@lucern/contracts 0.3.0-alpha.16 → 0.3.0-alpha.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/auth-context.contract.js +1 -1
  3. package/dist/auth-context.contract.js.map +1 -1
  4. package/dist/auth-session.contract.js +1 -1
  5. package/dist/auth-session.contract.js.map +1 -1
  6. package/dist/auth.contract.js +1 -1
  7. package/dist/auth.contract.js.map +1 -1
  8. package/dist/function-registry/beliefs.js +4 -4
  9. package/dist/function-registry/beliefs.js.map +1 -1
  10. package/dist/function-registry/coding.js +4 -4
  11. package/dist/function-registry/coding.js.map +1 -1
  12. package/dist/function-registry/context.js +4 -4
  13. package/dist/function-registry/context.js.map +1 -1
  14. package/dist/function-registry/contracts.js +4 -4
  15. package/dist/function-registry/contracts.js.map +1 -1
  16. package/dist/function-registry/coordination.js +4 -4
  17. package/dist/function-registry/coordination.js.map +1 -1
  18. package/dist/function-registry/edges.js +4 -4
  19. package/dist/function-registry/edges.js.map +1 -1
  20. package/dist/function-registry/evidence.js +4 -4
  21. package/dist/function-registry/evidence.js.map +1 -1
  22. package/dist/function-registry/graph.js +4 -4
  23. package/dist/function-registry/graph.js.map +1 -1
  24. package/dist/function-registry/helpers.js +4 -4
  25. package/dist/function-registry/helpers.js.map +1 -1
  26. package/dist/function-registry/identity.js +4 -4
  27. package/dist/function-registry/identity.js.map +1 -1
  28. package/dist/function-registry/index.js +4 -4
  29. package/dist/function-registry/index.js.map +1 -1
  30. package/dist/function-registry/judgments.js +4 -4
  31. package/dist/function-registry/judgments.js.map +1 -1
  32. package/dist/function-registry/legacy.js +4 -4
  33. package/dist/function-registry/legacy.js.map +1 -1
  34. package/dist/function-registry/lenses.js +4 -4
  35. package/dist/function-registry/lenses.js.map +1 -1
  36. package/dist/function-registry/nodes.js +4 -4
  37. package/dist/function-registry/nodes.js.map +1 -1
  38. package/dist/function-registry/ontologies.js +4 -4
  39. package/dist/function-registry/ontologies.js.map +1 -1
  40. package/dist/function-registry/pipeline.js +4 -4
  41. package/dist/function-registry/pipeline.js.map +1 -1
  42. package/dist/function-registry/questions.js +4 -4
  43. package/dist/function-registry/questions.js.map +1 -1
  44. package/dist/function-registry/tasks.js +4 -4
  45. package/dist/function-registry/tasks.js.map +1 -1
  46. package/dist/function-registry/topics.js +4 -4
  47. package/dist/function-registry/topics.js.map +1 -1
  48. package/dist/function-registry/worktrees.js +20 -4
  49. package/dist/function-registry/worktrees.js.map +1 -1
  50. package/dist/gateway.contract.d.ts +1 -0
  51. package/dist/gateway.contract.js.map +1 -1
  52. package/dist/generated/convexSchemas.js +1 -1
  53. package/dist/generated/convexSchemas.js.map +1 -1
  54. package/dist/generated/infisicalRuntimeEnv.js +300 -6
  55. package/dist/generated/infisicalRuntimeEnv.js.map +1 -1
  56. package/dist/index.js +363 -16
  57. package/dist/index.js.map +1 -1
  58. package/dist/infisical-runtime.contract.d.ts +41 -3
  59. package/dist/infisical-runtime.contract.js +49 -3
  60. package/dist/infisical-runtime.contract.js.map +1 -1
  61. package/dist/manifests/infisical-runtime-manifest.d.ts +41 -3
  62. package/dist/manifests/infisical-runtime-manifest.js +49 -3
  63. package/dist/manifests/infisical-runtime-manifest.js.map +1 -1
  64. package/dist/permit-principal-projection.contract.js +8 -1
  65. package/dist/permit-principal-projection.contract.js.map +1 -1
  66. package/dist/proof-attestation.json +1 -1
  67. package/dist/schemas/index.js +1 -1
  68. package/dist/schemas/index.js.map +1 -1
  69. package/dist/schemas/manifest.d.ts +5 -5
  70. package/dist/schemas/manifest.js +1 -1
  71. package/dist/schemas/manifest.js.map +1 -1
  72. package/dist/schemas/tables/mc/tenant.d.ts +1 -1
  73. package/dist/schemas/tables/mc/tenant.js +1 -1
  74. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  75. package/dist/sdk-tools.contract.js +4 -4
  76. package/dist/sdk-tools.contract.js.map +1 -1
  77. package/dist/tool-contracts.js +4 -4
  78. package/dist/tool-contracts.js.map +1 -1
  79. package/package.json +1 -1
@@ -59,6 +59,10 @@ function highestPlatformRole(roles) {
59
59
  function isClerkAliasFor(alias, clerkId) {
60
60
  return isActivePermitProjectionStatus(alias.status) && readPermitProjectionString(alias.provider)?.toLowerCase() === "clerk" && (readPermitProjectionString(alias.providerSubjectId) === clerkId || readPermitProjectionString(alias.alias) === clerkId);
61
61
  }
62
+ function isHumanPermitPrincipal(principal) {
63
+ const principalType = readPermitProjectionString(principal.principalType)?.toLowerCase();
64
+ return !principalType || principalType === "human" || principalType === "user";
65
+ }
62
66
  function emailFromAlias(aliases, principal) {
63
67
  return aliases.find(
64
68
  (alias) => readPermitProjectionString(alias.aliasKind)?.toLowerCase() === "email"
@@ -117,6 +121,9 @@ function buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, n
117
121
  (entry) => readPermitProjectionString(entry.provider)?.toLowerCase() === "clerk"
118
122
  )?.providerSubjectId
119
123
  ) ?? principalId;
124
+ if (isHumanPermitPrincipal(principal) && principalId !== clerkId) {
125
+ return null;
126
+ }
120
127
  return {
121
128
  clerkId,
122
129
  email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,
@@ -150,7 +157,7 @@ function findProjectedUserByPermitClerkId(rows, clerkId, now = Date.now()) {
150
157
  const principal = matchingAlias ? rows.principals.find(
151
158
  (row) => readPermitProjectionString(row.tenantId) === readPermitProjectionString(matchingAlias.tenantId) && readPermitProjectionString(row.principalId) === readPermitProjectionString(matchingAlias.principalId)
152
159
  ) : rows.principals.find(
153
- (row) => readPermitProjectionString(row.principalId) === normalizedClerkId || readPermitProjectionString(row.principalId) === `user:${normalizedClerkId}`
160
+ (row) => readPermitProjectionString(row.principalId) === normalizedClerkId
154
161
  );
155
162
  return principal ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now) : null;
156
163
  }
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/permit-principal-projection.contract.ts"],"names":["alias"],"mappings":";AAgFA,IAAM,sBAAA,GAAuE;AAAA,EAC3E,cAAA,EAAgB,EAAA;AAAA,EAChB,YAAA,EAAc,EAAA;AAAA,EACd,eAAA,EAAiB,EAAA;AAAA,EACjB,MAAA,EAAQ,EAAA;AAAA,EACR,OAAA,EAAS,EAAA;AAAA,EACT,MAAA,EAAQ,EAAA;AAAA,EACR,aAAA,EAAe;AACjB,CAAA;AAEO,SAAS,2BAA2B,KAAA,EAAoC;AAC7E,EAAA,OAAO,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,MAAK,GAAI,KAAA,CAAM,MAAK,GAAI,MAAA;AACpE;AAEO,SAAS,+BAA+B,KAAA,EAAyB;AACtE,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,KAAK,CAAA,EAAG,WAAA,EAAY;AAC9D,EAAA,OAAO,CAAC,MAAA,IAAU,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,QAAA;AACtD;AAEO,SAAS,4BACd,IAAA,EAC0C;AAC1C,EAAA,QAAQ,0BAAA,CAA2B,IAAI,CAAA,EAAG,WAAA,EAAY;AAAG,IACvD,KAAK,gBAAA;AACH,MAAA,OAAO,gBAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,iBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,aAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,mBAAA;AAAA,IACL,KAAK,gBAAA;AAAA,IACL,KAAK,gBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,eAAA;AAAA,IACL,KAAK,cAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,oBACP,KAAA,EAC8B;AAC9B,EAAA,OAAO,KAAA,CAAM,MAAA;AAAA,IACX,CAAC,MAAM,IAAA,KACL,sBAAA,CAAuB,IAAI,CAAA,GAAI,sBAAA,CAAuB,IAAI,CAAA,GAAI,IAAA,GAAO,IAAA;AAAA,IACvE;AAAA,GACF;AACF;AAEA,SAAS,eAAA,CACP,OACA,OAAA,EACS;AACT,EAAA,OACE,+BAA+B,KAAA,CAAM,MAAM,KAC3C,0BAAA,CAA2B,KAAA,CAAM,QAAQ,CAAA,EAAG,WAAA,OAAkB,OAAA,KAC7D,0BAAA,CAA2B,MAAM,iBAAiB,CAAA,KAAM,WACvD,0BAAA,CAA2B,KAAA,CAAM,KAAK,CAAA,KAAM,OAAA,CAAA;AAElD;AAEA,SAAS,cAAA,CACP,SACA,SAAA,EACoB;AACpB,EAAA,OACE,OAAA,CAAQ,IAAA;AAAA,IACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,SAAS,CAAA,EAAG,aAAY,KAAM;AAAA,GACnE,EAAG,KAAA,IAAS,0BAAA,CAA2B,SAAA,CAAU,UAAU,KAAK,CAAA;AAEpE;AAEA,SAAS,oBAAA,CACP,aACA,SAAA,EACU;AACV,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,EAAA,OAAO;AAAA,IACL,GAAG,IAAI,GAAA;AAAA,MACL,WAAA,CACG,MAAA;AAAA,QACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA,IAC/C,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,KACrD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,WAAW,CAAA,KAC/C,WAAA;AAAA,OACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,2BAA2B,UAAA,CAAW,OAAO,CAAC,CAAA,CAClE,MAAA,CAAO,CAAC,OAAA,KAA+B,OAAA,CAAQ,OAAO,CAAC;AAAA;AAC5D,GACF;AACF;AAEA,SAAS,iBAAA,CACP,WAAA,EACA,SAAA,EACA,QAAA,EACgC;AAChC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,CACX,MAAA;AAAA,IACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,QAAA,KAClD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,IACtD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,OAAA,IACrD,QAAA,CAAS,QAAA;AAAA,MACP,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,IAAK;AAAA,KACrD;AAAA,GACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,4BAA4B,UAAA,CAAW,IAAI,CAAC,CAAA,CAChE,MAAA,CAAO,CAAC,IAAA,KAA+C,OAAA,CAAQ,IAAI,CAAC,CAAA;AAEvE,EAAA,IACE,0BAAA,CAA2B,UAAU,aAAa,CAAA,KAAM,WACxD,0BAAA,CAA2B,SAAA,CAAU,aAAa,CAAA,KAAM,mBAAA,EACxD;AACA,IAAA,KAAA,CAAM,KAAK,eAAe,CAAA;AAAA,EAC5B;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,KAAK,CAAC,CAAA;AAC3B;AAEA,SAAS,6BAAA,CACP,SAAA,EACA,KAAA,EACA,WAAA,EACoB;AACpB,EAAA,OACE,2BAA2B,SAAA,CAAU,WAAW,KAChD,0BAAA,CAA2B,KAAA,EAAO,WAAW,CAAA,IAC7C,0BAAA;AAAA,IACE,WAAA,CAAY,IAAA;AAAA,MACV,CAAC,UAAA,KACC,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA,IAClD,0BAAA,CAA2B,UAAA,CAAW,YAAY,CAAA,KAAM;AAAA,KAC5D,EAAG;AAAA,GACL,IACA,0BAAA;AAAA,IACE,YAAY,IAAA,CAAK,CAAC,UAAA,KAAe,UAAA,CAAW,WAAW,CAAA,EAAG;AAAA,GAC5D;AAEJ;AAEO,SAAS,sCACd,IAAA,EACA,SAAA,EACA,eACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,IACE,CAAC,eACD,CAAC,QAAA,IACD,CAAC,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,EAChD;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,OAAA,CAAQ,MAAA;AAAA,IAC3B,CAACA,MAAAA,KACC,0BAAA,CAA2BA,MAAAA,CAAM,QAAQ,CAAA,KAAM,QAAA,IAC/C,0BAAA,CAA2BA,MAAAA,CAAM,WAAW,CAAA,KAAM,WAAA,IAClD,8BAAA,CAA+BA,OAAM,MAAM;AAAA,GAC/C;AACA,EAAA,MAAM,QAAA,GAAW,oBAAA,CAAqB,IAAA,CAAK,gBAAA,EAAkB,SAAS,CAAA;AACtE,EAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,IAAA,CAAK,eAAA,EAAiB,WAAW,QAAQ,CAAA;AACzE,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,IAAiB,OAAA,CAAQ,CAAC,CAAA;AACxC,EAAA,MAAM,OAAA,GACJ,0BAAA;AAAA,IACE,OAAA,CAAQ,IAAA;AAAA,MACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,QAAQ,CAAA,EAAG,aAAY,KAAM;AAAA,KAClE,EAAG;AAAA,GACL,IAAK,WAAA;AAEP,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAO,cAAA,CAAe,OAAA,EAAS,SAAS,CAAA,IAAK,GAAG,WAAW,CAAA,aAAA,CAAA;AAAA,IAC3D,IAAA,EAAM,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AAAA,IACtD,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc,SAAA,CAAU,SAAA,IAAa,GAAA;AAAA,IAC3D,SAAA,EAAW,CAAA;AAAA,IACX,YAAA,EAAc,CAAA;AAAA,IACd,MAAA,EAAQ,oBAAoB,KAAK,CAAA;AAAA,IACjC,cAAA,EAAgB,UAAU,SAAA,IAAa,GAAA;AAAA,IACvC,eAAA,EAAiB,QAAA;AAAA,IACjB,oBACE,6BAAA,CAA8B,SAAA,EAAW,KAAA,EAAO,IAAA,CAAK,eAAe,CAAA,IACpE,QAAA;AAAA,IACF,kBAAA,EAAoB,WAAA;AAAA,IACpB,iBAAA,EAAmB,QAAA;AAAA,IACnB,wBAAA,EAA0B,UAAU,SAAA,IAAa,GAAA;AAAA,IACjD,SAAA,EAAW,UAAU,SAAA,IAAa,GAAA;AAAA,IAClC,SAAA,EAAW,UAAU,SAAA,IAAa;AAAA,GACpC;AACF;AAEO,SAAS,qCACd,IAAA,EACA,WAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,qBAAA,GAAwB,YAAY,IAAA,EAAK;AAC/C,EAAA,MAAM,SAAA,GAAY,KAAK,UAAA,CAAW,IAAA;AAAA,IAChC,CAAC,QACC,8BAAA,CAA+B,GAAA,CAAI,MAAM,CAAA,IACzC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACA,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,MAAA,EAAW,GAAG,CAAA,GACrE,IAAA;AACN;AAEO,SAAS,iCACd,IAAA,EACA,OAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,iBAAA,GAAoB,QAAQ,IAAA,EAAK;AACvC,EAAA,MAAM,aAAA,GAAgB,KAAK,OAAA,CAAQ,IAAA;AAAA,IAAK,CAAC,KAAA,KACvC,eAAA,CAAgB,KAAA,EAAO,iBAAiB;AAAA,GAC1C;AACA,EAAA,MAAM,SAAA,GAAY,aAAA,GACd,IAAA,CAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,QAAQ,MACrC,0BAAA,CAA2B,aAAA,CAAc,QAAQ,CAAA,IACnD,2BAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,0BAAA,CAA2B,cAAc,WAAW;AAAA,GAC1D,GACA,KAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM,iBAAA,IAChD,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,CAAA,KAAA,EAAQ,iBAAiB,CAAA;AAAA,GAC/B;AACJ,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,aAAA,EAAe,GAAG,CAAA,GACzE,IAAA;AACN","file":"permit-principal-projection.contract.js","sourcesContent":["export type PermitProjectionPlatformRole =\n | \"platform_admin\"\n | \"tenant_admin\"\n | \"workspace_admin\"\n | \"editor\"\n | \"viewer\"\n | \"auditor\"\n | \"service_agent\";\n\nexport type PermitPrincipalProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n principalType?: string;\n status?: string;\n displayName?: string;\n metadata?: Record<string, unknown>;\n createdAt?: number;\n updatedAt?: number;\n lastSeenAt?: number;\n};\n\nexport type PermitAliasProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n provider?: string;\n providerSubjectId?: string;\n alias?: string;\n aliasKind?: string;\n status?: string;\n metadata?: Record<string, unknown>;\n};\n\nexport type PermitRoleAssignmentProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n role?: string;\n targetType?: string;\n targetId?: string;\n resourceType?: string;\n resourceKey?: string;\n status?: string;\n};\n\nexport type PermitGroupMembershipProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n groupId?: string;\n memberType?: string;\n memberId?: string;\n principalId?: string;\n status?: string;\n};\n\nexport type PermitProjectedUserRecord = {\n clerkId: string;\n email: string;\n name?: string;\n lastSeenAt: number;\n chatCount: number;\n messageCount: number;\n mcRole: PermitProjectionPlatformRole;\n mcRoleSyncedAt: number;\n defaultTenantId: string;\n defaultWorkspaceId: string;\n defaultPrincipalId: string;\n principalGroupIds: string[];\n governanceGrantsSyncedAt: number;\n createdAt: number;\n updatedAt: number;\n};\n\nexport type PermitProjectionRows = {\n principals: PermitPrincipalProjection[];\n aliases: PermitAliasProjection[];\n roleAssignments: PermitRoleAssignmentProjection[];\n groupMemberships: PermitGroupMembershipProjection[];\n};\n\nconst PLATFORM_ROLE_PRIORITY: Record<PermitProjectionPlatformRole, number> = {\n platform_admin: 70,\n tenant_admin: 60,\n workspace_admin: 50,\n editor: 40,\n auditor: 30,\n viewer: 20,\n service_agent: 10,\n};\n\nexport function readPermitProjectionString(value: unknown): string | undefined {\n return typeof value === \"string\" && value.trim() ? value.trim() : undefined;\n}\n\nexport function isActivePermitProjectionStatus(value: unknown): boolean {\n const status = readPermitProjectionString(value)?.toLowerCase();\n return !status || status === \"active\" || status === \"synced\";\n}\n\nexport function mapPermitRoleToPlatformRole(\n role: unknown,\n): PermitProjectionPlatformRole | undefined {\n switch (readPermitProjectionString(role)?.toLowerCase()) {\n case \"platform_admin\":\n return \"platform_admin\";\n case \"tenant_admin\":\n return \"tenant_admin\";\n case \"workspace_admin\":\n case \"deployment_admin\":\n case \"graph_admin\":\n return \"workspace_admin\";\n case \"editor\":\n case \"workspace_member\":\n case \"graph_editor\":\n case \"evidence_contributor\":\n case \"question_resolver\":\n case \"theme_promoter\":\n case \"topic_promoter\":\n return \"editor\";\n case \"auditor\":\n return \"auditor\";\n case \"viewer\":\n case \"graph_viewer\":\n case \"stakeholder_viewer\":\n case \"stakeholder_summarizer\":\n case \"source_drilldown_viewer\":\n case \"restricted_data_viewer\":\n case \"proprietary_data_viewer\":\n return \"viewer\";\n case \"service_agent\":\n case \"agent_runner\":\n return \"service_agent\";\n default:\n return undefined;\n }\n}\n\nfunction highestPlatformRole(\n roles: PermitProjectionPlatformRole[],\n): PermitProjectionPlatformRole {\n return roles.reduce<PermitProjectionPlatformRole>(\n (best, role) =>\n PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,\n \"viewer\",\n );\n}\n\nfunction isClerkAliasFor(\n alias: PermitAliasProjection,\n clerkId: string,\n): boolean {\n return (\n isActivePermitProjectionStatus(alias.status) &&\n readPermitProjectionString(alias.provider)?.toLowerCase() === \"clerk\" &&\n (readPermitProjectionString(alias.providerSubjectId) === clerkId ||\n readPermitProjectionString(alias.alias) === clerkId)\n );\n}\n\nfunction emailFromAlias(\n aliases: PermitAliasProjection[],\n principal: PermitPrincipalProjection,\n): string | undefined {\n return (\n aliases.find(\n (alias) =>\n readPermitProjectionString(alias.aliasKind)?.toLowerCase() === \"email\",\n )?.alias ?? readPermitProjectionString(principal.metadata?.email)\n );\n}\n\nfunction groupIdsForPrincipal(\n memberships: PermitGroupMembershipProjection[],\n principal: PermitPrincipalProjection,\n): string[] {\n const principalId = readPermitProjectionString(principal.principalId);\n if (!principalId) return [];\n return [\n ...new Set(\n memberships\n .filter(\n (membership) =>\n isActivePermitProjectionStatus(membership.status) &&\n readPermitProjectionString(membership.tenantId) ===\n readPermitProjectionString(principal.tenantId) &&\n readPermitProjectionString(membership.memberType) === \"principal\" &&\n (readPermitProjectionString(membership.memberId) === principalId ||\n readPermitProjectionString(membership.principalId) ===\n principalId),\n )\n .map((membership) => readPermitProjectionString(membership.groupId))\n .filter((groupId): groupId is string => Boolean(groupId)),\n ),\n ];\n}\n\nfunction rolesForPrincipal(\n assignments: PermitRoleAssignmentProjection[],\n principal: PermitPrincipalProjection,\n groupIds: string[],\n): PermitProjectionPlatformRole[] {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n const roles = assignments\n .filter(\n (assignment) =>\n isActivePermitProjectionStatus(assignment.status) &&\n readPermitProjectionString(assignment.tenantId) === tenantId &&\n ((readPermitProjectionString(assignment.targetType) === \"principal\" &&\n readPermitProjectionString(assignment.targetId) === principalId) ||\n (readPermitProjectionString(assignment.targetType) === \"group\" &&\n groupIds.includes(\n readPermitProjectionString(assignment.targetId) ?? \"\",\n ))),\n )\n .map((assignment) => mapPermitRoleToPlatformRole(assignment.role))\n .filter((role): role is PermitProjectionPlatformRole => Boolean(role));\n\n if (\n readPermitProjectionString(principal.principalType) === \"agent\" ||\n readPermitProjectionString(principal.principalType) === \"service_principal\"\n ) {\n roles.push(\"service_agent\");\n }\n\n return [...new Set(roles)];\n}\n\nfunction workspaceFromPermitProjection(\n principal: PermitPrincipalProjection,\n alias: PermitAliasProjection | undefined,\n assignments: PermitRoleAssignmentProjection[],\n): string | undefined {\n return (\n readPermitProjectionString(principal.workspaceId) ??\n readPermitProjectionString(alias?.workspaceId) ??\n readPermitProjectionString(\n assignments.find(\n (assignment) =>\n readPermitProjectionString(assignment.targetId) ===\n readPermitProjectionString(principal.principalId) &&\n readPermitProjectionString(assignment.resourceType) === \"workspace\",\n )?.resourceKey,\n ) ??\n readPermitProjectionString(\n assignments.find((assignment) => assignment.workspaceId)?.workspaceId,\n )\n );\n}\n\nexport function buildProjectedUserFromPermitPrincipal(\n rows: PermitProjectionRows,\n principal: PermitPrincipalProjection,\n matchingAlias?: PermitAliasProjection,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n if (\n !principalId ||\n !tenantId ||\n !isActivePermitProjectionStatus(principal.status)\n ) {\n return null;\n }\n\n const aliases = rows.aliases.filter(\n (alias) =>\n readPermitProjectionString(alias.tenantId) === tenantId &&\n readPermitProjectionString(alias.principalId) === principalId &&\n isActivePermitProjectionStatus(alias.status),\n );\n const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);\n const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);\n if (roles.length === 0) {\n return null;\n }\n\n const alias = matchingAlias ?? aliases[0];\n const clerkId =\n readPermitProjectionString(\n aliases.find(\n (entry) =>\n readPermitProjectionString(entry.provider)?.toLowerCase() === \"clerk\",\n )?.providerSubjectId,\n ) ?? principalId;\n\n return {\n clerkId,\n email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,\n name: readPermitProjectionString(principal.displayName),\n lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,\n chatCount: 0,\n messageCount: 0,\n mcRole: highestPlatformRole(roles),\n mcRoleSyncedAt: principal.updatedAt ?? now,\n defaultTenantId: tenantId,\n defaultWorkspaceId:\n workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ??\n tenantId,\n defaultPrincipalId: principalId,\n principalGroupIds: groupIds,\n governanceGrantsSyncedAt: principal.updatedAt ?? now,\n createdAt: principal.createdAt ?? now,\n updatedAt: principal.updatedAt ?? now,\n };\n}\n\nexport function findProjectedUserByPermitPrincipalId(\n rows: PermitProjectionRows,\n principalId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedPrincipalId = principalId.trim();\n const principal = rows.principals.find(\n (row) =>\n isActivePermitProjectionStatus(row.status) &&\n readPermitProjectionString(row.principalId) === normalizedPrincipalId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, undefined, now)\n : null;\n}\n\nexport function findProjectedUserByPermitClerkId(\n rows: PermitProjectionRows,\n clerkId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedClerkId = clerkId.trim();\n const matchingAlias = rows.aliases.find((alias) =>\n isClerkAliasFor(alias, normalizedClerkId),\n );\n const principal = matchingAlias\n ? rows.principals.find(\n (row) =>\n readPermitProjectionString(row.tenantId) ===\n readPermitProjectionString(matchingAlias.tenantId) &&\n readPermitProjectionString(row.principalId) ===\n readPermitProjectionString(matchingAlias.principalId),\n )\n : rows.principals.find(\n (row) =>\n readPermitProjectionString(row.principalId) === normalizedClerkId ||\n readPermitProjectionString(row.principalId) ===\n `user:${normalizedClerkId}`,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now)\n : null;\n}\n"]}
1
+ {"version":3,"sources":["../src/permit-principal-projection.contract.ts"],"names":["alias"],"mappings":";AAgFA,IAAM,sBAAA,GAAuE;AAAA,EAC3E,cAAA,EAAgB,EAAA;AAAA,EAChB,YAAA,EAAc,EAAA;AAAA,EACd,eAAA,EAAiB,EAAA;AAAA,EACjB,MAAA,EAAQ,EAAA;AAAA,EACR,OAAA,EAAS,EAAA;AAAA,EACT,MAAA,EAAQ,EAAA;AAAA,EACR,aAAA,EAAe;AACjB,CAAA;AAEO,SAAS,2BAA2B,KAAA,EAAoC;AAC7E,EAAA,OAAO,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,MAAK,GAAI,KAAA,CAAM,MAAK,GAAI,MAAA;AACpE;AAEO,SAAS,+BAA+B,KAAA,EAAyB;AACtE,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,KAAK,CAAA,EAAG,WAAA,EAAY;AAC9D,EAAA,OAAO,CAAC,MAAA,IAAU,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,QAAA;AACtD;AAEO,SAAS,4BACd,IAAA,EAC0C;AAC1C,EAAA,QAAQ,0BAAA,CAA2B,IAAI,CAAA,EAAG,WAAA,EAAY;AAAG,IACvD,KAAK,gBAAA;AACH,MAAA,OAAO,gBAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,OAAO,cAAA;AAAA,IACT,KAAK,iBAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,aAAA;AACH,MAAA,OAAO,iBAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,kBAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,sBAAA;AAAA,IACL,KAAK,mBAAA;AAAA,IACL,KAAK,gBAAA;AAAA,IACL,KAAK,gBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,QAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,oBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AAAA,IACL,KAAK,wBAAA;AAAA,IACL,KAAK,yBAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,eAAA;AAAA,IACL,KAAK,cAAA;AACH,MAAA,OAAO,eAAA;AAAA,IACT;AACE,MAAA,OAAO,MAAA;AAAA;AAEb;AAEA,SAAS,oBACP,KAAA,EAC8B;AAC9B,EAAA,OAAO,KAAA,CAAM,MAAA;AAAA,IACX,CAAC,MAAM,IAAA,KACL,sBAAA,CAAuB,IAAI,CAAA,GAAI,sBAAA,CAAuB,IAAI,CAAA,GAAI,IAAA,GAAO,IAAA;AAAA,IACvE;AAAA,GACF;AACF;AAEA,SAAS,eAAA,CACP,OACA,OAAA,EACS;AACT,EAAA,OACE,+BAA+B,KAAA,CAAM,MAAM,KAC3C,0BAAA,CAA2B,KAAA,CAAM,QAAQ,CAAA,EAAG,WAAA,OAAkB,OAAA,KAC7D,0BAAA,CAA2B,MAAM,iBAAiB,CAAA,KAAM,WACvD,0BAAA,CAA2B,KAAA,CAAM,KAAK,CAAA,KAAM,OAAA,CAAA;AAElD;AAEA,SAAS,uBAAuB,SAAA,EAA+C;AAC7E,EAAA,MAAM,aAAA,GACJ,0BAAA,CAA2B,SAAA,CAAU,aAAa,GAAG,WAAA,EAAY;AACnE,EAAA,OAAO,CAAC,aAAA,IAAiB,aAAA,KAAkB,OAAA,IAAW,aAAA,KAAkB,MAAA;AAC1E;AAEA,SAAS,cAAA,CACP,SACA,SAAA,EACoB;AACpB,EAAA,OACE,OAAA,CAAQ,IAAA;AAAA,IACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,SAAS,CAAA,EAAG,aAAY,KAAM;AAAA,GACnE,EAAG,KAAA,IAAS,0BAAA,CAA2B,SAAA,CAAU,UAAU,KAAK,CAAA;AAEpE;AAEA,SAAS,oBAAA,CACP,aACA,SAAA,EACU;AACV,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,IAAI,CAAC,WAAA,EAAa,OAAO,EAAC;AAC1B,EAAA,OAAO;AAAA,IACL,GAAG,IAAI,GAAA;AAAA,MACL,WAAA,CACG,MAAA;AAAA,QACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA,IAC/C,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,KACrD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,WAAW,CAAA,KAC/C,WAAA;AAAA,OACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,2BAA2B,UAAA,CAAW,OAAO,CAAC,CAAA,CAClE,MAAA,CAAO,CAAC,OAAA,KAA+B,OAAA,CAAQ,OAAO,CAAC;AAAA;AAC5D,GACF;AACF;AAEA,SAAS,iBAAA,CACP,WAAA,EACA,SAAA,EACA,QAAA,EACgC;AAChC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,MAAM,QAAQ,WAAA,CACX,MAAA;AAAA,IACC,CAAC,UAAA,KACC,8BAAA,CAA+B,UAAA,CAAW,MAAM,CAAA,IAChD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,QAAA,KAClD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,WAAA,IACtD,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAAM,WAAA,IACnD,0BAAA,CAA2B,UAAA,CAAW,UAAU,CAAA,KAAM,OAAA,IACrD,QAAA,CAAS,QAAA;AAAA,MACP,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,IAAK;AAAA,KACrD;AAAA,GACR,CACC,GAAA,CAAI,CAAC,UAAA,KAAe,4BAA4B,UAAA,CAAW,IAAI,CAAC,CAAA,CAChE,MAAA,CAAO,CAAC,IAAA,KAA+C,OAAA,CAAQ,IAAI,CAAC,CAAA;AAEvE,EAAA,IACE,0BAAA,CAA2B,UAAU,aAAa,CAAA,KAAM,WACxD,0BAAA,CAA2B,SAAA,CAAU,aAAa,CAAA,KAAM,mBAAA,EACxD;AACA,IAAA,KAAA,CAAM,KAAK,eAAe,CAAA;AAAA,EAC5B;AAEA,EAAA,OAAO,CAAC,GAAG,IAAI,GAAA,CAAI,KAAK,CAAC,CAAA;AAC3B;AAEA,SAAS,6BAAA,CACP,SAAA,EACA,KAAA,EACA,WAAA,EACoB;AACpB,EAAA,OACE,2BAA2B,SAAA,CAAU,WAAW,KAChD,0BAAA,CAA2B,KAAA,EAAO,WAAW,CAAA,IAC7C,0BAAA;AAAA,IACE,WAAA,CAAY,IAAA;AAAA,MACV,CAAC,UAAA,KACC,0BAAA,CAA2B,UAAA,CAAW,QAAQ,CAAA,KAC5C,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA,IAClD,0BAAA,CAA2B,UAAA,CAAW,YAAY,CAAA,KAAM;AAAA,KAC5D,EAAG;AAAA,GACL,IACA,0BAAA;AAAA,IACE,YAAY,IAAA,CAAK,CAAC,UAAA,KAAe,UAAA,CAAW,WAAW,CAAA,EAAG;AAAA,GAC5D;AAEJ;AAEO,SAAS,sCACd,IAAA,EACA,SAAA,EACA,eACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,WAAA,GAAc,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AACpE,EAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,SAAA,CAAU,QAAQ,CAAA;AAC9D,EAAA,IACE,CAAC,eACD,CAAC,QAAA,IACD,CAAC,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,EAChD;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,OAAA,CAAQ,MAAA;AAAA,IAC3B,CAACA,MAAAA,KACC,0BAAA,CAA2BA,MAAAA,CAAM,QAAQ,CAAA,KAAM,QAAA,IAC/C,0BAAA,CAA2BA,MAAAA,CAAM,WAAW,CAAA,KAAM,WAAA,IAClD,8BAAA,CAA+BA,OAAM,MAAM;AAAA,GAC/C;AACA,EAAA,MAAM,QAAA,GAAW,oBAAA,CAAqB,IAAA,CAAK,gBAAA,EAAkB,SAAS,CAAA;AACtE,EAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,IAAA,CAAK,eAAA,EAAiB,WAAW,QAAQ,CAAA;AACzE,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,IAAiB,OAAA,CAAQ,CAAC,CAAA;AACxC,EAAA,MAAM,OAAA,GACJ,0BAAA;AAAA,IACE,OAAA,CAAQ,IAAA;AAAA,MACN,CAAC,KAAA,KACC,0BAAA,CAA2B,MAAM,QAAQ,CAAA,EAAG,aAAY,KAAM;AAAA,KAClE,EAAG;AAAA,GACL,IAAK,WAAA;AACP,EAAA,IAAI,sBAAA,CAAuB,SAAS,CAAA,IAAK,WAAA,KAAgB,OAAA,EAAS;AAChE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAO,cAAA,CAAe,OAAA,EAAS,SAAS,CAAA,IAAK,GAAG,WAAW,CAAA,aAAA,CAAA;AAAA,IAC3D,IAAA,EAAM,0BAAA,CAA2B,SAAA,CAAU,WAAW,CAAA;AAAA,IACtD,UAAA,EAAY,SAAA,CAAU,UAAA,IAAc,SAAA,CAAU,SAAA,IAAa,GAAA;AAAA,IAC3D,SAAA,EAAW,CAAA;AAAA,IACX,YAAA,EAAc,CAAA;AAAA,IACd,MAAA,EAAQ,oBAAoB,KAAK,CAAA;AAAA,IACjC,cAAA,EAAgB,UAAU,SAAA,IAAa,GAAA;AAAA,IACvC,eAAA,EAAiB,QAAA;AAAA,IACjB,oBACE,6BAAA,CAA8B,SAAA,EAAW,KAAA,EAAO,IAAA,CAAK,eAAe,CAAA,IACpE,QAAA;AAAA,IACF,kBAAA,EAAoB,WAAA;AAAA,IACpB,iBAAA,EAAmB,QAAA;AAAA,IACnB,wBAAA,EAA0B,UAAU,SAAA,IAAa,GAAA;AAAA,IACjD,SAAA,EAAW,UAAU,SAAA,IAAa,GAAA;AAAA,IAClC,SAAA,EAAW,UAAU,SAAA,IAAa;AAAA,GACpC;AACF;AAEO,SAAS,qCACd,IAAA,EACA,WAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,qBAAA,GAAwB,YAAY,IAAA,EAAK;AAC/C,EAAA,MAAM,SAAA,GAAY,KAAK,UAAA,CAAW,IAAA;AAAA,IAChC,CAAC,QACC,8BAAA,CAA+B,GAAA,CAAI,MAAM,CAAA,IACzC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACA,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,MAAA,EAAW,GAAG,CAAA,GACrE,IAAA;AACN;AAEO,SAAS,iCACd,IAAA,EACA,OAAA,EACA,GAAA,GAAM,IAAA,CAAK,KAAI,EACmB;AAClC,EAAA,MAAM,iBAAA,GAAoB,QAAQ,IAAA,EAAK;AACvC,EAAA,MAAM,aAAA,GAAgB,KAAK,OAAA,CAAQ,IAAA;AAAA,IAAK,CAAC,KAAA,KACvC,eAAA,CAAgB,KAAA,EAAO,iBAAiB;AAAA,GAC1C;AACA,EAAA,MAAM,SAAA,GAAY,aAAA,GACd,IAAA,CAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,QAAQ,MACrC,0BAAA,CAA2B,aAAA,CAAc,QAAQ,CAAA,IACnD,2BAA2B,GAAA,CAAI,WAAW,CAAA,KACxC,0BAAA,CAA2B,cAAc,WAAW;AAAA,GAC1D,GACA,KAAK,UAAA,CAAW,IAAA;AAAA,IACd,CAAC,GAAA,KACC,0BAAA,CAA2B,GAAA,CAAI,WAAW,CAAA,KAAM;AAAA,GACpD;AACJ,EAAA,OAAO,YACH,qCAAA,CAAsC,IAAA,EAAM,SAAA,EAAW,aAAA,EAAe,GAAG,CAAA,GACzE,IAAA;AACN","file":"permit-principal-projection.contract.js","sourcesContent":["export type PermitProjectionPlatformRole =\n | \"platform_admin\"\n | \"tenant_admin\"\n | \"workspace_admin\"\n | \"editor\"\n | \"viewer\"\n | \"auditor\"\n | \"service_agent\";\n\nexport type PermitPrincipalProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n principalType?: string;\n status?: string;\n displayName?: string;\n metadata?: Record<string, unknown>;\n createdAt?: number;\n updatedAt?: number;\n lastSeenAt?: number;\n};\n\nexport type PermitAliasProjection = Record<string, unknown> & {\n principalId?: string;\n tenantId?: string;\n workspaceId?: string;\n provider?: string;\n providerSubjectId?: string;\n alias?: string;\n aliasKind?: string;\n status?: string;\n metadata?: Record<string, unknown>;\n};\n\nexport type PermitRoleAssignmentProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n role?: string;\n targetType?: string;\n targetId?: string;\n resourceType?: string;\n resourceKey?: string;\n status?: string;\n};\n\nexport type PermitGroupMembershipProjection = Record<string, unknown> & {\n tenantId?: string;\n workspaceId?: string;\n groupId?: string;\n memberType?: string;\n memberId?: string;\n principalId?: string;\n status?: string;\n};\n\nexport type PermitProjectedUserRecord = {\n clerkId: string;\n email: string;\n name?: string;\n lastSeenAt: number;\n chatCount: number;\n messageCount: number;\n mcRole: PermitProjectionPlatformRole;\n mcRoleSyncedAt: number;\n defaultTenantId: string;\n defaultWorkspaceId: string;\n defaultPrincipalId: string;\n principalGroupIds: string[];\n governanceGrantsSyncedAt: number;\n createdAt: number;\n updatedAt: number;\n};\n\nexport type PermitProjectionRows = {\n principals: PermitPrincipalProjection[];\n aliases: PermitAliasProjection[];\n roleAssignments: PermitRoleAssignmentProjection[];\n groupMemberships: PermitGroupMembershipProjection[];\n};\n\nconst PLATFORM_ROLE_PRIORITY: Record<PermitProjectionPlatformRole, number> = {\n platform_admin: 70,\n tenant_admin: 60,\n workspace_admin: 50,\n editor: 40,\n auditor: 30,\n viewer: 20,\n service_agent: 10,\n};\n\nexport function readPermitProjectionString(value: unknown): string | undefined {\n return typeof value === \"string\" && value.trim() ? value.trim() : undefined;\n}\n\nexport function isActivePermitProjectionStatus(value: unknown): boolean {\n const status = readPermitProjectionString(value)?.toLowerCase();\n return !status || status === \"active\" || status === \"synced\";\n}\n\nexport function mapPermitRoleToPlatformRole(\n role: unknown,\n): PermitProjectionPlatformRole | undefined {\n switch (readPermitProjectionString(role)?.toLowerCase()) {\n case \"platform_admin\":\n return \"platform_admin\";\n case \"tenant_admin\":\n return \"tenant_admin\";\n case \"workspace_admin\":\n case \"deployment_admin\":\n case \"graph_admin\":\n return \"workspace_admin\";\n case \"editor\":\n case \"workspace_member\":\n case \"graph_editor\":\n case \"evidence_contributor\":\n case \"question_resolver\":\n case \"theme_promoter\":\n case \"topic_promoter\":\n return \"editor\";\n case \"auditor\":\n return \"auditor\";\n case \"viewer\":\n case \"graph_viewer\":\n case \"stakeholder_viewer\":\n case \"stakeholder_summarizer\":\n case \"source_drilldown_viewer\":\n case \"restricted_data_viewer\":\n case \"proprietary_data_viewer\":\n return \"viewer\";\n case \"service_agent\":\n case \"agent_runner\":\n return \"service_agent\";\n default:\n return undefined;\n }\n}\n\nfunction highestPlatformRole(\n roles: PermitProjectionPlatformRole[],\n): PermitProjectionPlatformRole {\n return roles.reduce<PermitProjectionPlatformRole>(\n (best, role) =>\n PLATFORM_ROLE_PRIORITY[role] > PLATFORM_ROLE_PRIORITY[best] ? role : best,\n \"viewer\",\n );\n}\n\nfunction isClerkAliasFor(\n alias: PermitAliasProjection,\n clerkId: string,\n): boolean {\n return (\n isActivePermitProjectionStatus(alias.status) &&\n readPermitProjectionString(alias.provider)?.toLowerCase() === \"clerk\" &&\n (readPermitProjectionString(alias.providerSubjectId) === clerkId ||\n readPermitProjectionString(alias.alias) === clerkId)\n );\n}\n\nfunction isHumanPermitPrincipal(principal: PermitPrincipalProjection): boolean {\n const principalType =\n readPermitProjectionString(principal.principalType)?.toLowerCase();\n return !principalType || principalType === \"human\" || principalType === \"user\";\n}\n\nfunction emailFromAlias(\n aliases: PermitAliasProjection[],\n principal: PermitPrincipalProjection,\n): string | undefined {\n return (\n aliases.find(\n (alias) =>\n readPermitProjectionString(alias.aliasKind)?.toLowerCase() === \"email\",\n )?.alias ?? readPermitProjectionString(principal.metadata?.email)\n );\n}\n\nfunction groupIdsForPrincipal(\n memberships: PermitGroupMembershipProjection[],\n principal: PermitPrincipalProjection,\n): string[] {\n const principalId = readPermitProjectionString(principal.principalId);\n if (!principalId) return [];\n return [\n ...new Set(\n memberships\n .filter(\n (membership) =>\n isActivePermitProjectionStatus(membership.status) &&\n readPermitProjectionString(membership.tenantId) ===\n readPermitProjectionString(principal.tenantId) &&\n readPermitProjectionString(membership.memberType) === \"principal\" &&\n (readPermitProjectionString(membership.memberId) === principalId ||\n readPermitProjectionString(membership.principalId) ===\n principalId),\n )\n .map((membership) => readPermitProjectionString(membership.groupId))\n .filter((groupId): groupId is string => Boolean(groupId)),\n ),\n ];\n}\n\nfunction rolesForPrincipal(\n assignments: PermitRoleAssignmentProjection[],\n principal: PermitPrincipalProjection,\n groupIds: string[],\n): PermitProjectionPlatformRole[] {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n const roles = assignments\n .filter(\n (assignment) =>\n isActivePermitProjectionStatus(assignment.status) &&\n readPermitProjectionString(assignment.tenantId) === tenantId &&\n ((readPermitProjectionString(assignment.targetType) === \"principal\" &&\n readPermitProjectionString(assignment.targetId) === principalId) ||\n (readPermitProjectionString(assignment.targetType) === \"group\" &&\n groupIds.includes(\n readPermitProjectionString(assignment.targetId) ?? \"\",\n ))),\n )\n .map((assignment) => mapPermitRoleToPlatformRole(assignment.role))\n .filter((role): role is PermitProjectionPlatformRole => Boolean(role));\n\n if (\n readPermitProjectionString(principal.principalType) === \"agent\" ||\n readPermitProjectionString(principal.principalType) === \"service_principal\"\n ) {\n roles.push(\"service_agent\");\n }\n\n return [...new Set(roles)];\n}\n\nfunction workspaceFromPermitProjection(\n principal: PermitPrincipalProjection,\n alias: PermitAliasProjection | undefined,\n assignments: PermitRoleAssignmentProjection[],\n): string | undefined {\n return (\n readPermitProjectionString(principal.workspaceId) ??\n readPermitProjectionString(alias?.workspaceId) ??\n readPermitProjectionString(\n assignments.find(\n (assignment) =>\n readPermitProjectionString(assignment.targetId) ===\n readPermitProjectionString(principal.principalId) &&\n readPermitProjectionString(assignment.resourceType) === \"workspace\",\n )?.resourceKey,\n ) ??\n readPermitProjectionString(\n assignments.find((assignment) => assignment.workspaceId)?.workspaceId,\n )\n );\n}\n\nexport function buildProjectedUserFromPermitPrincipal(\n rows: PermitProjectionRows,\n principal: PermitPrincipalProjection,\n matchingAlias?: PermitAliasProjection,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const principalId = readPermitProjectionString(principal.principalId);\n const tenantId = readPermitProjectionString(principal.tenantId);\n if (\n !principalId ||\n !tenantId ||\n !isActivePermitProjectionStatus(principal.status)\n ) {\n return null;\n }\n\n const aliases = rows.aliases.filter(\n (alias) =>\n readPermitProjectionString(alias.tenantId) === tenantId &&\n readPermitProjectionString(alias.principalId) === principalId &&\n isActivePermitProjectionStatus(alias.status),\n );\n const groupIds = groupIdsForPrincipal(rows.groupMemberships, principal);\n const roles = rolesForPrincipal(rows.roleAssignments, principal, groupIds);\n if (roles.length === 0) {\n return null;\n }\n\n const alias = matchingAlias ?? aliases[0];\n const clerkId =\n readPermitProjectionString(\n aliases.find(\n (entry) =>\n readPermitProjectionString(entry.provider)?.toLowerCase() === \"clerk\",\n )?.providerSubjectId,\n ) ?? principalId;\n if (isHumanPermitPrincipal(principal) && principalId !== clerkId) {\n return null;\n }\n\n return {\n clerkId,\n email: emailFromAlias(aliases, principal) ?? `${principalId}@permit.local`,\n name: readPermitProjectionString(principal.displayName),\n lastSeenAt: principal.lastSeenAt ?? principal.updatedAt ?? now,\n chatCount: 0,\n messageCount: 0,\n mcRole: highestPlatformRole(roles),\n mcRoleSyncedAt: principal.updatedAt ?? now,\n defaultTenantId: tenantId,\n defaultWorkspaceId:\n workspaceFromPermitProjection(principal, alias, rows.roleAssignments) ??\n tenantId,\n defaultPrincipalId: principalId,\n principalGroupIds: groupIds,\n governanceGrantsSyncedAt: principal.updatedAt ?? now,\n createdAt: principal.createdAt ?? now,\n updatedAt: principal.updatedAt ?? now,\n };\n}\n\nexport function findProjectedUserByPermitPrincipalId(\n rows: PermitProjectionRows,\n principalId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedPrincipalId = principalId.trim();\n const principal = rows.principals.find(\n (row) =>\n isActivePermitProjectionStatus(row.status) &&\n readPermitProjectionString(row.principalId) === normalizedPrincipalId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, undefined, now)\n : null;\n}\n\nexport function findProjectedUserByPermitClerkId(\n rows: PermitProjectionRows,\n clerkId: string,\n now = Date.now(),\n): PermitProjectedUserRecord | null {\n const normalizedClerkId = clerkId.trim();\n const matchingAlias = rows.aliases.find((alias) =>\n isClerkAliasFor(alias, normalizedClerkId),\n );\n const principal = matchingAlias\n ? rows.principals.find(\n (row) =>\n readPermitProjectionString(row.tenantId) ===\n readPermitProjectionString(matchingAlias.tenantId) &&\n readPermitProjectionString(row.principalId) ===\n readPermitProjectionString(matchingAlias.principalId),\n )\n : rows.principals.find(\n (row) =>\n readPermitProjectionString(row.principalId) === normalizedClerkId,\n );\n return principal\n ? buildProjectedUserFromPermitPrincipal(rows, principal, matchingAlias, now)\n : null;\n}\n"]}
@@ -41,5 +41,5 @@
41
41
  "convex-validators",
42
42
  "proof-attestation"
43
43
  ],
44
- "signedAt": 1778798256737
44
+ "signedAt": 1779233363820
45
45
  }
@@ -270,7 +270,7 @@ var auditLog = defineTable({
270
270
  shape: z.object({
271
271
  "tenantId": idOf("tenants").optional(),
272
272
  "apiKeyId": idOf("apiKeys").optional(),
273
- "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
273
+ "action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
274
274
  "actorClerkId": z.string(),
275
275
  "details": z.any().optional(),
276
276
  "createdAt": z.number()