@contractspec/lib.identity-rbac 1.44.0

package/dist/contracts/user.js

@@ -0,0 +1,333 @@
+import { ScalarTypeEnum, SchemaModel } from "@contractspec/lib.schema";
+import { defineCommand, defineQuery } from "@contractspec/lib.contracts";
+
+//#region src/contracts/user.ts
+const OWNERS = ["platform.identity-rbac"];
+const UserProfileModel = new SchemaModel({
+	name: "UserProfile",
+	description: "User profile information",
+	fields: {
+		id: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: false
+		},
+		email: {
+			type: ScalarTypeEnum.EmailAddress(),
+			isOptional: false
+		},
+		emailVerified: {
+			type: ScalarTypeEnum.Boolean(),
+			isOptional: false
+		},
+		name: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		firstName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		lastName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		locale: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		timezone: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		imageUrl: {
+			type: ScalarTypeEnum.URL(),
+			isOptional: true
+		},
+		role: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		onboardingCompleted: {
+			type: ScalarTypeEnum.Boolean(),
+			isOptional: false
+		},
+		createdAt: {
+			type: ScalarTypeEnum.DateTime(),
+			isOptional: false
+		}
+	}
+});
+const CreateUserInputModel = new SchemaModel({
+	name: "CreateUserInput",
+	description: "Input for creating a new user",
+	fields: {
+		email: {
+			type: ScalarTypeEnum.EmailAddress(),
+			isOptional: false
+		},
+		name: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		firstName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		lastName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		password: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		}
+	}
+});
+const UpdateUserInputModel = new SchemaModel({
+	name: "UpdateUserInput",
+	description: "Input for updating a user profile",
+	fields: {
+		name: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		firstName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		lastName: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		locale: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		timezone: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		},
+		imageUrl: {
+			type: ScalarTypeEnum.URL(),
+			isOptional: true
+		}
+	}
+});
+const DeleteUserInputModel = new SchemaModel({
+	name: "DeleteUserInput",
+	description: "Input for deleting a user",
+	fields: { confirmEmail: {
+		type: ScalarTypeEnum.EmailAddress(),
+		isOptional: false
+	} }
+});
+const SuccessResultModel = new SchemaModel({
+	name: "SuccessResult",
+	description: "Simple success result",
+	fields: { success: {
+		type: ScalarTypeEnum.Boolean(),
+		isOptional: false
+	} }
+});
+const UserDeletedPayloadModel = new SchemaModel({
+	name: "UserDeletedPayload",
+	description: "Payload for user deleted event",
+	fields: { userId: {
+		type: ScalarTypeEnum.String_unsecure(),
+		isOptional: false
+	} }
+});
+const ListUsersInputModel = new SchemaModel({
+	name: "ListUsersInput",
+	description: "Input for listing users",
+	fields: {
+		limit: {
+			type: ScalarTypeEnum.Int_unsecure(),
+			isOptional: true
+		},
+		offset: {
+			type: ScalarTypeEnum.Int_unsecure(),
+			isOptional: true
+		},
+		search: {
+			type: ScalarTypeEnum.String_unsecure(),
+			isOptional: true
+		}
+	}
+});
+const ListUsersOutputModel = new SchemaModel({
+	name: "ListUsersOutput",
+	description: "Output for listing users",
+	fields: {
+		users: {
+			type: UserProfileModel,
+			isOptional: false,
+			isArray: true
+		},
+		total: {
+			type: ScalarTypeEnum.Int_unsecure(),
+			isOptional: false
+		}
+	}
+});
+/**
+* Create a new user account.
+*/
+const CreateUserContract = defineCommand({
+	meta: {
+		key: "identity.user.create",
+		version: 1,
+		stability: "stable",
+		owners: [...OWNERS],
+		tags: [
+			"identity",
+			"user",
+			"create"
+		],
+		description: "Create a new user account.",
+		goal: "Register a new user in the system.",
+		context: "Used during signup flows. May trigger email verification."
+	},
+	io: {
+		input: CreateUserInputModel,
+		output: UserProfileModel,
+		errors: { EMAIL_EXISTS: {
+			description: "A user with this email already exists",
+			http: 409,
+			gqlCode: "EMAIL_EXISTS",
+			when: "Email is already registered"
+		} }
+	},
+	policy: { auth: "anonymous" },
+	sideEffects: {
+		emits: [{
+			key: "user.created",
+			version: 1,
+			when: "User is successfully created",
+			payload: UserProfileModel
+		}],
+		audit: ["user.created"]
+	}
+});
+/**
+* Get the current user's profile.
+*/
+const GetCurrentUserContract = defineQuery({
+	meta: {
+		key: "identity.user.me",
+		version: 1,
+		stability: "stable",
+		owners: [...OWNERS],
+		tags: [
+			"identity",
+			"user",
+			"profile"
+		],
+		description: "Get the current authenticated user profile.",
+		goal: "Retrieve user profile for the authenticated session.",
+		context: "Called on app load and after profile updates."
+	},
+	io: {
+		input: null,
+		output: UserProfileModel
+	},
+	policy: { auth: "user" }
+});
+/**
+* Update user profile.
+*/
+const UpdateUserContract = defineCommand({
+	meta: {
+		key: "identity.user.update",
+		version: 1,
+		stability: "stable",
+		owners: [...OWNERS],
+		tags: [
+			"identity",
+			"user",
+			"update"
+		],
+		description: "Update user profile information.",
+		goal: "Allow users to update their profile.",
+		context: "Self-service profile updates."
+	},
+	io: {
+		input: UpdateUserInputModel,
+		output: UserProfileModel
+	},
+	policy: { auth: "user" },
+	sideEffects: {
+		emits: [{
+			key: "user.updated",
+			version: 1,
+			when: "User profile is updated",
+			payload: UserProfileModel
+		}],
+		audit: ["user.updated"]
+	}
+});
+/**
+* Delete user account.
+*/
+const DeleteUserContract = defineCommand({
+	meta: {
+		key: "identity.user.delete",
+		version: 1,
+		stability: "stable",
+		owners: [...OWNERS],
+		tags: [
+			"identity",
+			"user",
+			"delete"
+		],
+		description: "Delete user account and all associated data.",
+		goal: "Allow users to delete their account (GDPR compliance).",
+		context: "Self-service account deletion. Cascades to memberships, sessions, etc."
+	},
+	io: {
+		input: DeleteUserInputModel,
+		output: SuccessResultModel
+	},
+	policy: {
+		auth: "user",
+		escalate: "human_review"
+	},
+	sideEffects: {
+		emits: [{
+			key: "user.deleted",
+			version: 1,
+			when: "User account is deleted",
+			payload: UserDeletedPayloadModel
+		}],
+		audit: ["user.deleted"]
+	}
+});
+/**
+* List users (admin only).
+*/
+const ListUsersContract = defineQuery({
+	meta: {
+		key: "identity.user.list",
+		version: 1,
+		stability: "stable",
+		owners: [...OWNERS],
+		tags: [
+			"identity",
+			"user",
+			"admin",
+			"list"
+		],
+		description: "List all users (admin only).",
+		goal: "Allow admins to browse and manage users.",
+		context: "Admin dashboard user management."
+	},
+	io: {
+		input: ListUsersInputModel,
+		output: ListUsersOutputModel
+	},
+	policy: { auth: "admin" }
+});
+
+//#endregion
+export { CreateUserContract, CreateUserInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, SuccessResultModel, UpdateUserContract, UpdateUserInputModel, UserDeletedPayloadModel, UserProfileModel };
+//# sourceMappingURL=user.js.map

package/dist/contracts/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","names":[],"sources":["../../src/contracts/user.ts"],"sourcesContent":["import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';\nimport { defineCommand, defineQuery } from '@contractspec/lib.contracts';\n\nconst OWNERS = ['platform.identity-rbac'] as const;\n\n// ============ SchemaModels ============\n\nexport const UserProfileModel = new SchemaModel({\n  name: 'UserProfile',\n  description: 'User profile information',\n  fields: {\n    id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    emailVerified: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },\n    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n  },\n});\n\nexport const CreateUserInputModel = new SchemaModel({\n  name: 'CreateUserInput',\n  description: 'Input for creating a new user',\n  fields: {\n    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    password: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n  },\n});\n\nexport const UpdateUserInputModel = new SchemaModel({\n  name: 'UpdateUserInput',\n  description: 'Input for updating a user profile',\n  fields: {\n    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },\n  },\n});\n\nexport const DeleteUserInputModel = new SchemaModel({\n  name: 'DeleteUserInput',\n  description: 'Input for deleting a user',\n  fields: {\n    confirmEmail: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n  },\n});\n\nexport const SuccessResultModel = new SchemaModel({\n  name: 'SuccessResult',\n  description: 'Simple success result',\n  fields: {\n    success: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n  },\n});\n\nexport const UserDeletedPayloadModel = new SchemaModel({\n  name: 'UserDeletedPayload',\n  description: 'Payload for user deleted event',\n  fields: {\n    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n  },\n});\n\nexport const ListUsersInputModel = new SchemaModel({\n  name: 'ListUsersInput',\n  description: 'Input for listing users',\n  fields: {\n    limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n    offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n    search: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n  },\n});\n\nexport const ListUsersOutputModel = new SchemaModel({\n  name: 'ListUsersOutput',\n  description: 'Output for listing users',\n  fields: {\n    users: { type: UserProfileModel, isOptional: false, isArray: true },\n    total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false },\n  },\n});\n\n// ============ Contracts ============\n\n/**\n * Create a new user account.\n */\nexport const CreateUserContract = defineCommand({\n  meta: {\n    key: 'identity.user.create',\n    version: 1,\n    stability: 'stable',\n    owners: [...OWNERS],\n    tags: ['identity', 'user', 'create'],\n    description: 'Create a new user account.',\n    goal: 'Register a new user in the system.',\n    context: 'Used during signup flows. May trigger email verification.',\n  },\n  io: {\n    input: CreateUserInputModel,\n    output: UserProfileModel,\n    errors: {\n      EMAIL_EXISTS: {\n        description: 'A user with this email already exists',\n        http: 409,\n        gqlCode: 'EMAIL_EXISTS',\n        when: 'Email is already registered',\n      },\n    },\n  },\n  policy: {\n    auth: 'anonymous',\n  },\n  sideEffects: {\n    emits: [\n      {\n        key: 'user.created',\n        version: 1,\n        when: 'User is successfully created',\n        payload: UserProfileModel,\n      },\n    ],\n    audit: ['user.created'],\n  },\n});\n\n/**\n * Get the current user's profile.\n */\nexport const GetCurrentUserContract = defineQuery({\n  meta: {\n    key: 'identity.user.me',\n    version: 1,\n    stability: 'stable',\n    owners: [...OWNERS],\n    tags: ['identity', 'user', 'profile'],\n    description: 'Get the current authenticated user profile.',\n    goal: 'Retrieve user profile for the authenticated session.',\n    context: 'Called on app load and after profile updates.',\n  },\n  io: {\n    input: null,\n    output: UserProfileModel,\n  },\n  policy: {\n    auth: 'user',\n  },\n});\n\n/**\n * Update user profile.\n */\nexport const UpdateUserContract = defineCommand({\n  meta: {\n    key: 'identity.user.update',\n    version: 1,\n    stability: 'stable',\n    owners: [...OWNERS],\n    tags: ['identity', 'user', 'update'],\n    description: 'Update user profile information.',\n    goal: 'Allow users to update their profile.',\n    context: 'Self-service profile updates.',\n  },\n  io: {\n    input: UpdateUserInputModel,\n    output: UserProfileModel,\n  },\n  policy: {\n    auth: 'user',\n  },\n  sideEffects: {\n    emits: [\n      {\n        key: 'user.updated',\n        version: 1,\n        when: 'User profile is updated',\n        payload: UserProfileModel,\n      },\n    ],\n    audit: ['user.updated'],\n  },\n});\n\n/**\n * Delete user account.\n */\nexport const DeleteUserContract = defineCommand({\n  meta: {\n    key: 'identity.user.delete',\n    version: 1,\n    stability: 'stable',\n    owners: [...OWNERS],\n    tags: ['identity', 'user', 'delete'],\n    description: 'Delete user account and all associated data.',\n    goal: 'Allow users to delete their account (GDPR compliance).',\n    context:\n      'Self-service account deletion. Cascades to memberships, sessions, etc.',\n  },\n  io: {\n    input: DeleteUserInputModel,\n    output: SuccessResultModel,\n  },\n  policy: {\n    auth: 'user',\n    escalate: 'human_review',\n  },\n  sideEffects: {\n    emits: [\n      {\n        key: 'user.deleted',\n        version: 1,\n        when: 'User account is deleted',\n        payload: UserDeletedPayloadModel,\n      },\n    ],\n    audit: ['user.deleted'],\n  },\n});\n\n/**\n * List users (admin only).\n */\nexport const ListUsersContract = defineQuery({\n  meta: {\n    key: 'identity.user.list',\n    version: 1,\n    stability: 'stable',\n    owners: [...OWNERS],\n    tags: ['identity', 'user', 'admin', 'list'],\n    description: 'List all users (admin only).',\n    goal: 'Allow admins to browse and manage users.',\n    context: 'Admin dashboard user management.',\n  },\n  io: {\n    input: ListUsersInputModel,\n    output: ListUsersOutputModel,\n  },\n  policy: {\n    auth: 'admin',\n  },\n});\n"],"mappings":";;;;AAGA,MAAM,SAAS,CAAC,yBAAyB;AAIzC,MAAa,mBAAmB,IAAI,YAAY;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,eAAe;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EAC1D,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,qBAAqB;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EAC1E,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EAC3D;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,cAAc;EAAE,MAAM,eAAe,cAAc;EAAE,YAAY;EAAO,EACzE;CACF,CAAC;AAEF,MAAa,qBAAqB,IAAI,YAAY;CAChD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,SAAS;EAAE,MAAM,eAAe,SAAS;EAAE,YAAY;EAAO,EAC/D;CACF,CAAC;AAEF,MAAa,0BAA0B,IAAI,YAAY;CACrD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,QAAQ;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACtE;CACF,CAAC;AAEF,MAAa,sBAAsB,IAAI,YAAY;CACjD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EAChE,QAAQ;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EACjE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACrE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM;GAAkB,YAAY;GAAO,SAAS;GAAM;EACnE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;;;;AAOF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,cAAc;GACZ,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,aACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAU;EACrC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SACE;EACH;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ;EACN,MAAM;EACN,UAAU;EACX;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,oBAAoB,YAAY;CAC3C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAO;EAC3C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,SACP;CACF,CAAC"}

package/dist/entities/index.d.ts

@@ -0,0 +1,177 @@
+import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./user.js";
+import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./organization.js";
+import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./rbac.js";
+import * as _contractspec_lib_schema575 from "@contractspec/lib.schema";
+import { ModuleSchemaContribution } from "@contractspec/lib.schema";
+
+//#region src/entities/index.d.ts
+/**
+ * All identity-rbac entities for schema composition.
+ */
+declare const identityRbacEntities: (_contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  email: _contractspec_lib_schema575.EntityScalarField;
+  emailVerified: _contractspec_lib_schema575.EntityScalarField;
+  name: _contractspec_lib_schema575.EntityScalarField;
+  firstName: _contractspec_lib_schema575.EntityScalarField;
+  lastName: _contractspec_lib_schema575.EntityScalarField;
+  locale: _contractspec_lib_schema575.EntityScalarField;
+  timezone: _contractspec_lib_schema575.EntityScalarField;
+  imageUrl: _contractspec_lib_schema575.EntityScalarField;
+  image: _contractspec_lib_schema575.EntityScalarField;
+  metadata: _contractspec_lib_schema575.EntityScalarField;
+  onboardingCompleted: _contractspec_lib_schema575.EntityScalarField;
+  onboardingStep: _contractspec_lib_schema575.EntityScalarField;
+  whitelistedAt: _contractspec_lib_schema575.EntityScalarField;
+  role: _contractspec_lib_schema575.EntityScalarField;
+  banned: _contractspec_lib_schema575.EntityScalarField;
+  banReason: _contractspec_lib_schema575.EntityScalarField;
+  banExpires: _contractspec_lib_schema575.EntityScalarField;
+  phoneNumber: _contractspec_lib_schema575.EntityScalarField;
+  phoneNumberVerified: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  sessions: _contractspec_lib_schema575.EntityRelationField;
+  accounts: _contractspec_lib_schema575.EntityRelationField;
+  memberships: _contractspec_lib_schema575.EntityRelationField;
+  invitations: _contractspec_lib_schema575.EntityRelationField;
+  teamMemberships: _contractspec_lib_schema575.EntityRelationField;
+  policyBindings: _contractspec_lib_schema575.EntityRelationField;
+  apiKeys: _contractspec_lib_schema575.EntityRelationField;
+  passkeys: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  expiresAt: _contractspec_lib_schema575.EntityScalarField;
+  token: _contractspec_lib_schema575.EntityScalarField;
+  ipAddress: _contractspec_lib_schema575.EntityScalarField;
+  userAgent: _contractspec_lib_schema575.EntityScalarField;
+  impersonatedBy: _contractspec_lib_schema575.EntityScalarField;
+  activeOrganizationId: _contractspec_lib_schema575.EntityScalarField;
+  activeTeamId: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  accountId: _contractspec_lib_schema575.EntityScalarField;
+  providerId: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  accessToken: _contractspec_lib_schema575.EntityScalarField;
+  refreshToken: _contractspec_lib_schema575.EntityScalarField;
+  idToken: _contractspec_lib_schema575.EntityScalarField;
+  accessTokenExpiresAt: _contractspec_lib_schema575.EntityScalarField;
+  refreshTokenExpiresAt: _contractspec_lib_schema575.EntityScalarField;
+  scope: _contractspec_lib_schema575.EntityScalarField;
+  password: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  identifier: _contractspec_lib_schema575.EntityScalarField;
+  value: _contractspec_lib_schema575.EntityScalarField;
+  expiresAt: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  organizationId: _contractspec_lib_schema575.EntityScalarField;
+  role: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+  organization: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  organizationId: _contractspec_lib_schema575.EntityScalarField;
+  email: _contractspec_lib_schema575.EntityScalarField;
+  role: _contractspec_lib_schema575.EntityScalarField;
+  status: _contractspec_lib_schema575.EntityScalarField;
+  acceptedAt: _contractspec_lib_schema575.EntityScalarField;
+  expiresAt: _contractspec_lib_schema575.EntityScalarField;
+  inviterId: _contractspec_lib_schema575.EntityScalarField;
+  teamId: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  organization: _contractspec_lib_schema575.EntityRelationField;
+  inviter: _contractspec_lib_schema575.EntityRelationField;
+  team: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  name: _contractspec_lib_schema575.EntityScalarField;
+  organizationId: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  organization: _contractspec_lib_schema575.EntityRelationField;
+  members: _contractspec_lib_schema575.EntityRelationField;
+  invitations: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  teamId: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  team: _contractspec_lib_schema575.EntityRelationField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  name: _contractspec_lib_schema575.EntityScalarField;
+  description: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  roleId: _contractspec_lib_schema575.EntityScalarField;
+  targetType: _contractspec_lib_schema575.EntityScalarField;
+  targetId: _contractspec_lib_schema575.EntityScalarField;
+  expiresAt: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  organizationId: _contractspec_lib_schema575.EntityScalarField;
+  role: _contractspec_lib_schema575.EntityRelationField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+  organization: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  name: _contractspec_lib_schema575.EntityScalarField;
+  start: _contractspec_lib_schema575.EntityScalarField;
+  prefix: _contractspec_lib_schema575.EntityScalarField;
+  key: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  refillInterval: _contractspec_lib_schema575.EntityScalarField;
+  refillAmount: _contractspec_lib_schema575.EntityScalarField;
+  lastRefillAt: _contractspec_lib_schema575.EntityScalarField;
+  remaining: _contractspec_lib_schema575.EntityScalarField;
+  requestCount: _contractspec_lib_schema575.EntityScalarField;
+  lastRequest: _contractspec_lib_schema575.EntityScalarField;
+  enabled: _contractspec_lib_schema575.EntityScalarField;
+  rateLimitEnabled: _contractspec_lib_schema575.EntityScalarField;
+  rateLimitTimeWindow: _contractspec_lib_schema575.EntityScalarField;
+  rateLimitMax: _contractspec_lib_schema575.EntityScalarField;
+  expiresAt: _contractspec_lib_schema575.EntityScalarField;
+  permissions: _contractspec_lib_schema575.EntityScalarField;
+  metadata: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  updatedAt: _contractspec_lib_schema575.EntityScalarField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+}> | _contractspec_lib_schema575.EntitySpec<{
+  id: _contractspec_lib_schema575.EntityScalarField;
+  name: _contractspec_lib_schema575.EntityScalarField;
+  publicKey: _contractspec_lib_schema575.EntityScalarField;
+  userId: _contractspec_lib_schema575.EntityScalarField;
+  credentialID: _contractspec_lib_schema575.EntityScalarField;
+  counter: _contractspec_lib_schema575.EntityScalarField;
+  deviceType: _contractspec_lib_schema575.EntityScalarField;
+  backedUp: _contractspec_lib_schema575.EntityScalarField;
+  transports: _contractspec_lib_schema575.EntityScalarField;
+  aaguid: _contractspec_lib_schema575.EntityScalarField;
+  createdAt: _contractspec_lib_schema575.EntityScalarField;
+  user: _contractspec_lib_schema575.EntityRelationField;
+}>)[];
+/**
+ * Module schema contribution for identity-rbac.
+ */
+declare const identityRbacSchemaContribution: ModuleSchemaContribution;
+//#endregion
+export { AccountEntity, ApiKeyEntity, InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity, SessionEntity, TeamEntity, TeamMemberEntity, UserEntity, VerificationEntity, identityRbacEntities, identityRbacSchemaContribution };
+//# sourceMappingURL=index.d.ts.map

package/dist/entities/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;AAsDa,cAAA,oBAeZ,EAAA,6BAfgC,UAehC,CAAA;EAAA,EAAA,EAAA,2BAAA,CAAA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2CAfgC,CAAA;EAAA,EAAA,EAAA,2BAAA,CAAA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBjC;;cAAa,gCAAgC"}

package/dist/entities/index.js

@@ -0,0 +1,36 @@
+import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./user.js";
+import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./organization.js";
+import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./rbac.js";
+
+//#region src/entities/index.ts
+/**
+* All identity-rbac entities for schema composition.
+*/
+const identityRbacEntities = [
+	UserEntity,
+	SessionEntity,
+	AccountEntity,
+	VerificationEntity,
+	OrganizationEntity,
+	MemberEntity,
+	InvitationEntity,
+	TeamEntity,
+	TeamMemberEntity,
+	RoleEntity,
+	PermissionEntity,
+	PolicyBindingEntity,
+	ApiKeyEntity,
+	PasskeyEntity
+];
+/**
+* Module schema contribution for identity-rbac.
+*/
+const identityRbacSchemaContribution = {
+	moduleId: "@contractspec/lib.identity-rbac",
+	entities: identityRbacEntities,
+	enums: [OrganizationTypeEnum]
+};
+
+//#endregion
+export { AccountEntity, ApiKeyEntity, InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity, SessionEntity, TeamEntity, TeamMemberEntity, UserEntity, VerificationEntity, identityRbacEntities, identityRbacSchemaContribution };
+//# sourceMappingURL=index.js.map

package/dist/entities/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":["identityRbacSchemaContribution: ModuleSchemaContribution"],"sources":["../../src/entities/index.ts"],"sourcesContent":["// User-related entities\nexport {\n  UserEntity,\n  SessionEntity,\n  AccountEntity,\n  VerificationEntity,\n} from './user';\n\n// Organization-related entities\nexport {\n  OrganizationTypeEnum,\n  OrganizationEntity,\n  MemberEntity,\n  InvitationEntity,\n  TeamEntity,\n  TeamMemberEntity,\n} from './organization';\n\n// RBAC entities\nexport {\n  RoleEntity,\n  PermissionEntity,\n  PolicyBindingEntity,\n  ApiKeyEntity,\n  PasskeyEntity,\n} from './rbac';\n\n// Re-export all entities as a module contribution\nimport {\n  UserEntity,\n  SessionEntity,\n  AccountEntity,\n  VerificationEntity,\n} from './user';\nimport {\n  OrganizationTypeEnum,\n  OrganizationEntity,\n  MemberEntity,\n  InvitationEntity,\n  TeamEntity,\n  TeamMemberEntity,\n} from './organization';\nimport {\n  RoleEntity,\n  PermissionEntity,\n  PolicyBindingEntity,\n  ApiKeyEntity,\n  PasskeyEntity,\n} from './rbac';\nimport type { ModuleSchemaContribution } from '@contractspec/lib.schema';\n\n/**\n * All identity-rbac entities for schema composition.\n */\nexport const identityRbacEntities = [\n  UserEntity,\n  SessionEntity,\n  AccountEntity,\n  VerificationEntity,\n  OrganizationEntity,\n  MemberEntity,\n  InvitationEntity,\n  TeamEntity,\n  TeamMemberEntity,\n  RoleEntity,\n  PermissionEntity,\n  PolicyBindingEntity,\n  ApiKeyEntity,\n  PasskeyEntity,\n];\n\n/**\n * Module schema contribution for identity-rbac.\n */\nexport const identityRbacSchemaContribution: ModuleSchemaContribution = {\n  moduleId: '@contractspec/lib.identity-rbac',\n  entities: identityRbacEntities,\n  enums: [OrganizationTypeEnum],\n};\n"],"mappings":";;;;;;;;AAsDA,MAAa,uBAAuB;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;AAKD,MAAaA,iCAA2D;CACtE,UAAU;CACV,UAAU;CACV,OAAO,CAAC,qBAAqB;CAC9B"}

package/dist/entities/organization.d.ts

@@ -0,0 +1,87 @@
+import * as _contractspec_lib_schema796 from "@contractspec/lib.schema";
+
+//#region src/entities/organization.d.ts
+/**
+ * Organization type enum.
+ */
+declare const OrganizationTypeEnum: _contractspec_lib_schema796.EntityEnumDef;
+/**
+ * Organization entity - tenant/company grouping.
+ */
+declare const OrganizationEntity: _contractspec_lib_schema796.EntitySpec<{
+  id: _contractspec_lib_schema796.EntityScalarField;
+  name: _contractspec_lib_schema796.EntityScalarField;
+  slug: _contractspec_lib_schema796.EntityScalarField;
+  logo: _contractspec_lib_schema796.EntityScalarField;
+  description: _contractspec_lib_schema796.EntityScalarField;
+  metadata: _contractspec_lib_schema796.EntityScalarField;
+  type: _contractspec_lib_schema796.EntityEnumField;
+  onboardingCompleted: _contractspec_lib_schema796.EntityScalarField;
+  onboardingStep: _contractspec_lib_schema796.EntityScalarField;
+  referralCode: _contractspec_lib_schema796.EntityScalarField;
+  referredBy: _contractspec_lib_schema796.EntityScalarField;
+  createdAt: _contractspec_lib_schema796.EntityScalarField;
+  updatedAt: _contractspec_lib_schema796.EntityScalarField;
+  members: _contractspec_lib_schema796.EntityRelationField;
+  invitations: _contractspec_lib_schema796.EntityRelationField;
+  teams: _contractspec_lib_schema796.EntityRelationField;
+  policyBindings: _contractspec_lib_schema796.EntityRelationField;
+}>;
+/**
+ * Member entity - user membership in an organization.
+ */
+declare const MemberEntity: _contractspec_lib_schema796.EntitySpec<{
+  id: _contractspec_lib_schema796.EntityScalarField;
+  userId: _contractspec_lib_schema796.EntityScalarField;
+  organizationId: _contractspec_lib_schema796.EntityScalarField;
+  role: _contractspec_lib_schema796.EntityScalarField;
+  createdAt: _contractspec_lib_schema796.EntityScalarField;
+  user: _contractspec_lib_schema796.EntityRelationField;
+  organization: _contractspec_lib_schema796.EntityRelationField;
+}>;
+/**
+ * Invitation entity - pending organization invites.
+ */
+declare const InvitationEntity: _contractspec_lib_schema796.EntitySpec<{
+  id: _contractspec_lib_schema796.EntityScalarField;
+  organizationId: _contractspec_lib_schema796.EntityScalarField;
+  email: _contractspec_lib_schema796.EntityScalarField;
+  role: _contractspec_lib_schema796.EntityScalarField;
+  status: _contractspec_lib_schema796.EntityScalarField;
+  acceptedAt: _contractspec_lib_schema796.EntityScalarField;
+  expiresAt: _contractspec_lib_schema796.EntityScalarField;
+  inviterId: _contractspec_lib_schema796.EntityScalarField;
+  teamId: _contractspec_lib_schema796.EntityScalarField;
+  createdAt: _contractspec_lib_schema796.EntityScalarField;
+  updatedAt: _contractspec_lib_schema796.EntityScalarField;
+  organization: _contractspec_lib_schema796.EntityRelationField;
+  inviter: _contractspec_lib_schema796.EntityRelationField;
+  team: _contractspec_lib_schema796.EntityRelationField;
+}>;
+/**
+ * Team entity - team within an organization.
+ */
+declare const TeamEntity: _contractspec_lib_schema796.EntitySpec<{
+  id: _contractspec_lib_schema796.EntityScalarField;
+  name: _contractspec_lib_schema796.EntityScalarField;
+  organizationId: _contractspec_lib_schema796.EntityScalarField;
+  createdAt: _contractspec_lib_schema796.EntityScalarField;
+  updatedAt: _contractspec_lib_schema796.EntityScalarField;
+  organization: _contractspec_lib_schema796.EntityRelationField;
+  members: _contractspec_lib_schema796.EntityRelationField;
+  invitations: _contractspec_lib_schema796.EntityRelationField;
+}>;
+/**
+ * TeamMember entity - user's team membership.
+ */
+declare const TeamMemberEntity: _contractspec_lib_schema796.EntitySpec<{
+  id: _contractspec_lib_schema796.EntityScalarField;
+  teamId: _contractspec_lib_schema796.EntityScalarField;
+  userId: _contractspec_lib_schema796.EntityScalarField;
+  createdAt: _contractspec_lib_schema796.EntityScalarField;
+  team: _contractspec_lib_schema796.EntityRelationField;
+  user: _contractspec_lib_schema796.EntityRelationField;
+}>;
+//#endregion
+export { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity };
+//# sourceMappingURL=organization.d.ts.map

package/dist/entities/organization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization.d.ts","names":[],"sources":["../../src/entities/organization.ts"],"sourcesContent":[],"mappings":";;;;;;AAUa,cAAA,oBAKX,EAAA,2BAAA,CAL+B,aAK/B;AAKF;;;cAAa,gDAAkB;MAkD7B,2BAAA,CAAA;;;;;;;;;;;;;;8DAlD6B;EAAA,KAAA,iDAAA;EAuDlB,cAAA,iDAqBX;CAAA,CAAA;;;;cArBW,0CAAY;MAqBvB,2BAAA,CAAA;;+DArBuB;EAAA,IAAA,+CAAA;EA0BZ,SAAA,+CAmCX;EAAA,IAAA,iDAAA;;;;;;cAnCW,8CAAgB;MAmC3B,2BAAA,CAAA;;;;;;;0DAnC2B;EAAA,MAAA,+CAAA;EAwChB,SAAA,+CAmBX;EAAA,SAAA,+CAAA;;;;;;;;cAnBW,UAAU,8BAAA,UAAA,CAAA;EAAA,EAAA,EAmBrB,2BAAA,CAAA,iBAnBqB;EAwBV,IAAA,+CAeX;EAAA,cAAA,+CAAA;;;;;;;;;;cAfW,8CAAgB;MAe3B,2BAAA,CAAA"}