@oxyhq/core 3.2.0 → 3.4.1

package/dist/types/HttpService.d.ts

@@ -104,14 +104,60 @@ export declare class HttpService {
      * into a `Headers`-compatible object.
      */
     private static parseXHRHeaders;
+    /**
+     * Delimiter that separates the logical `method:url[:data]` portion of a
+     * cache key from its identity suffix. Always APPENDED, never used to parse
+     * a key apart, so the `method:url` prefix stays intact for
+     * `clearCacheByPrefix` sweeps and `clearCacheEntry` base-key matching.
+     * The `clearCacheEntry` callsites all pass fixed, dataless logical keys
+     * (`GET:/users/<id>`, `GET:/session/user/<sessionId>`,
+     * `GET:/fedcm/me/authorized-apps`), so this readable suffix can never be
+     * ambiguous with a serialized request body.
+     */
+    private static readonly CACHE_IDENTITY_DELIM;
+    /**
+     * Derive a stable, non-sensitive identity discriminator for cache scoping.
+     *
+     * The GET-response cache MUST be partitioned by caller identity: endpoints
+     * with optional auth (e.g. `GET /profiles/recommendations`) return different
+     * content for an anonymous vs an authenticated caller, and per-user content
+     * for different authenticated users. Keying solely on `method:url:data`
+     * (the previous behavior) let an anonymous response be served to an
+     * authenticated caller — surfacing as "Who to follow" recommending accounts
+     * the user already follows after a cold-boot session restore.
+     *
+     * We use the access token's decoded user id (`userId || id`) rather than the
+     * raw JWT so the token never lands in a cache key (no token leakage through
+     * any cache-key logging, no key bloat). The acting-as id is folded in because
+     * managed-account responses differ per acting identity — and `X-Acting-As`
+     * already changes the server response for the same bearer token. Falls back
+     * to `'anon'` when there is no token, and to a short FNV-1a hash of the token
+     * only if it is present but cannot be decoded (degraded but still partitioned,
+     * never colliding anon with authed).
+     */
+    private computeIdentityTag;
     /**
      * Generate cache key efficiently
      * Uses a content-addressed hash for large payloads so two requests with
      * the same shape but different values never collide on the same key
      * (which would silently serve stale data — e.g. paginated search results,
      * large object updates).
+     *
+     * The key is identity-scoped: the logical `method:url[:data]` portion is
+     * suffixed with ` id=<identityTag>` so two callers with different
+     * identities (anon vs authed, or two different users) never share an entry.
+     * The identity tag is placed at the END so the key still STARTS with
+     * `method:url`, preserving the prefix-based invalidation in
+     * `clearCacheByPrefix` (e.g. `GET:/session/user/`) and the base-key matching
+     * in `clearCacheEntry`.
      */
     private generateCacheKey;
+    /**
+     * Build the identity-agnostic portion of a cache key (`method:url[:data]`).
+     * Kept separate so identity scoping is applied in exactly one place
+     * (`generateCacheKey`) and cannot drift between the cache and dedupe paths.
+     */
+    private generateBaseCacheKey;
     /**
      * Build full URL with query params
      */
@@ -169,6 +215,17 @@ export declare class HttpService {
     hasAccessToken(): boolean;
     getBaseURL(): string;
     clearCache(): void;
+    /**
+     * Delete a cache entry by its LOGICAL key (`method:url[:data]`).
+     *
+     * Because the response cache is identity-scoped — stored keys carry an
+     * ` id=<identityTag>` suffix — a caller passing the logical key
+     * `GET:/users/<id>` must invalidate that resource for EVERY identity that
+     * cached it (e.g. `updateProfile` busting a user representation that may be
+     * cached under both the owner's id and a viewer's id). We therefore delete
+     * the exact key (for any pre-existing un-suffixed entries) AND every
+     * identity-scoped variant `<key> id=*`.
+     */
     clearCacheEntry(key: string): void;
     /**
      * Delete every cache entry whose key starts with `prefix`.

package/dist/types/OxyServices.d.ts

@@ -80,7 +80,7 @@ import { composeOxyServices } from './mixins';
  * - **Privacy**: Blocked and restricted users
  * - **Language**: Language detection and metadata
  * - **Payment**: Payment processing
- * - **Karma**: Karma system
+ * - **Reputation**: Reputation system (Oxy Trust)
  * - **Assets**: File upload and asset management
  * - **Applications**: Application, membership, and credential management
  * - **Workspaces**: Workspace and membership management

package/dist/types/constants/version.d.ts

@@ -5,9 +5,9 @@
 export declare const packageInfo: {
     readonly name: "@oxyhq/services";
     readonly version: "5.2.1";
-    readonly description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";
+    readonly description: "Reusable OxyHQ module to handle authentication, user management, reputation system (Oxy Trust) and more 🚀";
     readonly main: "lib/commonjs/node/index.js";
     readonly module: "lib/module/node/index.js";
     readonly types: "lib/typescript/node/index.d.ts";
 };
-export declare const name: "@oxyhq/services", version: "5.2.1", description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";
+export declare const name: "@oxyhq/services", version: "5.2.1", description: "Reusable OxyHQ module to handle authentication, user management, reputation system (Oxy Trust) and more 🚀";

package/dist/types/index.d.ts

@@ -35,6 +35,7 @@ export type { ContactDiscoveryMatch, ContactDiscoveryResponse, } from './mixins/
 export { OxyAppDataIdentifierError } from './mixins/OxyServices.appData';
 export type { Application, PublicApplication, ApplicationMember, ApplicationCredential, ApplicationRole, ApplicationType, ApplicationStatus, ApplicationMemberStatus, ApplicationCredentialType, ApplicationCredentialStatus, ApplicationEnvironment, CreateApplicationInput, UpdateApplicationInput, InviteApplicationMemberInput, UpdateApplicationMemberInput, TransferApplicationOwnershipInput, CreateApplicationCredentialInput, ApplicationCredentialWithSecret, RotateApplicationCredentialResult, ApplicationUsagePeriod, ApplicationUsageSummary, ApplicationUsageByDay, ApplicationUsageByEndpoint, ApplicationUsageStats, ApplicationSuccessResult, } from './mixins/OxyServices.applications';
 export type { Workspace, WorkspaceMember, WorkspaceRole, WorkspaceType, WorkspaceStatus, WorkspaceMemberStatus, CreateWorkspaceInput, UpdateWorkspaceInput, InviteWorkspaceMemberInput, UpdateWorkspaceMemberInput, TransferWorkspaceOwnershipInput, WorkspaceSuccessResult, } from './mixins/OxyServices.workspaces';
+export type { ReputationCategory, TrustTier, ReputationTransactionStatus, ReputationTargetEntityType, ReputationDisputeStatus, ReputationInfluenceContext, ReputationTransaction, ReputationBalanceBreakdown, ReputationInfluence, ReputationReliability, ReputationBalance, ReputationDispute, ReputationRule, ReputationLeaderboardEntry, ReputationInfluenceResult, ReverseReputationTransactionResult, AwardReputationInput, CreateReputationDisputeInput, ResolveReputationDisputeInput, UpsertReputationRuleInput, ReverseReputationTransactionInput, } from './mixins/OxyServices.reputation';
 export { SessionSyncRequiredError, AuthenticationFailedError, ensureValidToken, isAuthenticationError, withAuthErrorHandling, authenticatedApiCall, } from './utils/authHelpers';
 export type { HandleApiErrorOptions } from './utils/authHelpers';
 export { mergeSessions, normalizeAndSortSessions, sessionsArraysEqual, } from './utils/sessionUtils';
@@ -48,7 +49,7 @@ export { RecoveryPhraseService } from './crypto/recoveryPhrase';
 export type { RecoveryPhraseResult } from './crypto/recoveryPhrase';
 export { DeviceManager } from './utils/deviceManager';
 export type { DeviceFingerprint, StoredDeviceInfo } from './utils/deviceManager';
-export type { OxyConfig, PrivacySettings, NotificationPreferences, UserPreferences, User, LoginResponse, Notification, Wallet, Transaction, BlockedUser, RestrictedUser, TransferFundsRequest, PurchaseRequest, WithdrawalRequest, TransactionResponse, PaginationInfo, SearchProfilesResponse, KarmaRule, KarmaHistory, KarmaLeaderboardEntry, KarmaAwardRequest, ApiError, PaymentMethod, PaymentRequest, PaymentResponse, AnalyticsData, FollowerDetails, ContentViewer, FileMetadata, FileUploadResponse, FileListResponse, FileUpdateRequest, FileDeleteResponse, RNFileDescriptor, AssetUploadInput, FileVisibility, AssetLink, AssetMetadata, AssetVariant, Asset, AssetInitRequest, AssetInitResponse, AssetCompleteRequest, AssetLinkRequest, AssetUnlinkRequest, AssetUrlResponse, AssetDeleteSummary, AssetUpdateVisibilityRequest, AssetUpdateVisibilityResponse, AccountStorageCategoryUsage, AccountStorageUsageResponse, SecurityEventType, SecurityEventSeverity, SecurityActivity, SecurityActivityResponse, AssetUploadProgress, DeviceSession, DeviceSessionsResponse, DeviceSessionLogoutResponse, UpdateDeviceNameResponse, } from './models/interfaces';
+export type { OxyConfig, PrivacySettings, NotificationPreferences, UserPreferences, User, LoginResponse, Notification, Wallet, Transaction, BlockedUser, RestrictedUser, TransferFundsRequest, PurchaseRequest, WithdrawalRequest, TransactionResponse, PaginationInfo, SearchProfilesResponse, ApiError, PaymentMethod, PaymentRequest, PaymentResponse, AnalyticsData, FollowerDetails, ContentViewer, FileMetadata, FileUploadResponse, FileListResponse, FileUpdateRequest, FileDeleteResponse, RNFileDescriptor, AssetUploadInput, FileVisibility, AssetLink, AssetMetadata, AssetVariant, Asset, AssetInitRequest, AssetInitResponse, AssetCompleteRequest, AssetLinkRequest, AssetUnlinkRequest, AssetUrlResponse, AssetDeleteSummary, AssetUpdateVisibilityRequest, AssetUpdateVisibilityResponse, AccountStorageCategoryUsage, AccountStorageUsageResponse, SecurityEventType, SecurityEventSeverity, SecurityActivity, SecurityActivityResponse, AssetUploadProgress, DeviceSession, DeviceSessionsResponse, DeviceSessionLogoutResponse, UpdateDeviceNameResponse, } from './models/interfaces';
 export { SECURITY_EVENT_SEVERITY_MAP } from './models/interfaces';
 export { TopicType, TopicSource } from './models/Topic';
 export type { TopicData, TopicTranslation } from './models/Topic';

package/dist/types/mixins/OxyServices.applications.d.ts

@@ -179,7 +179,11 @@ export interface UpdateApplicationInput {
 }
 /** Input accepted by `inviteApplicationMember`. The owner role cannot be invited. */
 export interface InviteApplicationMemberInput {
-    userId: string;
+    /**
+     * The username or email of the user to invite. Resolved to a user server-side;
+     * an unknown value yields a 404 "User not found".
+     */
+    usernameOrEmail: string;
     role: Exclude<ApplicationRole, 'owner'>;
 }
 /** Input accepted by `updateApplicationMember`. */
@@ -300,7 +304,9 @@ export declare function OxyServicesApplicationsMixin<T extends typeof OxyService
         /**
          * Add a member to an application.
          * @param applicationId - The application's Mongo `_id`.
-         * @param data - Target user id and role (never `owner`).
+         * @param data - Target user's username or email and role (never `owner`).
+         *   The server resolves `usernameOrEmail` to a user; an unknown value yields
+         *   a 404 "User not found".
          */
         inviteApplicationMember(applicationId: string, data: InviteApplicationMemberInput): Promise<ApplicationMember>;
         /**

package/dist/types/mixins/OxyServices.features.d.ts

@@ -65,7 +65,6 @@ export interface UserStats {
     commentCount: number;
     followerCount: number;
     followingCount: number;
-    karmaScore?: number;
 }
 export interface HistoryItem {
     id: string;

package/dist/types/mixins/OxyServices.reputation.d.ts

@@ -0,0 +1,436 @@
+/**
+ * Reputation Methods Mixin (Oxy Trust)
+ *
+ * Provides typed access to the reputation ledger (#217) and the derived
+ * trust-tier / capped-influence model (#219) via the `/reputation` API.
+ *
+ * The reputation ledger is append-only: transactions are NEVER deleted.
+ * A correction is expressed either as a compensating REVERSAL (the original is
+ * marked `reversed` and a new `active` transaction with negated points is
+ * appended) or a VOID (the original is marked `voided` and excluded from the
+ * balance). A user's `ReputationBalance` is a recomputable cache of the sum of
+ * their `active` transactions, augmented with a trust tier, capped influence
+ * weights, and reliability signals.
+ *
+ * Reference users by their Mongo `_id` (or publicKey, which the API resolves),
+ * transactions by their `id`, and disputes by their `id`.
+ */
+import type { OxyServicesBase } from '../OxyServices.base';
+import type { User } from '../models/interfaces';
+/**
+ * Category bucket a reputation transaction falls into. Drives the per-category
+ * balance breakdown.
+ */
+export type ReputationCategory = 'content' | 'social' | 'trust' | 'moderation' | 'physical' | 'penalty' | 'other';
+/** Trust tiers, lowest → highest (plus the punitive `restricted`). */
+export type TrustTier = 'new' | 'trusted' | 'high_trust' | 'verified' | 'restricted';
+/**
+ * Transaction lifecycle status. Only `active` transactions count toward the
+ * balance; `disputed` still counts until the dispute resolves; `reversed` and
+ * `voided` are excluded.
+ */
+export type ReputationTransactionStatus = 'active' | 'disputed' | 'reversed' | 'voided';
+/** Kind of entity a transaction may target. */
+export type ReputationTargetEntityType = 'post' | 'comment' | 'report' | 'purchase' | 'event' | 'check_in' | 'manual_review' | 'user' | 'other';
+/** Dispute lifecycle status. */
+export type ReputationDisputeStatus = 'open' | 'accepted' | 'rejected' | 'needs_review';
+/** Influence context selecting which capped weight axis to return. */
+export type ReputationInfluenceContext = 'default' | 'report' | 'moderation' | 'ranking';
+/**
+ * A single immutable entry in the reputation ledger. Ids are emitted as strings
+ * and dates as ISO strings by the API.
+ */
+export interface ReputationTransaction {
+    /** The transaction's Mongo `_id` as a string. */
+    id: string;
+    /** Subject of the reputation change — the user whose balance moves. */
+    userId: string;
+    /** Signed point delta. Positive awards, negative penalties/reversals. */
+    points: number;
+    /** The rule/action key that produced this transaction (e.g. `post_created`). */
+    actionType: string;
+    /** Category bucket the points fall into. */
+    category: ReputationCategory;
+    /** Canonical source application that reported the action, if any. */
+    applicationId?: string;
+    /** The specific credential used by the source application, if any. */
+    credentialId?: string;
+    /** Opaque id of the originating action in the source system (idempotency key). */
+    sourceActionId?: string;
+    /** Source-system action type (e.g. `report_confirmed`, `event_check_in`). */
+    sourceActionType?: string;
+    /** Id of the entity the action targeted (post id, report id, etc.). */
+    targetEntityId?: string;
+    /** Kind of the targeted entity. */
+    targetEntityType?: ReputationTargetEntityType;
+    /** Lifecycle status — only `active` transactions count toward the balance. */
+    status: ReputationTransactionStatus;
+    /**
+     * Set ONLY on a compensating reversal transaction; references the original
+     * transaction it reverses. The original carries `status: 'reversed'`.
+     */
+    reversedTransactionId?: string;
+    /** Human-readable reason / note. */
+    reason?: string;
+    /** Free-form structured metadata from the source system. */
+    metadata?: Record<string, unknown>;
+    /** The user who caused this change (the liker, the reporting user, staff). */
+    createdByUserId?: string;
+    /** Staff/service principal who reviewed (reversed/voided) this transaction. */
+    reviewedByUserId?: string;
+    /** ISO timestamp the transaction was reviewed at, if reviewed. */
+    reviewedAt?: string;
+    /** ISO creation timestamp. */
+    createdAt: string;
+    /** ISO last-update timestamp. */
+    updatedAt: string;
+}
+/**
+ * Per-category sums of a user's ACTIVE transactions. `penalties` is the
+ * absolute sum of every negative-point transaction; the named buckets carry the
+ * signed sum of transactions in that category.
+ */
+export interface ReputationBalanceBreakdown {
+    content: number;
+    social: number;
+    trust: number;
+    moderation: number;
+    physical: number;
+    penalties: number;
+}
+/**
+ * Capped influence weights (#219). Every weight is clamped to a configured
+ * range; restricted users are floored on every axis. Downstream systems
+ * (ranking, moderation, reporting) consume these to weight a user's
+ * contributions without letting any single user dominate.
+ */
+export interface ReputationInfluence {
+    /** General-purpose trust weight derived from the lifetime total. */
+    defaultWeight: number;
+    /** Weight applied to this user's reports (scales with report accuracy). */
+    reportWeight: number;
+    /** Weight applied to this user's moderation actions (scales with tier). */
+    moderationWeight: number;
+    /** Damped weight applied to this user's ranking feedback. */
+    rankingFeedbackWeight: number;
+}
+/**
+ * Reliability signals (#219) derived from the user's moderation track record in
+ * the ledger.
+ */
+export interface ReputationReliability {
+    /** Count of active transactions stamped `report_confirmed`. */
+    accurateReports: number;
+    /** Count of active transactions stamped `report_rejected`. */
+    rejectedReports: number;
+    /** accurate / (accurate + rejected), or the neutral 0.5 when no history. */
+    reportAccuracyScore: number;
+    /** Smoothed 0..1 abuse signal; high values force the `restricted` tier. */
+    abuseScore: number;
+}
+/**
+ * Cached, recomputable snapshot of a user's reputation. Shape mirrors the
+ * `/reputation/:userId/balance` response (which omits internal `lastTransactionId`
+ * and `createdAt`).
+ */
+export interface ReputationBalance {
+    userId: string;
+    /** Net lifetime total across all active transactions. */
+    total: number;
+    /** Sum of positive points only. */
+    positive: number;
+    /** Sum of negative points only (a negative number). */
+    negative: number;
+    breakdown: ReputationBalanceBreakdown;
+    trustTier: TrustTier;
+    influence: ReputationInfluence;
+    reliability: ReputationReliability;
+    /** ISO timestamp the snapshot was last recomputed at. */
+    recalculatedAt: string;
+    /** ISO last-update timestamp. */
+    updatedAt: string;
+}
+/**
+ * A user-initiated dispute against a specific reputation transaction. Ids are
+ * strings and dates ISO strings.
+ */
+export interface ReputationDispute {
+    /** The dispute's Mongo `_id` as a string. */
+    id: string;
+    /** The transaction being disputed. */
+    transactionId: string;
+    /** The user raising the dispute. */
+    userId: string;
+    /** Why the user believes the transaction is wrong. */
+    reason: string;
+    status: ReputationDisputeStatus;
+    /** Optional supporting evidence (URLs / references). */
+    evidence?: string[];
+    /** ISO timestamp the dispute was resolved at, if resolved. */
+    resolvedAt?: string;
+    /** Staff principal who resolved the dispute, if resolved. */
+    resolvedByUserId?: string;
+    /** ISO creation timestamp. */
+    createdAt: string;
+    /** ISO last-update timestamp. */
+    updatedAt: string;
+}
+/**
+ * A configurable reputation award/penalty rule. The `/reputation/rules`
+ * response shape: `id` is the rule's `_id`; no timestamps are emitted.
+ */
+export interface ReputationRule {
+    /** The rule's Mongo `_id` as a string. */
+    id: string;
+    /** Unique action key (e.g. `post_created`). */
+    actionType: string;
+    /** Signed points the rule awards (may be negative for penalties). */
+    points: number;
+    /** Category the resulting transaction is filed under. */
+    category: ReputationCategory;
+    description: string;
+    /** Per (user, actionType) cooldown in minutes; 0 disables the cooldown. */
+    cooldownInMinutes: number;
+    isEnabled: boolean;
+}
+/**
+ * A single leaderboard entry. `user` is the populated user document the API
+ * returns alongside the lifetime total, derived trust tier, and 1-based rank.
+ */
+export interface ReputationLeaderboardEntry {
+    /** The populated user (id, username, name, avatar, publicKey). */
+    user: Pick<User, 'id' | 'username' | 'name' | 'avatar' | 'publicKey'> & Partial<User>;
+    /** Net lifetime total. */
+    total: number;
+    /** Derived trust tier. */
+    trustTier: TrustTier;
+    /** 1-based rank within the leaderboard (`offset + index + 1`). */
+    rank: number;
+}
+/**
+ * Result of `getReputationInfluence` — the requested context, the single capped
+ * weight for that context, and the full influence block.
+ */
+export interface ReputationInfluenceResult {
+    context: ReputationInfluenceContext;
+    weight: number;
+    influence: ReputationInfluence;
+}
+/**
+ * Result of `reverseReputationTransaction` — the now-`reversed` original plus
+ * the compensating `active` reversal entry.
+ */
+export interface ReverseReputationTransactionResult {
+    original: ReputationTransaction;
+    reversal: ReputationTransaction;
+}
+/**
+ * Input for `awardReputation`. Awarding is restricted to service tokens (the
+ * canonical path) and platform staff; regular users may NOT award reputation.
+ * When called with a service token, `applicationId` / `credentialId` are
+ * resolved from the token and any client-supplied values are ignored.
+ */
+export interface AwardReputationInput {
+    /** The subject whose reputation changes (`_id` or publicKey). */
+    userId: string;
+    /** The enabled rule's action key (e.g. `post_created`). */
+    actionType: string;
+    /** Source application id (ignored for service tokens). */
+    applicationId?: string;
+    /** Source credential id (ignored for service tokens). */
+    credentialId?: string;
+    /** Opaque originating-action id used as the idempotency key. */
+    sourceActionId?: string;
+    /** Source-system action type. */
+    sourceActionType?: string;
+    /** Id of the targeted entity. */
+    targetEntityId?: string;
+    /** Kind of the targeted entity. */
+    targetEntityType?: ReputationTargetEntityType;
+    /** Optional human-readable reason (max 500 chars). */
+    reason?: string;
+    /** Free-form structured metadata from the source system. */
+    metadata?: Record<string, unknown>;
+}
+/** Input for `createReputationDispute`. The disputer is the authenticated user. */
+export interface CreateReputationDisputeInput {
+    /** The transaction being disputed. */
+    transactionId: string;
+    /** Why the transaction is believed to be wrong (1..1000 chars). */
+    reason: string;
+    /** Optional supporting evidence (URLs / references; max 20). */
+    evidence?: string[];
+}
+/** Input for `resolveReputationDispute` (staff). */
+export interface ResolveReputationDisputeInput {
+    /** Accepting reverses the disputed transaction; rejecting restores it. */
+    status: 'accepted' | 'rejected';
+}
+/** Input for `upsertReputationRule` (staff). Keyed by `actionType`. */
+export interface UpsertReputationRuleInput {
+    /** Unique action key (e.g. `post_created`). */
+    actionType: string;
+    /** Signed points the rule awards (may be negative). */
+    points: number;
+    /** Category the resulting transaction is filed under. */
+    category: ReputationCategory;
+    /** Human-readable description (1..500 chars). */
+    description: string;
+    /** Per (user, actionType) cooldown in minutes; defaults to 0. */
+    cooldownInMinutes?: number;
+    /** Whether the rule is active; defaults to true. */
+    isEnabled?: boolean;
+}
+/**
+ * Input for `reverseReputationTransaction` / `voidReputationTransaction`
+ * (staff). The reviewing principal is the authenticated user.
+ */
+export interface ReverseReputationTransactionInput {
+    /** Optional human-readable reason (max 500 chars). */
+    reason?: string;
+}
+export declare function OxyServicesReputationMixin<T extends typeof OxyServicesBase>(Base: T): {
+    new (...args: any[]): {
+        /**
+         * Get a user's cached reputation balance — derived totals, per-category
+         * breakdown, trust tier, capped influence weights, and reliability signals.
+         * @param userId - The subject user's `_id` or publicKey.
+         */
+        getReputationBalance(userId: string): Promise<ReputationBalance>;
+        /**
+         * Get the reputation leaderboard, ordered by lifetime total descending.
+         * @param limit - Page size (server-capped).
+         * @param offset - Page offset.
+         */
+        getReputationLeaderboard(limit?: number, offset?: number): Promise<ReputationLeaderboardEntry[]>;
+        /**
+         * List the enabled reputation rules (for client display).
+         */
+        getReputationRules(): Promise<ReputationRule[]>;
+        /**
+         * Get a user's paginated reputation ledger, newest first (auth required).
+         * @param userId - The subject user's `_id` or publicKey.
+         * @param limit - Page size (server-capped).
+         * @param offset - Page offset.
+         */
+        getReputationTransactions(userId: string, limit?: number, offset?: number): Promise<ReputationTransaction[]>;
+        /**
+         * Get a user's capped influence weight for a given context (auth required).
+         * @param userId - The subject user's `_id` or publicKey.
+         * @param context - The weight axis to read (defaults server-side to `default`).
+         */
+        getReputationInfluence(userId: string, context?: ReputationInfluenceContext): Promise<ReputationInfluenceResult>;
+        /**
+         * Award (or penalise) reputation to a user by `actionType`. Restricted to
+         * service tokens and platform staff. Invalidates cached reputation reads.
+         * @param input - The award payload (subject, action, source, target, etc.).
+         */
+        awardReputation(input: AwardReputationInput): Promise<ReputationTransaction>;
+        /**
+         * Open a dispute against a transaction (auth required; the disputer is the
+         * authenticated user and must own the transaction).
+         * @param input - The transaction id, reason, and optional evidence.
+         */
+        createReputationDispute(input: CreateReputationDisputeInput): Promise<ReputationDispute>;
+        /**
+         * List a user's own reputation disputes (auth required; the caller must be
+         * the subject or platform staff).
+         * @param userId - The subject user's `_id` or publicKey.
+         * @param limit - Page size (server-capped).
+         * @param offset - Page offset.
+         */
+        getUserReputationDisputes(userId: string, limit?: number, offset?: number): Promise<ReputationDispute[]>;
+        /**
+         * Create or update a reputation rule, keyed by `actionType` (staff only).
+         * Invalidates the cached rule list.
+         * @param input - The rule definition.
+         */
+        upsertReputationRule(input: UpsertReputationRuleInput): Promise<ReputationRule>;
+        /**
+         * Reverse a transaction (staff only): mark the original `reversed` and append
+         * a compensating `active` reversal with negated points. Invalidates cached
+         * reputation reads.
+         * @param transactionId - The transaction's id.
+         * @param input - Optional reason for the reversal.
+         */
+        reverseReputationTransaction(transactionId: string, input?: ReverseReputationTransactionInput): Promise<ReverseReputationTransactionResult>;
+        /**
+         * Void a transaction (staff only): mark it `voided` so it is excluded from
+         * the balance, with NO compensating entry. Invalidates cached reputation
+         * reads.
+         * @param transactionId - The transaction's id.
+         * @param input - Optional reason for the void.
+         */
+        voidReputationTransaction(transactionId: string, input?: ReverseReputationTransactionInput): Promise<ReputationTransaction>;
+        /**
+         * Force a recompute of a user's balance snapshot from their active ledger
+         * (staff only). Invalidates cached reputation reads.
+         * @param userId - The subject user's `_id` or publicKey.
+         */
+        recalculateReputation(userId: string): Promise<ReputationBalance>;
+        /**
+         * Get the open dispute queue across all users (staff only).
+         * @param limit - Page size (server-capped).
+         * @param offset - Page offset.
+         */
+        getReputationDisputeQueue(limit?: number, offset?: number): Promise<ReputationDispute[]>;
+        /**
+         * Resolve a dispute (staff only). Accepting reverses the disputed
+         * transaction; rejecting restores it to `active`. Invalidates cached
+         * reputation reads.
+         * @param disputeId - The dispute's id.
+         * @param input - The resolution (`accepted` or `rejected`).
+         */
+        resolveReputationDispute(disputeId: string, input: ResolveReputationDisputeInput): Promise<ReputationDispute>;
+        httpService: import("../HttpService").HttpService;
+        cloudURL: string;
+        config: import("../OxyServices.base").OxyConfig;
+        __resetTokensForTests(): void;
+        makeRequest<T_1>(method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE", url: string, data?: any, options?: import("../HttpService").RequestOptions): Promise<T_1>;
+        getBaseURL(): string;
+        getSessionBaseUrl(): string;
+        getClient(): import("../HttpService").HttpService;
+        getMetrics(): {
+            totalRequests: number;
+            successfulRequests: number;
+            failedRequests: number;
+            cacheHits: number;
+            cacheMisses: number;
+            averageResponseTime: number;
+        };
+        clearCache(): void;
+        clearCacheEntry(key: string): void;
+        clearCacheByPrefix(prefix: string): number;
+        getCacheStats(): {
+            size: number;
+            hits: number;
+            misses: number;
+            hitRate: number;
+        };
+        getCloudURL(): string;
+        setTokens(accessToken: string, refreshToken?: string): void;
+        clearTokens(): void;
+        onTokensChanged(listener: (accessToken: string | null) => void): () => void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
+        getCurrentUserId(): string | null;
+        hasValidToken(): boolean;
+        getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
+        waitForAuth(timeoutMs?: number): Promise<boolean>;
+        withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
+            maxRetries?: number;
+            retryDelay?: number;
+            authTimeoutMs?: number;
+        }): Promise<T_1>;
+        validate(): Promise<boolean>;
+        handleError(error: unknown): Error;
+        healthCheck(): Promise<{
+            status: string;
+            users?: number;
+            timestamp?: string;
+            [key: string]: any;
+        }>;
+    };
+} & T;

package/dist/types/mixins/OxyServices.workspaces.d.ts

@@ -72,7 +72,11 @@ export interface UpdateWorkspaceInput {
 }
 /** Input accepted by `inviteWorkspaceMember`. The owner role cannot be invited. */
 export interface InviteWorkspaceMemberInput {
-    userId: string;
+    /**
+     * The username or email of the user to invite. Resolved to a user server-side;
+     * an unknown value yields a 404 "User not found".
+     */
+    usernameOrEmail: string;
     role: Exclude<WorkspaceRole, 'owner'>;
 }
 /** Input accepted by `updateWorkspaceMember`. The owner role cannot be assigned. */
@@ -122,7 +126,9 @@ export declare function OxyServicesWorkspacesMixin<T extends typeof OxyServicesB
         /**
          * Add a member to a workspace.
          * @param workspaceId - The workspace's Mongo `_id`.
-         * @param data - Target user id and role (never `owner`).
+         * @param data - Target user's username or email and role (never `owner`).
+         *   The server resolves `usernameOrEmail` to a user; an unknown value yields
+         *   a 404 "User not found".
          */
         inviteWorkspaceMember(workspaceId: string, data: InviteWorkspaceMemberInput): Promise<WorkspaceMember>;
         /**

package/dist/types/mixins/index.d.ts

@@ -14,7 +14,7 @@ import { OxyServicesUserMixin } from './OxyServices.user';
 import { OxyServicesPrivacyMixin } from './OxyServices.privacy';
 import { OxyServicesLanguageMixin } from './OxyServices.language';
 import { OxyServicesPaymentMixin } from './OxyServices.payment';
-import { OxyServicesKarmaMixin } from './OxyServices.karma';
+import { OxyServicesReputationMixin } from './OxyServices.reputation';
 import { OxyServicesAssetsMixin } from './OxyServices.assets';
 import { OxyServicesApplicationsMixin } from './OxyServices.applications';
 import { OxyServicesWorkspacesMixin } from './OxyServices.workspaces';
@@ -37,7 +37,7 @@ import { OxyServicesAppDataMixin } from './OxyServices.appData';
  * If you add a new mixin to `MIXIN_PIPELINE`, add it here too so its methods
  * are visible without a cast.
  */
-type AllMixinInstances = InstanceType<ReturnType<typeof OxyServicesAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesFedCMMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPopupAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesRedirectAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesSsoMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesUserMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPrivacyMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesLanguageMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPaymentMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesKarmaMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAssetsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesApplicationsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesWorkspacesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesLocationMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAnalyticsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesDevicesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesSecurityMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesFeaturesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesTopicsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesManagedAccountsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesContactsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAppDataMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesUtilityMixin<typeof OxyServicesBase>>>;
+type AllMixinInstances = InstanceType<ReturnType<typeof OxyServicesAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesFedCMMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPopupAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesRedirectAuthMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesSsoMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesUserMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPrivacyMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesLanguageMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesPaymentMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesReputationMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAssetsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesApplicationsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesWorkspacesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesLocationMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAnalyticsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesDevicesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesSecurityMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesFeaturesMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesTopicsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesManagedAccountsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesContactsMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesAppDataMixin<typeof OxyServicesBase>>> & InstanceType<ReturnType<typeof OxyServicesUtilityMixin<typeof OxyServicesBase>>>;
 /**
  * Constructor type for the fully composed mixin pipeline. Each mixin returns
  * a new constructor that augments its input; reducing across the pipeline