@contractspec/lib.identity-rbac 1.57.0 → 1.58.0

package/dist/browser/events.js

@@ -0,0 +1,374 @@
+// src/events.ts
+import { SchemaModel, ScalarTypeEnum } from "@contractspec/lib.schema";
+import { defineEvent } from "@contractspec/lib.contracts";
+var UserCreatedPayload = new SchemaModel({
+  name: "UserCreatedPayload",
+  description: "Payload for user created event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var UserUpdatedPayload = new SchemaModel({
+  name: "UserUpdatedPayload",
+  description: "Payload for user updated event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    updatedFields: {
+      type: ScalarTypeEnum.String_unsecure(),
+      isOptional: false,
+      isArray: true
+    },
+    updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var UserDeletedPayload = new SchemaModel({
+  name: "UserDeletedPayload",
+  description: "Payload for user deleted event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var UserEmailVerifiedPayload = new SchemaModel({
+  name: "UserEmailVerifiedPayload",
+  description: "Payload for user email verified event",
+  fields: {
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    verifiedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgCreatedPayload = new SchemaModel({
+  name: "OrgCreatedPayload",
+  description: "Payload for org created event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    slug: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    createdBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgUpdatedPayload = new SchemaModel({
+  name: "OrgUpdatedPayload",
+  description: "Payload for org updated event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    updatedFields: {
+      type: ScalarTypeEnum.String_unsecure(),
+      isOptional: false,
+      isArray: true
+    },
+    updatedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    updatedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgDeletedPayload = new SchemaModel({
+  name: "OrgDeletedPayload",
+  description: "Payload for org deleted event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    deletedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    deletedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgMemberAddedPayload = new SchemaModel({
+  name: "OrgMemberAddedPayload",
+  description: "Payload for member added event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    joinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgMemberRemovedPayload = new SchemaModel({
+  name: "OrgMemberRemovedPayload",
+  description: "Payload for member removed event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    removedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    reason: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
+    removedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgMemberRoleChangedPayload = new SchemaModel({
+  name: "OrgMemberRoleChangedPayload",
+  description: "Payload for member role changed event",
+  fields: {
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    previousRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    newRole: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    changedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    changedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgInviteSentPayload = new SchemaModel({
+  name: "OrgInviteSentPayload",
+  description: "Payload for invite sent event",
+  fields: {
+    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
+    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    invitedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },
+    sentAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgInviteAcceptedPayload = new SchemaModel({
+  name: "OrgInviteAcceptedPayload",
+  description: "Payload for invite accepted event",
+  fields: {
+    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    acceptedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var OrgInviteDeclinedPayload = new SchemaModel({
+  name: "OrgInviteDeclinedPayload",
+  description: "Payload for invite declined event",
+  fields: {
+    invitationId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    orgId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    declinedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var RoleAssignedPayload = new SchemaModel({
+  name: "RoleAssignedPayload",
+  description: "Payload for role assigned event",
+  fields: {
+    bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    assignedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    expiresAt: { type: ScalarTypeEnum.DateTime(), isOptional: true },
+    assignedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var RoleRevokedPayload = new SchemaModel({
+  name: "RoleRevokedPayload",
+  description: "Payload for role revoked event",
+  fields: {
+    bindingId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    roleId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    roleName: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    targetType: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    targetId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    revokedBy: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
+    revokedAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
+  }
+});
+var UserCreatedEvent = defineEvent({
+  meta: {
+    key: "user.created",
+    version: "1.0.0",
+    description: "A new user has been created.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["user", "created", "identity"]
+  },
+  payload: UserCreatedPayload
+});
+var UserUpdatedEvent = defineEvent({
+  meta: {
+    key: "user.updated",
+    version: "1.0.0",
+    description: "A user profile has been updated.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["user", "updated", "identity"]
+  },
+  payload: UserUpdatedPayload
+});
+var UserDeletedEvent = defineEvent({
+  meta: {
+    key: "user.deleted",
+    version: "1.0.0",
+    description: "A user account has been deleted.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["user", "deleted", "identity"]
+  },
+  pii: ["email"],
+  payload: UserDeletedPayload
+});
+var UserEmailVerifiedEvent = defineEvent({
+  meta: {
+    key: "user.email_verified",
+    version: "1.0.0",
+    description: "A user has verified their email address.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["user", "verified", "identity"]
+  },
+  payload: UserEmailVerifiedPayload
+});
+var OrgCreatedEvent = defineEvent({
+  meta: {
+    key: "org.created",
+    version: "1.0.0",
+    description: "A new organization has been created.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "created", "identity"]
+  },
+  payload: OrgCreatedPayload
+});
+var OrgUpdatedEvent = defineEvent({
+  meta: {
+    key: "org.updated",
+    version: "1.0.0",
+    description: "An organization has been updated.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "updated", "identity"]
+  },
+  payload: OrgUpdatedPayload
+});
+var OrgDeletedEvent = defineEvent({
+  meta: {
+    key: "org.deleted",
+    version: "1.0.0",
+    description: "An organization has been deleted.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "deleted", "identity"]
+  },
+  payload: OrgDeletedPayload
+});
+var OrgMemberAddedEvent = defineEvent({
+  meta: {
+    key: "org.member.added",
+    version: "1.0.0",
+    description: "A user has joined an organization.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "member", "added", "identity"]
+  },
+  payload: OrgMemberAddedPayload
+});
+var OrgMemberRemovedEvent = defineEvent({
+  meta: {
+    key: "org.member.removed",
+    version: "1.0.0",
+    description: "A user has left or been removed from an organization.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "member", "removed", "identity"]
+  },
+  payload: OrgMemberRemovedPayload
+});
+var OrgMemberRoleChangedEvent = defineEvent({
+  meta: {
+    key: "org.member.role_changed",
+    version: "1.0.0",
+    description: "A member's role in an organization has changed.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "member", "role", "changed", "identity"]
+  },
+  payload: OrgMemberRoleChangedPayload
+});
+var OrgInviteSentEvent = defineEvent({
+  meta: {
+    key: "org.invite.sent",
+    version: "1.0.0",
+    description: "An invitation to join an organization has been sent.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "invite", "sent", "identity"]
+  },
+  pii: ["email"],
+  payload: OrgInviteSentPayload
+});
+var OrgInviteAcceptedEvent = defineEvent({
+  meta: {
+    key: "org.invite.accepted",
+    version: "1.0.0",
+    description: "An invitation has been accepted.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "invite", "accepted", "identity"]
+  },
+  payload: OrgInviteAcceptedPayload
+});
+var OrgInviteDeclinedEvent = defineEvent({
+  meta: {
+    key: "org.invite.declined",
+    version: "1.0.0",
+    description: "An invitation has been declined.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["org", "invite", "declined", "identity"]
+  },
+  payload: OrgInviteDeclinedPayload
+});
+var RoleAssignedEvent = defineEvent({
+  meta: {
+    key: "role.assigned",
+    version: "1.0.0",
+    description: "A role has been assigned.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["role", "assigned", "identity"]
+  },
+  payload: RoleAssignedPayload
+});
+var RoleRevokedEvent = defineEvent({
+  meta: {
+    key: "role.revoked",
+    version: "1.0.0",
+    description: "A role has been revoked.",
+    stability: "stable",
+    owners: ["@platform.identity-rbac"],
+    tags: ["role", "revoked", "identity"]
+  },
+  payload: RoleRevokedPayload
+});
+var IdentityRbacEvents = {
+  UserCreatedEvent,
+  UserUpdatedEvent,
+  UserDeletedEvent,
+  UserEmailVerifiedEvent,
+  OrgCreatedEvent,
+  OrgUpdatedEvent,
+  OrgDeletedEvent,
+  OrgMemberAddedEvent,
+  OrgMemberRemovedEvent,
+  OrgMemberRoleChangedEvent,
+  OrgInviteSentEvent,
+  OrgInviteAcceptedEvent,
+  OrgInviteDeclinedEvent,
+  RoleAssignedEvent,
+  RoleRevokedEvent
+};
+export {
+  UserUpdatedEvent,
+  UserEmailVerifiedEvent,
+  UserDeletedEvent,
+  UserCreatedEvent,
+  RoleRevokedEvent,
+  RoleAssignedEvent,
+  OrgUpdatedEvent,
+  OrgMemberRoleChangedEvent,
+  OrgMemberRemovedEvent,
+  OrgMemberAddedEvent,
+  OrgInviteSentEvent,
+  OrgInviteDeclinedEvent,
+  OrgInviteAcceptedEvent,
+  OrgDeletedEvent,
+  OrgCreatedEvent,
+  IdentityRbacEvents
+};

package/dist/browser/identity-rbac.capability.js

@@ -0,0 +1,28 @@
+// src/identity-rbac.capability.ts
+import { defineCapability, StabilityEnum } from "@contractspec/lib.contracts";
+var IdentityCapability = defineCapability({
+  meta: {
+    key: "identity",
+    version: "1.0.0",
+    kind: "api",
+    stability: StabilityEnum.Experimental,
+    description: "User identity and authentication",
+    owners: ["@platform.core"],
+    tags: ["identity", "auth"]
+  }
+});
+var RbacCapability = defineCapability({
+  meta: {
+    key: "rbac",
+    version: "1.0.0",
+    kind: "api",
+    stability: StabilityEnum.Experimental,
+    description: "Role-based access control",
+    owners: ["@platform.core"],
+    tags: ["rbac", "permissions", "auth"]
+  }
+});
+export {
+  RbacCapability,
+  IdentityCapability
+};

package/dist/browser/identity-rbac.feature.js

@@ -0,0 +1,67 @@
+// src/identity-rbac.feature.ts
+import { defineFeature } from "@contractspec/lib.contracts";
+var IdentityRbacFeature = defineFeature({
+  meta: {
+    key: "identity-rbac",
+    version: "1.0.0",
+    title: "Identity & RBAC",
+    description: "User identity, organization management, and role-based access control",
+    domain: "platform",
+    owners: ["@platform.identity-rbac"],
+    tags: ["identity", "rbac", "users", "organizations", "permissions"],
+    stability: "stable"
+  },
+  operations: [
+    { key: "identity.user.create", version: "1.0.0" },
+    { key: "identity.user.update", version: "1.0.0" },
+    { key: "identity.user.delete", version: "1.0.0" },
+    { key: "identity.user.me", version: "1.0.0" },
+    { key: "identity.user.list", version: "1.0.0" },
+    { key: "identity.org.create", version: "1.0.0" },
+    { key: "identity.org.update", version: "1.0.0" },
+    { key: "identity.org.get", version: "1.0.0" },
+    { key: "identity.org.list", version: "1.0.0" },
+    { key: "identity.org.invite", version: "1.0.0" },
+    { key: "identity.org.invite.accept", version: "1.0.0" },
+    { key: "identity.org.member.remove", version: "1.0.0" },
+    { key: "identity.org.members.list", version: "1.0.0" },
+    { key: "identity.rbac.role.create", version: "1.0.0" },
+    { key: "identity.rbac.role.update", version: "1.0.0" },
+    { key: "identity.rbac.role.delete", version: "1.0.0" },
+    { key: "identity.rbac.role.list", version: "1.0.0" },
+    { key: "identity.rbac.assign", version: "1.0.0" },
+    { key: "identity.rbac.revoke", version: "1.0.0" },
+    { key: "identity.rbac.check", version: "1.0.0" },
+    { key: "identity.rbac.permissions", version: "1.0.0" }
+  ],
+  events: [
+    { key: "user.created", version: "1.0.0" },
+    { key: "user.updated", version: "1.0.0" },
+    { key: "user.deleted", version: "1.0.0" },
+    { key: "user.email_verified", version: "1.0.0" },
+    { key: "org.created", version: "1.0.0" },
+    { key: "org.updated", version: "1.0.0" },
+    { key: "org.deleted", version: "1.0.0" },
+    { key: "org.member.added", version: "1.0.0" },
+    { key: "org.member.removed", version: "1.0.0" },
+    { key: "org.member.role_changed", version: "1.0.0" },
+    { key: "org.invite.sent", version: "1.0.0" },
+    { key: "org.invite.accepted", version: "1.0.0" },
+    { key: "org.invite.declined", version: "1.0.0" },
+    { key: "role.assigned", version: "1.0.0" },
+    { key: "role.revoked", version: "1.0.0" }
+  ],
+  presentations: [],
+  opToPresentation: [],
+  presentationsTargets: [],
+  capabilities: {
+    provides: [
+      { key: "identity", version: "1.0.0" },
+      { key: "rbac", version: "1.0.0" }
+    ],
+    requires: []
+  }
+});
+export {
+  IdentityRbacFeature
+};