@robelest/convex-auth 0.0.4-preview.13 → 0.0.4-preview.15

package/dist/component/public/factors.js

@@ -0,0 +1,285 @@
+import { mutation, query } from "../functions.js";
+import { vDeviceCodeDoc, vDeviceStatus, vPasskeyDoc, vRateLimitResult, vTotpFactorDoc } from "../model.js";
+import { v } from "./shared.js";
+
+//#region src/component/public/factors.ts
+/** Store a new passkey credential for a user. */
+const passkeyInsert = mutation({
+	args: {
+		userId: v.id("User"),
+		credentialId: v.string(),
+		publicKey: v.bytes(),
+		algorithm: v.number(),
+		counter: v.number(),
+		transports: v.optional(v.array(v.string())),
+		deviceType: v.string(),
+		backedUp: v.boolean(),
+		name: v.optional(v.string()),
+		createdAt: v.number()
+	},
+	returns: v.id("Passkey"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("Passkey", args);
+	}
+});
+/** Look up a passkey by its credential ID. */
+const passkeyGetByCredentialId = query({
+	args: { credentialId: v.string() },
+	returns: v.union(vPasskeyDoc, v.null()),
+	handler: async (ctx, { credentialId }) => {
+		return await ctx.db.query("Passkey").withIndex("credential_id", (q) => q.eq("credentialId", credentialId)).unique();
+	}
+});
+/** List all passkeys for a user. */
+const passkeyListByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.array(vPasskeyDoc),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("Passkey").withIndex("user_id", (q) => q.eq("userId", userId)).collect();
+	}
+});
+/** Update a passkey's counter and last used timestamp after authentication. */
+const passkeyUpdateCounter = mutation({
+	args: {
+		passkeyId: v.id("Passkey"),
+		counter: v.number(),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {
+		await ctx.db.patch("Passkey", passkeyId, {
+			counter,
+			lastUsedAt
+		});
+		return null;
+	}
+});
+/** Update a passkey's metadata (name). */
+const passkeyUpdateMeta = mutation({
+	args: {
+		passkeyId: v.id("Passkey"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { passkeyId, data }) => {
+		await ctx.db.patch("Passkey", passkeyId, data);
+		return null;
+	}
+});
+/** Delete a passkey credential. */
+const passkeyDelete = mutation({
+	args: { passkeyId: v.id("Passkey") },
+	returns: v.null(),
+	handler: async (ctx, { passkeyId }) => {
+		await ctx.db.delete("Passkey", passkeyId);
+		return null;
+	}
+});
+/** Store a new TOTP enrollment for a user. */
+const totpInsert = mutation({
+	args: {
+		userId: v.id("User"),
+		secret: v.bytes(),
+		digits: v.number(),
+		period: v.number(),
+		verified: v.boolean(),
+		name: v.optional(v.string()),
+		createdAt: v.number()
+	},
+	returns: v.id("TotpFactor"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("TotpFactor", args);
+	}
+});
+/** Get a verified TOTP enrollment for a user (returns first match). */
+const totpGetVerifiedByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.union(vTotpFactorDoc, v.null()),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("TotpFactor").withIndex("user_id", (q) => q.eq("userId", userId)).filter((q) => q.eq(q.field("verified"), true)).first();
+	}
+});
+/** List all TOTP enrollments for a user. */
+const totpListByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.array(vTotpFactorDoc),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("TotpFactor").withIndex("user_id", (q) => q.eq("userId", userId)).collect();
+	}
+});
+/** Get a TOTP enrollment by its ID. */
+const totpGetById = query({
+	args: { totpId: v.id("TotpFactor") },
+	returns: v.union(vTotpFactorDoc, v.null()),
+	handler: async (ctx, { totpId }) => {
+		return await ctx.db.get("TotpFactor", totpId);
+	}
+});
+/** Mark a TOTP enrollment as verified (setup complete). */
+const totpMarkVerified = mutation({
+	args: {
+		totpId: v.id("TotpFactor"),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { totpId, lastUsedAt }) => {
+		await ctx.db.patch("TotpFactor", totpId, {
+			verified: true,
+			lastUsedAt
+		});
+		return null;
+	}
+});
+/** Update a TOTP enrollment's last used timestamp. */
+const totpUpdateLastUsed = mutation({
+	args: {
+		totpId: v.id("TotpFactor"),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { totpId, lastUsedAt }) => {
+		await ctx.db.patch("TotpFactor", totpId, { lastUsedAt });
+		return null;
+	}
+});
+/** Delete a TOTP enrollment. */
+const totpDelete = mutation({
+	args: { totpId: v.id("TotpFactor") },
+	returns: v.null(),
+	handler: async (ctx, { totpId }) => {
+		await ctx.db.delete("TotpFactor", totpId);
+		return null;
+	}
+});
+/** Look up a rate limit entry by its identifier. */
+const rateLimitGet = query({
+	args: { identifier: v.string() },
+	returns: v.union(vRateLimitResult, v.null()),
+	handler: async (ctx, { identifier }) => {
+		const row = await ctx.db.query("RateLimit").withIndex("by_identifier", (q) => q.eq("identifier", identifier)).unique();
+		if (row === null) return null;
+		return {
+			...row,
+			attemptsLeft: row.attempts_left,
+			lastAttemptTime: row.last_attempt_time
+		};
+	}
+});
+/** Create a new rate limit entry. */
+const rateLimitCreate = mutation({
+	args: {
+		identifier: v.string(),
+		attemptsLeft: v.number(),
+		lastAttemptTime: v.number()
+	},
+	returns: v.id("RateLimit"),
+	handler: async (ctx, { identifier, attemptsLeft, lastAttemptTime }) => {
+		return await ctx.db.insert("RateLimit", {
+			identifier,
+			attempts_left: attemptsLeft,
+			last_attempt_time: lastAttemptTime
+		});
+	}
+});
+/** Patch a rate limit entry with partial data. */
+const rateLimitPatch = mutation({
+	args: {
+		rateLimitId: v.id("RateLimit"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { rateLimitId, data }) => {
+		const nextData = { ...data };
+		if (nextData.attemptsLeft !== void 0) {
+			nextData.attempts_left = nextData.attemptsLeft;
+			delete nextData.attemptsLeft;
+		}
+		if (nextData.lastAttemptTime !== void 0) {
+			nextData.last_attempt_time = nextData.lastAttemptTime;
+			delete nextData.lastAttemptTime;
+		}
+		await ctx.db.patch("RateLimit", rateLimitId, nextData);
+		return null;
+	}
+});
+/** Delete a rate limit entry. */
+const rateLimitDelete = mutation({
+	args: { rateLimitId: v.id("RateLimit") },
+	returns: v.null(),
+	handler: async (ctx, { rateLimitId }) => {
+		await ctx.db.delete("RateLimit", rateLimitId);
+		return null;
+	}
+});
+/** Insert a new device authorization record. */
+const deviceInsert = mutation({
+	args: {
+		deviceCodeHash: v.string(),
+		userCode: v.string(),
+		expiresAt: v.number(),
+		interval: v.number(),
+		status: vDeviceStatus
+	},
+	returns: v.id("DeviceCode"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("DeviceCode", args);
+	}
+});
+/** Look up a device authorization by its hashed device code. */
+const deviceGetByCodeHash = query({
+	args: { deviceCodeHash: v.string() },
+	returns: v.union(vDeviceCodeDoc, v.null()),
+	handler: async (ctx, { deviceCodeHash }) => {
+		return await ctx.db.query("DeviceCode").withIndex("device_code_hash", (q) => q.eq("deviceCodeHash", deviceCodeHash)).first();
+	}
+});
+/** Look up a pending device authorization by its user code. */
+const deviceGetByUserCode = query({
+	args: { userCode: v.string() },
+	returns: v.union(vDeviceCodeDoc, v.null()),
+	handler: async (ctx, { userCode }) => {
+		return await ctx.db.query("DeviceCode").withIndex("user_code_status", (q) => q.eq("userCode", userCode).eq("status", "pending")).first();
+	}
+});
+/** Authorize a device code — link it to a user and session. */
+const deviceAuthorize = mutation({
+	args: {
+		deviceId: v.id("DeviceCode"),
+		userId: v.id("User"),
+		sessionId: v.id("Session")
+	},
+	returns: v.null(),
+	handler: async (ctx, { deviceId, userId, sessionId }) => {
+		await ctx.db.patch("DeviceCode", deviceId, {
+			status: "authorized",
+			userId,
+			sessionId
+		});
+		return null;
+	}
+});
+/** Update the last-polled timestamp on a device authorization record. */
+const deviceUpdateLastPolled = mutation({
+	args: {
+		deviceId: v.id("DeviceCode"),
+		lastPolledAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { deviceId, lastPolledAt }) => {
+		await ctx.db.patch("DeviceCode", deviceId, { lastPolledAt });
+		return null;
+	}
+});
+/** Delete a device authorization record (cleanup after use or expiry). */
+const deviceDelete = mutation({
+	args: { deviceId: v.id("DeviceCode") },
+	returns: v.null(),
+	handler: async (ctx, { deviceId }) => {
+		await ctx.db.delete("DeviceCode", deviceId);
+		return null;
+	}
+});
+
+//#endregion
+export { deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed };
+//# sourceMappingURL=factors.js.map

package/dist/component/public/factors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factors.js","names":[],"sources":["../../../src/component/public/factors.ts"],"sourcesContent":["import {\n  mutation,\n  query,\n  v,\n  vDeviceCodeDoc,\n  vDeviceStatus,\n  vPasskeyDoc,\n  vRateLimitResult,\n  vTotpFactorDoc,\n} from \"./shared\";\n\n// ============================================================================\n// Passkeys\n// ============================================================================\n\n/** Store a new passkey credential for a user. */\nexport const passkeyInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    credentialId: v.string(),\n    publicKey: v.bytes(),\n    algorithm: v.number(),\n    counter: v.number(),\n    transports: v.optional(v.array(v.string())),\n    deviceType: v.string(),\n    backedUp: v.boolean(),\n    name: v.optional(v.string()),\n    createdAt: v.number(),\n  },\n  returns: v.id(\"Passkey\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"Passkey\", args);\n  },\n});\n\n/** Look up a passkey by its credential ID. */\nexport const passkeyGetByCredentialId = query({\n  args: { credentialId: v.string() },\n  returns: v.union(vPasskeyDoc, v.null()),\n  handler: async (ctx, { credentialId }) => {\n    return await ctx.db\n      .query(\"Passkey\")\n      .withIndex(\"credential_id\", (q) => q.eq(\"credentialId\", credentialId))\n      .unique();\n  },\n});\n\n/** List all passkeys for a user. */\nexport const passkeyListByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vPasskeyDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Passkey\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .collect();\n  },\n});\n\n/** Update a passkey's counter and last used timestamp after authentication. */\nexport const passkeyUpdateCounter = mutation({\n  args: {\n    passkeyId: v.id(\"Passkey\"),\n    counter: v.number(),\n    lastUsedAt: v.number(),\n  },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {\n    await ctx.db.patch(\"Passkey\", passkeyId, { counter, lastUsedAt });\n    return null;\n  },\n});\n\n/** Update a passkey's metadata (name). */\nexport const passkeyUpdateMeta = mutation({\n  args: { passkeyId: v.id(\"Passkey\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId, data }) => {\n    await ctx.db.patch(\"Passkey\", passkeyId, data);\n    return null;\n  },\n});\n\n/** Delete a passkey credential. */\nexport const passkeyDelete = mutation({\n  args: { passkeyId: v.id(\"Passkey\") },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId }) => {\n    await ctx.db.delete(\"Passkey\", passkeyId);\n    return null;\n  },\n});\n\n// ============================================================================\n// TOTP Two-Factor Authentication\n// ============================================================================\n\n/** Store a new TOTP enrollment for a user. */\nexport const totpInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    secret: v.bytes(),\n    digits: v.number(),\n    period: v.number(),\n    verified: v.boolean(),\n    name: v.optional(v.string()),\n    createdAt: v.number(),\n  },\n  returns: v.id(\"TotpFactor\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"TotpFactor\", args);\n  },\n});\n\n/** Get a verified TOTP enrollment for a user (returns first match). */\nexport const totpGetVerifiedByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.union(vTotpFactorDoc, v.null()),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"TotpFactor\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .filter((q) => q.eq(q.field(\"verified\"), true))\n      .first();\n  },\n});\n\n/** List all TOTP enrollments for a user. */\nexport const totpListByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vTotpFactorDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"TotpFactor\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .collect();\n  },\n});\n\n/** Get a TOTP enrollment by its ID. */\nexport const totpGetById = query({\n  args: { totpId: v.id(\"TotpFactor\") },\n  returns: v.union(vTotpFactorDoc, v.null()),\n  handler: async (ctx, { totpId }) => {\n    return await ctx.db.get(\"TotpFactor\", totpId);\n  },\n});\n\n/** Mark a TOTP enrollment as verified (setup complete). */\nexport const totpMarkVerified = mutation({\n  args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { totpId, lastUsedAt }) => {\n    await ctx.db.patch(\"TotpFactor\", totpId, { verified: true, lastUsedAt });\n    return null;\n  },\n});\n\n/** Update a TOTP enrollment's last used timestamp. */\nexport const totpUpdateLastUsed = mutation({\n  args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { totpId, lastUsedAt }) => {\n    await ctx.db.patch(\"TotpFactor\", totpId, { lastUsedAt });\n    return null;\n  },\n});\n\n/** Delete a TOTP enrollment. */\nexport const totpDelete = mutation({\n  args: { totpId: v.id(\"TotpFactor\") },\n  returns: v.null(),\n  handler: async (ctx, { totpId }) => {\n    await ctx.db.delete(\"TotpFactor\", totpId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Rate Limits\n// ============================================================================\n\n/** Look up a rate limit entry by its identifier. */\nexport const rateLimitGet = query({\n  args: { identifier: v.string() },\n  returns: v.union(vRateLimitResult, v.null()),\n  handler: async (ctx, { identifier }) => {\n    const row = await ctx.db\n      .query(\"RateLimit\")\n      .withIndex(\"by_identifier\", (q) => q.eq(\"identifier\", identifier))\n      .unique();\n    if (row === null) {\n      return null;\n    }\n    return {\n      ...row,\n      attemptsLeft: row.attempts_left,\n      lastAttemptTime: row.last_attempt_time,\n    };\n  },\n});\n\n/** Create a new rate limit entry. */\nexport const rateLimitCreate = mutation({\n  args: {\n    identifier: v.string(),\n    attemptsLeft: v.number(),\n    lastAttemptTime: v.number(),\n  },\n  returns: v.id(\"RateLimit\"),\n  handler: async (ctx, { identifier, attemptsLeft, lastAttemptTime }) => {\n    return await ctx.db.insert(\"RateLimit\", {\n      identifier,\n      attempts_left: attemptsLeft,\n      last_attempt_time: lastAttemptTime,\n    });\n  },\n});\n\n/** Patch a rate limit entry with partial data. */\nexport const rateLimitPatch = mutation({\n  args: { rateLimitId: v.id(\"RateLimit\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { rateLimitId, data }) => {\n    const nextData: Record<string, unknown> = { ...data };\n    if (nextData.attemptsLeft !== undefined) {\n      nextData.attempts_left = nextData.attemptsLeft;\n      delete nextData.attemptsLeft;\n    }\n    if (nextData.lastAttemptTime !== undefined) {\n      nextData.last_attempt_time = nextData.lastAttemptTime;\n      delete nextData.lastAttemptTime;\n    }\n    await ctx.db.patch(\"RateLimit\", rateLimitId, nextData);\n    return null;\n  },\n});\n\n/** Delete a rate limit entry. */\nexport const rateLimitDelete = mutation({\n  args: { rateLimitId: v.id(\"RateLimit\") },\n  returns: v.null(),\n  handler: async (ctx, { rateLimitId }) => {\n    await ctx.db.delete(\"RateLimit\", rateLimitId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Device Authorization (RFC 8628)\n// ============================================================================\n\n/** Insert a new device authorization record. */\nexport const deviceInsert = mutation({\n  args: {\n    deviceCodeHash: v.string(),\n    userCode: v.string(),\n    expiresAt: v.number(),\n    interval: v.number(),\n    status: vDeviceStatus,\n  },\n  returns: v.id(\"DeviceCode\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"DeviceCode\", args);\n  },\n});\n\n/** Look up a device authorization by its hashed device code. */\nexport const deviceGetByCodeHash = query({\n  args: { deviceCodeHash: v.string() },\n  returns: v.union(vDeviceCodeDoc, v.null()),\n  handler: async (ctx, { deviceCodeHash }) => {\n    return await ctx.db\n      .query(\"DeviceCode\")\n      .withIndex(\"device_code_hash\", (q) =>\n        q.eq(\"deviceCodeHash\", deviceCodeHash),\n      )\n      .first();\n  },\n});\n\n/** Look up a pending device authorization by its user code. */\nexport const deviceGetByUserCode = query({\n  args: { userCode: v.string() },\n  returns: v.union(vDeviceCodeDoc, v.null()),\n  handler: async (ctx, { userCode }) => {\n    return await ctx.db\n      .query(\"DeviceCode\")\n      .withIndex(\"user_code_status\", (q) =>\n        q.eq(\"userCode\", userCode).eq(\"status\", \"pending\"),\n      )\n      .first();\n  },\n});\n\n/** Authorize a device code — link it to a user and session. */\nexport const deviceAuthorize = mutation({\n  args: {\n    deviceId: v.id(\"DeviceCode\"),\n    userId: v.id(\"User\"),\n    sessionId: v.id(\"Session\"),\n  },\n  returns: v.null(),\n  handler: async (ctx, { deviceId, userId, sessionId }) => {\n    await ctx.db.patch(\"DeviceCode\", deviceId, {\n      status: \"authorized\",\n      userId,\n      sessionId,\n    });\n    return null;\n  },\n});\n\n/** Update the last-polled timestamp on a device authorization record. */\nexport const deviceUpdateLastPolled = mutation({\n  args: { deviceId: v.id(\"DeviceCode\"), lastPolledAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { deviceId, lastPolledAt }) => {\n    await ctx.db.patch(\"DeviceCode\", deviceId, { lastPolledAt });\n    return null;\n  },\n});\n\n/** Delete a device authorization record (cleanup after use or expiry). */\nexport const deviceDelete = mutation({\n  args: { deviceId: v.id(\"DeviceCode\") },\n  returns: v.null(),\n  handler: async (ctx, { deviceId }) => {\n    await ctx.db.delete(\"DeviceCode\", deviceId);\n    return null;\n  },\n});\n"],"mappings":";;;;;;AAgBA,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,cAAc,EAAE,QAAQ;EACxB,WAAW,EAAE,OAAO;EACpB,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EAC3C,YAAY,EAAE,QAAQ;EACtB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAK;;CAE9C,CAAC;;AAGF,MAAa,2BAA2B,MAAM;CAC5C,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;CAClC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,kBAAkB,MAAM,EAAE,GAAG,gBAAgB,aAAa,CAAC,CACrE,QAAQ;;CAEd,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;AAGF,MAAa,uBAAuB,SAAS;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,QAAQ;EACvB;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,SAAS,iBAAiB;AAC1D,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW;GAAE;GAAS;GAAY,CAAC;AACjE,SAAO;;CAEV,CAAC;;AAGF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;AAGF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC;;AAOF,MAAa,aAAa,SAAS;CACjC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,QAAQ,EAAE,OAAO;EACjB,QAAQ,EAAE,QAAQ;EAClB,QAAQ,EAAE,QAAQ;EAClB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc,KAAK;;CAEjD,CAAC;;AAGF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,WAAW,EAAE,KAAK,CAAC,CAC9C,OAAO;;CAEb,CAAC;;AAGF,MAAa,mBAAmB,MAAM;CACpC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,eAAe;CAChC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;AAGF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,cAAc,OAAO;;CAEhD,CAAC;;AAGF,MAAa,mBAAmB,SAAS;CACvC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ;GAAE,UAAU;GAAM;GAAY,CAAC;AACxE,SAAO;;CAEV,CAAC;;AAGF,MAAa,qBAAqB,SAAS;CACzC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ,EAAE,YAAY,CAAC;AACxD,SAAO;;CAEV,CAAC;;AAGF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,QAAM,IAAI,GAAG,OAAO,cAAc,OAAO;AACzC,SAAO;;CAEV,CAAC;;AAOF,MAAa,eAAe,MAAM;CAChC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,iBAAiB;EACtC,MAAM,MAAM,MAAM,IAAI,GACnB,MAAM,YAAY,CAClB,UAAU,kBAAkB,MAAM,EAAE,GAAG,cAAc,WAAW,CAAC,CACjE,QAAQ;AACX,MAAI,QAAQ,KACV,QAAO;AAET,SAAO;GACL,GAAG;GACH,cAAc,IAAI;GAClB,iBAAiB,IAAI;GACtB;;CAEJ,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM;EACJ,YAAY,EAAE,QAAQ;EACtB,cAAc,EAAE,QAAQ;EACxB,iBAAiB,EAAE,QAAQ;EAC5B;CACD,SAAS,EAAE,GAAG,YAAY;CAC1B,SAAS,OAAO,KAAK,EAAE,YAAY,cAAc,sBAAsB;AACrE,SAAO,MAAM,IAAI,GAAG,OAAO,aAAa;GACtC;GACA,eAAe;GACf,mBAAmB;GACpB,CAAC;;CAEL,CAAC;;AAGF,MAAa,iBAAiB,SAAS;CACrC,MAAM;EAAE,aAAa,EAAE,GAAG,YAAY;EAAE,MAAM,EAAE,KAAK;EAAE;CACvD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa,WAAW;EAC7C,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,MAAI,SAAS,iBAAiB,QAAW;AACvC,YAAS,gBAAgB,SAAS;AAClC,UAAO,SAAS;;AAElB,MAAI,SAAS,oBAAoB,QAAW;AAC1C,YAAS,oBAAoB,SAAS;AACtC,UAAO,SAAS;;AAElB,QAAM,IAAI,GAAG,MAAM,aAAa,aAAa,SAAS;AACtD,SAAO;;CAEV,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM,EAAE,aAAa,EAAE,GAAG,YAAY,EAAE;CACxC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,kBAAkB;AACvC,QAAM,IAAI,GAAG,OAAO,aAAa,YAAY;AAC7C,SAAO;;CAEV,CAAC;;AAOF,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,QAAQ;EACpB,WAAW,EAAE,QAAQ;EACrB,UAAU,EAAE,QAAQ;EACpB,QAAQ;EACT;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc,KAAK;;CAEjD,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE;CACpC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,kBAAkB,eAAe,CACvC,CACA,OAAO;;CAEb,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE;CAC9B,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,UAAU,UAAU,CACnD,CACA,OAAO;;CAEb,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM;EACJ,UAAU,EAAE,GAAG,aAAa;EAC5B,QAAQ,EAAE,GAAG,OAAO;EACpB,WAAW,EAAE,GAAG,UAAU;EAC3B;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,QAAQ,gBAAgB;AACvD,QAAM,IAAI,GAAG,MAAM,cAAc,UAAU;GACzC,QAAQ;GACR;GACA;GACD,CAAC;AACF,SAAO;;CAEV,CAAC;;AAGF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EAAE,UAAU,EAAE,GAAG,aAAa;EAAE,cAAc,EAAE,QAAQ;EAAE;CAChE,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,mBAAmB;AAClD,QAAM,IAAI,GAAG,MAAM,cAAc,UAAU,EAAE,cAAc,CAAC;AAC5D,SAAO;;CAEV,CAAC;;AAGF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,EAAE;CACtC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,QAAM,IAAI,GAAG,OAAO,cAAc,SAAS;AAC3C,SAAO;;CAEV,CAAC"}

package/dist/component/public/groups.d.ts

@@ -0,0 +1,118 @@
+declare namespace groups_d_exports {
+  export { groupCreate, groupDelete, groupGet, groupList, groupUpdate, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberListByUser, memberRemove, memberUpdate };
+}
+/**
+ * Create a new group. Groups are hierarchical — set `parentGroupId` to nest
+ * under an existing group, or omit it to create a root-level group.
+ *
+ * @returns The ID of the newly created group.
+ */
+declare const groupCreate: any;
+/** Retrieve a group by its document ID. Returns `null` if not found. */
+declare const groupGet: any;
+/**
+ * List groups with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Empty `where` returns **all** groups.
+ */
+declare const groupList: any;
+/** Update a group's fields (name, slug, tags, extend, parentGroupId). */
+declare const groupUpdate: any;
+/**
+ * Delete a group and all of its descendants. This cascades to:
+ * - All child groups (recursively)
+ * - All members of this group and its descendants
+ * - All invites for this group and its descendants
+ */
+declare const groupDelete: any;
+/**
+ * Add a user as a member of a group.
+ *
+ * The `role` field is an application-defined string (e.g. "owner", "admin",
+ * "member", "viewer"). The auth component stores it but does not enforce
+ * access control — your application defines what each role means.
+ *
+ * Throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` when the user is
+ * already a member of the target group.
+ *
+ * @returns The ID of the new member record.
+ */
+declare const memberAdd: any;
+/** Retrieve a member record by its document ID. Returns `null` if not found. */
+declare const memberGet: any;
+/**
+ * List members with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
+ * `userId`, `role`, and `status`.
+ */
+declare const memberList: any;
+/**
+ * @deprecated Use `memberList` with `where: { userId }` instead.
+ * Kept for backward compatibility with generated component types.
+ */
+declare const memberListByUser: any;
+/**
+ * Look up a specific user's membership in a specific group.
+ * Returns `null` if the user is not a member of the group.
+ */
+declare const memberGetByGroupAndUser: any;
+/** Remove a member from a group by deleting the member record. */
+declare const memberRemove: any;
+/**
+ * Update a member record's fields (role, status, extend).
+ *
+ * Common usage: `memberUpdate({ memberId, data: { role: "admin" } })`
+ */
+declare const memberUpdate: any;
+/**
+ * Create a new platform-level invitation. Optionally set `groupId` to tie
+ * the invite to a specific group. The invitation is sent to an email address
+ * and includes a hashed token for secure acceptance.
+ *
+ * Throws `ConvexError` with code `DUPLICATE_INVITE` when a pending invite
+ * already exists for the same email and scope:
+ * - group invite: same `email` + same `groupId`
+ * - platform invite: same `email` with no `groupId`
+ *
+ * @returns The ID of the new invite record.
+ */
+declare const inviteCreate: any;
+/** Retrieve an invite by its document ID. Returns `null` if not found. */
+declare const inviteGet: any;
+/** Retrieve an invite by hashed token. Returns `null` if not found. */
+declare const inviteGetByTokenHash: any;
+/**
+ * List invites with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
+ * `status`, `email`, `invitedByUserId`, `role`, `acceptedByUserId`, and `tokenHash`.
+ */
+declare const inviteList: any;
+/**
+ * Accept a pending invitation.
+ *
+ * Marks the invite as "accepted" and records the acceptance timestamp.
+ * Throws a structured `ConvexError` when the invite doesn't exist or is not
+ * currently pending.
+ *
+ * The caller is responsible for creating the corresponding member record.
+ */
+declare const inviteAccept: any;
+/**
+ * Accept an invitation by raw token hash and atomically join group membership.
+ *
+ * Returns idempotent success when the invite was already accepted by the same
+ * user. If the invite targets a group, this mutation also ensures membership.
+ */
+declare const inviteAcceptByToken: any;
+/**
+ * Revoke a pending invitation.
+ *
+ * Marks the invite as "revoked". Throws a structured `ConvexError` when the
+ * invite doesn't exist or is not currently pending.
+ */
+declare const inviteRevoke: any;
+//#endregion
+export { groupCreate, groupDelete, groupGet, groupList, groupUpdate, groups_d_exports, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberListByUser, memberRemove, memberUpdate };
+//# sourceMappingURL=groups.d.ts.map

package/dist/component/public/groups.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.d.ts","names":[],"sources":["../../../src/component/public/groups.ts"],"mappings":";;;;;;;;;cA4Ba,WAAA;;cAgCA,QAAA;;;;;;cAaA,SAAA;;cAuJA,WAAA;;;;;;;cA2CA,WAAA;AA/Ob;;;;;AAgCA;;;;;AAaA;;AA7CA,cA6Sa,SAAA;;cA8BA,SAAA;AAvIb;;;;;AA2CA;AA3CA,cAqJa,UAAA;;;;AA5Cb;cAuHa,gBAAA;;;;AAzFb;cAwGa,uBAAA;;cAcA,YAAA;;AAxGb;;;;cAsHa,YAAA;AA3Cb;;;;;AAeA;;;;;AAcA;;AA7BA,cAoEa,YAAA;;cA+EA,SAAA;AAxGb;AAAA,cAiHa,oBAAA;;;;AAxFb;;;cAyGa,UAAA;;AA1Bb;;;;;AASA;;;cA+Ja,YAAA;;AA9Ib;;;;;cA8La,mBAAA;;;;;AAAb;;cAoHa,YAAA"}