@company-semantics/contracts 0.67.0 → 0.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/impersonation-events.ts +54 -0
- package/src/index.ts +10 -0
- package/src/org/domain.ts +4 -4
- package/src/org/view-scopes.ts +2 -2
package/package.json
CHANGED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Impersonation SSE Event Types
|
|
3
|
+
*
|
|
4
|
+
* Real-time push events for impersonation session state changes.
|
|
5
|
+
* Replaces 30-second polling mechanism.
|
|
6
|
+
* Follows the same BaseEvent envelope pattern as chat SSE events.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
import type { BaseEvent } from './chat/types'
|
|
10
|
+
import type { ImpersonationSession } from './impersonation'
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Sent as the first frame on SSE connection.
|
|
14
|
+
* Carries the current active session (or null if none).
|
|
15
|
+
* Eliminates need for a separate GET /session request.
|
|
16
|
+
*/
|
|
17
|
+
export interface ImpersonationSessionSnapshotEvent extends BaseEvent {
|
|
18
|
+
type: 'impersonation.session.snapshot'
|
|
19
|
+
data: {
|
|
20
|
+
session: ImpersonationSession | null
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
/** Emitted when a new impersonation session starts (enables multi-tab sync). */
|
|
25
|
+
export interface ImpersonationSessionStartedEvent extends BaseEvent {
|
|
26
|
+
type: 'impersonation.session.started'
|
|
27
|
+
data: {
|
|
28
|
+
session: ImpersonationSession
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
/** Emitted when an admin manually ends an impersonation session. */
|
|
33
|
+
export interface ImpersonationSessionEndedEvent extends BaseEvent {
|
|
34
|
+
type: 'impersonation.session.ended'
|
|
35
|
+
data: {
|
|
36
|
+
sessionId: string
|
|
37
|
+
endedAt: string
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
/** Emitted when enforceExpiry() auto-expires a session. */
|
|
42
|
+
export interface ImpersonationSessionExpiredEvent extends BaseEvent {
|
|
43
|
+
type: 'impersonation.session.expired'
|
|
44
|
+
data: {
|
|
45
|
+
sessionId: string
|
|
46
|
+
expiredAt: string
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
export type ImpersonationSseEvent =
|
|
51
|
+
| ImpersonationSessionSnapshotEvent
|
|
52
|
+
| ImpersonationSessionStartedEvent
|
|
53
|
+
| ImpersonationSessionEndedEvent
|
|
54
|
+
| ImpersonationSessionExpiredEvent
|
package/src/index.ts
CHANGED
|
@@ -437,6 +437,16 @@ export type {
|
|
|
437
437
|
|
|
438
438
|
export { RESTRICTED_IMPERSONATION_ACTIONS } from './impersonation'
|
|
439
439
|
|
|
440
|
+
// Impersonation SSE event types (real-time push)
|
|
441
|
+
// @see PRD-00176 for design rationale
|
|
442
|
+
export type {
|
|
443
|
+
ImpersonationSessionSnapshotEvent,
|
|
444
|
+
ImpersonationSessionStartedEvent,
|
|
445
|
+
ImpersonationSessionEndedEvent,
|
|
446
|
+
ImpersonationSessionExpiredEvent,
|
|
447
|
+
ImpersonationSseEvent,
|
|
448
|
+
} from './impersonation-events'
|
|
449
|
+
|
|
440
450
|
// Usage tracking types (internal admin)
|
|
441
451
|
// @see PRD-00166 for design rationale
|
|
442
452
|
export type {
|
package/src/org/domain.ts
CHANGED
|
@@ -9,11 +9,11 @@
|
|
|
9
9
|
* Status of a domain claim within an organization.
|
|
10
10
|
* - 'pending': Domain claimed but not yet verified
|
|
11
11
|
* - 'verified': Domain ownership confirmed via DNS TXT record
|
|
12
|
-
* - 'revoked': Domain claim revoked by org owner
|
|
13
12
|
*
|
|
14
13
|
* INVARIANT: Only ONE org may have status='verified' for any domain globally.
|
|
14
|
+
* @see ADR-BE-070 (revoked status removed — domains are hard-deleted instead)
|
|
15
15
|
*/
|
|
16
|
-
export type DomainStatus = 'pending' | 'verified'
|
|
16
|
+
export type DomainStatus = 'pending' | 'verified';
|
|
17
17
|
|
|
18
18
|
/**
|
|
19
19
|
* Method used to verify domain ownership.
|
|
@@ -38,7 +38,7 @@ export interface OrgDomain {
|
|
|
38
38
|
verificationMethod: DomainVerificationMethod;
|
|
39
39
|
/** Verification token - only visible to org owner. */
|
|
40
40
|
verificationToken?: string;
|
|
41
|
-
/** ISO8601 timestamp when domain was verified, null if pending
|
|
41
|
+
/** ISO8601 timestamp when domain was verified, null if pending. */
|
|
42
42
|
verifiedAt: string | null;
|
|
43
43
|
/** ISO8601 timestamp when claim was created. */
|
|
44
44
|
createdAt: string;
|
|
@@ -58,7 +58,7 @@ export type Phase4AuditAction =
|
|
|
58
58
|
// Domain lifecycle
|
|
59
59
|
| 'org.domain.claimed'
|
|
60
60
|
| 'org.domain.verified'
|
|
61
|
-
| 'org.domain.
|
|
61
|
+
| 'org.domain.deleted'
|
|
62
62
|
// Auth policy enforcement
|
|
63
63
|
| 'org.auth_policy.enforced'
|
|
64
64
|
| 'org.auth_policy.override_used' // Emergency SSO bypass succeeded
|
package/src/org/view-scopes.ts
CHANGED
|
@@ -19,8 +19,8 @@ export const VIEW_SCOPE_MAP = {
|
|
|
19
19
|
// Protected views (require specific scope)
|
|
20
20
|
workspace: 'org.view_workspace',
|
|
21
21
|
timeline: 'org.view_timeline',
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
activity: 'org.view_activity',
|
|
23
|
+
strategy: 'org.view_strategy',
|
|
24
24
|
'internal-admin': 'internal.view_admin',
|
|
25
25
|
// Public views (require only authentication)
|
|
26
26
|
chat: null,
|