@company-semantics/contracts 0.62.0 → 0.63.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/impersonation.ts +68 -0
  3. package/src/index.ts +13 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@company-semantics/contracts",
3
- "version": "0.62.0",
3
+ "version": "0.63.0",
4
4
  "private": false,
5
5
  "repository": {
6
6
  "type": "git",
package/src/impersonation.ts ADDED
@@ -0,0 +1,68 @@
1
+ /**
2
+ * Break-Glass Impersonation — Shared Vocabulary
3
+ *
4
+ * This module defines the types for the emergency impersonation mechanism.
5
+ * See ADR-BE-068 for the trust model and invariant documentation.
6
+ */
7
+
8
+ // Authentication mode — tags every request context
9
+ export type AuthMode = 'STANDARD' | 'BREAK_GLASS';
10
+
11
+ // Impersonation session model — full session state
12
+ export interface ImpersonationSession {
13
+ readonly impersonationSessionId: string;
14
+ readonly adminUserId: string;
15
+ readonly targetUserId: string;
16
+ readonly reason: string;
17
+ readonly reasonHash: string; // SHA-256 of reason text — tamper-evidence
18
+ readonly startedAt: string; // ISO 8601
19
+ readonly expiresAt: string; // ISO 8601
20
+ readonly endedAt: string | null; // ISO 8601 or null if active
21
+ readonly ipAddress: string;
22
+ readonly userAgent: string;
23
+ }
24
+
25
+ // Restricted action classes — single source of truth
26
+ // Backend impersonation middleware consumes this enum centrally.
27
+ // Routes do NOT self-classify. This prevents bypass via new routes.
28
+ export type RestrictedImpersonationAction =
29
+ | 'delete_chat'
30
+ | 'delete_message'
31
+ | 'modify_billing'
32
+ | 'rotate_credentials'
33
+ | 'invite_remove_users'
34
+ | 'accept_agreements'
35
+ | 'irreversible_write';
36
+
37
+ // All restricted actions as a const array for runtime checks
38
+ export const RESTRICTED_IMPERSONATION_ACTIONS: readonly RestrictedImpersonationAction[] = [
39
+ 'delete_chat',
40
+ 'delete_message',
41
+ 'modify_billing',
42
+ 'rotate_credentials',
43
+ 'invite_remove_users',
44
+ 'accept_agreements',
45
+ 'irreversible_write',
46
+ ] as const;
47
+
48
+ // Impersonation-specific company capability
49
+ export type ImpersonationCapability = 'company.impersonate';
50
+
51
+ // Session summary — emitted on impersonation.ended and impersonation.expired
52
+ export interface ImpersonationSessionSummary {
53
+ readonly impersonationSessionId: string;
54
+ readonly adminUserId: string;
55
+ readonly targetUserId: string;
56
+ readonly durationMs: number;
57
+ readonly actionCount: number;
58
+ readonly blockedActionCount: number;
59
+ }
60
+
61
+ // Impersonation audit event types
62
+ export type ImpersonationAuditEventType =
63
+ | 'impersonation.started'
64
+ | 'impersonation.ended'
65
+ | 'impersonation.expired'
66
+ | 'impersonation.session_summary'
67
+ | 'impersonated.action'
68
+ | 'impersonation.blocked_action';
package/src/index.ts CHANGED
@@ -401,3 +401,16 @@ export { RateLimitTier } from './rate-limit/index'
401
401
  // Billing domain types (v1 — read-only)
402
402
  // @see PRD-00121 for design rationale
403
403
  export type { OrgPlanStatus, OrgBillingInfo } from './billing/index'
404
+
405
+ // Impersonation types (break-glass emergency access)
406
+ // @see ADR-BE-068 for trust model
407
+ export type {
408
+ AuthMode,
409
+ ImpersonationSession,
410
+ RestrictedImpersonationAction,
411
+ ImpersonationCapability,
412
+ ImpersonationSessionSummary,
413
+ ImpersonationAuditEventType,
414
+ } from './impersonation'
415
+
416
+ export { RESTRICTED_IMPERSONATION_ACTIONS } from './impersonation'