npm - @memberjunction/lists-base - Versions diffs - 0.0.1 → 5.36.0 - Mend

@memberjunction/lists-base 0.0.1 → 5.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './types.js';
2	+ //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC"}

package/dist/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './types.js';
2	+ //# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC","sourcesContent":["export * from './types';\n"]}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,266 @@
+/**
+ * @memberjunction/lists-base — public type surface.
+ *
+ * These types are isomorphic (no runtime, no Node-only or DOM-only APIs) and
+ * are the single source of truth shared by:
+ *   - `@memberjunction/lists` (server-side operations)
+ *   - `@memberjunction/graphql-dataprovider` (browser client)
+ *   - Angular UI packages
+ *
+ * Naming: PascalCase for public members (per MJ convention).
+ */
+/**
+ * How a refresh operation reconciles a target list against its source.
+ *
+ * - `Additive`: only adds new members from the source; never removes.
+ * - `Sync`: makes the target exactly equal the source — may remove members
+ *   that are no longer in the source. This is the only refresh mode that can
+ *   produce drops, and therefore the only one that requires `ConfirmDrops`.
+ */
+export type ListRefreshMode = 'Additive' | 'Sync';
+/**
+ * Discriminated union identifying any source of records that can feed a list
+ * operation. The same shape is exported as `AudienceSource` — they are
+ * intentionally identical so the audience picker and the list-operations
+ * pipeline share a vocabulary.
+ *
+ * - `list`: an existing MJ List, resolved via its members.
+ * - `view`: a User View, resolved via RunView with optional runtime params.
+ * - `adhoc`: an arbitrary entity + filter — no persisted view backing it.
+ */
+export type ListSource = {
+    kind: 'list';
+    listId: string;
+} | {
+    kind: 'view';
+    viewId: string;
+    runtimeParams?: Record<string, unknown>;
+} | {
+    kind: 'adhoc';
+    entityName: string;
+    extraFilter: string;
+};
+/**
+ * `AudienceSource` is the same discriminated union as `ListSource` — same
+ * `kind` discriminator, same payload shape — but named after its primary
+ * downstream consumer (the Communications module). Defining it as a type
+ * alias lets the Angular picker, the SendToAudience helper, and any
+ * future audience-aware feature share one vocabulary with the list
+ * operations stack without forcing them to import a "list" type.
+ */
+export type AudienceSource = ListSource;
+/**
+ * Resolved record set returned by list-source resolution.
+ *
+ * `RecordIds` are stringified composite-key payloads in the same format used
+ * by `MJ: List Detail.RecordID`. For single-column primary keys this is just
+ * the ID; for composite keys it is the canonical `Field1|Value1||Field2|…`
+ * format.
+ *
+ * `EntityName` is single-valued — Lists are single-entity by design. If a
+ * caller mixes sources of different entities, the operation surfaces an
+ * `ENTITY_MISMATCH` warning rather than silently coercing.
+ */
+export interface ResolvedRecordSet {
+    EntityName: string;
+    RecordIds: string[];
+    /** Optional total count when the source is paged or streamed. */
+    TotalCount?: number;
+}
+/** Discriminator for set-operations. */
+export type SetOpKind = 'union' | 'intersection' | 'difference';
+/**
+ * Category of warning surfaced by a delta or set-op preview. Warnings do not
+ * block — `ApplyDelta` enforces the hard rules (drop confirmation, stale
+ * tokens, permissions). Use warnings to drive UX hints.
+ */
+export type ListDeltaWarningCode = 'WILL_REMOVE_RECORDS' | 'ENTITY_MISMATCH' | 'EMPTY_SOURCE' | 'EMPTY_TARGET' | 'LARGE_OPERATION';
+/**
+ * Single warning attached to a `ListDelta`. `Message` is human-readable;
+ * `Code` drives any UI logic that needs to react to a specific class of
+ * warning (most importantly `WILL_REMOVE_RECORDS`, which the delta-confirm
+ * dialog uses to require explicit acknowledgement).
+ */
+export interface ListDeltaWarning {
+    Code: ListDeltaWarningCode;
+    Message: string;
+    /** Optional structured payload for the UI. */
+    Details?: Record<string, unknown>;
+}
+/**
+ * Aggregate counts on a `ListDelta`. Always present — clients can render
+ * "+N / −M / Unchanged K" summary tiles without re-counting arrays.
+ */
+export interface ListDeltaCounts {
+    Add: number;
+    Remove: number;
+    Unchanged: number;
+    SourceTotal: number;
+    TargetTotal: number;
+}
+/**
+ * Result of a preview call (`ComputeDelta` or `ComputeSetOp`). Never mutates.
+ *
+ * `DeltaToken` is a server-signed HMAC of `{ targetListId, source signature,
+ * mode, timestamp }` with a 5-minute TTL. `ApplyDelta` will reject any token
+ * that fails to verify, has expired, or no longer reflects current state
+ * (which it detects by re-computing on the server).
+ *
+ * `TargetListId` is `null` when the operation creates a new list rather than
+ * mutating an existing one (e.g. `MaterializeFromView`).
+ */
+export interface ListDelta {
+    TargetListId: string | null;
+    EntityName: string;
+    ToAdd: string[];
+    ToRemove: string[];
+    Unchanged: string[];
+    Counts: ListDeltaCounts;
+    Warnings: ListDeltaWarning[];
+    DeltaToken: string;
+}
+/**
+ * Options for `MaterializeFromView` — creates a new list from a view result.
+ *
+ * `RememberLineage` controls whether the new list captures the source view
+ * ID + filter snapshot. With it `false`, the list is a one-shot copy and
+ * cannot be refreshed.
+ *
+ * `UseSnapshot` controls refresh behaviour when lineage is remembered: when
+ * `true`, refreshes re-apply the captured filter snapshot; when `false`,
+ * refreshes re-read the live view (default).
+ */
+export interface MaterializeOptions {
+    ListName: string;
+    CategoryId?: string;
+    Description?: string;
+    RememberLineage: boolean;
+    UseSnapshot: boolean;
+    RefreshMode: ListRefreshMode;
+}
+/**
+ * Result codes returned by `ApplyDelta` and the high-level convenience
+ * operations. Every non-`SUCCESS` code maps to a user-visible failure mode
+ * the UI must handle explicitly.
+ */
+export type ApplyResultCode = 'SUCCESS' | 'DROP_NOT_CONFIRMED' | 'STALE_DELTA' | 'INVALID_TOKEN' | 'PERMISSION_DENIED' | 'TARGET_NOT_FOUND' | 'PARTIAL_SUCCESS' | 'UNEXPECTED_ERROR';
+/**
+ * Outcome of a mutating list operation. `Counts` reports what actually
+ * happened (which may differ from the preview if records were concurrently
+ * modified — that case surfaces as `STALE_DELTA` rather than silent skew).
+ */
+export interface ApplyResult {
+    Success: boolean;
+    ResultCode: ApplyResultCode;
+    Message: string;
+    /** Populated when `MaterializeFromView` (or similar) creates a new list. */
+    CreatedListId?: string;
+    TargetListId?: string;
+    Counts?: {
+        Added: number;
+        Removed: number;
+        Failed: number;
+    };
+    Errors?: string[];
+}
+/** Permission level granted to a share recipient. Mirrors the
+ *  MJResourcePermission `PermissionLevel` field exactly. */
+export type SharePermissionLevel = 'View' | 'Edit' | 'Owner';
+/**
+ * Capability flags derived from a permission level. The mapping mirrors
+ * the gating rules from mockup 19:
+ *   - Viewer: hide Add/Remove/Refresh/Edit/Share/Delete/Operations
+ *   - Editor: hide Delete/Share
+ *   - Owner: show everything
+ * Server-side enforcement remains the source of truth — this is a UX
+ * convenience so users don't see buttons they'll be rejected on.
+ */
+export interface ListCapabilities {
+    CanRead: boolean;
+    CanEdit: boolean;
+    CanRefresh: boolean;
+    CanShare: boolean;
+    CanDelete: boolean;
+    CanRunOperations: boolean;
+}
+/**
+ * Pure mapping function from a permission level (or `null` for "no access")
+ * to a capability flag set. Stateless, no runtime dependencies — safe to use
+ * in any context.
+ */
+export declare function CapabilitiesForLevel(level: SharePermissionLevel | null): ListCapabilities;
+/**
+ * Target of a direct share: either an MJ user or an MJ role. Discriminated
+ * union so the type system enforces exactly one of `userId` / `roleId` is
+ * provided (mirrors the `ValidateTypeAndRoleOrUserIDExclusive` rule on
+ * `MJResourcePermission`).
+ */
+export type ShareTarget = {
+    kind: 'user';
+    userId: string;
+} | {
+    kind: 'role';
+    roleId: string;
+};
+/** Summary of one share row returned by `GetSharesForList`. */
+export interface ListShareSummary {
+    PermissionID: string;
+    ListID: string;
+    Target: ShareTarget;
+    PermissionLevel: SharePermissionLevel;
+    Status: 'Approved' | 'Requested' | 'Rejected' | 'Revoked';
+    SharedByUserID: string | null;
+    CreatedAt: Date;
+}
+/** Summary of one List visible to the current user via shares. */
+export interface SharedListSummary {
+    ListID: string;
+    ListName: string;
+    PermissionLevel: SharePermissionLevel;
+    SharedByUserID: string | null;
+    SharedAt: Date;
+}
+/** Status codes returned by sharing operations. */
+export type ShareResultCode = 'SUCCESS' | 'INVALID_PARAMETER' | 'LIST_NOT_FOUND' | 'INVITATION_NOT_FOUND' | 'INVITATION_EXPIRED' | 'INVITATION_ALREADY_USED' | 'INVITATION_REVOKED' | 'PERMISSION_NOT_FOUND' | 'EMAIL_RECIPIENT_NOT_FOUND' | 'UNEXPECTED_ERROR';
+export interface ShareResult {
+    Success: boolean;
+    ResultCode: ShareResultCode;
+    Message: string;
+    PermissionID?: string;
+}
+export interface InviteResult {
+    Success: boolean;
+    ResultCode: ShareResultCode;
+    Message: string;
+    InvitationID?: string;
+    Token?: string;
+    ExpiresAt?: Date;
+}
+export interface AcceptInvitationResult {
+    Success: boolean;
+    ResultCode: ShareResultCode;
+    Message: string;
+    PermissionID?: string;
+    ListID?: string;
+}
+/** Token validity window — matches the 5-minute requirement in the plan. */
+export declare const TOKEN_TTL_MS: number;
+/** Mode tag baked into the payload — drives drop-guard enforcement. */
+export type DeltaTokenMode = 'Additive' | 'Sync' | 'SetOp';
+/**
+ * Canonical payload shape. Kept tiny + versioned so we can evolve the
+ * signing scheme without breaking running clients.
+ */
+export interface DeltaTokenPayload {
+    v: 1;
+    tid: string | null;
+    ssig: string;
+    m: DeltaTokenMode;
+    iat: number;
+}
+/**
+ * Reasons a token can fail verification. Mapped 1:1 by the resolver layer
+ * onto user-visible `ApplyResultCode` values.
+ */
+export type DeltaTokenError = 'INVALID_TOKEN' | 'EXPIRED_TOKEN';
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH;;;;;;;GAOG;AACH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,CAAC;AAElD;;;;;;;;;GASG;AACH,MAAM,MAAM,UAAU,GAClB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAChC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GACzE;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC;AAE/D;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,UAAU,CAAC;AAExC;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iEAAiE;IACjE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wCAAwC;AACxC,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,cAAc,GAAG,YAAY,CAAC;AAEhE;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAC5B,qBAAqB,GACrB,iBAAiB,GACjB,cAAc,GACd,cAAc,GACd,iBAAiB,CAAC;AAEtB;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,oBAAoB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,SAAS;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,EAAE,eAAe,CAAC;IACxB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,eAAe,CAAC;CAC9B;AAED;;;;GAIG;AACH,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,oBAAoB,GACpB,aAAa,GACb,eAAe,GACf,mBAAmB,GACnB,kBAAkB,GAClB,iBAAiB,GACjB,kBAAkB,CAAC;AAEvB;;;;GAIG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAMD;4DAC4D;AAC5D,MAAM,MAAM,oBAAoB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,oBAAoB,GAAG,IAAI,GAAG,gBAAgB,CAwBzF;AAED;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAChC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAErC,+DAA+D;AAC/D,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,oBAAoB,CAAC;IACtC,MAAM,EAAE,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,SAAS,CAAC;IAC1D,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,kEAAkE;AAClE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,oBAAoB,CAAC;IACtC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,EAAE,IAAI,CAAC;CAChB;AAED,mDAAmD;AACnD,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,mBAAmB,GACnB,gBAAgB,GAChB,sBAAsB,GACtB,oBAAoB,GACpB,yBAAyB,GACzB,oBAAoB,GACpB,sBAAsB,GACtB,2BAA2B,GAC3B,kBAAkB,CAAC;AAEvB,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAOD,4EAA4E;AAC5E,eAAO,MAAM,YAAY,QAAgB,CAAC;AAE1C,uEAAuE;AACvE,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,CAAC,EAAE,CAAC,CAAC;IACL,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,EAAE,cAAc,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,eAAe,GAAG,eAAe,CAAC"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * @memberjunction/lists-base — public type surface.
+ *
+ * These types are isomorphic (no runtime, no Node-only or DOM-only APIs) and
+ * are the single source of truth shared by:
+ *   - `@memberjunction/lists` (server-side operations)
+ *   - `@memberjunction/graphql-dataprovider` (browser client)
+ *   - Angular UI packages
+ *
+ * Naming: PascalCase for public members (per MJ convention).
+ */
+/**
+ * Pure mapping function from a permission level (or `null` for "no access")
+ * to a capability flag set. Stateless, no runtime dependencies — safe to use
+ * in any context.
+ */
+export function CapabilitiesForLevel(level) {
+    if (level === 'Owner') {
+        return {
+            CanRead: true, CanEdit: true, CanRefresh: true,
+            CanShare: true, CanDelete: true, CanRunOperations: true,
+        };
+    }
+    if (level === 'Edit') {
+        return {
+            CanRead: true, CanEdit: true, CanRefresh: true,
+            CanShare: false, CanDelete: false, CanRunOperations: true,
+        };
+    }
+    if (level === 'View') {
+        return {
+            CanRead: true, CanEdit: false, CanRefresh: false,
+            CanShare: false, CanDelete: false, CanRunOperations: false,
+        };
+    }
+    // No access at all — caller should hide the list entirely.
+    return {
+        CanRead: false, CanEdit: false, CanRefresh: false,
+        CanShare: false, CanDelete: false, CanRunOperations: false,
+    };
+}
+// ---------------------------------------------------------------------------
+// Delta token payload — type surface only. The runtime sign/verify lives
+// server-side in @memberjunction/lists.
+// ---------------------------------------------------------------------------
+/** Token validity window — matches the 5-minute requirement in the plan. */
+export const TOKEN_TTL_MS = 5 * 60 * 1000;
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAuMH;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAkC;IACrE,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QACtB,OAAO;YACL,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI;YAC9C,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI;SACxD,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI;YAC9C,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI;SAC1D,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK;YAChD,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK;SAC3D,CAAC;IACJ,CAAC;IACD,2DAA2D;IAC3D,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK;QACjD,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK;KAC3D,CAAC;AACJ,CAAC;AAqED,8EAA8E;AAC9E,yEAAyE;AACzE,wCAAwC;AACxC,8EAA8E;AAE9E,4EAA4E;AAC5E,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC","sourcesContent":["/**\n * @memberjunction/lists-base — public type surface.\n *\n * These types are isomorphic (no runtime, no Node-only or DOM-only APIs) and\n * are the single source of truth shared by:\n * - `@memberjunction/lists` (server-side operations)\n * - `@memberjunction/graphql-dataprovider` (browser client)\n * - Angular UI packages\n *\n * Naming: PascalCase for public members (per MJ convention).\n */\n\n// ---------------------------------------------------------------------------\n// List operations — refresh modes, sources, deltas, set-ops, materialize\n// ---------------------------------------------------------------------------\n\n/**\n * How a refresh operation reconciles a target list against its source.\n *\n * - `Additive`: only adds new members from the source; never removes.\n * - `Sync`: makes the target exactly equal the source — may remove members\n * that are no longer in the source. This is the only refresh mode that can\n * produce drops, and therefore the only one that requires `ConfirmDrops`.\n */\nexport type ListRefreshMode = 'Additive' | 'Sync';\n\n/**\n * Discriminated union identifying any source of records that can feed a list\n * operation. The same shape is exported as `AudienceSource` — they are\n * intentionally identical so the audience picker and the list-operations\n * pipeline share a vocabulary.\n *\n * - `list`: an existing MJ List, resolved via its members.\n * - `view`: a User View, resolved via RunView with optional runtime params.\n * - `adhoc`: an arbitrary entity + filter — no persisted view backing it.\n */\nexport type ListSource =\n | { kind: 'list'; listId: string }\n | { kind: 'view'; viewId: string; runtimeParams?: Record<string, unknown> }\n | { kind: 'adhoc'; entityName: string; extraFilter: string };\n\n/**\n * `AudienceSource` is the same discriminated union as `ListSource` — same\n * `kind` discriminator, same payload shape — but named after its primary\n * downstream consumer (the Communications module). Defining it as a type\n * alias lets the Angular picker, the SendToAudience helper, and any\n * future audience-aware feature share one vocabulary with the list\n * operations stack without forcing them to import a \"list\" type.\n */\nexport type AudienceSource = ListSource;\n\n/**\n * Resolved record set returned by list-source resolution.\n *\n * `RecordIds` are stringified composite-key payloads in the same format used\n * by `MJ: List Detail.RecordID`. For single-column primary keys this is just\n * the ID; for composite keys it is the canonical `Field1|Value1||Field2|…`\n * format.\n *\n * `EntityName` is single-valued — Lists are single-entity by design. If a\n * caller mixes sources of different entities, the operation surfaces an\n * `ENTITY_MISMATCH` warning rather than silently coercing.\n */\nexport interface ResolvedRecordSet {\n EntityName: string;\n RecordIds: string[];\n /** Optional total count when the source is paged or streamed. */\n TotalCount?: number;\n}\n\n/** Discriminator for set-operations. */\nexport type SetOpKind = 'union' | 'intersection' | 'difference';\n\n/**\n * Category of warning surfaced by a delta or set-op preview. Warnings do not\n * block — `ApplyDelta` enforces the hard rules (drop confirmation, stale\n * tokens, permissions). Use warnings to drive UX hints.\n */\nexport type ListDeltaWarningCode =\n | 'WILL_REMOVE_RECORDS'\n | 'ENTITY_MISMATCH'\n | 'EMPTY_SOURCE'\n | 'EMPTY_TARGET'\n | 'LARGE_OPERATION';\n\n/**\n * Single warning attached to a `ListDelta`. `Message` is human-readable;\n * `Code` drives any UI logic that needs to react to a specific class of\n * warning (most importantly `WILL_REMOVE_RECORDS`, which the delta-confirm\n * dialog uses to require explicit acknowledgement).\n */\nexport interface ListDeltaWarning {\n Code: ListDeltaWarningCode;\n Message: string;\n /** Optional structured payload for the UI. */\n Details?: Record<string, unknown>;\n}\n\n/**\n * Aggregate counts on a `ListDelta`. Always present — clients can render\n * \"+N / −M / Unchanged K\" summary tiles without re-counting arrays.\n */\nexport interface ListDeltaCounts {\n Add: number;\n Remove: number;\n Unchanged: number;\n SourceTotal: number;\n TargetTotal: number;\n}\n\n/**\n * Result of a preview call (`ComputeDelta` or `ComputeSetOp`). Never mutates.\n *\n * `DeltaToken` is a server-signed HMAC of `{ targetListId, source signature,\n * mode, timestamp }` with a 5-minute TTL. `ApplyDelta` will reject any token\n * that fails to verify, has expired, or no longer reflects current state\n * (which it detects by re-computing on the server).\n *\n * `TargetListId` is `null` when the operation creates a new list rather than\n * mutating an existing one (e.g. `MaterializeFromView`).\n */\nexport interface ListDelta {\n TargetListId: string | null;\n EntityName: string;\n ToAdd: string[];\n ToRemove: string[];\n Unchanged: string[];\n Counts: ListDeltaCounts;\n Warnings: ListDeltaWarning[];\n DeltaToken: string;\n}\n\n/**\n * Options for `MaterializeFromView` — creates a new list from a view result.\n *\n * `RememberLineage` controls whether the new list captures the source view\n * ID + filter snapshot. With it `false`, the list is a one-shot copy and\n * cannot be refreshed.\n *\n * `UseSnapshot` controls refresh behaviour when lineage is remembered: when\n * `true`, refreshes re-apply the captured filter snapshot; when `false`,\n * refreshes re-read the live view (default).\n */\nexport interface MaterializeOptions {\n ListName: string;\n CategoryId?: string;\n Description?: string;\n RememberLineage: boolean;\n UseSnapshot: boolean;\n RefreshMode: ListRefreshMode;\n}\n\n/**\n * Result codes returned by `ApplyDelta` and the high-level convenience\n * operations. Every non-`SUCCESS` code maps to a user-visible failure mode\n * the UI must handle explicitly.\n */\nexport type ApplyResultCode =\n | 'SUCCESS'\n | 'DROP_NOT_CONFIRMED'\n | 'STALE_DELTA'\n | 'INVALID_TOKEN'\n | 'PERMISSION_DENIED'\n | 'TARGET_NOT_FOUND'\n | 'PARTIAL_SUCCESS'\n | 'UNEXPECTED_ERROR';\n\n/**\n * Outcome of a mutating list operation. `Counts` reports what actually\n * happened (which may differ from the preview if records were concurrently\n * modified — that case surfaces as `STALE_DELTA` rather than silent skew).\n */\nexport interface ApplyResult {\n Success: boolean;\n ResultCode: ApplyResultCode;\n Message: string;\n /** Populated when `MaterializeFromView` (or similar) creates a new list. */\n CreatedListId?: string;\n TargetListId?: string;\n Counts?: { Added: number; Removed: number; Failed: number };\n Errors?: string[];\n}\n\n// ---------------------------------------------------------------------------\n// Sharing — permission levels, capabilities, share targets, results\n// ---------------------------------------------------------------------------\n\n/** Permission level granted to a share recipient. Mirrors the\n * MJResourcePermission `PermissionLevel` field exactly. */\nexport type SharePermissionLevel = 'View' | 'Edit' | 'Owner';\n\n/**\n * Capability flags derived from a permission level. The mapping mirrors\n * the gating rules from mockup 19:\n * - Viewer: hide Add/Remove/Refresh/Edit/Share/Delete/Operations\n * - Editor: hide Delete/Share\n * - Owner: show everything\n * Server-side enforcement remains the source of truth — this is a UX\n * convenience so users don't see buttons they'll be rejected on.\n */\nexport interface ListCapabilities {\n CanRead: boolean;\n CanEdit: boolean;\n CanRefresh: boolean;\n CanShare: boolean;\n CanDelete: boolean;\n CanRunOperations: boolean;\n}\n\n/**\n * Pure mapping function from a permission level (or `null` for \"no access\")\n * to a capability flag set. Stateless, no runtime dependencies — safe to use\n * in any context.\n */\nexport function CapabilitiesForLevel(level: SharePermissionLevel | null): ListCapabilities {\n if (level === 'Owner') {\n return {\n CanRead: true, CanEdit: true, CanRefresh: true,\n CanShare: true, CanDelete: true, CanRunOperations: true,\n };\n }\n if (level === 'Edit') {\n return {\n CanRead: true, CanEdit: true, CanRefresh: true,\n CanShare: false, CanDelete: false, CanRunOperations: true,\n };\n }\n if (level === 'View') {\n return {\n CanRead: true, CanEdit: false, CanRefresh: false,\n CanShare: false, CanDelete: false, CanRunOperations: false,\n };\n }\n // No access at all — caller should hide the list entirely.\n return {\n CanRead: false, CanEdit: false, CanRefresh: false,\n CanShare: false, CanDelete: false, CanRunOperations: false,\n };\n}\n\n/**\n * Target of a direct share: either an MJ user or an MJ role. Discriminated\n * union so the type system enforces exactly one of `userId` / `roleId` is\n * provided (mirrors the `ValidateTypeAndRoleOrUserIDExclusive` rule on\n * `MJResourcePermission`).\n */\nexport type ShareTarget =\n | { kind: 'user'; userId: string }\n | { kind: 'role'; roleId: string };\n\n/** Summary of one share row returned by `GetSharesForList`. */\nexport interface ListShareSummary {\n PermissionID: string;\n ListID: string;\n Target: ShareTarget;\n PermissionLevel: SharePermissionLevel;\n Status: 'Approved' | 'Requested' | 'Rejected' | 'Revoked';\n SharedByUserID: string | null;\n CreatedAt: Date;\n}\n\n/** Summary of one List visible to the current user via shares. */\nexport interface SharedListSummary {\n ListID: string;\n ListName: string;\n PermissionLevel: SharePermissionLevel;\n SharedByUserID: string | null;\n SharedAt: Date;\n}\n\n/** Status codes returned by sharing operations. */\nexport type ShareResultCode =\n | 'SUCCESS'\n | 'INVALID_PARAMETER'\n | 'LIST_NOT_FOUND'\n | 'INVITATION_NOT_FOUND'\n | 'INVITATION_EXPIRED'\n | 'INVITATION_ALREADY_USED'\n | 'INVITATION_REVOKED'\n | 'PERMISSION_NOT_FOUND'\n | 'EMAIL_RECIPIENT_NOT_FOUND'\n | 'UNEXPECTED_ERROR';\n\nexport interface ShareResult {\n Success: boolean;\n ResultCode: ShareResultCode;\n Message: string;\n PermissionID?: string;\n}\n\nexport interface InviteResult {\n Success: boolean;\n ResultCode: ShareResultCode;\n Message: string;\n InvitationID?: string;\n Token?: string;\n ExpiresAt?: Date;\n}\n\nexport interface AcceptInvitationResult {\n Success: boolean;\n ResultCode: ShareResultCode;\n Message: string;\n PermissionID?: string;\n ListID?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Delta token payload — type surface only. The runtime sign/verify lives\n// server-side in @memberjunction/lists.\n// ---------------------------------------------------------------------------\n\n/** Token validity window — matches the 5-minute requirement in the plan. */\nexport const TOKEN_TTL_MS = 5 * 60 * 1000;\n\n/** Mode tag baked into the payload — drives drop-guard enforcement. */\nexport type DeltaTokenMode = 'Additive' | 'Sync' | 'SetOp';\n\n/**\n * Canonical payload shape. Kept tiny + versioned so we can evolve the\n * signing scheme without breaking running clients.\n */\nexport interface DeltaTokenPayload {\n v: 1;\n tid: string | null;\n ssig: string;\n m: DeltaTokenMode;\n iat: number;\n}\n\n/**\n * Reasons a token can fail verification. Mapped 1:1 by the resolver layer\n * onto user-visible `ApplyResultCode` values.\n */\nexport type DeltaTokenError = 'INVALID_TOKEN' | 'EXPIRED_TOKEN';\n"]}

package/package.json CHANGED Viewed

@@ -1,10 +1,28 @@
 {
   "name": "@memberjunction/lists-base",
-  "version": "0.0.1",
-  "description": "OIDC trusted publishing setup package for @memberjunction/lists-base",
-  "keywords": [
-    "oidc",
-    "trusted-publishing",
-    "setup"
-  ]
+  "type": "module",
+  "version": "5.36.0",
+  "description": "MemberJunction: Lists — shared TypeScript type surface used by the server-side @memberjunction/lists package, the GraphQL data provider client, and Angular UI consumers. Pure types/interfaces only; no runtime, isomorphic.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "/dist"
+  ],
+  "scripts": {
+    "build": "tsc && tsc-alias -f",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage"
+  },
+  "author": "MemberJunction.com",
+  "license": "ISC",
+  "devDependencies": {
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "dependencies": {},
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MemberJunction/MJ"
+  }
 }

package/README.md DELETED Viewed

@@ -1,45 +0,0 @@
-# @memberjunction/lists-base
-## ⚠️ IMPORTANT NOTICE ⚠️
-**This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.**
-This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration.
-## Purpose
-This package exists to:
-1. Configure OIDC trusted publishing for the package name `@memberjunction/lists-base`
-2. Enable secure, token-less publishing from CI/CD workflows
-3. Establish provenance for packages published under this name
-## What is OIDC Trusted Publishing?
-OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm.
-## Setup Instructions
-To properly configure OIDC trusted publishing for this package:
-1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings
-2. Configure the trusted publisher (e.g., GitHub Actions)
-3. Specify the repository and workflow that should be allowed to publish
-4. Use the configured workflow to publish your actual package
-## DO NOT USE THIS PACKAGE
-This package is a placeholder for OIDC configuration only. It:
-- Contains no executable code
-- Provides no functionality
-- Should not be installed as a dependency
-- Exists only for administrative purposes
-## More Information
-For more details about npm's trusted publishing feature, see:
-- [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
----
-**Maintained for OIDC setup purposes only**