@jskit-ai/users-core 0.1.42 → 0.1.44

package/src/server/workspaceMembers/workspaceMembersService.js

@@ -1,3 +1,4 @@
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { buildInviteToken, hashInviteToken } from "@jskit-ai/auth-core/server/inviteTokens";
 import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
 import { OWNER_ROLE_ID, createWorkspaceRoleCatalog, cloneWorkspaceRoleCatalog } from "../../shared/roles.js";
@@ -61,8 +62,11 @@ function createService({
   }
 
   async function updateMemberRole(workspace, payload = {}, options = {}) {
-    const memberUserId = payload.memberUserId;
+    const memberUserId = normalizeRecordId(payload.memberUserId, { fallback: null });
     const roleSid = payload.roleSid;
+    if (!memberUserId) {
+      throw new AppError(400, "Validation failed.");
+    }
     if (!assignableRoleIds.includes(roleSid)) {
       throw new AppError(400, "Validation failed.", {
         details: {
@@ -77,7 +81,7 @@ function createService({
     if (!existingMembership || existingMembership.status !== "active") {
       throw new AppError(404, "Member not found.");
     }
-    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleSid === OWNER_ROLE_ID) {
+    if (memberUserId === normalizeRecordId(workspace.ownerUserId, { fallback: null }) || existingMembership.roleSid === OWNER_ROLE_ID) {
       throw new AppError(409, "Cannot change workspace owner role.");
     }
 
@@ -95,13 +99,16 @@ function createService({
   }
 
   async function removeMember(workspace, payload = {}, options = {}) {
-    const memberUserId = payload.memberUserId;
+    const memberUserId = normalizeRecordId(payload.memberUserId, { fallback: null });
+    if (!memberUserId) {
+      throw new AppError(400, "Validation failed.");
+    }
 
     const existingMembership = await workspaceMembershipsRepository.findByWorkspaceIdAndUserId(workspace.id, memberUserId, options);
     if (!existingMembership || existingMembership.status !== "active") {
       throw new AppError(404, "Member not found.");
     }
-    if (Number(memberUserId) === Number(workspace.ownerUserId) || existingMembership.roleSid === OWNER_ROLE_ID) {
+    if (memberUserId === normalizeRecordId(workspace.ownerUserId, { fallback: null }) || existingMembership.roleSid === OWNER_ROLE_ID) {
       throw new AppError(409, "Cannot remove workspace owner.");
     }
 
@@ -155,13 +162,13 @@ function createService({
         roleSid,
         status: "pending",
         tokenHash,
-        invitedByUserId: Number(user?.id || 0) || null,
+        invitedByUserId: normalizeRecordId(user?.id, { fallback: null }),
         expiresAt: new Date(Date.now() + resolvedInviteExpiresInMs).toISOString()
       },
       options
     );
-    const createdInviteId = Number(createdInvite?.id);
-    if (!Number.isInteger(createdInviteId) || createdInviteId < 1) {
+    const createdInviteId = normalizeRecordId(createdInvite?.id, { fallback: null });
+    if (!createdInviteId) {
       throw new Error("workspaceMembersService.createInvite expected repository to return created invite id.");
     }
 
@@ -174,8 +181,13 @@ function createService({
   }
 
   async function revokeInvite(workspace, inviteId, options = {}) {
+    const normalizedInviteId = normalizeRecordId(inviteId, { fallback: null });
+    if (!normalizedInviteId) {
+      throw new AppError(400, "Validation failed.");
+    }
+
     const invite = await workspaceInvitesRepository.findPendingByIdForWorkspace(
-      inviteId,
+      normalizedInviteId,
       workspace.id,
       options
     );
@@ -183,9 +195,9 @@ function createService({
       throw new AppError(404, "Invite not found.");
     }
 
-    await workspaceInvitesRepository.revokeById(inviteId, options);
-    const revokedInviteId = Number(invite?.id);
-    if (!Number.isInteger(revokedInviteId) || revokedInviteId < 1) {
+    await workspaceInvitesRepository.revokeById(normalizedInviteId, options);
+    const revokedInviteId = normalizeRecordId(invite?.id, { fallback: null });
+    if (!revokedInviteId) {
       throw new Error("workspaceMembersService.revokeInvite expected repository to return pending invite id.");
     }
 

package/src/server/workspacePendingInvitations/registerWorkspacePendingInvitations.js

@@ -1,11 +1,12 @@
 import { withActionDefaults } from "@jskit-ai/kernel/shared/actions";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { createService } from "./workspacePendingInvitationsService.js";
 import { workspacePendingInvitationsActions } from "./workspacePendingInvitationsActions.js";
 import { deepFreeze } from "../common/support/deepFreeze.js";
 
 function workspaceAudienceFromEntityId({ event } = {}) {
-  const workspaceId = Number(event?.entityId);
-  if (!Number.isInteger(workspaceId) || workspaceId < 1) {
+  const workspaceId = normalizeRecordId(event?.entityId, { fallback: null });
+  if (!workspaceId) {
     return "none";
   }
   return {
@@ -14,7 +15,7 @@ function workspaceAudienceFromEntityId({ event } = {}) {
 }
 
 function actorUserEntityId({ options } = {}) {
-  return Number(options?.context?.actor?.id || 0);
+  return normalizeRecordId(options?.context?.actor?.id, { fallback: "" });
 }
 
 function createActorUserEvent({ source, entity, realtimeEvent }) {
@@ -37,7 +38,7 @@ function createWorkspaceAudienceEvent({ entity, realtimeEvent }) {
     source: "workspace",
     entity,
     operation: "updated",
-    entityId: ({ result }) => result?.workspaceId,
+    entityId: ({ result }) => normalizeRecordId(result?.workspaceId, { fallback: "" }),
     realtime: {
       event: realtimeEvent,
       audience: workspaceAudienceFromEntityId

package/src/server/workspacePendingInvitations/workspacePendingInvitationsService.js

@@ -1,6 +1,7 @@
 import { resolveInviteTokenHash } from "@jskit-ai/auth-core/server/inviteTokens";
 import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
 import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { authenticatedUserValidator } from "../common/validators/authenticatedUserValidator.js";
 
 function createService({
@@ -70,8 +71,8 @@ function createService({
   }
 
   function requireWorkspaceIdFromInvite(invite, methodName = "workspacePendingInvitationsService") {
-    const workspaceId = Number(invite?.workspaceId);
-    if (!Number.isInteger(workspaceId) || workspaceId < 1) {
+    const workspaceId = normalizeRecordId(invite?.workspaceId, { fallback: null });
+    if (!workspaceId) {
       throw new Error(`${methodName} expected invite workspace id.`);
     }
     return workspaceId;

package/src/server/workspaceSettings/workspaceSettingsRepository.js

@@ -1,7 +1,10 @@
 import {
+  normalizeDbRecordId,
+  normalizeRecordId,
   toIsoString,
   nowDb,
-  isDuplicateEntryError
+  isDuplicateEntryError,
+  createWithTransaction
 } from "../common/repositories/repositoryUtils.js";
 import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
 import { pickOwnProperties } from "@jskit-ai/kernel/shared/support";
@@ -32,6 +35,7 @@ function createRepository(knex, { defaultInvitesEnabled } = {}) {
   if (typeof knex !== "function") {
     throw new TypeError("workspaceSettingsRepository requires knex.");
   }
+  const withTransaction = createWithTransaction(knex);
 
   function mapRow(row) {
     if (!row) {
@@ -39,7 +43,7 @@ function createRepository(knex, { defaultInvitesEnabled } = {}) {
     }
 
     const settings = {
-      workspaceId: Number(row.workspace_id)
+      workspaceId: normalizeDbRecordId(row.workspace_id, { fallback: "" })
     };
     for (const field of workspaceSettingsFields) {
       const rawValue = Object.hasOwn(row, field.dbColumn)
@@ -59,24 +63,33 @@ function createRepository(knex, { defaultInvitesEnabled } = {}) {
 
   async function findByWorkspaceId(workspaceId, options = {}) {
     const client = options?.trx || knex;
-    const row = await client("workspace_settings").where({ workspace_id: Number(workspaceId) }).first();
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      return null;
+    }
+
+    const row = await client("workspace_settings").where({ workspace_id: normalizedWorkspaceId }).first();
     return mapRow(row);
   }
 
   async function ensureForWorkspaceId(workspaceId, options = {}) {
     const client = options?.trx || knex;
-    const numericWorkspaceId = Number(workspaceId);
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      throw new TypeError("workspaceSettingsRepository.ensureForWorkspaceId requires a valid workspace id.");
+    }
+
     const seed = resolveWorkspaceSettingsSeed(options?.workspace, {
       defaultInvitesEnabled
     });
-    const existing = await findByWorkspaceId(numericWorkspaceId, { trx: client });
+    const existing = await findByWorkspaceId(normalizedWorkspaceId, { trx: client });
     if (existing) {
       return existing;
     }
 
     try {
       const insertPayload = {
-        workspace_id: numericWorkspaceId,
+        workspace_id: normalizedWorkspaceId,
         created_at: nowDb(),
         updated_at: nowDb()
       };
@@ -90,12 +103,17 @@ function createRepository(knex, { defaultInvitesEnabled } = {}) {
       }
     }
 
-    return findByWorkspaceId(numericWorkspaceId, { trx: client });
+    return findByWorkspaceId(normalizedWorkspaceId, { trx: client });
   }
 
   async function updateSettingsByWorkspaceId(workspaceId, patch = {}, options = {}) {
     const client = options?.trx || knex;
-    const ensured = await ensureForWorkspaceId(workspaceId, {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      throw new TypeError("workspaceSettingsRepository.updateSettingsByWorkspaceId requires a valid workspace id.");
+    }
+
+    const ensured = await ensureForWorkspaceId(normalizedWorkspaceId, {
       trx: client,
       workspace: options?.workspace
     });
@@ -119,13 +137,14 @@ function createRepository(knex, { defaultInvitesEnabled } = {}) {
       });
     }
 
-    await client("workspace_settings").where({ workspace_id: Number(workspaceId) }).update({
+    await client("workspace_settings").where({ workspace_id: normalizedWorkspaceId }).update({
       ...dbPatch
     });
-    return findByWorkspaceId(workspaceId, { trx: client });
+    return findByWorkspaceId(normalizedWorkspaceId, { trx: client });
   }
 
   return Object.freeze({
+    withTransaction,
     findByWorkspaceId,
     ensureForWorkspaceId,
     updateSettingsByWorkspaceId

package/src/server/workspaceSettings/workspaceSettingsService.js

@@ -1,3 +1,4 @@
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
 import { pickOwnProperties } from "@jskit-ai/kernel/shared/support";
 import {
@@ -33,9 +34,9 @@ function createService({
 
     return {
       workspace: {
-        id: Number(workspace.id),
+        id: normalizeRecordId(workspace.id, { fallback: "" }),
         slug: String(workspace.slug || ""),
-        ownerUserId: Number(workspace.ownerUserId)
+        ownerUserId: normalizeRecordId(workspace.ownerUserId, { fallback: "" })
       },
       settings,
       roleCatalog: cloneWorkspaceRoleCatalog(resolvedRoleCatalog)

package/src/shared/resources/workspaceMembersResource.js

@@ -1,16 +1,21 @@
 import { Type } from "@fastify/type-provider-typebox";
 import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
-import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
-import { normalizePositiveInteger } from "@jskit-ai/kernel/shared/support/normalize";
+import {
+  normalizeObjectInput,
+  recordIdSchema,
+  recordIdInputSchema,
+  nullableRecordIdSchema
+} from "@jskit-ai/kernel/shared/validators";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { createOperationMessages } from "../operationMessages.js";
 import { createWorkspaceRoleCatalog, OWNER_ROLE_ID } from "../roles.js";
 
 const workspaceSummaryOutputSchema = Type.Object(
   {
-    id: Type.Integer({ minimum: 1 }),
+    id: recordIdSchema,
     slug: Type.String({ minLength: 1 }),
     name: Type.String({ minLength: 1 }),
-    ownerUserId: Type.Integer({ minimum: 1 }),
+    ownerUserId: recordIdSchema,
     avatarUrl: Type.String()
   },
   { additionalProperties: false }
@@ -18,7 +23,7 @@ const workspaceSummaryOutputSchema = Type.Object(
 
 const memberSummaryOutputSchema = Type.Object(
   {
-    userId: Type.Integer({ minimum: 1 }),
+    userId: recordIdSchema,
     roleSid: Type.String({ minLength: 1 }),
     status: Type.String({ minLength: 1 }),
     displayName: Type.String(),
@@ -30,12 +35,12 @@ const memberSummaryOutputSchema = Type.Object(
 
 const inviteSummaryOutputSchema = Type.Object(
   {
-    id: Type.Integer({ minimum: 1 }),
+    id: recordIdSchema,
     email: Type.String({ minLength: 3, format: "email" }),
     roleSid: Type.String({ minLength: 1 }),
     status: Type.String({ minLength: 1 }),
     expiresAt: Type.String({ minLength: 1 }),
-    invitedByUserId: Type.Union([Type.Integer({ minimum: 1 }), Type.Null()])
+    invitedByUserId: nullableRecordIdSchema
   },
   { additionalProperties: false }
 );
@@ -44,26 +49,25 @@ function normalizeWorkspaceAdminSummary(workspace) {
   const source = normalizeObjectInput(workspace);
 
   return {
-    id: Number(source.id),
+    id: normalizeRecordId(source.id, { fallback: "" }),
     slug: normalizeText(source.slug),
     name: normalizeText(source.name),
-    ownerUserId: Number(source.ownerUserId),
+    ownerUserId: normalizeRecordId(source.ownerUserId, { fallback: "" }),
     avatarUrl: normalizeText(source.avatarUrl)
   };
 }
 
 function normalizeMemberSummary(member, workspace) {
   const source = normalizeObjectInput(member);
+  const userId = normalizeRecordId(source.userId, { fallback: "" });
 
   return {
-    userId: Number(source.userId),
+    userId,
     roleSid: normalizeLowerText(source.roleSid || "member") || "member",
     status: normalizeLowerText(source.status || "active") || "active",
     displayName: normalizeText(source.displayName),
     email: normalizeLowerText(source.email),
-    isOwner:
-      Number(source.userId) === Number(workspace.ownerUserId) ||
-      normalizeLowerText(source.roleSid) === OWNER_ROLE_ID
+    isOwner: userId === workspace.ownerUserId || normalizeLowerText(source.roleSid) === OWNER_ROLE_ID
   };
 }
 
@@ -71,12 +75,12 @@ function normalizeInviteSummary(invite) {
   const source = normalizeObjectInput(invite);
 
   return {
-    id: Number(source.id),
+    id: normalizeRecordId(source.id, { fallback: "" }),
     email: normalizeLowerText(source.email),
     roleSid: normalizeLowerText(source.roleSid || "member") || "member",
     status: normalizeLowerText(source.status || "pending") || "pending",
     expiresAt: source.expiresAt,
-    invitedByUserId: source.invitedByUserId == null ? null : Number(source.invitedByUserId)
+    invitedByUserId: source.invitedByUserId == null ? null : normalizeRecordId(source.invitedByUserId, { fallback: null })
   };
 }
 
@@ -176,7 +180,7 @@ const updateMemberRoleBodyValidator = Object.freeze({
 const updateMemberRoleInputValidator = Object.freeze({
   schema: Type.Object(
     {
-      memberUserId: Type.Integer({ minimum: 1 }),
+      memberUserId: recordIdInputSchema,
       roleSid: Type.String({ minLength: 1 })
     },
     { additionalProperties: false }
@@ -185,7 +189,7 @@ const updateMemberRoleInputValidator = Object.freeze({
     const source = normalizeObjectInput(payload);
 
     return {
-      memberUserId: normalizePositiveInteger(source.memberUserId),
+      memberUserId: normalizeRecordId(source.memberUserId, { fallback: "" }),
       roleSid: normalizeLowerText(source.roleSid)
     };
   }
@@ -194,7 +198,7 @@ const updateMemberRoleInputValidator = Object.freeze({
 const removeMemberInputValidator = Object.freeze({
   schema: Type.Object(
     {
-      memberUserId: Type.Integer({ minimum: 1 })
+      memberUserId: recordIdInputSchema
     },
     { additionalProperties: false }
   ),
@@ -202,7 +206,7 @@ const removeMemberInputValidator = Object.freeze({
     const source = normalizeObjectInput(payload);
 
     return {
-      memberUserId: normalizePositiveInteger(source.memberUserId)
+      memberUserId: normalizeRecordId(source.memberUserId, { fallback: "" })
     };
   }
 });
@@ -228,7 +232,7 @@ const createInviteBodyValidator = Object.freeze({
 const revokeInviteInputValidator = Object.freeze({
   schema: Type.Object(
     {
-      inviteId: Type.Integer({ minimum: 1 })
+      inviteId: recordIdInputSchema
     },
     { additionalProperties: false }
   ),
@@ -236,7 +240,7 @@ const revokeInviteInputValidator = Object.freeze({
     const source = normalizeObjectInput(payload);
 
     return {
-      inviteId: normalizePositiveInteger(source.inviteId)
+      inviteId: normalizeRecordId(source.inviteId, { fallback: "" })
     };
   }
 });

package/src/shared/resources/workspacePendingInvitationsResource.js

@@ -2,20 +2,15 @@ import { Type } from "@fastify/type-provider-typebox";
 import { encodeInviteTokenHash } from "@jskit-ai/auth-core/shared/inviteTokens";
 import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
 import { createOperationMessages } from "../operationMessages.js";
-import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
+import { normalizeObjectInput, recordIdSchema } from "@jskit-ai/kernel/shared/validators";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 
 function normalizePendingInvite(invite) {
-  const id = Number(invite?.id);
-  const workspaceId = Number(invite?.workspaceId);
+  const id = normalizeRecordId(invite?.id, { fallback: null });
+  const workspaceId = normalizeRecordId(invite?.workspaceId, { fallback: null });
   const tokenHash = normalizeText(invite?.tokenHash);
 
-  if (!Number.isInteger(id) || id < 1) {
-    return null;
-  }
-  if (!Number.isInteger(workspaceId) || workspaceId < 1) {
-    return null;
-  }
-  if (!tokenHash) {
+  if (!id || !workspaceId || !tokenHash) {
     return null;
   }
 
@@ -39,8 +34,8 @@ function normalizePendingInviteList(invites) {
 const pendingInviteRecordValidator = Object.freeze({
   schema: Type.Object(
     {
-      id: Type.Integer({ minimum: 1 }),
-      workspaceId: Type.Integer({ minimum: 1 }),
+      id: recordIdSchema,
+      workspaceId: recordIdSchema,
       workspaceSlug: Type.String({ minLength: 1 }),
       workspaceName: Type.String({ minLength: 1 }),
       workspaceAvatarUrl: Type.String(),

package/src/shared/resources/workspaceResource.js

@@ -2,8 +2,11 @@ import { Type } from "typebox";
 import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
 import {
   normalizeObjectInput,
-  createCursorListValidator
+  createCursorListValidator,
+  recordIdSchema,
+  recordIdInputSchema
 } from "@jskit-ai/kernel/shared/validators";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 
 function normalizeWorkspaceAvatarUrl(value) {
   const avatarUrl = normalizeText(value);
@@ -31,7 +34,7 @@ function normalizeWorkspaceInput(payload = {}) {
     normalized.name = normalizeText(source.name);
   }
   if (Object.hasOwn(source, "ownerUserId")) {
-    normalized.ownerUserId = Number(source.ownerUserId);
+    normalized.ownerUserId = normalizeRecordId(source.ownerUserId, { fallback: "" });
   }
   if (Object.hasOwn(source, "avatarUrl")) {
     normalized.avatarUrl = normalizeWorkspaceAvatarUrl(source.avatarUrl);
@@ -47,10 +50,10 @@ function normalizeWorkspaceOutput(payload = {}) {
   const source = normalizeObjectInput(payload);
 
   return {
-    id: Number(source.id),
+    id: normalizeRecordId(source.id, { fallback: "" }),
     slug: normalizeLowerText(source.slug),
     name: normalizeText(source.name),
-    ownerUserId: Number(source.ownerUserId),
+    ownerUserId: normalizeRecordId(source.ownerUserId, { fallback: "" }),
     avatarUrl: normalizeText(source.avatarUrl)
   };
 }
@@ -59,7 +62,7 @@ function normalizeWorkspaceListItemOutput(payload = {}) {
   const source = normalizeObjectInput(payload);
 
   return {
-    id: Number(source.id),
+    id: normalizeRecordId(source.id, { fallback: "" }),
     slug: normalizeLowerText(source.slug),
     name: normalizeText(source.name),
     avatarUrl: normalizeText(source.avatarUrl),
@@ -70,10 +73,10 @@ function normalizeWorkspaceListItemOutput(payload = {}) {
 
 const responseRecordSchema = Type.Object(
   {
-    id: Type.Integer({ minimum: 1 }),
+    id: recordIdSchema,
     slug: Type.String({ minLength: 1 }),
     name: Type.String({ minLength: 1, maxLength: 160 }),
-    ownerUserId: Type.Integer({ minimum: 1 }),
+    ownerUserId: recordIdSchema,
     avatarUrl: Type.String()
   },
   { additionalProperties: false }
@@ -81,7 +84,7 @@ const responseRecordSchema = Type.Object(
 
 const listItemSchema = Type.Object(
   {
-    id: Type.Integer({ minimum: 1 }),
+    id: recordIdSchema,
     slug: Type.String({ minLength: 1 }),
     name: Type.String({ minLength: 1, maxLength: 160 }),
     avatarUrl: Type.String(),
@@ -94,7 +97,8 @@ const listItemSchema = Type.Object(
 const createRequestBodySchema = Type.Object(
   {
     name: Type.String({ minLength: 1, maxLength: 160 }),
-    slug: Type.Optional(Type.String({ minLength: 1, maxLength: 120 }))
+    slug: Type.Optional(Type.String({ minLength: 1, maxLength: 120 })),
+    ownerUserId: Type.Optional(recordIdInputSchema)
   },
   { additionalProperties: false }
 );

package/src/shared/resources/workspaceSettingsResource.js

@@ -3,8 +3,10 @@ import { normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization
 import {
   normalizeObjectInput,
   createCursorListValidator,
-  normalizeSettingsFieldInput
+  normalizeSettingsFieldInput,
+  recordIdSchema
 } from "@jskit-ai/kernel/shared/validators";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
 import { workspaceSettingsFields } from "./workspaceSettingsFields.js";
 import { createWorkspaceRoleCatalog } from "../roles.js";
 
@@ -39,9 +41,9 @@ function buildResponseRecordSchema() {
     {
       workspace: Type.Object(
         {
-          id: Type.Integer({ minimum: 1 }),
+          id: recordIdSchema,
           slug: Type.String({ minLength: 1 }),
-          ownerUserId: Type.Integer({ minimum: 1 })
+          ownerUserId: recordIdSchema
         },
         { additionalProperties: false }
       ),
@@ -98,9 +100,9 @@ function normalizeOutput(payload = {}) {
 
   return {
     workspace: {
-      id: Number(workspace.id),
+      id: normalizeRecordId(workspace.id, { fallback: "" }),
       slug: normalizeText(workspace.slug),
-      ownerUserId: Number(workspace.ownerUserId)
+      ownerUserId: normalizeRecordId(workspace.ownerUserId, { fallback: "" })
     },
     settings: normalizedSettings,
     roleCatalog: hasRoleCatalog ? roleCatalog : createWorkspaceRoleCatalog()

package/templates/migrations/users_core_console_owner.cjs

@@ -13,7 +13,7 @@ exports.up = async function up(knex) {
   }
 
   await knex.schema.alterTable("console_settings", (table) => {
-    table.integer("owner_user_id").unsigned().nullable();
+    table.bigInteger("owner_user_id").unsigned().nullable();
   });
 };
 

package/templates/migrations/users_core_generic_initial.cjs

@@ -5,7 +5,7 @@ exports.up = async function up(knex) {
   const hasUsersTable = await knex.schema.hasTable("users");
   if (!hasUsersTable) {
     await knex.schema.createTable("users", (table) => {
-      table.increments("id").primary();
+      table.bigIncrements("id").primary();
       table.string("auth_provider", 64).notNullable();
       table.string("auth_provider_user_sid", 191).notNullable();
       table.string("email", 255).notNullable();
@@ -24,7 +24,7 @@ exports.up = async function up(knex) {
   const hasUserSettingsTable = await knex.schema.hasTable("user_settings");
   if (!hasUserSettingsTable) {
     await knex.schema.createTable("user_settings", (table) => {
-      table.integer("user_id").unsigned().primary().references("id").inTable("users").onDelete("CASCADE");
+      table.bigInteger("user_id").unsigned().primary().references("id").inTable("users").onDelete("CASCADE");
       table.string("theme", 32).notNullable().defaultTo("system");
       table.string("locale", 24).notNullable().defaultTo("en");
       table.string("time_zone", 64).notNullable().defaultTo("UTC");
@@ -45,8 +45,8 @@ exports.up = async function up(knex) {
   const hasConsoleSettingsTable = await knex.schema.hasTable("console_settings");
   if (!hasConsoleSettingsTable) {
     await knex.schema.createTable("console_settings", (table) => {
-      table.integer("id").primary();
-      table.integer("owner_user_id").unsigned().nullable().references("id").inTable("users").onDelete("SET NULL");
+      table.bigInteger("id").primary();
+      table.bigInteger("owner_user_id").unsigned().nullable().references("id").inTable("users").onDelete("SET NULL");
       table.timestamp("created_at", { useTz: false }).notNullable().defaultTo(knex.fn.now());
       table.timestamp("updated_at", { useTz: false }).notNullable().defaultTo(knex.fn.now());
     });

package/templates/migrations/users_core_profile_username.cjs

@@ -62,7 +62,7 @@ exports.up = async function up(knex) {
   for (const profile of profiles) {
     const nextUsername = resolveUniqueUsername(usernameBaseFromEmail(profile.email), usedUsernames);
     usedUsernames.add(nextUsername);
-    await knex("users").where({ id: Number(profile.id) }).update({
+    await knex("users").where({ id: profile.id }).update({
       username: nextUsername
     });
   }

package/test/authProfileSyncService.test.js

@@ -15,7 +15,7 @@ test("authProfileSyncService.syncIdentityProfile uses shared transaction for pro
       async upsert(payload, options = {}) {
         calls.push({ step: "upsert", trx: options.trx || null });
         return {
-          id: 13,
+          id: "13",
           authProvider: payload.authProvider,
           authProviderUserSid: payload.authProviderUserSid,
           email: payload.email,
@@ -67,7 +67,7 @@ test("authProfileSyncService.syncIdentityProfile skips write path when profile i
     usersRepository: {
       async findByIdentity() {
         return {
-          id: 7,
+          id: "7",
           authProvider: "supabase",
           authProviderUserSid: "abc-7",
           email: "tony@example.com",
@@ -84,7 +84,7 @@ test("authProfileSyncService.syncIdentityProfile skips write path when profile i
     },
     userSettingsRepository: {
       async ensureForUserId() {
-        return { userId: 7 };
+        return { userId: "7" };
       }
     },
     workspaceProvisioningService: {
@@ -116,11 +116,14 @@ test("authProfileSyncService.findByIdentity normalizes provider identity input",
       },
       async upsert() {
         return null;
+      },
+      async withTransaction(work) {
+        return work({ trxId: "tx-3" });
       }
     },
     userSettingsRepository: {
       async ensureForUserId() {
-        return { userId: 1 };
+        return { userId: "1" };
       }
     }
   });