@objectstack/spec 0.1.2 → 0.3.0

package/dist/system/identity.zod.d.ts

@@ -1,204 +1,258 @@
 import { z } from 'zod';
 /**
- * Authentication Protocol
- * Defines supported authentication standards (OIDC, SAML, LDAP).
+ * Identity & User Model Specification
+ *
+ * Defines the standard user, account, and session data models for ObjectStack.
+ * These schemas represent "who is logged in" and their associated data.
+ *
+ * This is separate from authentication configuration (auth.zod.ts) which
+ * defines "how to login".
  */
-export declare const AuthProtocol: z.ZodEnum<["oidc", "saml", "ldap", "oauth2", "local", "mock"]>;
 /**
- * OIDC / OAuth2 Config (Standard)
+ * User Schema
+ * Core user identity data model
  */
-export declare const OIDCConfigSchema: z.ZodObject<{
-    issuer: z.ZodString;
-    clientId: z.ZodString;
-    clientSecret: z.ZodString;
-    scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-    attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+export declare const UserSchema: z.ZodObject<{
+    /**
+     * Unique user identifier
+     */
+    id: z.ZodString;
+    /**
+     * User's email address (primary identifier)
+     */
+    email: z.ZodString;
+    /**
+     * Email verification status
+     */
+    emailVerified: z.ZodDefault<z.ZodBoolean>;
+    /**
+     * User's display name
+     */
+    name: z.ZodOptional<z.ZodString>;
+    /**
+     * User's profile image URL
+     */
+    image: z.ZodOptional<z.ZodString>;
+    /**
+     * Account creation timestamp
+     */
+    createdAt: z.ZodDate;
+    /**
+     * Last update timestamp
+     */
+    updatedAt: z.ZodDate;
 }, "strip", z.ZodTypeAny, {
-    issuer: string;
-    clientId: string;
-    clientSecret: string;
-    scopes: string[];
-    attributeMapping?: Record<string, string> | undefined;
+    email: string;
+    id: string;
+    emailVerified: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+    image?: string | undefined;
+    name?: string | undefined;
 }, {
-    issuer: string;
-    clientId: string;
-    clientSecret: string;
-    scopes?: string[] | undefined;
-    attributeMapping?: Record<string, string> | undefined;
+    email: string;
+    id: string;
+    createdAt: Date;
+    updatedAt: Date;
+    image?: string | undefined;
+    name?: string | undefined;
+    emailVerified?: boolean | undefined;
 }>;
+export type User = z.infer<typeof UserSchema>;
 /**
- * SAML 2.0 Config (Enterprise)
+ * Account Schema
+ * Links external OAuth/OIDC/SAML accounts to a user
  */
-export declare const SAMLConfigSchema: z.ZodObject<{
-    entryPoint: z.ZodString;
-    cert: z.ZodString;
-    issuer: z.ZodString;
-    signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
-    attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+export declare const AccountSchema: z.ZodObject<{
+    /**
+     * Unique account identifier
+     */
+    id: z.ZodString;
+    /**
+     * Associated user ID
+     */
+    userId: z.ZodString;
+    /**
+     * Account type/provider
+     */
+    type: z.ZodEnum<["oauth", "oidc", "email", "credentials", "saml", "ldap"]>;
+    /**
+     * Provider name (e.g., 'google', 'github', 'okta')
+     */
+    provider: z.ZodString;
+    /**
+     * Provider account ID
+     */
+    providerAccountId: z.ZodString;
+    /**
+     * OAuth refresh token
+     */
+    refreshToken: z.ZodOptional<z.ZodString>;
+    /**
+     * OAuth access token
+     */
+    accessToken: z.ZodOptional<z.ZodString>;
+    /**
+     * Token expiry timestamp
+     */
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+    /**
+     * OAuth token type
+     */
+    tokenType: z.ZodOptional<z.ZodString>;
+    /**
+     * OAuth scope
+     */
+    scope: z.ZodOptional<z.ZodString>;
+    /**
+     * OAuth ID token
+     */
+    idToken: z.ZodOptional<z.ZodString>;
+    /**
+     * Session state
+     */
+    sessionState: z.ZodOptional<z.ZodString>;
+    /**
+     * Account creation timestamp
+     */
+    createdAt: z.ZodDate;
+    /**
+     * Last update timestamp
+     */
+    updatedAt: z.ZodDate;
 }, "strip", z.ZodTypeAny, {
-    issuer: string;
-    entryPoint: string;
-    cert: string;
-    signatureAlgorithm: "sha256" | "sha512";
-    attributeMapping?: Record<string, string> | undefined;
+    type: "email" | "oauth" | "oidc" | "credentials" | "saml" | "ldap";
+    id: string;
+    userId: string;
+    createdAt: Date;
+    updatedAt: Date;
+    provider: string;
+    providerAccountId: string;
+    scope?: string | undefined;
+    refreshToken?: string | undefined;
+    accessToken?: string | undefined;
+    expiresAt?: number | undefined;
+    tokenType?: string | undefined;
+    idToken?: string | undefined;
+    sessionState?: string | undefined;
 }, {
-    issuer: string;
-    entryPoint: string;
-    cert: string;
-    attributeMapping?: Record<string, string> | undefined;
-    signatureAlgorithm?: "sha256" | "sha512" | undefined;
+    type: "email" | "oauth" | "oidc" | "credentials" | "saml" | "ldap";
+    id: string;
+    userId: string;
+    createdAt: Date;
+    updatedAt: Date;
+    provider: string;
+    providerAccountId: string;
+    scope?: string | undefined;
+    refreshToken?: string | undefined;
+    accessToken?: string | undefined;
+    expiresAt?: number | undefined;
+    tokenType?: string | undefined;
+    idToken?: string | undefined;
+    sessionState?: string | undefined;
 }>;
+export type Account = z.infer<typeof AccountSchema>;
 /**
- * LDAP / AD Config (On-premise)
+ * Session Schema
+ * User session data model
  */
-export declare const LDAPConfigSchema: z.ZodObject<{
-    url: z.ZodString;
-    bindDn: z.ZodString;
-    bindCredentials: z.ZodString;
-    searchBase: z.ZodString;
-    searchFilter: z.ZodString;
-    groupSearchBase: z.ZodOptional<z.ZodString>;
+export declare const SessionSchema: z.ZodObject<{
+    /**
+     * Unique session identifier
+     */
+    id: z.ZodString;
+    /**
+     * Session token
+     */
+    sessionToken: z.ZodString;
+    /**
+     * Associated user ID
+     */
+    userId: z.ZodString;
+    /**
+     * Active organization ID for this session
+     * Used for context switching in multi-tenant applications
+     */
+    activeOrganizationId: z.ZodOptional<z.ZodString>;
+    /**
+     * Session expiry timestamp
+     */
+    expires: z.ZodDate;
+    /**
+     * Session creation timestamp
+     */
+    createdAt: z.ZodDate;
+    /**
+     * Last update timestamp
+     */
+    updatedAt: z.ZodDate;
+    /**
+     * IP address of the session
+     */
+    ipAddress: z.ZodOptional<z.ZodString>;
+    /**
+     * User agent string
+     */
+    userAgent: z.ZodOptional<z.ZodString>;
+    /**
+     * Device fingerprint
+     */
+    fingerprint: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    url: string;
-    bindDn: string;
-    bindCredentials: string;
-    searchBase: string;
-    searchFilter: string;
-    groupSearchBase?: string | undefined;
+    id: string;
+    userId: string;
+    createdAt: Date;
+    updatedAt: Date;
+    sessionToken: string;
+    expires: Date;
+    activeOrganizationId?: string | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+    fingerprint?: string | undefined;
 }, {
-    url: string;
-    bindDn: string;
-    bindCredentials: string;
-    searchBase: string;
-    searchFilter: string;
-    groupSearchBase?: string | undefined;
+    id: string;
+    userId: string;
+    createdAt: Date;
+    updatedAt: Date;
+    sessionToken: string;
+    expires: Date;
+    activeOrganizationId?: string | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+    fingerprint?: string | undefined;
 }>;
+export type Session = z.infer<typeof SessionSchema>;
 /**
- * Identity Provider (IdP) Schema
- * Connects the OS to an external source of truth for identities.
+ * Verification Token Schema
+ * Email verification and password reset tokens
  */
-export declare const AuthProviderSchema: z.ZodObject<{
-    name: z.ZodString;
-    label: z.ZodString;
-    type: z.ZodEnum<["oidc", "saml", "ldap", "oauth2", "local", "mock"]>;
-    /** Configuration (Polymorphic based on type) */
-    config: z.ZodUnion<[z.ZodObject<{
-        issuer: z.ZodString;
-        clientId: z.ZodString;
-        clientSecret: z.ZodString;
-        scopes: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-        attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-    }, "strip", z.ZodTypeAny, {
-        issuer: string;
-        clientId: string;
-        clientSecret: string;
-        scopes: string[];
-        attributeMapping?: Record<string, string> | undefined;
-    }, {
-        issuer: string;
-        clientId: string;
-        clientSecret: string;
-        scopes?: string[] | undefined;
-        attributeMapping?: Record<string, string> | undefined;
-    }>, z.ZodObject<{
-        entryPoint: z.ZodString;
-        cert: z.ZodString;
-        issuer: z.ZodString;
-        signatureAlgorithm: z.ZodDefault<z.ZodEnum<["sha256", "sha512"]>>;
-        attributeMapping: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
-    }, "strip", z.ZodTypeAny, {
-        issuer: string;
-        entryPoint: string;
-        cert: string;
-        signatureAlgorithm: "sha256" | "sha512";
-        attributeMapping?: Record<string, string> | undefined;
-    }, {
-        issuer: string;
-        entryPoint: string;
-        cert: string;
-        attributeMapping?: Record<string, string> | undefined;
-        signatureAlgorithm?: "sha256" | "sha512" | undefined;
-    }>, z.ZodObject<{
-        url: z.ZodString;
-        bindDn: z.ZodString;
-        bindCredentials: z.ZodString;
-        searchBase: z.ZodString;
-        searchFilter: z.ZodString;
-        groupSearchBase: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        url: string;
-        bindDn: string;
-        bindCredentials: string;
-        searchBase: string;
-        searchFilter: string;
-        groupSearchBase?: string | undefined;
-    }, {
-        url: string;
-        bindDn: string;
-        bindCredentials: string;
-        searchBase: string;
-        searchFilter: string;
-        groupSearchBase?: string | undefined;
-    }>, z.ZodRecord<z.ZodString, z.ZodAny>]>;
-    /** Visuals */
-    icon: z.ZodOptional<z.ZodString>;
-    /** Policies */
-    active: z.ZodDefault<z.ZodBoolean>;
-    registrationEnabled: z.ZodDefault<z.ZodBoolean>;
+export declare const VerificationTokenSchema: z.ZodObject<{
+    /**
+     * Token identifier (email or phone)
+     */
+    identifier: z.ZodString;
+    /**
+     * Verification token
+     */
+    token: z.ZodString;
+    /**
+     * Token expiry timestamp
+     */
+    expires: z.ZodDate;
+    /**
+     * Token creation timestamp
+     */
+    createdAt: z.ZodDate;
 }, "strip", z.ZodTypeAny, {
-    type: "local" | "oidc" | "saml" | "ldap" | "oauth2" | "mock";
-    label: string;
-    name: string;
-    active: boolean;
-    config: Record<string, any> | {
-        issuer: string;
-        clientId: string;
-        clientSecret: string;
-        scopes: string[];
-        attributeMapping?: Record<string, string> | undefined;
-    } | {
-        issuer: string;
-        entryPoint: string;
-        cert: string;
-        signatureAlgorithm: "sha256" | "sha512";
-        attributeMapping?: Record<string, string> | undefined;
-    } | {
-        url: string;
-        bindDn: string;
-        bindCredentials: string;
-        searchBase: string;
-        searchFilter: string;
-        groupSearchBase?: string | undefined;
-    };
-    registrationEnabled: boolean;
-    icon?: string | undefined;
+    createdAt: Date;
+    expires: Date;
+    identifier: string;
+    token: string;
 }, {
-    type: "local" | "oidc" | "saml" | "ldap" | "oauth2" | "mock";
-    label: string;
-    name: string;
-    config: Record<string, any> | {
-        issuer: string;
-        clientId: string;
-        clientSecret: string;
-        scopes?: string[] | undefined;
-        attributeMapping?: Record<string, string> | undefined;
-    } | {
-        issuer: string;
-        entryPoint: string;
-        cert: string;
-        attributeMapping?: Record<string, string> | undefined;
-        signatureAlgorithm?: "sha256" | "sha512" | undefined;
-    } | {
-        url: string;
-        bindDn: string;
-        bindCredentials: string;
-        searchBase: string;
-        searchFilter: string;
-        groupSearchBase?: string | undefined;
-    };
-    icon?: string | undefined;
-    active?: boolean | undefined;
-    registrationEnabled?: boolean | undefined;
+    createdAt: Date;
+    expires: Date;
+    identifier: string;
+    token: string;
 }>;
-export type AuthProvider = z.infer<typeof AuthProviderSchema>;
+export type VerificationToken = z.infer<typeof VerificationTokenSchema>;
 //# sourceMappingURL=identity.zod.d.ts.map

package/dist/system/identity.zod.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identity.zod.d.ts","sourceRoot":"","sources":["../../src/system/identity.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,eAAO,MAAM,YAAY,gEAOvB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;EAM3B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;EAM3B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;EAO3B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;IAK7B,gDAAgD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAQhD,cAAc;;IAGd,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGf,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC"}
+{"version":3,"file":"identity.zod.d.ts","sourceRoot":"","sources":["../../src/system/identity.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;GAQG;AAEH;;;GAGG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,aAAa;IACxB;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAUH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD;;;GAGG;AACH,eAAO,MAAM,aAAa;IACxB;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;;OAGG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD;;;GAGG;AACH,eAAO,MAAM,uBAAuB;IAClC;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC"}

package/dist/system/identity.zod.js

@@ -1,68 +1,185 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthProviderSchema = exports.LDAPConfigSchema = exports.SAMLConfigSchema = exports.OIDCConfigSchema = exports.AuthProtocol = void 0;
+exports.VerificationTokenSchema = exports.SessionSchema = exports.AccountSchema = exports.UserSchema = void 0;
 const zod_1 = require("zod");
 /**
- * Authentication Protocol
- * Defines supported authentication standards (OIDC, SAML, LDAP).
+ * Identity & User Model Specification
+ *
+ * Defines the standard user, account, and session data models for ObjectStack.
+ * These schemas represent "who is logged in" and their associated data.
+ *
+ * This is separate from authentication configuration (auth.zod.ts) which
+ * defines "how to login".
  */
-exports.AuthProtocol = zod_1.z.enum([
-    'oidc', // OpenID Connect (Modern standard)
-    'saml', // SAML 2.0 (Legacy Enterprise)
-    'ldap', // LDAP/Active Directory (On-premise)
-    'oauth2', // Generic OAuth2
-    'local', // Database username/password
-    'mock' // Testing
-]);
 /**
- * OIDC / OAuth2 Config (Standard)
+ * User Schema
+ * Core user identity data model
  */
-exports.OIDCConfigSchema = zod_1.z.object({
-    issuer: zod_1.z.string().url().describe('OIDC Issuer URL (.well-known/openid-configuration)'),
-    clientId: zod_1.z.string(),
-    clientSecret: zod_1.z.string(), // Usually value is ENV reference
-    scopes: zod_1.z.array(zod_1.z.string()).default(['openid', 'profile', 'email']),
-    attributeMapping: zod_1.z.record(zod_1.z.string()).optional().describe('Map IdP claims to User fields'),
+exports.UserSchema = zod_1.z.object({
+    /**
+     * Unique user identifier
+     */
+    id: zod_1.z.string().describe('Unique user identifier'),
+    /**
+     * User's email address (primary identifier)
+     */
+    email: zod_1.z.string().email().describe('User email address'),
+    /**
+     * Email verification status
+     */
+    emailVerified: zod_1.z.boolean().default(false).describe('Whether email is verified'),
+    /**
+     * User's display name
+     */
+    name: zod_1.z.string().optional().describe('User display name'),
+    /**
+     * User's profile image URL
+     */
+    image: zod_1.z.string().url().optional().describe('Profile image URL'),
+    /**
+     * Account creation timestamp
+     */
+    createdAt: zod_1.z.date().describe('Account creation timestamp'),
+    /**
+     * Last update timestamp
+     */
+    updatedAt: zod_1.z.date().describe('Last update timestamp'),
 });
 /**
- * SAML 2.0 Config (Enterprise)
+ * Account Schema
+ * Links external OAuth/OIDC/SAML accounts to a user
  */
-exports.SAMLConfigSchema = zod_1.z.object({
-    entryPoint: zod_1.z.string().url().describe('IdP SSO URL'),
-    cert: zod_1.z.string().describe('IdP Public Certificate'), // PEM format
-    issuer: zod_1.z.string().describe('Entity ID of the IdP'),
-    signatureAlgorithm: zod_1.z.enum(['sha256', 'sha512']).default('sha256'),
-    attributeMapping: zod_1.z.record(zod_1.z.string()).optional(),
+exports.AccountSchema = zod_1.z.object({
+    /**
+     * Unique account identifier
+     */
+    id: zod_1.z.string().describe('Unique account identifier'),
+    /**
+     * Associated user ID
+     */
+    userId: zod_1.z.string().describe('Associated user ID'),
+    /**
+     * Account type/provider
+     */
+    type: zod_1.z.enum([
+        'oauth',
+        'oidc',
+        'email',
+        'credentials',
+        'saml',
+        'ldap',
+    ]).describe('Account type'),
+    /**
+     * Provider name (e.g., 'google', 'github', 'okta')
+     */
+    provider: zod_1.z.string().describe('Provider name'),
+    /**
+     * Provider account ID
+     */
+    providerAccountId: zod_1.z.string().describe('Provider account ID'),
+    /**
+     * OAuth refresh token
+     */
+    refreshToken: zod_1.z.string().optional().describe('OAuth refresh token'),
+    /**
+     * OAuth access token
+     */
+    accessToken: zod_1.z.string().optional().describe('OAuth access token'),
+    /**
+     * Token expiry timestamp
+     */
+    expiresAt: zod_1.z.number().optional().describe('Token expiry timestamp (Unix)'),
+    /**
+     * OAuth token type
+     */
+    tokenType: zod_1.z.string().optional().describe('OAuth token type'),
+    /**
+     * OAuth scope
+     */
+    scope: zod_1.z.string().optional().describe('OAuth scope'),
+    /**
+     * OAuth ID token
+     */
+    idToken: zod_1.z.string().optional().describe('OAuth ID token'),
+    /**
+     * Session state
+     */
+    sessionState: zod_1.z.string().optional().describe('Session state'),
+    /**
+     * Account creation timestamp
+     */
+    createdAt: zod_1.z.date().describe('Account creation timestamp'),
+    /**
+     * Last update timestamp
+     */
+    updatedAt: zod_1.z.date().describe('Last update timestamp'),
 });
 /**
- * LDAP / AD Config (On-premise)
+ * Session Schema
+ * User session data model
  */
-exports.LDAPConfigSchema = zod_1.z.object({
-    url: zod_1.z.string().url().describe('LDAP Server URL (ldap:// or ldaps://)'),
-    bindDn: zod_1.z.string(),
-    bindCredentials: zod_1.z.string(),
-    searchBase: zod_1.z.string(),
-    searchFilter: zod_1.z.string(),
-    groupSearchBase: zod_1.z.string().optional(),
+exports.SessionSchema = zod_1.z.object({
+    /**
+     * Unique session identifier
+     */
+    id: zod_1.z.string().describe('Unique session identifier'),
+    /**
+     * Session token
+     */
+    sessionToken: zod_1.z.string().describe('Session token'),
+    /**
+     * Associated user ID
+     */
+    userId: zod_1.z.string().describe('Associated user ID'),
+    /**
+     * Active organization ID for this session
+     * Used for context switching in multi-tenant applications
+     */
+    activeOrganizationId: zod_1.z.string().optional().describe('Active organization ID for context switching'),
+    /**
+     * Session expiry timestamp
+     */
+    expires: zod_1.z.date().describe('Session expiry timestamp'),
+    /**
+     * Session creation timestamp
+     */
+    createdAt: zod_1.z.date().describe('Session creation timestamp'),
+    /**
+     * Last update timestamp
+     */
+    updatedAt: zod_1.z.date().describe('Last update timestamp'),
+    /**
+     * IP address of the session
+     */
+    ipAddress: zod_1.z.string().optional().describe('IP address'),
+    /**
+     * User agent string
+     */
+    userAgent: zod_1.z.string().optional().describe('User agent string'),
+    /**
+     * Device fingerprint
+     */
+    fingerprint: zod_1.z.string().optional().describe('Device fingerprint'),
 });
 /**
- * Identity Provider (IdP) Schema
- * Connects the OS to an external source of truth for identities.
+ * Verification Token Schema
+ * Email verification and password reset tokens
  */
-exports.AuthProviderSchema = zod_1.z.object({
-    name: zod_1.z.string().regex(/^[a-z_][a-z0-9_]*$/).describe('Provider ID'),
-    label: zod_1.z.string().describe('Button Label (e.g. "Login with Okta")'),
-    type: exports.AuthProtocol,
-    /** Configuration (Polymorphic based on type) */
-    config: zod_1.z.union([
-        exports.OIDCConfigSchema,
-        exports.SAMLConfigSchema,
-        exports.LDAPConfigSchema,
-        zod_1.z.record(zod_1.z.any()) // Fallback
-    ]).describe('Provider specific configuration'),
-    /** Visuals */
-    icon: zod_1.z.string().optional().describe('Icon URL or helper class'),
-    /** Policies */
-    active: zod_1.z.boolean().default(true),
-    registrationEnabled: zod_1.z.boolean().default(false).describe('Allow new users to sign up via this provider'),
+exports.VerificationTokenSchema = zod_1.z.object({
+    /**
+     * Token identifier (email or phone)
+     */
+    identifier: zod_1.z.string().describe('Token identifier (email or phone)'),
+    /**
+     * Verification token
+     */
+    token: zod_1.z.string().describe('Verification token'),
+    /**
+     * Token expiry timestamp
+     */
+    expires: zod_1.z.date().describe('Token expiry timestamp'),
+    /**
+     * Token creation timestamp
+     */
+    createdAt: zod_1.z.date().describe('Token creation timestamp'),
 });