npm - @lssm/lib.identity-rbac - Versions diffs - 0.0.0-canary-20251217080011 → 1.41.0 - Mend

@lssm/lib.identity-rbac 0.0.0-canary-20251217080011 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/dist/contracts/user.js CHANGED Viewed

@@ -1,335 +1 @@
-import { ScalarTypeEnum } from "../schema/dist/ScalarTypeEnum.js";
-import { SchemaModel } from "../schema/dist/SchemaModel.js";
-import "../schema/dist/index.js";
-import { defineCommand, defineQuery } from "./dist/spec.js";
-import "./dist/index.js";
-//#region src/contracts/user.ts
-const OWNERS = ["platform.identity-rbac"];
-const UserProfileModel = new SchemaModel({
-	name: "UserProfile",
-	description: "User profile information",
-	fields: {
-		id: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: false
-		},
-		email: {
-			type: ScalarTypeEnum.EmailAddress(),
-			isOptional: false
-		},
-		emailVerified: {
-			type: ScalarTypeEnum.Boolean(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		firstName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		lastName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		locale: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		timezone: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		imageUrl: {
-			type: ScalarTypeEnum.URL(),
-			isOptional: true
-		},
-		role: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		onboardingCompleted: {
-			type: ScalarTypeEnum.Boolean(),
-			isOptional: false
-		},
-		createdAt: {
-			type: ScalarTypeEnum.DateTime(),
-			isOptional: false
-		}
-	}
-});
-const CreateUserInputModel = new SchemaModel({
-	name: "CreateUserInput",
-	description: "Input for creating a new user",
-	fields: {
-		email: {
-			type: ScalarTypeEnum.EmailAddress(),
-			isOptional: false
-		},
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		firstName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		lastName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		password: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const UpdateUserInputModel = new SchemaModel({
-	name: "UpdateUserInput",
-	description: "Input for updating a user profile",
-	fields: {
-		name: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		firstName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		lastName: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		locale: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		timezone: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		},
-		imageUrl: {
-			type: ScalarTypeEnum.URL(),
-			isOptional: true
-		}
-	}
-});
-const DeleteUserInputModel = new SchemaModel({
-	name: "DeleteUserInput",
-	description: "Input for deleting a user",
-	fields: { confirmEmail: {
-		type: ScalarTypeEnum.EmailAddress(),
-		isOptional: false
-	} }
-});
-const SuccessResultModel = new SchemaModel({
-	name: "SuccessResult",
-	description: "Simple success result",
-	fields: { success: {
-		type: ScalarTypeEnum.Boolean(),
-		isOptional: false
-	} }
-});
-const UserDeletedPayloadModel = new SchemaModel({
-	name: "UserDeletedPayload",
-	description: "Payload for user deleted event",
-	fields: { userId: {
-		type: ScalarTypeEnum.String_unsecure(),
-		isOptional: false
-	} }
-});
-const ListUsersInputModel = new SchemaModel({
-	name: "ListUsersInput",
-	description: "Input for listing users",
-	fields: {
-		limit: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: true
-		},
-		offset: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: true
-		},
-		search: {
-			type: ScalarTypeEnum.String_unsecure(),
-			isOptional: true
-		}
-	}
-});
-const ListUsersOutputModel = new SchemaModel({
-	name: "ListUsersOutput",
-	description: "Output for listing users",
-	fields: {
-		users: {
-			type: UserProfileModel,
-			isOptional: false,
-			isArray: true
-		},
-		total: {
-			type: ScalarTypeEnum.Int_unsecure(),
-			isOptional: false
-		}
-	}
-});
-/**
-* Create a new user account.
-*/
-const CreateUserContract = defineCommand({
-	meta: {
-		name: "identity.user.create",
-		version: 1,
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"user",
-			"create"
-		],
-		description: "Create a new user account.",
-		goal: "Register a new user in the system.",
-		context: "Used during signup flows. May trigger email verification."
-	},
-	io: {
-		input: CreateUserInputModel,
-		output: UserProfileModel,
-		errors: { EMAIL_EXISTS: {
-			description: "A user with this email already exists",
-			http: 409,
-			gqlCode: "EMAIL_EXISTS",
-			when: "Email is already registered"
-		} }
-	},
-	policy: { auth: "anonymous" },
-	sideEffects: {
-		emits: [{
-			name: "user.created",
-			version: 1,
-			when: "User is successfully created",
-			payload: UserProfileModel
-		}],
-		audit: ["user.created"]
-	}
-});
-/**
-* Get the current user's profile.
-*/
-const GetCurrentUserContract = defineQuery({
-	meta: {
-		name: "identity.user.me",
-		version: 1,
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"user",
-			"profile"
-		],
-		description: "Get the current authenticated user profile.",
-		goal: "Retrieve user profile for the authenticated session.",
-		context: "Called on app load and after profile updates."
-	},
-	io: {
-		input: null,
-		output: UserProfileModel
-	},
-	policy: { auth: "user" }
-});
-/**
-* Update user profile.
-*/
-const UpdateUserContract = defineCommand({
-	meta: {
-		name: "identity.user.update",
-		version: 1,
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"user",
-			"update"
-		],
-		description: "Update user profile information.",
-		goal: "Allow users to update their profile.",
-		context: "Self-service profile updates."
-	},
-	io: {
-		input: UpdateUserInputModel,
-		output: UserProfileModel
-	},
-	policy: { auth: "user" },
-	sideEffects: {
-		emits: [{
-			name: "user.updated",
-			version: 1,
-			when: "User profile is updated",
-			payload: UserProfileModel
-		}],
-		audit: ["user.updated"]
-	}
-});
-/**
-* Delete user account.
-*/
-const DeleteUserContract = defineCommand({
-	meta: {
-		name: "identity.user.delete",
-		version: 1,
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"user",
-			"delete"
-		],
-		description: "Delete user account and all associated data.",
-		goal: "Allow users to delete their account (GDPR compliance).",
-		context: "Self-service account deletion. Cascades to memberships, sessions, etc."
-	},
-	io: {
-		input: DeleteUserInputModel,
-		output: SuccessResultModel
-	},
-	policy: {
-		auth: "user",
-		escalate: "human_review"
-	},
-	sideEffects: {
-		emits: [{
-			name: "user.deleted",
-			version: 1,
-			when: "User account is deleted",
-			payload: UserDeletedPayloadModel
-		}],
-		audit: ["user.deleted"]
-	}
-});
-/**
-* List users (admin only).
-*/
-const ListUsersContract = defineQuery({
-	meta: {
-		name: "identity.user.list",
-		version: 1,
-		stability: "stable",
-		owners: [...OWNERS],
-		tags: [
-			"identity",
-			"user",
-			"admin",
-			"list"
-		],
-		description: "List all users (admin only).",
-		goal: "Allow admins to browse and manage users.",
-		context: "Admin dashboard user management."
-	},
-	io: {
-		input: ListUsersInputModel,
-		output: ListUsersOutputModel
-	},
-	policy: { auth: "admin" }
-});
-//#endregion
-export { CreateUserContract, CreateUserInputModel, DeleteUserContract, DeleteUserInputModel, GetCurrentUserContract, ListUsersContract, ListUsersInputModel, ListUsersOutputModel, SuccessResultModel, UpdateUserContract, UpdateUserInputModel, UserDeletedPayloadModel, UserProfileModel };
+import{ScalarTypeEnum as e,SchemaModel as t}from"@lssm/lib.schema";import{defineCommand as n,defineQuery as r}from"@lssm/lib.contracts";const i=[`platform.identity-rbac`],a=new t({name:`UserProfile`,description:`User profile information`,fields:{id:{type:e.String_unsecure(),isOptional:!1},email:{type:e.EmailAddress(),isOptional:!1},emailVerified:{type:e.Boolean(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!0},firstName:{type:e.String_unsecure(),isOptional:!0},lastName:{type:e.String_unsecure(),isOptional:!0},locale:{type:e.String_unsecure(),isOptional:!0},timezone:{type:e.String_unsecure(),isOptional:!0},imageUrl:{type:e.URL(),isOptional:!0},role:{type:e.String_unsecure(),isOptional:!0},onboardingCompleted:{type:e.Boolean(),isOptional:!1},createdAt:{type:e.DateTime(),isOptional:!1}}}),o=new t({name:`CreateUserInput`,description:`Input for creating a new user`,fields:{email:{type:e.EmailAddress(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!0},firstName:{type:e.String_unsecure(),isOptional:!0},lastName:{type:e.String_unsecure(),isOptional:!0},password:{type:e.String_unsecure(),isOptional:!0}}}),s=new t({name:`UpdateUserInput`,description:`Input for updating a user profile`,fields:{name:{type:e.String_unsecure(),isOptional:!0},firstName:{type:e.String_unsecure(),isOptional:!0},lastName:{type:e.String_unsecure(),isOptional:!0},locale:{type:e.String_unsecure(),isOptional:!0},timezone:{type:e.String_unsecure(),isOptional:!0},imageUrl:{type:e.URL(),isOptional:!0}}}),c=new t({name:`DeleteUserInput`,description:`Input for deleting a user`,fields:{confirmEmail:{type:e.EmailAddress(),isOptional:!1}}}),l=new t({name:`SuccessResult`,description:`Simple success result`,fields:{success:{type:e.Boolean(),isOptional:!1}}}),u=new t({name:`UserDeletedPayload`,description:`Payload for user deleted event`,fields:{userId:{type:e.String_unsecure(),isOptional:!1}}}),d=new t({name:`ListUsersInput`,description:`Input for listing users`,fields:{limit:{type:e.Int_unsecure(),isOptional:!0},offset:{type:e.Int_unsecure(),isOptional:!0},search:{type:e.String_unsecure(),isOptional:!0}}}),f=new t({name:`ListUsersOutput`,description:`Output for listing users`,fields:{users:{type:a,isOptional:!1,isArray:!0},total:{type:e.Int_unsecure(),isOptional:!1}}}),p=n({meta:{name:`identity.user.create`,version:1,stability:`stable`,owners:[...i],tags:[`identity`,`user`,`create`],description:`Create a new user account.`,goal:`Register a new user in the system.`,context:`Used during signup flows. May trigger email verification.`},io:{input:o,output:a,errors:{EMAIL_EXISTS:{description:`A user with this email already exists`,http:409,gqlCode:`EMAIL_EXISTS`,when:`Email is already registered`}}},policy:{auth:`anonymous`},sideEffects:{emits:[{name:`user.created`,version:1,when:`User is successfully created`,payload:a}],audit:[`user.created`]}}),m=r({meta:{name:`identity.user.me`,version:1,stability:`stable`,owners:[...i],tags:[`identity`,`user`,`profile`],description:`Get the current authenticated user profile.`,goal:`Retrieve user profile for the authenticated session.`,context:`Called on app load and after profile updates.`},io:{input:null,output:a},policy:{auth:`user`}}),h=n({meta:{name:`identity.user.update`,version:1,stability:`stable`,owners:[...i],tags:[`identity`,`user`,`update`],description:`Update user profile information.`,goal:`Allow users to update their profile.`,context:`Self-service profile updates.`},io:{input:s,output:a},policy:{auth:`user`},sideEffects:{emits:[{name:`user.updated`,version:1,when:`User profile is updated`,payload:a}],audit:[`user.updated`]}}),g=n({meta:{name:`identity.user.delete`,version:1,stability:`stable`,owners:[...i],tags:[`identity`,`user`,`delete`],description:`Delete user account and all associated data.`,goal:`Allow users to delete their account (GDPR compliance).`,context:`Self-service account deletion. Cascades to memberships, sessions, etc.`},io:{input:c,output:l},policy:{auth:`user`,escalate:`human_review`},sideEffects:{emits:[{name:`user.deleted`,version:1,when:`User account is deleted`,payload:u}],audit:[`user.deleted`]}}),_=r({meta:{name:`identity.user.list`,version:1,stability:`stable`,owners:[...i],tags:[`identity`,`user`,`admin`,`list`],description:`List all users (admin only).`,goal:`Allow admins to browse and manage users.`,context:`Admin dashboard user management.`},io:{input:d,output:f},policy:{auth:`admin`}});export{p as CreateUserContract,o as CreateUserInputModel,g as DeleteUserContract,c as DeleteUserInputModel,m as GetCurrentUserContract,_ as ListUsersContract,d as ListUsersInputModel,f as ListUsersOutputModel,l as SuccessResultModel,h as UpdateUserContract,s as UpdateUserInputModel,u as UserDeletedPayloadModel,a as UserProfileModel};

package/dist/entities/index.js CHANGED Viewed

@@ -1,35 +1 @@
-import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./user.js";
-import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./organization.js";
-import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./rbac.js";
-//#region src/entities/index.ts
-/**
-* All identity-rbac entities for schema composition.
-*/
-const identityRbacEntities = [
-	UserEntity,
-	SessionEntity,
-	AccountEntity,
-	VerificationEntity,
-	OrganizationEntity,
-	MemberEntity,
-	InvitationEntity,
-	TeamEntity,
-	TeamMemberEntity,
-	RoleEntity,
-	PermissionEntity,
-	PolicyBindingEntity,
-	ApiKeyEntity,
-	PasskeyEntity
-];
-/**
-* Module schema contribution for identity-rbac.
-*/
-const identityRbacSchemaContribution = {
-	moduleId: "@lssm/lib.identity-rbac",
-	entities: identityRbacEntities,
-	enums: [OrganizationTypeEnum]
-};
-//#endregion
-export { AccountEntity, ApiKeyEntity, InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity, SessionEntity, TeamEntity, TeamMemberEntity, UserEntity, VerificationEntity, identityRbacEntities, identityRbacSchemaContribution };
+import{AccountEntity as e,SessionEntity as t,UserEntity as n,VerificationEntity as r}from"./user.js";import{InvitationEntity as i,MemberEntity as a,OrganizationEntity as o,OrganizationTypeEnum as s,TeamEntity as c,TeamMemberEntity as l}from"./organization.js";import{ApiKeyEntity as u,PasskeyEntity as d,PermissionEntity as f,PolicyBindingEntity as p,RoleEntity as m}from"./rbac.js";const h=[n,t,e,r,o,a,i,c,l,m,f,p,u,d],g={moduleId:`@lssm/lib.identity-rbac`,entities:h,enums:[s]};export{e as AccountEntity,u as ApiKeyEntity,i as InvitationEntity,a as MemberEntity,o as OrganizationEntity,s as OrganizationTypeEnum,d as PasskeyEntity,f as PermissionEntity,p as PolicyBindingEntity,m as RoleEntity,t as SessionEntity,c as TeamEntity,l as TeamMemberEntity,n as UserEntity,r as VerificationEntity,h as identityRbacEntities,g as identityRbacSchemaContribution};

package/dist/entities/organization.js CHANGED Viewed

@@ -1,151 +1 @@
-import { defineEntity, defineEntityEnum, field, index } from "../schema/dist/entity/defineEntity.js";
-import "../schema/dist/index.js";
-//#region src/entities/organization.ts
-/**
-* Organization type enum.
-*/
-const OrganizationTypeEnum = defineEntityEnum({
-	name: "OrganizationType",
-	values: ["PLATFORM_ADMIN", "CONTRACT_SPEC_CUSTOMER"],
-	schema: "lssm_sigil",
-	description: "Type of organization in the platform."
-});
-/**
-* Organization entity - tenant/company grouping.
-*/
-const OrganizationEntity = defineEntity({
-	name: "Organization",
-	description: "An organization is a tenant boundary grouping users.",
-	schema: "lssm_sigil",
-	map: "organization",
-	fields: {
-		id: field.id({ description: "Unique organization identifier" }),
-		name: field.string({ description: "Organization display name" }),
-		slug: field.string({
-			isOptional: true,
-			isUnique: true,
-			description: "URL-friendly identifier"
-		}),
-		logo: field.url({
-			isOptional: true,
-			description: "Organization logo URL"
-		}),
-		description: field.string({
-			isOptional: true,
-			description: "Organization description"
-		}),
-		metadata: field.json({
-			isOptional: true,
-			description: "Arbitrary organization metadata"
-		}),
-		type: field.enum("OrganizationType", { description: "Organization type" }),
-		onboardingCompleted: field.boolean({ default: false }),
-		onboardingStep: field.string({ isOptional: true }),
-		referralCode: field.string({
-			isOptional: true,
-			isUnique: true,
-			description: "Unique referral code"
-		}),
-		referredBy: field.string({
-			isOptional: true,
-			description: "ID of referring user"
-		}),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt(),
-		members: field.hasMany("Member"),
-		invitations: field.hasMany("Invitation"),
-		teams: field.hasMany("Team"),
-		policyBindings: field.hasMany("PolicyBinding")
-	},
-	enums: [OrganizationTypeEnum]
-});
-/**
-* Member entity - user membership in an organization.
-*/
-const MemberEntity = defineEntity({
-	name: "Member",
-	description: "Membership of a user in an organization with a role.",
-	schema: "lssm_sigil",
-	map: "member",
-	fields: {
-		id: field.id(),
-		userId: field.foreignKey(),
-		organizationId: field.foreignKey(),
-		role: field.string({ description: "Role in organization (owner, admin, member)" }),
-		createdAt: field.createdAt(),
-		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" }),
-		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" })
-	},
-	indexes: [index.unique(["userId", "organizationId"])]
-});
-/**
-* Invitation entity - pending organization invites.
-*/
-const InvitationEntity = defineEntity({
-	name: "Invitation",
-	description: "An invitation to join an organization.",
-	schema: "lssm_sigil",
-	map: "invitation",
-	fields: {
-		id: field.id(),
-		organizationId: field.foreignKey(),
-		email: field.email({ description: "Invited email address" }),
-		role: field.string({
-			isOptional: true,
-			description: "Role to assign on acceptance"
-		}),
-		status: field.string({
-			default: "\"pending\"",
-			description: "Invitation status"
-		}),
-		acceptedAt: field.dateTime({ isOptional: true }),
-		expiresAt: field.dateTime({ isOptional: true }),
-		inviterId: field.foreignKey({ description: "User who sent the invitation" }),
-		teamId: field.string({ isOptional: true }),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt(),
-		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" }),
-		inviter: field.belongsTo("User", ["inviterId"], ["id"], { onDelete: "Cascade" }),
-		team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" })
-	}
-});
-/**
-* Team entity - team within an organization.
-*/
-const TeamEntity = defineEntity({
-	name: "Team",
-	description: "Team within an organization.",
-	schema: "lssm_sigil",
-	map: "team",
-	fields: {
-		id: field.id(),
-		name: field.string({ description: "Team name" }),
-		organizationId: field.foreignKey(),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt(),
-		organization: field.belongsTo("Organization", ["organizationId"], ["id"], { onDelete: "Cascade" }),
-		members: field.hasMany("TeamMember"),
-		invitations: field.hasMany("Invitation")
-	}
-});
-/**
-* TeamMember entity - user's team membership.
-*/
-const TeamMemberEntity = defineEntity({
-	name: "TeamMember",
-	description: "Team membership for a user.",
-	schema: "lssm_sigil",
-	map: "team_member",
-	fields: {
-		id: field.id(),
-		teamId: field.foreignKey(),
-		userId: field.foreignKey(),
-		createdAt: field.createdAt(),
-		team: field.belongsTo("Team", ["teamId"], ["id"], { onDelete: "Cascade" }),
-		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-	}
-});
-//#endregion
-export { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity };
+import{defineEntity as e,defineEntityEnum as t,field as n,index as r}from"@lssm/lib.schema";const i=t({name:`OrganizationType`,values:[`PLATFORM_ADMIN`,`CONTRACT_SPEC_CUSTOMER`],schema:`lssm_sigil`,description:`Type of organization in the platform.`}),a=e({name:`Organization`,description:`An organization is a tenant boundary grouping users.`,schema:`lssm_sigil`,map:`organization`,fields:{id:n.id({description:`Unique organization identifier`}),name:n.string({description:`Organization display name`}),slug:n.string({isOptional:!0,isUnique:!0,description:`URL-friendly identifier`}),logo:n.url({isOptional:!0,description:`Organization logo URL`}),description:n.string({isOptional:!0,description:`Organization description`}),metadata:n.json({isOptional:!0,description:`Arbitrary organization metadata`}),type:n.enum(`OrganizationType`,{description:`Organization type`}),onboardingCompleted:n.boolean({default:!1}),onboardingStep:n.string({isOptional:!0}),referralCode:n.string({isOptional:!0,isUnique:!0,description:`Unique referral code`}),referredBy:n.string({isOptional:!0,description:`ID of referring user`}),createdAt:n.createdAt(),updatedAt:n.updatedAt(),members:n.hasMany(`Member`),invitations:n.hasMany(`Invitation`),teams:n.hasMany(`Team`),policyBindings:n.hasMany(`PolicyBinding`)},enums:[i]}),o=e({name:`Member`,description:`Membership of a user in an organization with a role.`,schema:`lssm_sigil`,map:`member`,fields:{id:n.id(),userId:n.foreignKey(),organizationId:n.foreignKey(),role:n.string({description:`Role in organization (owner, admin, member)`}),createdAt:n.createdAt(),user:n.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`}),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`})},indexes:[r.unique([`userId`,`organizationId`])]}),s=e({name:`Invitation`,description:`An invitation to join an organization.`,schema:`lssm_sigil`,map:`invitation`,fields:{id:n.id(),organizationId:n.foreignKey(),email:n.email({description:`Invited email address`}),role:n.string({isOptional:!0,description:`Role to assign on acceptance`}),status:n.string({default:`"pending"`,description:`Invitation status`}),acceptedAt:n.dateTime({isOptional:!0}),expiresAt:n.dateTime({isOptional:!0}),inviterId:n.foreignKey({description:`User who sent the invitation`}),teamId:n.string({isOptional:!0}),createdAt:n.createdAt(),updatedAt:n.updatedAt(),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`}),inviter:n.belongsTo(`User`,[`inviterId`],[`id`],{onDelete:`Cascade`}),team:n.belongsTo(`Team`,[`teamId`],[`id`],{onDelete:`Cascade`})}}),c=e({name:`Team`,description:`Team within an organization.`,schema:`lssm_sigil`,map:`team`,fields:{id:n.id(),name:n.string({description:`Team name`}),organizationId:n.foreignKey(),createdAt:n.createdAt(),updatedAt:n.updatedAt(),organization:n.belongsTo(`Organization`,[`organizationId`],[`id`],{onDelete:`Cascade`}),members:n.hasMany(`TeamMember`),invitations:n.hasMany(`Invitation`)}}),l=e({name:`TeamMember`,description:`Team membership for a user.`,schema:`lssm_sigil`,map:`team_member`,fields:{id:n.id(),teamId:n.foreignKey(),userId:n.foreignKey(),createdAt:n.createdAt(),team:n.belongsTo(`Team`,[`teamId`],[`id`],{onDelete:`Cascade`}),user:n.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}});export{s as InvitationEntity,o as MemberEntity,a as OrganizationEntity,i as OrganizationTypeEnum,c as TeamEntity,l as TeamMemberEntity};

package/dist/entities/rbac.js CHANGED Viewed

@@ -1,138 +1 @@
-import { defineEntity, field, index } from "../schema/dist/entity/defineEntity.js";
-import "../schema/dist/index.js";
-//#region src/entities/rbac.ts
-/**
-* Role entity - named set of permissions.
-*/
-const RoleEntity = defineEntity({
-	name: "Role",
-	description: "A role defines a named set of permissions.",
-	schema: "lssm_sigil",
-	map: "role",
-	fields: {
-		id: field.id(),
-		name: field.string({
-			isUnique: true,
-			description: "Unique role name"
-		}),
-		description: field.string({
-			isOptional: true,
-			description: "Role description"
-		}),
-		permissions: field.string({
-			isArray: true,
-			description: "Array of permission names"
-		}),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt(),
-		policyBindings: field.hasMany("PolicyBinding")
-	}
-});
-/**
-* Permission entity - atomic access right.
-*/
-const PermissionEntity = defineEntity({
-	name: "Permission",
-	description: "A permission represents an atomic access right.",
-	schema: "lssm_sigil",
-	map: "permission",
-	fields: {
-		id: field.id(),
-		name: field.string({
-			isUnique: true,
-			description: "Unique permission name"
-		}),
-		description: field.string({
-			isOptional: true,
-			description: "Permission description"
-		}),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt()
-	}
-});
-/**
-* PolicyBinding entity - binds roles to principals.
-*/
-const PolicyBindingEntity = defineEntity({
-	name: "PolicyBinding",
-	description: "Binds roles to principals (users or organizations).",
-	schema: "lssm_sigil",
-	map: "policy_binding",
-	fields: {
-		id: field.id(),
-		roleId: field.foreignKey(),
-		targetType: field.string({ description: "\"user\" or \"organization\"" }),
-		targetId: field.string({ description: "ID of User or Organization" }),
-		expiresAt: field.dateTime({
-			isOptional: true,
-			description: "When binding expires"
-		}),
-		createdAt: field.createdAt(),
-		userId: field.string({ isOptional: true }),
-		organizationId: field.string({ isOptional: true }),
-		role: field.belongsTo("Role", ["roleId"], ["id"], { onDelete: "Cascade" }),
-		user: field.belongsTo("User", ["userId"], ["id"]),
-		organization: field.belongsTo("Organization", ["organizationId"], ["id"])
-	},
-	indexes: [index.on(["targetType", "targetId"])]
-});
-/**
-* ApiKey entity - API keys for programmatic access.
-*/
-const ApiKeyEntity = defineEntity({
-	name: "ApiKey",
-	description: "API keys for programmatic access.",
-	schema: "lssm_sigil",
-	map: "api_key",
-	fields: {
-		id: field.id(),
-		name: field.string({ description: "API key name" }),
-		start: field.string({ description: "Starting characters for identification" }),
-		prefix: field.string({ description: "API key prefix" }),
-		key: field.string({ description: "Hashed API key" }),
-		userId: field.foreignKey(),
-		refillInterval: field.int({ description: "Refill interval in ms" }),
-		refillAmount: field.int({ description: "Amount to refill" }),
-		lastRefillAt: field.dateTime(),
-		remaining: field.int({ description: "Remaining requests" }),
-		requestCount: field.int({ description: "Total requests made" }),
-		lastRequest: field.dateTime(),
-		enabled: field.boolean({ default: true }),
-		rateLimitEnabled: field.boolean({ default: true }),
-		rateLimitTimeWindow: field.int({ description: "Rate limit window in ms" }),
-		rateLimitMax: field.int({ description: "Max requests in window" }),
-		expiresAt: field.dateTime(),
-		permissions: field.string({ isArray: true }),
-		metadata: field.json({ isOptional: true }),
-		createdAt: field.createdAt(),
-		updatedAt: field.updatedAt(),
-		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-	}
-});
-/**
-* Passkey entity - WebAuthn passkeys.
-*/
-const PasskeyEntity = defineEntity({
-	name: "Passkey",
-	description: "WebAuthn passkeys for passwordless authentication.",
-	schema: "lssm_sigil",
-	map: "passkey",
-	fields: {
-		id: field.id(),
-		name: field.string({ description: "Passkey name" }),
-		publicKey: field.string({ description: "Public key" }),
-		userId: field.foreignKey(),
-		credentialID: field.string({ description: "Credential ID" }),
-		counter: field.int({ description: "Counter" }),
-		deviceType: field.string({ description: "Device type" }),
-		backedUp: field.boolean({ description: "Whether passkey is backed up" }),
-		transports: field.string({ description: "Transports" }),
-		aaguid: field.string({ description: "Authenticator GUID" }),
-		createdAt: field.createdAt(),
-		user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
-	}
-});
-//#endregion
-export { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity };
+import{defineEntity as e,field as t,index as n}from"@lssm/lib.schema";const r=e({name:`Role`,description:`A role defines a named set of permissions.`,schema:`lssm_sigil`,map:`role`,fields:{id:t.id(),name:t.string({isUnique:!0,description:`Unique role name`}),description:t.string({isOptional:!0,description:`Role description`}),permissions:t.string({isArray:!0,description:`Array of permission names`}),createdAt:t.createdAt(),updatedAt:t.updatedAt(),policyBindings:t.hasMany(`PolicyBinding`)}}),i=e({name:`Permission`,description:`A permission represents an atomic access right.`,schema:`lssm_sigil`,map:`permission`,fields:{id:t.id(),name:t.string({isUnique:!0,description:`Unique permission name`}),description:t.string({isOptional:!0,description:`Permission description`}),createdAt:t.createdAt(),updatedAt:t.updatedAt()}}),a=e({name:`PolicyBinding`,description:`Binds roles to principals (users or organizations).`,schema:`lssm_sigil`,map:`policy_binding`,fields:{id:t.id(),roleId:t.foreignKey(),targetType:t.string({description:`"user" or "organization"`}),targetId:t.string({description:`ID of User or Organization`}),expiresAt:t.dateTime({isOptional:!0,description:`When binding expires`}),createdAt:t.createdAt(),userId:t.string({isOptional:!0}),organizationId:t.string({isOptional:!0}),role:t.belongsTo(`Role`,[`roleId`],[`id`],{onDelete:`Cascade`}),user:t.belongsTo(`User`,[`userId`],[`id`]),organization:t.belongsTo(`Organization`,[`organizationId`],[`id`])},indexes:[n.on([`targetType`,`targetId`])]}),o=e({name:`ApiKey`,description:`API keys for programmatic access.`,schema:`lssm_sigil`,map:`api_key`,fields:{id:t.id(),name:t.string({description:`API key name`}),start:t.string({description:`Starting characters for identification`}),prefix:t.string({description:`API key prefix`}),key:t.string({description:`Hashed API key`}),userId:t.foreignKey(),refillInterval:t.int({description:`Refill interval in ms`}),refillAmount:t.int({description:`Amount to refill`}),lastRefillAt:t.dateTime(),remaining:t.int({description:`Remaining requests`}),requestCount:t.int({description:`Total requests made`}),lastRequest:t.dateTime(),enabled:t.boolean({default:!0}),rateLimitEnabled:t.boolean({default:!0}),rateLimitTimeWindow:t.int({description:`Rate limit window in ms`}),rateLimitMax:t.int({description:`Max requests in window`}),expiresAt:t.dateTime(),permissions:t.string({isArray:!0}),metadata:t.json({isOptional:!0}),createdAt:t.createdAt(),updatedAt:t.updatedAt(),user:t.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}}),s=e({name:`Passkey`,description:`WebAuthn passkeys for passwordless authentication.`,schema:`lssm_sigil`,map:`passkey`,fields:{id:t.id(),name:t.string({description:`Passkey name`}),publicKey:t.string({description:`Public key`}),userId:t.foreignKey(),credentialID:t.string({description:`Credential ID`}),counter:t.int({description:`Counter`}),deviceType:t.string({description:`Device type`}),backedUp:t.boolean({description:`Whether passkey is backed up`}),transports:t.string({description:`Transports`}),aaguid:t.string({description:`Authenticator GUID`}),createdAt:t.createdAt(),user:t.belongsTo(`User`,[`userId`],[`id`],{onDelete:`Cascade`})}});export{o as ApiKeyEntity,s as PasskeyEntity,i as PermissionEntity,a as PolicyBindingEntity,r as RoleEntity};