@contractspec/lib.identity-rbac 0.0.0-canary-20260113162409

package/dist/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","names":[],"sources":["../src/events.ts"],"sourcesContent":["import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';\nimport { defineEvent } from '@contractspec/lib.contracts';\n\n// ============ User Event Payloads ============\n\nconst UserCreatedPayload = new SchemaModel({\n  name: 'UserCreatedPayload',\n  description: 'Payload for user created event',\n  fields: {\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst UserUpdatedPayload = new SchemaModel({\n  name: 'UserUpdatedPayload',\n  description: 'Payload for user updated event',\n  fields: {\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    updatedFields: {\n      type: ScalarTypeEnum.String_unsecure(),\n      isOptional: false,\n      isArray: true,\n    },\n    updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst UserDeletedPayload = new SchemaModel({\n  name: 'UserDeletedPayload',\n  description: 'Payload for user deleted event',\n  fields: {\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst UserEmailVerifiedPayload = new SchemaModel({\n  name: 'UserEmailVerifiedPayload',\n  description: 'Payload for user email verified event',\n  fields: {\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    verifiedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\n// ============ Organization Event Payloads ============\n\nconst OrgCreatedPayload = new SchemaModel({\n  name: 'OrgCreatedPayload',\n  description: 'Payload for org created event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    createdBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgUpdatedPayload = new SchemaModel({\n  name: 'OrgUpdatedPayload',\n  description: 'Payload for org updated event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    updatedFields: {\n      type: ScalarTypeEnum.String_unsecure(),\n      isOptional: false,\n      isArray: true,\n    },\n    updatedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgDeletedPayload = new SchemaModel({\n  name: 'OrgDeletedPayload',\n  description: 'Payload for org deleted event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    deletedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\n// ============ Member Event Payloads ============\n\nconst OrgMemberAddedPayload = new SchemaModel({\n  name: 'OrgMemberAddedPayload',\n  description: 'Payload for member added event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    joinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgMemberRemovedPayload = new SchemaModel({\n  name: 'OrgMemberRemovedPayload',\n  description: 'Payload for member removed event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    removedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    reason: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }, // left | removed | banned\n    removedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgMemberRoleChangedPayload = new SchemaModel({\n  name: 'OrgMemberRoleChangedPayload',\n  description: 'Payload for member role changed event',\n  fields: {\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    previousRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    newRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    changedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    changedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\n// ============ Invitation Event Payloads ============\n\nconst OrgInviteSentPayload = new SchemaModel({\n  name: 'OrgInviteSentPayload',\n  description: 'Payload for invite sent event',\n  fields: {\n    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n    sentAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgInviteAcceptedPayload = new SchemaModel({\n  name: 'OrgInviteAcceptedPayload',\n  description: 'Payload for invite accepted event',\n  fields: {\n    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    acceptedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst OrgInviteDeclinedPayload = new SchemaModel({\n  name: 'OrgInviteDeclinedPayload',\n  description: 'Payload for invite declined event',\n  fields: {\n    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    declinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\n// ============ Role Event Payloads ============\n\nconst RoleAssignedPayload = new SchemaModel({\n  name: 'RoleAssignedPayload',\n  description: 'Payload for role assigned event',\n  fields: {\n    bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n    targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    assignedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n    assignedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nconst RoleRevokedPayload = new SchemaModel({\n  name: 'RoleRevokedPayload',\n  description: 'Payload for role revoked event',\n  fields: {\n    bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n    targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    revokedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    revokedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\n// ============ User Events ============\n\n/**\n * Emitted when a new user is created.\n */\nexport const UserCreatedEvent = defineEvent({\n  meta: {\n    key: 'user.created',\n    version: '1.0.0',\n    description: 'A new user has been created.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['user', 'created', 'identity'],\n  },\n  payload: UserCreatedPayload,\n});\n\n/**\n * Emitted when a user profile is updated.\n */\nexport const UserUpdatedEvent = defineEvent({\n  meta: {\n    key: 'user.updated',\n    version: '1.0.0',\n    description: 'A user profile has been updated.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['user', 'updated', 'identity'],\n  },\n  payload: UserUpdatedPayload,\n});\n\n/**\n * Emitted when a user is deleted.\n */\nexport const UserDeletedEvent = defineEvent({\n  meta: {\n    key: 'user.deleted',\n    version: '1.0.0',\n    description: 'A user account has been deleted.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['user', 'deleted', 'identity'],\n  },\n  pii: ['email'],\n  payload: UserDeletedPayload,\n});\n\n/**\n * Emitted when a user's email is verified.\n */\nexport const UserEmailVerifiedEvent = defineEvent({\n  meta: {\n    key: 'user.email_verified',\n    version: '1.0.0',\n    description: 'A user has verified their email address.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['user', 'verified', 'identity'],\n  },\n  payload: UserEmailVerifiedPayload,\n});\n\n// ============ Organization Events ============\n\n/**\n * Emitted when a new organization is created.\n */\nexport const OrgCreatedEvent = defineEvent({\n  meta: {\n    key: 'org.created',\n    version: '1.0.0',\n    description: 'A new organization has been created.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'created', 'identity'],\n  },\n  payload: OrgCreatedPayload,\n});\n\n/**\n * Emitted when an organization is updated.\n */\nexport const OrgUpdatedEvent = defineEvent({\n  meta: {\n    key: 'org.updated',\n    version: '1.0.0',\n    description: 'An organization has been updated.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'updated', 'identity'],\n  },\n  payload: OrgUpdatedPayload,\n});\n\n/**\n * Emitted when an organization is deleted.\n */\nexport const OrgDeletedEvent = defineEvent({\n  meta: {\n    key: 'org.deleted',\n    version: '1.0.0',\n    description: 'An organization has been deleted.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'deleted', 'identity'],\n  },\n  payload: OrgDeletedPayload,\n});\n\n// ============ Member Events ============\n\n/**\n * Emitted when a member joins an organization.\n */\nexport const OrgMemberAddedEvent = defineEvent({\n  meta: {\n    key: 'org.member.added',\n    version: '1.0.0',\n    description: 'A user has joined an organization.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'member', 'added', 'identity'],\n  },\n  payload: OrgMemberAddedPayload,\n});\n\n/**\n * Emitted when a member leaves or is removed from an organization.\n */\nexport const OrgMemberRemovedEvent = defineEvent({\n  meta: {\n    key: 'org.member.removed',\n    version: '1.0.0',\n    description: 'A user has left or been removed from an organization.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'member', 'removed', 'identity'],\n  },\n  payload: OrgMemberRemovedPayload,\n});\n\n/**\n * Emitted when a member's role is changed.\n */\nexport const OrgMemberRoleChangedEvent = defineEvent({\n  meta: {\n    key: 'org.member.role_changed',\n    version: '1.0.0',\n    description: \"A member's role in an organization has changed.\",\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'member', 'role', 'changed', 'identity'],\n  },\n  payload: OrgMemberRoleChangedPayload,\n});\n\n// ============ Invitation Events ============\n\n/**\n * Emitted when an invitation is sent.\n */\nexport const OrgInviteSentEvent = defineEvent({\n  meta: {\n    key: 'org.invite.sent',\n    version: '1.0.0',\n    description: 'An invitation to join an organization has been sent.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'invite', 'sent', 'identity'],\n  },\n  pii: ['email'],\n  payload: OrgInviteSentPayload,\n});\n\n/**\n * Emitted when an invitation is accepted.\n */\nexport const OrgInviteAcceptedEvent = defineEvent({\n  meta: {\n    key: 'org.invite.accepted',\n    version: '1.0.0',\n    description: 'An invitation has been accepted.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'invite', 'accepted', 'identity'],\n  },\n  payload: OrgInviteAcceptedPayload,\n});\n\n/**\n * Emitted when an invitation is declined.\n */\nexport const OrgInviteDeclinedEvent = defineEvent({\n  meta: {\n    key: 'org.invite.declined',\n    version: '1.0.0',\n    description: 'An invitation has been declined.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['org', 'invite', 'declined', 'identity'],\n  },\n  payload: OrgInviteDeclinedPayload,\n});\n\n// ============ Role Events ============\n\n/**\n * Emitted when a role is assigned to a user or organization.\n */\nexport const RoleAssignedEvent = defineEvent({\n  meta: {\n    key: 'role.assigned',\n    version: '1.0.0',\n    description: 'A role has been assigned.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['role', 'assigned', 'identity'],\n  },\n  payload: RoleAssignedPayload,\n});\n\n/**\n * Emitted when a role is revoked from a user or organization.\n */\nexport const RoleRevokedEvent = defineEvent({\n  meta: {\n    key: 'role.revoked',\n    version: '1.0.0',\n    description: 'A role has been revoked.',\n    stability: 'stable',\n    owners: ['@platform.identity-rbac'],\n    tags: ['role', 'revoked', 'identity'],\n  },\n  payload: RoleRevokedPayload,\n});\n\n// ============ All Events ============\n\n/**\n * All identity-rbac events.\n */\nexport const IdentityRbacEvents = {\n  UserCreatedEvent,\n  UserUpdatedEvent,\n  UserDeletedEvent,\n  UserEmailVerifiedEvent,\n  OrgCreatedEvent,\n  OrgUpdatedEvent,\n  OrgDeletedEvent,\n  OrgMemberAddedEvent,\n  OrgMemberRemovedEvent,\n  OrgMemberRoleChangedEvent,\n  OrgInviteSentEvent,\n  OrgInviteAcceptedEvent,\n  OrgInviteDeclinedEvent,\n  RoleAssignedEvent,\n  RoleRevokedEvent,\n};\n"],"mappings":";;;;AAKA,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,eAAe;GACb,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAIF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,eAAe;GACb,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAIF,MAAM,wBAAwB,IAAI,YAAY;CAC5C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACjE;CACF,CAAC;AAEF,MAAM,0BAA0B,IAAI,YAAY;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,8BAA8B,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,SAAS;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACtE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAIF,MAAM,uBAAuB,IAAI,YAAY;CAC3C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,QAAQ;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAC/D;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAIF,MAAM,sBAAsB,IAAI,YAAY;CAC1C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;;;;AAOF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,KAAK,CAAC,QAAQ;CACd,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAY;GAAW;EACvC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,sBAAsB,YAAY;CAC7C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAS;GAAW;EAC7C;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,wBAAwB,YAAY;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAW;GAAW;EAC/C;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,4BAA4B,YAAY;CACnD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAQ;GAAW;GAAW;EACvD;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,qBAAqB,YAAY;CAC5C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAQ;GAAW;EAC5C;CACD,KAAK,CAAC,QAAQ;CACd,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAY;GAAW;EAChD;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAY;GAAW;EAChD;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,oBAAoB,YAAY;CAC3C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAY;GAAW;EACvC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,qBAAqB;CAChC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD"}

package/dist/identity-rbac.capability.d.ts

@@ -0,0 +1,8 @@
+import * as _contractspec_lib_contracts29 from "@contractspec/lib.contracts";
+
+//#region src/identity-rbac.capability.d.ts
+declare const IdentityCapability: _contractspec_lib_contracts29.CapabilitySpec;
+declare const RbacCapability: _contractspec_lib_contracts29.CapabilitySpec;
+//#endregion
+export { IdentityCapability, RbacCapability };
+//# sourceMappingURL=identity-rbac.capability.d.ts.map

package/dist/identity-rbac.capability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-rbac.capability.d.ts","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":[],"mappings":";;;cAEa,oBAUX,6BAAA,CAV6B;cAYlB,gBAUX,6BAAA,CAVyB"}

package/dist/identity-rbac.capability.js

@@ -0,0 +1,29 @@
+import { StabilityEnum, defineCapability } from "@contractspec/lib.contracts";
+
+//#region src/identity-rbac.capability.ts
+const IdentityCapability = defineCapability({ meta: {
+	key: "identity",
+	version: "1.0.0",
+	kind: "api",
+	stability: StabilityEnum.Experimental,
+	description: "User identity and authentication",
+	owners: ["@platform.core"],
+	tags: ["identity", "auth"]
+} });
+const RbacCapability = defineCapability({ meta: {
+	key: "rbac",
+	version: "1.0.0",
+	kind: "api",
+	stability: StabilityEnum.Experimental,
+	description: "Role-based access control",
+	owners: ["@platform.core"],
+	tags: [
+		"rbac",
+		"permissions",
+		"auth"
+	]
+} });
+
+//#endregion
+export { IdentityCapability, RbacCapability };
+//# sourceMappingURL=identity-rbac.capability.js.map

package/dist/identity-rbac.capability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-rbac.capability.js","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":["import { defineCapability, StabilityEnum } from '@contractspec/lib.contracts';\n\nexport const IdentityCapability = defineCapability({\n  meta: {\n    key: 'identity',\n    version: '1.0.0',\n    kind: 'api',\n    stability: StabilityEnum.Experimental,\n    description: 'User identity and authentication',\n    owners: ['@platform.core'],\n    tags: ['identity', 'auth'],\n  },\n});\n\nexport const RbacCapability = defineCapability({\n  meta: {\n    key: 'rbac',\n    version: '1.0.0',\n    kind: 'api',\n    stability: StabilityEnum.Experimental,\n    description: 'Role-based access control',\n    owners: ['@platform.core'],\n    tags: ['rbac', 'permissions', 'auth'],\n  },\n});\n"],"mappings":";;;AAEA,MAAa,qBAAqB,iBAAiB,EACjD,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM,CAAC,YAAY,OAAO;CAC3B,EACF,CAAC;AAEF,MAAa,iBAAiB,iBAAiB,EAC7C,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM;EAAC;EAAQ;EAAe;EAAO;CACtC,EACF,CAAC"}

package/dist/identity-rbac.feature.d.ts

@@ -0,0 +1,12 @@
+import * as _contractspec_lib_contracts31 from "@contractspec/lib.contracts";
+
+//#region src/identity-rbac.feature.d.ts
+
+/**
+ * Identity & RBAC feature module that bundles user management,
+ * organization tenancy, and role-based access control.
+ */
+declare const IdentityRbacFeature: _contractspec_lib_contracts31.FeatureModuleSpec;
+//#endregion
+export { IdentityRbacFeature };
+//# sourceMappingURL=identity-rbac.feature.d.ts.map

package/dist/identity-rbac.feature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-rbac.feature.d.ts","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":[],"mappings":";;;;;;;AAWA;cAAa,qBAkFX,6BAAA,CAlF8B"}

package/dist/identity-rbac.feature.js

@@ -0,0 +1,195 @@
+import { defineFeature } from "@contractspec/lib.contracts";
+
+//#region src/identity-rbac.feature.ts
+/**
+* Identity RBAC Feature Module Specification
+*
+* Defines the feature module for identity management and role-based access control.
+*/
+/**
+* Identity & RBAC feature module that bundles user management,
+* organization tenancy, and role-based access control.
+*/
+const IdentityRbacFeature = defineFeature({
+	meta: {
+		key: "identity-rbac",
+		version: "1.0.0",
+		title: "Identity & RBAC",
+		description: "User identity, organization management, and role-based access control",
+		domain: "platform",
+		owners: ["@platform.identity-rbac"],
+		tags: [
+			"identity",
+			"rbac",
+			"users",
+			"organizations",
+			"permissions"
+		],
+		stability: "stable"
+	},
+	operations: [
+		{
+			key: "identity.user.create",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.user.update",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.user.delete",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.user.me",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.user.list",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.create",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.update",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.get",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.list",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.invite",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.invite.accept",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.member.remove",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.org.members.list",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.role.create",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.role.update",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.role.delete",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.role.list",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.assign",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.revoke",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.check",
+			version: "1.0.0"
+		},
+		{
+			key: "identity.rbac.permissions",
+			version: "1.0.0"
+		}
+	],
+	events: [
+		{
+			key: "user.created",
+			version: "1.0.0"
+		},
+		{
+			key: "user.updated",
+			version: "1.0.0"
+		},
+		{
+			key: "user.deleted",
+			version: "1.0.0"
+		},
+		{
+			key: "user.email_verified",
+			version: "1.0.0"
+		},
+		{
+			key: "org.created",
+			version: "1.0.0"
+		},
+		{
+			key: "org.updated",
+			version: "1.0.0"
+		},
+		{
+			key: "org.deleted",
+			version: "1.0.0"
+		},
+		{
+			key: "org.member.added",
+			version: "1.0.0"
+		},
+		{
+			key: "org.member.removed",
+			version: "1.0.0"
+		},
+		{
+			key: "org.member.role_changed",
+			version: "1.0.0"
+		},
+		{
+			key: "org.invite.sent",
+			version: "1.0.0"
+		},
+		{
+			key: "org.invite.accepted",
+			version: "1.0.0"
+		},
+		{
+			key: "org.invite.declined",
+			version: "1.0.0"
+		},
+		{
+			key: "role.assigned",
+			version: "1.0.0"
+		},
+		{
+			key: "role.revoked",
+			version: "1.0.0"
+		}
+	],
+	presentations: [],
+	opToPresentation: [],
+	presentationsTargets: [],
+	capabilities: {
+		provides: [{
+			key: "identity",
+			version: "1.0.0"
+		}, {
+			key: "rbac",
+			version: "1.0.0"
+		}],
+		requires: []
+	}
+});
+
+//#endregion
+export { IdentityRbacFeature };
+//# sourceMappingURL=identity-rbac.feature.js.map

package/dist/identity-rbac.feature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-rbac.feature.js","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":["/**\n * Identity RBAC Feature Module Specification\n *\n * Defines the feature module for identity management and role-based access control.\n */\nimport { defineFeature } from '@contractspec/lib.contracts';\n\n/**\n * Identity & RBAC feature module that bundles user management,\n * organization tenancy, and role-based access control.\n */\nexport const IdentityRbacFeature = defineFeature({\n  meta: {\n    key: 'identity-rbac',\n    version: '1.0.0',\n    title: 'Identity & RBAC',\n    description:\n      'User identity, organization management, and role-based access control',\n    domain: 'platform',\n    owners: ['@platform.identity-rbac'],\n    tags: ['identity', 'rbac', 'users', 'organizations', 'permissions'],\n    stability: 'stable',\n  },\n\n  // All contract operations included in this feature\n  operations: [\n    // User operations\n    { key: 'identity.user.create', version: '1.0.0' },\n    { key: 'identity.user.update', version: '1.0.0' },\n    { key: 'identity.user.delete', version: '1.0.0' },\n    { key: 'identity.user.me', version: '1.0.0' },\n    { key: 'identity.user.list', version: '1.0.0' },\n\n    // Organization operations\n    { key: 'identity.org.create', version: '1.0.0' },\n    { key: 'identity.org.update', version: '1.0.0' },\n    { key: 'identity.org.get', version: '1.0.0' },\n    { key: 'identity.org.list', version: '1.0.0' },\n    { key: 'identity.org.invite', version: '1.0.0' },\n    { key: 'identity.org.invite.accept', version: '1.0.0' },\n    { key: 'identity.org.member.remove', version: '1.0.0' },\n    { key: 'identity.org.members.list', version: '1.0.0' },\n\n    // RBAC operations\n    { key: 'identity.rbac.role.create', version: '1.0.0' },\n    { key: 'identity.rbac.role.update', version: '1.0.0' },\n    { key: 'identity.rbac.role.delete', version: '1.0.0' },\n    { key: 'identity.rbac.role.list', version: '1.0.0' },\n    { key: 'identity.rbac.assign', version: '1.0.0' },\n    { key: 'identity.rbac.revoke', version: '1.0.0' },\n    { key: 'identity.rbac.check', version: '1.0.0' },\n    { key: 'identity.rbac.permissions', version: '1.0.0' },\n  ],\n\n  // Events emitted by this feature\n  events: [\n    // User events\n    { key: 'user.created', version: '1.0.0' },\n    { key: 'user.updated', version: '1.0.0' },\n    { key: 'user.deleted', version: '1.0.0' },\n    { key: 'user.email_verified', version: '1.0.0' },\n\n    // Organization events\n    { key: 'org.created', version: '1.0.0' },\n    { key: 'org.updated', version: '1.0.0' },\n    { key: 'org.deleted', version: '1.0.0' },\n    { key: 'org.member.added', version: '1.0.0' },\n    { key: 'org.member.removed', version: '1.0.0' },\n    { key: 'org.member.role_changed', version: '1.0.0' },\n\n    // Invitation events\n    { key: 'org.invite.sent', version: '1.0.0' },\n    { key: 'org.invite.accepted', version: '1.0.0' },\n    { key: 'org.invite.declined', version: '1.0.0' },\n\n    // Role events\n    { key: 'role.assigned', version: '1.0.0' },\n    { key: 'role.revoked', version: '1.0.0' },\n  ],\n\n  // No presentations for this library feature\n  presentations: [],\n  opToPresentation: [],\n  presentationsTargets: [],\n\n  // Capability definitions\n  capabilities: {\n    provides: [\n      { key: 'identity', version: '1.0.0' },\n      { key: 'rbac', version: '1.0.0' },\n    ],\n    requires: [],\n  },\n});\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,sBAAsB,cAAc;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,OAAO;EACP,aACE;EACF,QAAQ;EACR,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAiB;GAAc;EACnE,WAAW;EACZ;CAGD,YAAY;EAEV;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAG/C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAqB,SAAS;GAAS;EAC9C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA6B,SAAS;GAAS;EAGtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA2B,SAAS;GAAS;EACpD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACvD;CAGD,QAAQ;EAEN;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAC/C;GAAE,KAAK;GAA2B,SAAS;GAAS;EAGpD;GAAE,KAAK;GAAmB,SAAS;GAAS;EAC5C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAiB,SAAS;GAAS;EAC1C;GAAE,KAAK;GAAgB,SAAS;GAAS;EAC1C;CAGD,eAAe,EAAE;CACjB,kBAAkB,EAAE;CACpB,sBAAsB,EAAE;CAGxB,cAAc;EACZ,UAAU,CACR;GAAE,KAAK;GAAY,SAAS;GAAS,EACrC;GAAE,KAAK;GAAQ,SAAS;GAAS,CAClC;EACD,UAAU,EAAE;EACb;CACF,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+import { CreateUserContract, CreateUserInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, SuccessResultModel, UpdateUserContract, UpdateUserInputModel, UserDeletedPayloadModel, UserProfileModel } from "./contracts/user.js";
+import { AcceptInviteContract, AcceptInviteInputModel, CreateOrgContract, CreateOrgInputModel, GetOrgContract, GetOrgInputModel, InvitationModel, InviteMemberContract, InviteMemberInputModel, ListMembersContract, ListMembersInputModel, ListMembersOutputModel, ListUserOrgsContract, ListUserOrgsOutputModel, MemberModel, MemberRemovedPayloadModel, MemberUserModel, OrganizationModel, OrganizationWithRoleModel, RemoveMemberContract, RemoveMemberInputModel, UpdateOrgContract, UpdateOrgInputModel } from "./contracts/organization.js";
+import { AssignRoleContract, AssignRoleInputModel, BindingIdPayloadModel, CheckPermissionContract, CheckPermissionInputModel, CreateRoleContract, CreateRoleInputModel, DeleteRoleContract, DeleteRoleInputModel, ListRolesContract, ListRolesOutputModel, ListUserPermissionsContract, ListUserPermissionsInputModel, ListUserPermissionsOutputModel, PermissionCheckResultModel, PolicyBindingModel, RevokeRoleContract, RevokeRoleInputModel, RoleModel, UpdateRoleContract, UpdateRoleInputModel } from "./contracts/rbac.js";
+import "./contracts/index.js";
+import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./entities/user.js";
+import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./entities/organization.js";
+import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./entities/rbac.js";
+import { identityRbacEntities, identityRbacSchemaContribution } from "./entities/index.js";
+import { IdentityRbacEvents, OrgCreatedEvent, OrgDeletedEvent, OrgInviteAcceptedEvent, OrgInviteDeclinedEvent, OrgInviteSentEvent, OrgMemberAddedEvent, OrgMemberRemovedEvent, OrgMemberRoleChangedEvent, OrgUpdatedEvent, RoleAssignedEvent, RoleRevokedEvent, UserCreatedEvent, UserDeletedEvent, UserEmailVerifiedEvent, UserUpdatedEvent } from "./events.js";
+import { IdentityRbacFeature } from "./identity-rbac.feature.js";
+import { Permission, PermissionCheckInput, PermissionCheckResult, PermissionKey, PolicyBindingForEval, RBACPolicyEngine, RoleWithPermissions, StandardRole, createRBACEngine } from "./policies/engine.js";
+export { AcceptInviteContract, AcceptInviteInputModel, AccountEntity, ApiKeyEntity, AssignRoleContract, AssignRoleInputModel, BindingIdPayloadModel, CheckPermissionContract, CheckPermissionInputModel, CreateOrgContract, CreateOrgInputModel, CreateRoleContract, CreateRoleInputModel, CreateUserContract, CreateUserInputModel, DeleteRoleContract, DeleteRoleInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, GetOrgContract, GetOrgInputModel, IdentityRbacEvents, IdentityRbacFeature, InvitationEntity, InvitationModel, InviteMemberContract, InviteMemberInputModel, ListMembersContract, ListMembersInputModel, ListMembersOutputModel, ListRolesContract, ListRolesOutputModel, ListUserOrgsContract, ListUserOrgsOutputModel, ListUserPermissionsContract, ListUserPermissionsInputModel, ListUserPermissionsOutputModel, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, MemberEntity, MemberModel, MemberRemovedPayloadModel, MemberUserModel, OrgCreatedEvent, OrgDeletedEvent, OrgInviteAcceptedEvent, OrgInviteDeclinedEvent, OrgInviteSentEvent, OrgMemberAddedEvent, OrgMemberRemovedEvent, OrgMemberRoleChangedEvent, OrgUpdatedEvent, OrganizationEntity, OrganizationModel, OrganizationTypeEnum, OrganizationWithRoleModel, PasskeyEntity, Permission, PermissionCheckInput, PermissionCheckResult, PermissionCheckResultModel, PermissionEntity, PermissionKey, PolicyBindingEntity, PolicyBindingForEval, PolicyBindingModel, RBACPolicyEngine, RemoveMemberContract, RemoveMemberInputModel, RevokeRoleContract, RevokeRoleInputModel, RoleAssignedEvent, RoleEntity, RoleModel, RoleRevokedEvent, RoleWithPermissions, SessionEntity, StandardRole, SuccessResultModel, TeamEntity, TeamMemberEntity, UpdateOrgContract, UpdateOrgInputModel, UpdateRoleContract, UpdateRoleInputModel, UpdateUserContract, UpdateUserInputModel, UserCreatedEvent, UserDeletedEvent, UserDeletedPayloadModel, UserEmailVerifiedEvent, UserEntity, UserProfileModel, UserUpdatedEvent, VerificationEntity, createRBACEngine, identityRbacEntities, identityRbacSchemaContribution };

package/dist/index.js

@@ -0,0 +1,14 @@
+import { IdentityRbacEvents, OrgCreatedEvent, OrgDeletedEvent, OrgInviteAcceptedEvent, OrgInviteDeclinedEvent, OrgInviteSentEvent, OrgMemberAddedEvent, OrgMemberRemovedEvent, OrgMemberRoleChangedEvent, OrgUpdatedEvent, RoleAssignedEvent, RoleRevokedEvent, UserCreatedEvent, UserDeletedEvent, UserEmailVerifiedEvent, UserUpdatedEvent } from "./events.js";
+import { IdentityRbacFeature } from "./identity-rbac.feature.js";
+import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./entities/user.js";
+import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./entities/organization.js";
+import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./entities/rbac.js";
+import { identityRbacEntities, identityRbacSchemaContribution } from "./entities/index.js";
+import { CreateUserContract, CreateUserInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, SuccessResultModel, UpdateUserContract, UpdateUserInputModel, UserDeletedPayloadModel, UserProfileModel } from "./contracts/user.js";
+import { AcceptInviteContract, AcceptInviteInputModel, CreateOrgContract, CreateOrgInputModel, GetOrgContract, GetOrgInputModel, InvitationModel, InviteMemberContract, InviteMemberInputModel, ListMembersContract, ListMembersInputModel, ListMembersOutputModel, ListUserOrgsContract, ListUserOrgsOutputModel, MemberModel, MemberRemovedPayloadModel, MemberUserModel, OrganizationModel, OrganizationWithRoleModel, RemoveMemberContract, RemoveMemberInputModel, UpdateOrgContract, UpdateOrgInputModel } from "./contracts/organization.js";
+import { AssignRoleContract, AssignRoleInputModel, BindingIdPayloadModel, CheckPermissionContract, CheckPermissionInputModel, CreateRoleContract, CreateRoleInputModel, DeleteRoleContract, DeleteRoleInputModel, ListRolesContract, ListRolesOutputModel, ListUserPermissionsContract, ListUserPermissionsInputModel, ListUserPermissionsOutputModel, PermissionCheckResultModel, PolicyBindingModel, RevokeRoleContract, RevokeRoleInputModel, RoleModel, UpdateRoleContract, UpdateRoleInputModel } from "./contracts/rbac.js";
+import "./contracts/index.js";
+import { Permission, RBACPolicyEngine, StandardRole, createRBACEngine } from "./policies/engine.js";
+import "./policies/index.js";
+
+export { AcceptInviteContract, AcceptInviteInputModel, AccountEntity, ApiKeyEntity, AssignRoleContract, AssignRoleInputModel, BindingIdPayloadModel, CheckPermissionContract, CheckPermissionInputModel, CreateOrgContract, CreateOrgInputModel, CreateRoleContract, CreateRoleInputModel, CreateUserContract, CreateUserInputModel, DeleteRoleContract, DeleteRoleInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, GetOrgContract, GetOrgInputModel, IdentityRbacEvents, IdentityRbacFeature, InvitationEntity, InvitationModel, InviteMemberContract, InviteMemberInputModel, ListMembersContract, ListMembersInputModel, ListMembersOutputModel, ListRolesContract, ListRolesOutputModel, ListUserOrgsContract, ListUserOrgsOutputModel, ListUserPermissionsContract, ListUserPermissionsInputModel, ListUserPermissionsOutputModel, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, MemberEntity, MemberModel, MemberRemovedPayloadModel, MemberUserModel, OrgCreatedEvent, OrgDeletedEvent, OrgInviteAcceptedEvent, OrgInviteDeclinedEvent, OrgInviteSentEvent, OrgMemberAddedEvent, OrgMemberRemovedEvent, OrgMemberRoleChangedEvent, OrgUpdatedEvent, OrganizationEntity, OrganizationModel, OrganizationTypeEnum, OrganizationWithRoleModel, PasskeyEntity, Permission, PermissionCheckResultModel, PermissionEntity, PolicyBindingEntity, PolicyBindingModel, RBACPolicyEngine, RemoveMemberContract, RemoveMemberInputModel, RevokeRoleContract, RevokeRoleInputModel, RoleAssignedEvent, RoleEntity, RoleModel, RoleRevokedEvent, SessionEntity, StandardRole, SuccessResultModel, TeamEntity, TeamMemberEntity, UpdateOrgContract, UpdateOrgInputModel, UpdateRoleContract, UpdateRoleInputModel, UpdateUserContract, UpdateUserInputModel, UserCreatedEvent, UserDeletedEvent, UserDeletedPayloadModel, UserEmailVerifiedEvent, UserEntity, UserProfileModel, UserUpdatedEvent, VerificationEntity, createRBACEngine, identityRbacEntities, identityRbacSchemaContribution };

package/dist/policies/engine.d.ts

@@ -0,0 +1,133 @@
+//#region src/policies/engine.d.ts
+/**
+ * Standard permissions for identity-rbac module.
+ */
+declare const Permission: {
+  readonly USER_CREATE: "user.create";
+  readonly USER_READ: "user.read";
+  readonly USER_UPDATE: "user.update";
+  readonly USER_DELETE: "user.delete";
+  readonly USER_LIST: "user.list";
+  readonly USER_MANAGE: "user.manage";
+  readonly ORG_CREATE: "org.create";
+  readonly ORG_READ: "org.read";
+  readonly ORG_UPDATE: "org.update";
+  readonly ORG_DELETE: "org.delete";
+  readonly ORG_LIST: "org.list";
+  readonly MEMBER_INVITE: "member.invite";
+  readonly MEMBER_REMOVE: "member.remove";
+  readonly MEMBER_UPDATE_ROLE: "member.update_role";
+  readonly MEMBER_LIST: "member.list";
+  readonly MANAGE_MEMBERS: "org.manage_members";
+  readonly TEAM_CREATE: "team.create";
+  readonly TEAM_UPDATE: "team.update";
+  readonly TEAM_DELETE: "team.delete";
+  readonly TEAM_MANAGE: "team.manage";
+  readonly ROLE_CREATE: "role.create";
+  readonly ROLE_UPDATE: "role.update";
+  readonly ROLE_DELETE: "role.delete";
+  readonly ROLE_ASSIGN: "role.assign";
+  readonly ROLE_REVOKE: "role.revoke";
+  readonly BILLING_VIEW: "billing.view";
+  readonly BILLING_MANAGE: "billing.manage";
+  readonly PROJECT_CREATE: "project.create";
+  readonly PROJECT_READ: "project.read";
+  readonly PROJECT_UPDATE: "project.update";
+  readonly PROJECT_DELETE: "project.delete";
+  readonly PROJECT_MANAGE: "project.manage";
+  readonly ADMIN_ACCESS: "admin.access";
+  readonly ADMIN_IMPERSONATE: "admin.impersonate";
+};
+type PermissionKey = (typeof Permission)[keyof typeof Permission];
+/**
+ * Standard role definitions.
+ */
+declare const StandardRole: {
+  readonly OWNER: {
+    readonly name: "owner";
+    readonly description: "Organization owner with full access";
+    readonly permissions: ("user.create" | "user.read" | "user.update" | "user.delete" | "user.list" | "user.manage" | "org.create" | "org.read" | "org.update" | "org.delete" | "org.list" | "member.invite" | "member.remove" | "member.update_role" | "member.list" | "org.manage_members" | "team.create" | "team.update" | "team.delete" | "team.manage" | "role.create" | "role.update" | "role.delete" | "role.assign" | "role.revoke" | "billing.view" | "billing.manage" | "project.create" | "project.read" | "project.update" | "project.delete" | "project.manage" | "admin.access" | "admin.impersonate")[];
+  };
+  readonly ADMIN: {
+    readonly name: "admin";
+    readonly description: "Administrator with most permissions";
+    readonly permissions: readonly ["user.read", "user.list", "org.read", "org.update", "member.invite", "member.remove", "member.update_role", "member.list", "org.manage_members", "team.create", "team.update", "team.delete", "team.manage", "project.create", "project.read", "project.update", "project.delete", "project.manage", "billing.view"];
+  };
+  readonly MEMBER: {
+    readonly name: "member";
+    readonly description: "Regular organization member";
+    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read", "project.create"];
+  };
+  readonly VIEWER: {
+    readonly name: "viewer";
+    readonly description: "Read-only access";
+    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read"];
+  };
+};
+/**
+ * Permission check input.
+ */
+interface PermissionCheckInput {
+  userId: string;
+  orgId?: string;
+  permission: PermissionKey | string;
+}
+/**
+ * Permission check result.
+ */
+interface PermissionCheckResult {
+  allowed: boolean;
+  reason?: string;
+  matchedRole?: string;
+}
+/**
+ * Role with permissions.
+ */
+interface RoleWithPermissions {
+  id: string;
+  name: string;
+  permissions: string[];
+}
+/**
+ * Policy binding for permission evaluation.
+ */
+interface PolicyBindingForEval {
+  roleId: string;
+  role: RoleWithPermissions;
+  targetType: 'user' | 'organization';
+  targetId: string;
+  expiresAt?: Date | null;
+}
+/**
+ * RBAC Policy Engine for permission checks.
+ */
+declare class RBACPolicyEngine {
+  private roleCache;
+  private bindingCache;
+  /**
+   * Check if a user has a specific permission.
+   */
+  checkPermission(input: PermissionCheckInput, bindings: PolicyBindingForEval[]): Promise<PermissionCheckResult>;
+  /**
+   * Get all permissions for a user in a context.
+   */
+  getPermissions(userId: string, orgId: string | undefined, bindings: PolicyBindingForEval[]): Promise<{
+    permissions: Set<string>;
+    roles: RoleWithPermissions[];
+  }>;
+  /**
+   * Check if user has any of the specified permissions.
+   */
+  hasAnyPermission(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
+  /**
+   * Check if user has all of the specified permissions.
+   */
+  hasAllPermissions(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
+}
+/**
+ * Create a new RBAC policy engine instance.
+ */
+declare function createRBACEngine(): RBACPolicyEngine;
+//#endregion
+export { Permission, PermissionCheckInput, PermissionCheckResult, PermissionKey, PolicyBindingForEval, RBACPolicyEngine, RoleWithPermissions, StandardRole, createRBACEngine };
+//# sourceMappingURL=engine.d.ts.map

package/dist/policies/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","names":[],"sources":["../../src/policies/engine.ts"],"sourcesContent":[],"mappings":";;AAGA;AAoDA;AAKa,cAzDA,UA6GH,EAAA;EAKO,SAAA,WAAA,EAAA,aAGH;EAMG,SAAA,SAAA,EAAA,WAAqB;EASrB,SAAA,WAAA,EAAmB,aAAA;EASnB,SAAA,WAAA,EAAA,aAET;EASK,SAAA,SAAA,EAAgB,WAAA;EAQlB,SAAA,WAAA,EAAA,aAAA;EACG,SAAA,UAAA,EAAA,YAAA;EACD,SAAA,QAAA,EAAA,UAAA;EAAR,SAAA,UAAA,EAAA,YAAA;EAmDS,SAAA,UAAA,EAAA,YAAA;EAEG,SAAA,QAAA,EAAA,UAAA;EACN,SAAA,aAAA,EAAA,eAAA;EAFN,SAAA,aAAA,EAAA,eAAA;EA4CS,SAAA,kBAAA,EAAA,oBAAA;EACT,SAAA,WAAA,EAAA,aAAA;EAiBS,SAAA,cAAA,EAAA,oBAAA;EACT,SAAA,WAAA,EAAA,aAAA;EAAO,SAAA,WAAA,EAAA,aAAA;EAcI,SAAA,WAAgB,EAAA,aAAI;;;;;;;;;;;;;;;;;KA/OxB,aAAA,WAAwB,yBAAyB;;;;cAKhD;;;;;;;;;;;;;;;;;;;;;;;;;UAyDI,oBAAA;;;cAGH;;;;;UAMG,qBAAA;;;;;;;;UASA,mBAAA;;;;;;;;UASA,oBAAA;;QAET;;;cAGM;;;;;cAMD,gBAAA;;;;;;yBAQF,gCACG,yBACT,QAAQ;;;;sEAmDC,yBACT;iBACY;WACN;;;;;+FA0CG,yBACT;;;;gGAiBS,yBACT;;;;;iBAcW,gBAAA,CAAA,GAAoB"}