@logto/schemas 1.32.0 → 1.33.0

package/alterations/1.33.0-1760427166-add-applications-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index applications__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1760427167-add-roles-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index roles__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1761283464-add-hide-logto-branding-column.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.33.0-1760427166-add-applications-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index applications__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1760427167-add-roles-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index roles__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1761283464-add-hide-logto-branding-column.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/index.d.ts

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/index.js

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/product-event.d.ts

@@ -0,0 +1,99 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export declare enum ProductEvent {
+    /** @cloud */
+    TenantCreated = "tenant created",
+    /** @cloud */
+    TenantDeleted = "tenant deleted",
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    CollaboratorInvited = "collaborator invited",
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProPlanSubscribed = "pro plan subscribed",
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProPlanCanceled = "pro plan canceled",
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    FreePlanSubscribed = "free plan subscribed",
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    DeveloperCreated = "developer created",
+    /** A user has been deleted in the admin tenant. */
+    DeveloperDeleted = "developer deleted",
+    AccessTokenIssued = "access token issued",
+    AppCreated = "app created",
+    AppDeleted = "app deleted",
+    RoleCreated = "role created",
+    RoleDeleted = "role deleted",
+    ApiResourceCreated = "api resource created",
+    ApiResourceDeleted = "api resource deleted",
+    OrganizationCreated = "organization created",
+    OrganizationDeleted = "organization deleted",
+    OrganizationRoleCreated = "organization role created",
+    OrganizationRoleDeleted = "organization role deleted",
+    SsoConnectorCreated = "sso connector created",
+    SsoConnectorDeleted = "sso connector deleted",
+    PasswordlessConnectorUpdated = "passwordless connector updated",
+    SocialConnectorCreated = "connector created",
+    SocialConnectorDeleted = "connector deleted",
+    WebhookCreated = "webhook created",
+    WebhookDeleted = "webhook deleted",
+    CustomJwtDeployed = "custom jwt deployed",
+    MfaEnabled = "mfa enabled",
+    MfaDisabled = "mfa disabled",
+    CustomDomainCreated = "custom domain created",
+    CustomDomainDeleted = "custom domain deleted"
+}
+/** The PostHog groups for product events. */
+export declare enum EventGroup {
+    Tenant = "tenant"
+}
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export declare const tenantEventDistinctId = "TENANT_EVENT";
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export declare const cloudUserIdHeader = "logto-cloud-user-id";
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export declare enum ProductAccessTokenType {
+    Unknown = "unknown",
+    User = "user",
+    ClientCredentials = "client_credentials"
+}

package/lib/consts/product-event.js

@@ -0,0 +1,102 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export var ProductEvent;
+(function (ProductEvent) {
+    /** @cloud */
+    ProductEvent["TenantCreated"] = "tenant created";
+    /** @cloud */
+    ProductEvent["TenantDeleted"] = "tenant deleted";
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    ProductEvent["CollaboratorInvited"] = "collaborator invited";
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanSubscribed"] = "pro plan subscribed";
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanCanceled"] = "pro plan canceled";
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["FreePlanSubscribed"] = "free plan subscribed";
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    ProductEvent["DeveloperCreated"] = "developer created";
+    /** A user has been deleted in the admin tenant. */
+    ProductEvent["DeveloperDeleted"] = "developer deleted";
+    ProductEvent["AccessTokenIssued"] = "access token issued";
+    ProductEvent["AppCreated"] = "app created";
+    ProductEvent["AppDeleted"] = "app deleted";
+    ProductEvent["RoleCreated"] = "role created";
+    ProductEvent["RoleDeleted"] = "role deleted";
+    ProductEvent["ApiResourceCreated"] = "api resource created";
+    ProductEvent["ApiResourceDeleted"] = "api resource deleted";
+    ProductEvent["OrganizationCreated"] = "organization created";
+    ProductEvent["OrganizationDeleted"] = "organization deleted";
+    ProductEvent["OrganizationRoleCreated"] = "organization role created";
+    ProductEvent["OrganizationRoleDeleted"] = "organization role deleted";
+    ProductEvent["SsoConnectorCreated"] = "sso connector created";
+    ProductEvent["SsoConnectorDeleted"] = "sso connector deleted";
+    ProductEvent["PasswordlessConnectorUpdated"] = "passwordless connector updated";
+    ProductEvent["SocialConnectorCreated"] = "connector created";
+    ProductEvent["SocialConnectorDeleted"] = "connector deleted";
+    ProductEvent["WebhookCreated"] = "webhook created";
+    ProductEvent["WebhookDeleted"] = "webhook deleted";
+    ProductEvent["CustomJwtDeployed"] = "custom jwt deployed";
+    ProductEvent["MfaEnabled"] = "mfa enabled";
+    ProductEvent["MfaDisabled"] = "mfa disabled";
+    ProductEvent["CustomDomainCreated"] = "custom domain created";
+    ProductEvent["CustomDomainDeleted"] = "custom domain deleted";
+})(ProductEvent || (ProductEvent = {}));
+/** The PostHog groups for product events. */
+export var EventGroup;
+(function (EventGroup) {
+    EventGroup["Tenant"] = "tenant";
+})(EventGroup || (EventGroup = {}));
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export const tenantEventDistinctId = 'TENANT_EVENT';
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export const cloudUserIdHeader = 'logto-cloud-user-id';
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export var ProductAccessTokenType;
+(function (ProductAccessTokenType) {
+    ProductAccessTokenType["Unknown"] = "unknown";
+    ProductAccessTokenType["User"] = "user";
+    ProductAccessTokenType["ClientCredentials"] = "client_credentials";
+})(ProductAccessTokenType || (ProductAccessTokenType = {}));

package/lib/db-entries/sign-in-experience.d.ts

@@ -10,6 +10,7 @@ export type CreateSignInExperience = {
     id: string;
     color: Color;
     branding: Branding;
+    hideLogtoBranding?: boolean;
     languageInfo: LanguageInfo;
     termsOfUseUrl?: string | null;
     privacyPolicyUrl?: string | null;
@@ -39,6 +40,7 @@ export type SignInExperience = {
     id: string;
     color: Color;
     branding: Branding;
+    hideLogtoBranding: boolean;
     languageInfo: LanguageInfo;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
@@ -63,5 +65,5 @@ export type SignInExperience = {
     emailBlocklistPolicy: EmailBlocklistPolicy;
     forgotPasswordMethods: ForgotPasswordMethods | null;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'hideLogtoBranding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -7,6 +7,7 @@ const createGuard = z.object({
     id: z.string().min(1).max(21),
     color: colorGuard,
     branding: brandingGuard,
+    hideLogtoBranding: z.boolean().optional(),
     languageInfo: languageInfoGuard,
     termsOfUseUrl: z.string().max(2048).nullable().optional(),
     privacyPolicyUrl: z.string().max(2048).nullable().optional(),
@@ -35,6 +36,7 @@ const guard = z.object({
     id: z.string().min(1).max(21),
     color: colorGuard,
     branding: brandingGuard,
+    hideLogtoBranding: z.boolean(),
     languageInfo: languageInfoGuard,
     termsOfUseUrl: z.string().max(2048).nullable(),
     privacyPolicyUrl: z.string().max(2048).nullable(),
@@ -66,6 +68,7 @@ export const SignInExperiences = Object.freeze({
         id: 'id',
         color: 'color',
         branding: 'branding',
+        hideLogtoBranding: 'hide_logto_branding',
         languageInfo: 'language_info',
         termsOfUseUrl: 'terms_of_use_url',
         privacyPolicyUrl: 'privacy_policy_url',
@@ -94,6 +97,7 @@ export const SignInExperiences = Object.freeze({
         'id',
         'color',
         'branding',
+        'hideLogtoBranding',
         'languageInfo',
         'termsOfUseUrl',
         'privacyPolicyUrl',

package/lib/seeds/sign-in-experience.js

@@ -15,6 +15,7 @@ export const createDefaultSignInExperience = (forTenantId, isCloud) => Object.fr
         logoUrl: isCloud ? undefined : 'https://logto.io/logo.svg',
         darkLogoUrl: isCloud ? undefined : 'https://logto.io/logo-dark.svg',
     },
+    hideLogtoBranding: false,
     languageInfo: {
         autoDetect: true,
         fallbackLanguage: 'en',

package/lib/types/sign-in-experience.d.ts

@@ -58,6 +58,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
         favicon?: string | undefined;
         darkFavicon?: string | undefined;
     }>;
+    hideLogtoBranding: z.ZodType<boolean, z.ZodTypeDef, boolean>;
     languageInfo: z.ZodType<{
         autoDetect: boolean;
         fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
@@ -690,6 +691,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
+    hideLogtoBranding: boolean;
     languageInfo: import("../foundations/jsonb-types/sign-in-experience.js").LanguageInfo;
     agreeToTermsPolicy: import("../db-entries/custom-types.js").AgreeToTermsPolicy;
     signIn: import("../foundations/jsonb-types/sign-in-experience.js").SignIn;
@@ -881,6 +883,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
+    hideLogtoBranding: boolean;
     languageInfo: import("../foundations/jsonb-types/sign-in-experience.js").LanguageInfo;
     agreeToTermsPolicy: import("../db-entries/custom-types.js").AgreeToTermsPolicy;
     signIn: import("../foundations/jsonb-types/sign-in-experience.js").SignIn;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.32.0",
+  "version": "1.33.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -65,12 +65,12 @@
   "dependencies": {
     "@withtyped/server": "^0.14.0",
     "nanoid": "^5.0.9",
+    "@logto/language-kit": "^1.2.0",
     "@logto/core-kit": "^2.6.1",
     "@logto/connector-kit": "^4.6.0",
+    "@logto/phrases": "^1.22.0",
     "@logto/phrases-experience": "^1.12.0",
-    "@logto/phrases": "^1.21.0",
-    "@logto/shared": "^3.3.0",
-    "@logto/language-kit": "^1.2.0"
+    "@logto/shared": "^3.3.0"
   },
   "peerDependencies": {
     "zod": "3.24.3"

package/tables/applications.sql

@@ -26,6 +26,9 @@ create index applications__id
 create index applications__is_third_party
   on applications (tenant_id, is_third_party);
 
+create index applications__type
+  on applications (tenant_id, type);
+
 create unique index applications__protected_app_metadata_host
   on applications (
     (protected_app_metadata->>'host')

package/tables/roles.sql

@@ -19,6 +19,9 @@ create table roles (
 create index roles__id
   on roles (tenant_id, id);
 
+create index roles__type
+  on roles (tenant_id, type);
+
 create function public.check_role_type(role_id varchar(21), target_type role_type) returns boolean as
 $$ begin
   return (select type from public.roles where id = role_id) = target_type;

package/tables/sign_in_experiences.sql

@@ -7,6 +7,7 @@ create table sign_in_experiences (
   id varchar(21) not null,
   color jsonb /* @use Color */ not null,
   branding jsonb /* @use Branding */ not null,
+  hide_logto_branding boolean not null default false,
   language_info jsonb /* @use LanguageInfo */ not null,
   terms_of_use_url varchar(2048),
   privacy_policy_url varchar(2048),