@memberjunction/server 3.2.0 → 3.3.0

package/src/generic/ResolverBase.ts

@@ -1,4 +1,5 @@
 import {
+  AggregateExpression,
   BaseEntity,
   BaseEntityEvent,
   CompositeKey,
@@ -266,6 +267,11 @@ export class ResolverBase {
 
   async RunViewByNameGeneric(viewInput: RunViewByNameInput, provider: DatabaseProviderBase, userPayload: UserPayload, pubSub: PubSubEngine) {
     try {
+      // Log aggregate input for debugging
+      if (viewInput.Aggregates?.length) {
+        LogStatus(`[ResolverBase] RunViewByNameGeneric received aggregates: viewName=${viewInput.ViewName}, aggregateCount=${viewInput.Aggregates.length}, aggregates=${JSON.stringify(viewInput.Aggregates.map(a => ({ expression: a.expression, alias: a.alias })))}`);
+      }
+
       const rv = provider as any as IRunViewProvider;
       const result = await rv.RunView<UserViewEntityExtended>({
         EntityName: 'User Views',
@@ -290,7 +296,8 @@ export class ResolverBase {
           viewInput.ResultType,
           userPayload,
           viewInput.MaxRows,
-          viewInput.StartRow
+          viewInput.StartRow,
+          viewInput.Aggregates
         );
       }
       else {
@@ -305,6 +312,11 @@ export class ResolverBase {
 
   async RunViewByIDGeneric(viewInput: RunViewByIDInput, provider: DatabaseProviderBase, userPayload: UserPayload, pubSub: PubSubEngine) {
     try {
+      // Log aggregate input for debugging
+      if (viewInput.Aggregates?.length) {
+        LogStatus(`[ResolverBase] RunViewByIDGeneric received aggregates: viewID=${viewInput.ViewID}, aggregateCount=${viewInput.Aggregates.length}, aggregates=${JSON.stringify(viewInput.Aggregates.map(a => ({ expression: a.expression, alias: a.alias })))}`);
+      }
+
       const contextUser = this.GetUserFromPayload(userPayload);
       const viewInfo = await provider.GetEntityObject<UserViewEntityExtended>('User Views', contextUser);
       await viewInfo.Load(viewInput.ViewID);
@@ -325,7 +337,8 @@ export class ResolverBase {
         viewInput.ResultType,
         userPayload,
         viewInput.MaxRows,
-        viewInput.StartRow
+        viewInput.StartRow,
+        viewInput.Aggregates
       );
     } catch (err) {
       console.log(err);
@@ -335,6 +348,11 @@ export class ResolverBase {
 
   async RunDynamicViewGeneric(viewInput: RunDynamicViewInput, provider: DatabaseProviderBase, userPayload: UserPayload, pubSub: PubSubEngine) {
     try {
+      // Log aggregate input for debugging
+      if (viewInput.Aggregates?.length) {
+        LogStatus(`[ResolverBase] RunDynamicViewGeneric received aggregates: entityName=${viewInput.EntityName}, aggregateCount=${viewInput.Aggregates.length}, aggregates=${JSON.stringify(viewInput.Aggregates.map(a => ({ expression: a.expression, alias: a.alias })))}`);
+      }
+
       const md = provider;
       const entity = md.Entities.find((e) => e.Name === viewInput.EntityName);
       if (!entity) throw new Error(`Entity ${viewInput.EntityName} not found in metadata`);
@@ -363,7 +381,8 @@ export class ResolverBase {
         viewInput.ResultType,
         userPayload,
         viewInput.MaxRows,
-        viewInput.StartRow
+        viewInput.StartRow,
+        viewInput.Aggregates
       );
     } catch (err) {
       console.log(err);
@@ -422,7 +441,8 @@ export class ResolverBase {
           forceAuditLog: viewInput.ForceAuditLog,
           auditLogDescription: viewInput.AuditLogDescription,
           resultType: viewInput.ResultType,
-          userPayload, 
+          userPayload,
+          aggregates: viewInput.Aggregates,
         });
       } catch (err) {
         LogError(err);
@@ -524,7 +544,8 @@ export class ResolverBase {
     resultType: string | undefined,
     userPayload: UserPayload | null,
     maxRows: number | undefined,
-    startRow: number | undefined
+    startRow: number | undefined,
+    aggregates?: AggregateExpression[]
   ) {
     try {
       if (!viewInfo || !userPayload) return null;
@@ -559,6 +580,11 @@ export class ResolverBase {
         }
       }
 
+      // Log aggregate request for debugging
+      if (aggregates?.length) {
+        LogStatus(`[ResolverBase] RunViewGenericInternal with aggregates: entityName=${viewInfo.Entity}, viewName=${viewInfo.Name}, aggregateCount=${aggregates.length}, aggregates=${JSON.stringify(aggregates.map(a => ({ expression: a.expression, alias: a.alias })))}`);
+      }
+
       const result = await rv.RunView(
         {
           ViewID: viewInfo.ID,
@@ -578,10 +604,16 @@ export class ResolverBase {
           ForceAuditLog: forceAuditLog,
           AuditLogDescription: auditLogDescription,
           ResultType: rt,
+          Aggregates: aggregates,
         },
         user
       );
 
+      // Log aggregate results for debugging
+      if (aggregates?.length) {
+        LogStatus(`[ResolverBase] RunView result aggregate info: entityName=${viewInfo.Entity}, hasAggregateResults=${!!result?.AggregateResults}, aggregateResultCount=${result?.AggregateResults?.length || 0}, aggregateExecutionTime=${result?.AggregateExecutionTime}, aggregateResults=${JSON.stringify(result?.AggregateResults)}`);
+      }
+
       // Process results for GraphQL transport
       const mapper = new FieldMapper();
       if (result?.Success && result.Results?.length) {
@@ -682,6 +714,7 @@ export class ResolverBase {
           ForceAuditLog: param.forceAuditLog,
           AuditLogDescription: param.auditLogDescription,
           ResultType: rt,
+          Aggregates: param.aggregates,
         });
       }
 

package/src/generic/RunViewResolver.ts

@@ -1,7 +1,7 @@
 import { Arg, Ctx, Field, InputType, Int, ObjectType, PubSubEngine, Query, Resolver } from 'type-graphql';
 import { AppContext } from '../types.js';
 import { ResolverBase } from './ResolverBase.js';
-import { LogError, LogStatus, EntityInfo, RunViewWithCacheCheckResult, RunViewsWithCacheCheckResponse, RunViewWithCacheCheckParams } from '@memberjunction/core';
+import { LogError, LogStatus, EntityInfo, RunViewWithCacheCheckResult, RunViewsWithCacheCheckResponse, RunViewWithCacheCheckParams, AggregateResult } from '@memberjunction/core';
 import { RequireSystemUser } from '../directives/RequireSystemUser.js';
 import { GetReadOnlyProvider } from '../util.js';
 import { UserViewEntityExtended } from '@memberjunction/core-entities';
@@ -15,6 +15,52 @@ import { SQLServerDataProvider } from '@memberjunction/sqlserver-dataprovider';
  * back the results, and have your own type checking in place, this resolver can be used.
  *
  */
+
+//****************************************************************************
+// INPUT/OUTPUT TYPE for Aggregates
+//****************************************************************************
+
+/**
+ * Input type for a single aggregate expression
+ */
+@InputType()
+export class AggregateExpressionInput {
+  @Field(() => String, {
+    description: 'SQL expression for the aggregate (e.g., "SUM(OrderTotal)", "COUNT(*)", "AVG(Price)")'
+  })
+  expression: string;
+
+  @Field(() => String, {
+    nullable: true,
+    description: 'Optional alias for the result (used in error messages and debugging)'
+  })
+  alias?: string;
+}
+
+/**
+ * Output type for a single aggregate result
+ */
+@ObjectType()
+export class AggregateResultOutput {
+  @Field(() => String, { description: 'The expression that was calculated' })
+  expression: string;
+
+  @Field(() => String, { description: 'The alias (or expression if no alias provided)' })
+  alias: string;
+
+  @Field(() => String, {
+    nullable: true,
+    description: 'The calculated value as a JSON string (preserves type information)'
+  })
+  value?: string;
+
+  @Field(() => String, {
+    nullable: true,
+    description: 'Error message if calculation failed'
+  })
+  error?: string;
+}
+
 //****************************************************************************
 // INPUT TYPE for Running Views
 //****************************************************************************
@@ -111,6 +157,12 @@ export class RunViewByIDInput {
     description: 'If a value > 0 is provided, this value will be used to offset the rows returned.',
   })
   StartRow?: number;
+
+  @Field(() => [AggregateExpressionInput], {
+    nullable: true,
+    description: 'Optional aggregate expressions to calculate on the full result set (e.g., SUM, COUNT, AVG). Results are returned in AggregateResults.',
+  })
+  Aggregates?: AggregateExpressionInput[];
 }
 
 @InputType()
@@ -206,6 +258,12 @@ export class RunViewByNameInput {
     description: 'If a value > 0 is provided, this value will be used to offset the rows returned.',
   })
   StartRow?: number;
+
+  @Field(() => [AggregateExpressionInput], {
+    nullable: true,
+    description: 'Optional aggregate expressions to calculate on the full result set (e.g., SUM, COUNT, AVG). Results are returned in AggregateResults.',
+  })
+  Aggregates?: AggregateExpressionInput[];
 }
 
 @InputType()
@@ -287,6 +345,12 @@ export class RunDynamicViewInput {
     description: 'If a value > 0 is provided, this value will be used to offset the rows returned.',
   })
   StartRow?: number;
+
+  @Field(() => [AggregateExpressionInput], {
+    nullable: true,
+    description: 'Optional aggregate expressions to calculate on the full result set (e.g., SUM, COUNT, AVG). Results are returned in AggregateResults.',
+  })
+  Aggregates?: AggregateExpressionInput[];
 }
 
 @InputType()
@@ -382,6 +446,12 @@ export class RunViewGenericInput {
     description: 'If a value > 0 is provided, this value will be used to offset the rows returned.',
   })
   StartRow?: number;
+
+  @Field(() => [AggregateExpressionInput], {
+    nullable: true,
+    description: 'Optional aggregate expressions to calculate on the full result set (e.g., SUM, COUNT, AVG). Results are returned in AggregateResults.',
+  })
+  Aggregates?: AggregateExpressionInput[];
 }
 
 //****************************************************************************
@@ -518,6 +588,18 @@ export class RunViewResult {
 
   @Field(() => Boolean, { nullable: false })
   Success: boolean;
+
+  @Field(() => [AggregateResultOutput], {
+    nullable: true,
+    description: 'Results of aggregate calculations, in same order as input Aggregates array. Only present if Aggregates were requested.'
+  })
+  AggregateResults?: AggregateResultOutput[];
+
+  @Field(() => Int, {
+    nullable: true,
+    description: 'Execution time for aggregate query specifically (in milliseconds). Only present if Aggregates were requested.'
+  })
+  AggregateExecutionTime?: number;
 }
 
 @ObjectType()
@@ -542,6 +624,18 @@ export class RunViewGenericResult {
 
   @Field(() => Boolean, { nullable: false })
   Success: boolean;
+
+  @Field(() => [AggregateResultOutput], {
+    nullable: true,
+    description: 'Results of aggregate calculations, in same order as input Aggregates array. Only present if Aggregates were requested.'
+  })
+  AggregateResults?: AggregateResultOutput[];
+
+  @Field(() => Int, {
+    nullable: true,
+    description: 'Execution time for aggregate query specifically (in milliseconds). Only present if Aggregates were requested.'
+  })
+  AggregateExecutionTime?: number;
 }
 
 @Resolver(RunViewResultRow)
@@ -567,6 +661,9 @@ export class RunViewResolver extends ResolverBase {
         RowCount: rawData?.RowCount,
         TotalRowCount: rawData?.TotalRowCount,
         ExecutionTime: rawData?.ExecutionTime,
+        Success: rawData?.Success,
+        AggregateResults: this.processAggregateResults(rawData?.AggregateResults),
+        AggregateExecutionTime: rawData?.AggregateExecutionTime,
       };
     } catch (err) {
       console.log(err);
@@ -595,6 +692,9 @@ export class RunViewResolver extends ResolverBase {
         RowCount: rawData?.RowCount,
         TotalRowCount: rawData?.TotalRowCount,
         ExecutionTime: rawData?.ExecutionTime,
+        Success: rawData?.Success,
+        AggregateResults: this.processAggregateResults(rawData?.AggregateResults),
+        AggregateExecutionTime: rawData?.AggregateExecutionTime,
       };
     } catch (err) {
       console.log(err);
@@ -621,6 +721,9 @@ export class RunViewResolver extends ResolverBase {
         RowCount: rawData?.RowCount,
         TotalRowCount: rawData?.TotalRowCount,
         ExecutionTime: rawData?.ExecutionTime,
+        Success: rawData?.Success,
+        AggregateResults: this.processAggregateResults(rawData?.AggregateResults),
+        AggregateExecutionTime: rawData?.AggregateExecutionTime,
       };
     } catch (err) {
       console.log(err);
@@ -636,7 +739,8 @@ export class RunViewResolver extends ResolverBase {
   ) {
     try {
       const provider = GetReadOnlyProvider(providers, { allowFallbackToReadWrite: true });
-      const rawData: RunViewGenericResult[] = await super.RunViewsGeneric(input, provider, userPayload);
+      // Note: RunViewsGeneric returns the core RunViewResult type, not the GraphQL type
+      const rawData = await super.RunViewsGeneric(input, provider, userPayload);
       if (!rawData) {
         return null;
       }
@@ -653,6 +757,8 @@ export class RunViewResolver extends ResolverBase {
           TotalRowCount: data?.TotalRowCount,
           ExecutionTime: data?.ExecutionTime,
           Success: data?.Success,
+          AggregateResults: this.processAggregateResults(data?.AggregateResults),
+          AggregateExecutionTime: data?.AggregateExecutionTime,
         });
       }
 
@@ -824,7 +930,7 @@ export class RunViewResolver extends ResolverBase {
   ) {
     try {
       const provider = GetReadOnlyProvider(providers, { allowFallbackToReadWrite: true });
-      const rawData: RunViewGenericResult[] = await super.RunViewsGeneric(input, provider, userPayload);
+      const rawData = await super.RunViewsGeneric(input, provider, userPayload);
       if (!rawData) {
         return null;
       }
@@ -846,6 +952,8 @@ export class RunViewResolver extends ResolverBase {
           ExecutionTime: data?.ExecutionTime,
           Success: data?.Success,
           ErrorMessage: data?.ErrorMessage,
+          AggregateResults: this.processAggregateResults(data?.AggregateResults),
+          AggregateExecutionTime: data?.AggregateExecutionTime,
         });
       }
 
@@ -979,13 +1087,13 @@ export class RunViewResolver extends ResolverBase {
     const returnResult = [];
     for (let i = 0; i < rawData.length; i++) {
       const row = rawData[i];
-      
+
       // Build the primary key array from the entity's primary key fields
       const primaryKey: KeyValuePairOutputType[] = entityInfo.PrimaryKeys.map(pk => ({
         FieldName: pk.Name,
         Value: row[pk.Name]?.toString() || ''
       }));
-      
+
       returnResult.push({
         PrimaryKey: primaryKey,
         EntityID: entityId,
@@ -994,4 +1102,23 @@ export class RunViewResolver extends ResolverBase {
     }
     return returnResult;
   }
+
+  /**
+   * Transform core AggregateResult[] to GraphQL AggregateResultOutput[].
+   * Converts the value to a JSON string to preserve type information across GraphQL.
+   */
+  protected processAggregateResults(aggregateResults: AggregateResult[] | undefined): AggregateResultOutput[] | undefined {
+    if (!aggregateResults || aggregateResults.length === 0) {
+      return undefined;
+    }
+
+    return aggregateResults.map(result => ({
+      expression: result.expression,
+      alias: result.alias,
+      value: result.value !== null && result.value !== undefined
+        ? JSON.stringify(result.value)
+        : undefined,
+      error: result.error
+    }));
+  }
 }

package/src/index.ts

@@ -82,6 +82,7 @@ export * from './directives/index.js';
 export * from './entitySubclasses/entityPermissions.server.js';
 export * from './types.js';
 export { TokenExpiredError, getSystemUser } from './auth/index.js';
+export * from './auth/APIKeyScopeAuth.js';
 
 export * from './generic/PushStatusResolver.js';
 export * from './generic/ResolverBase.js';
@@ -113,6 +114,7 @@ export * from './resolvers/GetDataContextDataResolver.js';
 export * from './resolvers/TransactionGroupResolver.js';
 export * from './resolvers/CreateQueryResolver.js';
 export * from './resolvers/TelemetryResolver.js';
+export * from './resolvers/APIKeyResolver.js';
 export { GetReadOnlyDataSource, GetReadWriteDataSource, GetReadWriteProvider, GetReadOnlyProvider } from './util.js';
 
 export * from './generated/generated.js';

package/src/resolvers/APIKeyResolver.ts

@@ -0,0 +1,234 @@
+import { Resolver, Mutation, Arg, Ctx } from "type-graphql";
+import { Field, InputType, ObjectType } from "type-graphql";
+import { LogError, Metadata } from "@memberjunction/core";
+import { APIKeyScopeEntity } from "@memberjunction/core-entities";
+import { GetAPIKeyEngine } from "@memberjunction/api-keys";
+import { AppContext } from "../types.js";
+
+/**
+ * Input type for creating a new API key
+ */
+@InputType()
+export class CreateAPIKeyInput {
+    /**
+     * Human-readable label for the API key
+     */
+    @Field()
+    Label: string;
+
+    /**
+     * Optional description of what the key is used for
+     */
+    @Field(() => String, { nullable: true })
+    Description?: string;
+
+    /**
+     * Optional expiration date for the key
+     */
+    @Field(() => Date, { nullable: true })
+    ExpiresAt?: Date;
+
+    /**
+     * Optional array of scope IDs to assign to this key
+     */
+    @Field(() => [String], { nullable: true })
+    ScopeIDs?: string[];
+}
+
+/**
+ * Result type for API key creation
+ * Returns the raw key ONCE - it cannot be recovered after this
+ */
+@ObjectType()
+export class CreateAPIKeyResult {
+    /**
+     * Whether the key was created successfully
+     */
+    @Field()
+    Success: boolean;
+
+    /**
+     * The raw API key - show this to the user ONCE
+     * This cannot be recovered after the initial response
+     */
+    @Field(() => String, { nullable: true })
+    RawKey?: string;
+
+    /**
+     * The database ID of the created API key
+     */
+    @Field(() => String, { nullable: true })
+    APIKeyID?: string;
+
+    /**
+     * Error message if creation failed
+     */
+    @Field(() => String, { nullable: true })
+    Error?: string;
+}
+
+/**
+ * Result type for API key revocation
+ */
+@ObjectType()
+export class RevokeAPIKeyResult {
+    /**
+     * Whether the key was revoked successfully
+     */
+    @Field()
+    Success: boolean;
+
+    /**
+     * Error message if revocation failed
+     */
+    @Field(() => String, { nullable: true })
+    Error?: string;
+}
+
+/**
+ * Resolver for API key operations
+ * Handles secure server-side API key generation
+ */
+@Resolver()
+export class APIKeyResolver {
+    /**
+     * Creates a new API key with proper server-side cryptographic hashing.
+     *
+     * This mutation:
+     * 1. Generates a cryptographically secure API key using APIKeyEngine
+     * 2. Stores only the SHA-256 hash in the database (never the raw key)
+     * 3. Returns the raw key ONCE - it cannot be recovered after this call
+     * 4. Optionally assigns scope permissions to the key
+     *
+     * @param input The creation parameters
+     * @param ctx The GraphQL context with authenticated user
+     * @returns The raw key (show once!) and database ID
+     */
+    @Mutation(() => CreateAPIKeyResult)
+    async CreateAPIKey(
+        @Arg("input") input: CreateAPIKeyInput,
+        @Ctx() ctx: AppContext
+    ): Promise<CreateAPIKeyResult> {
+        try {
+            // Get the authenticated user
+            const user = ctx.userPayload.userRecord;
+            if (!user) {
+                return {
+                    Success: false,
+                    Error: "User is not authenticated"
+                };
+            }
+
+            // Use APIKeyEngine to create the API key with proper server-side crypto
+            const apiKeyEngine = GetAPIKeyEngine();
+            const result = await apiKeyEngine.CreateAPIKey(
+                {
+                    UserId: user.ID,
+                    Label: input.Label,
+                    Description: input.Description,
+                    ExpiresAt: input.ExpiresAt
+                },
+                user
+            );
+
+            if (!result.Success) {
+                return {
+                    Success: false,
+                    Error: result.Error || "Failed to create API key"
+                };
+            }
+
+            // Save scope associations if provided
+            if (input.ScopeIDs && input.ScopeIDs.length > 0 && result.APIKeyId) {
+                await this.saveScopeAssociations(result.APIKeyId, input.ScopeIDs, user);
+            }
+
+            return {
+                Success: true,
+                RawKey: result.RawKey,
+                APIKeyID: result.APIKeyId
+            };
+        } catch (e) {
+            const error = e as Error;
+            LogError(`Error in CreateAPIKey resolver: ${error.message}`);
+            return {
+                Success: false,
+                Error: `Error creating API key: ${error.message}`
+            };
+        }
+    }
+
+    /**
+     * Revokes an API key, permanently disabling it.
+     *
+     * Once revoked, an API key cannot be reactivated. Users must create a new key.
+     * This uses APIKeyEngine.RevokeAPIKey() for consistency.
+     *
+     * @param apiKeyId The database ID of the API key to revoke
+     * @param ctx The GraphQL context with authenticated user
+     * @returns Success status
+     */
+    @Mutation(() => RevokeAPIKeyResult)
+    async RevokeAPIKey(
+        @Arg("apiKeyId") apiKeyId: string,
+        @Ctx() ctx: AppContext
+    ): Promise<RevokeAPIKeyResult> {
+        try {
+            const user = ctx.userPayload.userRecord;
+            if (!user) {
+                return {
+                    Success: false,
+                    Error: "User is not authenticated"
+                };
+            }
+
+            const apiKeyEngine = GetAPIKeyEngine();
+            const result = await apiKeyEngine.RevokeAPIKey(apiKeyId, user);
+
+            if (result) {
+                return { Success: true };
+            } else {
+                return {
+                    Success: false,
+                    Error: "Failed to revoke API key. It may not exist or you may not have permission."
+                };
+            }
+        } catch (e) {
+            const error = e as Error;
+            LogError(`Error in RevokeAPIKey resolver: ${error.message}`);
+            return {
+                Success: false,
+                Error: `Error revoking API key: ${error.message}`
+            };
+        }
+    }
+
+    /**
+     * Saves scope associations for the newly created API key
+     * @param apiKeyId The ID of the created API key
+     * @param scopeIds Array of scope IDs to associate
+     * @param user The context user
+     */
+    private async saveScopeAssociations(
+        apiKeyId: string,
+        scopeIds: string[],
+        user: any
+    ): Promise<void> {
+        const md = new Metadata();
+
+        for (const scopeId of scopeIds) {
+            try {
+                const keyScope = await md.GetEntityObject<APIKeyScopeEntity>(
+                    'MJ: API Key Scopes',
+                    user
+                );
+                keyScope.APIKeyID = apiKeyId;
+                keyScope.ScopeID = scopeId;
+                await keyScope.Save();
+            } catch (error) {
+                LogError(`Error saving scope association for API key ${apiKeyId}, scope ${scopeId}: ${error}`);
+                // Continue with other scopes even if one fails
+            }
+        }
+    }
+}

package/src/resolvers/RunAIAgentResolver.ts

@@ -896,7 +896,7 @@ export class RunAIAgentResolver extends ResolverBase {
     private mapDetailRoleToMessageRole(role: string): 'user' | 'assistant' | 'system' {
         const roleLower = (role || '').toLowerCase();
         if (roleLower === 'user') return 'user';
-        if (roleLower === 'assistant' || roleLower === 'agent') return 'assistant';
+        if (roleLower === 'assistant' || roleLower === 'agent' || roleLower === 'ai') return 'assistant';
         if (roleLower === 'system') return 'system';
         return 'user'; // Default to user
     }

package/src/resolvers/UserResolver.ts

@@ -6,8 +6,44 @@ import { GetReadOnlyProvider } from '../util.js';
 export class UserResolver extends MJUserResolverBase {
   @Query(() => MJUser_)
   async CurrentUser(@Ctx() context: AppContext) {
+    // If userRecord is already available (e.g., from API key auth or system auth),
+    // use it directly instead of looking up by email again
+    if (context.userPayload.userRecord) {
+      // Convert UserInfo to the GraphQL response format
+      const userRecord = context.userPayload.userRecord;
+      const userData = {
+        ID: userRecord.ID,
+        Name: userRecord.Name,
+        FirstName: userRecord.FirstName,
+        LastName: userRecord.LastName,
+        Title: userRecord.Title,
+        Email: userRecord.Email,
+        Type: userRecord.Type,
+        IsActive: userRecord.IsActive,
+        LinkedRecordType: userRecord.LinkedRecordType,
+        EmployeeID: userRecord.EmployeeID,
+        LinkedEntityID: userRecord.LinkedEntityID,
+        LinkedEntityRecordID: userRecord.LinkedEntityRecordID,
+        __mj_CreatedAt: userRecord.__mj_CreatedAt,
+        __mj_UpdatedAt: userRecord.__mj_UpdatedAt,
+        // Include the UserRoles sub-array for the GraphQL response
+        UserRoles_UserIDArray: userRecord.UserRoles?.map((r: { ID: string; UserID: string; RoleID: string; RoleName?: string; __mj_CreatedAt?: Date; __mj_UpdatedAt?: Date }) => ({
+          ID: r.ID,
+          UserID: r.UserID,
+          RoleID: r.RoleID,
+          User: userRecord.Name,
+          Role: r.RoleName,
+          __mj_CreatedAt: r.__mj_CreatedAt,
+          __mj_UpdatedAt: r.__mj_UpdatedAt,
+        })) || [],
+      };
+      console.log('CurrentUser (from userRecord)', userData.Email);
+      return this.MapFieldNamesToCodeNames('Users', userData);
+    }
+
+    // Fall back to email lookup for JWT-based auth
     const result = await this.UserByEmail(context.userPayload.email, context);
-    console.log('CurrentUser', result);
+    console.log('CurrentUser (from email lookup)', result?.Email);
     return result;
   }