@logto/schemas 1.26.0 → 1.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/alterations/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.ts +20 -0
  2. package/alterations/1.27.0-1744357867-add-sentinel-activities-hash-index.ts +19 -0
  3. package/alterations-js/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.js +16 -0
  4. package/alterations-js/1.27.0-1744357867-add-sentinel-activities-hash-index.js +15 -0
  5. package/lib/consts/experience.d.ts +1 -1
  6. package/lib/consts/experience.js +1 -1
  7. package/lib/consts/index.d.ts +1 -0
  8. package/lib/consts/index.js +1 -0
  9. package/lib/consts/sentinel.d.ts +10 -0
  10. package/lib/consts/sentinel.js +10 -0
  11. package/lib/db-entries/sign-in-experience.d.ts +4 -2
  12. package/lib/db-entries/sign-in-experience.js +5 -1
  13. package/lib/foundations/jsonb-types/applications.d.ts +14 -14
  14. package/lib/foundations/jsonb-types/captcha.d.ts +2 -0
  15. package/lib/foundations/jsonb-types/custom-domain.d.ts +4 -4
  16. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +20 -0
  17. package/lib/foundations/jsonb-types/sign-in-experience.js +4 -0
  18. package/lib/types/application.d.ts +8 -8
  19. package/lib/types/consent.d.ts +4 -4
  20. package/lib/types/domain.d.ts +2 -2
  21. package/lib/types/interactions.d.ts +18 -18
  22. package/lib/types/log/interaction.d.ts +3 -2
  23. package/lib/types/log/interaction.js +1 -0
  24. package/lib/types/saml-application.d.ts +8 -8
  25. package/lib/types/sign-in-experience.d.ts +3 -0
  26. package/lib/types/system.d.ts +3 -20
  27. package/lib/types/system.js +0 -13
  28. package/package.json +13 -13
  29. package/tables/sentinel_activities.sql +3 -0
  30. package/tables/sign_in_experiences.sql +1 -0
package/alterations/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.ts ADDED
@@ -0,0 +1,20 @@
1
+ import { sql } from '@silverhand/slonik';
2
+
3
+ import type { AlterationScript } from '../lib/types/alteration.js';
4
+
5
+ const alteration: AlterationScript = {
6
+ up: async (pool) => {
7
+ await pool.query(sql`
8
+ alter table sign_in_experiences
9
+ add column sentinel_policy jsonb not null default '{}'::jsonb;
10
+ `);
11
+ },
12
+ down: async (pool) => {
13
+ await pool.query(sql`
14
+ alter table sign_in_experiences
15
+ drop column sentinel_policy;
16
+ `);
17
+ },
18
+ };
19
+
20
+ export default alteration;
package/alterations/1.27.0-1744357867-add-sentinel-activities-hash-index.ts ADDED
@@ -0,0 +1,19 @@
1
+ import { sql } from '@silverhand/slonik';
2
+
3
+ import type { AlterationScript } from '../lib/types/alteration.js';
4
+
5
+ const alteration: AlterationScript = {
6
+ up: async (pool) => {
7
+ await pool.query(sql`
8
+ create index sentinel_activities__target_type_target_hash
9
+ on sentinel_activities (tenant_id, target_type, target_hash);
10
+ `);
11
+ },
12
+ down: async (pool) => {
13
+ await pool.query(sql`
14
+ drop index sentinel_activities__target_type_target_hash;
15
+ `);
16
+ },
17
+ };
18
+
19
+ export default alteration;
package/alterations-js/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.js ADDED
@@ -0,0 +1,16 @@
1
+ import { sql } from '@silverhand/slonik';
2
+ const alteration = {
3
+ up: async (pool) => {
4
+ await pool.query(sql `
5
+ alter table sign_in_experiences
6
+ add column sentinel_policy jsonb not null default '{}'::jsonb;
7
+ `);
8
+ },
9
+ down: async (pool) => {
10
+ await pool.query(sql `
11
+ alter table sign_in_experiences
12
+ drop column sentinel_policy;
13
+ `);
14
+ },
15
+ };
16
+ export default alteration;
package/alterations-js/1.27.0-1744357867-add-sentinel-activities-hash-index.js ADDED
@@ -0,0 +1,15 @@
1
+ import { sql } from '@silverhand/slonik';
2
+ const alteration = {
3
+ up: async (pool) => {
4
+ await pool.query(sql `
5
+ create index sentinel_activities__target_type_target_hash
6
+ on sentinel_activities (tenant_id, target_type, target_hash);
7
+ `);
8
+ },
9
+ down: async (pool) => {
10
+ await pool.query(sql `
11
+ drop index sentinel_activities__target_type_target_hash;
12
+ `);
13
+ },
14
+ };
15
+ export default alteration;
package/lib/consts/experience.d.ts CHANGED
@@ -8,6 +8,6 @@ export declare const experience: Readonly<{
8
8
  readonly identifierSignIn: "identifier-sign-in";
9
9
  readonly identifierRegister: "identifier-register";
10
10
  readonly switchAccount: "switch-account";
11
- readonly error: "error";
11
+ readonly oneTimeToken: "one-time-token";
12
12
  }>;
13
13
  }>;
package/lib/consts/experience.js CHANGED
@@ -7,7 +7,7 @@ const routes = Object.freeze({
7
7
  identifierSignIn: 'identifier-sign-in',
8
8
  identifierRegister: 'identifier-register',
9
9
  switchAccount: 'switch-account',
10
- error: 'error',
10
+ oneTimeToken: 'one-time-token',
11
11
  });
12
12
  export const experience = Object.freeze({
13
13
  routes,
package/lib/consts/index.d.ts CHANGED
@@ -5,3 +5,4 @@ export * from './date.js';
5
5
  export * from './tenant.js';
6
6
  export * from './subscriptions.js';
7
7
  export * from './experience.js';
8
+ export * from './sentinel.js';
package/lib/consts/index.js CHANGED
@@ -5,3 +5,4 @@ export * from './date.js';
5
5
  export * from './tenant.js';
6
6
  export * from './subscriptions.js';
7
7
  export * from './experience.js';
8
+ export * from './sentinel.js';
package/lib/consts/sentinel.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ /**
2
+ * The default policy for this sentinel.
3
+ *
4
+ * - `maxAttempts`: 100
5
+ * - `lockoutDuration`: 60 minutes
6
+ */
7
+ export declare const defaultSentinelPolicy: Readonly<{
8
+ maxAttempts: number;
9
+ lockoutDuration: number;
10
+ }>;
package/lib/consts/sentinel.js ADDED
@@ -0,0 +1,10 @@
1
+ /**
2
+ * The default policy for this sentinel.
3
+ *
4
+ * - `maxAttempts`: 100
5
+ * - `lockoutDuration`: 60 minutes
6
+ */
7
+ export const defaultSentinelPolicy = Object.freeze({
8
+ maxAttempts: 100,
9
+ lockoutDuration: 60,
10
+ });
package/lib/db-entries/sign-in-experience.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, GeneratedSchema } from './../foundations/index.js';
1
+ import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, SentinelPolicy, GeneratedSchema } from './../foundations/index.js';
2
2
  import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
3
3
  /**
4
4
  *
@@ -30,6 +30,7 @@ export type CreateSignInExperience = {
30
30
  supportWebsiteUrl?: string | null;
31
31
  unknownSessionRedirectUrl?: string | null;
32
32
  captchaPolicy?: CaptchaPolicy;
33
+ sentinelPolicy?: SentinelPolicy;
33
34
  };
34
35
  export type SignInExperience = {
35
36
  tenantId: string;
@@ -56,6 +57,7 @@ export type SignInExperience = {
56
57
  supportWebsiteUrl: string | null;
57
58
  unknownSessionRedirectUrl: string | null;
58
59
  captchaPolicy: CaptchaPolicy;
60
+ sentinelPolicy: SentinelPolicy;
59
61
  };
60
- export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy';
62
+ export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy';
61
63
  export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;
package/lib/db-entries/sign-in-experience.js CHANGED
@@ -1,6 +1,6 @@
1
1
  // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
2
2
  import { z } from 'zod';
3
- import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard } from './../foundations/index.js';
3
+ import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard, sentinelPolicyGuard } from './../foundations/index.js';
4
4
  import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
5
5
  const createGuard = z.object({
6
6
  tenantId: z.string().max(21).optional(),
@@ -26,6 +26,7 @@ const createGuard = z.object({
26
26
  supportWebsiteUrl: z.string().nullable().optional(),
27
27
  unknownSessionRedirectUrl: z.string().nullable().optional(),
28
28
  captchaPolicy: captchaPolicyGuard.optional(),
29
+ sentinelPolicy: sentinelPolicyGuard.optional(),
29
30
  });
30
31
  const guard = z.object({
31
32
  tenantId: z.string().max(21),
@@ -51,6 +52,7 @@ const guard = z.object({
51
52
  supportWebsiteUrl: z.string().nullable(),
52
53
  unknownSessionRedirectUrl: z.string().nullable(),
53
54
  captchaPolicy: captchaPolicyGuard,
55
+ sentinelPolicy: sentinelPolicyGuard,
54
56
  });
55
57
  export const SignInExperiences = Object.freeze({
56
58
  table: 'sign_in_experiences',
@@ -79,6 +81,7 @@ export const SignInExperiences = Object.freeze({
79
81
  supportWebsiteUrl: 'support_website_url',
80
82
  unknownSessionRedirectUrl: 'unknown_session_redirect_url',
81
83
  captchaPolicy: 'captcha_policy',
84
+ sentinelPolicy: 'sentinel_policy',
82
85
  },
83
86
  fieldKeys: [
84
87
  'tenantId',
@@ -104,6 +107,7 @@ export const SignInExperiences = Object.freeze({
104
107
  'supportWebsiteUrl',
105
108
  'unknownSessionRedirectUrl',
106
109
  'captchaPolicy',
110
+ 'sentinelPolicy',
107
111
  ],
108
112
  createGuard,
109
113
  guard,
package/lib/foundations/jsonb-types/applications.d.ts CHANGED
@@ -8,12 +8,12 @@ export declare const customDomainGuard: z.ZodObject<{
8
8
  type: z.ZodString;
9
9
  value: z.ZodString;
10
10
  }, "strip", z.ZodTypeAny, {
11
- type: string;
12
11
  value: string;
12
+ type: string;
13
13
  name: string;
14
14
  }, {
15
- type: string;
16
15
  value: string;
16
+ type: string;
17
17
  name: string;
18
18
  }>, "many">;
19
19
  cloudflareData: z.ZodNullable<z.ZodObject<{
@@ -66,8 +66,8 @@ export declare const customDomainGuard: z.ZodObject<{
66
66
  domain: string;
67
67
  errorMessage: string | null;
68
68
  dnsRecords: {
69
- type: string;
70
69
  value: string;
70
+ type: string;
71
71
  name: string;
72
72
  }[];
73
73
  cloudflareData: {
@@ -86,8 +86,8 @@ export declare const customDomainGuard: z.ZodObject<{
86
86
  domain: string;
87
87
  errorMessage: string | null;
88
88
  dnsRecords: {
89
- type: string;
90
89
  value: string;
90
+ type: string;
91
91
  name: string;
92
92
  }[];
93
93
  cloudflareData: {
@@ -111,12 +111,12 @@ export declare const customDomainsGuard: z.ZodArray<z.ZodObject<{
111
111
  type: z.ZodString;
112
112
  value: z.ZodString;
113
113
  }, "strip", z.ZodTypeAny, {
114
- type: string;
115
114
  value: string;
115
+ type: string;
116
116
  name: string;
117
117
  }, {
118
- type: string;
119
118
  value: string;
119
+ type: string;
120
120
  name: string;
121
121
  }>, "many">;
122
122
  cloudflareData: z.ZodNullable<z.ZodObject<{
@@ -169,8 +169,8 @@ export declare const customDomainsGuard: z.ZodArray<z.ZodObject<{
169
169
  domain: string;
170
170
  errorMessage: string | null;
171
171
  dnsRecords: {
172
- type: string;
173
172
  value: string;
173
+ type: string;
174
174
  name: string;
175
175
  }[];
176
176
  cloudflareData: {
@@ -189,8 +189,8 @@ export declare const customDomainsGuard: z.ZodArray<z.ZodObject<{
189
189
  domain: string;
190
190
  errorMessage: string | null;
191
191
  dnsRecords: {
192
- type: string;
193
192
  value: string;
193
+ type: string;
194
194
  name: string;
195
195
  }[];
196
196
  cloudflareData: {
@@ -226,12 +226,12 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
226
226
  type: z.ZodString;
227
227
  value: z.ZodString;
228
228
  }, "strip", z.ZodTypeAny, {
229
- type: string;
230
229
  value: string;
230
+ type: string;
231
231
  name: string;
232
232
  }, {
233
- type: string;
234
233
  value: string;
234
+ type: string;
235
235
  name: string;
236
236
  }>, "many">;
237
237
  cloudflareData: z.ZodNullable<z.ZodObject<{
@@ -284,8 +284,8 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
284
284
  domain: string;
285
285
  errorMessage: string | null;
286
286
  dnsRecords: {
287
- type: string;
288
287
  value: string;
288
+ type: string;
289
289
  name: string;
290
290
  }[];
291
291
  cloudflareData: {
@@ -304,8 +304,8 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
304
304
  domain: string;
305
305
  errorMessage: string | null;
306
306
  dnsRecords: {
307
- type: string;
308
307
  value: string;
308
+ type: string;
309
309
  name: string;
310
310
  }[];
311
311
  cloudflareData: {
@@ -332,8 +332,8 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
332
332
  domain: string;
333
333
  errorMessage: string | null;
334
334
  dnsRecords: {
335
- type: string;
336
335
  value: string;
336
+ type: string;
337
337
  name: string;
338
338
  }[];
339
339
  cloudflareData: {
@@ -360,8 +360,8 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
360
360
  domain: string;
361
361
  errorMessage: string | null;
362
362
  dnsRecords: {
363
- type: string;
364
363
  value: string;
364
+ type: string;
365
365
  name: string;
366
366
  }[];
367
367
  cloudflareData: {
package/lib/foundations/jsonb-types/captcha.d.ts CHANGED
@@ -16,6 +16,7 @@ export declare const turnstileConfigGuard: z.ZodObject<{
16
16
  siteKey: string;
17
17
  secretKey: string;
18
18
  }>;
19
+ export type TurnstileConfig = z.infer<typeof turnstileConfigGuard>;
19
20
  export declare const recaptchaEnterpriseConfigGuard: z.ZodObject<{
20
21
  type: z.ZodLiteral<CaptchaType.RecaptchaEnterprise>;
21
22
  siteKey: z.ZodString;
@@ -32,6 +33,7 @@ export declare const recaptchaEnterpriseConfigGuard: z.ZodObject<{
32
33
  secretKey: string;
33
34
  projectId: string;
34
35
  }>;
36
+ export type RecaptchaEnterpriseConfig = z.infer<typeof recaptchaEnterpriseConfigGuard>;
35
37
  export declare const captchaConfigGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
36
38
  type: z.ZodLiteral<CaptchaType.Turnstile>;
37
39
  siteKey: z.ZodString;
package/lib/foundations/jsonb-types/custom-domain.d.ts CHANGED
@@ -4,12 +4,12 @@ export declare const domainDnsRecordGuard: z.ZodObject<{
4
4
  type: z.ZodString;
5
5
  value: z.ZodString;
6
6
  }, "strip", z.ZodTypeAny, {
7
- type: string;
8
7
  value: string;
8
+ type: string;
9
9
  name: string;
10
10
  }, {
11
- type: string;
12
11
  value: string;
12
+ type: string;
13
13
  name: string;
14
14
  }>;
15
15
  export type DomainDnsRecord = z.infer<typeof domainDnsRecordGuard>;
@@ -18,12 +18,12 @@ export declare const domainDnsRecordsGuard: z.ZodArray<z.ZodObject<{
18
18
  type: z.ZodString;
19
19
  value: z.ZodString;
20
20
  }, "strip", z.ZodTypeAny, {
21
- type: string;
22
21
  value: string;
22
+ type: string;
23
23
  name: string;
24
24
  }, {
25
- type: string;
26
25
  value: string;
26
+ type: string;
27
27
  name: string;
28
28
  }>, "many">;
29
29
  export type DomainDnsRecords = z.infer<typeof domainDnsRecordsGuard>;
package/lib/foundations/jsonb-types/sign-in-experience.d.ts CHANGED
@@ -291,4 +291,24 @@ export declare const captchaPolicyGuard: z.ZodObject<{
291
291
  enabled?: boolean | undefined;
292
292
  }>;
293
293
  export type CaptchaPolicy = z.infer<typeof captchaPolicyGuard>;
294
+ export type SentinelPolicy = {
295
+ /**
296
+ * Maximum failed attempts allowed in one hour before blocking the user.
297
+ */
298
+ maxAttempts?: number;
299
+ /**
300
+ * Lockout duration in minutes after exceeding the maximum failed attempts.
301
+ */
302
+ lockoutDuration?: number;
303
+ };
304
+ export declare const sentinelPolicyGuard: z.ZodObject<{
305
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
306
+ lockoutDuration: z.ZodOptional<z.ZodNumber>;
307
+ }, "strip", z.ZodTypeAny, {
308
+ maxAttempts?: number | undefined;
309
+ lockoutDuration?: number | undefined;
310
+ }, {
311
+ maxAttempts?: number | undefined;
312
+ lockoutDuration?: number | undefined;
313
+ }>;
294
314
  export {};
package/lib/foundations/jsonb-types/sign-in-experience.js CHANGED
@@ -106,3 +106,7 @@ export const customUiAssetsGuard = z.object({
106
106
  export const captchaPolicyGuard = z.object({
107
107
  enabled: z.boolean().optional(),
108
108
  });
109
+ export const sentinelPolicyGuard = z.object({
110
+ maxAttempts: z.number().optional(),
111
+ lockoutDuration: z.number().optional(),
112
+ });
package/lib/types/application.d.ts CHANGED
@@ -47,8 +47,8 @@ export declare const featuredApplicationGuard: z.ZodObject<Pick<{
47
47
  domain: string;
48
48
  errorMessage: string | null;
49
49
  dnsRecords: {
50
- type: string;
51
50
  value: string;
51
+ type: string;
52
52
  name: string;
53
53
  }[];
54
54
  cloudflareData: {
@@ -75,8 +75,8 @@ export declare const featuredApplicationGuard: z.ZodObject<Pick<{
75
75
  domain: string;
76
76
  errorMessage: string | null;
77
77
  dnsRecords: {
78
- type: string;
79
78
  value: string;
79
+ type: string;
80
80
  name: string;
81
81
  }[];
82
82
  cloudflareData: {
@@ -139,8 +139,8 @@ export declare const applicationCreateGuard: z.ZodObject<z.objectUtil.extendShap
139
139
  domain: string;
140
140
  errorMessage: string | null;
141
141
  dnsRecords: {
142
- type: string;
143
142
  value: string;
143
+ type: string;
144
144
  name: string;
145
145
  }[];
146
146
  cloudflareData: {
@@ -167,8 +167,8 @@ export declare const applicationCreateGuard: z.ZodObject<z.objectUtil.extendShap
167
167
  domain: string;
168
168
  errorMessage: string | null;
169
169
  dnsRecords: {
170
- type: string;
171
170
  value: string;
171
+ type: string;
172
172
  name: string;
173
173
  }[];
174
174
  cloudflareData: {
@@ -222,8 +222,8 @@ export declare const applicationCreateGuard: z.ZodObject<z.objectUtil.extendShap
222
222
  domain: string;
223
223
  errorMessage: string | null;
224
224
  dnsRecords: {
225
- type: string;
226
225
  value: string;
226
+ type: string;
227
227
  name: string;
228
228
  }[];
229
229
  cloudflareData: {
@@ -250,8 +250,8 @@ export declare const applicationCreateGuard: z.ZodObject<z.objectUtil.extendShap
250
250
  domain: string;
251
251
  errorMessage: string | null;
252
252
  dnsRecords: {
253
- type: string;
254
253
  value: string;
254
+ type: string;
255
255
  name: string;
256
256
  }[];
257
257
  cloudflareData: {
@@ -322,8 +322,8 @@ export declare const applicationPatchGuard: z.ZodObject<Omit<{
322
322
  domain: string;
323
323
  errorMessage: string | null;
324
324
  dnsRecords: {
325
- type: string;
326
325
  value: string;
326
+ type: string;
327
327
  name: string;
328
328
  }[];
329
329
  cloudflareData: {
@@ -350,8 +350,8 @@ export declare const applicationPatchGuard: z.ZodObject<Omit<{
350
350
  domain: string;
351
351
  errorMessage: string | null;
352
352
  dnsRecords: {
353
- type: string;
354
353
  value: string;
354
+ type: string;
355
355
  name: string;
356
356
  }[];
357
357
  cloudflareData: {
package/lib/types/consent.d.ts CHANGED
@@ -174,8 +174,8 @@ export declare const publicApplicationGuard: z.ZodObject<Pick<{
174
174
  domain: string;
175
175
  errorMessage: string | null;
176
176
  dnsRecords: {
177
- type: string;
178
177
  value: string;
178
+ type: string;
179
179
  name: string;
180
180
  }[];
181
181
  cloudflareData: {
@@ -202,8 +202,8 @@ export declare const publicApplicationGuard: z.ZodObject<Pick<{
202
202
  domain: string;
203
203
  errorMessage: string | null;
204
204
  dnsRecords: {
205
- type: string;
206
205
  value: string;
206
+ type: string;
207
207
  name: string;
208
208
  }[];
209
209
  cloudflareData: {
@@ -480,8 +480,8 @@ export declare const consentInfoResponseGuard: z.ZodObject<{
480
480
  domain: string;
481
481
  errorMessage: string | null;
482
482
  dnsRecords: {
483
- type: string;
484
483
  value: string;
484
+ type: string;
485
485
  name: string;
486
486
  }[];
487
487
  cloudflareData: {
@@ -508,8 +508,8 @@ export declare const consentInfoResponseGuard: z.ZodObject<{
508
508
  domain: string;
509
509
  errorMessage: string | null;
510
510
  dnsRecords: {
511
- type: string;
512
511
  value: string;
512
+ type: string;
513
513
  name: string;
514
514
  }[];
515
515
  cloudflareData: {
package/lib/types/domain.d.ts CHANGED
@@ -7,12 +7,12 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
7
7
  status: z.ZodType<import("../index.js").DomainStatus, z.ZodTypeDef, import("../index.js").DomainStatus>;
8
8
  errorMessage: z.ZodType<string | null, z.ZodTypeDef, string | null>;
9
9
  dnsRecords: z.ZodType<{
10
- type: string;
11
10
  value: string;
11
+ type: string;
12
12
  name: string;
13
13
  }[], z.ZodTypeDef, {
14
- type: string;
15
14
  value: string;
15
+ type: string;
16
16
  name: string;
17
17
  }[]>;
18
18
  cloudflareData: z.ZodType<{
package/lib/types/interactions.d.ts CHANGED
@@ -18,11 +18,11 @@ export declare const verificationIdentifierGuard: z.ZodObject<{
18
18
  type: z.ZodUnion<[z.ZodNativeEnum<typeof SignInIdentifier>, z.ZodNativeEnum<typeof AdditionalIdentifier>]>;
19
19
  value: z.ZodString;
20
20
  }, "strip", z.ZodTypeAny, {
21
- type: SignInIdentifier | AdditionalIdentifier;
22
21
  value: string;
23
- }, {
24
22
  type: SignInIdentifier | AdditionalIdentifier;
23
+ }, {
25
24
  value: string;
25
+ type: SignInIdentifier | AdditionalIdentifier;
26
26
  }>;
27
27
  /** Identifiers that can be used to uniquely identify a user. */
28
28
  export type InteractionIdentifier<T extends SignInIdentifier = SignInIdentifier> = {
@@ -33,11 +33,11 @@ export declare const interactionIdentifierGuard: z.ZodObject<{
33
33
  type: z.ZodNativeEnum<typeof SignInIdentifier>;
34
34
  value: z.ZodString;
35
35
  }, "strip", z.ZodTypeAny, {
36
- type: SignInIdentifier;
37
36
  value: string;
38
- }, {
39
37
  type: SignInIdentifier;
38
+ }, {
40
39
  value: string;
40
+ type: SignInIdentifier;
41
41
  }>;
42
42
  export type VerificationCodeSignInIdentifier = SignInIdentifier.Email | SignInIdentifier.Phone;
43
43
  /** Currently only email and phone are supported for verification code validation. */
@@ -49,11 +49,11 @@ export declare const verificationCodeIdentifierGuard: z.ZodObject<{
49
49
  type: z.ZodEnum<[SignInIdentifier.Email, SignInIdentifier.Phone]>;
50
50
  value: z.ZodString;
51
51
  }, "strip", z.ZodTypeAny, {
52
- type: SignInIdentifier.Email | SignInIdentifier.Phone;
53
52
  value: string;
54
- }, {
55
53
  type: SignInIdentifier.Email | SignInIdentifier.Phone;
54
+ }, {
56
55
  value: string;
56
+ type: SignInIdentifier.Email | SignInIdentifier.Phone;
57
57
  }>;
58
58
  /** Payload type for `POST /api/experience/verification/{social|sso}/:connectorId/authorization-uri`. */
59
59
  export type SocialAuthorizationUrlPayload = {
@@ -102,24 +102,24 @@ export declare const passwordVerificationPayloadGuard: z.ZodObject<{
102
102
  type: z.ZodNativeEnum<typeof SignInIdentifier>;
103
103
  value: z.ZodString;
104
104
  }, "strip", z.ZodTypeAny, {
105
- type: SignInIdentifier;
106
105
  value: string;
107
- }, {
108
106
  type: SignInIdentifier;
107
+ }, {
109
108
  value: string;
109
+ type: SignInIdentifier;
110
110
  }>;
111
111
  password: z.ZodString;
112
112
  }, "strip", z.ZodTypeAny, {
113
113
  password: string;
114
114
  identifier: {
115
- type: SignInIdentifier;
116
115
  value: string;
116
+ type: SignInIdentifier;
117
117
  };
118
118
  }, {
119
119
  password: string;
120
120
  identifier: {
121
- type: SignInIdentifier;
122
121
  value: string;
122
+ type: SignInIdentifier;
123
123
  };
124
124
  }>;
125
125
  /** Payload type for `POST /api/experience/verification/totp/verify`. */
@@ -168,23 +168,23 @@ export declare const oneTimeTokenVerificationVerifyPayloadGuard: z.ZodObject<{
168
168
  type: z.ZodLiteral<SignInIdentifier.Email>;
169
169
  value: z.ZodString;
170
170
  }, "strip", z.ZodTypeAny, {
171
- type: SignInIdentifier.Email;
172
171
  value: string;
173
- }, {
174
172
  type: SignInIdentifier.Email;
173
+ }, {
175
174
  value: string;
175
+ type: SignInIdentifier.Email;
176
176
  }>;
177
177
  token: z.ZodString;
178
178
  }, "strip", z.ZodTypeAny, {
179
179
  identifier: {
180
- type: SignInIdentifier.Email;
181
180
  value: string;
181
+ type: SignInIdentifier.Email;
182
182
  };
183
183
  token: string;
184
184
  }, {
185
185
  identifier: {
186
- type: SignInIdentifier.Email;
187
186
  value: string;
187
+ type: SignInIdentifier.Email;
188
188
  };
189
189
  token: string;
190
190
  }>;
@@ -235,20 +235,20 @@ export declare const updateProfileApiPayloadGuard: z.ZodDiscriminatedUnion<"type
235
235
  type: z.ZodLiteral<SignInIdentifier.Username>;
236
236
  value: z.ZodString;
237
237
  }, "strip", z.ZodTypeAny, {
238
- type: SignInIdentifier.Username;
239
238
  value: string;
240
- }, {
241
239
  type: SignInIdentifier.Username;
240
+ }, {
242
241
  value: string;
242
+ type: SignInIdentifier.Username;
243
243
  }>, z.ZodObject<{
244
244
  type: z.ZodLiteral<"password">;
245
245
  value: z.ZodString;
246
246
  }, "strip", z.ZodTypeAny, {
247
- type: "password";
248
247
  value: string;
249
- }, {
250
248
  type: "password";
249
+ }, {
251
250
  value: string;
251
+ type: "password";
252
252
  }>, z.ZodObject<{
253
253
  type: z.ZodLiteral<SignInIdentifier.Email>;
254
254
  verificationId: z.ZodString;
package/lib/types/log/interaction.d.ts CHANGED
@@ -9,7 +9,8 @@ export declare enum Field {
9
9
  Profile = "Profile",
10
10
  BindMfa = "BindMfa",
11
11
  Mfa = "Mfa",
12
- Verification = "Verification"
12
+ Verification = "Verification",
13
+ Captcha = "Captcha"
13
14
  }
14
15
  /** Method to verify the identifier */
15
16
  export declare enum Method {
@@ -67,4 +68,4 @@ export declare enum Action {
67
68
  * - When {@link Method} is `VerificationCode`, {@link Action} can be `Create` (generate and send a code) or `Submit` (verify and submit to the identifiers);
68
69
  * - Otherwise, {@link Action} is fixed to `Submit` (other methods can be verified on submitting).
69
70
  */
70
- export type LogKey = `${Prefix}.${Action.Create | Action.End}` | `${Prefix}.${InteractionEvent}.${Action.Create | Action.Update | Action.Submit}` | `${Prefix}.${InteractionEvent}.${Field.Profile}.${Action.Update | Action.Create | Action.Delete}` | `${Prefix}.${Exclude<InteractionEvent, InteractionEvent.ForgotPassword>}.${Field.Identifier}.${Exclude<Method, Method.Password>}.${Action.Create | Action.Submit}` | `${Prefix}.${Exclude<InteractionEvent, InteractionEvent.ForgotPassword>}.${Field.Identifier}.${Method.Password}.${Action.Submit}` | `${Prefix}.${InteractionEvent.ForgotPassword}.${Field.Identifier}.${Method.VerificationCode}.${Action.Create | Action.Submit}` | `${Prefix}.${InteractionEvent}.${Field.BindMfa}.${MfaFactor}.${Action.Submit | Action.Create}` | `${Prefix}.${InteractionEvent.SignIn}.${Field.Mfa}.${MfaFactor}.${Action.Submit | Action.Create}` | `${Prefix}.${InteractionEvent}.${Field.Verification}.${VerificationType}.${Action}` | `${Prefix}.${InteractionEvent}.${Field.Identifier}.${Action.Submit}` | `${Prefix}.${InteractionEvent.SignIn}.${Field.Verification}.IdpInitiatedSso.${Action.Create}`;
71
+ export type LogKey = `${Prefix}.${Action.Create | Action.End}` | `${Prefix}.${Action.Create}.${Field.Captcha}` | `${Prefix}.${InteractionEvent}.${Action.Create | Action.Update | Action.Submit}` | `${Prefix}.${InteractionEvent}.${Field.Profile}.${Action.Update | Action.Create | Action.Delete}` | `${Prefix}.${Exclude<InteractionEvent, InteractionEvent.ForgotPassword>}.${Field.Identifier}.${Exclude<Method, Method.Password>}.${Action.Create | Action.Submit}` | `${Prefix}.${Exclude<InteractionEvent, InteractionEvent.ForgotPassword>}.${Field.Identifier}.${Method.Password}.${Action.Submit}` | `${Prefix}.${InteractionEvent.ForgotPassword}.${Field.Identifier}.${Method.VerificationCode}.${Action.Create | Action.Submit}` | `${Prefix}.${InteractionEvent}.${Field.BindMfa}.${MfaFactor}.${Action.Submit | Action.Create}` | `${Prefix}.${InteractionEvent.SignIn}.${Field.Mfa}.${MfaFactor}.${Action.Submit | Action.Create}` | `${Prefix}.${InteractionEvent}.${Field.Verification}.${VerificationType}.${Action}` | `${Prefix}.${InteractionEvent}.${Field.Identifier}.${Action.Submit}` | `${Prefix}.${InteractionEvent.SignIn}.${Field.Verification}.IdpInitiatedSso.${Action.Create}`;
package/lib/types/log/interaction.js CHANGED
@@ -8,6 +8,7 @@ export var Field;
8
8
  Field["BindMfa"] = "BindMfa";
9
9
  Field["Mfa"] = "Mfa";
10
10
  Field["Verification"] = "Verification";
11
+ Field["Captcha"] = "Captcha";
11
12
  })(Field || (Field = {}));
12
13
  /** Method to verify the identifier */
13
14
  export var Method;
package/lib/types/saml-application.d.ts CHANGED
@@ -35,8 +35,8 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
35
35
  domain: string;
36
36
  errorMessage: string | null;
37
37
  dnsRecords: {
38
- type: string;
39
38
  value: string;
39
+ type: string;
40
40
  name: string;
41
41
  }[];
42
42
  cloudflareData: {
@@ -63,8 +63,8 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
63
63
  domain: string;
64
64
  errorMessage: string | null;
65
65
  dnsRecords: {
66
- type: string;
67
66
  value: string;
67
+ type: string;
68
68
  name: string;
69
69
  }[];
70
70
  cloudflareData: {
@@ -118,8 +118,8 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
118
118
  domain: string;
119
119
  errorMessage: string | null;
120
120
  dnsRecords: {
121
- type: string;
122
121
  value: string;
122
+ type: string;
123
123
  name: string;
124
124
  }[];
125
125
  cloudflareData: {
@@ -146,8 +146,8 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
146
146
  domain: string;
147
147
  errorMessage: string | null;
148
148
  dnsRecords: {
149
- type: string;
150
149
  value: string;
150
+ type: string;
151
151
  name: string;
152
152
  }[];
153
153
  cloudflareData: {
@@ -243,8 +243,8 @@ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendS
243
243
  domain: string;
244
244
  errorMessage: string | null;
245
245
  dnsRecords: {
246
- type: string;
247
246
  value: string;
247
+ type: string;
248
248
  name: string;
249
249
  }[];
250
250
  cloudflareData: {
@@ -271,8 +271,8 @@ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendS
271
271
  domain: string;
272
272
  errorMessage: string | null;
273
273
  dnsRecords: {
274
- type: string;
275
274
  value: string;
275
+ type: string;
276
276
  name: string;
277
277
  }[];
278
278
  cloudflareData: {
@@ -372,8 +372,8 @@ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.exte
372
372
  domain: string;
373
373
  errorMessage: string | null;
374
374
  dnsRecords: {
375
- type: string;
376
375
  value: string;
376
+ type: string;
377
377
  name: string;
378
378
  }[];
379
379
  cloudflareData: {
@@ -400,8 +400,8 @@ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.exte
400
400
  domain: string;
401
401
  errorMessage: string | null;
402
402
  dnsRecords: {
403
- type: string;
404
403
  value: string;
404
+ type: string;
405
405
  name: string;
406
406
  }[];
407
407
  cloudflareData: {
package/lib/types/sign-in-experience.d.ts CHANGED
@@ -134,6 +134,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<z.objectUtil.extendS
134
134
  }, z.ZodTypeDef, {
135
135
  enabled?: boolean | undefined;
136
136
  }>;
137
+ sentinelPolicy: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy>;
137
138
  }, {
138
139
  socialConnectors: z.ZodArray<z.ZodObject<Omit<z.objectUtil.extendShape<{
139
140
  id: z.ZodString;
@@ -688,6 +689,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<z.objectUtil.extendS
688
689
  supportWebsiteUrl: string | null;
689
690
  unknownSessionRedirectUrl: string | null;
690
691
  captchaPolicy: import("../foundations/jsonb-types/sign-in-experience.js").CaptchaPolicy;
692
+ sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
691
693
  socialConnectors: {
692
694
  name: {
693
695
  en: string;
@@ -875,6 +877,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<z.objectUtil.extendS
875
877
  supportWebsiteUrl: string | null;
876
878
  unknownSessionRedirectUrl: string | null;
877
879
  captchaPolicy: import("../foundations/jsonb-types/sign-in-experience.js").CaptchaPolicy;
880
+ sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
878
881
  socialConnectors: {
879
882
  name: {
880
883
  en: string;
package/lib/types/system.d.ts CHANGED
@@ -253,25 +253,8 @@ export type CloudflareType = {
253
253
  export declare const cloudflareGuard: Readonly<{
254
254
  [key in CloudflareKey]: ZodType<CloudflareType[key]>;
255
255
  }>;
256
- export declare enum FeatureFlagConfigKey {
257
- NewExperienceFeatureFlag = "newExperienceFeatureFlag"
258
- }
259
- export declare const featureFlagConfigGuard: z.ZodObject<{
260
- percentage: z.ZodNumber;
261
- }, "strip", z.ZodTypeAny, {
262
- percentage: number;
263
- }, {
264
- percentage: number;
265
- }>;
266
- export type FeatureFlagConfig = z.infer<typeof featureFlagConfigGuard>;
267
- export type FeatureFlagConfigType = {
268
- [FeatureFlagConfigKey.NewExperienceFeatureFlag]: FeatureFlagConfig;
269
- };
270
- export declare const featureFlagConfigsGuard: Readonly<{
271
- [key in FeatureFlagConfigKey]: ZodType<FeatureFlagConfigType[key]>;
272
- }>;
273
- export type SystemKey = AlterationStateKey | StorageProviderKey | DemoSocialKey | CloudflareKey | EmailServiceProviderKey | FeatureFlagConfigKey;
274
- export type SystemType = AlterationStateType | StorageProviderType | DemoSocialType | CloudflareType | EmailServiceProviderType | FeatureFlagConfigType;
275
- export type SystemGuard = typeof alterationStateGuard & typeof storageProviderGuard & typeof demoSocialGuard & typeof cloudflareGuard & typeof emailServiceProviderGuard & typeof featureFlagConfigsGuard;
256
+ export type SystemKey = AlterationStateKey | StorageProviderKey | DemoSocialKey | CloudflareKey | EmailServiceProviderKey;
257
+ export type SystemType = AlterationStateType | StorageProviderType | DemoSocialType | CloudflareType | EmailServiceProviderType;
258
+ export type SystemGuard = typeof alterationStateGuard & typeof storageProviderGuard & typeof demoSocialGuard & typeof cloudflareGuard & typeof emailServiceProviderGuard;
276
259
  export declare const systemKeys: readonly SystemKey[];
277
260
  export declare const systemGuards: SystemGuard;
package/lib/types/system.js CHANGED
@@ -146,24 +146,12 @@ export const cloudflareGuard = Object.freeze({
146
146
  [CloudflareKey.ProtectedAppHostnameProvider]: hostnameProviderDataGuard,
147
147
  [CloudflareKey.CustomJwtWorkerConfig]: customJwtWorkerConfigGuard,
148
148
  });
149
- // A/B Test settings
150
- export var FeatureFlagConfigKey;
151
- (function (FeatureFlagConfigKey) {
152
- FeatureFlagConfigKey["NewExperienceFeatureFlag"] = "newExperienceFeatureFlag";
153
- })(FeatureFlagConfigKey || (FeatureFlagConfigKey = {}));
154
- export const featureFlagConfigGuard = z.object({
155
- percentage: z.number().min(0).max(1),
156
- });
157
- export const featureFlagConfigsGuard = Object.freeze({
158
- [FeatureFlagConfigKey.NewExperienceFeatureFlag]: featureFlagConfigGuard,
159
- });
160
149
  export const systemKeys = Object.freeze([
161
150
  ...Object.values(AlterationStateKey),
162
151
  ...Object.values(StorageProviderKey),
163
152
  ...Object.values(DemoSocialKey),
164
153
  ...Object.values(CloudflareKey),
165
154
  ...Object.values(EmailServiceProviderKey),
166
- ...Object.values(FeatureFlagConfigKey),
167
155
  ]);
168
156
  export const systemGuards = Object.freeze({
169
157
  ...alterationStateGuard,
@@ -171,5 +159,4 @@ export const systemGuards = Object.freeze({
171
159
  ...demoSocialGuard,
172
160
  ...cloudflareGuard,
173
161
  ...emailServiceProviderGuard,
174
- ...featureFlagConfigsGuard,
175
162
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/schemas",
3
- "version": "1.26.0",
3
+ "version": "1.27.0",
4
4
  "author": "Silverhand Inc. <contact@silverhand.io>",
5
5
  "license": "MPL-2.0",
6
6
  "type": "module",
@@ -21,7 +21,7 @@
21
21
  "access": "public"
22
22
  },
23
23
  "engines": {
24
- "node": "^20.9.0"
24
+ "node": "^22.14.0"
25
25
  },
26
26
  "devDependencies": {
27
27
  "@silverhand/eslint-config": "6.0.1",
@@ -29,18 +29,18 @@
29
29
  "@silverhand/slonik": "31.0.0-beta.2",
30
30
  "@silverhand/ts-config": "6.0.0",
31
31
  "@types/inquirer": "^9.0.0",
32
- "@types/node": "^20.9.5",
32
+ "@types/node": "^22.14.0",
33
33
  "@types/pluralize": "^0.0.33",
34
- "@vitest/coverage-v8": "^2.1.9",
34
+ "@vitest/coverage-v8": "^3.1.1",
35
35
  "camelcase": "^8.0.0",
36
36
  "chalk": "^5.3.0",
37
37
  "eslint": "^8.56.0",
38
38
  "lint-staged": "^15.0.0",
39
39
  "pluralize": "^8.0.0",
40
- "prettier": "^3.0.0",
40
+ "prettier": "^3.5.3",
41
41
  "roarr": "^7.11.0",
42
42
  "typescript": "^5.5.3",
43
- "vitest": "^2.1.9"
43
+ "vitest": "^3.1.1"
44
44
  },
45
45
  "eslintConfig": {
46
46
  "extends": "@silverhand",
@@ -63,17 +63,17 @@
63
63
  },
64
64
  "prettier": "@silverhand/eslint-config/.prettierrc",
65
65
  "dependencies": {
66
- "@logto/connector-kit": "^4.2.0",
67
- "@logto/core-kit": "^2.5.4",
68
- "@logto/language-kit": "^1.1.3",
69
- "@logto/phrases": "^1.18.0",
70
- "@logto/phrases-experience": "^1.9.1",
71
- "@logto/shared": "^3.1.4",
66
+ "@logto/connector-kit": "^4.3.0",
67
+ "@logto/core-kit": "^2.6.0",
68
+ "@logto/language-kit": "^1.2.0",
69
+ "@logto/phrases": "^1.19.0",
70
+ "@logto/phrases-experience": "^1.10.0",
71
+ "@logto/shared": "^3.2.0",
72
72
  "@withtyped/server": "^0.14.0",
73
73
  "nanoid": "^5.0.9"
74
74
  },
75
75
  "peerDependencies": {
76
- "zod": "^3.23.8"
76
+ "zod": "^3.24.2"
77
77
  },
78
78
  "scripts": {
79
79
  "precommit": "lint-staged",
package/tables/sentinel_activities.sql CHANGED
@@ -28,5 +28,8 @@ create table sentinel_activities (
28
28
  create index sentinel_activities__id
29
29
  on sentinel_activities (tenant_id, id);
30
30
 
31
+ create index sentinel_activities__target_type_target_hash
32
+ on sentinel_activities (tenant_id, target_type, target_hash);
33
+
31
34
  create index sentinel_activities__target_type_target_hash_action_action_result_decision
32
35
  on sentinel_activities (tenant_id, target_type, target_hash, action, action_result, decision);
package/tables/sign_in_experiences.sql CHANGED
@@ -27,5 +27,6 @@ create table sign_in_experiences (
27
27
  support_website_url text,
28
28
  unknown_session_redirect_url text,
29
29
  captcha_policy jsonb /* @use CaptchaPolicy */ not null default '{}'::jsonb,
30
+ sentinel_policy jsonb /* @use SentinelPolicy */ not null default '{}'::jsonb,
30
31
  primary key (tenant_id, id)
31
32
  );