@contractspec/lib.identity-rbac 3.7.16 → 3.7.18

package/dist/entities/rbac.js

@@ -1,125 +1,2 @@
 // @bun
-// src/entities/rbac.ts
-import { defineEntity, field, index } from "@contractspec/lib.schema";
-var RoleEntity = defineEntity({
-  name: "Role",
-  description: "A role defines a named set of permissions.",
-  schema: "lssm_sigil",
-  map: "role",
-  fields: {
-    id: field.id(),
-    name: field.string({ isUnique: true, description: "Unique role name" }),
-    description: field.string({
-      isOptional: true,
-      description: "Role description"
-    }),
-    permissions: field.string({
-      isArray: true,
-      description: "Array of permission names"
-    }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt(),
-    policyBindings: field.hasMany("PolicyBinding")
-  }
-});
-var PermissionEntity = defineEntity({
-  name: "Permission",
-  description: "A permission represents an atomic access right.",
-  schema: "lssm_sigil",
-  map: "permission",
-  fields: {
-    id: field.id(),
-    name: field.string({
-      isUnique: true,
-      description: "Unique permission name"
-    }),
-    description: field.string({
-      isOptional: true,
-      description: "Permission description"
-    }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt()
-  }
-});
-var PolicyBindingEntity = defineEntity({
-  name: "PolicyBinding",
-  description: "Binds roles to principals (users or organizations).",
-  schema: "lssm_sigil",
-  map: "policy_binding",
-  fields: {
-    id: field.id(),
-    roleId: field.foreignKey(),
-    targetType: field.string({ description: '"user" or "organization"' }),
-    targetId: field.string({ description: "ID of User or Organization" }),
-    expiresAt: field.dateTime({
-      isOptional: true,
-      description: "When binding expires"
-    }),
-    createdAt: field.createdAt(),
-    userId: field.string({ isOptional: true }),
-    organizationId: field.string({ isOptional: true }),
-    role: field.belongsTo("Role", ["roleId"], ["id"], { onDelete: "Cascade" }),
-    user: field.belongsTo("User", ["userId"], ["id"]),
-    organization: field.belongsTo("Organization", ["organizationId"], ["id"])
-  },
-  indexes: [index.on(["targetType", "targetId"])]
-});
-var ApiKeyEntity = defineEntity({
-  name: "ApiKey",
-  description: "API keys for programmatic access.",
-  schema: "lssm_sigil",
-  map: "api_key",
-  fields: {
-    id: field.id(),
-    name: field.string({ description: "API key name" }),
-    start: field.string({
-      description: "Starting characters for identification"
-    }),
-    prefix: field.string({ description: "API key prefix" }),
-    key: field.string({ description: "Hashed API key" }),
-    userId: field.foreignKey(),
-    refillInterval: field.int({ description: "Refill interval in ms" }),
-    refillAmount: field.int({ description: "Amount to refill" }),
-    lastRefillAt: field.dateTime(),
-    remaining: field.int({ description: "Remaining requests" }),
-    requestCount: field.int({ description: "Total requests made" }),
-    lastRequest: field.dateTime(),
-    enabled: field.boolean({ default: true }),
-    rateLimitEnabled: field.boolean({ default: true }),
-    rateLimitTimeWindow: field.int({ description: "Rate limit window in ms" }),
-    rateLimitMax: field.int({ description: "Max requests in window" }),
-    expiresAt: field.dateTime(),
-    permissions: field.string({ isArray: true }),
-    metadata: field.json({ isOptional: true }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt(),
-    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-  }
-});
-var PasskeyEntity = defineEntity({
-  name: "Passkey",
-  description: "WebAuthn passkeys for passwordless authentication.",
-  schema: "lssm_sigil",
-  map: "passkey",
-  fields: {
-    id: field.id(),
-    name: field.string({ description: "Passkey name" }),
-    publicKey: field.string({ description: "Public key" }),
-    userId: field.foreignKey(),
-    credentialID: field.string({ description: "Credential ID" }),
-    counter: field.int({ description: "Counter" }),
-    deviceType: field.string({ description: "Device type" }),
-    backedUp: field.boolean({ description: "Whether passkey is backed up" }),
-    transports: field.string({ description: "Transports" }),
-    aaguid: field.string({ description: "Authenticator GUID" }),
-    createdAt: field.createdAt(),
-    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-  }
-});
-export {
-  RoleEntity,
-  PolicyBindingEntity,
-  PermissionEntity,
-  PasskeyEntity,
-  ApiKeyEntity
-};
+import{defineEntity as j,field as g,index as q}from"@contractspec/lib.schema";var w=j({name:"Role",description:"A role defines a named set of permissions.",schema:"lssm_sigil",map:"role",fields:{id:g.id(),name:g.string({isUnique:!0,description:"Unique role name"}),description:g.string({isOptional:!0,description:"Role description"}),permissions:g.string({isArray:!0,description:"Array of permission names"}),createdAt:g.createdAt(),updatedAt:g.updatedAt(),policyBindings:g.hasMany("PolicyBinding")}}),z=j({name:"Permission",description:"A permission represents an atomic access right.",schema:"lssm_sigil",map:"permission",fields:{id:g.id(),name:g.string({isUnique:!0,description:"Unique permission name"}),description:g.string({isOptional:!0,description:"Permission description"}),createdAt:g.createdAt(),updatedAt:g.updatedAt()}}),B=j({name:"PolicyBinding",description:"Binds roles to principals (users or organizations).",schema:"lssm_sigil",map:"policy_binding",fields:{id:g.id(),roleId:g.foreignKey(),targetType:g.string({description:'"user" or "organization"'}),targetId:g.string({description:"ID of User or Organization"}),expiresAt:g.dateTime({isOptional:!0,description:"When binding expires"}),createdAt:g.createdAt(),userId:g.string({isOptional:!0}),organizationId:g.string({isOptional:!0}),role:g.belongsTo("Role",["roleId"],["id"],{onDelete:"Cascade"}),user:g.belongsTo("User",["userId"],["id"]),organization:g.belongsTo("Organization",["organizationId"],["id"])},indexes:[q.on(["targetType","targetId"])]}),C=j({name:"ApiKey",description:"API keys for programmatic access.",schema:"lssm_sigil",map:"api_key",fields:{id:g.id(),name:g.string({description:"API key name"}),start:g.string({description:"Starting characters for identification"}),prefix:g.string({description:"API key prefix"}),key:g.string({description:"Hashed API key"}),userId:g.foreignKey(),refillInterval:g.int({description:"Refill interval in ms"}),refillAmount:g.int({description:"Amount to refill"}),lastRefillAt:g.dateTime(),remaining:g.int({description:"Remaining requests"}),requestCount:g.int({description:"Total requests made"}),lastRequest:g.dateTime(),enabled:g.boolean({default:!0}),rateLimitEnabled:g.boolean({default:!0}),rateLimitTimeWindow:g.int({description:"Rate limit window in ms"}),rateLimitMax:g.int({description:"Max requests in window"}),expiresAt:g.dateTime(),permissions:g.string({isArray:!0}),metadata:g.json({isOptional:!0}),createdAt:g.createdAt(),updatedAt:g.updatedAt(),user:g.belongsTo("User",["userId"],["id"],{onDelete:"Cascade"})}}),D=j({name:"Passkey",description:"WebAuthn passkeys for passwordless authentication.",schema:"lssm_sigil",map:"passkey",fields:{id:g.id(),name:g.string({description:"Passkey name"}),publicKey:g.string({description:"Public key"}),userId:g.foreignKey(),credentialID:g.string({description:"Credential ID"}),counter:g.int({description:"Counter"}),deviceType:g.string({description:"Device type"}),backedUp:g.boolean({description:"Whether passkey is backed up"}),transports:g.string({description:"Transports"}),aaguid:g.string({description:"Authenticator GUID"}),createdAt:g.createdAt(),user:g.belongsTo("User",["userId"],["id"],{onDelete:"Cascade"})}});export{w as RoleEntity,B as PolicyBindingEntity,z as PermissionEntity,D as PasskeyEntity,C as ApiKeyEntity};

package/dist/entities/user.js

@@ -1,169 +1,2 @@
 // @bun
-// src/entities/user.ts
-import { defineEntity, field, index } from "@contractspec/lib.schema";
-var UserEntity = defineEntity({
-  name: "User",
-  description: "A user of the platform. Users hold core profile information and authenticate via Account records.",
-  schema: "lssm_sigil",
-  map: "user",
-  fields: {
-    id: field.id({ description: "Unique user identifier" }),
-    email: field.email({ isUnique: true, description: "User email address" }),
-    emailVerified: field.boolean({
-      default: false,
-      description: "Whether email has been verified"
-    }),
-    name: field.string({ isOptional: true, description: "Display name" }),
-    firstName: field.string({ isOptional: true, description: "First name" }),
-    lastName: field.string({ isOptional: true, description: "Last name" }),
-    locale: field.string({
-      isOptional: true,
-      description: 'User locale (e.g., "en-US")'
-    }),
-    timezone: field.string({
-      isOptional: true,
-      description: 'Olson timezone (e.g., "Europe/Paris")'
-    }),
-    imageUrl: field.url({
-      isOptional: true,
-      description: "URL of avatar or profile picture"
-    }),
-    image: field.string({
-      isOptional: true,
-      description: "Legacy image field"
-    }),
-    metadata: field.json({
-      isOptional: true,
-      description: "Arbitrary user metadata"
-    }),
-    onboardingCompleted: field.boolean({
-      default: false,
-      description: "Whether onboarding is complete"
-    }),
-    onboardingStep: field.string({
-      isOptional: true,
-      description: "Current onboarding step"
-    }),
-    whitelistedAt: field.dateTime({
-      isOptional: true,
-      description: "When user was whitelisted"
-    }),
-    role: field.string({
-      isOptional: true,
-      default: '"user"',
-      description: "User role (user, admin)"
-    }),
-    banned: field.boolean({
-      default: false,
-      description: "Whether user is banned"
-    }),
-    banReason: field.string({
-      isOptional: true,
-      description: "Reason for ban"
-    }),
-    banExpires: field.dateTime({
-      isOptional: true,
-      description: "When ban expires"
-    }),
-    phoneNumber: field.string({
-      isOptional: true,
-      isUnique: true,
-      description: "Phone number"
-    }),
-    phoneNumberVerified: field.boolean({
-      default: false,
-      description: "Whether phone is verified"
-    }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt(),
-    sessions: field.hasMany("Session"),
-    accounts: field.hasMany("Account"),
-    memberships: field.hasMany("Member"),
-    invitations: field.hasMany("Invitation"),
-    teamMemberships: field.hasMany("TeamMember"),
-    policyBindings: field.hasMany("PolicyBinding"),
-    apiKeys: field.hasMany("ApiKey"),
-    passkeys: field.hasMany("Passkey")
-  }
-});
-var SessionEntity = defineEntity({
-  name: "Session",
-  description: "Represents a login session (e.g., web session or API token).",
-  schema: "lssm_sigil",
-  map: "session",
-  fields: {
-    id: field.id(),
-    userId: field.foreignKey(),
-    expiresAt: field.dateTime({ description: "Session expiration time" }),
-    token: field.string({ isUnique: true, description: "Session token" }),
-    ipAddress: field.string({
-      isOptional: true,
-      description: "Client IP address"
-    }),
-    userAgent: field.string({
-      isOptional: true,
-      description: "Client user agent"
-    }),
-    impersonatedBy: field.string({
-      isOptional: true,
-      description: "Admin impersonating this session"
-    }),
-    activeOrganizationId: field.string({
-      isOptional: true,
-      description: "Active org context"
-    }),
-    activeTeamId: field.string({
-      isOptional: true,
-      description: "Active team context"
-    }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt(),
-    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-  }
-});
-var AccountEntity = defineEntity({
-  name: "Account",
-  description: "External authentication accounts (OAuth, password, etc.).",
-  schema: "lssm_sigil",
-  map: "account",
-  fields: {
-    id: field.id(),
-    accountId: field.string({ description: "Account ID from provider" }),
-    providerId: field.string({ description: "Provider identifier" }),
-    userId: field.foreignKey(),
-    accessToken: field.string({ isOptional: true }),
-    refreshToken: field.string({ isOptional: true }),
-    idToken: field.string({ isOptional: true }),
-    accessTokenExpiresAt: field.dateTime({ isOptional: true }),
-    refreshTokenExpiresAt: field.dateTime({ isOptional: true }),
-    scope: field.string({ isOptional: true }),
-    password: field.string({
-      isOptional: true,
-      description: "Hashed password for password providers"
-    }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt(),
-    user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-  },
-  indexes: [index.unique(["accountId", "providerId"])]
-});
-var VerificationEntity = defineEntity({
-  name: "Verification",
-  description: "Verification tokens for email/phone confirmation.",
-  schema: "lssm_sigil",
-  map: "verification",
-  fields: {
-    id: field.uuid(),
-    identifier: field.string({ description: "Email or phone being verified" }),
-    value: field.string({ description: "Verification code/token" }),
-    expiresAt: field.dateTime({ description: "Token expiration" }),
-    createdAt: field.createdAt(),
-    updatedAt: field.updatedAt()
-  }
-});
-export {
-  VerificationEntity,
-  UserEntity,
-  SessionEntity,
-  AccountEntity
-};
+import{defineEntity as j,field as g,index as q}from"@contractspec/lib.schema";var w=j({name:"User",description:"A user of the platform. Users hold core profile information and authenticate via Account records.",schema:"lssm_sigil",map:"user",fields:{id:g.id({description:"Unique user identifier"}),email:g.email({isUnique:!0,description:"User email address"}),emailVerified:g.boolean({default:!1,description:"Whether email has been verified"}),name:g.string({isOptional:!0,description:"Display name"}),firstName:g.string({isOptional:!0,description:"First name"}),lastName:g.string({isOptional:!0,description:"Last name"}),locale:g.string({isOptional:!0,description:'User locale (e.g., "en-US")'}),timezone:g.string({isOptional:!0,description:'Olson timezone (e.g., "Europe/Paris")'}),imageUrl:g.url({isOptional:!0,description:"URL of avatar or profile picture"}),image:g.string({isOptional:!0,description:"Legacy image field"}),metadata:g.json({isOptional:!0,description:"Arbitrary user metadata"}),onboardingCompleted:g.boolean({default:!1,description:"Whether onboarding is complete"}),onboardingStep:g.string({isOptional:!0,description:"Current onboarding step"}),whitelistedAt:g.dateTime({isOptional:!0,description:"When user was whitelisted"}),role:g.string({isOptional:!0,default:'"user"',description:"User role (user, admin)"}),banned:g.boolean({default:!1,description:"Whether user is banned"}),banReason:g.string({isOptional:!0,description:"Reason for ban"}),banExpires:g.dateTime({isOptional:!0,description:"When ban expires"}),phoneNumber:g.string({isOptional:!0,isUnique:!0,description:"Phone number"}),phoneNumberVerified:g.boolean({default:!1,description:"Whether phone is verified"}),createdAt:g.createdAt(),updatedAt:g.updatedAt(),sessions:g.hasMany("Session"),accounts:g.hasMany("Account"),memberships:g.hasMany("Member"),invitations:g.hasMany("Invitation"),teamMemberships:g.hasMany("TeamMember"),policyBindings:g.hasMany("PolicyBinding"),apiKeys:g.hasMany("ApiKey"),passkeys:g.hasMany("Passkey")}}),z=j({name:"Session",description:"Represents a login session (e.g., web session or API token).",schema:"lssm_sigil",map:"session",fields:{id:g.id(),userId:g.foreignKey(),expiresAt:g.dateTime({description:"Session expiration time"}),token:g.string({isUnique:!0,description:"Session token"}),ipAddress:g.string({isOptional:!0,description:"Client IP address"}),userAgent:g.string({isOptional:!0,description:"Client user agent"}),impersonatedBy:g.string({isOptional:!0,description:"Admin impersonating this session"}),activeOrganizationId:g.string({isOptional:!0,description:"Active org context"}),activeTeamId:g.string({isOptional:!0,description:"Active team context"}),createdAt:g.createdAt(),updatedAt:g.updatedAt(),user:g.belongsTo("User",["userId"],["id"],{onDelete:"Cascade"})}}),A=j({name:"Account",description:"External authentication accounts (OAuth, password, etc.).",schema:"lssm_sigil",map:"account",fields:{id:g.id(),accountId:g.string({description:"Account ID from provider"}),providerId:g.string({description:"Provider identifier"}),userId:g.foreignKey(),accessToken:g.string({isOptional:!0}),refreshToken:g.string({isOptional:!0}),idToken:g.string({isOptional:!0}),accessTokenExpiresAt:g.dateTime({isOptional:!0}),refreshTokenExpiresAt:g.dateTime({isOptional:!0}),scope:g.string({isOptional:!0}),password:g.string({isOptional:!0,description:"Hashed password for password providers"}),createdAt:g.createdAt(),updatedAt:g.updatedAt(),user:g.belongsTo("User",["userId"],["id"],{onDelete:"Cascade"})},indexes:[q.unique(["accountId","providerId"])]}),B=j({name:"Verification",description:"Verification tokens for email/phone confirmation.",schema:"lssm_sigil",map:"verification",fields:{id:g.uuid(),identifier:g.string({description:"Email or phone being verified"}),value:g.string({description:"Verification code/token"}),expiresAt:g.dateTime({description:"Token expiration"}),createdAt:g.createdAt(),updatedAt:g.updatedAt()}});export{B as VerificationEntity,w as UserEntity,z as SessionEntity,A as AccountEntity};