@contractspec/lib.identity-rbac 1.56.1 → 1.58.0

package/dist/contracts/organization.js

@@ -1,605 +1,656 @@
-import { SuccessResultModel } from "./user.js";
-import { ScalarTypeEnum, SchemaModel } from "@contractspec/lib.schema";
+// @bun
+// src/contracts/user.ts
+import { SchemaModel, ScalarTypeEnum } from "@contractspec/lib.schema";
 import { defineCommand, defineQuery } from "@contractspec/lib.contracts";
-
-//#region src/contracts/organization.ts
-const OWNERS = ["platform.identity-rbac"];
-const OrganizationModel = new SchemaModel({
-	name: "Organization",
-	description: "Organization details",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		slug: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		logo: {
-			type: ScalarTypeEnum.URL(),
-			isOptional: true
-		},
-		description: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		type: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		onboardingCompleted: {
-			type: ScalarTypeEnum.Boolean(),
-			isOptional: false
-		},
-		createdAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: false
-		}
-	}
-});
-const MemberUserModel = new SchemaModel({
-	name: "MemberUser",
-	description: "Basic user info within a member",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		email: {
-			type: ScalarTypeEnum.EmailAddress(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const MemberModel = new SchemaModel({
-	name: "Member",
-	description: "Organization member",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		userId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		organizationId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		role: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		createdAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: false
-		},
-		user: {
-			type: MemberUserModel,
-			isOptional: false
-		}
-	}
-});
-const InvitationModel = new SchemaModel({
-	name: "Invitation",
-	description: "Organization invitation",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		email: {
-			type: ScalarTypeEnum.EmailAddress(),
-			isOptional: false
-		},
-		role: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		status: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		expiresAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: true
-		},
-		createdAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: false
-		}
-	}
-});
-const CreateOrgInputModel = new SchemaModel({
-	name: "CreateOrgInput",
-	description: "Input for creating an organization",
-	fields: {
-		name: {
-			type: ScalarTypeEnum.NonEmptyString(),
-			isOptional: false
-		},
-		slug: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		description: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		type: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const GetOrgInputModel = new SchemaModel({
-	name: "GetOrgInput",
-	description: "Input for getting an organization",
-	fields: { orgId: {
-		type: ScalarTypeEnum.String_unsecure(),
-		isOptional: false
-	} }
-});
-const UpdateOrgInputModel = new SchemaModel({
-	name: "UpdateOrgInput",
-	description: "Input for updating an organization",
-	fields: {
-		orgId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		slug: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		logo: {
-			type: ScalarTypeEnum.URL(),
-			isOptional: true
-		},
-		description: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const InviteMemberInputModel = new SchemaModel({
-	name: "InviteMemberInput",
-	description: "Input for inviting a member",
-	fields: {
-		orgId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		email: {
-			type: ScalarTypeEnum.EmailAddress(),
-			isOptional: false
-		},
-		role: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		teamId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const AcceptInviteInputModel = new SchemaModel({
-	name: "AcceptInviteInput",
-	description: "Input for accepting an invitation",
-	fields: { invitationId: {
-		type: ScalarTypeEnum.String_unsecure(),
-		isOptional: false
-	} }
-});
-const RemoveMemberInputModel = new SchemaModel({
-	name: "RemoveMemberInput",
-	description: "Input for removing a member",
-	fields: {
-		orgId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		userId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		}
-	}
-});
-const MemberRemovedPayloadModel = new SchemaModel({
-	name: "MemberRemovedPayload",
-	description: "Payload for member removed event",
-	fields: {
-		orgId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		userId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		}
-	}
-});
-const ListMembersInputModel = new SchemaModel({
-	name: "ListMembersInput",
-	description: "Input for listing members",
-	fields: {
-		orgId: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		limit: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: true
-		},
-		offset: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const ListMembersOutputModel = new SchemaModel({
-	name: "ListMembersOutput",
-	description: "Output for listing members",
-	fields: {
-		members: {
-			type: MemberModel,
-			isOptional: false,
-			isArray: true
-		},
-		total: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: false
-		}
-	}
-});
-const OrganizationWithRoleModel = new SchemaModel({
-	name: "OrganizationWithRole",
-	description: "Organization with user role",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		slug: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		logo: {
-			type: ScalarTypeEnum.URL(),
-			isOptional: true
-		},
-		description: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		type: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		onboardingCompleted: {
-			type: ScalarTypeEnum.Boolean(),
-			isOptional: false
-		},
-		createdAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: false
-		},
-		role: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		}
-	}
-});
-const ListUserOrgsOutputModel = new SchemaModel({
-	name: "ListUserOrgsOutput",
-	description: "Output for listing user organizations",
-	fields: { organizations: {
-		type: OrganizationWithRoleModel,
-		isOptional: false,
-		isArray: true
-	} }
-});
-/**
-* Create a new organization.
-*/
-const CreateOrgContract = defineCommand({
-	meta: {
-		key: "identity.org.create",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"create"
-		],
-		description: "Create a new organization.",
-		goal: "Allow users to create new organizations/workspaces.",
-		context: "Called during onboarding or when creating additional workspaces."
-	},
-	io: {
-		input: CreateOrgInputModel,
-		output: OrganizationModel,
-		errors: { SLUG_EXISTS: {
-			description: "An organization with this slug already exists",
-			http: 409,
-			gqlCode: "SLUG_EXISTS",
-			when: "Slug is already taken"
-		} }
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			key: "org.created",
-			version: "1.0.0",
-			when: "Organization is created",
-			payload: OrganizationModel
-		}],
-		audit: ["org.created"]
-	}
-});
-/**
-* Get organization details.
-*/
-const GetOrgContract = defineQuery({
-	meta: {
-		key: "identity.org.get",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"get"
-		],
-		description: "Get organization details.",
-		goal: "Retrieve organization information.",
-		context: "Called when viewing organization settings or dashboard."
-	},
-	io: {
-		input: GetOrgInputModel,
-		output: OrganizationModel
-	},
-	policy: { auth: "user" }
-});
-/**
-* Update organization.
-*/
-const UpdateOrgContract = defineCommand({
-	meta: {
-		key: "identity.org.update",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"update"
-		],
-		description: "Update organization details.",
-		goal: "Allow org admins to update organization settings.",
-		context: "Organization settings page."
-	},
-	io: {
-		input: UpdateOrgInputModel,
-		output: OrganizationModel
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			key: "org.updated",
-			version: "1.0.0",
-			when: "Organization is updated",
-			payload: OrganizationModel
-		}],
-		audit: ["org.updated"]
-	}
-});
-/**
-* Invite a member to the organization.
-*/
-const InviteMemberContract = defineCommand({
-	meta: {
-		key: "identity.org.invite",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"invite",
-			"member"
-		],
-		description: "Invite a user to join the organization.",
-		goal: "Allow org admins to invite new members.",
-		context: "Team management. Sends invitation email."
-	},
-	io: {
-		input: InviteMemberInputModel,
-		output: InvitationModel,
-		errors: {
-			ALREADY_MEMBER: {
-				description: "User is already a member of this organization",
-				http: 409,
-				gqlCode: "ALREADY_MEMBER",
-				when: "Invitee is already a member"
-			},
-			INVITE_PENDING: {
-				description: "An invitation for this email is already pending",
-				http: 409,
-				gqlCode: "INVITE_PENDING",
-				when: "Active invitation exists"
-			}
-		}
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			key: "org.invite.sent",
-			version: "1.0.0",
-			when: "Invitation is sent",
-			payload: InvitationModel
-		}],
-		audit: ["org.invite.sent"]
-	}
-});
-/**
-* Accept an invitation.
-*/
-const AcceptInviteContract = defineCommand({
-	meta: {
-		key: "identity.org.invite.accept",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"invite",
-			"accept"
-		],
-		description: "Accept an organization invitation.",
-		goal: "Allow users to join organizations via invitation.",
-		context: "Called from invitation email link."
-	},
-	io: {
-		input: AcceptInviteInputModel,
-		output: MemberModel,
-		errors: {
-			INVITE_EXPIRED: {
-				description: "The invitation has expired",
-				http: 410,
-				gqlCode: "INVITE_EXPIRED",
-				when: "Invitation is past expiry date"
-			},
-			INVITE_USED: {
-				description: "The invitation has already been used",
-				http: 409,
-				gqlCode: "INVITE_USED",
-				when: "Invitation was already accepted"
-			}
-		}
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			key: "org.member.added",
-			version: "1.0.0",
-			when: "Member joins org",
-			payload: MemberModel
-		}],
-		audit: ["org.member.added"]
-	}
-});
-/**
-* Remove a member from the organization.
-*/
-const RemoveMemberContract = defineCommand({
-	meta: {
-		key: "identity.org.member.remove",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"member",
-			"remove"
-		],
-		description: "Remove a member from the organization.",
-		goal: "Allow org admins to remove members.",
-		context: "Team management."
-	},
-	io: {
-		input: RemoveMemberInputModel,
-		output: SuccessResultModel,
-		errors: { CANNOT_REMOVE_OWNER: {
-			description: "Cannot remove the organization owner",
-			http: 403,
-			gqlCode: "CANNOT_REMOVE_OWNER",
-			when: "Target is the org owner"
-		} }
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			key: "org.member.removed",
-			version: "1.0.0",
-			when: "Member is removed",
-			payload: MemberRemovedPayloadModel
-		}],
-		audit: ["org.member.removed"]
-	}
-});
-/**
-* List organization members.
-*/
-const ListMembersContract = defineQuery({
-	meta: {
-		key: "identity.org.members.list",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"member",
-			"list"
-		],
-		description: "List organization members.",
-		goal: "View all members of an organization.",
-		context: "Team management page."
-	},
-	io: {
-		input: ListMembersInputModel,
-		output: ListMembersOutputModel
-	},
-	policy: { auth: "user" }
-});
-/**
-* List user's organizations.
-*/
-const ListUserOrgsContract = defineQuery({
-	meta: {
-		key: "identity.org.list",
-		version: "1.0.0",
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"org",
-			"list"
-		],
-		description: "List organizations the current user belongs to.",
-		goal: "Show user their organizations for workspace switching.",
-		context: "Workspace switcher, org selection."
-	},
-	io: {
-		input: null,
-		output: ListUserOrgsOutputModel
-	},
-	policy: { auth: "user" }
+var OWNERS = ["platform.identity-rbac"];
+var UserProfileModel = new SchemaModel({
+  name: "UserProfile",
+  description: "User profile information",
+  fields: {
+    id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    emailVerified: { type: ScalarTypeEnum.Boolean(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },
+    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var CreateUserInputModel = new SchemaModel({
+  name: "CreateUserInput",
+  description: "Input for creating a new user",
+  fields: {
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    password: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
+  }
+});
+var UpdateUserInputModel = new SchemaModel({
+  name: "UpdateUserInput",
+  description: "Input for updating a user profile",
+  fields: {
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true }
+  }
+});
+var DeleteUserInputModel = new SchemaModel({
+  name: "DeleteUserInput",
+  description: "Input for deleting a user",
+  fields: {
+    confirmEmail: { type: ScalarTypeEnum.EmailAddress(), isOptional: false }
+  }
+});
+var SuccessResultModel = new SchemaModel({
+  name: "SuccessResult",
+  description: "Simple success result",
+  fields: {
+    success: { type: ScalarTypeEnum.Boolean(), isOptional: false }
+  }
+});
+var UserDeletedPayloadModel = new SchemaModel({
+  name: "UserDeletedPayload",
+  description: "Payload for user deleted event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }
+  }
+});
+var ListUsersInputModel = new SchemaModel({
+  name: "ListUsersInput",
+  description: "Input for listing users",
+  fields: {
+    limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
+    offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
+    search: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
+  }
+});
+var ListUsersOutputModel = new SchemaModel({
+  name: "ListUsersOutput",
+  description: "Output for listing users",
+  fields: {
+    users: { type: UserProfileModel, isOptional: false, isArray: true },
+    total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false }
+  }
+});
+var CreateUserContract = defineCommand({
+  meta: {
+    key: "identity.user.create",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "create"],
+    description: "Create a new user account.",
+    goal: "Register a new user in the system.",
+    context: "Used during signup flows. May trigger email verification."
+  },
+  io: {
+    input: CreateUserInputModel,
+    output: UserProfileModel,
+    errors: {
+      EMAIL_EXISTS: {
+        description: "A user with this email already exists",
+        http: 409,
+        gqlCode: "EMAIL_EXISTS",
+        when: "Email is already registered"
+      }
+    }
+  },
+  policy: {
+    auth: "anonymous"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.created",
+        version: "1.0.0",
+        when: "User is successfully created",
+        payload: UserProfileModel
+      }
+    ],
+    audit: ["user.created"]
+  }
+});
+var GetCurrentUserContract = defineQuery({
+  meta: {
+    key: "identity.user.me",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "profile"],
+    description: "Get the current authenticated user profile.",
+    goal: "Retrieve user profile for the authenticated session.",
+    context: "Called on app load and after profile updates."
+  },
+  io: {
+    input: null,
+    output: UserProfileModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var UpdateUserContract = defineCommand({
+  meta: {
+    key: "identity.user.update",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "update"],
+    description: "Update user profile information.",
+    goal: "Allow users to update their profile.",
+    context: "Self-service profile updates."
+  },
+  io: {
+    input: UpdateUserInputModel,
+    output: UserProfileModel
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.updated",
+        version: "1.0.0",
+        when: "User profile is updated",
+        payload: UserProfileModel
+      }
+    ],
+    audit: ["user.updated"]
+  }
+});
+var DeleteUserContract = defineCommand({
+  meta: {
+    key: "identity.user.delete",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "delete"],
+    description: "Delete user account and all associated data.",
+    goal: "Allow users to delete their account (GDPR compliance).",
+    context: "Self-service account deletion. Cascades to memberships, sessions, etc."
+  },
+  io: {
+    input: DeleteUserInputModel,
+    output: SuccessResultModel
+  },
+  policy: {
+    auth: "user",
+    escalate: "human_review"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "user.deleted",
+        version: "1.0.0",
+        when: "User account is deleted",
+        payload: UserDeletedPayloadModel
+      }
+    ],
+    audit: ["user.deleted"]
+  }
+});
+var ListUsersContract = defineQuery({
+  meta: {
+    key: "identity.user.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS],
+    tags: ["identity", "user", "admin", "list"],
+    description: "List all users (admin only).",
+    goal: "Allow admins to browse and manage users.",
+    context: "Admin dashboard user management."
+  },
+  io: {
+    input: ListUsersInputModel,
+    output: ListUsersOutputModel
+  },
+  policy: {
+    auth: "admin"
+  }
 });
 
-//#endregion
-export { AcceptInviteContract, AcceptInviteInputModel, CreateOrgContract, CreateOrgInputModel, GetOrgContract, GetOrgInputModel, InvitationModel, InviteMemberContract, InviteMemberInputModel, ListMembersContract, ListMembersInputModel, ListMembersOutputModel, ListUserOrgsContract, ListUserOrgsOutputModel, MemberModel, MemberRemovedPayloadModel, MemberUserModel, OrganizationModel, OrganizationWithRoleModel, RemoveMemberContract, RemoveMemberInputModel, UpdateOrgContract, UpdateOrgInputModel };
-//# sourceMappingURL=organization.js.map
+// src/contracts/organization.ts
+import { ScalarTypeEnum as ScalarTypeEnum2, SchemaModel as SchemaModel2 } from "@contractspec/lib.schema";
+import { defineCommand as defineCommand2, defineQuery as defineQuery2 } from "@contractspec/lib.contracts";
+var OWNERS2 = ["platform.identity-rbac"];
+var OrganizationModel = new SchemaModel2({
+  name: "Organization",
+  description: "Organization details",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
+  }
+});
+var MemberUserModel = new SchemaModel2({
+  name: "MemberUser",
+  description: "Basic user info within a member",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var MemberModel = new SchemaModel2({
+  name: "Member",
+  description: "Organization member",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    organizationId: {
+      type: ScalarTypeEnum2.String_unsecure(),
+      isOptional: false
+    },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
+    user: { type: MemberUserModel, isOptional: false }
+  }
+});
+var InvitationModel = new SchemaModel2({
+  name: "Invitation",
+  description: "Organization invitation",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    status: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    expiresAt: { type: ScalarTypeEnum2.DateTime(), isOptional: true },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
+  }
+});
+var CreateOrgInputModel = new SchemaModel2({
+  name: "CreateOrgInput",
+  description: "Input for creating an organization",
+  fields: {
+    name: { type: ScalarTypeEnum2.NonEmptyString(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var GetOrgInputModel = new SchemaModel2({
+  name: "GetOrgInput",
+  description: "Input for getting an organization",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var UpdateOrgInputModel = new SchemaModel2({
+  name: "UpdateOrgInput",
+  description: "Input for updating an organization",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var InviteMemberInputModel = new SchemaModel2({
+  name: "InviteMemberInput",
+  description: "Input for inviting a member",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    teamId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
+  }
+});
+var AcceptInviteInputModel = new SchemaModel2({
+  name: "AcceptInviteInput",
+  description: "Input for accepting an invitation",
+  fields: {
+    invitationId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var RemoveMemberInputModel = new SchemaModel2({
+  name: "RemoveMemberInput",
+  description: "Input for removing a member",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var MemberRemovedPayloadModel = new SchemaModel2({
+  name: "MemberRemovedPayload",
+  description: "Payload for member removed event",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var ListMembersInputModel = new SchemaModel2({
+  name: "ListMembersInput",
+  description: "Input for listing members",
+  fields: {
+    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    limit: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true },
+    offset: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true }
+  }
+});
+var ListMembersOutputModel = new SchemaModel2({
+  name: "ListMembersOutput",
+  description: "Output for listing members",
+  fields: {
+    members: { type: MemberModel, isOptional: false, isArray: true },
+    total: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: false }
+  }
+});
+var OrganizationWithRoleModel = new SchemaModel2({
+  name: "OrganizationWithRole",
+  description: "Organization with user role",
+  fields: {
+    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
+    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
+    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
+    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
+    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
+  }
+});
+var ListUserOrgsOutputModel = new SchemaModel2({
+  name: "ListUserOrgsOutput",
+  description: "Output for listing user organizations",
+  fields: {
+    organizations: {
+      type: OrganizationWithRoleModel,
+      isOptional: false,
+      isArray: true
+    }
+  }
+});
+var CreateOrgContract = defineCommand2({
+  meta: {
+    key: "identity.org.create",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "create"],
+    description: "Create a new organization.",
+    goal: "Allow users to create new organizations/workspaces.",
+    context: "Called during onboarding or when creating additional workspaces."
+  },
+  io: {
+    input: CreateOrgInputModel,
+    output: OrganizationModel,
+    errors: {
+      SLUG_EXISTS: {
+        description: "An organization with this slug already exists",
+        http: 409,
+        gqlCode: "SLUG_EXISTS",
+        when: "Slug is already taken"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.created",
+        version: "1.0.0",
+        when: "Organization is created",
+        payload: OrganizationModel
+      }
+    ],
+    audit: ["org.created"]
+  }
+});
+var GetOrgContract = defineQuery2({
+  meta: {
+    key: "identity.org.get",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "get"],
+    description: "Get organization details.",
+    goal: "Retrieve organization information.",
+    context: "Called when viewing organization settings or dashboard."
+  },
+  io: {
+    input: GetOrgInputModel,
+    output: OrganizationModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var UpdateOrgContract = defineCommand2({
+  meta: {
+    key: "identity.org.update",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "update"],
+    description: "Update organization details.",
+    goal: "Allow org admins to update organization settings.",
+    context: "Organization settings page."
+  },
+  io: {
+    input: UpdateOrgInputModel,
+    output: OrganizationModel
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.updated",
+        version: "1.0.0",
+        when: "Organization is updated",
+        payload: OrganizationModel
+      }
+    ],
+    audit: ["org.updated"]
+  }
+});
+var InviteMemberContract = defineCommand2({
+  meta: {
+    key: "identity.org.invite",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "invite", "member"],
+    description: "Invite a user to join the organization.",
+    goal: "Allow org admins to invite new members.",
+    context: "Team management. Sends invitation email."
+  },
+  io: {
+    input: InviteMemberInputModel,
+    output: InvitationModel,
+    errors: {
+      ALREADY_MEMBER: {
+        description: "User is already a member of this organization",
+        http: 409,
+        gqlCode: "ALREADY_MEMBER",
+        when: "Invitee is already a member"
+      },
+      INVITE_PENDING: {
+        description: "An invitation for this email is already pending",
+        http: 409,
+        gqlCode: "INVITE_PENDING",
+        when: "Active invitation exists"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.invite.sent",
+        version: "1.0.0",
+        when: "Invitation is sent",
+        payload: InvitationModel
+      }
+    ],
+    audit: ["org.invite.sent"]
+  }
+});
+var AcceptInviteContract = defineCommand2({
+  meta: {
+    key: "identity.org.invite.accept",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "invite", "accept"],
+    description: "Accept an organization invitation.",
+    goal: "Allow users to join organizations via invitation.",
+    context: "Called from invitation email link."
+  },
+  io: {
+    input: AcceptInviteInputModel,
+    output: MemberModel,
+    errors: {
+      INVITE_EXPIRED: {
+        description: "The invitation has expired",
+        http: 410,
+        gqlCode: "INVITE_EXPIRED",
+        when: "Invitation is past expiry date"
+      },
+      INVITE_USED: {
+        description: "The invitation has already been used",
+        http: 409,
+        gqlCode: "INVITE_USED",
+        when: "Invitation was already accepted"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.member.added",
+        version: "1.0.0",
+        when: "Member joins org",
+        payload: MemberModel
+      }
+    ],
+    audit: ["org.member.added"]
+  }
+});
+var RemoveMemberContract = defineCommand2({
+  meta: {
+    key: "identity.org.member.remove",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "member", "remove"],
+    description: "Remove a member from the organization.",
+    goal: "Allow org admins to remove members.",
+    context: "Team management."
+  },
+  io: {
+    input: RemoveMemberInputModel,
+    output: SuccessResultModel,
+    errors: {
+      CANNOT_REMOVE_OWNER: {
+        description: "Cannot remove the organization owner",
+        http: 403,
+        gqlCode: "CANNOT_REMOVE_OWNER",
+        when: "Target is the org owner"
+      }
+    }
+  },
+  policy: {
+    auth: "user"
+  },
+  sideEffects: {
+    emits: [
+      {
+        key: "org.member.removed",
+        version: "1.0.0",
+        when: "Member is removed",
+        payload: MemberRemovedPayloadModel
+      }
+    ],
+    audit: ["org.member.removed"]
+  }
+});
+var ListMembersContract = defineQuery2({
+  meta: {
+    key: "identity.org.members.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "member", "list"],
+    description: "List organization members.",
+    goal: "View all members of an organization.",
+    context: "Team management page."
+  },
+  io: {
+    input: ListMembersInputModel,
+    output: ListMembersOutputModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+var ListUserOrgsContract = defineQuery2({
+  meta: {
+    key: "identity.org.list",
+    version: "1.0.0",
+    stability: "stable",
+    owners: [...OWNERS2],
+    tags: ["identity", "org", "list"],
+    description: "List organizations the current user belongs to.",
+    goal: "Show user their organizations for workspace switching.",
+    context: "Workspace switcher, org selection."
+  },
+  io: {
+    input: null,
+    output: ListUserOrgsOutputModel
+  },
+  policy: {
+    auth: "user"
+  }
+});
+export {
+  UpdateOrgInputModel,
+  UpdateOrgContract,
+  RemoveMemberInputModel,
+  RemoveMemberContract,
+  OrganizationWithRoleModel,
+  OrganizationModel,
+  MemberUserModel,
+  MemberRemovedPayloadModel,
+  MemberModel,
+  ListUserOrgsOutputModel,
+  ListUserOrgsContract,
+  ListMembersOutputModel,
+  ListMembersInputModel,
+  ListMembersContract,
+  InviteMemberInputModel,
+  InviteMemberContract,
+  InvitationModel,
+  GetOrgInputModel,
+  GetOrgContract,
+  CreateOrgInputModel,
+  CreateOrgContract,
+  AcceptInviteInputModel,
+  AcceptInviteContract
+};