@elevasis/core 0.11.1 → 0.12.0

package/src/integrations/webhook-endpoints/api-schemas.ts

@@ -1,102 +1,103 @@
-import { z } from 'zod'
-import { UuidSchema, NonEmptyStringSchema, PaginationSchema } from '../../platform/utils/validation'
-
-/**
- * Webhook Endpoint API Validation Schemas
- *
- * HTTP request/response validation for the webhook endpoints CRUD API.
- * These schemas are browser-safe and shared between API and frontend.
- *
- * Design notes:
- * - Request schemas use `.strict()` to reject unknown fields (mass assignment prevention)
- * - Response schemas do NOT use `.strict()` (allows forward-compatible additions)
- * - Update schema requires at least one field via `.refine()`
- */
-
-/**
- * Status enum for webhook endpoints
- */
-export const WebhookEndpointStatusSchema = z.enum(['active', 'paused'])
-
-/**
- * POST /api/webhook-endpoints - Create a new webhook endpoint
- *
- * The `key` and `id` are generated server-side and not accepted in the request.
- */
-export const CreateWebhookEndpointRequestSchema = z
-  .object({
-    /** User-facing label for the endpoint */
-    name: NonEmptyStringSchema,
-    /** Target workflow resourceId to invoke on inbound requests (can be set later) */
-    resourceId: NonEmptyStringSchema.optional(),
-    /** Optional description */
-    description: z.string().optional()
-  })
-  .strict()
-
-export type CreateWebhookEndpointRequest = z.infer<typeof CreateWebhookEndpointRequestSchema>
-
-/**
- * PATCH /api/webhook-endpoints/:id - Update an existing webhook endpoint
- *
- * At least one field must be provided.
- */
-export const UpdateWebhookEndpointRequestSchema = z
-  .object({
-    name: NonEmptyStringSchema.optional(),
-    description: z.string().optional(),
-    resourceId: NonEmptyStringSchema.optional(),
-    status: WebhookEndpointStatusSchema.optional()
-  })
-  .strict()
-  .refine(
-    (data) =>
-      data.name !== undefined ||
-      data.description !== undefined ||
-      data.resourceId !== undefined ||
-      data.status !== undefined,
-    { message: 'At least one field (name, description, resourceId, or status) must be provided' }
-  )
-
-export type UpdateWebhookEndpointRequest = z.infer<typeof UpdateWebhookEndpointRequestSchema>
-
-/**
- * Response shape for a single webhook endpoint.
- * NOT strict — response schemas allow extra fields for forward compatibility.
- */
-export const WebhookEndpointResponseSchema = z.object({
-  id: UuidSchema,
-  organizationId: UuidSchema,
-  key: z.string(),
-  name: z.string(),
-  description: z.string().nullable(),
-  resourceId: z.string().nullable(),
-  status: WebhookEndpointStatusSchema,
-  lastTriggeredAt: z.string().datetime().nullable(),
-  requestCount: z.number().int().min(0),
-  createdAt: z.string().datetime(),
-  updatedAt: z.string().datetime()
-})
-
-export type WebhookEndpointResponse = z.infer<typeof WebhookEndpointResponseSchema>
-
-/**
- * GET /api/webhook-endpoints - List webhook endpoints query params
- *
- * Extends standard pagination with optional status filter.
- */
-export const ListWebhookEndpointsQuerySchema = PaginationSchema.extend({
-  status: WebhookEndpointStatusSchema.optional()
-})
-
-export type ListWebhookEndpointsQuery = z.infer<typeof ListWebhookEndpointsQuerySchema>
-
-/**
- * Named collection of all webhook endpoint schemas for route registration
- */
-export const WebhookEndpointSchemas = {
-  CreateRequest: CreateWebhookEndpointRequestSchema,
-  UpdateRequest: UpdateWebhookEndpointRequestSchema,
-  Response: WebhookEndpointResponseSchema,
-  ListQuery: ListWebhookEndpointsQuerySchema
-}
+import { z } from 'zod'
+import { UuidSchema, NonEmptyStringSchema, PaginationSchema } from '../../platform/utils/validation'
+
+/**
+ * Webhook Endpoint API Validation Schemas
+ *
+ * HTTP request/response validation for the webhook endpoints CRUD API.
+ * These schemas are browser-safe and shared between API and frontend.
+ *
+ * Design notes:
+ * - Request schemas use `.strict()` to reject unknown fields (mass assignment prevention)
+ * - Response schemas do NOT use `.strict()` (allows forward-compatible additions)
+ * - Update schema requires at least one field via `.refine()`
+ */
+
+/**
+ * Status enum for webhook endpoints
+ */
+export const WebhookEndpointStatusSchema = z.enum(['active', 'paused'])
+
+/**
+ * POST /api/webhook-endpoints - Create a new webhook endpoint
+ *
+ * The `key` and `id` are generated server-side and not accepted in the request.
+ */
+export const CreateWebhookEndpointRequestSchema = z
+  .object({
+    /** User-facing label for the endpoint */
+    name: NonEmptyStringSchema,
+    /** Target workflow resourceId to invoke on inbound requests (can be set later) */
+    resourceId: NonEmptyStringSchema.optional(),
+    /** Optional description */
+    description: z.string().optional()
+  })
+  .strict()
+
+export type CreateWebhookEndpointRequest = z.infer<typeof CreateWebhookEndpointRequestSchema>
+
+/**
+ * PATCH /api/webhook-endpoints/:id - Update an existing webhook endpoint
+ *
+ * At least one field must be provided.
+ */
+export const UpdateWebhookEndpointRequestSchema = z
+  .object({
+    name: NonEmptyStringSchema.optional(),
+    description: z.string().optional(),
+    resourceId: NonEmptyStringSchema.optional(),
+    status: WebhookEndpointStatusSchema.optional()
+  })
+  .strict()
+  .refine(
+    (data) =>
+      data.name !== undefined ||
+      data.description !== undefined ||
+      data.resourceId !== undefined ||
+      data.status !== undefined,
+    { message: 'At least one field (name, description, resourceId, or status) must be provided' }
+  )
+
+export type UpdateWebhookEndpointRequest = z.infer<typeof UpdateWebhookEndpointRequestSchema>
+
+/**
+ * Response shape for a single webhook endpoint.
+ * NOT strict — response schemas allow extra fields for forward compatibility.
+ */
+export const WebhookEndpointResponseSchema = z.object({
+  id: UuidSchema,
+  organizationId: UuidSchema,
+  key: z.string().optional(),
+  keyPrefix: z.string().nullable(),
+  name: z.string(),
+  description: z.string().nullable(),
+  resourceId: z.string().nullable(),
+  status: WebhookEndpointStatusSchema,
+  lastTriggeredAt: z.string().datetime().nullable(),
+  requestCount: z.number().int().min(0),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime()
+})
+
+export type WebhookEndpointResponse = z.infer<typeof WebhookEndpointResponseSchema>
+
+/**
+ * GET /api/webhook-endpoints - List webhook endpoints query params
+ *
+ * Extends standard pagination with optional status filter.
+ */
+export const ListWebhookEndpointsQuerySchema = PaginationSchema.extend({
+  status: WebhookEndpointStatusSchema.optional()
+})
+
+export type ListWebhookEndpointsQuery = z.infer<typeof ListWebhookEndpointsQuerySchema>
+
+/**
+ * Named collection of all webhook endpoint schemas for route registration
+ */
+export const WebhookEndpointSchemas = {
+  CreateRequest: CreateWebhookEndpointRequestSchema,
+  UpdateRequest: UpdateWebhookEndpointRequestSchema,
+  Response: WebhookEndpointResponseSchema,
+  ListQuery: ListWebhookEndpointsQuerySchema
+}

package/src/integrations/webhook-endpoints/types.ts

@@ -1,51 +1,58 @@
-/**
- * Webhook Endpoint Domain Types
- *
- * Browser-safe domain types for generic inbound webhook endpoints.
- * These are camelCase representations of the `webhook_endpoints` DB table.
- *
- * Transform from snake_case DB rows happens in the API service layer,
- * not here (per core-package.md conventions).
- */
-
-/**
- * Lifecycle status of a webhook endpoint.
- * - `active`: Endpoint accepts inbound requests and triggers the target workflow
- * - `paused`: Endpoint exists but rejects inbound requests with 404
- */
-export type WebhookEndpointStatus = 'active' | 'paused'
-
-/**
- * Generic inbound webhook endpoint domain type.
- *
- * Each endpoint gets a unique opaque URL (`/api/webhooks/inbound/:key`)
- * that maps to a target workflow resource within an organization.
- */
-export interface WebhookEndpoint {
-  /** UUID primary key */
-  id: string
-  /** Organization this endpoint belongs to */
-  organizationId: string
-  /**
-   * Unique opaque key used in the inbound URL.
-   * Format: `wh_` + 32 crypto-random hex chars (128 bits of entropy).
-   * This key IS the credential — it must be kept secret.
-   */
-  key: string
-  /** User-facing label (e.g., "Zapier → Lead Intake") */
-  name: string
-  /** Optional description for the endpoint */
-  description: string | null
-  /** Target workflow resourceId to invoke on inbound request, or null if not yet assigned */
-  resourceId: string | null
-  /** Whether the endpoint is accepting requests */
-  status: WebhookEndpointStatus
-  /** Timestamp of the most recent successful inbound request, or null */
-  lastTriggeredAt: string | null
-  /** Running total of inbound requests received */
-  requestCount: number
-  /** ISO 8601 creation timestamp */
-  createdAt: string
-  /** ISO 8601 last-updated timestamp */
-  updatedAt: string
-}
+/**
+ * Webhook Endpoint Domain Types
+ *
+ * Browser-safe domain types for generic inbound webhook endpoints.
+ * These are camelCase representations of the `webhook_endpoints` DB table.
+ *
+ * Transform from snake_case DB rows happens in the API service layer,
+ * not here (per core-package.md conventions).
+ */
+
+/**
+ * Lifecycle status of a webhook endpoint.
+ * - `active`: Endpoint accepts inbound requests and triggers the target workflow
+ * - `paused`: Endpoint exists but rejects inbound requests with 404
+ */
+export type WebhookEndpointStatus = 'active' | 'paused'
+
+/**
+ * Generic inbound webhook endpoint domain type.
+ *
+ * Each endpoint gets a unique opaque URL (`/api/webhooks/inbound/:key`)
+ * that maps to a target workflow resource within an organization.
+ */
+export interface WebhookEndpoint {
+  /** UUID primary key */
+  id: string
+  /** Organization this endpoint belongs to */
+  organizationId: string
+  /**
+   * Unique opaque key used in the inbound URL.
+   * Format: `wh_` + 32 crypto-random hex chars (128 bits of entropy).
+   * This key IS the credential — it must be kept secret.
+   * Set ONLY on the return value of `create()` — undefined on list/get/getEndpointByKey responses.
+   */
+  key?: string
+  /**
+   * First 8 characters of the plaintext key for display and grep hints.
+   * Safe to show in list views — not sufficient to reconstruct the full key.
+   * Null on legacy rows that predate the key_hash migration.
+   */
+  keyPrefix: string | null
+  /** User-facing label (e.g., "Zapier → Lead Intake") */
+  name: string
+  /** Optional description for the endpoint */
+  description: string | null
+  /** Target workflow resourceId to invoke on inbound request, or null if not yet assigned */
+  resourceId: string | null
+  /** Whether the endpoint is accepting requests */
+  status: WebhookEndpointStatus
+  /** Timestamp of the most recent successful inbound request, or null */
+  lastTriggeredAt: string | null
+  /** Running total of inbound requests received */
+  requestCount: number
+  /** ISO 8601 creation timestamp */
+  createdAt: string
+  /** ISO 8601 last-updated timestamp */
+  updatedAt: string
+}

package/src/operations/activities/api-schemas.ts

@@ -1,79 +1,80 @@
-import { z } from 'zod'
-import { NonEmptyStringSchema } from '../../platform/utils/validation'
-
-/**
- * Activity Log API Validation Schemas
- *
- * Zod schemas for Activity Log endpoints with security controls:
- * - Mass assignment prevention (.strict() mode)
- * - Size limits (title: 200 chars, description: 1000 chars)
- * - Enum validation (activityType, status)
- * - Metadata size limits (50KB)
- */
-
-// Activity type enum
-export const ActivityTypeSchema = z.enum([
-  'workflow_execution',
-  'agent_run',
-  'hitl_action',
-  'webhook_received',
-  'webhook_executed',
-  'webhook_failed',
-  'credential_change',
-  'api_key_change',
-  'deployment_change',
-  'membership_change'
-])
-
-// Activity status enum
-export const ActivityStatusSchema = z.enum(['success', 'failure', 'pending', 'approved', 'rejected', 'completed'])
-
-// Metadata schema with size limit (50KB)
-const MetadataSchema = z
-  .record(z.string(), z.unknown())
-  .refine((val) => JSON.stringify(val).length <= 50_000, 'Metadata exceeds 50KB limit')
-  .optional()
-
-// POST /api/activities - Create activity
-export const CreateActivitySchema = z
-  .object({
-    activityType: ActivityTypeSchema,
-    status: ActivityStatusSchema,
-    title: NonEmptyStringSchema.max(200),
-    description: z.string().max(1000).optional(),
-    entityType: NonEmptyStringSchema.max(100),
-    entityId: NonEmptyStringSchema.max(255),
-    entityName: z.string().max(255).optional(),
-    metadata: MetadataSchema,
-    occurredAt: z.string().datetime().optional(),
-    actorId: z.string().uuid().optional(),
-    actorType: z.enum(['user', 'system', 'api_key']).optional()
-    // NO organizationId (always from JWT/API key context)
-  })
-  .strict()
-
-// GET /api/activities/trend - Activity trend timestamps query params
-export const ActivityTrendQuerySchema = z
-  .object({
-    activityType: ActivityTypeSchema.optional(),
-    entityType: z.string().max(100).optional(),
-    entityId: z.string().max(255).optional(),
-    startDate: z.string().datetime().optional(),
-    endDate: z.string().datetime().optional()
-  })
-  .strict()
-
-// GET /api/activities - List activities query params
-export const ListActivitiesQuerySchema = z
-  .object({
-    limit: z.coerce.number().int().min(1).max(100).default(50),
-    offset: z.coerce.number().int().min(0).default(0),
-    activityType: ActivityTypeSchema.optional(),
-    entityType: z.string().max(100).optional(),
-    entityId: z.string().max(255).optional(),
-    startDate: z.string().datetime().optional(),
-    endDate: z.string().datetime().optional(),
-    status: ActivityStatusSchema.optional(),
-    search: z.string().max(200).optional()
-  })
-  .strict()
+import { z } from 'zod'
+import { NonEmptyStringSchema } from '../../platform/utils/validation'
+
+/**
+ * Activity Log API Validation Schemas
+ *
+ * Zod schemas for Activity Log endpoints with security controls:
+ * - Mass assignment prevention (.strict() mode)
+ * - Size limits (title: 200 chars, description: 1000 chars)
+ * - Enum validation (activityType, status)
+ * - Metadata size limits (50KB)
+ */
+
+// Activity type enum
+export const ActivityTypeSchema = z.enum([
+  'workflow_execution',
+  'agent_run',
+  'hitl_action',
+  'webhook_received',
+  'webhook_executed',
+  'webhook_failed',
+  'credential_change',
+  'credential_read',
+  'api_key_change',
+  'deployment_change',
+  'membership_change'
+])
+
+// Activity status enum
+export const ActivityStatusSchema = z.enum(['success', 'failure', 'pending', 'approved', 'rejected', 'completed'])
+
+// Metadata schema with size limit (50KB)
+const MetadataSchema = z
+  .record(z.string(), z.unknown())
+  .refine((val) => JSON.stringify(val).length <= 50_000, 'Metadata exceeds 50KB limit')
+  .optional()
+
+// POST /api/activities - Create activity
+export const CreateActivitySchema = z
+  .object({
+    activityType: ActivityTypeSchema,
+    status: ActivityStatusSchema,
+    title: NonEmptyStringSchema.max(200),
+    description: z.string().max(1000).optional(),
+    entityType: NonEmptyStringSchema.max(100),
+    entityId: NonEmptyStringSchema.max(255),
+    entityName: z.string().max(255).optional(),
+    metadata: MetadataSchema,
+    occurredAt: z.string().datetime().optional(),
+    actorId: z.string().uuid().optional(),
+    actorType: z.enum(['user', 'system', 'api_key']).optional()
+    // NO organizationId (always from JWT/API key context)
+  })
+  .strict()
+
+// GET /api/activities/trend - Activity trend timestamps query params
+export const ActivityTrendQuerySchema = z
+  .object({
+    activityType: ActivityTypeSchema.optional(),
+    entityType: z.string().max(100).optional(),
+    entityId: z.string().max(255).optional(),
+    startDate: z.string().datetime().optional(),
+    endDate: z.string().datetime().optional()
+  })
+  .strict()
+
+// GET /api/activities - List activities query params
+export const ListActivitiesQuerySchema = z
+  .object({
+    limit: z.coerce.number().int().min(1).max(100).default(50),
+    offset: z.coerce.number().int().min(0).default(0),
+    activityType: ActivityTypeSchema.optional(),
+    entityType: z.string().max(100).optional(),
+    entityId: z.string().max(255).optional(),
+    startDate: z.string().datetime().optional(),
+    endDate: z.string().datetime().optional(),
+    status: ActivityStatusSchema.optional(),
+    search: z.string().max(200).optional()
+  })
+  .strict()

package/src/operations/activities/types.ts

@@ -1,63 +1,64 @@
-import type { Database } from '../../supabase/database.types'
-
-export type ActivityRow = Database['public']['Tables']['activities']['Row']
-export type ActivityInsert = Database['public']['Tables']['activities']['Insert']
-
-export type ActivityType =
-  | 'workflow_execution'
-  | 'agent_run'
-  | 'hitl_action'
-  | 'webhook_received'
-  | 'webhook_executed'
-  | 'webhook_failed'
-  | 'credential_change'
-  | 'api_key_change'
-  | 'deployment_change'
-  | 'membership_change'
-
-export type ActivityStatus = 'success' | 'failure' | 'pending' | 'approved' | 'rejected' | 'completed'
-
-export interface Activity {
-  id: string
-  organizationId: string
-  activityType: ActivityType
-  status: ActivityStatus
-  title: string
-  description: string | null
-  entityType: string
-  entityId: string
-  entityName: string | null
-  metadata: Record<string, unknown> | null
-  actorId: string | null
-  actorType: string | null
-  occurredAt: Date
-  createdAt: Date
-}
-
-export interface CreateActivityParams {
-  organizationId: string
-  activityType: ActivityType
-  status: ActivityStatus
-  title: string
-  description?: string
-  entityType: string
-  entityId: string
-  entityName?: string
-  metadata?: Record<string, unknown>
-  actorId?: string
-  actorType?: string
-  occurredAt?: Date
-}
-
-export interface ListActivitiesParams {
-  organizationId: string
-  limit?: number
-  offset?: number
-  activityType?: ActivityType
-  entityType?: string
-  entityId?: string
-  startDate?: string
-  endDate?: string
-  status?: string
-  search?: string
-}
+import type { Database } from '../../supabase/database.types'
+
+export type ActivityRow = Database['public']['Tables']['activities']['Row']
+export type ActivityInsert = Database['public']['Tables']['activities']['Insert']
+
+export type ActivityType =
+  | 'workflow_execution'
+  | 'agent_run'
+  | 'hitl_action'
+  | 'webhook_received'
+  | 'webhook_executed'
+  | 'webhook_failed'
+  | 'credential_change'
+  | 'credential_read'
+  | 'api_key_change'
+  | 'deployment_change'
+  | 'membership_change'
+
+export type ActivityStatus = 'success' | 'failure' | 'pending' | 'approved' | 'rejected' | 'completed'
+
+export interface Activity {
+  id: string
+  organizationId: string
+  activityType: ActivityType
+  status: ActivityStatus
+  title: string
+  description: string | null
+  entityType: string
+  entityId: string
+  entityName: string | null
+  metadata: Record<string, unknown> | null
+  actorId: string | null
+  actorType: string | null
+  occurredAt: Date
+  createdAt: Date
+}
+
+export interface CreateActivityParams {
+  organizationId: string
+  activityType: ActivityType
+  status: ActivityStatus
+  title: string
+  description?: string
+  entityType: string
+  entityId: string
+  entityName?: string
+  metadata?: Record<string, unknown>
+  actorId?: string
+  actorType?: string
+  occurredAt?: Date
+}
+
+export interface ListActivitiesParams {
+  organizationId: string
+  limit?: number
+  offset?: number
+  activityType?: ActivityType
+  entityType?: string
+  entityId?: string
+  startDate?: string
+  endDate?: string
+  status?: string
+  search?: string
+}

package/src/organization-model/contracts.ts

@@ -11,5 +11,5 @@ export const SEO_FEATURE_ID = 'seo' as const
 
 export const SALES_PIPELINE_SURFACE_ID = 'crm.pipeline' as const
 export const PROSPECTING_LISTS_SURFACE_ID = 'lead-gen.lists' as const
-export const OPERATIONS_ORGANIZATION_GRAPH_SURFACE_ID = 'operations.organization-graph' as const
 export const OPERATIONS_COMMAND_VIEW_SURFACE_ID = 'operations.command-view' as const
+export const SETTINGS_ROLES_SURFACE_ID = 'settings.roles' as const

package/src/organization-model/defaults.ts

@@ -68,12 +68,6 @@ export const DEFAULT_ORGANIZATION_MODEL: OrganizationModel = {
       icon: 'operations',
       uiPosition: 'sidebar-primary'
     },
-    {
-      id: 'operations.graph',
-      label: 'Organization Graph',
-      enabled: true,
-      path: '/operations/organization-graph'
-    },
     {
       id: 'operations.command-view',
       label: 'Command View',
@@ -172,6 +166,12 @@ export const DEFAULT_ORGANIZATION_MODEL: OrganizationModel = {
       enabled: true,
       path: '/settings/appearance'
     },
+    {
+      id: 'settings.roles',
+      label: 'My Roles',
+      enabled: true,
+      path: '/settings/roles'
+    },
     {
       id: 'settings.organization',
       label: 'Organization',