@nauth-toolkit/core 0.1.87 → 0.1.88

package/dist/dto/admin-revoke-session.dto.d.ts

@@ -0,0 +1,22 @@
+/**
+ * DTO for revoking a specific user session (admin-only)
+ *
+ * @example
+ * ```typescript
+ * const dto = new AdminRevokeSessionDTO();
+ * dto.sub = 'user-uuid-123';
+ * dto.sessionId = '456';
+ * await adminAuthService.revokeUserSession(dto);
+ * ```
+ */
+export declare class AdminRevokeSessionDTO {
+    /**
+     * User sub (UUID) - must match the session owner
+     */
+    sub: string;
+    /**
+     * Session ID to revoke
+     */
+    sessionId: string;
+}
+//# sourceMappingURL=admin-revoke-session.dto.d.ts.map

package/dist/dto/admin-revoke-session.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-revoke-session.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-revoke-session.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,qBAAa,qBAAqB;IAChC;;OAEG;IAIH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAGH,SAAS,EAAG,MAAM,CAAC;CACpB"}

package/dist/dto/admin-revoke-session.dto.js

@@ -0,0 +1,48 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminRevokeSessionDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+/**
+ * DTO for revoking a specific user session (admin-only)
+ *
+ * @example
+ * ```typescript
+ * const dto = new AdminRevokeSessionDTO();
+ * dto.sub = 'user-uuid-123';
+ * dto.sessionId = '456';
+ * await adminAuthService.revokeUserSession(dto);
+ * ```
+ */
+class AdminRevokeSessionDTO {
+    /**
+     * User sub (UUID) - must match the session owner
+     */
+    sub;
+    /**
+     * Session ID to revoke
+     */
+    sessionId;
+}
+exports.AdminRevokeSessionDTO = AdminRevokeSessionDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4'),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_transformer_1.Transform)(({ value }) => value?.trim().toLowerCase()),
+    __metadata("design:type", String)
+], AdminRevokeSessionDTO.prototype, "sub", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], AdminRevokeSessionDTO.prototype, "sessionId", void 0);
+//# sourceMappingURL=admin-revoke-session.dto.js.map

package/dist/dto/admin-revoke-session.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-revoke-session.dto.js","sourceRoot":"","sources":["../../src/dto/admin-revoke-session.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA+D;AAC/D,yDAA8C;AAE9C;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAChC;;OAEG;IAIH,GAAG,CAAU;IAEb;;OAEG;IAGH,SAAS,CAAU;CACpB;AAfD,sDAeC;AARC;IAHC,IAAA,wBAAM,EAAC,GAAG,CAAC;IACX,IAAA,4BAAU,GAAE;IACZ,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;;kDACzC;AAOb;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;wDACM"}

package/dist/dto/admin-set-password.dto.d.ts

@@ -2,18 +2,18 @@
  * Admin Set Password Request DTO
  *
  * Request DTO for admin-initiated password reset.
- * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ * Allows resetting a user's password by sub (UUID).
  *
  * Security:
  * - Admin-only operation (should be protected by admin guard)
- * - User identifier validated
+ * - User sub validated
  * - Password policy enforced
  * - Session revocation configurable
  *
  * @example
  * ```typescript
  * await authService.adminSetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   newPassword: 'NewSecurePassword123!',
  *   mustChangePassword: true,
  *   revokeSessions: true
@@ -25,20 +25,18 @@
  */
 export declare class AdminSetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier: string;
+    sub: string;
     /**
      * New password
      *

package/dist/dto/admin-set-password.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,EAAG,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;;;OAWG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;;;;;;;;;;;OAYG;IAKH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,MAAM,CAAC;CAC1B"}

package/dist/dto/admin-set-password.dto.js

@@ -3,18 +3,18 @@
  * Admin Set Password Request DTO
  *
  * Request DTO for admin-initiated password reset.
- * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ * Allows resetting a user's password by sub (UUID).
  *
  * Security:
  * - Admin-only operation (should be protected by admin guard)
- * - User identifier validated
+ * - User sub validated
  * - Password policy enforced
  * - Session revocation configurable
  *
  * @example
  * ```typescript
  * await authService.adminSetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   newPassword: 'NewSecurePassword123!',
  *   mustChangePassword: true,
  *   revokeSessions: true
@@ -39,20 +39,18 @@ const class_transformer_1 = require("class-transformer");
  */
 class AdminSetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier;
+    sub;
     /**
      * New password
      *
@@ -86,23 +84,15 @@ class AdminSetPasswordDTO {
 }
 exports.AdminSetPasswordDTO = AdminSetPasswordDTO;
 __decorate([
-    (0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
-    (0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
-    (0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
-    (0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
-            const trimmed = value.trim();
-            // If it contains @, treat as email and lowercase
-            if (trimmed.includes('@')) {
-                return trimmed.toLowerCase();
-            }
-            return trimmed;
+            return value.trim().toLowerCase();
         }
         return value;
     }),
     __metadata("design:type", String)
-], AdminSetPasswordDTO.prototype, "identifier", void 0);
+], AdminSetPasswordDTO.prototype, "sub", void 0);
 __decorate([
     (0, class_validator_1.IsString)({ message: 'New password must be a string' }),
     (0, class_validator_1.IsNotEmpty)({ message: 'New password is required' }),

package/dist/dto/admin-set-password.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;AAEH,qDAAoG;AACpG,yDAA8C;AAE9C;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAW;CAC1B;AAxED,kDAwEC;AA1CC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACkB;AAmBpB;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAG3B;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}
+{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;AAEH,qDAA4G;AAC5G,yDAA8C;AAE9C;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;;;OAWG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;;;;OAYG;IAKH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAW;CAC1B;AA9DD,kDA8DC;AA1CC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gDACW;AAmBb;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAG3B;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}

package/dist/dto/admin-set-preferred-method.dto.d.ts

@@ -0,0 +1,25 @@
+import { SetPreferredMethodDTO, SetPreferredMethodResponseDTO } from './set-preferred-method.dto';
+/**
+ * Admin DTO for setting preferred MFA method for a specific user
+ *
+ * Admin APIs must explicitly target a user via `sub`.
+ * This DTO mirrors {@link SetPreferredMethodDTO} but adds `sub`.
+ *
+ * @example
+ * ```typescript
+ * const result = await mfaService.adminSetPreferredMethod({
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
+ *   methodType: 'sms',
+ * });
+ * ```
+ */
+export declare class AdminSetPreferredMethodDTO extends SetPreferredMethodDTO {
+    /**
+     * Target user's unique identifier (UUID v4)
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub: string;
+}
+export { SetPreferredMethodResponseDTO };
+//# sourceMappingURL=admin-set-preferred-method.dto.d.ts.map

package/dist/dto/admin-set-preferred-method.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-set-preferred-method.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-preferred-method.dto.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,4BAA4B,CAAC;AAElG;;;;;;;;;;;;;GAaG;AACH,qBAAa,0BAA2B,SAAQ,qBAAqB;IACnE;;;;OAIG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd;AAED,OAAO,EAAE,6BAA6B,EAAE,CAAC"}

package/dist/dto/admin-set-preferred-method.dto.js

@@ -0,0 +1,50 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SetPreferredMethodResponseDTO = exports.AdminSetPreferredMethodDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+const set_preferred_method_dto_1 = require("./set-preferred-method.dto");
+Object.defineProperty(exports, "SetPreferredMethodResponseDTO", { enumerable: true, get: function () { return set_preferred_method_dto_1.SetPreferredMethodResponseDTO; } });
+/**
+ * Admin DTO for setting preferred MFA method for a specific user
+ *
+ * Admin APIs must explicitly target a user via `sub`.
+ * This DTO mirrors {@link SetPreferredMethodDTO} but adds `sub`.
+ *
+ * @example
+ * ```typescript
+ * const result = await mfaService.adminSetPreferredMethod({
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
+ *   methodType: 'sms',
+ * });
+ * ```
+ */
+class AdminSetPreferredMethodDTO extends set_preferred_method_dto_1.SetPreferredMethodDTO {
+    /**
+     * Target user's unique identifier (UUID v4)
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub;
+}
+exports.AdminSetPreferredMethodDTO = AdminSetPreferredMethodDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSetPreferredMethodDTO.prototype, "sub", void 0);
+//# sourceMappingURL=admin-set-preferred-method.dto.js.map

package/dist/dto/admin-set-preferred-method.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-set-preferred-method.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-preferred-method.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAyC;AACzC,yDAA8C;AAC9C,yEAAkG;AAgCzF,8GAhCuB,wDAA6B,OAgCvB;AA9BtC;;;;;;;;;;;;;GAaG;AACH,MAAa,0BAA2B,SAAQ,gDAAqB;IACnE;;;;OAIG;IAQH,GAAG,CAAU;CACd;AAdD,gEAcC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACW"}

package/dist/dto/admin-update-user-attributes.dto.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Admin Update User Attributes DTO
+ *
+ * Request DTO for administrators to update a user's profile information.
+ *
+ * Security:
+ * - Requires target user sub (UUID)
+ * - All fields validated according to UserUpdateDTO rules
+ * - Uniqueness constraints enforced
+ *
+ * @example
+ * ```typescript
+ * const result = await adminAuthService.updateUserAttributes({
+ *   sub: 'user-uuid',
+ *   username: 'newusername',
+ *   firstName: 'John',
+ *   lastName: 'Doe',
+ * });
+ * ```
+ */
+import { UserUpdateDTO } from './user-update.dto';
+/**
+ * Request DTO for admin updating user attributes (includes sub)
+ */
+export declare class AdminUpdateUserAttributesDTO extends UserUpdateDTO {
+    /**
+     * User's unique identifier (UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub: string;
+}
+//# sourceMappingURL=admin-update-user-attributes.dto.d.ts.map

package/dist/dto/admin-update-user-attributes.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-update-user-attributes.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-update-user-attributes.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,qBAAa,4BAA6B,SAAQ,aAAa;IAC7D;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd"}

package/dist/dto/{update-user-attributes-request.dto.js → admin-update-user-attributes.dto.js}

@@ -1,21 +1,21 @@
 "use strict";
 /**
- * Update User Attributes Request DTO
+ * Admin Update User Attributes DTO
  *
- * Request DTO for updating user profile information (includes user sub).
+ * Request DTO for administrators to update a user's profile information.
  *
  * Security:
- * - User sub validated (UUID)
+ * - Requires target user sub (UUID)
  * - All fields validated according to UserUpdateDTO rules
  * - Uniqueness constraints enforced
  *
  * @example
  * ```typescript
- * const result = await authService.updateUserAttributes({
+ * const result = await adminAuthService.updateUserAttributes({
  *   sub: 'user-uuid',
  *   username: 'newusername',
  *   firstName: 'John',
- *   lastName: 'Doe'
+ *   lastName: 'Doe',
  * });
  * ```
  */
@@ -29,22 +29,19 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UpdateUserAttributesRequestDTO = void 0;
+exports.AdminUpdateUserAttributesDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
 const user_update_dto_1 = require("./user-update.dto");
 /**
- * Request DTO for updating user attributes (includes user sub)
+ * Request DTO for admin updating user attributes (includes sub)
  */
-class UpdateUserAttributesRequestDTO extends user_update_dto_1.UserUpdateDTO {
+class AdminUpdateUserAttributesDTO extends user_update_dto_1.UserUpdateDTO {
     /**
      * User's unique identifier (UUID v4)
      *
-     * Optional at controller level - filled from authenticated user's JWT.
-     * Validated only when provided (service layer will ensure it's set).
-     *
      * Validation:
-     * - Must be a valid UUID v4 format when provided
+     * - Must be a valid UUID v4 format
      * - Matches DB constraint: char(36) or uuid
      *
      * Sanitization:
@@ -55,9 +52,8 @@ class UpdateUserAttributesRequestDTO extends user_update_dto_1.UserUpdateDTO {
      */
     sub;
 }
-exports.UpdateUserAttributesRequestDTO = UpdateUserAttributesRequestDTO;
+exports.AdminUpdateUserAttributesDTO = AdminUpdateUserAttributesDTO;
 __decorate([
-    (0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
     (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
@@ -65,7 +61,6 @@ __decorate([
         }
         return value;
     }),
-    (0, class_validator_1.IsOptional)(),
     __metadata("design:type", String)
-], UpdateUserAttributesRequestDTO.prototype, "sub", void 0);
-//# sourceMappingURL=update-user-attributes-request.dto.js.map
+], AdminUpdateUserAttributesDTO.prototype, "sub", void 0);
+//# sourceMappingURL=admin-update-user-attributes.dto.js.map

package/dist/dto/admin-update-user-attributes.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-update-user-attributes.dto.js","sourceRoot":"","sources":["../../src/dto/admin-update-user-attributes.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;AAEH,qDAAyC;AACzC,yDAA8C;AAC9C,uDAAkD;AAElD;;GAEG;AACH,MAAa,4BAA6B,SAAQ,+BAAa;IAC7D;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;CACd;AAtBD,oEAsBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACW"}

package/dist/dto/auth-challenge.dto.d.ts

@@ -63,7 +63,7 @@ export declare enum AuthChallenge {
  *     email: 'user@example.com',
  *     codeDeliveryDestination: 'u***@example.com'
  *   },
- *   userSub: 'a21b654c-2746-4168-acee-c175083a65cd'
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd'
  * }
  * ```
  */
@@ -119,7 +119,7 @@ export declare class AuthChallengeResponseDTO {
      *
      * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    userSub: string;
+    sub: string;
 }
 /**
  * Challenge Completion Request DTO

package/dist/dto/auth-challenge.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-challenge.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;GAgBG;AACH,oBAAY,aAAa;IACvB;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,kBAAkB,uBAAuB;IAEzC;;;;OAIG;IACH,qBAAqB,0BAA0B;CAChD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;OASG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;OASG;IAQH,OAAO,EAAG,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C"}
+{"version":3,"file":"auth-challenge.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;GAgBG;AACH,oBAAY,aAAa;IACvB;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;OAGG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,YAAY,iBAAiB;IAE7B;;;;OAIG;IACH,kBAAkB,uBAAuB;IAEzC;;;;OAIG;IACH,qBAAqB,0BAA0B;CAChD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;OASG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;OASG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;;OAKG;IAIH,aAAa,EAAG,aAAa,CAAC;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C"}

package/dist/dto/auth-challenge.dto.js

@@ -78,7 +78,7 @@ var AuthChallenge;
  *     email: 'user@example.com',
  *     codeDeliveryDestination: 'u***@example.com'
  *   },
- *   userSub: 'a21b654c-2746-4168-acee-c175083a65cd'
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd'
  * }
  * ```
  */
@@ -134,7 +134,7 @@ class AuthChallengeResponseDTO {
      *
      * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    userSub;
+    sub;
 }
 exports.AuthChallengeResponseDTO = AuthChallengeResponseDTO;
 __decorate([
@@ -166,7 +166,7 @@ __decorate([
         return value;
     }),
     __metadata("design:type", String)
-], AuthChallengeResponseDTO.prototype, "userSub", void 0);
+], AuthChallengeResponseDTO.prototype, "sub", void 0);
 /**
  * Challenge Completion Request DTO
  *

package/dist/dto/auth-challenge.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-challenge.dto.js","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA2D;AAC3D,yDAA8C;AAE9C;;;;;;;;;;;;;;;;GAgBG;AACH,IAAY,aAiCX;AAjCD,WAAY,aAAa;IACvB;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,0DAAyC,CAAA;IAEzC;;;;OAIG;IACH,gEAA+C,CAAA;AACjD,CAAC,EAjCW,aAAa,6BAAb,aAAa,QAiCxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;OASG;IAQH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,CAA2B;IAE9C;;;;;;;;;OASG;IAQH,OAAO,CAAU;CAClB;AA1ED,4DA0EC;AAhEC;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;+DAC4B;AAmB9B;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAyBjB;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;qEAClB;AAmB9C;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAGnB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,CAAU;IAEjB;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,CAA2B;CAC9C;AApDD,kEAoDC;AA/BC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4DACe;AAWjB;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;kEAC4B;AAmB9B;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;;uEAClB"}
+{"version":3,"file":"auth-challenge.dto.js","sourceRoot":"","sources":["../../src/dto/auth-challenge.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA2D;AAC3D,yDAA8C;AAE9C;;;;;;;;;;;;;;;;GAgBG;AACH,IAAY,aAiCX;AAjCD,WAAY,aAAa;IACvB;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;OAGG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,8CAA6B,CAAA;IAE7B;;;;OAIG;IACH,0DAAyC,CAAA;IAEzC;;;;OAIG;IACH,gEAA+C,CAAA;AACjD,CAAC,EAjCW,aAAa,6BAAb,aAAa,QAiCxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,wBAAwB;IACnC;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;OASG;IAQH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;;;;;OAqBG;IAEH,mBAAmB,CAA2B;IAE9C;;;;;;;;;OASG;IAQH,GAAG,CAAU;CACd;AA1ED,4DA0EC;AAhEC;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;+DAC4B;AAmB9B;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACe;AAyBjB;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;qEAClB;AAmB9C;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACW;AAGf;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,2BAA2B;IACtC;;;;;;;;;;;;OAYG;IAQH,OAAO,CAAU;IAEjB;;;;;OAKG;IAIH,aAAa,CAAiB;IAE9B;;;;;;;;;;;;;;;OAeG;IAEH,kBAAkB,CAA2B;CAC9C;AApDD,kEAoDC;AA/BC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4DACe;AAWjB;IAHC,IAAA,wBAAM,EAAC,aAAa,EAAE;QACrB,OAAO,EAAE,yDAAyD;KACnE,CAAC;;kEAC4B;AAmB9B;IADC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;;uEAClB"}

package/dist/dto/auth-response.dto.d.ts

@@ -208,7 +208,7 @@ export declare class AuthResponseDTO {
      *
      * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    userSub?: string;
+    sub?: string;
 }
 /**
  * Token Response DTO

package/dist/dto/auth-response.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,kCAAkC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEzB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,eAAe,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,IAAI,CAAC,EAAE,gBAAgB,CAAC;IAMxB;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;OAMG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,KAAK,GAAG,gBAAgB,CAYhE"}
+{"version":3,"file":"auth-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,kCAAkC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEzB;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,eAAe,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;;;OAKG;IACH,IAAI,CAAC,EAAE,gBAAgB,CAAC;IAMxB;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE9C;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,oBAAoB,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,KAAK,GAAG,gBAAgB,CAYhE"}

package/dist/dto/auth-response.dto.js

@@ -165,7 +165,7 @@ class AuthResponseDTO {
      *
      * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    userSub;
+    sub;
 }
 exports.AuthResponseDTO = AuthResponseDTO;
 /**

package/dist/dto/auth-response.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-response.dto.js","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":";;;AAmRA,gDAYC;AAnOD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,YAAY,CAAU;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAU;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAU;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAW;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,IAAI,CAAoB;IAExB,+EAA+E;IAC/E,4CAA4C;IAC5C,+EAA+E;IAE/E;;;;;;;;;OASG;IACH,aAAa,CAAiB;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAA2B;IAE9C;;;;;;OAMG;IACH,OAAO,CAAU;CAClB;AA9JD,0CA8JC;AA8BD;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAAC,IAAW;IAC5C,OAAO;QACL,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;QAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,SAAS;QAClD,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC3G,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;KACrC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"auth-response.dto.js","sourceRoot":"","sources":["../../src/dto/auth-response.dto.ts"],"names":[],"mappings":";;;AAmRA,gDAYC;AAnOD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,eAAe;IAC1B;;;;;OAKG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,YAAY,CAAU;IAEtB;;;;;;;OAOG;IACH,oBAAoB,CAAU;IAE9B;;;;;;;OAOG;IACH,qBAAqB,CAAU;IAE/B;;;;;;;;;;;;OAYG;IACH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAW;IAElB;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACH,WAAW,CAAU;IAErB;;;;;OAKG;IACH,IAAI,CAAoB;IAExB,+EAA+E;IAC/E,4CAA4C;IAC5C,+EAA+E;IAE/E;;;;;;;;;OASG;IACH,aAAa,CAAiB;IAE9B;;;;;;;;;;OAUG;IACH,OAAO,CAAU;IAEjB;;;;;;;;;;;;;;;;;OAiBG;IACH,mBAAmB,CAA2B;IAE9C;;;;;;OAMG;IACH,GAAG,CAAU;CACd;AA9JD,0CA8JC;AA8BD;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAAC,IAAW;IAC5C,OAAO;QACL,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;QAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,SAAS;QAClD,eAAe,EAAE,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC3G,eAAe,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;KACrC,CAAC;AACJ,CAAC"}

package/dist/dto/get-mfa-status.dto.d.ts

@@ -1,19 +1,23 @@
 /**
- * DTO for getting MFA status
+ * DTO for getting MFA status (admin-only)
  *
- * Used to retrieve comprehensive MFA status for a user including enabled status,
- * configured methods, available methods, backup codes, and exemption information.
+ * Admin DTO - requires sub field. Used by AdminAuthService.
+ * User self-service version uses AuthService.getMFAStatus() which takes no DTO.
  *
  * @example
  * ```typescript
+ * // Admin version
  * const status = await mfaService.getMFAStatus({
  *   sub: 'user-uuid'
  * });
+ *
+ * // User version (no DTO needed)
+ * const status = await authService.getMFAStatus();
  * ```
  */
 import { MFADeviceMethod } from '../enums/mfa-method.enum';
 /**
- * DTO for getting MFA status
+ * DTO for getting MFA status (admin-only)
  */
 export declare class GetMFAStatusDTO {
     /**

package/dist/dto/get-mfa-status.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get-mfa-status.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-mfa-status.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd;AAED;;GAEG;AACH,qBAAa,uBAAuB;IAClC;;OAEG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;OAEG;IACH,iBAAiB,EAAG,KAAK,CAAC,eAAe,CAAC,CAAC;IAE3C;;OAEG;IACH,gBAAgB,EAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;OAEG;IACH,SAAS,EAAG,OAAO,CAAC;IAEpB;;OAEG;IACH,eAAe,EAAG,MAAM,GAAG,IAAI,CAAC;IAEhC;;OAEG;IACH,kBAAkB,EAAG,IAAI,GAAG,IAAI,CAAC;CAClC"}
+{"version":3,"file":"get-mfa-status.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-mfa-status.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAE3D;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd;AAED;;GAEG;AACH,qBAAa,uBAAuB;IAClC;;OAEG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;OAEG;IACH,iBAAiB,EAAG,KAAK,CAAC,eAAe,CAAC,CAAC;IAE3C;;OAEG;IACH,gBAAgB,EAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjC;;OAEG;IACH,cAAc,EAAG,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,eAAe,CAAC;IAElC;;OAEG;IACH,SAAS,EAAG,OAAO,CAAC;IAEpB;;OAEG;IACH,eAAe,EAAG,MAAM,GAAG,IAAI,CAAC;IAEhC;;OAEG;IACH,kBAAkB,EAAG,IAAI,GAAG,IAAI,CAAC;CAClC"}

package/dist/dto/get-mfa-status.dto.js

@@ -1,15 +1,19 @@
 "use strict";
 /**
- * DTO for getting MFA status
+ * DTO for getting MFA status (admin-only)
  *
- * Used to retrieve comprehensive MFA status for a user including enabled status,
- * configured methods, available methods, backup codes, and exemption information.
+ * Admin DTO - requires sub field. Used by AdminAuthService.
+ * User self-service version uses AuthService.getMFAStatus() which takes no DTO.
  *
  * @example
  * ```typescript
+ * // Admin version
  * const status = await mfaService.getMFAStatus({
  *   sub: 'user-uuid'
  * });
+ *
+ * // User version (no DTO needed)
+ * const status = await authService.getMFAStatus();
  * ```
  */
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
@@ -26,7 +30,7 @@ exports.GetMFAStatusResponseDTO = exports.GetMFAStatusDTO = void 0;
 const class_validator_1 = require("class-validator");
 const class_transformer_1 = require("class-transformer");
 /**
- * DTO for getting MFA status
+ * DTO for getting MFA status (admin-only)
  */
 class GetMFAStatusDTO {
     /**

package/dist/dto/get-mfa-status.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"get-mfa-status.dto.js","sourceRoot":"","sources":["../../src/dto/get-mfa-status.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;AAEH,qDAAyC;AACzC,yDAA8C;AAG9C;;GAEG;AACH,MAAa,eAAe;IAC1B;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;CACd;AAtBD,0CAsBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4CACW;AAGf;;GAEG;AACH,MAAa,uBAAuB;IAClC;;OAEG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,QAAQ,CAAW;IAEnB;;OAEG;IACH,iBAAiB,CAA0B;IAE3C;;OAEG;IACH,gBAAgB,CAAiB;IAEjC;;OAEG;IACH,cAAc,CAAW;IAEzB;;OAEG;IACH,eAAe,CAAmB;IAElC;;OAEG;IACH,SAAS,CAAW;IAEpB;;OAEG;IACH,eAAe,CAAiB;IAEhC;;OAEG;IACH,kBAAkB,CAAe;CAClC;AA7CD,0DA6CC"}
+{"version":3,"file":"get-mfa-status.dto.js","sourceRoot":"","sources":["../../src/dto/get-mfa-status.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;AAEH,qDAAyC;AACzC,yDAA8C;AAG9C;;GAEG;AACH,MAAa,eAAe;IAC1B;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;CACd;AAtBD,0CAsBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;4CACW;AAGf;;GAEG;AACH,MAAa,uBAAuB;IAClC;;OAEG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,QAAQ,CAAW;IAEnB;;OAEG;IACH,iBAAiB,CAA0B;IAE3C;;OAEG;IACH,gBAAgB,CAAiB;IAEjC;;OAEG;IACH,cAAc,CAAW;IAEzB;;OAEG;IACH,eAAe,CAAmB;IAElC;;OAEG;IACH,SAAS,CAAW;IAEpB;;OAEG;IACH,eAAe,CAAiB;IAEhC;;OAEG;IACH,kBAAkB,CAAe;CAClC;AA7CD,0DA6CC"}

package/dist/dto/get-risk-assessment-history.dto.d.ts

@@ -8,16 +8,16 @@ import { IAuthAudit } from '../interfaces/entities.interface';
  * @example
  * ```typescript
  * const result = await auditService.getRiskAssessmentHistory({
- *   userSub: 'user-uuid',
+ *   sub: 'user-uuid',
  *   limit: 50,
  * });
  * ```
  */
 export declare class GetRiskAssessmentHistoryDTO {
     /**
-     * User identifier
+     * User's unique identifier (UUID v4)
      */
-    userSub: string;
+    sub: string;
     /**
      * Maximum number of records to return
      *

package/dist/dto/get-risk-assessment-history.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get-risk-assessment-history.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-risk-assessment-history.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAI9D;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IAQH,OAAO,EAAG,MAAM,CAAC;IAEjB;;;;OAIG;IAYH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,IAAI,EAAG,UAAU,EAAE,CAAC;CACrB"}
+{"version":3,"file":"get-risk-assessment-history.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-risk-assessment-history.dto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAI9D;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;OAEG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;;;OAIG;IAYH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C;;OAEG;IACH,IAAI,EAAG,UAAU,EAAE,CAAC;CACrB"}