npm - @cat-factory/workspaces - Versions diffs - 0.6.0 - Mend

@cat-factory/workspaces 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/LICENSE +21 -0
package/dist/index.d.ts +5 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +6 -0
package/dist/index.js.map +1 -0
package/dist/modules/accounts/AccountService.d.ts +68 -0
package/dist/modules/accounts/AccountService.d.ts.map +1 -0
package/dist/modules/accounts/AccountService.js +201 -0
package/dist/modules/accounts/AccountService.js.map +1 -0
package/dist/modules/invitations/InvitationService.d.ts +51 -0
package/dist/modules/invitations/InvitationService.d.ts.map +1 -0
package/dist/modules/invitations/InvitationService.js +154 -0
package/dist/modules/invitations/InvitationService.js.map +1 -0
package/dist/modules/users/UserService.d.ts +65 -0
package/dist/modules/users/UserService.d.ts.map +1 -0
package/dist/modules/users/UserService.js +175 -0
package/dist/modules/users/UserService.js.map +1 -0
package/dist/modules/workspaces/WorkspaceService.d.ts +77 -0
package/dist/modules/workspaces/WorkspaceService.d.ts.map +1 -0
package/dist/modules/workspaces/WorkspaceService.js +193 -0
package/dist/modules/workspaces/WorkspaceService.js.map +1 -0
package/package.json +32 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Igor Savin
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { WorkspaceService, type WorkspaceServiceDependencies, } from './modules/workspaces/WorkspaceService.js';
+export { AccountService, type AccountServiceDependencies, type AccountUser, } from './modules/accounts/AccountService.js';
+export { UserService, type UserServiceDependencies, type IdentityProfile, } from './modules/users/UserService.js';
+export { InvitationService, type InvitationServiceDependencies, type CreatedInvitation, } from './modules/invitations/InvitationService.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,gBAAgB,EAChB,KAAK,4BAA4B,GAClC,MAAM,0CAA0C,CAAA;AACjD,OAAO,EACL,cAAc,EACd,KAAK,0BAA0B,EAC/B,KAAK,WAAW,GACjB,MAAM,sCAAsC,CAAA;AAC7C,OAAO,EACL,WAAW,EACX,KAAK,uBAAuB,EAC5B,KAAK,eAAe,GACrB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EACL,iBAAiB,EACjB,KAAK,6BAA6B,EAClC,KAAK,iBAAiB,GACvB,MAAM,4CAA4C,CAAA"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+// Public surface of the tenancy base layer.
+export { WorkspaceService, } from './modules/workspaces/WorkspaceService.js';
+export { AccountService, } from './modules/accounts/AccountService.js';
+export { UserService, } from './modules/users/UserService.js';
+export { InvitationService, } from './modules/invitations/InvitationService.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAE5C,OAAO,EACL,gBAAgB,GAEjB,MAAM,0CAA0C,CAAA;AACjD,OAAO,EACL,cAAc,GAGf,MAAM,sCAAsC,CAAA;AAC7C,OAAO,EACL,WAAW,GAGZ,MAAM,gCAAgC,CAAA;AACvC,OAAO,EACL,iBAAiB,GAGlB,MAAM,4CAA4C,CAAA"}

package/dist/modules/accounts/AccountService.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import type { Account, AccountMember, AccountRole, CreateAccountInput, UpdateAccountInput } from '@cat-factory/kernel';
+import type { AccountRecord, AccountRepository, Membership, MembershipRepository, UserRepository } from '@cat-factory/kernel';
+import type { Clock, IdGenerator } from '@cat-factory/kernel';
+export interface AccountServiceDependencies {
+    accountRepository: AccountRepository;
+    membershipRepository: MembershipRepository;
+    idGenerator: IdGenerator;
+    clock: Clock;
+    /** Optional: resolve member display details (name/email/avatar) for the roster. */
+    userRepository?: UserRepository;
+}
+/** The signed-in identity the tenancy decisions are made against. */
+export interface AccountUser {
+    /** Internal user id (`usr_*`). */
+    id: string;
+    /** GitHub login, when the user signed in via GitHub (else any display handle). */
+    login: string;
+    name: string | null;
+}
+export declare class AccountService {
+    private readonly deps;
+    constructor(deps: AccountServiceDependencies);
+    /**
+     * Ensure a user has a personal account (account-of-one) with an owner
+     * membership, creating it on first sign-in. Idempotent: keyed by the user's
+     * internal id, so repeated calls return the same account.
+     */
+    ensurePersonalAccount(user: AccountUser): Promise<AccountRecord>;
+    /** Create a shared org account; the creator becomes its first owner. */
+    createOrg(user: AccountUser, input: CreateAccountInput): Promise<Account>;
+    /**
+     * Every account the user can see and switch between (personal first), each
+     * annotated with the caller's role. Ensures the personal account exists.
+     */
+    listForUser(user: AccountUser): Promise<Account[]>;
+    /** The set of account ids a user belongs to (used to scope board visibility). */
+    accessibleAccountIds(userId: string): Promise<string[]>;
+    isMember(accountId: string, userId: string): Promise<boolean>;
+    /** Resolve the membership or throw 404 — the guard mutating routes use. */
+    requireMember(accountId: string, userId: string): Promise<Membership>;
+    /** A user's roles in an account (empty when not a member). */
+    rolesFor(accountId: string, userId: string): Promise<AccountRole[]>;
+    /** Whether a user holds a role in an account. */
+    hasRole(accountId: string, userId: string, role: AccountRole): Promise<boolean>;
+    /**
+     * Resolve the membership and require the `admin` role — the guard every
+     * org-account-modifying route uses (settings, members, invitations, account-scoped
+     * credentials). Throws 404 for a non-member, 409 for a member without `admin`.
+     */
+    requireAdmin(accountId: string, userId: string): Promise<Membership>;
+    get(accountId: string): Promise<AccountRecord | null>;
+    members(accountId: string): Promise<AccountMember[]>;
+    /**
+     * Update an account's settings (today: the default cloud provider new services
+     * inherit). Owner-only. Returns the updated wire account so the caller can patch
+     * its switcher in place.
+     */
+    updateSettings(accountId: string, actingUserId: string, input: UpdateAccountInput): Promise<Account>;
+    /**
+     * Add a member to an account. Only an admin may add, and only into an `org` account
+     * (a personal account stays an account-of-one). Defaults to the `developer` role.
+     */
+    addMember(accountId: string, actingUserId: string, userId: string, roles?: AccountRole[]): Promise<AccountMember>;
+    /** Set a member's role set (admin-only). The acting admin cannot drop their OWN admin. */
+    setMemberRoles(accountId: string, actingUserId: string, targetUserId: string, roles: AccountRole[]): Promise<AccountMember>;
+    private ensureMembership;
+}
+//# sourceMappingURL=AccountService.d.ts.map

package/dist/modules/accounts/AccountService.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AccountService.d.ts","sourceRoot":"","sources":["../../../src/modules/accounts/AccountService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,kBAAkB,EACnB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,aAAa,EACb,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAW7D,MAAM,WAAW,0BAA0B;IACzC,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,WAAW,EAAE,WAAW,CAAA;IACxB,KAAK,EAAE,KAAK,CAAA;IACZ,mFAAmF;IACnF,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC;AAED,qEAAqE;AACrE,MAAM,WAAW,WAAW;IAC1B,kCAAkC;IAClC,EAAE,EAAE,MAAM,CAAA;IACV,kFAAkF;IAClF,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;CACpB;AAkBD,qBAAa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAjC,YAA6B,IAAI,EAAE,0BAA0B,EAAI;IAEjE;;;;OAIG;IACG,qBAAqB,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,aAAa,CAAC,CAkBrE;IAED,wEAAwE;IAClE,SAAS,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAY9E;IAED;;;OAGG;IACG,WAAW,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAcvD;IAED,iFAAiF;IAC3E,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAG5D;IAEK,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAElE;IAED,2EAA2E;IACrE,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAI1E;IAED,8DAA8D;IACxD,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAGxE;IAED,iDAAiD;IAC3C,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEpF;IAED;;;;OAIG;IACG,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAMzE;IAED,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAEpD;IAEK,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAiBzD;IAED;;;;OAIG;IACG,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,kBAAkB,GACxB,OAAO,CAAC,OAAO,CAAC,CAclB;IAED;;;OAGG;IACG,SAAS,CACb,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,KAAK,GAAE,WAAW,EAAkB,GACnC,OAAO,CAAC,aAAa,CAAC,CAoBxB;IAED,0FAA0F;IACpF,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,WAAW,EAAE,GACnB,OAAO,CAAC,aAAa,CAAC,CAUxB;YAEa,gBAAgB;CAa/B"}

package/dist/modules/accounts/AccountService.js ADDED Viewed

@@ -0,0 +1,201 @@
+import { ConflictError, NotFoundError, ValidationError, assertFound } from '@cat-factory/kernel';
+function toWire(account, roles) {
+    return {
+        id: account.id,
+        type: account.type,
+        name: account.name,
+        githubAccountLogin: account.githubAccountLogin,
+        createdAt: account.createdAt,
+        roles,
+        ...(account.defaultCloudProvider ? { defaultCloudProvider: account.defaultCloudProvider } : {}),
+    };
+}
+function toMember(m) {
+    return { accountId: m.accountId, userId: m.userId, roles: m.roles, createdAt: m.createdAt };
+}
+export class AccountService {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    /**
+     * Ensure a user has a personal account (account-of-one) with an owner
+     * membership, creating it on first sign-in. Idempotent: keyed by the user's
+     * internal id, so repeated calls return the same account.
+     */
+    async ensurePersonalAccount(user) {
+        const existing = await this.deps.accountRepository.findPersonalByUser(user.id);
+        if (existing) {
+            // Self-heal a missing admin membership (e.g. partially-applied prior run).
+            await this.ensureMembership(existing.id, user.id, ['admin']);
+            return existing;
+        }
+        const account = {
+            id: this.deps.idGenerator.next('acc'),
+            type: 'personal',
+            name: user.name?.trim() || user.login,
+            githubAccountLogin: user.login,
+            ownerUserId: user.id,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.accountRepository.create(account);
+        await this.ensureMembership(account.id, user.id, ['admin']);
+        return account;
+    }
+    /** Create a shared org account; the creator becomes its first owner. */
+    async createOrg(user, input) {
+        const account = {
+            id: this.deps.idGenerator.next('acc'),
+            type: 'org',
+            name: input.name.trim(),
+            githubAccountLogin: input.githubAccountLogin?.trim() || null,
+            ownerUserId: null,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.accountRepository.create(account);
+        await this.ensureMembership(account.id, user.id, ['admin']);
+        return toWire(account, ['admin']);
+    }
+    /**
+     * Every account the user can see and switch between (personal first), each
+     * annotated with the caller's role. Ensures the personal account exists.
+     */
+    async listForUser(user) {
+        await this.ensurePersonalAccount(user);
+        const memberships = await this.deps.membershipRepository.listByUser(user.id);
+        const accounts = [];
+        for (const m of memberships) {
+            const account = await this.deps.accountRepository.get(m.accountId);
+            if (account)
+                accounts.push(toWire(account, m.roles));
+        }
+        // Personal accounts first, then orgs, each alphabetical — a stable switcher order.
+        return accounts.sort((a, b) => (a.type === 'personal' ? 0 : 1) - (b.type === 'personal' ? 0 : 1) ||
+            a.name.localeCompare(b.name));
+    }
+    /** The set of account ids a user belongs to (used to scope board visibility). */
+    async accessibleAccountIds(userId) {
+        const memberships = await this.deps.membershipRepository.listByUser(userId);
+        return memberships.map((m) => m.accountId);
+    }
+    async isMember(accountId, userId) {
+        return (await this.deps.membershipRepository.get(accountId, userId)) !== null;
+    }
+    /** Resolve the membership or throw 404 — the guard mutating routes use. */
+    async requireMember(accountId, userId) {
+        const membership = await this.deps.membershipRepository.get(accountId, userId);
+        if (!membership)
+            throw new NotFoundError('Account', accountId);
+        return membership;
+    }
+    /** A user's roles in an account (empty when not a member). */
+    async rolesFor(accountId, userId) {
+        const membership = await this.deps.membershipRepository.get(accountId, userId);
+        return membership?.roles ?? [];
+    }
+    /** Whether a user holds a role in an account. */
+    async hasRole(accountId, userId, role) {
+        return (await this.rolesFor(accountId, userId)).includes(role);
+    }
+    /**
+     * Resolve the membership and require the `admin` role — the guard every
+     * org-account-modifying route uses (settings, members, invitations, account-scoped
+     * credentials). Throws 404 for a non-member, 409 for a member without `admin`.
+     */
+    async requireAdmin(accountId, userId) {
+        const membership = await this.requireMember(accountId, userId);
+        if (!membership.roles.includes('admin')) {
+            throw new ConflictError('Only an account admin can modify the organization account');
+        }
+        return membership;
+    }
+    get(accountId) {
+        return this.deps.accountRepository.get(accountId);
+    }
+    async members(accountId) {
+        const list = await this.deps.membershipRepository.listByAccount(accountId);
+        const users = this.deps.userRepository;
+        if (!users)
+            return list.map(toMember);
+        // Enrich the roster with each member's display details for the UI — one bulk load
+        // rather than a query per member.
+        const records = await users.listByIds(list.map((m) => m.userId));
+        const byId = new Map(records.map((u) => [u.id, u]));
+        return list.map((m) => {
+            const user = byId.get(m.userId);
+            return {
+                ...toMember(m),
+                name: user?.name ?? null,
+                email: user?.email ?? null,
+                avatarUrl: user?.avatarUrl ?? null,
+            };
+        });
+    }
+    /**
+     * Update an account's settings (today: the default cloud provider new services
+     * inherit). Owner-only. Returns the updated wire account so the caller can patch
+     * its switcher in place.
+     */
+    async updateSettings(accountId, actingUserId, input) {
+        const acting = await this.requireAdmin(accountId, actingUserId);
+        // An explicit key (even `undefined`) means "clear"; an absent key leaves it.
+        if ('defaultCloudProvider' in input) {
+            await this.deps.accountRepository.updateSettings(accountId, {
+                defaultCloudProvider: input.defaultCloudProvider ?? null,
+            });
+        }
+        const account = assertFound(await this.deps.accountRepository.get(accountId), 'Account', accountId);
+        return toWire(account, acting.roles);
+    }
+    /**
+     * Add a member to an account. Only an admin may add, and only into an `org` account
+     * (a personal account stays an account-of-one). Defaults to the `developer` role.
+     */
+    async addMember(accountId, actingUserId, userId, roles = ['developer']) {
+        // Authorize first so a non-admin/non-member can't probe an account's existence or
+        // type (404 before any ValidationError leak).
+        await this.requireAdmin(accountId, actingUserId);
+        const account = assertFound(await this.deps.accountRepository.get(accountId), 'Account', accountId);
+        if (account.type === 'personal') {
+            throw new ValidationError('Cannot add members to a personal account');
+        }
+        const membership = {
+            accountId,
+            userId,
+            roles: normalizeRoles(roles),
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.membershipRepository.upsert(membership);
+        return toMember(membership);
+    }
+    /** Set a member's role set (admin-only). The acting admin cannot drop their OWN admin. */
+    async setMemberRoles(accountId, actingUserId, targetUserId, roles) {
+        await this.requireAdmin(accountId, actingUserId);
+        const target = await this.requireMember(accountId, targetUserId);
+        const next = normalizeRoles(roles);
+        if (actingUserId === targetUserId && !next.includes('admin')) {
+            throw new ConflictError('You cannot remove your own admin role');
+        }
+        const membership = { ...target, roles: next };
+        await this.deps.membershipRepository.upsert(membership);
+        return toMember(membership);
+    }
+    async ensureMembership(accountId, userId, roles) {
+        if (await this.deps.membershipRepository.get(accountId, userId))
+            return;
+        await this.deps.membershipRepository.upsert({
+            accountId,
+            userId,
+            roles: normalizeRoles(roles),
+            createdAt: this.deps.clock.now(),
+        });
+    }
+}
+/** De-duplicate a role set, preserving order, defaulting to `developer` when empty. */
+function normalizeRoles(roles) {
+    const seen = new Set();
+    for (const r of roles)
+        seen.add(r);
+    return seen.size > 0 ? [...seen] : ['developer'];
+}
+//# sourceMappingURL=AccountService.js.map

package/dist/modules/accounts/AccountService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AccountService.js","sourceRoot":"","sources":["../../../src/modules/accounts/AccountService.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AA4BhG,SAAS,MAAM,CAAC,OAAsB,EAAE,KAAuB;IAC7D,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;QAC9C,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK;QACL,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChG,CAAA;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,CAAa;IAC7B,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,CAAA;AAC7F,CAAC;AAED,MAAM,OAAO,cAAc;IACI,IAAI;IAAjC,YAA6B,IAAgC;oBAAhC,IAAI;IAA+B,CAAC;IAEjE;;;;OAIG;IACH,KAAK,CAAC,qBAAqB,CAAC,IAAiB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC9E,IAAI,QAAQ,EAAE,CAAC;YACb,2EAA2E;YAC3E,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;YAC5D,OAAO,QAAQ,CAAA;QACjB,CAAC;QACD,MAAM,OAAO,GAAkB;YAC7B,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YACrC,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,KAAK;YACrC,kBAAkB,EAAE,IAAI,CAAC,KAAK;YAC9B,WAAW,EAAE,IAAI,CAAC,EAAE;YACpB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;QAC3D,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,SAAS,CAAC,IAAiB,EAAE,KAAyB;QAC1D,MAAM,OAAO,GAAkB;YAC7B,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YACrC,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;YACvB,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,IAAI;YAC5D,WAAW,EAAE,IAAI;YACjB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACjD,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;QAC3D,OAAO,MAAM,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IACnC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,IAAiB;QACjC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAA;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC5E,MAAM,QAAQ,GAAc,EAAE,CAAA;QAC9B,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;YAClE,IAAI,OAAO;gBAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA;QACtD,CAAC;QACD,mFAAmF;QACnF,OAAO,QAAQ,CAAC,IAAI,CAClB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACjE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAC/B,CAAA;IACH,CAAC;IAED,iFAAiF;IACjF,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACvC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;QAC3E,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,MAAc;QAC9C,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,KAAK,IAAI,CAAA;IAC/E,CAAC;IAED,2EAA2E;IAC3E,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,MAAc;QACnD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QAC9E,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC9D,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,8DAA8D;IAC9D,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,MAAc;QAC9C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QAC9E,OAAO,UAAU,EAAE,KAAK,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,MAAc,EAAE,IAAiB;QAChE,OAAO,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IAChE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,MAAc;QAClD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QAC9D,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,aAAa,CAAC,2DAA2D,CAAC,CAAA;QACtF,CAAC;QACD,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAAiB;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;QAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAA;QACtC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QACrC,kFAAkF;QAClF,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAA;QAChE,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QACnD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;YAC/B,OAAO;gBACL,GAAG,QAAQ,CAAC,CAAC,CAAC;gBACd,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI;gBACxB,KAAK,EAAE,IAAI,EAAE,KAAK,IAAI,IAAI;gBAC1B,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,IAAI;aACnC,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAClB,SAAiB,EACjB,YAAoB,EACpB,KAAyB;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAC/D,6EAA6E;QAC7E,IAAI,sBAAsB,IAAI,KAAK,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE;gBAC1D,oBAAoB,EAAE,KAAK,CAAC,oBAAoB,IAAI,IAAI;aACzD,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,WAAW,CACzB,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChD,SAAS,EACT,SAAS,CACV,CAAA;QACD,OAAO,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,YAAoB,EACpB,MAAc,EACd,KAAK,GAAkB,CAAC,WAAW,CAAC;QAEpC,kFAAkF;QAClF,8CAA8C;QAC9C,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAChD,MAAM,OAAO,GAAG,WAAW,CACzB,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChD,SAAS,EACT,SAAS,CACV,CAAA;QACD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAChC,MAAM,IAAI,eAAe,CAAC,0CAA0C,CAAC,CAAA;QACvE,CAAC;QACD,MAAM,UAAU,GAAe;YAC7B,SAAS;YACT,MAAM;YACN,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QACvD,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAA;IAC7B,CAAC;IAED,0FAA0F;IAC1F,KAAK,CAAC,cAAc,CAClB,SAAiB,EACjB,YAAoB,EACpB,YAAoB,EACpB,KAAoB;QAEpB,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAChE,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,CAAA;QAClC,IAAI,YAAY,KAAK,YAAY,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,aAAa,CAAC,uCAAuC,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,UAAU,GAAe,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;QACzD,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QACvD,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAA;IAC7B,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,SAAiB,EACjB,MAAc,EACd,KAAoB;QAEpB,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC;YAAE,OAAM;QACvE,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC;YAC1C,SAAS;YACT,MAAM;YACN,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAC,CAAA;IACJ,CAAC;CACF;AAED,uFAAuF;AACvF,SAAS,cAAc,CAAC,KAAoB;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAe,CAAA;IACnC,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClC,OAAO,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;AAClD,CAAC"}

package/dist/modules/invitations/InvitationService.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import type { AccountInvitation, AccountRole } from '@cat-factory/contracts';
+import type { AccountInvitationRecord, AccountInvitationRepository, AccountRepository, Clock, EmailSender, IdGenerator, MembershipRepository } from '@cat-factory/kernel';
+export interface InvitationServiceDependencies {
+    invitationRepository: AccountInvitationRepository;
+    accountRepository: AccountRepository;
+    membershipRepository: MembershipRepository;
+    idGenerator: IdGenerator;
+    clock: Clock;
+    /**
+     * Optional: resolve the account's configured (DB-stored, per-account) email sender
+     * at send time. Absent or returning null ⇒ the accept link is returned for manual
+     * sharing instead of being emailed.
+     */
+    resolveEmailSender?: (accountId: string) => Promise<EmailSender | null>;
+    /** Base URL the accept link points at (the SPA origin). */
+    appBaseUrl?: string;
+}
+export interface CreatedInvitation {
+    invitation: AccountInvitation;
+    /** The raw accept token + link (only available at creation; never re-derivable). */
+    token: string;
+    acceptUrl: string | null;
+    /** Whether the invite email was actually sent (vs. needing manual link sharing). */
+    emailed: boolean;
+}
+export declare class InvitationService {
+    private readonly deps;
+    constructor(deps: InvitationServiceDependencies);
+    /** Invite a teammate by email. Admin-only, org accounts only. */
+    invite(accountId: string, actingUserId: string, email: string, roles?: AccountRole[]): Promise<CreatedInvitation>;
+    list(accountId: string): Promise<AccountInvitation[]>;
+    /** Revoke a pending invitation (admin-only). */
+    revoke(accountId: string, actingUserId: string, invitationId: string): Promise<void>;
+    /**
+     * Peek at a pending invitation by token (no side effects) — lets the SPA show the
+     * org name on the accept screen and decide whether the user must sign up first.
+     */
+    peek(token: string): Promise<AccountInvitationRecord | null>;
+    /**
+     * Redeem an invitation: grant the user membership in the org and mark it accepted.
+     * Returns the account id joined.
+     *
+     * The redemption is bound to the invited email: the accepting user's verified email
+     * must match the address the invite was sent to. This stops a leaked accept link from
+     * admitting an arbitrary account (the invite token also short-circuits the sign-in
+     * allowlist, so without this binding any leaked link would be a private-deployment
+     * bypass). A user with no known email cannot redeem (fail closed).
+     */
+    accept(token: string, userId: string, userEmail: string | null): Promise<string>;
+}
+//# sourceMappingURL=InvitationService.d.ts.map

package/dist/modules/invitations/InvitationService.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"InvitationService.d.ts","sourceRoot":"","sources":["../../../src/modules/invitations/InvitationService.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AAC5E,OAAO,KAAK,EACV,uBAAuB,EACvB,2BAA2B,EAC3B,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,WAAW,EAEX,oBAAoB,EACrB,MAAM,qBAAqB,CAAA;AAa5B,MAAM,WAAW,6BAA6B;IAC5C,oBAAoB,EAAE,2BAA2B,CAAA;IACjD,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,WAAW,EAAE,WAAW,CAAA;IACxB,KAAK,EAAE,KAAK,CAAA;IACZ;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IACvE,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAqBD,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,iBAAiB,CAAA;IAC7B,oFAAoF;IACpF,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,oFAAoF;IACpF,OAAO,EAAE,OAAO,CAAA;CACjB;AAED,qBAAa,iBAAiB;IAChB,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAjC,YAA6B,IAAI,EAAE,6BAA6B,EAAI;IAEpE,iEAAiE;IAC3D,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM,EACb,KAAK,GAAE,WAAW,EAAkB,GACnC,OAAO,CAAC,iBAAiB,CAAC,CAuD5B;IAED,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAEpD;IAED,gDAAgD;IAC1C,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAYzF;IAED;;;OAGG;IACG,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAKjE;IAED;;;;;;;;;OASG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBrF;CACF"}

package/dist/modules/invitations/InvitationService.js ADDED Viewed

@@ -0,0 +1,154 @@
+import { ConflictError, NotFoundError, ValidationError, assertFound } from '@cat-factory/kernel';
+// ---------------------------------------------------------------------------
+// InvitationService: invite teammates into an org account by email. An owner mints
+// an invitation; the invitee redeems an opaque token (delivered by email) to gain
+// membership. Only the token's SHA-256 hash is stored — the raw token lives only in
+// the emailed accept link. Redeeming for a brand-new email is what lets a person
+// without a GitHub account join (their user is created by the auth signup path,
+// then this grants the org membership).
+// ---------------------------------------------------------------------------
+const INVITE_TTL_MS = 7 * 24 * 60 * 60 * 1000;
+/** SHA-256 hex digest — Web Crypto, runs on both runtimes. */
+async function sha256Hex(input) {
+    const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));
+    return [...new Uint8Array(digest)].map((b) => b.toString(16).padStart(2, '0')).join('');
+}
+function toWire(record) {
+    return {
+        id: record.id,
+        accountId: record.accountId,
+        email: record.email,
+        roles: record.roles,
+        status: record.status,
+        invitedBy: record.invitedBy,
+        expiresAt: record.expiresAt,
+        createdAt: record.createdAt,
+    };
+}
+export class InvitationService {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    /** Invite a teammate by email. Admin-only, org accounts only. */
+    async invite(accountId, actingUserId, email, roles = ['developer']) {
+        const account = assertFound(await this.deps.accountRepository.get(accountId), 'Account', accountId);
+        if (account.type === 'personal') {
+            throw new ValidationError('Cannot invite members to a personal account');
+        }
+        const acting = await this.deps.membershipRepository.get(accountId, actingUserId);
+        if (!acting)
+            throw new NotFoundError('Account', accountId);
+        if (!acting.roles.includes('admin')) {
+            throw new ConflictError('Only an account admin can invite members');
+        }
+        const normalizedEmail = email.toLowerCase().trim();
+        // Supersede any still-pending invite to the same address in this account, so only
+        // the freshly-minted token stays live (no pile-up of redeemable links per email).
+        const pending = await this.deps.invitationRepository.listByAccount(accountId);
+        for (const prior of pending) {
+            if (prior.status === 'pending' && prior.email === normalizedEmail) {
+                await this.deps.invitationRepository.setStatus(prior.id, 'revoked');
+            }
+        }
+        const token = `${crypto.randomUUID()}${crypto.randomUUID()}`.replace(/-/g, '');
+        const record = {
+            id: this.deps.idGenerator.next('inv'),
+            accountId,
+            email: normalizedEmail,
+            roles: roles.length > 0 ? roles : ['developer'],
+            tokenHash: await sha256Hex(token),
+            invitedBy: actingUserId,
+            status: 'pending',
+            expiresAt: this.deps.clock.now() + INVITE_TTL_MS,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.invitationRepository.create(record);
+        const acceptUrl = this.deps.appBaseUrl
+            ? `${this.deps.appBaseUrl.replace(/\/$/, '')}/invite?token=${token}`
+            : null;
+        const sender = this.deps.resolveEmailSender
+            ? await this.deps.resolveEmailSender(accountId)
+            : null;
+        let emailed = false;
+        if (sender && acceptUrl) {
+            await sender.send({
+                to: normalizedEmail,
+                subject: `You've been invited to ${account.name} on Cat Factory`,
+                text: `You've been invited to join ${account.name}. Accept: ${acceptUrl}`,
+                html: invitationEmailHtml(account.name, acceptUrl),
+            });
+            emailed = true;
+        }
+        return { invitation: toWire(record), token, acceptUrl, emailed };
+    }
+    list(accountId) {
+        return this.deps.invitationRepository.listByAccount(accountId).then((rows) => rows.map(toWire));
+    }
+    /** Revoke a pending invitation (admin-only). */
+    async revoke(accountId, actingUserId, invitationId) {
+        const acting = await this.deps.membershipRepository.get(accountId, actingUserId);
+        if (!acting?.roles.includes('admin')) {
+            throw new ConflictError('Only an account admin can revoke invitations');
+        }
+        const invitation = assertFound(await this.deps.invitationRepository.get(invitationId), 'Invitation', invitationId);
+        if (invitation.accountId !== accountId)
+            throw new NotFoundError('Invitation', invitationId);
+        await this.deps.invitationRepository.setStatus(invitationId, 'revoked');
+    }
+    /**
+     * Peek at a pending invitation by token (no side effects) — lets the SPA show the
+     * org name on the accept screen and decide whether the user must sign up first.
+     */
+    async peek(token) {
+        const record = await this.deps.invitationRepository.findByTokenHash(await sha256Hex(token));
+        if (!record || record.status !== 'pending')
+            return null;
+        if (record.expiresAt < this.deps.clock.now())
+            return null;
+        return record;
+    }
+    /**
+     * Redeem an invitation: grant the user membership in the org and mark it accepted.
+     * Returns the account id joined.
+     *
+     * The redemption is bound to the invited email: the accepting user's verified email
+     * must match the address the invite was sent to. This stops a leaked accept link from
+     * admitting an arbitrary account (the invite token also short-circuits the sign-in
+     * allowlist, so without this binding any leaked link would be a private-deployment
+     * bypass). A user with no known email cannot redeem (fail closed).
+     */
+    async accept(token, userId, userEmail) {
+        const record = await this.deps.invitationRepository.findByTokenHash(await sha256Hex(token));
+        if (!record || record.status !== 'pending') {
+            throw new NotFoundError('Invitation', 'token');
+        }
+        if (record.expiresAt < this.deps.clock.now()) {
+            throw new ConflictError('This invitation has expired');
+        }
+        if (!userEmail || userEmail.toLowerCase().trim() !== record.email) {
+            throw new ConflictError('This invitation was sent to a different email address');
+        }
+        const membership = {
+            accountId: record.accountId,
+            userId,
+            roles: record.roles,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.membershipRepository.upsert(membership);
+        await this.deps.invitationRepository.setStatus(record.id, 'accepted');
+        return record.accountId;
+    }
+}
+function invitationEmailHtml(accountName, acceptUrl) {
+    return `<!doctype html><html><body style="font-family:sans-serif">
+<h2>You've been invited to ${escapeHtml(accountName)}</h2>
+<p>You've been invited to collaborate on <strong>${escapeHtml(accountName)}</strong> in Cat Factory.</p>
+<p><a href="${acceptUrl}" style="display:inline-block;padding:10px 18px;background:#111;color:#fff;border-radius:6px;text-decoration:none">Accept invitation</a></p>
+<p>Or paste this link into your browser:<br>${acceptUrl}</p>
+</body></html>`;
+}
+function escapeHtml(s) {
+    return s.replace(/[&<>"']/g, (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' })[c]);
+}
+//# sourceMappingURL=InvitationService.js.map

package/dist/modules/invitations/InvitationService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"InvitationService.js","sourceRoot":"","sources":["../../../src/modules/invitations/InvitationService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAahG,8EAA8E;AAC9E,mFAAmF;AACnF,kFAAkF;AAClF,oFAAoF;AACpF,iFAAiF;AACjF,gFAAgF;AAChF,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,aAAa,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAkB7C,8DAA8D;AAC9D,KAAK,UAAU,SAAS,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;IACrF,OAAO,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AACzF,CAAC;AAED,SAAS,MAAM,CAAC,MAA+B;IAC7C,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAA;AACH,CAAC;AAWD,MAAM,OAAO,iBAAiB;IACC,IAAI;IAAjC,YAA6B,IAAmC;oBAAnC,IAAI;IAAkC,CAAC;IAEpE,iEAAiE;IACjE,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,YAAoB,EACpB,KAAa,EACb,KAAK,GAAkB,CAAC,WAAW,CAAC;QAEpC,MAAM,OAAO,GAAG,WAAW,CACzB,MAAM,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChD,SAAS,EACT,SAAS,CACV,CAAA;QACD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAChC,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAA;QAC1E,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAChF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,aAAa,CAAC,0CAA0C,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,eAAe,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAA;QAClD,kFAAkF;QAClF,kFAAkF;QAClF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;QAC7E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBAClE,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;YACrE,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QAC9E,MAAM,MAAM,GAA4B;YACtC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YACrC,SAAS;YACT,KAAK,EAAE,eAAe;YACtB,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YAC/C,SAAS,EAAE,MAAM,SAAS,CAAC,KAAK,CAAC;YACjC,SAAS,EAAE,YAAY;YACvB,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,aAAa;YAChD,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAEnD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU;YACpC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,KAAK,EAAE;YACpE,CAAC,CAAC,IAAI,CAAA;QACR,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB;YACzC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC;YAC/C,CAAC,CAAC,IAAI,CAAA;QACR,IAAI,OAAO,GAAG,KAAK,CAAA;QACnB,IAAI,MAAM,IAAI,SAAS,EAAE,CAAC;YACxB,MAAM,MAAM,CAAC,IAAI,CAAC;gBAChB,EAAE,EAAE,eAAe;gBACnB,OAAO,EAAE,0BAA0B,OAAO,CAAC,IAAI,iBAAiB;gBAChE,IAAI,EAAE,+BAA+B,OAAO,CAAC,IAAI,aAAa,SAAS,EAAE;gBACzE,IAAI,EAAE,mBAAmB,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC;aACnD,CAAC,CAAA;YACF,OAAO,GAAG,IAAI,CAAA;QAChB,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAA;IAClE,CAAC;IAED,IAAI,CAAC,SAAiB;QACpB,OAAO,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IACjG,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,YAAoB,EAAE,YAAoB;QACxE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAA;QAChF,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,aAAa,CAAC,8CAA8C,CAAC,CAAA;QACzE,CAAC;QACD,MAAM,UAAU,GAAG,WAAW,CAC5B,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,YAAY,CAAC,EACtD,YAAY,EACZ,YAAY,CACb,CAAA;QACD,IAAI,UAAU,CAAC,SAAS,KAAK,SAAS;YAAE,MAAM,IAAI,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;QAC3F,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;IACzE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,KAAa;QACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;QAC3F,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,IAAI,CAAA;QACvD,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YAAE,OAAO,IAAI,CAAA;QACzD,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc,EAAE,SAAwB;QAClE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;QAC3F,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC3C,MAAM,IAAI,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAChD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;YAC7C,MAAM,IAAI,aAAa,CAAC,6BAA6B,CAAC,CAAA;QACxD,CAAC;QACD,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;YAClE,MAAM,IAAI,aAAa,CAAC,uDAAuD,CAAC,CAAA;QAClF,CAAC;QACD,MAAM,UAAU,GAAe;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM;YACN,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QACvD,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;QACrE,OAAO,MAAM,CAAC,SAAS,CAAA;IACzB,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,WAAmB,EAAE,SAAiB;IACjE,OAAO;6BACoB,UAAU,CAAC,WAAW,CAAC;mDACD,UAAU,CAAC,WAAW,CAAC;cAC5D,SAAS;8CACuB,SAAS;eACxC,CAAA;AACf,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC,CAAC,OAAO,CACd,UAAU,EACV,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAE,CACrF,CAAA;AACH,CAAC"}

package/dist/modules/users/UserService.d.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import type { Clock, IdGenerator, IdentityProvider, PasswordHasher, UserIdentityRecord, UserRecord, UserRepository } from '@cat-factory/kernel';
+export interface UserServiceDependencies {
+    userRepository: UserRepository;
+    passwordHasher: PasswordHasher;
+    idGenerator: IdGenerator;
+    clock: Clock;
+}
+/** Profile details captured from an external identity provider. */
+export interface IdentityProfile {
+    name?: string | null;
+    email?: string | null;
+    avatarUrl?: string | null;
+    /**
+     * Whether the provider has verified the user owns `email`. Only a verified email is
+     * trusted to link this identity onto an existing same-email user (else two people
+     * who happen to share an email could merge into one account).
+     */
+    emailVerified?: boolean;
+    /** Provider-specific extras to persist as identity metadata (e.g. github login). */
+    metadata?: Record<string, unknown>;
+}
+export declare class UserService {
+    private readonly deps;
+    constructor(deps: UserServiceDependencies);
+    get(id: string): Promise<UserRecord | null>;
+    /** The user behind an external identity, or null (no side effects). */
+    findByIdentity(provider: IdentityProvider, subject: string): Promise<UserRecord | null>;
+    /** Every linked login identity for a user (the account-settings "connected logins"). */
+    listIdentities(userId: string): Promise<UserIdentityRecord[]>;
+    /**
+     * Resolve the user behind an external identity, creating the user + linking the
+     * identity on first sight. Idempotent on `(provider, subject)`: repeated logins
+     * return the same `usr_*` id. Used by all GitHub/Google login paths.
+     */
+    findOrCreateByIdentity(provider: IdentityProvider, subject: string, profile?: IdentityProfile): Promise<UserRecord>;
+    /**
+     * Whether a user's primary email was proven by an OAuth provider rather than a
+     * self-asserted password signup. `users.email` is only ever written by (a) a
+     * verified OAuth create/link or (b) a `password` signup; password is the sole
+     * unverified writer. So "owns an email AND has a non-password identity" is a sound
+     * proxy for "email is provider-verified" — used to refuse merging a verified login
+     * onto a squatted, password-only account.
+     */
+    private emailIsProviderVerified;
+    /** Link an additional identity to an existing user (onboarding follow-up). */
+    linkIdentity(userId: string, provider: IdentityProvider, subject: string, profile?: IdentityProfile): Promise<void>;
+    /**
+     * Register a new email/password user. The email is the password identity's
+     * subject; rejects when one already exists. Returns the created user.
+     */
+    signupWithPassword(input: {
+        email: string;
+        password: string;
+        name?: string | null;
+    }): Promise<UserRecord>;
+    /**
+     * Verify an email/password login, returning the user on success or null on a bad
+     * email/password (the caller maps null → 401, never leaking which was wrong).
+     */
+    verifyPassword(input: {
+        email: string;
+        password: string;
+    }): Promise<UserRecord | null>;
+}
+//# sourceMappingURL=UserService.d.ts.map

package/dist/modules/users/UserService.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserService.d.ts","sourceRoot":"","sources":["../../../src/modules/users/UserService.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,KAAK,EACL,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,UAAU,EACV,cAAc,EACf,MAAM,qBAAqB,CAAA;AAU5B,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,cAAc,CAAA;IAC9B,cAAc,EAAE,cAAc,CAAA;IAC9B,WAAW,EAAE,WAAW,CAAA;IACxB,KAAK,EAAE,KAAK,CAAA;CACb;AAED,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB;;;;OAIG;IACH,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,oFAAoF;IACpF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAcD,qBAAa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,IAAI;IAAjC,YAA6B,IAAI,EAAE,uBAAuB,EAAI;IAE9D,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAE1C;IAED,uEAAuE;IACvE,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAEtF;IAED,wFAAwF;IACxF,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAE5D;IAED;;;;OAIG;IACG,sBAAsB,CAC1B,QAAQ,EAAE,gBAAgB,EAC1B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,UAAU,CAAC,CAwDrB;IAED;;;;;;;OAOG;YACW,uBAAuB;IAKrC,8EAA8E;IACxE,YAAY,CAChB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,EAC1B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC,CASf;IAED;;;OAGG;IACG,kBAAkB,CAAC,KAAK,EAAE;QAC9B,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KACrB,GAAG,OAAO,CAAC,UAAU,CAAC,CA8BtB;IAED;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAqB3F;CACF"}

package/dist/modules/users/UserService.js ADDED Viewed

@@ -0,0 +1,175 @@
+import { ConflictError, ValidationError } from '@cat-factory/kernel';
+// A dummy PHC hash the password verify path runs against when no password identity
+// exists, so a miss costs the same PBKDF2 work as a hit and response time can't be used
+// to enumerate which emails are registered. It is computed once per process from the
+// REAL hasher (over a random, unguessable input) so its cost always tracks the hasher's
+// current iteration count — a hardcoded string would silently drift if the default cost
+// were raised, reopening the timing oracle. Cached process-wide (not per instance) so
+// every miss pays exactly one PBKDF2, matching the single derivation a hit performs.
+let dummyHashPromise;
+function dummyPasswordHash(hasher) {
+    return (dummyHashPromise ??= hasher.hash(crypto.randomUUID()));
+}
+export class UserService {
+    deps;
+    constructor(deps) {
+        this.deps = deps;
+    }
+    get(id) {
+        return this.deps.userRepository.get(id);
+    }
+    /** The user behind an external identity, or null (no side effects). */
+    findByIdentity(provider, subject) {
+        return this.deps.userRepository.findByIdentity(provider, subject);
+    }
+    /** Every linked login identity for a user (the account-settings "connected logins"). */
+    listIdentities(userId) {
+        return this.deps.userRepository.listIdentities(userId);
+    }
+    /**
+     * Resolve the user behind an external identity, creating the user + linking the
+     * identity on first sight. Idempotent on `(provider, subject)`: repeated logins
+     * return the same `usr_*` id. Used by all GitHub/Google login paths.
+     */
+    async findOrCreateByIdentity(provider, subject, profile = {}) {
+        const existing = await this.deps.userRepository.findByIdentity(provider, subject);
+        if (existing)
+            return existing;
+        let email = profile.email?.toLowerCase().trim() || null;
+        // Is this email already owned by another user? (Unique-index-safe handling below.)
+        const emailOwner = email ? await this.deps.userRepository.findByEmail(email) : null;
+        if (emailOwner) {
+            if (profile.emailVerified && (await this.emailIsProviderVerified(emailOwner.id))) {
+                // A second login provider for the same person — attach this identity to the
+                // existing same-email user instead of creating a duplicate (which would collide
+                // on the unique email index and 500). Only safe when the existing owner's email
+                // was itself proven by an OAuth provider, never by a self-asserted signup.
+                await this.deps.userRepository.linkIdentity({
+                    userId: emailOwner.id,
+                    provider,
+                    subject,
+                    secret: null,
+                    metadata: profile.metadata ? JSON.stringify(profile.metadata) : null,
+                    createdAt: this.deps.clock.now(),
+                });
+                return emailOwner;
+            }
+            if (profile.emailVerified) {
+                // The email is owned only via an UNVERIFIED password signup (the owner has no
+                // OAuth identity). Password signup never proves email ownership, so that claim
+                // can't block the genuinely-verified party from this provider. Release the email
+                // from the squatting account and let the verified login take it on a fresh user.
+                // (The squatter keeps its now-emailless, password-only account; acceptable per
+                // the pre-1.0 policy — and it stops a pre-registration account-hijack.)
+                await this.deps.userRepository.update(emailOwner.id, { email: null });
+            }
+            else {
+                // Unverified and the email belongs to someone else: never trusted to claim or
+                // merge it, and storing it would collide on the unique index. Create a distinct
+                // user with no email rather than failing the login.
+                email = null;
+            }
+        }
+        const user = {
+            id: this.deps.idGenerator.next('usr'),
+            name: profile.name?.trim() || null,
+            email,
+            avatarUrl: profile.avatarUrl || null,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.userRepository.create(user);
+        await this.deps.userRepository.linkIdentity({
+            userId: user.id,
+            provider,
+            subject,
+            secret: null,
+            metadata: profile.metadata ? JSON.stringify(profile.metadata) : null,
+            createdAt: this.deps.clock.now(),
+        });
+        return user;
+    }
+    /**
+     * Whether a user's primary email was proven by an OAuth provider rather than a
+     * self-asserted password signup. `users.email` is only ever written by (a) a
+     * verified OAuth create/link or (b) a `password` signup; password is the sole
+     * unverified writer. So "owns an email AND has a non-password identity" is a sound
+     * proxy for "email is provider-verified" — used to refuse merging a verified login
+     * onto a squatted, password-only account.
+     */
+    async emailIsProviderVerified(userId) {
+        const identities = await this.deps.userRepository.listIdentities(userId);
+        return identities.some((i) => i.provider !== 'password');
+    }
+    /** Link an additional identity to an existing user (onboarding follow-up). */
+    async linkIdentity(userId, provider, subject, profile = {}) {
+        await this.deps.userRepository.linkIdentity({
+            userId,
+            provider,
+            subject,
+            secret: null,
+            metadata: profile.metadata ? JSON.stringify(profile.metadata) : null,
+            createdAt: this.deps.clock.now(),
+        });
+    }
+    /**
+     * Register a new email/password user. The email is the password identity's
+     * subject; rejects when one already exists. Returns the created user.
+     */
+    async signupWithPassword(input) {
+        const email = input.email.toLowerCase().trim();
+        if (!email)
+            throw new ValidationError('Email is required');
+        if (input.password.length < 8) {
+            throw new ValidationError('Password must be at least 8 characters');
+        }
+        // Reject if ANY user already owns this email (not just a prior password identity):
+        // attaching a password to an existing OAuth-only account via an unauthenticated
+        // signup would be account takeover, and a duplicate would collide on the unique
+        // email index. The owner can add a password later from an authenticated session.
+        if (await this.deps.userRepository.findByEmail(email)) {
+            throw new ConflictError('An account with that email already exists');
+        }
+        const user = {
+            id: this.deps.idGenerator.next('usr'),
+            name: input.name?.trim() || null,
+            email,
+            avatarUrl: null,
+            createdAt: this.deps.clock.now(),
+        };
+        await this.deps.userRepository.create(user);
+        await this.deps.userRepository.linkIdentity({
+            userId: user.id,
+            provider: 'password',
+            subject: email,
+            secret: await this.deps.passwordHasher.hash(input.password),
+            metadata: null,
+            createdAt: this.deps.clock.now(),
+        });
+        return user;
+    }
+    /**
+     * Verify an email/password login, returning the user on success or null on a bad
+     * email/password (the caller maps null → 401, never leaking which was wrong).
+     */
+    async verifyPassword(input) {
+        const email = input.email.toLowerCase().trim();
+        const identity = await this.deps.userRepository.getIdentity('password', email);
+        if (!identity?.secret) {
+            // Equalise timing with the hit path so the response time can't reveal whether the
+            // email is registered (PBKDF2 against a dummy hash that can never match).
+            await this.deps.passwordHasher.verify(input.password, await dummyPasswordHash(this.deps.passwordHasher));
+            return null;
+        }
+        if (!(await this.deps.passwordHasher.verify(input.password, identity.secret)))
+            return null;
+        // Transparently upgrade a weaker-cost hash now that we hold the plaintext.
+        if (this.deps.passwordHasher.needsRehash(identity.secret)) {
+            await this.deps.userRepository.linkIdentity({
+                ...identity,
+                secret: await this.deps.passwordHasher.hash(input.password),
+            });
+        }
+        return this.deps.userRepository.get(identity.userId);
+    }
+}
+//# sourceMappingURL=UserService.js.map

package/dist/modules/users/UserService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"UserService.js","sourceRoot":"","sources":["../../../src/modules/users/UserService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAyCpE,mFAAmF;AACnF,wFAAwF;AACxF,qFAAqF;AACrF,wFAAwF;AACxF,wFAAwF;AACxF,sFAAsF;AACtF,qFAAqF;AACrF,IAAI,gBAA6C,CAAA;AACjD,SAAS,iBAAiB,CAAC,MAAsB;IAC/C,OAAO,CAAC,gBAAgB,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAA;AAChE,CAAC;AAED,MAAM,OAAO,WAAW;IACO,IAAI;IAAjC,YAA6B,IAA6B;oBAA7B,IAAI;IAA4B,CAAC;IAE9D,GAAG,CAAC,EAAU;QACZ,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACzC,CAAC;IAED,uEAAuE;IACvE,cAAc,CAAC,QAA0B,EAAE,OAAe;QACxD,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACnE,CAAC;IAED,wFAAwF;IACxF,cAAc,CAAC,MAAc;QAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;IACxD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,sBAAsB,CAC1B,QAA0B,EAC1B,OAAe,EACf,OAAO,GAAoB,EAAE;QAE7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QACjF,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAA;QAE7B,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,IAAI,EAAE,IAAI,IAAI,CAAA;QACvD,mFAAmF;QACnF,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACnF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBACjF,4EAA4E;gBAC5E,gFAAgF;gBAChF,gFAAgF;gBAChF,2EAA2E;gBAC3E,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC;oBAC1C,MAAM,EAAE,UAAU,CAAC,EAAE;oBACrB,QAAQ;oBACR,OAAO;oBACP,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;oBACpE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;iBACjC,CAAC,CAAA;gBACF,OAAO,UAAU,CAAA;YACnB,CAAC;YACD,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;gBAC1B,8EAA8E;gBAC9E,+EAA+E;gBAC/E,iFAAiF;gBACjF,iFAAiF;gBACjF,+EAA+E;gBAC/E,wEAAwE;gBACxE,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,8EAA8E;gBAC9E,gFAAgF;gBAChF,oDAAoD;gBACpD,KAAK,GAAG,IAAI,CAAA;YACd,CAAC;QACH,CAAC;QAED,MAAM,IAAI,GAAe;YACvB,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YACrC,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI;YAClC,KAAK;YACL,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC3C,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC;YAC1C,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ;YACR,OAAO;YACP,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;YACpE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAC,CAAA;QACF,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,uBAAuB,CAAC,MAAc;QAClD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;QACxE,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAA;IAC1D,CAAC;IAED,8EAA8E;IAC9E,KAAK,CAAC,YAAY,CAChB,MAAc,EACd,QAA0B,EAC1B,OAAe,EACf,OAAO,GAAoB,EAAE;QAE7B,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC;YAC1C,MAAM;YACN,QAAQ;YACR,OAAO;YACP,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;YACpE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAC,CAAA;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAIxB;QACC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9C,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,eAAe,CAAC,mBAAmB,CAAC,CAAA;QAC1D,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,eAAe,CAAC,wCAAwC,CAAC,CAAA;QACrE,CAAC;QACD,mFAAmF;QACnF,gFAAgF;QAChF,gFAAgF;QAChF,iFAAiF;QACjF,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,aAAa,CAAC,2CAA2C,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,IAAI,GAAe;YACvB,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YACrC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI;YAChC,KAAK;YACL,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAA;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC3C,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC;YAC1C,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;YAC3D,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;SACjC,CAAC,CAAA;QACF,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc,CAAC,KAA0C;QAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAA;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QAC9E,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YACtB,kFAAkF;YAClF,0EAA0E;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CACnC,KAAK,CAAC,QAAQ,EACd,MAAM,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAClD,CAAA;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;QAC1F,2EAA2E;QAC3E,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC;gBAC1C,GAAG,QAAQ;gBACX,MAAM,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;aAC5D,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IACtD,CAAC;CACF"}

package/dist/modules/workspaces/WorkspaceService.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import type { CreateWorkspaceInput } from '@cat-factory/contracts';
+import type { Workspace, WorkspaceSnapshot } from '@cat-factory/kernel';
+import type { BlockRepository, ExecutionRepository, PipelineRepository, ServiceRepository, WorkspaceMountRepository, WorkspaceRepository, WorkspaceVisibility } from '@cat-factory/kernel';
+import type { Clock, IdGenerator } from '@cat-factory/kernel';
+export { requireWorkspace } from '@cat-factory/kernel';
+export interface WorkspaceServiceDependencies {
+    workspaceRepository: WorkspaceRepository;
+    blockRepository: BlockRepository;
+    pipelineRepository: PipelineRepository;
+    executionRepository: ExecutionRepository;
+    idGenerator: IdGenerator;
+    clock: Clock;
+    /**
+     * In-org shared services. When wired, a board snapshot is composed from the services
+     * the workspace mounts: its own frames plus any service mounted from another
+     * workspace in the same org, with each frame's layout taken from its mount.
+     */
+    serviceRepository?: ServiceRepository;
+    workspaceMountRepository?: WorkspaceMountRepository;
+}
+/** Creates, reads and deletes boards (workspaces) and assembles snapshots. */
+export declare class WorkspaceService {
+    private readonly workspaceRepository;
+    private readonly blockRepository;
+    private readonly pipelineRepository;
+    private readonly executionRepository;
+    private readonly idGenerator;
+    private readonly clock;
+    private readonly serviceRepository?;
+    private readonly workspaceMountRepository?;
+    constructor({ workspaceRepository, blockRepository, pipelineRepository, executionRepository, idGenerator, clock, serviceRepository, workspaceMountRepository, }: WorkspaceServiceDependencies);
+    /**
+     * Boards visible to a user (see {@link WorkspaceVisibility}). A `null` scope
+     * means auth is disabled and all boards are returned.
+     */
+    list(scope: WorkspaceVisibility): Promise<Workspace[]>;
+    /** Owning user id for a board (string/owned, null/none, undefined/missing). */
+    ownerOf(id: string): Promise<string | null | undefined>;
+    /** Owning account id for a board (string/scoped, null/legacy, undefined/missing). */
+    accountOf(id: string): Promise<string | null | undefined>;
+    create(input: CreateWorkspaceInput, ownerUserId: string | null, accountId: string | null): Promise<WorkspaceSnapshot>;
+    /**
+     * Seed the demo architecture, registering each top-level frame as an account-owned service
+     * (so seeded frames are shareable across the org exactly like ones created on the board) and
+     * stamping every seeded block with its frame's service. A no-op service registration when
+     * in-org sharing isn't wired leaves plain workspace-local blocks (legacy behaviour).
+     */
+    private seedBoard;
+    /** Rename a board and/or update its description. */
+    update(id: string, patch: {
+        name?: string;
+        description?: string | null;
+    }): Promise<Workspace>;
+    require(id: string): Promise<Workspace>;
+    snapshot(id: string): Promise<WorkspaceSnapshot>;
+    /**
+     * Compose a workspace's board from the services it mounts: its own (locally created)
+     * blocks plus the full subtree of any service mounted from another workspace in the
+     * same org — so a shared service renders identically on every board, with one physical
+     * copy (and therefore one shared task list + status). Each mounted frame's board
+     * position/size is taken from the mount (the per-workspace layout override) — for a home
+     * frame as much as one mounted from elsewhere, since a service frame's position is always
+     * carried on the mount (that is what `moveBlock` writes). When the service repositories
+     * aren't wired (or nothing is mounted) this is a no-op and the local blocks stand.
+     */
+    private composeBoard;
+    /**
+     * Compose a workspace's executions from the services it mounts: its own runs plus those of
+     * any service mounted from another workspace, so a shared service's run progress/status
+     * renders on every board that mounts it — not just on its home workspace. Deduplicated by
+     * run id (a home service's runs already appear in the local list). No-op when sharing isn't
+     * wired or nothing is mounted.
+     */
+    private composeExecutions;
+    delete(id: string): Promise<void>;
+}
+//# sourceMappingURL=WorkspaceService.d.ts.map

package/dist/modules/workspaces/WorkspaceService.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"WorkspaceService.d.ts","sourceRoot":"","sources":["../../../src/modules/workspaces/WorkspaceService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAOlE,OAAO,KAAK,EAGV,SAAS,EAET,iBAAiB,EAClB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAE7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEtD,MAAM,WAAW,4BAA4B;IAC3C,mBAAmB,EAAE,mBAAmB,CAAA;IACxC,eAAe,EAAE,eAAe,CAAA;IAChC,kBAAkB,EAAE,kBAAkB,CAAA;IACtC,mBAAmB,EAAE,mBAAmB,CAAA;IACxC,WAAW,EAAE,WAAW,CAAA;IACxB,KAAK,EAAE,KAAK,CAAA;IACZ;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,wBAAwB,CAAC,EAAE,wBAAwB,CAAA;CACpD;AAED,8EAA8E;AAC9E,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAqB;IACzD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAiB;IACjD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAoB;IACvD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAqB;IACzD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;IAC7B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAmB;IACtD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAA0B;IAEpE,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,EACX,KAAK,EACL,iBAAiB,EACjB,wBAAwB,GACzB,EAAE,4BAA4B,EAS9B;IAED;;;OAGG;IACH,IAAI,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAErD;IAED,+EAA+E;IAC/E,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAEtD;IAED,qFAAqF;IACrF,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAExD;IAEK,MAAM,CACV,KAAK,EAAE,oBAAoB,EAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,GACvB,OAAO,CAAC,iBAAiB,CAAC,CAqB5B;IAED;;;;;OAKG;YACW,SAAS;IAmCvB,oDAAoD;IAC9C,MAAM,CACV,EAAE,EAAE,MAAM,EACV,KAAK,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GACpD,OAAO,CAAC,SAAS,CAAC,CAQpB;IAED,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAEtC;IAEK,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAcrD;IAED;;;;;;;;;OASG;YACW,YAAY;IAqC1B;;;;;;OAMG;YACW,iBAAiB;IAazB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAGtC;CACF"}

package/dist/modules/workspaces/WorkspaceService.js ADDED Viewed

@@ -0,0 +1,193 @@
+import { registerServiceForFrame, requireWorkspace, seedBlocks, seedPipelines, } from '@cat-factory/kernel';
+export { requireWorkspace } from '@cat-factory/kernel';
+/** Creates, reads and deletes boards (workspaces) and assembles snapshots. */
+export class WorkspaceService {
+    workspaceRepository;
+    blockRepository;
+    pipelineRepository;
+    executionRepository;
+    idGenerator;
+    clock;
+    serviceRepository;
+    workspaceMountRepository;
+    constructor({ workspaceRepository, blockRepository, pipelineRepository, executionRepository, idGenerator, clock, serviceRepository, workspaceMountRepository, }) {
+        this.workspaceRepository = workspaceRepository;
+        this.blockRepository = blockRepository;
+        this.pipelineRepository = pipelineRepository;
+        this.executionRepository = executionRepository;
+        this.idGenerator = idGenerator;
+        this.clock = clock;
+        this.serviceRepository = serviceRepository;
+        this.workspaceMountRepository = workspaceMountRepository;
+    }
+    /**
+     * Boards visible to a user (see {@link WorkspaceVisibility}). A `null` scope
+     * means auth is disabled and all boards are returned.
+     */
+    list(scope) {
+        return this.workspaceRepository.listVisible(scope);
+    }
+    /** Owning user id for a board (string/owned, null/none, undefined/missing). */
+    ownerOf(id) {
+        return this.workspaceRepository.ownerOf(id);
+    }
+    /** Owning account id for a board (string/scoped, null/legacy, undefined/missing). */
+    accountOf(id) {
+        return this.workspaceRepository.accountOf(id);
+    }
+    async create(input, ownerUserId, accountId) {
+        const workspace = {
+            id: this.idGenerator.next('ws'),
+            name: input.name?.trim() || 'Untitled board',
+            description: input.description?.trim() || null,
+            createdAt: this.clock.now(),
+            accountId,
+        };
+        await this.workspaceRepository.create(workspace, ownerUserId, accountId);
+        // The built-in pipeline catalog is product configuration, not sample data, so
+        // every board gets it — including the empty boards real users start with.
+        for (const pipeline of seedPipelines()) {
+            await this.pipelineRepository.insert(workspace.id, pipeline);
+        }
+        // The sample architecture blocks are opt-in (demo boards + the test fixtures);
+        // production boards start empty (the SPA creates with `seed: false`).
+        if (input.seed ?? true) {
+            await this.seedBoard(workspace.id);
+        }
+        return this.snapshot(workspace.id);
+    }
+    /**
+     * Seed the demo architecture, registering each top-level frame as an account-owned service
+     * (so seeded frames are shareable across the org exactly like ones created on the board) and
+     * stamping every seeded block with its frame's service. A no-op service registration when
+     * in-org sharing isn't wired leaves plain workspace-local blocks (legacy behaviour).
+     */
+    async seedBoard(workspaceId) {
+        const blocks = seedBlocks();
+        const byId = new Map(blocks.map((b) => [b.id, b]));
+        const topFrameOf = (b) => {
+            let cur = b;
+            while (cur && !(cur.level === 'frame' && cur.parentId === null)) {
+                cur = cur.parentId ? byId.get(cur.parentId) : undefined;
+            }
+            return cur;
+        };
+        const serviceByFrame = new Map();
+        for (const b of blocks) {
+            if (b.level === 'frame' && b.parentId === null) {
+                serviceByFrame.set(b.id, await registerServiceForFrame({
+                    serviceRepository: this.serviceRepository,
+                    workspaceMountRepository: this.workspaceMountRepository,
+                    workspaceRepository: this.workspaceRepository,
+                    idGenerator: this.idGenerator,
+                    clock: this.clock,
+                }, workspaceId, b));
+            }
+        }
+        for (const b of blocks) {
+            const frame = topFrameOf(b);
+            await this.blockRepository.insert(workspaceId, b, frame ? serviceByFrame.get(frame.id) : null);
+        }
+    }
+    /** Rename a board and/or update its description. */
+    async update(id, patch) {
+        await this.require(id);
+        if (patch.name !== undefined)
+            await this.workspaceRepository.rename(id, patch.name.trim());
+        if ('description' in patch) {
+            const desc = patch.description == null ? null : patch.description.trim() || null;
+            await this.workspaceRepository.setDescription(id, desc);
+        }
+        return this.require(id);
+    }
+    require(id) {
+        return requireWorkspace(this.workspaceRepository, id);
+    }
+    async snapshot(id) {
+        const workspace = await this.require(id);
+        const [localBlocks, pipelines, localExecutions] = await Promise.all([
+            this.blockRepository.listByWorkspace(id),
+            this.pipelineRepository.listByWorkspace(id),
+            this.executionRepository.listByWorkspace(id),
+        ]);
+        const mounts = this.workspaceMountRepository && this.serviceRepository
+            ? await this.workspaceMountRepository.listByWorkspace(id)
+            : [];
+        const blocks = await this.composeBoard(localBlocks, mounts);
+        const executions = await this.composeExecutions(localExecutions, mounts);
+        return { workspace, blocks, pipelines, executions };
+    }
+    /**
+     * Compose a workspace's board from the services it mounts: its own (locally created)
+     * blocks plus the full subtree of any service mounted from another workspace in the
+     * same org — so a shared service renders identically on every board, with one physical
+     * copy (and therefore one shared task list + status). Each mounted frame's board
+     * position/size is taken from the mount (the per-workspace layout override) — for a home
+     * frame as much as one mounted from elsewhere, since a service frame's position is always
+     * carried on the mount (that is what `moveBlock` writes). When the service repositories
+     * aren't wired (or nothing is mounted) this is a no-op and the local blocks stand.
+     */
+    async composeBoard(localBlocks, mounts) {
+        if (!this.serviceRepository || mounts.length === 0)
+            return localBlocks;
+        const byId = new Map(localBlocks.map((b) => [b.id, b]));
+        const localIds = new Set(byId.keys());
+        // The per-workspace layout override for each mounted service's frame.
+        const frameLayout = new Map();
+        // Resolve every mounted service in one batched query (not a `get` per mount).
+        const services = await this.serviceRepository.listByIds(mounts.map((m) => m.serviceId));
+        const frameOf = new Map(services.map((s) => [s.id, s.frameBlockId]));
+        const foreignServiceIds = [];
+        for (const mount of mounts) {
+            const frameBlockId = frameOf.get(mount.serviceId);
+            if (!frameBlockId)
+                continue;
+            frameLayout.set(frameBlockId, {
+                x: mount.position.x,
+                y: mount.position.y,
+                ...(mount.size ? { w: mount.size.w, h: mount.size.h } : {}),
+            });
+            // Pull in the subtree only for services homed in ANOTHER workspace — a local service's
+            // blocks are already in `localBlocks`.
+            if (!localIds.has(frameBlockId))
+                foreignServiceIds.push(mount.serviceId);
+        }
+        // One batched query for all foreign subtrees (not one per service).
+        for (const b of await this.blockRepository.listByServices(foreignServiceIds)) {
+            if (!byId.has(b.id))
+                byId.set(b.id, b);
+        }
+        return [...byId.values()].map((b) => {
+            const layout = frameLayout.get(b.id);
+            if (!layout)
+                return b;
+            const next = { ...b, position: { x: layout.x, y: layout.y } };
+            if (layout.w !== undefined && layout.h !== undefined)
+                next.size = { w: layout.w, h: layout.h };
+            return next;
+        });
+    }
+    /**
+     * Compose a workspace's executions from the services it mounts: its own runs plus those of
+     * any service mounted from another workspace, so a shared service's run progress/status
+     * renders on every board that mounts it — not just on its home workspace. Deduplicated by
+     * run id (a home service's runs already appear in the local list). No-op when sharing isn't
+     * wired or nothing is mounted.
+     */
+    async composeExecutions(localExecutions, mounts) {
+        if (mounts.length === 0)
+            return localExecutions;
+        const byId = new Map(localExecutions.map((e) => [e.id, e]));
+        // One batched query for every mounted service's runs (not one round-trip per mount).
+        for (const e of await this.executionRepository.listByServices(mounts.map((m) => m.serviceId))) {
+            if (!byId.has(e.id))
+                byId.set(e.id, e);
+        }
+        return [...byId.values()];
+    }
+    async delete(id) {
+        await this.require(id);
+        await this.workspaceRepository.delete(id);
+    }
+}
+//# sourceMappingURL=WorkspaceService.js.map

package/dist/modules/workspaces/WorkspaceService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"WorkspaceService.js","sourceRoot":"","sources":["../../../src/modules/workspaces/WorkspaceService.ts"],"names":[],"mappings":"AACA,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EAChB,UAAU,EACV,aAAa,GACd,MAAM,qBAAqB,CAAA;AAmB5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAkBtD,8EAA8E;AAC9E,MAAM,OAAO,gBAAgB;IACV,mBAAmB,CAAqB;IACxC,eAAe,CAAiB;IAChC,kBAAkB,CAAoB;IACtC,mBAAmB,CAAqB;IACxC,WAAW,CAAa;IACxB,KAAK,CAAO;IACZ,iBAAiB,CAAoB;IACrC,wBAAwB,CAA2B;IAEpE,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,WAAW,EACX,KAAK,EACL,iBAAiB,EACjB,wBAAwB,GACK;QAC7B,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAA;QAC9C,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAC5C,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAA;QAC9C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;QAC1C,IAAI,CAAC,wBAAwB,GAAG,wBAAwB,CAAA;IAC1D,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,KAA0B;QAC7B,OAAO,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IACpD,CAAC;IAED,+EAA+E;IAC/E,OAAO,CAAC,EAAU;QAChB,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,qFAAqF;IACrF,SAAS,CAAC,EAAU;QAClB,OAAO,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,MAAM,CACV,KAA2B,EAC3B,WAA0B,EAC1B,SAAwB;QAExB,MAAM,SAAS,GAAc;YAC3B,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/B,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,gBAAgB;YAC5C,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,IAAI;YAC9C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YAC3B,SAAS;SACV,CAAA;QACD,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QAExE,8EAA8E;QAC9E,0EAA0E;QAC1E,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAA;QAC9D,CAAC;QACD,+EAA+E;QAC/E,sEAAsE;QACtE,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IACpC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,SAAS,CAAC,WAAmB;QACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAA;QAC3B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAClD,MAAM,UAAU,GAAG,CAAC,CAAQ,EAAqB,EAAE;YACjD,IAAI,GAAG,GAAsB,CAAC,CAAA;YAC9B,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,EAAE,CAAC;gBAChE,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACzD,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,CAAA;QACD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA8B,CAAA;QAC5D,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBAC/C,cAAc,CAAC,GAAG,CAChB,CAAC,CAAC,EAAE,EACJ,MAAM,uBAAuB,CAC3B;oBACE,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;oBACzC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB;oBACvD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;oBAC7C,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;iBAClB,EACD,WAAW,EACX,CAAC,CACF,CACF,CAAA;YACH,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;YAC3B,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QAChG,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,KAAK,CAAC,MAAM,CACV,EAAU,EACV,KAAqD;QAErD,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QACtB,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;QAC1F,IAAI,aAAa,IAAI,KAAK,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,IAAI,CAAA;YAChF,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;QACzD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IACzB,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,OAAO,gBAAgB,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,EAAU;QACvB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QACxC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,eAAe,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClE,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,EAAE,CAAC;SAC7C,CAAC,CAAA;QACF,MAAM,MAAM,GACV,IAAI,CAAC,wBAAwB,IAAI,IAAI,CAAC,iBAAiB;YACrD,CAAC,CAAC,MAAM,IAAI,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,CAAC;YACzD,CAAC,CAAC,EAAE,CAAA;QACR,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;QAC3D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;QACxE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IACrD,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,YAAY,CAAC,WAAoB,EAAE,MAAwB;QACvE,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,WAAW,CAAA;QAEtE,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QACvD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;QACrC,sEAAsE;QACtE,MAAM,WAAW,GAAG,IAAI,GAAG,EAA4D,CAAA;QACvF,8EAA8E;QAC9E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;QACvF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACpE,MAAM,iBAAiB,GAAa,EAAE,CAAA;QACtC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;YACjD,IAAI,CAAC,YAAY;gBAAE,SAAQ;YAC3B,WAAW,CAAC,GAAG,CAAC,YAAY,EAAE;gBAC5B,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACnB,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACnB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5D,CAAC,CAAA;YACF,uFAAuF;YACvF,uCAAuC;YACvC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC;gBAAE,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAC1E,CAAC;QACD,oEAAoE;QACpE,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC7E,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;QACxC,CAAC;QAED,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;YACpC,IAAI,CAAC,MAAM;gBAAE,OAAO,CAAC,CAAA;YACrB,MAAM,IAAI,GAAU,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,EAAE,EAAE,CAAA;YACpE,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS;gBAAE,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,EAAE,CAAA;YAC9F,OAAO,IAAI,CAAA;QACb,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,iBAAiB,CAC7B,eAAoC,EACpC,MAAwB;QAExB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,eAAe,CAAA;QAC/C,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3D,qFAAqF;QACrF,KAAK,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;YAC9F,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;QACxC,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QACtB,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IAC3C,CAAC;CACF"}

package/package.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "name": "@cat-factory/workspaces",
+  "version": "0.6.0",
+  "description": "Tenancy base services (workspaces and accounts) for the Agent Architecture Board.",
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@cat-factory/contracts": "0.6.0",
+    "@cat-factory/kernel": "0.6.0"
+  },
+  "devDependencies": {
+    "typescript": "7.0.1-rc"
+  },
+  "scripts": {
+    "build": "tsc -b tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  }
+}