@logto/schemas 1.15.0 → 1.17.0

package/alterations-js/1.17.0-1716291265-create-pre-configured-m-api-role.js

@@ -0,0 +1,77 @@
+import { yes } from '@silverhand/essentials';
+import { sql } from '@silverhand/slonik';
+import { generateStandardId } from './utils/1716643968-id-generation.js';
+const isCi = yes(process.env.CI);
+const defaultTenantId = 'default';
+const defaultTenantManagementApiIndicator = `https://${defaultTenantId}.logto.app/api`;
+const roleName = 'Logto Management API access';
+const roleDescription = 'This default role grants access to the Logto management API.';
+var RoleType;
+(function (RoleType) {
+    RoleType["MachineToMachine"] = "MachineToMachine";
+})(RoleType || (RoleType = {}));
+var PredefinedScope;
+(function (PredefinedScope) {
+    PredefinedScope["All"] = "all";
+})(PredefinedScope || (PredefinedScope = {}));
+/**
+ * This script is to create a pre-configured Management API M2M role for new users.
+ * This script is **only for CI**, since we won't create this role for existing users, so this script is not applicable for existing db data.
+ */
+const alteration = {
+    up: async (pool) => {
+        if (!isCi) {
+            console.info("Skipping the alteration script `next-1716291265-create-pre-configured-m-api-role.ts` since it's should not be applied to existing db data.");
+            return;
+        }
+        /**
+         * Only affect the `default` tenant, since this is the only tenant in the OSS version and the initial tenant in the cloud version.
+         * So we only need to care about this role for the `default` tenant.
+         */
+        const roleId = generateStandardId();
+        await pool.query(sql `
+      insert into roles (id, tenant_id, name, description, type)
+      values (
+        ${roleId},
+        ${defaultTenantId},
+        ${roleName},
+        ${roleDescription},
+        ${RoleType.MachineToMachine}
+      );
+    `);
+        // Assign Logto Management API permission `all` to the Logto Management API M2M role
+        await pool.query(sql `
+      insert into roles_scopes (id, role_id, scope_id, tenant_id)
+      values (
+        ${generateStandardId()},
+        ${roleId},
+        (
+          select scopes.id
+          from scopes
+          join resources on
+            scopes.tenant_id = resources.tenant_id and
+            scopes.resource_id = resources.id
+          where resources.indicator = ${defaultTenantManagementApiIndicator}
+          and scopes.name = ${PredefinedScope.All}
+          and scopes.tenant_id = ${defaultTenantId}
+        ),
+        ${defaultTenantId}
+      )
+    `);
+    },
+    down: async (pool) => {
+        if (!isCi) {
+            console.info("Skipping the down script `next-1716291265-create-pre-configured-m-api-role.ts` since it's should not be applied to production db.");
+            return;
+        }
+        // Delete the created role
+        await pool.query(sql `
+      delete from roles
+      where tenant_id = ${defaultTenantId}
+      and name = ${roleName}
+      and description = ${roleDescription}
+      and type = ${RoleType.MachineToMachine}
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.17.0-1717148078-remove-service-log-reference.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.17.0-1717148078-remove-service-log-reference.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table service_logs drop constraint service_logs_tenant_id_fkey;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table service_logs add constraint service_logs_tenant_id_fkey 
+        foreign key (tenant_id) references tenants(id) on update cascade on delete cascade;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/utils/1716643968-id-generation.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Generate a standard id with 21 characters, including lowercase letters and numbers.
+ *
+ * @see {@link lowercaseAlphabet}
+ */
+export declare const generateStandardId: (size?: number | undefined) => string;
+/**
+ * Generate a standard short id with 12 characters, including lowercase letters and numbers.
+ *
+ * @see {@link lowercaseAlphabet}
+ */
+export declare const generateStandardShortId: (size?: number | undefined) => string;
+/**
+ * Generate a standard secret with 32 characters, including uppercase letters, lowercase
+ * letters, and numbers.
+ *
+ * @see {@link alphabet}
+ */
+export declare const generateStandardSecret: (size?: number | undefined) => string;

package/alterations-js/utils/1716643968-id-generation.js

@@ -0,0 +1,26 @@
+/**
+ * This file is forked from `@logto/shared` 3.1.0 to avoid alteration scripts to depend on outer packages.
+ */
+import { customAlphabet } from 'nanoid';
+const lowercaseAlphabet = '0123456789abcdefghijklmnopqrstuvwxyz';
+const alphabet = `${lowercaseAlphabet}ABCDEFGHIJKLMNOPQRSTUVWXYZ`;
+const buildIdGenerator = (size, includingUppercase = true) => customAlphabet(includingUppercase ? alphabet : lowercaseAlphabet, size);
+/**
+ * Generate a standard id with 21 characters, including lowercase letters and numbers.
+ *
+ * @see {@link lowercaseAlphabet}
+ */
+export const generateStandardId = buildIdGenerator(21, false);
+/**
+ * Generate a standard short id with 12 characters, including lowercase letters and numbers.
+ *
+ * @see {@link lowercaseAlphabet}
+ */
+export const generateStandardShortId = buildIdGenerator(12, false);
+/**
+ * Generate a standard secret with 32 characters, including uppercase letters, lowercase
+ * letters, and numbers.
+ *
+ * @see {@link alphabet}
+ */
+export const generateStandardSecret = buildIdGenerator(32);

package/lib/db-entries/application-user-consent-organization-resource-scope.d.ts

@@ -0,0 +1,24 @@
+import { GeneratedSchema } from './../foundations/index.js';
+/**
+ * The organization resource scopes (permissions) assigned to an application's consent request. This is different from the application_user_consent_resource_scopes table, scopes in this table is granted by the organization roles.
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link ApplicationUserConsentOrganizationResourceScope} for the original type.
+ */
+export type CreateApplicationUserConsentOrganizationResourceScope = {
+    tenantId?: string;
+    /** The globally unique identifier of the application. */
+    applicationId: string;
+    /** The globally unique identifier of the resource scope. */
+    scopeId: string;
+};
+/** The organization resource scopes (permissions) assigned to an application's consent request. This is different from the application_user_consent_resource_scopes table, scopes in this table is granted by the organization roles. */
+export type ApplicationUserConsentOrganizationResourceScope = {
+    tenantId: string;
+    /** The globally unique identifier of the application. */
+    applicationId: string;
+    /** The globally unique identifier of the resource scope. */
+    scopeId: string;
+};
+export type ApplicationUserConsentOrganizationResourceScopeKeys = 'tenantId' | 'applicationId' | 'scopeId';
+export declare const ApplicationUserConsentOrganizationResourceScopes: GeneratedSchema<ApplicationUserConsentOrganizationResourceScopeKeys, CreateApplicationUserConsentOrganizationResourceScope, ApplicationUserConsentOrganizationResourceScope, 'application_user_consent_organization_resource_scopes', 'application_user_consent_organization_resource_scope'>;

package/lib/db-entries/application-user-consent-organization-resource-scope.js

@@ -0,0 +1,29 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    applicationId: z.string().min(1).max(21),
+    scopeId: z.string().min(1).max(21),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    applicationId: z.string().min(1).max(21),
+    scopeId: z.string().min(1).max(21),
+});
+export const ApplicationUserConsentOrganizationResourceScopes = Object.freeze({
+    table: 'application_user_consent_organization_resource_scopes',
+    tableSingular: 'application_user_consent_organization_resource_scope',
+    fields: {
+        tenantId: 'tenant_id',
+        applicationId: 'application_id',
+        scopeId: 'scope_id',
+    },
+    fieldKeys: [
+        'tenantId',
+        'applicationId',
+        'scopeId',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/index.d.ts

@@ -4,6 +4,7 @@ export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
 export * from './application-sign-in-experience.js';
+export * from './application-user-consent-organization-resource-scope.js';
 export * from './application-user-consent-organization-scope.js';
 export * from './application-user-consent-organization.js';
 export * from './application-user-consent-resource-scope.js';

package/lib/db-entries/index.js

@@ -5,6 +5,7 @@ export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
 export * from './application-sign-in-experience.js';
+export * from './application-user-consent-organization-resource-scope.js';
 export * from './application-user-consent-organization-scope.js';
 export * from './application-user-consent-organization.js';
 export * from './application-user-consent-resource-scope.js';

package/lib/db-entries/organization.d.ts

@@ -1,4 +1,4 @@
-import { GeneratedSchema } from './../foundations/index.js';
+import { JsonObject, GeneratedSchema } from './../foundations/index.js';
 /**
  * Organizations defined by [RFC 0001](https://github.com/logto-io/rfcs/blob/HEAD/active/0001-organization.md).
  *
@@ -13,6 +13,8 @@ export type CreateOrganization = {
     name: string;
     /** A brief description of the organization. */
     description?: string | null;
+    /** Additional data associated with the organization. */
+    customData?: JsonObject;
     /** When the organization was created. */
     createdAt?: number;
 };
@@ -25,8 +27,10 @@ export type Organization = {
     name: string;
     /** A brief description of the organization. */
     description: string | null;
+    /** Additional data associated with the organization. */
+    customData: JsonObject;
     /** When the organization was created. */
     createdAt: number;
 };
-export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'createdAt';
+export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'createdAt';
 export declare const Organizations: GeneratedSchema<OrganizationKeys, CreateOrganization, Organization, 'organizations', 'organization'>;

package/lib/db-entries/organization.js

@@ -1,10 +1,12 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
+import { jsonObjectGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().max(256).nullable().optional(),
+    customData: jsonObjectGuard.optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
@@ -12,6 +14,7 @@ const guard = z.object({
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().max(256).nullable(),
+    customData: jsonObjectGuard,
     createdAt: z.number(),
 });
 export const Organizations = Object.freeze({
@@ -22,6 +25,7 @@ export const Organizations = Object.freeze({
         id: 'id',
         name: 'name',
         description: 'description',
+        customData: 'custom_data',
         createdAt: 'created_at',
     },
     fieldKeys: [
@@ -29,6 +33,7 @@ export const Organizations = Object.freeze({
         'id',
         'name',
         'description',
+        'customData',
         'createdAt',
     ],
     createGuard,

package/lib/db-entries/role.d.ts

@@ -11,6 +11,8 @@ export type CreateRole = {
     name: string;
     description: string;
     type?: RoleType;
+    /** If the role is the default role for a new user. Should be ignored for `MachineToMachine` roles. */
+    isDefault?: boolean;
 };
 export type Role = {
     tenantId: string;
@@ -18,6 +20,8 @@ export type Role = {
     name: string;
     description: string;
     type: RoleType;
+    /** If the role is the default role for a new user. Should be ignored for `MachineToMachine` roles. */
+    isDefault: boolean;
 };
-export type RoleKeys = 'tenantId' | 'id' | 'name' | 'description' | 'type';
+export type RoleKeys = 'tenantId' | 'id' | 'name' | 'description' | 'type' | 'isDefault';
 export declare const Roles: GeneratedSchema<RoleKeys, CreateRole, Role, 'roles', 'role'>;

package/lib/db-entries/role.js

@@ -7,6 +7,7 @@ const createGuard = z.object({
     name: z.string().min(1).max(128),
     description: z.string().min(1).max(128),
     type: z.nativeEnum(RoleType).optional(),
+    isDefault: z.boolean().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -14,6 +15,7 @@ const guard = z.object({
     name: z.string().min(1).max(128),
     description: z.string().min(1).max(128),
     type: z.nativeEnum(RoleType),
+    isDefault: z.boolean(),
 });
 export const Roles = Object.freeze({
     table: 'roles',
@@ -24,6 +26,7 @@ export const Roles = Object.freeze({
         name: 'name',
         description: 'description',
         type: 'type',
+        isDefault: 'is_default',
     },
     fieldKeys: [
         'tenantId',
@@ -31,6 +34,7 @@ export const Roles = Object.freeze({
         'name',
         'description',
         'type',
+        'isDefault',
     ],
     createGuard,
     guard,

package/lib/foundations/jsonb-types/hooks.d.ts

@@ -1,12 +1,45 @@
 import { z } from 'zod';
-export declare enum HookEvent {
+/**
+ * We categorize the hook events into two types:
+ *
+ * InteractionHookEvent: The hook events that are triggered by user interactions.
+ * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ */
+export declare enum InteractionHookEvent {
     PostRegister = "PostRegister",
     PostSignIn = "PostSignIn",
     PostResetPassword = "PostResetPassword"
 }
-export declare const hookEventGuard: z.ZodType<HookEvent>;
-export declare const hookEventsGuard: z.ZodArray<z.ZodType<HookEvent, z.ZodTypeDef, HookEvent>, "many">;
+export declare enum DataHookSchema {
+    User = "User",
+    Role = "Role",
+    Scope = "Scope",
+    Organization = "Organization",
+    OrganizationRole = "OrganizationRole",
+    OrganizationScope = "OrganizationScope"
+}
+declare enum DataHookBasicMutationType {
+    Created = "Created",
+    Deleted = "Deleted"
+}
+declare enum DataHookDetailMutationType {
+    Updated = "Updated"
+}
+type BasicDataHookEvent = `${DataHookSchema}.${DataHookBasicMutationType}`;
+type CustomDataHookMutableSchema = `${DataHookSchema}.Data` | `${DataHookSchema.User}.SuspensionStatus` | `${DataHookSchema.Role}.Scopes` | `${DataHookSchema.Organization}.Membership` | `${DataHookSchema.OrganizationRole}.Scopes`;
+type DataHookPropertyUpdateEvent = `${CustomDataHookMutableSchema}.${DataHookDetailMutationType.Updated}`;
+export type DataHookEvent = BasicDataHookEvent | DataHookPropertyUpdateEvent;
+/** The hook event values that can be registered. */
+export declare const hookEvents: readonly [InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"];
+/** The type of hook event values that can be registered. */
+export type HookEvent = (typeof hookEvents)[number];
+export declare const hookEventGuard: z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"]>;
+export declare const hookEventsGuard: z.ZodArray<z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"]>, "many">;
 export type HookEvents = z.infer<typeof hookEventsGuard>;
+export declare const interactionHookEventGuard: z.ZodNativeEnum<typeof InteractionHookEvent>;
+/**
+ * Hook configuration for web hook.
+ */
 export declare const hookConfigGuard: z.ZodObject<{
     /** We don't need `type` since v1 only has web hook */
     /** Method fixed to `POST` */
@@ -30,3 +63,40 @@ export declare const hookConfigGuard: z.ZodObject<{
     retries?: number | undefined;
 }>;
 export type HookConfig = z.infer<typeof hookConfigGuard>;
+/**
+ * Management API hooks registration.
+ * Define the hook event that should be triggered when the management API is called.
+ */
+export declare const managementApiHooksRegistration: Readonly<{
+    'POST /users': "User.Created";
+    'DELETE /users/:userId': "User.Deleted";
+    'PATCH /users/:userId': "User.Data.Updated";
+    'PATCH /users/:userId/custom-data': "User.Data.Updated";
+    'PATCH /users/:userId/profile': "User.Data.Updated";
+    'PATCH /users/:userId/password': "User.Data.Updated";
+    'PATCH /users/:userId/is-suspended': "User.SuspensionStatus.Updated";
+    'POST /roles': "Role.Created";
+    'DELETE /roles/:id': "Role.Deleted";
+    'PATCH /roles/:id': "Role.Data.Updated";
+    'POST /roles/:id/scopes': "Role.Scopes.Updated";
+    'DELETE /roles/:id/scopes/:scopeId': "Role.Scopes.Updated";
+    'POST /resources/:resourceId/scopes': "Scope.Created";
+    'DELETE /resources/:resourceId/scopes/:scopeId': "Scope.Deleted";
+    'PATCH /resources/:resourceId/scopes/:scopeId': "Scope.Data.Updated";
+    'POST /organizations': "Organization.Created";
+    'DELETE /organizations/:id': "Organization.Deleted";
+    'PATCH /organizations/:id': "Organization.Data.Updated";
+    'PUT /organizations/:id/users': "Organization.Membership.Updated";
+    'POST /organizations/:id/users': "Organization.Membership.Updated";
+    'DELETE /organizations/:id/users/:userId': "Organization.Membership.Updated";
+    'POST /organization-roles': "OrganizationRole.Created";
+    'DELETE /organization-roles/:id': "OrganizationRole.Deleted";
+    'PATCH /organization-roles/:id': "OrganizationRole.Data.Updated";
+    'POST /organization-scopes': "OrganizationScope.Created";
+    'DELETE /organization-scopes/:id': "OrganizationScope.Deleted";
+    'PATCH /organization-scopes/:id': "OrganizationScope.Data.Updated";
+    'PUT /organization-roles/:id/scopes': "OrganizationRole.Scopes.Updated";
+    'POST /organization-roles/:id/scopes': "OrganizationRole.Scopes.Updated";
+    'DELETE /organization-roles/:id/scopes/:organizationScopeId': "OrganizationRole.Scopes.Updated";
+}>;
+export {};

package/lib/foundations/jsonb-types/hooks.js

@@ -1,12 +1,70 @@
 import { z } from 'zod';
-export var HookEvent;
-(function (HookEvent) {
-    HookEvent["PostRegister"] = "PostRegister";
-    HookEvent["PostSignIn"] = "PostSignIn";
-    HookEvent["PostResetPassword"] = "PostResetPassword";
-})(HookEvent || (HookEvent = {}));
-export const hookEventGuard = z.nativeEnum(HookEvent);
+/**
+ * We categorize the hook events into two types:
+ *
+ * InteractionHookEvent: The hook events that are triggered by user interactions.
+ * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ */
+// InteractionHookEvent
+export var InteractionHookEvent;
+(function (InteractionHookEvent) {
+    InteractionHookEvent["PostRegister"] = "PostRegister";
+    InteractionHookEvent["PostSignIn"] = "PostSignIn";
+    InteractionHookEvent["PostResetPassword"] = "PostResetPassword";
+})(InteractionHookEvent || (InteractionHookEvent = {}));
+// DataHookEvent
+export var DataHookSchema;
+(function (DataHookSchema) {
+    DataHookSchema["User"] = "User";
+    DataHookSchema["Role"] = "Role";
+    DataHookSchema["Scope"] = "Scope";
+    DataHookSchema["Organization"] = "Organization";
+    DataHookSchema["OrganizationRole"] = "OrganizationRole";
+    DataHookSchema["OrganizationScope"] = "OrganizationScope";
+})(DataHookSchema || (DataHookSchema = {}));
+var DataHookBasicMutationType;
+(function (DataHookBasicMutationType) {
+    DataHookBasicMutationType["Created"] = "Created";
+    DataHookBasicMutationType["Deleted"] = "Deleted";
+})(DataHookBasicMutationType || (DataHookBasicMutationType = {}));
+var DataHookDetailMutationType;
+(function (DataHookDetailMutationType) {
+    DataHookDetailMutationType["Updated"] = "Updated";
+})(DataHookDetailMutationType || (DataHookDetailMutationType = {}));
+/** The hook event values that can be registered. */
+export const hookEvents = Object.freeze([
+    InteractionHookEvent.PostRegister,
+    InteractionHookEvent.PostSignIn,
+    InteractionHookEvent.PostResetPassword,
+    'User.Created',
+    'User.Deleted',
+    'User.Data.Updated',
+    'User.SuspensionStatus.Updated',
+    'Role.Created',
+    'Role.Deleted',
+    'Role.Data.Updated',
+    'Role.Scopes.Updated',
+    'Scope.Created',
+    'Scope.Deleted',
+    'Scope.Data.Updated',
+    'Organization.Created',
+    'Organization.Deleted',
+    'Organization.Data.Updated',
+    'Organization.Membership.Updated',
+    'OrganizationRole.Created',
+    'OrganizationRole.Deleted',
+    'OrganizationRole.Data.Updated',
+    'OrganizationRole.Scopes.Updated',
+    'OrganizationScope.Created',
+    'OrganizationScope.Deleted',
+    'OrganizationScope.Data.Updated',
+]);
+export const hookEventGuard = z.enum(hookEvents);
 export const hookEventsGuard = hookEventGuard.array();
+export const interactionHookEventGuard = z.nativeEnum(InteractionHookEvent);
+/**
+ * Hook configuration for web hook.
+ */
 export const hookConfigGuard = z.object({
     /** We don't need `type` since v1 only has web hook */
     // type: 'web';
@@ -22,3 +80,39 @@ export const hookConfigGuard = z.object({
      */
     retries: z.number().gte(0).lte(3).optional(),
 });
+/**
+ * Management API hooks registration.
+ * Define the hook event that should be triggered when the management API is called.
+ */
+export const managementApiHooksRegistration = Object.freeze({
+    'POST /users': 'User.Created',
+    'DELETE /users/:userId': 'User.Deleted',
+    'PATCH /users/:userId': 'User.Data.Updated',
+    'PATCH /users/:userId/custom-data': 'User.Data.Updated',
+    'PATCH /users/:userId/profile': 'User.Data.Updated',
+    'PATCH /users/:userId/password': 'User.Data.Updated',
+    'PATCH /users/:userId/is-suspended': 'User.SuspensionStatus.Updated',
+    'POST /roles': 'Role.Created',
+    'DELETE /roles/:id': 'Role.Deleted',
+    'PATCH /roles/:id': 'Role.Data.Updated',
+    'POST /roles/:id/scopes': 'Role.Scopes.Updated',
+    'DELETE /roles/:id/scopes/:scopeId': 'Role.Scopes.Updated',
+    'POST /resources/:resourceId/scopes': 'Scope.Created',
+    'DELETE /resources/:resourceId/scopes/:scopeId': 'Scope.Deleted',
+    'PATCH /resources/:resourceId/scopes/:scopeId': 'Scope.Data.Updated',
+    'POST /organizations': 'Organization.Created',
+    'DELETE /organizations/:id': 'Organization.Deleted',
+    'PATCH /organizations/:id': 'Organization.Data.Updated',
+    'PUT /organizations/:id/users': 'Organization.Membership.Updated',
+    'POST /organizations/:id/users': 'Organization.Membership.Updated',
+    'DELETE /organizations/:id/users/:userId': 'Organization.Membership.Updated',
+    'POST /organization-roles': 'OrganizationRole.Created',
+    'DELETE /organization-roles/:id': 'OrganizationRole.Deleted',
+    'PATCH /organization-roles/:id': 'OrganizationRole.Data.Updated',
+    'POST /organization-scopes': 'OrganizationScope.Created',
+    'DELETE /organization-scopes/:id': 'OrganizationScope.Deleted',
+    'PATCH /organization-scopes/:id': 'OrganizationScope.Data.Updated',
+    'PUT /organization-roles/:id/scopes': 'OrganizationRole.Scopes.Updated',
+    'POST /organization-roles/:id/scopes': 'OrganizationRole.Scopes.Updated',
+    'DELETE /organization-roles/:id/scopes/:organizationScopeId': 'OrganizationRole.Scopes.Updated',
+});

package/lib/models/tenants.d.ts

@@ -1,5 +1,4 @@
 import type { InferModelType } from '@withtyped/server/model';
-import { z } from 'zod';
 import { TenantTag } from '../types/tenant.js';
 export declare const Tenants: import("@withtyped/server/lib/model/index.js").default<"tenants", {
     id: string;
@@ -11,23 +10,3 @@ export declare const Tenants: import("@withtyped/server/lib/model/index.js").def
     isSuspended: boolean;
 }, "name" | "createdAt" | "isSuspended" | "tag", "createdAt">;
 export type TenantModel = InferModelType<typeof Tenants>;
-export declare const tenantInfoGuard: z.ZodObject<{
-    name: z.ZodType<string, z.ZodTypeDef, string>;
-    id: z.ZodType<string, z.ZodTypeDef, string>;
-    isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
-    tag: z.ZodType<TenantTag, z.ZodTypeDef, TenantTag>;
-    indicator: z.ZodString;
-}, z.UnknownKeysParam, z.ZodTypeAny, {
-    name: string;
-    id: string;
-    indicator: string;
-    isSuspended: boolean;
-    tag: TenantTag;
-}, {
-    name: string;
-    id: string;
-    indicator: string;
-    isSuspended: boolean;
-    tag: TenantTag;
-}>;
-export type TenantInfo = z.infer<typeof tenantInfoGuard>;

package/lib/models/tenants.js

@@ -20,6 +20,3 @@ export const Tenants = createModel(
 `, 'public')
     .extend('tag', z.nativeEnum(TenantTag))
     .extend('createdAt', { readonly: true });
-export const tenantInfoGuard = Tenants.guard('model')
-    .pick({ id: true, name: true, tag: true, isSuspended: true })
-    .extend({ indicator: z.string() });

package/lib/seeds/cloud-api.js

@@ -61,4 +61,5 @@ export const createTenantApplicationRole = () => ({
     name: AdminTenantRole.TenantApplication,
     description: 'The role for M2M applications that represent a user tenant and send requests to Logto Cloud.',
     type: RoleType.MachineToMachine,
+    isDefault: false,
 });

package/lib/seeds/management-api.d.ts

@@ -120,3 +120,7 @@ export declare const createMeApiInAdminTenant: () => Readonly<{
         type: RoleType.User;
     };
 }>;
+/**
+ * Create a pre-configured M2M role for Management API access.
+ */
+export declare const createPreConfiguredManagementApiAccessRole: (tenantId: string) => CreateRole;

package/lib/seeds/management-api.js

@@ -131,3 +131,13 @@ export const createMeApiInAdminTenant = () => {
         },
     });
 };
+/**
+ * Create a pre-configured M2M role for Management API access.
+ */
+export const createPreConfiguredManagementApiAccessRole = (tenantId) => ({
+    tenantId,
+    id: generateStandardId(),
+    description: 'This default role grants access to the Logto management API.',
+    name: 'Logto Management API access',
+    type: RoleType.MachineToMachine,
+});