@robelest/convex-auth 0.0.4-preview.13 → 0.0.4-preview.16

package/dist/component/model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"model.js","names":[],"sources":["../../src/component/model.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nexport const TABLES = {\n  User: \"User\",\n  Session: \"Session\",\n  Account: \"Account\",\n  AuthVerifier: \"AuthVerifier\",\n  VerificationCode: \"VerificationCode\",\n  RefreshToken: \"RefreshToken\",\n  Passkey: \"Passkey\",\n  TotpFactor: \"TotpFactor\",\n  RateLimit: \"RateLimit\",\n  Group: \"Group\",\n  GroupTag: \"GroupTag\",\n  GroupMember: \"GroupMember\",\n  GroupInvite: \"GroupInvite\",\n  Enterprise: \"Enterprise\",\n  EnterpriseDomain: \"EnterpriseDomain\",\n  EnterpriseDomainVerification: \"EnterpriseDomainVerification\",\n  EnterpriseSecret: \"EnterpriseSecret\",\n  EnterpriseScimConfig: \"EnterpriseScimConfig\",\n  EnterpriseScimIdentity: \"EnterpriseScimIdentity\",\n  EnterpriseAuditEvent: \"EnterpriseAuditEvent\",\n  EnterpriseWebhookEndpoint: \"EnterpriseWebhookEndpoint\",\n  EnterpriseWebhookDelivery: \"EnterpriseWebhookDelivery\",\n  ApiKey: \"ApiKey\",\n  DeviceCode: \"DeviceCode\",\n} as const;\n\nexport const vTag = v.object({ key: v.string(), value: v.string() });\n\nexport const vInviteStatus = v.union(\n  v.literal(\"pending\"),\n  v.literal(\"accepted\"),\n  v.literal(\"revoked\"),\n  v.literal(\"expired\"),\n);\n\nexport const vDeviceStatus = v.union(\n  v.literal(\"pending\"),\n  v.literal(\"authorized\"),\n  v.literal(\"denied\"),\n);\n\nexport const vEnterpriseAccountLinkingPolicy = v.union(\n  v.literal(\"verifiedEmail\"),\n  v.literal(\"none\"),\n);\n\nexport const vEnterpriseScimReuseUserPolicy = v.union(\n  v.literal(\"externalId\"),\n  v.literal(\"none\"),\n);\n\nexport const vEnterpriseJitProvisioningMode = v.union(\n  v.literal(\"off\"),\n  v.literal(\"createUser\"),\n  v.literal(\"createUserAndMembership\"),\n);\n\nexport const vEnterpriseDeprovisionMode = v.union(\n  v.literal(\"soft\"),\n  v.literal(\"hard\"),\n);\n\nexport const vEnterpriseStatus = v.union(\n  v.literal(\"draft\"),\n  v.literal(\"active\"),\n  v.literal(\"disabled\"),\n);\n\nexport const vEnterprisePolicy = v.object({\n  version: v.literal(1),\n  identity: v.object({\n    accountLinking: v.object({\n      oidc: vEnterpriseAccountLinkingPolicy,\n      saml: vEnterpriseAccountLinkingPolicy,\n    }),\n  }),\n  provisioning: v.object({\n    scimReuse: v.object({\n      user: vEnterpriseScimReuseUserPolicy,\n    }),\n    jit: v.object({\n      mode: vEnterpriseJitProvisioningMode,\n      defaultRole: v.optional(v.string()),\n      defaultRoleIds: v.optional(v.array(v.string())),\n    }),\n    deprovision: v.object({\n      mode: vEnterpriseDeprovisionMode,\n    }),\n  }),\n  extend: v.optional(v.any()),\n});\n\nexport const vScimStatus = v.union(\n  v.literal(\"draft\"),\n  v.literal(\"active\"),\n  v.literal(\"disabled\"),\n);\n\nexport const vScimResourceType = v.union(v.literal(\"user\"), v.literal(\"group\"));\n\nexport const vAuditActorType = v.union(\n  v.literal(\"user\"),\n  v.literal(\"system\"),\n  v.literal(\"scim\"),\n  v.literal(\"api_key\"),\n  v.literal(\"webhook\"),\n);\n\nexport const vAuditStatus = v.union(v.literal(\"success\"), v.literal(\"failure\"));\n\nexport const vWebhookEndpointStatus = v.union(\n  v.literal(\"active\"),\n  v.literal(\"disabled\"),\n);\n\nexport const vWebhookDeliveryStatus = v.union(\n  v.literal(\"pending\"),\n  v.literal(\"processing\"),\n  v.literal(\"delivered\"),\n  v.literal(\"failed\"),\n);\n\nexport const vInviteTokenAcceptStatus = v.union(\n  v.literal(\"accepted\"),\n  v.literal(\"already_accepted\"),\n);\n\nexport const vMembershipStatus = v.union(\n  v.literal(\"joined\"),\n  v.literal(\"already_joined\"),\n  v.literal(\"not_applicable\"),\n);\n\nexport const vApiKeyScope = v.object({\n  resource: v.string(),\n  actions: v.array(v.string()),\n});\n\nexport const vApiKeyRateLimit = v.object({\n  maxRequests: v.number(),\n  windowMs: v.number(),\n});\n\nexport const vApiKeyRateLimitState = v.object({\n  attemptsLeft: v.number(),\n  lastAttemptTime: v.number(),\n});\n\nexport const vEnterpriseSecretKind = v.union(v.literal(\"oidc_client_secret\"));\n\nfunction vDocMeta<T extends (typeof TABLES)[keyof typeof TABLES]>(\n  tableName: T,\n) {\n  return {\n    _id: v.id(tableName),\n    _creationTime: v.number(),\n  };\n}\n\nexport const vUserDoc = v.object({\n  ...vDocMeta(TABLES.User),\n  name: v.optional(v.string()),\n  image: v.optional(v.string()),\n  email: v.optional(v.string()),\n  emailVerificationTime: v.optional(v.number()),\n  phone: v.optional(v.string()),\n  phoneVerificationTime: v.optional(v.number()),\n  isAnonymous: v.optional(v.boolean()),\n  extend: v.optional(v.any()),\n});\n\nexport const vSessionDoc = v.object({\n  ...vDocMeta(TABLES.Session),\n  userId: v.id(TABLES.User),\n  expirationTime: v.number(),\n});\n\nexport const vAccountDoc = v.object({\n  ...vDocMeta(TABLES.Account),\n  userId: v.id(TABLES.User),\n  provider: v.string(),\n  providerAccountId: v.string(),\n  secret: v.optional(v.string()),\n  emailVerified: v.optional(v.string()),\n  phoneVerified: v.optional(v.string()),\n  extend: v.optional(v.any()),\n});\n\nexport const vAuthVerifierDoc = v.object({\n  ...vDocMeta(TABLES.AuthVerifier),\n  sessionId: v.optional(v.id(TABLES.Session)),\n  signature: v.optional(v.string()),\n});\n\nexport const vVerificationCodeDoc = v.object({\n  ...vDocMeta(TABLES.VerificationCode),\n  accountId: v.id(TABLES.Account),\n  provider: v.string(),\n  code: v.string(),\n  expirationTime: v.number(),\n  verifier: v.optional(v.string()),\n  emailVerified: v.optional(v.string()),\n  phoneVerified: v.optional(v.string()),\n});\n\nexport const vRefreshTokenDoc = v.object({\n  ...vDocMeta(TABLES.RefreshToken),\n  sessionId: v.id(TABLES.Session),\n  expirationTime: v.number(),\n  firstUsedTime: v.optional(v.number()),\n  parentRefreshTokenId: v.optional(v.id(TABLES.RefreshToken)),\n});\n\nexport const vPasskeyDoc = v.object({\n  ...vDocMeta(TABLES.Passkey),\n  userId: v.id(TABLES.User),\n  credentialId: v.string(),\n  publicKey: v.bytes(),\n  algorithm: v.number(),\n  counter: v.number(),\n  transports: v.optional(v.array(v.string())),\n  deviceType: v.string(),\n  backedUp: v.boolean(),\n  name: v.optional(v.string()),\n  createdAt: v.number(),\n  lastUsedAt: v.optional(v.number()),\n});\n\nexport const vTotpFactorDoc = v.object({\n  ...vDocMeta(TABLES.TotpFactor),\n  userId: v.id(TABLES.User),\n  secret: v.bytes(),\n  digits: v.number(),\n  period: v.number(),\n  verified: v.boolean(),\n  name: v.optional(v.string()),\n  createdAt: v.number(),\n  lastUsedAt: v.optional(v.number()),\n});\n\nexport const vRateLimitDoc = v.object({\n  ...vDocMeta(TABLES.RateLimit),\n  identifier: v.string(),\n  last_attempt_time: v.number(),\n  attempts_left: v.number(),\n});\n\nexport const vGroupDoc = v.object({\n  ...vDocMeta(TABLES.Group),\n  name: v.string(),\n  slug: v.optional(v.string()),\n  type: v.optional(v.string()),\n  parentGroupId: v.optional(v.id(TABLES.Group)),\n  tags: v.optional(v.array(vTag)),\n  extend: v.optional(v.any()),\n});\n\nexport const vGroupMemberDoc = v.object({\n  ...vDocMeta(TABLES.GroupMember),\n  groupId: v.id(TABLES.Group),\n  userId: v.id(TABLES.User),\n  role: v.optional(v.string()),\n  roleIds: v.optional(v.array(v.string())),\n  status: v.optional(v.string()),\n  extend: v.optional(v.any()),\n});\n\nexport const vGroupInviteDoc = v.object({\n  ...vDocMeta(TABLES.GroupInvite),\n  groupId: v.optional(v.id(TABLES.Group)),\n  invitedByUserId: v.optional(v.id(TABLES.User)),\n  email: v.optional(v.string()),\n  tokenHash: v.string(),\n  role: v.optional(v.string()),\n  roleIds: v.optional(v.array(v.string())),\n  status: vInviteStatus,\n  expiresTime: v.optional(v.number()),\n  acceptedByUserId: v.optional(v.id(TABLES.User)),\n  acceptedTime: v.optional(v.number()),\n  extend: v.optional(v.any()),\n});\n\nexport const vApiKeyDoc = v.object({\n  ...vDocMeta(TABLES.ApiKey),\n  userId: v.id(TABLES.User),\n  prefix: v.string(),\n  hashedKey: v.string(),\n  name: v.string(),\n  scopes: v.array(vApiKeyScope),\n  rateLimit: v.optional(vApiKeyRateLimit),\n  rateLimitState: v.optional(vApiKeyRateLimitState),\n  expiresAt: v.optional(v.number()),\n  lastUsedAt: v.optional(v.number()),\n  createdAt: v.number(),\n  revoked: v.boolean(),\n  metadata: v.optional(v.any()),\n});\n\nexport const vDeviceCodeDoc = v.object({\n  ...vDocMeta(TABLES.DeviceCode),\n  deviceCodeHash: v.string(),\n  userCode: v.string(),\n  expiresAt: v.number(),\n  interval: v.number(),\n  status: vDeviceStatus,\n  userId: v.optional(v.id(TABLES.User)),\n  sessionId: v.optional(v.id(TABLES.Session)),\n  lastPolledAt: v.optional(v.number()),\n});\n\nexport const vEnterpriseDoc = v.object({\n  ...vDocMeta(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  slug: v.optional(v.string()),\n  name: v.optional(v.string()),\n  status: vEnterpriseStatus,\n  policy: v.optional(vEnterprisePolicy),\n  config: v.optional(v.any()),\n  extend: v.optional(v.any()),\n});\n\nexport const vEnterpriseDomainDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseDomain),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  domain: v.string(),\n  isPrimary: v.boolean(),\n  verifiedAt: v.optional(v.number()),\n});\n\nexport const vEnterpriseDomainVerificationDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseDomainVerification),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  domainId: v.id(TABLES.EnterpriseDomain),\n  domain: v.string(),\n  recordName: v.string(),\n  token: v.string(),\n  tokenHash: v.string(),\n  requestedAt: v.number(),\n  expiresAt: v.number(),\n});\n\nexport const vEnterpriseSecretDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseSecret),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  kind: vEnterpriseSecretKind,\n  ciphertext: v.string(),\n  updatedAt: v.number(),\n});\n\nexport const vEnterpriseScimConfigDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseScimConfig),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  status: vScimStatus,\n  basePath: v.string(),\n  tokenHash: v.string(),\n  lastRotatedAt: v.optional(v.number()),\n  extend: v.optional(v.any()),\n});\n\nexport const vEnterpriseScimIdentityDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseScimIdentity),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  resourceType: vScimResourceType,\n  externalId: v.string(),\n  userId: v.optional(v.id(TABLES.User)),\n  mappedGroupId: v.optional(v.id(TABLES.Group)),\n  lastProvisionedAt: v.optional(v.number()),\n  active: v.optional(v.boolean()),\n  raw: v.optional(v.any()),\n});\n\nexport const vEnterpriseAuditEventDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseAuditEvent),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  eventType: v.string(),\n  actorType: vAuditActorType,\n  actorId: v.optional(v.string()),\n  subjectType: v.string(),\n  subjectId: v.optional(v.string()),\n  status: vAuditStatus,\n  occurredAt: v.number(),\n  requestId: v.optional(v.string()),\n  ip: v.optional(v.string()),\n  metadata: v.optional(v.any()),\n});\n\nexport const vEnterpriseWebhookEndpointDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseWebhookEndpoint),\n  enterpriseId: v.id(TABLES.Enterprise),\n  groupId: v.id(TABLES.Group),\n  url: v.string(),\n  status: vWebhookEndpointStatus,\n  secretHash: v.string(),\n  subscriptions: v.array(v.string()),\n  createdByUserId: v.optional(v.id(TABLES.User)),\n  lastSuccessAt: v.optional(v.number()),\n  lastFailureAt: v.optional(v.number()),\n  failureCount: v.number(),\n  extend: v.optional(v.any()),\n});\n\nexport const vEnterpriseWebhookDeliveryDoc = v.object({\n  ...vDocMeta(TABLES.EnterpriseWebhookDelivery),\n  enterpriseId: v.id(TABLES.Enterprise),\n  endpointId: v.id(TABLES.EnterpriseWebhookEndpoint),\n  auditEventId: v.optional(v.id(TABLES.EnterpriseAuditEvent)),\n  eventType: v.string(),\n  status: vWebhookDeliveryStatus,\n  attemptCount: v.number(),\n  nextAttemptAt: v.number(),\n  lastAttemptAt: v.optional(v.number()),\n  lastResponseStatus: v.optional(v.number()),\n  lastError: v.optional(v.string()),\n  payload: v.any(),\n});\n\nexport const vRateLimitResult = v.object({\n  ...vDocMeta(TABLES.RateLimit),\n  identifier: v.string(),\n  last_attempt_time: v.number(),\n  attempts_left: v.number(),\n  attemptsLeft: v.number(),\n  lastAttemptTime: v.number(),\n});\n\nexport const vInviteAcceptByTokenResult = v.object({\n  inviteId: v.id(TABLES.GroupInvite),\n  groupId: v.union(v.id(TABLES.Group), v.null()),\n  memberId: v.optional(v.id(TABLES.GroupMember)),\n  inviteStatus: vInviteTokenAcceptStatus,\n  membershipStatus: vMembershipStatus,\n});\n"],"mappings":";;;AAEA,MAAa,SAAS;CACpB,MAAM;CACN,SAAS;CACT,SAAS;CACT,cAAc;CACd,kBAAkB;CAClB,cAAc;CACd,SAAS;CACT,YAAY;CACZ,WAAW;CACX,OAAO;CACP,UAAU;CACV,aAAa;CACb,aAAa;CACb,YAAY;CACZ,kBAAkB;CAClB,8BAA8B;CAC9B,kBAAkB;CAClB,sBAAsB;CACtB,wBAAwB;CACxB,sBAAsB;CACtB,2BAA2B;CAC3B,2BAA2B;CAC3B,QAAQ;CACR,YAAY;CACb;AAED,MAAa,OAAO,EAAE,OAAO;CAAE,KAAK,EAAE,QAAQ;CAAE,OAAO,EAAE,QAAQ;CAAE,CAAC;AAEpE,MAAa,gBAAgB,EAAE,MAC7B,EAAE,QAAQ,UAAU,EACpB,EAAE,QAAQ,WAAW,EACrB,EAAE,QAAQ,UAAU,EACpB,EAAE,QAAQ,UAAU,CACrB;AAED,MAAa,gBAAgB,EAAE,MAC7B,EAAE,QAAQ,UAAU,EACpB,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,SAAS,CACpB;AAED,MAAa,kCAAkC,EAAE,MAC/C,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,CAClB;AAED,MAAa,iCAAiC,EAAE,MAC9C,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,OAAO,CAClB;AAED,MAAa,iCAAiC,EAAE,MAC9C,EAAE,QAAQ,MAAM,EAChB,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,0BAA0B,CACrC;AAED,MAAa,6BAA6B,EAAE,MAC1C,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,OAAO,CAClB;AAED,MAAa,oBAAoB,EAAE,MACjC,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,WAAW,CACtB;AAED,MAAa,oBAAoB,EAAE,OAAO;CACxC,SAAS,EAAE,QAAQ,EAAE;CACrB,UAAU,EAAE,OAAO,EACjB,gBAAgB,EAAE,OAAO;EACvB,MAAM;EACN,MAAM;EACP,CAAC,EACH,CAAC;CACF,cAAc,EAAE,OAAO;EACrB,WAAW,EAAE,OAAO,EAClB,MAAM,gCACP,CAAC;EACF,KAAK,EAAE,OAAO;GACZ,MAAM;GACN,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;GACnC,gBAAgB,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;GAChD,CAAC;EACF,aAAa,EAAE,OAAO,EACpB,MAAM,4BACP,CAAC;EACH,CAAC;CACF,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,cAAc,EAAE,MAC3B,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,WAAW,CACtB;AAED,MAAa,oBAAoB,EAAE,MAAM,EAAE,QAAQ,OAAO,EAAE,EAAE,QAAQ,QAAQ,CAAC;AAE/E,MAAa,kBAAkB,EAAE,MAC/B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,UAAU,EACpB,EAAE,QAAQ,UAAU,CACrB;AAED,MAAa,eAAe,EAAE,MAAM,EAAE,QAAQ,UAAU,EAAE,EAAE,QAAQ,UAAU,CAAC;AAE/E,MAAa,yBAAyB,EAAE,MACtC,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,WAAW,CACtB;AAED,MAAa,yBAAyB,EAAE,MACtC,EAAE,QAAQ,UAAU,EACpB,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,YAAY,EACtB,EAAE,QAAQ,SAAS,CACpB;AAED,MAAa,2BAA2B,EAAE,MACxC,EAAE,QAAQ,WAAW,EACrB,EAAE,QAAQ,mBAAmB,CAC9B;AAED,MAAa,oBAAoB,EAAE,MACjC,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,iBAAiB,EAC3B,EAAE,QAAQ,iBAAiB,CAC5B;AAED,MAAa,eAAe,EAAE,OAAO;CACnC,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;CAC7B,CAAC;AAEF,MAAa,mBAAmB,EAAE,OAAO;CACvC,aAAa,EAAE,QAAQ;CACvB,UAAU,EAAE,QAAQ;CACrB,CAAC;AAEF,MAAa,wBAAwB,EAAE,OAAO;CAC5C,cAAc,EAAE,QAAQ;CACxB,iBAAiB,EAAE,QAAQ;CAC5B,CAAC;AAEF,MAAa,wBAAwB,EAAE,MAAM,EAAE,QAAQ,qBAAqB,CAAC;AAE7E,SAAS,SACP,WACA;AACA,QAAO;EACL,KAAK,EAAE,GAAG,UAAU;EACpB,eAAe,EAAE,QAAQ;EAC1B;;AAGH,MAAa,WAAW,EAAE,OAAO;CAC/B,GAAG,SAAS,OAAO,KAAK;CACxB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7B,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7C,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7B,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7C,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;CACpC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,cAAc,EAAE,OAAO;CAClC,GAAG,SAAS,OAAO,QAAQ;CAC3B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,gBAAgB,EAAE,QAAQ;CAC3B,CAAC;AAEF,MAAa,cAAc,EAAE,OAAO;CAClC,GAAG,SAAS,OAAO,QAAQ;CAC3B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,UAAU,EAAE,QAAQ;CACpB,mBAAmB,EAAE,QAAQ;CAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,mBAAmB,EAAE,OAAO;CACvC,GAAG,SAAS,OAAO,aAAa;CAChC,WAAW,EAAE,SAAS,EAAE,GAAG,OAAO,QAAQ,CAAC;CAC3C,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CAClC,CAAC;AAEF,MAAa,uBAAuB,EAAE,OAAO;CAC3C,GAAG,SAAS,OAAO,iBAAiB;CACpC,WAAW,EAAE,GAAG,OAAO,QAAQ;CAC/B,UAAU,EAAE,QAAQ;CACpB,MAAM,EAAE,QAAQ;CAChB,gBAAgB,EAAE,QAAQ;CAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACtC,CAAC;AAEF,MAAa,mBAAmB,EAAE,OAAO;CACvC,GAAG,SAAS,OAAO,aAAa;CAChC,WAAW,EAAE,GAAG,OAAO,QAAQ;CAC/B,gBAAgB,EAAE,QAAQ;CAC1B,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,sBAAsB,EAAE,SAAS,EAAE,GAAG,OAAO,aAAa,CAAC;CAC5D,CAAC;AAEF,MAAa,cAAc,EAAE,OAAO;CAClC,GAAG,SAAS,OAAO,QAAQ;CAC3B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,cAAc,EAAE,QAAQ;CACxB,WAAW,EAAE,OAAO;CACpB,WAAW,EAAE,QAAQ;CACrB,SAAS,EAAE,QAAQ;CACnB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CAC3C,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,SAAS;CACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;CACnC,CAAC;AAEF,MAAa,iBAAiB,EAAE,OAAO;CACrC,GAAG,SAAS,OAAO,WAAW;CAC9B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,QAAQ,EAAE,OAAO;CACjB,QAAQ,EAAE,QAAQ;CAClB,QAAQ,EAAE,QAAQ;CAClB,UAAU,EAAE,SAAS;CACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;CACnC,CAAC;AAEF,MAAa,gBAAgB,EAAE,OAAO;CACpC,GAAG,SAAS,OAAO,UAAU;CAC7B,YAAY,EAAE,QAAQ;CACtB,mBAAmB,EAAE,QAAQ;CAC7B,eAAe,EAAE,QAAQ;CAC1B,CAAC;AAEF,MAAa,YAAY,EAAE,OAAO;CAChC,GAAG,SAAS,OAAO,MAAM;CACzB,MAAM,EAAE,QAAQ;CAChB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,eAAe,EAAE,SAAS,EAAE,GAAG,OAAO,MAAM,CAAC;CAC7C,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;CAC/B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,kBAAkB,EAAE,OAAO;CACtC,GAAG,SAAS,OAAO,YAAY;CAC/B,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,kBAAkB,EAAE,OAAO;CACtC,GAAG,SAAS,OAAO,YAAY;CAC/B,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,MAAM,CAAC;CACvC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,KAAK,CAAC;CAC9C,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC7B,WAAW,EAAE,QAAQ;CACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACxC,QAAQ;CACR,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;CACnC,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,KAAK,CAAC;CAC/C,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;CACpC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,aAAa,EAAE,OAAO;CACjC,GAAG,SAAS,OAAO,OAAO;CAC1B,QAAQ,EAAE,GAAG,OAAO,KAAK;CACzB,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,MAAM,EAAE,QAAQ;CAChB,QAAQ,EAAE,MAAM,aAAa;CAC7B,WAAW,EAAE,SAAS,iBAAiB;CACvC,gBAAgB,EAAE,SAAS,sBAAsB;CACjD,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CACjC,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;CAClC,WAAW,EAAE,QAAQ;CACrB,SAAS,EAAE,SAAS;CACpB,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;CAC9B,CAAC;AAEF,MAAa,iBAAiB,EAAE,OAAO;CACrC,GAAG,SAAS,OAAO,WAAW;CAC9B,gBAAgB,EAAE,QAAQ;CAC1B,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACrB,UAAU,EAAE,QAAQ;CACpB,QAAQ;CACR,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,KAAK,CAAC;CACrC,WAAW,EAAE,SAAS,EAAE,GAAG,OAAO,QAAQ,CAAC;CAC3C,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,CAAC;AAEF,MAAa,iBAAiB,EAAE,OAAO;CACrC,GAAG,SAAS,OAAO,WAAW;CAC9B,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,QAAQ;CACR,QAAQ,EAAE,SAAS,kBAAkB;CACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC3B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,uBAAuB,EAAE,OAAO;CAC3C,GAAG,SAAS,OAAO,iBAAiB;CACpC,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,SAAS;CACtB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;CACnC,CAAC;AAEF,MAAa,mCAAmC,EAAE,OAAO;CACvD,GAAG,SAAS,OAAO,6BAA6B;CAChD,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,UAAU,EAAE,GAAG,OAAO,iBAAiB;CACvC,QAAQ,EAAE,QAAQ;CAClB,YAAY,EAAE,QAAQ;CACtB,OAAO,EAAE,QAAQ;CACjB,WAAW,EAAE,QAAQ;CACrB,aAAa,EAAE,QAAQ;CACvB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,uBAAuB,EAAE,OAAO;CAC3C,GAAG,SAAS,OAAO,iBAAiB;CACpC,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,MAAM;CACN,YAAY,EAAE,QAAQ;CACtB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,GAAG,SAAS,OAAO,qBAAqB;CACxC,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,QAAQ;CACR,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACrB,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,6BAA6B,EAAE,OAAO;CACjD,GAAG,SAAS,OAAO,uBAAuB;CAC1C,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,cAAc;CACd,YAAY,EAAE,QAAQ;CACtB,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,KAAK,CAAC;CACrC,eAAe,EAAE,SAAS,EAAE,GAAG,OAAO,MAAM,CAAC;CAC7C,mBAAmB,EAAE,SAAS,EAAE,QAAQ,CAAC;CACzC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;CAC/B,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC;CACzB,CAAC;AAEF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,GAAG,SAAS,OAAO,qBAAqB;CACxC,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,WAAW,EAAE,QAAQ;CACrB,WAAW;CACX,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC/B,aAAa,EAAE,QAAQ;CACvB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CACjC,QAAQ;CACR,YAAY,EAAE,QAAQ;CACtB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CACjC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC1B,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;CAC9B,CAAC;AAEF,MAAa,gCAAgC,EAAE,OAAO;CACpD,GAAG,SAAS,OAAO,0BAA0B;CAC7C,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,SAAS,EAAE,GAAG,OAAO,MAAM;CAC3B,KAAK,EAAE,QAAQ;CACf,QAAQ;CACR,YAAY,EAAE,QAAQ;CACtB,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC;CAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,KAAK,CAAC;CAC9C,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,cAAc,EAAE,QAAQ;CACxB,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,CAAC;AAEF,MAAa,gCAAgC,EAAE,OAAO;CACpD,GAAG,SAAS,OAAO,0BAA0B;CAC7C,cAAc,EAAE,GAAG,OAAO,WAAW;CACrC,YAAY,EAAE,GAAG,OAAO,0BAA0B;CAClD,cAAc,EAAE,SAAS,EAAE,GAAG,OAAO,qBAAqB,CAAC;CAC3D,WAAW,EAAE,QAAQ;CACrB,QAAQ;CACR,cAAc,EAAE,QAAQ;CACxB,eAAe,EAAE,QAAQ;CACzB,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;CACrC,oBAAoB,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC1C,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CACjC,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF,MAAa,mBAAmB,EAAE,OAAO;CACvC,GAAG,SAAS,OAAO,UAAU;CAC7B,YAAY,EAAE,QAAQ;CACtB,mBAAmB,EAAE,QAAQ;CAC7B,eAAe,EAAE,QAAQ;CACzB,cAAc,EAAE,QAAQ;CACxB,iBAAiB,EAAE,QAAQ;CAC5B,CAAC;AAEF,MAAa,6BAA6B,EAAE,OAAO;CACjD,UAAU,EAAE,GAAG,OAAO,YAAY;CAClC,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,MAAM,EAAE,EAAE,MAAM,CAAC;CAC9C,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,YAAY,CAAC;CAC9C,cAAc;CACd,kBAAkB;CACnB,CAAC"}

package/dist/component/providers/sso.d.ts

@@ -15,7 +15,7 @@
  * });
  *
  * // auth.sso is now available
- * await auth.sso.oidc.configure(ctx, { enterpriseId, clientId, ... });
+ * await auth.sso.admin.oidc.configure(ctx, { enterpriseId, clientId, ... });
  * ```
  *
  * Without `new SSO()` in the providers list, `auth.sso` is not

package/dist/component/public/enterprise.d.ts

@@ -0,0 +1,54 @@
+declare namespace enterprise_d_exports {
+  export { enterpriseAuditEventCreate, enterpriseAuditEventList, enterpriseCreate, enterpriseDelete, enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert, enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert, enterpriseUpdate, enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate };
+}
+/** Create an enterprise record attached to a root group. */
+declare const enterpriseCreate: any;
+/** Retrieve an enterprise record by ID. */
+declare const enterpriseGet: any;
+/** Retrieve an enterprise record by group ID. */
+declare const enterpriseGetByGroup: any;
+/** Retrieve an enterprise record by a linked domain. */
+declare const enterpriseGetByDomain: any;
+/** List enterprises with lightweight filtering and cursor pagination. */
+declare const enterpriseList: any;
+/** Patch an enterprise record. */
+declare const enterpriseUpdate: any;
+/** Delete an enterprise record. */
+declare const enterpriseDelete: any;
+/** Link a domain to an enterprise record. */
+declare const enterpriseDomainAdd: any;
+/** List domains linked to an enterprise. */
+declare const enterpriseDomainList: any;
+/** Remove a linked enterprise domain. */
+declare const enterpriseDomainDelete: any;
+declare const enterpriseDomainVerificationGet: any;
+declare const enterpriseDomainVerificationUpsert: any;
+declare const enterpriseDomainVerificationDelete: any;
+declare const enterpriseDomainVerify: any;
+declare const enterpriseSecretUpsert: any;
+declare const enterpriseSecretGet: any;
+declare const enterpriseSecretDelete: any;
+/** Create or rotate SCIM configuration for an enterprise. */
+declare const enterpriseScimConfigUpsert: any;
+declare const enterpriseScimConfigGetByEnterprise: any;
+declare const enterpriseScimConfigGetByTokenHash: any;
+declare const enterpriseScimIdentityGet: any;
+declare const enterpriseScimIdentityGetByUser: any;
+declare const enterpriseScimIdentityGetByEnterpriseAndUser: any;
+declare const enterpriseScimIdentityGetByMappedGroup: any;
+declare const enterpriseScimIdentityListByEnterprise: any;
+declare const enterpriseScimIdentityUpsert: any;
+declare const enterpriseScimIdentityDelete: any;
+declare const enterpriseAuditEventCreate: any;
+declare const enterpriseAuditEventList: any;
+declare const enterpriseWebhookEndpointCreate: any;
+declare const enterpriseWebhookEndpointList: any;
+declare const enterpriseWebhookEndpointGet: any;
+declare const enterpriseWebhookEndpointUpdate: any;
+declare const enterpriseWebhookDeliveryEnqueue: any;
+declare const enterpriseWebhookDeliveryListReady: any;
+declare const enterpriseWebhookDeliveryList: any;
+declare const enterpriseWebhookDeliveryPatch: any;
+//#endregion
+export { enterpriseAuditEventCreate, enterpriseAuditEventList, enterpriseCreate, enterpriseDelete, enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert, enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert, enterpriseUpdate, enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate, enterprise_d_exports };
+//# sourceMappingURL=enterprise.d.ts.map

package/dist/component/public/enterprise.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enterprise.d.ts","names":[],"sources":["../../../src/component/public/enterprise.ts"],"mappings":";;;;cA8Ba,gBAAA;;cA8BA,aAAA;;cASA,oBAAA;;cAYA,qBAAA;;cA0BA,cAAA;;cAuEA,gBAAA;;cAUA,gBAAA;;cA+BA,mBAAA;;cAuDA,oBAAA;;cAYA,sBAAA;AAAA,cAgBA,+BAAA;AAAA,cAWA,kCAAA;AAAA,cA0BA,kCAAA;AAAA,cAeA,sBAAA;AAAA,cA0BA,sBAAA;AAAA,cAwBA,mBAAA;AAAA,cAgBA,sBAAA;;cAqBA,0BAAA;AAAA,cA0BA,mCAAA;AAAA,cAWA,kCAAA;AAAA,cAWA,yBAAA;AAAA,cAoBA,+BAAA;AAAA,cAWA,4CAAA;AAAA,cAgBA,sCAAA;AAAA,cAaA,sCAAA;AAAA,cAWA,4BAAA;AAAA,cA+BA,4BAAA;AAAA,cASA,0BAAA;AAAA,cAqBA,wBAAA;AAAA,cA+BA,+BAAA;AAAA,cAqBA,6BAAA;AAAA,cAWA,4BAAA;AAAA,cAQA,+BAAA;AAAA,cASA,gCAAA;AAAA,cAmBA,kCAAA;AAAA,cAaA,6BAAA;AAAA,cAYA,8BAAA"}

package/dist/component/public/enterprise.js

@@ -0,0 +1,515 @@
+import { mutation, query } from "../functions.js";
+import { vAuditActorType, vAuditStatus, vEnterpriseAuditEventDoc, vEnterpriseDoc, vEnterpriseDomainDoc, vEnterpriseDomainVerificationDoc, vEnterprisePolicy, vEnterpriseScimConfigDoc, vEnterpriseScimIdentityDoc, vEnterpriseSecretDoc, vEnterpriseSecretKind, vEnterpriseStatus, vEnterpriseWebhookDeliveryDoc, vEnterpriseWebhookEndpointDoc, vScimResourceType, vScimStatus, vWebhookEndpointStatus } from "../model.js";
+import { ConvexError, v, vPaginated } from "./shared.js";
+
+//#region src/component/public/enterprise.ts
+/** Create an enterprise record attached to a root group. */
+const enterpriseCreate = mutation({
+	args: {
+		groupId: v.id("Group"),
+		slug: v.optional(v.string()),
+		name: v.optional(v.string()),
+		status: v.optional(vEnterpriseStatus),
+		policy: v.optional(vEnterprisePolicy),
+		config: v.optional(v.any()),
+		extend: v.optional(v.any())
+	},
+	returns: v.id("Enterprise"),
+	handler: async (ctx, args) => {
+		if (await ctx.db.query("Enterprise").withIndex("group_id", (idx) => idx.eq("groupId", args.groupId)).first()) throw new ConvexError({
+			code: "ENTERPRISE_ALREADY_EXISTS",
+			message: "An enterprise record already exists for this group."
+		});
+		return await ctx.db.insert("Enterprise", {
+			...args,
+			status: args.status ?? "draft"
+		});
+	}
+});
+/** Retrieve an enterprise record by ID. */
+const enterpriseGet = query({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.union(vEnterpriseDoc, v.null()),
+	handler: async (ctx, { enterpriseId }) => {
+		return await ctx.db.get("Enterprise", enterpriseId);
+	}
+});
+/** Retrieve an enterprise record by group ID. */
+const enterpriseGetByGroup = query({
+	args: { groupId: v.id("Group") },
+	returns: v.union(vEnterpriseDoc, v.null()),
+	handler: async (ctx, { groupId }) => {
+		return await ctx.db.query("Enterprise").withIndex("group_id", (idx) => idx.eq("groupId", groupId)).first();
+	}
+});
+/** Retrieve an enterprise record by a linked domain. */
+const enterpriseGetByDomain = query({
+	args: { domain: v.string() },
+	returns: v.union(v.object({
+		enterprise: vEnterpriseDoc,
+		domain: vEnterpriseDomainDoc
+	}), v.null()),
+	handler: async (ctx, { domain }) => {
+		const domainRow = await ctx.db.query("EnterpriseDomain").withIndex("domain", (idx) => idx.eq("domain", domain)).first();
+		if (!domainRow) return null;
+		const enterprise = await ctx.db.get("Enterprise", domainRow.enterpriseId);
+		if (!enterprise) return null;
+		return {
+			enterprise,
+			domain: domainRow
+		};
+	}
+});
+/** List enterprises with lightweight filtering and cursor pagination. */
+const enterpriseList = query({
+	args: {
+		where: v.optional(v.object({
+			groupId: v.optional(v.id("Group")),
+			slug: v.optional(v.string()),
+			status: v.optional(vEnterpriseStatus)
+		})),
+		limit: v.optional(v.number()),
+		cursor: v.optional(v.union(v.string(), v.null())),
+		orderBy: v.optional(v.union(v.literal("_creationTime"), v.literal("name"), v.literal("slug"), v.literal("status"))),
+		order: v.optional(v.union(v.literal("asc"), v.literal("desc")))
+	},
+	returns: vPaginated(vEnterpriseDoc),
+	handler: async (ctx, args) => {
+		const where = args.where ?? {};
+		const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
+		const order = args.order ?? "desc";
+		let q;
+		if (where.groupId !== void 0) q = ctx.db.query("Enterprise").withIndex("group_id", (idx) => idx.eq("groupId", where.groupId));
+		else if (where.slug !== void 0) q = ctx.db.query("Enterprise").withIndex("slug", (idx) => idx.eq("slug", where.slug));
+		else if (where.status !== void 0) q = ctx.db.query("Enterprise").withIndex("status", (idx) => idx.eq("status", where.status));
+		else q = ctx.db.query("Enterprise");
+		if (where.groupId !== void 0 && where.slug !== void 0) q = q.filter((f) => f.eq(f.field("slug"), where.slug));
+		if (where.status !== void 0 && where.groupId === void 0) {} else if (where.status !== void 0) q = q.filter((f) => f.eq(f.field("status"), where.status));
+		q = q.order(order);
+		const all = await q.collect();
+		let startIdx = 0;
+		if (args.cursor) {
+			const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
+			if (cursorIdx !== -1) startIdx = cursorIdx + 1;
+		}
+		const page = all.slice(startIdx, startIdx + limit + 1);
+		const hasMore = page.length > limit;
+		const items = hasMore ? page.slice(0, limit) : page;
+		return {
+			items,
+			nextCursor: hasMore ? items[items.length - 1]._id : null
+		};
+	}
+});
+/** Patch an enterprise record. */
+const enterpriseUpdate = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { enterpriseId, data }) => {
+		await ctx.db.patch(enterpriseId, data);
+		return null;
+	}
+});
+/** Delete an enterprise record. */
+const enterpriseDelete = mutation({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.null(),
+	handler: async (ctx, { enterpriseId }) => {
+		const domains = await ctx.db.query("EnterpriseDomain").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
+		for (const domain of domains) {
+			const verification = await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domain._id)).first();
+			if (verification) await ctx.db.delete(verification._id);
+			await ctx.db.delete(domain._id);
+		}
+		const secrets = await ctx.db.query("EnterpriseSecret").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
+		for (const secret of secrets) await ctx.db.delete(secret._id);
+		await ctx.db.delete(enterpriseId);
+		return null;
+	}
+});
+/** Link a domain to an enterprise record. */
+const enterpriseDomainAdd = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		domain: v.string(),
+		isPrimary: v.optional(v.boolean())
+	},
+	returns: v.id("EnterpriseDomain"),
+	handler: async (ctx, args) => {
+		const existingByDomain = await ctx.db.query("EnterpriseDomain").withIndex("domain", (idx) => idx.eq("domain", args.domain)).first();
+		if (existingByDomain && existingByDomain.enterpriseId !== args.enterpriseId) throw new ConvexError({
+			code: "ENTERPRISE_DOMAIN_TAKEN",
+			message: "That domain is already attached to another enterprise."
+		});
+		const existingForEnterprise = await ctx.db.query("EnterpriseDomain").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", args.enterpriseId)).collect();
+		for (const row of existingForEnterprise) if (row.domain === args.domain) {
+			await ctx.db.patch(row._id, { isPrimary: args.isPrimary ?? row.isPrimary });
+			return row._id;
+		}
+		if (args.isPrimary === true) {
+			for (const row of existingForEnterprise) if (row.isPrimary) await ctx.db.patch(row._id, { isPrimary: false });
+		}
+		return await ctx.db.insert("EnterpriseDomain", {
+			...args,
+			isPrimary: args.isPrimary ?? existingForEnterprise.length === 0
+		});
+	}
+});
+/** List domains linked to an enterprise. */
+const enterpriseDomainList = query({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.array(vEnterpriseDomainDoc),
+	handler: async (ctx, { enterpriseId }) => {
+		return await ctx.db.query("EnterpriseDomain").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
+	}
+});
+/** Remove a linked enterprise domain. */
+const enterpriseDomainDelete = mutation({
+	args: { domainId: v.id("EnterpriseDomain") },
+	returns: v.null(),
+	handler: async (ctx, { domainId }) => {
+		const verification = await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domainId)).first();
+		if (verification) await ctx.db.delete(verification._id);
+		await ctx.db.delete(domainId);
+		return null;
+	}
+});
+const enterpriseDomainVerificationGet = query({
+	args: { domainId: v.id("EnterpriseDomain") },
+	returns: v.union(vEnterpriseDomainVerificationDoc, v.null()),
+	handler: async (ctx, { domainId }) => {
+		return await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domainId)).first();
+	}
+});
+const enterpriseDomainVerificationUpsert = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		domainId: v.id("EnterpriseDomain"),
+		domain: v.string(),
+		recordName: v.string(),
+		token: v.string(),
+		tokenHash: v.string(),
+		requestedAt: v.number(),
+		expiresAt: v.number()
+	},
+	returns: v.id("EnterpriseDomainVerification"),
+	handler: async (ctx, args) => {
+		const existing = await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", args.domainId)).first();
+		if (existing) {
+			await ctx.db.patch(existing._id, args);
+			return existing._id;
+		}
+		return await ctx.db.insert("EnterpriseDomainVerification", args);
+	}
+});
+const enterpriseDomainVerificationDelete = mutation({
+	args: { domainId: v.id("EnterpriseDomain") },
+	returns: v.null(),
+	handler: async (ctx, { domainId }) => {
+		const existing = await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domainId)).first();
+		if (existing) await ctx.db.delete(existing._id);
+		return null;
+	}
+});
+const enterpriseDomainVerify = mutation({
+	args: {
+		domainId: v.id("EnterpriseDomain"),
+		verifiedAt: v.number()
+	},
+	returns: vEnterpriseDomainDoc,
+	handler: async (ctx, { domainId, verifiedAt }) => {
+		await ctx.db.patch(domainId, { verifiedAt });
+		const domain = await ctx.db.get("EnterpriseDomain", domainId);
+		if (!domain) throw new ConvexError({
+			code: "INVALID_PARAMETERS",
+			message: "Enterprise domain not found."
+		});
+		const verification = await ctx.db.query("EnterpriseDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domainId)).first();
+		if (verification) await ctx.db.delete(verification._id);
+		return domain;
+	}
+});
+const enterpriseSecretUpsert = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		kind: vEnterpriseSecretKind,
+		ciphertext: v.string(),
+		updatedAt: v.number()
+	},
+	returns: v.id("EnterpriseSecret"),
+	handler: async (ctx, args) => {
+		const existing = await ctx.db.query("EnterpriseSecret").withIndex("enterprise_id_kind", (idx) => idx.eq("enterpriseId", args.enterpriseId).eq("kind", args.kind)).first();
+		if (existing) {
+			await ctx.db.patch(existing._id, args);
+			return existing._id;
+		}
+		return await ctx.db.insert("EnterpriseSecret", args);
+	}
+});
+const enterpriseSecretGet = query({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		kind: vEnterpriseSecretKind
+	},
+	returns: v.union(vEnterpriseSecretDoc, v.null()),
+	handler: async (ctx, { enterpriseId, kind }) => {
+		return await ctx.db.query("EnterpriseSecret").withIndex("enterprise_id_kind", (idx) => idx.eq("enterpriseId", enterpriseId).eq("kind", kind)).first();
+	}
+});
+const enterpriseSecretDelete = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		kind: vEnterpriseSecretKind
+	},
+	returns: v.null(),
+	handler: async (ctx, { enterpriseId, kind }) => {
+		const existing = await ctx.db.query("EnterpriseSecret").withIndex("enterprise_id_kind", (idx) => idx.eq("enterpriseId", enterpriseId).eq("kind", kind)).first();
+		if (existing) await ctx.db.delete(existing._id);
+		return null;
+	}
+});
+/** Create or rotate SCIM configuration for an enterprise. */
+const enterpriseScimConfigUpsert = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		status: vScimStatus,
+		basePath: v.string(),
+		tokenHash: v.string(),
+		lastRotatedAt: v.optional(v.number()),
+		extend: v.optional(v.any())
+	},
+	returns: v.id("EnterpriseScimConfig"),
+	handler: async (ctx, args) => {
+		const existing = await ctx.db.query("EnterpriseScimConfig").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", args.enterpriseId)).first();
+		if (existing) {
+			await ctx.db.patch(existing._id, args);
+			return existing._id;
+		}
+		return await ctx.db.insert("EnterpriseScimConfig", args);
+	}
+});
+const enterpriseScimConfigGetByEnterprise = query({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.union(vEnterpriseScimConfigDoc, v.null()),
+	handler: async (ctx, { enterpriseId }) => {
+		return await ctx.db.query("EnterpriseScimConfig").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).first();
+	}
+});
+const enterpriseScimConfigGetByTokenHash = query({
+	args: { tokenHash: v.string() },
+	returns: v.union(vEnterpriseScimConfigDoc, v.null()),
+	handler: async (ctx, { tokenHash }) => {
+		return await ctx.db.query("EnterpriseScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash)).first();
+	}
+});
+const enterpriseScimIdentityGet = query({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		resourceType: vScimResourceType,
+		externalId: v.string()
+	},
+	returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
+	handler: async (ctx, args) => {
+		return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_resource_type_external_id", (idx) => idx.eq("enterpriseId", args.enterpriseId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
+	}
+});
+const enterpriseScimIdentityGetByUser = query({
+	args: { userId: v.id("User") },
+	returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("EnterpriseScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", userId)).first();
+	}
+});
+const enterpriseScimIdentityGetByEnterpriseAndUser = query({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		userId: v.id("User")
+	},
+	returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
+	handler: async (ctx, { enterpriseId, userId }) => {
+		return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_user_id", (idx) => idx.eq("enterpriseId", enterpriseId).eq("userId", userId)).first();
+	}
+});
+const enterpriseScimIdentityGetByMappedGroup = query({
+	args: { mappedGroupId: v.id("Group") },
+	returns: v.union(vEnterpriseScimIdentityDoc, v.null()),
+	handler: async (ctx, { mappedGroupId }) => {
+		return await ctx.db.query("EnterpriseScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", mappedGroupId)).first();
+	}
+});
+const enterpriseScimIdentityListByEnterprise = query({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.array(vEnterpriseScimIdentityDoc),
+	handler: async (ctx, { enterpriseId }) => {
+		return await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
+	}
+});
+const enterpriseScimIdentityUpsert = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		resourceType: vScimResourceType,
+		externalId: v.string(),
+		userId: v.optional(v.id("User")),
+		mappedGroupId: v.optional(v.id("Group")),
+		lastProvisionedAt: v.optional(v.number()),
+		active: v.optional(v.boolean()),
+		raw: v.optional(v.any())
+	},
+	returns: v.id("EnterpriseScimIdentity"),
+	handler: async (ctx, args) => {
+		const existing = await ctx.db.query("EnterpriseScimIdentity").withIndex("enterprise_id_resource_type_external_id", (idx) => idx.eq("enterpriseId", args.enterpriseId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
+		if (existing) {
+			await ctx.db.patch(existing._id, args);
+			return existing._id;
+		}
+		return await ctx.db.insert("EnterpriseScimIdentity", args);
+	}
+});
+const enterpriseScimIdentityDelete = mutation({
+	args: { identityId: v.id("EnterpriseScimIdentity") },
+	returns: v.null(),
+	handler: async (ctx, { identityId }) => {
+		await ctx.db.delete(identityId);
+		return null;
+	}
+});
+const enterpriseAuditEventCreate = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		eventType: v.string(),
+		actorType: vAuditActorType,
+		actorId: v.optional(v.string()),
+		subjectType: v.string(),
+		subjectId: v.optional(v.string()),
+		status: vAuditStatus,
+		occurredAt: v.number(),
+		requestId: v.optional(v.string()),
+		ip: v.optional(v.string()),
+		metadata: v.optional(v.any())
+	},
+	returns: v.id("EnterpriseAuditEvent"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("EnterpriseAuditEvent", args);
+	}
+});
+const enterpriseAuditEventList = query({
+	args: {
+		enterpriseId: v.optional(v.id("Enterprise")),
+		groupId: v.optional(v.id("Group")),
+		limit: v.optional(v.number())
+	},
+	returns: v.array(vEnterpriseAuditEventDoc),
+	handler: async (ctx, args) => {
+		const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
+		if (args.enterpriseId !== void 0) return await ctx.db.query("EnterpriseAuditEvent").withIndex("enterprise_id_occurred_at", (idx) => idx.eq("enterpriseId", args.enterpriseId)).order("desc").take(limit);
+		if (args.groupId !== void 0) return await ctx.db.query("EnterpriseAuditEvent").withIndex("group_id_occurred_at", (idx) => idx.eq("groupId", args.groupId)).order("desc").take(limit);
+		return await ctx.db.query("EnterpriseAuditEvent").order("desc").take(limit);
+	}
+});
+const enterpriseWebhookEndpointCreate = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		groupId: v.id("Group"),
+		url: v.string(),
+		status: v.optional(vWebhookEndpointStatus),
+		secretHash: v.string(),
+		subscriptions: v.array(v.string()),
+		createdByUserId: v.optional(v.id("User")),
+		extend: v.optional(v.any())
+	},
+	returns: v.id("EnterpriseWebhookEndpoint"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("EnterpriseWebhookEndpoint", {
+			...args,
+			status: args.status ?? "active",
+			failureCount: 0
+		});
+	}
+});
+const enterpriseWebhookEndpointList = query({
+	args: { enterpriseId: v.id("Enterprise") },
+	returns: v.array(vEnterpriseWebhookEndpointDoc),
+	handler: async (ctx, { enterpriseId }) => {
+		return await ctx.db.query("EnterpriseWebhookEndpoint").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).collect();
+	}
+});
+const enterpriseWebhookEndpointGet = query({
+	args: { endpointId: v.id("EnterpriseWebhookEndpoint") },
+	returns: v.union(vEnterpriseWebhookEndpointDoc, v.null()),
+	handler: async (ctx, { endpointId }) => {
+		return await ctx.db.get(endpointId);
+	}
+});
+const enterpriseWebhookEndpointUpdate = mutation({
+	args: {
+		endpointId: v.id("EnterpriseWebhookEndpoint"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { endpointId, data }) => {
+		await ctx.db.patch(endpointId, data);
+		return null;
+	}
+});
+const enterpriseWebhookDeliveryEnqueue = mutation({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		endpointId: v.id("EnterpriseWebhookEndpoint"),
+		auditEventId: v.optional(v.id("EnterpriseAuditEvent")),
+		eventType: v.string(),
+		payload: v.any(),
+		nextAttemptAt: v.number()
+	},
+	returns: v.id("EnterpriseWebhookDelivery"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("EnterpriseWebhookDelivery", {
+			...args,
+			status: "pending",
+			attemptCount: 0
+		});
+	}
+});
+const enterpriseWebhookDeliveryListReady = query({
+	args: {
+		now: v.number(),
+		limit: v.optional(v.number())
+	},
+	returns: v.array(vEnterpriseWebhookDeliveryDoc),
+	handler: async (ctx, { now, limit }) => {
+		return await ctx.db.query("EnterpriseWebhookDelivery").withIndex("status_next_attempt_at", (idx) => idx.eq("status", "pending").lte("nextAttemptAt", now)).take(Math.min(Math.max(limit ?? 50, 1), 100));
+	}
+});
+const enterpriseWebhookDeliveryList = query({
+	args: {
+		enterpriseId: v.id("Enterprise"),
+		limit: v.optional(v.number())
+	},
+	returns: v.array(vEnterpriseWebhookDeliveryDoc),
+	handler: async (ctx, { enterpriseId, limit }) => {
+		return await ctx.db.query("EnterpriseWebhookDelivery").withIndex("enterprise_id", (idx) => idx.eq("enterpriseId", enterpriseId)).order("desc").take(Math.min(Math.max(limit ?? 50, 1), 100));
+	}
+});
+const enterpriseWebhookDeliveryPatch = mutation({
+	args: {
+		deliveryId: v.id("EnterpriseWebhookDelivery"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { deliveryId, data }) => {
+		await ctx.db.patch(deliveryId, data);
+		return null;
+	}
+});
+
+//#endregion
+export { enterpriseAuditEventCreate, enterpriseAuditEventList, enterpriseCreate, enterpriseDelete, enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert, enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert, enterpriseUpdate, enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate };
+//# sourceMappingURL=enterprise.js.map