@datatechsolutions/ui 2.11.81 → 2.11.83

package/dist/astrlabe/workflow-canvas.d.mts

@@ -1,5 +1,69 @@
-import 'react/jsx-runtime';
-import 'react';
-export { j as Workspace, h as WorkspaceProps } from '../workflow-canvas-D4928AfA.mjs';
-import '@xyflow/react';
-import './contracts.mjs';
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ComponentProps } from 'react';
+import { NodeTypes } from '@xyflow/react';
+import { A as AgentWithPrompts, W as WorkflowEntityDefinition } from '../index-AioB90qq.mjs';
+import { AgentModel, WorkflowTool, AgentTool, AgentRule, WorkflowGraph, LogicNodeConfig } from './contracts.mjs';
+
+type AgentModalRenderProps = {
+    agent: AgentWithPrompts | null;
+    models: AgentModel[];
+    open: boolean;
+    isCreateMode: boolean;
+    onClose: () => void;
+    onSaved: () => void;
+};
+type LogicNodeModalRenderProps = {
+    nodeId: string | null;
+    nodeLabel: string;
+    config: LogicNodeConfig | null;
+    open: boolean;
+    onClose: () => void;
+    onSave: (nodeId: string, updatedConfig: LogicNodeConfig) => void;
+    entities: WorkflowEntityDefinition[];
+};
+type WorkflowCanvasProps = {
+    agents: AgentWithPrompts[];
+    models: AgentModel[];
+    tools?: WorkflowTool[];
+    agentTools?: AgentTool[];
+    rules?: AgentRule[];
+    entities?: WorkflowEntityDefinition[];
+    datasources?: Array<{
+        id: string;
+        name: string;
+        dialect: string;
+    }>;
+    onLoadTables?: (datasourceId: string) => Promise<string[]>;
+    onLoadSchema?: (datasourceId: string, table: string) => Promise<Array<{
+        name: string;
+        type: string;
+        nullable?: boolean;
+    }>>;
+    initialGraph?: WorkflowGraph | null;
+    onGraphChange?: (graph: WorkflowGraph) => void;
+    onEditTool?: (tool: WorkflowTool) => void;
+    onToggleTool?: (tool: WorkflowTool) => void;
+    onEditRule?: (rule: AgentRule) => void;
+    onToggleRule?: (rule: AgentRule) => void;
+    onCancelCreateAgent?: () => void;
+    onAgentSaved?: () => void;
+    isCreatingAgent?: boolean;
+    /** Custom node type components — merged with built-in edge types */
+    nodeTypes?: NodeTypes;
+    /** Optional: render the AgentModal externally (frontend provides the component) */
+    renderAgentModal?: (props: AgentModalRenderProps) => React.ReactNode;
+    /** Optional: render a custom LogicNodeModal; defaults to internal modal */
+    renderLogicNodeModal?: (props: LogicNodeModalRenderProps) => React.ReactNode;
+};
+declare function WorkflowCanvas(props: WorkflowCanvasProps): react_jsx_runtime.JSX.Element;
+
+type BuilderCanvasProps = ComponentProps<typeof WorkflowCanvas>;
+type WorkspaceProps = {
+    locale?: string;
+    messages?: Record<string, unknown>;
+    className?: string;
+    workflowId?: string;
+} & Partial<BuilderCanvasProps>;
+declare function Workspace({ locale, messages, className, workflowId, ...canvasProps }: WorkspaceProps): react_jsx_runtime.JSX.Element;
+
+export { Workspace, type WorkspaceProps };

package/dist/astrlabe/workflow-canvas.d.ts

@@ -1,5 +1,69 @@
-import 'react/jsx-runtime';
-import 'react';
-export { j as Workspace, h as WorkspaceProps } from '../workflow-canvas-NSxfr5dy.js';
-import '@xyflow/react';
-import './contracts.js';
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ComponentProps } from 'react';
+import { NodeTypes } from '@xyflow/react';
+import { A as AgentWithPrompts, W as WorkflowEntityDefinition } from '../index-D5ai0cGZ.js';
+import { AgentModel, WorkflowTool, AgentTool, AgentRule, WorkflowGraph, LogicNodeConfig } from './contracts.js';
+
+type AgentModalRenderProps = {
+    agent: AgentWithPrompts | null;
+    models: AgentModel[];
+    open: boolean;
+    isCreateMode: boolean;
+    onClose: () => void;
+    onSaved: () => void;
+};
+type LogicNodeModalRenderProps = {
+    nodeId: string | null;
+    nodeLabel: string;
+    config: LogicNodeConfig | null;
+    open: boolean;
+    onClose: () => void;
+    onSave: (nodeId: string, updatedConfig: LogicNodeConfig) => void;
+    entities: WorkflowEntityDefinition[];
+};
+type WorkflowCanvasProps = {
+    agents: AgentWithPrompts[];
+    models: AgentModel[];
+    tools?: WorkflowTool[];
+    agentTools?: AgentTool[];
+    rules?: AgentRule[];
+    entities?: WorkflowEntityDefinition[];
+    datasources?: Array<{
+        id: string;
+        name: string;
+        dialect: string;
+    }>;
+    onLoadTables?: (datasourceId: string) => Promise<string[]>;
+    onLoadSchema?: (datasourceId: string, table: string) => Promise<Array<{
+        name: string;
+        type: string;
+        nullable?: boolean;
+    }>>;
+    initialGraph?: WorkflowGraph | null;
+    onGraphChange?: (graph: WorkflowGraph) => void;
+    onEditTool?: (tool: WorkflowTool) => void;
+    onToggleTool?: (tool: WorkflowTool) => void;
+    onEditRule?: (rule: AgentRule) => void;
+    onToggleRule?: (rule: AgentRule) => void;
+    onCancelCreateAgent?: () => void;
+    onAgentSaved?: () => void;
+    isCreatingAgent?: boolean;
+    /** Custom node type components — merged with built-in edge types */
+    nodeTypes?: NodeTypes;
+    /** Optional: render the AgentModal externally (frontend provides the component) */
+    renderAgentModal?: (props: AgentModalRenderProps) => React.ReactNode;
+    /** Optional: render a custom LogicNodeModal; defaults to internal modal */
+    renderLogicNodeModal?: (props: LogicNodeModalRenderProps) => React.ReactNode;
+};
+declare function WorkflowCanvas(props: WorkflowCanvasProps): react_jsx_runtime.JSX.Element;
+
+type BuilderCanvasProps = ComponentProps<typeof WorkflowCanvas>;
+type WorkspaceProps = {
+    locale?: string;
+    messages?: Record<string, unknown>;
+    className?: string;
+    workflowId?: string;
+} & Partial<BuilderCanvasProps>;
+declare function Workspace({ locale, messages, className, workflowId, ...canvasProps }: WorkspaceProps): react_jsx_runtime.JSX.Element;
+
+export { Workspace, type WorkspaceProps };

package/dist/chunk-6PBTB5ZX.js

@@ -0,0 +1,165 @@
+"use client";
+'use strict';
+
+var common = require('@datatechsolutions/shared-domain/common');
+
+// src/platform/windsock-admin-client.ts
+var _adminClient = null;
+var _issuer = null;
+var _authFetch = fetch;
+function setWindsockAdminClient(client, issuer, authFetch) {
+  _adminClient = client;
+  _issuer = issuer.replace(/\/$/, "");
+  _authFetch = authFetch;
+}
+function requireClient() {
+  if (!_adminClient) {
+    throw new Error("Windsock admin client not initialized \u2014 did providers mount?");
+  }
+  return _adminClient;
+}
+async function listUsers(params) {
+  return requireClient().listUsers(params);
+}
+async function createUser(data) {
+  return requireClient().createUser(data);
+}
+async function updateUser(userId, data) {
+  return requireClient().updateUser(userId, data);
+}
+async function deleteUser(userId) {
+  return requireClient().deleteUser(userId);
+}
+async function resetUserPassword(userId, password) {
+  return requireClient().resetUserPassword(userId, password);
+}
+async function listOrganizations() {
+  return requireClient().listOrganizations();
+}
+async function createOrganization(data) {
+  return requireClient().createOrganization(data);
+}
+async function updateOrganization(organizationId, data) {
+  return requireClient().updateOrganization(organizationId, data);
+}
+async function deleteOrganization(organizationId) {
+  return requireClient().deleteOrganization(organizationId);
+}
+async function listOrganizationMembers(organizationId) {
+  return requireClient().listOrganizationMembers(organizationId);
+}
+async function addOrganizationMember(organizationId, userId, role) {
+  return requireClient().addOrganizationMember(organizationId, userId, role);
+}
+async function removeOrganizationMember(organizationId, userId) {
+  return requireClient().removeOrganizationMember(organizationId, userId);
+}
+async function listOrganizationInvitations(organizationId) {
+  return requireClient().listOrganizationInvitations(organizationId);
+}
+async function createOrganizationInvitation(organizationId, data) {
+  return requireClient().createOrganizationInvitation(organizationId, data);
+}
+async function listOrganizationDomains(organizationId) {
+  return requireClient().listOrganizationDomains(organizationId);
+}
+async function addOrganizationDomain(organizationId, domain) {
+  return requireClient().addOrganizationDomain(organizationId, domain);
+}
+async function verifyOrganizationDomain(organizationId, domain) {
+  return requireClient().verifyOrganizationDomain(organizationId, domain);
+}
+async function listPermissions() {
+  return requireClient().listPermissions();
+}
+async function createPermission(data) {
+  return requireClient().createPermission(data);
+}
+async function updatePermission(permissionId, data) {
+  return requireClient().updatePermission(permissionId, data);
+}
+async function deletePermission(permissionId) {
+  return requireClient().deletePermission(permissionId);
+}
+async function getUserPermissions(userId) {
+  return requireClient().getUserPermissions(userId);
+}
+async function setUserPermissions(userId, permissionIds) {
+  return requireClient().setUserPermissions(userId, permissionIds);
+}
+async function secretsRequest(path, init) {
+  if (!_issuer) throw new Error("Windsock issuer not initialized");
+  const response = await _authFetch(`${_issuer}${path}`, {
+    ...init,
+    credentials: init?.credentials ?? "include",
+    headers: {
+      "Content-Type": "application/json",
+      ...init?.headers
+    }
+  });
+  if (response.status === 204) return void 0;
+  const payload = await response.json().catch(() => null);
+  if (!response.ok) {
+    const message = payload?.message ?? payload?.error ?? `HTTP ${response.status}: ${response.statusText}`;
+    throw new common.HttpResponseError(message, response.status);
+  }
+  if (payload && typeof payload === "object" && "success" in payload && payload.success && "data" in payload) {
+    return payload.data;
+  }
+  return payload;
+}
+async function listSecrets(organizationId) {
+  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets`);
+}
+async function getSecret(organizationId, secretId) {
+  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`);
+}
+async function createSecret(organizationId, input) {
+  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets`, {
+    method: "POST",
+    body: JSON.stringify(input)
+  });
+}
+async function rotateSecret(organizationId, secretId, input) {
+  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`, {
+    method: "PATCH",
+    body: JSON.stringify(input)
+  });
+}
+async function disableSecret(organizationId, secretId) {
+  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`, {
+    method: "DELETE"
+  });
+}
+
+exports.addOrganizationDomain = addOrganizationDomain;
+exports.addOrganizationMember = addOrganizationMember;
+exports.createOrganization = createOrganization;
+exports.createOrganizationInvitation = createOrganizationInvitation;
+exports.createPermission = createPermission;
+exports.createSecret = createSecret;
+exports.createUser = createUser;
+exports.deleteOrganization = deleteOrganization;
+exports.deletePermission = deletePermission;
+exports.deleteUser = deleteUser;
+exports.disableSecret = disableSecret;
+exports.getSecret = getSecret;
+exports.getUserPermissions = getUserPermissions;
+exports.listOrganizationDomains = listOrganizationDomains;
+exports.listOrganizationInvitations = listOrganizationInvitations;
+exports.listOrganizationMembers = listOrganizationMembers;
+exports.listOrganizations = listOrganizations;
+exports.listPermissions = listPermissions;
+exports.listSecrets = listSecrets;
+exports.listUsers = listUsers;
+exports.removeOrganizationMember = removeOrganizationMember;
+exports.resetUserPassword = resetUserPassword;
+exports.rotateSecret = rotateSecret;
+exports.setUserPermissions = setUserPermissions;
+exports.setWindsockAdminClient = setWindsockAdminClient;
+exports.updateOrganization = updateOrganization;
+exports.updatePermission = updatePermission;
+exports.updateUser = updateUser;
+exports.verifyOrganizationDomain = verifyOrganizationDomain;
+//# sourceMappingURL=chunk-6PBTB5ZX.js.map
+//# sourceMappingURL=chunk-6PBTB5ZX.js.map

package/dist/chunk-6PBTB5ZX.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/platform/windsock-admin-client.ts"],"names":["HttpResponseError"],"mappings":";;;;;AAqBA,IAAI,YAAA,GAAmC,IAAA;AACvC,IAAI,OAAA,GAAyB,IAAA;AAC7B,IAAI,UAAA,GAA2B,KAAA;AAExB,SAAS,sBAAA,CAAuB,MAAA,EAAqB,MAAA,EAAgB,SAAA,EAA+B;AACzG,EAAA,YAAA,GAAe,MAAA;AACf,EAAA,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AAClC,EAAA,UAAA,GAAa,SAAA;AACf;AAEA,SAAS,aAAA,GAA6B;AACpC,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,MAAM,IAAI,MAAM,mEAA8D,CAAA;AAAA,EAChF;AACA,EAAA,OAAO,YAAA;AACT;AAGA,eAAsB,UAAU,MAAA,EAAsE;AACpG,EAAA,OAAO,aAAA,EAAc,CAAE,SAAA,CAAU,MAAM,CAAA;AACzC;AACA,eAAsB,WAAW,IAAA,EAAuD;AACtF,EAAA,OAAO,aAAA,EAAc,CAAE,UAAA,CAAW,IAAI,CAAA;AACxC;AACA,eAAsB,UAAA,CAAW,QAAgB,IAAA,EAA2C;AAC1F,EAAA,OAAO,aAAA,EAAc,CAAE,UAAA,CAAW,MAAA,EAAQ,IAAI,CAAA;AAChD;AACA,eAAsB,WAAW,MAAA,EAA+B;AAC9D,EAAA,OAAO,aAAA,EAAc,CAAE,UAAA,CAAW,MAAM,CAAA;AAC1C;AACA,eAAsB,iBAAA,CAAkB,QAAgB,QAAA,EAAiC;AACvF,EAAA,OAAO,aAAA,EAAc,CAAE,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAC3D;AAGA,eAAsB,iBAAA,GAAiD;AACrE,EAAA,OAAO,aAAA,GAAgB,iBAAA,EAAkB;AAC3C;AACA,eAAsB,mBAAmB,IAAA,EAA+D;AACtG,EAAA,OAAO,aAAA,EAAc,CAAE,kBAAA,CAAmB,IAAI,CAAA;AAChD;AACA,eAAsB,kBAAA,CAAmB,gBAAwB,IAAA,EAA+D;AAC9H,EAAA,OAAO,aAAA,EAAc,CAAE,kBAAA,CAAmB,cAAA,EAAgB,IAAI,CAAA;AAChE;AACA,eAAsB,mBAAmB,cAAA,EAAuC;AAC9E,EAAA,OAAO,aAAA,EAAc,CAAE,kBAAA,CAAmB,cAAc,CAAA;AAC1D;AAGA,eAAsB,wBAAwB,cAAA,EAA4D;AACxG,EAAA,OAAO,aAAA,EAAc,CAAE,uBAAA,CAAwB,cAAc,CAAA;AAC/D;AACA,eAAsB,qBAAA,CAAsB,cAAA,EAAwB,MAAA,EAAgB,IAAA,EAA4C;AAC9H,EAAA,OAAO,aAAA,EAAc,CAAE,qBAAA,CAAsB,cAAA,EAAgB,QAAQ,IAAI,CAAA;AAC3E;AACA,eAAsB,wBAAA,CAAyB,gBAAwB,MAAA,EAA+B;AACpG,EAAA,OAAO,aAAA,EAAc,CAAE,wBAAA,CAAyB,cAAA,EAAgB,MAAM,CAAA;AACxE;AAGA,eAAsB,4BAA4B,cAAA,EAA+D;AAC/G,EAAA,OAAO,aAAA,EAAc,CAAE,2BAAA,CAA4B,cAAc,CAAA;AACnE;AACA,eAAsB,4BAAA,CAA6B,gBAAwB,IAAA,EAAiD;AAC1H,EAAA,OAAO,aAAA,EAAc,CAAE,4BAAA,CAA6B,cAAA,EAAgB,IAAI,CAAA;AAC1E;AAGA,eAAsB,wBAAwB,cAAA,EAA2D;AACvG,EAAA,OAAO,aAAA,EAAc,CAAE,uBAAA,CAAwB,cAAc,CAAA;AAC/D;AACA,eAAsB,qBAAA,CAAsB,gBAAwB,MAAA,EAAiD;AACnH,EAAA,OAAO,aAAA,EAAc,CAAE,qBAAA,CAAsB,cAAA,EAAgB,MAAM,CAAA;AACrE;AACA,eAAsB,wBAAA,CAAyB,gBAAwB,MAAA,EAA+B;AACpG,EAAA,OAAO,aAAA,EAAc,CAAE,wBAAA,CAAyB,cAAA,EAAgB,MAAM,CAAA;AACxE;AAGA,eAAsB,eAAA,GAA8C;AAClE,EAAA,OAAO,aAAA,GAAgB,eAAA,EAAgB;AACzC;AACA,eAAsB,iBAAiB,IAAA,EAA4D;AACjG,EAAA,OAAO,aAAA,EAAc,CAAE,gBAAA,CAAiB,IAAI,CAAA;AAC9C;AACA,eAAsB,gBAAA,CAAiB,cAAsB,IAAA,EAAiD;AAC5G,EAAA,OAAO,aAAA,EAAc,CAAE,gBAAA,CAAiB,YAAA,EAAc,IAAI,CAAA;AAC5D;AACA,eAAsB,iBAAiB,YAAA,EAAqC;AAC1E,EAAA,OAAO,aAAA,EAAc,CAAE,gBAAA,CAAiB,YAAY,CAAA;AACtD;AACA,eAAsB,mBAAmB,MAAA,EAA4C;AACnF,EAAA,OAAO,aAAA,EAAc,CAAE,kBAAA,CAAmB,MAAM,CAAA;AAClD;AACA,eAAsB,kBAAA,CAAmB,QAAgB,aAAA,EAAwC;AAC/F,EAAA,OAAO,aAAA,EAAc,CAAE,kBAAA,CAAmB,MAAA,EAAQ,aAAa,CAAA;AACjE;AAgCA,eAAe,cAAA,CAAkB,MAAc,IAAA,EAAgC;AAC7E,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAC/D,EAAA,MAAM,WAAW,MAAM,UAAA,CAAW,GAAG,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,IACrD,GAAG,IAAA;AAAA,IACH,WAAA,EAAa,MAAM,WAAA,IAAe,SAAA;AAAA,IAClC,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAI,IAAA,EAAM;AAAA;AACZ,GACD,CAAA;AACD,EAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,EAAK,OAAO,MAAA;AACpC,EAAA,MAAM,UAAU,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,IAAI,CAAA;AACtD,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,OAAA,GAAW,OAAA,EAAkD,OAAA,IAC7D,OAAA,EAAgC,KAAA,IACjC,QAAQ,QAAA,CAAS,MAAM,CAAA,EAAA,EAAK,QAAA,CAAS,UAAU,CAAA,CAAA;AACpD,IAAA,MAAM,IAAIA,wBAAA,CAAkB,OAAA,EAAS,QAAA,CAAS,MAAM,CAAA;AAAA,EACtD;AACA,EAAA,IAAI,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,IAAY,aAAa,OAAA,IAAY,OAAA,CAAiC,OAAA,IAAW,MAAA,IAAU,OAAA,EAAS;AACpI,IAAA,OAAQ,OAAA,CAAwB,IAAA;AAAA,EAClC;AACA,EAAA,OAAO,OAAA;AACT;AAEA,eAAsB,YAAY,cAAA,EAAkD;AAClF,EAAA,OAAO,cAAA,CAAe,CAAA,eAAA,EAAkB,kBAAA,CAAmB,cAAc,CAAC,CAAA,QAAA,CAAU,CAAA;AACtF;AAEA,eAAsB,SAAA,CAAU,gBAAwB,QAAA,EAAyC;AAC/F,EAAA,OAAO,cAAA,CAAe,kBAAkB,kBAAA,CAAmB,cAAc,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,QAAQ,CAAC,CAAA,CAAE,CAAA;AACtH;AAEA,eAAsB,YAAA,CAAa,gBAAwB,KAAA,EAAkD;AAC3G,EAAA,OAAO,cAAA,CAAe,CAAA,eAAA,EAAkB,kBAAA,CAAmB,cAAc,CAAC,CAAA,QAAA,CAAA,EAAY;AAAA,IACpF,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK;AAAA,GAC3B,CAAA;AACH;AAEA,eAAsB,YAAA,CAAa,cAAA,EAAwB,QAAA,EAAkB,KAAA,EAAkD;AAC7H,EAAA,OAAO,cAAA,CAAe,kBAAkB,kBAAA,CAAmB,cAAc,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,QAAQ,CAAC,CAAA,CAAA,EAAI;AAAA,IACpH,MAAA,EAAQ,OAAA;AAAA,IACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK;AAAA,GAC3B,CAAA;AACH;AAEA,eAAsB,aAAA,CAAc,gBAAwB,QAAA,EAAiC;AAC3F,EAAA,OAAO,cAAA,CAAe,kBAAkB,kBAAA,CAAmB,cAAc,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,QAAQ,CAAC,CAAA,CAAA,EAAI;AAAA,IACpH,MAAA,EAAQ;AAAA,GACT,CAAA;AACH","file":"chunk-6PBTB5ZX.js","sourcesContent":["import type {\n  AdminClient,\n  AdminUserSummary,\n  AdminListParams,\n  AdminListResult,\n  AdminCreateUserInput,\n  AdminUpdateUserInput,\n  AdminCreateOrganizationInput,\n  AdminUpdateOrganizationInput,\n  AdminOrganizationMember,\n  AdminCreatePermissionInput,\n  AdminUpdatePermissionInput,\n  AdminCreateInvitationInput,\n  AdminPermission,\n  AuthOrganization,\n  AuthOrganizationDomain,\n  AuthOrganizationInvitation,\n  AuthOrganizationRole,\n} from '@datatechsolutions/shared-domain'\nimport { HttpResponseError } from '@datatechsolutions/shared-domain/common'\n\nlet _adminClient: AdminClient | null = null\nlet _issuer: string | null = null\nlet _authFetch: typeof fetch = fetch\n\nexport function setWindsockAdminClient(client: AdminClient, issuer: string, authFetch: typeof fetch): void {\n  _adminClient = client\n  _issuer = issuer.replace(/\\/$/, '')\n  _authFetch = authFetch\n}\n\nfunction requireClient(): AdminClient {\n  if (!_adminClient) {\n    throw new Error('Windsock admin client not initialized — did providers mount?')\n  }\n  return _adminClient\n}\n\n// ── Users ──────────────────────────────────────────────────────────────────\nexport async function listUsers(params?: AdminListParams): Promise<AdminListResult<AdminUserSummary>> {\n  return requireClient().listUsers(params)\n}\nexport async function createUser(data: AdminCreateUserInput): Promise<AdminUserSummary> {\n  return requireClient().createUser(data)\n}\nexport async function updateUser(userId: string, data: AdminUpdateUserInput): Promise<void> {\n  return requireClient().updateUser(userId, data)\n}\nexport async function deleteUser(userId: string): Promise<void> {\n  return requireClient().deleteUser(userId)\n}\nexport async function resetUserPassword(userId: string, password: string): Promise<void> {\n  return requireClient().resetUserPassword(userId, password)\n}\n\n// ── Organizations ──────────────────────────────────────────────────────────\nexport async function listOrganizations(): Promise<AuthOrganization[]> {\n  return requireClient().listOrganizations()\n}\nexport async function createOrganization(data: AdminCreateOrganizationInput): Promise<AuthOrganization> {\n  return requireClient().createOrganization(data)\n}\nexport async function updateOrganization(organizationId: string, data: AdminUpdateOrganizationInput): Promise<AuthOrganization> {\n  return requireClient().updateOrganization(organizationId, data)\n}\nexport async function deleteOrganization(organizationId: string): Promise<void> {\n  return requireClient().deleteOrganization(organizationId)\n}\n\n// ── Organization Members ───────────────────────────────────────────────────\nexport async function listOrganizationMembers(organizationId: string): Promise<AdminOrganizationMember[]> {\n  return requireClient().listOrganizationMembers(organizationId)\n}\nexport async function addOrganizationMember(organizationId: string, userId: string, role?: AuthOrganizationRole): Promise<void> {\n  return requireClient().addOrganizationMember(organizationId, userId, role)\n}\nexport async function removeOrganizationMember(organizationId: string, userId: string): Promise<void> {\n  return requireClient().removeOrganizationMember(organizationId, userId)\n}\n\n// ── Organization Invitations ───────────────────────────────────────────────\nexport async function listOrganizationInvitations(organizationId: string): Promise<AuthOrganizationInvitation[]> {\n  return requireClient().listOrganizationInvitations(organizationId)\n}\nexport async function createOrganizationInvitation(organizationId: string, data: AdminCreateInvitationInput): Promise<void> {\n  return requireClient().createOrganizationInvitation(organizationId, data)\n}\n\n// ── Organization Domains ───────────────────────────────────────────────────\nexport async function listOrganizationDomains(organizationId: string): Promise<AuthOrganizationDomain[]> {\n  return requireClient().listOrganizationDomains(organizationId)\n}\nexport async function addOrganizationDomain(organizationId: string, domain: string): Promise<AuthOrganizationDomain> {\n  return requireClient().addOrganizationDomain(organizationId, domain)\n}\nexport async function verifyOrganizationDomain(organizationId: string, domain: string): Promise<void> {\n  return requireClient().verifyOrganizationDomain(organizationId, domain)\n}\n\n// ── Permissions ────────────────────────────────────────────────────────────\nexport async function listPermissions(): Promise<AdminPermission[]> {\n  return requireClient().listPermissions()\n}\nexport async function createPermission(data: AdminCreatePermissionInput): Promise<AdminPermission> {\n  return requireClient().createPermission(data)\n}\nexport async function updatePermission(permissionId: string, data: AdminUpdatePermissionInput): Promise<void> {\n  return requireClient().updatePermission(permissionId, data)\n}\nexport async function deletePermission(permissionId: string): Promise<void> {\n  return requireClient().deletePermission(permissionId)\n}\nexport async function getUserPermissions(userId: string): Promise<AdminPermission[]> {\n  return requireClient().getUserPermissions(userId)\n}\nexport async function setUserPermissions(userId: string, permissionIds: string[]): Promise<void> {\n  return requireClient().setUserPermissions(userId, permissionIds)\n}\n\n// ── Secrets (not in AdminClient SDK — windsock_org_secrets handler) ────────\n\nexport type SecretSummary = {\n  secretId: string\n  name: string\n  secretType: string\n  description: string | null\n  expiresAt: string | null\n  createdAt: string\n  updatedAt: string\n  disabled: boolean\n}\n\nexport type SecretDetail = SecretSummary & {\n  value?: string\n}\n\nexport type CreateSecretInput = {\n  name: string\n  value: string\n  secretType?: string\n  description?: string\n  leaseTtlSeconds?: number\n}\n\nexport type UpdateSecretInput = {\n  value: string\n  leaseTtlSeconds?: number\n}\n\nasync function secretsRequest<T>(path: string, init?: RequestInit): Promise<T> {\n  if (!_issuer) throw new Error('Windsock issuer not initialized')\n  const response = await _authFetch(`${_issuer}${path}`, {\n    ...init,\n    credentials: init?.credentials ?? 'include',\n    headers: {\n      'Content-Type': 'application/json',\n      ...(init?.headers as Record<string, string> | undefined),\n    },\n  })\n  if (response.status === 204) return undefined as T\n  const payload = await response.json().catch(() => null)\n  if (!response.ok) {\n    const message = (payload as { error?: string; message?: string })?.message\n      ?? (payload as { error?: string })?.error\n      ?? `HTTP ${response.status}: ${response.statusText}`\n    throw new HttpResponseError(message, response.status)\n  }\n  if (payload && typeof payload === 'object' && 'success' in payload && (payload as { success: boolean }).success && 'data' in payload) {\n    return (payload as { data: T }).data\n  }\n  return payload as T\n}\n\nexport async function listSecrets(organizationId: string): Promise<SecretSummary[]> {\n  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets`)\n}\n\nexport async function getSecret(organizationId: string, secretId: string): Promise<SecretDetail> {\n  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`)\n}\n\nexport async function createSecret(organizationId: string, input: CreateSecretInput): Promise<SecretSummary> {\n  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets`, {\n    method: 'POST',\n    body: JSON.stringify(input),\n  })\n}\n\nexport async function rotateSecret(organizationId: string, secretId: string, input: UpdateSecretInput): Promise<SecretSummary> {\n  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`, {\n    method: 'PATCH',\n    body: JSON.stringify(input),\n  })\n}\n\nexport async function disableSecret(organizationId: string, secretId: string): Promise<void> {\n  return secretsRequest(`/organizations/${encodeURIComponent(organizationId)}/secrets/${encodeURIComponent(secretId)}`, {\n    method: 'DELETE',\n  })\n}\n"]}

package/dist/chunk-HZ4LOVHM.js

@@ -0,0 +1,46 @@
+"use client";
+'use strict';
+
+// src/platform/rbac.ts
+function matchPermission(pattern, target) {
+  if (pattern === "*") return true;
+  if (pattern === target) return true;
+  const patternParts = pattern.split(":");
+  const targetParts = target.split(":");
+  for (let i = 0; i < patternParts.length; i++) {
+    if (patternParts[i] === "*") return true;
+    if (patternParts[i] !== targetParts[i]) return false;
+  }
+  return patternParts.length === targetParts.length;
+}
+function createPlatformRbac(opts) {
+  const ROLE_DEFINITIONS = opts.roles;
+  const MODULE_PERMISSIONS = opts.modulePermissions ?? {};
+  const PERMISSION_CLAIMS_MAP = opts.permissionClaimsMap;
+  const knownRoles = Object.keys(ROLE_DEFINITIONS);
+  const fallbackRole = opts.defaultRole ?? knownRoles[0];
+  function normalizePlatformRole(input) {
+    if (typeof input === "string" && input in ROLE_DEFINITIONS) {
+      return input;
+    }
+    return fallbackRole;
+  }
+  function can(user, permission) {
+    if (!user) return false;
+    const userClaims = user.permissions ?? [];
+    const requiredClaims = PERMISSION_CLAIMS_MAP[permission] ?? [];
+    return requiredClaims.some(
+      (claim) => userClaims.some((userClaim) => matchPermission(userClaim, claim))
+    );
+  }
+  return {
+    ROLE_DEFINITIONS,
+    MODULE_PERMISSIONS,
+    normalizePlatformRole,
+    can
+  };
+}
+
+exports.createPlatformRbac = createPlatformRbac;
+//# sourceMappingURL=chunk-HZ4LOVHM.js.map
+//# sourceMappingURL=chunk-HZ4LOVHM.js.map

package/dist/chunk-HZ4LOVHM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/platform/rbac.ts"],"names":[],"mappings":";;;AAiDA,SAAS,eAAA,CAAgB,SAAiB,MAAA,EAAyB;AACjE,EAAA,IAAI,OAAA,KAAY,KAAK,OAAO,IAAA;AAC5B,EAAA,IAAI,OAAA,KAAY,QAAQ,OAAO,IAAA;AAC/B,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AACtC,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,YAAA,CAAa,QAAQ,CAAA,EAAA,EAAK;AAC5C,IAAA,IAAI,YAAA,CAAa,CAAC,CAAA,KAAM,GAAA,EAAK,OAAO,IAAA;AACpC,IAAA,IAAI,aAAa,CAAC,CAAA,KAAM,WAAA,CAAY,CAAC,GAAG,OAAO,KAAA;AAAA,EACjD;AACA,EAAA,OAAO,YAAA,CAAa,WAAW,WAAA,CAAY,MAAA;AAC7C;AAEO,SAAS,mBAGd,IAAA,EAAuF;AACvF,EAAA,MAAM,mBAAmB,IAAA,CAAK,KAAA;AAC9B,EAAA,MAAM,kBAAA,GAAqB,IAAA,CAAK,iBAAA,IAAsB,EAAC;AACvD,EAAA,MAAM,wBAAwB,IAAA,CAAK,mBAAA;AAInC,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,gBAAgB,CAAA;AAC/C,EAAA,MAAM,YAAA,GAAsB,IAAA,CAAK,WAAA,IAAgB,UAAA,CAAW,CAAC,CAAA;AAE7D,EAAA,SAAS,sBAAsB,KAAA,EAAuB;AACpD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAa,KAAA,IAAmB,gBAAA,EAAkB;AACrE,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,YAAA;AAAA,EACT;AAEA,EAAA,SAAS,GAAA,CAAI,MAAuB,UAAA,EAAkC;AACpE,IAAA,IAAI,CAAC,MAAM,OAAO,KAAA;AAClB,IAAA,MAAM,UAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AAEzC,IAAA,MAAM,cAAA,GAAiB,qBAAA,CAAsB,UAAU,CAAA,IAAK,EAAC;AAC7D,IAAA,OAAO,cAAA,CAAe,IAAA;AAAA,MAAK,CAAC,UAC1B,UAAA,CAAW,IAAA,CAAK,CAAC,SAAA,KAAc,eAAA,CAAgB,SAAA,EAAW,KAAK,CAAC;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,qBAAA;AAAA,IACA;AAAA,GACF;AACF","file":"chunk-HZ4LOVHM.js","sourcesContent":["import type { AuthUser } from '@datatechsolutions/windsock/client'\n\n/**\n * Generic role-based access factory shared across platform apps (astrlabe,\n * kori-erp, etc). Each app instantiates this with its own role + permission\n * unions and seed-claim mapping. The factory closes over the config and\n * exports `ROLE_DEFINITIONS`, `MODULE_PERMISSIONS`, `normalizePlatformRole`,\n * and `can()` — the same surface the per-app file used to expose.\n *\n * The factory deliberately does not hardcode any specific role enum here —\n * astrlabe, kori-erp, and future apps each pick their own union (admin,\n * manager, analyst, viewer, …) and pass the role definitions in.\n */\n\nexport type PlatformRoleDefinition<TRole extends string> = {\n  id: TRole\n  label: string\n  description: string\n}\n\nexport type CreatePlatformRbacOptions<\n  TRole extends string,\n  TPermission extends string,\n> = {\n  /** Definitions for every role the app supports (id/label/description). */\n  roles: Record<TRole, PlatformRoleDefinition<TRole>>\n  /**\n   * Maps each app-level permission to one or more JWT permission claim\n   * strings. `can()` returns true when ANY of the listed claims (using\n   * wildcard matching) is present in the user's JWT permissions.\n   */\n  permissionClaimsMap: Record<TPermission, readonly string[]>\n  /** Optional map from navigation/module IDs to required permissions. */\n  modulePermissions?: Record<string, TPermission>\n  /** Role to fall back to when an unknown role string comes in. */\n  defaultRole?: TRole\n}\n\nexport type PlatformRbac<TRole extends string, TPermission extends string> = {\n  ROLE_DEFINITIONS: Record<TRole, PlatformRoleDefinition<TRole>>\n  MODULE_PERMISSIONS: Record<string, TPermission>\n  normalizePlatformRole: (input: unknown) => TRole\n  can: (user: AuthUser | null, permission: TPermission) => boolean\n}\n\n/**\n * Match a permission string against a pattern (supports wildcards).\n * Same logic as windsock's usePermissionChecker.\n */\nfunction matchPermission(pattern: string, target: string): boolean {\n  if (pattern === '*') return true\n  if (pattern === target) return true\n  const patternParts = pattern.split(':')\n  const targetParts = target.split(':')\n  for (let i = 0; i < patternParts.length; i++) {\n    if (patternParts[i] === '*') return true\n    if (patternParts[i] !== targetParts[i]) return false\n  }\n  return patternParts.length === targetParts.length\n}\n\nexport function createPlatformRbac<\n  TRole extends string,\n  TPermission extends string,\n>(opts: CreatePlatformRbacOptions<TRole, TPermission>): PlatformRbac<TRole, TPermission> {\n  const ROLE_DEFINITIONS = opts.roles\n  const MODULE_PERMISSIONS = opts.modulePermissions ?? ({} as Record<string, TPermission>)\n  const PERMISSION_CLAIMS_MAP = opts.permissionClaimsMap\n\n  // Pick the fallback role: explicit `defaultRole` first, then the first\n  // entry in the roles map. We assume there's at least one role.\n  const knownRoles = Object.keys(ROLE_DEFINITIONS) as TRole[]\n  const fallbackRole: TRole = opts.defaultRole ?? (knownRoles[0] as TRole)\n\n  function normalizePlatformRole(input: unknown): TRole {\n    if (typeof input === 'string' && (input as TRole) in ROLE_DEFINITIONS) {\n      return input as TRole\n    }\n    return fallbackRole\n  }\n\n  function can(user: AuthUser | null, permission: TPermission): boolean {\n    if (!user) return false\n    const userClaims = (user.permissions ?? []) as string[]\n\n    const requiredClaims = PERMISSION_CLAIMS_MAP[permission] ?? []\n    return requiredClaims.some((claim) =>\n      userClaims.some((userClaim) => matchPermission(userClaim, claim))\n    )\n  }\n\n  return {\n    ROLE_DEFINITIONS,\n    MODULE_PERMISSIONS,\n    normalizePlatformRole,\n    can,\n  }\n}\n"]}