npm - @lssm/lib.identity-rbac - Versions diffs - 0.0.0-canary-20251217063201 → 0.0.0-canary-20251217073102 - Mend

@lssm/lib.identity-rbac 0.0.0-canary-20251217063201 → 0.0.0-canary-20251217073102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

package/dist/entities/organization.js CHANGED Viewed

@@ -1 +1,151 @@
-import{i as e,n as t,r as n,t as r}from"../schema/dist/entity/defineEntity.js";import"../schema/dist/index.js";const i=t({name:`OrganizationType`,values:[`PLATFORM_ADMIN`,`CONTRACT_SPEC_CUSTOMER`],schema:`lssm_sigil`,description:`Type of organization in the platform.`}),a=r({name:`Organization`,description:`An organization is a tenant boundary grouping users.`,schema:`lssm_sigil`,map:`organization`,fields:{id:n.id({description:`Unique organization identifier`}),name:n.string({description:`Organization display name`}),slug:n.string({isOptional:!0,isUnique:!0,description:`URL-friendly identifier`}),logo:n.url({isOptional:!0,description:`Organization logo URL`}),description:n.string({isOptional:!0,description:`Organization description`}),metadata:n.json({isOptional:!0,description:`Arbitrary organization metadata`}),type:n.enum(`OrganizationType`,{description:`Organization type`}),onboardingCompleted:n.boolean({default:!1}),onboardingStep:n.string({isOptional:!0}),referralCode:n.string({isOptional:!0,isUnique:!0,description:`Unique referral code`}),referredBy:n.string({isOptional:!0,description:`ID of referring user`}),createdAt:n.createdAt(),updatedAt:n.updatedAt(),members:n.hasMany(`Member`),invitations:n.hasMany(`Invitation`),teams:n.hasMany(`Team`),policyBindings:n.hasMany(`PolicyBinding`)},enums:[i]}),o=r({name:`Member`,description:`Membership of a user in an organization with a role.`,schema:`lssm_sigil`,map:`member`,fields:{id:n.id(),userId:n.foreignKey(),organizationId:n.foreignKey(),role:n.string({description:`Role in organization (owner, admin, member)`}),createdAt:n.createdAt(),user:n.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`}),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`})},indexes:[e.unique([`userId`,`organizationId`])]}),s=r({name:`Invitation`,description:`An invitation to join an organization.`,schema:`lssm_sigil`,map:`invitation`,fields:{id:n.id(),organizationId:n.foreignKey(),email:n.email({description:`Invited email address`}),role:n.string({isOptional:!0,description:`Role to assign on acceptance`}),status:n.string({default:`"pending"`,description:`Invitation status`}),acceptedAt:n.dateTime({isOptional:!0}),expiresAt:n.dateTime({isOptional:!0}),inviterId:n.foreignKey({description:`User who sent the invitation`}),teamId:n.string({isOptional:!0}),createdAt:n.createdAt(),updatedAt:n.updatedAt(),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`}),inviter:n.belongsTo(`User`,[`inviterId`],[`id`],{onDelete:`Cascade`}),team:n.belongsTo(`Team`,[`teamId`],[`id`],{onDelete:`Cascade`})}}),c=r({name:`Team`,description:`Team within an organization.`,schema:`lssm_sigil`,map:`team`,fields:{id:n.id(),name:n.string({description:`Team name`}),organizationId:n.foreignKey(),createdAt:n.createdAt(),updatedAt:n.updatedAt(),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`}),members:n.hasMany(`TeamMember`),invitations:n.hasMany(`Invitation`)}}),l=r({name:`TeamMember`,description:`Team membership for a user.`,schema:`lssm_sigil`,map:`team_member`,fields:{id:n.id(),teamId:n.foreignKey(),userId:n.foreignKey(),createdAt:n.createdAt(),team:n.belongsTo(`Team`,[`teamId`],[`id`],{onDelete:`Cascade`}),user:n.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}});export{s as InvitationEntity,o as MemberEntity,a as OrganizationEntity,i as OrganizationTypeEnum,c as TeamEntity,l as TeamMemberEntity};
+import { defineEntity, defineEntityEnum, field, index } from "../schema/dist/entity/defineEntity.js";
+import "../schema/dist/index.js";
+//#region src/entities/organization.ts
+/**
+* Organization type enum.
+*/
+const OrganizationTypeEnum = defineEntityEnum({
+	name: "OrganizationType",
+	values: ["PLATFORM_ADMIN", "CONTRACT_SPEC_CUSTOMER"],
+	schema: "lssm_sigil",
+	description: "Type of organization in the platform."
+});
+/**
+* Organization entity - tenant/company grouping.
+*/
+const OrganizationEntity = defineEntity({
+	name: "Organization",
+	description: "An organization is a tenant boundary grouping users.",
+	schema: "lssm_sigil",
+	map: "organization",
+	fields: {
+		id: field.id({ description: "Unique organization identifier" }),
+		name: field.string({ description: "Organization display name" }),
+		slug: field.string({
+			isOptional: true,
+			isUnique: true,
+			description: "URL-friendly identifier"
+		}),
+		logo: field.url({
+			isOptional: true,
+			description: "Organization logo URL"
+		}),
+		description: field.string({
+			isOptional: true,
+			description: "Organization description"
+		}),
+		metadata: field.json({
+			isOptional: true,
+			description: "Arbitrary organization metadata"
+		}),
+		type: field.enum("OrganizationType", { description: "Organization type" }),
+		onboardingCompleted: field.boolean({ default: false }),
+		onboardingStep: field.string({ isOptional: true }),
+		referralCode: field.string({
+			isOptional: true,
+			isUnique: true,
+			description: "Unique referral code"
+		}),
+		referredBy: field.string({
+			isOptional: true,
+			description: "ID of referring user"
+		}),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt(),
+		members: field.hasMany("Member"),
+		invitations: field.hasMany("Invitation"),
+		teams: field.hasMany("Team"),
+		policyBindings: field.hasMany("PolicyBinding")
+	},
+	enums: [OrganizationTypeEnum]
+});
+/**
+* Member entity - user membership in an organization.
+*/
+const MemberEntity = defineEntity({
+	name: "Member",
+	description: "Membership of a user in an organization with a role.",
+	schema: "lssm_sigil",
+	map: "member",
+	fields: {
+		id: field.id(),
+		userId: field.foreignKey(),
+		organizationId: field.foreignKey(),
+		role: field.string({ description: "Role in organization (owner, admin, member)" }),
+		createdAt: field.createdAt(),
+		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" }),
+		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" })
+	},
+	indexes: [index.unique(["userId", "organizationId"])]
+});
+/**
+* Invitation entity - pending organization invites.
+*/
+const InvitationEntity = defineEntity({
+	name: "Invitation",
+	description: "An invitation to join an organization.",
+	schema: "lssm_sigil",
+	map: "invitation",
+	fields: {
+		id: field.id(),
+		organizationId: field.foreignKey(),
+		email: field.email({ description: "Invited email address" }),
+		role: field.string({
+			isOptional: true,
+			description: "Role to assign on acceptance"
+		}),
+		status: field.string({
+			default: "\"pending\"",
+			description: "Invitation status"
+		}),
+		acceptedAt: field.dateTime({ isOptional: true }),
+		expiresAt: field.dateTime({ isOptional: true }),
+		inviterId: field.foreignKey({ description: "User who sent the invitation" }),
+		teamId: field.string({ isOptional: true }),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt(),
+		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" }),
+		inviter: field.belongsTo("User", ["inviterId"], ["id"], { onDelete: "Cascade" }),
+		team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" })
+	}
+});
+/**
+* Team entity - team within an organization.
+*/
+const TeamEntity = defineEntity({
+	name: "Team",
+	description: "Team within an organization.",
+	schema: "lssm_sigil",
+	map: "team",
+	fields: {
+		id: field.id(),
+		name: field.string({ description: "Team name" }),
+		organizationId: field.foreignKey(),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt(),
+		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" }),
+		members: field.hasMany("TeamMember"),
+		invitations: field.hasMany("Invitation")
+	}
+});
+/**
+* TeamMember entity - user's team membership.
+*/
+const TeamMemberEntity = defineEntity({
+	name: "TeamMember",
+	description: "Team membership for a user.",
+	schema: "lssm_sigil",
+	map: "team_member",
+	fields: {
+		id: field.id(),
+		teamId: field.foreignKey(),
+		userId: field.foreignKey(),
+		createdAt: field.createdAt(),
+		team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" }),
+		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+	}
+});
+//#endregion
+export { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity };

package/dist/entities/rbac.d.ts CHANGED Viewed

@@ -1,87 +1,87 @@
-import * as _lssm_lib_schema608 from "@lssm/lib.schema";
+import * as _lssm_lib_schema391 from "@lssm/lib.schema";
 //#region src/entities/rbac.d.ts
 /**
  * Role entity - named set of permissions.
  */
-declare const RoleEntity: _lssm_lib_schema608.EntitySpec<{
-  id: _lssm_lib_schema608.EntityScalarField;
-  name: _lssm_lib_schema608.EntityScalarField;
-  description: _lssm_lib_schema608.EntityScalarField;
-  permissions: _lssm_lib_schema608.EntityScalarField;
-  createdAt: _lssm_lib_schema608.EntityScalarField;
-  updatedAt: _lssm_lib_schema608.EntityScalarField;
-  policyBindings: _lssm_lib_schema608.EntityRelationField;
+declare const RoleEntity: _lssm_lib_schema391.EntitySpec<{
+  id: _lssm_lib_schema391.EntityScalarField;
+  name: _lssm_lib_schema391.EntityScalarField;
+  description: _lssm_lib_schema391.EntityScalarField;
+  permissions: _lssm_lib_schema391.EntityScalarField;
+  createdAt: _lssm_lib_schema391.EntityScalarField;
+  updatedAt: _lssm_lib_schema391.EntityScalarField;
+  policyBindings: _lssm_lib_schema391.EntityRelationField;
 }>;
 /**
  * Permission entity - atomic access right.
  */
-declare const PermissionEntity: _lssm_lib_schema608.EntitySpec<{
-  id: _lssm_lib_schema608.EntityScalarField;
-  name: _lssm_lib_schema608.EntityScalarField;
-  description: _lssm_lib_schema608.EntityScalarField;
-  createdAt: _lssm_lib_schema608.EntityScalarField;
-  updatedAt: _lssm_lib_schema608.EntityScalarField;
+declare const PermissionEntity: _lssm_lib_schema391.EntitySpec<{
+  id: _lssm_lib_schema391.EntityScalarField;
+  name: _lssm_lib_schema391.EntityScalarField;
+  description: _lssm_lib_schema391.EntityScalarField;
+  createdAt: _lssm_lib_schema391.EntityScalarField;
+  updatedAt: _lssm_lib_schema391.EntityScalarField;
 }>;
 /**
  * PolicyBinding entity - binds roles to principals.
  */
-declare const PolicyBindingEntity: _lssm_lib_schema608.EntitySpec<{
-  id: _lssm_lib_schema608.EntityScalarField;
-  roleId: _lssm_lib_schema608.EntityScalarField;
-  targetType: _lssm_lib_schema608.EntityScalarField;
-  targetId: _lssm_lib_schema608.EntityScalarField;
-  expiresAt: _lssm_lib_schema608.EntityScalarField;
-  createdAt: _lssm_lib_schema608.EntityScalarField;
-  userId: _lssm_lib_schema608.EntityScalarField;
-  organizationId: _lssm_lib_schema608.EntityScalarField;
-  role: _lssm_lib_schema608.EntityRelationField;
-  user: _lssm_lib_schema608.EntityRelationField;
-  organization: _lssm_lib_schema608.EntityRelationField;
+declare const PolicyBindingEntity: _lssm_lib_schema391.EntitySpec<{
+  id: _lssm_lib_schema391.EntityScalarField;
+  roleId: _lssm_lib_schema391.EntityScalarField;
+  targetType: _lssm_lib_schema391.EntityScalarField;
+  targetId: _lssm_lib_schema391.EntityScalarField;
+  expiresAt: _lssm_lib_schema391.EntityScalarField;
+  createdAt: _lssm_lib_schema391.EntityScalarField;
+  userId: _lssm_lib_schema391.EntityScalarField;
+  organizationId: _lssm_lib_schema391.EntityScalarField;
+  role: _lssm_lib_schema391.EntityRelationField;
+  user: _lssm_lib_schema391.EntityRelationField;
+  organization: _lssm_lib_schema391.EntityRelationField;
 }>;
 /**
  * ApiKey entity - API keys for programmatic access.
  */
-declare const ApiKeyEntity: _lssm_lib_schema608.EntitySpec<{
-  id: _lssm_lib_schema608.EntityScalarField;
-  name: _lssm_lib_schema608.EntityScalarField;
-  start: _lssm_lib_schema608.EntityScalarField;
-  prefix: _lssm_lib_schema608.EntityScalarField;
-  key: _lssm_lib_schema608.EntityScalarField;
-  userId: _lssm_lib_schema608.EntityScalarField;
-  refillInterval: _lssm_lib_schema608.EntityScalarField;
-  refillAmount: _lssm_lib_schema608.EntityScalarField;
-  lastRefillAt: _lssm_lib_schema608.EntityScalarField;
-  remaining: _lssm_lib_schema608.EntityScalarField;
-  requestCount: _lssm_lib_schema608.EntityScalarField;
-  lastRequest: _lssm_lib_schema608.EntityScalarField;
-  enabled: _lssm_lib_schema608.EntityScalarField;
-  rateLimitEnabled: _lssm_lib_schema608.EntityScalarField;
-  rateLimitTimeWindow: _lssm_lib_schema608.EntityScalarField;
-  rateLimitMax: _lssm_lib_schema608.EntityScalarField;
-  expiresAt: _lssm_lib_schema608.EntityScalarField;
-  permissions: _lssm_lib_schema608.EntityScalarField;
-  metadata: _lssm_lib_schema608.EntityScalarField;
-  createdAt: _lssm_lib_schema608.EntityScalarField;
-  updatedAt: _lssm_lib_schema608.EntityScalarField;
-  user: _lssm_lib_schema608.EntityRelationField;
+declare const ApiKeyEntity: _lssm_lib_schema391.EntitySpec<{
+  id: _lssm_lib_schema391.EntityScalarField;
+  name: _lssm_lib_schema391.EntityScalarField;
+  start: _lssm_lib_schema391.EntityScalarField;
+  prefix: _lssm_lib_schema391.EntityScalarField;
+  key: _lssm_lib_schema391.EntityScalarField;
+  userId: _lssm_lib_schema391.EntityScalarField;
+  refillInterval: _lssm_lib_schema391.EntityScalarField;
+  refillAmount: _lssm_lib_schema391.EntityScalarField;
+  lastRefillAt: _lssm_lib_schema391.EntityScalarField;
+  remaining: _lssm_lib_schema391.EntityScalarField;
+  requestCount: _lssm_lib_schema391.EntityScalarField;
+  lastRequest: _lssm_lib_schema391.EntityScalarField;
+  enabled: _lssm_lib_schema391.EntityScalarField;
+  rateLimitEnabled: _lssm_lib_schema391.EntityScalarField;
+  rateLimitTimeWindow: _lssm_lib_schema391.EntityScalarField;
+  rateLimitMax: _lssm_lib_schema391.EntityScalarField;
+  expiresAt: _lssm_lib_schema391.EntityScalarField;
+  permissions: _lssm_lib_schema391.EntityScalarField;
+  metadata: _lssm_lib_schema391.EntityScalarField;
+  createdAt: _lssm_lib_schema391.EntityScalarField;
+  updatedAt: _lssm_lib_schema391.EntityScalarField;
+  user: _lssm_lib_schema391.EntityRelationField;
 }>;
 /**
  * Passkey entity - WebAuthn passkeys.
  */
-declare const PasskeyEntity: _lssm_lib_schema608.EntitySpec<{
-  id: _lssm_lib_schema608.EntityScalarField;
-  name: _lssm_lib_schema608.EntityScalarField;
-  publicKey: _lssm_lib_schema608.EntityScalarField;
-  userId: _lssm_lib_schema608.EntityScalarField;
-  credentialID: _lssm_lib_schema608.EntityScalarField;
-  counter: _lssm_lib_schema608.EntityScalarField;
-  deviceType: _lssm_lib_schema608.EntityScalarField;
-  backedUp: _lssm_lib_schema608.EntityScalarField;
-  transports: _lssm_lib_schema608.EntityScalarField;
-  aaguid: _lssm_lib_schema608.EntityScalarField;
-  createdAt: _lssm_lib_schema608.EntityScalarField;
-  user: _lssm_lib_schema608.EntityRelationField;
+declare const PasskeyEntity: _lssm_lib_schema391.EntitySpec<{
+  id: _lssm_lib_schema391.EntityScalarField;
+  name: _lssm_lib_schema391.EntityScalarField;
+  publicKey: _lssm_lib_schema391.EntityScalarField;
+  userId: _lssm_lib_schema391.EntityScalarField;
+  credentialID: _lssm_lib_schema391.EntityScalarField;
+  counter: _lssm_lib_schema391.EntityScalarField;
+  deviceType: _lssm_lib_schema391.EntityScalarField;
+  backedUp: _lssm_lib_schema391.EntityScalarField;
+  transports: _lssm_lib_schema391.EntityScalarField;
+  aaguid: _lssm_lib_schema391.EntityScalarField;
+  createdAt: _lssm_lib_schema391.EntityScalarField;
+  user: _lssm_lib_schema391.EntityRelationField;
 }>;
 //#endregion
 export { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity };

package/dist/entities/rbac.js CHANGED Viewed

@@ -1 +1,138 @@
-import{i as e,r as t,t as n}from"../schema/dist/entity/defineEntity.js";import"../schema/dist/index.js";const r=n({name:`Role`,description:`A role defines a named set of permissions.`,schema:`lssm_sigil`,map:`role`,fields:{id:t.id(),name:t.string({isUnique:!0,description:`Unique role name`}),description:t.string({isOptional:!0,description:`Role description`}),permissions:t.string({isArray:!0,description:`Array of permission names`}),createdAt:t.createdAt(),updatedAt:t.updatedAt(),policyBindings:t.hasMany(`PolicyBinding`)}}),i=n({name:`Permission`,description:`A permission represents an atomic access right.`,schema:`lssm_sigil`,map:`permission`,fields:{id:t.id(),name:t.string({isUnique:!0,description:`Unique permission name`}),description:t.string({isOptional:!0,description:`Permission description`}),createdAt:t.createdAt(),updatedAt:t.updatedAt()}}),a=n({name:`PolicyBinding`,description:`Binds roles to principals (users or organizations).`,schema:`lssm_sigil`,map:`policy_binding`,fields:{id:t.id(),roleId:t.foreignKey(),targetType:t.string({description:`"user" or "organization"`}),targetId:t.string({description:`ID of User or Organization`}),expiresAt:t.dateTime({isOptional:!0,description:`When binding expires`}),createdAt:t.createdAt(),userId:t.string({isOptional:!0}),organizationId:t.string({isOptional:!0}),role:t.belongsTo(`Role`,[`roleId`],[`id`],{onDelete:`Cascade`}),user:t.belongsTo(`User`,[`userId`],[`id`]),organization:t.belongsTo(`Organization`,[`organizationId`],[`id`])},indexes:[e.on([`targetType`,`targetId`])]}),o=n({name:`ApiKey`,description:`API keys for programmatic access.`,schema:`lssm_sigil`,map:`api_key`,fields:{id:t.id(),name:t.string({description:`API key name`}),start:t.string({description:`Starting characters for identification`}),prefix:t.string({description:`API key prefix`}),key:t.string({description:`Hashed API key`}),userId:t.foreignKey(),refillInterval:t.int({description:`Refill interval in ms`}),refillAmount:t.int({description:`Amount to refill`}),lastRefillAt:t.dateTime(),remaining:t.int({description:`Remaining requests`}),requestCount:t.int({description:`Total requests made`}),lastRequest:t.dateTime(),enabled:t.boolean({default:!0}),rateLimitEnabled:t.boolean({default:!0}),rateLimitTimeWindow:t.int({description:`Rate limit window in ms`}),rateLimitMax:t.int({description:`Max requests in window`}),expiresAt:t.dateTime(),permissions:t.string({isArray:!0}),metadata:t.json({isOptional:!0}),createdAt:t.createdAt(),updatedAt:t.updatedAt(),user:t.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}}),s=n({name:`Passkey`,description:`WebAuthn passkeys for passwordless authentication.`,schema:`lssm_sigil`,map:`passkey`,fields:{id:t.id(),name:t.string({description:`Passkey name`}),publicKey:t.string({description:`Public key`}),userId:t.foreignKey(),credentialID:t.string({description:`Credential ID`}),counter:t.int({description:`Counter`}),deviceType:t.string({description:`Device type`}),backedUp:t.boolean({description:`Whether passkey is backed up`}),transports:t.string({description:`Transports`}),aaguid:t.string({description:`Authenticator GUID`}),createdAt:t.createdAt(),user:t.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}});export{o as ApiKeyEntity,s as PasskeyEntity,i as PermissionEntity,a as PolicyBindingEntity,r as RoleEntity};
+import { defineEntity, field, index } from "../schema/dist/entity/defineEntity.js";
+import "../schema/dist/index.js";
+//#region src/entities/rbac.ts
+/**
+* Role entity - named set of permissions.
+*/
+const RoleEntity = defineEntity({
+	name: "Role",
+	description: "A role defines a named set of permissions.",
+	schema: "lssm_sigil",
+	map: "role",
+	fields: {
+		id: field.id(),
+		name: field.string({
+			isUnique: true,
+			description: "Unique role name"
+		}),
+		description: field.string({
+			isOptional: true,
+			description: "Role description"
+		}),
+		permissions: field.string({
+			isArray: true,
+			description: "Array of permission names"
+		}),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt(),
+		policyBindings: field.hasMany("PolicyBinding")
+	}
+});
+/**
+* Permission entity - atomic access right.
+*/
+const PermissionEntity = defineEntity({
+	name: "Permission",
+	description: "A permission represents an atomic access right.",
+	schema: "lssm_sigil",
+	map: "permission",
+	fields: {
+		id: field.id(),
+		name: field.string({
+			isUnique: true,
+			description: "Unique permission name"
+		}),
+		description: field.string({
+			isOptional: true,
+			description: "Permission description"
+		}),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt()
+	}
+});
+/**
+* PolicyBinding entity - binds roles to principals.
+*/
+const PolicyBindingEntity = defineEntity({
+	name: "PolicyBinding",
+	description: "Binds roles to principals (users or organizations).",
+	schema: "lssm_sigil",
+	map: "policy_binding",
+	fields: {
+		id: field.id(),
+		roleId: field.foreignKey(),
+		targetType: field.string({ description: "\"user\" or \"organization\"" }),
+		targetId: field.string({ description: "ID of User or Organization" }),
+		expiresAt: field.dateTime({
+			isOptional: true,
+			description: "When binding expires"
+		}),
+		createdAt: field.createdAt(),
+		userId: field.string({ isOptional: true }),
+		organizationId: field.string({ isOptional: true }),
+		role: field.belongsTo("Role", ["roleId"], ["id"], { onDelete: "Cascade" }),
+		user: field.belongsTo("User", ["userId"], ["id"]),
+		organization: field.belongsTo("Organization", ["organizationId"], ["id"])
+	},
+	indexes: [index.on(["targetType", "targetId"])]
+});
+/**
+* ApiKey entity - API keys for programmatic access.
+*/
+const ApiKeyEntity = defineEntity({
+	name: "ApiKey",
+	description: "API keys for programmatic access.",
+	schema: "lssm_sigil",
+	map: "api_key",
+	fields: {
+		id: field.id(),
+		name: field.string({ description: "API key name" }),
+		start: field.string({ description: "Starting characters for identification" }),
+		prefix: field.string({ description: "API key prefix" }),
+		key: field.string({ description: "Hashed API key" }),
+		userId: field.foreignKey(),
+		refillInterval: field.int({ description: "Refill interval in ms" }),
+		refillAmount: field.int({ description: "Amount to refill" }),
+		lastRefillAt: field.dateTime(),
+		remaining: field.int({ description: "Remaining requests" }),
+		requestCount: field.int({ description: "Total requests made" }),
+		lastRequest: field.dateTime(),
+		enabled: field.boolean({ default: true }),
+		rateLimitEnabled: field.boolean({ default: true }),
+		rateLimitTimeWindow: field.int({ description: "Rate limit window in ms" }),
+		rateLimitMax: field.int({ description: "Max requests in window" }),
+		expiresAt: field.dateTime(),
+		permissions: field.string({ isArray: true }),
+		metadata: field.json({ isOptional: true }),
+		createdAt: field.createdAt(),
+		updatedAt: field.updatedAt(),
+		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+	}
+});
+/**
+* Passkey entity - WebAuthn passkeys.
+*/
+const PasskeyEntity = defineEntity({
+	name: "Passkey",
+	description: "WebAuthn passkeys for passwordless authentication.",
+	schema: "lssm_sigil",
+	map: "passkey",
+	fields: {
+		id: field.id(),
+		name: field.string({ description: "Passkey name" }),
+		publicKey: field.string({ description: "Public key" }),
+		userId: field.foreignKey(),
+		credentialID: field.string({ description: "Credential ID" }),
+		counter: field.int({ description: "Counter" }),
+		deviceType: field.string({ description: "Device type" }),
+		backedUp: field.boolean({ description: "Whether passkey is backed up" }),
+		transports: field.string({ description: "Transports" }),
+		aaguid: field.string({ description: "Authenticator GUID" }),
+		createdAt: field.createdAt(),
+		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
+	}
+});
+//#endregion
+export { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity };

package/dist/entities/user.d.ts CHANGED Viewed

@@ -1,87 +1,87 @@
-import * as _lssm_lib_schema542 from "@lssm/lib.schema";
+import * as _lssm_lib_schema511 from "@lssm/lib.schema";
 //#region src/entities/user.d.ts
 /**
  * User entity - core user profile and authentication.
  */
-declare const UserEntity: _lssm_lib_schema542.EntitySpec<{
-  id: _lssm_lib_schema542.EntityScalarField;
-  email: _lssm_lib_schema542.EntityScalarField;
-  emailVerified: _lssm_lib_schema542.EntityScalarField;
-  name: _lssm_lib_schema542.EntityScalarField;
-  firstName: _lssm_lib_schema542.EntityScalarField;
-  lastName: _lssm_lib_schema542.EntityScalarField;
-  locale: _lssm_lib_schema542.EntityScalarField;
-  timezone: _lssm_lib_schema542.EntityScalarField;
-  imageUrl: _lssm_lib_schema542.EntityScalarField;
-  image: _lssm_lib_schema542.EntityScalarField;
-  metadata: _lssm_lib_schema542.EntityScalarField;
-  onboardingCompleted: _lssm_lib_schema542.EntityScalarField;
-  onboardingStep: _lssm_lib_schema542.EntityScalarField;
-  whitelistedAt: _lssm_lib_schema542.EntityScalarField;
-  role: _lssm_lib_schema542.EntityScalarField;
-  banned: _lssm_lib_schema542.EntityScalarField;
-  banReason: _lssm_lib_schema542.EntityScalarField;
-  banExpires: _lssm_lib_schema542.EntityScalarField;
-  phoneNumber: _lssm_lib_schema542.EntityScalarField;
-  phoneNumberVerified: _lssm_lib_schema542.EntityScalarField;
-  createdAt: _lssm_lib_schema542.EntityScalarField;
-  updatedAt: _lssm_lib_schema542.EntityScalarField;
-  sessions: _lssm_lib_schema542.EntityRelationField;
-  accounts: _lssm_lib_schema542.EntityRelationField;
-  memberships: _lssm_lib_schema542.EntityRelationField;
-  invitations: _lssm_lib_schema542.EntityRelationField;
-  teamMemberships: _lssm_lib_schema542.EntityRelationField;
-  policyBindings: _lssm_lib_schema542.EntityRelationField;
-  apiKeys: _lssm_lib_schema542.EntityRelationField;
-  passkeys: _lssm_lib_schema542.EntityRelationField;
+declare const UserEntity: _lssm_lib_schema511.EntitySpec<{
+  id: _lssm_lib_schema511.EntityScalarField;
+  email: _lssm_lib_schema511.EntityScalarField;
+  emailVerified: _lssm_lib_schema511.EntityScalarField;
+  name: _lssm_lib_schema511.EntityScalarField;
+  firstName: _lssm_lib_schema511.EntityScalarField;
+  lastName: _lssm_lib_schema511.EntityScalarField;
+  locale: _lssm_lib_schema511.EntityScalarField;
+  timezone: _lssm_lib_schema511.EntityScalarField;
+  imageUrl: _lssm_lib_schema511.EntityScalarField;
+  image: _lssm_lib_schema511.EntityScalarField;
+  metadata: _lssm_lib_schema511.EntityScalarField;
+  onboardingCompleted: _lssm_lib_schema511.EntityScalarField;
+  onboardingStep: _lssm_lib_schema511.EntityScalarField;
+  whitelistedAt: _lssm_lib_schema511.EntityScalarField;
+  role: _lssm_lib_schema511.EntityScalarField;
+  banned: _lssm_lib_schema511.EntityScalarField;
+  banReason: _lssm_lib_schema511.EntityScalarField;
+  banExpires: _lssm_lib_schema511.EntityScalarField;
+  phoneNumber: _lssm_lib_schema511.EntityScalarField;
+  phoneNumberVerified: _lssm_lib_schema511.EntityScalarField;
+  createdAt: _lssm_lib_schema511.EntityScalarField;
+  updatedAt: _lssm_lib_schema511.EntityScalarField;
+  sessions: _lssm_lib_schema511.EntityRelationField;
+  accounts: _lssm_lib_schema511.EntityRelationField;
+  memberships: _lssm_lib_schema511.EntityRelationField;
+  invitations: _lssm_lib_schema511.EntityRelationField;
+  teamMemberships: _lssm_lib_schema511.EntityRelationField;
+  policyBindings: _lssm_lib_schema511.EntityRelationField;
+  apiKeys: _lssm_lib_schema511.EntityRelationField;
+  passkeys: _lssm_lib_schema511.EntityRelationField;
 }>;
 /**
  * Session entity - login sessions.
  */
-declare const SessionEntity: _lssm_lib_schema542.EntitySpec<{
-  id: _lssm_lib_schema542.EntityScalarField;
-  userId: _lssm_lib_schema542.EntityScalarField;
-  expiresAt: _lssm_lib_schema542.EntityScalarField;
-  token: _lssm_lib_schema542.EntityScalarField;
-  ipAddress: _lssm_lib_schema542.EntityScalarField;
-  userAgent: _lssm_lib_schema542.EntityScalarField;
-  impersonatedBy: _lssm_lib_schema542.EntityScalarField;
-  activeOrganizationId: _lssm_lib_schema542.EntityScalarField;
-  activeTeamId: _lssm_lib_schema542.EntityScalarField;
-  createdAt: _lssm_lib_schema542.EntityScalarField;
-  updatedAt: _lssm_lib_schema542.EntityScalarField;
-  user: _lssm_lib_schema542.EntityRelationField;
+declare const SessionEntity: _lssm_lib_schema511.EntitySpec<{
+  id: _lssm_lib_schema511.EntityScalarField;
+  userId: _lssm_lib_schema511.EntityScalarField;
+  expiresAt: _lssm_lib_schema511.EntityScalarField;
+  token: _lssm_lib_schema511.EntityScalarField;
+  ipAddress: _lssm_lib_schema511.EntityScalarField;
+  userAgent: _lssm_lib_schema511.EntityScalarField;
+  impersonatedBy: _lssm_lib_schema511.EntityScalarField;
+  activeOrganizationId: _lssm_lib_schema511.EntityScalarField;
+  activeTeamId: _lssm_lib_schema511.EntityScalarField;
+  createdAt: _lssm_lib_schema511.EntityScalarField;
+  updatedAt: _lssm_lib_schema511.EntityScalarField;
+  user: _lssm_lib_schema511.EntityRelationField;
 }>;
 /**
  * Account entity - external authentication accounts.
  */
-declare const AccountEntity: _lssm_lib_schema542.EntitySpec<{
-  id: _lssm_lib_schema542.EntityScalarField;
-  accountId: _lssm_lib_schema542.EntityScalarField;
-  providerId: _lssm_lib_schema542.EntityScalarField;
-  userId: _lssm_lib_schema542.EntityScalarField;
-  accessToken: _lssm_lib_schema542.EntityScalarField;
-  refreshToken: _lssm_lib_schema542.EntityScalarField;
-  idToken: _lssm_lib_schema542.EntityScalarField;
-  accessTokenExpiresAt: _lssm_lib_schema542.EntityScalarField;
-  refreshTokenExpiresAt: _lssm_lib_schema542.EntityScalarField;
-  scope: _lssm_lib_schema542.EntityScalarField;
-  password: _lssm_lib_schema542.EntityScalarField;
-  createdAt: _lssm_lib_schema542.EntityScalarField;
-  updatedAt: _lssm_lib_schema542.EntityScalarField;
-  user: _lssm_lib_schema542.EntityRelationField;
+declare const AccountEntity: _lssm_lib_schema511.EntitySpec<{
+  id: _lssm_lib_schema511.EntityScalarField;
+  accountId: _lssm_lib_schema511.EntityScalarField;
+  providerId: _lssm_lib_schema511.EntityScalarField;
+  userId: _lssm_lib_schema511.EntityScalarField;
+  accessToken: _lssm_lib_schema511.EntityScalarField;
+  refreshToken: _lssm_lib_schema511.EntityScalarField;
+  idToken: _lssm_lib_schema511.EntityScalarField;
+  accessTokenExpiresAt: _lssm_lib_schema511.EntityScalarField;
+  refreshTokenExpiresAt: _lssm_lib_schema511.EntityScalarField;
+  scope: _lssm_lib_schema511.EntityScalarField;
+  password: _lssm_lib_schema511.EntityScalarField;
+  createdAt: _lssm_lib_schema511.EntityScalarField;
+  updatedAt: _lssm_lib_schema511.EntityScalarField;
+  user: _lssm_lib_schema511.EntityRelationField;
 }>;
 /**
  * Verification entity - email/phone verification tokens.
  */
-declare const VerificationEntity: _lssm_lib_schema542.EntitySpec<{
-  id: _lssm_lib_schema542.EntityScalarField;
-  identifier: _lssm_lib_schema542.EntityScalarField;
-  value: _lssm_lib_schema542.EntityScalarField;
-  expiresAt: _lssm_lib_schema542.EntityScalarField;
-  createdAt: _lssm_lib_schema542.EntityScalarField;
-  updatedAt: _lssm_lib_schema542.EntityScalarField;
+declare const VerificationEntity: _lssm_lib_schema511.EntitySpec<{
+  id: _lssm_lib_schema511.EntityScalarField;
+  identifier: _lssm_lib_schema511.EntityScalarField;
+  value: _lssm_lib_schema511.EntityScalarField;
+  expiresAt: _lssm_lib_schema511.EntityScalarField;
+  createdAt: _lssm_lib_schema511.EntityScalarField;
+  updatedAt: _lssm_lib_schema511.EntityScalarField;
 }>;
 //#endregion
 export { AccountEntity, SessionEntity, UserEntity, VerificationEntity };