@company-semantics/contracts 0.73.0 → 0.75.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@company-semantics/contracts",
-  "version": "0.73.0",
+  "version": "0.75.0",
   "private": false,
   "repository": {
     "type": "git",
@@ -72,8 +72,8 @@
     "guard:version-tag:json": "npx tsx scripts/ci/version-tag-guard.ts --json",
     "guard:decisions-deprecation": "npx tsx scripts/ci/decisions-deprecation-guard.ts",
     "guard:decisions-deprecation:json": "npx tsx scripts/ci/decisions-deprecation-guard.ts --json",
-    "guard:quick": "pnpm guard:export && pnpm guard:vocabulary && pnpm guard:scripts-deps",
-    "guard": "pnpm guard:export && pnpm guard:vocabulary && pnpm guard:scripts-deps && pnpm guard:decision && pnpm guard:decisions-deprecation",
+    "guard:quick": "GUARD_DEPENDENCY_ROOT=../ tsx ../company-semantics-ci/run-guards.ts --config scripts/ci/guard-entries.ts --quick",
+    "guard": "GUARD_DEPENDENCY_ROOT=../ tsx ../company-semantics-ci/run-guards.ts --config scripts/ci/guard-entries.ts",
     "guard:test": "vitest run scripts/ci/__tests__",
     "release": "npx tsx scripts/release.ts",
     "prepublishOnly": "echo 'ERROR: Publishing is CI-only via tag push. Use pnpm release instead.' && exit 1",

package/src/index.ts

@@ -290,6 +290,7 @@ export type {
   // Preview types (Phase 3)
   PreviewArtifactKind,
   IntegrationProvider,
+  IntegrationKey,
   IntegrationArtifactContent,
   PreviewArtifact,
   PreviewData,

package/src/message-parts/index.ts

@@ -22,6 +22,7 @@ export type {
 export type {
   PreviewArtifactKind,
   IntegrationProvider,
+  IntegrationKey,
   IntegrationArtifactContent,
   PreviewArtifact,
   PreviewData,

package/src/message-parts/preview.ts

@@ -35,6 +35,15 @@ export type PreviewArtifactKind =
  */
 export type IntegrationProvider = 'slack' | 'google' | 'zoom'
 
+/**
+ * Application-level composite integration identifier.
+ * Maps to (provider, service) pair in the database:
+ * - 'slack' → provider='slack', service=''
+ * - 'google_drive' → provider='google', service='drive'
+ * - 'zoom' → provider='zoom', service=''
+ */
+export type IntegrationKey = 'slack' | 'google_drive' | 'zoom'
+
 /**
  * Content structure for integration artifacts.
  *
@@ -45,6 +54,8 @@ export interface IntegrationArtifactContent {
   action: 'connect' | 'disconnect'
   /** Target provider */
   provider: IntegrationProvider
+  /** Service within the provider (e.g. 'drive' for Google Drive). Empty string for monolithic providers. */
+  service?: string
   /** Connection ID for disconnect (required for disconnect) */
   connectionId?: string
   /** Workspace ID for multi-workspace providers */

package/src/org/index.ts

@@ -18,6 +18,9 @@ export type {
   AuthMethodConfig,
   WorkspaceAuthConfig,
   // SSO self-service setup types (PRD-00193)
+  SsoDiscoveryConfig,
+  SsoCredentialStatus,
+  SsoOperationalState,
   SsoSetupInfo,
   SsoReadinessCheck,
   SsoReadiness,

package/src/org/types.ts

@@ -117,14 +117,8 @@ export interface AuthMethodConfig {
 // only when the requester has org.manage_auth capability.
 // =============================================================================
 
-/**
- * SSO setup information for admin configuration UI.
- * Contains the data an admin needs to configure their IdP.
- *
- * SECURITY INVARIANT: Never return actual client ID or client secret values.
- * Only boolean indicators (hasClientId, hasClientSecret) are safe to expose.
- */
-export interface SsoSetupInfo {
+/** OIDC discovery configuration for the SSO provider. */
+export interface SsoDiscoveryConfig {
   /** The callback URL the admin must configure in their IdP. */
   redirectUri: string;
   /** Required OIDC scopes. Always ['openid', 'email', 'profile']. */
@@ -133,10 +127,18 @@ export interface SsoSetupInfo {
   isOidcConfigured: boolean;
   /** The configured OIDC discovery URL (not a secret, safe to return). Null if not set. */
   oidcDiscoveryUrl: string | null;
+}
+
+/** Boolean credential presence indicators (never expose actual values). */
+export interface SsoCredentialStatus {
   /** Whether a client ID is configured. NEVER return the actual value. */
   hasClientId: boolean;
   /** Whether an encrypted client secret is stored. NEVER return the actual value. */
   hasClientSecret: boolean;
+}
+
+/** Provider lifecycle and operational state. */
+export interface SsoOperationalState {
   /** Provider-level configuration status (state machine position). */
   providerStatus: ProviderStatus;
   /** Backend-authoritative stepper step derivation. Frontend MUST NOT re-derive. */
@@ -155,6 +157,15 @@ export interface SsoSetupInfo {
   lastTestSuccessProvider?: string;
 }
 
+/**
+ * SSO setup information for admin configuration UI.
+ * Contains the data an admin needs to configure their IdP.
+ *
+ * SECURITY INVARIANT: Never return actual client ID or client secret values.
+ * Only boolean indicators (hasClientId, hasClientSecret) are safe to expose.
+ */
+export interface SsoSetupInfo extends SsoDiscoveryConfig, SsoCredentialStatus, SsoOperationalState {}
+
 /**
  * Individual readiness check for SSO activation.
  */
@@ -254,6 +265,8 @@ export interface ProviderSuggestion {
   suggestedProvider: 'google' | 'microsoft' | null;
   confidence: 'high' | 'low';
   reason: string;
+  /** The verified domain that triggered the suggestion (for pre-filling provider inputs). */
+  detectedDomain?: string;
 }
 
 /**