@company-semantics/contracts 9.0.0 → 9.2.0

package/src/identity/index.ts

@@ -13,7 +13,7 @@ export type {
   UserLifecycleStatus,
   DeletionBlocker,
   AccountDeletionEligibility,
-} from './types';
+} from "./types";
 
 // Functions - Display Name
 export {
@@ -21,13 +21,13 @@ export {
   resolveDisplayName,
   /** @deprecated Use fullName directly */
   deriveFullName,
-} from './display-name';
+} from "./display-name";
 
 // Types - Avatar
-export type { AvatarSource, ResolvedAvatar } from './avatar';
+export type { AvatarSource, ResolvedAvatar } from "./avatar";
 
 // Functions - Avatar
-export { generateInitials, resolveAvatar } from './avatar';
+export { generateInitials, resolveAvatar } from "./avatar";
 
 // Response Schemas (Zod) - canonical location per ADR-CONT-044
 export {
@@ -44,7 +44,7 @@ export {
   AccountCancelDeletionResponseSchema,
   BannerDismissedListResponseSchema,
   BannerDismissResponseSchema,
-} from './schemas';
+} from "./schemas";
 export type {
   MeResponse,
   AuthStartResponse,
@@ -59,7 +59,7 @@ export type {
   AccountCancelDeletionResponse,
   BannerDismissedListResponse,
   BannerDismissResponse,
-} from './schemas';
+} from "./schemas";
 
 // People Org Chart (GET /api/users/org-chart)
 export {
@@ -67,10 +67,10 @@ export {
   PeopleOrgChartNodeSchema,
   PeopleOrgChartEdgeSchema,
   PeopleOrgChartResponseSchema,
-} from './people-org-chart';
+} from "./people-org-chart";
 export type {
   ReportingRelationshipType,
   PeopleOrgChartNode,
   PeopleOrgChartEdge,
   PeopleOrgChartResponse,
-} from './people-org-chart';
+} from "./people-org-chart";

package/src/identity/people-org-chart.ts

@@ -11,14 +11,16 @@
  * `org_unit_relationships.type = 'reports_to'` (unit-to-unit graph overlay,
  * ADR-BE-120). Tree traversal must never consult either.
  */
-import { z } from 'zod';
+import { z } from "zod";
 
 // ---------------------------------------------------------------------------
 // Reporting Relationship Type
 // ---------------------------------------------------------------------------
 
-export const ReportingRelationshipTypeSchema = z.enum(['solid', 'dotted']);
-export type ReportingRelationshipType = z.infer<typeof ReportingRelationshipTypeSchema>;
+export const ReportingRelationshipTypeSchema = z.enum(["solid", "dotted"]);
+export type ReportingRelationshipType = z.infer<
+  typeof ReportingRelationshipTypeSchema
+>;
 
 // ---------------------------------------------------------------------------
 // Node — a person in the chart
@@ -55,4 +57,6 @@ export const PeopleOrgChartResponseSchema = z.object({
   edges: z.array(PeopleOrgChartEdgeSchema),
 });
 
-export type PeopleOrgChartResponse = z.infer<typeof PeopleOrgChartResponseSchema>;
+export type PeopleOrgChartResponse = z.infer<
+  typeof PeopleOrgChartResponseSchema
+>;

package/src/identity/schemas.ts

@@ -8,14 +8,14 @@
  * z.object({ sent: boolean }), but the actual POST /auth/start route returns
  * a discriminated union on `mode` (otp | sso | hybrid). Schema matches reality.
  */
-import { z } from 'zod';
+import { z } from "zod";
 
 // ---------------------------------------------------------------------------
 // Shared sub-schemas
 // ---------------------------------------------------------------------------
 
 const ResolvedAvatarSchema = z.object({
-  source: z.enum(['photo', 'initials']),
+  source: z.enum(["photo", "initials"]),
   url: z.string().optional(),
   initials: z.string(),
 });
@@ -34,7 +34,7 @@ export const MeResponseSchema = z.object({
   fullName: z.string(),
   preferredName: z.string().nullable(),
   displayName: z.string(),
-  nameSource: z.enum(['self', 'sso']),
+  nameSource: z.enum(["self", "sso"]),
   nameEditable: z.boolean(),
   primaryUnitId: z.string().nullable(),
   slackUserId: z.string().nullable(),
@@ -56,18 +56,18 @@ export type MeResponse = z.infer<typeof MeResponseSchema>;
 // Discriminated union on mode: otp | sso | hybrid
 // ---------------------------------------------------------------------------
 
-export const AuthStartResponseSchema = z.discriminatedUnion('mode', [
+export const AuthStartResponseSchema = z.discriminatedUnion("mode", [
   z.object({
-    mode: z.literal('otp'),
+    mode: z.literal("otp"),
     devOtp: z.string().optional(),
   }),
   z.object({
-    mode: z.literal('sso'),
+    mode: z.literal("sso"),
     providers: z.array(z.string()),
     redirectUrl: z.string(),
   }),
   z.object({
-    mode: z.literal('hybrid'),
+    mode: z.literal("hybrid"),
     providers: z.array(z.string()),
     redirectUrl: z.string(),
     otpAllowed: z.literal(true),
@@ -133,7 +133,7 @@ export const ProfileResponseSchema = z.object({
     fullName: z.string(),
     preferredName: z.string().nullable(),
     displayName: z.string(),
-    nameSource: z.enum(['self', 'sso']),
+    nameSource: z.enum(["self", "sso"]),
     primaryUnitId: z.string().nullable(),
   }),
 });
@@ -168,20 +168,22 @@ export const AccountSessionRevokeResponseSchema = z.object({
   ok: z.literal(true),
 });
 
-export type AccountSessionRevokeResponse = z.infer<typeof AccountSessionRevokeResponseSchema>;
+export type AccountSessionRevokeResponse = z.infer<
+  typeof AccountSessionRevokeResponseSchema
+>;
 
 // ---------------------------------------------------------------------------
 // GET /api/account/deletion-eligibility
 // ---------------------------------------------------------------------------
 
-const DeletionBlockerSchema = z.discriminatedUnion('type', [
+const DeletionBlockerSchema = z.discriminatedUnion("type", [
   z.object({
-    type: z.literal('sole_workspace_owner'),
+    type: z.literal("sole_workspace_owner"),
     workspaceId: z.string(),
     workspaceName: z.string(),
   }),
   z.object({
-    type: z.literal('active_legal_hold'),
+    type: z.literal("active_legal_hold"),
     holdId: z.string(),
   }),
 ]);
@@ -191,14 +193,16 @@ export const AccountDeletionEligibilityResponseSchema = z.object({
   blockers: z.array(DeletionBlockerSchema),
 });
 
-export type AccountDeletionEligibilityResponse = z.infer<typeof AccountDeletionEligibilityResponseSchema>;
+export type AccountDeletionEligibilityResponse = z.infer<
+  typeof AccountDeletionEligibilityResponseSchema
+>;
 
 // ---------------------------------------------------------------------------
 // POST /api/account/delete
 // ---------------------------------------------------------------------------
 
 export const AccountDeleteResponseSchema = z.object({
-  status: z.literal('confirmation_pending'),
+  status: z.literal("confirmation_pending"),
   message: z.string(),
 });
 
@@ -209,10 +213,12 @@ export type AccountDeleteResponse = z.infer<typeof AccountDeleteResponseSchema>;
 // ---------------------------------------------------------------------------
 
 export const AccountConfirmDeletionResponseSchema = z.object({
-  status: z.literal('pending_deletion'),
+  status: z.literal("pending_deletion"),
 });
 
-export type AccountConfirmDeletionResponse = z.infer<typeof AccountConfirmDeletionResponseSchema>;
+export type AccountConfirmDeletionResponse = z.infer<
+  typeof AccountConfirmDeletionResponseSchema
+>;
 
 // ---------------------------------------------------------------------------
 // POST /api/account/cancel-deletion
@@ -223,7 +229,9 @@ export const AccountCancelDeletionResponseSchema = z.object({
   ok: z.literal(true),
 });
 
-export type AccountCancelDeletionResponse = z.infer<typeof AccountCancelDeletionResponseSchema>;
+export type AccountCancelDeletionResponse = z.infer<
+  typeof AccountCancelDeletionResponseSchema
+>;
 
 // ---------------------------------------------------------------------------
 // GET /api/user/preferences/dismissed-banners
@@ -233,7 +241,9 @@ export const BannerDismissedListResponseSchema = z.object({
   bannerIds: z.array(z.string()),
 });
 
-export type BannerDismissedListResponse = z.infer<typeof BannerDismissedListResponseSchema>;
+export type BannerDismissedListResponse = z.infer<
+  typeof BannerDismissedListResponseSchema
+>;
 
 // ---------------------------------------------------------------------------
 // POST /api/user/preferences/dismissed-banners/:bannerId

package/src/identity/types.ts

@@ -27,7 +27,7 @@ export type ISODateString = string;
  * - 'self': User-provided (editable by user)
  * - 'sso': SSO/IdP-provided (read-only, managed by organization)
  */
-export type NameSource = 'self' | 'sso';
+export type NameSource = "self" | "sso";
 
 // =============================================================================
 // User Identity
@@ -101,7 +101,7 @@ export type UserIdentity = {
    * - 'slack': synced from a connected Slack workspace
    * - 'upload': uploaded directly by the user
    */
-  avatarSource?: 'slack' | 'upload';
+  avatarSource?: "slack" | "upload";
 
   /**
    * When the avatar was last updated (synced or uploaded).
@@ -135,15 +135,15 @@ export type UserIdentity = {
  *   deleted → (terminal, no transitions)
  *   active → deleted           (FORBIDDEN — must pass through pending_deletion)
  */
-export type UserLifecycleStatus = 'active' | 'pending_deletion' | 'deleted';
+export type UserLifecycleStatus = "active" | "pending_deletion" | "deleted";
 
 /**
  * Conditions that block account deletion.
  * Discriminated union — extend with new blocker types without breaking changes.
  */
 export type DeletionBlocker =
-  | { type: 'sole_workspace_owner'; workspaceId: string; workspaceName: string }
-  | { type: 'active_legal_hold'; holdId: string };
+  | { type: "sole_workspace_owner"; workspaceId: string; workspaceName: string }
+  | { type: "active_legal_hold"; holdId: string };
 
 /**
  * Result of an account deletion eligibility check.

package/src/impersonation/index.ts

@@ -16,9 +16,9 @@ export type {
   ImpersonationCapability,
   ImpersonationSessionSummary,
   ImpersonationAuditEventType,
-} from '../impersonation'
+} from "../impersonation";
 
-export { RESTRICTED_IMPERSONATION_ACTIONS } from '../impersonation'
+export { RESTRICTED_IMPERSONATION_ACTIONS } from "../impersonation";
 
 // =============================================================================
 // HTTP Response Schemas (Zod)
@@ -30,13 +30,13 @@ export {
   ImpersonationSessionNullableResponseSchema,
   EndImpersonationResponseSchema,
   ImpersonationSessionWireDtoSchema,
-} from './schemas'
+} from "./schemas";
 
 export type {
   ImpersonationSessionResponse,
   EndImpersonationResponse,
   ImpersonationSessionWireDtoParsed,
-} from './schemas'
+} from "./schemas";
 
 // Wire DTO for SSE projection (PRD-00557 F5)
-export type { ImpersonationSessionWireDto } from '../impersonation-events'
+export type { ImpersonationSessionWireDto } from "../impersonation-events";

package/src/impersonation/schemas.ts

@@ -8,7 +8,7 @@
  * Both are maintained in parallel — Zod schema mirrors the TS interface.
  */
 
-import { z } from 'zod'
+import { z } from "zod";
 
 export const ImpersonationSessionSchema = z.object({
   impersonationSessionId: z.string(),
@@ -21,20 +21,20 @@ export const ImpersonationSessionSchema = z.object({
   endedAt: z.string().datetime({ offset: true }).nullable(),
   ipAddress: z.string(),
   userAgent: z.string(),
-})
+});
 
 export const ImpersonationSessionResponseSchema = z.object({
   session: ImpersonationSessionSchema,
-})
+});
 
 export const ImpersonationSessionNullableResponseSchema = z.object({
   session: ImpersonationSessionSchema.nullable(),
-})
+});
 
 export const EndImpersonationResponseSchema = z.object({
   success: z.literal(true),
   ok: z.literal(true),
-})
+});
 
 /**
  * Wire-only DTO for SSE snapshot/started events (PRD-00557 F5).
@@ -52,8 +52,14 @@ export const ImpersonationSessionWireDtoSchema = z
     expiresAt: z.string().datetime({ offset: true }),
     endedAt: z.string().datetime({ offset: true }).nullable(),
   })
-  .strict()
+  .strict();
 
-export type ImpersonationSessionResponse = z.infer<typeof ImpersonationSessionResponseSchema>
-export type EndImpersonationResponse = z.infer<typeof EndImpersonationResponseSchema>
-export type ImpersonationSessionWireDtoParsed = z.infer<typeof ImpersonationSessionWireDtoSchema>
+export type ImpersonationSessionResponse = z.infer<
+  typeof ImpersonationSessionResponseSchema
+>;
+export type EndImpersonationResponse = z.infer<
+  typeof EndImpersonationResponseSchema
+>;
+export type ImpersonationSessionWireDtoParsed = z.infer<
+  typeof ImpersonationSessionWireDtoSchema
+>;

package/src/impersonation-events.ts

@@ -6,7 +6,7 @@
  * Follows the same BaseEvent envelope pattern as chat SSE events.
  */
 
-import type { BaseEvent } from './chat/types'
+import type { BaseEvent } from "./chat/types";
 
 /**
  * Minimal projection of an impersonation session for over-the-wire delivery.
@@ -14,11 +14,11 @@ import type { BaseEvent } from './chat/types'
  * (PRD-00557 F5: type-impossible wire exposure of admin-private fields).
  */
 export interface ImpersonationSessionWireDto {
-  readonly id: string
-  readonly targetUserId: string
-  readonly startedAt: string
-  readonly expiresAt: string
-  readonly endedAt: string | null
+  readonly id: string;
+  readonly targetUserId: string;
+  readonly startedAt: string;
+  readonly expiresAt: string;
+  readonly endedAt: string | null;
 }
 
 /**
@@ -27,40 +27,40 @@ export interface ImpersonationSessionWireDto {
  * Eliminates need for a separate GET /session request.
  */
 export interface ImpersonationSessionSnapshotEvent extends BaseEvent {
-  type: 'impersonation.session.snapshot'
+  type: "impersonation.session.snapshot";
   data: {
-    session: ImpersonationSessionWireDto | null
-  }
+    session: ImpersonationSessionWireDto | null;
+  };
 }
 
 /** Emitted when a new impersonation session starts (enables multi-tab sync). */
 export interface ImpersonationSessionStartedEvent extends BaseEvent {
-  type: 'impersonation.session.started'
+  type: "impersonation.session.started";
   data: {
-    session: ImpersonationSessionWireDto
-  }
+    session: ImpersonationSessionWireDto;
+  };
 }
 
 /** Emitted when an admin manually ends an impersonation session. */
 export interface ImpersonationSessionEndedEvent extends BaseEvent {
-  type: 'impersonation.session.ended'
+  type: "impersonation.session.ended";
   data: {
-    sessionId: string
-    endedAt: string
-  }
+    sessionId: string;
+    endedAt: string;
+  };
 }
 
 /** Emitted when enforceExpiry() auto-expires a session. */
 export interface ImpersonationSessionExpiredEvent extends BaseEvent {
-  type: 'impersonation.session.expired'
+  type: "impersonation.session.expired";
   data: {
-    sessionId: string
-    expiredAt: string
-  }
+    sessionId: string;
+    expiredAt: string;
+  };
 }
 
 export type ImpersonationSseEvent =
   | ImpersonationSessionSnapshotEvent
   | ImpersonationSessionStartedEvent
   | ImpersonationSessionEndedEvent
-  | ImpersonationSessionExpiredEvent
+  | ImpersonationSessionExpiredEvent;

package/src/impersonation.ts

@@ -6,7 +6,7 @@
  */
 
 // Authentication mode — tags every request context
-export type AuthMode = 'STANDARD' | 'BREAK_GLASS';
+export type AuthMode = "STANDARD" | "BREAK_GLASS";
 
 // Impersonation session model — full session state
 export interface ImpersonationSession {
@@ -26,27 +26,28 @@ export interface ImpersonationSession {
 // Backend impersonation middleware consumes this enum centrally.
 // Routes do NOT self-classify. This prevents bypass via new routes.
 export type RestrictedImpersonationAction =
-  | 'delete_chat'
-  | 'delete_message'
-  | 'modify_billing'
-  | 'invite_remove_users'
-  | 'accept_agreements'
-  | 'irreversible_write'
-  | 'manage_auth';
+  | "delete_chat"
+  | "delete_message"
+  | "modify_billing"
+  | "invite_remove_users"
+  | "accept_agreements"
+  | "irreversible_write"
+  | "manage_auth";
 
 // All restricted actions as a const array for runtime checks
-export const RESTRICTED_IMPERSONATION_ACTIONS: readonly RestrictedImpersonationAction[] = [
-  'delete_chat',
-  'delete_message',
-  'modify_billing',
-  'invite_remove_users',
-  'accept_agreements',
-  'irreversible_write',
-  'manage_auth',
-] as const;
+export const RESTRICTED_IMPERSONATION_ACTIONS: readonly RestrictedImpersonationAction[] =
+  [
+    "delete_chat",
+    "delete_message",
+    "modify_billing",
+    "invite_remove_users",
+    "accept_agreements",
+    "irreversible_write",
+    "manage_auth",
+  ] as const;
 
 // Impersonation-specific company capability
-export type ImpersonationCapability = 'company.impersonate';
+export type ImpersonationCapability = "company.impersonate";
 
 // Session summary — emitted on impersonation.ended and impersonation.expired
 export interface ImpersonationSessionSummary {
@@ -60,9 +61,9 @@ export interface ImpersonationSessionSummary {
 
 // Impersonation audit event types
 export type ImpersonationAuditEventType =
-  | 'impersonation.started'
-  | 'impersonation.ended'
-  | 'impersonation.expired'
-  | 'impersonation.session_summary'
-  | 'impersonated.action'
-  | 'impersonation.blocked_action';
+  | "impersonation.started"
+  | "impersonation.ended"
+  | "impersonation.expired"
+  | "impersonation.session_summary"
+  | "impersonated.action"
+  | "impersonation.blocked_action";