@maravilla-labs/types 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.ts +165 -0
- package/package.json +1 -1
package/index.ts
CHANGED
|
@@ -234,6 +234,138 @@ export interface Storage {
|
|
|
234
234
|
getMetadata(key: string): Promise<StorageMetadata>;
|
|
235
235
|
}
|
|
236
236
|
|
|
237
|
+
// Stewardship Types
|
|
238
|
+
|
|
239
|
+
/** Delegation mode for stewardship overrides */
|
|
240
|
+
export type DelegationMode = 'full' | 'scoped';
|
|
241
|
+
|
|
242
|
+
/** Status of a stewardship override */
|
|
243
|
+
export type StewardshipStatus = 'active' | 'suspended' | 'revoked' | 'expired';
|
|
244
|
+
|
|
245
|
+
/** A scoped permission entry */
|
|
246
|
+
export interface ScopedPermission {
|
|
247
|
+
/** Resource name */
|
|
248
|
+
resource: string;
|
|
249
|
+
/** Allowed actions on the resource */
|
|
250
|
+
actions: string[];
|
|
251
|
+
}
|
|
252
|
+
|
|
253
|
+
/** A stewardship override record */
|
|
254
|
+
export interface StewardshipOverride {
|
|
255
|
+
id: string;
|
|
256
|
+
steward_id: string;
|
|
257
|
+
ward_id: string;
|
|
258
|
+
delegation_mode: DelegationMode;
|
|
259
|
+
scoped_permissions: ScopedPermission[];
|
|
260
|
+
valid_from?: number;
|
|
261
|
+
valid_until?: number;
|
|
262
|
+
status: StewardshipStatus;
|
|
263
|
+
reason?: string;
|
|
264
|
+
source: string;
|
|
265
|
+
source_circle_id?: string;
|
|
266
|
+
source_relation_type_id?: string;
|
|
267
|
+
created_at: number;
|
|
268
|
+
updated_at: number;
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
/** Options for creating a stewardship override */
|
|
272
|
+
export interface CreateStewardshipOverrideRequest {
|
|
273
|
+
steward_id: string;
|
|
274
|
+
ward_id: string;
|
|
275
|
+
delegation_mode?: DelegationMode;
|
|
276
|
+
scoped_permissions?: ScopedPermission[];
|
|
277
|
+
valid_from?: number;
|
|
278
|
+
valid_until?: number;
|
|
279
|
+
reason?: string;
|
|
280
|
+
}
|
|
281
|
+
|
|
282
|
+
/** Result of resolving stewardship for a user */
|
|
283
|
+
export interface StewardshipResolution {
|
|
284
|
+
/** Users who are stewards of this user */
|
|
285
|
+
stewards: StewardshipOverride[];
|
|
286
|
+
/** Users this user is a steward of */
|
|
287
|
+
wards: StewardshipOverride[];
|
|
288
|
+
}
|
|
289
|
+
|
|
290
|
+
/** Context for acting as another user */
|
|
291
|
+
export interface ActAsContext {
|
|
292
|
+
steward_id: string;
|
|
293
|
+
ward_id: string;
|
|
294
|
+
delegation_mode: DelegationMode;
|
|
295
|
+
scoped_permissions: ScopedPermission[];
|
|
296
|
+
session_token: string;
|
|
297
|
+
expires_at: number;
|
|
298
|
+
}
|
|
299
|
+
|
|
300
|
+
/** An entry in the stewardship audit log */
|
|
301
|
+
export interface StewardshipAuditEntry {
|
|
302
|
+
id: string;
|
|
303
|
+
performed_by: string;
|
|
304
|
+
on_behalf_of: string;
|
|
305
|
+
action: string;
|
|
306
|
+
resource?: string;
|
|
307
|
+
details?: Record<string, any>;
|
|
308
|
+
created_at: number;
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
/** Options for listing audit log entries */
|
|
312
|
+
export interface AuditListOptions {
|
|
313
|
+
limit?: number;
|
|
314
|
+
offset?: number;
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
/** Stewardship service interface */
|
|
318
|
+
export interface Stewardship {
|
|
319
|
+
resolve(userId: string): Promise<StewardshipResolution>;
|
|
320
|
+
createOverride(options: CreateStewardshipOverrideRequest): Promise<StewardshipOverride>;
|
|
321
|
+
revoke(id: string): Promise<void>;
|
|
322
|
+
checkPermission(stewardId: string, wardId: string, resource: string, action: string): Promise<boolean>;
|
|
323
|
+
createActAs(stewardId: string, wardId: string): Promise<ActAsContext>;
|
|
324
|
+
listAudit(userId: string, options?: AuditListOptions): Promise<StewardshipAuditEntry[]>;
|
|
325
|
+
}
|
|
326
|
+
|
|
327
|
+
// Resource Types
|
|
328
|
+
|
|
329
|
+
/** A platform resource definition */
|
|
330
|
+
export interface Resource {
|
|
331
|
+
id: string;
|
|
332
|
+
resource_name: string;
|
|
333
|
+
title: string;
|
|
334
|
+
description?: string;
|
|
335
|
+
actions: string[];
|
|
336
|
+
created_at: number;
|
|
337
|
+
updated_at: number;
|
|
338
|
+
}
|
|
339
|
+
|
|
340
|
+
/** Options for creating a resource */
|
|
341
|
+
export interface CreateResourceRequest {
|
|
342
|
+
resource_name: string;
|
|
343
|
+
title: string;
|
|
344
|
+
description?: string;
|
|
345
|
+
actions?: string[];
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
// Circle Types
|
|
349
|
+
|
|
350
|
+
/** Circle membership entry */
|
|
351
|
+
export interface CircleMembership {
|
|
352
|
+
user_id: string;
|
|
353
|
+
email: string;
|
|
354
|
+
relationship: string;
|
|
355
|
+
is_primary_contact: boolean;
|
|
356
|
+
joined_at: number;
|
|
357
|
+
}
|
|
358
|
+
|
|
359
|
+
/** A circle */
|
|
360
|
+
export interface Circle {
|
|
361
|
+
id: string;
|
|
362
|
+
name: string;
|
|
363
|
+
metadata?: Record<string, any>;
|
|
364
|
+
member_count: number;
|
|
365
|
+
created_at: number;
|
|
366
|
+
updated_at: number;
|
|
367
|
+
}
|
|
368
|
+
|
|
237
369
|
// Platform Types
|
|
238
370
|
|
|
239
371
|
/**
|
|
@@ -246,6 +378,39 @@ export interface Platform {
|
|
|
246
378
|
db: Database;
|
|
247
379
|
/** Storage service instance */
|
|
248
380
|
storage: Storage;
|
|
381
|
+
/** Auth service with stewardship, resources, and circle helpers */
|
|
382
|
+
auth: {
|
|
383
|
+
register(options: { email: string; password: string; profile?: Record<string, any> }): Promise<any>;
|
|
384
|
+
login(options: { email: string; password: string }): Promise<any>;
|
|
385
|
+
validate(accessToken: string): Promise<any>;
|
|
386
|
+
refresh(refreshToken: string): Promise<any>;
|
|
387
|
+
logout(sessionId: string): Promise<void>;
|
|
388
|
+
getUser(userId: string): Promise<any>;
|
|
389
|
+
listUsers(filter?: Record<string, any>): Promise<any>;
|
|
390
|
+
updateUser(userId: string, update: Record<string, any>): Promise<any>;
|
|
391
|
+
deleteUser(userId: string): Promise<void>;
|
|
392
|
+
sendVerification(userId: string): Promise<any>;
|
|
393
|
+
verifyEmail(token: string): Promise<void>;
|
|
394
|
+
sendPasswordReset(email: string): Promise<any>;
|
|
395
|
+
resetPassword(token: string, newPassword: string): Promise<void>;
|
|
396
|
+
changePassword(userId: string, oldPassword: string, newPassword: string): Promise<void>;
|
|
397
|
+
getFieldConfig(): Promise<any>;
|
|
398
|
+
getOAuthUrl(provider: string, options?: { redirectUri?: string }): Promise<any>;
|
|
399
|
+
handleOAuthCallback(provider: string, params: { code: string; state: string }): Promise<any>;
|
|
400
|
+
|
|
401
|
+
/** Stewardship (guardian/ward delegation) */
|
|
402
|
+
stewardship: Stewardship;
|
|
403
|
+
|
|
404
|
+
/** List available resources */
|
|
405
|
+
listResources(): Promise<Resource[]>;
|
|
406
|
+
/** Create a resource definition */
|
|
407
|
+
createResource(options: CreateResourceRequest): Promise<Resource>;
|
|
408
|
+
|
|
409
|
+
/** Get circle members */
|
|
410
|
+
getCircleMembers(circleId: string): Promise<CircleMembership[]>;
|
|
411
|
+
/** Get circles a user belongs to */
|
|
412
|
+
getUserCircles(userId: string): Promise<Circle[]>;
|
|
413
|
+
};
|
|
249
414
|
/** Legacy aliases for compatibility */
|
|
250
415
|
env: {
|
|
251
416
|
KV: KvStore;
|