@jskit-ai/users-core 0.1.31 → 0.1.33

package/src/server/accountSecurity/registerAccountSecurity.js

@@ -11,7 +11,7 @@ function registerAccountSecurity(app) {
     const authService = scope.has("authService") ? scope.make("authService") : null;
     return createAccountSecurityService({
       userSettingsRepository: scope.make("userSettingsRepository"),
-      userProfilesRepository: scope.make("userProfilesRepository"),
+      usersRepository: scope.make("usersRepository"),
       authService
     });
   });

package/src/server/common/contributors/workspaceActionContextContributor.js

@@ -2,6 +2,7 @@ import {
   normalizeObject,
   requireServiceMethod
 } from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
+import { normalizeSurfaceId } from "@jskit-ai/kernel/shared/surface/registry";
 import {
   checkRouteVisibility,
   USERS_ROUTE_VISIBILITY_PUBLIC,
@@ -9,45 +10,51 @@ import {
   USERS_ROUTE_VISIBILITY_WORKSPACE_USER
 } from "../../../shared/support/usersVisibility.js";
 import { resolveActionUser } from "../support/resolveActionUser.js";
-
-const WORKSPACE_CONTEXT_ACTION_IDS = Object.freeze([
-  "workspace.roles.list",
-  "workspace.settings.read",
-  "workspace.settings.update",
-  "workspace.members.list",
-  "workspace.member.role.update",
-  "workspace.member.remove",
-  "workspace.invites.list",
-  "workspace.invite.create",
-  "workspace.invite.revoke"
-]);
 const WORKSPACE_VISIBILITY_ACTION_CONTEXT_SET = new Set([
   USERS_ROUTE_VISIBILITY_WORKSPACE,
   USERS_ROUTE_VISIBILITY_WORKSPACE_USER
 ]);
 
-function createWorkspaceActionContextContributor({ workspaceService } = {}) {
+function normalizeWorkspaceSurfaceIds(surfaceIds = []) {
+  const source = Array.isArray(surfaceIds) ? surfaceIds : [];
+  const normalized = new Set();
+
+  for (const entry of source) {
+    const surfaceId = normalizeSurfaceId(entry);
+    if (!surfaceId) {
+      continue;
+    }
+    normalized.add(surfaceId);
+  }
+
+  return normalized;
+}
+
+function createWorkspaceActionContextContributor({ workspaceService, workspaceSurfaceIds = [] } = {}) {
   const contributorId = "users.workspace.context";
+  const workspaceSurfaceIdSet = normalizeWorkspaceSurfaceIds(workspaceSurfaceIds);
 
   requireServiceMethod(workspaceService, "resolveWorkspaceContextForUserBySlug", contributorId);
 
   return Object.freeze({
     contributorId,
-    async contribute({ actionId, input, context, request } = {}) {
+    async contribute({ definition = null, input, context, request } = {}) {
       const payload = normalizeObject(input);
       if (!Object.hasOwn(payload, "workspaceSlug")) {
         return {};
       }
 
-      const actionName = String(actionId || "").trim();
-      const hasLegacyWorkspaceActionId = WORKSPACE_CONTEXT_ACTION_IDS.includes(actionName);
+      const actionSurfaces = Array.isArray(definition?.surfaces) ? definition.surfaces : [];
+      const hasWorkspaceActionSurface = actionSurfaces.some((surfaceId) => workspaceSurfaceIdSet.has(surfaceId));
+      const routeSurfaceId = normalizeSurfaceId(request?.routeOptions?.config?.surface);
+      const hasWorkspaceSurface = workspaceSurfaceIdSet.has(routeSurfaceId);
       const routeVisibilityInput =
         request && request.routeOptions && request.routeOptions.config
           ? request.routeOptions.config.visibility
           : USERS_ROUTE_VISIBILITY_PUBLIC;
       const routeVisibility = checkRouteVisibility(routeVisibilityInput);
       const hasWorkspaceRouteVisibility = WORKSPACE_VISIBILITY_ACTION_CONTEXT_SET.has(routeVisibility);
-      if (!hasLegacyWorkspaceActionId && !hasWorkspaceRouteVisibility) {
+      if (!hasWorkspaceActionSurface && !hasWorkspaceRouteVisibility && !hasWorkspaceSurface) {
         return {};
       }
 

package/src/server/common/formatters/workspaceFormatter.js

@@ -7,7 +7,7 @@ function mapWorkspaceSummary(workspace, membership) {
     slug: normalizeText(workspace.slug),
     name: normalizeText(workspace.name),
     avatarUrl: normalizeText(workspace.avatarUrl),
-    roleId: normalizeLowerText(membership?.roleId || "member") || "member",
+    roleSid: normalizeLowerText(membership?.roleSid || "member") || "member",
     isAccessible: normalizeLowerText(membership?.status || "active") === "active"
   };
 }
@@ -40,7 +40,7 @@ function mapMembershipSummary(membership, workspace) {
 
   return {
     workspaceId: Number(workspace?.id || membership.workspaceId),
-    roleId: normalizeLowerText(membership.roleId || "member") || "member",
+    roleSid: normalizeLowerText(membership.roleSid || "member") || "member",
     status: normalizeLowerText(membership.status || "active") || "active"
   };
 }

package/src/server/common/registerCommonRepositories.js

@@ -1,4 +1,4 @@
-import { createRepository as createUserProfilesRepository } from "./repositories/userProfilesRepository.js";
+import { createRepository as createUsersRepository } from "./repositories/usersRepository.js";
 import { createRepository as createUserSettingsRepository } from "./repositories/userSettingsRepository.js";
 import { createRepository as createWorkspacesRepository } from "./repositories/workspacesRepository.js";
 import { createRepository as createWorkspaceMembershipsRepository } from "./repositories/workspaceMembershipsRepository.js";
@@ -10,9 +10,9 @@ function registerCommonRepositories(app) {
     throw new Error("registerCommonRepositories requires application singleton().");
   }
 
-  app.singleton("userProfilesRepository", (scope) => {
+  app.singleton("usersRepository", (scope) => {
     const knex = scope.make("jskit.database.knex");
-    return createUserProfilesRepository(knex);
+    return createUsersRepository(knex);
   });
 
   app.singleton("userSettingsRepository", (scope) => {

package/src/server/common/repositories/{userProfilesRepository.js → usersRepository.js}

@@ -13,7 +13,7 @@ const USERNAME_MAX_LENGTH = 120;
 function normalizeIdentity(identityLike) {
   const source = identityLike && typeof identityLike === "object" ? identityLike : {};
   const provider = normalizeLowerText(source.provider || source.authProvider);
-  const providerUserId = normalizeText(source.providerUserId || source.authProviderUserId);
+  const providerUserId = normalizeText(source.providerUserId || source.authProviderUserSid);
   if (!provider || !providerUserId) {
     return null;
   }
@@ -57,7 +57,7 @@ function mapProfileRow(row) {
   return {
     id: Number(row.id),
     authProvider: normalizeLowerText(row.auth_provider),
-    authProviderUserId: normalizeText(row.auth_provider_user_id),
+    authProviderUserSid: normalizeText(row.auth_provider_user_sid),
     email: normalizeLowerText(row.email),
     username: normalizeLowerText(row.username),
     displayName: normalizeText(row.display_name),
@@ -104,7 +104,7 @@ async function resolveUniqueUsername(client, baseUsername, { excludeUserId = 0 }
 
 function createRepository(knex) {
   if (typeof knex !== "function") {
-    throw new TypeError("userProfilesRepository requires knex.");
+    throw new TypeError("usersRepository requires knex.");
   }
 
   async function findById(userId, options = {}) {
@@ -123,7 +123,7 @@ function createRepository(knex) {
     const row = await client("users")
       .where({
         auth_provider: identity.provider,
-        auth_provider_user_id: identity.providerUserId
+        auth_provider_user_sid: identity.providerUserId
       })
       .first();
     return mapProfileRow(row);
@@ -168,7 +168,7 @@ function createRepository(knex) {
     const client = options?.trx || knex;
     const identity = normalizeIdentity(profileLike);
     if (!identity) {
-      throw new TypeError("upsert requires provider/authProvider and providerUserId/authProviderUserId.");
+      throw new TypeError("upsert requires provider/authProvider and providerUserId/authProviderUserSid.");
     }
 
     const email = normalizeLowerText(profileLike.email);
@@ -181,7 +181,7 @@ function createRepository(knex) {
     const executeUpsert = async (trx) => {
       const where = {
         auth_provider: identity.provider,
-        auth_provider_user_id: identity.providerUserId
+        auth_provider_user_sid: identity.providerUserId
       };
       const existing = await trx("users").where(where).first();
 
@@ -200,7 +200,7 @@ function createRepository(knex) {
           const username = await resolveUniqueUsername(trx, requestedUsername || usernameBaseFromEmail(email));
           await trx("users").insert({
             auth_provider: identity.provider,
-            auth_provider_user_id: identity.providerUserId,
+            auth_provider_user_sid: identity.providerUserId,
             email,
             display_name: displayName,
             username

package/src/server/common/repositories/workspaceInvitesRepository.js

@@ -17,7 +17,7 @@ function mapRow(row) {
     id: Number(row.id),
     workspaceId: Number(row.workspace_id),
     email: normalizeLowerText(row.email),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "pending") || "pending",
     tokenHash: normalizeText(row.token_hash),
     invitedByUserId: row.invited_by_user_id == null ? null : Number(row.invited_by_user_id),
@@ -86,7 +86,7 @@ function createRepository(knex) {
     const insertPayload = {
       workspace_id: Number(source.workspaceId),
       email: normalizeLowerText(source.email),
-      role_id: normalizeLowerText(source.roleId || "member") || "member",
+      role_sid: normalizeLowerText(source.roleSid || "member") || "member",
       status: normalizeLowerText(source.status || "pending") || "pending",
       token_hash: normalizeText(source.tokenHash),
       invited_by_user_id: source.invitedByUserId == null ? null : Number(source.invitedByUserId),

package/src/server/common/repositories/workspaceMembershipsRepository.js

@@ -16,7 +16,7 @@ function mapRow(row) {
     id: Number(row.id),
     workspaceId: Number(row.workspace_id),
     userId: Number(row.user_id),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "active") || "active",
     createdAt: toIsoString(row.created_at),
     updatedAt: toIsoString(row.updated_at)
@@ -30,7 +30,7 @@ function mapMemberSummaryRow(row) {
 
   return {
     userId: Number(row.user_id),
-    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
     status: normalizeLowerText(row.status || "active") || "active",
     displayName: normalizeText(row.display_name),
     email: normalizeLowerText(row.email)
@@ -54,11 +54,11 @@ function createRepository(knex) {
     const client = options?.trx || knex;
     const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
     if (existing) {
-      if (existing.roleId !== OWNER_ROLE_ID || existing.status !== "active") {
+      if (existing.roleSid !== OWNER_ROLE_ID || existing.status !== "active") {
         await client("workspace_memberships")
           .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
           .update({
-            role_id: OWNER_ROLE_ID,
+            role_sid: OWNER_ROLE_ID,
             status: "active",
             updated_at: nowDb()
           });
@@ -70,7 +70,7 @@ function createRepository(knex) {
       await client("workspace_memberships").insert({
         workspace_id: Number(workspaceId),
         user_id: Number(userId),
-        role_id: OWNER_ROLE_ID,
+        role_sid: OWNER_ROLE_ID,
         status: "active",
         created_at: nowDb(),
         updated_at: nowDb()
@@ -87,14 +87,14 @@ function createRepository(knex) {
   async function upsertMembership(workspaceId, userId, patch = {}, options = {}) {
     const client = options?.trx || knex;
     const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
-    const roleId = normalizeLowerText(patch.roleId || existing?.roleId || "member") || "member";
+    const roleSid = normalizeLowerText(patch.roleSid || existing?.roleSid || "member") || "member";
     const status = normalizeLowerText(patch.status || existing?.status || "active") || "active";
 
     if (!existing) {
       await client("workspace_memberships").insert({
         workspace_id: Number(workspaceId),
         user_id: Number(userId),
-        role_id: roleId,
+        role_sid: roleSid,
         status,
         created_at: nowDb(),
         updated_at: nowDb()
@@ -105,7 +105,7 @@ function createRepository(knex) {
     await client("workspace_memberships")
       .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
       .update({
-        role_id: roleId,
+        role_sid: roleSid,
         status,
         updated_at: nowDb()
       });
@@ -121,7 +121,7 @@ function createRepository(knex) {
       .orderBy("up.display_name", "asc")
       .select([
         "wm.user_id",
-        "wm.role_id",
+        "wm.role_sid",
         "wm.status",
         "up.display_name",
         "up.email"

package/src/server/common/repositories/workspacesRepository.js

@@ -32,7 +32,7 @@ function mapMembershipWorkspaceRow(row) {
 
   return {
     ...mapRow(row),
-    roleId: normalizeLowerText(row.role_id || "member"),
+    roleSid: normalizeLowerText(row.role_sid || "member"),
     membershipStatus: normalizeLowerText(row.membership_status || "active") || "active"
   };
 }
@@ -55,7 +55,7 @@ function createRepository(knex) {
       "w.deleted_at"
     ];
     if (includeMembership) {
-      columns.push("wm.role_id", "wm.status as membership_status");
+      columns.push("wm.role_sid", "wm.status as membership_status");
     }
     return columns;
   }

package/src/server/common/services/accountContextService.js

@@ -1,9 +1,9 @@
-import { normalizeIdentity } from "../repositories/userProfilesRepository.js";
+import { normalizeIdentity } from "../repositories/usersRepository.js";
 
-async function resolveUserProfile(userProfilesRepository, user) {
+async function resolveUserProfile(usersRepository, user) {
   const identity = normalizeIdentity(user);
   if (identity) {
-    const profile = await userProfilesRepository.findByIdentity(identity);
+    const profile = await usersRepository.findByIdentity(identity);
     if (profile) {
       return profile;
     }
@@ -11,7 +11,7 @@ async function resolveUserProfile(userProfilesRepository, user) {
 
   const userId = Number(user?.id);
   if (Number.isInteger(userId) && userId > 0) {
-    const profileById = await userProfilesRepository.findById(userId);
+    const profileById = await usersRepository.findById(userId);
     if (profileById) {
       return profileById;
     }

package/src/server/common/services/authProfileSyncService.js

@@ -1,5 +1,5 @@
 import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
-import { normalizeIdentity } from "../repositories/userProfilesRepository.js";
+import { normalizeIdentity } from "../repositories/usersRepository.js";
 
 function buildNormalizedIdentityKey(identityLike) {
   const identity = normalizeIdentity(identityLike);
@@ -9,7 +9,7 @@ function buildNormalizedIdentityKey(identityLike) {
 
   return {
     authProvider: identity.provider,
-    authProviderUserId: identity.providerUserId
+    authProviderUserSid: identity.providerUserId
   };
 }
 
@@ -25,7 +25,7 @@ function buildNormalizedIdentityProfile(profileLike) {
 
   return {
     authProvider: identity.authProvider,
-    authProviderUserId: identity.authProviderUserId,
+    authProviderUserSid: identity.authProviderUserSid,
     email,
     displayName,
     username: normalizeLowerText(source.username)
@@ -41,7 +41,7 @@ function profileNeedsUpdate(existing, nextProfile) {
     existing.email !== nextProfile.email ||
     existing.displayName !== nextProfile.displayName ||
     existing.authProvider !== nextProfile.authProvider ||
-    existing.authProviderUserId !== nextProfile.authProviderUserId
+    existing.authProviderUserSid !== nextProfile.authProviderUserSid
   );
 }
 
@@ -53,12 +53,12 @@ function requireSynchronizedProfile(profile) {
   throw new Error("Profile synchronization failed.");
 }
 
-function createService({ userProfilesRepository, workspaceProvisioningService = null, userSettingsRepository = null } = {}) {
-  if (!userProfilesRepository || typeof userProfilesRepository.findByIdentity !== "function") {
-    throw new Error("authProfileSyncService requires userProfilesRepository.findByIdentity().");
+function createService({ usersRepository, workspaceProvisioningService = null, userSettingsRepository = null } = {}) {
+  if (!usersRepository || typeof usersRepository.findByIdentity !== "function") {
+    throw new Error("authProfileSyncService requires usersRepository.findByIdentity().");
   }
-  if (typeof userProfilesRepository.upsert !== "function") {
-    throw new Error("authProfileSyncService requires userProfilesRepository.upsert().");
+  if (typeof usersRepository.upsert !== "function") {
+    throw new Error("authProfileSyncService requires usersRepository.upsert().");
   }
   if (!userSettingsRepository || typeof userSettingsRepository.ensureForUserId !== "function") {
     throw new Error("authProfileSyncService requires userSettingsRepository.ensureForUserId().");
@@ -66,10 +66,10 @@ function createService({ userProfilesRepository, workspaceProvisioningService =
 
   async function findByIdentity(identityLike, options = {}) {
     const normalized = buildNormalizedIdentityKey(identityLike);
-    return userProfilesRepository.findByIdentity(
+    return usersRepository.findByIdentity(
       {
         provider: normalized.authProvider,
-        providerUserId: normalized.authProviderUserId
+        providerUserId: normalized.authProviderUserSid
       },
       options
     );
@@ -77,10 +77,10 @@ function createService({ userProfilesRepository, workspaceProvisioningService =
 
   async function upsertByIdentity(profileLike, options = {}) {
     const normalized = buildNormalizedIdentityProfile(profileLike);
-    return userProfilesRepository.upsert(
+    return usersRepository.upsert(
       {
         authProvider: normalized.authProvider,
-        authProviderUserId: normalized.authProviderUserId,
+        authProviderUserSid: normalized.authProviderUserSid,
         email: normalized.email,
         displayName: normalized.displayName,
         username: normalized.username
@@ -118,8 +118,8 @@ function createService({ userProfilesRepository, workspaceProvisioningService =
     if (options?.trx) {
       return runSync(options.trx);
     }
-    if (typeof userProfilesRepository.withTransaction === "function") {
-      return userProfilesRepository.withTransaction((trx) => runSync(trx));
+    if (typeof usersRepository.withTransaction === "function") {
+      return usersRepository.withTransaction((trx) => runSync(trx));
     }
     return runSync();
   }

package/src/server/common/services/workspaceContextService.js

@@ -50,8 +50,8 @@ function buildWorkspaceName(user = {}) {
 }
 
 function buildPermissionsFromMembership(membership, appConfig = {}) {
-  const roleId = normalizeLowerText(membership?.roleId || "member");
-  return resolveRolePermissions(roleId, appConfig);
+  const roleSid = normalizeLowerText(membership?.roleSid || "member");
+  return resolveRolePermissions(roleSid, appConfig);
 }
 
 function hashInviteToken(token) {
@@ -145,7 +145,7 @@ function createService({
 
     const list = await workspacesRepository.listForUserId(normalizedUser.id, options);
     const accessible = list
-      .map((entry) => mapWorkspaceSummary(entry, { roleId: entry.roleId, status: entry.membershipStatus }))
+      .map((entry) => mapWorkspaceSummary(entry, { roleSid: entry.roleSid, status: entry.membershipStatus }))
       .filter((entry) => entry.isAccessible);
 
     return accessible;

package/src/server/common/validators/authenticatedUserValidator.js

@@ -16,7 +16,7 @@ function normalizeAuthenticatedUser(input = {}) {
     username: normalizeLowerText(source.username),
     displayName: normalizeText(source.displayName) || email || `User ${id}`,
     authProvider: normalizeLowerText(source.authProvider),
-    authProviderUserId: normalizeText(source.authProviderUserId),
+    authProviderUserSid: normalizeText(source.authProviderUserSid),
     avatarStorageKey: source.avatarStorageKey ? normalizeText(source.avatarStorageKey) : null,
     avatarVersion: source.avatarVersion == null ? null : String(source.avatarVersion)
   };
@@ -30,7 +30,7 @@ const authenticatedUserValidator = Object.freeze({
       username: Type.Optional(Type.String()),
       displayName: Type.Optional(Type.String()),
       authProvider: Type.Optional(Type.String()),
-      authProviderUserId: Type.Optional(Type.String()),
+      authProviderUserSid: Type.Optional(Type.String()),
       avatarStorageKey: Type.Optional(Type.Union([Type.String(), Type.Null()])),
       avatarVersion: Type.Optional(Type.Union([Type.String(), Type.Number(), Type.Null()]))
     },

package/src/server/registerWorkspaceBootstrap.js

@@ -17,7 +17,7 @@ function registerWorkspaceBootstrap(app) {
         ? scope.make("users.workspace.pending-invitations.service")
         : null,
       workspaceInvitationsEnabled,
-      userProfilesRepository: scope.make("userProfilesRepository"),
+      usersRepository: scope.make("usersRepository"),
       userSettingsRepository: scope.make("userSettingsRepository"),
       appConfig: resolveAppConfig(scope),
       tenancyProfile: scope.make("users.tenancy.profile"),

package/src/server/registerWorkspaceCore.js

@@ -10,6 +10,7 @@ import { createWorkspaceActionContextContributor } from "./common/contributors/w
 import { createWorkspaceRouteVisibilityResolver } from "./common/contributors/workspaceRouteVisibilityResolver.js";
 import { createWorkspaceAuthPolicyContextResolver } from "./common/contributors/workspaceAuthPolicyContextResolver.js";
 import { resolveWorkspaceInvitationsPolicy } from "./support/workspaceInvitationsPolicy.js";
+import { resolveWorkspaceSurfaceIdsFromAppConfig } from "./support/workspaceActionSurfaces.js";
 
 
 function registerWorkspaceCore(app) {
@@ -29,7 +30,7 @@ function registerWorkspaceCore(app) {
 
   app.singleton("users.profile.sync.service", (scope) => {
     return createAuthProfileSyncService({
-      userProfilesRepository: scope.make("userProfilesRepository"),
+      usersRepository: scope.make("usersRepository"),
       userSettingsRepository: scope.make("userSettingsRepository"),
       workspaceProvisioningService: scope.make("users.workspace.service")
     });
@@ -62,8 +63,10 @@ function registerWorkspaceCore(app) {
   });
 
   registerActionContextContributor(app, "users.core.workspace.actionContextContributor", (scope) => {
+    const appConfig = resolveAppConfig(scope);
     return createWorkspaceActionContextContributor({
-      workspaceService: scope.make("users.workspace.service")
+      workspaceService: scope.make("users.workspace.service"),
+      workspaceSurfaceIds: resolveWorkspaceSurfaceIdsFromAppConfig(appConfig)
     });
   });
 

package/src/server/workspaceBootstrapContributor.js

@@ -230,7 +230,7 @@ function mapUserSettingsBootstrap(settings = {}) {
 function createWorkspaceBootstrapContributor({
   workspaceService,
   workspacePendingInvitationsService,
-  userProfilesRepository,
+  usersRepository,
   userSettingsRepository,
   workspaceInvitationsEnabled = false,
   appConfig = {},
@@ -255,8 +255,8 @@ function createWorkspaceBootstrapContributor({
       serviceLabel: "workspacePendingInvitationsService"
     });
   }
-  requireServiceMethod(userProfilesRepository, "findByIdentity", contributorId, {
-    serviceLabel: "userProfilesRepository"
+  requireServiceMethod(usersRepository, "findByIdentity", contributorId, {
+    serviceLabel: "usersRepository"
   });
   requireServiceMethod(userSettingsRepository, "ensureForUserId", contributorId, {
     serviceLabel: "userSettingsRepository"
@@ -317,9 +317,9 @@ function createWorkspaceBootstrapContributor({
 
       if (normalizedUser) {
         const latestProfile =
-          (await userProfilesRepository.findByIdentity({
+          (await usersRepository.findByIdentity({
             provider: normalizedUser.authProvider,
-            providerUserId: normalizedUser.authProviderUserId
+            providerUserId: normalizedUser.authProviderUserSid
           })) || normalizedUser;
 
         const workspaces = await workspaceService.listWorkspacesForUser(latestProfile, { request });
@@ -362,7 +362,7 @@ function createWorkspaceBootstrapContributor({
           pendingInvites,
           activeWorkspace: workspaceContext
             ? mapWorkspaceSummary(workspaceContext.workspace, {
-                roleId: workspaceContext.membership?.roleId,
+                roleSid: workspaceContext.membership?.roleSid,
                 status: workspaceContext.membership?.status
               })
             : null,

package/src/server/workspaceMembers/bootWorkspaceMembers.js

@@ -103,7 +103,7 @@ function bootWorkspaceMembers(app) {
         input: {
           workspaceSlug: request.input.params.workspaceSlug,
           memberUserId: request.input.params.memberUserId,
-          roleId: request.input.body.roleId
+          roleSid: request.input.body.roleSid
         }
       });
       reply.code(200).send(response);
@@ -195,7 +195,7 @@ function bootWorkspaceMembers(app) {
           input: {
             workspaceSlug: request.input.params.workspaceSlug,
             email: request.input.body.email,
-            roleId: request.input.body.roleId
+            roleSid: request.input.body.roleSid
           }
         });
         reply.code(200).send(response);

package/src/server/workspaceMembers/workspaceMembersActions.js

@@ -68,7 +68,7 @@ const workspaceMembersActions = Object.freeze([
     async execute(input, context, deps) {
       return deps.workspaceMembersService.updateMemberRole(resolveWorkspace(context, input), {
         memberUserId: input.memberUserId,
-        roleId: input.roleId
+        roleSid: input.roleSid
       }, {
         context
       });
@@ -150,7 +150,7 @@ const workspaceMembersActions = Object.freeze([
         resolveActionUser(context, input),
         {
           email: input.email,
-          roleId: input.roleId
+          roleSid: input.roleSid
         },
         {
           context

package/src/server/workspaceMembers/workspaceMembersService.js

@@ -62,12 +62,12 @@ function createService({
 
   async function updateMemberRole(workspace, payload = {}, options = {}) {
     const memberUserId = payload.memberUserId;
-    const roleId = payload.roleId;
-    if (!assignableRoleIds.includes(roleId)) {
+    const roleSid = payload.roleSid;
+    if (!assignableRoleIds.includes(roleSid)) {
       throw new AppError(400, "Validation failed.", {
         details: {
           fieldErrors: {
-            roleId: "Role is not assignable."
+            roleSid: "Role is not assignable."
           }
         }
       });
@@ -77,7 +77,7 @@ function createService({
     if (!existingMembership || existingMembership.status !== "active") {
       throw new AppError(404, "Member not found.");
     }
-    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleId === OWNER_ROLE_ID) {
+    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleSid === OWNER_ROLE_ID) {
       throw new AppError(409, "Cannot change workspace owner role.");
     }
 
@@ -85,7 +85,7 @@ function createService({
       workspace.id,
       memberUserId,
       {
-        roleId,
+        roleSid,
         status: "active"
       },
       options
@@ -101,7 +101,7 @@ function createService({
     if (!existingMembership || existingMembership.status !== "active") {
       throw new AppError(404, "Member not found.");
     }
-    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleId === OWNER_ROLE_ID) {
+    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleSid === OWNER_ROLE_ID) {
       throw new AppError(409, "Cannot remove workspace owner.");
     }
 
@@ -109,7 +109,7 @@ function createService({
       workspace.id,
       memberUserId,
       {
-        roleId: existingMembership.roleId,
+        roleSid: existingMembership.roleSid,
         status: "revoked"
       },
       options
@@ -134,12 +134,12 @@ function createService({
 
   async function createInvite(workspace, user, payload = {}, options = {}) {
     const email = payload.email;
-    const roleId = payload.roleId;
-    if (!assignableRoleIds.includes(roleId)) {
+    const roleSid = payload.roleSid;
+    if (!assignableRoleIds.includes(roleSid)) {
       throw new AppError(400, "Validation failed.", {
         details: {
           fieldErrors: {
-            roleId: "Role is not assignable."
+            roleSid: "Role is not assignable."
           }
         }
       });
@@ -152,7 +152,7 @@ function createService({
       {
         workspaceId: workspace.id,
         email,
-        roleId,
+        roleSid,
         status: "pending",
         tokenHash,
         invitedByUserId: Number(user?.id || 0) || null,

package/src/server/workspacePendingInvitations/workspacePendingInvitationsService.js

@@ -99,7 +99,7 @@ function createService({
       workspaceId,
       resolvedInvite.user.id,
       {
-        roleId: resolvedInvite.invite.roleId,
+        roleSid: resolvedInvite.invite.roleSid,
         status: "active"
       },
       options