@b1-road/types 0.1.0-alpha.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 B1 Produtos Digitais Ltda
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,56 @@
+# @b1-road/types
+
+Shared types and constants for every Road SDK — the **single source of truth**
+for the Road wire contract. Entities, the permission algebra, input shapes,
+hosted API URLs, and the API contract version live here; `@b1-road/react`,
+`@b1-road/nestjs`, and every other binding re-export from this package and never
+redefine.
+
+> **Alpha.** Road is pre-1.0. This package is published under the `alpha`
+> dist-tag and its surface may change between minor versions until the API
+> graduates its contract from `alpha` to `v1`.
+
+## Install
+
+```sh
+npm install @b1-road/types@alpha
+```
+
+Ships dual ESM/CJS builds with type declarations. Zero runtime dependencies.
+
+## What's inside
+
+| Export | What it is |
+| --- | --- |
+| `ROAD_API_CONTRACT` | The API contract version (`"alpha"`). SDKs build their base path as `` `${host}/api/${ROAD_API_CONTRACT}` ``. |
+| `ROAD_API_URLS` | Hosted Road API base URLs (`production`, `sandbox`). |
+| Entities | The resource shapes returned on the wire (business units, members, roles, permissions, …). |
+| Inputs | The request-body shapes the API accepts. |
+| Permissions | The `action:subject` permission algebra and its constants. |
+| `@b1-road/types/iam` | IAM control-plane types (scopes, assignments, authorization, sessions). |
+
+```ts
+import { ROAD_API_CONTRACT, ROAD_API_URLS } from "@b1-road/types";
+
+const baseUrl = `${ROAD_API_URLS.production}/api/${ROAD_API_CONTRACT}`;
+// → https://api.road.app/api/alpha
+```
+
+## Why a shared package
+
+Every wire type, permission constant, and hosted URL has exactly one definition.
+SDKs import them; they never re-declare. If a binding needs a shape this package
+doesn't yet expose, it contributes the shape back here in the same change — so
+the React, Nest, and Laravel definitions can never drift. This is the
+load-bearing principle of the multi-SDK ecosystem.
+
+## Versioning
+
+`@b1-road/types` carries its own semantic version, independent of the Road API's
+release cadence. It tracks the API on the **contract** axis: while
+`ROAD_API_CONTRACT` is `"alpha"`, this package stays pre-stable `0.x`. The bump
+to `1.0.0` happens when the API cuts its first stable contract (`v1`).
+
+## License
+
+MIT

package/dist/iam.cjs

@@ -0,0 +1,19 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/iam.ts
+var iam_exports = {};
+module.exports = __toCommonJS(iam_exports);
+//# sourceMappingURL=iam.cjs.map

package/dist/iam.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/iam.ts"],"sourcesContent":["/**\n * IAM control-plane wire types. These describe the shapes Road's IAM API\n * speaks: scopes, assignments, authorization checks, effective permissions,\n * token exchange, and sessions.\n *\n * They live behind a subpath (`@b1-road/types/iam`) so the React SDK — which\n * never needs the control-plane — doesn't pay for them in its tree-shaken\n * bundle. The Nest SDK imports from here directly.\n */\n\nimport type { RoadPermission } from \"./permissions\";\n\n/** Scope shape. Three flavors today; platforms may register more over time. */\nexport type ScopeType = \"system\" | \"business_unit\" | \"platform\";\n\n/** Subjects the IAM engine can authorize. `service` covers M2M; `api_key` is legacy. */\nexport type SubjectType = \"user\" | \"service\" | \"api_key\";\n\nexport interface Scope {\n  id: string;\n  type: ScopeType;\n  externalId: string | null;\n  parentScopeId: string | null;\n  parentScope?: {\n    id: string;\n    type: ScopeType;\n    externalId: string | null;\n  } | null;\n  metadata: Record<string, unknown>;\n  createdAt: string;\n  updatedAt?: string;\n}\n\nexport interface CreateScopeInput {\n  type: ScopeType;\n  externalId?: string | null;\n  parentScopeId?: string | null;\n  metadata?: Record<string, unknown>;\n}\n\nexport interface Assignment {\n  id: string;\n  subjectType: SubjectType;\n  subjectId: string;\n  roleId: string;\n  scopeId: string;\n  grantedBy: string;\n  grantedAt: string;\n  expiresAt: string | null;\n}\n\nexport interface CreateAssignmentInput {\n  subjectType: SubjectType;\n  subjectId: string;\n  roleId: string;\n  scopeId: string;\n  expiresAt?: string | null;\n}\n\nexport interface AuthorizeInput {\n  subjectType: SubjectType;\n  subjectId: string;\n  scopeId: string;\n  /** Either a single permission string (`\"read:Member\"`) or the wildcard. */\n  permission: RoadPermission | (string & {});\n}\n\nexport interface AuthorizeResult {\n  allowed: boolean;\n  reason: string;\n  /** Scope chain that was walked during evaluation (target → ... → root). */\n  evaluatedScopes: string[];\n}\n\nexport interface AuthorizeBatchInput {\n  subjectType: SubjectType;\n  subjectId: string;\n  scopeId: string;\n  permissions: Array<RoadPermission | (string & {})>;\n}\n\nexport interface AuthorizeBatchResult {\n  results: Array<{ permission: string; allowed: boolean }>;\n}\n\nexport interface EffectivePermissionsResult {\n  /** Expanded permissions; `manage:X` has been expanded into the CRUD set. */\n  permissions: string[];\n}\n\nexport interface Session {\n  id: string;\n  deviceName: string;\n  ipAddress: string | null;\n  userAgent?: string;\n  provider: string;\n  lastUsedAt: string;\n  createdAt: string;\n  current: boolean;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/iam.d.cts

@@ -0,0 +1,94 @@
+import { e as RoadPermission } from './permissions-BSbomCrB.cjs';
+
+/**
+ * IAM control-plane wire types. These describe the shapes Road's IAM API
+ * speaks: scopes, assignments, authorization checks, effective permissions,
+ * token exchange, and sessions.
+ *
+ * They live behind a subpath (`@b1-road/types/iam`) so the React SDK — which
+ * never needs the control-plane — doesn't pay for them in its tree-shaken
+ * bundle. The Nest SDK imports from here directly.
+ */
+
+/** Scope shape. Three flavors today; platforms may register more over time. */
+type ScopeType = "system" | "business_unit" | "platform";
+/** Subjects the IAM engine can authorize. `service` covers M2M; `api_key` is legacy. */
+type SubjectType = "user" | "service" | "api_key";
+interface Scope {
+    id: string;
+    type: ScopeType;
+    externalId: string | null;
+    parentScopeId: string | null;
+    parentScope?: {
+        id: string;
+        type: ScopeType;
+        externalId: string | null;
+    } | null;
+    metadata: Record<string, unknown>;
+    createdAt: string;
+    updatedAt?: string;
+}
+interface CreateScopeInput {
+    type: ScopeType;
+    externalId?: string | null;
+    parentScopeId?: string | null;
+    metadata?: Record<string, unknown>;
+}
+interface Assignment {
+    id: string;
+    subjectType: SubjectType;
+    subjectId: string;
+    roleId: string;
+    scopeId: string;
+    grantedBy: string;
+    grantedAt: string;
+    expiresAt: string | null;
+}
+interface CreateAssignmentInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    roleId: string;
+    scopeId: string;
+    expiresAt?: string | null;
+}
+interface AuthorizeInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    scopeId: string;
+    /** Either a single permission string (`"read:Member"`) or the wildcard. */
+    permission: RoadPermission | (string & {});
+}
+interface AuthorizeResult {
+    allowed: boolean;
+    reason: string;
+    /** Scope chain that was walked during evaluation (target → ... → root). */
+    evaluatedScopes: string[];
+}
+interface AuthorizeBatchInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    scopeId: string;
+    permissions: Array<RoadPermission | (string & {})>;
+}
+interface AuthorizeBatchResult {
+    results: Array<{
+        permission: string;
+        allowed: boolean;
+    }>;
+}
+interface EffectivePermissionsResult {
+    /** Expanded permissions; `manage:X` has been expanded into the CRUD set. */
+    permissions: string[];
+}
+interface Session {
+    id: string;
+    deviceName: string;
+    ipAddress: string | null;
+    userAgent?: string;
+    provider: string;
+    lastUsedAt: string;
+    createdAt: string;
+    current: boolean;
+}
+
+export type { Assignment, AuthorizeBatchInput, AuthorizeBatchResult, AuthorizeInput, AuthorizeResult, CreateAssignmentInput, CreateScopeInput, EffectivePermissionsResult, Scope, ScopeType, Session, SubjectType };

package/dist/iam.d.ts

@@ -0,0 +1,94 @@
+import { e as RoadPermission } from './permissions-BSbomCrB.js';
+
+/**
+ * IAM control-plane wire types. These describe the shapes Road's IAM API
+ * speaks: scopes, assignments, authorization checks, effective permissions,
+ * token exchange, and sessions.
+ *
+ * They live behind a subpath (`@b1-road/types/iam`) so the React SDK — which
+ * never needs the control-plane — doesn't pay for them in its tree-shaken
+ * bundle. The Nest SDK imports from here directly.
+ */
+
+/** Scope shape. Three flavors today; platforms may register more over time. */
+type ScopeType = "system" | "business_unit" | "platform";
+/** Subjects the IAM engine can authorize. `service` covers M2M; `api_key` is legacy. */
+type SubjectType = "user" | "service" | "api_key";
+interface Scope {
+    id: string;
+    type: ScopeType;
+    externalId: string | null;
+    parentScopeId: string | null;
+    parentScope?: {
+        id: string;
+        type: ScopeType;
+        externalId: string | null;
+    } | null;
+    metadata: Record<string, unknown>;
+    createdAt: string;
+    updatedAt?: string;
+}
+interface CreateScopeInput {
+    type: ScopeType;
+    externalId?: string | null;
+    parentScopeId?: string | null;
+    metadata?: Record<string, unknown>;
+}
+interface Assignment {
+    id: string;
+    subjectType: SubjectType;
+    subjectId: string;
+    roleId: string;
+    scopeId: string;
+    grantedBy: string;
+    grantedAt: string;
+    expiresAt: string | null;
+}
+interface CreateAssignmentInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    roleId: string;
+    scopeId: string;
+    expiresAt?: string | null;
+}
+interface AuthorizeInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    scopeId: string;
+    /** Either a single permission string (`"read:Member"`) or the wildcard. */
+    permission: RoadPermission | (string & {});
+}
+interface AuthorizeResult {
+    allowed: boolean;
+    reason: string;
+    /** Scope chain that was walked during evaluation (target → ... → root). */
+    evaluatedScopes: string[];
+}
+interface AuthorizeBatchInput {
+    subjectType: SubjectType;
+    subjectId: string;
+    scopeId: string;
+    permissions: Array<RoadPermission | (string & {})>;
+}
+interface AuthorizeBatchResult {
+    results: Array<{
+        permission: string;
+        allowed: boolean;
+    }>;
+}
+interface EffectivePermissionsResult {
+    /** Expanded permissions; `manage:X` has been expanded into the CRUD set. */
+    permissions: string[];
+}
+interface Session {
+    id: string;
+    deviceName: string;
+    ipAddress: string | null;
+    userAgent?: string;
+    provider: string;
+    lastUsedAt: string;
+    createdAt: string;
+    current: boolean;
+}
+
+export type { Assignment, AuthorizeBatchInput, AuthorizeBatchResult, AuthorizeInput, AuthorizeResult, CreateAssignmentInput, CreateScopeInput, EffectivePermissionsResult, Scope, ScopeType, Session, SubjectType };

package/dist/iam.js

@@ -0,0 +1 @@
+//# sourceMappingURL=iam.js.map

package/dist/iam.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.cjs

@@ -0,0 +1,66 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ROAD_API_CONTRACT: () => ROAD_API_CONTRACT,
+  ROAD_API_URLS: () => ROAD_API_URLS,
+  ROAD_CORE_ACTIONS: () => ROAD_CORE_ACTIONS,
+  ROAD_CORE_SUBJECTS: () => ROAD_CORE_SUBJECTS,
+  ROAD_WILDCARD_PERMISSION: () => ROAD_WILDCARD_PERMISSION
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/api-contract.ts
+var ROAD_API_CONTRACT = "alpha";
+
+// src/api-urls.ts
+var ROAD_API_URLS = {
+  production: "https://api.road.app",
+  sandbox: "https://api.road-sandbox.b1.app"
+};
+
+// src/permissions.ts
+var ROAD_CORE_ACTIONS = [
+  "create",
+  "read",
+  "update",
+  "delete",
+  "manage"
+];
+var ROAD_CORE_SUBJECTS = [
+  "BusinessUnit",
+  "BUDashboard",
+  "BUSettings",
+  "Member",
+  "Role",
+  "Permission",
+  "Invitation"
+];
+var ROAD_WILDCARD_PERMISSION = "*";
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ROAD_API_CONTRACT,
+  ROAD_API_URLS,
+  ROAD_CORE_ACTIONS,
+  ROAD_CORE_SUBJECTS,
+  ROAD_WILDCARD_PERMISSION
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/api-contract.ts","../src/api-urls.ts","../src/permissions.ts"],"sourcesContent":["export * from \"./api-contract\";\nexport * from \"./api-urls\";\nexport * from \"./entities\";\nexport * from \"./inputs\";\nexport * from \"./permissions\";\n","/**\n * The Road API **contract version** — the major boundary of the HTTP wire\n * surface. The Road API mounts every route under `/api/<contract>`, and every\n * SDK builds its base path as `${host}/api/${ROAD_API_CONTRACT}`.\n *\n * This is the single source of truth for that value. The Road API imports it\n * for its global prefix; the in-repo clients (admin, tester) and the published\n * SDKs read it from here. It is **not** environment configuration — it is\n * identical in every environment and changes only by a deliberate edit when the\n * wire contract makes a breaking change: `alpha` → `v1` → `v2`.\n *\n * Promoting this from `alpha` to `v1` is the trigger to take the SDKs to their\n * first stable `1.0.0`. See `docs/plans/14-sdk-publishing-and-versioning.md`.\n */\nexport const ROAD_API_CONTRACT = \"alpha\" as const;\n\nexport type RoadApiContract = typeof ROAD_API_CONTRACT;\n","/**\n * Road's hosted API base URLs. SDKs default to ROAD_API_URLS.production; the\n * sandbox URL is the deployed Road sandbox (override via the SDK's apiBaseUrl\n * config if you're running against a different environment, eg. local dev or\n * a private staging cluster).\n *\n * If the deployed sandbox hostname changes, update this constant — it's the\n * single source of truth every SDK reads from.\n */\nexport const ROAD_API_URLS = {\n  production: \"https://api.road.app\",\n  sandbox: \"https://api.road-sandbox.b1.app\",\n} as const;\n\nexport type RoadEnvironment = keyof typeof ROAD_API_URLS;\n","/**\n * Road IAM permission algebra. Permissions are `${action}:${subject}` strings;\n * the wildcard `\"*\"` short-circuits to true for every action in a scope.\n *\n * The widget catalog calls into actions and subjects Road ships by default\n * (the union types below). Platforms can declare their own actions and\n * subjects in their IAM catalog — those flow through useCan as plain strings,\n * still type-safe via `RoadPermission | (string & {})` in the React SDK.\n */\n\n/**\n * The CRUD verbs Road's IAM engine recognizes, plus `manage` which the\n * engine expands server-side into the full CRUD set for the same subject\n * (`manage:Member` ⇒ also `create|read|update|delete:Member` in the\n * effective-permissions response).\n *\n * Platforms can register their own actions (`approve`, `submit`, `list`, …)\n * — those flow through useCan as plain strings (the `(string & {})` part\n * of PermissionInput in the React SDK), still type-safe via that escape.\n */\nexport type RoadAction = \"create\" | \"read\" | \"update\" | \"delete\" | \"manage\";\n\n/**\n * Built-in subjects Road's own permissions cover. Mirrors the subjects\n * registered in the API's `Subjects` constant\n * (apps/api/src/modules/iam/authorization/constants/subjects.ts), limited\n * to the subjects user-facing widgets actually surface:\n *\n *   - BusinessUnit: system-level — create new BUs\n *   - BUDashboard: BU-level — read a BU's detail page\n *   - BUSettings: BU-level — edit a BU's settings\n *   - Member, Role, Permission, Invitation: BU-level CRUD\n *\n * Admin / platform-engineer subjects (System, Platform, AdminUser,\n * PlatformIdentity, …) are not exposed here — they belong to a future\n * developer-facing widget (and admin SDK), not the customer-facing toolkit.\n *\n * Platform-specific subjects (eg. A4L's `Agent`) are not enumerated —\n * platforms register them at runtime under their own scope, and useCan's\n * `(string & {})` accepts them without complaint.\n */\nexport type RoadCoreSubject =\n  | \"BusinessUnit\"\n  | \"BUDashboard\"\n  | \"BUSettings\"\n  | \"Member\"\n  | \"Role\"\n  | \"Permission\"\n  | \"Invitation\";\n\n/** `${action}:${Subject}` for the core set, plus the wildcard. */\nexport type RoadPermission = `${RoadAction}:${RoadCoreSubject}` | \"*\";\n\n/** Runtime array of the core actions — handy for iteration or validation. */\nexport const ROAD_CORE_ACTIONS = [\n  \"create\",\n  \"read\",\n  \"update\",\n  \"delete\",\n  \"manage\",\n] as const satisfies readonly RoadAction[];\n\n/** Runtime array of the core subjects — handy for iteration or validation. */\nexport const ROAD_CORE_SUBJECTS = [\n  \"BusinessUnit\",\n  \"BUDashboard\",\n  \"BUSettings\",\n  \"Member\",\n  \"Role\",\n  \"Permission\",\n  \"Invitation\",\n] as const satisfies readonly RoadCoreSubject[];\n\n/** The wildcard permission string. Use this instead of literal \"*\" for grep-ability. */\nexport const ROAD_WILDCARD_PERMISSION = \"*\" as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACcO,IAAM,oBAAoB;;;ACL1B,IAAM,gBAAgB;AAAA,EAC3B,YAAY;AAAA,EACZ,SAAS;AACX;;;AC0CO,IAAM,oBAAoB;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,2BAA2B;","names":[]}

package/dist/index.d.cts

@@ -0,0 +1,186 @@
+export { R as ROAD_CORE_ACTIONS, a as ROAD_CORE_SUBJECTS, b as ROAD_WILDCARD_PERMISSION, c as RoadAction, d as RoadCoreSubject, e as RoadPermission } from './permissions-BSbomCrB.cjs';
+
+/**
+ * The Road API **contract version** — the major boundary of the HTTP wire
+ * surface. The Road API mounts every route under `/api/<contract>`, and every
+ * SDK builds its base path as `${host}/api/${ROAD_API_CONTRACT}`.
+ *
+ * This is the single source of truth for that value. The Road API imports it
+ * for its global prefix; the in-repo clients (admin, tester) and the published
+ * SDKs read it from here. It is **not** environment configuration — it is
+ * identical in every environment and changes only by a deliberate edit when the
+ * wire contract makes a breaking change: `alpha` → `v1` → `v2`.
+ *
+ * Promoting this from `alpha` to `v1` is the trigger to take the SDKs to their
+ * first stable `1.0.0`. See `docs/plans/14-sdk-publishing-and-versioning.md`.
+ */
+declare const ROAD_API_CONTRACT: "alpha";
+type RoadApiContract = typeof ROAD_API_CONTRACT;
+
+/**
+ * Road's hosted API base URLs. SDKs default to ROAD_API_URLS.production; the
+ * sandbox URL is the deployed Road sandbox (override via the SDK's apiBaseUrl
+ * config if you're running against a different environment, eg. local dev or
+ * a private staging cluster).
+ *
+ * If the deployed sandbox hostname changes, update this constant — it's the
+ * single source of truth every SDK reads from.
+ */
+declare const ROAD_API_URLS: {
+    readonly production: "https://api.road.app";
+    readonly sandbox: "https://api.road-sandbox.b1.app";
+};
+type RoadEnvironment = keyof typeof ROAD_API_URLS;
+
+type BUStatus = "active" | "suspended" | "archived";
+type MemberStatus = "active" | "suspended" | "pending";
+interface CurrentUser {
+    id: string;
+    name: string;
+    email: string;
+    avatarUrl?: string;
+}
+interface BusinessUnitSummary {
+    id: string;
+    name: string;
+    slug: string;
+}
+interface BusinessUnitDetail {
+    id: string;
+    name: string;
+    slug: string;
+    status: BUStatus;
+    memberCount: number;
+    memberLimit: number | null;
+    joinCode: string | null;
+    createdAt: string;
+    /**
+     * Road IAM scope ID for this BU. The HTTP client uses it to call the
+     * per-scope role/permission endpoints (/iam/authorization/scopes/:scopeId/…).
+     * Exposed because the SDK needs it for role wiring; integrators usually
+     * don't need to touch it.
+     */
+    iamScopeId: string;
+}
+interface RoleRef {
+    id: string;
+    name: string;
+}
+interface Membership {
+    businessUnit: BusinessUnitSummary;
+    status: MemberStatus;
+    joinedAt: string;
+    roles: RoleRef[];
+}
+interface PendingInvitation {
+    id: string;
+    businessUnit: BusinessUnitSummary;
+    roleName: string;
+    expiresAt: string;
+}
+interface MyBusinessUnits {
+    memberships: Membership[];
+    pendingInvitations: PendingInvitation[];
+}
+interface Member {
+    id: string;
+    userId: string;
+    status: MemberStatus;
+    joinedAt: string;
+    name: string;
+    email: string;
+    roles: RoleRef[];
+}
+interface Invitation {
+    id: string;
+    email: string;
+    roleId: string;
+    roleName: string;
+    status: "pending" | "accepted" | "expired" | "cancelled";
+    invitedAt: string;
+    expiresAt: string;
+}
+interface Role {
+    id: string;
+    name: string;
+    description: string;
+    permissions: string[];
+    isSystem: boolean;
+    memberCount: number;
+}
+interface Permission {
+    id: string;
+    code: string;
+    name: string;
+    description: string;
+    /** Subject group (e.g. "Member", "Role", "BusinessUnit") used to group in the picker. */
+    category: string;
+}
+/**
+ * Effective permissions for the current user, keyed by business-unit ID.
+ * A value of `["*"]` (ROAD_WILDCARD_PERMISSION) grants every action in that BU.
+ */
+type MyPermissions = Record<string, string[]>;
+/**
+ * Cursor-paginated list response. The API issues opaque base64-url cursors
+ * the client treats as opaque — no parsing or arithmetic on the SDK side.
+ * `cursor` is null when no further page exists; `hasMore` is the canonical
+ * "more rows after this page" signal, redundant with `cursor !== null`.
+ */
+interface PageInfo {
+    /** Opaque cursor for the next page. Null when this is the last page. */
+    cursor: string | null;
+    /** True iff there is at least one row past this page. */
+    hasMore: boolean;
+    /** Total count of rows matching the filter, across all pages. */
+    totalCount: number;
+}
+/**
+ * Generic paged response shape returned from listing endpoints with
+ * cursor pagination (members, roles, invitations). Convertible 1:1 to
+ * React Query's useInfiniteQuery `pageParam` flow via `pageInfo.cursor`.
+ */
+interface PaginatedList<T> {
+    items: T[];
+    pageInfo: PageInfo;
+}
+/**
+ * Input shape for any paginated list call. Both fields are optional —
+ * omitting both fetches the first page with the API's default page size
+ * (currently 20).
+ */
+interface PaginationInput {
+    /** Opaque cursor from a previous `pageInfo.cursor`. Omit for the first page. */
+    cursor?: string;
+    /** Page size. Default 20, max 100 (server-enforced). */
+    limit?: number;
+}
+
+interface CreateBusinessUnitInput {
+    name: string;
+    slug?: string;
+    memberLimit?: number | null;
+}
+interface UpdateBusinessUnitInput {
+    name?: string;
+    slug?: string;
+    memberLimit?: number | null;
+}
+interface CreateRoleInput {
+    name: string;
+    description?: string;
+    permissions: string[];
+    /** Source role ID when "clone from existing"; informational only. */
+    cloneFromRoleId?: string;
+}
+interface UpdateRoleInput {
+    name?: string;
+    description?: string;
+    permissions?: string[];
+}
+interface CreateInvitationInput {
+    email: string;
+    roleId: string;
+}
+
+export { type BUStatus, type BusinessUnitDetail, type BusinessUnitSummary, type CreateBusinessUnitInput, type CreateInvitationInput, type CreateRoleInput, type CurrentUser, type Invitation, type Member, type MemberStatus, type Membership, type MyBusinessUnits, type MyPermissions, type PageInfo, type PaginatedList, type PaginationInput, type PendingInvitation, type Permission, ROAD_API_CONTRACT, ROAD_API_URLS, type RoadApiContract, type RoadEnvironment, type Role, type RoleRef, type UpdateBusinessUnitInput, type UpdateRoleInput };

package/dist/index.d.ts

@@ -0,0 +1,186 @@
+export { R as ROAD_CORE_ACTIONS, a as ROAD_CORE_SUBJECTS, b as ROAD_WILDCARD_PERMISSION, c as RoadAction, d as RoadCoreSubject, e as RoadPermission } from './permissions-BSbomCrB.js';
+
+/**
+ * The Road API **contract version** — the major boundary of the HTTP wire
+ * surface. The Road API mounts every route under `/api/<contract>`, and every
+ * SDK builds its base path as `${host}/api/${ROAD_API_CONTRACT}`.
+ *
+ * This is the single source of truth for that value. The Road API imports it
+ * for its global prefix; the in-repo clients (admin, tester) and the published
+ * SDKs read it from here. It is **not** environment configuration — it is
+ * identical in every environment and changes only by a deliberate edit when the
+ * wire contract makes a breaking change: `alpha` → `v1` → `v2`.
+ *
+ * Promoting this from `alpha` to `v1` is the trigger to take the SDKs to their
+ * first stable `1.0.0`. See `docs/plans/14-sdk-publishing-and-versioning.md`.
+ */
+declare const ROAD_API_CONTRACT: "alpha";
+type RoadApiContract = typeof ROAD_API_CONTRACT;
+
+/**
+ * Road's hosted API base URLs. SDKs default to ROAD_API_URLS.production; the
+ * sandbox URL is the deployed Road sandbox (override via the SDK's apiBaseUrl
+ * config if you're running against a different environment, eg. local dev or
+ * a private staging cluster).
+ *
+ * If the deployed sandbox hostname changes, update this constant — it's the
+ * single source of truth every SDK reads from.
+ */
+declare const ROAD_API_URLS: {
+    readonly production: "https://api.road.app";
+    readonly sandbox: "https://api.road-sandbox.b1.app";
+};
+type RoadEnvironment = keyof typeof ROAD_API_URLS;
+
+type BUStatus = "active" | "suspended" | "archived";
+type MemberStatus = "active" | "suspended" | "pending";
+interface CurrentUser {
+    id: string;
+    name: string;
+    email: string;
+    avatarUrl?: string;
+}
+interface BusinessUnitSummary {
+    id: string;
+    name: string;
+    slug: string;
+}
+interface BusinessUnitDetail {
+    id: string;
+    name: string;
+    slug: string;
+    status: BUStatus;
+    memberCount: number;
+    memberLimit: number | null;
+    joinCode: string | null;
+    createdAt: string;
+    /**
+     * Road IAM scope ID for this BU. The HTTP client uses it to call the
+     * per-scope role/permission endpoints (/iam/authorization/scopes/:scopeId/…).
+     * Exposed because the SDK needs it for role wiring; integrators usually
+     * don't need to touch it.
+     */
+    iamScopeId: string;
+}
+interface RoleRef {
+    id: string;
+    name: string;
+}
+interface Membership {
+    businessUnit: BusinessUnitSummary;
+    status: MemberStatus;
+    joinedAt: string;
+    roles: RoleRef[];
+}
+interface PendingInvitation {
+    id: string;
+    businessUnit: BusinessUnitSummary;
+    roleName: string;
+    expiresAt: string;
+}
+interface MyBusinessUnits {
+    memberships: Membership[];
+    pendingInvitations: PendingInvitation[];
+}
+interface Member {
+    id: string;
+    userId: string;
+    status: MemberStatus;
+    joinedAt: string;
+    name: string;
+    email: string;
+    roles: RoleRef[];
+}
+interface Invitation {
+    id: string;
+    email: string;
+    roleId: string;
+    roleName: string;
+    status: "pending" | "accepted" | "expired" | "cancelled";
+    invitedAt: string;
+    expiresAt: string;
+}
+interface Role {
+    id: string;
+    name: string;
+    description: string;
+    permissions: string[];
+    isSystem: boolean;
+    memberCount: number;
+}
+interface Permission {
+    id: string;
+    code: string;
+    name: string;
+    description: string;
+    /** Subject group (e.g. "Member", "Role", "BusinessUnit") used to group in the picker. */
+    category: string;
+}
+/**
+ * Effective permissions for the current user, keyed by business-unit ID.
+ * A value of `["*"]` (ROAD_WILDCARD_PERMISSION) grants every action in that BU.
+ */
+type MyPermissions = Record<string, string[]>;
+/**
+ * Cursor-paginated list response. The API issues opaque base64-url cursors
+ * the client treats as opaque — no parsing or arithmetic on the SDK side.
+ * `cursor` is null when no further page exists; `hasMore` is the canonical
+ * "more rows after this page" signal, redundant with `cursor !== null`.
+ */
+interface PageInfo {
+    /** Opaque cursor for the next page. Null when this is the last page. */
+    cursor: string | null;
+    /** True iff there is at least one row past this page. */
+    hasMore: boolean;
+    /** Total count of rows matching the filter, across all pages. */
+    totalCount: number;
+}
+/**
+ * Generic paged response shape returned from listing endpoints with
+ * cursor pagination (members, roles, invitations). Convertible 1:1 to
+ * React Query's useInfiniteQuery `pageParam` flow via `pageInfo.cursor`.
+ */
+interface PaginatedList<T> {
+    items: T[];
+    pageInfo: PageInfo;
+}
+/**
+ * Input shape for any paginated list call. Both fields are optional —
+ * omitting both fetches the first page with the API's default page size
+ * (currently 20).
+ */
+interface PaginationInput {
+    /** Opaque cursor from a previous `pageInfo.cursor`. Omit for the first page. */
+    cursor?: string;
+    /** Page size. Default 20, max 100 (server-enforced). */
+    limit?: number;
+}
+
+interface CreateBusinessUnitInput {
+    name: string;
+    slug?: string;
+    memberLimit?: number | null;
+}
+interface UpdateBusinessUnitInput {
+    name?: string;
+    slug?: string;
+    memberLimit?: number | null;
+}
+interface CreateRoleInput {
+    name: string;
+    description?: string;
+    permissions: string[];
+    /** Source role ID when "clone from existing"; informational only. */
+    cloneFromRoleId?: string;
+}
+interface UpdateRoleInput {
+    name?: string;
+    description?: string;
+    permissions?: string[];
+}
+interface CreateInvitationInput {
+    email: string;
+    roleId: string;
+}
+
+export { type BUStatus, type BusinessUnitDetail, type BusinessUnitSummary, type CreateBusinessUnitInput, type CreateInvitationInput, type CreateRoleInput, type CurrentUser, type Invitation, type Member, type MemberStatus, type Membership, type MyBusinessUnits, type MyPermissions, type PageInfo, type PaginatedList, type PaginationInput, type PendingInvitation, type Permission, ROAD_API_CONTRACT, ROAD_API_URLS, type RoadApiContract, type RoadEnvironment, type Role, type RoleRef, type UpdateBusinessUnitInput, type UpdateRoleInput };

package/dist/index.js

@@ -0,0 +1,35 @@
+// src/api-contract.ts
+var ROAD_API_CONTRACT = "alpha";
+
+// src/api-urls.ts
+var ROAD_API_URLS = {
+  production: "https://api.road.app",
+  sandbox: "https://api.road-sandbox.b1.app"
+};
+
+// src/permissions.ts
+var ROAD_CORE_ACTIONS = [
+  "create",
+  "read",
+  "update",
+  "delete",
+  "manage"
+];
+var ROAD_CORE_SUBJECTS = [
+  "BusinessUnit",
+  "BUDashboard",
+  "BUSettings",
+  "Member",
+  "Role",
+  "Permission",
+  "Invitation"
+];
+var ROAD_WILDCARD_PERMISSION = "*";
+export {
+  ROAD_API_CONTRACT,
+  ROAD_API_URLS,
+  ROAD_CORE_ACTIONS,
+  ROAD_CORE_SUBJECTS,
+  ROAD_WILDCARD_PERMISSION
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/api-contract.ts","../src/api-urls.ts","../src/permissions.ts"],"sourcesContent":["/**\n * The Road API **contract version** — the major boundary of the HTTP wire\n * surface. The Road API mounts every route under `/api/<contract>`, and every\n * SDK builds its base path as `${host}/api/${ROAD_API_CONTRACT}`.\n *\n * This is the single source of truth for that value. The Road API imports it\n * for its global prefix; the in-repo clients (admin, tester) and the published\n * SDKs read it from here. It is **not** environment configuration — it is\n * identical in every environment and changes only by a deliberate edit when the\n * wire contract makes a breaking change: `alpha` → `v1` → `v2`.\n *\n * Promoting this from `alpha` to `v1` is the trigger to take the SDKs to their\n * first stable `1.0.0`. See `docs/plans/14-sdk-publishing-and-versioning.md`.\n */\nexport const ROAD_API_CONTRACT = \"alpha\" as const;\n\nexport type RoadApiContract = typeof ROAD_API_CONTRACT;\n","/**\n * Road's hosted API base URLs. SDKs default to ROAD_API_URLS.production; the\n * sandbox URL is the deployed Road sandbox (override via the SDK's apiBaseUrl\n * config if you're running against a different environment, eg. local dev or\n * a private staging cluster).\n *\n * If the deployed sandbox hostname changes, update this constant — it's the\n * single source of truth every SDK reads from.\n */\nexport const ROAD_API_URLS = {\n  production: \"https://api.road.app\",\n  sandbox: \"https://api.road-sandbox.b1.app\",\n} as const;\n\nexport type RoadEnvironment = keyof typeof ROAD_API_URLS;\n","/**\n * Road IAM permission algebra. Permissions are `${action}:${subject}` strings;\n * the wildcard `\"*\"` short-circuits to true for every action in a scope.\n *\n * The widget catalog calls into actions and subjects Road ships by default\n * (the union types below). Platforms can declare their own actions and\n * subjects in their IAM catalog — those flow through useCan as plain strings,\n * still type-safe via `RoadPermission | (string & {})` in the React SDK.\n */\n\n/**\n * The CRUD verbs Road's IAM engine recognizes, plus `manage` which the\n * engine expands server-side into the full CRUD set for the same subject\n * (`manage:Member` ⇒ also `create|read|update|delete:Member` in the\n * effective-permissions response).\n *\n * Platforms can register their own actions (`approve`, `submit`, `list`, …)\n * — those flow through useCan as plain strings (the `(string & {})` part\n * of PermissionInput in the React SDK), still type-safe via that escape.\n */\nexport type RoadAction = \"create\" | \"read\" | \"update\" | \"delete\" | \"manage\";\n\n/**\n * Built-in subjects Road's own permissions cover. Mirrors the subjects\n * registered in the API's `Subjects` constant\n * (apps/api/src/modules/iam/authorization/constants/subjects.ts), limited\n * to the subjects user-facing widgets actually surface:\n *\n *   - BusinessUnit: system-level — create new BUs\n *   - BUDashboard: BU-level — read a BU's detail page\n *   - BUSettings: BU-level — edit a BU's settings\n *   - Member, Role, Permission, Invitation: BU-level CRUD\n *\n * Admin / platform-engineer subjects (System, Platform, AdminUser,\n * PlatformIdentity, …) are not exposed here — they belong to a future\n * developer-facing widget (and admin SDK), not the customer-facing toolkit.\n *\n * Platform-specific subjects (eg. A4L's `Agent`) are not enumerated —\n * platforms register them at runtime under their own scope, and useCan's\n * `(string & {})` accepts them without complaint.\n */\nexport type RoadCoreSubject =\n  | \"BusinessUnit\"\n  | \"BUDashboard\"\n  | \"BUSettings\"\n  | \"Member\"\n  | \"Role\"\n  | \"Permission\"\n  | \"Invitation\";\n\n/** `${action}:${Subject}` for the core set, plus the wildcard. */\nexport type RoadPermission = `${RoadAction}:${RoadCoreSubject}` | \"*\";\n\n/** Runtime array of the core actions — handy for iteration or validation. */\nexport const ROAD_CORE_ACTIONS = [\n  \"create\",\n  \"read\",\n  \"update\",\n  \"delete\",\n  \"manage\",\n] as const satisfies readonly RoadAction[];\n\n/** Runtime array of the core subjects — handy for iteration or validation. */\nexport const ROAD_CORE_SUBJECTS = [\n  \"BusinessUnit\",\n  \"BUDashboard\",\n  \"BUSettings\",\n  \"Member\",\n  \"Role\",\n  \"Permission\",\n  \"Invitation\",\n] as const satisfies readonly RoadCoreSubject[];\n\n/** The wildcard permission string. Use this instead of literal \"*\" for grep-ability. */\nexport const ROAD_WILDCARD_PERMISSION = \"*\" as const;\n"],"mappings":";AAcO,IAAM,oBAAoB;;;ACL1B,IAAM,gBAAgB;AAAA,EAC3B,YAAY;AAAA,EACZ,SAAS;AACX;;;AC0CO,IAAM,oBAAoB;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,2BAA2B;","names":[]}

package/dist/permissions-BSbomCrB.d.cts

@@ -0,0 +1,50 @@
+/**
+ * Road IAM permission algebra. Permissions are `${action}:${subject}` strings;
+ * the wildcard `"*"` short-circuits to true for every action in a scope.
+ *
+ * The widget catalog calls into actions and subjects Road ships by default
+ * (the union types below). Platforms can declare their own actions and
+ * subjects in their IAM catalog — those flow through useCan as plain strings,
+ * still type-safe via `RoadPermission | (string & {})` in the React SDK.
+ */
+/**
+ * The CRUD verbs Road's IAM engine recognizes, plus `manage` which the
+ * engine expands server-side into the full CRUD set for the same subject
+ * (`manage:Member` ⇒ also `create|read|update|delete:Member` in the
+ * effective-permissions response).
+ *
+ * Platforms can register their own actions (`approve`, `submit`, `list`, …)
+ * — those flow through useCan as plain strings (the `(string & {})` part
+ * of PermissionInput in the React SDK), still type-safe via that escape.
+ */
+type RoadAction = "create" | "read" | "update" | "delete" | "manage";
+/**
+ * Built-in subjects Road's own permissions cover. Mirrors the subjects
+ * registered in the API's `Subjects` constant
+ * (apps/api/src/modules/iam/authorization/constants/subjects.ts), limited
+ * to the subjects user-facing widgets actually surface:
+ *
+ *   - BusinessUnit: system-level — create new BUs
+ *   - BUDashboard: BU-level — read a BU's detail page
+ *   - BUSettings: BU-level — edit a BU's settings
+ *   - Member, Role, Permission, Invitation: BU-level CRUD
+ *
+ * Admin / platform-engineer subjects (System, Platform, AdminUser,
+ * PlatformIdentity, …) are not exposed here — they belong to a future
+ * developer-facing widget (and admin SDK), not the customer-facing toolkit.
+ *
+ * Platform-specific subjects (eg. A4L's `Agent`) are not enumerated —
+ * platforms register them at runtime under their own scope, and useCan's
+ * `(string & {})` accepts them without complaint.
+ */
+type RoadCoreSubject = "BusinessUnit" | "BUDashboard" | "BUSettings" | "Member" | "Role" | "Permission" | "Invitation";
+/** `${action}:${Subject}` for the core set, plus the wildcard. */
+type RoadPermission = `${RoadAction}:${RoadCoreSubject}` | "*";
+/** Runtime array of the core actions — handy for iteration or validation. */
+declare const ROAD_CORE_ACTIONS: readonly ["create", "read", "update", "delete", "manage"];
+/** Runtime array of the core subjects — handy for iteration or validation. */
+declare const ROAD_CORE_SUBJECTS: readonly ["BusinessUnit", "BUDashboard", "BUSettings", "Member", "Role", "Permission", "Invitation"];
+/** The wildcard permission string. Use this instead of literal "*" for grep-ability. */
+declare const ROAD_WILDCARD_PERMISSION: "*";
+
+export { ROAD_CORE_ACTIONS as R, ROAD_CORE_SUBJECTS as a, ROAD_WILDCARD_PERMISSION as b, type RoadAction as c, type RoadCoreSubject as d, type RoadPermission as e };

package/dist/permissions-BSbomCrB.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Road IAM permission algebra. Permissions are `${action}:${subject}` strings;
+ * the wildcard `"*"` short-circuits to true for every action in a scope.
+ *
+ * The widget catalog calls into actions and subjects Road ships by default
+ * (the union types below). Platforms can declare their own actions and
+ * subjects in their IAM catalog — those flow through useCan as plain strings,
+ * still type-safe via `RoadPermission | (string & {})` in the React SDK.
+ */
+/**
+ * The CRUD verbs Road's IAM engine recognizes, plus `manage` which the
+ * engine expands server-side into the full CRUD set for the same subject
+ * (`manage:Member` ⇒ also `create|read|update|delete:Member` in the
+ * effective-permissions response).
+ *
+ * Platforms can register their own actions (`approve`, `submit`, `list`, …)
+ * — those flow through useCan as plain strings (the `(string & {})` part
+ * of PermissionInput in the React SDK), still type-safe via that escape.
+ */
+type RoadAction = "create" | "read" | "update" | "delete" | "manage";
+/**
+ * Built-in subjects Road's own permissions cover. Mirrors the subjects
+ * registered in the API's `Subjects` constant
+ * (apps/api/src/modules/iam/authorization/constants/subjects.ts), limited
+ * to the subjects user-facing widgets actually surface:
+ *
+ *   - BusinessUnit: system-level — create new BUs
+ *   - BUDashboard: BU-level — read a BU's detail page
+ *   - BUSettings: BU-level — edit a BU's settings
+ *   - Member, Role, Permission, Invitation: BU-level CRUD
+ *
+ * Admin / platform-engineer subjects (System, Platform, AdminUser,
+ * PlatformIdentity, …) are not exposed here — they belong to a future
+ * developer-facing widget (and admin SDK), not the customer-facing toolkit.
+ *
+ * Platform-specific subjects (eg. A4L's `Agent`) are not enumerated —
+ * platforms register them at runtime under their own scope, and useCan's
+ * `(string & {})` accepts them without complaint.
+ */
+type RoadCoreSubject = "BusinessUnit" | "BUDashboard" | "BUSettings" | "Member" | "Role" | "Permission" | "Invitation";
+/** `${action}:${Subject}` for the core set, plus the wildcard. */
+type RoadPermission = `${RoadAction}:${RoadCoreSubject}` | "*";
+/** Runtime array of the core actions — handy for iteration or validation. */
+declare const ROAD_CORE_ACTIONS: readonly ["create", "read", "update", "delete", "manage"];
+/** Runtime array of the core subjects — handy for iteration or validation. */
+declare const ROAD_CORE_SUBJECTS: readonly ["BusinessUnit", "BUDashboard", "BUSettings", "Member", "Role", "Permission", "Invitation"];
+/** The wildcard permission string. Use this instead of literal "*" for grep-ability. */
+declare const ROAD_WILDCARD_PERMISSION: "*";
+
+export { ROAD_CORE_ACTIONS as R, ROAD_CORE_SUBJECTS as a, ROAD_WILDCARD_PERMISSION as b, type RoadAction as c, type RoadCoreSubject as d, type RoadPermission as e };

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@b1-road/types",
+  "version": "0.1.0-alpha.0",
+  "type": "module",
+  "description": "Shared types and constants for every @b1-road SDK — entities, permission algebra, hosted API URLs.",
+  "license": "MIT",
+  "author": "B1 Produtos Digitais Ltda",
+  "homepage": "https://portal.road.b1.app",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/B1Company/road.git",
+    "directory": "apps/sdks/road-types"
+  },
+  "bugs": {
+    "url": "https://portal.road.b1.app"
+  },
+  "keywords": [
+    "road",
+    "iam",
+    "rbac",
+    "authorization",
+    "types",
+    "b1"
+  ],
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": { "types": "./dist/index.d.ts", "default": "./dist/index.js" },
+      "require": { "types": "./dist/index.d.cts", "default": "./dist/index.cjs" }
+    },
+    "./iam": {
+      "import": { "types": "./dist/iam.d.ts", "default": "./dist/iam.js" },
+      "require": { "types": "./dist/iam.d.cts", "default": "./dist/iam.cjs" }
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "sideEffects": false,
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "build": "tsup",
+    "prepack": "npm run build"
+  },
+  "devDependencies": {
+    "tsup": "^8.5.1",
+    "typescript": "^5.7.0"
+  }
+}