@repome/api 0.1.9 → 0.3.0

package/dist/index.mjs

@@ -1,11 +1,18 @@
 import * as z from "zod";
 import { oc } from "@orpc/contract";
+//#region package.json
+var version = "0.3.0";
+//#endregion
 //#region src/base.ts
+const validationIssueSchema = z.object({
+	path: z.array(z.union([z.string(), z.number()])).optional(),
+	message: z.string()
+});
 const commonErrors = {
 	BAD_REQUEST: {
 		status: 400,
 		message: "Bad request",
-		data: z.object({}).optional()
+		data: z.object({ issues: z.array(validationIssueSchema).optional() }).optional()
 	},
 	UNAUTHENTICATED: {
 		status: 401,
@@ -134,68 +141,70 @@ const commonErrors = {
 		status: 502,
 		message: "Repo import failed",
 		data: z.object({ name: z.string() })
+	},
+	ORG_LAST_OWNED: {
+		status: 409,
+		message: "Cannot delete your last owned organization",
+		data: z.object({ slug: z.string() })
+	},
+	ORG_HAS_REPOS: {
+		status: 409,
+		message: "Cannot delete an organization that still owns repos",
+		data: z.object({
+			slug: z.string(),
+			repoCount: z.number().int().nonnegative()
+		})
 	}
 };
 const ocBase = oc.errors(commonErrors);
-//#endregion
-//#region src/orgs.ts
-const orgSlugHint = "Lowercase, alphanumeric, - only.";
-const orgSlugSchema = z.string().min(1).max(64).regex(/^[a-z0-9][a-z0-9-]*$/, orgSlugHint);
-const PERSONAL_ORG_SLUG = "~";
-const repoScopeSchema = z.object({ orgSlug: z.union([orgSlugSchema, z.literal("~")]).optional() });
-const orgIdOrSlugSchema = z.object({ idOrSlug: z.string().min(1) });
-const orgCreateInputSchema = z.object({
-	slug: orgSlugSchema,
-	name: z.string().min(1).max(80)
-});
-const orgViewSchema = z.object({
-	id: z.string(),
-	slug: z.string(),
-	name: z.string(),
-	logo: z.string().nullable(),
-	metadata: z.string().nullable(),
-	createdAt: z.number()
-});
-const orgListOutputSchema = z.object({ items: z.array(orgViewSchema) });
-const orgs = {
-	create: ocBase.input(orgCreateInputSchema).output(orgViewSchema),
-	list: ocBase.output(orgListOutputSchema),
-	get: ocBase.input(orgIdOrSlugSchema).output(orgViewSchema),
-	delete: ocBase.input(orgIdOrSlugSchema).output(z.object({ deleted: z.literal(true) }))
-};
+const ocPublic = ocBase.route({ spec: (operation) => ({
+	...operation,
+	security: []
+}) });
 //#endregion
 //#region src/pagination.ts
 const cursorSchema = z.string().optional().describe("Opaque pagination cursor from a previous page. Lenient: an undecodable cursor restarts from the first page; a stale cursor (pointing at a removed item) yields an empty page on git listings and continues past the cursor position on catalog listings. Never an error.");
 //#endregion
 //#region src/repos.ts
-const repoNameHint = "Lowercase, alphanumeric, ._- only.";
+const repoNameHint = "Lowercase, alphanumeric, ._- only; \"..\" is not allowed.";
 const CLONE_TOKEN_SCOPE = "read";
-const repoNameSchema = z.string().min(1).max(64).regex(/^[a-z0-9][a-z0-9._-]*$/, repoNameHint);
+const repoNameSchema = z.string().min(1).max(64).regex(/^[a-z0-9][a-z0-9._-]*$/, repoNameHint).refine((value) => !value.includes(".."), repoNameHint);
 function parseRepoName(value) {
 	return repoNameSchema.parse(value);
 }
-const repoIdentSchema = repoScopeSchema.extend({ name: repoNameSchema });
+const defaultBranchHint = "Branch name (\"main\") or refs/heads/-qualified; other refs/ namespaces are not branches.";
+const REFS_HEADS_PREFIX = "refs/heads/";
+/**
+* The one normalizer for default-branch spellings: a refs/heads/-qualified
+* value becomes the short name, anything else passes through. Persisted rows
+* hold the short shape only — the default-branch guards, headOid, and
+* clone/view templates all build `refs/heads/${defaultBranch}` from it, so a
+* qualified spelling would silently fall outside them.
+*/
+function normalizeDefaultBranch(branch) {
+	return branch.startsWith(REFS_HEADS_PREFIX) ? branch.slice(11) : branch;
+}
+const defaultBranchSchema = z.string().min(1).max(139).transform(normalizeDefaultBranch).pipe(z.string().min(1).max(128).refine((value) => !value.startsWith("refs/"), defaultBranchHint));
+const repoIdentSchema = z.object({ name: repoNameSchema });
 const repoCreateInputSchema = repoIdentSchema.extend({
 	description: z.string().max(512).optional(),
-	defaultBranch: z.string().min(1).max(128).default("main")
+	defaultBranch: defaultBranchSchema.default("main")
 });
 const repoEnsureInputSchema = repoCreateInputSchema;
 const repoImportInputSchema = repoCreateInputSchema.extend({ remote: z.url() });
 const repoUpdateInputSchema = repoIdentSchema.extend({
 	description: z.string().max(512).nullable().optional(),
-	defaultBranch: z.string().min(1).max(128).optional()
+	defaultBranch: defaultBranchSchema.optional()
 });
-const repoListInputSchema = repoScopeSchema.extend({
+const repoListInputSchema = z.object({
 	cursor: cursorSchema,
 	limit: z.number().int().min(1).max(100).default(50)
 });
 const repoSchema = z.object({
-	orgId: z.string(),
 	name: z.string(),
 	ownerId: z.string(),
 	description: z.string().nullable(),
 	defaultBranch: z.string(),
-	artifactName: z.string(),
 	artifactId: z.string().nullable(),
 	remote: z.string().nullable(),
 	readOnly: z.boolean(),
@@ -229,20 +238,20 @@ const repos = {
 };
 //#endregion
 //#region src/git.ts
-const pageInputSchema = repoScopeSchema.extend({
+const pageInputSchema = z.object({
 	name: repoNameSchema,
 	cursor: cursorSchema,
 	limit: z.number().int().min(1).max(100).default(50)
 });
-const refInputSchema = repoScopeSchema.extend({
+const refInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1)
 });
-const oidInputSchema = repoScopeSchema.extend({
+const oidInputSchema = z.object({
 	name: repoNameSchema,
 	oid: z.string().min(1)
 });
-const treeInputSchema = repoScopeSchema.extend({
+const treeInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1).default("HEAD"),
 	path: z.string().optional(),
@@ -250,7 +259,7 @@ const treeInputSchema = repoScopeSchema.extend({
 	cursor: cursorSchema,
 	limit: z.number().int().min(1).max(100).default(50)
 });
-const blobInputSchema = repoScopeSchema.extend({
+const blobInputSchema = z.object({
 	name: repoNameSchema,
 	oid: z.string().min(1)
 });
@@ -260,12 +269,12 @@ const signatureSchema$1 = z.object({
 	timestamp: z.number().int().optional(),
 	timezoneOffset: z.number().int().optional()
 });
-const branchCreateInputSchema = repoScopeSchema.extend({
+const branchCreateInputSchema = z.object({
 	name: repoNameSchema,
 	branch: z.string().min(1),
 	fromRef: z.string().min(1)
 });
-const branchUpdateInputSchema = repoScopeSchema.extend({
+const branchUpdateInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1),
 	oid: z.string().min(1),
@@ -273,23 +282,23 @@ const branchUpdateInputSchema = repoScopeSchema.extend({
 	force: z.boolean().optional(),
 	allowDefaultBranchRewrite: z.boolean().optional()
 });
-const branchDeleteInputSchema = repoScopeSchema.extend({
+const branchDeleteInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1),
 	expectedOid: z.string().min(1).optional()
 });
-const tagCreateInputSchema = repoScopeSchema.extend({
+const tagCreateInputSchema = z.object({
 	name: repoNameSchema,
 	tag: z.string().min(1),
 	oid: z.string().min(1),
 	message: z.string().min(1).optional(),
 	tagger: signatureSchema$1.optional()
 });
-const tagDeleteInputSchema = repoScopeSchema.extend({
+const tagDeleteInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1)
 });
-const commitCreateInputSchema = repoScopeSchema.extend({
+const commitCreateInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1),
 	message: z.string().min(1),
@@ -304,7 +313,7 @@ const workspaceFileSchema$1 = z.object({
 	content: z.string(),
 	encoding: z.literal("base64").default("base64")
 });
-const workspaceCommitInputSchema = repoScopeSchema.extend({
+const workspaceCommitInputSchema = z.object({
 	name: repoNameSchema,
 	ref: z.string().min(1).default("refs/heads/main"),
 	message: z.string().min(1),
@@ -317,14 +326,14 @@ const workspaceCommitInputSchema = repoScopeSchema.extend({
 	message: "workspace.commit requires at least one file or remove",
 	path: ["files"]
 });
-const compareInputSchema = repoScopeSchema.extend({
+const compareInputSchema = z.object({
 	name: repoNameSchema,
 	base: z.string().min(1),
 	head: z.string().min(1),
 	cursor: cursorSchema,
 	limit: z.number().int().min(1).max(250).default(250)
 });
-const diffInputSchema = repoScopeSchema.extend({
+const diffInputSchema = z.object({
 	name: repoNameSchema,
 	base: z.string().min(1),
 	head: z.string().min(1),
@@ -451,13 +460,23 @@ const git = {
 //#endregion
 //#region src/tokens.ts
 const tokenScopeSchema = z.enum(["read", "write"]);
-const tokenMintInputSchema = repoScopeSchema.extend({
+const TOKEN_OPS = [
+	"refs",
+	"object",
+	"merge",
+	"seed",
+	"clone",
+	"agent"
+];
+const tokenOpSchema = z.enum(TOKEN_OPS).describe("Token op selecting the TTL cap: refs 60s, object 300s, merge 600s, seed 600s, clone 900s, agent 1800s. Defaults to `refs` (60s) when omitted. The effective TTL is min(requested ttlSeconds, op cap, server hard cap), floored at 60s.");
+const gitRemoteOpSchema = z.string().min(1).max(32).describe("Git operation from the credential helper (e.g. `push`, `fetch`). `push` and `receive-pack` mint write-scope tokens; anything else mints read scope. Values outside the token op set (refs, object, merge, seed, clone, agent) use the default refs 60s TTL cap.");
+const tokenMintInputSchema = z.object({
 	name: repoNameSchema,
 	scope: tokenScopeSchema,
 	ttlSeconds: z.number().int().positive().optional(),
-	op: z.string().min(1).max(32).optional()
+	op: tokenOpSchema.optional()
 });
-const tokenIdentInputSchema = repoScopeSchema.extend({
+const tokenIdentInputSchema = z.object({
 	name: repoNameSchema,
 	id: z.string().min(1)
 });
@@ -467,7 +486,7 @@ const tokenMintForGitRemoteInputSchema = z.object({
 	host: z.string().min(1),
 	path: z.string().min(1),
 	ttlSeconds: z.number().int().positive().optional(),
-	op: z.string().min(1).max(32).optional()
+	op: gitRemoteOpSchema.optional()
 });
 const tokenViewSchema = z.object({
 	id: z.string(),
@@ -482,7 +501,7 @@ const tokenViewSchema = z.object({
 	revokedAt: z.string().nullable()
 });
 const tokenMintOutputSchema = tokenViewSchema.extend({ token: z.string() });
-const tokenListInputSchema = repoScopeSchema.extend({ name: repoNameSchema });
+const tokenListInputSchema = z.object({ name: repoNameSchema });
 const tokenListOutputSchema = z.object({ items: z.array(tokenViewSchema) });
 const tokenRevokeOutputSchema = z.object({ revoked: z.boolean() });
 const tokenValidateOutputSchema = z.object({
@@ -521,7 +540,7 @@ const anonBlobInputSchema = anonRepoIdentSchema.extend({ oid: z.string().min(1)
 const anonRepoCreateInputSchema = z.object({
 	name: repoNameSchema.optional(),
 	description: z.string().max(512).optional(),
-	defaultBranch: z.string().min(1).max(128).default("main"),
+	defaultBranch: defaultBranchSchema.default("main"),
 	ttlSeconds: z.number().int().min(60).max(3600 * 72).optional()
 });
 const anonRepoSchema = repoSchema.extend({
@@ -542,7 +561,7 @@ const anonTokenMintForGitRemoteInputSchema = z.object({
 	host: z.string().min(1),
 	path: z.string().min(1),
 	ttlSeconds: z.number().int().positive().optional(),
-	op: z.string().min(1).max(32).optional()
+	op: gitRemoteOpSchema.optional()
 });
 const signatureSchema = z.object({
 	name: z.string().min(1),
@@ -576,21 +595,21 @@ function pageOf(item) {
 }
 const anon = {
 	repos: {
-		create: ocBase.input(anonRepoCreateInputSchema).output(anonRepoCreateOutputSchema),
-		get: ocBase.input(anonRepoIdentSchema).output(anonRepoSchema),
-		list: ocBase.input(anonRepoListInputSchema).output(anonRepoListOutputSchema),
-		delete: ocBase.input(anonRepoIdentSchema).output(z.object({ deleted: z.literal(true) }))
+		create: ocPublic.input(anonRepoCreateInputSchema).output(anonRepoCreateOutputSchema),
+		get: ocPublic.input(anonRepoIdentSchema).output(anonRepoSchema),
+		list: ocPublic.input(anonRepoListInputSchema).output(anonRepoListOutputSchema),
+		delete: ocPublic.input(anonRepoIdentSchema).output(z.object({ deleted: z.literal(true) }))
 	},
-	tokens: { mintForGitRemote: ocBase.input(anonTokenMintForGitRemoteInputSchema).output(tokenMintOutputSchema) },
+	tokens: { mintForGitRemote: ocPublic.input(anonTokenMintForGitRemoteInputSchema).output(tokenMintOutputSchema) },
 	git: {
 		refs: {
-			list: ocBase.input(anonPageInputSchema).output(pageOf(gitRefSchema)),
-			get: ocBase.input(anonRefInputSchema).output(gitRefSchema)
+			list: ocPublic.input(anonPageInputSchema).output(pageOf(gitRefSchema)),
+			get: ocPublic.input(anonRefInputSchema).output(gitRefSchema)
 		},
-		commits: { list: ocBase.input(anonPageInputSchema.extend({ ref: z.string().optional() })).output(pageOf(gitCommitSchema)) },
-		tree: { get: ocBase.input(anonTreeInputSchema).output(pageOf(gitTreeEntrySchema)) },
-		blob: { get: ocBase.input(anonBlobInputSchema).output(z.union([gitBlobSchema, gitBlobTooLargeSchema])) },
-		workspace: { commit: ocBase.input(anonWorkspaceCommitInputSchema).output(z.object({
+		commits: { list: ocPublic.input(anonPageInputSchema.extend({ ref: z.string().optional() })).output(pageOf(gitCommitSchema)) },
+		tree: { get: ocPublic.input(anonTreeInputSchema).output(pageOf(gitTreeEntrySchema)) },
+		blob: { get: ocPublic.input(anonBlobInputSchema).output(z.union([gitBlobSchema, gitBlobTooLargeSchema])) },
+		workspace: { commit: ocPublic.input(anonWorkspaceCommitInputSchema).output(z.object({
 			commit: gitCommitSchema,
 			ref: gitRefSchema
 		})) }
@@ -598,7 +617,7 @@ const anon = {
 };
 //#endregion
 //#region src/health.ts
-const health = { ping: ocBase.input(z.void()).output(z.object({
+const health = { ping: ocPublic.input(z.void()).output(z.object({
 	ok: z.literal(true),
 	ts: z.number()
 })) };
@@ -648,6 +667,27 @@ const keys = {
 	delete: ocBase.input(apiKeyDeleteInputSchema).output(apiKeyDeleteOutputSchema)
 };
 //#endregion
+//#region src/orgs.ts
+const orgSlugHint = "Lowercase, alphanumeric, - only.";
+const orgSlugSchema = z.string().min(1).max(64).regex(/^[a-z0-9][a-z0-9-]*$/, orgSlugHint);
+const orgIdOrSlugSchema = z.object({ idOrSlug: z.string().min(1) });
+const orgCreateInputSchema = z.object({ name: z.string().min(1).max(80).optional() });
+const orgViewSchema = z.object({
+	id: z.string(),
+	slug: z.string(),
+	name: z.string(),
+	logo: z.string().nullable(),
+	metadata: z.string().nullable(),
+	createdAt: z.number()
+});
+const orgListOutputSchema = z.object({ items: z.array(orgViewSchema) });
+const orgs = {
+	create: ocBase.input(orgCreateInputSchema).output(orgViewSchema),
+	list: ocBase.output(orgListOutputSchema),
+	get: ocBase.input(orgIdOrSlugSchema).output(orgViewSchema),
+	delete: ocBase.input(orgIdOrSlugSchema).output(z.object({ deleted: z.literal(true) }))
+};
+//#endregion
 //#region src/members.ts
 const memberRoleSchema = z.enum([
 	"owner",
@@ -739,6 +779,8 @@ function serializeAnonIdRecord(record) {
 }
 //#endregion
 //#region src/index.ts
+/** Contract package version; propagated into OpenAPI `info.version` (ISSUE-0057 V10-D2). */
+const apiVersion = version;
 const contract = {
 	anon,
 	health,
@@ -751,4 +793,4 @@ const contract = {
 	tokens
 };
 //#endregion
-export { ANON_ID_STORE_VERSION, CLONE_TOKEN_SCOPE, PERSONAL_ORG_SLUG, anonRepoSchema, apiKeyViewSchema, commonErrors, compareViewSchema, contract, cursorSchema, diffFileSchema, diffViewSchema, gitBlobSchema, gitCommitSchema, gitRefSchema, gitTreeEntrySchema, invitationListItemSchema, invitationViewSchema, meViewSchema, memberRoleSchema, memberViewSchema, mutableMemberRoleSchema, orgSlugHint, orgSlugSchema, orgViewSchema, parseAnonIdFile, parseRepoName, repoNameHint, repoNameSchema, repoSchema, scopeSchema, serializeAnonIdRecord, tokenScopeSchema, tokenViewSchema };
+export { ANON_ID_STORE_VERSION, CLONE_TOKEN_SCOPE, TOKEN_OPS, anonRepoSchema, apiKeyViewSchema, apiVersion, commonErrors, compareViewSchema, contract, cursorSchema, defaultBranchHint, defaultBranchSchema, diffFileSchema, diffViewSchema, gitBlobSchema, gitCommitSchema, gitRefSchema, gitTreeEntrySchema, invitationListItemSchema, invitationViewSchema, meViewSchema, memberRoleSchema, memberViewSchema, mutableMemberRoleSchema, normalizeDefaultBranch, orgSlugHint, orgSlugSchema, orgViewSchema, parseAnonIdFile, parseRepoName, repoNameHint, repoNameSchema, repoSchema, scopeSchema, serializeAnonIdRecord, tokenOpSchema, tokenScopeSchema, tokenViewSchema };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@repome/api",
-  "version": "0.1.9",
+  "version": "0.3.0",
   "description": "Agent-native, GitHub-shaped forge — shared oRPC contract (zod schemas + procedure shapes).",
   "keywords": [
     "agent",