@objectstack/spec 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (152) hide show
  1. package/README.md +127 -5
  2. package/dist/ai/index.d.ts +14 -0
  3. package/dist/ai/index.d.ts.map +1 -0
  4. package/dist/ai/index.js +29 -0
  5. package/dist/ai/model-registry.zod.d.ts +1389 -0
  6. package/dist/ai/model-registry.zod.d.ts.map +1 -0
  7. package/dist/ai/model-registry.zod.js +164 -0
  8. package/dist/ai/nlq.zod.d.ts +1126 -0
  9. package/dist/ai/nlq.zod.d.ts.map +1 -0
  10. package/dist/ai/nlq.zod.js +246 -0
  11. package/dist/ai/rag-pipeline.zod.d.ts +1034 -0
  12. package/dist/ai/rag-pipeline.zod.d.ts.map +1 -0
  13. package/dist/ai/rag-pipeline.zod.js +244 -0
  14. package/dist/api/index.d.ts +9 -0
  15. package/dist/api/index.d.ts.map +1 -0
  16. package/dist/api/index.js +24 -0
  17. package/dist/data/filter.zod.d.ts +295 -0
  18. package/dist/data/filter.zod.d.ts.map +1 -0
  19. package/dist/data/filter.zod.js +226 -0
  20. package/dist/data/index.d.ts +21 -0
  21. package/dist/data/index.d.ts.map +1 -0
  22. package/dist/data/index.js +36 -0
  23. package/dist/data/query.zod.d.ts +386 -3
  24. package/dist/data/query.zod.d.ts.map +1 -1
  25. package/dist/data/query.zod.js +386 -3
  26. package/dist/data/validation.zod.d.ts +349 -0
  27. package/dist/data/validation.zod.d.ts.map +1 -1
  28. package/dist/data/validation.zod.js +395 -0
  29. package/dist/index.d.ts +36 -39
  30. package/dist/index.d.ts.map +1 -1
  31. package/dist/index.js +64 -47
  32. package/dist/system/auth-protocol.d.ts +175 -0
  33. package/dist/system/auth-protocol.d.ts.map +1 -0
  34. package/dist/system/auth-protocol.js +60 -0
  35. package/dist/system/auth.zod.d.ts +3319 -0
  36. package/dist/system/auth.zod.d.ts.map +1 -0
  37. package/dist/system/auth.zod.js +499 -0
  38. package/dist/system/datasource.zod.d.ts +118 -38
  39. package/dist/system/datasource.zod.d.ts.map +1 -1
  40. package/dist/system/datasource.zod.js +25 -6
  41. package/dist/system/driver.zod.d.ts +106 -0
  42. package/dist/system/driver.zod.d.ts.map +1 -1
  43. package/dist/system/driver.zod.js +47 -0
  44. package/dist/system/identity.zod.d.ts +234 -180
  45. package/dist/system/identity.zod.d.ts.map +1 -1
  46. package/dist/system/identity.zod.js +168 -51
  47. package/dist/system/index.d.ts +28 -0
  48. package/dist/system/index.d.ts.map +1 -0
  49. package/dist/system/index.js +43 -0
  50. package/dist/system/manifest.zod.d.ts +10 -10
  51. package/dist/system/organization.zod.d.ts +179 -0
  52. package/dist/system/organization.zod.d.ts.map +1 -0
  53. package/dist/system/organization.zod.js +129 -0
  54. package/dist/system/policy.zod.d.ts +10 -10
  55. package/dist/ui/action.zod.d.ts +2 -2
  56. package/dist/ui/dashboard.zod.d.ts +10 -10
  57. package/dist/ui/dashboard.zod.d.ts.map +1 -1
  58. package/dist/ui/dashboard.zod.js +3 -2
  59. package/dist/ui/index.d.ts +17 -0
  60. package/dist/ui/index.d.ts.map +1 -0
  61. package/dist/ui/index.js +32 -0
  62. package/dist/ui/report.zod.d.ts +4 -32
  63. package/dist/ui/report.zod.d.ts.map +1 -1
  64. package/dist/ui/report.zod.js +3 -8
  65. package/dist/ui/theme.zod.d.ts +6 -6
  66. package/json-schema/Account.json +87 -0
  67. package/json-schema/AccountLinkingConfig.json +27 -0
  68. package/json-schema/AuthConfig.json +841 -0
  69. package/json-schema/AuthPluginConfig.json +28 -0
  70. package/json-schema/AuthStrategy.json +17 -0
  71. package/json-schema/AuthenticationConfig.json +601 -0
  72. package/json-schema/AuthenticationProvider.json +617 -0
  73. package/json-schema/CSRFConfig.json +31 -0
  74. package/json-schema/ChunkingStrategy.json +133 -0
  75. package/json-schema/ComparisonOperator.json +56 -0
  76. package/json-schema/Dashboard.json +20 -0
  77. package/json-schema/DashboardWidget.json +20 -0
  78. package/json-schema/DatabaseAdapter.json +38 -0
  79. package/json-schema/DatabaseMapping.json +48 -0
  80. package/json-schema/Datasource.json +25 -5
  81. package/json-schema/DatasourceCapabilities.json +25 -5
  82. package/json-schema/DocumentChunk.json +97 -0
  83. package/json-schema/DocumentLoaderConfig.json +69 -0
  84. package/json-schema/DocumentMetadata.json +61 -0
  85. package/json-schema/DriverCapabilities.json +30 -0
  86. package/json-schema/DriverDefinition.json +25 -5
  87. package/json-schema/DriverInterface.json +30 -0
  88. package/json-schema/EmailPasswordConfig.json +43 -0
  89. package/json-schema/EmbeddingModel.json +57 -0
  90. package/json-schema/EnterpriseAuthConfig.json +172 -0
  91. package/json-schema/Entity.json +55 -0
  92. package/json-schema/EqualityOperator.json +14 -0
  93. package/json-schema/FieldOperators.json +108 -0
  94. package/json-schema/FieldSynonymConfig.json +39 -0
  95. package/json-schema/FilterCondition.json +28 -0
  96. package/json-schema/Invitation.json +69 -0
  97. package/json-schema/InvitationStatus.json +15 -0
  98. package/json-schema/LDAPConfig.json +22 -5
  99. package/json-schema/MagicLinkConfig.json +21 -0
  100. package/json-schema/Member.json +46 -0
  101. package/json-schema/ModelCapability.json +47 -0
  102. package/json-schema/ModelConfig.json +181 -0
  103. package/json-schema/ModelLimits.json +45 -0
  104. package/json-schema/ModelPricing.json +28 -0
  105. package/json-schema/ModelProvider.json +19 -0
  106. package/json-schema/ModelRegistry.json +427 -0
  107. package/json-schema/ModelRegistryEntry.json +239 -0
  108. package/json-schema/ModelSelectionCriteria.json +50 -0
  109. package/json-schema/NLQAnalytics.json +106 -0
  110. package/json-schema/NLQFieldMapping.json +40 -0
  111. package/json-schema/NLQModelConfig.json +78 -0
  112. package/json-schema/NLQParseResult.json +252 -0
  113. package/json-schema/NLQRequest.json +110 -0
  114. package/json-schema/NLQResponse.json +288 -0
  115. package/json-schema/NLQTrainingExample.json +120 -0
  116. package/json-schema/NormalizedFilter.json +348 -0
  117. package/json-schema/OAuthProvider.json +66 -0
  118. package/json-schema/OIDCConfig.json +18 -3
  119. package/json-schema/Organization.json +52 -0
  120. package/json-schema/PasskeyConfig.json +54 -0
  121. package/json-schema/PromptTemplate.json +163 -0
  122. package/json-schema/PromptVariable.json +56 -0
  123. package/json-schema/QueryContext.json +72 -0
  124. package/json-schema/QueryFilter.json +34 -0
  125. package/json-schema/QueryIntent.json +21 -0
  126. package/json-schema/QueryTemplate.json +81 -0
  127. package/json-schema/RAGPipelineConfig.json +552 -0
  128. package/json-schema/RAGPipelineStatus.json +66 -0
  129. package/json-schema/RAGQueryRequest.json +64 -0
  130. package/json-schema/RAGQueryResponse.json +108 -0
  131. package/json-schema/RangeOperator.json +41 -0
  132. package/json-schema/RateLimitConfig.json +36 -0
  133. package/json-schema/Report.json +20 -26
  134. package/json-schema/RerankingConfig.json +34 -0
  135. package/json-schema/RetrievalStrategy.json +121 -0
  136. package/json-schema/SAMLConfig.json +17 -3
  137. package/json-schema/Session.json +63 -0
  138. package/json-schema/SessionConfig.json +56 -0
  139. package/json-schema/SetOperator.json +18 -0
  140. package/json-schema/SpecialOperator.json +18 -0
  141. package/json-schema/StandardAuthProvider.json +857 -0
  142. package/json-schema/StringOperator.json +21 -0
  143. package/json-schema/Timeframe.json +68 -0
  144. package/json-schema/TwoFactorConfig.json +40 -0
  145. package/json-schema/User.json +51 -0
  146. package/json-schema/UserFieldMapping.json +47 -0
  147. package/json-schema/VectorStoreConfig.json +82 -0
  148. package/json-schema/VectorStoreProvider.json +21 -0
  149. package/json-schema/VerificationToken.json +36 -0
  150. package/package.json +27 -1
  151. package/json-schema/AuthProtocol.json +0 -17
  152. package/json-schema/AuthProvider.json +0 -171
package/json-schema/StandardAuthProvider.json ADDED
@@ -0,0 +1,857 @@
1
+ {
2
+ "$ref": "#/definitions/StandardAuthProvider",
3
+ "definitions": {
4
+ "StandardAuthProvider": {
5
+ "type": "object",
6
+ "properties": {
7
+ "type": {
8
+ "type": "string",
9
+ "const": "standard_auth",
10
+ "description": "Provider type identifier"
11
+ },
12
+ "config": {
13
+ "type": "object",
14
+ "properties": {
15
+ "name": {
16
+ "type": "string",
17
+ "pattern": "^[a-z_][a-z0-9_]*$",
18
+ "description": "Configuration name (snake_case)"
19
+ },
20
+ "label": {
21
+ "type": "string",
22
+ "description": "Display label"
23
+ },
24
+ "driver": {
25
+ "type": "string",
26
+ "default": "better-auth",
27
+ "description": "The underlying authentication implementation driver"
28
+ },
29
+ "strategies": {
30
+ "type": "array",
31
+ "items": {
32
+ "type": "string",
33
+ "enum": [
34
+ "email_password",
35
+ "magic_link",
36
+ "oauth",
37
+ "passkey",
38
+ "otp",
39
+ "anonymous"
40
+ ]
41
+ },
42
+ "minItems": 1,
43
+ "description": "Enabled authentication strategies"
44
+ },
45
+ "baseUrl": {
46
+ "type": "string",
47
+ "format": "uri",
48
+ "description": "Application base URL"
49
+ },
50
+ "secret": {
51
+ "type": "string",
52
+ "minLength": 32,
53
+ "description": "Secret key for signing (min 32 chars)"
54
+ },
55
+ "emailPassword": {
56
+ "type": "object",
57
+ "properties": {
58
+ "enabled": {
59
+ "type": "boolean",
60
+ "default": true
61
+ },
62
+ "requireEmailVerification": {
63
+ "type": "boolean",
64
+ "default": true,
65
+ "description": "Require email verification before login"
66
+ },
67
+ "minPasswordLength": {
68
+ "type": "number",
69
+ "minimum": 6,
70
+ "maximum": 128,
71
+ "default": 8,
72
+ "description": "Minimum password length"
73
+ },
74
+ "requirePasswordComplexity": {
75
+ "type": "boolean",
76
+ "default": true,
77
+ "description": "Require uppercase, lowercase, numbers, symbols"
78
+ },
79
+ "allowPasswordReset": {
80
+ "type": "boolean",
81
+ "default": true,
82
+ "description": "Enable password reset functionality"
83
+ },
84
+ "passwordResetExpiry": {
85
+ "type": "number",
86
+ "default": 3600,
87
+ "description": "Password reset token expiry in seconds"
88
+ }
89
+ },
90
+ "additionalProperties": false
91
+ },
92
+ "magicLink": {
93
+ "type": "object",
94
+ "properties": {
95
+ "enabled": {
96
+ "type": "boolean",
97
+ "default": true
98
+ },
99
+ "expiryTime": {
100
+ "type": "number",
101
+ "default": 900,
102
+ "description": "Magic link expiry time in seconds (default 15 min)"
103
+ }
104
+ },
105
+ "additionalProperties": false
106
+ },
107
+ "passkey": {
108
+ "type": "object",
109
+ "properties": {
110
+ "enabled": {
111
+ "type": "boolean",
112
+ "default": false
113
+ },
114
+ "rpName": {
115
+ "type": "string",
116
+ "description": "Relying Party name"
117
+ },
118
+ "rpId": {
119
+ "type": "string",
120
+ "description": "Relying Party ID (defaults to domain)"
121
+ },
122
+ "allowedOrigins": {
123
+ "type": "array",
124
+ "items": {
125
+ "type": "string",
126
+ "format": "uri"
127
+ },
128
+ "description": "Allowed origins for WebAuthn"
129
+ },
130
+ "userVerification": {
131
+ "type": "string",
132
+ "enum": [
133
+ "required",
134
+ "preferred",
135
+ "discouraged"
136
+ ],
137
+ "default": "preferred"
138
+ },
139
+ "attestation": {
140
+ "type": "string",
141
+ "enum": [
142
+ "none",
143
+ "indirect",
144
+ "direct",
145
+ "enterprise"
146
+ ],
147
+ "default": "none"
148
+ }
149
+ },
150
+ "required": [
151
+ "rpName"
152
+ ],
153
+ "additionalProperties": false
154
+ },
155
+ "oauth": {
156
+ "type": "object",
157
+ "properties": {
158
+ "providers": {
159
+ "type": "array",
160
+ "items": {
161
+ "type": "object",
162
+ "properties": {
163
+ "provider": {
164
+ "type": "string",
165
+ "enum": [
166
+ "google",
167
+ "github",
168
+ "facebook",
169
+ "twitter",
170
+ "linkedin",
171
+ "microsoft",
172
+ "apple",
173
+ "discord",
174
+ "gitlab",
175
+ "custom"
176
+ ],
177
+ "description": "OAuth provider type"
178
+ },
179
+ "clientId": {
180
+ "type": "string",
181
+ "description": "OAuth client ID"
182
+ },
183
+ "clientSecret": {
184
+ "type": "string",
185
+ "description": "OAuth client secret (typically from ENV)"
186
+ },
187
+ "scopes": {
188
+ "type": "array",
189
+ "items": {
190
+ "type": "string"
191
+ },
192
+ "description": "Requested OAuth scopes"
193
+ },
194
+ "redirectUri": {
195
+ "type": "string",
196
+ "format": "uri",
197
+ "description": "OAuth callback URL"
198
+ },
199
+ "enabled": {
200
+ "type": "boolean",
201
+ "default": true,
202
+ "description": "Whether this provider is enabled"
203
+ },
204
+ "displayName": {
205
+ "type": "string",
206
+ "description": "Display name for the provider button"
207
+ },
208
+ "icon": {
209
+ "type": "string",
210
+ "description": "Icon URL or identifier"
211
+ }
212
+ },
213
+ "required": [
214
+ "provider",
215
+ "clientId",
216
+ "clientSecret"
217
+ ],
218
+ "additionalProperties": false
219
+ },
220
+ "minItems": 1
221
+ }
222
+ },
223
+ "required": [
224
+ "providers"
225
+ ],
226
+ "additionalProperties": false
227
+ },
228
+ "session": {
229
+ "type": "object",
230
+ "properties": {
231
+ "expiresIn": {
232
+ "type": "number",
233
+ "default": 604800,
234
+ "description": "Session expiry in seconds (default 7 days)"
235
+ },
236
+ "updateAge": {
237
+ "type": "number",
238
+ "default": 86400,
239
+ "description": "Session update interval in seconds (default 1 day)"
240
+ },
241
+ "cookieName": {
242
+ "type": "string",
243
+ "default": "session_token",
244
+ "description": "Session cookie name"
245
+ },
246
+ "cookieSecure": {
247
+ "type": "boolean",
248
+ "default": true,
249
+ "description": "Use secure cookies (HTTPS only)"
250
+ },
251
+ "cookieSameSite": {
252
+ "type": "string",
253
+ "enum": [
254
+ "strict",
255
+ "lax",
256
+ "none"
257
+ ],
258
+ "default": "lax",
259
+ "description": "SameSite cookie attribute"
260
+ },
261
+ "cookieDomain": {
262
+ "type": "string",
263
+ "description": "Cookie domain"
264
+ },
265
+ "cookiePath": {
266
+ "type": "string",
267
+ "default": "/",
268
+ "description": "Cookie path"
269
+ },
270
+ "cookieHttpOnly": {
271
+ "type": "boolean",
272
+ "default": true,
273
+ "description": "HttpOnly cookie attribute"
274
+ }
275
+ },
276
+ "additionalProperties": false,
277
+ "default": {}
278
+ },
279
+ "rateLimit": {
280
+ "type": "object",
281
+ "properties": {
282
+ "enabled": {
283
+ "type": "boolean",
284
+ "default": true
285
+ },
286
+ "maxAttempts": {
287
+ "type": "number",
288
+ "default": 5,
289
+ "description": "Maximum login attempts"
290
+ },
291
+ "windowMs": {
292
+ "type": "number",
293
+ "default": 900000,
294
+ "description": "Time window in milliseconds (default 15 min)"
295
+ },
296
+ "blockDuration": {
297
+ "type": "number",
298
+ "default": 900000,
299
+ "description": "Block duration after max attempts in ms"
300
+ },
301
+ "skipSuccessfulRequests": {
302
+ "type": "boolean",
303
+ "default": false,
304
+ "description": "Only count failed requests"
305
+ }
306
+ },
307
+ "additionalProperties": false,
308
+ "default": {}
309
+ },
310
+ "csrf": {
311
+ "type": "object",
312
+ "properties": {
313
+ "enabled": {
314
+ "type": "boolean",
315
+ "default": true
316
+ },
317
+ "tokenLength": {
318
+ "type": "number",
319
+ "default": 32,
320
+ "description": "CSRF token length"
321
+ },
322
+ "cookieName": {
323
+ "type": "string",
324
+ "default": "csrf_token",
325
+ "description": "CSRF cookie name"
326
+ },
327
+ "headerName": {
328
+ "type": "string",
329
+ "default": "X-CSRF-Token",
330
+ "description": "CSRF header name"
331
+ }
332
+ },
333
+ "additionalProperties": false,
334
+ "default": {}
335
+ },
336
+ "accountLinking": {
337
+ "type": "object",
338
+ "properties": {
339
+ "enabled": {
340
+ "type": "boolean",
341
+ "default": true,
342
+ "description": "Allow account linking"
343
+ },
344
+ "autoLink": {
345
+ "type": "boolean",
346
+ "default": false,
347
+ "description": "Automatically link accounts with same email"
348
+ },
349
+ "requireVerification": {
350
+ "type": "boolean",
351
+ "default": true,
352
+ "description": "Require email verification before linking"
353
+ }
354
+ },
355
+ "additionalProperties": false,
356
+ "default": {}
357
+ },
358
+ "twoFactor": {
359
+ "type": "object",
360
+ "properties": {
361
+ "enabled": {
362
+ "type": "boolean",
363
+ "default": false
364
+ },
365
+ "issuer": {
366
+ "type": "string",
367
+ "description": "TOTP issuer name"
368
+ },
369
+ "qrCodeSize": {
370
+ "type": "number",
371
+ "default": 200,
372
+ "description": "QR code size in pixels"
373
+ },
374
+ "backupCodes": {
375
+ "type": "object",
376
+ "properties": {
377
+ "enabled": {
378
+ "type": "boolean",
379
+ "default": true
380
+ },
381
+ "count": {
382
+ "type": "number",
383
+ "default": 10,
384
+ "description": "Number of backup codes to generate"
385
+ }
386
+ },
387
+ "additionalProperties": false
388
+ }
389
+ },
390
+ "additionalProperties": false
391
+ },
392
+ "organization": {
393
+ "type": "object",
394
+ "properties": {
395
+ "enabled": {
396
+ "type": "boolean",
397
+ "default": false,
398
+ "description": "Enable organization/multi-tenant features"
399
+ },
400
+ "allowUserToCreateOrg": {
401
+ "type": "boolean",
402
+ "default": true,
403
+ "description": "Allow users to create organizations"
404
+ },
405
+ "defaultRole": {
406
+ "type": "string",
407
+ "default": "member",
408
+ "description": "Default role for new members"
409
+ },
410
+ "creatorRole": {
411
+ "type": "string",
412
+ "default": "owner",
413
+ "description": "Role assigned to organization creator"
414
+ }
415
+ },
416
+ "additionalProperties": false,
417
+ "description": "Organization/multi-tenant configuration"
418
+ },
419
+ "enterprise": {
420
+ "type": "object",
421
+ "properties": {
422
+ "oidc": {
423
+ "type": "object",
424
+ "properties": {
425
+ "enabled": {
426
+ "type": "boolean",
427
+ "default": false
428
+ },
429
+ "issuer": {
430
+ "type": "string",
431
+ "format": "uri",
432
+ "description": "OIDC Issuer URL (.well-known/openid-configuration)"
433
+ },
434
+ "clientId": {
435
+ "type": "string",
436
+ "description": "OIDC client ID"
437
+ },
438
+ "clientSecret": {
439
+ "type": "string",
440
+ "description": "OIDC client secret"
441
+ },
442
+ "scopes": {
443
+ "type": "array",
444
+ "items": {
445
+ "type": "string"
446
+ },
447
+ "default": [
448
+ "openid",
449
+ "profile",
450
+ "email"
451
+ ],
452
+ "description": "OIDC scopes"
453
+ },
454
+ "attributeMapping": {
455
+ "type": "object",
456
+ "additionalProperties": {
457
+ "type": "string"
458
+ },
459
+ "description": "Map IdP claims to User fields"
460
+ },
461
+ "displayName": {
462
+ "type": "string",
463
+ "description": "Display name for the provider button"
464
+ },
465
+ "icon": {
466
+ "type": "string",
467
+ "description": "Icon URL or identifier"
468
+ }
469
+ },
470
+ "required": [
471
+ "issuer",
472
+ "clientId",
473
+ "clientSecret"
474
+ ],
475
+ "additionalProperties": false,
476
+ "description": "OpenID Connect configuration"
477
+ },
478
+ "saml": {
479
+ "type": "object",
480
+ "properties": {
481
+ "enabled": {
482
+ "type": "boolean",
483
+ "default": false
484
+ },
485
+ "entryPoint": {
486
+ "type": "string",
487
+ "format": "uri",
488
+ "description": "IdP SSO URL"
489
+ },
490
+ "cert": {
491
+ "type": "string",
492
+ "description": "IdP Public Certificate (PEM format)"
493
+ },
494
+ "issuer": {
495
+ "type": "string",
496
+ "description": "Entity ID of the IdP"
497
+ },
498
+ "signatureAlgorithm": {
499
+ "type": "string",
500
+ "enum": [
501
+ "sha256",
502
+ "sha512"
503
+ ],
504
+ "default": "sha256",
505
+ "description": "Signature algorithm"
506
+ },
507
+ "attributeMapping": {
508
+ "type": "object",
509
+ "additionalProperties": {
510
+ "type": "string"
511
+ },
512
+ "description": "Map SAML attributes to User fields"
513
+ },
514
+ "displayName": {
515
+ "type": "string",
516
+ "description": "Display name for the provider button"
517
+ },
518
+ "icon": {
519
+ "type": "string",
520
+ "description": "Icon URL or identifier"
521
+ }
522
+ },
523
+ "required": [
524
+ "entryPoint",
525
+ "cert",
526
+ "issuer"
527
+ ],
528
+ "additionalProperties": false,
529
+ "description": "SAML 2.0 configuration"
530
+ },
531
+ "ldap": {
532
+ "type": "object",
533
+ "properties": {
534
+ "enabled": {
535
+ "type": "boolean",
536
+ "default": false
537
+ },
538
+ "url": {
539
+ "type": "string",
540
+ "format": "uri",
541
+ "description": "LDAP Server URL (ldap:// or ldaps://)"
542
+ },
543
+ "bindDn": {
544
+ "type": "string",
545
+ "description": "Bind DN for LDAP authentication"
546
+ },
547
+ "bindCredentials": {
548
+ "type": "string",
549
+ "description": "Bind credentials"
550
+ },
551
+ "searchBase": {
552
+ "type": "string",
553
+ "description": "Search base DN"
554
+ },
555
+ "searchFilter": {
556
+ "type": "string",
557
+ "description": "Search filter"
558
+ },
559
+ "groupSearchBase": {
560
+ "type": "string",
561
+ "description": "Group search base DN"
562
+ },
563
+ "displayName": {
564
+ "type": "string",
565
+ "description": "Display name for the provider button"
566
+ },
567
+ "icon": {
568
+ "type": "string",
569
+ "description": "Icon URL or identifier"
570
+ }
571
+ },
572
+ "required": [
573
+ "url",
574
+ "bindDn",
575
+ "bindCredentials",
576
+ "searchBase",
577
+ "searchFilter"
578
+ ],
579
+ "additionalProperties": false,
580
+ "description": "LDAP/Active Directory configuration"
581
+ }
582
+ },
583
+ "additionalProperties": false
584
+ },
585
+ "userFieldMapping": {
586
+ "type": "object",
587
+ "properties": {
588
+ "id": {
589
+ "type": "string",
590
+ "default": "id",
591
+ "description": "User ID field"
592
+ },
593
+ "email": {
594
+ "type": "string",
595
+ "default": "email",
596
+ "description": "Email field"
597
+ },
598
+ "name": {
599
+ "type": "string",
600
+ "default": "name",
601
+ "description": "Name field"
602
+ },
603
+ "image": {
604
+ "type": "string",
605
+ "default": "image",
606
+ "description": "Profile image field"
607
+ },
608
+ "emailVerified": {
609
+ "type": "string",
610
+ "default": "email_verified",
611
+ "description": "Email verification status field"
612
+ },
613
+ "createdAt": {
614
+ "type": "string",
615
+ "default": "created_at",
616
+ "description": "Created timestamp field"
617
+ },
618
+ "updatedAt": {
619
+ "type": "string",
620
+ "default": "updated_at",
621
+ "description": "Updated timestamp field"
622
+ }
623
+ },
624
+ "additionalProperties": false,
625
+ "default": {}
626
+ },
627
+ "database": {
628
+ "type": "object",
629
+ "properties": {
630
+ "type": {
631
+ "type": "string",
632
+ "enum": [
633
+ "prisma",
634
+ "drizzle",
635
+ "kysely",
636
+ "custom"
637
+ ],
638
+ "description": "Database adapter type"
639
+ },
640
+ "connectionString": {
641
+ "type": "string",
642
+ "description": "Database connection string"
643
+ },
644
+ "tablePrefix": {
645
+ "type": "string",
646
+ "default": "auth_",
647
+ "description": "Prefix for auth tables"
648
+ },
649
+ "schema": {
650
+ "type": "string",
651
+ "description": "Database schema name"
652
+ }
653
+ },
654
+ "required": [
655
+ "type"
656
+ ],
657
+ "additionalProperties": false
658
+ },
659
+ "mapping": {
660
+ "type": "object",
661
+ "properties": {
662
+ "user": {
663
+ "type": "object",
664
+ "additionalProperties": {
665
+ "type": "string"
666
+ },
667
+ "description": "User field mapping (e.g., { \"emailVerified\": \"email_verified\" })"
668
+ },
669
+ "session": {
670
+ "type": "object",
671
+ "additionalProperties": {
672
+ "type": "string"
673
+ },
674
+ "default": {
675
+ "sessionToken": "token",
676
+ "expires": "expiresAt"
677
+ },
678
+ "description": "Session field mapping"
679
+ },
680
+ "account": {
681
+ "type": "object",
682
+ "additionalProperties": {
683
+ "type": "string"
684
+ },
685
+ "default": {
686
+ "providerAccountId": "accountId",
687
+ "provider": "providerId"
688
+ },
689
+ "description": "Account field mapping"
690
+ },
691
+ "verificationToken": {
692
+ "type": "object",
693
+ "additionalProperties": {
694
+ "type": "string"
695
+ },
696
+ "description": "VerificationToken field mapping"
697
+ }
698
+ },
699
+ "additionalProperties": false
700
+ },
701
+ "plugins": {
702
+ "type": "array",
703
+ "items": {
704
+ "type": "object",
705
+ "properties": {
706
+ "name": {
707
+ "type": "string",
708
+ "description": "Plugin name"
709
+ },
710
+ "enabled": {
711
+ "type": "boolean",
712
+ "default": true
713
+ },
714
+ "options": {
715
+ "type": "object",
716
+ "additionalProperties": {},
717
+ "description": "Plugin-specific options"
718
+ }
719
+ },
720
+ "required": [
721
+ "name"
722
+ ],
723
+ "additionalProperties": false
724
+ },
725
+ "default": []
726
+ },
727
+ "hooks": {
728
+ "type": "object",
729
+ "properties": {},
730
+ "additionalProperties": false,
731
+ "description": "Authentication lifecycle hooks"
732
+ },
733
+ "security": {
734
+ "type": "object",
735
+ "properties": {
736
+ "allowedOrigins": {
737
+ "type": "array",
738
+ "items": {
739
+ "type": "string"
740
+ },
741
+ "description": "CORS allowed origins"
742
+ },
743
+ "trustProxy": {
744
+ "type": "boolean",
745
+ "default": false,
746
+ "description": "Trust proxy headers"
747
+ },
748
+ "ipRateLimiting": {
749
+ "type": "boolean",
750
+ "default": true,
751
+ "description": "Enable IP-based rate limiting"
752
+ },
753
+ "sessionFingerprinting": {
754
+ "type": "boolean",
755
+ "default": true,
756
+ "description": "Enable session fingerprinting"
757
+ },
758
+ "maxSessions": {
759
+ "type": "number",
760
+ "default": 5,
761
+ "description": "Maximum concurrent sessions per user"
762
+ }
763
+ },
764
+ "additionalProperties": false,
765
+ "description": "Advanced security settings"
766
+ },
767
+ "email": {
768
+ "type": "object",
769
+ "properties": {
770
+ "from": {
771
+ "type": "string",
772
+ "format": "email",
773
+ "description": "From email address"
774
+ },
775
+ "fromName": {
776
+ "type": "string",
777
+ "description": "From name"
778
+ },
779
+ "provider": {
780
+ "type": "string",
781
+ "enum": [
782
+ "smtp",
783
+ "sendgrid",
784
+ "mailgun",
785
+ "ses",
786
+ "resend",
787
+ "custom"
788
+ ],
789
+ "description": "Email provider"
790
+ },
791
+ "config": {
792
+ "type": "object",
793
+ "additionalProperties": {},
794
+ "description": "Provider-specific configuration"
795
+ }
796
+ },
797
+ "required": [
798
+ "from",
799
+ "provider"
800
+ ],
801
+ "additionalProperties": false,
802
+ "description": "Email configuration"
803
+ },
804
+ "ui": {
805
+ "type": "object",
806
+ "properties": {
807
+ "brandName": {
808
+ "type": "string",
809
+ "description": "Brand name displayed in auth UI"
810
+ },
811
+ "logo": {
812
+ "type": "string",
813
+ "description": "Logo URL"
814
+ },
815
+ "primaryColor": {
816
+ "type": "string",
817
+ "description": "Primary brand color (hex)"
818
+ },
819
+ "customCss": {
820
+ "type": "string",
821
+ "description": "Custom CSS for auth pages"
822
+ }
823
+ },
824
+ "additionalProperties": false,
825
+ "description": "UI customization"
826
+ },
827
+ "active": {
828
+ "type": "boolean",
829
+ "default": true,
830
+ "description": "Whether this provider is active"
831
+ },
832
+ "allowRegistration": {
833
+ "type": "boolean",
834
+ "default": true,
835
+ "description": "Allow new user registration"
836
+ }
837
+ },
838
+ "required": [
839
+ "name",
840
+ "label",
841
+ "strategies",
842
+ "baseUrl",
843
+ "secret"
844
+ ],
845
+ "additionalProperties": false,
846
+ "description": "Standard authentication configuration"
847
+ }
848
+ },
849
+ "required": [
850
+ "type",
851
+ "config"
852
+ ],
853
+ "additionalProperties": false
854
+ }
855
+ },
856
+ "$schema": "http://json-schema.org/draft-07/schema#"
857
+ }