
+ const f = await o(w), g = t(f), h = {
190
+ ...m.transform(s),
191
191
  is_system: !0
192
- }, _ = await c(f, m, u.name), P = _ ? w.getId(_) : void 0;
193
- if (_ && P) {
194
- const I = w.preserveOnUpdate ? w.preserveOnUpdate(_, y) : y;
195
- await w.update(m, P, I);
192
+ }, T = await i(f, w, s.name), b = T ? g.getId(T) : void 0;
193
+ if (T && b) {
194
+ const z = g.preserveOnUpdate ? g.preserveOnUpdate(T, h) : h;
195
+ await g.update(w, b, z);
196
196
  } else
197
- await w.create(m, y);
197
+ await g.create(w, h);
198
198
  } catch (f) {
199
199
  console.error(
200
- `Failed to sync ${d.listKey} "${u.name}" to tenant "${m}":`,
200
+ `Failed to sync ${m.listKey} "${s.name}" to tenant "${w}":`,
201
201
  f
202
202
  );
203
203
  }
204
204
  })
205
205
  );
206
206
  }
207
- async function a(u) {
208
- const g = await s();
207
+ async function u(s) {
208
+ const d = await a();
209
209
  await Promise.all(
210
- g.map(async (d) => {
210
+ d.map(async (m) => {
211
211
  try {
212
- const m = await o(d), f = t(m), w = await c(m, d, u), T = w ? f.getId(w) : void 0;
213
- w && T && await f.remove(d, T);
214
- } catch (m) {
212
+ const w = await o(m), f = t(w), g = await i(w, m, s), _ = g ? f.getId(g) : void 0;
213
+ g && _ && await f.remove(m, _);
214
+ } catch (w) {
215
215
  console.error(
216
- `Failed to delete entity "${u}" from tenant "${d}":`,
217
- m
216
+ `Failed to delete entity "${s}" from tenant "${m}":`,
217
+ w
218
218
  );
219
219
  }
220
220
  })
221
221
  );
222
222
  }
223
223
  return {
224
- afterCreate: async (u, g) => {
225
- u.tenantId === r && n(g) && await l(g);
224
+ afterCreate: async (s, d) => {
225
+ s.tenantId === n && r(d) && await l(d);
226
226
  },
227
- afterUpdate: async (u, g, d) => {
228
- u.tenantId === r && n(d) && await l(d);
227
+ afterUpdate: async (s, d, m) => {
228
+ s.tenantId === n && r(m) && await l(m);
229
229
  },
230
- beforeDelete: async (u, g) => {
231
- if (u.tenantId !== r) return;
232
- const m = await t(u.adapters).get(u.tenantId, g);
233
- m && n(m) && i.set(g, m);
230
+ beforeDelete: async (s, d) => {
231
+ if (s.tenantId !== n) return;
232
+ const w = await t(s.adapters).get(s.tenantId, d);
233
+ w && r(w) && c.set(d, w);
234
234
  },
235
- afterDelete: async (u, g) => {
236
- if (u.tenantId !== r) return;
237
- const d = i.get(g);
238
- d && (i.delete(g), await a(d.name));
235
+ afterDelete: async (s, d) => {
236
+ if (s.tenantId !== n) return;
237
+ const m = c.get(d);
238
+ m && (c.delete(d), await u(m.name));
239
239
  }
240
240
  };
241
241
  }
242
- function W(e, t, n = () => !0) {
243
- const { controlPlaneTenantId: r, getControlPlaneAdapters: s, getAdapters: o } = e;
242
+ function W(e, t, r = () => !0) {
243
+ const { controlPlaneTenantId: n, getControlPlaneAdapters: a, getAdapters: o } = e;
244
244
  return {
245
- async afterCreate(i, c) {
246
- if (c.id !== r)
245
+ async afterCreate(c, i) {
246
+ if (i.id !== n)
247
247
  try {
248
- const l = await s(), a = await o(c.id), u = t(l), g = t(a), d = await D(
249
- (m) => u.listPaginated(r, m),
250
- u.listKey,
248
+ const l = await a(), u = await o(i.id), s = t(l), d = t(u), m = await q(
249
+ (w) => s.listPaginated(n, w),
250
+ s.listKey,
251
251
  { cursorField: "id", pageSize: 100 }
252
252
  );
253
253
  await Promise.all(
254
- d.filter((m) => n(m)).map(async (m) => {
254
+ m.filter((w) => r(w)).map(async (w) => {
255
255
  try {
256
- const f = u.transform(m);
257
- await g.create(c.id, {
256
+ const f = s.transform(w);
257
+ await d.create(i.id, {
258
258
  ...f,
259
259
  is_system: !0
260
260
  });
261
261
  } catch (f) {
262
262
  console.error(
263
- `Failed to sync entity to new tenant "${c.id}":`,
263
+ `Failed to sync entity to new tenant "${i.id}":`,
264
264
  f
265
265
  );
266
266
  }
@@ -268,7 +268,7 @@ function W(e, t, n = () => !0) {
268
268
  );
269
269
  } catch (l) {
270
270
  console.error(
271
- `Failed to sync entities to new tenant "${c.id}":`,
271
+ `Failed to sync entities to new tenant "${i.id}":`,
272
272
  l
273
273
  );
274
274
  }
@@ -276,12 +276,12 @@ function W(e, t, n = () => !0) {
276
276
  };
277
277
  }
278
278
  const L = (e) => ({
279
- list: async (t, n) => (await e.resourceServers.list(t, n)).resource_servers,
280
- listPaginated: (t, n) => e.resourceServers.list(t, n),
281
- get: (t, n) => e.resourceServers.get(t, n),
282
- create: (t, n) => e.resourceServers.create(t, n),
283
- update: (t, n, r) => e.resourceServers.update(t, n, r),
284
- remove: (t, n) => e.resourceServers.remove(t, n),
279
+ list: async (t, r) => (await e.resourceServers.list(t, r)).resource_servers,
280
+ listPaginated: (t, r) => e.resourceServers.list(t, r),
281
+ get: (t, r) => e.resourceServers.get(t, r),
282
+ create: (t, r) => e.resourceServers.create(t, r),
283
+ update: (t, r, n) => e.resourceServers.update(t, r, n),
284
+ remove: (t, r) => e.resourceServers.remove(t, r),
285
285
  listKey: "resource_servers",
286
286
  getId: (t) => t.id,
287
287
  transform: (t) => ({
@@ -294,12 +294,12 @@ const L = (e) => ({
294
294
  token_lifetime_for_web: t.token_lifetime_for_web
295
295
  })
296
296
  }), K = (e) => ({
297
- list: async (t, n) => (await e.roles.list(t, n)).roles,
298
- listPaginated: (t, n) => e.roles.list(t, n),
299
- get: (t, n) => e.roles.get(t, n),
300
- create: (t, n) => e.roles.create(t, n),
301
- update: (t, n, r) => e.roles.update(t, n, r),
302
- remove: (t, n) => e.roles.remove(t, n),
297
+ list: async (t, r) => (await e.roles.list(t, r)).roles,
298
+ listPaginated: (t, r) => e.roles.list(t, r),
299
+ get: (t, r) => e.roles.get(t, r),
300
+ create: (t, r) => e.roles.create(t, r),
301
+ update: (t, r, n) => e.roles.update(t, r, n),
302
+ remove: (t, r) => e.roles.remove(t, r),
303
303
  listKey: "roles",
304
304
  getId: (t) => t.id,
305
305
  transform: (t) => ({
@@ -313,129 +313,129 @@ function Q(e) {
313
313
  return ((t = e.metadata) == null ? void 0 : t.sync) !== !1;
314
314
  }
315
315
  function ve(e) {
316
- const { sync: t = {}, filters: n = {} } = e, r = t.resourceServers ?? !0, s = t.roles ?? !0, o = (f) => Q(f) ? n.resourceServers ? n.resourceServers(f) : !0 : !1, i = (f) => Q(f) ? n.roles ? n.roles(f) : !0 : !1, c = r ? H(
316
+ const { sync: t = {}, filters: r = {} } = e, n = t.resourceServers ?? !0, a = t.roles ?? !0, o = (f) => Q(f) ? r.resourceServers ? r.resourceServers(f) : !0 : !1, c = (f) => Q(f) ? r.roles ? r.roles(f) : !0 : !1, i = n ? H(
317
317
  e,
318
318
  L,
319
319
  o
320
- ) : void 0, l = s ? H(e, K, i) : void 0, a = r ? W(
320
+ ) : void 0, l = a ? H(e, K, c) : void 0, u = n ? W(
321
321
  e,
322
322
  L,
323
323
  o
324
- ) : void 0, u = s ? W(
324
+ ) : void 0, s = a ? W(
325
325
  e,
326
326
  K,
327
- i
328
- ) : void 0, g = s ? {
329
- async afterCreate(f, w) {
330
- var T;
331
- if (w.id !== e.controlPlaneTenantId) {
332
- await ((T = u == null ? void 0 : u.afterCreate) == null ? void 0 : T.call(u, f, w));
327
+ c
328
+ ) : void 0, d = a ? {
329
+ async afterCreate(f, g) {
330
+ var _;
331
+ if (g.id !== e.controlPlaneTenantId) {
332
+ await ((_ = s == null ? void 0 : s.afterCreate) == null ? void 0 : _.call(s, f, g));
333
333
  try {
334
- const y = await e.getControlPlaneAdapters(), _ = await e.getAdapters(w.id), P = await D(
335
- (h) => y.roles.list(
334
+ const h = await e.getControlPlaneAdapters(), T = await e.getAdapters(g.id), b = await q(
335
+ (v) => h.roles.list(
336
336
  e.controlPlaneTenantId,
337
- h
337
+ v
338
338
  ),
339
339
  "roles",
340
340
  { cursorField: "id", pageSize: 100 }
341
- ), I = /* @__PURE__ */ new Map();
342
- for (const h of P.filter(
343
- (C) => {
344
- var p;
345
- return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
341
+ ), z = /* @__PURE__ */ new Map();
342
+ for (const v of b.filter(
343
+ (p) => {
344
+ var C;
345
+ return ((C = r.roles) == null ? void 0 : C.call(r, p)) ?? !0;
346
346
  }
347
347
  )) {
348
- const C = await d(
349
- _,
350
- w.id,
351
- h.name
348
+ const p = await m(
349
+ T,
350
+ g.id,
351
+ v.name
352
352
  );
353
- C && I.set(h.name, C.id);
353
+ p && z.set(v.name, p.id);
354
354
  }
355
- for (const h of P.filter(
356
- (C) => {
357
- var p;
358
- return ((p = n.roles) == null ? void 0 : p.call(n, C)) ?? !0;
355
+ for (const v of b.filter(
356
+ (p) => {
357
+ var C;
358
+ return ((C = r.roles) == null ? void 0 : C.call(r, p)) ?? !0;
359
359
  }
360
360
  )) {
361
- const C = I.get(h.name);
362
- if (C)
361
+ const p = z.get(v.name);
362
+ if (p)
363
363
  try {
364
- const p = await y.rolePermissions.list(
364
+ const C = await h.rolePermissions.list(
365
365
  e.controlPlaneTenantId,
366
- h.id,
366
+ v.id,
367
367
  {}
368
368
  );
369
- p.length > 0 && await _.rolePermissions.assign(
370
- w.id,
371
- C,
372
- p.map((F) => ({
373
- role_id: C,
374
- resource_server_identifier: F.resource_server_identifier,
375
- permission_name: F.permission_name
369
+ C.length > 0 && await T.rolePermissions.assign(
370
+ g.id,
371
+ p,
372
+ C.map((I) => ({
373
+ role_id: p,
374
+ resource_server_identifier: I.resource_server_identifier,
375
+ permission_name: I.permission_name
376
376
  }))
377
377
  );
378
- } catch (p) {
378
+ } catch (C) {
379
379
  console.error(
380
- `Failed to sync permissions for role "${h.name}" to tenant "${w.id}":`,
381
- p
380
+ `Failed to sync permissions for role "${v.name}" to tenant "${g.id}":`,
381
+ C
382
382
  );
383
383
  }
384
384
  }
385
- } catch (y) {
385
+ } catch (h) {
386
386
  console.error(
387
- `Failed to sync role permissions to tenant "${w.id}":`,
388
- y
387
+ `Failed to sync role permissions to tenant "${g.id}":`,
388
+ h
389
389
  );
390
390
  }
391
391
  }
392
392
  }
393
393
  } : void 0;
394
- async function d(f, w, T) {
395
- return (await f.roles.list(w, {
396
- q: `name:${T}`,
394
+ async function m(f, g, _) {
395
+ return (await f.roles.list(g, {
396
+ q: `name:${_}`,
397
397
  per_page: 1
398
398
  })).roles[0] ?? null;
399
399
  }
400
400
  return {
401
401
  entityHooks: {
402
- resourceServers: c,
402
+ resourceServers: i,
403
403
  roles: l
404
404
  },
405
405
  tenantHooks: {
406
- async afterCreate(f, w) {
407
- const T = [
408
- a == null ? void 0 : a.afterCreate,
409
- (g == null ? void 0 : g.afterCreate) ?? (u == null ? void 0 : u.afterCreate)
410
- ], y = [];
411
- for (const _ of T)
412
- if (_)
406
+ async afterCreate(f, g) {
407
+ const _ = [
408
+ u == null ? void 0 : u.afterCreate,
409
+ (d == null ? void 0 : d.afterCreate) ?? (s == null ? void 0 : s.afterCreate)
410
+ ], h = [];
411
+ for (const T of _)
412
+ if (T)
413
413
  try {
414
- await _(f, w);
415
- } catch (P) {
416
- y.push(P instanceof Error ? P : new Error(String(P)));
414
+ await T(f, g);
415
+ } catch (b) {
416
+ h.push(b instanceof Error ? b : new Error(String(b)));
417
417
  }
418
- if (y.length === 1) throw y[0];
419
- if (y.length > 1)
418
+ if (h.length === 1) throw h[0];
419
+ if (h.length > 1)
420
420
  throw new AggregateError(
421
- y,
422
- y.map((_) => _.message).join("; ")
421
+ h,
422
+ h.map((T) => T.message).join("; ")
423
423
  );
424
424
  }
425
425
  }
426
426
  };
427
427
  }
428
- var b = class extends Error {
428
+ var P = class extends Error {
429
429
  /**
430
430
  * Creates an instance of `HTTPException`.
431
431
  * @param status - HTTP status code for the exception. Defaults to 500.
432
432
  * @param options - Additional options for the exception.
433
433
  */
434
- constructor(t = 500, n) {
435
- super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
434
+ constructor(t = 500, r) {
435
+ super(r == null ? void 0 : r.message, { cause: r == null ? void 0 : r.cause });
436
436
  E(this, "res");
437
437
  E(this, "status");
438
- this.res = n == null ? void 0 : n.res, this.status = t;
438
+ this.res = r == null ? void 0 : r.res, this.status = t;
439
439
  }
440
440
  /**
441
441
  * Returns the response object associated with the exception.
@@ -451,9 +451,9 @@ var b = class extends Error {
451
451
  });
452
452
  }
453
453
  };
454
- function N(e, t) {
455
- const n = new de();
456
- return n.openapi(
454
+ function B(e, t) {
455
+ const r = new de();
456
+ return r.openapi(
457
457
  M({
458
458
  tags: ["tenants"],
459
459
  method: "get",
@@ -471,7 +471,7 @@ function N(e, t) {
471
471
  content: {
472
472
  "application/json": {
473
473
  schema: S.object({
474
- tenants: S.array(O),
474
+ tenants: S.array(D),
475
475
  start: S.number().optional(),
476
476
  limit: S.number().optional(),
477
477
  length: S.number().optional()
@@ -482,79 +482,79 @@ function N(e, t) {
482
482
  }
483
483
  }
484
484
  }),
485
- async (r) => {
486
- var w, T, y, _, P, I;
487
- const s = r.req.valid("query"), { page: o, per_page: i, include_totals: c, q: l } = s, a = r.var.user, u = (a == null ? void 0 : a.permissions) || [];
488
- if (!!!((a == null ? void 0 : a.org_id) ?? r.var.organization_id) && u.includes("admin:organizations")) {
489
- const h = await r.env.data.tenants.list({
485
+ async (n) => {
486
+ var g, _, h, T, b, z;
487
+ const a = n.req.valid("query"), { page: o, per_page: c, include_totals: i, q: l } = a, u = n.var.user, s = (u == null ? void 0 : u.permissions) || [];
488
+ if (!!!((u == null ? void 0 : u.org_id) ?? n.var.organization_id) && s.includes("admin:organizations")) {
489
+ const v = await n.env.data.tenants.list({
490
490
  page: o,
491
- per_page: i,
492
- include_totals: c,
491
+ per_page: c,
492
+ include_totals: i,
493
493
  q: l
494
494
  });
495
- return c ? r.json({
496
- tenants: h.tenants,
497
- start: ((w = h.totals) == null ? void 0 : w.start) ?? 0,
498
- limit: ((T = h.totals) == null ? void 0 : T.limit) ?? i,
499
- length: h.tenants.length
500
- }) : r.json({ tenants: h.tenants });
495
+ return i ? n.json({
496
+ tenants: v.tenants,
497
+ start: ((g = v.totals) == null ? void 0 : g.start) ?? 0,
498
+ limit: ((_ = v.totals) == null ? void 0 : _.limit) ?? c,
499
+ length: v.tenants.length
500
+ }) : n.json({ tenants: v.tenants });
501
501
  }
502
- const m = ((y = e.accessControl) == null ? void 0 : y.controlPlaneTenantId) ?? ((_ = r.env.data.multiTenancyConfig) == null ? void 0 : _.controlPlaneTenantId);
503
- if (m && !(a != null && a.sub))
504
- throw new b(403, {
502
+ const w = ((h = e.accessControl) == null ? void 0 : h.controlPlaneTenantId) ?? ((T = n.env.data.multiTenancyConfig) == null ? void 0 : T.controlPlaneTenantId);
503
+ if (w && !(u != null && u.sub))
504
+ throw new P(403, {
505
505
  message: "Access denied: token has no subject"
506
506
  });
507
- if (m && (a != null && a.sub)) {
508
- const C = (await D(
509
- (k) => r.env.data.userOrganizations.listUserOrganizations(
510
- m,
511
- a.sub,
512
- k
507
+ if (w && (u != null && u.sub)) {
508
+ const p = (await q(
509
+ (R) => n.env.data.userOrganizations.listUserOrganizations(
510
+ w,
511
+ u.sub,
512
+ R
513
513
  ),
514
514
  "organizations"
515
- )).map((k) => k.name);
516
- if (C.length === 0)
517
- return c ? r.json({
515
+ )).map((R) => R.name);
516
+ if (p.length === 0)
517
+ return i ? n.json({
518
518
  tenants: [],
519
519
  start: 0,
520
- limit: i ?? 50,
520
+ limit: c ?? 50,
521
521
  length: 0
522
- }) : r.json({ tenants: [] });
523
- const p = C.length, F = o ?? 0, $ = i ?? 50, R = F * $, A = C.slice(R, R + $);
524
- if (A.length === 0)
525
- return c ? r.json({
522
+ }) : n.json({ tenants: [] });
523
+ const C = p.length, I = o ?? 0, j = c ?? 50, k = I * j, F = p.slice(k, k + j);
524
+ if (F.length === 0)
525
+ return i ? n.json({
526
526
  tenants: [],
527
- start: R,
528
- limit: $,
529
- length: p
530
- }) : r.json({ tenants: [] });
531
- const v = A.map((k) => `id:${k}`).join(" OR "), j = l ? `(${v}) AND (${l})` : v, z = await r.env.data.tenants.list({
532
- q: j,
533
- per_page: $,
527
+ start: k,
528
+ limit: j,
529
+ length: C
530
+ }) : n.json({ tenants: [] });
531
+ const A = F.map((R) => `id:${R}`).join(" OR "), y = l ? `(${A}) AND (${l})` : A, $ = await n.env.data.tenants.list({
532
+ q: y,
533
+ per_page: j,
534
534
  include_totals: !1
535
535
  // We calculate totals from accessibleTenantIds
536
536
  });
537
- return c ? r.json({
538
- tenants: z.tenants,
539
- start: R,
540
- limit: $,
541
- length: p
542
- }) : r.json({ tenants: z.tenants });
537
+ return i ? n.json({
538
+ tenants: $.tenants,
539
+ start: k,
540
+ limit: j,
541
+ length: C
542
+ }) : n.json({ tenants: $.tenants });
543
543
  }
544
- const f = await r.env.data.tenants.list({
544
+ const f = await n.env.data.tenants.list({
545
545
  page: o,
546
- per_page: i,
547
- include_totals: c,
546
+ per_page: c,
547
+ include_totals: i,
548
548
  q: l
549
549
  });
550
- return c ? r.json({
550
+ return i ? n.json({
551
551
  tenants: f.tenants,
552
- start: ((P = f.totals) == null ? void 0 : P.start) ?? 0,
553
- limit: ((I = f.totals) == null ? void 0 : I.limit) ?? i,
552
+ start: ((b = f.totals) == null ? void 0 : b.start) ?? 0,
553
+ limit: ((z = f.totals) == null ? void 0 : z.limit) ?? c,
554
554
  length: f.tenants.length
555
- }) : r.json({ tenants: f.tenants });
555
+ }) : n.json({ tenants: f.tenants });
556
556
  }
557
- ), n.openapi(
557
+ ), r.openapi(
558
558
  M({
559
559
  tags: ["tenants"],
560
560
  method: "post",
@@ -577,7 +577,7 @@ function N(e, t) {
577
577
  201: {
578
578
  content: {
579
579
  "application/json": {
580
- schema: O
580
+ schema: D
581
581
  }
582
582
  },
583
583
  description: "Tenant created"
@@ -590,23 +590,23 @@ function N(e, t) {
590
590
  }
591
591
  }
592
592
  }),
593
- async (r) => {
594
- var l, a;
595
- const s = r.var.user;
596
- if (!(s != null && s.sub))
597
- throw new b(401, {
593
+ async (n) => {
594
+ var l, u;
595
+ const a = n.var.user;
596
+ if (!(a != null && a.sub))
597
+ throw new P(401, {
598
598
  message: "Authentication required to create tenants"
599
599
  });
600
- let o = r.req.valid("json");
601
- const i = {
602
- adapters: r.env.data,
603
- ctx: r
600
+ let o = n.req.valid("json");
601
+ const c = {
602
+ adapters: n.env.data,
603
+ ctx: n
604
604
  };
605
- (l = t.tenants) != null && l.beforeCreate && (o = await t.tenants.beforeCreate(i, o));
606
- const c = await r.env.data.tenants.create(o);
607
- return (a = t.tenants) != null && a.afterCreate && await t.tenants.afterCreate(i, c), r.json(c, 201);
605
+ (l = t.tenants) != null && l.beforeCreate && (o = await t.tenants.beforeCreate(c, o));
606
+ const i = await n.env.data.tenants.create(o);
607
+ return (u = t.tenants) != null && u.afterCreate && await t.tenants.afterCreate(c, i), n.json(i, 201);
608
608
  }
609
- ), n.openapi(
609
+ ), r.openapi(
610
610
  M({
611
611
  tags: ["tenants"],
612
612
  method: "delete",
@@ -633,42 +633,42 @@ function N(e, t) {
633
633
  }
634
634
  }
635
635
  }),
636
- async (r) => {
637
- var l, a, u, g;
638
- const { id: s } = r.req.valid("param"), o = ((l = e.accessControl) == null ? void 0 : l.controlPlaneTenantId) ?? ((a = r.env.data.multiTenancyConfig) == null ? void 0 : a.controlPlaneTenantId);
636
+ async (n) => {
637
+ var l, u, s, d;
638
+ const { id: a } = n.req.valid("param"), o = ((l = e.accessControl) == null ? void 0 : l.controlPlaneTenantId) ?? ((u = n.env.data.multiTenancyConfig) == null ? void 0 : u.controlPlaneTenantId);
639
639
  if (o) {
640
- const d = r.var.user;
641
- if (!(d != null && d.sub))
642
- throw new b(401, {
640
+ const m = n.var.user;
641
+ if (!(m != null && m.sub))
642
+ throw new P(401, {
643
643
  message: "Authentication required"
644
644
  });
645
- if (s === o)
646
- throw new b(403, {
645
+ if (a === o)
646
+ throw new P(403, {
647
647
  message: "Cannot delete the control plane"
648
648
  });
649
- if (!(await D(
650
- (w) => r.env.data.userOrganizations.listUserOrganizations(
649
+ if (!(await q(
650
+ (g) => n.env.data.userOrganizations.listUserOrganizations(
651
651
  o,
652
- d.sub,
653
- w
652
+ m.sub,
653
+ g
654
654
  ),
655
655
  "organizations"
656
- )).some((w) => w.name === s))
657
- throw new b(403, {
656
+ )).some((g) => g.name === a))
657
+ throw new P(403, {
658
658
  message: "Access denied to this tenant"
659
659
  });
660
660
  }
661
- if (!await r.env.data.tenants.get(s))
662
- throw new b(404, {
661
+ if (!await n.env.data.tenants.get(a))
662
+ throw new P(404, {
663
663
  message: "Tenant not found"
664
664
  });
665
- const c = {
666
- adapters: r.env.data,
667
- ctx: r
665
+ const i = {
666
+ adapters: n.env.data,
667
+ ctx: n
668
668
  };
669
- return (u = t.tenants) != null && u.beforeDelete && await t.tenants.beforeDelete(c, s), await r.env.data.tenants.remove(s), (g = t.tenants) != null && g.afterDelete && await t.tenants.afterDelete(c, s), r.body(null, 204);
669
+ return (s = t.tenants) != null && s.beforeDelete && await t.tenants.beforeDelete(i, a), await n.env.data.tenants.remove(a), (d = t.tenants) != null && d.afterDelete && await t.tenants.afterDelete(i, a), n.body(null, 204);
670
670
  }
671
- ), n.openapi(
671
+ ), r.openapi(
672
672
  M({
673
673
  tags: ["tenants", "settings"],
674
674
  method: "get",
@@ -687,22 +687,22 @@ function N(e, t) {
687
687
  200: {
688
688
  content: {
689
689
  "application/json": {
690
- schema: O
690
+ schema: D
691
691
  }
692
692
  },
693
693
  description: "Current tenant settings"
694
694
  }
695
695
  }
696
696
  }),
697
- async (r) => {
698
- const s = await r.env.data.tenants.get(r.var.tenant_id);
699
- if (!s)
700
- throw new b(404, {
697
+ async (n) => {
698
+ const a = await n.env.data.tenants.get(n.var.tenant_id);
699
+ if (!a)
700
+ throw new P(404, {
701
701
  message: "Tenant not found"
702
702
  });
703
- return r.json(s);
703
+ return n.json(a);
704
704
  }
705
- ), n.openapi(
705
+ ), r.openapi(
706
706
  M({
707
707
  tags: ["tenants", "settings"],
708
708
  method: "patch",
@@ -728,29 +728,29 @@ function N(e, t) {
728
728
  200: {
729
729
  content: {
730
730
  "application/json": {
731
- schema: O
731
+ schema: D
732
732
  }
733
733
  },
734
734
  description: "Updated tenant settings"
735
735
  }
736
736
  }
737
737
  }),
738
- async (r) => {
739
- const s = r.req.valid("json"), { id: o, ...i } = s, c = await r.env.data.tenants.get(r.var.tenant_id);
740
- if (!c)
741
- throw new b(404, {
738
+ async (n) => {
739
+ const a = n.req.valid("json"), { id: o, ...c } = a, i = await n.env.data.tenants.get(n.var.tenant_id);
740
+ if (!i)
741
+ throw new P(404, {
742
742
  message: "Tenant not found"
743
743
  });
744
- const l = ie(c, i);
745
- await r.env.data.tenants.update(r.var.tenant_id, l);
746
- const a = await r.env.data.tenants.get(r.var.tenant_id);
747
- if (!a)
748
- throw new b(500, {
744
+ const l = ie(i, c);
745
+ await n.env.data.tenants.update(n.var.tenant_id, l);
746
+ const u = await n.env.data.tenants.get(n.var.tenant_id);
747
+ if (!u)
748
+ throw new P(500, {
749
749
  message: "Failed to retrieve updated tenant"
750
750
  });
751
- return r.json(a);
751
+ return n.json(u);
752
752
  }
753
- ), n;
753
+ ), r;
754
754
  }
755
755
  function _e(e) {
756
756
  const t = [
@@ -761,27 +761,27 @@ function _e(e) {
761
761
  { pattern: /\/api\/v2\/roles\/([^/]+)$/, type: "role" },
762
762
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
763
763
  ];
764
- for (const { pattern: n, type: r } of t) {
765
- const s = e.match(n);
766
- if (s && s[1])
767
- return { type: r, id: s[1] };
764
+ for (const { pattern: r, type: n } of t) {
765
+ const a = e.match(r);
766
+ if (a && a[1])
767
+ return { type: n, id: a[1] };
768
768
  }
769
769
  return null;
770
770
  }
771
- async function Ce(e, t, n) {
771
+ async function Te(e, t, r) {
772
772
  try {
773
- switch (n.type) {
773
+ switch (r.type) {
774
774
  case "resource_server": {
775
- const r = await e.resourceServers.get(t, n.id);
776
- return (r == null ? void 0 : r.is_system) === !0;
775
+ const n = await e.resourceServers.get(t, r.id);
776
+ return (n == null ? void 0 : n.is_system) === !0;
777
777
  }
778
778
  case "role": {
779
- const r = await e.roles.get(t, n.id);
780
- return (r == null ? void 0 : r.is_system) === !0;
779
+ const n = await e.roles.get(t, r.id);
780
+ return (n == null ? void 0 : n.is_system) === !0;
781
781
  }
782
782
  case "connection": {
783
- const r = await e.connections.get(t, n.id);
784
- return (r == null ? void 0 : r.is_system) === !0;
783
+ const n = await e.connections.get(t, r.id);
784
+ return (n == null ? void 0 : n.is_system) === !0;
785
785
  }
786
786
  default:
787
787
  return !1;
@@ -790,481 +790,509 @@ async function Ce(e, t, n) {
790
790
  return !1;
791
791
  }
792
792
  }
793
- function Te(e) {
793
+ function Ce(e) {
794
794
  return {
795
795
  resource_server: "resource server",
796
796
  role: "role",
797
797
  connection: "connection"
798
798
  }[e];
799
799
  }
800
- function be() {
800
+ function Pe() {
801
801
  return async (e, t) => {
802
802
  if (!["PATCH", "PUT", "DELETE"].includes(e.req.method))
803
803
  return t();
804
- const n = _e(e.req.path);
805
- if (!n)
806
- return t();
807
- const r = e.var.tenant_id || e.req.header("x-tenant-id") || e.req.header("tenant-id");
804
+ const r = _e(e.req.path);
808
805
  if (!r)
809
806
  return t();
810
- if (await Ce(e.env.data, r, n))
811
- throw new b(403, {
812
- message: `This ${Te(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
807
+ const n = e.var.tenant_id || e.req.header("x-tenant-id") || e.req.header("tenant-id");
808
+ if (!n)
809
+ return t();
810
+ if (await Te(e.env.data, n, r))
811
+ throw new P(403, {
812
+ message: `This ${Ce(r.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
813
813
  });
814
814
  return t();
815
815
  };
816
816
  }
817
- function B(e, t) {
818
- const n = t.find(
819
- (s) => s.strategy === e.strategy
817
+ function N(e, t) {
818
+ const r = t.find(
819
+ (a) => a.strategy === e.strategy
820
820
  );
821
- if (!(n != null && n.options))
821
+ if (!(r != null && r.options))
822
822
  return e;
823
- const r = ce.passthrough().parse({
824
- ...n,
823
+ const n = ce.passthrough().parse({
824
+ ...r,
825
825
  ...e
826
826
  });
827
- return r.options = le.passthrough().parse({
828
- ...n.options || {},
827
+ return n.options = le.passthrough().parse({
828
+ ...r.options || {},
829
829
  ...e.options
830
- }), r;
830
+ }), n;
831
831
  }
832
- function q(e, t) {
833
- const n = [...t || [], ...e || []];
834
- return [...new Set(n)];
832
+ function O(e, t) {
833
+ const r = [...t || [], ...e || []];
834
+ return [...new Set(r)];
835
835
  }
836
- function Pe(e, t) {
836
+ function be(e, t) {
837
837
  if (!(t != null && t.length))
838
838
  return e || [];
839
839
  if (!(e != null && e.length))
840
840
  return t;
841
- const n = /* @__PURE__ */ new Map();
842
- for (const r of t)
843
- n.set(r.value, r);
844
- for (const r of e)
845
- n.set(r.value, r);
846
- return Array.from(n.values());
841
+ const r = /* @__PURE__ */ new Map();
842
+ for (const n of t)
843
+ r.set(n.value, n);
844
+ for (const n of e)
845
+ r.set(n.value, n);
846
+ return Array.from(r.values());
847
847
  }
848
848
  function V(e, t) {
849
849
  return t ? {
850
850
  ...e,
851
- scopes: Pe(
851
+ scopes: be(
852
852
  e.scopes,
853
853
  t.scopes
854
854
  )
855
855
  } : e;
856
856
  }
857
- function J(e, t) {
857
+ function Oe(e, t) {
858
858
  return t ? {
859
859
  ...e,
860
- callbacks: q(e.callbacks, t.callbacks),
861
- web_origins: q(
860
+ callbacks: O(e.callbacks, t.callbacks),
861
+ web_origins: O(
862
862
  e.web_origins,
863
863
  t.web_origins
864
864
  ),
865
- allowed_logout_urls: q(
865
+ allowed_logout_urls: O(
866
866
  e.allowed_logout_urls,
867
867
  t.allowed_logout_urls
868
868
  ),
869
- allowed_origins: q(
869
+ allowed_origins: O(
870
870
  e.allowed_origins,
871
871
  t.allowed_origins
872
872
  )
873
873
  } : e;
874
874
  }
875
+ function Z(e) {
876
+ const { controlPlaneTenantId: t, controlPlaneClientId: r, resolveControlPlane: n } = e;
877
+ if (n)
878
+ return async (o) => n({ tenant_id: o });
879
+ if (!t)
880
+ return async () => {
881
+ };
882
+ const a = {
883
+ tenantId: t,
884
+ clientId: r
885
+ };
886
+ return async () => a;
887
+ }
875
888
  function x(e, t) {
876
889
  return {
877
890
  ...e.resourceServers,
878
- get: async (n, r) => {
879
- const s = await e.resourceServers.get(
880
- n,
881
- r
891
+ get: async (r, n) => {
892
+ const a = await e.resourceServers.get(
893
+ r,
894
+ n
882
895
  );
883
- if (!s || !t || n === t || !s.is_system)
884
- return s;
885
- const o = await e.resourceServers.get(
886
- t,
887
- r
896
+ if (!a)
897
+ return a;
898
+ const o = await t(r);
899
+ if (!o || r === o.tenantId || !a.is_system)
900
+ return a;
901
+ const c = await e.resourceServers.get(
902
+ o.tenantId,
903
+ n
888
904
  );
889
905
  return V(
890
- s,
891
- o
906
+ a,
907
+ c
892
908
  );
893
909
  },
894
- list: async (n, r) => {
895
- const s = await e.resourceServers.list(n, r);
896
- if (!t || n === t)
897
- return s;
898
- const o = t, i = s.resource_servers.filter(
899
- (a) => !!(a.is_system && a.id)
900
- ).map((a) => a.id);
910
+ list: async (r, n) => {
911
+ const a = await e.resourceServers.list(r, n), o = await t(r);
912
+ if (!o || r === o.tenantId)
913
+ return a;
914
+ const c = o.tenantId, i = a.resource_servers.filter(
915
+ (s) => !!(s.is_system && s.id)
916
+ ).map((s) => s.id);
901
917
  if (i.length === 0)
902
- return s;
903
- const c = /* @__PURE__ */ new Map();
918
+ return a;
919
+ const l = /* @__PURE__ */ new Map();
904
920
  await Promise.all(
905
- i.map(async (a) => {
906
- const u = await e.resourceServers.get(o, a);
907
- u && c.set(a, u);
921
+ i.map(async (s) => {
922
+ const d = await e.resourceServers.get(c, s);
923
+ d && l.set(s, d);
908
924
  })
909
925
  );
910
- const l = s.resource_servers.map(
911
- (a) => a.is_system && a.id ? V(
912
- a,
913
- c.get(a.id) ?? null
914
- ) : a
926
+ const u = a.resource_servers.map(
927
+ (s) => s.is_system && s.id ? V(
928
+ s,
929
+ l.get(s.id) ?? null
930
+ ) : s
915
931
  );
916
932
  return {
917
- ...s,
918
- resource_servers: l
933
+ ...a,
934
+ resource_servers: u
919
935
  };
920
936
  }
921
937
  };
922
938
  }
923
- function Ae(e, t) {
939
+ function Ie(e, t) {
940
+ const r = Z({
941
+ controlPlaneTenantId: t.controlPlaneTenantId,
942
+ resolveControlPlane: t.resolveControlPlane
943
+ });
924
944
  return {
925
945
  ...e,
926
946
  resourceServers: x(
927
947
  e,
928
- t.controlPlaneTenantId
948
+ r
929
949
  )
930
950
  };
931
951
  }
932
- function Se(e, t) {
933
- const { controlPlaneTenantId: n, controlPlaneClientId: r } = t;
952
+ function Ae(e, t) {
953
+ const { controlPlaneTenantId: r, controlPlaneClientId: n, resolveControlPlane: a } = t, o = Z({
954
+ controlPlaneTenantId: r,
955
+ controlPlaneClientId: n,
956
+ resolveControlPlane: a
957
+ });
934
958
  return {
935
959
  ...e,
936
- // Store config for use by tenants route access control
960
+ // Store the static config for use by tenants route access control.
961
+ // Per-tenant inheritance overrides do NOT affect access-control values —
962
+ // those intentionally use a single global control plane id. The resolver
963
+ // is exposed here so runtime helpers (e.g. `getEnrichedClient`) can
964
+ // consult it before merging control-plane URLs.
937
965
  multiTenancyConfig: {
938
- controlPlaneTenantId: n,
939
- controlPlaneClientId: r
966
+ controlPlaneTenantId: r,
967
+ controlPlaneClientId: n,
968
+ resolveControlPlane: a
940
969
  },
941
970
  connections: {
942
971
  ...e.connections,
943
- get: async (s, o) => {
944
- const i = await e.connections.get(
945
- s,
946
- o
972
+ get: async (c, i) => {
973
+ const l = await e.connections.get(
974
+ c,
975
+ i
947
976
  );
948
- if (!i || !n || s === n)
949
- return i;
950
- const c = await e.connections.list(n);
951
- return B(
952
- i,
953
- c.connections || []
977
+ if (!l)
978
+ return l;
979
+ const u = await o(c);
980
+ if (!u || c === u.tenantId)
981
+ return l;
982
+ const s = await e.connections.list(
983
+ u.tenantId
984
+ );
985
+ return N(
986
+ l,
987
+ s.connections || []
954
988
  );
955
989
  },
956
- list: async (s, o) => {
957
- const i = await e.connections.list(s, o);
958
- if (!n || s === n)
959
- return i;
960
- const c = await e.connections.list(n), l = i.connections.map(
961
- (a) => B(
962
- a,
963
- c.connections || []
990
+ list: async (c, i) => {
991
+ const l = await e.connections.list(c, i), u = await o(c);
992
+ if (!u || c === u.tenantId)
993
+ return l;
994
+ const s = await e.connections.list(
995
+ u.tenantId
996
+ ), d = l.connections.map(
997
+ (m) => N(
998
+ m,
999
+ s.connections || []
964
1000
  )
965
1001
  );
966
1002
  return {
967
- ...i,
968
- connections: l
1003
+ ...l,
1004
+ connections: d
969
1005
  };
970
1006
  }
971
1007
  },
972
1008
  clientConnections: {
973
1009
  ...e.clientConnections,
974
- listByClient: async (s, o) => {
975
- let i = await e.clientConnections.listByClient(
976
- s,
977
- o
1010
+ listByClient: async (c, i) => {
1011
+ let l = await e.clientConnections.listByClient(
1012
+ c,
1013
+ i
978
1014
  );
979
- if (i.length === 0 && (i = (await e.connections.list(s)).connections || []), !n || s === n)
980
- return i;
981
- const c = await e.connections.list(n);
982
- return i.map(
983
- (l) => B(
984
- l,
985
- c.connections || []
986
- )
1015
+ l.length === 0 && (l = (await e.connections.list(c)).connections || []);
1016
+ const u = await o(c);
1017
+ if (!u || c === u.tenantId)
1018
+ return l;
1019
+ const s = await e.connections.list(
1020
+ u.tenantId
987
1021
  );
988
- }
989
- },
990
- clients: {
991
- ...e.clients,
992
- get: async (s, o) => {
993
- const i = await e.clients.get(s, o);
994
- if (!i)
995
- return null;
996
- if (!n || !r || s === n && o === r)
997
- return i;
998
- const c = await e.clients.get(
999
- n,
1000
- r
1001
- );
1002
- return J(i, c);
1003
- },
1004
- getByClientId: async (s) => {
1005
- const o = await e.clients.getByClientId(s);
1006
- if (!o)
1007
- return null;
1008
- if (!n || !r || o.tenant_id === n && o.client_id === r)
1009
- return o;
1010
- const i = await e.clients.get(
1011
- n,
1012
- r
1022
+ return l.map(
1023
+ (d) => N(
1024
+ d,
1025
+ s.connections || []
1026
+ )
1013
1027
  );
1014
- return {
1015
- ...J(o, i),
1016
- tenant_id: o.tenant_id
1017
- };
1018
1028
  }
1019
1029
  },
1030
+ // Note: clients.get / getByClientId are intentionally NOT wrapped here.
1031
+ // Storage reads must return the tenant's own stored URLs so that the
1032
+ // management API and DCR don't echo control-plane callbacks back on
1033
+ // update. Runtime URL merging for auth flows happens in
1034
+ // `getEnrichedClient` (packages/authhero/src/helpers/client.ts).
1020
1035
  emailProviders: {
1021
1036
  ...e.emailProviders,
1022
- get: async (s) => {
1023
- const o = await e.emailProviders.get(s);
1024
- return o || (!n || s === n ? null : e.emailProviders.get(n));
1037
+ get: async (c) => {
1038
+ const i = await e.emailProviders.get(c);
1039
+ if (i)
1040
+ return i;
1041
+ const l = await o(c);
1042
+ return !l || c === l.tenantId ? null : e.emailProviders.get(l.tenantId);
1025
1043
  }
1026
1044
  },
1027
1045
  resourceServers: x(
1028
1046
  e,
1029
- n
1047
+ o
1030
1048
  ),
1031
- hooks: Ie(e, n)
1049
+ hooks: Se(e, o)
1032
1050
  // Note: Additional adapters can be extended here for runtime fallback:
1033
1051
  // - promptSettings: Fall back to control plane prompts
1034
1052
  // - branding: Fall back to control plane branding/themes
1035
1053
  };
1036
1054
  }
1037
- function X(e) {
1055
+ function J(e) {
1038
1056
  if (!e || typeof e != "object") return !1;
1039
1057
  const t = e.metadata;
1040
1058
  return !t || typeof t != "object" ? !1 : t.inheritable === !0;
1041
1059
  }
1042
- function Ie(e, t) {
1060
+ function Se(e, t) {
1043
1061
  return {
1044
1062
  ...e.hooks,
1045
- list: async (n, r) => {
1046
- const s = await e.hooks.list(n, r);
1047
- if (!t || n === t)
1048
- return s;
1063
+ list: async (r, n) => {
1064
+ const a = await e.hooks.list(r, n), o = await t(r);
1065
+ if (!o || r === o.tenantId)
1066
+ return a;
1049
1067
  const i = ((await e.hooks.list(
1050
- t,
1051
- r
1068
+ o.tenantId,
1069
+ n
1052
1070
  )).hooks || []).filter(
1053
- X
1071
+ J
1054
1072
  );
1055
1073
  if (i.length === 0)
1056
- return s;
1057
- const c = new Set((s.hooks || []).map((a) => a.hook_id)), l = i.filter((a) => !c.has(a.hook_id));
1074
+ return a;
1075
+ const l = new Set((a.hooks || []).map((s) => s.hook_id)), u = i.filter((s) => !l.has(s.hook_id));
1058
1076
  return {
1059
- ...s,
1060
- hooks: [...s.hooks || [], ...l],
1061
- length: typeof s.length == "number" ? s.length + l.length : s.length
1077
+ ...a,
1078
+ hooks: [...a.hooks || [], ...u],
1079
+ length: typeof a.length == "number" ? a.length + u.length : a.length
1062
1080
  };
1063
1081
  },
1064
- get: async (n, r) => {
1065
- const s = await e.hooks.get(n, r);
1066
- if (s || !t || n === t)
1067
- return s;
1068
- const o = await e.hooks.get(
1069
- t,
1070
- r
1082
+ get: async (r, n) => {
1083
+ const a = await e.hooks.get(r, n);
1084
+ if (a) return a;
1085
+ const o = await t(r);
1086
+ if (!o || r === o.tenantId)
1087
+ return a;
1088
+ const c = await e.hooks.get(
1089
+ o.tenantId,
1090
+ n
1071
1091
  );
1072
- return o && X(o) ? o : null;
1092
+ return c && J(c) ? c : null;
1073
1093
  }
1074
1094
  };
1075
1095
  }
1076
1096
  function ee(e, t) {
1077
- return Se(e, t);
1097
+ return Ae(e, t);
1078
1098
  }
1079
1099
  function Re(e) {
1080
- return async (t, n) => {
1081
- const r = t.var.user;
1082
- return (r == null ? void 0 : r.tenant_id) === e && r.org_name && t.set("tenant_id", r.org_name), n();
1100
+ return async (t, r) => {
1101
+ const n = t.var.user;
1102
+ return (n == null ? void 0 : n.tenant_id) === e && n.org_name && t.set("tenant_id", n.org_name), r();
1083
1103
  };
1084
1104
  }
1085
1105
  function ze(e) {
1086
- return async (t, n) => {
1106
+ return async (t, r) => {
1087
1107
  if (!e.accessControl)
1088
- return n();
1089
- const { controlPlaneTenantId: r } = e.accessControl, s = t.var.org_name, o = t.var.organization_id, i = s || o;
1090
- let c = t.var.tenant_id;
1091
- const l = t.var.user, u = (l != null && l.aud ? Array.isArray(l.aud) ? l.aud : [l.aud] : []).includes(Y);
1092
- if (!c && i && u && (t.set("tenant_id", i), c = i), !c)
1093
- throw new b(400, {
1108
+ return r();
1109
+ const { controlPlaneTenantId: n } = e.accessControl, a = t.var.org_name, o = t.var.organization_id, c = a || o;
1110
+ let i = t.var.tenant_id;
1111
+ const l = t.var.user, s = (l != null && l.aud ? Array.isArray(l.aud) ? l.aud : [l.aud] : []).includes(X);
1112
+ if (!i && c && s && (t.set("tenant_id", c), i = c), !i)
1113
+ throw new P(400, {
1094
1114
  message: "Tenant ID not found in request"
1095
1115
  });
1096
1116
  if (!me(
1097
1117
  o,
1098
- c,
1099
- r,
1100
- s
1118
+ i,
1119
+ n,
1120
+ a
1101
1121
  ))
1102
- throw new b(403, {
1103
- message: `Access denied to tenant ${c}`
1122
+ throw new P(403, {
1123
+ message: `Access denied to tenant ${i}`
1104
1124
  });
1105
- return n();
1125
+ return r();
1106
1126
  };
1107
1127
  }
1108
1128
  function $e(e) {
1109
- return async (t, n) => {
1129
+ return async (t, r) => {
1110
1130
  if (!e.subdomainRouting)
1111
- return n();
1131
+ return r();
1112
1132
  const {
1113
- baseDomain: r,
1114
- reservedSubdomains: s = [],
1133
+ baseDomain: n,
1134
+ reservedSubdomains: a = [],
1115
1135
  resolveSubdomain: o
1116
- } = e.subdomainRouting, i = t.req.header("x-forwarded-host") || t.req.header("host") || "";
1117
- let c = null;
1118
- if (i.endsWith(r)) {
1119
- const a = i.slice(0, -(r.length + 1));
1120
- a && !a.includes(".") && (c = a);
1136
+ } = e.subdomainRouting, c = t.req.header("x-forwarded-host") || t.req.header("host") || "";
1137
+ let i = null;
1138
+ if (c.endsWith(n)) {
1139
+ const u = c.slice(0, -(n.length + 1));
1140
+ u && !u.includes(".") && (i = u);
1121
1141
  }
1122
- if (c && s.includes(c) && (c = null), !c)
1123
- return e.accessControl && t.set("tenant_id", e.accessControl.controlPlaneTenantId), n();
1142
+ if (i && a.includes(i) && (i = null), !i)
1143
+ return e.accessControl && t.set("tenant_id", e.accessControl.controlPlaneTenantId), r();
1124
1144
  let l = null;
1125
1145
  if (o)
1126
- l = await o(c);
1146
+ l = await o(i);
1127
1147
  else if (e.subdomainRouting.useOrganizations !== !1 && e.accessControl)
1128
1148
  try {
1129
- const a = await t.env.data.organizations.get(
1149
+ const u = await t.env.data.organizations.get(
1130
1150
  e.accessControl.controlPlaneTenantId,
1131
- c
1151
+ i
1132
1152
  );
1133
- a && (l = a.id);
1153
+ u && (l = u.id);
1134
1154
  } catch {
1135
1155
  }
1136
1156
  if (!l)
1137
- throw new b(404, {
1138
- message: `Tenant not found for subdomain: ${c}`
1157
+ throw new P(404, {
1158
+ message: `Tenant not found for subdomain: ${i}`
1139
1159
  });
1140
- return t.set("tenant_id", l), n();
1160
+ return t.set("tenant_id", l), r();
1141
1161
  };
1142
1162
  }
1143
1163
  function je(e) {
1144
- return async (t, n) => {
1164
+ return async (t, r) => {
1145
1165
  if (!e.databaseIsolation)
1146
- return n();
1147
- const r = t.var.tenant_id;
1148
- if (!r)
1149
- throw new b(400, {
1166
+ return r();
1167
+ const n = t.var.tenant_id;
1168
+ if (!n)
1169
+ throw new P(400, {
1150
1170
  message: "Tenant ID not found in request"
1151
1171
  });
1152
1172
  try {
1153
- const s = await e.databaseIsolation.getAdapters(r);
1154
- t.env.data = s;
1155
- } catch (s) {
1173
+ const a = await e.databaseIsolation.getAdapters(n);
1174
+ t.env.data = a;
1175
+ } catch (a) {
1156
1176
  throw console.error(
1157
- `Failed to resolve database for tenant ${r}:`,
1158
- s
1159
- ), new b(500, {
1177
+ `Failed to resolve database for tenant ${n}:`,
1178
+ a
1179
+ ), new P(500, {
1160
1180
  message: "Failed to resolve tenant database"
1161
1181
  });
1162
1182
  }
1163
- return n();
1183
+ return r();
1164
1184
  };
1165
1185
  }
1166
1186
  function te(e) {
1167
- const t = $e(e), n = ze(e), r = je(e);
1168
- return async (s, o) => (await t(s, async () => {
1169
- }), await n(s, async () => {
1170
- }), await r(s, async () => {
1187
+ const t = $e(e), r = ze(e), n = je(e);
1188
+ return async (a, o) => (await t(a, async () => {
1189
+ }), await r(a, async () => {
1190
+ }), await n(a, async () => {
1171
1191
  }), o());
1172
1192
  }
1173
- function qe(e) {
1193
+ function Ee(e) {
1174
1194
  const {
1175
1195
  dataAdapter: t,
1176
- controlPlane: n,
1196
+ controlPlane: r,
1177
1197
  controlPlane: {
1178
- tenantId: r = "control_plane",
1179
- clientId: s
1198
+ tenantId: n = "control_plane",
1199
+ clientId: a
1180
1200
  } = {},
1181
- sync: o = { resourceServers: !0, roles: !0 },
1201
+ resolveControlPlane: o,
1202
+ sync: c = { resourceServers: !0, roles: !0 },
1182
1203
  defaultPermissions: i = ["tenant:admin"],
1183
- requireOrganizationMatch: c = !1,
1184
- managementApiExtensions: l = [],
1185
- entityHooks: a,
1186
- getChildTenantIds: u,
1187
- getAdapters: g,
1188
- ...d
1204
+ requireOrganizationMatch: l = !1,
1205
+ managementApiExtensions: u = [],
1206
+ entityHooks: s,
1207
+ getChildTenantIds: d,
1208
+ getAdapters: m,
1209
+ ...w
1189
1210
  } = e;
1190
- let m = t, f = t;
1191
- n && (m = ee(t, {
1192
- controlPlaneTenantId: r,
1193
- controlPlaneClientId: s
1194
- }), f = {
1195
- ...Ae(t, {
1196
- controlPlaneTenantId: r
1211
+ if (o && !r)
1212
+ throw new Error(
1213
+ "initMultiTenant: `resolveControlPlane` requires `controlPlane` to be set. The static `controlPlane.tenantId` is used for access control, sync direction, and tenant management routing; the resolver only overrides per-tenant runtime inheritance lookups on top of it."
1214
+ );
1215
+ let f = t, g = t;
1216
+ r && (f = ee(t, {
1217
+ controlPlaneTenantId: n,
1218
+ controlPlaneClientId: a,
1219
+ resolveControlPlane: o
1220
+ }), g = {
1221
+ ...Ie(t, {
1222
+ controlPlaneTenantId: n,
1223
+ resolveControlPlane: o
1197
1224
  }),
1198
1225
  multiTenancyConfig: {
1199
- controlPlaneTenantId: r,
1200
- controlPlaneClientId: s
1226
+ controlPlaneTenantId: n,
1227
+ controlPlaneClientId: a,
1228
+ resolveControlPlane: o
1201
1229
  }
1202
1230
  });
1203
- const w = o !== !1, T = w ? {
1204
- resourceServers: o.resourceServers ?? !0,
1205
- roles: o.roles ?? !0
1206
- } : { resourceServers: !1, roles: !1 }, P = {
1207
- controlPlaneTenantId: r,
1208
- getChildTenantIds: u ?? (async () => (await D(
1209
- (v) => m.tenants.list(v),
1231
+ const _ = c !== !1, h = _ ? {
1232
+ resourceServers: c.resourceServers ?? !0,
1233
+ roles: c.roles ?? !0
1234
+ } : { resourceServers: !1, roles: !1 }, z = {
1235
+ controlPlaneTenantId: n,
1236
+ getChildTenantIds: d ?? (async () => (await q(
1237
+ (y) => f.tenants.list(y),
1210
1238
  "tenants",
1211
1239
  { cursorField: "id", pageSize: 100 }
1212
- )).filter((v) => v.id !== r).map((v) => v.id)),
1213
- getAdapters: g ?? (async () => m),
1214
- getControlPlaneAdapters: async () => m,
1215
- sync: T
1216
- }, { entityHooks: I, tenantHooks: h } = ve(P), C = {
1240
+ )).filter((y) => y.id !== n).map((y) => y.id)),
1241
+ getAdapters: m ?? (async () => f),
1242
+ getControlPlaneAdapters: async () => f,
1243
+ sync: h
1244
+ }, { entityHooks: v, tenantHooks: p } = ve(z), C = {
1217
1245
  resourceServers: [
1218
- I.resourceServers,
1219
- ...(a == null ? void 0 : a.resourceServers) ?? []
1246
+ v.resourceServers,
1247
+ ...(s == null ? void 0 : s.resourceServers) ?? []
1220
1248
  ],
1221
- roles: [I.roles, ...(a == null ? void 0 : a.roles) ?? []],
1222
- connections: (a == null ? void 0 : a.connections) ?? [],
1223
- tenants: (a == null ? void 0 : a.tenants) ?? [],
1224
- rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
1225
- }, p = Z({
1249
+ roles: [v.roles, ...(s == null ? void 0 : s.roles) ?? []],
1250
+ connections: (s == null ? void 0 : s.connections) ?? [],
1251
+ tenants: (s == null ? void 0 : s.tenants) ?? [],
1252
+ rolePermissions: (s == null ? void 0 : s.rolePermissions) ?? []
1253
+ }, I = Y({
1226
1254
  accessControl: {
1227
- controlPlaneTenantId: r,
1228
- requireOrganizationMatch: c,
1255
+ controlPlaneTenantId: n,
1256
+ requireOrganizationMatch: l,
1229
1257
  defaultPermissions: i
1230
1258
  }
1231
- }), $ = N(
1259
+ }), k = B(
1232
1260
  {
1233
1261
  accessControl: {
1234
- controlPlaneTenantId: r,
1235
- requireOrganizationMatch: c,
1262
+ controlPlaneTenantId: n,
1263
+ requireOrganizationMatch: l,
1236
1264
  defaultPermissions: i
1237
1265
  }
1238
1266
  },
1239
1267
  { tenants: {
1240
- async beforeCreate(A, v) {
1241
- return p.beforeCreate && (v = await p.beforeCreate(A, v)), h.beforeCreate && (v = await h.beforeCreate(A, v)), v;
1268
+ async beforeCreate(A, y) {
1269
+ return I.beforeCreate && (y = await I.beforeCreate(A, y)), p.beforeCreate && (y = await p.beforeCreate(A, y)), y;
1242
1270
  },
1243
- async afterCreate(A, v) {
1244
- var j, z;
1245
- await ((j = p.afterCreate) == null ? void 0 : j.call(p, A, v)), await ((z = h.afterCreate) == null ? void 0 : z.call(h, A, v));
1271
+ async afterCreate(A, y) {
1272
+ var $, R;
1273
+ await (($ = I.afterCreate) == null ? void 0 : $.call(I, A, y)), await ((R = p.afterCreate) == null ? void 0 : R.call(p, A, y));
1246
1274
  },
1247
- async beforeDelete(A, v) {
1248
- var j, z;
1249
- await ((j = p.beforeDelete) == null ? void 0 : j.call(p, A, v)), await ((z = h.beforeDelete) == null ? void 0 : z.call(h, A, v));
1275
+ async beforeDelete(A, y) {
1276
+ var $, R;
1277
+ await (($ = I.beforeDelete) == null ? void 0 : $.call(I, A, y)), await ((R = p.beforeDelete) == null ? void 0 : R.call(p, A, y));
1250
1278
  }
1251
1279
  } }
1252
- ), { app: R } = ue({
1253
- dataAdapter: m,
1254
- managementDataAdapter: f,
1255
- ...d,
1280
+ ), { app: F } = ue({
1281
+ dataAdapter: f,
1282
+ managementDataAdapter: g,
1283
+ ...w,
1256
1284
  entityHooks: C,
1257
1285
  managementApiExtensions: [
1258
- ...l,
1259
- { path: "/tenants", router: $ }
1286
+ ...u,
1287
+ { path: "/tenants", router: k }
1260
1288
  ]
1261
1289
  });
1262
- return R.use(
1290
+ return F.use(
1263
1291
  "/api/v2/*",
1264
- Re(r)
1265
- ), w && R.use("/api/v2/*", be()), { app: R, controlPlaneTenantId: r };
1292
+ Re(n)
1293
+ ), _ && F.use("/api/v2/*", Pe()), { app: F, controlPlaneTenantId: n };
1266
1294
  }
1267
- function Ee(e) {
1295
+ function Ne(e) {
1268
1296
  const t = U(e);
1269
1297
  return {
1270
1298
  name: "multi-tenancy",
@@ -1276,7 +1304,7 @@ function Ee(e) {
1276
1304
  routes: [
1277
1305
  {
1278
1306
  path: "/management",
1279
- handler: N(e, t)
1307
+ handler: B(e, t)
1280
1308
  }
1281
1309
  ],
1282
1310
  // Called when plugin is registered
@@ -1290,22 +1318,22 @@ function Ee(e) {
1290
1318
  };
1291
1319
  }
1292
1320
  function U(e) {
1293
- const t = e.accessControl ? fe(e.accessControl) : {}, n = e.databaseIsolation ? ge(e.databaseIsolation) : {}, r = Z(e);
1321
+ const t = e.accessControl ? fe(e.accessControl) : {}, r = e.databaseIsolation ? ge(e.databaseIsolation) : {}, n = Y(e);
1294
1322
  return {
1295
1323
  ...t,
1296
- ...n,
1297
- tenants: r
1324
+ ...r,
1325
+ tenants: n
1298
1326
  };
1299
1327
  }
1300
- function Fe(e) {
1301
- const t = new se(), n = U(e);
1302
- return t.route("/tenants", N(e, n)), t;
1328
+ function ke(e) {
1329
+ const t = new ae(), r = U(e);
1330
+ return t.route("/tenants", B(e, r)), t;
1303
1331
  }
1304
1332
  function Be(e) {
1305
1333
  return {
1306
1334
  hooks: U(e),
1307
1335
  middleware: te(e),
1308
- app: Fe(e),
1336
+ app: ke(e),
1309
1337
  config: e,
1310
1338
  /**
1311
1339
  * Wraps data adapters with runtime fallback from the control plane.
@@ -1315,11 +1343,11 @@ function Be(e) {
1315
1343
  * @param additionalConfig - Additional config (controlPlaneClientId, etc.)
1316
1344
  * @returns Wrapped adapters with runtime fallback
1317
1345
  */
1318
- wrapAdapters: (t, n) => {
1319
- var r;
1346
+ wrapAdapters: (t, r) => {
1347
+ var n;
1320
1348
  return ee(t, {
1321
- controlPlaneTenantId: (r = e.accessControl) == null ? void 0 : r.controlPlaneTenantId,
1322
- controlPlaneClientId: n == null ? void 0 : n.controlPlaneClientId
1349
+ controlPlaneTenantId: (n = e.accessControl) == null ? void 0 : n.controlPlaneTenantId,
1350
+ controlPlaneClientId: r == null ? void 0 : r.controlPlaneClientId
1323
1351
  });
1324
1352
  }
1325
1353
  };
@@ -1330,19 +1358,20 @@ export {
1330
1358
  Re as createControlPlaneTenantMiddleware,
1331
1359
  ge as createDatabaseHooks,
1332
1360
  je as createDatabaseMiddleware,
1333
- Fe as createMultiTenancy,
1361
+ ke as createMultiTenancy,
1334
1362
  U as createMultiTenancyHooks,
1335
1363
  te as createMultiTenancyMiddleware,
1336
- Ee as createMultiTenancyPlugin,
1337
- be as createProtectSyncedMiddleware,
1338
- Z as createProvisioningHooks,
1339
- Se as createRuntimeFallbackAdapter,
1364
+ Ne as createMultiTenancyPlugin,
1365
+ Pe as createProtectSyncedMiddleware,
1366
+ Y as createProvisioningHooks,
1367
+ Ae as createRuntimeFallbackAdapter,
1340
1368
  $e as createSubdomainMiddleware,
1341
1369
  ve as createSyncHooks,
1342
- N as createTenantsOpenAPIRouter,
1343
- qe as initMultiTenant,
1370
+ B as createTenantsOpenAPIRouter,
1371
+ Ee as initMultiTenant,
1372
+ Oe as mergeClientWithFallback,
1344
1373
  Be as setupMultiTenancy,
1345
1374
  me as validateTenantAccess,
1346
1375
  ee as withRuntimeFallback,
1347
- Ae as withSystemResourceServerInheritance
1376
+ Ie as withSystemResourceServerInheritance
1348
1377
  };