npm - @contractspec/lib.identity-rbac - Versions diffs - 1.56.1 → 1.58.0 - Mend

@contractspec/lib.identity-rbac 1.56.1 → 1.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/dist/browser/contracts/index.js +1045 -0
package/dist/browser/contracts/organization.js +655 -0
package/dist/browser/contracts/rbac.js +599 -0
package/dist/browser/contracts/user.js +235 -0
package/dist/browser/entities/index.js +464 -0
package/dist/browser/entities/organization.js +150 -0
package/dist/browser/entities/rbac.js +124 -0
package/dist/browser/entities/user.js +168 -0
package/dist/browser/events.js +374 -0
package/dist/browser/identity-rbac.capability.js +28 -0
package/dist/browser/identity-rbac.feature.js +67 -0
package/dist/browser/index.js +2099 -0
package/dist/browser/policies/engine.js +154 -0
package/dist/browser/policies/index.js +154 -0
package/dist/contracts/index.d.ts +4 -4
package/dist/contracts/index.d.ts.map +1 -0
package/dist/contracts/index.js +1045 -4
package/dist/contracts/organization.d.ts +758 -764
package/dist/contracts/organization.d.ts.map +1 -1
package/dist/contracts/organization.js +653 -602
package/dist/contracts/rbac.d.ts +517 -523
package/dist/contracts/rbac.d.ts.map +1 -1
package/dist/contracts/rbac.js +597 -481
package/dist/contracts/user.d.ts +513 -519
package/dist/contracts/user.d.ts.map +1 -1
package/dist/contracts/user.js +222 -319
package/dist/entities/index.d.ts +164 -169
package/dist/entities/index.d.ts.map +1 -1
package/dist/entities/index.js +462 -33
package/dist/entities/organization.d.ts +58 -63
package/dist/entities/organization.d.ts.map +1 -1
package/dist/entities/organization.js +145 -145
package/dist/entities/rbac.d.ts +62 -67
package/dist/entities/rbac.d.ts.map +1 -1
package/dist/entities/rbac.js +119 -132
package/dist/entities/user.d.ts +66 -71
package/dist/entities/user.d.ts.map +1 -1
package/dist/entities/user.js +164 -189
package/dist/events.d.ts +537 -543
package/dist/events.d.ts.map +1 -1
package/dist/events.js +343 -651
package/dist/identity-rbac.capability.d.ts +2 -7
package/dist/identity-rbac.capability.d.ts.map +1 -1
package/dist/identity-rbac.capability.js +29 -29
package/dist/identity-rbac.feature.d.ts +1 -7
package/dist/identity-rbac.feature.d.ts.map +1 -1
package/dist/identity-rbac.feature.js +66 -193
package/dist/index.d.ts +6 -12
package/dist/index.d.ts.map +1 -0
package/dist/index.js +2100 -14
package/dist/node/contracts/index.js +1045 -0
package/dist/node/contracts/organization.js +655 -0
package/dist/node/contracts/rbac.js +599 -0
package/dist/node/contracts/user.js +235 -0
package/dist/node/entities/index.js +464 -0
package/dist/node/entities/organization.js +150 -0
package/dist/node/entities/rbac.js +124 -0
package/dist/node/entities/user.js +168 -0
package/dist/node/events.js +374 -0
package/dist/node/identity-rbac.capability.js +28 -0
package/dist/node/identity-rbac.feature.js +67 -0
package/dist/node/index.js +2099 -0
package/dist/node/policies/engine.js +154 -0
package/dist/node/policies/index.js +154 -0
package/dist/policies/engine.d.ts +98 -101
package/dist/policies/engine.d.ts.map +1 -1
package/dist/policies/engine.js +151 -164
package/dist/policies/index.d.ts +2 -2
package/dist/policies/index.d.ts.map +1 -0
package/dist/policies/index.js +154 -2
package/package.json +149 -40
package/dist/contracts/organization.js.map +0 -1
package/dist/contracts/rbac.js.map +0 -1
package/dist/contracts/user.js.map +0 -1
package/dist/entities/index.js.map +0 -1
package/dist/entities/organization.js.map +0 -1
package/dist/entities/rbac.js.map +0 -1
package/dist/entities/user.js.map +0 -1
package/dist/events.js.map +0 -1
package/dist/identity-rbac.capability.js.map +0 -1
package/dist/identity-rbac.feature.js.map +0 -1
package/dist/policies/engine.js.map +0 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contractspec/lib.identity-rbac",
-  "version": "1.56.1",
+  "version": "1.58.0",
   "description": "Identity, Organizations, and RBAC module for ContractSpec applications",
   "keywords": [
     "contractspec",
@@ -15,41 +15,45 @@
   "scripts": {
     "publish:pkg": "bun publish --tolerate-republish --ignore-scripts --verbose",
     "publish:pkg:canary": "bun publish:pkg --tag canary",
-    "build": "bun build:types && bun build:bundle",
-    "build:bundle": "tsdown",
-    "build:types": "tsc --noEmit",
-    "dev": "bun build:bundle --watch",
+    "build": "bun run prebuild && bun run build:bundle && bun run build:types",
+    "build:bundle": "contractspec-bun-build transpile",
+    "build:types": "contractspec-bun-build types",
+    "dev": "contractspec-bun-build dev",
     "clean": "rimraf dist .turbo",
     "lint": "bun lint:fix",
     "lint:fix": "eslint src --fix",
-    "lint:check": "eslint src"
+    "lint:check": "eslint src",
+    "prebuild": "contractspec-bun-build prebuild",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@contractspec/lib.schema": "1.56.1",
-    "@contractspec/lib.contracts": "1.56.1",
+    "@contractspec/lib.schema": "1.58.0",
+    "@contractspec/lib.contracts": "1.58.0",
     "zod": "^4.3.5"
   },
   "devDependencies": {
-    "@contractspec/tool.typescript": "1.56.1",
-    "@contractspec/tool.tsdown": "1.56.1",
-    "typescript": "^5.9.3"
+    "@contractspec/tool.typescript": "1.58.0",
+    "typescript": "^5.9.3",
+    "@contractspec/tool.bun": "1.57.0"
   },
   "exports": {
-    ".": "./dist/index.js",
-    "./contracts": "./dist/contracts/index.js",
-    "./contracts/organization": "./dist/contracts/organization.js",
-    "./contracts/rbac": "./dist/contracts/rbac.js",
-    "./contracts/user": "./dist/contracts/user.js",
-    "./entities": "./dist/entities/index.js",
-    "./entities/organization": "./dist/entities/organization.js",
-    "./entities/rbac": "./dist/entities/rbac.js",
-    "./entities/user": "./dist/entities/user.js",
-    "./events": "./dist/events.js",
-    "./identity-rbac.capability": "./dist/identity-rbac.capability.js",
-    "./identity-rbac.feature": "./dist/identity-rbac.feature.js",
-    "./policies": "./dist/policies/index.js",
-    "./policies/engine": "./dist/policies/engine.js",
-    "./*": "./*"
+    ".": "./src/index.ts",
+    "./contracts": "./src/contracts/index.ts",
+    "./contracts/index": "./src/contracts/index.ts",
+    "./contracts/organization": "./src/contracts/organization.ts",
+    "./contracts/rbac": "./src/contracts/rbac.ts",
+    "./contracts/user": "./src/contracts/user.ts",
+    "./entities": "./src/entities/index.ts",
+    "./entities/index": "./src/entities/index.ts",
+    "./entities/organization": "./src/entities/organization.ts",
+    "./entities/rbac": "./src/entities/rbac.ts",
+    "./entities/user": "./src/entities/user.ts",
+    "./events": "./src/events.ts",
+    "./identity-rbac.capability": "./src/identity-rbac.capability.ts",
+    "./identity-rbac.feature": "./src/identity-rbac.feature.ts",
+    "./policies": "./src/policies/index.ts",
+    "./policies/engine": "./src/policies/engine.ts",
+    "./policies/index": "./src/policies/index.ts"
   },
   "files": [
     "dist",
@@ -58,20 +62,125 @@
   "publishConfig": {
     "access": "public",
     "exports": {
-      ".": "./dist/index.js",
-      "./contracts": "./dist/contracts/index.js",
-      "./contracts/organization": "./dist/contracts/organization.js",
-      "./contracts/rbac": "./dist/contracts/rbac.js",
-      "./contracts/user": "./dist/contracts/user.js",
-      "./entities": "./dist/entities/index.js",
-      "./entities/organization": "./dist/entities/organization.js",
-      "./entities/rbac": "./dist/entities/rbac.js",
-      "./entities/user": "./dist/entities/user.js",
-      "./events": "./dist/events.js",
-      "./identity-rbac.feature": "./dist/identity-rbac.feature.js",
-      "./policies": "./dist/policies/index.js",
-      "./policies/engine": "./dist/policies/engine.js",
-      "./*": "./*"
+      ".": {
+        "types": "./dist/index.d.ts",
+        "bun": "./dist/index.js",
+        "node": "./dist/node/index.mjs",
+        "browser": "./dist/browser/index.js",
+        "default": "./dist/index.js"
+      },
+      "./contracts": {
+        "types": "./dist/contracts/index.d.ts",
+        "bun": "./dist/contracts/index.js",
+        "node": "./dist/node/contracts/index.mjs",
+        "browser": "./dist/browser/contracts/index.js",
+        "default": "./dist/contracts/index.js"
+      },
+      "./contracts/index": {
+        "types": "./dist/contracts/index.d.ts",
+        "bun": "./dist/contracts/index.js",
+        "node": "./dist/node/contracts/index.mjs",
+        "browser": "./dist/browser/contracts/index.js",
+        "default": "./dist/contracts/index.js"
+      },
+      "./contracts/organization": {
+        "types": "./dist/contracts/organization.d.ts",
+        "bun": "./dist/contracts/organization.js",
+        "node": "./dist/node/contracts/organization.mjs",
+        "browser": "./dist/browser/contracts/organization.js",
+        "default": "./dist/contracts/organization.js"
+      },
+      "./contracts/rbac": {
+        "types": "./dist/contracts/rbac.d.ts",
+        "bun": "./dist/contracts/rbac.js",
+        "node": "./dist/node/contracts/rbac.mjs",
+        "browser": "./dist/browser/contracts/rbac.js",
+        "default": "./dist/contracts/rbac.js"
+      },
+      "./contracts/user": {
+        "types": "./dist/contracts/user.d.ts",
+        "bun": "./dist/contracts/user.js",
+        "node": "./dist/node/contracts/user.mjs",
+        "browser": "./dist/browser/contracts/user.js",
+        "default": "./dist/contracts/user.js"
+      },
+      "./entities": {
+        "types": "./dist/entities/index.d.ts",
+        "bun": "./dist/entities/index.js",
+        "node": "./dist/node/entities/index.mjs",
+        "browser": "./dist/browser/entities/index.js",
+        "default": "./dist/entities/index.js"
+      },
+      "./entities/index": {
+        "types": "./dist/entities/index.d.ts",
+        "bun": "./dist/entities/index.js",
+        "node": "./dist/node/entities/index.mjs",
+        "browser": "./dist/browser/entities/index.js",
+        "default": "./dist/entities/index.js"
+      },
+      "./entities/organization": {
+        "types": "./dist/entities/organization.d.ts",
+        "bun": "./dist/entities/organization.js",
+        "node": "./dist/node/entities/organization.mjs",
+        "browser": "./dist/browser/entities/organization.js",
+        "default": "./dist/entities/organization.js"
+      },
+      "./entities/rbac": {
+        "types": "./dist/entities/rbac.d.ts",
+        "bun": "./dist/entities/rbac.js",
+        "node": "./dist/node/entities/rbac.mjs",
+        "browser": "./dist/browser/entities/rbac.js",
+        "default": "./dist/entities/rbac.js"
+      },
+      "./entities/user": {
+        "types": "./dist/entities/user.d.ts",
+        "bun": "./dist/entities/user.js",
+        "node": "./dist/node/entities/user.mjs",
+        "browser": "./dist/browser/entities/user.js",
+        "default": "./dist/entities/user.js"
+      },
+      "./events": {
+        "types": "./dist/events.d.ts",
+        "bun": "./dist/events.js",
+        "node": "./dist/node/events.mjs",
+        "browser": "./dist/browser/events.js",
+        "default": "./dist/events.js"
+      },
+      "./identity-rbac.capability": {
+        "types": "./dist/identity-rbac.capability.d.ts",
+        "bun": "./dist/identity-rbac.capability.js",
+        "node": "./dist/node/identity-rbac.capability.mjs",
+        "browser": "./dist/browser/identity-rbac.capability.js",
+        "default": "./dist/identity-rbac.capability.js"
+      },
+      "./identity-rbac.feature": {
+        "types": "./dist/identity-rbac.feature.d.ts",
+        "bun": "./dist/identity-rbac.feature.js",
+        "node": "./dist/node/identity-rbac.feature.mjs",
+        "browser": "./dist/browser/identity-rbac.feature.js",
+        "default": "./dist/identity-rbac.feature.js"
+      },
+      "./policies": {
+        "types": "./dist/policies/index.d.ts",
+        "bun": "./dist/policies/index.js",
+        "node": "./dist/node/policies/index.mjs",
+        "browser": "./dist/browser/policies/index.js",
+        "default": "./dist/policies/index.js"
+      },
+      "./policies/engine": {
+        "types": "./dist/policies/engine.d.ts",
+        "bun": "./dist/policies/engine.js",
+        "node": "./dist/node/policies/engine.mjs",
+        "browser": "./dist/browser/policies/engine.js",
+        "default": "./dist/policies/engine.js"
+      },
+      "./policies/index": {
+        "types": "./dist/policies/index.d.ts",
+        "bun": "./dist/policies/index.js",
+        "node": "./dist/node/policies/index.mjs",
+        "browser": "./dist/browser/policies/index.js",
+        "default": "./dist/policies/index.js"
+      }
     },
     "registry": "https://registry.npmjs.org/"
   },

package/dist/contracts/organization.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"organization.js","names":[],"sources":["../../src/contracts/organization.ts"],"sourcesContent":["import { ScalarTypeEnum, SchemaModel } from '@contractspec/lib.schema';\nimport { defineCommand, defineQuery } from '@contractspec/lib.contracts';\nimport { SuccessResultModel } from './user';\n\nconst OWNERS = ['platform.identity-rbac'] as const;\n\n// ============ SchemaModels ============\n\nexport const OrganizationModel = new SchemaModel({\n name: 'Organization',\n description: 'Organization details',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n logo: { type: ScalarTypeEnum.URL(), isOptional: true },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n type: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // PLATFORM_ADMIN | CONTRACT_SPEC_CUSTOMER\n onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nexport const MemberUserModel = new SchemaModel({\n name: 'MemberUser',\n description: 'Basic user info within a member',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const MemberModel = new SchemaModel({\n name: 'Member',\n description: 'Organization member',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n organizationId: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n user: { type: MemberUserModel, isOptional: false },\n },\n});\n\nexport const InvitationModel = new SchemaModel({\n name: 'Invitation',\n description: 'Organization invitation',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n status: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // pending | accepted | declined | expired\n expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nexport const CreateOrgInputModel = new SchemaModel({\n name: 'CreateOrgInput',\n description: 'Input for creating an organization',\n fields: {\n name: { type: ScalarTypeEnum.NonEmptyString(), isOptional: false },\n slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n type: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const GetOrgInputModel = new SchemaModel({\n name: 'GetOrgInput',\n description: 'Input for getting an organization',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const UpdateOrgInputModel = new SchemaModel({\n name: 'UpdateOrgInput',\n description: 'Input for updating an organization',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n logo: { type: ScalarTypeEnum.URL(), isOptional: true },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const InviteMemberInputModel = new SchemaModel({\n name: 'InviteMemberInput',\n description: 'Input for inviting a member',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // owner | admin | member\n teamId: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const AcceptInviteInputModel = new SchemaModel({\n name: 'AcceptInviteInput',\n description: 'Input for accepting an invitation',\n fields: {\n invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const RemoveMemberInputModel = new SchemaModel({\n name: 'RemoveMemberInput',\n description: 'Input for removing a member',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const MemberRemovedPayloadModel = new SchemaModel({\n name: 'MemberRemovedPayload',\n description: 'Payload for member removed event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const ListMembersInputModel = new SchemaModel({\n name: 'ListMembersInput',\n description: 'Input for listing members',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n },\n});\n\nexport const ListMembersOutputModel = new SchemaModel({\n name: 'ListMembersOutput',\n description: 'Output for listing members',\n fields: {\n members: { type: MemberModel, isOptional: false, isArray: true },\n total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false },\n },\n});\n\nexport const OrganizationWithRoleModel = new SchemaModel({\n name: 'OrganizationWithRole',\n description: 'Organization with user role',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n logo: { type: ScalarTypeEnum.URL(), isOptional: true },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n type: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const ListUserOrgsOutputModel = new SchemaModel({\n name: 'ListUserOrgsOutput',\n description: 'Output for listing user organizations',\n fields: {\n organizations: {\n type: OrganizationWithRoleModel,\n isOptional: false,\n isArray: true,\n },\n },\n});\n\n// ============ Contracts ============\n\n/**\n * Create a new organization.\n */\nexport const CreateOrgContract = defineCommand({\n meta: {\n key: 'identity.org.create',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'create'],\n description: 'Create a new organization.',\n goal: 'Allow users to create new organizations/workspaces.',\n context: 'Called during onboarding or when creating additional workspaces.',\n },\n io: {\n input: CreateOrgInputModel,\n output: OrganizationModel,\n errors: {\n SLUG_EXISTS: {\n description: 'An organization with this slug already exists',\n http: 409,\n gqlCode: 'SLUG_EXISTS',\n when: 'Slug is already taken',\n },\n },\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'org.created',\n version: '1.0.0',\n when: 'Organization is created',\n payload: OrganizationModel,\n },\n ],\n audit: ['org.created'],\n },\n});\n\n/**\n * Get organization details.\n */\nexport const GetOrgContract = defineQuery({\n meta: {\n key: 'identity.org.get',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'get'],\n description: 'Get organization details.',\n goal: 'Retrieve organization information.',\n context: 'Called when viewing organization settings or dashboard.',\n },\n io: {\n input: GetOrgInputModel,\n output: OrganizationModel,\n },\n policy: {\n auth: 'user',\n },\n});\n\n/**\n * Update organization.\n */\nexport const UpdateOrgContract = defineCommand({\n meta: {\n key: 'identity.org.update',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'update'],\n description: 'Update organization details.',\n goal: 'Allow org admins to update organization settings.',\n context: 'Organization settings page.',\n },\n io: {\n input: UpdateOrgInputModel,\n output: OrganizationModel,\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'org.updated',\n version: '1.0.0',\n when: 'Organization is updated',\n payload: OrganizationModel,\n },\n ],\n audit: ['org.updated'],\n },\n});\n\n/**\n * Invite a member to the organization.\n */\nexport const InviteMemberContract = defineCommand({\n meta: {\n key: 'identity.org.invite',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'invite', 'member'],\n description: 'Invite a user to join the organization.',\n goal: 'Allow org admins to invite new members.',\n context: 'Team management. Sends invitation email.',\n },\n io: {\n input: InviteMemberInputModel,\n output: InvitationModel,\n errors: {\n ALREADY_MEMBER: {\n description: 'User is already a member of this organization',\n http: 409,\n gqlCode: 'ALREADY_MEMBER',\n when: 'Invitee is already a member',\n },\n INVITE_PENDING: {\n description: 'An invitation for this email is already pending',\n http: 409,\n gqlCode: 'INVITE_PENDING',\n when: 'Active invitation exists',\n },\n },\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'org.invite.sent',\n version: '1.0.0',\n when: 'Invitation is sent',\n payload: InvitationModel,\n },\n ],\n audit: ['org.invite.sent'],\n },\n});\n\n/**\n * Accept an invitation.\n */\nexport const AcceptInviteContract = defineCommand({\n meta: {\n key: 'identity.org.invite.accept',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'invite', 'accept'],\n description: 'Accept an organization invitation.',\n goal: 'Allow users to join organizations via invitation.',\n context: 'Called from invitation email link.',\n },\n io: {\n input: AcceptInviteInputModel,\n output: MemberModel,\n errors: {\n INVITE_EXPIRED: {\n description: 'The invitation has expired',\n http: 410,\n gqlCode: 'INVITE_EXPIRED',\n when: 'Invitation is past expiry date',\n },\n INVITE_USED: {\n description: 'The invitation has already been used',\n http: 409,\n gqlCode: 'INVITE_USED',\n when: 'Invitation was already accepted',\n },\n },\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'org.member.added',\n version: '1.0.0',\n when: 'Member joins org',\n payload: MemberModel,\n },\n ],\n audit: ['org.member.added'],\n },\n});\n\n/**\n * Remove a member from the organization.\n */\nexport const RemoveMemberContract = defineCommand({\n meta: {\n key: 'identity.org.member.remove',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'member', 'remove'],\n description: 'Remove a member from the organization.',\n goal: 'Allow org admins to remove members.',\n context: 'Team management.',\n },\n io: {\n input: RemoveMemberInputModel,\n output: SuccessResultModel,\n errors: {\n CANNOT_REMOVE_OWNER: {\n description: 'Cannot remove the organization owner',\n http: 403,\n gqlCode: 'CANNOT_REMOVE_OWNER',\n when: 'Target is the org owner',\n },\n },\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'org.member.removed',\n version: '1.0.0',\n when: 'Member is removed',\n payload: MemberRemovedPayloadModel,\n },\n ],\n audit: ['org.member.removed'],\n },\n});\n\n/**\n * List organization members.\n */\nexport const ListMembersContract = defineQuery({\n meta: {\n key: 'identity.org.members.list',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'member', 'list'],\n description: 'List organization members.',\n goal: 'View all members of an organization.',\n context: 'Team management page.',\n },\n io: {\n input: ListMembersInputModel,\n output: ListMembersOutputModel,\n },\n policy: {\n auth: 'user',\n },\n});\n\n/**\n * List user's organizations.\n */\nexport const ListUserOrgsContract = defineQuery({\n meta: {\n key: 'identity.org.list',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'org', 'list'],\n description: 'List organizations the current user belongs to.',\n goal: 'Show user their organizations for workspace switching.',\n context: 'Workspace switcher, org selection.',\n },\n io: {\n input: null,\n output: ListUserOrgsOutputModel,\n },\n policy: {\n auth: 'user',\n },\n});\n"],"mappings":";;;;;AAIA,MAAM,SAAS,CAAC,yBAAyB;AAIzC,MAAa,oBAAoB,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,MAAM;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EACtD,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,qBAAqB;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EAC1E,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,kBAAkB,IAAI,YAAY;CAC7C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACnE;CACF,CAAC;AAEF,MAAa,cAAc,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,gBAAgB;GACd,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACb;EACD,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM;GAAiB,YAAY;GAAO;EACnD;CACF,CAAC;AAEF,MAAa,kBAAkB,IAAI,YAAY;CAC7C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,sBAAsB,IAAI,YAAY;CACjD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,MAAM;GAAE,MAAM,eAAe,gBAAgB;GAAE,YAAY;GAAO;EAClE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACnE;CACF,CAAC;AAEF,MAAa,mBAAmB,IAAI,YAAY;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ,EACN,OAAO;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACrE;CACF,CAAC;AAEF,MAAa,sBAAsB,IAAI,YAAY;CACjD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,MAAM;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EACtD,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAC1E;CACF,CAAC;AAEF,MAAa,yBAAyB,IAAI,YAAY;CACpD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACrE;CACF,CAAC;AAEF,MAAa,yBAAyB,IAAI,YAAY;CACpD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,cAAc;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EAC5E;CACF,CAAC;AAEF,MAAa,yBAAyB,IAAI,YAAY;CACpD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACtE;CACF,CAAC;AAEF,MAAa,4BAA4B,IAAI,YAAY;CACvD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACtE;CACF,CAAC;AAEF,MAAa,wBAAwB,IAAI,YAAY;CACnD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EAChE,QAAQ;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EAClE;CACF,CAAC;AAEF,MAAa,yBAAyB,IAAI,YAAY;CACpD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,SAAS;GAAE,MAAM;GAAa,YAAY;GAAO,SAAS;GAAM;EAChE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,4BAA4B,IAAI,YAAY;CACvD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,MAAM;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EACtD,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,qBAAqB;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EAC1E,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE;CACF,CAAC;AAEF,MAAa,0BAA0B,IAAI,YAAY;CACrD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,eAAe;EACb,MAAM;EACN,YAAY;EACZ,SAAS;EACV,EACF;CACF,CAAC;;;;AAOF,MAAa,oBAAoB,cAAc;CAC7C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAS;EACnC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,aAAa;GACX,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,cAAc;EACvB;CACF,CAAC;;;;AAKF,MAAa,iBAAiB,YAAY;CACxC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAM;EAChC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,oBAAoB,cAAc;CAC7C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAS;EACnC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,cAAc;EACvB;CACF,CAAC;;;;AAKF,MAAa,uBAAuB,cAAc;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAU;GAAS;EAC7C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ;GACN,gBAAgB;IACd,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACD,gBAAgB;IACd,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACF;EACF;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,kBAAkB;EAC3B;CACF,CAAC;;;;AAKF,MAAa,uBAAuB,cAAc;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAU;GAAS;EAC7C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ;GACN,gBAAgB;IACd,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACD,aAAa;IACX,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACF;EACF;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,mBAAmB;EAC5B;CACF,CAAC;;;;AAKF,MAAa,uBAAuB,cAAc;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAU;GAAS;EAC7C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,qBAAqB;GACnB,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,qBAAqB;EAC9B;CACF,CAAC;;;;AAKF,MAAa,sBAAsB,YAAY;CAC7C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAU;GAAO;EAC3C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,uBAAuB,YAAY;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAO;GAAO;EACjC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC"}

package/dist/contracts/rbac.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"rbac.js","names":[],"sources":["../../src/contracts/rbac.ts"],"sourcesContent":["import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';\nimport { defineCommand, defineQuery } from '@contractspec/lib.contracts';\nimport { SuccessResultModel } from './user';\n\n// ============ SchemaModels ============\n\nexport const RoleModel = new SchemaModel({\n name: 'Role',\n description: 'RBAC role definition',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n permissions: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n isArray: true,\n },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nexport const PolicyBindingModel = new SchemaModel({\n name: 'PolicyBinding',\n description: 'Role assignment to a target',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n role: { type: RoleModel, isOptional: false },\n },\n});\n\nexport const PermissionCheckResultModel = new SchemaModel({\n name: 'PermissionCheckResult',\n description: 'Result of a permission check',\n fields: {\n allowed: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n reason: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n matchedRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const CreateRoleInputModel = new SchemaModel({\n name: 'CreateRoleInput',\n description: 'Input for creating a role',\n fields: {\n name: { type: ScalarTypeEnum.NonEmptyString(), isOptional: false },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n permissions: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n isArray: true,\n },\n },\n});\n\nexport const UpdateRoleInputModel = new SchemaModel({\n name: 'UpdateRoleInput',\n description: 'Input for updating a role',\n fields: {\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n description: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n permissions: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: true,\n isArray: true,\n },\n },\n});\n\nexport const DeleteRoleInputModel = new SchemaModel({\n name: 'DeleteRoleInput',\n description: 'Input for deleting a role',\n fields: {\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const ListRolesOutputModel = new SchemaModel({\n name: 'ListRolesOutput',\n description: 'Output for listing roles',\n fields: {\n roles: { type: RoleModel, isOptional: false, isArray: true },\n },\n});\n\nexport const AssignRoleInputModel = new SchemaModel({\n name: 'AssignRoleInput',\n description: 'Input for assigning a role',\n fields: {\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n },\n});\n\nexport const RevokeRoleInputModel = new SchemaModel({\n name: 'RevokeRoleInput',\n description: 'Input for revoking a role',\n fields: {\n bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const BindingIdPayloadModel = new SchemaModel({\n name: 'BindingIdPayload',\n description: 'Payload with binding ID',\n fields: {\n bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const CheckPermissionInputModel = new SchemaModel({\n name: 'CheckPermissionInput',\n description: 'Input for checking a permission',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n permission: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const ListUserPermissionsInputModel = new SchemaModel({\n name: 'ListUserPermissionsInput',\n description: 'Input for listing user permissions',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const ListUserPermissionsOutputModel = new SchemaModel({\n name: 'ListUserPermissionsOutput',\n description: 'Output for listing user permissions',\n fields: {\n permissions: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n isArray: true,\n },\n roles: { type: RoleModel, isOptional: false, isArray: true },\n },\n});\n\n// ============ Contracts ============\n\n/**\n * Create a new role.\n */\nexport const CreateRoleContract = defineCommand({\n meta: {\n key: 'identity.rbac.role.create',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'role', 'create'],\n description: 'Create a new role with permissions.',\n goal: 'Allow admins to define custom roles.',\n context: 'Role management in admin settings.',\n },\n io: {\n input: CreateRoleInputModel,\n output: RoleModel,\n errors: {\n ROLE_EXISTS: {\n description: 'A role with this name already exists',\n http: 409,\n gqlCode: 'ROLE_EXISTS',\n when: 'Role name is taken',\n },\n },\n },\n policy: {\n auth: 'admin',\n },\n sideEffects: {\n audit: ['role.created'],\n },\n});\n\n/**\n * Update a role.\n */\nexport const UpdateRoleContract = defineCommand({\n meta: {\n key: 'identity.rbac.role.update',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'role', 'update'],\n description: 'Update an existing role.',\n goal: 'Allow admins to modify role permissions.',\n context: 'Role management in admin settings.',\n },\n io: {\n input: UpdateRoleInputModel,\n output: RoleModel,\n },\n policy: {\n auth: 'admin',\n },\n sideEffects: {\n audit: ['role.updated'],\n },\n});\n\n/**\n * Delete a role.\n */\nexport const DeleteRoleContract = defineCommand({\n meta: {\n key: 'identity.rbac.role.delete',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'role', 'delete'],\n description: 'Delete an existing role.',\n goal: 'Allow admins to remove unused roles.',\n context: 'Role management. Removes all policy bindings using this role.',\n },\n io: {\n input: DeleteRoleInputModel,\n output: SuccessResultModel,\n errors: {\n ROLE_IN_USE: {\n description: 'Role is still assigned to users or organizations',\n http: 409,\n gqlCode: 'ROLE_IN_USE',\n when: 'Role has active bindings',\n },\n },\n },\n policy: {\n auth: 'admin',\n },\n sideEffects: {\n audit: ['role.deleted'],\n },\n});\n\n/**\n * List all roles.\n */\nexport const ListRolesContract = defineQuery({\n meta: {\n key: 'identity.rbac.role.list',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'role', 'list'],\n description: 'List all available roles.',\n goal: 'Show available roles for assignment.',\n context: 'Role assignment UI.',\n },\n io: {\n input: null,\n output: ListRolesOutputModel,\n },\n policy: {\n auth: 'user',\n },\n});\n\n/**\n * Assign a role to a user or organization.\n */\nexport const AssignRoleContract = defineCommand({\n meta: {\n key: 'identity.rbac.assign',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'assign'],\n description: 'Assign a role to a user or organization.',\n goal: 'Grant permissions via role assignment.',\n context: 'User/org permission management.',\n },\n io: {\n input: AssignRoleInputModel,\n output: PolicyBindingModel,\n errors: {\n ROLE_NOT_FOUND: {\n description: 'The specified role does not exist',\n http: 404,\n gqlCode: 'ROLE_NOT_FOUND',\n when: 'Role ID is invalid',\n },\n ALREADY_ASSIGNED: {\n description: 'This role is already assigned to the target',\n http: 409,\n gqlCode: 'ALREADY_ASSIGNED',\n when: 'Binding already exists',\n },\n },\n },\n policy: {\n auth: 'admin',\n },\n sideEffects: {\n emits: [\n {\n key: 'role.assigned',\n version: '1.0.0',\n when: 'Role is assigned',\n payload: PolicyBindingModel,\n },\n ],\n audit: ['role.assigned'],\n },\n});\n\n/**\n * Revoke a role from a user or organization.\n */\nexport const RevokeRoleContract = defineCommand({\n meta: {\n key: 'identity.rbac.revoke',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'revoke'],\n description: 'Revoke a role from a user or organization.',\n goal: 'Remove permissions via role revocation.',\n context: 'User/org permission management.',\n },\n io: {\n input: RevokeRoleInputModel,\n output: SuccessResultModel,\n errors: {\n BINDING_NOT_FOUND: {\n description: 'The policy binding does not exist',\n http: 404,\n gqlCode: 'BINDING_NOT_FOUND',\n when: 'Binding ID is invalid',\n },\n },\n },\n policy: {\n auth: 'admin',\n },\n sideEffects: {\n emits: [\n {\n key: 'role.revoked',\n version: '1.0.0',\n when: 'Role is revoked',\n payload: BindingIdPayloadModel,\n },\n ],\n audit: ['role.revoked'],\n },\n});\n\n/**\n * Check if a user has a specific permission.\n */\nexport const CheckPermissionContract = defineQuery({\n meta: {\n key: 'identity.rbac.check',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'check', 'permission'],\n description: 'Check if a user has a specific permission.',\n goal: 'Authorization check before sensitive operations.',\n context: 'Called by other services to verify permissions.',\n },\n io: {\n input: CheckPermissionInputModel,\n output: PermissionCheckResultModel,\n },\n policy: {\n auth: 'user',\n },\n});\n\n/**\n * List permissions for a user.\n */\nexport const ListUserPermissionsContract = defineQuery({\n meta: {\n key: 'identity.rbac.permissions',\n version: '1.0.0',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'permissions', 'user'],\n description: 'List all permissions for a user in a context.',\n goal: 'Show what a user can do in an org.',\n context: 'UI permission display, debugging.',\n },\n io: {\n input: ListUserPermissionsInputModel,\n output: ListUserPermissionsOutputModel,\n },\n policy: {\n auth: 'user',\n },\n});\n"],"mappings":";;;;;AAMA,MAAa,YAAY,IAAI,YAAY;CACvC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,aAAa;GACX,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,qBAAqB,IAAI,YAAY;CAChD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM;GAAW,YAAY;GAAO;EAC7C;CACF,CAAC;AAEF,MAAa,6BAA6B,IAAI,YAAY;CACxD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,SAAS;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EAC9D,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAC1E;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,MAAM;GAAE,MAAM,eAAe,gBAAgB;GAAE,YAAY;GAAO;EAClE,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,aAAa;GACX,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACF;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,aAAa;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACzE,aAAa;GACX,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACF;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,QAAQ;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACtE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,OAAO;EAAE,MAAM;EAAW,YAAY;EAAO,SAAS;EAAM,EAC7D;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EACjE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,WAAW;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACzE;CACF,CAAC;AAEF,MAAa,wBAAwB,IAAI,YAAY;CACnD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,WAAW;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACzE;CACF,CAAC;AAEF,MAAa,4BAA4B,IAAI,YAAY;CACvD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACnE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC1E;CACF,CAAC;AAEF,MAAa,gCAAgC,IAAI,YAAY;CAC3D,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE;CACF,CAAC;AAEF,MAAa,iCAAiC,IAAI,YAAY;CAC5D,MAAM;CACN,aAAa;CACb,QAAQ;EACN,aAAa;GACX,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,OAAO;GAAE,MAAM;GAAW,YAAY;GAAO,SAAS;GAAM;EAC7D;CACF,CAAC;;;;AAOF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAQ;GAAS;EAC5C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,aAAa;GACX,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,SACP;CACD,aAAa,EACX,OAAO,CAAC,eAAe,EACxB;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAQ;GAAS;EAC5C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,SACP;CACD,aAAa,EACX,OAAO,CAAC,eAAe,EACxB;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAQ;GAAS;EAC5C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,aAAa;GACX,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,SACP;CACD,aAAa,EACX,OAAO,CAAC,eAAe,EACxB;CACF,CAAC;;;;AAKF,MAAa,oBAAoB,YAAY;CAC3C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAQ;GAAO;EAC1C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ;GACN,gBAAgB;IACd,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACD,kBAAkB;IAChB,aAAa;IACb,MAAM;IACN,SAAS;IACT,MAAM;IACP;GACF;EACF;CACD,QAAQ,EACN,MAAM,SACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,gBAAgB;EACzB;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,mBAAmB;GACjB,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,SACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,0BAA0B,YAAY;CACjD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAa;EACjD,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,8BAA8B,YAAY;CACrD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAe;GAAO;EACjD,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC"}

package/dist/contracts/user.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"user.js","names":[],"sources":["../../src/contracts/user.ts"],"sourcesContent":["import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';\nimport { defineCommand, defineQuery } from '@contractspec/lib.contracts';\n\nconst OWNERS = ['platform.identity-rbac'] as const;\n\n// ============ SchemaModels ============\n\nexport const UserProfileModel = new SchemaModel({\n name: 'UserProfile',\n description: 'User profile information',\n fields: {\n id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n emailVerified: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nexport const CreateUserInputModel = new SchemaModel({\n name: 'CreateUserInput',\n description: 'Input for creating a new user',\n fields: {\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n password: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const UpdateUserInputModel = new SchemaModel({\n name: 'UpdateUserInput',\n description: 'Input for updating a user profile',\n fields: {\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },\n },\n});\n\nexport const DeleteUserInputModel = new SchemaModel({\n name: 'DeleteUserInput',\n description: 'Input for deleting a user',\n fields: {\n confirmEmail: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n },\n});\n\nexport const SuccessResultModel = new SchemaModel({\n name: 'SuccessResult',\n description: 'Simple success result',\n fields: {\n success: { type: ScalarTypeEnum.Boolean(), isOptional: false },\n },\n});\n\nexport const UserDeletedPayloadModel = new SchemaModel({\n name: 'UserDeletedPayload',\n description: 'Payload for user deleted event',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n },\n});\n\nexport const ListUsersInputModel = new SchemaModel({\n name: 'ListUsersInput',\n description: 'Input for listing users',\n fields: {\n limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },\n search: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n },\n});\n\nexport const ListUsersOutputModel = new SchemaModel({\n name: 'ListUsersOutput',\n description: 'Output for listing users',\n fields: {\n users: { type: UserProfileModel, isOptional: false, isArray: true },\n total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false },\n },\n});\n\n// ============ Contracts ============\n\n/**\n * Create a new user account.\n */\nexport const CreateUserContract = defineCommand({\n meta: {\n key: 'identity.user.create',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'user', 'create'],\n description: 'Create a new user account.',\n goal: 'Register a new user in the system.',\n context: 'Used during signup flows. May trigger email verification.',\n },\n io: {\n input: CreateUserInputModel,\n output: UserProfileModel,\n errors: {\n EMAIL_EXISTS: {\n description: 'A user with this email already exists',\n http: 409,\n gqlCode: 'EMAIL_EXISTS',\n when: 'Email is already registered',\n },\n },\n },\n policy: {\n auth: 'anonymous',\n },\n sideEffects: {\n emits: [\n {\n key: 'user.created',\n version: '1.0.0',\n when: 'User is successfully created',\n payload: UserProfileModel,\n },\n ],\n audit: ['user.created'],\n },\n});\n\n/**\n * Get the current user's profile.\n */\nexport const GetCurrentUserContract = defineQuery({\n meta: {\n key: 'identity.user.me',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'user', 'profile'],\n description: 'Get the current authenticated user profile.',\n goal: 'Retrieve user profile for the authenticated session.',\n context: 'Called on app load and after profile updates.',\n },\n io: {\n input: null,\n output: UserProfileModel,\n },\n policy: {\n auth: 'user',\n },\n});\n\n/**\n * Update user profile.\n */\nexport const UpdateUserContract = defineCommand({\n meta: {\n key: 'identity.user.update',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'user', 'update'],\n description: 'Update user profile information.',\n goal: 'Allow users to update their profile.',\n context: 'Self-service profile updates.',\n },\n io: {\n input: UpdateUserInputModel,\n output: UserProfileModel,\n },\n policy: {\n auth: 'user',\n },\n sideEffects: {\n emits: [\n {\n key: 'user.updated',\n version: '1.0.0',\n when: 'User profile is updated',\n payload: UserProfileModel,\n },\n ],\n audit: ['user.updated'],\n },\n});\n\n/**\n * Delete user account.\n */\nexport const DeleteUserContract = defineCommand({\n meta: {\n key: 'identity.user.delete',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'user', 'delete'],\n description: 'Delete user account and all associated data.',\n goal: 'Allow users to delete their account (GDPR compliance).',\n context:\n 'Self-service account deletion. Cascades to memberships, sessions, etc.',\n },\n io: {\n input: DeleteUserInputModel,\n output: SuccessResultModel,\n },\n policy: {\n auth: 'user',\n escalate: 'human_review',\n },\n sideEffects: {\n emits: [\n {\n key: 'user.deleted',\n version: '1.0.0',\n when: 'User account is deleted',\n payload: UserDeletedPayloadModel,\n },\n ],\n audit: ['user.deleted'],\n },\n});\n\n/**\n * List users (admin only).\n */\nexport const ListUsersContract = defineQuery({\n meta: {\n key: 'identity.user.list',\n version: '1.0.0',\n stability: 'stable',\n owners: [...OWNERS],\n tags: ['identity', 'user', 'admin', 'list'],\n description: 'List all users (admin only).',\n goal: 'Allow admins to browse and manage users.',\n context: 'Admin dashboard user management.',\n },\n io: {\n input: ListUsersInputModel,\n output: ListUsersOutputModel,\n },\n policy: {\n auth: 'admin',\n },\n});\n"],"mappings":";;;;AAGA,MAAM,SAAS,CAAC,yBAAyB;AAIzC,MAAa,mBAAmB,IAAI,YAAY;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,IAAI;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACjE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,eAAe;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EAC1D,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,qBAAqB;GAAE,MAAM,eAAe,SAAS;GAAE,YAAY;GAAO;EAC1E,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACtE,UAAU;GAAE,MAAM,eAAe,KAAK;GAAE,YAAY;GAAM;EAC3D;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,cAAc;EAAE,MAAM,eAAe,cAAc;EAAE,YAAY;EAAO,EACzE;CACF,CAAC;AAEF,MAAa,qBAAqB,IAAI,YAAY;CAChD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,SAAS;EAAE,MAAM,eAAe,SAAS;EAAE,YAAY;EAAO,EAC/D;CACF,CAAC;AAEF,MAAa,0BAA0B,IAAI,YAAY;CACrD,MAAM;CACN,aAAa;CACb,QAAQ,EACN,QAAQ;EAAE,MAAM,eAAe,iBAAiB;EAAE,YAAY;EAAO,EACtE;CACF,CAAC;AAEF,MAAa,sBAAsB,IAAI,YAAY;CACjD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EAChE,QAAQ;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAM;EACjE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACrE;CACF,CAAC;AAEF,MAAa,uBAAuB,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM;GAAkB,YAAY;GAAO,SAAS;GAAM;EACnE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;;;;AAOF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACR,QAAQ,EACN,cAAc;GACZ,aAAa;GACb,MAAM;GACN,SAAS;GACT,MAAM;GACP,EACF;EACF;CACD,QAAQ,EACN,MAAM,aACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAU;EACrC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,QACP;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,qBAAqB,cAAc;CAC9C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;EACpC,aAAa;EACb,MAAM;EACN,SACE;EACH;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ;EACN,MAAM;EACN,UAAU;EACX;CACD,aAAa;EACX,OAAO,CACL;GACE,KAAK;GACL,SAAS;GACT,MAAM;GACN,SAAS;GACV,CACF;EACD,OAAO,CAAC,eAAe;EACxB;CACF,CAAC;;;;AAKF,MAAa,oBAAoB,YAAY;CAC3C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,WAAW;EACX,QAAQ,CAAC,GAAG,OAAO;EACnB,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAO;EAC3C,aAAa;EACb,MAAM;EACN,SAAS;EACV;CACD,IAAI;EACF,OAAO;EACP,QAAQ;EACT;CACD,QAAQ,EACN,MAAM,SACP;CACF,CAAC"}

package/dist/entities/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":["// User-related entities\nexport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\n\n// Organization-related entities\nexport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\n\n// RBAC entities\nexport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\n\n// Re-export all entities as a module contribution\nimport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\nimport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\nimport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\nimport type { ModuleSchemaContribution } from '@contractspec/lib.schema';\n\n/**\n * All identity-rbac entities for schema composition.\n */\nexport const identityRbacEntities = [\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n];\n\n/**\n * Module schema contribution for identity-rbac.\n */\nexport const identityRbacSchemaContribution: ModuleSchemaContribution = {\n moduleId: '@contractspec/lib.identity-rbac',\n entities: identityRbacEntities,\n enums: [OrganizationTypeEnum],\n};\n"],"mappings":";;;;;;;;AAsDA,MAAa,uBAAuB;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;AAKD,MAAa,iCAA2D;CACtE,UAAU;CACV,UAAU;CACV,OAAO,CAAC,qBAAqB;CAC9B"}

package/dist/entities/organization.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"organization.js","names":[],"sources":["../../src/entities/organization.ts"],"sourcesContent":["import {\n defineEntity,\n defineEntityEnum,\n field,\n index,\n} from '@contractspec/lib.schema';\n\n/**\n * Organization type enum.\n */\nexport const OrganizationTypeEnum = defineEntityEnum({\n name: 'OrganizationType',\n values: ['PLATFORM_ADMIN', 'CONTRACT_SPEC_CUSTOMER'] as const,\n schema: 'lssm_sigil',\n description: 'Type of organization in the platform.',\n});\n\n/**\n * Organization entity - tenant/company grouping.\n */\nexport const OrganizationEntity = defineEntity({\n name: 'Organization',\n description: 'An organization is a tenant boundary grouping users.',\n schema: 'lssm_sigil',\n map: 'organization',\n fields: {\n id: field.id({ description: 'Unique organization identifier' }),\n name: field.string({ description: 'Organization display name' }),\n slug: field.string({\n isOptional: true,\n isUnique: true,\n description: 'URL-friendly identifier',\n }),\n logo: field.url({ isOptional: true, description: 'Organization logo URL' }),\n description: field.string({\n isOptional: true,\n description: 'Organization description',\n }),\n metadata: field.json({\n isOptional: true,\n description: 'Arbitrary organization metadata',\n }),\n type: field.enum('OrganizationType', { description: 'Organization type' }),\n\n // Onboarding\n onboardingCompleted: field.boolean({ default: false }),\n onboardingStep: field.string({ isOptional: true }),\n\n // Referrals\n referralCode: field.string({\n isOptional: true,\n isUnique: true,\n description: 'Unique referral code',\n }),\n referredBy: field.string({\n isOptional: true,\n description: 'ID of referring user',\n }),\n\n // Timestamps\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n members: field.hasMany('Member'),\n invitations: field.hasMany('Invitation'),\n teams: field.hasMany('Team'),\n policyBindings: field.hasMany('PolicyBinding'),\n },\n enums: [OrganizationTypeEnum],\n});\n\n/**\n * Member entity - user membership in an organization.\n */\nexport const MemberEntity = defineEntity({\n name: 'Member',\n description: 'Membership of a user in an organization with a role.',\n schema: 'lssm_sigil',\n map: 'member',\n fields: {\n id: field.id(),\n userId: field.foreignKey(),\n organizationId: field.foreignKey(),\n role: field.string({\n description: 'Role in organization (owner, admin, member)',\n }),\n createdAt: field.createdAt(),\n\n // Relations\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n organization: field.belongsTo('Organization', ['organizationId'], ['id'], {\n onDelete: 'Cascade',\n }),\n },\n indexes: [index.unique(['userId', 'organizationId'])],\n});\n\n/**\n * Invitation entity - pending organization invites.\n */\nexport const InvitationEntity = defineEntity({\n name: 'Invitation',\n description: 'An invitation to join an organization.',\n schema: 'lssm_sigil',\n map: 'invitation',\n fields: {\n id: field.id(),\n organizationId: field.foreignKey(),\n email: field.email({ description: 'Invited email address' }),\n role: field.string({\n isOptional: true,\n description: 'Role to assign on acceptance',\n }),\n status: field.string({\n default: '\"pending\"',\n description: 'Invitation status',\n }),\n acceptedAt: field.dateTime({ isOptional: true }),\n expiresAt: field.dateTime({ isOptional: true }),\n inviterId: field.foreignKey({\n description: 'User who sent the invitation',\n }),\n teamId: field.string({ isOptional: true }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n organization: field.belongsTo('Organization', ['organizationId'], ['id'], {\n onDelete: 'Cascade',\n }),\n inviter: field.belongsTo('User', ['inviterId'], ['id'], {\n onDelete: 'Cascade',\n }),\n team: field.belongsTo('Team', ['teamId'], ['id'], { onDelete: 'Cascade' }),\n },\n});\n\n/**\n * Team entity - team within an organization.\n */\nexport const TeamEntity = defineEntity({\n name: 'Team',\n description: 'Team within an organization.',\n schema: 'lssm_sigil',\n map: 'team',\n fields: {\n id: field.id(),\n name: field.string({ description: 'Team name' }),\n organizationId: field.foreignKey(),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n organization: field.belongsTo('Organization', ['organizationId'], ['id'], {\n onDelete: 'Cascade',\n }),\n members: field.hasMany('TeamMember'),\n invitations: field.hasMany('Invitation'),\n },\n});\n\n/**\n * TeamMember entity - user's team membership.\n */\nexport const TeamMemberEntity = defineEntity({\n name: 'TeamMember',\n description: 'Team membership for a user.',\n schema: 'lssm_sigil',\n map: 'team_member',\n fields: {\n id: field.id(),\n teamId: field.foreignKey(),\n userId: field.foreignKey(),\n createdAt: field.createdAt(),\n\n // Relations\n team: field.belongsTo('Team', ['teamId'], ['id'], { onDelete: 'Cascade' }),\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n },\n});\n"],"mappings":";;;;;;AAUA,MAAa,uBAAuB,iBAAiB;CACnD,MAAM;CACN,QAAQ,CAAC,kBAAkB,yBAAyB;CACpD,QAAQ;CACR,aAAa;CACd,CAAC;;;;AAKF,MAAa,qBAAqB,aAAa;CAC7C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,GAAG,EAAE,aAAa,kCAAkC,CAAC;EAC/D,MAAM,MAAM,OAAO,EAAE,aAAa,6BAA6B,CAAC;EAChE,MAAM,MAAM,OAAO;GACjB,YAAY;GACZ,UAAU;GACV,aAAa;GACd,CAAC;EACF,MAAM,MAAM,IAAI;GAAE,YAAY;GAAM,aAAa;GAAyB,CAAC;EAC3E,aAAa,MAAM,OAAO;GACxB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,UAAU,MAAM,KAAK;GACnB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,MAAM,MAAM,KAAK,oBAAoB,EAAE,aAAa,qBAAqB,CAAC;EAG1E,qBAAqB,MAAM,QAAQ,EAAE,SAAS,OAAO,CAAC;EACtD,gBAAgB,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAGlD,cAAc,MAAM,OAAO;GACzB,YAAY;GACZ,UAAU;GACV,aAAa;GACd,CAAC;EACF,YAAY,MAAM,OAAO;GACvB,YAAY;GACZ,aAAa;GACd,CAAC;EAGF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,SAAS,MAAM,QAAQ,SAAS;EAChC,aAAa,MAAM,QAAQ,aAAa;EACxC,OAAO,MAAM,QAAQ,OAAO;EAC5B,gBAAgB,MAAM,QAAQ,gBAAgB;EAC/C;CACD,OAAO,CAAC,qBAAqB;CAC9B,CAAC;;;;AAKF,MAAa,eAAe,aAAa;CACvC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,QAAQ,MAAM,YAAY;EAC1B,gBAAgB,MAAM,YAAY;EAClC,MAAM,MAAM,OAAO,EACjB,aAAa,+CACd,CAAC;EACF,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC1E,cAAc,MAAM,UAAU,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EACxE,UAAU,WACX,CAAC;EACH;CACD,SAAS,CAAC,MAAM,OAAO,CAAC,UAAU,iBAAiB,CAAC,CAAC;CACtD,CAAC;;;;AAKF,MAAa,mBAAmB,aAAa;CAC3C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,gBAAgB,MAAM,YAAY;EAClC,OAAO,MAAM,MAAM,EAAE,aAAa,yBAAyB,CAAC;EAC5D,MAAM,MAAM,OAAO;GACjB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,QAAQ,MAAM,OAAO;GACnB,SAAS;GACT,aAAa;GACd,CAAC;EACF,YAAY,MAAM,SAAS,EAAE,YAAY,MAAM,CAAC;EAChD,WAAW,MAAM,SAAS,EAAE,YAAY,MAAM,CAAC;EAC/C,WAAW,MAAM,WAAW,EAC1B,aAAa,gCACd,CAAC;EACF,QAAQ,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAC1C,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,cAAc,MAAM,UAAU,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EACxE,UAAU,WACX,CAAC;EACF,SAAS,MAAM,UAAU,QAAQ,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,EACtD,UAAU,WACX,CAAC;EACF,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACF,CAAC;;;;AAKF,MAAa,aAAa,aAAa;CACrC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,MAAM,MAAM,OAAO,EAAE,aAAa,aAAa,CAAC;EAChD,gBAAgB,MAAM,YAAY;EAClC,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,cAAc,MAAM,UAAU,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,KAAK,EAAE,EACxE,UAAU,WACX,CAAC;EACF,SAAS,MAAM,QAAQ,aAAa;EACpC,aAAa,MAAM,QAAQ,aAAa;EACzC;CACF,CAAC;;;;AAKF,MAAa,mBAAmB,aAAa;CAC3C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,QAAQ,MAAM,YAAY;EAC1B,QAAQ,MAAM,YAAY;EAC1B,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC1E,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACF,CAAC"}

package/dist/entities/rbac.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"rbac.js","names":[],"sources":["../../src/entities/rbac.ts"],"sourcesContent":["import { defineEntity, field, index } from '@contractspec/lib.schema';\n\n/**\n * Role entity - named set of permissions.\n */\nexport const RoleEntity = defineEntity({\n name: 'Role',\n description: 'A role defines a named set of permissions.',\n schema: 'lssm_sigil',\n map: 'role',\n fields: {\n id: field.id(),\n name: field.string({ isUnique: true, description: 'Unique role name' }),\n description: field.string({\n isOptional: true,\n description: 'Role description',\n }),\n permissions: field.string({\n isArray: true,\n description: 'Array of permission names',\n }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n policyBindings: field.hasMany('PolicyBinding'),\n },\n});\n\n/**\n * Permission entity - atomic access right.\n */\nexport const PermissionEntity = defineEntity({\n name: 'Permission',\n description: 'A permission represents an atomic access right.',\n schema: 'lssm_sigil',\n map: 'permission',\n fields: {\n id: field.id(),\n name: field.string({\n isUnique: true,\n description: 'Unique permission name',\n }),\n description: field.string({\n isOptional: true,\n description: 'Permission description',\n }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n },\n});\n\n/**\n * PolicyBinding entity - binds roles to principals.\n */\nexport const PolicyBindingEntity = defineEntity({\n name: 'PolicyBinding',\n description: 'Binds roles to principals (users or organizations).',\n schema: 'lssm_sigil',\n map: 'policy_binding',\n fields: {\n id: field.id(),\n roleId: field.foreignKey(),\n targetType: field.string({ description: '\"user\" or \"organization\"' }),\n targetId: field.string({ description: 'ID of User or Organization' }),\n expiresAt: field.dateTime({\n isOptional: true,\n description: 'When binding expires',\n }),\n createdAt: field.createdAt(),\n\n // Optional direct relations\n userId: field.string({ isOptional: true }),\n organizationId: field.string({ isOptional: true }),\n\n // Relations\n role: field.belongsTo('Role', ['roleId'], ['id'], { onDelete: 'Cascade' }),\n user: field.belongsTo('User', ['userId'], ['id']),\n organization: field.belongsTo('Organization', ['organizationId'], ['id']),\n },\n indexes: [index.on(['targetType', 'targetId'])],\n});\n\n/**\n * ApiKey entity - API keys for programmatic access.\n */\nexport const ApiKeyEntity = defineEntity({\n name: 'ApiKey',\n description: 'API keys for programmatic access.',\n schema: 'lssm_sigil',\n map: 'api_key',\n fields: {\n id: field.id(),\n name: field.string({ description: 'API key name' }),\n start: field.string({\n description: 'Starting characters for identification',\n }),\n prefix: field.string({ description: 'API key prefix' }),\n key: field.string({ description: 'Hashed API key' }),\n userId: field.foreignKey(),\n\n // Rate limiting\n refillInterval: field.int({ description: 'Refill interval in ms' }),\n refillAmount: field.int({ description: 'Amount to refill' }),\n lastRefillAt: field.dateTime(),\n remaining: field.int({ description: 'Remaining requests' }),\n requestCount: field.int({ description: 'Total requests made' }),\n lastRequest: field.dateTime(),\n\n // Limits\n enabled: field.boolean({ default: true }),\n rateLimitEnabled: field.boolean({ default: true }),\n rateLimitTimeWindow: field.int({ description: 'Rate limit window in ms' }),\n rateLimitMax: field.int({ description: 'Max requests in window' }),\n\n // Expiration\n expiresAt: field.dateTime(),\n\n // Permissions\n permissions: field.string({ isArray: true }),\n metadata: field.json({ isOptional: true }),\n\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n },\n});\n\n/**\n * Passkey entity - WebAuthn passkeys.\n */\nexport const PasskeyEntity = defineEntity({\n name: 'Passkey',\n description: 'WebAuthn passkeys for passwordless authentication.',\n schema: 'lssm_sigil',\n map: 'passkey',\n fields: {\n id: field.id(),\n name: field.string({ description: 'Passkey name' }),\n publicKey: field.string({ description: 'Public key' }),\n userId: field.foreignKey(),\n credentialID: field.string({ description: 'Credential ID' }),\n counter: field.int({ description: 'Counter' }),\n deviceType: field.string({ description: 'Device type' }),\n backedUp: field.boolean({ description: 'Whether passkey is backed up' }),\n transports: field.string({ description: 'Transports' }),\n aaguid: field.string({ description: 'Authenticator GUID' }),\n createdAt: field.createdAt(),\n\n // Relations\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n },\n});\n"],"mappings":";;;;;;AAKA,MAAa,aAAa,aAAa;CACrC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,MAAM,MAAM,OAAO;GAAE,UAAU;GAAM,aAAa;GAAoB,CAAC;EACvE,aAAa,MAAM,OAAO;GACxB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,aAAa,MAAM,OAAO;GACxB,SAAS;GACT,aAAa;GACd,CAAC;EACF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,gBAAgB,MAAM,QAAQ,gBAAgB;EAC/C;CACF,CAAC;;;;AAKF,MAAa,mBAAmB,aAAa;CAC3C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,MAAM,MAAM,OAAO;GACjB,UAAU;GACV,aAAa;GACd,CAAC;EACF,aAAa,MAAM,OAAO;GACxB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAC7B;CACF,CAAC;;;;AAKF,MAAa,sBAAsB,aAAa;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,QAAQ,MAAM,YAAY;EAC1B,YAAY,MAAM,OAAO,EAAE,aAAa,gCAA4B,CAAC;EACrE,UAAU,MAAM,OAAO,EAAE,aAAa,8BAA8B,CAAC;EACrE,WAAW,MAAM,SAAS;GACxB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,WAAW,MAAM,WAAW;EAG5B,QAAQ,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAC1C,gBAAgB,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAGlD,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC1E,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC;EACjD,cAAc,MAAM,UAAU,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,KAAK,CAAC;EAC1E;CACD,SAAS,CAAC,MAAM,GAAG,CAAC,cAAc,WAAW,CAAC,CAAC;CAChD,CAAC;;;;AAKF,MAAa,eAAe,aAAa;CACvC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,MAAM,MAAM,OAAO,EAAE,aAAa,gBAAgB,CAAC;EACnD,OAAO,MAAM,OAAO,EAClB,aAAa,0CACd,CAAC;EACF,QAAQ,MAAM,OAAO,EAAE,aAAa,kBAAkB,CAAC;EACvD,KAAK,MAAM,OAAO,EAAE,aAAa,kBAAkB,CAAC;EACpD,QAAQ,MAAM,YAAY;EAG1B,gBAAgB,MAAM,IAAI,EAAE,aAAa,yBAAyB,CAAC;EACnE,cAAc,MAAM,IAAI,EAAE,aAAa,oBAAoB,CAAC;EAC5D,cAAc,MAAM,UAAU;EAC9B,WAAW,MAAM,IAAI,EAAE,aAAa,sBAAsB,CAAC;EAC3D,cAAc,MAAM,IAAI,EAAE,aAAa,uBAAuB,CAAC;EAC/D,aAAa,MAAM,UAAU;EAG7B,SAAS,MAAM,QAAQ,EAAE,SAAS,MAAM,CAAC;EACzC,kBAAkB,MAAM,QAAQ,EAAE,SAAS,MAAM,CAAC;EAClD,qBAAqB,MAAM,IAAI,EAAE,aAAa,2BAA2B,CAAC;EAC1E,cAAc,MAAM,IAAI,EAAE,aAAa,0BAA0B,CAAC;EAGlE,WAAW,MAAM,UAAU;EAG3B,aAAa,MAAM,OAAO,EAAE,SAAS,MAAM,CAAC;EAC5C,UAAU,MAAM,KAAK,EAAE,YAAY,MAAM,CAAC;EAE1C,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACF,CAAC;;;;AAKF,MAAa,gBAAgB,aAAa;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,MAAM,MAAM,OAAO,EAAE,aAAa,gBAAgB,CAAC;EACnD,WAAW,MAAM,OAAO,EAAE,aAAa,cAAc,CAAC;EACtD,QAAQ,MAAM,YAAY;EAC1B,cAAc,MAAM,OAAO,EAAE,aAAa,iBAAiB,CAAC;EAC5D,SAAS,MAAM,IAAI,EAAE,aAAa,WAAW,CAAC;EAC9C,YAAY,MAAM,OAAO,EAAE,aAAa,eAAe,CAAC;EACxD,UAAU,MAAM,QAAQ,EAAE,aAAa,gCAAgC,CAAC;EACxE,YAAY,MAAM,OAAO,EAAE,aAAa,cAAc,CAAC;EACvD,QAAQ,MAAM,OAAO,EAAE,aAAa,sBAAsB,CAAC;EAC3D,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACF,CAAC"}

package/dist/entities/user.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"user.js","names":[],"sources":["../../src/entities/user.ts"],"sourcesContent":["import { defineEntity, field, index } from '@contractspec/lib.schema';\n\n/**\n * User entity - core user profile and authentication.\n */\nexport const UserEntity = defineEntity({\n name: 'User',\n description:\n 'A user of the platform. Users hold core profile information and authenticate via Account records.',\n schema: 'lssm_sigil',\n map: 'user',\n fields: {\n id: field.id({ description: 'Unique user identifier' }),\n email: field.email({ isUnique: true, description: 'User email address' }),\n emailVerified: field.boolean({\n default: false,\n description: 'Whether email has been verified',\n }),\n name: field.string({ isOptional: true, description: 'Display name' }),\n firstName: field.string({ isOptional: true, description: 'First name' }),\n lastName: field.string({ isOptional: true, description: 'Last name' }),\n locale: field.string({\n isOptional: true,\n description: 'User locale (e.g., \"en-US\")',\n }),\n timezone: field.string({\n isOptional: true,\n description: 'Olson timezone (e.g., \"Europe/Paris\")',\n }),\n imageUrl: field.url({\n isOptional: true,\n description: 'URL of avatar or profile picture',\n }),\n image: field.string({\n isOptional: true,\n description: 'Legacy image field',\n }),\n metadata: field.json({\n isOptional: true,\n description: 'Arbitrary user metadata',\n }),\n\n // Onboarding\n onboardingCompleted: field.boolean({\n default: false,\n description: 'Whether onboarding is complete',\n }),\n onboardingStep: field.string({\n isOptional: true,\n description: 'Current onboarding step',\n }),\n whitelistedAt: field.dateTime({\n isOptional: true,\n description: 'When user was whitelisted',\n }),\n\n // Admin fields\n role: field.string({\n isOptional: true,\n default: '\"user\"',\n description: 'User role (user, admin)',\n }),\n banned: field.boolean({\n default: false,\n description: 'Whether user is banned',\n }),\n banReason: field.string({\n isOptional: true,\n description: 'Reason for ban',\n }),\n banExpires: field.dateTime({\n isOptional: true,\n description: 'When ban expires',\n }),\n\n // Phone authentication\n phoneNumber: field.string({\n isOptional: true,\n isUnique: true,\n description: 'Phone number',\n }),\n phoneNumberVerified: field.boolean({\n default: false,\n description: 'Whether phone is verified',\n }),\n\n // Timestamps\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n sessions: field.hasMany('Session'),\n accounts: field.hasMany('Account'),\n memberships: field.hasMany('Member'),\n invitations: field.hasMany('Invitation'),\n teamMemberships: field.hasMany('TeamMember'),\n policyBindings: field.hasMany('PolicyBinding'),\n apiKeys: field.hasMany('ApiKey'),\n passkeys: field.hasMany('Passkey'),\n },\n});\n\n/**\n * Session entity - login sessions.\n */\nexport const SessionEntity = defineEntity({\n name: 'Session',\n description: 'Represents a login session (e.g., web session or API token).',\n schema: 'lssm_sigil',\n map: 'session',\n fields: {\n id: field.id(),\n userId: field.foreignKey(),\n expiresAt: field.dateTime({ description: 'Session expiration time' }),\n token: field.string({ isUnique: true, description: 'Session token' }),\n ipAddress: field.string({\n isOptional: true,\n description: 'Client IP address',\n }),\n userAgent: field.string({\n isOptional: true,\n description: 'Client user agent',\n }),\n impersonatedBy: field.string({\n isOptional: true,\n description: 'Admin impersonating this session',\n }),\n activeOrganizationId: field.string({\n isOptional: true,\n description: 'Active org context',\n }),\n activeTeamId: field.string({\n isOptional: true,\n description: 'Active team context',\n }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n },\n});\n\n/**\n * Account entity - external authentication accounts.\n */\nexport const AccountEntity = defineEntity({\n name: 'Account',\n description: 'External authentication accounts (OAuth, password, etc.).',\n schema: 'lssm_sigil',\n map: 'account',\n fields: {\n id: field.id(),\n accountId: field.string({ description: 'Account ID from provider' }),\n providerId: field.string({ description: 'Provider identifier' }),\n userId: field.foreignKey(),\n accessToken: field.string({ isOptional: true }),\n refreshToken: field.string({ isOptional: true }),\n idToken: field.string({ isOptional: true }),\n accessTokenExpiresAt: field.dateTime({ isOptional: true }),\n refreshTokenExpiresAt: field.dateTime({ isOptional: true }),\n scope: field.string({ isOptional: true }),\n password: field.string({\n isOptional: true,\n description: 'Hashed password for password providers',\n }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n\n // Relations\n user: field.belongsTo('User', ['userId'], ['id'], { onDelete: 'Cascade' }),\n },\n indexes: [index.unique(['accountId', 'providerId'])],\n});\n\n/**\n * Verification entity - email/phone verification tokens.\n */\nexport const VerificationEntity = defineEntity({\n name: 'Verification',\n description: 'Verification tokens for email/phone confirmation.',\n schema: 'lssm_sigil',\n map: 'verification',\n fields: {\n id: field.uuid(),\n identifier: field.string({ description: 'Email or phone being verified' }),\n value: field.string({ description: 'Verification code/token' }),\n expiresAt: field.dateTime({ description: 'Token expiration' }),\n createdAt: field.createdAt(),\n updatedAt: field.updatedAt(),\n },\n});\n"],"mappings":";;;;;;AAKA,MAAa,aAAa,aAAa;CACrC,MAAM;CACN,aACE;CACF,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,GAAG,EAAE,aAAa,0BAA0B,CAAC;EACvD,OAAO,MAAM,MAAM;GAAE,UAAU;GAAM,aAAa;GAAsB,CAAC;EACzE,eAAe,MAAM,QAAQ;GAC3B,SAAS;GACT,aAAa;GACd,CAAC;EACF,MAAM,MAAM,OAAO;GAAE,YAAY;GAAM,aAAa;GAAgB,CAAC;EACrE,WAAW,MAAM,OAAO;GAAE,YAAY;GAAM,aAAa;GAAc,CAAC;EACxE,UAAU,MAAM,OAAO;GAAE,YAAY;GAAM,aAAa;GAAa,CAAC;EACtE,QAAQ,MAAM,OAAO;GACnB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,UAAU,MAAM,OAAO;GACrB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,UAAU,MAAM,IAAI;GAClB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,OAAO,MAAM,OAAO;GAClB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,UAAU,MAAM,KAAK;GACnB,YAAY;GACZ,aAAa;GACd,CAAC;EAGF,qBAAqB,MAAM,QAAQ;GACjC,SAAS;GACT,aAAa;GACd,CAAC;EACF,gBAAgB,MAAM,OAAO;GAC3B,YAAY;GACZ,aAAa;GACd,CAAC;EACF,eAAe,MAAM,SAAS;GAC5B,YAAY;GACZ,aAAa;GACd,CAAC;EAGF,MAAM,MAAM,OAAO;GACjB,YAAY;GACZ,SAAS;GACT,aAAa;GACd,CAAC;EACF,QAAQ,MAAM,QAAQ;GACpB,SAAS;GACT,aAAa;GACd,CAAC;EACF,WAAW,MAAM,OAAO;GACtB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,YAAY,MAAM,SAAS;GACzB,YAAY;GACZ,aAAa;GACd,CAAC;EAGF,aAAa,MAAM,OAAO;GACxB,YAAY;GACZ,UAAU;GACV,aAAa;GACd,CAAC;EACF,qBAAqB,MAAM,QAAQ;GACjC,SAAS;GACT,aAAa;GACd,CAAC;EAGF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,UAAU,MAAM,QAAQ,UAAU;EAClC,UAAU,MAAM,QAAQ,UAAU;EAClC,aAAa,MAAM,QAAQ,SAAS;EACpC,aAAa,MAAM,QAAQ,aAAa;EACxC,iBAAiB,MAAM,QAAQ,aAAa;EAC5C,gBAAgB,MAAM,QAAQ,gBAAgB;EAC9C,SAAS,MAAM,QAAQ,SAAS;EAChC,UAAU,MAAM,QAAQ,UAAU;EACnC;CACF,CAAC;;;;AAKF,MAAa,gBAAgB,aAAa;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,QAAQ,MAAM,YAAY;EAC1B,WAAW,MAAM,SAAS,EAAE,aAAa,2BAA2B,CAAC;EACrE,OAAO,MAAM,OAAO;GAAE,UAAU;GAAM,aAAa;GAAiB,CAAC;EACrE,WAAW,MAAM,OAAO;GACtB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,WAAW,MAAM,OAAO;GACtB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,gBAAgB,MAAM,OAAO;GAC3B,YAAY;GACZ,aAAa;GACd,CAAC;EACF,sBAAsB,MAAM,OAAO;GACjC,YAAY;GACZ,aAAa;GACd,CAAC;EACF,cAAc,MAAM,OAAO;GACzB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACF,CAAC;;;;AAKF,MAAa,gBAAgB,aAAa;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,IAAI;EACd,WAAW,MAAM,OAAO,EAAE,aAAa,4BAA4B,CAAC;EACpE,YAAY,MAAM,OAAO,EAAE,aAAa,uBAAuB,CAAC;EAChE,QAAQ,MAAM,YAAY;EAC1B,aAAa,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAC/C,cAAc,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAChD,SAAS,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EAC3C,sBAAsB,MAAM,SAAS,EAAE,YAAY,MAAM,CAAC;EAC1D,uBAAuB,MAAM,SAAS,EAAE,YAAY,MAAM,CAAC;EAC3D,OAAO,MAAM,OAAO,EAAE,YAAY,MAAM,CAAC;EACzC,UAAU,MAAM,OAAO;GACrB,YAAY;GACZ,aAAa;GACd,CAAC;EACF,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAG5B,MAAM,MAAM,UAAU,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,UAAU,WAAW,CAAC;EAC3E;CACD,SAAS,CAAC,MAAM,OAAO,CAAC,aAAa,aAAa,CAAC,CAAC;CACrD,CAAC;;;;AAKF,MAAa,qBAAqB,aAAa;CAC7C,MAAM;CACN,aAAa;CACb,QAAQ;CACR,KAAK;CACL,QAAQ;EACN,IAAI,MAAM,MAAM;EAChB,YAAY,MAAM,OAAO,EAAE,aAAa,iCAAiC,CAAC;EAC1E,OAAO,MAAM,OAAO,EAAE,aAAa,2BAA2B,CAAC;EAC/D,WAAW,MAAM,SAAS,EAAE,aAAa,oBAAoB,CAAC;EAC9D,WAAW,MAAM,WAAW;EAC5B,WAAW,MAAM,WAAW;EAC7B;CACF,CAAC"}

package/dist/events.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"events.js","names":[],"sources":["../src/events.ts"],"sourcesContent":["import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';\nimport { defineEvent } from '@contractspec/lib.contracts';\n\n// ============ User Event Payloads ============\n\nconst UserCreatedPayload = new SchemaModel({\n name: 'UserCreatedPayload',\n description: 'Payload for user created event',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst UserUpdatedPayload = new SchemaModel({\n name: 'UserUpdatedPayload',\n description: 'Payload for user updated event',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n updatedFields: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n isArray: true,\n },\n updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst UserDeletedPayload = new SchemaModel({\n name: 'UserDeletedPayload',\n description: 'Payload for user deleted event',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst UserEmailVerifiedPayload = new SchemaModel({\n name: 'UserEmailVerifiedPayload',\n description: 'Payload for user email verified event',\n fields: {\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n verifiedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\n// ============ Organization Event Payloads ============\n\nconst OrgCreatedPayload = new SchemaModel({\n name: 'OrgCreatedPayload',\n description: 'Payload for org created event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n createdBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgUpdatedPayload = new SchemaModel({\n name: 'OrgUpdatedPayload',\n description: 'Payload for org updated event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n updatedFields: {\n type: ScalarTypeEnum.String_unsecure(),\n isOptional: false,\n isArray: true,\n },\n updatedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgDeletedPayload = new SchemaModel({\n name: 'OrgDeletedPayload',\n description: 'Payload for org deleted event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n deletedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\n// ============ Member Event Payloads ============\n\nconst OrgMemberAddedPayload = new SchemaModel({\n name: 'OrgMemberAddedPayload',\n description: 'Payload for member added event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n joinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgMemberRemovedPayload = new SchemaModel({\n name: 'OrgMemberRemovedPayload',\n description: 'Payload for member removed event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n removedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },\n reason: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }, // left | removed | banned\n removedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgMemberRoleChangedPayload = new SchemaModel({\n name: 'OrgMemberRoleChangedPayload',\n description: 'Payload for member role changed event',\n fields: {\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n previousRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n newRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n changedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n changedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\n// ============ Invitation Event Payloads ============\n\nconst OrgInviteSentPayload = new SchemaModel({\n name: 'OrgInviteSentPayload',\n description: 'Payload for invite sent event',\n fields: {\n invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },\n role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n sentAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgInviteAcceptedPayload = new SchemaModel({\n name: 'OrgInviteAcceptedPayload',\n description: 'Payload for invite accepted event',\n fields: {\n invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n acceptedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst OrgInviteDeclinedPayload = new SchemaModel({\n name: 'OrgInviteDeclinedPayload',\n description: 'Payload for invite declined event',\n fields: {\n invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n declinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\n// ============ Role Event Payloads ============\n\nconst RoleAssignedPayload = new SchemaModel({\n name: 'RoleAssignedPayload',\n description: 'Payload for role assigned event',\n fields: {\n bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n assignedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },\n assignedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\nconst RoleRevokedPayload = new SchemaModel({\n name: 'RoleRevokedPayload',\n description: 'Payload for role revoked event',\n fields: {\n bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }, // user | organization\n targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n revokedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },\n revokedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false },\n },\n});\n\n// ============ User Events ============\n\n/**\n * Emitted when a new user is created.\n */\nexport const UserCreatedEvent = defineEvent({\n meta: {\n key: 'user.created',\n version: '1.0.0',\n description: 'A new user has been created.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['user', 'created', 'identity'],\n },\n payload: UserCreatedPayload,\n});\n\n/**\n * Emitted when a user profile is updated.\n */\nexport const UserUpdatedEvent = defineEvent({\n meta: {\n key: 'user.updated',\n version: '1.0.0',\n description: 'A user profile has been updated.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['user', 'updated', 'identity'],\n },\n payload: UserUpdatedPayload,\n});\n\n/**\n * Emitted when a user is deleted.\n */\nexport const UserDeletedEvent = defineEvent({\n meta: {\n key: 'user.deleted',\n version: '1.0.0',\n description: 'A user account has been deleted.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['user', 'deleted', 'identity'],\n },\n pii: ['email'],\n payload: UserDeletedPayload,\n});\n\n/**\n * Emitted when a user's email is verified.\n */\nexport const UserEmailVerifiedEvent = defineEvent({\n meta: {\n key: 'user.email_verified',\n version: '1.0.0',\n description: 'A user has verified their email address.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['user', 'verified', 'identity'],\n },\n payload: UserEmailVerifiedPayload,\n});\n\n// ============ Organization Events ============\n\n/**\n * Emitted when a new organization is created.\n */\nexport const OrgCreatedEvent = defineEvent({\n meta: {\n key: 'org.created',\n version: '1.0.0',\n description: 'A new organization has been created.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'created', 'identity'],\n },\n payload: OrgCreatedPayload,\n});\n\n/**\n * Emitted when an organization is updated.\n */\nexport const OrgUpdatedEvent = defineEvent({\n meta: {\n key: 'org.updated',\n version: '1.0.0',\n description: 'An organization has been updated.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'updated', 'identity'],\n },\n payload: OrgUpdatedPayload,\n});\n\n/**\n * Emitted when an organization is deleted.\n */\nexport const OrgDeletedEvent = defineEvent({\n meta: {\n key: 'org.deleted',\n version: '1.0.0',\n description: 'An organization has been deleted.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'deleted', 'identity'],\n },\n payload: OrgDeletedPayload,\n});\n\n// ============ Member Events ============\n\n/**\n * Emitted when a member joins an organization.\n */\nexport const OrgMemberAddedEvent = defineEvent({\n meta: {\n key: 'org.member.added',\n version: '1.0.0',\n description: 'A user has joined an organization.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'member', 'added', 'identity'],\n },\n payload: OrgMemberAddedPayload,\n});\n\n/**\n * Emitted when a member leaves or is removed from an organization.\n */\nexport const OrgMemberRemovedEvent = defineEvent({\n meta: {\n key: 'org.member.removed',\n version: '1.0.0',\n description: 'A user has left or been removed from an organization.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'member', 'removed', 'identity'],\n },\n payload: OrgMemberRemovedPayload,\n});\n\n/**\n * Emitted when a member's role is changed.\n */\nexport const OrgMemberRoleChangedEvent = defineEvent({\n meta: {\n key: 'org.member.role_changed',\n version: '1.0.0',\n description: \"A member's role in an organization has changed.\",\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'member', 'role', 'changed', 'identity'],\n },\n payload: OrgMemberRoleChangedPayload,\n});\n\n// ============ Invitation Events ============\n\n/**\n * Emitted when an invitation is sent.\n */\nexport const OrgInviteSentEvent = defineEvent({\n meta: {\n key: 'org.invite.sent',\n version: '1.0.0',\n description: 'An invitation to join an organization has been sent.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'invite', 'sent', 'identity'],\n },\n pii: ['email'],\n payload: OrgInviteSentPayload,\n});\n\n/**\n * Emitted when an invitation is accepted.\n */\nexport const OrgInviteAcceptedEvent = defineEvent({\n meta: {\n key: 'org.invite.accepted',\n version: '1.0.0',\n description: 'An invitation has been accepted.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'invite', 'accepted', 'identity'],\n },\n payload: OrgInviteAcceptedPayload,\n});\n\n/**\n * Emitted when an invitation is declined.\n */\nexport const OrgInviteDeclinedEvent = defineEvent({\n meta: {\n key: 'org.invite.declined',\n version: '1.0.0',\n description: 'An invitation has been declined.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['org', 'invite', 'declined', 'identity'],\n },\n payload: OrgInviteDeclinedPayload,\n});\n\n// ============ Role Events ============\n\n/**\n * Emitted when a role is assigned to a user or organization.\n */\nexport const RoleAssignedEvent = defineEvent({\n meta: {\n key: 'role.assigned',\n version: '1.0.0',\n description: 'A role has been assigned.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['role', 'assigned', 'identity'],\n },\n payload: RoleAssignedPayload,\n});\n\n/**\n * Emitted when a role is revoked from a user or organization.\n */\nexport const RoleRevokedEvent = defineEvent({\n meta: {\n key: 'role.revoked',\n version: '1.0.0',\n description: 'A role has been revoked.',\n stability: 'stable',\n owners: ['@platform.identity-rbac'],\n tags: ['role', 'revoked', 'identity'],\n },\n payload: RoleRevokedPayload,\n});\n\n// ============ All Events ============\n\n/**\n * All identity-rbac events.\n */\nexport const IdentityRbacEvents = {\n UserCreatedEvent,\n UserUpdatedEvent,\n UserDeletedEvent,\n UserEmailVerifiedEvent,\n OrgCreatedEvent,\n OrgUpdatedEvent,\n OrgDeletedEvent,\n OrgMemberAddedEvent,\n OrgMemberRemovedEvent,\n OrgMemberRoleChangedEvent,\n OrgInviteSentEvent,\n OrgInviteAcceptedEvent,\n OrgInviteDeclinedEvent,\n RoleAssignedEvent,\n RoleRevokedEvent,\n};\n"],"mappings":";;;;AAKA,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,eAAe;GACb,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAIF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EAClE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,eAAe;GACb,MAAM,eAAe,iBAAiB;GACtC,YAAY;GACZ,SAAS;GACV;EACD,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,oBAAoB,IAAI,YAAY;CACxC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAIF,MAAM,wBAAwB,IAAI,YAAY;CAC5C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,UAAU;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACjE;CACF,CAAC;AAEF,MAAM,0BAA0B,IAAI,YAAY;CAC9C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACvE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAM;EACpE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAEF,MAAM,8BAA8B,IAAI,YAAY;CAClD,MAAM;CACN,aAAa;CACb,QAAQ;EACN,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,SAAS;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACtE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;AAIF,MAAM,uBAAuB,IAAI,YAAY;CAC3C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,OAAO;GAAE,MAAM,eAAe,cAAc;GAAE,YAAY;GAAO;EACjE,MAAM;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACnE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,QAAQ;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAC/D;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAEF,MAAM,2BAA2B,IAAI,YAAY;CAC/C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,cAAc;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EAC3E,OAAO;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACpE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAIF,MAAM,sBAAsB,IAAI,YAAY;CAC1C,MAAM;CACN,aAAa;CACb,QAAQ;EACN,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAM;EAChE,YAAY;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EACnE;CACF,CAAC;AAEF,MAAM,qBAAqB,IAAI,YAAY;CACzC,MAAM;CACN,aAAa;CACb,QAAQ;EACN,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,QAAQ;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACrE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,YAAY;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACzE,UAAU;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACvE,WAAW;GAAE,MAAM,eAAe,iBAAiB;GAAE,YAAY;GAAO;EACxE,WAAW;GAAE,MAAM,eAAe,UAAU;GAAE,YAAY;GAAO;EAClE;CACF,CAAC;;;;AAOF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,KAAK,CAAC,QAAQ;CACd,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAY;GAAW;EACvC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,kBAAkB,YAAY;CACzC,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAW;GAAW;EACrC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,sBAAsB,YAAY;CAC7C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAS;GAAW;EAC7C;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,wBAAwB,YAAY;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAW;GAAW;EAC/C;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,4BAA4B,YAAY;CACnD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAQ;GAAW;GAAW;EACvD;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,qBAAqB,YAAY;CAC5C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAQ;GAAW;EAC5C;CACD,KAAK,CAAC,QAAQ;CACd,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAY;GAAW;EAChD;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,yBAAyB,YAAY;CAChD,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAO;GAAU;GAAY;GAAW;EAChD;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,oBAAoB,YAAY;CAC3C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAY;GAAW;EACvC;CACD,SAAS;CACV,CAAC;;;;AAKF,MAAa,mBAAmB,YAAY;CAC1C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,aAAa;EACb,WAAW;EACX,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAQ;GAAW;GAAW;EACtC;CACD,SAAS;CACV,CAAC;;;;AAOF,MAAa,qBAAqB;CAChC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD"}

package/dist/identity-rbac.capability.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"identity-rbac.capability.js","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":["import { defineCapability, StabilityEnum } from '@contractspec/lib.contracts';\n\nexport const IdentityCapability = defineCapability({\n meta: {\n key: 'identity',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'User identity and authentication',\n owners: ['@platform.core'],\n tags: ['identity', 'auth'],\n },\n});\n\nexport const RbacCapability = defineCapability({\n meta: {\n key: 'rbac',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'Role-based access control',\n owners: ['@platform.core'],\n tags: ['rbac', 'permissions', 'auth'],\n },\n});\n"],"mappings":";;;AAEA,MAAa,qBAAqB,iBAAiB,EACjD,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM,CAAC,YAAY,OAAO;CAC3B,EACF,CAAC;AAEF,MAAa,iBAAiB,iBAAiB,EAC7C,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM;EAAC;EAAQ;EAAe;EAAO;CACtC,EACF,CAAC"}

package/dist/identity-rbac.feature.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"identity-rbac.feature.js","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":["/**\n * Identity RBAC Feature Module Specification\n *\n * Defines the feature module for identity management and role-based access control.\n */\nimport { defineFeature } from '@contractspec/lib.contracts';\n\n/**\n * Identity & RBAC feature module that bundles user management,\n * organization tenancy, and role-based access control.\n */\nexport const IdentityRbacFeature = defineFeature({\n meta: {\n key: 'identity-rbac',\n version: '1.0.0',\n title: 'Identity & RBAC',\n description:\n 'User identity, organization management, and role-based access control',\n domain: 'platform',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'users', 'organizations', 'permissions'],\n stability: 'stable',\n },\n\n // All contract operations included in this feature\n operations: [\n // User operations\n { key: 'identity.user.create', version: '1.0.0' },\n { key: 'identity.user.update', version: '1.0.0' },\n { key: 'identity.user.delete', version: '1.0.0' },\n { key: 'identity.user.me', version: '1.0.0' },\n { key: 'identity.user.list', version: '1.0.0' },\n\n // Organization operations\n { key: 'identity.org.create', version: '1.0.0' },\n { key: 'identity.org.update', version: '1.0.0' },\n { key: 'identity.org.get', version: '1.0.0' },\n { key: 'identity.org.list', version: '1.0.0' },\n { key: 'identity.org.invite', version: '1.0.0' },\n { key: 'identity.org.invite.accept', version: '1.0.0' },\n { key: 'identity.org.member.remove', version: '1.0.0' },\n { key: 'identity.org.members.list', version: '1.0.0' },\n\n // RBAC operations\n { key: 'identity.rbac.role.create', version: '1.0.0' },\n { key: 'identity.rbac.role.update', version: '1.0.0' },\n { key: 'identity.rbac.role.delete', version: '1.0.0' },\n { key: 'identity.rbac.role.list', version: '1.0.0' },\n { key: 'identity.rbac.assign', version: '1.0.0' },\n { key: 'identity.rbac.revoke', version: '1.0.0' },\n { key: 'identity.rbac.check', version: '1.0.0' },\n { key: 'identity.rbac.permissions', version: '1.0.0' },\n ],\n\n // Events emitted by this feature\n events: [\n // User events\n { key: 'user.created', version: '1.0.0' },\n { key: 'user.updated', version: '1.0.0' },\n { key: 'user.deleted', version: '1.0.0' },\n { key: 'user.email_verified', version: '1.0.0' },\n\n // Organization events\n { key: 'org.created', version: '1.0.0' },\n { key: 'org.updated', version: '1.0.0' },\n { key: 'org.deleted', version: '1.0.0' },\n { key: 'org.member.added', version: '1.0.0' },\n { key: 'org.member.removed', version: '1.0.0' },\n { key: 'org.member.role_changed', version: '1.0.0' },\n\n // Invitation events\n { key: 'org.invite.sent', version: '1.0.0' },\n { key: 'org.invite.accepted', version: '1.0.0' },\n { key: 'org.invite.declined', version: '1.0.0' },\n\n // Role events\n { key: 'role.assigned', version: '1.0.0' },\n { key: 'role.revoked', version: '1.0.0' },\n ],\n\n // No presentations for this library feature\n presentations: [],\n opToPresentation: [],\n presentationsTargets: [],\n\n // Capability definitions\n capabilities: {\n provides: [\n { key: 'identity', version: '1.0.0' },\n { key: 'rbac', version: '1.0.0' },\n ],\n requires: [],\n },\n});\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,sBAAsB,cAAc;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,OAAO;EACP,aACE;EACF,QAAQ;EACR,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAiB;GAAc;EACnE,WAAW;EACZ;CAGD,YAAY;EAEV;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAG/C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAqB,SAAS;GAAS;EAC9C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA6B,SAAS;GAAS;EAGtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA2B,SAAS;GAAS;EACpD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACvD;CAGD,QAAQ;EAEN;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAC/C;GAAE,KAAK;GAA2B,SAAS;GAAS;EAGpD;GAAE,KAAK;GAAmB,SAAS;GAAS;EAC5C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAiB,SAAS;GAAS;EAC1C;GAAE,KAAK;GAAgB,SAAS;GAAS;EAC1C;CAGD,eAAe,EAAE;CACjB,kBAAkB,EAAE;CACpB,sBAAsB,EAAE;CAGxB,cAAc;EACZ,UAAU,CACR;GAAE,KAAK;GAAY,SAAS;GAAS,EACrC;GAAE,KAAK;GAAQ,SAAS;GAAS,CAClC;EACD,UAAU,EAAE;EACb;CACF,CAAC"}

package/dist/policies/engine.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"engine.js","names":[],"sources":["../../src/policies/engine.ts"],"sourcesContent":["/**\n * Standard permissions for identity-rbac module.\n */\nexport const Permission = {\n // User permissions\n USER_CREATE: 'user.create',\n USER_READ: 'user.read',\n USER_UPDATE: 'user.update',\n USER_DELETE: 'user.delete',\n USER_LIST: 'user.list',\n USER_MANAGE: 'user.manage',\n\n // Organization permissions\n ORG_CREATE: 'org.create',\n ORG_READ: 'org.read',\n ORG_UPDATE: 'org.update',\n ORG_DELETE: 'org.delete',\n ORG_LIST: 'org.list',\n\n // Member permissions\n MEMBER_INVITE: 'member.invite',\n MEMBER_REMOVE: 'member.remove',\n MEMBER_UPDATE_ROLE: 'member.update_role',\n MEMBER_LIST: 'member.list',\n MANAGE_MEMBERS: 'org.manage_members',\n\n // Team permissions\n TEAM_CREATE: 'team.create',\n TEAM_UPDATE: 'team.update',\n TEAM_DELETE: 'team.delete',\n TEAM_MANAGE: 'team.manage',\n\n // Role permissions\n ROLE_CREATE: 'role.create',\n ROLE_UPDATE: 'role.update',\n ROLE_DELETE: 'role.delete',\n ROLE_ASSIGN: 'role.assign',\n ROLE_REVOKE: 'role.revoke',\n\n // Billing permissions\n BILLING_VIEW: 'billing.view',\n BILLING_MANAGE: 'billing.manage',\n\n // Project permissions\n PROJECT_CREATE: 'project.create',\n PROJECT_READ: 'project.read',\n PROJECT_UPDATE: 'project.update',\n PROJECT_DELETE: 'project.delete',\n PROJECT_MANAGE: 'project.manage',\n\n // Admin permissions\n ADMIN_ACCESS: 'admin.access',\n ADMIN_IMPERSONATE: 'admin.impersonate',\n} as const;\n\nexport type PermissionKey = (typeof Permission)[keyof typeof Permission];\n\n/**\n * Standard role definitions.\n */\nexport const StandardRole = {\n OWNER: {\n name: 'owner',\n description: 'Organization owner with full access',\n permissions: Object.values(Permission),\n },\n ADMIN: {\n name: 'admin',\n description: 'Administrator with most permissions',\n permissions: [\n Permission.USER_READ,\n Permission.USER_LIST,\n Permission.ORG_READ,\n Permission.ORG_UPDATE,\n Permission.MEMBER_INVITE,\n Permission.MEMBER_REMOVE,\n Permission.MEMBER_UPDATE_ROLE,\n Permission.MEMBER_LIST,\n Permission.MANAGE_MEMBERS,\n Permission.TEAM_CREATE,\n Permission.TEAM_UPDATE,\n Permission.TEAM_DELETE,\n Permission.TEAM_MANAGE,\n Permission.PROJECT_CREATE,\n Permission.PROJECT_READ,\n Permission.PROJECT_UPDATE,\n Permission.PROJECT_DELETE,\n Permission.PROJECT_MANAGE,\n Permission.BILLING_VIEW,\n ],\n },\n MEMBER: {\n name: 'member',\n description: 'Regular organization member',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n Permission.PROJECT_CREATE,\n ],\n },\n VIEWER: {\n name: 'viewer',\n description: 'Read-only access',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n ],\n },\n} as const;\n\n/**\n * Permission check input.\n */\nexport interface PermissionCheckInput {\n userId: string;\n orgId?: string;\n permission: PermissionKey | string;\n}\n\n/**\n * Permission check result.\n */\nexport interface PermissionCheckResult {\n allowed: boolean;\n reason?: string;\n matchedRole?: string;\n}\n\n/**\n * Role with permissions.\n */\nexport interface RoleWithPermissions {\n id: string;\n name: string;\n permissions: string[];\n}\n\n/**\n * Policy binding for permission evaluation.\n */\nexport interface PolicyBindingForEval {\n roleId: string;\n role: RoleWithPermissions;\n targetType: 'user' | 'organization';\n targetId: string;\n expiresAt?: Date | null;\n}\n\n/**\n * RBAC Policy Engine for permission checks.\n */\nexport class RBACPolicyEngine {\n private roleCache = new Map<string, RoleWithPermissions>();\n private bindingCache = new Map<string, PolicyBindingForEval[]>();\n\n /**\n * Check if a user has a specific permission.\n */\n async checkPermission(\n input: PermissionCheckInput,\n bindings: PolicyBindingForEval[]\n ): Promise<PermissionCheckResult> {\n const { userId, orgId, permission } = input;\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n if (activeBindings.length === 0) {\n return {\n allowed: false,\n reason: 'No active role bindings found',\n };\n }\n\n // Check if any role grants the permission\n for (const binding of activeBindings) {\n if (binding.role.permissions.includes(permission)) {\n return {\n allowed: true,\n matchedRole: binding.role.name,\n };\n }\n }\n\n return {\n allowed: false,\n reason: `No role grants the \"${permission}\" permission`,\n };\n }\n\n /**\n * Get all permissions for a user in a context.\n */\n async getPermissions(\n userId: string,\n orgId: string | undefined,\n bindings: PolicyBindingForEval[]\n ): Promise<{\n permissions: Set<string>;\n roles: RoleWithPermissions[];\n }> {\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n const permissions = new Set<string>();\n const roles: RoleWithPermissions[] = [];\n\n for (const binding of activeBindings) {\n roles.push(binding.role);\n for (const perm of binding.role.permissions) {\n permissions.add(perm);\n }\n }\n\n return { permissions, roles };\n }\n\n /**\n * Check if user has any of the specified permissions.\n */\n async hasAnyPermission(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.some((p) => userPerms.has(p));\n }\n\n /**\n * Check if user has all of the specified permissions.\n */\n async hasAllPermissions(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.every((p) => userPerms.has(p));\n }\n}\n\n/**\n * Create a new RBAC policy engine instance.\n */\nexport function createRBACEngine(): RBACPolicyEngine {\n return new RBACPolicyEngine();\n}\n"],"mappings":";;;;AAGA,MAAa,aAAa;CAExB,aAAa;CACb,WAAW;CACX,aAAa;CACb,aAAa;CACb,WAAW;CACX,aAAa;CAGb,YAAY;CACZ,UAAU;CACV,YAAY;CACZ,YAAY;CACZ,UAAU;CAGV,eAAe;CACf,eAAe;CACf,oBAAoB;CACpB,aAAa;CACb,gBAAgB;CAGhB,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,cAAc;CACd,gBAAgB;CAGhB,gBAAgB;CAChB,cAAc;CACd,gBAAgB;CAChB,gBAAgB;CAChB,gBAAgB;CAGhB,cAAc;CACd,mBAAmB;CACpB;;;;AAOD,MAAa,eAAe;CAC1B,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa,OAAO,OAAO,WAAW;EACvC;CACD,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACF;;;;AA2CD,IAAa,mBAAb,MAA8B;CAC5B,AAAQ,4BAAY,IAAI,KAAkC;CAC1D,AAAQ,+BAAe,IAAI,KAAqC;;;;CAKhE,MAAM,gBACJ,OACA,UACgC;EAChC,MAAM,EAAE,QAAQ,OAAO,eAAe;EACtC,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;AAED,MAAI,eAAe,WAAW,EAC5B,QAAO;GACL,SAAS;GACT,QAAQ;GACT;AAIH,OAAK,MAAM,WAAW,eACpB,KAAI,QAAQ,KAAK,YAAY,SAAS,WAAW,CAC/C,QAAO;GACL,SAAS;GACT,aAAa,QAAQ,KAAK;GAC3B;AAIL,SAAO;GACL,SAAS;GACT,QAAQ,uBAAuB,WAAW;GAC3C;;;;;CAMH,MAAM,eACJ,QACA,OACA,UAIC;EACD,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;EAED,MAAM,8BAAc,IAAI,KAAa;EACrC,MAAM,QAA+B,EAAE;AAEvC,OAAK,MAAM,WAAW,gBAAgB;AACpC,SAAM,KAAK,QAAQ,KAAK;AACxB,QAAK,MAAM,QAAQ,QAAQ,KAAK,YAC9B,aAAY,IAAI,KAAK;;AAIzB,SAAO;GAAE;GAAa;GAAO;;;;;CAM/B,MAAM,iBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,MAAM,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;CAMlD,MAAM,kBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,OAAO,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;;AAOrD,SAAgB,mBAAqC;AACnD,QAAO,IAAI,kBAAkB"}