@constructive-io/react 0.12.7 → 0.12.8

package/esm/auth/schema-types.d.ts

@@ -3,18 +3,23 @@
  * @generated by @constructive-io/graphql-codegen
  * DO NOT EDIT - changes will be overwritten
  */
-import type { AuditLog, CryptoAddress, Email, PhoneNumber, RoleType, User, UserConnectedAccount, BooleanFilter, DatetimeFilter, FullTextFilter, IntFilter, InternetAddressFilter, JSONFilter, StringFilter, UUIDFilter } from './types';
+import type { AuditLog, CryptoAddress, Email, IdentityProvider, PhoneNumber, RoleType, User, UserConnectedAccount, WebauthnCredential, BigIntFilter, BooleanFilter, DatetimeFilter, FullTextFilter, IntFilter, InternetAddressFilter, JSONFilter, StringFilter, StringListFilter, UUIDFilter } from './types';
+export type Base64EncodedBinary = unknown;
 export type ConstructiveInternalTypeEmail = unknown;
 export type ConstructiveInternalTypeImage = unknown;
 export type ConstructiveInternalTypeOrigin = unknown;
 /** Methods to use when ordering `Email`. */
-export type EmailOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'EMAIL_ASC' | 'EMAIL_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type EmailOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'EMAIL_ASC' | 'EMAIL_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
 /** Methods to use when ordering `PhoneNumber`. */
-export type PhoneNumberOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CC_ASC' | 'CC_DESC' | 'NUMBER_ASC' | 'NUMBER_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type PhoneNumberOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CC_ASC' | 'CC_DESC' | 'NUMBER_ASC' | 'NUMBER_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
 /** Methods to use when ordering `CryptoAddress`. */
-export type CryptoAddressOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'ADDRESS_ASC' | 'ADDRESS_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type CryptoAddressOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'ADDRESS_ASC' | 'ADDRESS_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+/** Methods to use when ordering `WebauthnCredential`. */
+export type WebauthnCredentialOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CREDENTIAL_ID_ASC' | 'CREDENTIAL_ID_DESC' | 'PUBLIC_KEY_ASC' | 'PUBLIC_KEY_DESC' | 'SIGN_COUNT_ASC' | 'SIGN_COUNT_DESC' | 'WEBAUTHN_USER_ID_ASC' | 'WEBAUTHN_USER_ID_DESC' | 'TRANSPORTS_ASC' | 'TRANSPORTS_DESC' | 'CREDENTIAL_DEVICE_TYPE_ASC' | 'CREDENTIAL_DEVICE_TYPE_DESC' | 'BACKUP_ELIGIBLE_ASC' | 'BACKUP_ELIGIBLE_DESC' | 'BACKUP_STATE_ASC' | 'BACKUP_STATE_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'LAST_USED_AT_ASC' | 'LAST_USED_AT_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
 /** Methods to use when ordering `AuditLog`. */
 export type AuditLogOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'EVENT_ASC' | 'EVENT_DESC' | 'ACTOR_ID_ASC' | 'ACTOR_ID_DESC' | 'ORIGIN_ASC' | 'ORIGIN_DESC' | 'USER_AGENT_ASC' | 'USER_AGENT_DESC' | 'IP_ADDRESS_ASC' | 'IP_ADDRESS_DESC' | 'SUCCESS_ASC' | 'SUCCESS_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC';
+/** Methods to use when ordering `IdentityProvider`. */
+export type IdentityProviderOrderBy = 'NATURAL' | 'SLUG_ASC' | 'SLUG_DESC' | 'KIND_ASC' | 'KIND_DESC' | 'DISPLAY_NAME_ASC' | 'DISPLAY_NAME_DESC' | 'ENABLED_ASC' | 'ENABLED_DESC' | 'IS_BUILT_IN_ASC' | 'IS_BUILT_IN_DESC';
 /** Methods to use when ordering `RoleType`. */
 export type RoleTypeOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'NAME_ASC' | 'NAME_DESC';
 /** Methods to use when ordering `UserConnectedAccount`. */
@@ -33,6 +38,8 @@ export interface EmailFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -161,6 +168,10 @@ export interface UserFilter {
     ownedCryptoAddresses?: UserToManyCryptoAddressFilter;
     /** `ownedCryptoAddresses` exist. */
     ownedCryptoAddressesExist?: boolean;
+    /** Filter by the object’s `ownedWebauthnCredentials` relation. */
+    ownedWebauthnCredentials?: UserToManyWebauthnCredentialFilter;
+    /** `ownedWebauthnCredentials` exist. */
+    ownedWebauthnCredentialsExist?: boolean;
     /** Filter by the object’s `auditLogsByActorId` relation. */
     auditLogsByActorId?: UserToManyAuditLogFilter;
     /** `auditLogsByActorId` exist. */
@@ -345,6 +356,8 @@ export interface PhoneNumberFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -379,6 +392,8 @@ export interface CryptoAddressFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -392,6 +407,71 @@ export interface CryptoAddressFilter {
     /** Filter by the object’s `owner` relation. */
     owner?: UserFilter;
 }
+/** A filter to be used against many `WebauthnCredential` object types. All fields are combined with a logical ‘and.’ */
+export interface UserToManyWebauthnCredentialFilter {
+    /** Filters to entities where at least one related entity matches. */
+    some?: WebauthnCredentialFilter;
+    /** Filters to entities where every related entity matches. */
+    every?: WebauthnCredentialFilter;
+    /** Filters to entities where no related entity matches. */
+    none?: WebauthnCredentialFilter;
+}
+/** A filter to be used against `WebauthnCredential` object types. All fields are combined with a logical ‘and.’ */
+export interface WebauthnCredentialFilter {
+    /** Filter by the object’s `id` field. */
+    id?: UUIDFilter;
+    /** Filter by the object’s `ownerId` field. */
+    ownerId?: UUIDFilter;
+    /** Filter by the object’s `credentialId` field. */
+    credentialId?: StringFilter;
+    /** Filter by the object’s `publicKey` field. */
+    publicKey?: Base64EncodedBinaryFilter;
+    /** Filter by the object’s `signCount` field. */
+    signCount?: BigIntFilter;
+    /** Filter by the object’s `webauthnUserId` field. */
+    webauthnUserId?: StringFilter;
+    /** Filter by the object’s `transports` field. */
+    transports?: StringListFilter;
+    /** Filter by the object’s `credentialDeviceType` field. */
+    credentialDeviceType?: StringFilter;
+    /** Filter by the object’s `backupEligible` field. */
+    backupEligible?: BooleanFilter;
+    /** Filter by the object’s `backupState` field. */
+    backupState?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
+    /** Filter by the object’s `lastUsedAt` field. */
+    lastUsedAt?: DatetimeFilter;
+    /** Filter by the object’s `createdAt` field. */
+    createdAt?: DatetimeFilter;
+    /** Filter by the object’s `updatedAt` field. */
+    updatedAt?: DatetimeFilter;
+    /** Checks for all expressions in this list. */
+    and?: WebauthnCredentialFilter[];
+    /** Checks for any expressions in this list. */
+    or?: WebauthnCredentialFilter[];
+    /** Negates the expression. */
+    not?: WebauthnCredentialFilter;
+    /** Filter by the object’s `owner` relation. */
+    owner?: UserFilter;
+}
+/** A filter to be used against Base64EncodedBinary fields. All fields are combined with a logical ‘and.’ */
+export interface Base64EncodedBinaryFilter {
+    /** Is null (if `true` is specified) or is not null (if `false` is specified). */
+    isNull?: boolean;
+    /** Equal to the specified value. */
+    equalTo?: Base64EncodedBinary;
+    /** Not equal to the specified value. */
+    notEqualTo?: Base64EncodedBinary;
+    /** Not equal to the specified value, treating null like an ordinary value. */
+    distinctFrom?: Base64EncodedBinary;
+    /** Equal to the specified value, treating null like an ordinary value. */
+    notDistinctFrom?: Base64EncodedBinary;
+    /** Included in the specified list. */
+    in?: Base64EncodedBinary[];
+    /** Not included in the specified list. */
+    notIn?: Base64EncodedBinary[];
+}
 /** A filter to be used against many `AuditLog` object types. All fields are combined with a logical ‘and.’ */
 export interface UserToManyAuditLogFilter {
     /** Filters to entities where at least one related entity matches. */
@@ -507,6 +587,25 @@ export interface ConstructiveInternalTypeOriginFilter {
     /** Greater than or equal to the specified value (case-insensitive). */
     greaterThanOrEqualToInsensitive?: string;
 }
+/** A filter to be used against `IdentityProvider` object types. All fields are combined with a logical ‘and.’ */
+export interface IdentityProviderFilter {
+    /** Filter by the object’s `slug` field. */
+    slug?: StringFilter;
+    /** Filter by the object’s `kind` field. */
+    kind?: StringFilter;
+    /** Filter by the object’s `displayName` field. */
+    displayName?: StringFilter;
+    /** Filter by the object’s `enabled` field. */
+    enabled?: BooleanFilter;
+    /** Filter by the object’s `isBuiltIn` field. */
+    isBuiltIn?: BooleanFilter;
+    /** Checks for all expressions in this list. */
+    and?: IdentityProviderFilter[];
+    /** Checks for any expressions in this list. */
+    or?: IdentityProviderFilter[];
+    /** Negates the expression. */
+    not?: IdentityProviderFilter;
+}
 /** A filter to be used against `UserConnectedAccount` object types. All fields are combined with a logical ‘and.’ */
 export interface UserConnectedAccountFilter {
     /** Filter by the object’s `id` field. */
@@ -588,12 +687,6 @@ export interface ResetPasswordInput {
     resetToken?: string;
     newPassword?: string;
 }
-export interface CreateApiKeyInput {
-    clientMutationId?: string;
-    keyName: string;
-    accessLevel?: string;
-    mfaLevel?: string;
-}
 export interface SignInCrossOriginInput {
     clientMutationId?: string;
     token?: string;
@@ -646,6 +739,13 @@ export interface IntervalInput {
     /** A quantity of years. */
     years?: number;
 }
+export interface CreateApiKeyInput {
+    clientMutationId?: string;
+    keyName?: string;
+    accessLevel?: string;
+    mfaLevel?: string;
+    expiresIn?: IntervalInput;
+}
 export interface ForgotPasswordInput {
     clientMutationId?: string;
     email?: ConstructiveInternalTypeEmail;
@@ -654,6 +754,19 @@ export interface SendVerificationEmailInput {
     clientMutationId?: string;
     email?: ConstructiveInternalTypeEmail;
 }
+export interface CreateIdentityProviderInput {
+    clientMutationId?: string;
+    /** The `IdentityProvider` to be created by this mutation. */
+    identityProvider: IdentityProviderInput;
+}
+/** An input for mutations affecting `IdentityProvider` */
+export interface IdentityProviderInput {
+    slug?: string;
+    kind?: string;
+    displayName?: string;
+    enabled?: boolean;
+    isBuiltIn?: boolean;
+}
 export interface CreateRoleTypeInput {
     clientMutationId?: string;
     /** The `RoleType` to be created by this mutation. */
@@ -679,6 +792,8 @@ export interface CryptoAddressInput {
     isVerified?: boolean;
     /** Whether this is the user's primary cryptocurrency address */
     isPrimary?: boolean;
+    /** Optional user-provided label for this address (e.g. "Main wallet", "Hardware wallet"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -699,6 +814,8 @@ export interface PhoneNumberInput {
     isVerified?: boolean;
     /** Whether this is the user's primary phone number */
     isPrimary?: boolean;
+    /** Optional user-provided label for this phone number (e.g. "Mobile", "Work"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -756,6 +873,8 @@ export interface EmailInput {
     isVerified?: boolean;
     /** Whether this is the user's primary email address */
     isPrimary?: boolean;
+    /** Optional user-provided label for this email (e.g. "Work", "Personal"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -774,6 +893,38 @@ export interface UserInput {
     createdAt?: string;
     updatedAt?: string;
 }
+export interface CreateWebauthnCredentialInput {
+    clientMutationId?: string;
+    /** The `WebauthnCredential` to be created by this mutation. */
+    webauthnCredential: WebauthnCredentialInput;
+}
+/** An input for mutations affecting `WebauthnCredential` */
+export interface WebauthnCredentialInput {
+    id?: string;
+    ownerId?: string;
+    /** Base64url-encoded credential ID returned by the authenticator. Globally unique per WebAuthn spec. */
+    credentialId: string;
+    /** COSE-encoded public key bytes from the authenticator attestation. */
+    publicKey: Base64EncodedBinary;
+    /** Monotonic signature counter. Strict-increase check during sign-in detects cloned credentials. 0 means the authenticator does not implement a counter. */
+    signCount?: string;
+    /** Random per-user handle sent to authenticators as user.id. Privacy-preserving; NOT the internal user UUID. */
+    webauthnUserId: string;
+    /** Authenticator transport hints (e.g. usb, nfc, ble, internal, hybrid). Used to hint browser UI during sign-in. */
+    transports?: string[];
+    /** Either 'singleDevice' (hardware-bound) or 'multiDevice' (synced passkey). Enforced by CHECK constraint below. */
+    credentialDeviceType: string;
+    /** Whether this credential is eligible for backup (syncing) per the authenticator's flags at registration. */
+    backupEligible?: boolean;
+    /** Current backup state; updated on each successful sign-in assertion. */
+    backupState?: boolean;
+    /** User-provided label for this credential (e.g. "YubiKey 5C", "iPhone 15"). Renamed via rename_passkey. */
+    name?: string;
+    /** Timestamp of the most recent successful sign-in assertion using this credential. */
+    lastUsedAt?: string;
+    createdAt?: string;
+    updatedAt?: string;
+}
 export interface UpdateRoleTypeInput {
     clientMutationId?: string;
     id: number;
@@ -801,6 +952,8 @@ export interface CryptoAddressPatch {
     isVerified?: boolean;
     /** Whether this is the user's primary cryptocurrency address */
     isPrimary?: boolean;
+    /** Optional user-provided label for this address (e.g. "Main wallet", "Hardware wallet"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -822,6 +975,8 @@ export interface PhoneNumberPatch {
     isVerified?: boolean;
     /** Whether this is the user's primary phone number */
     isPrimary?: boolean;
+    /** Optional user-provided label for this phone number (e.g. "Mobile", "Work"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -865,6 +1020,8 @@ export interface EmailPatch {
     isVerified?: boolean;
     /** Whether this is the user's primary email address */
     isPrimary?: boolean;
+    /** Optional user-provided label for this email (e.g. "Work", "Personal"). */
+    name?: string;
     createdAt?: string;
     updatedAt?: string;
 }
@@ -886,6 +1043,39 @@ export interface UserPatch {
     /** File upload for the `profilePicture` field. */
     profilePictureUpload?: File;
 }
+export interface UpdateWebauthnCredentialInput {
+    clientMutationId?: string;
+    id: string;
+    /** An object where the defined keys will be set on the `WebauthnCredential` being updated. */
+    webauthnCredentialPatch: WebauthnCredentialPatch;
+}
+/** Represents an update to a `WebauthnCredential`. Fields that are set will be updated. */
+export interface WebauthnCredentialPatch {
+    id?: string;
+    ownerId?: string;
+    /** Base64url-encoded credential ID returned by the authenticator. Globally unique per WebAuthn spec. */
+    credentialId?: string;
+    /** COSE-encoded public key bytes from the authenticator attestation. */
+    publicKey?: Base64EncodedBinary;
+    /** Monotonic signature counter. Strict-increase check during sign-in detects cloned credentials. 0 means the authenticator does not implement a counter. */
+    signCount?: string;
+    /** Random per-user handle sent to authenticators as user.id. Privacy-preserving; NOT the internal user UUID. */
+    webauthnUserId?: string;
+    /** Authenticator transport hints (e.g. usb, nfc, ble, internal, hybrid). Used to hint browser UI during sign-in. */
+    transports?: string[];
+    /** Either 'singleDevice' (hardware-bound) or 'multiDevice' (synced passkey). Enforced by CHECK constraint below. */
+    credentialDeviceType?: string;
+    /** Whether this credential is eligible for backup (syncing) per the authenticator's flags at registration. */
+    backupEligible?: boolean;
+    /** Current backup state; updated on each successful sign-in assertion. */
+    backupState?: boolean;
+    /** User-provided label for this credential (e.g. "YubiKey 5C", "iPhone 15"). Renamed via rename_passkey. */
+    name?: string;
+    /** Timestamp of the most recent successful sign-in assertion using this credential. */
+    lastUsedAt?: string;
+    createdAt?: string;
+    updatedAt?: string;
+}
 export interface DeleteRoleTypeInput {
     clientMutationId?: string;
     id: number;
@@ -910,9 +1100,20 @@ export interface DeleteUserInput {
     clientMutationId?: string;
     id: string;
 }
+export interface DeleteWebauthnCredentialInput {
+    clientMutationId?: string;
+    id: string;
+}
 export interface RequestUploadUrlInput {
     /** Bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped uploads.
+     * Omit for app-level (database-wide) storage.
+     * When provided, resolves the storage module for the entity type
+     * that owns this entity instance (e.g., a data room ID, team ID).
+     */
+    ownerId?: string;
     /** SHA-256 content hash computed by the client (hex-encoded, 64 chars) */
     contentHash: string;
     /** MIME type of the file (e.g., "image/png") */
@@ -929,6 +1130,18 @@ export interface ConfirmUploadInput {
 export interface ProvisionBucketInput {
     /** The logical bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped bucket provisioning.
+     * Omit for app-level (database-wide) storage.
+     */
+    ownerId?: string;
+}
+/** A connection to a list of `IdentityProvider` values. */
+export interface IdentityProviderConnection {
+    nodes: IdentityProvider[];
+    edges: IdentityProviderEdge[];
+    pageInfo: PageInfo;
+    totalCount: number;
 }
 /** A connection to a list of `RoleType` values. */
 export interface RoleTypeConnection {
@@ -979,6 +1192,13 @@ export interface UserConnection {
     pageInfo: PageInfo;
     totalCount: number;
 }
+/** A connection to a list of `WebauthnCredential` values. */
+export interface WebauthnCredentialConnection {
+    nodes: WebauthnCredential[];
+    edges: WebauthnCredentialEdge[];
+    pageInfo: PageInfo;
+    totalCount: number;
+}
 /** Root meta schema type */
 export interface MetaSchema {
     tables: MetaTable[];
@@ -1033,10 +1253,6 @@ export interface ResetPasswordPayload {
     clientMutationId?: string | null;
     result?: boolean | null;
 }
-export interface CreateApiKeyPayload {
-    clientMutationId?: string | null;
-    result?: CreateApiKeyRecord | null;
-}
 export interface SignInCrossOriginPayload {
     clientMutationId?: string | null;
     result?: SignInCrossOriginRecord | null;
@@ -1057,6 +1273,10 @@ export interface ExtendTokenExpiresPayload {
     clientMutationId?: string | null;
     result?: ExtendTokenExpiresRecord[] | null;
 }
+export interface CreateApiKeyPayload {
+    clientMutationId?: string | null;
+    result?: CreateApiKeyRecord | null;
+}
 export interface ForgotPasswordPayload {
     clientMutationId?: string | null;
 }
@@ -1064,6 +1284,11 @@ export interface SendVerificationEmailPayload {
     clientMutationId?: string | null;
     result?: boolean | null;
 }
+export interface CreateIdentityProviderPayload {
+    clientMutationId?: string | null;
+    /** The `IdentityProvider` that was created by this mutation. */
+    identityProvider?: IdentityProvider | null;
+}
 export interface CreateRoleTypePayload {
     clientMutationId?: string | null;
     /** The `RoleType` that was created by this mutation. */
@@ -1105,6 +1330,12 @@ export interface CreateUserPayload {
     user?: User | null;
     userEdge?: UserEdge | null;
 }
+export interface CreateWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was created by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
 export interface UpdateRoleTypePayload {
     clientMutationId?: string | null;
     /** The `RoleType` that was updated by this mutation. */
@@ -1141,6 +1372,12 @@ export interface UpdateUserPayload {
     user?: User | null;
     userEdge?: UserEdge | null;
 }
+export interface UpdateWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was updated by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
 export interface DeleteRoleTypePayload {
     clientMutationId?: string | null;
     /** The `RoleType` that was deleted by this mutation. */
@@ -1177,6 +1414,12 @@ export interface DeleteUserPayload {
     user?: User | null;
     userEdge?: UserEdge | null;
 }
+export interface DeleteWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was deleted by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
 export interface RequestUploadUrlPayload {
     /** Presigned PUT URL (null if file was deduplicated) */
     uploadUrl?: string | null;
@@ -1211,11 +1454,11 @@ export interface ProvisionBucketPayload {
     /** Error message if provisioning failed */
     error?: string | null;
 }
-/** A `RoleType` edge in the connection. */
-export interface RoleTypeEdge {
+/** A `IdentityProvider` edge in the connection. */
+export interface IdentityProviderEdge {
     cursor?: string | null;
-    /** The `RoleType` at the end of the edge. */
-    node?: RoleType | null;
+    /** The `IdentityProvider` at the end of the edge. */
+    node?: IdentityProvider | null;
 }
 /** Information about pagination in a connection. */
 export interface PageInfo {
@@ -1228,6 +1471,12 @@ export interface PageInfo {
     /** When paginating forwards, the cursor to continue. */
     endCursor?: string | null;
 }
+/** A `RoleType` edge in the connection. */
+export interface RoleTypeEdge {
+    cursor?: string | null;
+    /** The `RoleType` at the end of the edge. */
+    node?: RoleType | null;
+}
 /** A `CryptoAddress` edge in the connection. */
 export interface CryptoAddressEdge {
     cursor?: string | null;
@@ -1264,6 +1513,12 @@ export interface UserEdge {
     /** The `User` at the end of the edge. */
     node?: User | null;
 }
+/** A `WebauthnCredential` edge in the connection. */
+export interface WebauthnCredentialEdge {
+    cursor?: string | null;
+    /** The `WebauthnCredential` at the end of the edge. */
+    node?: WebauthnCredential | null;
+}
 /** Information about a database table */
 export interface MetaTable {
     name: string;
@@ -1278,10 +1533,6 @@ export interface MetaTable {
     inflection: MetaInflection;
     query: MetaQuery;
 }
-export interface CreateApiKeyRecord {
-    apiKey?: string | null;
-    keyId?: string | null;
-}
 export interface SignInCrossOriginRecord {
     id?: string | null;
     userId?: string | null;
@@ -1313,6 +1564,11 @@ export interface ExtendTokenExpiresRecord {
     sessionId?: string | null;
     expiresAt?: string | null;
 }
+export interface CreateApiKeyRecord {
+    apiKey?: string | null;
+    keyId?: string | null;
+    expiresAt?: string | null;
+}
 /** Information about a table field/column */
 export interface MetaField {
     name: string;

package/esm/auth/types.d.ts

@@ -3,6 +3,7 @@
  * @generated by @constructive-io/graphql-codegen
  * DO NOT EDIT - changes will be overwritten
  */
+export type Base64EncodedBinary = unknown;
 export type ConstructiveInternalTypeEmail = unknown;
 export type ConstructiveInternalTypeImage = unknown;
 export type ConstructiveInternalTypeOrigin = unknown;
@@ -12,6 +13,7 @@ export interface Email {
     email: ConstructiveInternalTypeEmail | null;
     isVerified: boolean | null;
     isPrimary: boolean | null;
+    name: string | null;
     createdAt: string | null;
     updatedAt: string | null;
 }
@@ -22,6 +24,7 @@ export interface PhoneNumber {
     number: string | null;
     isVerified: boolean | null;
     isPrimary: boolean | null;
+    name: string | null;
     createdAt: string | null;
     updatedAt: string | null;
 }
@@ -31,6 +34,23 @@ export interface CryptoAddress {
     address: string | null;
     isVerified: boolean | null;
     isPrimary: boolean | null;
+    name: string | null;
+    createdAt: string | null;
+    updatedAt: string | null;
+}
+export interface WebauthnCredential {
+    id: string | null;
+    ownerId: string | null;
+    credentialId: string | null;
+    publicKey: Base64EncodedBinary | null;
+    signCount: string | null;
+    webauthnUserId: string | null;
+    transports: string[] | null;
+    credentialDeviceType: string | null;
+    backupEligible: boolean | null;
+    backupState: boolean | null;
+    name: string | null;
+    lastUsedAt: string | null;
     createdAt: string | null;
     updatedAt: string | null;
 }
@@ -44,6 +64,13 @@ export interface AuditLog {
     success: boolean | null;
     createdAt: string | null;
 }
+export interface IdentityProvider {
+    slug: string | null;
+    kind: string | null;
+    displayName: string | null;
+    enabled: boolean | null;
+    isBuiltIn: boolean | null;
+}
 export interface RoleType {
     id: number | null;
     name: string | null;

package/esm/objects/orm/input-types.d.ts

@@ -632,6 +632,13 @@ export interface SetAndCommitInput {
 export interface RequestUploadUrlInput {
     /** Bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped uploads.
+     * Omit for app-level (database-wide) storage.
+     * When provided, resolves the storage module for the entity type
+     * that owns this entity instance (e.g., a data room ID, team ID).
+     */
+    ownerId?: string;
     /** SHA-256 content hash computed by the client (hex-encoded, 64 chars) */
     contentHash: string;
     /** MIME type of the file (e.g., "image/png") */
@@ -648,6 +655,11 @@ export interface ConfirmUploadInput {
 export interface ProvisionBucketInput {
     /** The logical bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped bucket provisioning.
+     * Omit for app-level (database-wide) storage.
+     */
+    ownerId?: string;
 }
 /** A connection to a list of `Object` values. */
 export interface ObjectConnection {

package/esm/objects/schema-types.d.ts

@@ -338,6 +338,13 @@ export interface DeleteObjectInput {
 export interface RequestUploadUrlInput {
     /** Bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped uploads.
+     * Omit for app-level (database-wide) storage.
+     * When provided, resolves the storage module for the entity type
+     * that owns this entity instance (e.g., a data room ID, team ID).
+     */
+    ownerId?: string;
     /** SHA-256 content hash computed by the client (hex-encoded, 64 chars) */
     contentHash: string;
     /** MIME type of the file (e.g., "image/png") */
@@ -354,6 +361,11 @@ export interface ConfirmUploadInput {
 export interface ProvisionBucketInput {
     /** The logical bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped bucket provisioning.
+     * Omit for app-level (database-wide) storage.
+     */
+    ownerId?: string;
 }
 /** A connection to a list of `GetAllRecord` values. */
 export interface GetAllConnection {

package/esm/public/hooks/index.d.ts

@@ -2,7 +2,7 @@
  * GraphQL SDK
  * @generated by @constructive-io/graphql-codegen
  *
- * Tables: OrgGetManagersRecord, OrgGetSubordinatesRecord, GetAllRecord, Object, AppPermission, OrgPermission, AppLevelRequirement, Database, Schema, Table, CheckConstraint, Field, SpatialRelation, ForeignKeyConstraint, FullTextSearch, Index, Policy, PrimaryKeyConstraint, TableGrant, Trigger, UniqueConstraint, View, ViewTable, ViewGrant, ViewRule, EmbeddingChunk, SecureTableProvision, RelationProvision, SessionSecretsModule, SchemaGrant, DefaultPrivilege, Enum, ApiSchema, ApiModule, Domain, SiteMetadatum, SiteModule, SiteTheme, TriggerFunction, DatabaseTransfer, Api, Site, App, ConnectedAccountsModule, CryptoAddressesModule, CryptoAuthModule, DefaultIdsModule, DenormalizedTableField, EmailsModule, EncryptedSecretsModule, InvitesModule, LevelsModule, LimitsModule, MembershipTypesModule, MembershipsModule, PermissionsModule, PhoneNumbersModule, ProfilesModule, SecretsModule, SessionsModule, UserAuthModule, UsersModule, Blueprint, BlueprintTemplate, BlueprintConstruction, StorageModule, EntityTypeProvision, WebauthnCredentialsModule, DatabaseProvisionModule, AppAdminGrant, AppOwnerGrant, AppGrant, OrgMembership, OrgMember, OrgAdminGrant, OrgOwnerGrant, OrgMemberProfile, OrgGrant, OrgChartEdge, OrgChartEdgeGrant, OrgPermissionDefault, AppLimit, OrgLimit, AppStep, AppAchievement, AppLevel, Email, PhoneNumber, CryptoAddress, AppInvite, AppClaimedInvite, OrgInvite, OrgClaimedInvite, AuditLog, AppPermissionDefault, Ref, Store, RoleType, MigrateFile, AppLimitDefault, OrgLimitDefault, DevicesModule, UserConnectedAccount, AppMembershipDefault, Commit, RateLimitsModule, MembershipType, OrgMembershipDefault, RlsModule, SqlAction, User, AstMigration, AppMembership, HierarchyModule
+ * Tables: OrgGetManagersRecord, OrgGetSubordinatesRecord, GetAllRecord, Object, AppPermission, OrgPermission, AppLevelRequirement, Database, Schema, Table, CheckConstraint, Field, SpatialRelation, ForeignKeyConstraint, FullTextSearch, Index, Policy, PrimaryKeyConstraint, TableGrant, Trigger, UniqueConstraint, View, ViewTable, ViewGrant, ViewRule, EmbeddingChunk, SecureTableProvision, RelationProvision, SessionSecretsModule, IdentityProvidersModule, SchemaGrant, DefaultPrivilege, Enum, ApiSchema, ApiModule, Domain, SiteMetadatum, SiteModule, SiteTheme, TriggerFunction, DatabaseTransfer, Api, Site, App, ConnectedAccountsModule, CryptoAddressesModule, CryptoAuthModule, DefaultIdsModule, DenormalizedTableField, EmailsModule, EncryptedSecretsModule, InvitesModule, LevelsModule, LimitsModule, MembershipTypesModule, MembershipsModule, PermissionsModule, PhoneNumbersModule, ProfilesModule, SecretsModule, SessionsModule, UserAuthModule, UsersModule, Blueprint, BlueprintTemplate, BlueprintConstruction, StorageModule, EntityTypeProvision, WebauthnCredentialsModule, WebauthnAuthModule, NotificationsModule, DatabaseProvisionModule, AppAdminGrant, AppOwnerGrant, AppGrant, OrgMembership, OrgMember, OrgAdminGrant, OrgOwnerGrant, OrgMemberProfile, OrgGrant, OrgChartEdge, OrgChartEdgeGrant, OrgPermissionDefault, AppLimit, OrgLimit, AppStep, AppAchievement, AppLevel, Email, PhoneNumber, CryptoAddress, WebauthnCredential, AppInvite, AppClaimedInvite, OrgInvite, OrgClaimedInvite, AuditLog, AppPermissionDefault, IdentityProvider, Ref, Store, RoleType, MigrateFile, AppLimitDefault, OrgLimitDefault, DevicesModule, UserConnectedAccount, AppMembershipDefault, OrgMembershipDefault, Commit, RateLimitsModule, MembershipType, RlsModule, SqlAction, OrgMembershipSetting, User, AstMigration, AppMembership, HierarchyModule
  *
  * Usage:
  *

package/esm/public/hooks/index.js

@@ -2,7 +2,7 @@
  * GraphQL SDK
  * @generated by @constructive-io/graphql-codegen
  *
- * Tables: OrgGetManagersRecord, OrgGetSubordinatesRecord, GetAllRecord, Object, AppPermission, OrgPermission, AppLevelRequirement, Database, Schema, Table, CheckConstraint, Field, SpatialRelation, ForeignKeyConstraint, FullTextSearch, Index, Policy, PrimaryKeyConstraint, TableGrant, Trigger, UniqueConstraint, View, ViewTable, ViewGrant, ViewRule, EmbeddingChunk, SecureTableProvision, RelationProvision, SessionSecretsModule, SchemaGrant, DefaultPrivilege, Enum, ApiSchema, ApiModule, Domain, SiteMetadatum, SiteModule, SiteTheme, TriggerFunction, DatabaseTransfer, Api, Site, App, ConnectedAccountsModule, CryptoAddressesModule, CryptoAuthModule, DefaultIdsModule, DenormalizedTableField, EmailsModule, EncryptedSecretsModule, InvitesModule, LevelsModule, LimitsModule, MembershipTypesModule, MembershipsModule, PermissionsModule, PhoneNumbersModule, ProfilesModule, SecretsModule, SessionsModule, UserAuthModule, UsersModule, Blueprint, BlueprintTemplate, BlueprintConstruction, StorageModule, EntityTypeProvision, WebauthnCredentialsModule, DatabaseProvisionModule, AppAdminGrant, AppOwnerGrant, AppGrant, OrgMembership, OrgMember, OrgAdminGrant, OrgOwnerGrant, OrgMemberProfile, OrgGrant, OrgChartEdge, OrgChartEdgeGrant, OrgPermissionDefault, AppLimit, OrgLimit, AppStep, AppAchievement, AppLevel, Email, PhoneNumber, CryptoAddress, AppInvite, AppClaimedInvite, OrgInvite, OrgClaimedInvite, AuditLog, AppPermissionDefault, Ref, Store, RoleType, MigrateFile, AppLimitDefault, OrgLimitDefault, DevicesModule, UserConnectedAccount, AppMembershipDefault, Commit, RateLimitsModule, MembershipType, OrgMembershipDefault, RlsModule, SqlAction, User, AstMigration, AppMembership, HierarchyModule
+ * Tables: OrgGetManagersRecord, OrgGetSubordinatesRecord, GetAllRecord, Object, AppPermission, OrgPermission, AppLevelRequirement, Database, Schema, Table, CheckConstraint, Field, SpatialRelation, ForeignKeyConstraint, FullTextSearch, Index, Policy, PrimaryKeyConstraint, TableGrant, Trigger, UniqueConstraint, View, ViewTable, ViewGrant, ViewRule, EmbeddingChunk, SecureTableProvision, RelationProvision, SessionSecretsModule, IdentityProvidersModule, SchemaGrant, DefaultPrivilege, Enum, ApiSchema, ApiModule, Domain, SiteMetadatum, SiteModule, SiteTheme, TriggerFunction, DatabaseTransfer, Api, Site, App, ConnectedAccountsModule, CryptoAddressesModule, CryptoAuthModule, DefaultIdsModule, DenormalizedTableField, EmailsModule, EncryptedSecretsModule, InvitesModule, LevelsModule, LimitsModule, MembershipTypesModule, MembershipsModule, PermissionsModule, PhoneNumbersModule, ProfilesModule, SecretsModule, SessionsModule, UserAuthModule, UsersModule, Blueprint, BlueprintTemplate, BlueprintConstruction, StorageModule, EntityTypeProvision, WebauthnCredentialsModule, WebauthnAuthModule, NotificationsModule, DatabaseProvisionModule, AppAdminGrant, AppOwnerGrant, AppGrant, OrgMembership, OrgMember, OrgAdminGrant, OrgOwnerGrant, OrgMemberProfile, OrgGrant, OrgChartEdge, OrgChartEdgeGrant, OrgPermissionDefault, AppLimit, OrgLimit, AppStep, AppAchievement, AppLevel, Email, PhoneNumber, CryptoAddress, WebauthnCredential, AppInvite, AppClaimedInvite, OrgInvite, OrgClaimedInvite, AuditLog, AppPermissionDefault, IdentityProvider, Ref, Store, RoleType, MigrateFile, AppLimitDefault, OrgLimitDefault, DevicesModule, UserConnectedAccount, AppMembershipDefault, OrgMembershipDefault, Commit, RateLimitsModule, MembershipType, RlsModule, SqlAction, OrgMembershipSetting, User, AstMigration, AppMembership, HierarchyModule
  *
  * Usage:
  *