@elevasis/core 0.31.0 → 0.33.0

package/src/auth/__tests__/access-model.test.ts

@@ -17,6 +17,12 @@ const organizationModel = {
           label: 'CRM',
           lifecycle: 'active',
           order: 10
+        },
+        'lead-gen': {
+          id: 'lead-gen',
+          label: 'Lead Gen',
+          lifecycle: 'active',
+          order: 20
         }
       }
     },
@@ -179,6 +185,31 @@ describe('checkAccess', () => {
     })
   })
 
+  it('allows Lead Gen manage only with the explicit OM System permission', () => {
+    expect(
+      checkAccess(
+        AccessKeys.leadGenManage,
+        context({
+          membership: {
+            id: 'membership-1',
+            organizationId: 'org-1',
+            effectivePermissions: ['sales.lead-gen.manage']
+          }
+        })
+      )
+    ).toEqual({
+      allowed: true,
+      restrictedBy: null,
+      reason: 'allowed'
+    })
+
+    expect(checkAccess(AccessKeys.leadGenManage, context())).toEqual({
+      allowed: false,
+      restrictedBy: 'role-permission',
+      reason: 'role-permission-denied'
+    })
+  })
+
   it('requires explicit role permissions for permission-only access keys', () => {
     expect(
       checkAccess(

package/src/auth/access-keys.ts

@@ -54,6 +54,7 @@ export const AccessKeys = {
   secretsManage: { systemPath: 'permission.secrets', action: 'manage' },
   operationsRead: { systemPath: 'permission.operations', action: DEFAULT_ACCESS_ACTION },
   operationsManage: { systemPath: 'permission.operations', action: 'manage' },
+  leadGenManage: { systemPath: 'sales.lead-gen', action: 'manage' },
   acquisitionManage: { systemPath: 'permission.acquisition', action: 'manage' },
   projectsManage: { systemPath: 'permission.projects', action: 'manage' },
   clientsManage: { systemPath: 'permission.clients', action: 'manage' },

package/src/auth/multi-tenancy/permissions.ts

@@ -32,12 +32,13 @@ export const PERMISSIONS = {
   MEMBERS_MANAGE: 'members.manage',
   ROLES_MANAGE: 'roles.manage',
   SECRETS_MANAGE: 'secrets.manage',
-  OPERATIONS_READ: 'operations.read',
-  OPERATIONS_MANAGE: 'operations.manage',
-  ACQUISITION_MANAGE: 'acquisition.manage',
-  PROJECTS_MANAGE: 'projects.manage',
-  CLIENTS_MANAGE: 'clients.manage'
-} as const
+  OPERATIONS_READ: 'operations.read',
+  OPERATIONS_MANAGE: 'operations.manage',
+  SALES_LEAD_GEN_MANAGE: 'sales.lead-gen.manage',
+  ACQUISITION_MANAGE: 'acquisition.manage',
+  PROJECTS_MANAGE: 'projects.manage',
+  CLIENTS_MANAGE: 'clients.manage'
+} as const
 
 export type PermissionKey = (typeof PERMISSIONS)[keyof typeof PERMISSIONS]
 
@@ -89,13 +90,18 @@ export const PERMISSION_CATALOG: readonly PermissionDescriptor[] = [
     description: 'View executions, sessions, schedules, and command queue',
     isOrgGrantable: true
   },
-  {
-    key: 'operations.manage',
-    description: 'Run and modify executions, sessions, schedules, queue',
-    isOrgGrantable: true
-  },
-  {
-    key: 'acquisition.manage',
+  {
+    key: 'operations.manage',
+    description: 'Run and modify executions, sessions, schedules, queue',
+    isOrgGrantable: true
+  },
+  {
+    key: 'sales.lead-gen.manage',
+    description: 'Operate Lead Gen lists and list-builder workflows',
+    isOrgGrantable: true
+  },
+  {
+    key: 'acquisition.manage',
     description:
       'Create, update, and delete acquisition records (acq_companies, acq_contacts, acq_deals, acq_lists*, acq_content*, acquisition storage files)',
     isOrgGrantable: false

package/src/organization-model/__tests__/define-domain-record.test.ts

@@ -216,45 +216,42 @@ describe.each([
     idField: 'id' as const,
     invalidOverride: { kind: 'invalid-kind' }
   }
-])(
-  'define$domain — $domain',
-  ({ domain: _domain, defineSingle, defineMultiple, valid, schema, idField, invalidOverride }) => {
-    it('defineX — validates and returns a parsed entry', () => {
-      const result = defineSingle(valid as never)
-      expect(result).toHaveProperty(idField)
-      expect((result as Record<string, unknown>)[idField]).toBe((valid as Record<string, unknown>)[idField])
-    })
+])('define$domain — $domain', ({ domain: _domain, defineSingle, defineMultiple, valid, idField, invalidOverride }) => {
+  it('defineX — validates and returns a parsed entry', () => {
+    const result = defineSingle(valid as never)
+    expect(result).toHaveProperty(idField)
+    expect((result as Record<string, unknown>)[idField]).toBe((valid as Record<string, unknown>)[idField])
+  })
 
-    it('defineX — throws ZodError on invalid input', () => {
-      const bad = { ...valid, ...invalidOverride } as never
-      expect(() => defineSingle(bad)).toThrow(z.ZodError)
-    })
+  it('defineX — throws ZodError on invalid input', () => {
+    const bad = { ...valid, ...invalidOverride } as never
+    expect(() => defineSingle(bad)).toThrow(z.ZodError)
+  })
 
-    it('defineXs — produces an id-keyed map', () => {
-      const result = defineMultiple([valid] as never[])
-      const id = (valid as Record<string, unknown>)[idField] as string
-      expect(result).toHaveProperty(id)
-      expect((result[id] as Record<string, unknown>)[idField]).toBe(id)
-    })
+  it('defineXs — produces an id-keyed map', () => {
+    const result = defineMultiple([valid] as never[])
+    const id = (valid as Record<string, unknown>)[idField] as string
+    expect(result).toHaveProperty(id)
+    expect((result[id] as Record<string, unknown>)[idField]).toBe(id)
+  })
 
-    it('defineXs — throws ZodError on invalid input', () => {
-      const bad = { ...valid, ...invalidOverride } as never
-      expect(() => defineMultiple([bad] as never[])).toThrow(z.ZodError)
-    })
+  it('defineXs — throws ZodError on invalid input', () => {
+    const bad = { ...valid, ...invalidOverride } as never
+    expect(() => defineMultiple([bad] as never[])).toThrow(z.ZodError)
+  })
 
-    it('defineXs — returns empty map for empty array', () => {
-      const result = defineMultiple([] as never[])
-      expect(result).toEqual({})
-    })
+  it('defineXs — returns empty map for empty array', () => {
+    const result = defineMultiple([] as never[])
+    expect(result).toEqual({})
+  })
 
-    it('defineXs — validates through schema (no bypass)', () => {
-      // Confirm that defineMultiple uses schema.parse, not a pass-through.
-      // Missing required fields should throw even if the object looks similar.
-      const missingRequired = { [idField]: (valid as Record<string, unknown>)[idField] } as never
-      expect(() => defineMultiple([missingRequired] as never[])).toThrow(z.ZodError)
-    })
-  }
-)
+  it('defineXs — validates through schema (no bypass)', () => {
+    // Confirm that defineMultiple uses schema.parse, not a pass-through.
+    // Missing required fields should throw even if the object looks similar.
+    const missingRequired = { [idField]: (valid as Record<string, unknown>)[idField] } as never
+    expect(() => defineMultiple([missingRequired] as never[])).toThrow(z.ZodError)
+  })
+})
 
 // ---------------------------------------------------------------------------
 // Topology — existing helpers (defineTopology, defineTopologyRelationship)

package/src/organization-model/__tests__/domains/passthrough-extensibility.test.ts

@@ -0,0 +1,199 @@
+import { describe, expect, it } from 'vitest'
+import { IdentityDomainSchema } from '../../domains/identity'
+import { resolveOrganizationModel } from '../../resolve'
+
+/**
+ * Profile-singleton domains (`branding`, `identity`) use `.passthrough()` so that
+ * tenant-authored direct properties survive `resolveOrganizationModel` instead of
+ * being silently stripped by Zod's default `.strip()`. These tests lock that
+ * behavior in and verify the broadened typed branding fields round-trip.
+ */
+describe('profile-singleton passthrough extensibility', () => {
+  it('keeps an unknown direct property on branding through resolve', () => {
+    const model = resolveOrganizationModel({
+      branding: {
+        organizationName: 'Acme',
+        productName: 'AcmeOS',
+        shortName: 'Acme',
+        // Unknown tenant-authored direct property — must survive passthrough.
+        brandVibe: 'warm'
+      } as never
+    })
+
+    expect((model.branding as Record<string, unknown>).brandVibe).toBe('warm')
+    // Known fields still resolve normally.
+    expect(model.branding.organizationName).toBe('Acme')
+  })
+
+  it('keeps an unknown direct property on identity through resolve', () => {
+    const model = resolveOrganizationModel({
+      identity: {
+        // Unknown tenant-authored direct property — must survive passthrough.
+        founderNote: 'bootstrapped'
+      } as never
+    })
+
+    expect((model.identity as Record<string, unknown>).founderNote).toBe('bootstrapped')
+    // Known identity fields still resolve from defaults.
+    expect(model.identity.timeZone).toBe('UTC')
+  })
+
+  it('parses and round-trips the broadened typed branding fields', () => {
+    const model = resolveOrganizationModel({
+      branding: {
+        organizationName: 'Acme',
+        productName: 'AcmeOS',
+        shortName: 'Acme',
+        voice: 'Direct and human — no jargon',
+        tagline: 'Automation that works while you sleep',
+        values: ['Transparency', 'Craftsmanship', 'Velocity'],
+        themePresetId: 'midnight'
+      }
+    })
+
+    expect(model.branding.voice).toBe('Direct and human — no jargon')
+    expect(model.branding.tagline).toBe('Automation that works while you sleep')
+    expect(model.branding.values).toEqual(['Transparency', 'Craftsmanship', 'Velocity'])
+    expect(model.branding.themePresetId).toBe('midnight')
+  })
+
+  it('leaves the broadened branding fields undefined when not authored', () => {
+    const model = resolveOrganizationModel()
+
+    expect(model.branding.voice).toBeUndefined()
+    expect(model.branding.tagline).toBeUndefined()
+    expect(model.branding.values).toBeUndefined()
+    expect(model.branding.themePresetId).toBeUndefined()
+  })
+})
+
+/**
+ * Names → identity: the four display-name fields (organizationName, productName,
+ * shortName, description) are now the recommended placement on `identity`. They are
+ * optional so that legacy tenants can continue to rely on `branding.*` fallbacks
+ * without breaking. These tests lock the contract: fields round-trip, are truly
+ * optional (no default), and branding fields still validate unchanged.
+ */
+describe('identity display-name fields — recommended placement (Step 5)', () => {
+  it('accepts all four name fields on identity and round-trips them through resolveOrganizationModel', () => {
+    const model = resolveOrganizationModel({
+      identity: {
+        organizationName: 'Acme Corp',
+        productName: 'AcmeOS',
+        shortName: 'Acme',
+        description: 'AI orchestration for modern teams.'
+      }
+    })
+
+    expect(model.identity.organizationName).toBe('Acme Corp')
+    expect(model.identity.productName).toBe('AcmeOS')
+    expect(model.identity.shortName).toBe('Acme')
+    expect(model.identity.description).toBe('AI orchestration for modern teams.')
+  })
+
+  it('identity name fields are optional — a model with none set still resolves, and resolved values are undefined', () => {
+    const model = resolveOrganizationModel()
+
+    expect(model.identity.organizationName).toBeUndefined()
+    expect(model.identity.productName).toBeUndefined()
+    expect(model.identity.shortName).toBeUndefined()
+    expect(model.identity.description).toBeUndefined()
+  })
+
+  it('identity name fields parse as undefined through IdentityDomainSchema directly (no defaults injected)', () => {
+    const result = IdentityDomainSchema.safeParse({})
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data.organizationName).toBeUndefined()
+      expect(result.data.productName).toBeUndefined()
+      expect(result.data.shortName).toBeUndefined()
+      expect(result.data.description).toBeUndefined()
+    }
+  })
+
+  it('identity.shortName rejects values exceeding 40 characters', () => {
+    expect(() =>
+      resolveOrganizationModel({
+        identity: { shortName: 'a'.repeat(41) } as never
+      })
+    ).toThrow()
+  })
+
+  it('identity.organizationName rejects empty string (LabelSchema min 1)', () => {
+    expect(() =>
+      resolveOrganizationModel({
+        identity: { organizationName: '' } as never
+      })
+    ).toThrow()
+  })
+
+  it('identity.description rejects empty string (DescriptionSchema min 1)', () => {
+    expect(() =>
+      resolveOrganizationModel({
+        identity: { description: '' } as never
+      })
+    ).toThrow()
+  })
+
+  it('identity name fields trim whitespace', () => {
+    const model = resolveOrganizationModel({
+      identity: {
+        organizationName: '  Acme Corp  ',
+        shortName: '  Acme  '
+      } as never
+    })
+
+    expect(model.identity.organizationName).toBe('Acme Corp')
+    expect(model.identity.shortName).toBe('Acme')
+  })
+
+  it('branding still validates with its name fields — @deprecated tags change nothing at runtime', () => {
+    const model = resolveOrganizationModel({
+      branding: {
+        organizationName: 'Legacy Org',
+        productName: 'LegacyOS',
+        shortName: 'LGO',
+        description: 'Legacy description for back-compat.'
+      }
+    })
+
+    expect(model.branding.organizationName).toBe('Legacy Org')
+    expect(model.branding.productName).toBe('LegacyOS')
+    expect(model.branding.shortName).toBe('LGO')
+    expect(model.branding.description).toBe('Legacy description for back-compat.')
+  })
+})
+
+/**
+ * The broadened branding fields are *typed*, not passthrough — their constraints
+ * are part of the published contract. These tests lock those bounds so a future
+ * edit can't silently widen/drop them, and confirm `.passthrough()` does NOT
+ * bypass validation for known fields (only unknown ones are let through).
+ */
+describe('broadened branding typed-field validation', () => {
+  it('rejects a voice longer than 280 characters', () => {
+    expect(() => resolveOrganizationModel({ branding: { voice: 'a'.repeat(281) } as never })).toThrow()
+  })
+
+  it('rejects a tagline longer than 200 characters', () => {
+    expect(() => resolveOrganizationModel({ branding: { tagline: 'a'.repeat(201) } as never })).toThrow()
+  })
+
+  it('rejects an empty-string entry in values (each entry must be non-empty)', () => {
+    expect(() => resolveOrganizationModel({ branding: { values: ['Valid', ''] } as never })).toThrow()
+  })
+
+  it('rejects a themePresetId outside the 1–64 character bounds', () => {
+    expect(() => resolveOrganizationModel({ branding: { themePresetId: '' } as never })).toThrow()
+    expect(() => resolveOrganizationModel({ branding: { themePresetId: 'a'.repeat(65) } as never })).toThrow()
+  })
+
+  it('trims whitespace on string fields', () => {
+    const model = resolveOrganizationModel({
+      branding: { voice: '  trimmed voice  ', tagline: '  trimmed tagline  ' } as never
+    })
+
+    expect(model.branding.voice).toBe('trimmed voice')
+    expect(model.branding.tagline).toBe('trimmed tagline')
+  })
+})

package/src/organization-model/domains/branding.ts

@@ -1,19 +1,61 @@
-import { z } from 'zod'
-import { DescriptionSchema, LabelSchema } from './shared'
-
-export const OrganizationModelBrandingSchema = z.object({
-  organizationName: LabelSchema,
-  productName: LabelSchema,
-  shortName: z.string().trim().min(1).max(40),
-  description: DescriptionSchema.optional(),
-  logos: z
-    .object({
-      light: z.string().trim().min(1).max(2048).optional(),
-      dark: z.string().trim().min(1).max(2048).optional()
-    })
-    .default({})
-})
-
+import { z } from 'zod'
+import { DescriptionSchema, LabelSchema } from './shared'
+
+export const OrganizationModelBrandingSchema = z
+  .object({
+    /**
+     * @deprecated Prefer `identity.organizationName`; branding retains it for back-compat.
+     * Legacy tenants that have not set `identity.organizationName` fall back to this field.
+     */
+    organizationName: LabelSchema,
+    /**
+     * @deprecated Prefer `identity.productName`; branding retains it for back-compat.
+     * Legacy tenants that have not set `identity.productName` fall back to this field.
+     */
+    productName: LabelSchema,
+    /**
+     * @deprecated Prefer `identity.shortName`; branding retains it for back-compat.
+     * Legacy tenants that have not set `identity.shortName` fall back to this field.
+     */
+    shortName: z.string().trim().min(1).max(40),
+    /**
+     * @deprecated Prefer `identity.description`; branding retains it for back-compat.
+     * Legacy tenants that have not set `identity.description` fall back to this field.
+     */
+    description: DescriptionSchema.optional(),
+    logos: z
+      .object({
+        light: z.string().trim().min(1).max(2048).optional(),
+        dark: z.string().trim().min(1).max(2048).optional()
+      })
+      .default({}),
+    /**
+     * Brand voice — how the organization communicates. Plain-language description
+     * of tone, register, and personality (e.g. "Direct and human — no jargon").
+     * Max 280 characters.
+     */
+    voice: z.string().trim().max(280).optional(),
+    /**
+     * Brand tagline or positioning statement — the memorable one-liner that
+     * captures the brand's promise or differentiator. Max 200 characters.
+     */
+    tagline: z.string().trim().max(200).optional(),
+    /**
+     * Core brand values — an ordered list of principles the organization stands
+     * for (e.g. ["Transparency", "Craftsmanship", "Velocity"]). Each entry must
+     * be a non-empty trimmed string.
+     */
+    values: z.array(z.string().trim().min(1)).optional(),
+    /**
+     * ID of the active UI theme preset from the UI theme-presets registry.
+     * The UI layer resolves this to colors and typography via `usePresetsContext()`.
+     * Free-form string — validation and fallback state are handled at the UI layer.
+     * Min 1, max 64 characters.
+     */
+    themePresetId: z.string().trim().min(1).max(64).optional()
+  })
+  .passthrough()
+
 export const DEFAULT_ORGANIZATION_MODEL_BRANDING: z.infer<typeof OrganizationModelBrandingSchema> = {
   organizationName: 'Default Organization',
   productName: 'Organization OS',