@m5kdev/backend 0.6.0 → 0.7.0

package/dist/src/modules/ai/ai.service.d.ts

@@ -6,7 +6,7 @@ import type { OpenRouterProvider } from "@openrouter/ai-sdk-provider";
 import { generateText, type ModelMessage } from "ai";
 import type Replicate from "replicate";
 import type { ZodType, z } from "zod";
-import type { Context, User } from "../auth/auth.lib";
+import type { RequiredServiceActor } from "../base/base.actor";
 import type { ServerResultAsync } from "../base/base.dto";
 import { BaseService } from "../base/base.service";
 import type { AiUsageRepository, AiUsageRow } from "./ai.repository";
@@ -26,17 +26,20 @@ type GenerateTextInput = {
     messages: ModelMessage[];
     prompt?: never;
 };
+type AIServiceActorContext = {
+    actor: RequiredServiceActor<"user">;
+};
 type AIServiceGenerateTextParams = Omit<GenerateTextParams, "model" | "prompt" | "messages"> & GenerateTextInput & {
     model: string;
     removeMDash?: boolean;
-    ctx?: Context;
+    ctx?: AIServiceActorContext;
 };
 type AIServiceGenerateObjectParams<T extends ZodType> = Omit<GenerateTextParams, "model" | "prompt" | "messages" | "output"> & GenerateTextInput & {
     model: string;
     schema: T;
     repairAttempts?: number;
     repairModel?: string;
-    ctx?: Context;
+    ctx?: AIServiceActorContext;
 };
 export declare class AIService<MastraInstance extends Mastra> extends BaseService<{
     aiUsage?: AiUsageRepository;
@@ -64,38 +67,33 @@ export declare class AIService<MastraInstance extends Mastra> extends BaseServic
     agentUse(agent: string, options: MastraAgentGenerateOptions & {
         prompt?: string;
         messages?: MessageListInput;
-    }, ctx?: {
-        user: User;
+    }, ctx?: AIServiceActorContext & {
         model?: string;
     }): ServerResultAsync<Awaited<ReturnType<MastraModelOutput<any>["getFullOutput"]>>>;
     agentText(agent: string, options: MastraAgentGenerateOptions & {
         prompt?: string;
         messages?: MessageListInput;
-    }, ctx?: {
-        user: User;
+    }, ctx?: AIServiceActorContext & {
         model?: string;
     }): ServerResultAsync<string>;
     agentTextResult(agent: string, options: MastraAgentGenerateOptions & {
         prompt?: string;
         messages?: MessageListInput;
-    }, ctx?: {
-        user: User;
+    }, ctx?: AIServiceActorContext & {
         model?: string;
     }): ServerResultAsync<FullOutput<any>>;
     agentObject<T extends ZodType<any>>(agent: string, options: MastraAgentGenerateOptions & {
         schema: T;
         prompt?: string;
         messages?: MessageListInput;
-    }, ctx?: {
-        user: User;
+    }, ctx?: AIServiceActorContext & {
         model?: string;
     }): ServerResultAsync<z.infer<T>>;
     agentObjectResult<T extends ZodType<any>>(agent: string, options: MastraAgentGenerateOptions & {
         schema: T;
         prompt?: string;
         messages?: MessageListInput;
-    }, ctx?: {
-        user: User;
+    }, ctx?: AIServiceActorContext & {
         model?: string;
     }): ServerResultAsync<FullOutput<any> & {
         object: z.infer<T>;

package/dist/src/modules/ai/ai.service.js

@@ -55,8 +55,8 @@ class AIService extends base_service_1.BaseService {
             if (!payload)
                 return this.error("BAD_REQUEST", "No prompt or messages provided");
             const requestContext = options.requestContext ?? new request_context_1.RequestContext();
-            if (ctx?.user) {
-                requestContext.set("userId", ctx.user.id);
+            if (ctx?.actor) {
+                requestContext.set("userId", ctx.actor.userId);
             }
             if (ctx?.model) {
                 requestContext.set("model", ctx.model);
@@ -69,7 +69,7 @@ class AIService extends base_service_1.BaseService {
             this.logger.info("AGENT USE DONE");
             if (this.repository.aiUsage) {
                 const createUsageResult = await this.repository.aiUsage.create({
-                    userId: ctx?.user?.id,
+                    userId: ctx?.actor?.userId,
                     model: ctx?.model ?? "unknown",
                     provider: "openrouter",
                     feature: agent,
@@ -159,7 +159,7 @@ class AIService extends base_service_1.BaseService {
             const result = await (0, ai_1.generateText)(request);
             if (this.repository.aiUsage) {
                 const createUsageResult = await this.repository.aiUsage.create({
-                    userId: ctx?.user?.id,
+                    userId: ctx?.actor?.userId,
                     model,
                     provider: "openrouter",
                     feature: "generateText",
@@ -194,7 +194,7 @@ class AIService extends base_service_1.BaseService {
             const result = await (0, ai_1.generateText)(request);
             if (this.repository.aiUsage) {
                 const createUsageResult = await this.repository.aiUsage.create({
-                    userId: ctx?.user?.id,
+                    userId: ctx?.actor?.userId,
                     model,
                     provider: "openrouter",
                     feature: "generateObject",
@@ -213,7 +213,7 @@ class AIService extends base_service_1.BaseService {
             if (ai_1.NoObjectGeneratedError.isInstance(error)) {
                 if (this.repository.aiUsage) {
                     const createUsageResult = await this.repository.aiUsage.create({
-                        userId: ctx?.user?.id,
+                        userId: ctx?.actor?.userId,
                         model,
                         provider: "openrouter",
                         feature: "generateObject",

package/dist/src/modules/ai/ai.trpc.d.ts

@@ -2,7 +2,7 @@ import type { Mastra } from "@mastra/core";
 import type { AIService } from "./ai.service";
 import { type TRPCMethods } from "../../utils/trpc";
 export declare function createAITRPC<MastraInstance extends Mastra>({ router, adminProcedure }: TRPCMethods, aiService: AIService<MastraInstance>): import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("../auth/auth.lib").Context;
+    ctx: import("../../utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;

package/dist/src/modules/auth/auth.lib.d.ts

@@ -1,9 +1,9 @@
 import { type BetterAuthOptions, betterAuth } from "better-auth";
 import { type InferSelectModel } from "drizzle-orm";
 import type { LibSQLDatabase } from "drizzle-orm/libsql";
-import * as auth from "./auth.db";
 import type { BillingService } from "../billing/billing.service";
 import type { EmailService } from "../email/email.service";
+import * as auth from "./auth.db";
 declare const schema: {
     users: import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
         name: "users";
@@ -2345,10 +2345,6 @@ type Schema = typeof schema;
 export type Orm = LibSQLDatabase<Schema>;
 export type User = InferSelectModel<typeof auth.users>;
 export type Session = InferSelectModel<typeof auth.sessions>;
-export type Context = {
-    session: Session;
-    user: User;
-};
 export type BetterAuth = ReturnType<typeof betterAuth>;
 type CreateBetterAuthParams<O extends Orm, S extends Schema, E extends EmailService, B extends BillingService> = {
     orm: O;
@@ -3260,13 +3256,13 @@ export declare function createBetterAuth<O extends Orm, S extends Schema, E exte
                     $Infer: {
                         body: ({
                             permission: {
-                                readonly user?: ("get" | "set-role" | "create" | "update" | "delete" | "list" | "ban" | "impersonate" | "set-password")[] | undefined;
+                                readonly user?: ("update" | "get" | "set-role" | "create" | "delete" | "list" | "ban" | "impersonate" | "set-password")[] | undefined;
                                 readonly session?: ("delete" | "list" | "revoke")[] | undefined;
                             };
                             permissions?: never | undefined;
                         } | {
                             permissions: {
-                                readonly user?: ("get" | "set-role" | "create" | "update" | "delete" | "list" | "ban" | "impersonate" | "set-password")[] | undefined;
+                                readonly user?: ("update" | "get" | "set-role" | "create" | "delete" | "list" | "ban" | "impersonate" | "set-password")[] | undefined;
                                 readonly session?: ("delete" | "list" | "revoke")[] | undefined;
                             };
                             permission?: never | undefined;
@@ -4811,7 +4807,7 @@ export declare function createBetterAuth<O extends Orm, S extends Schema, E exte
     } | undefined;
     verification?: {
         modelName?: string;
-        fields?: Partial<Record<"createdAt" | "updatedAt" | "expiresAt" | "value" | "identifier", string>>;
+        fields?: Partial<Record<"createdAt" | "updatedAt" | "expiresAt" | "identifier" | "value", string>>;
         additionalFields?: {
             [key: string]: import("better-auth", { with: { "resolution-mode": "import" } }).DBFieldAttribute;
         };

package/dist/src/modules/auth/auth.lib.js

@@ -7,10 +7,10 @@ const drizzle_1 = require("better-auth/adapters/drizzle");
 const api_1 = require("better-auth/api");
 const plugins_1 = require("better-auth/plugins");
 const drizzle_orm_1 = require("drizzle-orm");
-const auth = tslib_1.__importStar(require("./auth.db"));
-const auth_utils_1 = require("./auth.utils");
 const logger_1 = require("../../utils/logger");
 const posthog_1 = require("../../utils/posthog");
+const auth = tslib_1.__importStar(require("./auth.db"));
+const auth_utils_1 = require("./auth.utils");
 const schema = { ...auth };
 function createBetterAuth({ orm, schema, services, hooks, options, config }) {
     const { email: emailService, billing: billingService } = services;

package/dist/src/modules/auth/auth.service.d.ts

@@ -1,9 +1,9 @@
+import type { Context } from "../../utils/trpc";
 import type { ServerResultAsync } from "../base/base.dto";
 import { BaseService } from "../base/base.service";
 import type { BillingService } from "../billing/billing.service";
 import type { EmailService } from "../email/email.service";
 import type { AccountClaim, AccountClaimMagicLinkOutput, AccountClaimOutput, Waitlist, WaitlistOutput } from "./auth.dto";
-import type { Context, User } from "./auth.lib";
 import type { AuthRepository } from "./auth.repository";
 type AuthServiceDependencies = {
     email: EmailService;
@@ -15,42 +15,22 @@ export declare class AuthService extends BaseService<{
     auth: AuthRepository;
 }, AuthServiceDependencies> {
     private getBillingService;
-    private getActiveOrganizationId;
-    getUserWaitlistCount({ user }: {
-        user: User;
-    }): ServerResultAsync<number>;
-    getOnboarding({ user }: {
-        user: User;
-    }): ServerResultAsync<number>;
-    setOnboarding(onboarding: number, { user }: {
-        user: User;
-    }): ServerResultAsync<number>;
-    getPreferences({ user }: {
-        user: User;
-    }): ServerResultAsync<Record<string, unknown>>;
-    setPreferences(preferences: Record<string, unknown>, { user }: {
-        user: User;
-    }): ServerResultAsync<Record<string, unknown>>;
+    private organizationActorFromCtx;
+    getUserWaitlistCount(ctx: Context): ServerResultAsync<number>;
+    getOnboarding(ctx: Context): ServerResultAsync<number>;
+    setOnboarding(onboarding: number, ctx: Context): ServerResultAsync<number>;
+    getPreferences(ctx: Context): ServerResultAsync<Record<string, unknown>>;
+    setPreferences(preferences: Record<string, unknown>, ctx: Context): ServerResultAsync<Record<string, unknown>>;
     getOrganizationPreferences(ctx: Context): ServerResultAsync<Record<string, unknown>>;
     setOrganizationPreferences(preferences: Record<string, unknown>, ctx: Context): ServerResultAsync<Record<string, unknown>>;
-    getMetadata({ user }: {
-        user: User;
-    }): ServerResultAsync<Record<string, unknown>>;
-    setMetadata(metadata: Record<string, unknown>, { user }: {
-        user: User;
-    }): ServerResultAsync<Record<string, unknown>>;
-    getFlags({ user }: {
-        user: User;
-    }): ServerResultAsync<string[]>;
+    getMetadata(ctx: Context): ServerResultAsync<Record<string, unknown>>;
+    setMetadata(metadata: Record<string, unknown>, ctx: Context): ServerResultAsync<Record<string, unknown>>;
+    getFlags(ctx: Context): ServerResultAsync<string[]>;
     getOrganizationFlags(ctx: Context): ServerResultAsync<string[]>;
-    setFlags(flags: string[], { user }: {
-        user: User;
-    }): ServerResultAsync<string[]>;
+    setFlags(flags: string[], ctx: Context): ServerResultAsync<string[]>;
     setOrganizationFlags(flags: string[], ctx: Context): ServerResultAsync<string[]>;
     listAdminWaitlist(): ServerResultAsync<WaitlistOutput[]>;
-    listWaitlist({ user }: {
-        user: User;
-    }): ServerResultAsync<Waitlist[]>;
+    listWaitlist(ctx: Context): ServerResultAsync<Waitlist[]>;
     addToWaitlist({ email }: {
         email: string;
     }): ServerResultAsync<WaitlistOutput>;
@@ -60,14 +40,10 @@ export declare class AuthService extends BaseService<{
     inviteToWaitlist({ email, name }: {
         email: string;
         name?: string;
-    }, { user }: {
-        user: User;
-    }): ServerResultAsync<Waitlist>;
+    }, ctx: Context): ServerResultAsync<Waitlist>;
     createInvitationCode({ name }: {
         name?: string;
-    }, { user }: {
-        user: User;
-    }): ServerResultAsync<Waitlist>;
+    }, ctx: Context): ServerResultAsync<Waitlist>;
     joinWaitlist({ email }: {
         email: string;
     }): ServerResultAsync<WaitlistOutput>;
@@ -82,19 +58,13 @@ export declare class AuthService extends BaseService<{
         expiresInHours?: number;
     }): ServerResultAsync<AccountClaim>;
     listAccountClaims(): ServerResultAsync<AccountClaimOutput[]>;
-    getMyAccountClaimStatus({ user }: {
-        user: User;
-    }): ServerResultAsync<AccountClaim | null>;
+    getMyAccountClaimStatus(ctx: Context): ServerResultAsync<AccountClaim | null>;
     setMyAccountClaimEmail({ email }: {
         email: string;
-    }, { user }: {
-        user: User;
-    }): ServerResultAsync<{
+    }, ctx: Context): ServerResultAsync<{
         status: boolean;
     }>;
-    acceptMyAccountClaim({ user }: {
-        user: User;
-    }): ServerResultAsync<{
+    acceptMyAccountClaim(ctx: Context): ServerResultAsync<{
         status: boolean;
     }>;
     generateAccountClaimMagicLink({ claimId, email, }: {

package/dist/src/modules/auth/auth.service.js

@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthService = void 0;
 const neverthrow_1 = require("neverthrow");
 const posthog_1 = require("../../utils/posthog");
+const errors_1 = require("../../utils/errors");
+const base_actor_1 = require("../base/base.actor");
 const base_service_1 = require("../base/base.service");
 class AuthService extends base_service_1.BaseService {
     getBillingService() {
@@ -10,104 +12,111 @@ class AuthService extends base_service_1.BaseService {
             return null;
         return this.service.billing;
     }
-    getActiveOrganizationId(ctx) {
-        const organizationId = ctx.session.activeOrganizationId;
-        if (!organizationId) {
-            return this.repository.auth.error("FORBIDDEN", "No active organization");
+    organizationActorFromCtx(ctx) {
+        try {
+            return (0, neverthrow_1.ok)((0, base_actor_1.createActorFromContext)({ user: ctx.user, session: ctx.session }, "organization"));
+        }
+        catch (e) {
+            if (e instanceof errors_1.ServerError)
+                return (0, neverthrow_1.err)(e);
+            throw e;
         }
-        return (0, neverthrow_1.ok)(organizationId);
     }
-    async getUserWaitlistCount({ user }) {
-        if (user.role === "admin")
+    async getUserWaitlistCount(ctx) {
+        if (ctx.actor.userRole === "admin")
             return (0, neverthrow_1.ok)(0);
-        return this.repository.auth.getUserWaitlistCount(user.id);
+        return this.repository.auth.getUserWaitlistCount(ctx.actor.userId);
     }
-    async getOnboarding({ user }) {
-        return this.repository.auth.getOnboarding(user.id);
+    async getOnboarding(ctx) {
+        return this.repository.auth.getOnboarding(ctx.actor.userId);
     }
-    async setOnboarding(onboarding, { user }) {
+    async setOnboarding(onboarding, ctx) {
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.actor.userId,
             event: "onboarding_set",
             properties: {
                 onboarding,
             },
         });
-        return this.repository.auth.setOnboarding(user.id, onboarding);
+        return this.repository.auth.setOnboarding(ctx.actor.userId, onboarding);
     }
-    async getPreferences({ user }) {
-        return this.repository.auth.getPreferences(user.id);
+    async getPreferences(ctx) {
+        return this.repository.auth.getPreferences(ctx.actor.userId);
     }
-    async setPreferences(preferences, { user }) {
+    async setPreferences(preferences, ctx) {
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.actor.userId,
             event: "preferences_set",
         });
-        return this.repository.auth.setPreferences(user.id, preferences);
+        return this.repository.auth.setPreferences(ctx.actor.userId, preferences);
     }
     async getOrganizationPreferences(ctx) {
-        const organizationId = this.getActiveOrganizationId(ctx);
-        if (organizationId.isErr())
-            return (0, neverthrow_1.err)(organizationId.error);
-        return this.repository.auth.getOrganizationPreferences(ctx.user.id, organizationId.value);
+        const org = this.organizationActorFromCtx(ctx);
+        if (org.isErr())
+            return (0, neverthrow_1.err)(org.error);
+        const actor = org.value;
+        return this.repository.auth.getOrganizationPreferences(actor.userId, actor.organizationId);
     }
     async setOrganizationPreferences(preferences, ctx) {
-        const organizationId = this.getActiveOrganizationId(ctx);
-        if (organizationId.isErr())
-            return (0, neverthrow_1.err)(organizationId.error);
+        const org = this.organizationActorFromCtx(ctx);
+        if (org.isErr())
+            return (0, neverthrow_1.err)(org.error);
+        const actor = org.value;
         (0, posthog_1.posthogCapture)({
-            distinctId: ctx.user.id,
+            distinctId: actor.userId,
             event: "organization_preferences_set",
             properties: {
-                organizationId: organizationId.value,
+                organizationId: actor.organizationId,
             },
         });
-        return this.repository.auth.setOrganizationPreferences(ctx.user.id, organizationId.value, preferences);
+        return this.repository.auth.setOrganizationPreferences(actor.userId, actor.organizationId, preferences);
     }
-    async getMetadata({ user }) {
-        return this.repository.auth.getMetadata(user.id);
+    async getMetadata(ctx) {
+        return this.repository.auth.getMetadata(ctx.actor.userId);
     }
-    async setMetadata(metadata, { user }) {
+    async setMetadata(metadata, ctx) {
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.actor.userId,
             event: "metadata_set",
         });
-        return this.repository.auth.setMetadata(user.id, metadata);
+        return this.repository.auth.setMetadata(ctx.actor.userId, metadata);
     }
-    async getFlags({ user }) {
-        return this.repository.auth.getFlags(user.id);
+    async getFlags(ctx) {
+        return this.repository.auth.getFlags(ctx.actor.userId);
     }
     async getOrganizationFlags(ctx) {
-        const organizationId = this.getActiveOrganizationId(ctx);
-        if (organizationId.isErr())
-            return (0, neverthrow_1.err)(organizationId.error);
-        return this.repository.auth.getOrganizationFlags(ctx.user.id, organizationId.value);
+        const org = this.organizationActorFromCtx(ctx);
+        if (org.isErr())
+            return (0, neverthrow_1.err)(org.error);
+        const actor = org.value;
+        return this.repository.auth.getOrganizationFlags(actor.userId, actor.organizationId);
     }
-    async setFlags(flags, { user }) {
+    async setFlags(flags, ctx) {
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.actor.userId,
             event: "flags_set",
         });
-        return this.repository.auth.setFlags(user.id, flags);
+        return this.repository.auth.setFlags(ctx.actor.userId, flags);
     }
     async setOrganizationFlags(flags, ctx) {
-        const organizationId = this.getActiveOrganizationId(ctx);
-        if (organizationId.isErr())
-            return (0, neverthrow_1.err)(organizationId.error);
+        const org = this.organizationActorFromCtx(ctx);
+        if (org.isErr())
+            return (0, neverthrow_1.err)(org.error);
+        const actor = org.value;
         (0, posthog_1.posthogCapture)({
-            distinctId: ctx.user.id,
+            distinctId: actor.userId,
             event: "organization_flags_set",
             properties: {
-                organizationId: organizationId.value,
+                organizationId: actor.organizationId,
             },
         });
-        return this.repository.auth.setOrganizationFlags(ctx.user.id, organizationId.value, flags);
+        return this.repository.auth.setOrganizationFlags(actor.userId, actor.organizationId, flags);
     }
     async listAdminWaitlist() {
         return this.repository.auth.listAdminWaitlist();
     }
-    async listWaitlist({ user }) {
-        return this.repository.auth.listWaitlist(user.id);
+    async listWaitlist(ctx) {
+        return this.repository.auth.listWaitlist(ctx.actor.userId);
     }
     async addToWaitlist({ email }) {
         return this.repository.auth.addToWaitlist(email);
@@ -123,20 +132,24 @@ class AuthService extends base_service_1.BaseService {
         await this.service.email.sendWaitlistInvite(waitlist.value.email, waitlist.value.code);
         return (0, neverthrow_1.ok)(waitlist.value);
     }
-    async inviteToWaitlist({ email, name }, { user }) {
-        const count = await this.repository.auth.getUserWaitlistCount(user.id);
+    async inviteToWaitlist({ email, name }, ctx) {
+        const count = await this.repository.auth.getUserWaitlistCount(ctx.user.id);
         if (count.isErr())
             return (0, neverthrow_1.err)(count.error);
         if (count.value >= 3)
             return this.repository.auth.error("BAD_REQUEST", "Run out of invites");
-        const waitlist = await this.repository.auth.inviteToWaitlist({ email, userId: user.id, name });
+        const waitlist = await this.repository.auth.inviteToWaitlist({
+            email,
+            userId: ctx.user.id,
+            name,
+        });
         if (waitlist.isErr())
             return (0, neverthrow_1.err)(waitlist.error);
         if (!waitlist.value.code)
             return this.repository.auth.error("BAD_REQUEST");
-        await this.service.email.sendWaitlistUserInvite(email, waitlist.value.code, user.name, name);
+        await this.service.email.sendWaitlistUserInvite(email, waitlist.value.code, ctx.user.name, name);
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.user.id,
             event: "waitlist_invite_sent",
             properties: {
                 email,
@@ -145,15 +158,15 @@ class AuthService extends base_service_1.BaseService {
         });
         return (0, neverthrow_1.ok)(waitlist.value);
     }
-    async createInvitationCode({ name }, { user }) {
+    async createInvitationCode({ name }, ctx) {
         (0, posthog_1.posthogCapture)({
-            distinctId: user.id,
+            distinctId: ctx.actor.userId,
             event: "waitlist_invitation_code_created",
             properties: {
                 name,
             },
         });
-        return this.repository.auth.createInvitationCode({ userId: user.id, name });
+        return this.repository.auth.createInvitationCode({ userId: ctx.actor.userId, name });
     }
     async joinWaitlist({ email }) {
         const waitlist = await this.repository.auth.joinWaitlist(email);
@@ -174,23 +187,23 @@ class AuthService extends base_service_1.BaseService {
     async listAccountClaims() {
         return this.repository.auth.listAccountClaims();
     }
-    async getMyAccountClaimStatus({ user }) {
-        return this.repository.auth.findPendingAccountClaimForUser(user.id);
+    async getMyAccountClaimStatus(ctx) {
+        return this.repository.auth.findPendingAccountClaimForUser(ctx.actor.userId);
     }
-    async setMyAccountClaimEmail({ email }, { user }) {
-        return this.repository.auth.setAccountClaimEmail({ userId: user.id, email });
+    async setMyAccountClaimEmail({ email }, ctx) {
+        return this.repository.auth.setAccountClaimEmail({ userId: ctx.actor.userId, email });
     }
-    async acceptMyAccountClaim({ user }) {
-        const pendingClaim = await this.repository.auth.findPendingAccountClaimForUser(user.id);
+    async acceptMyAccountClaim(ctx) {
+        const pendingClaim = await this.repository.auth.findPendingAccountClaimForUser(ctx.user.id);
         if (pendingClaim.isErr())
             return (0, neverthrow_1.err)(pendingClaim.error);
-        const accepted = await this.repository.auth.acceptAccountClaim(user.id);
+        const accepted = await this.repository.auth.acceptAccountClaim(ctx.user.id);
         if (accepted.isErr())
             return (0, neverthrow_1.err)(accepted.error);
         if (pendingClaim.value) {
             const billingService = this.getBillingService();
             if (billingService) {
-                await billingService.createUserHook({ user });
+                await billingService.createUserHook({ user: ctx.user });
             }
         }
         return (0, neverthrow_1.ok)(accepted.value);

package/dist/src/modules/auth/auth.trpc.d.ts

@@ -1,7 +1,7 @@
 import { type TRPCMethods } from "../../utils/trpc";
 import type { AuthService } from "./auth.service";
 export declare function createAuthTRPC({ router, publicProcedure, privateProcedure: procedure, adminProcedure }: TRPCMethods, authService: AuthService): import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("./auth.lib").Context;
+    ctx: import("../../utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;

package/dist/src/modules/base/base.actor.d.ts

@@ -0,0 +1,68 @@
+import type { Session, User } from "../auth/auth.lib";
+export type UserActor = {
+    userId: string;
+    userRole: string;
+    organizationId: string | null;
+    organizationRole: string | null;
+    teamId: string | null;
+    teamRole: string | null;
+};
+export type OrganizationActor = {
+    userId: string;
+    userRole: string;
+    organizationId: string;
+    organizationRole: string;
+    teamId: string | null;
+    teamRole: string | null;
+};
+export type TeamActor = {
+    userId: string;
+    userRole: string;
+    organizationId: string;
+    organizationRole: string;
+    teamId: string;
+    teamRole: string;
+};
+export type AuthenticatedActor = UserActor | OrganizationActor | TeamActor;
+/** @deprecated Prefer `AuthenticatedActor` — kept for grants and legacy call sites */
+export type ServiceActor = AuthenticatedActor;
+export type Actor = {
+    user: UserActor;
+    organization: OrganizationActor;
+    team: TeamActor;
+    authenticated: AuthenticatedActor;
+};
+export type ActorScope = "user" | "organization" | "team";
+export type RequiredServiceActor<Scope extends ActorScope> = Actor[Scope];
+/** Claims shape used by tests and factories */
+export type ServiceActorClaims = {
+    userId: string;
+    userRole: string;
+    organizationId?: string | null;
+    organizationRole?: string | null;
+    teamId?: string | null;
+    teamRole?: string | null;
+};
+/** @deprecated Prefer `OrganizationActor` */
+export type ServiceOrganizationActor = OrganizationActor;
+/** @deprecated Prefer `TeamActor` */
+export type ServiceTeamActor = TeamActor;
+export declare function createActorFromContext(context: {
+    user: User;
+    session: Session;
+}, scope: "team"): TeamActor;
+export declare function createActorFromContext(context: {
+    user: User;
+    session: Session;
+}, scope: "organization"): OrganizationActor;
+export declare function createActorFromContext(context: {
+    user: User;
+    session: Session;
+}, scope: "user"): UserActor;
+export declare function validateActor(actor: AuthenticatedActor, scope: ActorScope): boolean;
+/**
+ * Builds a flat actor for tests / grants without session. Validates that team scope implies organization.
+ */
+export declare function createServiceActor(claims: ServiceActorClaims): AuthenticatedActor;
+export declare function getServiceActorScope(actor: AuthenticatedActor): ActorScope;
+export declare function hasServiceActorScope(actor: AuthenticatedActor, scope: ActorScope): boolean;