npm - @contractspec/lib.identity-rbac - Versions diffs - 1.57.0 → 1.58.0 - Mend

@contractspec/lib.identity-rbac 1.57.0 → 1.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/dist/browser/contracts/index.js +1045 -0
package/dist/browser/contracts/organization.js +655 -0
package/dist/browser/contracts/rbac.js +599 -0
package/dist/browser/contracts/user.js +235 -0
package/dist/browser/entities/index.js +464 -0
package/dist/browser/entities/organization.js +150 -0
package/dist/browser/entities/rbac.js +124 -0
package/dist/browser/entities/user.js +168 -0
package/dist/browser/events.js +374 -0
package/dist/browser/identity-rbac.capability.js +28 -0
package/dist/browser/identity-rbac.feature.js +67 -0
package/dist/browser/index.js +2099 -0
package/dist/browser/policies/engine.js +154 -0
package/dist/browser/policies/index.js +154 -0
package/dist/contracts/index.d.ts +4 -4
package/dist/contracts/index.d.ts.map +1 -0
package/dist/contracts/index.js +1045 -4
package/dist/contracts/organization.d.ts +758 -764
package/dist/contracts/organization.d.ts.map +1 -1
package/dist/contracts/organization.js +653 -602
package/dist/contracts/rbac.d.ts +517 -523
package/dist/contracts/rbac.d.ts.map +1 -1
package/dist/contracts/rbac.js +597 -481
package/dist/contracts/user.d.ts +513 -519
package/dist/contracts/user.d.ts.map +1 -1
package/dist/contracts/user.js +222 -319
package/dist/entities/index.d.ts +164 -169
package/dist/entities/index.d.ts.map +1 -1
package/dist/entities/index.js +462 -33
package/dist/entities/organization.d.ts +58 -63
package/dist/entities/organization.d.ts.map +1 -1
package/dist/entities/organization.js +145 -145
package/dist/entities/rbac.d.ts +62 -67
package/dist/entities/rbac.d.ts.map +1 -1
package/dist/entities/rbac.js +119 -132
package/dist/entities/user.d.ts +66 -71
package/dist/entities/user.d.ts.map +1 -1
package/dist/entities/user.js +164 -189
package/dist/events.d.ts +537 -543
package/dist/events.d.ts.map +1 -1
package/dist/events.js +343 -651
package/dist/identity-rbac.capability.d.ts +2 -7
package/dist/identity-rbac.capability.d.ts.map +1 -1
package/dist/identity-rbac.capability.js +29 -29
package/dist/identity-rbac.feature.d.ts +1 -6
package/dist/identity-rbac.feature.d.ts.map +1 -1
package/dist/identity-rbac.feature.js +66 -193
package/dist/index.d.ts +6 -12
package/dist/index.d.ts.map +1 -0
package/dist/index.js +2100 -14
package/dist/node/contracts/index.js +1045 -0
package/dist/node/contracts/organization.js +655 -0
package/dist/node/contracts/rbac.js +599 -0
package/dist/node/contracts/user.js +235 -0
package/dist/node/entities/index.js +464 -0
package/dist/node/entities/organization.js +150 -0
package/dist/node/entities/rbac.js +124 -0
package/dist/node/entities/user.js +168 -0
package/dist/node/events.js +374 -0
package/dist/node/identity-rbac.capability.js +28 -0
package/dist/node/identity-rbac.feature.js +67 -0
package/dist/node/index.js +2099 -0
package/dist/node/policies/engine.js +154 -0
package/dist/node/policies/index.js +154 -0
package/dist/policies/engine.d.ts +98 -101
package/dist/policies/engine.d.ts.map +1 -1
package/dist/policies/engine.js +151 -164
package/dist/policies/index.d.ts +2 -2
package/dist/policies/index.d.ts.map +1 -0
package/dist/policies/index.js +154 -2
package/package.json +149 -40
package/dist/contracts/organization.js.map +0 -1
package/dist/contracts/rbac.js.map +0 -1
package/dist/contracts/user.js.map +0 -1
package/dist/entities/index.js.map +0 -1
package/dist/entities/organization.js.map +0 -1
package/dist/entities/rbac.js.map +0 -1
package/dist/entities/user.js.map +0 -1
package/dist/events.js.map +0 -1
package/dist/identity-rbac.capability.js.map +0 -1
package/dist/identity-rbac.feature.js.map +0 -1
package/dist/policies/engine.js.map +0 -1

package/dist/browser/entities/organization.js ADDED Viewed

@@ -0,0 +1,150 @@
+// src/entities/organization.ts
+import {
+  defineEntity,
+  defineEntityEnum,
+  field,
+  index
+} from "@contractspec/lib.schema";
+var OrganizationTypeEnum = defineEntityEnum({
+  name: "OrganizationType",
+  values: ["PLATFORM_ADMIN", "CONTRACT_SPEC_CUSTOMER"],
+  schema: "lssm_sigil",
+  description: "Type of organization in the platform."
+});
+var OrganizationEntity = defineEntity({
+  name: "Organization",
+  description: "An organization is a tenant boundary grouping users.",
+  schema: "lssm_sigil",
+  map: "organization",
+  fields: {
+    id: field.id({ description: "Unique organization identifier" }),
+    name: field.string({ description: "Organization display name" }),
+    slug: field.string({
+      isOptional: true,
+      isUnique: true,
+      description: "URL-friendly identifier"
+    }),
+    logo: field.url({ isOptional: true, description: "Organization logo URL" }),
+    description: field.string({
+      isOptional: true,
+      description: "Organization description"
+    }),
+    metadata: field.json({
+      isOptional: true,
+      description: "Arbitrary organization metadata"
+    }),
+    type: field.enum("OrganizationType", { description: "Organization type" }),
+    onboardingCompleted: field.boolean({ default: false }),
+    onboardingStep: field.string({ isOptional: true }),
+    referralCode: field.string({
+      isOptional: true,
+      isUnique: true,
+      description: "Unique referral code"
+    }),
+    referredBy: field.string({
+      isOptional: true,
+      description: "ID of referring user"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    members: field.hasMany("Member"),
+    invitations: field.hasMany("Invitation"),
+    teams: field.hasMany("Team"),
+    policyBindings: field.hasMany("PolicyBinding")
+  },
+  enums: [OrganizationTypeEnum]
+});
+var MemberEntity = defineEntity({
+  name: "Member",
+  description: "Membership of a user in an organization with a role.",
+  schema: "lssm_sigil",
+  map: "member",
+  fields: {
+    id: field.id(),
+    userId: field.foreignKey(),
+    organizationId: field.foreignKey(),
+    role: field.string({
+      description: "Role in organization (owner, admin, member)"
+    }),
+    createdAt: field.createdAt(),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" }),
+    organization: field.belongsTo("Organization", ["organizationId"], ["id"], {
+      onDelete: "Cascade"
+    })
+  },
+  indexes: [index.unique(["userId", "organizationId"])]
+});
+var InvitationEntity = defineEntity({
+  name: "Invitation",
+  description: "An invitation to join an organization.",
+  schema: "lssm_sigil",
+  map: "invitation",
+  fields: {
+    id: field.id(),
+    organizationId: field.foreignKey(),
+    email: field.email({ description: "Invited email address" }),
+    role: field.string({
+      isOptional: true,
+      description: "Role to assign on acceptance"
+    }),
+    status: field.string({
+      default: '"pending"',
+      description: "Invitation status"
+    }),
+    acceptedAt: field.dateTime({ isOptional: true }),
+    expiresAt: field.dateTime({ isOptional: true }),
+    inviterId: field.foreignKey({
+      description: "User who sent the invitation"
+    }),
+    teamId: field.string({ isOptional: true }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    organization: field.belongsTo("Organization", ["organizationId"], ["id"], {
+      onDelete: "Cascade"
+    }),
+    inviter: field.belongsTo("User", ["inviterId"], ["id"], {
+      onDelete: "Cascade"
+    }),
+    team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" })
+  }
+});
+var TeamEntity = defineEntity({
+  name: "Team",
+  description: "Team within an organization.",
+  schema: "lssm_sigil",
+  map: "team",
+  fields: {
+    id: field.id(),
+    name: field.string({ description: "Team name" }),
+    organizationId: field.foreignKey(),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    organization: field.belongsTo("Organization", ["organizationId"], ["id"], {
+      onDelete: "Cascade"
+    }),
+    members: field.hasMany("TeamMember"),
+    invitations: field.hasMany("Invitation")
+  }
+});
+var TeamMemberEntity = defineEntity({
+  name: "TeamMember",
+  description: "Team membership for a user.",
+  schema: "lssm_sigil",
+  map: "team_member",
+  fields: {
+    id: field.id(),
+    teamId: field.foreignKey(),
+    userId: field.foreignKey(),
+    createdAt: field.createdAt(),
+    team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" }),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+  }
+});
+export {
+  TeamMemberEntity,
+  TeamEntity,
+  OrganizationTypeEnum,
+  OrganizationEntity,
+  MemberEntity,
+  InvitationEntity
+};

package/dist/browser/entities/rbac.js ADDED Viewed

@@ -0,0 +1,124 @@
+// src/entities/rbac.ts
+import { defineEntity, field, index } from "@contractspec/lib.schema";
+var RoleEntity = defineEntity({
+  name: "Role",
+  description: "A role defines a named set of permissions.",
+  schema: "lssm_sigil",
+  map: "role",
+  fields: {
+    id: field.id(),
+    name: field.string({ isUnique: true, description: "Unique role name" }),
+    description: field.string({
+      isOptional: true,
+      description: "Role description"
+    }),
+    permissions: field.string({
+      isArray: true,
+      description: "Array of permission names"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    policyBindings: field.hasMany("PolicyBinding")
+  }
+});
+var PermissionEntity = defineEntity({
+  name: "Permission",
+  description: "A permission represents an atomic access right.",
+  schema: "lssm_sigil",
+  map: "permission",
+  fields: {
+    id: field.id(),
+    name: field.string({
+      isUnique: true,
+      description: "Unique permission name"
+    }),
+    description: field.string({
+      isOptional: true,
+      description: "Permission description"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt()
+  }
+});
+var PolicyBindingEntity = defineEntity({
+  name: "PolicyBinding",
+  description: "Binds roles to principals (users or organizations).",
+  schema: "lssm_sigil",
+  map: "policy_binding",
+  fields: {
+    id: field.id(),
+    roleId: field.foreignKey(),
+    targetType: field.string({ description: '"user" or "organization"' }),
+    targetId: field.string({ description: "ID of User or Organization" }),
+    expiresAt: field.dateTime({
+      isOptional: true,
+      description: "When binding expires"
+    }),
+    createdAt: field.createdAt(),
+    userId: field.string({ isOptional: true }),
+    organizationId: field.string({ isOptional: true }),
+    role: field.belongsTo("Role", ["roleId"], ["id"], { onDelete: "Cascade" }),
+    user: field.belongsTo("User", ["userId"], ["id"]),
+    organization: field.belongsTo("Organization", ["organizationId"], ["id"])
+  },
+  indexes: [index.on(["targetType", "targetId"])]
+});
+var ApiKeyEntity = defineEntity({
+  name: "ApiKey",
+  description: "API keys for programmatic access.",
+  schema: "lssm_sigil",
+  map: "api_key",
+  fields: {
+    id: field.id(),
+    name: field.string({ description: "API key name" }),
+    start: field.string({
+      description: "Starting characters for identification"
+    }),
+    prefix: field.string({ description: "API key prefix" }),
+    key: field.string({ description: "Hashed API key" }),
+    userId: field.foreignKey(),
+    refillInterval: field.int({ description: "Refill interval in ms" }),
+    refillAmount: field.int({ description: "Amount to refill" }),
+    lastRefillAt: field.dateTime(),
+    remaining: field.int({ description: "Remaining requests" }),
+    requestCount: field.int({ description: "Total requests made" }),
+    lastRequest: field.dateTime(),
+    enabled: field.boolean({ default: true }),
+    rateLimitEnabled: field.boolean({ default: true }),
+    rateLimitTimeWindow: field.int({ description: "Rate limit window in ms" }),
+    rateLimitMax: field.int({ description: "Max requests in window" }),
+    expiresAt: field.dateTime(),
+    permissions: field.string({ isArray: true }),
+    metadata: field.json({ isOptional: true }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+  }
+});
+var PasskeyEntity = defineEntity({
+  name: "Passkey",
+  description: "WebAuthn passkeys for passwordless authentication.",
+  schema: "lssm_sigil",
+  map: "passkey",
+  fields: {
+    id: field.id(),
+    name: field.string({ description: "Passkey name" }),
+    publicKey: field.string({ description: "Public key" }),
+    userId: field.foreignKey(),
+    credentialID: field.string({ description: "Credential ID" }),
+    counter: field.int({ description: "Counter" }),
+    deviceType: field.string({ description: "Device type" }),
+    backedUp: field.boolean({ description: "Whether passkey is backed up" }),
+    transports: field.string({ description: "Transports" }),
+    aaguid: field.string({ description: "Authenticator GUID" }),
+    createdAt: field.createdAt(),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+  }
+});
+export {
+  RoleEntity,
+  PolicyBindingEntity,
+  PermissionEntity,
+  PasskeyEntity,
+  ApiKeyEntity
+};

package/dist/browser/entities/user.js ADDED Viewed

@@ -0,0 +1,168 @@
+// src/entities/user.ts
+import { defineEntity, field, index } from "@contractspec/lib.schema";
+var UserEntity = defineEntity({
+  name: "User",
+  description: "A user of the platform. Users hold core profile information and authenticate via Account records.",
+  schema: "lssm_sigil",
+  map: "user",
+  fields: {
+    id: field.id({ description: "Unique user identifier" }),
+    email: field.email({ isUnique: true, description: "User email address" }),
+    emailVerified: field.boolean({
+      default: false,
+      description: "Whether email has been verified"
+    }),
+    name: field.string({ isOptional: true, description: "Display name" }),
+    firstName: field.string({ isOptional: true, description: "First name" }),
+    lastName: field.string({ isOptional: true, description: "Last name" }),
+    locale: field.string({
+      isOptional: true,
+      description: 'User locale (e.g., "en-US")'
+    }),
+    timezone: field.string({
+      isOptional: true,
+      description: 'Olson timezone (e.g., "Europe/Paris")'
+    }),
+    imageUrl: field.url({
+      isOptional: true,
+      description: "URL of avatar or profile picture"
+    }),
+    image: field.string({
+      isOptional: true,
+      description: "Legacy image field"
+    }),
+    metadata: field.json({
+      isOptional: true,
+      description: "Arbitrary user metadata"
+    }),
+    onboardingCompleted: field.boolean({
+      default: false,
+      description: "Whether onboarding is complete"
+    }),
+    onboardingStep: field.string({
+      isOptional: true,
+      description: "Current onboarding step"
+    }),
+    whitelistedAt: field.dateTime({
+      isOptional: true,
+      description: "When user was whitelisted"
+    }),
+    role: field.string({
+      isOptional: true,
+      default: '"user"',
+      description: "User role (user, admin)"
+    }),
+    banned: field.boolean({
+      default: false,
+      description: "Whether user is banned"
+    }),
+    banReason: field.string({
+      isOptional: true,
+      description: "Reason for ban"
+    }),
+    banExpires: field.dateTime({
+      isOptional: true,
+      description: "When ban expires"
+    }),
+    phoneNumber: field.string({
+      isOptional: true,
+      isUnique: true,
+      description: "Phone number"
+    }),
+    phoneNumberVerified: field.boolean({
+      default: false,
+      description: "Whether phone is verified"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    sessions: field.hasMany("Session"),
+    accounts: field.hasMany("Account"),
+    memberships: field.hasMany("Member"),
+    invitations: field.hasMany("Invitation"),
+    teamMemberships: field.hasMany("TeamMember"),
+    policyBindings: field.hasMany("PolicyBinding"),
+    apiKeys: field.hasMany("ApiKey"),
+    passkeys: field.hasMany("Passkey")
+  }
+});
+var SessionEntity = defineEntity({
+  name: "Session",
+  description: "Represents a login session (e.g., web session or API token).",
+  schema: "lssm_sigil",
+  map: "session",
+  fields: {
+    id: field.id(),
+    userId: field.foreignKey(),
+    expiresAt: field.dateTime({ description: "Session expiration time" }),
+    token: field.string({ isUnique: true, description: "Session token" }),
+    ipAddress: field.string({
+      isOptional: true,
+      description: "Client IP address"
+    }),
+    userAgent: field.string({
+      isOptional: true,
+      description: "Client user agent"
+    }),
+    impersonatedBy: field.string({
+      isOptional: true,
+      description: "Admin impersonating this session"
+    }),
+    activeOrganizationId: field.string({
+      isOptional: true,
+      description: "Active org context"
+    }),
+    activeTeamId: field.string({
+      isOptional: true,
+      description: "Active team context"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+  }
+});
+var AccountEntity = defineEntity({
+  name: "Account",
+  description: "External authentication accounts (OAuth, password, etc.).",
+  schema: "lssm_sigil",
+  map: "account",
+  fields: {
+    id: field.id(),
+    accountId: field.string({ description: "Account ID from provider" }),
+    providerId: field.string({ description: "Provider identifier" }),
+    userId: field.foreignKey(),
+    accessToken: field.string({ isOptional: true }),
+    refreshToken: field.string({ isOptional: true }),
+    idToken: field.string({ isOptional: true }),
+    accessTokenExpiresAt: field.dateTime({ isOptional: true }),
+    refreshTokenExpiresAt: field.dateTime({ isOptional: true }),
+    scope: field.string({ isOptional: true }),
+    password: field.string({
+      isOptional: true,
+      description: "Hashed password for password providers"
+    }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt(),
+    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+  },
+  indexes: [index.unique(["accountId", "providerId"])]
+});
+var VerificationEntity = defineEntity({
+  name: "Verification",
+  description: "Verification tokens for email/phone confirmation.",
+  schema: "lssm_sigil",
+  map: "verification",
+  fields: {
+    id: field.uuid(),
+    identifier: field.string({ description: "Email or phone being verified" }),
+    value: field.string({ description: "Verification code/token" }),
+    expiresAt: field.dateTime({ description: "Token expiration" }),
+    createdAt: field.createdAt(),
+    updatedAt: field.updatedAt()
+  }
+});
+export {
+  VerificationEntity,
+  UserEntity,
+  SessionEntity,
+  AccountEntity
+};