@authhero/multi-tenancy 14.5.0 → 14.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.mjs +391 -413
  3. package/dist/types/index.d.ts +2 -2
  4. package/dist/types/index.d.ts.map +1 -1
  5. package/dist/types/init.d.ts.map +1 -1
  6. package/dist/types/middleware/index.d.ts +2 -2
  7. package/dist/types/middleware/index.d.ts.map +1 -1
  8. package/dist/types/middleware/settings-inheritance.d.ts +8 -12
  9. package/dist/types/middleware/settings-inheritance.d.ts.map +1 -1
  10. package/package.json +4 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,28 +1,28 @@
1
1
  var X = Object.defineProperty;
2
2
  var Y = (t, e, n) => e in t ? X(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var R = (t, e, n) => Y(t, typeof e != "symbol" ? e + "" : e, n);
3
+ var O = (t, e, n) => Y(t, typeof e != "symbol" ? e + "" : e, n);
4
4
  import { Hono as Z } from "hono";
5
- import { MANAGEMENT_API_SCOPES as x, MANAGEMENT_API_AUDIENCE as W, fetchAll as z, auth0QuerySchema as ee, tenantSchema as H, tenantInsertSchema as te, connectionSchema as F, connectionOptionsSchema as O, init as ne } from "authhero";
6
- import { OpenAPIHono as re, createRoute as M, z as S } from "@hono/zod-openapi";
7
- function se(t) {
5
+ import { MANAGEMENT_API_SCOPES as x, MANAGEMENT_API_AUDIENCE as W, fetchAll as F, auth0QuerySchema as ee, tenantSchema as N, tenantInsertSchema as te, connectionSchema as k, connectionOptionsSchema as H, init as ne } from "authhero";
6
+ import { OpenAPIHono as re, createRoute as R, z as S } from "@hono/zod-openapi";
7
+ function ae(t) {
8
8
  const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
9
9
  return {
10
- async onTenantAccessValidation(r, s) {
11
- if (s === e)
10
+ async onTenantAccessValidation(r, a) {
11
+ if (a === e)
12
12
  return !0;
13
13
  if (n) {
14
- const c = r.var.org_name, o = r.var.organization_id, a = c || o;
15
- return a ? a.toLowerCase() === s.toLowerCase() : !1;
14
+ const c = r.var.org_name, d = r.var.organization_id, s = c || d;
15
+ return s ? s.toLowerCase() === a.toLowerCase() : !1;
16
16
  }
17
17
  return !0;
18
18
  }
19
19
  };
20
20
  }
21
- function ae(t, e, n, r) {
21
+ function se(t, e, n, r) {
22
22
  if (e === n)
23
23
  return !0;
24
- const s = r || t;
25
- return s ? s.toLowerCase() === e.toLowerCase() : !1;
24
+ const a = r || t;
25
+ return a ? a.toLowerCase() === e.toLowerCase() : !1;
26
26
  }
27
27
  function oe(t) {
28
28
  return {
@@ -51,19 +51,19 @@ function ce(t) {
51
51
  } : n;
52
52
  },
53
53
  async afterCreate(e, n) {
54
- const { accessControl: r, databaseIsolation: s } = t;
55
- r && e.ctx && await le(e, n, r), s != null && s.onProvision && await s.onProvision(n.id);
54
+ const { accessControl: r, databaseIsolation: a } = t;
55
+ r && e.ctx && await le(e, n, r), a != null && a.onProvision && await a.onProvision(n.id);
56
56
  },
57
57
  async beforeDelete(e, n) {
58
- const { accessControl: r, databaseIsolation: s } = t;
58
+ const { accessControl: r, databaseIsolation: a } = t;
59
59
  if (r)
60
60
  try {
61
- const o = (await e.adapters.organizations.list(
61
+ const d = (await e.adapters.organizations.list(
62
62
  r.controlPlaneTenantId
63
- )).organizations.find((a) => a.name === n);
64
- o && await e.adapters.organizations.remove(
63
+ )).organizations.find((s) => s.name === n);
64
+ d && await e.adapters.organizations.remove(
65
65
  r.controlPlaneTenantId,
66
- o.id
66
+ d.id
67
67
  );
68
68
  } catch (c) {
69
69
  console.warn(
@@ -71,9 +71,9 @@ function ce(t) {
71
71
  c
72
72
  );
73
73
  }
74
- if (s != null && s.onDeprovision)
74
+ if (a != null && a.onDeprovision)
75
75
  try {
76
- await s.onDeprovision(n);
76
+ await a.onDeprovision(n);
77
77
  } catch (c) {
78
78
  console.warn(
79
79
  `Failed to deprovision database for tenant ${n}:`,
@@ -86,12 +86,12 @@ function ce(t) {
86
86
  async function le(t, e, n) {
87
87
  const {
88
88
  controlPlaneTenantId: r,
89
- defaultPermissions: s,
89
+ defaultPermissions: a,
90
90
  defaultRoles: c,
91
- issuer: o,
92
- adminRoleName: a = "Tenant Admin",
93
- adminRoleDescription: d = "Full access to all tenant management operations",
94
- addCreatorToOrganization: u = !0
91
+ issuer: d,
92
+ adminRoleName: s = "Tenant Admin",
93
+ adminRoleDescription: f = "Full access to all tenant management operations",
94
+ addCreatorToOrganization: o = !0
95
95
  } = n, i = await t.adapters.organizations.create(
96
96
  r,
97
97
  {
@@ -99,13 +99,13 @@ async function le(t, e, n) {
99
99
  display_name: e.friendly_name || e.id
100
100
  }
101
101
  );
102
- let f;
103
- if (o && (f = await ue(
102
+ let u;
103
+ if (d && (u = await ue(
104
104
  t,
105
105
  r,
106
- a,
107
- d
108
- )), u && t.ctx) {
106
+ s,
107
+ f
108
+ )), o && t.ctx) {
109
109
  const l = t.ctx.var.user;
110
110
  if (l != null && l.sub && !await de(
111
111
  t,
@@ -116,24 +116,24 @@ async function le(t, e, n) {
116
116
  await t.adapters.userOrganizations.create(r, {
117
117
  user_id: l.sub,
118
118
  organization_id: i.id
119
- }), f && await t.adapters.userRoles.create(
119
+ }), u && await t.adapters.userRoles.create(
120
120
  r,
121
121
  l.sub,
122
- f,
122
+ u,
123
123
  i.id
124
124
  // organizationId
125
125
  );
126
- } catch (g) {
126
+ } catch (p) {
127
127
  console.warn(
128
128
  `Failed to add creator ${l.sub} to organization ${i.id}:`,
129
- g
129
+ p
130
130
  );
131
131
  }
132
132
  }
133
133
  c && c.length > 0 && console.log(
134
134
  `Would assign roles ${c.join(", ")} to organization ${i.id}`
135
- ), s && s.length > 0 && console.log(
136
- `Would grant permissions ${s.join(", ")} to organization ${i.id}`
135
+ ), a && a.length > 0 && console.log(
136
+ `Would grant permissions ${a.join(", ")} to organization ${i.id}`
137
137
  );
138
138
  }
139
139
  async function de(t, e, n) {
@@ -144,73 +144,73 @@ async function de(t, e, n) {
144
144
  ""
145
145
  // Empty string for global roles
146
146
  );
147
- for (const s of r)
147
+ for (const a of r)
148
148
  if ((await t.adapters.rolePermissions.list(
149
149
  e,
150
- s.id,
150
+ a.id,
151
151
  { per_page: 1e3 }
152
152
  )).some(
153
- (a) => a.permission_name === "admin:organizations"
153
+ (s) => s.permission_name === "admin:organizations"
154
154
  ))
155
155
  return !0;
156
156
  return !1;
157
157
  }
158
158
  async function ue(t, e, n, r) {
159
- const c = (await t.adapters.roles.list(e, {})).roles.find((u) => u.name === n);
159
+ const c = (await t.adapters.roles.list(e, {})).roles.find((o) => o.name === n);
160
160
  if (c)
161
161
  return c.id;
162
- const o = await t.adapters.roles.create(e, {
162
+ const d = await t.adapters.roles.create(e, {
163
163
  name: n,
164
164
  description: r
165
- }), a = W, d = x.map((u) => ({
166
- role_id: o.id,
167
- resource_server_identifier: a,
168
- permission_name: u.value
165
+ }), s = W, f = x.map((o) => ({
166
+ role_id: d.id,
167
+ resource_server_identifier: s,
168
+ permission_name: o.value
169
169
  }));
170
170
  return await t.adapters.rolePermissions.assign(
171
171
  e,
172
- o.id,
173
- d
174
- ), o.id;
172
+ d.id,
173
+ f
174
+ ), d.id;
175
175
  }
176
176
  function G(t, e, n = () => !0) {
177
- const { controlPlaneTenantId: r, getChildTenantIds: s, getAdapters: c } = t, o = /* @__PURE__ */ new Map();
178
- async function a(i, f, l) {
179
- return (await e(i).list(f, {
177
+ const { controlPlaneTenantId: r, getChildTenantIds: a, getAdapters: c } = t, d = /* @__PURE__ */ new Map();
178
+ async function s(i, u, l) {
179
+ return (await e(i).list(u, {
180
180
  q: `name:${l}`,
181
181
  per_page: 1
182
182
  }))[0] ?? null;
183
183
  }
184
- async function d(i) {
185
- const f = await s(), l = e(await c(r));
184
+ async function f(i) {
185
+ const u = await a(), l = e(await c(r));
186
186
  await Promise.all(
187
- f.map(async (m) => {
187
+ u.map(async (m) => {
188
188
  try {
189
- const g = await c(m), p = e(g), w = {
189
+ const p = await c(m), g = e(p), w = {
190
190
  ...l.transform(i),
191
191
  is_system: !0
192
- }, y = await a(g, m, i.name), T = y ? p.getId(y) : void 0;
192
+ }, y = await s(p, m, i.name), T = y ? g.getId(y) : void 0;
193
193
  if (y && T) {
194
- const b = p.preserveOnUpdate ? p.preserveOnUpdate(y, w) : w;
195
- await p.update(m, T, b);
194
+ const A = g.preserveOnUpdate ? g.preserveOnUpdate(y, w) : w;
195
+ await g.update(m, T, A);
196
196
  } else
197
- await p.create(m, w);
198
- } catch (g) {
197
+ await g.create(m, w);
198
+ } catch (p) {
199
199
  console.error(
200
200
  `Failed to sync ${l.listKey} "${i.name}" to tenant "${m}":`,
201
- g
201
+ p
202
202
  );
203
203
  }
204
204
  })
205
205
  );
206
206
  }
207
- async function u(i) {
208
- const f = await s();
207
+ async function o(i) {
208
+ const u = await a();
209
209
  await Promise.all(
210
- f.map(async (l) => {
210
+ u.map(async (l) => {
211
211
  try {
212
- const m = await c(l), g = e(m), p = await a(m, l, i), h = p ? g.getId(p) : void 0;
213
- p && h && await g.remove(l, h);
212
+ const m = await c(l), p = e(m), g = await s(m, l, i), h = g ? p.getId(g) : void 0;
213
+ g && h && await p.remove(l, h);
214
214
  } catch (m) {
215
215
  console.error(
216
216
  `Failed to delete entity "${i}" from tenant "${l}":`,
@@ -221,31 +221,31 @@ function G(t, e, n = () => !0) {
221
221
  );
222
222
  }
223
223
  return {
224
- afterCreate: async (i, f) => {
225
- i.tenantId === r && n(f) && await d(f);
224
+ afterCreate: async (i, u) => {
225
+ i.tenantId === r && n(u) && await f(u);
226
226
  },
227
- afterUpdate: async (i, f, l) => {
228
- i.tenantId === r && n(l) && await d(l);
227
+ afterUpdate: async (i, u, l) => {
228
+ i.tenantId === r && n(l) && await f(l);
229
229
  },
230
- beforeDelete: async (i, f) => {
230
+ beforeDelete: async (i, u) => {
231
231
  if (i.tenantId !== r) return;
232
- const m = await e(i.adapters).get(i.tenantId, f);
233
- m && n(m) && o.set(f, m);
232
+ const m = await e(i.adapters).get(i.tenantId, u);
233
+ m && n(m) && d.set(u, m);
234
234
  },
235
- afterDelete: async (i, f) => {
235
+ afterDelete: async (i, u) => {
236
236
  if (i.tenantId !== r) return;
237
- const l = o.get(f);
238
- l && (o.delete(f), await u(l.name));
237
+ const l = d.get(u);
238
+ l && (d.delete(u), await o(l.name));
239
239
  }
240
240
  };
241
241
  }
242
242
  function L(t, e, n = () => !0) {
243
- const { controlPlaneTenantId: r, getControlPlaneAdapters: s, getAdapters: c } = t;
243
+ const { controlPlaneTenantId: r, getControlPlaneAdapters: a, getAdapters: c } = t;
244
244
  return {
245
- async afterCreate(o, a) {
246
- if (a.id !== r)
245
+ async afterCreate(d, s) {
246
+ if (s.id !== r)
247
247
  try {
248
- const d = await s(), u = await c(a.id), i = e(d), f = e(u), l = await z(
248
+ const f = await a(), o = await c(s.id), i = e(f), u = e(o), l = await F(
249
249
  (m) => i.listPaginated(r, m),
250
250
  i.listKey,
251
251
  { cursorField: "id", pageSize: 100 }
@@ -253,23 +253,23 @@ function L(t, e, n = () => !0) {
253
253
  await Promise.all(
254
254
  l.filter((m) => n(m)).map(async (m) => {
255
255
  try {
256
- const g = i.transform(m);
257
- await f.create(a.id, {
258
- ...g,
256
+ const p = i.transform(m);
257
+ await u.create(s.id, {
258
+ ...p,
259
259
  is_system: !0
260
260
  });
261
- } catch (g) {
261
+ } catch (p) {
262
262
  console.error(
263
- `Failed to sync entity to new tenant "${a.id}":`,
264
- g
263
+ `Failed to sync entity to new tenant "${s.id}":`,
264
+ p
265
265
  );
266
266
  }
267
267
  })
268
268
  );
269
- } catch (d) {
269
+ } catch (f) {
270
270
  console.error(
271
- `Failed to sync entities to new tenant "${a.id}":`,
272
- d
271
+ `Failed to sync entities to new tenant "${s.id}":`,
272
+ f
273
273
  );
274
274
  }
275
275
  }
@@ -313,109 +313,109 @@ function K(t) {
313
313
  return ((e = t.metadata) == null ? void 0 : e.sync) !== !1;
314
314
  }
315
315
  function fe(t) {
316
- const { sync: e = {}, filters: n = {} } = t, r = e.resourceServers ?? !0, s = e.roles ?? !0, c = (g) => K(g) ? n.resourceServers ? n.resourceServers(g) : !0 : !1, o = (g) => K(g) ? n.roles ? n.roles(g) : !0 : !1, a = r ? G(
316
+ const { sync: e = {}, filters: n = {} } = t, r = e.resourceServers ?? !0, a = e.roles ?? !0, c = (p) => K(p) ? n.resourceServers ? n.resourceServers(p) : !0 : !1, d = (p) => K(p) ? n.roles ? n.roles(p) : !0 : !1, s = r ? G(
317
317
  t,
318
318
  U,
319
319
  c
320
- ) : void 0, d = s ? G(
320
+ ) : void 0, f = a ? G(
321
321
  t,
322
322
  B,
323
- o
324
- ) : void 0, u = r ? L(
323
+ d
324
+ ) : void 0, o = r ? L(
325
325
  t,
326
326
  U,
327
327
  c
328
- ) : void 0, i = s ? L(
328
+ ) : void 0, i = a ? L(
329
329
  t,
330
330
  B,
331
- o
332
- ) : void 0, f = s ? {
333
- async afterCreate(g, p) {
331
+ d
332
+ ) : void 0, u = a ? {
333
+ async afterCreate(p, g) {
334
334
  var h;
335
- if (p.id !== t.controlPlaneTenantId) {
336
- await ((h = i == null ? void 0 : i.afterCreate) == null ? void 0 : h.call(i, g, p));
335
+ if (g.id !== t.controlPlaneTenantId) {
336
+ await ((h = i == null ? void 0 : i.afterCreate) == null ? void 0 : h.call(i, p, g));
337
337
  try {
338
- const w = await t.getControlPlaneAdapters(), y = await t.getAdapters(p.id), T = await z(
339
- (A) => w.roles.list(
338
+ const w = await t.getControlPlaneAdapters(), y = await t.getAdapters(g.id), T = await F(
339
+ (_) => w.roles.list(
340
340
  t.controlPlaneTenantId,
341
- A
341
+ _
342
342
  ),
343
343
  "roles",
344
344
  { cursorField: "id", pageSize: 100 }
345
- ), b = /* @__PURE__ */ new Map();
346
- for (const A of T.filter(
347
- (_) => {
348
- var v;
349
- return ((v = n.roles) == null ? void 0 : v.call(n, _)) ?? !0;
345
+ ), A = /* @__PURE__ */ new Map();
346
+ for (const _ of T.filter(
347
+ (v) => {
348
+ var P;
349
+ return ((P = n.roles) == null ? void 0 : P.call(n, v)) ?? !0;
350
350
  }
351
351
  )) {
352
- const _ = await l(
352
+ const v = await l(
353
353
  y,
354
- p.id,
355
- A.name
354
+ g.id,
355
+ _.name
356
356
  );
357
- _ && b.set(A.name, _.id);
357
+ v && A.set(_.name, v.id);
358
358
  }
359
- for (const A of T.filter(
360
- (_) => {
361
- var v;
362
- return ((v = n.roles) == null ? void 0 : v.call(n, _)) ?? !0;
359
+ for (const _ of T.filter(
360
+ (v) => {
361
+ var P;
362
+ return ((P = n.roles) == null ? void 0 : P.call(n, v)) ?? !0;
363
363
  }
364
364
  )) {
365
- const _ = b.get(A.name);
366
- if (_)
365
+ const v = A.get(_.name);
366
+ if (v)
367
367
  try {
368
- const v = await w.rolePermissions.list(
368
+ const P = await w.rolePermissions.list(
369
369
  t.controlPlaneTenantId,
370
- A.id,
370
+ _.id,
371
371
  {}
372
372
  );
373
- v.length > 0 && await y.rolePermissions.assign(
374
- p.id,
375
- _,
376
- v.map((P) => ({
377
- role_id: _,
378
- resource_server_identifier: P.resource_server_identifier,
379
- permission_name: P.permission_name
373
+ P.length > 0 && await y.rolePermissions.assign(
374
+ g.id,
375
+ v,
376
+ P.map((C) => ({
377
+ role_id: v,
378
+ resource_server_identifier: C.resource_server_identifier,
379
+ permission_name: C.permission_name
380
380
  }))
381
381
  );
382
- } catch (v) {
382
+ } catch (P) {
383
383
  console.error(
384
- `Failed to sync permissions for role "${A.name}" to tenant "${p.id}":`,
385
- v
384
+ `Failed to sync permissions for role "${_.name}" to tenant "${g.id}":`,
385
+ P
386
386
  );
387
387
  }
388
388
  }
389
389
  } catch (w) {
390
390
  console.error(
391
- `Failed to sync role permissions to tenant "${p.id}":`,
391
+ `Failed to sync role permissions to tenant "${g.id}":`,
392
392
  w
393
393
  );
394
394
  }
395
395
  }
396
396
  }
397
397
  } : void 0;
398
- async function l(g, p, h) {
399
- return (await g.roles.list(p, {
398
+ async function l(p, g, h) {
399
+ return (await p.roles.list(g, {
400
400
  q: `name:${h}`,
401
401
  per_page: 1
402
402
  })).roles[0] ?? null;
403
403
  }
404
404
  return {
405
405
  entityHooks: {
406
- resourceServers: a,
407
- roles: d
406
+ resourceServers: s,
407
+ roles: f
408
408
  },
409
409
  tenantHooks: {
410
- async afterCreate(g, p) {
410
+ async afterCreate(p, g) {
411
411
  const h = [
412
- u == null ? void 0 : u.afterCreate,
413
- (f == null ? void 0 : f.afterCreate) ?? (i == null ? void 0 : i.afterCreate)
412
+ o == null ? void 0 : o.afterCreate,
413
+ (u == null ? void 0 : u.afterCreate) ?? (i == null ? void 0 : i.afterCreate)
414
414
  ], w = [];
415
415
  for (const y of h)
416
416
  if (y)
417
417
  try {
418
- await y(g, p);
418
+ await y(p, g);
419
419
  } catch (T) {
420
420
  w.push(T instanceof Error ? T : new Error(String(T)));
421
421
  }
@@ -429,7 +429,7 @@ function fe(t) {
429
429
  }
430
430
  };
431
431
  }
432
- var C = class extends Error {
432
+ var b = class extends Error {
433
433
  /**
434
434
  * Creates an instance of `HTTPException`.
435
435
  * @param status - HTTP status code for the exception. Defaults to 500.
@@ -437,8 +437,8 @@ var C = class extends Error {
437
437
  */
438
438
  constructor(e = 500, n) {
439
439
  super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
440
- R(this, "res");
441
- R(this, "status");
440
+ O(this, "res");
441
+ O(this, "status");
442
442
  this.res = n == null ? void 0 : n.res, this.status = e;
443
443
  }
444
444
  /**
@@ -455,10 +455,10 @@ var C = class extends Error {
455
455
  });
456
456
  }
457
457
  };
458
- function D(t, e) {
458
+ function M(t, e) {
459
459
  const n = new re();
460
460
  return n.openapi(
461
- M({
461
+ R({
462
462
  tags: ["tenants"],
463
463
  method: "get",
464
464
  path: "/",
@@ -475,7 +475,7 @@ function D(t, e) {
475
475
  content: {
476
476
  "application/json": {
477
477
  schema: S.object({
478
- tenants: S.array(H),
478
+ tenants: S.array(N),
479
479
  start: S.number().optional(),
480
480
  limit: S.number().optional(),
481
481
  length: S.number().optional()
@@ -487,75 +487,75 @@ function D(t, e) {
487
487
  }
488
488
  }),
489
489
  async (r) => {
490
- var g, p, h, w, y, T;
491
- const s = r.req.valid("query"), { page: c, per_page: o, include_totals: a, q: d } = s, u = r.var.user, i = (u == null ? void 0 : u.permissions) || [];
490
+ var p, g, h, w, y, T;
491
+ const a = r.req.valid("query"), { page: c, per_page: d, include_totals: s, q: f } = a, o = r.var.user, i = (o == null ? void 0 : o.permissions) || [];
492
492
  if (i.includes("auth:read") || i.includes("admin:organizations")) {
493
- const b = await r.env.data.tenants.list({
493
+ const A = await r.env.data.tenants.list({
494
494
  page: c,
495
- per_page: o,
496
- include_totals: a,
497
- q: d
495
+ per_page: d,
496
+ include_totals: s,
497
+ q: f
498
498
  });
499
- return a ? r.json({
500
- tenants: b.tenants,
501
- start: ((g = b.totals) == null ? void 0 : g.start) ?? 0,
502
- limit: ((p = b.totals) == null ? void 0 : p.limit) ?? o,
503
- length: b.tenants.length
504
- }) : r.json({ tenants: b.tenants });
499
+ return s ? r.json({
500
+ tenants: A.tenants,
501
+ start: ((p = A.totals) == null ? void 0 : p.start) ?? 0,
502
+ limit: ((g = A.totals) == null ? void 0 : g.limit) ?? d,
503
+ length: A.tenants.length
504
+ }) : r.json({ tenants: A.tenants });
505
505
  }
506
506
  const l = ((h = t.accessControl) == null ? void 0 : h.controlPlaneTenantId) ?? ((w = r.env.data.multiTenancyConfig) == null ? void 0 : w.controlPlaneTenantId);
507
- if (l && (u != null && u.sub)) {
508
- const A = (await z(
509
- ($) => r.env.data.userOrganizations.listUserOrganizations(
507
+ if (l && (o != null && o.sub)) {
508
+ const _ = (await F(
509
+ (z) => r.env.data.userOrganizations.listUserOrganizations(
510
510
  l,
511
- u.sub,
512
- $
511
+ o.sub,
512
+ z
513
513
  ),
514
514
  "organizations"
515
- )).map(($) => $.name);
516
- if (A.length === 0)
517
- return a ? r.json({
515
+ )).map((z) => z.name);
516
+ if (_.length === 0)
517
+ return s ? r.json({
518
518
  tenants: [],
519
519
  start: 0,
520
- limit: o ?? 50,
520
+ limit: d ?? 50,
521
521
  length: 0
522
522
  }) : r.json({ tenants: [] });
523
- const _ = A.length, v = c ?? 0, P = o ?? 50, I = v * P, k = A.slice(I, I + P);
524
- if (k.length === 0)
525
- return a ? r.json({
523
+ const v = _.length, P = c ?? 0, C = d ?? 50, $ = P * C, I = _.slice($, $ + C);
524
+ if (I.length === 0)
525
+ return s ? r.json({
526
526
  tenants: [],
527
- start: I,
528
- limit: P,
529
- length: _
527
+ start: $,
528
+ limit: C,
529
+ length: v
530
530
  }) : r.json({ tenants: [] });
531
- const E = k.map(($) => `id:${$}`).join(" OR "), J = d ? `(${E}) AND (${d})` : E, N = await r.env.data.tenants.list({
531
+ const j = I.map((z) => `id:${z}`).join(" OR "), J = f ? `(${j}) AND (${f})` : j, E = await r.env.data.tenants.list({
532
532
  q: J,
533
- per_page: P,
533
+ per_page: C,
534
534
  include_totals: !1
535
535
  // We calculate totals from accessibleTenantIds
536
536
  });
537
- return a ? r.json({
538
- tenants: N.tenants,
539
- start: I,
540
- limit: P,
541
- length: _
542
- }) : r.json({ tenants: N.tenants });
537
+ return s ? r.json({
538
+ tenants: E.tenants,
539
+ start: $,
540
+ limit: C,
541
+ length: v
542
+ }) : r.json({ tenants: E.tenants });
543
543
  }
544
544
  const m = await r.env.data.tenants.list({
545
545
  page: c,
546
- per_page: o,
547
- include_totals: a,
548
- q: d
546
+ per_page: d,
547
+ include_totals: s,
548
+ q: f
549
549
  });
550
- return a ? r.json({
550
+ return s ? r.json({
551
551
  tenants: m.tenants,
552
552
  start: ((y = m.totals) == null ? void 0 : y.start) ?? 0,
553
- limit: ((T = m.totals) == null ? void 0 : T.limit) ?? o,
553
+ limit: ((T = m.totals) == null ? void 0 : T.limit) ?? d,
554
554
  length: m.tenants.length
555
555
  }) : r.json({ tenants: m.tenants });
556
556
  }
557
557
  ), n.openapi(
558
- M({
558
+ R({
559
559
  tags: ["tenants"],
560
560
  method: "post",
561
561
  path: "/",
@@ -577,7 +577,7 @@ function D(t, e) {
577
577
  201: {
578
578
  content: {
579
579
  "application/json": {
580
- schema: H
580
+ schema: N
581
581
  }
582
582
  },
583
583
  description: "Tenant created"
@@ -591,23 +591,23 @@ function D(t, e) {
591
591
  }
592
592
  }),
593
593
  async (r) => {
594
- var d, u;
595
- const s = r.var.user;
596
- if (!(s != null && s.sub))
597
- throw new C(401, {
594
+ var f, o;
595
+ const a = r.var.user;
596
+ if (!(a != null && a.sub))
597
+ throw new b(401, {
598
598
  message: "Authentication required to create tenants"
599
599
  });
600
600
  let c = r.req.valid("json");
601
- const o = {
601
+ const d = {
602
602
  adapters: r.env.data,
603
603
  ctx: r
604
604
  };
605
- (d = e.tenants) != null && d.beforeCreate && (c = await e.tenants.beforeCreate(o, c));
606
- const a = await r.env.data.tenants.create(c);
607
- return (u = e.tenants) != null && u.afterCreate && await e.tenants.afterCreate(o, a), r.json(a, 201);
605
+ (f = e.tenants) != null && f.beforeCreate && (c = await e.tenants.beforeCreate(d, c));
606
+ const s = await r.env.data.tenants.create(c);
607
+ return (o = e.tenants) != null && o.afterCreate && await e.tenants.afterCreate(d, s), r.json(s, 201);
608
608
  }
609
609
  ), n.openapi(
610
- M({
610
+ R({
611
611
  tags: ["tenants"],
612
612
  method: "delete",
613
613
  path: "/{id}",
@@ -634,39 +634,39 @@ function D(t, e) {
634
634
  }
635
635
  }),
636
636
  async (r) => {
637
- var d, u, i, f;
638
- const { id: s } = r.req.valid("param"), c = ((d = t.accessControl) == null ? void 0 : d.controlPlaneTenantId) ?? ((u = r.env.data.multiTenancyConfig) == null ? void 0 : u.controlPlaneTenantId);
637
+ var f, o, i, u;
638
+ const { id: a } = r.req.valid("param"), c = ((f = t.accessControl) == null ? void 0 : f.controlPlaneTenantId) ?? ((o = r.env.data.multiTenancyConfig) == null ? void 0 : o.controlPlaneTenantId);
639
639
  if (c) {
640
640
  const l = r.var.user;
641
641
  if (!(l != null && l.sub))
642
- throw new C(401, {
642
+ throw new b(401, {
643
643
  message: "Authentication required"
644
644
  });
645
- if (s === c)
646
- throw new C(403, {
645
+ if (a === c)
646
+ throw new b(403, {
647
647
  message: "Cannot delete the control plane"
648
648
  });
649
- if (!(await z(
650
- (p) => r.env.data.userOrganizations.listUserOrganizations(
649
+ if (!(await F(
650
+ (g) => r.env.data.userOrganizations.listUserOrganizations(
651
651
  c,
652
652
  l.sub,
653
- p
653
+ g
654
654
  ),
655
655
  "organizations"
656
- )).some((p) => p.name === s))
657
- throw new C(403, {
656
+ )).some((g) => g.name === a))
657
+ throw new b(403, {
658
658
  message: "Access denied to this tenant"
659
659
  });
660
660
  }
661
- if (!await r.env.data.tenants.get(s))
662
- throw new C(404, {
661
+ if (!await r.env.data.tenants.get(a))
662
+ throw new b(404, {
663
663
  message: "Tenant not found"
664
664
  });
665
- const a = {
665
+ const s = {
666
666
  adapters: r.env.data,
667
667
  ctx: r
668
668
  };
669
- return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(a, s), await r.env.data.tenants.remove(s), (f = e.tenants) != null && f.afterDelete && await e.tenants.afterDelete(a, s), r.body(null, 204);
669
+ return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(s, a), await r.env.data.tenants.remove(a), (u = e.tenants) != null && u.afterDelete && await e.tenants.afterDelete(s, a), r.body(null, 204);
670
670
  }
671
671
  ), n;
672
672
  }
@@ -680,13 +680,13 @@ function me(t) {
680
680
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
681
681
  ];
682
682
  for (const { pattern: n, type: r } of e) {
683
- const s = t.match(n);
684
- if (s && s[1])
685
- return { type: r, id: s[1] };
683
+ const a = t.match(n);
684
+ if (a && a[1])
685
+ return { type: r, id: a[1] };
686
686
  }
687
687
  return null;
688
688
  }
689
- async function ge(t, e, n) {
689
+ async function pe(t, e, n) {
690
690
  try {
691
691
  switch (n.type) {
692
692
  case "resource_server": {
@@ -708,7 +708,7 @@ async function ge(t, e, n) {
708
708
  return !1;
709
709
  }
710
710
  }
711
- function pe(t) {
711
+ function ge(t) {
712
712
  return {
713
713
  resource_server: "resource server",
714
714
  role: "role",
@@ -725,15 +725,31 @@ function we() {
725
725
  const r = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
726
726
  if (!r)
727
727
  return e();
728
- if (await ge(t.env.data, r, n))
729
- throw new C(403, {
730
- message: `This ${pe(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
728
+ if (await pe(t.env.data, r, n))
729
+ throw new b(403, {
730
+ message: `This ${ge(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
731
731
  });
732
732
  return e();
733
733
  };
734
734
  }
735
- function Q(t, e) {
736
- const { controlPlaneTenantId: n, controlPlaneClientId: r } = e;
735
+ const ye = [
736
+ "client_secret",
737
+ "app_secret",
738
+ "twilio_token"
739
+ ];
740
+ function V(t) {
741
+ if (!t) return t;
742
+ const e = { ...t };
743
+ for (const n of ye)
744
+ delete e[n];
745
+ return e;
746
+ }
747
+ function he(t, e) {
748
+ const {
749
+ controlPlaneTenantId: n,
750
+ controlPlaneClientId: r,
751
+ excludeSensitiveFields: a = !1
752
+ } = e;
737
753
  return {
738
754
  ...t,
739
755
  // Store config for use by tenants route access control
@@ -741,100 +757,53 @@ function Q(t, e) {
741
757
  controlPlaneTenantId: n,
742
758
  controlPlaneClientId: r
743
759
  },
744
- legacyClients: {
745
- ...t.legacyClients,
746
- get: async (s) => {
747
- var f;
748
- const c = await t.legacyClients.get(s);
749
- if (!c)
750
- return null;
751
- const o = r ? await t.legacyClients.get(r) : void 0, a = await t.connections.list(
752
- c.tenant.id
753
- ), d = n ? await t.connections.list(n) : { connections: [] }, u = a.connections.map((l) => {
754
- var p;
755
- const m = (p = d.connections) == null ? void 0 : p.find(
756
- (h) => h.strategy === l.strategy
757
- );
758
- if (!(m != null && m.options))
759
- return l;
760
- const g = F.parse({
761
- ...m || {},
762
- ...l
763
- });
764
- return g.options = O.parse({
765
- ...m.options || {},
766
- ...l.options
767
- }), g;
768
- }).filter((l) => l), i = {
769
- ...(o == null ? void 0 : o.tenant) || {},
770
- ...c.tenant
771
- };
772
- return !c.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (i.audience = o.tenant.audience), {
773
- ...c,
774
- web_origins: [
775
- ...(o == null ? void 0 : o.web_origins) || [],
776
- ...c.web_origins || []
777
- ],
778
- allowed_logout_urls: [
779
- ...(o == null ? void 0 : o.allowed_logout_urls) || [],
780
- ...c.allowed_logout_urls || []
781
- ],
782
- callbacks: [
783
- ...(o == null ? void 0 : o.callbacks) || [],
784
- ...c.callbacks || []
785
- ],
786
- connections: u,
787
- tenant: i
788
- };
789
- }
790
- },
791
760
  connections: {
792
761
  ...t.connections,
793
- get: async (s, c) => {
794
- var i;
795
- const o = await t.connections.get(
796
- s,
797
- c
762
+ get: async (c, d) => {
763
+ var l;
764
+ const s = await t.connections.get(
765
+ c,
766
+ d
798
767
  );
799
- if (!o || !n || s === n)
800
- return o;
801
- const d = (i = (await t.connections.list(n)).connections) == null ? void 0 : i.find(
802
- (f) => f.strategy === o.strategy
768
+ if (!s || !n || c === n)
769
+ return s;
770
+ const o = (l = (await t.connections.list(n)).connections) == null ? void 0 : l.find(
771
+ (m) => m.strategy === s.strategy
803
772
  );
804
- if (!(d != null && d.options))
805
- return o;
806
- const u = F.parse({
807
- ...d,
808
- ...o
809
- });
810
- return u.options = O.parse({
811
- ...d.options || {},
812
- ...o.options
813
- }), u;
773
+ if (!(o != null && o.options))
774
+ return s;
775
+ const i = k.parse({
776
+ ...o,
777
+ ...s
778
+ }), u = a ? V(o.options) : o.options;
779
+ return i.options = H.parse({
780
+ ...u || {},
781
+ ...s.options
782
+ }), i;
814
783
  },
815
- list: async (s, c) => {
816
- const o = await t.connections.list(s, c);
817
- if (!n || s === n)
818
- return o;
819
- const a = await t.connections.list(n), d = o.connections.map((u) => {
820
- var l;
821
- const i = (l = a.connections) == null ? void 0 : l.find(
822
- (m) => m.strategy === u.strategy
784
+ list: async (c, d) => {
785
+ const s = await t.connections.list(c, d);
786
+ if (!n || c === n)
787
+ return s;
788
+ const f = await t.connections.list(n), o = s.connections.map((i) => {
789
+ var p;
790
+ const u = (p = f.connections) == null ? void 0 : p.find(
791
+ (g) => g.strategy === i.strategy
823
792
  );
824
- if (!(i != null && i.options))
825
- return u;
826
- const f = F.parse({
827
- ...i,
828
- ...u
829
- });
830
- return f.options = O.parse({
831
- ...i.options || {},
832
- ...u.options
833
- }), f;
793
+ if (!(u != null && u.options))
794
+ return i;
795
+ const l = k.parse({
796
+ ...u,
797
+ ...i
798
+ }), m = a ? V(u.options) : u.options;
799
+ return l.options = H.parse({
800
+ ...m || {},
801
+ ...i.options
802
+ }), l;
834
803
  });
835
804
  return {
836
- ...o,
837
- connections: d
805
+ ...s,
806
+ connections: o
838
807
  };
839
808
  }
840
809
  }
@@ -847,174 +816,185 @@ function Q(t, e) {
847
816
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
848
817
  };
849
818
  }
850
- function q(t, e) {
851
- return Q(t, e);
819
+ function D(t, e) {
820
+ return he(t, e);
852
821
  }
853
- const Pe = Q, Se = q;
854
- function ye(t) {
822
+ function ve(t) {
855
823
  return async (e, n) => {
856
824
  const r = e.var.user;
857
825
  return (r == null ? void 0 : r.tenant_id) === t && r.org_name && e.set("tenant_id", r.org_name), n();
858
826
  };
859
827
  }
860
- function he(t) {
828
+ function Te(t) {
861
829
  return async (e, n) => {
862
830
  if (!t.accessControl)
863
831
  return n();
864
- const { controlPlaneTenantId: r } = t.accessControl, s = e.var.org_name, c = e.var.organization_id, o = s || c;
865
- let a = e.var.tenant_id;
866
- const d = e.var.user, i = (d != null && d.aud ? Array.isArray(d.aud) ? d.aud : [d.aud] : []).includes(W);
867
- if (!a && o && i && (e.set("tenant_id", o), a = o), !a)
868
- throw new C(400, {
832
+ const { controlPlaneTenantId: r } = t.accessControl, a = e.var.org_name, c = e.var.organization_id, d = a || c;
833
+ let s = e.var.tenant_id;
834
+ const f = e.var.user, i = (f != null && f.aud ? Array.isArray(f.aud) ? f.aud : [f.aud] : []).includes(W);
835
+ if (!s && d && i && (e.set("tenant_id", d), s = d), !s)
836
+ throw new b(400, {
869
837
  message: "Tenant ID not found in request"
870
838
  });
871
- if (!ae(
839
+ if (!se(
872
840
  c,
873
- a,
841
+ s,
874
842
  r,
875
- s
843
+ a
876
844
  ))
877
- throw new C(403, {
878
- message: `Access denied to tenant ${a}`
845
+ throw new b(403, {
846
+ message: `Access denied to tenant ${s}`
879
847
  });
880
848
  return n();
881
849
  };
882
850
  }
883
- function ve(t) {
851
+ function Ae(t) {
884
852
  return async (e, n) => {
885
853
  if (!t.subdomainRouting)
886
854
  return n();
887
855
  const {
888
856
  baseDomain: r,
889
- reservedSubdomains: s = [],
857
+ reservedSubdomains: a = [],
890
858
  resolveSubdomain: c
891
- } = t.subdomainRouting, o = e.req.header("host") || "";
892
- let a = null;
893
- if (o.endsWith(r)) {
894
- const u = o.slice(0, -(r.length + 1));
895
- u && !u.includes(".") && (a = u);
859
+ } = t.subdomainRouting, d = e.req.header("host") || "";
860
+ let s = null;
861
+ if (d.endsWith(r)) {
862
+ const o = d.slice(0, -(r.length + 1));
863
+ o && !o.includes(".") && (s = o);
896
864
  }
897
- if (a && s.includes(a) && (a = null), !a)
865
+ if (s && a.includes(s) && (s = null), !s)
898
866
  return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
899
- let d = null;
867
+ let f = null;
900
868
  if (c)
901
- d = await c(a);
869
+ f = await c(s);
902
870
  else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
903
871
  try {
904
- const u = await e.env.data.organizations.get(
872
+ const o = await e.env.data.organizations.get(
905
873
  t.accessControl.controlPlaneTenantId,
906
- a
874
+ s
907
875
  );
908
- u && (d = u.id);
876
+ o && (f = o.id);
909
877
  } catch {
910
878
  }
911
- if (!d)
912
- throw new C(404, {
913
- message: `Tenant not found for subdomain: ${a}`
879
+ if (!f)
880
+ throw new b(404, {
881
+ message: `Tenant not found for subdomain: ${s}`
914
882
  });
915
- return e.set("tenant_id", d), n();
883
+ return e.set("tenant_id", f), n();
916
884
  };
917
885
  }
918
- function Te(t) {
886
+ function _e(t) {
919
887
  return async (e, n) => {
920
888
  if (!t.databaseIsolation)
921
889
  return n();
922
890
  const r = e.var.tenant_id;
923
891
  if (!r)
924
- throw new C(400, {
892
+ throw new b(400, {
925
893
  message: "Tenant ID not found in request"
926
894
  });
927
895
  try {
928
- const s = await t.databaseIsolation.getAdapters(r);
929
- e.env.data = s;
930
- } catch (s) {
896
+ const a = await t.databaseIsolation.getAdapters(r);
897
+ e.env.data = a;
898
+ } catch (a) {
931
899
  throw console.error(
932
900
  `Failed to resolve database for tenant ${r}:`,
933
- s
934
- ), new C(500, {
901
+ a
902
+ ), new b(500, {
935
903
  message: "Failed to resolve tenant database"
936
904
  });
937
905
  }
938
906
  return n();
939
907
  };
940
908
  }
941
- function V(t) {
942
- const e = ve(t), n = he(t), r = Te(t);
943
- return async (s, c) => (await e(s, async () => {
944
- }), await n(s, async () => {
945
- }), await r(s, async () => {
909
+ function Q(t) {
910
+ const e = Ae(t), n = Te(t), r = _e(t);
911
+ return async (a, c) => (await e(a, async () => {
912
+ }), await n(a, async () => {
913
+ }), await r(a, async () => {
946
914
  }), c());
947
915
  }
948
916
  function $e(t) {
949
917
  const {
950
918
  dataAdapter: e,
951
919
  controlPlane: n,
952
- sync: r = { resourceServers: !0, roles: !0 },
953
- defaultPermissions: s = ["tenant:admin"],
954
- requireOrganizationMatch: c = !1,
955
- managementApiExtensions: o = [],
956
- entityHooks: a,
957
- getChildTenantIds: d,
920
+ controlPlane: {
921
+ tenantId: r = "control_plane",
922
+ clientId: a
923
+ } = {},
924
+ sync: c = { resourceServers: !0, roles: !0 },
925
+ defaultPermissions: d = ["tenant:admin"],
926
+ requireOrganizationMatch: s = !1,
927
+ managementApiExtensions: f = [],
928
+ entityHooks: o,
929
+ getChildTenantIds: i,
958
930
  getAdapters: u,
959
- ...i
960
- } = t, f = (n == null ? void 0 : n.tenantId) ?? "control_plane", l = n == null ? void 0 : n.clientId, m = n ? q(e, {
961
- controlPlaneTenantId: f,
962
- controlPlaneClientId: l
963
- }) : e, g = r !== !1, p = g ? {
964
- resourceServers: r.resourceServers ?? !0,
965
- roles: r.roles ?? !0
966
- } : { resourceServers: !1, roles: !1 }, y = {
967
- controlPlaneTenantId: f,
968
- getChildTenantIds: d ?? (async () => (await z(
931
+ ...l
932
+ } = t;
933
+ let m = e, p = e;
934
+ n && (m = D(e, {
935
+ controlPlaneTenantId: r,
936
+ controlPlaneClientId: a
937
+ }), p = D(e, {
938
+ controlPlaneTenantId: r,
939
+ controlPlaneClientId: a,
940
+ excludeSensitiveFields: !0
941
+ }));
942
+ const g = c !== !1, h = g ? {
943
+ resourceServers: c.resourceServers ?? !0,
944
+ roles: c.roles ?? !0
945
+ } : { resourceServers: !1, roles: !1 }, T = {
946
+ controlPlaneTenantId: r,
947
+ getChildTenantIds: i ?? (async () => (await F(
969
948
  (I) => m.tenants.list(I),
970
949
  "tenants",
971
950
  { cursorField: "id", pageSize: 100 }
972
- )).filter((I) => I.id !== f).map((I) => I.id)),
951
+ )).filter((I) => I.id !== r).map((I) => I.id)),
973
952
  getAdapters: u ?? (async () => m),
974
953
  getControlPlaneAdapters: async () => m,
975
- sync: p
976
- }, { entityHooks: T, tenantHooks: b } = fe(y), A = {
954
+ sync: h
955
+ }, { entityHooks: A, tenantHooks: _ } = fe(T), v = {
977
956
  resourceServers: [
978
- T.resourceServers,
979
- ...(a == null ? void 0 : a.resourceServers) ?? []
957
+ A.resourceServers,
958
+ ...(o == null ? void 0 : o.resourceServers) ?? []
980
959
  ],
981
- roles: [T.roles, ...(a == null ? void 0 : a.roles) ?? []],
982
- connections: (a == null ? void 0 : a.connections) ?? [],
983
- tenants: (a == null ? void 0 : a.tenants) ?? [],
984
- rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
985
- }, _ = D(
960
+ roles: [A.roles, ...(o == null ? void 0 : o.roles) ?? []],
961
+ connections: (o == null ? void 0 : o.connections) ?? [],
962
+ tenants: (o == null ? void 0 : o.tenants) ?? [],
963
+ rolePermissions: (o == null ? void 0 : o.rolePermissions) ?? []
964
+ }, P = M(
986
965
  {
987
966
  accessControl: {
988
- controlPlaneTenantId: f,
989
- requireOrganizationMatch: c,
990
- defaultPermissions: s
967
+ controlPlaneTenantId: r,
968
+ requireOrganizationMatch: s,
969
+ defaultPermissions: d
991
970
  }
992
971
  },
993
- { tenants: b }
994
- ), { app: v } = ne({
972
+ { tenants: _ }
973
+ ), { app: C } = ne({
995
974
  dataAdapter: m,
996
- ...i,
997
- entityHooks: A,
975
+ managementDataAdapter: p,
976
+ ...l,
977
+ entityHooks: v,
998
978
  managementApiExtensions: [
999
- ...o,
1000
- { path: "/tenants", router: _ }
979
+ ...f,
980
+ { path: "/tenants", router: P }
1001
981
  ]
1002
982
  });
1003
- return v.use("/api/v2/*", ye(f)), g && v.use("/api/v2/*", we()), { app: v, controlPlaneTenantId: f };
983
+ return C.use("/api/v2/*", ve(r)), g && C.use("/api/v2/*", we()), { app: C, controlPlaneTenantId: r };
1004
984
  }
1005
985
  function ze(t) {
1006
- const e = j(t);
986
+ const e = q(t);
1007
987
  return {
1008
988
  name: "multi-tenancy",
1009
989
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
1010
- middleware: V(t),
990
+ middleware: Q(t),
1011
991
  // Provide lifecycle hooks
1012
992
  hooks: e,
1013
993
  // Mount tenant management routes
1014
994
  routes: [
1015
995
  {
1016
996
  path: "/management",
1017
- handler: D(t, e)
997
+ handler: M(t, e)
1018
998
  }
1019
999
  ],
1020
1000
  // Called when plugin is registered
@@ -1027,23 +1007,23 @@ function ze(t) {
1027
1007
  }
1028
1008
  };
1029
1009
  }
1030
- function j(t) {
1031
- const e = t.accessControl ? se(t.accessControl) : {}, n = t.databaseIsolation ? oe(t.databaseIsolation) : {}, r = ce(t);
1010
+ function q(t) {
1011
+ const e = t.accessControl ? ae(t.accessControl) : {}, n = t.databaseIsolation ? oe(t.databaseIsolation) : {}, r = ce(t);
1032
1012
  return {
1033
1013
  ...e,
1034
1014
  ...n,
1035
1015
  tenants: r
1036
1016
  };
1037
1017
  }
1038
- function _e(t) {
1039
- const e = new Z(), n = j(t);
1040
- return e.route("/tenants", D(t, n)), e;
1018
+ function Pe(t) {
1019
+ const e = new Z(), n = q(t);
1020
+ return e.route("/tenants", M(t, n)), e;
1041
1021
  }
1042
- function Re(t) {
1022
+ function Fe(t) {
1043
1023
  return {
1044
- hooks: j(t),
1045
- middleware: V(t),
1046
- app: _e(t),
1024
+ hooks: q(t),
1025
+ middleware: Q(t),
1026
+ app: Pe(t),
1047
1027
  config: t,
1048
1028
  /**
1049
1029
  * Wraps data adapters with runtime fallback from the control plane.
@@ -1055,7 +1035,7 @@ function Re(t) {
1055
1035
  */
1056
1036
  wrapAdapters: (e, n) => {
1057
1037
  var r;
1058
- return q(e, {
1038
+ return D(e, {
1059
1039
  controlPlaneTenantId: (r = t.accessControl) == null ? void 0 : r.controlPlaneTenantId,
1060
1040
  controlPlaneClientId: n == null ? void 0 : n.controlPlaneClientId
1061
1041
  });
@@ -1063,25 +1043,23 @@ function Re(t) {
1063
1043
  };
1064
1044
  }
1065
1045
  export {
1066
- se as createAccessControlHooks,
1067
- he as createAccessControlMiddleware,
1068
- ye as createControlPlaneTenantMiddleware,
1046
+ ae as createAccessControlHooks,
1047
+ Te as createAccessControlMiddleware,
1048
+ ve as createControlPlaneTenantMiddleware,
1069
1049
  oe as createDatabaseHooks,
1070
- Te as createDatabaseMiddleware,
1071
- _e as createMultiTenancy,
1072
- j as createMultiTenancyHooks,
1073
- V as createMultiTenancyMiddleware,
1050
+ _e as createDatabaseMiddleware,
1051
+ Pe as createMultiTenancy,
1052
+ q as createMultiTenancyHooks,
1053
+ Q as createMultiTenancyMiddleware,
1074
1054
  ze as createMultiTenancyPlugin,
1075
1055
  we as createProtectSyncedMiddleware,
1076
1056
  ce as createProvisioningHooks,
1077
- Q as createRuntimeFallbackAdapter,
1078
- Pe as createSettingsInheritanceAdapter,
1079
- ve as createSubdomainMiddleware,
1057
+ he as createRuntimeFallbackAdapter,
1058
+ Ae as createSubdomainMiddleware,
1080
1059
  fe as createSyncHooks,
1081
- D as createTenantsOpenAPIRouter,
1060
+ M as createTenantsOpenAPIRouter,
1082
1061
  $e as initMultiTenant,
1083
- Re as setupMultiTenancy,
1084
- ae as validateTenantAccess,
1085
- q as withRuntimeFallback,
1086
- Se as withSettingsInheritance
1062
+ Fe as setupMultiTenancy,
1063
+ se as validateTenantAccess,
1064
+ D as withRuntimeFallback
1087
1065
  };