@clearance/management 0.1.4 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -1,6 +1,5 @@
1
1
  import { ClearanceAuthBundle } from "@clearance/auth";
2
2
  import { createServer } from "node:http";
3
-
4
3
  //#region src/types/resources.d.ts
5
4
  type ResourceId = string;
6
5
  interface Project {
@@ -455,7 +454,7 @@ declare function isManagementStore(value: unknown): value is ManagementStore;
455
454
  //#endregion
456
455
  //#region src/store/json-store.d.ts
457
456
  declare const STORE_SCHEMA_VERSION = 1;
458
- declare const CLEARANCE_RELEASE_VERSION = "0.1.4";
457
+ declare const CLEARANCE_RELEASE_VERSION = "0.2.1";
459
458
  declare function emptySnapshot(config?: Record<string, string>): DataStoreSnapshot;
460
459
  /** Normalize older snapshots missing newer collections. */
461
460
  declare function normalizeSnapshot(data: DataStoreSnapshot): DataStoreSnapshot;
@@ -591,7 +590,9 @@ declare function pgStoreId(): string;
591
590
  //#endregion
592
591
  //#region src/store/create-store.d.ts
593
592
  type CreateStoreOptions = {
594
- /** Explicit file path for JSON backend */dataPath?: string; /** Force backend; default chooses postgres when DATABASE_URL is set */
593
+ /** Explicit file path for JSON backend */
594
+ dataPath?: string;
595
+ /** Force backend; default chooses postgres when DATABASE_URL is set */
595
596
  backend?: "json" | "postgres" | "auto";
596
597
  databaseUrl?: string;
597
598
  };
@@ -683,12 +684,15 @@ declare function parseCorsOrigins(): string[];
683
684
  //#endregion
684
685
  //#region src/services/credentials.d.ts
685
686
  type CredentialKeyring = {
686
- currentKeyId: string; /** keyId → 32-byte key material */
687
+ currentKeyId: string;
688
+ /** keyId → 32-byte key material */
687
689
  keys: Map<string, Buffer>;
688
690
  };
689
691
  type EncryptedCredential = {
690
- /** Versioned AEAD envelope (never the plaintext) */ciphertext: string;
691
- keyId: string; /** Short fingerprint of plaintext for comparison without disclosure */
692
+ /** Versioned AEAD envelope (never the plaintext) */
693
+ ciphertext: string;
694
+ keyId: string;
695
+ /** Short fingerprint of plaintext for comparison without disclosure */
692
696
  fingerprint: string;
693
697
  };
694
698
  declare function fingerprintCredential(value: string): string;
@@ -800,7 +804,8 @@ declare function encodePageCursor(surface: PageSurface, key: PageCursorKey): str
800
804
  */
801
805
  declare function decodePageCursor(raw: string | undefined | null, surface: PageSurface, stage: string): PageCursorKey | undefined;
802
806
  type ResourcePage<T> = {
803
- items: T[]; /** Opaque cursor for the next page; null when this page is the last. */
807
+ items: T[];
808
+ /** Opaque cursor for the next page; null when this page is the last. */
804
809
  nextCursor: string | null;
805
810
  };
806
811
  /**
@@ -832,8 +837,11 @@ declare function normalizePageLimit(limit: number | undefined, spec: {
832
837
  //#region src/services/idempotency.d.ts
833
838
  declare const IDEMPOTENCY_DEFAULT_TTL_MS: number;
834
839
  type IdempotencyRecord = {
835
- /** Route+method scope, e.g. "POST /v1/users" */scopeKey: string; /** Client-supplied Idempotency-Key header value */
836
- key: string; /** sha256 of scopeKey + raw request body — detects key reuse conflicts */
840
+ /** Route+method scope, e.g. "POST /v1/users" */
841
+ scopeKey: string;
842
+ /** Client-supplied Idempotency-Key header value */
843
+ key: string;
844
+ /** sha256 of scopeKey + raw request body — detects key reuse conflicts */
837
845
  fingerprint: string;
838
846
  status: number;
839
847
  contentType: string;
@@ -876,7 +884,8 @@ declare function assertOwnerInvariant(data: {
876
884
  memberships: Membership[];
877
885
  }, opts: {
878
886
  organizationId: string;
879
- membership: Membership; /** Next role after update; omit for remove */
887
+ membership: Membership;
888
+ /** Next role after update; omit for remove */
880
889
  nextRole?: string;
881
890
  stage: string;
882
891
  }): void;
@@ -902,7 +911,8 @@ declare function addMember(store: ManagementStore, input: {
902
911
  source?: MembershipSource;
903
912
  actor?: string;
904
913
  auditSource?: MembershipActorSource;
905
- scope?: ResourceScope; /** Force a specific membership id (runtime id preservation) */
914
+ scope?: ResourceScope;
915
+ /** Force a specific membership id (runtime id preservation) */
906
916
  id?: string;
907
917
  }): Membership;
908
918
  /**
@@ -976,13 +986,15 @@ declare function listEnvironments(store: ManagementStore, filter?: {
976
986
  scope?: ResourceScope;
977
987
  }): Environment[];
978
988
  type EnvironmentLocalStatus = {
979
- /** Whether this environment is the operator's active principal environment */active: boolean;
989
+ /** Whether this environment is the operator's active principal environment */
990
+ active: boolean;
980
991
  storeBackend: ManagementStore["backend"];
981
992
  storePathPresent: boolean;
982
993
  schemaVersion: number;
983
994
  expectedSchemaVersion: number;
984
995
  releaseVersion: string;
985
- initialized: boolean; /** Configuration presence flags only — never secret values */
996
+ initialized: boolean;
997
+ /** Configuration presence flags only — never secret values */
986
998
  config: {
987
999
  hasClearanceSecret: boolean;
988
1000
  hasDatabaseUrl: boolean;
@@ -1056,9 +1068,13 @@ type EnvironmentPromoteResult = {
1056
1068
  * confirmed attempts (including blocked/idempotent outcomes).
1057
1069
  */
1058
1070
  declare function promoteEnvironment(store: ManagementStore, input: {
1059
- /** Target environment id or slug (required) */to: string; /** Source environment id or slug; defaults to operator principal environment */
1060
- from?: string; /** Preview only — default when confirm is not true */
1061
- dryRun?: boolean; /** Required for a confirmed attempt (CLI --yes). Never invents deploy apply. */
1071
+ /** Target environment id or slug (required) */
1072
+ to: string;
1073
+ /** Source environment id or slug; defaults to operator principal environment */
1074
+ from?: string;
1075
+ /** Preview only — default when confirm is not true */
1076
+ dryRun?: boolean;
1077
+ /** Required for a confirmed attempt (CLI --yes). Never invents deploy apply. */
1062
1078
  confirm?: boolean;
1063
1079
  scope?: ResourceScope;
1064
1080
  actor?: string;
@@ -1066,7 +1082,8 @@ declare function promoteEnvironment(store: ManagementStore, input: {
1066
1082
  }): EnvironmentPromoteResult;
1067
1083
  declare function createUser(store: ManagementStore, input: {
1068
1084
  email: string;
1069
- name: string; /** Optional stable id (e.g. Clearance runtime user id) */
1085
+ name: string;
1086
+ /** Optional stable id (e.g. Clearance runtime user id) */
1070
1087
  id?: string;
1071
1088
  projectId?: string;
1072
1089
  environmentId?: string;
@@ -1077,7 +1094,8 @@ declare function createUser(store: ManagementStore, input: {
1077
1094
  declare function listUsers(store: ManagementStore, filter?: {
1078
1095
  environmentId?: string;
1079
1096
  projectId?: string;
1080
- status?: string; /** When true (default for scoped callers), require full scope filter */
1097
+ status?: string;
1098
+ /** When true (default for scoped callers), require full scope filter */
1081
1099
  scope?: ResourceScope;
1082
1100
  }): Principal[];
1083
1101
  declare const USERS_LIST_DEFAULT_PAGE_LIMIT = 100;
@@ -1091,7 +1109,8 @@ declare const USERS_LIST_MAX_PAGE_LIMIT = 1000;
1091
1109
  declare function listUsersPage(store: ManagementStore, opts?: {
1092
1110
  scope?: ResourceScope;
1093
1111
  status?: string;
1094
- limit?: number; /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1112
+ limit?: number;
1113
+ /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1095
1114
  cursor?: string;
1096
1115
  }): {
1097
1116
  users: Principal[];
@@ -1112,7 +1131,8 @@ declare function parseUserStatusInput(status: unknown, stage?: string): "active"
1112
1131
  */
1113
1132
  declare function updateUser(store: ManagementStore, id: string, input: {
1114
1133
  name?: string;
1115
- email?: string; /** Re-enable or set disabled without soft-delete. */
1134
+ email?: string;
1135
+ /** Re-enable or set disabled without soft-delete. */
1116
1136
  status?: "active" | "disabled" | string;
1117
1137
  actor?: string;
1118
1138
  source?: "cli" | "console" | "api" | "import" | "scim" | "system";
@@ -1160,7 +1180,8 @@ declare const ORGS_LIST_MAX_PAGE_LIMIT = 1000;
1160
1180
  */
1161
1181
  declare function listOrganizationsPage(store: ManagementStore, opts?: {
1162
1182
  scope?: ResourceScope;
1163
- limit?: number; /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1183
+ limit?: number;
1184
+ /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1164
1185
  cursor?: string;
1165
1186
  }): {
1166
1187
  organizations: Organization[];
@@ -1193,7 +1214,8 @@ type ArchiveOrganizationResult = {
1193
1214
  * and org inspect remain fail-closed for archived orgs (recovery via audit + row).
1194
1215
  */
1195
1216
  declare function archiveOrganization(store: ManagementStore, id: string, input?: {
1196
- dryRun?: boolean; /** Required for mutation. CLI maps --yes → confirm=true. */
1217
+ dryRun?: boolean;
1218
+ /** Required for mutation. CLI maps --yes → confirm=true. */
1197
1219
  confirm?: boolean;
1198
1220
  actor?: string;
1199
1221
  source?: "cli" | "console" | "api" | "import" | "system";
@@ -1204,9 +1226,11 @@ declare const USERS_EXPORT_MAX_LIMIT = 1000;
1204
1226
  declare const USERS_EXPORT_FORMATS: readonly ["json", "jsonl"];
1205
1227
  type UsersExportFormat = (typeof USERS_EXPORT_FORMATS)[number];
1206
1228
  type UsersExportOptions = {
1207
- limit?: number; /** Filter by principal status (active|disabled). Deleted never exported. */
1229
+ limit?: number;
1230
+ /** Filter by principal status (active|disabled). Deleted never exported. */
1208
1231
  status?: "active" | "disabled" | string;
1209
- format?: UsersExportFormat | string; /** Absolute or relative path; when set, artifact is written atomically (CLI only) */
1232
+ format?: UsersExportFormat | string;
1233
+ /** Absolute or relative path; when set, artifact is written atomically (CLI only) */
1210
1234
  outputPath?: string;
1211
1235
  force?: boolean;
1212
1236
  scope?: ResourceScope;
@@ -1269,7 +1293,8 @@ declare function listEventsPage(store: ManagementStore, filter?: {
1269
1293
  limit?: number;
1270
1294
  organizationId?: string;
1271
1295
  action?: string;
1272
- scope?: ResourceScope; /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1296
+ scope?: ResourceScope;
1297
+ /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1273
1298
  cursor?: string;
1274
1299
  }): {
1275
1300
  events: AuditEvent[];
@@ -1293,8 +1318,11 @@ declare function overviewStats(store: ManagementStore, scope?: ResourceScope): {
1293
1318
  //#endregion
1294
1319
  //#region src/services/export-artifact.d.ts
1295
1320
  type WriteExportArtifactCodes = {
1296
- /** Audit/export stage string (e.g. events.export) */stage?: string; /** Error code when destination exists and force is false */
1297
- existsCode?: string; /** Error code when write fails for other reasons */
1321
+ /** Audit/export stage string (e.g. events.export) */
1322
+ stage?: string;
1323
+ /** Error code when destination exists and force is false */
1324
+ existsCode?: string;
1325
+ /** Error code when write fails for other reasons */
1298
1326
  writeFailedCode?: string;
1299
1327
  };
1300
1328
  /**
@@ -1341,13 +1369,17 @@ type EventsExportOptions = {
1341
1369
  * Archival bound (see audit.ts header): schedule exports with --before so
1342
1370
  * events are captured before the retention cap prunes them.
1343
1371
  */
1344
- before?: string; /** json (envelope) or jsonl (one event object per line) */
1345
- format?: EventsExportFormat | string; /** Absolute or relative path; when set, artifact is written atomically */
1346
- outputPath?: string; /** Allow replacing an existing file at outputPath */
1372
+ before?: string;
1373
+ /** json (envelope) or jsonl (one event object per line) */
1374
+ format?: EventsExportFormat | string;
1375
+ /** Absolute or relative path; when set, artifact is written atomically */
1376
+ outputPath?: string;
1377
+ /** Allow replacing an existing file at outputPath */
1347
1378
  force?: boolean;
1348
1379
  scope?: ResourceScope;
1349
1380
  actor?: string;
1350
- source?: AuditEvent["source"]; /** When true, skip privileged-read audit (tests / nested callers) */
1381
+ source?: AuditEvent["source"];
1382
+ /** When true, skip privileged-read audit (tests / nested callers) */
1351
1383
  skipAudit?: boolean;
1352
1384
  };
1353
1385
  type EventsExportEnvelope = {
@@ -1376,7 +1408,8 @@ type EventInspectResult = {
1376
1408
  replayBlocker?: string;
1377
1409
  };
1378
1410
  type ReplayDiagnosticOptions = {
1379
- /** Preview only — default safe path when confirm is not true */dryRun?: boolean;
1411
+ /** Preview only — default safe path when confirm is not true */
1412
+ dryRun?: boolean;
1380
1413
  /**
1381
1414
  * Required for mutating apply. CLI maps --yes → confirm=true.
1382
1415
  * When confirm is not true, the service always dry-runs.
@@ -1408,7 +1441,8 @@ declare function sanitizeAuditEvent(event: AuditEvent): AuditEvent;
1408
1441
  declare function selectEventsForExport(store: ManagementStore, filter: {
1409
1442
  limit: number;
1410
1443
  organizationId?: string;
1411
- action?: string; /** Normalized ISO bound — only events with createdAt strictly before */
1444
+ action?: string;
1445
+ /** Normalized ISO bound — only events with createdAt strictly before */
1412
1446
  before?: string;
1413
1447
  scope: ResourceScope;
1414
1448
  }): {
@@ -1472,7 +1506,8 @@ type SessionView = {
1472
1506
  };
1473
1507
  type SessionSource = "cli" | "console" | "api" | "system";
1474
1508
  type RevokeSessionResult = {
1475
- session: SessionView; /** True when session was already revoked / absent under authorized contract */
1509
+ session: SessionView;
1510
+ /** True when session was already revoked / absent under authorized contract */
1476
1511
  idempotent: boolean;
1477
1512
  };
1478
1513
  declare function normalizeSessionLimit(limit: number | undefined): number;
@@ -1487,7 +1522,8 @@ declare function toSessionView(session: SessionRecord, projectId: string, extra?
1487
1522
  * Defaults to active only. Does not audit (list is not privileged-write).
1488
1523
  */
1489
1524
  declare function listSessions(store: ManagementStore, opts?: {
1490
- scope?: ResourceScope; /** When true, include revoked tombstones */
1525
+ scope?: ResourceScope;
1526
+ /** When true, include revoked tombstones */
1491
1527
  includeRevoked?: boolean;
1492
1528
  limit?: number;
1493
1529
  }): SessionView[];
@@ -1498,9 +1534,11 @@ declare function listSessions(store: ManagementStore, opts?: {
1498
1534
  * Postgres runtime sessions paginate via listSessionsPageInAuth (auth-bridge).
1499
1535
  */
1500
1536
  declare function listSessionsPage(store: ManagementStore, opts?: {
1501
- scope?: ResourceScope; /** When true, include revoked tombstones */
1537
+ scope?: ResourceScope;
1538
+ /** When true, include revoked tombstones */
1502
1539
  includeRevoked?: boolean;
1503
- limit?: number; /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1540
+ limit?: number;
1541
+ /** Opaque cursor from a previous page's nextCursor (fail-closed). */
1504
1542
  cursor?: string;
1505
1543
  }): {
1506
1544
  sessions: SessionView[];
@@ -1683,7 +1721,8 @@ declare function executeMemberImportPlan(plan: MemberImportPlan, apply: (row: Me
1683
1721
  //#endregion
1684
1722
  //#region src/services/identity.d.ts
1685
1723
  type RuntimeUserIdentity = {
1686
- /** Canonical Clearance / runtime user id — becomes management principal id */id: string;
1724
+ /** Canonical Clearance / runtime user id — becomes management principal id */
1725
+ id: string;
1687
1726
  email: string;
1688
1727
  name: string;
1689
1728
  createdAt?: string | Date;
@@ -1903,7 +1942,8 @@ declare const SCIM_LOCAL_PROTOCOL_EVIDENCE: "local protocol verification (not ex
1903
1942
  * Network / auth / malformed body / non-success status all fail.
1904
1943
  */
1905
1944
  declare function checkScimConnection(store: ManagementStore, id: string, opts?: {
1906
- /** Override token (tests); otherwise decrypt stored envelope */bearerToken?: string;
1945
+ /** Override token (tests); otherwise decrypt stored envelope */
1946
+ bearerToken?: string;
1907
1947
  path?: string;
1908
1948
  fetchImpl?: typeof fetch;
1909
1949
  }): Promise<{
@@ -1956,7 +1996,8 @@ type ScimProbeOutcome = {
1956
1996
  };
1957
1997
  type ScimProbeOptions = {
1958
1998
  endpoint: string;
1959
- bearerToken?: string; /** Relative path under endpoint (default ServiceProviderConfig) */
1999
+ bearerToken?: string;
2000
+ /** Relative path under endpoint (default ServiceProviderConfig) */
1960
2001
  path?: string;
1961
2002
  timeoutMs?: number;
1962
2003
  fetchImpl?: typeof fetch;
@@ -2019,7 +2060,8 @@ declare function createSsoConnectionReal(store: ManagementStore, input: {
2019
2060
  clientId?: string;
2020
2061
  clientSecret?: string;
2021
2062
  samlEntryPoint?: string;
2022
- samlCertificate?: string; /** Load fixtures/sso/{matrix}-oidc.json — okta | entra */
2063
+ samlCertificate?: string;
2064
+ /** Load fixtures/sso/{matrix}-oidc.json — okta | entra */
2023
2065
  matrix?: "okta" | "entra";
2024
2066
  fixturePath?: string;
2025
2067
  actor?: string;
@@ -2166,7 +2208,8 @@ declare function testScimConnectionReal(store: ManagementStore, id: string, opts
2166
2208
  userName: string;
2167
2209
  displayName?: string;
2168
2210
  active?: boolean;
2169
- }>; /** Absolute URL override for local fixture protocol verification */
2211
+ }>;
2212
+ /** Absolute URL override for local fixture protocol verification */
2170
2213
  endpointOverride?: string;
2171
2214
  bearerToken?: string;
2172
2215
  fetchImpl?: typeof fetch;
@@ -2236,18 +2279,21 @@ declare function createSetupLink(store: ManagementStore, input: {
2236
2279
  organizationId: string;
2237
2280
  kind: SetupKind;
2238
2281
  ttlMinutes?: number;
2239
- actor?: string; /** Absolute console base; defaults to CLEARANCE_CONSOLE_URL */
2282
+ actor?: string;
2283
+ /** Absolute console base; defaults to CLEARANCE_CONSOLE_URL */
2240
2284
  baseUrl?: string;
2241
2285
  }): {
2242
2286
  url: string;
2243
- expiresAt: string; /** Raw capability — return once; never persisted */
2287
+ expiresAt: string;
2288
+ /** Raw capability — return once; never persisted */
2244
2289
  token: string;
2245
2290
  tokenFingerprint: string;
2246
2291
  capabilityId: string;
2247
2292
  };
2248
2293
  type RedeemSetupLinkInput = {
2249
2294
  token: string;
2250
- kind: SetupKind; /** When set, must match capability */
2295
+ kind: SetupKind;
2296
+ /** When set, must match capability */
2251
2297
  organizationId?: string;
2252
2298
  projectId?: string;
2253
2299
  environmentId?: string;
@@ -2343,7 +2389,9 @@ type MigrationPreview = {
2343
2389
  members: number;
2344
2390
  };
2345
2391
  };
2346
- /** Reads and fully validates the one Legacy fixture shape supported by this lane. */
2392
+ /** Parse and fully validate the one legacy fixture shape accepted by Clearance. */
2393
+ declare function parseLegacyFixture(input: string | unknown): LegacyExportFixture;
2394
+ /** Safely read a local fixture, then apply the same parser used by the API. */
2347
2395
  declare function loadLegacyFixture(path: string): LegacyExportFixture;
2348
2396
  /** Validate conflicts and calculate a non-mutating Clearance import preview. */
2349
2397
  declare function previewMigration(store: ManagementStore, fixture: LegacyExportFixture): MigrationPreview;
@@ -2431,6 +2479,122 @@ declare function migrateRuntimeSchema(input: {
2431
2479
  pendingFields?: undefined;
2432
2480
  }>;
2433
2481
  //#endregion
2482
+ //#region src/services/upgrade.d.ts
2483
+ interface UpgradeOptions {
2484
+ target?: string;
2485
+ plan?: string;
2486
+ dir?: string;
2487
+ healthUrl?: string;
2488
+ current?: string;
2489
+ dryRun?: boolean;
2490
+ yes?: boolean;
2491
+ restoreActive?: boolean;
2492
+ confirm?: string;
2493
+ backupDir?: string;
2494
+ }
2495
+ declare function planUpgrade(opts: UpgradeOptions): Promise<{
2496
+ schemaVersion: string;
2497
+ operation: string;
2498
+ dryRun: boolean;
2499
+ plan: {
2500
+ id: string;
2501
+ path: string;
2502
+ currentVersion: string;
2503
+ targetVersion: string;
2504
+ status: string;
2505
+ };
2506
+ } | {
2507
+ schemaVersion: string;
2508
+ operation: string;
2509
+ dryRun: boolean;
2510
+ plan: {
2511
+ targetVersion: string;
2512
+ currentVersion: string | null;
2513
+ directory: string;
2514
+ createsArtifacts: boolean;
2515
+ };
2516
+ }>;
2517
+ declare function applyUpgrade(opts: UpgradeOptions): Promise<{
2518
+ operation: string;
2519
+ wouldRun: string[];
2520
+ schemaVersion: string;
2521
+ dryRun: boolean;
2522
+ plan: {
2523
+ id: string;
2524
+ path: string;
2525
+ currentVersion: string;
2526
+ targetVersion: string;
2527
+ status: string;
2528
+ };
2529
+ } | {
2530
+ schemaVersion: string;
2531
+ operation: string;
2532
+ dryRun: boolean;
2533
+ plan: {
2534
+ id: string;
2535
+ targetVersion: string;
2536
+ status: string;
2537
+ backupId: string | null;
2538
+ rollbackReference: {} | null;
2539
+ };
2540
+ }>;
2541
+ declare function verifyUpgrade(opts: UpgradeOptions): Promise<{
2542
+ schemaVersion: string;
2543
+ operation: string;
2544
+ dryRun: boolean;
2545
+ plan: {
2546
+ id: string;
2547
+ targetVersion: string;
2548
+ status: string;
2549
+ updatedAt?: undefined;
2550
+ backupId?: undefined;
2551
+ };
2552
+ wouldRun: string[];
2553
+ } | {
2554
+ schemaVersion: string;
2555
+ operation: string;
2556
+ plan: {
2557
+ id: string;
2558
+ targetVersion: string;
2559
+ status: string;
2560
+ updatedAt: string | null;
2561
+ backupId: string | null;
2562
+ };
2563
+ dryRun?: undefined;
2564
+ wouldRun?: undefined;
2565
+ }>;
2566
+ declare function rollbackUpgrade(opts: UpgradeOptions): Promise<{
2567
+ schemaVersion: string;
2568
+ operation: string;
2569
+ dryRun: boolean;
2570
+ mode: string;
2571
+ activeDatabaseUntouched: boolean;
2572
+ wouldModifyActiveDatabase: boolean;
2573
+ plan: {
2574
+ id: string;
2575
+ targetVersion: string;
2576
+ status: string;
2577
+ };
2578
+ wouldRun: string[];
2579
+ rollbackReceipt?: undefined;
2580
+ receipt?: undefined;
2581
+ } | {
2582
+ schemaVersion: string;
2583
+ operation: string;
2584
+ dryRun: boolean;
2585
+ mode: string;
2586
+ activeDatabaseUntouched: boolean;
2587
+ plan: {
2588
+ id: string;
2589
+ targetVersion: string;
2590
+ status: string;
2591
+ };
2592
+ rollbackReceipt: string;
2593
+ receipt: Record<string, unknown>;
2594
+ wouldModifyActiveDatabase?: undefined;
2595
+ wouldRun?: undefined;
2596
+ }>;
2597
+ //#endregion
2434
2598
  //#region src/services/backup.d.ts
2435
2599
  declare function createBackup(store: ManagementStore, backupDir?: string): BackupRecord;
2436
2600
  declare function verifyBackup(store: ManagementStore, backupId: string): BackupRecord;
@@ -2572,9 +2736,30 @@ declare function listUsersFromDb(): Promise<Principal[]>;
2572
2736
  declare function createUserInAuth(input: {
2573
2737
  email: string;
2574
2738
  name: string;
2575
- password?: string; /** When set, persists the runtime user into management with the same stable id */
2739
+ password: string;
2740
+ /** When set, persists the runtime user into management with the same stable id */
2576
2741
  managementStore?: ManagementStore;
2577
2742
  }): Promise<Principal>;
2743
+ declare const PASSWORD_SETUP_TTL_SECONDS: number;
2744
+ type PasswordSetupGrant = {
2745
+ token: string;
2746
+ expiresAt: string;
2747
+ };
2748
+ /**
2749
+ * Provision a user without issuing a reusable temporary credential.
2750
+ *
2751
+ * The inaccessible random password prevents the credential account from being
2752
+ * used directly. The returned reset token is single-use in the auth runtime and
2753
+ * expires after one hour; it can only establish a caller-chosen password.
2754
+ */
2755
+ declare function createUserWithPasswordSetupInAuth(input: {
2756
+ email: string;
2757
+ name: string;
2758
+ managementStore?: ManagementStore;
2759
+ }): Promise<{
2760
+ user: Principal;
2761
+ passwordSetup: PasswordSetupGrant;
2762
+ }>;
2578
2763
  /**
2579
2764
  * Map an already-created runtime user into management (same stable id + scope).
2580
2765
  * Prefer this after product signup so CLI/API/console see one identity.
@@ -2612,7 +2797,8 @@ declare function ensureOperatorUser(): Promise<string>;
2612
2797
  * Without `id`, generates a new id (CLI/operator path).
2613
2798
  */
2614
2799
  declare function insertSsoProvider(input: {
2615
- /** Deterministic runtime/management id for setup-attempt recovery */id?: string;
2800
+ /** Deterministic runtime/management id for setup-attempt recovery */
2801
+ id?: string;
2616
2802
  providerId: string;
2617
2803
  issuer: string;
2618
2804
  domain: string;
@@ -2639,7 +2825,8 @@ declare function deleteSsoProviderById(id: string): Promise<void>;
2639
2825
  * material only (never persists plaintext). Without `id`, generates new ids.
2640
2826
  */
2641
2827
  declare function insertScimProvider(input: {
2642
- /** Deterministic runtime/management id for setup-attempt recovery */id?: string;
2828
+ /** Deterministic runtime/management id for setup-attempt recovery */
2829
+ id?: string;
2643
2830
  providerId: string;
2644
2831
  organizationId?: string;
2645
2832
  token?: string;
@@ -2679,7 +2866,8 @@ declare function listSessionsInAuth(store: ManagementStore, opts?: {
2679
2866
  */
2680
2867
  declare function listSessionsPageInAuth(store: ManagementStore, opts?: {
2681
2868
  scope?: ResourceScope;
2682
- limit?: number; /** Opaque cursor from a previous page's nextCursor (fail-closed). */
2869
+ limit?: number;
2870
+ /** Opaque cursor from a previous page's nextCursor (fail-closed). */
2683
2871
  cursor?: string;
2684
2872
  }): Promise<{
2685
2873
  sessions: SessionView[];
@@ -2805,11 +2993,12 @@ declare function updateOrganizationInAuth(store: ManagementStore, id: string, in
2805
2993
  * - Already-archived + missing runtime → success, idempotent=true.
2806
2994
  */
2807
2995
  declare function archiveOrganizationInAuth(store: ManagementStore, id: string, input?: {
2808
- dryRun?: boolean; /** Required for mutation. CLI maps --yes → confirm=true. */
2996
+ dryRun?: boolean;
2997
+ /** Required for mutation. CLI maps --yes → confirm=true. */
2809
2998
  confirm?: boolean;
2810
2999
  actor?: string;
2811
3000
  source?: OrgLifecycleSource;
2812
3001
  scope?: ResourceScope;
2813
3002
  }): Promise<ArchiveOrganizationResult>;
2814
3003
  //#endregion
2815
- export { AUDIT_MAX_EVENTS_DEFAULT, AUDIT_MAX_EVENTS_MAX, AUDIT_MAX_EVENTS_MIN, AUDIT_PRUNED_ACTION, AdversarialFixtureFile, ApiKey, ApiKeyView, ArchiveOrganizationResult, AssignableRole, AuditEvent, AuditEventInput, BUILT_IN_ROLE_SLUGS, BackupRecord, BuiltInRoleSlug, CLEARANCE_RELEASE_VERSION, ClearanceError, type CommitSetupLinkInput, ConfigRecord, ConformanceMode, CreateStoreOptions, CreatedApiKey, CredentialKeyring, CustomRole, DataStoreSnapshot, DiagnosticTrace, DirectoryConnection, DoctorCheck, EVENTS_EXPORT_DEFAULT_LIMIT, EVENTS_EXPORT_FORMATS, EVENTS_EXPORT_MAX_LIMIT, EVENTS_LIST_DEFAULT_PAGE_LIMIT, EVENTS_LIST_MAX_PAGE_LIMIT, EVENTS_TAIL_DEFAULT_LIMIT, EVENTS_TAIL_MAX_LIMIT, EncryptedCredential, Environment, EnvironmentInspectResult, EnvironmentLocalStatus, EnvironmentPromoteBlocker, EnvironmentPromotePlanStep, EnvironmentPromoteResult, EventInspectResult, EventsExportEnvelope, EventsExportFormat, EventsExportOptions, EventsTailCursor, EventsTailFilter, FORBIDDEN_DEFAULT_SECRETS, IDEMPOTENCY_DEFAULT_TTL_MS, IdempotencyBackend, IdempotencyRecord, IdentityConnection, IdentityProtocol, JsonStore, LIVE_CONFORMANCE_MODE, LIVE_EVIDENCE_LABEL, LegacyExportFixture, LiveProbeOptions, LiveProbeResult, LocalOidcSession, MANAGEMENT_SURFACES, ManagementStore, ManagementSurface, MemberImportFormat, MemberImportPlan, MemberImportPlanRow, MemberImportResult, MemberImportRowResult, Membership, MembershipActorSource, MembershipSource, MigrationPlan, MigrationPreview, ORGS_LIST_DEFAULT_PAGE_LIMIT, ORGS_LIST_MAX_PAGE_LIMIT, Organization, PageCursorKey, PageOrder, PageSurface, type PgStore, PostgresRestoreOptions, Principal, Project, REPLAYABLE_TRACE_SUBSYSTEMS, ReadinessCheck, ReadinessReport, type RedeemSetupLinkInput, type ReleaseSetupLinkInput, ReplayDiagnosticOptions, ReplayDiagnosticResult, ReplayableTraceSubsystem, type ReserveSetupLinkResult, ResourceId, ResourcePage, ResourceScope, RevokeSessionResult, RuntimeOrganizationIdentity, RuntimeSchemaPlanResult, RuntimeUserIdentity, SCIM_FIXTURE_MODE, SCIM_LOCAL_PROTOCOL_EVIDENCE, SCIM_REAL_FIXTURE_MODE, SETUP_RESERVATION_TTL_MS, SSO_FIXTURE_MODE, SSO_LOCAL_EVIDENCE_LABEL, SSO_LOCAL_PROTOCOL_MODE, SSO_MATRIX_NOT_CERTIFIED, SSO_REAL_FIXTURE_MODE, STORE_SCHEMA_VERSION, ScimActorSource, ScimMutationOpts, ScimProbeOptions, ScimProbeOutcome, ScimUserPayload, ScimUsersFixture, ScopedResource, SessionRecord, SessionSource, SessionView, SetupCapability, type SetupKind, SsoActorSource, SsoCreateInput, SsoMutationOpts, SsoOidcFixture, SsoTestFixture, SsoTestOptions, USERS_EXPORT_DEFAULT_LIMIT, USERS_EXPORT_FORMATS, USERS_EXPORT_MAX_LIMIT, USERS_LIST_DEFAULT_PAGE_LIMIT, USERS_LIST_MAX_PAGE_LIMIT, UsersExportEnvelope, UsersExportFormat, UsersExportOptions, WRITE_ONLY_SECRET_FIELDS, WriteExportArtifactCodes, addMember, addMemberInAuth, appendAuditEvent, archiveOrganization, archiveOrganizationInAuth, assertClientScopeHeaders, assertCredentialKeyConfigured, assertIdempotencyKeyValid, assertLiveEndpoint, assertMigrationRunnable, assertOwnerInvariant, assertProductionCredentialKey, assertProductionSecret, assertResourceInScope, assertSessionPrincipalInScope, auditMaxEvents, beginEventsTail, bridgeRuntimeUserToManagement, buildAuditEvent, buildAuthorizationUrl, builtInRoleId, checkScimConnection, closeAuthBundle, commitSetupLink, configureSsoConnection, consoleRoutesFromContract, correlationId, countAuthTables, createApiKey, createBackup, createEnvironment, createIdempotencyBackend, createLocalOidcIssuerFixture, createLocalScimFixtureServer, createManagementStore, createOrgInAuth, createOrganization, createPgStore, createPostgresBackup, createProject, createRole, createScimConnection, createScimConnectionReal, createSession, createSetupLink, createSsoConnection, createSsoConnectionReal, createUser, createUserInAuth, decodeJwtPayload, decodePageCursor, decryptCredential, defaultDataPath, deleteScimProviderById, deleteSsoProviderById, deleteUser, deleteUserInAuth, deriveSetupConnectionIds, deriveSetupReservationId, diffConfig, disableScimConnection, disableScimConnectionReal, disableSsoConnection, disableSsoConnectionReal, disableUser, disableUserInAuth, dockerDumpArgs, dockerPsqlArgs, emptyIsolatedStorePath, emptySnapshot, encodePageCursor, encryptCredential, enforceAuditRetention, ensureAuthMigrated, ensureOperatorUser, ensurePrivateBackupDirectory, executeMemberImportPlan, exportEvents, exportUsers, findActiveMembership, fingerprint, fingerprintCredential, fingerprintIdempotentRequest, fixturesRoot, generatePkcePair, generateRuntimeSchema, getAuthBundle, getCredentialKeyring, getLatestReadiness, getRuntimeSchemaStatus, idempotencyConflictError, initProject, insertScimProvider, insertSsoProvider, inspectApiKey, inspectEnvironment, inspectEvent, inspectMembership, inspectOrganization, inspectRole, inspectScimConnection, inspectScimTrace, inspectSession, inspectSessionInAuth, inspectSsoConnection, inspectUser, isBuiltInRoleSlug, isClearanceError, isCredentialEnvelope, isDevelopmentLike, isForbiddenDefaultSecret, isManagementStore, isReplayableTraceSubsystem, isSecretLikeConfigEntry, isSecretLikeConfigKey, listApiKeys, listEnvironments, listEvents, listEventsPage, listMembers, listOrganizations, listOrganizationsPage, listOrgsFromDb, listProjects, listRoles, listScimConnections, listSessions, listSessionsFromDb, listSessionsInAuth, listSessionsPage, listSessionsPageInAuth, listSetupLinks, listSsoConnections, listUsers, listUsersFromDb, listUsersPage, loadJsonFixture, loadLegacyFixture, migrateRuntimeSchema, migrationStatus, newId, normalizeAndValidateApiKeyScopes, normalizeAndValidatePermissions, normalizeEventsExportBefore, normalizeEventsExportFormat, normalizeEventsExportLimit, normalizeEventsTailLimit, normalizePageLimit, normalizeSessionLimit, normalizeSnapshot, normalizeUsersExportFormat, normalizeUsersExportLimit, normalizeUsersExportStatus, nowIso, overviewStats, paginateByCreatedAt, parseConfigJson, parseCorsOrigins, parseCredentialEnvelope, parseUserStatusInput, pgStoreId, planEnvironmentCreate, planMemberImport, planMigration, planProjectCreate, planRuntimeSchema, pollEventsTail, postgresBackupFailure, postgresContainerSettings, previewMigration, probeOutcomeToError, probeScimEndpoint, promoteEnvironment, publicConfig, publicDirectoryConnection, publicIdentityConnection, recordEvent, redactRecord, redactValue, redeemSetupLink, releaseSetupLink, removeMember, removeMemberInAuth, replayDiagnosticTrace, replayScimTrace, requireOperatorToken, reserveSetupLink, resetAuthBundle, resolveAssignableRole, resolveCredentialKeyring, resolveIdempotencyTtlMs, resolveMembershipId, resolveOperatorScope, resolveScimConnection, resolveSsoConnection, restoreBackup, restorePostgresBackup, revokeApiKey, revokeSession, revokeSessionInAuth, revokeSetupLink, rollbackMigration, rollbackMigrationDurable, rotateApiKey, rotateCredential, rotateScimCredential, rotateSsoCredential, runDoctor, runMigration, runMigrationDurable, runReadinessCheck, runSsoMatrix, sanitizeAuditEvent, sanitizePrincipalForExport, sanitizeSessionView, scopeFilter, secureBackupArtifact, selectEventsForExport, selectUsersForExport, setConfig, sortEventsDeterministic, sortUsersDeterministic, syncRuntimeOrganizationToManagementDurable, syncRuntimeUserToManagement, syncRuntimeUserToManagementDurable, testScimConnection, testScimConnectionLive, testScimConnectionReal, testSsoConnection, testSsoConnectionLive, testSsoConnectionReal, toSessionView, updateMember, updateMemberInAuth, updateOrganization, updateOrganizationInAuth, updateRole, updateUser, updateUserInAuth, upgradeCheck, upgradeCheckWithDb, validateApiKeyName, validateConfig, validateCurrentConfig, validateIsolatedRestoreDatabaseName, validateRole, validateRoleName, validateRoleSlug, validateSamlProviderConfig, verifyBackup, verifyMigration, verifyMigrationDurable, verifyPostgresBackup, verifySsoOidcLocalProtocol, writeExportArtifact };
3004
+ export { AUDIT_MAX_EVENTS_DEFAULT, AUDIT_MAX_EVENTS_MAX, AUDIT_MAX_EVENTS_MIN, AUDIT_PRUNED_ACTION, AdversarialFixtureFile, ApiKey, ApiKeyView, ArchiveOrganizationResult, AssignableRole, AuditEvent, AuditEventInput, BUILT_IN_ROLE_SLUGS, BackupRecord, BuiltInRoleSlug, CLEARANCE_RELEASE_VERSION, ClearanceError, type CommitSetupLinkInput, ConfigRecord, ConformanceMode, CreateStoreOptions, CreatedApiKey, CredentialKeyring, CustomRole, DataStoreSnapshot, DiagnosticTrace, DirectoryConnection, DoctorCheck, EVENTS_EXPORT_DEFAULT_LIMIT, EVENTS_EXPORT_FORMATS, EVENTS_EXPORT_MAX_LIMIT, EVENTS_LIST_DEFAULT_PAGE_LIMIT, EVENTS_LIST_MAX_PAGE_LIMIT, EVENTS_TAIL_DEFAULT_LIMIT, EVENTS_TAIL_MAX_LIMIT, EncryptedCredential, Environment, EnvironmentInspectResult, EnvironmentLocalStatus, EnvironmentPromoteBlocker, EnvironmentPromotePlanStep, EnvironmentPromoteResult, EventInspectResult, EventsExportEnvelope, EventsExportFormat, EventsExportOptions, EventsTailCursor, EventsTailFilter, FORBIDDEN_DEFAULT_SECRETS, IDEMPOTENCY_DEFAULT_TTL_MS, IdempotencyBackend, IdempotencyRecord, IdentityConnection, IdentityProtocol, JsonStore, LIVE_CONFORMANCE_MODE, LIVE_EVIDENCE_LABEL, LegacyExportFixture, LiveProbeOptions, LiveProbeResult, LocalOidcSession, MANAGEMENT_SURFACES, ManagementStore, ManagementSurface, MemberImportFormat, MemberImportPlan, MemberImportPlanRow, MemberImportResult, MemberImportRowResult, Membership, MembershipActorSource, MembershipSource, MigrationPlan, MigrationPreview, ORGS_LIST_DEFAULT_PAGE_LIMIT, ORGS_LIST_MAX_PAGE_LIMIT, Organization, PASSWORD_SETUP_TTL_SECONDS, PageCursorKey, PageOrder, PageSurface, PasswordSetupGrant, PgStore, PostgresRestoreOptions, Principal, Project, REPLAYABLE_TRACE_SUBSYSTEMS, ReadinessCheck, ReadinessReport, type RedeemSetupLinkInput, type ReleaseSetupLinkInput, ReplayDiagnosticOptions, ReplayDiagnosticResult, ReplayableTraceSubsystem, type ReserveSetupLinkResult, ResourceId, ResourcePage, ResourceScope, RevokeSessionResult, RuntimeOrganizationIdentity, RuntimeSchemaPlanResult, RuntimeUserIdentity, SCIM_FIXTURE_MODE, SCIM_LOCAL_PROTOCOL_EVIDENCE, SCIM_REAL_FIXTURE_MODE, SETUP_RESERVATION_TTL_MS, SSO_FIXTURE_MODE, SSO_LOCAL_EVIDENCE_LABEL, SSO_LOCAL_PROTOCOL_MODE, SSO_MATRIX_NOT_CERTIFIED, SSO_REAL_FIXTURE_MODE, STORE_SCHEMA_VERSION, ScimActorSource, ScimMutationOpts, ScimProbeOptions, ScimProbeOutcome, ScimUserPayload, ScimUsersFixture, ScopedResource, SessionRecord, SessionSource, SessionView, SetupCapability, type SetupKind, SsoActorSource, SsoCreateInput, SsoMutationOpts, SsoOidcFixture, SsoTestFixture, SsoTestOptions, USERS_EXPORT_DEFAULT_LIMIT, USERS_EXPORT_FORMATS, USERS_EXPORT_MAX_LIMIT, USERS_LIST_DEFAULT_PAGE_LIMIT, USERS_LIST_MAX_PAGE_LIMIT, UpgradeOptions, UsersExportEnvelope, UsersExportFormat, UsersExportOptions, WRITE_ONLY_SECRET_FIELDS, WriteExportArtifactCodes, addMember, addMemberInAuth, appendAuditEvent, applyUpgrade, archiveOrganization, archiveOrganizationInAuth, assertClientScopeHeaders, assertCredentialKeyConfigured, assertIdempotencyKeyValid, assertLiveEndpoint, assertMigrationRunnable, assertOwnerInvariant, assertProductionCredentialKey, assertProductionSecret, assertResourceInScope, assertSessionPrincipalInScope, auditMaxEvents, beginEventsTail, bridgeRuntimeUserToManagement, buildAuditEvent, buildAuthorizationUrl, builtInRoleId, checkScimConnection, closeAuthBundle, commitSetupLink, configureSsoConnection, consoleRoutesFromContract, correlationId, countAuthTables, createApiKey, createBackup, createEnvironment, createIdempotencyBackend, createLocalOidcIssuerFixture, createLocalScimFixtureServer, createManagementStore, createOrgInAuth, createOrganization, createPgStore, createPostgresBackup, createProject, createRole, createScimConnection, createScimConnectionReal, createSession, createSetupLink, createSsoConnection, createSsoConnectionReal, createUser, createUserInAuth, createUserWithPasswordSetupInAuth, decodeJwtPayload, decodePageCursor, decryptCredential, defaultDataPath, deleteScimProviderById, deleteSsoProviderById, deleteUser, deleteUserInAuth, deriveSetupConnectionIds, deriveSetupReservationId, diffConfig, disableScimConnection, disableScimConnectionReal, disableSsoConnection, disableSsoConnectionReal, disableUser, disableUserInAuth, dockerDumpArgs, dockerPsqlArgs, emptyIsolatedStorePath, emptySnapshot, encodePageCursor, encryptCredential, enforceAuditRetention, ensureAuthMigrated, ensureOperatorUser, ensurePrivateBackupDirectory, executeMemberImportPlan, exportEvents, exportUsers, findActiveMembership, fingerprint, fingerprintCredential, fingerprintIdempotentRequest, fixturesRoot, generatePkcePair, generateRuntimeSchema, getAuthBundle, getCredentialKeyring, getLatestReadiness, getRuntimeSchemaStatus, idempotencyConflictError, initProject, insertScimProvider, insertSsoProvider, inspectApiKey, inspectEnvironment, inspectEvent, inspectMembership, inspectOrganization, inspectRole, inspectScimConnection, inspectScimTrace, inspectSession, inspectSessionInAuth, inspectSsoConnection, inspectUser, isBuiltInRoleSlug, isClearanceError, isCredentialEnvelope, isDevelopmentLike, isForbiddenDefaultSecret, isManagementStore, isReplayableTraceSubsystem, isSecretLikeConfigEntry, isSecretLikeConfigKey, listApiKeys, listEnvironments, listEvents, listEventsPage, listMembers, listOrganizations, listOrganizationsPage, listOrgsFromDb, listProjects, listRoles, listScimConnections, listSessions, listSessionsFromDb, listSessionsInAuth, listSessionsPage, listSessionsPageInAuth, listSetupLinks, listSsoConnections, listUsers, listUsersFromDb, listUsersPage, loadJsonFixture, loadLegacyFixture, migrateRuntimeSchema, migrationStatus, newId, normalizeAndValidateApiKeyScopes, normalizeAndValidatePermissions, normalizeEventsExportBefore, normalizeEventsExportFormat, normalizeEventsExportLimit, normalizeEventsTailLimit, normalizePageLimit, normalizeSessionLimit, normalizeSnapshot, normalizeUsersExportFormat, normalizeUsersExportLimit, normalizeUsersExportStatus, nowIso, overviewStats, paginateByCreatedAt, parseConfigJson, parseCorsOrigins, parseCredentialEnvelope, parseLegacyFixture, parseUserStatusInput, pgStoreId, planEnvironmentCreate, planMemberImport, planMigration, planProjectCreate, planRuntimeSchema, planUpgrade, pollEventsTail, postgresBackupFailure, postgresContainerSettings, previewMigration, probeOutcomeToError, probeScimEndpoint, promoteEnvironment, publicConfig, publicDirectoryConnection, publicIdentityConnection, recordEvent, redactRecord, redactValue, redeemSetupLink, releaseSetupLink, removeMember, removeMemberInAuth, replayDiagnosticTrace, replayScimTrace, requireOperatorToken, reserveSetupLink, resetAuthBundle, resolveAssignableRole, resolveCredentialKeyring, resolveIdempotencyTtlMs, resolveMembershipId, resolveOperatorScope, resolveScimConnection, resolveSsoConnection, restoreBackup, restorePostgresBackup, revokeApiKey, revokeSession, revokeSessionInAuth, revokeSetupLink, rollbackMigration, rollbackMigrationDurable, rollbackUpgrade, rotateApiKey, rotateCredential, rotateScimCredential, rotateSsoCredential, runDoctor, runMigration, runMigrationDurable, runReadinessCheck, runSsoMatrix, sanitizeAuditEvent, sanitizePrincipalForExport, sanitizeSessionView, scopeFilter, secureBackupArtifact, selectEventsForExport, selectUsersForExport, setConfig, sortEventsDeterministic, sortUsersDeterministic, syncRuntimeOrganizationToManagementDurable, syncRuntimeUserToManagement, syncRuntimeUserToManagementDurable, testScimConnection, testScimConnectionLive, testScimConnectionReal, testSsoConnection, testSsoConnectionLive, testSsoConnectionReal, toSessionView, updateMember, updateMemberInAuth, updateOrganization, updateOrganizationInAuth, updateRole, updateUser, updateUserInAuth, upgradeCheck, upgradeCheckWithDb, validateApiKeyName, validateConfig, validateCurrentConfig, validateIsolatedRestoreDatabaseName, validateRole, validateRoleName, validateRoleSlug, validateSamlProviderConfig, verifyBackup, verifyMigration, verifyMigrationDurable, verifyPostgresBackup, verifySsoOidcLocalProtocol, verifyUpgrade, writeExportArtifact };