@contractspec/lib.identity-rbac 3.7.17 → 3.7.18

package/dist/node/contracts/organization.js

@@ -1,655 +1 @@
-// src/contracts/user.ts
-import { defineCommand, defineQuery } from "@contractspec/lib.contracts-spec";
-import { ScalarTypeEnum, SchemaModel } from "@contractspec/lib.schema";
-var OWNERS = ["platform.identity-rbac"];
-var UserProfileModel = new SchemaModel({
-  name: "UserProfile",
-  description: "User profile information",
-  fields: {
-    id: { type: ScalarTypeEnum.String_unsecure(), isOptional: false },
-    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
-    emailVerified: { type: ScalarTypeEnum.Boolean(), isOptional: false },
-    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true },
-    role: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    onboardingCompleted: { type: ScalarTypeEnum.Boolean(), isOptional: false },
-    createdAt: { type: ScalarTypeEnum.DateTime(), isOptional: false }
-  }
-});
-var CreateUserInputModel = new SchemaModel({
-  name: "CreateUserInput",
-  description: "Input for creating a new user",
-  fields: {
-    email: { type: ScalarTypeEnum.EmailAddress(), isOptional: false },
-    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    password: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
-  }
-});
-var UpdateUserInputModel = new SchemaModel({
-  name: "UpdateUserInput",
-  description: "Input for updating a user profile",
-  fields: {
-    name: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    firstName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    lastName: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    locale: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    timezone: { type: ScalarTypeEnum.String_unsecure(), isOptional: true },
-    imageUrl: { type: ScalarTypeEnum.URL(), isOptional: true }
-  }
-});
-var DeleteUserInputModel = new SchemaModel({
-  name: "DeleteUserInput",
-  description: "Input for deleting a user",
-  fields: {
-    confirmEmail: { type: ScalarTypeEnum.EmailAddress(), isOptional: false }
-  }
-});
-var SuccessResultModel = new SchemaModel({
-  name: "SuccessResult",
-  description: "Simple success result",
-  fields: {
-    success: { type: ScalarTypeEnum.Boolean(), isOptional: false }
-  }
-});
-var UserDeletedPayloadModel = new SchemaModel({
-  name: "UserDeletedPayload",
-  description: "Payload for user deleted event",
-  fields: {
-    userId: { type: ScalarTypeEnum.String_unsecure(), isOptional: false }
-  }
-});
-var ListUsersInputModel = new SchemaModel({
-  name: "ListUsersInput",
-  description: "Input for listing users",
-  fields: {
-    limit: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
-    offset: { type: ScalarTypeEnum.Int_unsecure(), isOptional: true },
-    search: { type: ScalarTypeEnum.String_unsecure(), isOptional: true }
-  }
-});
-var ListUsersOutputModel = new SchemaModel({
-  name: "ListUsersOutput",
-  description: "Output for listing users",
-  fields: {
-    users: { type: UserProfileModel, isOptional: false, isArray: true },
-    total: { type: ScalarTypeEnum.Int_unsecure(), isOptional: false }
-  }
-});
-var CreateUserContract = defineCommand({
-  meta: {
-    key: "identity.user.create",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS],
-    tags: ["identity", "user", "create"],
-    description: "Create a new user account.",
-    goal: "Register a new user in the system.",
-    context: "Used during signup flows. May trigger email verification."
-  },
-  io: {
-    input: CreateUserInputModel,
-    output: UserProfileModel,
-    errors: {
-      EMAIL_EXISTS: {
-        description: "A user with this email already exists",
-        http: 409,
-        gqlCode: "EMAIL_EXISTS",
-        when: "Email is already registered"
-      }
-    }
-  },
-  policy: {
-    auth: "anonymous"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "user.created",
-        version: "1.0.0",
-        when: "User is successfully created",
-        payload: UserProfileModel
-      }
-    ],
-    audit: ["user.created"]
-  }
-});
-var GetCurrentUserContract = defineQuery({
-  meta: {
-    key: "identity.user.me",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS],
-    tags: ["identity", "user", "profile"],
-    description: "Get the current authenticated user profile.",
-    goal: "Retrieve user profile for the authenticated session.",
-    context: "Called on app load and after profile updates."
-  },
-  io: {
-    input: null,
-    output: UserProfileModel
-  },
-  policy: {
-    auth: "user"
-  }
-});
-var UpdateUserContract = defineCommand({
-  meta: {
-    key: "identity.user.update",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS],
-    tags: ["identity", "user", "update"],
-    description: "Update user profile information.",
-    goal: "Allow users to update their profile.",
-    context: "Self-service profile updates."
-  },
-  io: {
-    input: UpdateUserInputModel,
-    output: UserProfileModel
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "user.updated",
-        version: "1.0.0",
-        when: "User profile is updated",
-        payload: UserProfileModel
-      }
-    ],
-    audit: ["user.updated"]
-  }
-});
-var DeleteUserContract = defineCommand({
-  meta: {
-    key: "identity.user.delete",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS],
-    tags: ["identity", "user", "delete"],
-    description: "Delete user account and all associated data.",
-    goal: "Allow users to delete their account (GDPR compliance).",
-    context: "Self-service account deletion. Cascades to memberships, sessions, etc."
-  },
-  io: {
-    input: DeleteUserInputModel,
-    output: SuccessResultModel
-  },
-  policy: {
-    auth: "user",
-    escalate: "human_review"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "user.deleted",
-        version: "1.0.0",
-        when: "User account is deleted",
-        payload: UserDeletedPayloadModel
-      }
-    ],
-    audit: ["user.deleted"]
-  }
-});
-var ListUsersContract = defineQuery({
-  meta: {
-    key: "identity.user.list",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS],
-    tags: ["identity", "user", "admin", "list"],
-    description: "List all users (admin only).",
-    goal: "Allow admins to browse and manage users.",
-    context: "Admin dashboard user management."
-  },
-  io: {
-    input: ListUsersInputModel,
-    output: ListUsersOutputModel
-  },
-  policy: {
-    auth: "admin"
-  }
-});
-
-// src/contracts/organization.ts
-import { defineCommand as defineCommand2, defineQuery as defineQuery2 } from "@contractspec/lib.contracts-spec";
-import { ScalarTypeEnum as ScalarTypeEnum2, SchemaModel as SchemaModel2 } from "@contractspec/lib.schema";
-var OWNERS2 = ["platform.identity-rbac"];
-var OrganizationModel = new SchemaModel2({
-  name: "Organization",
-  description: "Organization details",
-  fields: {
-    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
-    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
-    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
-  }
-});
-var MemberUserModel = new SchemaModel2({
-  name: "MemberUser",
-  description: "Basic user info within a member",
-  fields: {
-    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
-    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
-  }
-});
-var MemberModel = new SchemaModel2({
-  name: "Member",
-  description: "Organization member",
-  fields: {
-    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    organizationId: {
-      type: ScalarTypeEnum2.String_unsecure(),
-      isOptional: false
-    },
-    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
-    user: { type: MemberUserModel, isOptional: false }
-  }
-});
-var InvitationModel = new SchemaModel2({
-  name: "Invitation",
-  description: "Organization invitation",
-  fields: {
-    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
-    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    status: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    expiresAt: { type: ScalarTypeEnum2.DateTime(), isOptional: true },
-    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false }
-  }
-});
-var CreateOrgInputModel = new SchemaModel2({
-  name: "CreateOrgInput",
-  description: "Input for creating an organization",
-  fields: {
-    name: { type: ScalarTypeEnum2.NonEmptyString(), isOptional: false },
-    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
-  }
-});
-var GetOrgInputModel = new SchemaModel2({
-  name: "GetOrgInput",
-  description: "Input for getting an organization",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
-  }
-});
-var UpdateOrgInputModel = new SchemaModel2({
-  name: "UpdateOrgInput",
-  description: "Input for updating an organization",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
-    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
-  }
-});
-var InviteMemberInputModel = new SchemaModel2({
-  name: "InviteMemberInput",
-  description: "Input for inviting a member",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    email: { type: ScalarTypeEnum2.EmailAddress(), isOptional: false },
-    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    teamId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true }
-  }
-});
-var AcceptInviteInputModel = new SchemaModel2({
-  name: "AcceptInviteInput",
-  description: "Input for accepting an invitation",
-  fields: {
-    invitationId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
-  }
-});
-var RemoveMemberInputModel = new SchemaModel2({
-  name: "RemoveMemberInput",
-  description: "Input for removing a member",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
-  }
-});
-var MemberRemovedPayloadModel = new SchemaModel2({
-  name: "MemberRemovedPayload",
-  description: "Payload for member removed event",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    userId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
-  }
-});
-var ListMembersInputModel = new SchemaModel2({
-  name: "ListMembersInput",
-  description: "Input for listing members",
-  fields: {
-    orgId: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    limit: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true },
-    offset: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: true }
-  }
-});
-var ListMembersOutputModel = new SchemaModel2({
-  name: "ListMembersOutput",
-  description: "Output for listing members",
-  fields: {
-    members: { type: MemberModel, isOptional: false, isArray: true },
-    total: { type: ScalarTypeEnum2.Int_unsecure(), isOptional: false }
-  }
-});
-var OrganizationWithRoleModel = new SchemaModel2({
-  name: "OrganizationWithRole",
-  description: "Organization with user role",
-  fields: {
-    id: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    name: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    slug: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    logo: { type: ScalarTypeEnum2.URL(), isOptional: true },
-    description: { type: ScalarTypeEnum2.String_unsecure(), isOptional: true },
-    type: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false },
-    onboardingCompleted: { type: ScalarTypeEnum2.Boolean(), isOptional: false },
-    createdAt: { type: ScalarTypeEnum2.DateTime(), isOptional: false },
-    role: { type: ScalarTypeEnum2.String_unsecure(), isOptional: false }
-  }
-});
-var ListUserOrgsOutputModel = new SchemaModel2({
-  name: "ListUserOrgsOutput",
-  description: "Output for listing user organizations",
-  fields: {
-    organizations: {
-      type: OrganizationWithRoleModel,
-      isOptional: false,
-      isArray: true
-    }
-  }
-});
-var CreateOrgContract = defineCommand2({
-  meta: {
-    key: "identity.org.create",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "create"],
-    description: "Create a new organization.",
-    goal: "Allow users to create new organizations/workspaces.",
-    context: "Called during onboarding or when creating additional workspaces."
-  },
-  io: {
-    input: CreateOrgInputModel,
-    output: OrganizationModel,
-    errors: {
-      SLUG_EXISTS: {
-        description: "An organization with this slug already exists",
-        http: 409,
-        gqlCode: "SLUG_EXISTS",
-        when: "Slug is already taken"
-      }
-    }
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "org.created",
-        version: "1.0.0",
-        when: "Organization is created",
-        payload: OrganizationModel
-      }
-    ],
-    audit: ["org.created"]
-  }
-});
-var GetOrgContract = defineQuery2({
-  meta: {
-    key: "identity.org.get",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "get"],
-    description: "Get organization details.",
-    goal: "Retrieve organization information.",
-    context: "Called when viewing organization settings or dashboard."
-  },
-  io: {
-    input: GetOrgInputModel,
-    output: OrganizationModel
-  },
-  policy: {
-    auth: "user"
-  }
-});
-var UpdateOrgContract = defineCommand2({
-  meta: {
-    key: "identity.org.update",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "update"],
-    description: "Update organization details.",
-    goal: "Allow org admins to update organization settings.",
-    context: "Organization settings page."
-  },
-  io: {
-    input: UpdateOrgInputModel,
-    output: OrganizationModel
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "org.updated",
-        version: "1.0.0",
-        when: "Organization is updated",
-        payload: OrganizationModel
-      }
-    ],
-    audit: ["org.updated"]
-  }
-});
-var InviteMemberContract = defineCommand2({
-  meta: {
-    key: "identity.org.invite",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "invite", "member"],
-    description: "Invite a user to join the organization.",
-    goal: "Allow org admins to invite new members.",
-    context: "Team management. Sends invitation email."
-  },
-  io: {
-    input: InviteMemberInputModel,
-    output: InvitationModel,
-    errors: {
-      ALREADY_MEMBER: {
-        description: "User is already a member of this organization",
-        http: 409,
-        gqlCode: "ALREADY_MEMBER",
-        when: "Invitee is already a member"
-      },
-      INVITE_PENDING: {
-        description: "An invitation for this email is already pending",
-        http: 409,
-        gqlCode: "INVITE_PENDING",
-        when: "Active invitation exists"
-      }
-    }
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "org.invite.sent",
-        version: "1.0.0",
-        when: "Invitation is sent",
-        payload: InvitationModel
-      }
-    ],
-    audit: ["org.invite.sent"]
-  }
-});
-var AcceptInviteContract = defineCommand2({
-  meta: {
-    key: "identity.org.invite.accept",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "invite", "accept"],
-    description: "Accept an organization invitation.",
-    goal: "Allow users to join organizations via invitation.",
-    context: "Called from invitation email link."
-  },
-  io: {
-    input: AcceptInviteInputModel,
-    output: MemberModel,
-    errors: {
-      INVITE_EXPIRED: {
-        description: "The invitation has expired",
-        http: 410,
-        gqlCode: "INVITE_EXPIRED",
-        when: "Invitation is past expiry date"
-      },
-      INVITE_USED: {
-        description: "The invitation has already been used",
-        http: 409,
-        gqlCode: "INVITE_USED",
-        when: "Invitation was already accepted"
-      }
-    }
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "org.member.added",
-        version: "1.0.0",
-        when: "Member joins org",
-        payload: MemberModel
-      }
-    ],
-    audit: ["org.member.added"]
-  }
-});
-var RemoveMemberContract = defineCommand2({
-  meta: {
-    key: "identity.org.member.remove",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "member", "remove"],
-    description: "Remove a member from the organization.",
-    goal: "Allow org admins to remove members.",
-    context: "Team management."
-  },
-  io: {
-    input: RemoveMemberInputModel,
-    output: SuccessResultModel,
-    errors: {
-      CANNOT_REMOVE_OWNER: {
-        description: "Cannot remove the organization owner",
-        http: 403,
-        gqlCode: "CANNOT_REMOVE_OWNER",
-        when: "Target is the org owner"
-      }
-    }
-  },
-  policy: {
-    auth: "user"
-  },
-  sideEffects: {
-    emits: [
-      {
-        key: "org.member.removed",
-        version: "1.0.0",
-        when: "Member is removed",
-        payload: MemberRemovedPayloadModel
-      }
-    ],
-    audit: ["org.member.removed"]
-  }
-});
-var ListMembersContract = defineQuery2({
-  meta: {
-    key: "identity.org.members.list",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "member", "list"],
-    description: "List organization members.",
-    goal: "View all members of an organization.",
-    context: "Team management page."
-  },
-  io: {
-    input: ListMembersInputModel,
-    output: ListMembersOutputModel
-  },
-  policy: {
-    auth: "user"
-  }
-});
-var ListUserOrgsContract = defineQuery2({
-  meta: {
-    key: "identity.org.list",
-    version: "1.0.0",
-    stability: "stable",
-    owners: [...OWNERS2],
-    tags: ["identity", "org", "list"],
-    description: "List organizations the current user belongs to.",
-    goal: "Show user their organizations for workspace switching.",
-    context: "Workspace switcher, org selection."
-  },
-  io: {
-    input: null,
-    output: ListUserOrgsOutputModel
-  },
-  policy: {
-    auth: "user"
-  }
-});
-export {
-  UpdateOrgInputModel,
-  UpdateOrgContract,
-  RemoveMemberInputModel,
-  RemoveMemberContract,
-  OrganizationWithRoleModel,
-  OrganizationModel,
-  MemberUserModel,
-  MemberRemovedPayloadModel,
-  MemberModel,
-  ListUserOrgsOutputModel,
-  ListUserOrgsContract,
-  ListMembersOutputModel,
-  ListMembersInputModel,
-  ListMembersContract,
-  InviteMemberInputModel,
-  InviteMemberContract,
-  InvitationModel,
-  GetOrgInputModel,
-  GetOrgContract,
-  CreateOrgInputModel,
-  CreateOrgContract,
-  AcceptInviteInputModel,
-  AcceptInviteContract
-};
+import{defineCommand as K,defineQuery as Z}from"@contractspec/lib.contracts-spec";import{ScalarTypeEnum as k,SchemaModel as w}from"@contractspec/lib.schema";var F=["platform.identity-rbac"],B=new w({name:"UserProfile",description:"User profile information",fields:{id:{type:k.String_unsecure(),isOptional:!1},email:{type:k.EmailAddress(),isOptional:!1},emailVerified:{type:k.Boolean(),isOptional:!1},name:{type:k.String_unsecure(),isOptional:!0},firstName:{type:k.String_unsecure(),isOptional:!0},lastName:{type:k.String_unsecure(),isOptional:!0},locale:{type:k.String_unsecure(),isOptional:!0},timezone:{type:k.String_unsecure(),isOptional:!0},imageUrl:{type:k.URL(),isOptional:!0},role:{type:k.String_unsecure(),isOptional:!0},onboardingCompleted:{type:k.Boolean(),isOptional:!1},createdAt:{type:k.DateTime(),isOptional:!1}}}),$=new w({name:"CreateUserInput",description:"Input for creating a new user",fields:{email:{type:k.EmailAddress(),isOptional:!1},name:{type:k.String_unsecure(),isOptional:!0},firstName:{type:k.String_unsecure(),isOptional:!0},lastName:{type:k.String_unsecure(),isOptional:!0},password:{type:k.String_unsecure(),isOptional:!0}}}),A=new w({name:"UpdateUserInput",description:"Input for updating a user profile",fields:{name:{type:k.String_unsecure(),isOptional:!0},firstName:{type:k.String_unsecure(),isOptional:!0},lastName:{type:k.String_unsecure(),isOptional:!0},locale:{type:k.String_unsecure(),isOptional:!0},timezone:{type:k.String_unsecure(),isOptional:!0},imageUrl:{type:k.URL(),isOptional:!0}}}),G=new w({name:"DeleteUserInput",description:"Input for deleting a user",fields:{confirmEmail:{type:k.EmailAddress(),isOptional:!1}}}),V=new w({name:"SuccessResult",description:"Simple success result",fields:{success:{type:k.Boolean(),isOptional:!1}}}),D=new w({name:"UserDeletedPayload",description:"Payload for user deleted event",fields:{userId:{type:k.String_unsecure(),isOptional:!1}}}),L=new w({name:"ListUsersInput",description:"Input for listing users",fields:{limit:{type:k.Int_unsecure(),isOptional:!0},offset:{type:k.Int_unsecure(),isOptional:!0},search:{type:k.String_unsecure(),isOptional:!0}}}),Q=new w({name:"ListUsersOutput",description:"Output for listing users",fields:{users:{type:B,isOptional:!1,isArray:!0},total:{type:k.Int_unsecure(),isOptional:!1}}}),s=K({meta:{key:"identity.user.create",version:"1.0.0",stability:"stable",owners:[...F],tags:["identity","user","create"],description:"Create a new user account.",goal:"Register a new user in the system.",context:"Used during signup flows. May trigger email verification."},io:{input:$,output:B,errors:{EMAIL_EXISTS:{description:"A user with this email already exists",http:409,gqlCode:"EMAIL_EXISTS",when:"Email is already registered"}}},policy:{auth:"anonymous"},sideEffects:{emits:[{key:"user.created",version:"1.0.0",when:"User is successfully created",payload:B}],audit:["user.created"]}}),i=Z({meta:{key:"identity.user.me",version:"1.0.0",stability:"stable",owners:[...F],tags:["identity","user","profile"],description:"Get the current authenticated user profile.",goal:"Retrieve user profile for the authenticated session.",context:"Called on app load and after profile updates."},io:{input:null,output:B},policy:{auth:"user"}}),t=K({meta:{key:"identity.user.update",version:"1.0.0",stability:"stable",owners:[...F],tags:["identity","user","update"],description:"Update user profile information.",goal:"Allow users to update their profile.",context:"Self-service profile updates."},io:{input:A,output:B},policy:{auth:"user"},sideEffects:{emits:[{key:"user.updated",version:"1.0.0",when:"User profile is updated",payload:B}],audit:["user.updated"]}}),M=K({meta:{key:"identity.user.delete",version:"1.0.0",stability:"stable",owners:[...F],tags:["identity","user","delete"],description:"Delete user account and all associated data.",goal:"Allow users to delete their account (GDPR compliance).",context:"Self-service account deletion. Cascades to memberships, sessions, etc."},io:{input:G,output:V},policy:{auth:"user",escalate:"human_review"},sideEffects:{emits:[{key:"user.deleted",version:"1.0.0",when:"User account is deleted",payload:D}],audit:["user.deleted"]}}),T=Z({meta:{key:"identity.user.list",version:"1.0.0",stability:"stable",owners:[...F],tags:["identity","user","admin","list"],description:"List all users (admin only).",goal:"Allow admins to browse and manage users.",context:"Admin dashboard user management."},io:{input:L,output:Q},policy:{auth:"admin"}});import{defineCommand as J,defineQuery as Y}from"@contractspec/lib.contracts-spec";import{ScalarTypeEnum as j,SchemaModel as q}from"@contractspec/lib.schema";var x=["platform.identity-rbac"],H=new q({name:"Organization",description:"Organization details",fields:{id:{type:j.String_unsecure(),isOptional:!1},name:{type:j.String_unsecure(),isOptional:!1},slug:{type:j.String_unsecure(),isOptional:!0},logo:{type:j.URL(),isOptional:!0},description:{type:j.String_unsecure(),isOptional:!0},type:{type:j.String_unsecure(),isOptional:!1},onboardingCompleted:{type:j.Boolean(),isOptional:!1},createdAt:{type:j.DateTime(),isOptional:!1}}}),v=new q({name:"MemberUser",description:"Basic user info within a member",fields:{id:{type:j.String_unsecure(),isOptional:!1},email:{type:j.EmailAddress(),isOptional:!1},name:{type:j.String_unsecure(),isOptional:!0}}}),X=new q({name:"Member",description:"Organization member",fields:{id:{type:j.String_unsecure(),isOptional:!1},userId:{type:j.String_unsecure(),isOptional:!1},organizationId:{type:j.String_unsecure(),isOptional:!1},role:{type:j.String_unsecure(),isOptional:!1},createdAt:{type:j.DateTime(),isOptional:!1},user:{type:v,isOptional:!1}}}),_=new q({name:"Invitation",description:"Organization invitation",fields:{id:{type:j.String_unsecure(),isOptional:!1},email:{type:j.EmailAddress(),isOptional:!1},role:{type:j.String_unsecure(),isOptional:!0},status:{type:j.String_unsecure(),isOptional:!1},expiresAt:{type:j.DateTime(),isOptional:!0},createdAt:{type:j.DateTime(),isOptional:!1}}}),z=new q({name:"CreateOrgInput",description:"Input for creating an organization",fields:{name:{type:j.NonEmptyString(),isOptional:!1},slug:{type:j.String_unsecure(),isOptional:!0},description:{type:j.String_unsecure(),isOptional:!0},type:{type:j.String_unsecure(),isOptional:!0}}}),P=new q({name:"GetOrgInput",description:"Input for getting an organization",fields:{orgId:{type:j.String_unsecure(),isOptional:!1}}}),g=new q({name:"UpdateOrgInput",description:"Input for updating an organization",fields:{orgId:{type:j.String_unsecure(),isOptional:!1},name:{type:j.String_unsecure(),isOptional:!0},slug:{type:j.String_unsecure(),isOptional:!0},logo:{type:j.URL(),isOptional:!0},description:{type:j.String_unsecure(),isOptional:!0}}}),C=new q({name:"InviteMemberInput",description:"Input for inviting a member",fields:{orgId:{type:j.String_unsecure(),isOptional:!1},email:{type:j.EmailAddress(),isOptional:!1},role:{type:j.String_unsecure(),isOptional:!1},teamId:{type:j.String_unsecure(),isOptional:!0}}}),b=new q({name:"AcceptInviteInput",description:"Input for accepting an invitation",fields:{invitationId:{type:j.String_unsecure(),isOptional:!1}}}),N=new q({name:"RemoveMemberInput",description:"Input for removing a member",fields:{orgId:{type:j.String_unsecure(),isOptional:!1},userId:{type:j.String_unsecure(),isOptional:!1}}}),W=new q({name:"MemberRemovedPayload",description:"Payload for member removed event",fields:{orgId:{type:j.String_unsecure(),isOptional:!1},userId:{type:j.String_unsecure(),isOptional:!1}}}),I=new q({name:"ListMembersInput",description:"Input for listing members",fields:{orgId:{type:j.String_unsecure(),isOptional:!1},limit:{type:j.Int_unsecure(),isOptional:!0},offset:{type:j.Int_unsecure(),isOptional:!0}}}),U=new q({name:"ListMembersOutput",description:"Output for listing members",fields:{members:{type:X,isOptional:!1,isArray:!0},total:{type:j.Int_unsecure(),isOptional:!1}}}),R=new q({name:"OrganizationWithRole",description:"Organization with user role",fields:{id:{type:j.String_unsecure(),isOptional:!1},name:{type:j.String_unsecure(),isOptional:!1},slug:{type:j.String_unsecure(),isOptional:!0},logo:{type:j.URL(),isOptional:!0},description:{type:j.String_unsecure(),isOptional:!0},type:{type:j.String_unsecure(),isOptional:!1},onboardingCompleted:{type:j.Boolean(),isOptional:!1},createdAt:{type:j.DateTime(),isOptional:!1},role:{type:j.String_unsecure(),isOptional:!1}}}),f=new q({name:"ListUserOrgsOutput",description:"Output for listing user organizations",fields:{organizations:{type:R,isOptional:!1,isArray:!0}}}),p=J({meta:{key:"identity.org.create",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","create"],description:"Create a new organization.",goal:"Allow users to create new organizations/workspaces.",context:"Called during onboarding or when creating additional workspaces."},io:{input:z,output:H,errors:{SLUG_EXISTS:{description:"An organization with this slug already exists",http:409,gqlCode:"SLUG_EXISTS",when:"Slug is already taken"}}},policy:{auth:"user"},sideEffects:{emits:[{key:"org.created",version:"1.0.0",when:"Organization is created",payload:H}],audit:["org.created"]}}),u=Y({meta:{key:"identity.org.get",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","get"],description:"Get organization details.",goal:"Retrieve organization information.",context:"Called when viewing organization settings or dashboard."},io:{input:P,output:H},policy:{auth:"user"}}),S=J({meta:{key:"identity.org.update",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","update"],description:"Update organization details.",goal:"Allow org admins to update organization settings.",context:"Organization settings page."},io:{input:g,output:H},policy:{auth:"user"},sideEffects:{emits:[{key:"org.updated",version:"1.0.0",when:"Organization is updated",payload:H}],audit:["org.updated"]}}),c=J({meta:{key:"identity.org.invite",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","invite","member"],description:"Invite a user to join the organization.",goal:"Allow org admins to invite new members.",context:"Team management. Sends invitation email."},io:{input:C,output:_,errors:{ALREADY_MEMBER:{description:"User is already a member of this organization",http:409,gqlCode:"ALREADY_MEMBER",when:"Invitee is already a member"},INVITE_PENDING:{description:"An invitation for this email is already pending",http:409,gqlCode:"INVITE_PENDING",when:"Active invitation exists"}}},policy:{auth:"user"},sideEffects:{emits:[{key:"org.invite.sent",version:"1.0.0",when:"Invitation is sent",payload:_}],audit:["org.invite.sent"]}}),m=J({meta:{key:"identity.org.invite.accept",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","invite","accept"],description:"Accept an organization invitation.",goal:"Allow users to join organizations via invitation.",context:"Called from invitation email link."},io:{input:b,output:X,errors:{INVITE_EXPIRED:{description:"The invitation has expired",http:410,gqlCode:"INVITE_EXPIRED",when:"Invitation is past expiry date"},INVITE_USED:{description:"The invitation has already been used",http:409,gqlCode:"INVITE_USED",when:"Invitation was already accepted"}}},policy:{auth:"user"},sideEffects:{emits:[{key:"org.member.added",version:"1.0.0",when:"Member joins org",payload:X}],audit:["org.member.added"]}}),r=J({meta:{key:"identity.org.member.remove",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","member","remove"],description:"Remove a member from the organization.",goal:"Allow org admins to remove members.",context:"Team management."},io:{input:N,output:V,errors:{CANNOT_REMOVE_OWNER:{description:"Cannot remove the organization owner",http:403,gqlCode:"CANNOT_REMOVE_OWNER",when:"Target is the org owner"}}},policy:{auth:"user"},sideEffects:{emits:[{key:"org.member.removed",version:"1.0.0",when:"Member is removed",payload:W}],audit:["org.member.removed"]}}),n=Y({meta:{key:"identity.org.members.list",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","member","list"],description:"List organization members.",goal:"View all members of an organization.",context:"Team management page."},io:{input:I,output:U},policy:{auth:"user"}}),l=Y({meta:{key:"identity.org.list",version:"1.0.0",stability:"stable",owners:[...x],tags:["identity","org","list"],description:"List organizations the current user belongs to.",goal:"Show user their organizations for workspace switching.",context:"Workspace switcher, org selection."},io:{input:null,output:f},policy:{auth:"user"}});export{g as UpdateOrgInputModel,S as UpdateOrgContract,N as RemoveMemberInputModel,r as RemoveMemberContract,R as OrganizationWithRoleModel,H as OrganizationModel,v as MemberUserModel,W as MemberRemovedPayloadModel,X as MemberModel,f as ListUserOrgsOutputModel,l as ListUserOrgsContract,U as ListMembersOutputModel,I as ListMembersInputModel,n as ListMembersContract,C as InviteMemberInputModel,c as InviteMemberContract,_ as InvitationModel,P as GetOrgInputModel,u as GetOrgContract,z as CreateOrgInputModel,p as CreateOrgContract,b as AcceptInviteInputModel,m as AcceptInviteContract};