@company-semantics/contracts 9.0.0 → 9.2.0

package/src/org/domain.ts

@@ -13,7 +13,7 @@
  * INVARIANT: Only ONE org may have status='verified' for any domain globally.
  * @see ADR-BE-070 (revoked status removed — domains are hard-deleted instead)
  */
-export type DomainStatus = 'pending' | 'verified';
+export type DomainStatus = "pending" | "verified";
 
 /**
  * Method used to verify domain ownership.
@@ -21,7 +21,7 @@ export type DomainStatus = 'pending' | 'verified';
  * - 'email': Email-based verification (reserved for future)
  * - 'idp': IdP-based verification via SAML/OIDC (reserved for future)
  */
-export type DomainVerificationMethod = 'dns_txt' | 'email' | 'idp';
+export type DomainVerificationMethod = "dns_txt" | "email" | "idp";
 
 /**
  * Organization domain claim and verification status.
@@ -58,12 +58,12 @@ export interface OrgDomain {
  */
 export type Phase4AuditAction =
   // Domain lifecycle
-  | 'org.domain.claimed'
-  | 'org.domain.verified'
-  | 'org.domain.deleted'
+  | "org.domain.claimed"
+  | "org.domain.verified"
+  | "org.domain.deleted"
   // Auth policy enforcement
-  | 'org.auth_policy.enforced'
-  | 'org.auth_policy.override_used' // Emergency SSO bypass succeeded
-  | 'org.auth_policy.override_attempted' // Emergency SSO bypass denied (incident review)
+  | "org.auth_policy.enforced"
+  | "org.auth_policy.override_used" // Emergency SSO bypass succeeded
+  | "org.auth_policy.override_attempted" // Emergency SSO bypass denied (incident review)
   // Multi-org context
-  | 'user.active_org.switched';
+  | "user.active_org.switched";

package/src/org/index.ts

@@ -68,9 +68,12 @@ export type {
   IdentityTrustLevel,
   TransferEligibilityResult,
   TransferMemberEligibility,
-} from './types';
+} from "./types";
 
-export { TRANSFER_RESPONSIBILITIES, IDENTITY_TRUST_LEVEL_LABELS } from './types';
+export {
+  TRANSFER_RESPONSIBILITIES,
+  IDENTITY_TRUST_LEVEL_LABELS,
+} from "./types";
 
 // Domain types (Phase 4)
 export type {
@@ -78,15 +81,15 @@ export type {
   DomainVerificationMethod,
   OrgDomain,
   Phase4AuditAction,
-} from './domain';
+} from "./domain";
 
 // View authorization scopes (Phase 5 - ADR-APP-013)
-export type { AuthorizableView } from './view-scopes';
-export { VIEW_SCOPE_MAP, getViewScope } from './view-scopes';
+export type { AuthorizableView } from "./view-scopes";
+export { VIEW_SCOPE_MAP, getViewScope } from "./view-scopes";
 
 // Canonical OrgUnit tree ordering (PRD-00506)
-export type { TreeOrderableNode } from './tree-ordering';
-export { orderTreeNodes } from './tree-ordering';
+export type { TreeOrderableNode } from "./tree-ordering";
+export { orderTreeNodes } from "./tree-ordering";
 
 // Company.md domain types (PRD-00173)
 export type {
@@ -103,7 +106,7 @@ export type {
   CompanyMdDocRelations,
   CompanyMdDoc,
   CompanyMdContextBankItem,
-} from './company-md';
+} from "./company-md";
 
 // Sharing and ACL types (PRD-00306)
 export type {
@@ -117,7 +120,7 @@ export type {
   AccessExplanation,
   ShareState,
   PermissionAuditEntry,
-} from './sharing';
+} from "./sharing";
 
 // Workspace response schemas (PRD-00445)
 export {
@@ -145,7 +148,7 @@ export {
   LeaveOrgResponseSchema,
   ScopeCheckResponseSchema,
   ScopeCheckBatchResponseSchema,
-} from './schemas';
+} from "./schemas";
 export type {
   WorkspaceAccessResponse,
   WorkspaceOverview as WorkspaceOverviewDto,
@@ -167,7 +170,7 @@ export type {
   LeaveOrgResponse,
   ScopeCheckResponse,
   ScopeCheckBatchResponse,
-} from './schemas';
+} from "./schemas";
 
 // Org lifecycle response schemas (PRD-00446)
 export {
@@ -179,7 +182,7 @@ export {
   OrgDeletionStatusSchema,
   OwnershipTransferResponseSchema,
   OwnershipTransferPreviewSchema,
-} from './schemas';
+} from "./schemas";
 export type {
   InviteResponse,
   InviteListResponse,
@@ -189,7 +192,7 @@ export type {
   OrgDeletionStatus,
   OwnershipTransferResponse,
   OwnershipTransferPreview,
-} from './schemas';
+} from "./schemas";
 
 // Org-ops response schemas (PRD-00449)
 export {
@@ -197,13 +200,13 @@ export {
   AcknowledgeSystemEventResponseSchema,
   OrgBudgetConfigSchema,
   OrgUsageResponseSchema,
-} from './schemas';
+} from "./schemas";
 export type {
   OrgSystemEventsList,
   AcknowledgeSystemEventResponse,
   OrgBudgetConfig,
   OrgUsageResponse,
-} from './schemas';
+} from "./schemas";
 
 // OrgUnit canonical model (ADR-BE-120)
 export type {
@@ -216,8 +219,8 @@ export type {
   OrgUnitMembershipSource,
   OrgUnitErrorCode,
   OrgTreeResponse,
-} from './org-units';
-export { ORG_UNITS_ROUTES } from './org-units';
+} from "./org-units";
+export { ORG_UNITS_ROUTES } from "./org-units";
 export {
   OrgUnitClassificationSchema,
   OrgUnitSyncModeSchema,
@@ -248,7 +251,7 @@ export {
   ListOrgUnitPermissionsResponseSchema,
   UpdateOrgUnitRequestSchema,
   UpdateOrgUnitResponseSchema,
-} from './schemas';
+} from "./schemas";
 export type {
   UnitMembershipRole,
   OrgUnit,
@@ -271,7 +274,7 @@ export type {
   ListOrgUnitPermissionsResponse,
   UpdateOrgUnitRequest,
   UpdateOrgUnitResponse,
-} from './schemas';
+} from "./schemas";
 
 // Authority & Delegation vocabulary
 export {
@@ -288,7 +291,11 @@ export {
   CreateDelegationRequestSchema,
   UpdateDelegationRequestSchema,
   DelegationListResponseSchema,
-} from './schemas';
+  // Mutation capabilities (GET /api/capabilities) — ADR-BE-241
+  FieldCapabilitySchema,
+  ActionCapabilitySchema,
+  CapabilitiesResponseSchema,
+} from "./schemas";
 export type {
   AuthoritySource,
   AuthorityOrigin,
@@ -303,4 +310,7 @@ export type {
   CreateDelegationRequest,
   UpdateDelegationRequest,
   DelegationListResponse,
-} from './schemas';
+  FieldCapability,
+  ActionCapability,
+  CapabilitiesResponse,
+} from "./schemas";

package/src/org/org-units.ts

@@ -22,25 +22,39 @@
  */
 
 /** Semantic classification — projection-only, never drives traversal. */
-export type OrgUnitClassification = 'execution_unit' | 'org_container' | 'custom';
+export type OrgUnitClassification =
+  | "execution_unit"
+  | "org_container"
+  | "custom";
 
 /** External directory reconciliation policy for a unit. */
-export type OrgUnitSyncMode = 'manual_only' | 'synced_readonly' | 'synced_with_overrides';
+export type OrgUnitSyncMode =
+  | "manual_only"
+  | "synced_readonly"
+  | "synced_with_overrides";
 
 /** Default visibility inherited by new docs under this unit. */
-export type OrgUnitVisibility = 'public' | 'private' | 'restricted';
+export type OrgUnitVisibility = "public" | "private" | "restricted";
 
 /** Edge classification for `org_unit_relationships`. Graph-only; never structural. */
-export type OrgUnitRelationshipType = 'collaborates_with' | 'reports_to' | 'depends_on' | 'custom';
+export type OrgUnitRelationshipType =
+  | "collaborates_with"
+  | "reports_to"
+  | "depends_on"
+  | "custom";
 
 /** Edge role — refines the collaboration nature on a graph edge. */
-export type OrgUnitRelationshipRole = 'owner' | 'participant' | 'supporting';
+export type OrgUnitRelationshipRole = "owner" | "participant" | "supporting";
 
 /** Active/pending/removed lifecycle for a unit membership. */
-export type OrgUnitMembershipStatus = 'active' | 'pending' | 'removed';
+export type OrgUnitMembershipStatus = "active" | "pending" | "removed";
 
 /** External directory origin of a membership row. */
-export type OrgUnitMembershipSource = 'manual' | 'google_groups' | 'scim' | 'hris';
+export type OrgUnitMembershipSource =
+  | "manual"
+  | "google_groups"
+  | "scim"
+  | "hris";
 
 /**
  * Canonical route path constants for the `/api/org-units` surface.
@@ -57,8 +71,8 @@ export type OrgUnitMembershipSource = 'manual' | 'google_groups' | 'scim' | 'hri
  * into `/api/org-units/tree` without changing the response shape.
  */
 export const ORG_UNITS_ROUTES = {
-  list: '/api/org-units',
-  tree: '/api/org-units/tree',
+  list: "/api/org-units",
+  tree: "/api/org-units/tree",
   byId: (unitId: string) => `/api/org-units/${unitId}`,
   children: (unitId: string) => `/api/org-units/${unitId}/children`,
   ancestors: (unitId: string) => `/api/org-units/${unitId}/ancestors`,
@@ -82,7 +96,7 @@ export const ORG_UNITS_ROUTES = {
  * / `OrgUnitTreeResponse`. This alias gives consumers the shorter
  * `OrgTreeResponse` name used by `GET /api/org-units/tree`.
  */
-export type { OrgUnitTreeResponse as OrgTreeResponse } from './schemas';
+export type { OrgUnitTreeResponse as OrgTreeResponse } from "./schemas";
 
 /**
  * Error codes returned by `POST /api/org-units/:id/reparent` and related
@@ -90,22 +104,22 @@ export type { OrgUnitTreeResponse as OrgTreeResponse } from './schemas';
  */
 export type OrgUnitErrorCode =
   /** newParent.path contains unit.path — would create a cycle. */
-  | 'CYCLE_BLOCKED'
+  | "CYCLE_BLOCKED"
   /** Reparent would push subtree above depth 5. */
-  | 'DEPTH_EXCEEDED'
+  | "DEPTH_EXCEEDED"
   /** Target parent is archived; reparenting into archived subtrees is forbidden. */
-  | 'TARGET_ARCHIVED'
+  | "TARGET_ARCHIVED"
   /** Attempted to set `parent_id` on a level-1 root unit. */
-  | 'ROOT_HAS_NO_PARENT'
+  | "ROOT_HAS_NO_PARENT"
   /** Parent is archived on create. */
-  | 'PARENT_ARCHIVED'
+  | "PARENT_ARCHIVED"
   /** Slug already taken under the target parent. */
-  | 'SLUG_TAKEN'
+  | "SLUG_TAKEN"
   /** Attempted to reparent across orgs (or create with mismatched orgId). */
-  | 'CROSS_ORG_REPARENT'
+  | "CROSS_ORG_REPARENT"
   /** Reorder: computed order_key collided with an existing sibling; client should re-fetch neighbors and retry. */
-  | 'ORDERKEY_CONFLICT'
+  | "ORDERKEY_CONFLICT"
   /** Reorder: prev or next sibling id does not resolve to a live unit. */
-  | 'SIBLING_NOT_FOUND'
+  | "SIBLING_NOT_FOUND"
   /** Reorder: prev or next sibling belongs to a different parent than the moving unit. */
-  | 'SIBLINGS_DIFFERENT_PARENT';
+  | "SIBLINGS_DIFFERENT_PARENT";