@company-semantics/contracts 0.56.0 → 0.58.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/index.ts +0 -4
- package/src/org/index.ts +0 -4
- package/src/org/types.ts +4 -48
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -154,8 +154,6 @@ export type {
|
|
|
154
154
|
WorkspaceMember,
|
|
155
155
|
AuthMethodConfig,
|
|
156
156
|
WorkspaceAuthConfig,
|
|
157
|
-
IntegrationStatus,
|
|
158
|
-
WorkspaceIntegration,
|
|
159
157
|
WorkspaceAuditEvent,
|
|
160
158
|
// Workspace expansion DTOs (Phase 3)
|
|
161
159
|
// @see ADR-CONT-031 for design rationale
|
|
@@ -167,8 +165,6 @@ export type {
|
|
|
167
165
|
ChangeMemberRoleRequest,
|
|
168
166
|
OrgAuthPolicy,
|
|
169
167
|
UpdateAuthPolicyRequest,
|
|
170
|
-
PromoteIntegrationRequest,
|
|
171
|
-
DemoteIntegrationRequest,
|
|
172
168
|
Phase3AuditAction,
|
|
173
169
|
// Workspace capability types (Phase 3)
|
|
174
170
|
WorkspaceCapability,
|
package/src/org/index.ts
CHANGED
|
@@ -17,8 +17,6 @@ export type {
|
|
|
17
17
|
WorkspaceMember,
|
|
18
18
|
AuthMethodConfig,
|
|
19
19
|
WorkspaceAuthConfig,
|
|
20
|
-
IntegrationStatus,
|
|
21
|
-
WorkspaceIntegration,
|
|
22
20
|
WorkspaceAuditEvent,
|
|
23
21
|
// Workspace expansion DTOs (Phase 3)
|
|
24
22
|
OrgInviteStatus,
|
|
@@ -29,8 +27,6 @@ export type {
|
|
|
29
27
|
ChangeMemberRoleRequest,
|
|
30
28
|
OrgAuthPolicy,
|
|
31
29
|
UpdateAuthPolicyRequest,
|
|
32
|
-
PromoteIntegrationRequest,
|
|
33
|
-
DemoteIntegrationRequest,
|
|
34
30
|
Phase3AuditAction,
|
|
35
31
|
// Multi-org membership types (Phase 4)
|
|
36
32
|
UserOrgMembership,
|
package/src/org/types.ts
CHANGED
|
@@ -57,7 +57,7 @@ export interface OwnershipTransferStatus {
|
|
|
57
57
|
* Display role for workspace members.
|
|
58
58
|
* Presentation-layer simplification of the internal RBAC roles.
|
|
59
59
|
*/
|
|
60
|
-
export type WorkspaceRole = 'owner' | 'admin' | 'member';
|
|
60
|
+
export type WorkspaceRole = 'owner' | 'admin' | 'member' | 'auditor';
|
|
61
61
|
|
|
62
62
|
/**
|
|
63
63
|
* RBAC → UI role mapping (presentation only).
|
|
@@ -66,6 +66,7 @@ export type WorkspaceRole = 'owner' | 'admin' | 'member';
|
|
|
66
66
|
export const ROLE_DISPLAY_MAP = {
|
|
67
67
|
org_owner: 'owner',
|
|
68
68
|
org_admin: 'admin',
|
|
69
|
+
org_auditor: 'auditor',
|
|
69
70
|
// All other roles → 'member'
|
|
70
71
|
} as const satisfies Partial<Record<string, WorkspaceRole>>;
|
|
71
72
|
|
|
@@ -77,6 +78,8 @@ export interface WorkspaceOverview {
|
|
|
77
78
|
id: string;
|
|
78
79
|
name: string;
|
|
79
80
|
type: OrgType;
|
|
81
|
+
/** Square logo URL for the workspace. Null if no logo has been set. */
|
|
82
|
+
logoUrl: string | null;
|
|
80
83
|
owner: {
|
|
81
84
|
id: string;
|
|
82
85
|
name: string;
|
|
@@ -131,34 +134,6 @@ export interface WorkspaceAuthConfig {
|
|
|
131
134
|
};
|
|
132
135
|
}
|
|
133
136
|
|
|
134
|
-
/**
|
|
135
|
-
* Integration connection status.
|
|
136
|
-
*/
|
|
137
|
-
export type IntegrationStatus = 'active' | 'expired' | 'revoked';
|
|
138
|
-
|
|
139
|
-
/**
|
|
140
|
-
* Workspace integration for the integrations list.
|
|
141
|
-
* Shows connections visible to workspace admins.
|
|
142
|
-
*
|
|
143
|
-
* SECURITY: connectedBy.id should be empty string (not exposed for security).
|
|
144
|
-
* lastActivity is aggregated to reduce precision for timing attack mitigation.
|
|
145
|
-
* @see security-safety-reviewer finding: Excessive Information Disclosure
|
|
146
|
-
*/
|
|
147
|
-
export interface WorkspaceIntegration {
|
|
148
|
-
id: string;
|
|
149
|
-
provider: string;
|
|
150
|
-
status: IntegrationStatus;
|
|
151
|
-
connectedBy: {
|
|
152
|
-
/** Always empty string for security (user IDs not exposed) */
|
|
153
|
-
id: string;
|
|
154
|
-
/** Name of the user who connected this integration, or 'A team member' if unknown */
|
|
155
|
-
name: string;
|
|
156
|
-
};
|
|
157
|
-
executionScope: ExecutionScope;
|
|
158
|
-
/** Aggregated last activity (e.g., 'within the last day', 'within the last week') */
|
|
159
|
-
lastActivity: string | null;
|
|
160
|
-
}
|
|
161
|
-
|
|
162
137
|
/**
|
|
163
138
|
* Audit event for the workspace audit log.
|
|
164
139
|
* Filtered to spec events only (server-side).
|
|
@@ -257,25 +232,6 @@ export interface UpdateAuthPolicyRequest {
|
|
|
257
232
|
allowedProviders?: string[];
|
|
258
233
|
}
|
|
259
234
|
|
|
260
|
-
/**
|
|
261
|
-
* Request payload for promoting an integration to org scope.
|
|
262
|
-
*
|
|
263
|
-
* INVARIANT: acknowledgedRisk must be true to prove explicit intent.
|
|
264
|
-
* @see Phase 3 Invariant #15: Blast radius acknowledgment
|
|
265
|
-
*/
|
|
266
|
-
export interface PromoteIntegrationRequest {
|
|
267
|
-
/** User must acknowledge the blast radius of org-wide access */
|
|
268
|
-
acknowledgedRisk: boolean;
|
|
269
|
-
}
|
|
270
|
-
|
|
271
|
-
/**
|
|
272
|
-
* Request payload for demoting an integration to self scope.
|
|
273
|
-
*/
|
|
274
|
-
export interface DemoteIntegrationRequest {
|
|
275
|
-
/** Optional reason for demotion */
|
|
276
|
-
reason?: string;
|
|
277
|
-
}
|
|
278
|
-
|
|
279
235
|
// =============================================================================
|
|
280
236
|
// Phase 3 Audit Action Types
|
|
281
237
|
// @see ADR-CONT-031 for design rationale
|