@idp.global/interfaces 1.0.1

package/dist_ts/request/userinvitation.d.ts

@@ -0,0 +1,193 @@
+import * as data from '../data/index.js';
+import * as plugins from '../plugins.js';
+/**
+ * Create an invitation to join an organization
+ */
+export interface IReq_CreateInvitation extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_CreateInvitation> {
+    method: 'createInvitation';
+    request: {
+        jwt: string;
+        organizationId: string;
+        email: string;
+        roles: string[];
+    };
+    response: {
+        success: boolean;
+        invitation?: data.IUserInvitation;
+        message?: string;
+        /** True if a new invitation was created, false if email was added to existing */
+        isNew: boolean;
+    };
+}
+/**
+ * Get pending invitations for an organization
+ */
+export interface IReq_GetOrgInvitations extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_GetOrgInvitations> {
+    method: 'getOrgInvitations';
+    request: {
+        jwt: string;
+        organizationId: string;
+    };
+    response: {
+        invitations: data.IUserInvitation[];
+    };
+}
+/**
+ * Get members of an organization (users with roles)
+ */
+export interface IReq_GetOrgMembers extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_GetOrgMembers> {
+    method: 'getOrgMembers';
+    request: {
+        jwt: string;
+        organizationId: string;
+    };
+    response: {
+        members: Array<{
+            user: data.IUser;
+            role: data.IRole;
+        }>;
+    };
+}
+/**
+ * Cancel a pending invitation
+ */
+export interface IReq_CancelInvitation extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_CancelInvitation> {
+    method: 'cancelInvitation';
+    request: {
+        jwt: string;
+        organizationId: string;
+        invitationId: string;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Resend invitation email
+ */
+export interface IReq_ResendInvitation extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_ResendInvitation> {
+    method: 'resendInvitation';
+    request: {
+        jwt: string;
+        organizationId: string;
+        invitationId: string;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Remove a member from an organization
+ */
+export interface IReq_RemoveMember extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_RemoveMember> {
+    method: 'removeMember';
+    request: {
+        jwt: string;
+        organizationId: string;
+        userId: string;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Update a member's roles
+ */
+export interface IReq_UpdateMemberRoles extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_UpdateMemberRoles> {
+    method: 'updateMemberRoles';
+    request: {
+        jwt: string;
+        organizationId: string;
+        userId: string;
+        roles: string[];
+    };
+    response: {
+        success: boolean;
+        role?: data.IRole;
+        message?: string;
+    };
+}
+/**
+ * Transfer organization ownership to another member
+ */
+export interface IReq_TransferOwnership extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_TransferOwnership> {
+    method: 'transferOwnership';
+    request: {
+        jwt: string;
+        organizationId: string;
+        newOwnerId: string;
+        confirmationText: string;
+    };
+    response: {
+        success: boolean;
+        message?: string;
+    };
+}
+/**
+ * Accept an invitation (called during registration or email verification)
+ */
+export interface IReq_AcceptInvitation extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_AcceptInvitation> {
+    method: 'acceptInvitation';
+    request: {
+        token: string;
+        userId: string;
+    };
+    response: {
+        success: boolean;
+        organizations?: data.IOrganization[];
+        roles?: data.IRole[];
+        message?: string;
+    };
+}
+/**
+ * Get invitation by token (for invitation landing page)
+ */
+export interface IReq_GetInvitationByToken extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_GetInvitationByToken> {
+    method: 'getInvitationByToken';
+    request: {
+        token: string;
+    };
+    response: {
+        invitation?: data.IUserInvitation;
+        organizations?: Array<{
+            id: string;
+            name: string;
+        }>;
+        isExpired: boolean;
+        requiresRegistration: boolean;
+    };
+}
+/**
+ * Bulk create invitations from a list (typically from CSV import)
+ */
+export interface IReq_BulkCreateInvitations extends plugins.typedRequestInterfaces.implementsTR<plugins.typedRequestInterfaces.ITypedRequest, IReq_BulkCreateInvitations> {
+    method: 'bulkCreateInvitations';
+    request: {
+        jwt: string;
+        organizationId: string;
+        invitations: Array<{
+            email: string;
+            roles?: string[];
+        }>;
+        defaultRoles: string[];
+    };
+    response: {
+        success: boolean;
+        results: Array<{
+            email: string;
+            success: boolean;
+            status: 'invited' | 'already_member' | 'invalid_email' | 'error';
+            message?: string;
+        }>;
+        summary: {
+            total: number;
+            invited: number;
+            alreadyMembers: number;
+            invalid: number;
+            errors: number;
+        };
+    };
+}

package/dist_ts/request/userinvitation.js

@@ -0,0 +1,3 @@
+import * as data from '../data/index.js';
+import * as plugins from '../plugins.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXNlcmludml0YXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9yZXF1ZXN0L3VzZXJpbnZpdGF0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxJQUFJLE1BQU0sa0JBQWtCLENBQUM7QUFDekMsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUMifQ==

package/dist_ts/tags/index.d.ts

@@ -0,0 +1,7 @@
+import * as plugins from '../plugins.js';
+export interface ITag_LolePubapi extends plugins.typedRequestInterfaces.implementsTag<plugins.typedRequestInterfaces.ITag, ITag_LolePubapi> {
+    name: 'lole-reception';
+    payload: {
+        backendToken: string;
+    };
+}

package/dist_ts/tags/index.js

@@ -0,0 +1,2 @@
+import * as plugins from '../plugins.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy90YWdzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDIn0=

package/license

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Task Venture Capital GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@idp.global/interfaces",
+  "version": "1.0.1",
+  "private": false,
+  "description": "Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.",
+  "exports": {
+    ".": "./dist_ts/index.js"
+  },
+  "type": "module",
+  "author": "Task Venture Capital GmbH",
+  "license": "MIT",
+  "dependencies": {
+    "@api.global/typedrequest-interfaces": "^3.0.19",
+    "@tsclass/tsclass": "^9.5.1"
+  },
+  "devDependencies": {
+    "@git.zone/tsbuild": "^4.4.1",
+    "@git.zone/tsdoc": "^2.0.5",
+    "@git.zone/tsrun": "^2.0.4",
+    "@git.zone/tstest": "^3.6.6",
+    "@types/node": "^25.9.0"
+  },
+  "files": [
+    "ts/**/*",
+    "dist/**/*",
+    "dist_*/**/*",
+    "dist_ts/**/*",
+    "readme.md",
+    "changelog.md",
+    "license"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@code.foss.global:29419/idp.global/interfaces.git"
+  },
+  "bugs": {
+    "url": "https://code.foss.global/idp.global/interfaces/issues"
+  },
+  "homepage": "https://code.foss.global/idp.global/interfaces#readme",
+  "keywords": [
+    "idp.global",
+    "interfaces",
+    "typedrequest",
+    "contracts",
+    "identity",
+    "oidc",
+    "typescript"
+  ],
+  "browserslist": [
+    "last 1 chrome versions"
+  ],
+  "scripts": {
+    "test": "tstest test/ --verbose --logfile --timeout 60",
+    "build": "tsbuild tsfolders --allowimplicitany",
+    "buildDocs": "tsdoc"
+  }
+}

package/readme.md

@@ -0,0 +1,101 @@
+# @idp.global/interfaces
+
+Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.
+
+This package contains only public data shapes, typed RPC request definitions, and shared tags used by the idp.global backend, browser client, CLI, web UI, and external integrations.
+
+## Issue Reporting and Security
+
+For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
+
+## Install
+
+```bash
+pnpm add @idp.global/interfaces
+```
+
+## Public API
+
+```ts
+import { data, request, tags } from '@idp.global/interfaces';
+```
+
+The root export exposes three namespaces:
+
+```ts
+export {
+  data,
+  request,
+  tags,
+};
+```
+
+## Data Contracts
+
+Use `data` for durable and transportable idp.global object shapes.
+
+Common data contracts include users, JWTs, login sessions, registration sessions, organizations, roles, invitations, billing plans, apps, app connections, activity logs, alerts, alert rules, abuse windows, passport devices, passport challenges, passport nonces, and OIDC payloads.
+
+```ts
+import { data } from '@idp.global/interfaces';
+
+const organization: data.IOrganization = {
+  id: 'org_1',
+  data: {
+    name: 'Acme',
+    slug: 'acme',
+    billingPlanId: 'plan_free',
+    roleIds: [],
+  },
+};
+```
+
+## TypedRequest Contracts
+
+Use `request` when registering handlers or creating typed clients with `@api.global/typedrequest` or `@api.global/typedsocket`.
+
+```ts
+import { request } from '@idp.global/interfaces';
+
+type LoginRequest = request.IReq_LoginWithEmailOrUsernameAndPassword;
+
+const payload: LoginRequest['request'] = {
+  username: 'user@example.com',
+  password: 'secret',
+};
+```
+
+Request groups cover login, registration, JWT refresh, user/session queries, organization membership, invitations, apps, billing, admin actions, alerts, passport device flows, password reset, device IDs, and OIDC authorization.
+
+## Scope
+
+This package is intentionally contract-only. It does not open sockets, store auth state, talk to MongoDB, send email, or implement authentication logic.
+
+## Development
+
+```bash
+pnpm install
+pnpm run build
+pnpm test
+```
+
+## License and Legal Information
+
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.
+
+**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
+
+### Trademarks
+
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
+
+Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
+
+### Company Information
+
+Task Venture Capital GmbH  
+Registered at District Court Bremen HRB 35230 HB, Germany
+
+For any legal inquiries or further information, please contact us via email at hello@task.vc.
+
+By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

package/ts/00_commitinfo_data.ts

@@ -0,0 +1,8 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export const commitinfo = {
+  name: '@idp.global/interfaces',
+  version: '1.0.1',
+  description: 'Shared TypeScript interfaces and TypedRequest contracts for the idp.global ecosystem.'
+}

package/ts/data/abusewindow.ts

@@ -0,0 +1,13 @@
+export interface IAbuseWindow {
+  id: string;
+  data: {
+    action: string;
+    identifierHash: string;
+    attemptCount: number;
+    windowStartedAt: number;
+    blockedUntil: number;
+    validUntil: number;
+    createdAt: number;
+    updatedAt: number;
+  };
+}

package/ts/data/activity.ts

@@ -0,0 +1,36 @@
+export type TActivityAction =
+  | 'login'
+  | 'logout'
+  | 'session_created'
+  | 'session_revoked'
+  | 'passport_device_enrolled'
+  | 'passport_device_revoked'
+  | 'passport_challenge_approved'
+  | 'passport_challenge_rejected'
+  | 'org_created'
+  | 'org_updated'
+  | 'org_deleted'
+  | 'org_ownership_transferred'
+  | 'org_joined'
+  | 'org_left'
+  | 'role_changed'
+  | 'org_app_role_mappings_updated'
+  | 'profile_updated'
+  | 'app_connected'
+  | 'app_disconnected';
+
+export interface IActivityLog {
+  id: string;
+  data: {
+    userId: string;
+    action: TActivityAction;
+    timestamp: number;
+    metadata: {
+      ip?: string;
+      userAgent?: string;
+      targetId?: string;
+      targetType?: string;
+      description: string;
+    };
+  };
+}

package/ts/data/alert.ts

@@ -0,0 +1,35 @@
+export type TAlertSeverity = 'low' | 'medium' | 'high' | 'critical';
+
+export type TAlertStatus = 'pending' | 'seen' | 'dismissed';
+
+export type TAlertCategory = 'security' | 'admin' | 'system';
+
+export type TAlertNotificationStatus = 'pending' | 'sent' | 'failed' | 'seen';
+
+export interface IAlert {
+  id: string;
+  data: {
+    recipientUserId: string;
+    organizationId?: string;
+    category: TAlertCategory;
+    eventType: string;
+    severity: TAlertSeverity;
+    title: string;
+    body: string;
+    actorUserId?: string;
+    relatedEntityId?: string;
+    relatedEntityType?: string;
+    notification: {
+      hintId: string;
+      status: TAlertNotificationStatus;
+      attemptCount: number;
+      createdAt: number;
+      deliveredAt?: number | null;
+      seenAt?: number | null;
+      lastError?: string | null;
+    };
+    createdAt: number;
+    seenAt?: number | null;
+    dismissedAt?: number | null;
+  };
+}

package/ts/data/alertrule.ts

@@ -0,0 +1,22 @@
+import type { TAlertSeverity } from './alert.js';
+
+export type TAlertRuleScope = 'global' | 'organization';
+
+export type TAlertRuleRecipientMode = 'global_admins' | 'org_admins' | 'specific_users';
+
+export interface IAlertRule {
+  id: string;
+  data: {
+    scope: TAlertRuleScope;
+    organizationId?: string;
+    eventType: string;
+    minimumSeverity: TAlertSeverity;
+    recipientMode: TAlertRuleRecipientMode;
+    recipientUserIds?: string[];
+    push: boolean;
+    enabled: boolean;
+    createdByUserId: string;
+    createdAt: number;
+    updatedAt: number;
+  };
+}

package/ts/data/app.ts

@@ -0,0 +1,99 @@
+// App Types
+export type TAppType = 'global' | 'partner' | 'custom_oidc';
+export type TAppApprovalStatus = 'draft' | 'pending_review' | 'approved' | 'rejected' | 'suspended';
+
+// OAuth Credentials
+export interface IOAuthCredentials {
+  clientId: string;
+  clientSecretHash: string;
+  redirectUris: string[];
+  allowedScopes: string[];
+  grantTypes: ('authorization_code' | 'client_credentials' | 'refresh_token')[];
+}
+
+// Base app data shared by all app types
+export interface IAppBaseData {
+  name: string;
+  description: string;
+  logoUrl: string;
+  appUrl: string;
+}
+
+// Global App - First-party apps managed by platform (foss.global, task.vc, etc.)
+export interface IGlobalApp {
+  id: string;
+  type: 'global';
+  data: IAppBaseData & {
+    oauthCredentials: IOAuthCredentials;
+    isActive: boolean;
+    category: string;
+    createdAt: number;
+    createdByUserId: string;
+  };
+}
+
+// Partner App - Third-party apps submitted to AppStore
+export interface IPartnerApp {
+  id: string;
+  type: 'partner';
+  data: IAppBaseData & {
+    ownerOrganizationId: string;
+    oauthCredentials: IOAuthCredentials;
+    appStoreMetadata: {
+      shortDescription: string;
+      longDescription: string;
+      screenshots: string[];
+      category: string;
+      tags: string[];
+      pricing: { model: 'free' | 'paid' | 'freemium' };
+    };
+    approvalStatus: TAppApprovalStatus;
+    isPublished: boolean;
+    installCount: number;
+  };
+}
+
+// Custom OIDC App - Organization-created OAuth clients
+export interface ICustomOidcApp {
+  id: string;
+  type: 'custom_oidc';
+  data: IAppBaseData & {
+    ownerOrganizationId: string;
+    oauthCredentials: IOAuthCredentials;
+    oidcSettings: {
+      accessTokenLifetime: number; // seconds
+      refreshTokenLifetime: number; // seconds
+    };
+  };
+}
+
+// Union type for all app types
+export type IApp = IGlobalApp | IPartnerApp | ICustomOidcApp;
+
+/**
+ * Legacy interface for backwards compatibility with existing code
+ * that expects a flat app structure (e.g., idpclient, transfermanager)
+ */
+export interface IAppLegacy {
+  /**
+   * must be unique
+   */
+  id: string;
+  /**
+   * should be unique
+   */
+  name: string;
+  description: string;
+  logoUrl: string;
+  appUrl: string;
+}
+
+/**
+ * Storage interface for SmartData documents
+ * Uses the discriminated union approach with a 'type' field
+ */
+export interface IAppDocument {
+  id: string;
+  type: TAppType;
+  data: IGlobalApp['data'] | IPartnerApp['data'] | ICustomOidcApp['data'];
+}

package/ts/data/appconnection.ts

@@ -0,0 +1,18 @@
+import type { TAppType } from './app.js';
+import type { IAppRoleMapping } from './role.js';
+
+export type TAppConnectionStatus = 'active' | 'disconnected';
+
+export interface IAppConnection {
+  id: string;
+  data: {
+    organizationId: string;
+    appId: string;
+    appType: TAppType;
+    status: TAppConnectionStatus;
+    connectedAt: number;
+    connectedByUserId: string;
+    grantedScopes: string[];
+    roleMappings?: IAppRoleMapping[];
+  };
+}

package/ts/data/billingplan.ts

@@ -0,0 +1,47 @@
+import * as plugins from '../plugins.js';
+
+export type TSupportedCurrency = 'EUR';
+
+export interface IBillableItem {
+  name: string;
+  monthlyPrice: number;
+  currency: TSupportedCurrency;
+  from: number;
+  to: number;
+  factoredOn30DayMonth: number;
+  quantity: number;
+}
+
+export interface IBillingPlan {
+  id: string;
+  data: {
+    type: 'Paddle' | 'AppSumo' | 'FairUsageFree' | 'Enterprise' | 'Internal' | 'Testing';
+    proEnabled: boolean;
+    organizationId: string;
+    lastProcessed: number;
+    seats: number;
+    status: 'active' | 'activeOverdue' | 'pausedOverdue' | 'inactive' | 'suspended';
+    paddleData?: {
+      checkoutId: string;
+    };
+    alternativePaymentData?: {
+      enterprise: boolean;
+      appSumoCode: string;
+    };
+    nextBilling: {
+      items: Array<IBillableItem>;
+      method: 'paddle';
+      ontrack: boolean;
+      errorText?: string;
+      selectedBillingDate: number;
+    };
+    billingEvents: Array<{
+      timestamp: number;
+      amount: number;
+      currency: TSupportedCurrency;
+      billedItems: Array<IBillableItem>;
+      checkoutLink?: string;
+    }>;
+    communications: Array<any>;
+  };
+}

package/ts/data/device.ts

@@ -0,0 +1,3 @@
+import * as plugins from '../plugins.js';
+
+export interface IDevice extends plugins.tsclass.network.IDevice {}