@logto/schemas 1.10.0 → 1.10.1

package/lib/foundations/jsonb-types/sentinel.d.ts

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+/** The action target type of a sentinel activity. */
+export declare enum SentinelActivityTargetType {
+    User = "User",
+    App = "App"
+}
+export declare const sentinelActivityTargetTypeGuard: z.ZodNativeEnum<typeof SentinelActivityTargetType>;
+/** The action type of a sentinel activity. */
+export declare enum SentinelActivityAction {
+    /**
+     * The subject tries to pass a verification by inputting a password.
+     *
+     * For example, a user (subject) who inputted a password (action) to authenticate themselves
+     * (target).
+     */
+    Password = "Password",
+    /**
+     * The subject tries to pass a verification by inputting a verification code.
+     *
+     * For example, a user (subject) who inputted a verification code (action) to authenticate
+     * themselves (target).
+     */
+    VerificationCode = "VerificationCode"
+}
+export declare const sentinelActivityActionGuard: z.ZodNativeEnum<typeof SentinelActivityAction>;
+export type SentinelActivityPayload = Record<string, unknown>;
+export declare const sentinelActivityPayloadGuard: z.ZodRecord<z.ZodString, z.ZodUnknown>;

package/lib/foundations/jsonb-types/sentinel.js

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+/** The action target type of a sentinel activity. */
+export var SentinelActivityTargetType;
+(function (SentinelActivityTargetType) {
+    SentinelActivityTargetType["User"] = "User";
+    SentinelActivityTargetType["App"] = "App";
+})(SentinelActivityTargetType || (SentinelActivityTargetType = {}));
+export const sentinelActivityTargetTypeGuard = z.nativeEnum(SentinelActivityTargetType);
+/** The action type of a sentinel activity. */
+export var SentinelActivityAction;
+(function (SentinelActivityAction) {
+    /**
+     * The subject tries to pass a verification by inputting a password.
+     *
+     * For example, a user (subject) who inputted a password (action) to authenticate themselves
+     * (target).
+     */
+    SentinelActivityAction["Password"] = "Password";
+    /**
+     * The subject tries to pass a verification by inputting a verification code.
+     *
+     * For example, a user (subject) who inputted a verification code (action) to authenticate
+     * themselves (target).
+     */
+    SentinelActivityAction["VerificationCode"] = "VerificationCode";
+})(SentinelActivityAction || (SentinelActivityAction = {}));
+export const sentinelActivityActionGuard = z.nativeEnum(SentinelActivityAction);
+export const sentinelActivityPayloadGuard = z.record(z.unknown());

package/lib/foundations/jsonb-types/sign-in-experience.d.ts

@@ -0,0 +1,118 @@
+import { z } from 'zod';
+export declare const colorGuard: z.ZodObject<{
+    primaryColor: z.ZodString;
+    isDarkModeEnabled: z.ZodBoolean;
+    darkPrimaryColor: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    primaryColor: string;
+    isDarkModeEnabled: boolean;
+    darkPrimaryColor: string;
+}, {
+    primaryColor: string;
+    isDarkModeEnabled: boolean;
+    darkPrimaryColor: string;
+}>;
+export type Color = z.infer<typeof colorGuard>;
+export declare const brandingGuard: z.ZodObject<{
+    logoUrl: z.ZodOptional<z.ZodString>;
+    darkLogoUrl: z.ZodOptional<z.ZodString>;
+    favicon: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    logoUrl?: string | undefined;
+    darkLogoUrl?: string | undefined;
+    favicon?: string | undefined;
+}, {
+    logoUrl?: string | undefined;
+    darkLogoUrl?: string | undefined;
+    favicon?: string | undefined;
+}>;
+export type Branding = z.infer<typeof brandingGuard>;
+export declare const languageInfoGuard: z.ZodObject<{
+    autoDetect: z.ZodBoolean;
+    fallbackLanguage: z.ZodType<"af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR", z.ZodTypeDef, "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR">;
+}, "strip", z.ZodTypeAny, {
+    autoDetect: boolean;
+    fallbackLanguage: "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+}, {
+    autoDetect: boolean;
+    fallbackLanguage: "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+}>;
+export type LanguageInfo = z.infer<typeof languageInfoGuard>;
+export declare enum SignInIdentifier {
+    Username = "username",
+    Email = "email",
+    Phone = "phone"
+}
+export declare const signUpGuard: z.ZodObject<{
+    identifiers: z.ZodArray<z.ZodNativeEnum<typeof SignInIdentifier>, "many">;
+    password: z.ZodBoolean;
+    verify: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    identifiers: SignInIdentifier[];
+    password: boolean;
+    verify: boolean;
+}, {
+    identifiers: SignInIdentifier[];
+    password: boolean;
+    verify: boolean;
+}>;
+export type SignUp = z.infer<typeof signUpGuard>;
+export declare const signInGuard: z.ZodObject<{
+    methods: z.ZodArray<z.ZodObject<{
+        identifier: z.ZodNativeEnum<typeof SignInIdentifier>;
+        password: z.ZodBoolean;
+        verificationCode: z.ZodBoolean;
+        isPasswordPrimary: z.ZodBoolean;
+    }, "strip", z.ZodTypeAny, {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }, {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    methods: {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }[];
+}, {
+    methods: {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }[];
+}>;
+export type SignIn = z.infer<typeof signInGuard>;
+export declare const connectorTargetsGuard: z.ZodArray<z.ZodString, "many">;
+export type ConnectorTargets = z.infer<typeof connectorTargetsGuard>;
+export declare const customContentGuard: z.ZodRecord<z.ZodString, z.ZodString>;
+export type CustomContent = z.infer<typeof customContentGuard>;
+export declare enum MfaFactor {
+    TOTP = "Totp",
+    WebAuthn = "WebAuthn",
+    BackupCode = "BackupCode"
+}
+export declare const mfaFactorsGuard: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+export type MfaFactors = z.infer<typeof mfaFactorsGuard>;
+export declare enum MfaPolicy {
+    UserControlled = "UserControlled",
+    Mandatory = "Mandatory"
+}
+export declare const mfaGuard: z.ZodObject<{
+    factors: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+    policy: z.ZodNativeEnum<typeof MfaPolicy>;
+}, "strip", z.ZodTypeAny, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}>;
+export type Mfa = z.infer<typeof mfaGuard>;

package/lib/foundations/jsonb-types/sign-in-experience.js

@@ -0,0 +1,56 @@
+import { hexColorRegEx } from '@logto/core-kit';
+import { languageTagGuard } from '@logto/language-kit';
+import { z } from 'zod';
+export const colorGuard = z.object({
+    primaryColor: z.string().regex(hexColorRegEx),
+    isDarkModeEnabled: z.boolean(),
+    darkPrimaryColor: z.string().regex(hexColorRegEx),
+});
+export const brandingGuard = z.object({
+    logoUrl: z.string().url().optional(),
+    darkLogoUrl: z.string().url().optional(),
+    favicon: z.string().url().optional(),
+});
+export const languageInfoGuard = z.object({
+    autoDetect: z.boolean(),
+    fallbackLanguage: languageTagGuard,
+});
+export var SignInIdentifier;
+(function (SignInIdentifier) {
+    SignInIdentifier["Username"] = "username";
+    SignInIdentifier["Email"] = "email";
+    SignInIdentifier["Phone"] = "phone";
+})(SignInIdentifier || (SignInIdentifier = {}));
+export const signUpGuard = z.object({
+    identifiers: z.nativeEnum(SignInIdentifier).array(),
+    password: z.boolean(),
+    verify: z.boolean(),
+});
+export const signInGuard = z.object({
+    methods: z
+        .object({
+        identifier: z.nativeEnum(SignInIdentifier),
+        password: z.boolean(),
+        verificationCode: z.boolean(),
+        isPasswordPrimary: z.boolean(),
+    })
+        .array(),
+});
+export const connectorTargetsGuard = z.string().array();
+export const customContentGuard = z.record(z.string());
+export var MfaFactor;
+(function (MfaFactor) {
+    MfaFactor["TOTP"] = "Totp";
+    MfaFactor["WebAuthn"] = "WebAuthn";
+    MfaFactor["BackupCode"] = "BackupCode";
+})(MfaFactor || (MfaFactor = {}));
+export const mfaFactorsGuard = z.nativeEnum(MfaFactor).array();
+export var MfaPolicy;
+(function (MfaPolicy) {
+    MfaPolicy["UserControlled"] = "UserControlled";
+    MfaPolicy["Mandatory"] = "Mandatory";
+})(MfaPolicy || (MfaPolicy = {}));
+export const mfaGuard = z.object({
+    factors: mfaFactorsGuard,
+    policy: z.nativeEnum(MfaPolicy),
+});

package/lib/foundations/jsonb-types/sso-connector.d.ts

@@ -0,0 +1,14 @@
+import { z } from 'zod';
+export declare const ssoDomainsGuard: z.ZodArray<z.ZodString, "many">;
+export type SsoDomains = z.infer<typeof ssoDomainsGuard>;
+export declare const ssoBrandingGuard: z.ZodObject<{
+    logo: z.ZodOptional<z.ZodString>;
+    darkLogo: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    logo?: string | undefined;
+    darkLogo?: string | undefined;
+}, {
+    logo?: string | undefined;
+    darkLogo?: string | undefined;
+}>;
+export type SsoBranding = z.infer<typeof ssoBrandingGuard>;

package/lib/foundations/jsonb-types/sso-connector.js

@@ -0,0 +1,6 @@
+import { z } from 'zod';
+export const ssoDomainsGuard = z.array(z.string());
+export const ssoBrandingGuard = z.object({
+    logo: z.string().optional(),
+    darkLogo: z.string().optional(),
+});

package/lib/foundations/jsonb-types/users.d.ts

@@ -0,0 +1,285 @@
+import { z } from 'zod';
+import { MfaFactor } from './sign-in-experience.js';
+export declare const roleNamesGuard: z.ZodArray<z.ZodString, "many">;
+declare const identityGuard: z.ZodObject<{
+    userId: z.ZodString;
+    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+}, "strip", z.ZodTypeAny, {
+    userId: string;
+    details?: {} | undefined;
+}, {
+    userId: string;
+    details?: {} | undefined;
+}>;
+export declare const identitiesGuard: z.ZodRecord<z.ZodString, z.ZodObject<{
+    userId: z.ZodString;
+    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+}, "strip", z.ZodTypeAny, {
+    userId: string;
+    details?: {} | undefined;
+}, {
+    userId: string;
+    details?: {} | undefined;
+}>>;
+export type Identity = z.infer<typeof identityGuard>;
+export type Identities = z.infer<typeof identitiesGuard>;
+export declare const baseMfaVerification: {
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+};
+export declare const mfaVerificationTotp: z.ZodObject<{
+    key: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.TOTP>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}>;
+export type MfaVerificationTotp = z.infer<typeof mfaVerificationTotp>;
+export declare const webAuthnTransportGuard: z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>;
+export declare const mfaVerificationWebAuthn: z.ZodObject<{
+    credentialId: z.ZodString;
+    publicKey: z.ZodString;
+    transports: z.ZodOptional<z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">>;
+    counter: z.ZodNumber;
+    agent: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.WebAuthn>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}>;
+export type MfaVerificationWebAuthn = z.infer<typeof mfaVerificationWebAuthn>;
+export declare const mfaVerificationBackupCode: z.ZodObject<{
+    codes: z.ZodArray<z.ZodObject<{
+        code: z.ZodString;
+        usedAt: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        code: string;
+        usedAt?: string | undefined;
+    }, {
+        code: string;
+        usedAt?: string | undefined;
+    }>, "many">;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.BackupCode>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}>;
+export type MfaVerificationBackupCode = z.infer<typeof mfaVerificationBackupCode>;
+export declare const mfaVerificationGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    key: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.TOTP>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}>, z.ZodObject<{
+    credentialId: z.ZodString;
+    publicKey: z.ZodString;
+    transports: z.ZodOptional<z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">>;
+    counter: z.ZodNumber;
+    agent: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.WebAuthn>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}>, z.ZodObject<{
+    codes: z.ZodArray<z.ZodObject<{
+        code: z.ZodString;
+        usedAt: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        code: string;
+        usedAt?: string | undefined;
+    }, {
+        code: string;
+        usedAt?: string | undefined;
+    }>, "many">;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.BackupCode>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}>]>;
+export type MfaVerification = z.infer<typeof mfaVerificationGuard>;
+export declare const mfaVerificationsGuard: z.ZodArray<z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    key: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.TOTP>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.TOTP;
+    id: string;
+    key: string;
+    createdAt: string;
+    lastUsedAt?: string | undefined;
+}>, z.ZodObject<{
+    credentialId: z.ZodString;
+    publicKey: z.ZodString;
+    transports: z.ZodOptional<z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">>;
+    counter: z.ZodNumber;
+    agent: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.WebAuthn>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+    transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    lastUsedAt?: string | undefined;
+}>, z.ZodObject<{
+    codes: z.ZodArray<z.ZodObject<{
+        code: z.ZodString;
+        usedAt: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        code: string;
+        usedAt?: string | undefined;
+    }, {
+        code: string;
+        usedAt?: string | undefined;
+    }>, "many">;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    lastUsedAt: z.ZodOptional<z.ZodString>;
+    type: z.ZodLiteral<MfaFactor.BackupCode>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}, {
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+    codes: {
+        code: string;
+        usedAt?: string | undefined;
+    }[];
+    lastUsedAt?: string | undefined;
+}>]>, "many">;
+export type MfaVerifications = z.infer<typeof mfaVerificationsGuard>;
+export {};

package/lib/foundations/jsonb-types/users.js

@@ -0,0 +1,47 @@
+import { z } from 'zod';
+import { MfaFactor } from './sign-in-experience.js';
+export const roleNamesGuard = z.string().array();
+const identityGuard = z.object({
+    userId: z.string(),
+    details: z.object({}).optional(), // Connector's userinfo details, schemaless
+});
+export const identitiesGuard = z.record(identityGuard);
+export const baseMfaVerification = {
+    id: z.string(),
+    createdAt: z.string(),
+    lastUsedAt: z.string().optional(),
+};
+export const mfaVerificationTotp = z.object({
+    type: z.literal(MfaFactor.TOTP),
+    ...baseMfaVerification,
+    key: z.string(),
+});
+export const webAuthnTransportGuard = z.enum([
+    'usb',
+    'nfc',
+    'ble',
+    'internal',
+    'cable',
+    'hybrid',
+    'smart-card',
+]);
+export const mfaVerificationWebAuthn = z.object({
+    type: z.literal(MfaFactor.WebAuthn),
+    ...baseMfaVerification,
+    credentialId: z.string(),
+    publicKey: z.string(),
+    transports: webAuthnTransportGuard.array().optional(),
+    counter: z.number(),
+    agent: z.string(),
+});
+export const mfaVerificationBackupCode = z.object({
+    type: z.literal(MfaFactor.BackupCode),
+    ...baseMfaVerification,
+    codes: z.object({ code: z.string(), usedAt: z.string().optional() }).array(),
+});
+export const mfaVerificationGuard = z.discriminatedUnion('type', [
+    mfaVerificationTotp,
+    mfaVerificationWebAuthn,
+    mfaVerificationBackupCode,
+]);
+export const mfaVerificationsGuard = mfaVerificationGuard.array();

package/lib/foundations/schemas.d.ts

@@ -1,20 +1,18 @@
 import { type SchemaLike } from '@logto/shared/universal';
-import type { ZodObject, ZodType, ZodOptional } from 'zod';
+import type { ZodObject, ZodType, ZodOptional, ZodTypeAny } from 'zod';
 export type { SchemaLike, SchemaValue, SchemaValuePrimitive } from '@logto/shared/universal';
 type ParseOptional<K> = undefined extends K ? ZodOptional<ZodType<Exclude<K, undefined>>> : ZodType<K>;
-export type CreateGuard<T extends Record<string, unknown>> = ZodObject<{
+export type Guard<T extends SchemaLike<string>> = ZodObject<{
     [key in keyof T]-?: ParseOptional<T[key]>;
-}>;
-export type Guard<T extends Record<string, unknown>> = ZodObject<{
-    [key in keyof T]: ZodType<T[key]>;
-}>;
-export type GeneratedSchema<CreateSchema extends SchemaLike, Schema extends CreateSchema> = keyof Schema extends string ? Readonly<{
-    table: string;
-    tableSingular: string;
+}, 'strip', ZodTypeAny, T, T>;
+export type GeneratedSchema<Key extends string, CreateSchema extends Partial<SchemaLike<Key>>, Schema extends SchemaLike<Key>, Table extends string = string, TableSingular extends string = string> = Readonly<{
+    table: Table;
+    tableSingular: TableSingular;
     fields: {
-        [key in keyof Required<Schema>]: string;
+        [key in Key]: string;
     };
-    fieldKeys: ReadonlyArray<keyof Schema>;
-    createGuard: CreateGuard<CreateSchema>;
+    fieldKeys: readonly Key[];
+    createGuard: Guard<CreateSchema>;
     guard: Guard<Schema>;
-}> : never;
+    updateGuard: Guard<Partial<Schema>>;
+}>;

package/lib/models/tenants.d.ts

@@ -13,27 +13,23 @@ export declare const Tenants: import("@withtyped/server/model").default<"tenants
     tag: TenantTag;
     createdAt: Date;
     isSuspended: boolean;
-}, "createdAt" | "name" | "isSuspended" | "tag", "createdAt">;
+}, "name" | "createdAt" | "isSuspended" | "tag", "createdAt">;
 export type TenantModel = InferModelType<typeof Tenants>;
-export declare const tenantInfoGuard: z.ZodObject<z.extendShape<Pick<{
-    id: z.ZodType<string, z.ZodTypeDef, string>;
-    dbUser: z.ZodType<string | null, z.ZodTypeDef, string | null>;
-    dbUserPassword: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+export declare const tenantInfoGuard: z.ZodObject<{
     name: z.ZodType<string, z.ZodTypeDef, string>;
-    tag: z.ZodType<TenantTag, z.ZodTypeDef, TenantTag>;
-    createdAt: z.ZodType<Date, z.ZodTypeDef, Date>;
+    id: z.ZodType<string, z.ZodTypeDef, string>;
     isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
-}, "id" | "name" | "isSuspended" | "tag">, {
+    tag: z.ZodType<TenantTag, z.ZodTypeDef, TenantTag>;
     indicator: z.ZodString;
-}>, "strip", z.ZodTypeAny, {
-    id: string;
+}, z.UnknownKeysParam, z.ZodTypeAny, {
     name: string;
+    id: string;
     indicator: string;
     isSuspended: boolean;
     tag: TenantTag;
 }, {
-    id: string;
     name: string;
+    id: string;
     indicator: string;
     isSuspended: boolean;
     tag: TenantTag;