npm - @company-semantics/contracts - Versions diffs - 2.14.0 → 2.16.0 - Mend

@company-semantics/contracts 2.14.0 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/src/api/generated-spec-hash.ts +2 -2
package/src/api/generated.ts +529 -0
package/src/generated/openapi-routes.ts +8 -0
package/src/permissions/index.ts +1 -0
package/src/permissions/share-api.ts +74 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@company-semantics/contracts",
-  "version": "2.14.0",
+  "version": "2.16.0",
   "private": false,
   "repository": {
     "type": "git",

package/src/api/generated-spec-hash.ts CHANGED Viewed

@@ -1,3 +1,3 @@
 // AUTO-GENERATED — do not edit. Run pnpm generate:spec-hash to regenerate.
-export const SPEC_HASH = '9fa707d8d31a' as const;
-export const SPEC_HASH_FULL = '9fa707d8d31a71977fcbf5fdd957f31cd810e226f07e6679d9dec17ddfb91915' as const;
+export const SPEC_HASH = '7e7e7989604b' as const;
+export const SPEC_HASH_FULL = '7e7e7989604b04f9af766c8ebcfe875445c12cec0fa4c4a071680454b635ea2c' as const;

package/src/api/generated.ts CHANGED Viewed

@@ -2415,6 +2415,144 @@ export interface paths {
         patch?: never;
         trace?: never;
     };
+    "/api/me/meetings/recordings/{id}/sharing": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        /** Get a recording sharing state: visibility, ACL grants, caller access */
+        get: operations["getMeetingRecordingSharing"];
+        put?: never;
+        post?: never;
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/me/meetings/recordings/{id}/sharing/acl": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        put?: never;
+        /** Grant a principal access to a recording */
+        post: operations["addMeetingRecordingAclEntry"];
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/me/meetings/recordings/{id}/sharing/acl/{grantId}": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        /** Change an existing ACL grant access level */
+        put: operations["updateMeetingRecordingAclEntry"];
+        post?: never;
+        /** Revoke an ACL grant on a recording */
+        delete: operations["deleteMeetingRecordingAclEntry"];
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/{entityType}/{id}/acl": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        /** List active ACL grants + visibility + owner for an entity */
+        get: operations["getEntityAcl"];
+        put?: never;
+        post?: never;
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/{entityType}/{id}/acl/{principalType}/{principalId}": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        /** Grant (or update) a principal access to an entity */
+        put: operations["upsertEntityAclGrant"];
+        post?: never;
+        /** Revoke a principal’s access to an entity */
+        delete: operations["revokeEntityAclGrant"];
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/{entityType}/{id}/visibility": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        put?: never;
+        post?: never;
+        delete?: never;
+        options?: never;
+        head?: never;
+        /** Change the visibility tier of an entity (owner-only) */
+        patch: operations["patchEntityVisibility"];
+        trace?: never;
+    };
+    "/api/{entityType}/{id}/transfer-ownership": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        put?: never;
+        /** Transfer ownership of an entity to another user (owner-only) */
+        post: operations["transferEntityOwnership"];
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
+    "/api/{entityType}/{id}/effective-access": {
+        parameters: {
+            query?: never;
+            header?: never;
+            path?: never;
+            cookie?: never;
+        };
+        get?: never;
+        put?: never;
+        /** Resolve a principal’s effective access on an entity */
+        post: operations["getEntityEffectiveAccess"];
+        delete?: never;
+        options?: never;
+        head?: never;
+        patch?: never;
+        trace?: never;
+    };
     "/api/internal-admin/impersonate/start": {
         parameters: {
             query?: never;
@@ -4302,6 +4440,73 @@ export interface components {
              */
             visibility: "meeting_only" | "shared" | "org" | "finalized_private";
         };
+        /** @description A meeting recording's visibility, ACL grants, and the caller's effective access. */
+        MeetingRecordingSharingState: {
+            /** @description ULID; unified trace key for the recording (INV-MTG-7). */
+            recordingId: string;
+            /**
+             * @description Visibility band for the finalized meeting projection. Default `meeting_only`.
+             * @enum {string}
+             */
+            visibility: "meeting_only" | "shared" | "org" | "finalized_private";
+            acl: {
+                /** Format: uuid */
+                id: string;
+                /** @enum {string} */
+                principalType: "user" | "unit" | "org";
+                /** Format: uuid */
+                principalId: string;
+                /** @enum {string} */
+                accessLevel: "viewer" | "commenter" | "editor";
+                grantedByUserId: string | null;
+                /** Format: date-time */
+                grantedAt: string;
+            }[];
+            effectiveAccess: {
+                /** @enum {string} */
+                level: "owner" | "editor" | "commenter" | "viewer" | "none";
+                source: string;
+            };
+        };
+        /** @description The id of the newly created meeting ACL grant. */
+        AddMeetingRecordingAclResponse: {
+            /** Format: uuid */
+            id: string;
+        };
+        /** @description Grant a principal access to a meeting recording. */
+        AddMeetingRecordingAclRequest: {
+            /** @enum {string} */
+            principalType: "user" | "unit" | "org";
+            /** Format: uuid */
+            principalId: string;
+            /** @enum {string} */
+            accessLevel: "viewer" | "commenter" | "editor";
+        };
+        /** @description Change an existing meeting ACL grant access level. */
+        UpdateMeetingRecordingAclRequest: {
+            /** @enum {string} */
+            accessLevel: "viewer" | "commenter" | "editor";
+        };
+        AclGrantRequest: {
+            /** @enum {string} */
+            access_level: "editor" | "commenter" | "viewer";
+        };
+        VisibilityPatchRequest: {
+            /** @enum {string} */
+            tier: "private" | "unit" | "org";
+        };
+        OwnerTransferRequest: {
+            /** Format: uuid */
+            new_owner_user_id: string;
+        };
+        EffectiveAccessRequest: {
+            principal: {
+                /** @enum {string} */
+                type: "user" | "unit" | "org";
+                /** Format: uuid */
+                id: string;
+            };
+        };
         ImpersonationSessionResponse: {
             session: {
                 impersonationSessionId: string;
@@ -8223,6 +8428,330 @@ export interface operations {
             };
         };
     };
+    getMeetingRecordingSharing: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody?: never;
+        responses: {
+            /** @description Visibility, ACL grants, and the caller effective access */
+            200: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content: {
+                    "application/json": components["schemas"]["MeetingRecordingSharingState"];
+                };
+            };
+            /** @description Recording not found or not owned by this user */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    addMeetingRecordingAclEntry: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["AddMeetingRecordingAclRequest"];
+            };
+        };
+        responses: {
+            /** @description ACL grant created */
+            201: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content: {
+                    "application/json": components["schemas"]["AddMeetingRecordingAclResponse"];
+                };
+            };
+            /** @description Recording not found or not owned by this user */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    updateMeetingRecordingAclEntry: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                id: string;
+                grantId: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["UpdateMeetingRecordingAclRequest"];
+            };
+        };
+        responses: {
+            /** @description ACL grant updated */
+            204: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Recording or grant not found / not owned by this user */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    deleteMeetingRecordingAclEntry: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                id: string;
+                grantId: string;
+            };
+            cookie?: never;
+        };
+        requestBody?: never;
+        responses: {
+            /** @description ACL grant revoked */
+            204: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Recording or grant not found / not owned by this user */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    getEntityAcl: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody?: never;
+        responses: {
+            /** @description Owner, visibility, and active ACL grants for the entity */
+            200: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    upsertEntityAclGrant: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+                principalType: string;
+                principalId: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["AclGrantRequest"];
+            };
+        };
+        responses: {
+            /** @description Grant upserted */
+            200: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    revokeEntityAclGrant: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+                principalType: string;
+                principalId: string;
+            };
+            cookie?: never;
+        };
+        requestBody?: never;
+        responses: {
+            /** @description Grant revoked */
+            204: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    patchEntityVisibility: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["VisibilityPatchRequest"];
+            };
+        };
+        responses: {
+            /** @description Visibility updated */
+            204: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Invalid tier for this entity type (e.g. unit on meetings) */
+            400: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    transferEntityOwnership: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["OwnerTransferRequest"];
+            };
+        };
+        responses: {
+            /** @description Ownership transferred */
+            204: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Transfer not permitted for this entity type (e.g. meetings) */
+            400: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
+    getEntityEffectiveAccess: {
+        parameters: {
+            query?: never;
+            header?: never;
+            path: {
+                entityType: string;
+                id: string;
+            };
+            cookie?: never;
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["EffectiveAccessRequest"];
+            };
+        };
+        responses: {
+            /** @description Most-permissive access level + source chain */
+            200: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+            /** @description Entity not found or not visible to this caller */
+            404: {
+                headers: {
+                    [name: string]: unknown;
+                };
+                content?: never;
+            };
+        };
+    };
     startImpersonation: {
         parameters: {
             query?: never;

package/src/generated/openapi-routes.ts CHANGED Viewed

@@ -57,6 +57,9 @@ export const openApiRoutes = {
   '/api/me/meetings/recordings/{id}/export': ['POST'],
   '/api/me/meetings/recordings/{id}/export/{jobId}': ['GET'],
   '/api/me/meetings/recordings/{id}/restore': ['POST'],
+  '/api/me/meetings/recordings/{id}/sharing': ['GET'],
+  '/api/me/meetings/recordings/{id}/sharing/acl': ['POST'],
+  '/api/me/meetings/recordings/{id}/sharing/acl/{grantId}': ['DELETE', 'PUT'],
   '/api/me/meetings/recordings/{id}/visibility': ['POST'],
   '/api/me/work-items': ['GET'],
   '/api/me/work-items/counts': ['GET'],
@@ -137,6 +140,11 @@ export const openApiRoutes = {
   '/api/workspace/resolve-path': ['POST'],
   '/api/workspace/resync-slack-logo': ['POST'],
   '/api/workspace/work-item-counts': ['GET'],
+  '/api/{entityType}/{id}/acl': ['GET'],
+  '/api/{entityType}/{id}/acl/{principalType}/{principalId}': ['DELETE', 'PUT'],
+  '/api/{entityType}/{id}/effective-access': ['POST'],
+  '/api/{entityType}/{id}/transfer-ownership': ['POST'],
+  '/api/{entityType}/{id}/visibility': ['PATCH'],
   '/auth/logout': ['POST'],
   '/auth/me': ['GET'],
   '/auth/sso/callback': ['GET', 'POST'],

package/src/permissions/index.ts CHANGED Viewed

@@ -7,3 +7,4 @@
 export * from './access-levels';
 export * from './orgchart-roles';
 export * from './access-source';
+export * from './share-api';

package/src/permissions/share-api.ts ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * Share API Vocabulary
+ *
+ * Zod schemas for the polymorphic share API introduced in AUTH-007 (PRD-00675).
+ * Backend routes live at `/api/{entityType}/{id}/...`; every request/response
+ * body validates against one of these schemas. OpenAPI YAML is auto-generated
+ * from these definitions.
+ *
+ * Authority: ADR-CTRL-085 (Rights Table), ADR-CTRL-086 (most-permissive
+ * aggregation), ADR-BE-181 (AUTH-006 compose model).
+ */
+import { z } from 'zod';
+import { AccessLevelSchema } from './access-levels';
+import { AccessSourceSchema } from './access-source';
+export const PrincipalTypeSchema = z.enum(['user', 'unit', 'org']);
+export type PrincipalType = z.infer<typeof PrincipalTypeSchema>;
+export const PrincipalSchema = z.object({
+  type: PrincipalTypeSchema,
+  id: z.string().uuid(),
+});
+export type Principal = z.infer<typeof PrincipalSchema>;
+export const GrantableAccessLevelSchema = z.enum(['editor', 'commenter', 'viewer']);
+export type GrantableAccessLevel = z.infer<typeof GrantableAccessLevelSchema>;
+export const EntityVisibilitySchema = z.enum(['private', 'unit', 'org']);
+export type EntityVisibility = z.infer<typeof EntityVisibilitySchema>;
+export const AclGrantRequestSchema = z.object({
+  access_level: GrantableAccessLevelSchema,
+});
+export type AclGrantRequest = z.infer<typeof AclGrantRequestSchema>;
+export const AclGrantResponseSchema = z.object({
+  id: z.string().uuid(),
+  principal: PrincipalSchema,
+  access_level: GrantableAccessLevelSchema,
+  granted_by_user_id: z.string().uuid(),
+  granted_at: z.string().datetime(),
+});
+export type AclGrantResponse = z.infer<typeof AclGrantResponseSchema>;
+export const AclListResponseSchema = z.object({
+  entity_type: z.string(),
+  entity_id: z.string().uuid(),
+  owner_user_id: z.string().uuid().nullable(),
+  visibility: EntityVisibilitySchema,
+  editors_can_share: z.boolean(),
+  grants: z.array(AclGrantResponseSchema),
+});
+export type AclListResponse = z.infer<typeof AclListResponseSchema>;
+export const VisibilityPatchRequestSchema = z.object({
+  tier: EntityVisibilitySchema,
+});
+export type VisibilityPatchRequest = z.infer<typeof VisibilityPatchRequestSchema>;
+export const OwnerTransferRequestSchema = z.object({
+  new_owner_user_id: z.string().uuid(),
+});
+export type OwnerTransferRequest = z.infer<typeof OwnerTransferRequestSchema>;
+export const EffectiveAccessRequestSchema = z.object({
+  principal: PrincipalSchema,
+});
+export type EffectiveAccessRequest = z.infer<typeof EffectiveAccessRequestSchema>;
+export const EffectiveAccessResponseSchema = z.object({
+  access_level: AccessLevelSchema.nullable(),
+  source_chain: z.array(AccessSourceSchema),
+});
+export type EffectiveAccessResponse = z.infer<typeof EffectiveAccessResponseSchema>;