@jskit-ai/users-core 0.1.30 → 0.1.32

package/package.descriptor.mjs

@@ -1,13 +1,14 @@
 export default Object.freeze({
   packageVersion: 1,
   packageId: "@jskit-ai/users-core",
-  version: "0.1.30",
+  version: "0.1.32",
   kind: "runtime",
   description: "Users/workspace domain runtime plus HTTP routes for workspace, account, and console features.",
   dependsOn: [
     "@jskit-ai/auth-core",
     "@jskit-ai/database-runtime",
     "@jskit-ai/http-runtime",
+    "@jskit-ai/uploads-runtime",
     "@jskit-ai/storage-runtime"
   ],
   capabilities: {
@@ -19,6 +20,7 @@ export default Object.freeze({
       "runtime.actions",
       "runtime.database",
       "runtime.storage",
+      "runtime.uploads",
       "auth.provider",
       "auth.policy"
     ]
@@ -196,11 +198,11 @@ export default Object.freeze({
   mutations: {
     dependencies: {
       runtime: {
-        "@jskit-ai/auth-core": "0.1.20",
-        "@jskit-ai/database-runtime": "0.1.21",
-        "@jskit-ai/http-runtime": "0.1.20",
-        "@jskit-ai/kernel": "0.1.21",
-        "@fastify/multipart": "^9.4.0",
+        "@jskit-ai/auth-core": "0.1.22",
+        "@jskit-ai/database-runtime": "0.1.23",
+        "@jskit-ai/http-runtime": "0.1.22",
+        "@jskit-ai/kernel": "0.1.23",
+        "@jskit-ai/uploads-runtime": "0.1.1",
         "@fastify/type-provider-typebox": "^6.1.0",
         "typebox": "^1.0.81"
       },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jskit-ai/users-core",
-  "version": "0.1.30",
+  "version": "0.1.32",
   "type": "module",
   "scripts": {
     "test": "node --test"
@@ -24,11 +24,11 @@
     "./shared/resources/consoleSettingsFields": "./src/shared/resources/consoleSettingsFields.js"
   },
   "dependencies": {
-    "@jskit-ai/auth-core": "0.1.20",
-    "@jskit-ai/database-runtime": "0.1.21",
-    "@jskit-ai/http-runtime": "0.1.20",
-    "@jskit-ai/kernel": "0.1.21",
-    "@fastify/multipart": "^9.4.0",
+    "@jskit-ai/auth-core": "0.1.22",
+    "@jskit-ai/database-runtime": "0.1.23",
+    "@jskit-ai/http-runtime": "0.1.22",
+    "@jskit-ai/kernel": "0.1.23",
+    "@jskit-ai/uploads-runtime": "0.1.1",
     "@fastify/type-provider-typebox": "^6.1.0",
     "typebox": "^1.0.81"
   }

package/src/server/UsersCoreServiceProvider.js

@@ -23,13 +23,12 @@ import { registerAccountNotifications } from "./accountNotifications/registerAcc
 import { registerAccountProfile } from "./accountProfile/registerAccountProfile.js";
 import { registerAccountSecurity } from "./accountSecurity/registerAccountSecurity.js";
 import { registerConsoleSettings } from "./consoleSettings/registerConsoleSettings.js";
-import { registerAvatarMultipartSupport } from "./accountProfile/registerAvatarMultipartSupport.js";
 import { registerUsersCoreActionSurfaceSources } from "./support/workspaceActionSurfaces.js";
 
 class UsersCoreServiceProvider {
   static id = "users.core";
 
-  static dependsOn = ["runtime.server", "runtime.actions", "runtime.database", "runtime.storage", "auth.provider"];
+  static dependsOn = ["runtime.server", "runtime.actions", "runtime.database", "runtime.storage", "auth.provider", "runtime.uploads"];
 
   register(app) {
     registerUsersCoreActionSurfaceSources(app);
@@ -58,7 +57,6 @@ class UsersCoreServiceProvider {
       bootWorkspaceSettings(app);
       bootWorkspaceMembers(app);
     }
-    await registerAvatarMultipartSupport(app);
     bootAccountProfileRoutes(app);
     bootAccountPreferencesRoutes(app);
     bootAccountNotificationsRoutes(app);

package/src/server/accountProfile/avatarService.js

@@ -1,63 +1,24 @@
-import { AppError, createValidationError } from "@jskit-ai/kernel/server/runtime/errors";
+import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
+import { DEFAULT_IMAGE_UPLOAD_POLICY } from "@jskit-ai/uploads-runtime/shared";
+import {
+  normalizeUploadPolicy,
+  readUploadBuffer,
+  validateUploadMimeType
+} from "@jskit-ai/uploads-runtime/server/policy/uploadPolicy";
 import { resolveUserProfile } from "../common/services/accountContextService.js";
 
-const DEFAULT_AVATAR_POLICY = Object.freeze({
-  allowedMimeTypes: Object.freeze(["image/jpeg", "image/png", "image/webp"]),
-  maxUploadBytes: 5 * 1024 * 1024
-});
+const DEFAULT_AVATAR_POLICY = DEFAULT_IMAGE_UPLOAD_POLICY;
 
 function resolveAvatarPolicy(policy = {}) {
-  const source = policy && typeof policy === "object" ? policy : {};
-  const allowedMimeTypes =
-    Array.isArray(source.allowedMimeTypes) && source.allowedMimeTypes.length > 0
-      ? source.allowedMimeTypes
-          .map((value) => String(value || "").trim().toLowerCase())
-          .filter((value) => value.length > 0)
-      : [...DEFAULT_AVATAR_POLICY.allowedMimeTypes];
-  const normalizedMaxUploadBytes = Number(source.maxUploadBytes);
-  const maxUploadBytes =
-    Number.isInteger(normalizedMaxUploadBytes) && normalizedMaxUploadBytes > 0
-      ? normalizedMaxUploadBytes
-      : DEFAULT_AVATAR_POLICY.maxUploadBytes;
-
-  return Object.freeze({
-    allowedMimeTypes: Object.freeze(allowedMimeTypes),
-    maxUploadBytes
-  });
+  return normalizeUploadPolicy(policy, DEFAULT_AVATAR_POLICY);
 }
 
 async function readAvatarBuffer(stream, { maxBytes = DEFAULT_AVATAR_POLICY.maxUploadBytes } = {}) {
-  if (!stream || typeof stream.on !== "function") {
-    throw new TypeError("Avatar upload stream is required.");
-  }
-
-  const chunks = [];
-  let total = 0;
-
-  for await (const chunk of stream) {
-    const bufferChunk = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
-    total += bufferChunk.length;
-
-    if (total > maxBytes) {
-      throw createValidationError({
-        avatar: `Avatar file is too large. Maximum allowed size is ${Math.floor(maxBytes / (1024 * 1024))}MB.`
-      });
-    }
-
-    chunks.push(bufferChunk);
-  }
-
-  if (chunks.length === 0) {
-    throw createValidationError({
-      avatar: "Avatar file is empty."
-    });
-  }
-
-  return Buffer.concat(chunks);
-}
-
-function normalizeMimeType(value) {
-  return String(value || "").trim().toLowerCase();
+  return readUploadBuffer(stream, {
+    maxBytes,
+    fieldName: "avatar",
+    label: "Avatar"
+  });
 }
 
 function createService({ userProfilesRepository, avatarStorageService, avatarPolicy } = {}) {
@@ -80,12 +41,10 @@ function createService({ userProfilesRepository, avatarStorageService, avatarPol
 
   async function uploadForUser(user, payload = {}) {
     const profile = await resolveProfile(user);
-    const mimeType = normalizeMimeType(payload?.mimeType);
-    if (!resolvedAvatarPolicy.allowedMimeTypes.includes(mimeType)) {
-      throw createValidationError({
-        avatar: `Avatar must be one of: ${resolvedAvatarPolicy.allowedMimeTypes.join(", ")}.`
-      });
-    }
+    validateUploadMimeType(payload?.mimeType, resolvedAvatarPolicy, {
+      fieldName: "avatar",
+      label: "Avatar"
+    });
 
     const buffer = await readAvatarBuffer(payload.stream, {
       maxBytes: resolvedAvatarPolicy.maxUploadBytes

package/src/server/accountProfile/avatarStorageService.js

@@ -1,10 +1,10 @@
 import { parsePositiveInteger } from "@jskit-ai/kernel/server/runtime";
+import {
+  createUploadStorageService,
+  detectCommonMimeTypeFromBuffer
+} from "@jskit-ai/uploads-runtime/server/storage/createUploadStorageService";
 
 const AVATAR_STORAGE_PREFIX = "users/avatars";
-const AVATAR_MIME_TYPE_JPEG = "image/jpeg";
-const AVATAR_MIME_TYPE_PNG = "image/png";
-const AVATAR_MIME_TYPE_WEBP = "image/webp";
-const AVATAR_MIME_TYPE_FALLBACK = "application/octet-stream";
 
 function buildAvatarStorageKey(userId) {
   const normalizedUserId = parsePositiveInteger(userId);
@@ -15,106 +15,25 @@ function buildAvatarStorageKey(userId) {
   return `${AVATAR_STORAGE_PREFIX}/${normalizedUserId}/avatar`;
 }
 
-function normalizeStorageKey(value) {
-  const normalized = String(value || "").trim();
-  if (!normalized) {
-    return "";
-  }
-  if (normalized.startsWith("/") || normalized.includes("..")) {
-    return "";
-  }
-  return normalized;
-}
-
-function detectAvatarMimeTypeFromBuffer(buffer) {
-  if (!Buffer.isBuffer(buffer) || buffer.length < 4) {
-    return AVATAR_MIME_TYPE_FALLBACK;
-  }
-
-  if (
-    buffer.length >= 3 &&
-    buffer[0] === 0xff &&
-    buffer[1] === 0xd8 &&
-    buffer[2] === 0xff
-  ) {
-    return AVATAR_MIME_TYPE_JPEG;
-  }
-
-  if (
-    buffer.length >= 8 &&
-    buffer[0] === 0x89 &&
-    buffer[1] === 0x50 &&
-    buffer[2] === 0x4e &&
-    buffer[3] === 0x47 &&
-    buffer[4] === 0x0d &&
-    buffer[5] === 0x0a &&
-    buffer[6] === 0x1a &&
-    buffer[7] === 0x0a
-  ) {
-    return AVATAR_MIME_TYPE_PNG;
-  }
-
-  if (
-    buffer.length >= 12 &&
-    buffer[0] === 0x52 &&
-    buffer[1] === 0x49 &&
-    buffer[2] === 0x46 &&
-    buffer[3] === 0x46 &&
-    buffer[8] === 0x57 &&
-    buffer[9] === 0x45 &&
-    buffer[10] === 0x42 &&
-    buffer[11] === 0x50
-  ) {
-    return AVATAR_MIME_TYPE_WEBP;
-  }
-
-  return AVATAR_MIME_TYPE_FALLBACK;
-}
-
 function createService({ storage } = {}) {
-  if (!storage || typeof storage.getItemRaw !== "function" || typeof storage.setItemRaw !== "function") {
-    throw new TypeError("avatarStorageService requires a storage binding with getItemRaw()/setItemRaw().");
-  }
+  const uploadStorageService = createUploadStorageService({
+    storage,
+    mimeTypeDetector: detectCommonMimeTypeFromBuffer
+  });
 
   async function saveAvatar({ userId, buffer }) {
-    if (!Buffer.isBuffer(buffer)) {
-      throw new TypeError("Avatar buffer must be a Buffer instance.");
-    }
-
-    const storageKey = buildAvatarStorageKey(userId);
-    await storage.setItemRaw(storageKey, buffer);
-
-    return Object.freeze({
-      storageKey
+    return uploadStorageService.saveFile({
+      storageKey: buildAvatarStorageKey(userId),
+      buffer
     });
   }
 
   async function readAvatar(storageKey) {
-    const normalizedStorageKey = normalizeStorageKey(storageKey);
-    if (!normalizedStorageKey) {
-      return null;
-    }
-
-    const value = await storage.getItemRaw(normalizedStorageKey);
-    if (value == null) {
-      return null;
-    }
-
-    const buffer = Buffer.isBuffer(value) ? value : Buffer.from(value);
-    return Object.freeze({
-      storageKey: normalizedStorageKey,
-      buffer,
-      mimeType: detectAvatarMimeTypeFromBuffer(buffer)
-    });
+    return uploadStorageService.readFile(storageKey);
   }
 
   async function deleteAvatar(storageKey) {
-    const normalizedStorageKey = normalizeStorageKey(storageKey);
-    if (!normalizedStorageKey || typeof storage.removeItem !== "function") {
-      return;
-    }
-
-    await storage.removeItem(normalizedStorageKey);
+    await uploadStorageService.deleteFile(storageKey);
   }
 
   return Object.freeze({
@@ -126,7 +45,7 @@ function createService({ storage } = {}) {
 
 const __testables = Object.freeze({
   buildAvatarStorageKey,
-  detectAvatarMimeTypeFromBuffer
+  detectAvatarMimeTypeFromBuffer: detectCommonMimeTypeFromBuffer
 });
 
 export { createService, __testables };

package/src/server/accountProfile/bootAccountProfileRoutes.js

@@ -1,5 +1,5 @@
-import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
 import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
+import { readSingleMultipartFile } from "@jskit-ai/uploads-runtime/server/multipart/readSingleMultipartFile";
 import { userSettingsResource } from "../../shared/resources/userSettingsResource.js";
 import { userProfileResource } from "../../shared/resources/userProfileResource.js";
 
@@ -113,24 +113,20 @@ function bootAccountProfileRoutes(app) {
       )
     },
     async function (request, reply) {
-      const filePart = await request.file();
-      if (!filePart) {
-        throw new AppError(400, "Validation failed.", {
-          details: {
-            fieldErrors: {
-              avatar: "Avatar file is required."
-            }
-          }
-        });
-      }
+      const filePart = await readSingleMultipartFile(request, {
+        fieldNames: ["avatar"],
+        required: true,
+        fieldErrorKey: "avatar",
+        label: "Avatar"
+      });
 
       const uploadDimension = filePart.fields?.uploadDimension?.value;
       const response = await request.executeAction({
         actionId: "settings.profile.avatar.upload",
         input: {
-          stream: filePart.file,
-          mimeType: filePart.mimetype,
-          fileName: filePart.filename,
+          stream: filePart.stream,
+          mimeType: filePart.mimeType,
+          fileName: filePart.fileName,
           uploadDimension
         }
       });

package/src/server/common/formatters/workspaceFormatter.js

@@ -7,7 +7,7 @@ function mapWorkspaceSummary(workspace, membership) {
     slug: normalizeText(workspace.slug),
     name: normalizeText(workspace.name),
     avatarUrl: normalizeText(workspace.avatarUrl),
-    roleId: normalizeLowerText(membership?.roleId || "member") || "member",
+    roleSid: normalizeLowerText(membership?.roleSid || "member") || "member",
     isAccessible: normalizeLowerText(membership?.status || "active") === "active"
   };
 }
@@ -40,7 +40,7 @@ function mapMembershipSummary(membership, workspace) {
 
   return {
     workspaceId: Number(workspace?.id || membership.workspaceId),
-    roleId: normalizeLowerText(membership.roleId || "member") || "member",
+    roleSid: normalizeLowerText(membership.roleSid || "member") || "member",
     status: normalizeLowerText(membership.status || "active") || "active"
   };
 }

package/src/server/common/repositories/userProfilesRepository.js

@@ -13,7 +13,7 @@ const USERNAME_MAX_LENGTH = 120;
 function normalizeIdentity(identityLike) {
   const source = identityLike && typeof identityLike === "object" ? identityLike : {};
   const provider = normalizeLowerText(source.provider || source.authProvider);
-  const providerUserId = normalizeText(source.providerUserId || source.authProviderUserId);
+  const providerUserId = normalizeText(source.providerUserId || source.authProviderUserSid);
   if (!provider || !providerUserId) {
     return null;
   }
@@ -57,7 +57,7 @@ function mapProfileRow(row) {
   return {
     id: Number(row.id),
     authProvider: normalizeLowerText(row.auth_provider),
-    authProviderUserId: normalizeText(row.auth_provider_user_id),
+    authProviderUserSid: normalizeText(row.auth_provider_user_sid),
     email: normalizeLowerText(row.email),
     username: normalizeLowerText(row.username),
     displayName: normalizeText(row.display_name),
@@ -123,7 +123,7 @@ function createRepository(knex) {
     const row = await client("users")
       .where({
         auth_provider: identity.provider,
-        auth_provider_user_id: identity.providerUserId
+        auth_provider_user_sid: identity.providerUserId
       })
       .first();
     return mapProfileRow(row);
@@ -168,7 +168,7 @@ function createRepository(knex) {
     const client = options?.trx || knex;
     const identity = normalizeIdentity(profileLike);
     if (!identity) {
-      throw new TypeError("upsert requires provider/authProvider and providerUserId/authProviderUserId.");
+      throw new TypeError("upsert requires provider/authProvider and providerUserId/authProviderUserSid.");
     }
 
     const email = normalizeLowerText(profileLike.email);
@@ -181,7 +181,7 @@ function createRepository(knex) {
     const executeUpsert = async (trx) => {
       const where = {
         auth_provider: identity.provider,
-        auth_provider_user_id: identity.providerUserId
+        auth_provider_user_sid: identity.providerUserId
       };
       const existing = await trx("users").where(where).first();
 
@@ -200,7 +200,7 @@ function createRepository(knex) {
           const username = await resolveUniqueUsername(trx, requestedUsername || usernameBaseFromEmail(email));
           await trx("users").insert({
             auth_provider: identity.provider,
-            auth_provider_user_id: identity.providerUserId,
+            auth_provider_user_sid: identity.providerUserId,
             email,
             display_name: displayName,
             username

package/src/server/common/repositories/workspaceInvitesRepository.js

@@ -17,7 +17,7 @@ function mapRow(row) {
     id: Number(row.id),
     workspaceId: Number(row.workspace_id),
     email: normalizeLowerText(row.email),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "pending") || "pending",
     tokenHash: normalizeText(row.token_hash),
     invitedByUserId: row.invited_by_user_id == null ? null : Number(row.invited_by_user_id),
@@ -86,7 +86,7 @@ function createRepository(knex) {
     const insertPayload = {
       workspace_id: Number(source.workspaceId),
       email: normalizeLowerText(source.email),
-      role_id: normalizeLowerText(source.roleId || "member") || "member",
+      role_sid: normalizeLowerText(source.roleSid || "member") || "member",
       status: normalizeLowerText(source.status || "pending") || "pending",
       token_hash: normalizeText(source.tokenHash),
       invited_by_user_id: source.invitedByUserId == null ? null : Number(source.invitedByUserId),

package/src/server/common/repositories/workspaceMembershipsRepository.js

@@ -16,7 +16,7 @@ function mapRow(row) {
     id: Number(row.id),
     workspaceId: Number(row.workspace_id),
     userId: Number(row.user_id),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "active") || "active",
     createdAt: toIsoString(row.created_at),
     updatedAt: toIsoString(row.updated_at)
@@ -30,7 +30,7 @@ function mapMemberSummaryRow(row) {
 
   return {
     userId: Number(row.user_id),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "active") || "active",
     displayName: normalizeText(row.display_name),
     email: normalizeLowerText(row.email)
@@ -54,11 +54,11 @@ function createRepository(knex) {
     const client = options?.trx || knex;
     const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
     if (existing) {
-      if (existing.roleId !== OWNER_ROLE_ID || existing.status !== "active") {
+      if (existing.roleSid !== OWNER_ROLE_ID || existing.status !== "active") {
         await client("workspace_memberships")
           .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
           .update({
-            role_id: OWNER_ROLE_ID,
+            role_sid: OWNER_ROLE_ID,
             status: "active",
             updated_at: nowDb()
           });
@@ -70,7 +70,7 @@ function createRepository(knex) {
       await client("workspace_memberships").insert({
         workspace_id: Number(workspaceId),
         user_id: Number(userId),
-        role_id: OWNER_ROLE_ID,
+        role_sid: OWNER_ROLE_ID,
         status: "active",
         created_at: nowDb(),
         updated_at: nowDb()
@@ -87,14 +87,14 @@ function createRepository(knex) {
   async function upsertMembership(workspaceId, userId, patch = {}, options = {}) {
     const client = options?.trx || knex;
     const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
-    const roleId = normalizeLowerText(patch.roleId || existing?.roleId || "member") || "member";
+    const roleSid = normalizeLowerText(patch.roleSid || existing?.roleSid || "member") || "member";
     const status = normalizeLowerText(patch.status || existing?.status || "active") || "active";
 
     if (!existing) {
       await client("workspace_memberships").insert({
         workspace_id: Number(workspaceId),
         user_id: Number(userId),
-        role_id: roleId,
+        role_sid: roleSid,
         status,
         created_at: nowDb(),
         updated_at: nowDb()
@@ -105,7 +105,7 @@ function createRepository(knex) {
     await client("workspace_memberships")
       .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
       .update({
-        role_id: roleId,
+        role_sid: roleSid,
         status,
         updated_at: nowDb()
       });
@@ -121,7 +121,7 @@ function createRepository(knex) {
       .orderBy("up.display_name", "asc")
       .select([
         "wm.user_id",
-        "wm.role_id",
+        "wm.role_sid",
         "wm.status",
         "up.display_name",
         "up.email"

package/src/server/common/repositories/workspacesRepository.js

@@ -32,7 +32,7 @@ function mapMembershipWorkspaceRow(row) {
 
   return {
     ...mapRow(row),
-    roleId: normalizeLowerText(row.role_id || "member"),
+    roleSid: normalizeLowerText(row.role_sid || "member"),
     membershipStatus: normalizeLowerText(row.membership_status || "active") || "active"
   };
 }
@@ -55,7 +55,7 @@ function createRepository(knex) {
       "w.deleted_at"
     ];
     if (includeMembership) {
-      columns.push("wm.role_id", "wm.status as membership_status");
+      columns.push("wm.role_sid", "wm.status as membership_status");
     }
     return columns;
   }

package/src/server/common/services/authProfileSyncService.js

@@ -9,7 +9,7 @@ function buildNormalizedIdentityKey(identityLike) {
 
   return {
     authProvider: identity.provider,
-    authProviderUserId: identity.providerUserId
+    authProviderUserSid: identity.providerUserId
   };
 }
 
@@ -25,7 +25,7 @@ function buildNormalizedIdentityProfile(profileLike) {
 
   return {
     authProvider: identity.authProvider,
-    authProviderUserId: identity.authProviderUserId,
+    authProviderUserSid: identity.authProviderUserSid,
     email,
     displayName,
     username: normalizeLowerText(source.username)
@@ -41,7 +41,7 @@ function profileNeedsUpdate(existing, nextProfile) {
     existing.email !== nextProfile.email ||
     existing.displayName !== nextProfile.displayName ||
     existing.authProvider !== nextProfile.authProvider ||
-    existing.authProviderUserId !== nextProfile.authProviderUserId
+    existing.authProviderUserSid !== nextProfile.authProviderUserSid
   );
 }
 
@@ -69,7 +69,7 @@ function createService({ userProfilesRepository, workspaceProvisioningService =
     return userProfilesRepository.findByIdentity(
       {
         provider: normalized.authProvider,
-        providerUserId: normalized.authProviderUserId
+        providerUserId: normalized.authProviderUserSid
       },
       options
     );
@@ -80,7 +80,7 @@ function createService({ userProfilesRepository, workspaceProvisioningService =
     return userProfilesRepository.upsert(
       {
         authProvider: normalized.authProvider,
-        authProviderUserId: normalized.authProviderUserId,
+        authProviderUserSid: normalized.authProviderUserSid,
         email: normalized.email,
         displayName: normalized.displayName,
         username: normalized.username

package/src/server/common/services/workspaceContextService.js

@@ -50,8 +50,8 @@ function buildWorkspaceName(user = {}) {
 }
 
 function buildPermissionsFromMembership(membership, appConfig = {}) {
-  const roleId = normalizeLowerText(membership?.roleId || "member");
-  return resolveRolePermissions(roleId, appConfig);
+  const roleSid = normalizeLowerText(membership?.roleSid || "member");
+  return resolveRolePermissions(roleSid, appConfig);
 }
 
 function hashInviteToken(token) {
@@ -145,7 +145,7 @@ function createService({
 
     const list = await workspacesRepository.listForUserId(normalizedUser.id, options);
     const accessible = list
-      .map((entry) => mapWorkspaceSummary(entry, { roleId: entry.roleId, status: entry.membershipStatus }))
+      .map((entry) => mapWorkspaceSummary(entry, { roleSid: entry.roleSid, status: entry.membershipStatus }))
       .filter((entry) => entry.isAccessible);
 
     return accessible;

package/src/server/common/validators/authenticatedUserValidator.js

@@ -16,7 +16,7 @@ function normalizeAuthenticatedUser(input = {}) {
     username: normalizeLowerText(source.username),
     displayName: normalizeText(source.displayName) || email || `User ${id}`,
     authProvider: normalizeLowerText(source.authProvider),
-    authProviderUserId: normalizeText(source.authProviderUserId),
+    authProviderUserSid: normalizeText(source.authProviderUserSid),
     avatarStorageKey: source.avatarStorageKey ? normalizeText(source.avatarStorageKey) : null,
     avatarVersion: source.avatarVersion == null ? null : String(source.avatarVersion)
   };
@@ -30,7 +30,7 @@ const authenticatedUserValidator = Object.freeze({
       username: Type.Optional(Type.String()),
       displayName: Type.Optional(Type.String()),
       authProvider: Type.Optional(Type.String()),
-      authProviderUserId: Type.Optional(Type.String()),
+      authProviderUserSid: Type.Optional(Type.String()),
       avatarStorageKey: Type.Optional(Type.Union([Type.String(), Type.Null()])),
       avatarVersion: Type.Optional(Type.Union([Type.String(), Type.Number(), Type.Null()]))
     },

package/src/server/workspaceBootstrapContributor.js

@@ -319,7 +319,7 @@ function createWorkspaceBootstrapContributor({
         const latestProfile =
           (await userProfilesRepository.findByIdentity({
             provider: normalizedUser.authProvider,
-            providerUserId: normalizedUser.authProviderUserId
+            providerUserId: normalizedUser.authProviderUserSid
           })) || normalizedUser;
 
         const workspaces = await workspaceService.listWorkspacesForUser(latestProfile, { request });
@@ -362,7 +362,7 @@ function createWorkspaceBootstrapContributor({
           pendingInvites,
           activeWorkspace: workspaceContext
             ? mapWorkspaceSummary(workspaceContext.workspace, {
-                roleId: workspaceContext.membership?.roleId,
+                roleSid: workspaceContext.membership?.roleSid,
                 status: workspaceContext.membership?.status
               })
             : null,