@elevasis/ui 2.41.0 → 2.42.0

package/dist/chunk-56O7QQE7.js

@@ -1,356 +0,0 @@
-import { InitializationContext } from './chunk-6DO4PE3O.js';
-import { useOptionalElevasisSystems, DEFAULT_ORGANIZATION_MODEL } from './chunk-FIMGOWOT.js';
-import { OrganizationContext } from './chunk-DD3CCMCZ.js';
-import { STALE_TIME_DEFAULT } from './chunk-6ROXVZ3L.js';
-import { listAllSystems, getSystem } from './chunk-RH5VWWSC.js';
-import { ElevasisServiceContext } from './chunk-2FTX4WO2.js';
-import { useContext, useMemo } from 'react';
-import { useQuery } from '@tanstack/react-query';
-import { z } from 'zod';
-
-// ../core/src/auth/multi-tenancy/permissions.ts
-var PERMISSIONS = {
-  ORG_READ: "org.read",
-  ORG_MANAGE: "org.manage",
-  ORG_DELETE: "org.delete",
-  MEMBERS_MANAGE: "members.manage",
-  ROLES_MANAGE: "roles.manage",
-  SECRETS_MANAGE: "secrets.manage",
-  OPERATIONS_READ: "operations.read",
-  OPERATIONS_MANAGE: "operations.manage",
-  SALES_LEAD_GEN_MANAGE: "sales.lead-gen.manage",
-  ACQUISITION_MANAGE: "acquisition.manage",
-  PROJECTS_MANAGE: "projects.manage",
-  CLIENTS_MANAGE: "clients.manage"
-};
-var PERMISSION_CATALOG = [
-  {
-    key: "org.read",
-    description: "Read organization profile and listings",
-    isOrgGrantable: true
-  },
-  {
-    key: "org.manage",
-    description: "Update organization settings",
-    isOrgGrantable: false
-  },
-  {
-    key: "org.delete",
-    description: "Delete the organization (owner-only)",
-    isOrgGrantable: false
-  },
-  {
-    key: "members.manage",
-    description: "Invite, remove, and reassign roles for members",
-    isOrgGrantable: false
-  },
-  {
-    key: "roles.manage",
-    description: "Grant or revoke privileged system roles (owner, admin) within the organization",
-    isOrgGrantable: false
-  },
-  {
-    key: "secrets.manage",
-    description: "Create, update, and delete API keys and credentials",
-    isOrgGrantable: false
-  },
-  {
-    key: "operations.read",
-    description: "View executions, sessions, schedules, and command queue",
-    isOrgGrantable: true
-  },
-  {
-    key: "operations.manage",
-    description: "Run and modify executions, sessions, schedules, queue",
-    isOrgGrantable: true
-  },
-  {
-    key: "sales.lead-gen.manage",
-    description: "Operate Lead Gen lists and list-builder workflows",
-    isOrgGrantable: true
-  },
-  {
-    key: "acquisition.manage",
-    description: "Create, update, and delete acquisition records (acq_companies, acq_contacts, acq_deals, acq_lists*, acq_content*, acquisition storage files)",
-    isOrgGrantable: false
-  },
-  {
-    key: "projects.manage",
-    description: "Create, update, and delete project records (prj_projects, prj_milestones, prj_tasks, prj_notes)",
-    isOrgGrantable: false
-  },
-  {
-    key: "clients.manage",
-    description: "Create, update, and delete client hub records (clients, clt_* satellites)",
-    isOrgGrantable: false
-  }
-];
-new Set(PERMISSION_CATALOG.map((p) => p.key));
-var DEFAULT_ACCESS_ACTION = "view";
-var PLATFORM_ADMIN_ACCESS_KEY = "platform.admin";
-var PLATFORM_ADMIN_ACCESS_KEY_SHORTHAND = "platformAdmin";
-var AccessActionSchema = z.enum(["view", "manage"]);
-var AccessKeyObjectSchema = z.object({
-  systemPath: z.string().trim().min(1),
-  action: AccessActionSchema.default(DEFAULT_ACCESS_ACTION)
-}).strict();
-var AccessKeyInputSchema = z.union([z.string().trim().min(1), AccessKeyObjectSchema]);
-var NormalizedAccessKeySchema = AccessKeyObjectSchema;
-var DIAGNOSTIC_VIEW_ACCESS_KEYS = [
-  "diagnostic.operations.overview",
-  "diagnostic.operations.recent-executions",
-  "diagnostic.monitoring.execution-logs",
-  "diagnostic.monitoring.notifications"
-];
-var AccessKeys = {
-  platformAdmin: { systemPath: PLATFORM_ADMIN_ACCESS_KEY, action: DEFAULT_ACCESS_ACTION },
-  organizationManage: { systemPath: "permission.org", action: "manage" },
-  membersManage: { systemPath: "permission.members", action: "manage" },
-  rolesManage: { systemPath: "permission.roles", action: "manage" },
-  secretsManage: { systemPath: "permission.secrets", action: "manage" },
-  operationsRead: { systemPath: "permission.operations", action: DEFAULT_ACCESS_ACTION },
-  operationsManage: { systemPath: "permission.operations", action: "manage" },
-  leadGenManage: { systemPath: "sales.lead-gen", action: "manage" },
-  acquisitionManage: { systemPath: "permission.acquisition", action: "manage" },
-  projectsManage: { systemPath: "permission.projects", action: "manage" },
-  clientsManage: { systemPath: "permission.clients", action: "manage" },
-  operationsOverview: { systemPath: "diagnostic.operations.overview", action: DEFAULT_ACCESS_ACTION },
-  operationsRecentExecutions: { systemPath: "diagnostic.operations.recent-executions", action: DEFAULT_ACCESS_ACTION },
-  monitoringExecutionLogs: { systemPath: "diagnostic.monitoring.execution-logs", action: DEFAULT_ACCESS_ACTION },
-  monitoringNotifications: { systemPath: "diagnostic.monitoring.notifications", action: DEFAULT_ACCESS_ACTION }
-};
-var PERMISSION_ACCESS_KEY_DEFINITIONS = [
-  { key: AccessKeys.organizationManage, rolePermission: PERMISSIONS.ORG_MANAGE },
-  { key: AccessKeys.membersManage, rolePermission: PERMISSIONS.MEMBERS_MANAGE },
-  { key: AccessKeys.rolesManage, rolePermission: PERMISSIONS.ROLES_MANAGE },
-  { key: AccessKeys.secretsManage, rolePermission: PERMISSIONS.SECRETS_MANAGE },
-  { key: AccessKeys.operationsRead, rolePermission: PERMISSIONS.OPERATIONS_READ },
-  { key: AccessKeys.operationsManage, rolePermission: PERMISSIONS.OPERATIONS_MANAGE },
-  { key: AccessKeys.acquisitionManage, rolePermission: PERMISSIONS.ACQUISITION_MANAGE },
-  { key: AccessKeys.projectsManage, rolePermission: PERMISSIONS.PROJECTS_MANAGE },
-  { key: AccessKeys.clientsManage, rolePermission: PERMISSIONS.CLIENTS_MANAGE }
-];
-function normalizeAccessKey(input) {
-  const parsed = AccessKeyInputSchema.parse(input);
-  const normalized = typeof parsed === "string" ? {
-    systemPath: parsed === PLATFORM_ADMIN_ACCESS_KEY_SHORTHAND ? PLATFORM_ADMIN_ACCESS_KEY : parsed,
-    action: DEFAULT_ACCESS_ACTION
-  } : parsed;
-  return NormalizedAccessKeySchema.parse(normalized);
-}
-function rolePermissionForAccessKey(key) {
-  if (key.action === DEFAULT_ACCESS_ACTION) return void 0;
-  return `${key.systemPath}.${key.action}`;
-}
-function groupCatalogEntries(entries) {
-  const grouped = /* @__PURE__ */ new Map();
-  for (const entry of entries) {
-    const existing = grouped.get(entry.key.systemPath) ?? [];
-    existing.push(entry);
-    grouped.set(entry.key.systemPath, existing);
-  }
-  return grouped;
-}
-function buildCatalogEntry(systemPath, action, source) {
-  const key = normalizeAccessKey({ systemPath, action });
-  return {
-    key,
-    source,
-    rolePermission: rolePermissionForAccessKey(key)
-  };
-}
-function deriveAccessKeyCatalog(organizationModel, options = {}) {
-  const { diagnosticKeys = DIAGNOSTIC_VIEW_ACCESS_KEYS, includeManageActions = true } = options;
-  const entries = [
-    buildCatalogEntry(PLATFORM_ADMIN_ACCESS_KEY, DEFAULT_ACCESS_ACTION, "platform")
-  ];
-  for (const { path } of listAllSystems(organizationModel)) {
-    entries.push(buildCatalogEntry(path, DEFAULT_ACCESS_ACTION, "om-system"));
-    if (includeManageActions) {
-      entries.push(buildCatalogEntry(path, "manage", "om-system"));
-    }
-  }
-  for (const { key, rolePermission } of PERMISSION_ACCESS_KEY_DEFINITIONS) {
-    entries.push({
-      key,
-      source: "permission",
-      rolePermission
-    });
-  }
-  for (const systemPath of diagnosticKeys) {
-    entries.push(buildCatalogEntry(systemPath, DEFAULT_ACCESS_ACTION, "diagnostic"));
-  }
-  return {
-    bySystemPath: groupCatalogEntries(entries),
-    entries
-  };
-}
-function findAccessCatalogEntry(catalog, key) {
-  return catalog.bySystemPath.get(key.systemPath)?.find((entry) => entry.key.action === key.action);
-}
-
-// ../core/src/auth/access-model.ts
-var ALLOWED = { allowed: true, restrictedBy: null, reason: "allowed" };
-var PLATFORM_ADMIN_BYPASS = {
-  allowed: true,
-  restrictedBy: null,
-  reason: "platform-admin-bypass"
-};
-function deny(restrictedBy, reason) {
-  return { allowed: false, restrictedBy, reason };
-}
-function isPlatformAdmin(profile) {
-  return profile?.isPlatformAdmin === true || profile?.is_platform_admin === true;
-}
-function diagnosticAllowlistHas(allowlist, systemPath) {
-  if (allowlist === void 0) return false;
-  return "has" in allowlist ? allowlist.has(systemPath) : allowlist.includes(systemPath);
-}
-function lifecycleAllowsAccess(lifecycle, ctx) {
-  if (lifecycle === "active") return true;
-  if (lifecycle === "beta") return ctx.betaAccessEnabled === true || ctx.isDevelopment === true;
-  return false;
-}
-function getPermissionSource(ctx) {
-  return ctx.permissions ?? ctx.membership?.effectivePermissions;
-}
-function hasRequiredPermission(key, rolePermission, ctx) {
-  const permissionSource = getPermissionSource(ctx);
-  if (permissionSource === void 0 || permissionSource === null) return true;
-  const requiredPermission = rolePermission ?? `${key.systemPath}.${key.action}`;
-  return permissionSource.includes(requiredPermission);
-}
-function hasExplicitRequiredPermission(rolePermission, ctx) {
-  const permissionSource = getPermissionSource(ctx);
-  return rolePermission !== void 0 && permissionSource !== void 0 && permissionSource !== null ? permissionSource.includes(rolePermission) : false;
-}
-function checkAccess(input, ctx) {
-  if (isPlatformAdmin(ctx.profile)) return PLATFORM_ADMIN_BYPASS;
-  const parsed = (() => {
-    try {
-      return normalizeAccessKey(input);
-    } catch {
-      return null;
-    }
-  })();
-  if (parsed === null) return deny("catalog", "invalid-access-key");
-  const catalog = ctx.accessCatalog ?? deriveAccessKeyCatalog(ctx.organizationModel);
-  const catalogEntry = findAccessCatalogEntry(catalog, parsed);
-  if (catalogEntry === void 0) return deny("catalog", "unknown-access-key");
-  const membership = ctx.membership;
-  if (membership === void 0 || membership === null) return deny("membership", "missing-membership");
-  if (membership.organizationId !== ctx.organizationId) return deny("membership", "organization-mismatch");
-  if (parsed.systemPath === PLATFORM_ADMIN_ACCESS_KEY) {
-    return deny("role-permission", "role-permission-denied");
-  }
-  if (catalogEntry.source === "diagnostic") {
-    if (!diagnosticAllowlistHas(ctx.diagnosticAllowlist, parsed.systemPath)) {
-      return deny("diagnostic-allowlist", "diagnostic-key-not-allowed");
-    }
-    if (parsed.action !== DEFAULT_ACCESS_ACTION && !hasRequiredPermission(parsed, catalogEntry.rolePermission, ctx)) {
-      return deny("role-permission", "role-permission-denied");
-    }
-    return ALLOWED;
-  }
-  if (catalogEntry.source === "permission") {
-    if (!hasExplicitRequiredPermission(catalogEntry.rolePermission, ctx)) {
-      return deny("role-permission", "role-permission-denied");
-    }
-    return ALLOWED;
-  }
-  const system = getSystem(ctx.organizationModel, parsed.systemPath);
-  if (system === void 0 || !lifecycleAllowsAccess(system.lifecycle, ctx)) {
-    return deny("system-lifecycle", "system-not-active");
-  }
-  if (parsed.action !== DEFAULT_ACCESS_ACTION && !hasRequiredPermission(parsed, catalogEntry.rolePermission, ctx)) {
-    return deny("role-permission", "role-permission-denied");
-  }
-  return ALLOWED;
-}
-function createAccessModel(organizationModel) {
-  const catalog = deriveAccessKeyCatalog(organizationModel);
-  return {
-    catalog,
-    checkAccess: (key, ctx) => checkAccess(key, { ...ctx, organizationModel, accessCatalog: catalog })
-  };
-}
-
-// src/hooks/access/useAccess.ts
-var MISSING_CONTEXT_ANSWER = {
-  allowed: false,
-  restrictedBy: "membership",
-  reason: "missing-membership"
-};
-function readStringArray(value) {
-  return Array.isArray(value) && value.every((item) => typeof item === "string") ? value : void 0;
-}
-function membershipPermissions(membership) {
-  if (!membership || typeof membership !== "object") return void 0;
-  const record = membership;
-  return readStringArray(record.effectivePermissions) ?? readStringArray(record.effective_permissions);
-}
-function resolveOrganizationId(organization) {
-  const membership = organization?.currentMembership;
-  return organization?.currentSupabaseOrganizationId ?? membership?.organizationId ?? membership?.organization?.id ?? null;
-}
-function toAccessMembership(membership, organizationId, permissions) {
-  if (!membership || !organizationId) return null;
-  return {
-    id: membership.id,
-    organizationId: membership.organizationId ?? organizationId,
-    role: membership.role?.slug ?? null,
-    effectivePermissions: permissions
-  };
-}
-function useAccess(key) {
-  const initialization = useContext(InitializationContext);
-  const organization = useContext(OrganizationContext);
-  const services = useContext(ElevasisServiceContext);
-  const systems = useOptionalElevasisSystems();
-  const profile = initialization?.profile ?? null;
-  const isPlatformAdmin2 = profile?.is_platform_admin === true;
-  const organizationId = resolveOrganizationId(organization);
-  const membership = organization?.currentMembership ?? null;
-  const organizationModel = systems?.organizationModel ?? DEFAULT_ORGANIZATION_MODEL;
-  const permissionsFromMembership = useMemo(() => membershipPermissions(membership), [membership]);
-  const shouldFetchPermissions = Boolean(services?.isReady && organizationId && !isPlatformAdmin2);
-  const permissionsQuery = useQuery({
-    // eslint-disable-next-line @tanstack/query/exhaustive-deps -- services.apiRequest is a stable context fn, not cache-relevant; query is keyed by organizationId
-    queryKey: ["access-permissions", organizationId],
-    queryFn: () => services.apiRequest(`/memberships/my-permissions/${organizationId}`),
-    enabled: shouldFetchPermissions,
-    staleTime: STALE_TIME_DEFAULT
-  });
-  const permissions = useMemo(
-    () => isPlatformAdmin2 ? Object.values(PERMISSIONS) : permissionsQuery.data?.permissions ?? permissionsFromMembership ?? [],
-    [isPlatformAdmin2, permissionsFromMembership, permissionsQuery.data?.permissions]
-  );
-  const accessMembership = useMemo(
-    () => toAccessMembership(membership, organizationId, permissions),
-    [membership, organizationId, permissions]
-  );
-  const accessModel = useMemo(() => createAccessModel(organizationModel), [organizationModel]);
-  const answer = useMemo(() => {
-    if (!organizationId && !isPlatformAdmin2) return MISSING_CONTEXT_ANSWER;
-    return accessModel.checkAccess(key, {
-      organizationId: organizationId ?? "",
-      organizationModel,
-      membership: accessMembership,
-      profile,
-      permissions,
-      diagnosticAllowlist: DIAGNOSTIC_VIEW_ACCESS_KEYS,
-      isDevelopment: import.meta.env?.DEV ?? false
-    });
-  }, [accessMembership, accessModel, isPlatformAdmin2, key, organizationId, organizationModel, permissions, profile]);
-  const providerReady = initialization?.organizationReady ?? Boolean(organizationId && accessMembership && systems?.organizationModel);
-  const permissionsReady = !shouldFetchPermissions || !permissionsQuery.isPending;
-  const isReady = isPlatformAdmin2 ? initialization?.userReady ?? true : providerReady && permissionsReady;
-  return {
-    ...answer,
-    isReady,
-    isPlatformAdmin: isPlatformAdmin2,
-    permissions
-  };
-}
-
-export { AccessKeys, useAccess };

package/dist/chunk-5EYJ2GIN.js

@@ -1,122 +0,0 @@
-// src/features/operations/organization-graph/types.ts
-var ORGANIZATION_GRAPH_NODE_KIND_ORDER = [
-  "organization",
-  "system",
-  "role",
-  "action",
-  "entity",
-  "event",
-  "policy",
-  "stage",
-  "resource",
-  "knowledge",
-  "customer-segment",
-  "offering",
-  "goal",
-  "surface",
-  "navigation-group",
-  "ontology"
-];
-var ORGANIZATION_GRAPH_NODE_KIND_LABELS = {
-  organization: "Organization",
-  system: "System",
-  role: "Role",
-  action: "Action",
-  entity: "Entity",
-  event: "Event",
-  policy: "Policy",
-  stage: "Stage",
-  resource: "Resource",
-  knowledge: "Knowledge",
-  "customer-segment": "Customer segment",
-  offering: "Offering",
-  goal: "Goal",
-  surface: "Surface",
-  "navigation-group": "Navigation group",
-  ontology: "Ontology"
-};
-var ORGANIZATION_GRAPH_NODE_KIND_DETAIL_LABELS = {
-  organization: "Organization root",
-  system: "System",
-  role: "Role",
-  action: "Action",
-  entity: "Entity",
-  event: "Event",
-  policy: "Policy",
-  stage: "Stage",
-  resource: "Resource",
-  knowledge: "Knowledge",
-  "customer-segment": "Customer segment",
-  offering: "Offering",
-  goal: "Goal",
-  surface: "Surface",
-  "navigation-group": "Navigation group",
-  ontology: "Ontology record"
-};
-var ORGANIZATION_GRAPH_NODE_KIND_MEANINGS = {
-  organization: "The root of the shared organization model and the parent for every derived node.",
-  system: "A canonical Organization Model system for ownership, routing, and governance.",
-  role: "An Organization Model role that owns responsibilities and may govern systems.",
-  action: "A reusable action that can be attached to a system.",
-  entity: "A modeled business object or stateful data domain owned by the organization model.",
-  event: "A derived domain or runtime event emitted by entities, resources, or actions.",
-  policy: "A governance rule that applies to targets and may trigger effects across the graph.",
-  stage: "A lifecycle stage that records progress for an entity through a build pipeline.",
-  resource: "A concrete command-view or mapped resource that bridges execution topology into the model.",
-  knowledge: "An operational knowledge node that documents a process, strategy, or runbook in the org model.",
-  "customer-segment": "A defined segment of customers or prospects that the organization targets or serves.",
-  offering: "A product, service, or value proposition the organization delivers to customer segments.",
-  goal: "A strategic or operational objective that guides priorities and measures progress.",
-  surface: "A navigation surface (page or view) that is exposed through the platform shell.",
-  "navigation-group": "A logical grouping of navigation surfaces within the platform shell.",
-  ontology: "A compiled ontology record such as an object, action, catalog, value type, surface, or resource binding."
-};
-var ORGANIZATION_GRAPH_EDGE_KIND_LABELS = {
-  contains: "Containment",
-  references: "Reference",
-  maps_to: "Mapping",
-  uses: "Uses",
-  governs: "Governs",
-  links: "Links",
-  affects: "Affects",
-  emits: "Emits",
-  originates_from: "Originates from",
-  triggers: "Triggers",
-  approval: "Approval",
-  applies_to: "Applies to",
-  effects: "Effects",
-  actions: "Actions",
-  reads: "Reads",
-  writes: "Writes",
-  uses_catalog: "Uses catalog"
-};
-var ORGANIZATION_GRAPH_EDGE_KIND_MEANINGS = {
-  contains: "A hierarchy or ownership link inside the shared graph.",
-  references: "A semantic association or dependency between two graph nodes.",
-  maps_to: "An action is aligned to a concrete resource.",
-  uses: "A graph node depends on another node, resource, entity, or integration.",
-  governs: "A knowledge node, role, or policy provides authoritative guidance for another node.",
-  links: "Two modeled nodes are associated without stronger ownership or execution semantics.",
-  affects: "The source can influence the behavior, state, or outcome of the target.",
-  emits: "The source produces an event that can be inspected or traversed.",
-  originates_from: "The source is derived from or owned by the target origin.",
-  triggers: "The source can start or activate the target.",
-  approval: "The source requests or participates in an approval path.",
-  applies_to: "A policy or rule targets the node it applies to.",
-  effects: "A policy or event produces the target effect.",
-  actions: "The source is bound to the target ontology action contract.",
-  reads: "The source reads data described by the target ontology record.",
-  writes: "The source writes data described by the target ontology record.",
-  uses_catalog: "The source uses the target ontology catalog."
-};
-var DEFAULT_ORGANIZATION_GRAPH_FILTERS = {
-  search: "",
-  nodeKinds: [],
-  topologyPresence: "all",
-  environmentStatus: "all",
-  resourceTypes: [],
-  showIntegrations: true,
-  domainFilters: {}
-};
-
-export { DEFAULT_ORGANIZATION_GRAPH_FILTERS, ORGANIZATION_GRAPH_EDGE_KIND_LABELS, ORGANIZATION_GRAPH_EDGE_KIND_MEANINGS, ORGANIZATION_GRAPH_NODE_KIND_DETAIL_LABELS, ORGANIZATION_GRAPH_NODE_KIND_LABELS, ORGANIZATION_GRAPH_NODE_KIND_MEANINGS, ORGANIZATION_GRAPH_NODE_KIND_ORDER };