@inkeep/agents-core 0.0.0-dev-20260118170655 → 0.0.0-dev-20260119163620
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/auth-validation-schemas.d.ts +17 -17
- package/dist/auth/auth.d.ts +103 -43
- package/dist/auth/auth.js +46 -0
- package/dist/auth/authz/client.d.ts +81 -0
- package/dist/auth/authz/client.js +189 -0
- package/dist/auth/authz/config.d.ts +76 -0
- package/dist/auth/authz/config.js +76 -0
- package/dist/auth/authz/index.d.ts +5 -0
- package/dist/auth/authz/index.js +6 -0
- package/dist/auth/authz/permissions.d.ts +57 -0
- package/dist/auth/authz/permissions.js +83 -0
- package/dist/auth/authz/sync.d.ts +85 -0
- package/dist/auth/authz/sync.js +237 -0
- package/dist/auth/permissions.d.ts +13 -13
- package/dist/auth/permissions.js +2 -181
- package/dist/data-access/manage/projectLifecycle.d.ts +1 -0
- package/dist/data-access/manage/projectLifecycle.js +3 -2
- package/dist/data-access/manage/projects.d.ts +4 -0
- package/dist/data-access/manage/projects.js +11 -4
- package/dist/data-access/runtime/messages.d.ts +12 -12
- package/dist/data-access/runtime/projects.d.ts +2 -0
- package/dist/data-access/runtime/projects.js +16 -2
- package/dist/data-access/runtime/tasks.d.ts +1 -1
- package/dist/index.d.ts +6 -1
- package/dist/index.js +6 -1
- package/dist/validation/drizzle-schema-helpers.d.ts +3 -3
- package/dist/validation/schemas.d.ts +151 -151
- package/package.json +6 -1
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { z } from "@hono/zod-openapi";
|
|
2
2
|
import * as drizzle_orm_pg_core1074 from "drizzle-orm/pg-core";
|
|
3
|
-
import * as
|
|
3
|
+
import * as drizzle_zod171 from "drizzle-zod";
|
|
4
4
|
|
|
5
5
|
//#region src/auth/auth-validation-schemas.d.ts
|
|
6
|
-
declare const UserSelectSchema:
|
|
6
|
+
declare const UserSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
7
7
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
8
8
|
name: "id";
|
|
9
9
|
tableName: "user";
|
|
@@ -124,7 +124,7 @@ declare const UserSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
124
124
|
generated: undefined;
|
|
125
125
|
}, {}, {}>;
|
|
126
126
|
}, undefined, undefined>;
|
|
127
|
-
declare const UserInsertSchema:
|
|
127
|
+
declare const UserInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
128
128
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
129
129
|
name: "id";
|
|
130
130
|
tableName: "user";
|
|
@@ -245,7 +245,7 @@ declare const UserInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
245
245
|
generated: undefined;
|
|
246
246
|
}, {}, {}>;
|
|
247
247
|
}, undefined, undefined>;
|
|
248
|
-
declare const SessionSelectSchema:
|
|
248
|
+
declare const SessionSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
249
249
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
250
250
|
name: "id";
|
|
251
251
|
tableName: "session";
|
|
@@ -400,7 +400,7 @@ declare const SessionSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
400
400
|
generated: undefined;
|
|
401
401
|
}, {}, {}>;
|
|
402
402
|
}, undefined, undefined>;
|
|
403
|
-
declare const SessionInsertSchema:
|
|
403
|
+
declare const SessionInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
404
404
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
405
405
|
name: "id";
|
|
406
406
|
tableName: "session";
|
|
@@ -555,7 +555,7 @@ declare const SessionInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
555
555
|
generated: undefined;
|
|
556
556
|
}, {}, {}>;
|
|
557
557
|
}, undefined, undefined>;
|
|
558
|
-
declare const AccountSelectSchema:
|
|
558
|
+
declare const AccountSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
559
559
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
560
560
|
name: "id";
|
|
561
561
|
tableName: "account";
|
|
@@ -778,7 +778,7 @@ declare const AccountSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
778
778
|
generated: undefined;
|
|
779
779
|
}, {}, {}>;
|
|
780
780
|
}, undefined, undefined>;
|
|
781
|
-
declare const AccountInsertSchema:
|
|
781
|
+
declare const AccountInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
782
782
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
783
783
|
name: "id";
|
|
784
784
|
tableName: "account";
|
|
@@ -1001,7 +1001,7 @@ declare const AccountInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
1001
1001
|
generated: undefined;
|
|
1002
1002
|
}, {}, {}>;
|
|
1003
1003
|
}, undefined, undefined>;
|
|
1004
|
-
declare const OrganizationSelectSchema:
|
|
1004
|
+
declare const OrganizationSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
1005
1005
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1006
1006
|
name: "id";
|
|
1007
1007
|
tableName: "organization";
|
|
@@ -1105,7 +1105,7 @@ declare const OrganizationSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
1105
1105
|
generated: undefined;
|
|
1106
1106
|
}, {}, {}>;
|
|
1107
1107
|
}, undefined, undefined>;
|
|
1108
|
-
declare const OrganizationInsertSchema:
|
|
1108
|
+
declare const OrganizationInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
1109
1109
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1110
1110
|
name: "id";
|
|
1111
1111
|
tableName: "organization";
|
|
@@ -1209,7 +1209,7 @@ declare const OrganizationInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
1209
1209
|
generated: undefined;
|
|
1210
1210
|
}, {}, {}>;
|
|
1211
1211
|
}, undefined, undefined>;
|
|
1212
|
-
declare const MemberSelectSchema:
|
|
1212
|
+
declare const MemberSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
1213
1213
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1214
1214
|
name: "id";
|
|
1215
1215
|
tableName: "member";
|
|
@@ -1296,7 +1296,7 @@ declare const MemberSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
1296
1296
|
generated: undefined;
|
|
1297
1297
|
}, {}, {}>;
|
|
1298
1298
|
}, undefined, undefined>;
|
|
1299
|
-
declare const MemberInsertSchema:
|
|
1299
|
+
declare const MemberInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
1300
1300
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1301
1301
|
name: "id";
|
|
1302
1302
|
tableName: "member";
|
|
@@ -1383,7 +1383,7 @@ declare const MemberInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
1383
1383
|
generated: undefined;
|
|
1384
1384
|
}, {}, {}>;
|
|
1385
1385
|
}, undefined, undefined>;
|
|
1386
|
-
declare const InvitationSelectSchema:
|
|
1386
|
+
declare const InvitationSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
1387
1387
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1388
1388
|
name: "id";
|
|
1389
1389
|
tableName: "invitation";
|
|
@@ -1521,7 +1521,7 @@ declare const InvitationSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
1521
1521
|
generated: undefined;
|
|
1522
1522
|
}, {}, {}>;
|
|
1523
1523
|
}, undefined, undefined>;
|
|
1524
|
-
declare const InvitationInsertSchema:
|
|
1524
|
+
declare const InvitationInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
1525
1525
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1526
1526
|
name: "id";
|
|
1527
1527
|
tableName: "invitation";
|
|
@@ -1659,7 +1659,7 @@ declare const InvitationInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
1659
1659
|
generated: undefined;
|
|
1660
1660
|
}, {}, {}>;
|
|
1661
1661
|
}, undefined, undefined>;
|
|
1662
|
-
declare const DeviceCodeSelectSchema:
|
|
1662
|
+
declare const DeviceCodeSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
1663
1663
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1664
1664
|
name: "id";
|
|
1665
1665
|
tableName: "device_code";
|
|
@@ -1831,7 +1831,7 @@ declare const DeviceCodeSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
1831
1831
|
generated: undefined;
|
|
1832
1832
|
}, {}, {}>;
|
|
1833
1833
|
}, undefined, undefined>;
|
|
1834
|
-
declare const DeviceCodeInsertSchema:
|
|
1834
|
+
declare const DeviceCodeInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
1835
1835
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
1836
1836
|
name: "id";
|
|
1837
1837
|
tableName: "device_code";
|
|
@@ -2003,7 +2003,7 @@ declare const DeviceCodeInsertSchema: drizzle_zod167.BuildSchema<"insert", {
|
|
|
2003
2003
|
generated: undefined;
|
|
2004
2004
|
}, {}, {}>;
|
|
2005
2005
|
}, undefined, undefined>;
|
|
2006
|
-
declare const VerificationSelectSchema:
|
|
2006
|
+
declare const VerificationSelectSchema: drizzle_zod171.BuildSchema<"select", {
|
|
2007
2007
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
2008
2008
|
name: "id";
|
|
2009
2009
|
tableName: "verification";
|
|
@@ -2107,7 +2107,7 @@ declare const VerificationSelectSchema: drizzle_zod167.BuildSchema<"select", {
|
|
|
2107
2107
|
generated: undefined;
|
|
2108
2108
|
}, {}, {}>;
|
|
2109
2109
|
}, undefined, undefined>;
|
|
2110
|
-
declare const VerificationInsertSchema:
|
|
2110
|
+
declare const VerificationInsertSchema: drizzle_zod171.BuildSchema<"insert", {
|
|
2111
2111
|
id: drizzle_orm_pg_core1074.PgColumn<{
|
|
2112
2112
|
name: "id";
|
|
2113
2113
|
tableName: "verification";
|
package/dist/auth/auth.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { AgentsRunDatabaseClient } from "../db/runtime/runtime-client.js";
|
|
|
2
2
|
import * as _better_auth_sso0 from "@better-auth/sso";
|
|
3
3
|
import * as better_auth0 from "better-auth";
|
|
4
4
|
import { BetterAuthAdvancedOptions } from "better-auth";
|
|
5
|
-
import * as
|
|
5
|
+
import * as better_auth_plugins20 from "better-auth/plugins";
|
|
6
6
|
import * as zod0 from "zod";
|
|
7
7
|
import { GoogleOptions } from "better-auth/social-providers";
|
|
8
8
|
|
|
@@ -213,7 +213,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
213
213
|
handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>;
|
|
214
214
|
}[];
|
|
215
215
|
};
|
|
216
|
-
options:
|
|
216
|
+
options: better_auth_plugins20.BearerOptions | undefined;
|
|
217
217
|
}, {
|
|
218
218
|
id: "sso";
|
|
219
219
|
endpoints: {
|
|
@@ -841,30 +841,30 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
841
841
|
};
|
|
842
842
|
}, {
|
|
843
843
|
id: "organization";
|
|
844
|
-
endpoints:
|
|
844
|
+
endpoints: better_auth_plugins20.OrganizationEndpoints<{
|
|
845
845
|
allowUserToCreateOrganization: true;
|
|
846
|
-
ac:
|
|
846
|
+
ac: better_auth_plugins20.AccessControl;
|
|
847
847
|
roles: {
|
|
848
848
|
member: {
|
|
849
|
-
authorize<K_1 extends "
|
|
850
|
-
actions:
|
|
849
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
850
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
851
851
|
connector: "OR" | "AND";
|
|
852
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
853
|
-
statements:
|
|
852
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
853
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
854
854
|
};
|
|
855
855
|
admin: {
|
|
856
|
-
authorize<K_1 extends "
|
|
857
|
-
actions:
|
|
856
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
857
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
858
858
|
connector: "OR" | "AND";
|
|
859
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
860
|
-
statements:
|
|
859
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
860
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
861
861
|
};
|
|
862
862
|
owner: {
|
|
863
|
-
authorize<K_1 extends "
|
|
864
|
-
actions:
|
|
863
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
864
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
865
865
|
connector: "OR" | "AND";
|
|
866
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
867
|
-
statements:
|
|
866
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
867
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
868
868
|
};
|
|
869
869
|
};
|
|
870
870
|
membershipLimit: number;
|
|
@@ -874,12 +874,42 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
874
874
|
id: string;
|
|
875
875
|
role: string;
|
|
876
876
|
email: string;
|
|
877
|
-
organization:
|
|
878
|
-
invitation:
|
|
879
|
-
inviter:
|
|
877
|
+
organization: better_auth_plugins20.Organization;
|
|
878
|
+
invitation: better_auth_plugins20.Invitation;
|
|
879
|
+
inviter: better_auth_plugins20.Member & {
|
|
880
880
|
user: better_auth0.User;
|
|
881
881
|
};
|
|
882
882
|
}): Promise<void>;
|
|
883
|
+
organizationHooks: {
|
|
884
|
+
afterAcceptInvitation: ({
|
|
885
|
+
member,
|
|
886
|
+
user,
|
|
887
|
+
organization: org
|
|
888
|
+
}: {
|
|
889
|
+
invitation: better_auth_plugins20.Invitation & Record<string, any>;
|
|
890
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
891
|
+
user: better_auth0.User & Record<string, any>;
|
|
892
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
893
|
+
}) => Promise<void>;
|
|
894
|
+
afterUpdateMemberRole: ({
|
|
895
|
+
member,
|
|
896
|
+
organization: org,
|
|
897
|
+
previousRole
|
|
898
|
+
}: {
|
|
899
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
900
|
+
previousRole: string;
|
|
901
|
+
user: better_auth0.User & Record<string, any>;
|
|
902
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
903
|
+
}) => Promise<void>;
|
|
904
|
+
afterRemoveMember: ({
|
|
905
|
+
member,
|
|
906
|
+
organization: org
|
|
907
|
+
}: {
|
|
908
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
909
|
+
user: better_auth0.User & Record<string, any>;
|
|
910
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
911
|
+
}) => Promise<void>;
|
|
912
|
+
};
|
|
883
913
|
}>;
|
|
884
914
|
schema: {
|
|
885
915
|
organization: {
|
|
@@ -1008,8 +1038,8 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1008
1038
|
id: string;
|
|
1009
1039
|
organizationId: string;
|
|
1010
1040
|
email: string;
|
|
1011
|
-
role: "member" | "
|
|
1012
|
-
status:
|
|
1041
|
+
role: "member" | "owner" | "admin";
|
|
1042
|
+
status: better_auth_plugins20.InvitationStatus;
|
|
1013
1043
|
inviterId: string;
|
|
1014
1044
|
expiresAt: Date;
|
|
1015
1045
|
createdAt: Date;
|
|
@@ -1017,7 +1047,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1017
1047
|
Member: {
|
|
1018
1048
|
id: string;
|
|
1019
1049
|
organizationId: string;
|
|
1020
|
-
role: "member" | "
|
|
1050
|
+
role: "member" | "owner" | "admin";
|
|
1021
1051
|
createdAt: Date;
|
|
1022
1052
|
userId: string;
|
|
1023
1053
|
user: {
|
|
@@ -1033,7 +1063,7 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1033
1063
|
members: {
|
|
1034
1064
|
id: string;
|
|
1035
1065
|
organizationId: string;
|
|
1036
|
-
role: "member" | "
|
|
1066
|
+
role: "member" | "owner" | "admin";
|
|
1037
1067
|
createdAt: Date;
|
|
1038
1068
|
userId: string;
|
|
1039
1069
|
user: {
|
|
@@ -1047,8 +1077,8 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1047
1077
|
id: string;
|
|
1048
1078
|
organizationId: string;
|
|
1049
1079
|
email: string;
|
|
1050
|
-
role: "member" | "
|
|
1051
|
-
status:
|
|
1080
|
+
role: "member" | "owner" | "admin";
|
|
1081
|
+
status: better_auth_plugins20.InvitationStatus;
|
|
1052
1082
|
inviterId: string;
|
|
1053
1083
|
expiresAt: Date;
|
|
1054
1084
|
createdAt: Date;
|
|
@@ -1122,28 +1152,28 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1122
1152
|
};
|
|
1123
1153
|
options: NoInfer<{
|
|
1124
1154
|
allowUserToCreateOrganization: true;
|
|
1125
|
-
ac:
|
|
1155
|
+
ac: better_auth_plugins20.AccessControl;
|
|
1126
1156
|
roles: {
|
|
1127
1157
|
member: {
|
|
1128
|
-
authorize<K_1 extends "
|
|
1129
|
-
actions:
|
|
1158
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
1159
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
1130
1160
|
connector: "OR" | "AND";
|
|
1131
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
1132
|
-
statements:
|
|
1161
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
1162
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
1133
1163
|
};
|
|
1134
1164
|
admin: {
|
|
1135
|
-
authorize<K_1 extends "
|
|
1136
|
-
actions:
|
|
1165
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
1166
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
1137
1167
|
connector: "OR" | "AND";
|
|
1138
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
1139
|
-
statements:
|
|
1168
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
1169
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
1140
1170
|
};
|
|
1141
1171
|
owner: {
|
|
1142
|
-
authorize<K_1 extends "
|
|
1143
|
-
actions:
|
|
1172
|
+
authorize<K_1 extends "project" | "organization" | "team" | "member" | "ac" | "invitation">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key] | {
|
|
1173
|
+
actions: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>[key];
|
|
1144
1174
|
connector: "OR" | "AND";
|
|
1145
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
1146
|
-
statements:
|
|
1175
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins20.AuthorizeResponse;
|
|
1176
|
+
statements: better_auth_plugins20.Subset<"project" | "organization" | "team" | "member" | "ac" | "invitation", better_auth_plugins20.Statements>;
|
|
1147
1177
|
};
|
|
1148
1178
|
};
|
|
1149
1179
|
membershipLimit: number;
|
|
@@ -1153,12 +1183,42 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1153
1183
|
id: string;
|
|
1154
1184
|
role: string;
|
|
1155
1185
|
email: string;
|
|
1156
|
-
organization:
|
|
1157
|
-
invitation:
|
|
1158
|
-
inviter:
|
|
1186
|
+
organization: better_auth_plugins20.Organization;
|
|
1187
|
+
invitation: better_auth_plugins20.Invitation;
|
|
1188
|
+
inviter: better_auth_plugins20.Member & {
|
|
1159
1189
|
user: better_auth0.User;
|
|
1160
1190
|
};
|
|
1161
1191
|
}): Promise<void>;
|
|
1192
|
+
organizationHooks: {
|
|
1193
|
+
afterAcceptInvitation: ({
|
|
1194
|
+
member,
|
|
1195
|
+
user,
|
|
1196
|
+
organization: org
|
|
1197
|
+
}: {
|
|
1198
|
+
invitation: better_auth_plugins20.Invitation & Record<string, any>;
|
|
1199
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
1200
|
+
user: better_auth0.User & Record<string, any>;
|
|
1201
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
1202
|
+
}) => Promise<void>;
|
|
1203
|
+
afterUpdateMemberRole: ({
|
|
1204
|
+
member,
|
|
1205
|
+
organization: org,
|
|
1206
|
+
previousRole
|
|
1207
|
+
}: {
|
|
1208
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
1209
|
+
previousRole: string;
|
|
1210
|
+
user: better_auth0.User & Record<string, any>;
|
|
1211
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
1212
|
+
}) => Promise<void>;
|
|
1213
|
+
afterRemoveMember: ({
|
|
1214
|
+
member,
|
|
1215
|
+
organization: org
|
|
1216
|
+
}: {
|
|
1217
|
+
member: better_auth_plugins20.Member & Record<string, any>;
|
|
1218
|
+
user: better_auth0.User & Record<string, any>;
|
|
1219
|
+
organization: better_auth_plugins20.Organization & Record<string, any>;
|
|
1220
|
+
}) => Promise<void>;
|
|
1221
|
+
};
|
|
1162
1222
|
}>;
|
|
1163
1223
|
}, {
|
|
1164
1224
|
id: "device-authorization";
|
|
@@ -1493,8 +1553,8 @@ declare function createAuth(config: BetterAuthConfig): better_auth0.Auth<{
|
|
|
1493
1553
|
readonly AUTHENTICATION_REQUIRED: "Authentication required";
|
|
1494
1554
|
};
|
|
1495
1555
|
options: Partial<{
|
|
1496
|
-
expiresIn:
|
|
1497
|
-
interval:
|
|
1556
|
+
expiresIn: better_auth_plugins20.TimeString;
|
|
1557
|
+
interval: better_auth_plugins20.TimeString;
|
|
1498
1558
|
deviceCodeLength: number;
|
|
1499
1559
|
userCodeLength: number;
|
|
1500
1560
|
schema: {
|
package/dist/auth/auth.js
CHANGED
|
@@ -139,6 +139,52 @@ function createAuth(config) {
|
|
|
139
139
|
organization: data.organization.name,
|
|
140
140
|
invitationId: data.id
|
|
141
141
|
});
|
|
142
|
+
},
|
|
143
|
+
organizationHooks: {
|
|
144
|
+
afterAcceptInvitation: async ({ member: member$1, user, organization: org }) => {
|
|
145
|
+
try {
|
|
146
|
+
const { syncOrgMemberToSpiceDb } = await import("./authz/sync.js");
|
|
147
|
+
await syncOrgMemberToSpiceDb({
|
|
148
|
+
tenantId: org.id,
|
|
149
|
+
userId: user.id,
|
|
150
|
+
role: member$1.role,
|
|
151
|
+
action: "add"
|
|
152
|
+
});
|
|
153
|
+
console.log(`🔐 SpiceDB: Synced member ${user.email} as ${member$1.role} to org ${org.name}`);
|
|
154
|
+
} catch (error) {
|
|
155
|
+
console.error("❌ SpiceDB sync failed for new member:", error);
|
|
156
|
+
}
|
|
157
|
+
},
|
|
158
|
+
afterUpdateMemberRole: async ({ member: member$1, organization: org, previousRole }) => {
|
|
159
|
+
try {
|
|
160
|
+
const { changeOrgRole } = await import("./authz/sync.js");
|
|
161
|
+
const oldRole = previousRole;
|
|
162
|
+
const newRole = member$1.role;
|
|
163
|
+
await changeOrgRole({
|
|
164
|
+
tenantId: org.id,
|
|
165
|
+
userId: member$1.userId,
|
|
166
|
+
oldRole,
|
|
167
|
+
newRole
|
|
168
|
+
});
|
|
169
|
+
console.log(`🔐 SpiceDB: Updated member ${member$1.userId} role from ${oldRole} to ${newRole} in org ${org.name}`);
|
|
170
|
+
} catch (error) {
|
|
171
|
+
console.error("❌ SpiceDB sync failed for role update:", error);
|
|
172
|
+
}
|
|
173
|
+
},
|
|
174
|
+
afterRemoveMember: async ({ member: member$1, organization: org }) => {
|
|
175
|
+
try {
|
|
176
|
+
const { syncOrgMemberToSpiceDb } = await import("./authz/sync.js");
|
|
177
|
+
await syncOrgMemberToSpiceDb({
|
|
178
|
+
tenantId: org.id,
|
|
179
|
+
userId: member$1.userId,
|
|
180
|
+
role: member$1.role,
|
|
181
|
+
action: "remove"
|
|
182
|
+
});
|
|
183
|
+
console.log(`🔐 SpiceDB: Removed member ${member$1.userId} from org ${org.name}`);
|
|
184
|
+
} catch (error) {
|
|
185
|
+
console.error("❌ SpiceDB sync failed for member removal:", error);
|
|
186
|
+
}
|
|
187
|
+
}
|
|
142
188
|
}
|
|
143
189
|
}),
|
|
144
190
|
deviceAuthorization({
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { v1 } from "@authzed/authzed-node";
|
|
2
|
+
|
|
3
|
+
//#region src/auth/authz/client.d.ts
|
|
4
|
+
|
|
5
|
+
type ZedClientInterface = ReturnType<typeof v1.NewClient>;
|
|
6
|
+
/**
|
|
7
|
+
* Get the SpiceDB client singleton.
|
|
8
|
+
* Creates a new client on first call.
|
|
9
|
+
*/
|
|
10
|
+
declare function getSpiceClient(): ZedClientInterface;
|
|
11
|
+
/**
|
|
12
|
+
* Reset the client (useful for testing)
|
|
13
|
+
*/
|
|
14
|
+
declare function resetSpiceClient(): void;
|
|
15
|
+
/**
|
|
16
|
+
* Check if a subject has a permission on a resource.
|
|
17
|
+
* Note: Caller must verify isAuthzEnabled(tenantId) before calling.
|
|
18
|
+
*/
|
|
19
|
+
declare function checkPermission(params: {
|
|
20
|
+
resourceType: string;
|
|
21
|
+
resourceId: string;
|
|
22
|
+
permission: string;
|
|
23
|
+
subjectType: string;
|
|
24
|
+
subjectId: string;
|
|
25
|
+
}): Promise<boolean>;
|
|
26
|
+
/**
|
|
27
|
+
* Check multiple permissions on a resource in a single request.
|
|
28
|
+
* More efficient than multiple checkPermission calls.
|
|
29
|
+
*
|
|
30
|
+
* @returns Record mapping permission names to boolean results
|
|
31
|
+
*/
|
|
32
|
+
declare function checkBulkPermissions(params: {
|
|
33
|
+
resourceType: string;
|
|
34
|
+
resourceId: string;
|
|
35
|
+
permissions: string[];
|
|
36
|
+
subjectType: string;
|
|
37
|
+
subjectId: string;
|
|
38
|
+
}): Promise<Record<string, boolean>>;
|
|
39
|
+
/**
|
|
40
|
+
* Find all resources of a type that a subject has a permission on.
|
|
41
|
+
*/
|
|
42
|
+
declare function lookupResources(params: {
|
|
43
|
+
resourceType: string;
|
|
44
|
+
permission: string;
|
|
45
|
+
subjectType: string;
|
|
46
|
+
subjectId: string;
|
|
47
|
+
}): Promise<string[]>;
|
|
48
|
+
/**
|
|
49
|
+
* Write a relationship to SpiceDB.
|
|
50
|
+
*/
|
|
51
|
+
declare function writeRelationship(params: {
|
|
52
|
+
resourceType: string;
|
|
53
|
+
resourceId: string;
|
|
54
|
+
relation: string;
|
|
55
|
+
subjectType: string;
|
|
56
|
+
subjectId: string;
|
|
57
|
+
}): Promise<void>;
|
|
58
|
+
/**
|
|
59
|
+
* Delete a relationship from SpiceDB.
|
|
60
|
+
*/
|
|
61
|
+
declare function deleteRelationship(params: {
|
|
62
|
+
resourceType: string;
|
|
63
|
+
resourceId: string;
|
|
64
|
+
relation: string;
|
|
65
|
+
subjectType: string;
|
|
66
|
+
subjectId: string;
|
|
67
|
+
}): Promise<void>;
|
|
68
|
+
/**
|
|
69
|
+
* Read relationships for a resource to list subjects with access.
|
|
70
|
+
*/
|
|
71
|
+
declare function readRelationships(params: {
|
|
72
|
+
resourceType: string;
|
|
73
|
+
resourceId: string;
|
|
74
|
+
relation?: string;
|
|
75
|
+
}): Promise<Array<{
|
|
76
|
+
subjectType: string;
|
|
77
|
+
subjectId: string;
|
|
78
|
+
relation: string;
|
|
79
|
+
}>>;
|
|
80
|
+
//#endregion
|
|
81
|
+
export { checkBulkPermissions, checkPermission, deleteRelationship, getSpiceClient, lookupResources, readRelationships, resetSpiceClient, v1, writeRelationship };
|