@robelest/convex-auth 0.0.4-preview.13 → 0.0.4-preview.16

package/dist/component/public/enterprise.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enterprise.js","names":[],"sources":["../../../src/component/public/enterprise.ts"],"sourcesContent":["import {\n  ConvexError,\n  mutation,\n  query,\n  v,\n  vAuditActorType,\n  vAuditStatus,\n  vEnterpriseAuditEventDoc,\n  vEnterpriseDoc,\n  vEnterpriseDomainDoc,\n  vEnterpriseDomainVerificationDoc,\n  vEnterprisePolicy,\n  vEnterpriseScimConfigDoc,\n  vEnterpriseScimIdentityDoc,\n  vEnterpriseSecretDoc,\n  vEnterpriseSecretKind,\n  vEnterpriseStatus,\n  vEnterpriseWebhookDeliveryDoc,\n  vEnterpriseWebhookEndpointDoc,\n  vPaginated,\n  vScimResourceType,\n  vScimStatus,\n  vWebhookEndpointStatus,\n} from \"./shared\";\n\n// ============================================================================\n// Enterprise\n// ============================================================================\n\n/** Create an enterprise record attached to a root group. */\nexport const enterpriseCreate = mutation({\n  args: {\n    groupId: v.id(\"Group\"),\n    slug: v.optional(v.string()),\n    name: v.optional(v.string()),\n    status: v.optional(vEnterpriseStatus),\n    policy: v.optional(vEnterprisePolicy),\n    config: v.optional(v.any()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"Enterprise\"),\n  handler: async (ctx, args) => {\n    const existing = await ctx.db\n      .query(\"Enterprise\")\n      .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", args.groupId))\n      .first();\n    if (existing) {\n      throw new ConvexError({\n        code: \"ENTERPRISE_ALREADY_EXISTS\",\n        message: \"An enterprise record already exists for this group.\",\n      });\n    }\n    return await ctx.db.insert(\"Enterprise\", {\n      ...args,\n      status: args.status ?? \"draft\",\n    });\n  },\n});\n\n/** Retrieve an enterprise record by ID. */\nexport const enterpriseGet = query({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.union(vEnterpriseDoc, v.null()),\n  handler: async (ctx, { enterpriseId }) => {\n    return await ctx.db.get(\"Enterprise\", enterpriseId);\n  },\n});\n\n/** Retrieve an enterprise record by group ID. */\nexport const enterpriseGetByGroup = query({\n  args: { groupId: v.id(\"Group\") },\n  returns: v.union(vEnterpriseDoc, v.null()),\n  handler: async (ctx, { groupId }) => {\n    return await ctx.db\n      .query(\"Enterprise\")\n      .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", groupId))\n      .first();\n  },\n});\n\n/** Retrieve an enterprise record by a linked domain. */\nexport const enterpriseGetByDomain = query({\n  args: { domain: v.string() },\n  returns: v.union(\n    v.object({\n      enterprise: vEnterpriseDoc,\n      domain: vEnterpriseDomainDoc,\n    }),\n    v.null(),\n  ),\n  handler: async (ctx, { domain }) => {\n    const domainRow = await ctx.db\n      .query(\"EnterpriseDomain\")\n      .withIndex(\"domain\", (idx) => idx.eq(\"domain\", domain))\n      .first();\n    if (!domainRow) {\n      return null;\n    }\n    const enterprise = await ctx.db.get(\"Enterprise\", domainRow.enterpriseId);\n    if (!enterprise) {\n      return null;\n    }\n    return { enterprise, domain: domainRow };\n  },\n});\n\n/** List enterprises with lightweight filtering and cursor pagination. */\nexport const enterpriseList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        groupId: v.optional(v.id(\"Group\")),\n        slug: v.optional(v.string()),\n        status: v.optional(vEnterpriseStatus),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(\n        v.literal(\"_creationTime\"),\n        v.literal(\"name\"),\n        v.literal(\"slug\"),\n        v.literal(\"status\"),\n      ),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vEnterpriseDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    let q;\n    if (where.groupId !== undefined) {\n      q = ctx.db\n        .query(\"Enterprise\")\n        .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", where.groupId!));\n    } else if (where.slug !== undefined) {\n      q = ctx.db\n        .query(\"Enterprise\")\n        .withIndex(\"slug\", (idx) => idx.eq(\"slug\", where.slug!));\n    } else if (where.status !== undefined) {\n      q = ctx.db\n        .query(\"Enterprise\")\n        .withIndex(\"status\", (idx) => idx.eq(\"status\", where.status!));\n    } else {\n      q = ctx.db.query(\"Enterprise\");\n    }\n\n    if (where.groupId !== undefined && where.slug !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"slug\"), where.slug!));\n    }\n    if (where.status !== undefined && where.groupId === undefined) {\n      // already handled by index in the dedicated branch\n    } else if (where.status !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n    }\n\n    q = q.order(order);\n    const all = await q.collect();\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/** Patch an enterprise record. */\nexport const enterpriseUpdate = mutation({\n  args: { enterpriseId: v.id(\"Enterprise\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { enterpriseId, data }) => {\n    await ctx.db.patch(enterpriseId, data);\n    return null;\n  },\n});\n\n/** Delete an enterprise record. */\nexport const enterpriseDelete = mutation({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.null(),\n  handler: async (ctx, { enterpriseId }) => {\n    const domains = await ctx.db\n      .query(\"EnterpriseDomain\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .collect();\n    for (const domain of domains) {\n      const verification = await ctx.db\n        .query(\"EnterpriseDomainVerification\")\n        .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", domain._id))\n        .first();\n      if (verification) {\n        await ctx.db.delete(verification._id);\n      }\n      await ctx.db.delete(domain._id);\n    }\n    const secrets = await ctx.db\n      .query(\"EnterpriseSecret\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .collect();\n    for (const secret of secrets) {\n      await ctx.db.delete(secret._id);\n    }\n    await ctx.db.delete(enterpriseId);\n    return null;\n  },\n});\n\n/** Link a domain to an enterprise record. */\nexport const enterpriseDomainAdd = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    domain: v.string(),\n    isPrimary: v.optional(v.boolean()),\n  },\n  returns: v.id(\"EnterpriseDomain\"),\n  handler: async (ctx, args) => {\n    const existingByDomain = await ctx.db\n      .query(\"EnterpriseDomain\")\n      .withIndex(\"domain\", (idx) => idx.eq(\"domain\", args.domain))\n      .first();\n    if (\n      existingByDomain &&\n      existingByDomain.enterpriseId !== args.enterpriseId\n    ) {\n      throw new ConvexError({\n        code: \"ENTERPRISE_DOMAIN_TAKEN\",\n        message: \"That domain is already attached to another enterprise.\",\n      });\n    }\n\n    const existingForEnterprise = await ctx.db\n      .query(\"EnterpriseDomain\")\n      .withIndex(\"enterprise_id\", (idx) =>\n        idx.eq(\"enterpriseId\", args.enterpriseId),\n      )\n      .collect();\n\n    for (const row of existingForEnterprise) {\n      if (row.domain === args.domain) {\n        await ctx.db.patch(row._id, {\n          isPrimary: args.isPrimary ?? row.isPrimary,\n        });\n        return row._id;\n      }\n    }\n\n    if (args.isPrimary === true) {\n      for (const row of existingForEnterprise) {\n        if (row.isPrimary) {\n          await ctx.db.patch(row._id, { isPrimary: false });\n        }\n      }\n    }\n\n    return await ctx.db.insert(\"EnterpriseDomain\", {\n      ...args,\n      isPrimary: args.isPrimary ?? existingForEnterprise.length === 0,\n    });\n  },\n});\n\n/** List domains linked to an enterprise. */\nexport const enterpriseDomainList = query({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.array(vEnterpriseDomainDoc),\n  handler: async (ctx, { enterpriseId }) => {\n    return await ctx.db\n      .query(\"EnterpriseDomain\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .collect();\n  },\n});\n\n/** Remove a linked enterprise domain. */\nexport const enterpriseDomainDelete = mutation({\n  args: { domainId: v.id(\"EnterpriseDomain\") },\n  returns: v.null(),\n  handler: async (ctx, { domainId }) => {\n    const verification = await ctx.db\n      .query(\"EnterpriseDomainVerification\")\n      .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", domainId))\n      .first();\n    if (verification) {\n      await ctx.db.delete(verification._id);\n    }\n    await ctx.db.delete(domainId);\n    return null;\n  },\n});\n\nexport const enterpriseDomainVerificationGet = query({\n  args: { domainId: v.id(\"EnterpriseDomain\") },\n  returns: v.union(vEnterpriseDomainVerificationDoc, v.null()),\n  handler: async (ctx, { domainId }) => {\n    return await ctx.db\n      .query(\"EnterpriseDomainVerification\")\n      .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", domainId))\n      .first();\n  },\n});\n\nexport const enterpriseDomainVerificationUpsert = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    domainId: v.id(\"EnterpriseDomain\"),\n    domain: v.string(),\n    recordName: v.string(),\n    token: v.string(),\n    tokenHash: v.string(),\n    requestedAt: v.number(),\n    expiresAt: v.number(),\n  },\n  returns: v.id(\"EnterpriseDomainVerification\"),\n  handler: async (ctx, args) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseDomainVerification\")\n      .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", args.domainId))\n      .first();\n    if (existing) {\n      await ctx.db.patch(existing._id, args);\n      return existing._id;\n    }\n    return await ctx.db.insert(\"EnterpriseDomainVerification\", args);\n  },\n});\n\nexport const enterpriseDomainVerificationDelete = mutation({\n  args: { domainId: v.id(\"EnterpriseDomain\") },\n  returns: v.null(),\n  handler: async (ctx, { domainId }) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseDomainVerification\")\n      .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", domainId))\n      .first();\n    if (existing) {\n      await ctx.db.delete(existing._id);\n    }\n    return null;\n  },\n});\n\nexport const enterpriseDomainVerify = mutation({\n  args: {\n    domainId: v.id(\"EnterpriseDomain\"),\n    verifiedAt: v.number(),\n  },\n  returns: vEnterpriseDomainDoc,\n  handler: async (ctx, { domainId, verifiedAt }) => {\n    await ctx.db.patch(domainId, { verifiedAt });\n    const domain = await ctx.db.get(\"EnterpriseDomain\", domainId);\n    if (!domain) {\n      throw new ConvexError({\n        code: \"INVALID_PARAMETERS\",\n        message: \"Enterprise domain not found.\",\n      });\n    }\n    const verification = await ctx.db\n      .query(\"EnterpriseDomainVerification\")\n      .withIndex(\"domain_id\", (idx) => idx.eq(\"domainId\", domainId))\n      .first();\n    if (verification) {\n      await ctx.db.delete(verification._id);\n    }\n    return domain;\n  },\n});\n\nexport const enterpriseSecretUpsert = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    kind: vEnterpriseSecretKind,\n    ciphertext: v.string(),\n    updatedAt: v.number(),\n  },\n  returns: v.id(\"EnterpriseSecret\"),\n  handler: async (ctx, args) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseSecret\")\n      .withIndex(\"enterprise_id_kind\", (idx) =>\n        idx.eq(\"enterpriseId\", args.enterpriseId).eq(\"kind\", args.kind),\n      )\n      .first();\n    if (existing) {\n      await ctx.db.patch(existing._id, args);\n      return existing._id;\n    }\n    return await ctx.db.insert(\"EnterpriseSecret\", args);\n  },\n});\n\nexport const enterpriseSecretGet = query({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    kind: vEnterpriseSecretKind,\n  },\n  returns: v.union(vEnterpriseSecretDoc, v.null()),\n  handler: async (ctx, { enterpriseId, kind }) => {\n    return await ctx.db\n      .query(\"EnterpriseSecret\")\n      .withIndex(\"enterprise_id_kind\", (idx) =>\n        idx.eq(\"enterpriseId\", enterpriseId).eq(\"kind\", kind),\n      )\n      .first();\n  },\n});\n\nexport const enterpriseSecretDelete = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    kind: vEnterpriseSecretKind,\n  },\n  returns: v.null(),\n  handler: async (ctx, { enterpriseId, kind }) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseSecret\")\n      .withIndex(\"enterprise_id_kind\", (idx) =>\n        idx.eq(\"enterpriseId\", enterpriseId).eq(\"kind\", kind),\n      )\n      .first();\n    if (existing) {\n      await ctx.db.delete(existing._id);\n    }\n    return null;\n  },\n});\n\n/** Create or rotate SCIM configuration for an enterprise. */\nexport const enterpriseScimConfigUpsert = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    status: vScimStatus,\n    basePath: v.string(),\n    tokenHash: v.string(),\n    lastRotatedAt: v.optional(v.number()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"EnterpriseScimConfig\"),\n  handler: async (ctx, args) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseScimConfig\")\n      .withIndex(\"enterprise_id\", (idx) =>\n        idx.eq(\"enterpriseId\", args.enterpriseId),\n      )\n      .first();\n    if (existing) {\n      await ctx.db.patch(existing._id, args);\n      return existing._id;\n    }\n    return await ctx.db.insert(\"EnterpriseScimConfig\", args);\n  },\n});\n\nexport const enterpriseScimConfigGetByEnterprise = query({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.union(vEnterpriseScimConfigDoc, v.null()),\n  handler: async (ctx, { enterpriseId }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimConfig\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .first();\n  },\n});\n\nexport const enterpriseScimConfigGetByTokenHash = query({\n  args: { tokenHash: v.string() },\n  returns: v.union(vEnterpriseScimConfigDoc, v.null()),\n  handler: async (ctx, { tokenHash }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimConfig\")\n      .withIndex(\"token_hash\", (idx) => idx.eq(\"tokenHash\", tokenHash))\n      .first();\n  },\n});\n\nexport const enterpriseScimIdentityGet = query({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    resourceType: vScimResourceType,\n    externalId: v.string(),\n  },\n  returns: v.union(vEnterpriseScimIdentityDoc, v.null()),\n  handler: async (ctx, args) => {\n    return await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"enterprise_id_resource_type_external_id\", (idx) =>\n        idx\n          .eq(\"enterpriseId\", args.enterpriseId)\n          .eq(\"resourceType\", args.resourceType)\n          .eq(\"externalId\", args.externalId),\n      )\n      .first();\n  },\n});\n\nexport const enterpriseScimIdentityGetByUser = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.union(vEnterpriseScimIdentityDoc, v.null()),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", userId))\n      .first();\n  },\n});\n\nexport const enterpriseScimIdentityGetByEnterpriseAndUser = query({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    userId: v.id(\"User\"),\n  },\n  returns: v.union(vEnterpriseScimIdentityDoc, v.null()),\n  handler: async (ctx, { enterpriseId, userId }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"enterprise_id_user_id\", (idx) =>\n        idx.eq(\"enterpriseId\", enterpriseId).eq(\"userId\", userId),\n      )\n      .first();\n  },\n});\n\nexport const enterpriseScimIdentityGetByMappedGroup = query({\n  args: { mappedGroupId: v.id(\"Group\") },\n  returns: v.union(vEnterpriseScimIdentityDoc, v.null()),\n  handler: async (ctx, { mappedGroupId }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"mapped_group_id\", (idx) =>\n        idx.eq(\"mappedGroupId\", mappedGroupId),\n      )\n      .first();\n  },\n});\n\nexport const enterpriseScimIdentityListByEnterprise = query({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.array(vEnterpriseScimIdentityDoc),\n  handler: async (ctx, { enterpriseId }) => {\n    return await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .collect();\n  },\n});\n\nexport const enterpriseScimIdentityUpsert = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    resourceType: vScimResourceType,\n    externalId: v.string(),\n    userId: v.optional(v.id(\"User\")),\n    mappedGroupId: v.optional(v.id(\"Group\")),\n    lastProvisionedAt: v.optional(v.number()),\n    active: v.optional(v.boolean()),\n    raw: v.optional(v.any()),\n  },\n  returns: v.id(\"EnterpriseScimIdentity\"),\n  handler: async (ctx, args) => {\n    const existing = await ctx.db\n      .query(\"EnterpriseScimIdentity\")\n      .withIndex(\"enterprise_id_resource_type_external_id\", (idx) =>\n        idx\n          .eq(\"enterpriseId\", args.enterpriseId)\n          .eq(\"resourceType\", args.resourceType)\n          .eq(\"externalId\", args.externalId),\n      )\n      .first();\n    if (existing) {\n      await ctx.db.patch(existing._id, args);\n      return existing._id;\n    }\n    return await ctx.db.insert(\"EnterpriseScimIdentity\", args);\n  },\n});\n\nexport const enterpriseScimIdentityDelete = mutation({\n  args: { identityId: v.id(\"EnterpriseScimIdentity\") },\n  returns: v.null(),\n  handler: async (ctx, { identityId }) => {\n    await ctx.db.delete(identityId);\n    return null;\n  },\n});\n\nexport const enterpriseAuditEventCreate = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    eventType: v.string(),\n    actorType: vAuditActorType,\n    actorId: v.optional(v.string()),\n    subjectType: v.string(),\n    subjectId: v.optional(v.string()),\n    status: vAuditStatus,\n    occurredAt: v.number(),\n    requestId: v.optional(v.string()),\n    ip: v.optional(v.string()),\n    metadata: v.optional(v.any()),\n  },\n  returns: v.id(\"EnterpriseAuditEvent\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"EnterpriseAuditEvent\", args);\n  },\n});\n\nexport const enterpriseAuditEventList = query({\n  args: {\n    enterpriseId: v.optional(v.id(\"Enterprise\")),\n    groupId: v.optional(v.id(\"Group\")),\n    limit: v.optional(v.number()),\n  },\n  returns: v.array(vEnterpriseAuditEventDoc),\n  handler: async (ctx, args) => {\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    if (args.enterpriseId !== undefined) {\n      return await ctx.db\n        .query(\"EnterpriseAuditEvent\")\n        .withIndex(\"enterprise_id_occurred_at\", (idx) =>\n          idx.eq(\"enterpriseId\", args.enterpriseId!),\n        )\n        .order(\"desc\")\n        .take(limit);\n    }\n    if (args.groupId !== undefined) {\n      return await ctx.db\n        .query(\"EnterpriseAuditEvent\")\n        .withIndex(\"group_id_occurred_at\", (idx) =>\n          idx.eq(\"groupId\", args.groupId!),\n        )\n        .order(\"desc\")\n        .take(limit);\n    }\n    return await ctx.db.query(\"EnterpriseAuditEvent\").order(\"desc\").take(limit);\n  },\n});\n\nexport const enterpriseWebhookEndpointCreate = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    groupId: v.id(\"Group\"),\n    url: v.string(),\n    status: v.optional(vWebhookEndpointStatus),\n    secretHash: v.string(),\n    subscriptions: v.array(v.string()),\n    createdByUserId: v.optional(v.id(\"User\")),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"EnterpriseWebhookEndpoint\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"EnterpriseWebhookEndpoint\", {\n      ...args,\n      status: args.status ?? \"active\",\n      failureCount: 0,\n    });\n  },\n});\n\nexport const enterpriseWebhookEndpointList = query({\n  args: { enterpriseId: v.id(\"Enterprise\") },\n  returns: v.array(vEnterpriseWebhookEndpointDoc),\n  handler: async (ctx, { enterpriseId }) => {\n    return await ctx.db\n      .query(\"EnterpriseWebhookEndpoint\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .collect();\n  },\n});\n\nexport const enterpriseWebhookEndpointGet = query({\n  args: { endpointId: v.id(\"EnterpriseWebhookEndpoint\") },\n  returns: v.union(vEnterpriseWebhookEndpointDoc, v.null()),\n  handler: async (ctx, { endpointId }) => {\n    return await ctx.db.get(endpointId);\n  },\n});\n\nexport const enterpriseWebhookEndpointUpdate = mutation({\n  args: { endpointId: v.id(\"EnterpriseWebhookEndpoint\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { endpointId, data }) => {\n    await ctx.db.patch(endpointId, data);\n    return null;\n  },\n});\n\nexport const enterpriseWebhookDeliveryEnqueue = mutation({\n  args: {\n    enterpriseId: v.id(\"Enterprise\"),\n    endpointId: v.id(\"EnterpriseWebhookEndpoint\"),\n    auditEventId: v.optional(v.id(\"EnterpriseAuditEvent\")),\n    eventType: v.string(),\n    payload: v.any(),\n    nextAttemptAt: v.number(),\n  },\n  returns: v.id(\"EnterpriseWebhookDelivery\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"EnterpriseWebhookDelivery\", {\n      ...args,\n      status: \"pending\",\n      attemptCount: 0,\n    });\n  },\n});\n\nexport const enterpriseWebhookDeliveryListReady = query({\n  args: { now: v.number(), limit: v.optional(v.number()) },\n  returns: v.array(vEnterpriseWebhookDeliveryDoc),\n  handler: async (ctx, { now, limit }) => {\n    return await ctx.db\n      .query(\"EnterpriseWebhookDelivery\")\n      .withIndex(\"status_next_attempt_at\", (idx) =>\n        idx.eq(\"status\", \"pending\").lte(\"nextAttemptAt\", now),\n      )\n      .take(Math.min(Math.max(limit ?? 50, 1), 100));\n  },\n});\n\nexport const enterpriseWebhookDeliveryList = query({\n  args: { enterpriseId: v.id(\"Enterprise\"), limit: v.optional(v.number()) },\n  returns: v.array(vEnterpriseWebhookDeliveryDoc),\n  handler: async (ctx, { enterpriseId, limit }) => {\n    return await ctx.db\n      .query(\"EnterpriseWebhookDelivery\")\n      .withIndex(\"enterprise_id\", (idx) => idx.eq(\"enterpriseId\", enterpriseId))\n      .order(\"desc\")\n      .take(Math.min(Math.max(limit ?? 50, 1), 100));\n  },\n});\n\nexport const enterpriseWebhookDeliveryPatch = mutation({\n  args: { deliveryId: v.id(\"EnterpriseWebhookDelivery\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { deliveryId, data }) => {\n    await ctx.db.patch(deliveryId, data);\n    return null;\n  },\n});\n"],"mappings":";;;;;;AA8BA,MAAa,mBAAmB,SAAS;CACvC,MAAM;EACJ,SAAS,EAAE,GAAG,QAAQ;EACtB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,QAAQ,EAAE,SAAS,kBAAkB;EACrC,QAAQ,EAAE,SAAS,kBAAkB;EACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC3B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAK5B,MAJiB,MAAM,IAAI,GACxB,MAAM,aAAa,CACnB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,KAAK,QAAQ,CAAC,CAC/D,OAAO,CAER,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc;GACvC,GAAG;GACH,QAAQ,KAAK,UAAU;GACxB,CAAC;;CAEL,CAAC;;AAGF,MAAa,gBAAgB,MAAM;CACjC,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GAAG,IAAI,cAAc,aAAa;;CAEtD,CAAC;;AAGF,MAAa,uBAAuB,MAAM;CACxC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,cAAc;AACnC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,QAAQ,CAAC,CAC1D,OAAO;;CAEb,CAAC;;AAGF,MAAa,wBAAwB,MAAM;CACzC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE;CAC5B,SAAS,EAAE,MACT,EAAE,OAAO;EACP,YAAY;EACZ,QAAQ;EACT,CAAC,EACF,EAAE,MAAM,CACT;CACD,SAAS,OAAO,KAAK,EAAE,aAAa;EAClC,MAAM,YAAY,MAAM,IAAI,GACzB,MAAM,mBAAmB,CACzB,UAAU,WAAW,QAAQ,IAAI,GAAG,UAAU,OAAO,CAAC,CACtD,OAAO;AACV,MAAI,CAAC,UACH,QAAO;EAET,MAAM,aAAa,MAAM,IAAI,GAAG,IAAI,cAAc,UAAU,aAAa;AACzE,MAAI,CAAC,WACH,QAAO;AAET,SAAO;GAAE;GAAY,QAAQ;GAAW;;CAE3C,CAAC;;AAGF,MAAa,iBAAiB,MAAM;CAClC,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GAClC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,kBAAkB;GACtC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,SAAS,CACpB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,eAAe;CACnC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,YAAY,OACpB,KAAI,IAAI,GACL,MAAM,aAAa,CACnB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC;WAC3D,MAAM,SAAS,OACxB,KAAI,IAAI,GACL,MAAM,aAAa,CACnB,UAAU,SAAS,QAAQ,IAAI,GAAG,QAAQ,MAAM,KAAM,CAAC;WACjD,MAAM,WAAW,OAC1B,KAAI,IAAI,GACL,MAAM,aAAa,CACnB,UAAU,WAAW,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEhE,KAAI,IAAI,GAAG,MAAM,aAAa;AAGhC,MAAI,MAAM,YAAY,UAAa,MAAM,SAAS,OAChD,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAEzD,MAAI,MAAM,WAAW,UAAa,MAAM,YAAY,QAAW,YAEpD,MAAM,WAAW,OAC1B,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAG7D,MAAI,EAAE,MAAM,MAAM;EAClB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;AAGF,MAAa,mBAAmB,SAAS;CACvC,MAAM;EAAE,cAAc,EAAE,GAAG,aAAa;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,cAAc,WAAW;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,KAAK;AACtC,SAAO;;CAEV,CAAC;;AAGF,MAAa,mBAAmB,SAAS;CACvC,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,mBAAmB;EACxC,MAAM,UAAU,MAAM,IAAI,GACvB,MAAM,mBAAmB,CACzB,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,SAAS;AACZ,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,eAAe,MAAM,IAAI,GAC5B,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,OAAO,IAAI,CAAC,CAC/D,OAAO;AACV,OAAI,aACF,OAAM,IAAI,GAAG,OAAO,aAAa,IAAI;AAEvC,SAAM,IAAI,GAAG,OAAO,OAAO,IAAI;;EAEjC,MAAM,UAAU,MAAM,IAAI,GACvB,MAAM,mBAAmB,CACzB,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,SAAS;AACZ,OAAK,MAAM,UAAU,QACnB,OAAM,IAAI,GAAG,OAAO,OAAO,IAAI;AAEjC,QAAM,IAAI,GAAG,OAAO,aAAa;AACjC,SAAO;;CAEV,CAAC;;AAGF,MAAa,sBAAsB,SAAS;CAC1C,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ,EAAE,QAAQ;EAClB,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC;EACnC;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,mBAAmB,MAAM,IAAI,GAChC,MAAM,mBAAmB,CACzB,UAAU,WAAW,QAAQ,IAAI,GAAG,UAAU,KAAK,OAAO,CAAC,CAC3D,OAAO;AACV,MACE,oBACA,iBAAiB,iBAAiB,KAAK,aAEvC,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;EAGJ,MAAM,wBAAwB,MAAM,IAAI,GACrC,MAAM,mBAAmB,CACzB,UAAU,kBAAkB,QAC3B,IAAI,GAAG,gBAAgB,KAAK,aAAa,CAC1C,CACA,SAAS;AAEZ,OAAK,MAAM,OAAO,sBAChB,KAAI,IAAI,WAAW,KAAK,QAAQ;AAC9B,SAAM,IAAI,GAAG,MAAM,IAAI,KAAK,EAC1B,WAAW,KAAK,aAAa,IAAI,WAClC,CAAC;AACF,UAAO,IAAI;;AAIf,MAAI,KAAK,cAAc,MACrB;QAAK,MAAM,OAAO,sBAChB,KAAI,IAAI,UACN,OAAM,IAAI,GAAG,MAAM,IAAI,KAAK,EAAE,WAAW,OAAO,CAAC;;AAKvD,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB;GAC7C,GAAG;GACH,WAAW,KAAK,aAAa,sBAAsB,WAAW;GAC/D,CAAC;;CAEL,CAAC;;AAGF,MAAa,uBAAuB,MAAM;CACxC,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM,qBAAqB;CACtC,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,SAAS;;CAEf,CAAC;;AAGF,MAAa,yBAAyB,SAAS;CAC7C,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,EAAE;CAC5C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;EACpC,MAAM,eAAe,MAAM,IAAI,GAC5B,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,SAAS,CAAC,CAC7D,OAAO;AACV,MAAI,aACF,OAAM,IAAI,GAAG,OAAO,aAAa,IAAI;AAEvC,QAAM,IAAI,GAAG,OAAO,SAAS;AAC7B,SAAO;;CAEV,CAAC;AAEF,MAAa,kCAAkC,MAAM;CACnD,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,EAAE;CAC5C,SAAS,EAAE,MAAM,kCAAkC,EAAE,MAAM,CAAC;CAC5D,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GACd,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,SAAS,CAAC,CAC7D,OAAO;;CAEb,CAAC;AAEF,MAAa,qCAAqC,SAAS;CACzD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,UAAU,EAAE,GAAG,mBAAmB;EAClC,QAAQ,EAAE,QAAQ;EAClB,YAAY,EAAE,QAAQ;EACtB,OAAO,EAAE,QAAQ;EACjB,WAAW,EAAE,QAAQ;EACrB,aAAa,EAAE,QAAQ;EACvB,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,+BAA+B;CAC7C,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,KAAK,SAAS,CAAC,CAClE,OAAO;AACV,MAAI,UAAU;AACZ,SAAM,IAAI,GAAG,MAAM,SAAS,KAAK,KAAK;AACtC,UAAO,SAAS;;AAElB,SAAO,MAAM,IAAI,GAAG,OAAO,gCAAgC,KAAK;;CAEnE,CAAC;AAEF,MAAa,qCAAqC,SAAS;CACzD,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,EAAE;CAC5C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;EACpC,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,SAAS,CAAC,CAC7D,OAAO;AACV,MAAI,SACF,OAAM,IAAI,GAAG,OAAO,SAAS,IAAI;AAEnC,SAAO;;CAEV,CAAC;AAEF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,UAAU,EAAE,GAAG,mBAAmB;EAClC,YAAY,EAAE,QAAQ;EACvB;CACD,SAAS;CACT,SAAS,OAAO,KAAK,EAAE,UAAU,iBAAiB;AAChD,QAAM,IAAI,GAAG,MAAM,UAAU,EAAE,YAAY,CAAC;EAC5C,MAAM,SAAS,MAAM,IAAI,GAAG,IAAI,oBAAoB,SAAS;AAC7D,MAAI,CAAC,OACH,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;EAEJ,MAAM,eAAe,MAAM,IAAI,GAC5B,MAAM,+BAA+B,CACrC,UAAU,cAAc,QAAQ,IAAI,GAAG,YAAY,SAAS,CAAC,CAC7D,OAAO;AACV,MAAI,aACF,OAAM,IAAI,GAAG,OAAO,aAAa,IAAI;AAEvC,SAAO;;CAEV,CAAC;AAEF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,MAAM;EACN,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,mBAAmB,CACzB,UAAU,uBAAuB,QAChC,IAAI,GAAG,gBAAgB,KAAK,aAAa,CAAC,GAAG,QAAQ,KAAK,KAAK,CAChE,CACA,OAAO;AACV,MAAI,UAAU;AACZ,SAAM,IAAI,GAAG,MAAM,SAAS,KAAK,KAAK;AACtC,UAAO,SAAS;;AAElB,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB,KAAK;;CAEvD,CAAC;AAEF,MAAa,sBAAsB,MAAM;CACvC,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,MAAM;EACP;CACD,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,cAAc,WAAW;AAC9C,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,uBAAuB,QAChC,IAAI,GAAG,gBAAgB,aAAa,CAAC,GAAG,QAAQ,KAAK,CACtD,CACA,OAAO;;CAEb,CAAC;AAEF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,MAAM;EACP;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,cAAc,WAAW;EAC9C,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,mBAAmB,CACzB,UAAU,uBAAuB,QAChC,IAAI,GAAG,gBAAgB,aAAa,CAAC,GAAG,QAAQ,KAAK,CACtD,CACA,OAAO;AACV,MAAI,SACF,OAAM,IAAI,GAAG,OAAO,SAAS,IAAI;AAEnC,SAAO;;CAEV,CAAC;;AAGF,MAAa,6BAA6B,SAAS;CACjD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ;EACR,UAAU,EAAE,QAAQ;EACpB,WAAW,EAAE,QAAQ;EACrB,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,uBAAuB;CACrC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,uBAAuB,CAC7B,UAAU,kBAAkB,QAC3B,IAAI,GAAG,gBAAgB,KAAK,aAAa,CAC1C,CACA,OAAO;AACV,MAAI,UAAU;AACZ,SAAM,IAAI,GAAG,MAAM,SAAS,KAAK,KAAK;AACtC,UAAO,SAAS;;AAElB,SAAO,MAAM,IAAI,GAAG,OAAO,wBAAwB,KAAK;;CAE3D,CAAC;AAEF,MAAa,sCAAsC,MAAM;CACvD,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM,0BAA0B,EAAE,MAAM,CAAC;CACpD,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,uBAAuB,CAC7B,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,OAAO;;CAEb,CAAC;AAEF,MAAa,qCAAqC,MAAM;CACtD,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,0BAA0B,EAAE,MAAM,CAAC;CACpD,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,uBAAuB,CAC7B,UAAU,eAAe,QAAQ,IAAI,GAAG,aAAa,UAAU,CAAC,CAChE,OAAO;;CAEb,CAAC;AAEF,MAAa,4BAA4B,MAAM;CAC7C,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,cAAc;EACd,YAAY,EAAE,QAAQ;EACvB;CACD,SAAS,EAAE,MAAM,4BAA4B,EAAE,MAAM,CAAC;CACtD,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GACd,MAAM,yBAAyB,CAC/B,UAAU,4CAA4C,QACrD,IACG,GAAG,gBAAgB,KAAK,aAAa,CACrC,GAAG,gBAAgB,KAAK,aAAa,CACrC,GAAG,cAAc,KAAK,WAAW,CACrC,CACA,OAAO;;CAEb,CAAC;AAEF,MAAa,kCAAkC,MAAM;CACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,4BAA4B,EAAE,MAAM,CAAC;CACtD,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,yBAAyB,CAC/B,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,OAAO,CAAC,CACvD,OAAO;;CAEb,CAAC;AAEF,MAAa,+CAA+C,MAAM;CAChE,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,QAAQ,EAAE,GAAG,OAAO;EACrB;CACD,SAAS,EAAE,MAAM,4BAA4B,EAAE,MAAM,CAAC;CACtD,SAAS,OAAO,KAAK,EAAE,cAAc,aAAa;AAChD,SAAO,MAAM,IAAI,GACd,MAAM,yBAAyB,CAC/B,UAAU,0BAA0B,QACnC,IAAI,GAAG,gBAAgB,aAAa,CAAC,GAAG,UAAU,OAAO,CAC1D,CACA,OAAO;;CAEb,CAAC;AAEF,MAAa,yCAAyC,MAAM;CAC1D,MAAM,EAAE,eAAe,EAAE,GAAG,QAAQ,EAAE;CACtC,SAAS,EAAE,MAAM,4BAA4B,EAAE,MAAM,CAAC;CACtD,SAAS,OAAO,KAAK,EAAE,oBAAoB;AACzC,SAAO,MAAM,IAAI,GACd,MAAM,yBAAyB,CAC/B,UAAU,oBAAoB,QAC7B,IAAI,GAAG,iBAAiB,cAAc,CACvC,CACA,OAAO;;CAEb,CAAC;AAEF,MAAa,yCAAyC,MAAM;CAC1D,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM,2BAA2B;CAC5C,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,yBAAyB,CAC/B,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,SAAS;;CAEf,CAAC;AAEF,MAAa,+BAA+B,SAAS;CACnD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,cAAc;EACd,YAAY,EAAE,QAAQ;EACtB,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EACxC,mBAAmB,EAAE,SAAS,EAAE,QAAQ,CAAC;EACzC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;EAC/B,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC;EACzB;CACD,SAAS,EAAE,GAAG,yBAAyB;CACvC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,yBAAyB,CAC/B,UAAU,4CAA4C,QACrD,IACG,GAAG,gBAAgB,KAAK,aAAa,CACrC,GAAG,gBAAgB,KAAK,aAAa,CACrC,GAAG,cAAc,KAAK,WAAW,CACrC,CACA,OAAO;AACV,MAAI,UAAU;AACZ,SAAM,IAAI,GAAG,MAAM,SAAS,KAAK,KAAK;AACtC,UAAO,SAAS;;AAElB,SAAO,MAAM,IAAI,GAAG,OAAO,0BAA0B,KAAK;;CAE7D,CAAC;AAEF,MAAa,+BAA+B,SAAS;CACnD,MAAM,EAAE,YAAY,EAAE,GAAG,yBAAyB,EAAE;CACpD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,QAAM,IAAI,GAAG,OAAO,WAAW;AAC/B,SAAO;;CAEV,CAAC;AAEF,MAAa,6BAA6B,SAAS;CACjD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,WAAW,EAAE,QAAQ;EACrB,WAAW;EACX,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC/B,aAAa,EAAE,QAAQ;EACvB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,QAAQ;EACR,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC1B,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;EAC9B;CACD,SAAS,EAAE,GAAG,uBAAuB;CACrC,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,wBAAwB,KAAK;;CAE3D,CAAC;AAEF,MAAa,2BAA2B,MAAM;CAC5C,MAAM;EACJ,cAAc,EAAE,SAAS,EAAE,GAAG,aAAa,CAAC;EAC5C,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAClC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B;CACD,SAAS,EAAE,MAAM,yBAAyB;CAC1C,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;AAC1D,MAAI,KAAK,iBAAiB,OACxB,QAAO,MAAM,IAAI,GACd,MAAM,uBAAuB,CAC7B,UAAU,8BAA8B,QACvC,IAAI,GAAG,gBAAgB,KAAK,aAAc,CAC3C,CACA,MAAM,OAAO,CACb,KAAK,MAAM;AAEhB,MAAI,KAAK,YAAY,OACnB,QAAO,MAAM,IAAI,GACd,MAAM,uBAAuB,CAC7B,UAAU,yBAAyB,QAClC,IAAI,GAAG,WAAW,KAAK,QAAS,CACjC,CACA,MAAM,OAAO,CACb,KAAK,MAAM;AAEhB,SAAO,MAAM,IAAI,GAAG,MAAM,uBAAuB,CAAC,MAAM,OAAO,CAAC,KAAK,MAAM;;CAE9E,CAAC;AAEF,MAAa,kCAAkC,SAAS;CACtD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,KAAK,EAAE,QAAQ;EACf,QAAQ,EAAE,SAAS,uBAAuB;EAC1C,YAAY,EAAE,QAAQ;EACtB,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC;EAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EACzC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,4BAA4B;CAC1C,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,6BAA6B;GACtD,GAAG;GACH,QAAQ,KAAK,UAAU;GACvB,cAAc;GACf,CAAC;;CAEL,CAAC;AAEF,MAAa,gCAAgC,MAAM;CACjD,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE;CAC1C,SAAS,EAAE,MAAM,8BAA8B;CAC/C,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,4BAA4B,CAClC,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,SAAS;;CAEf,CAAC;AAEF,MAAa,+BAA+B,MAAM;CAChD,MAAM,EAAE,YAAY,EAAE,GAAG,4BAA4B,EAAE;CACvD,SAAS,EAAE,MAAM,+BAA+B,EAAE,MAAM,CAAC;CACzD,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW;;CAEtC,CAAC;AAEF,MAAa,kCAAkC,SAAS;CACtD,MAAM;EAAE,YAAY,EAAE,GAAG,4BAA4B;EAAE,MAAM,EAAE,KAAK;EAAE;CACtE,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY,WAAW;AAC5C,QAAM,IAAI,GAAG,MAAM,YAAY,KAAK;AACpC,SAAO;;CAEV,CAAC;AAEF,MAAa,mCAAmC,SAAS;CACvD,MAAM;EACJ,cAAc,EAAE,GAAG,aAAa;EAChC,YAAY,EAAE,GAAG,4BAA4B;EAC7C,cAAc,EAAE,SAAS,EAAE,GAAG,uBAAuB,CAAC;EACtD,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,KAAK;EAChB,eAAe,EAAE,QAAQ;EAC1B;CACD,SAAS,EAAE,GAAG,4BAA4B;CAC1C,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,6BAA6B;GACtD,GAAG;GACH,QAAQ;GACR,cAAc;GACf,CAAC;;CAEL,CAAC;AAEF,MAAa,qCAAqC,MAAM;CACtD,MAAM;EAAE,KAAK,EAAE,QAAQ;EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE;CACxD,SAAS,EAAE,MAAM,8BAA8B;CAC/C,SAAS,OAAO,KAAK,EAAE,KAAK,YAAY;AACtC,SAAO,MAAM,IAAI,GACd,MAAM,4BAA4B,CAClC,UAAU,2BAA2B,QACpC,IAAI,GAAG,UAAU,UAAU,CAAC,IAAI,iBAAiB,IAAI,CACtD,CACA,KAAK,KAAK,IAAI,KAAK,IAAI,SAAS,IAAI,EAAE,EAAE,IAAI,CAAC;;CAEnD,CAAC;AAEF,MAAa,gCAAgC,MAAM;CACjD,MAAM;EAAE,cAAc,EAAE,GAAG,aAAa;EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE;CACzE,SAAS,EAAE,MAAM,8BAA8B;CAC/C,SAAS,OAAO,KAAK,EAAE,cAAc,YAAY;AAC/C,SAAO,MAAM,IAAI,GACd,MAAM,4BAA4B,CAClC,UAAU,kBAAkB,QAAQ,IAAI,GAAG,gBAAgB,aAAa,CAAC,CACzE,MAAM,OAAO,CACb,KAAK,KAAK,IAAI,KAAK,IAAI,SAAS,IAAI,EAAE,EAAE,IAAI,CAAC;;CAEnD,CAAC;AAEF,MAAa,iCAAiC,SAAS;CACrD,MAAM;EAAE,YAAY,EAAE,GAAG,4BAA4B;EAAE,MAAM,EAAE,KAAK;EAAE;CACtE,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY,WAAW;AAC5C,QAAM,IAAI,GAAG,MAAM,YAAY,KAAK;AACpC,SAAO;;CAEV,CAAC"}

package/dist/component/public/factors.d.ts

@@ -0,0 +1,52 @@
+declare namespace factors_d_exports {
+  export { deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed };
+}
+/** Store a new passkey credential for a user. */
+declare const passkeyInsert: any;
+/** Look up a passkey by its credential ID. */
+declare const passkeyGetByCredentialId: any;
+/** List all passkeys for a user. */
+declare const passkeyListByUserId: any;
+/** Update a passkey's counter and last used timestamp after authentication. */
+declare const passkeyUpdateCounter: any;
+/** Update a passkey's metadata (name). */
+declare const passkeyUpdateMeta: any;
+/** Delete a passkey credential. */
+declare const passkeyDelete: any;
+/** Store a new TOTP enrollment for a user. */
+declare const totpInsert: any;
+/** Get a verified TOTP enrollment for a user (returns first match). */
+declare const totpGetVerifiedByUserId: any;
+/** List all TOTP enrollments for a user. */
+declare const totpListByUserId: any;
+/** Get a TOTP enrollment by its ID. */
+declare const totpGetById: any;
+/** Mark a TOTP enrollment as verified (setup complete). */
+declare const totpMarkVerified: any;
+/** Update a TOTP enrollment's last used timestamp. */
+declare const totpUpdateLastUsed: any;
+/** Delete a TOTP enrollment. */
+declare const totpDelete: any;
+/** Look up a rate limit entry by its identifier. */
+declare const rateLimitGet: any;
+/** Create a new rate limit entry. */
+declare const rateLimitCreate: any;
+/** Patch a rate limit entry with partial data. */
+declare const rateLimitPatch: any;
+/** Delete a rate limit entry. */
+declare const rateLimitDelete: any;
+/** Insert a new device authorization record. */
+declare const deviceInsert: any;
+/** Look up a device authorization by its hashed device code. */
+declare const deviceGetByCodeHash: any;
+/** Look up a pending device authorization by its user code. */
+declare const deviceGetByUserCode: any;
+/** Authorize a device code — link it to a user and session. */
+declare const deviceAuthorize: any;
+/** Update the last-polled timestamp on a device authorization record. */
+declare const deviceUpdateLastPolled: any;
+/** Delete a device authorization record (cleanup after use or expiry). */
+declare const deviceDelete: any;
+//#endregion
+export { deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, factors_d_exports, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed };
+//# sourceMappingURL=factors.d.ts.map

package/dist/component/public/factors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factors.d.ts","names":[],"sources":["../../../src/component/public/factors.ts"],"mappings":";;;;cAgBa,aAAA;;cAoBA,wBAAA;;cAYA,mBAAA;;cAYA,oBAAA;;cAcA,iBAAA;;cAUA,aAAA;;cAcA,UAAA;;cAiBA,uBAAA;;cAaA,gBAAA;;cAYA,WAAA;;cASA,gBAAA;;cAUA,kBAAA;;cAUA,UAAA;;cAcA,YAAA;AAvKb;AAAA,cA2La,eAAA;;cAiBA,cAAA;;cAmBA,eAAA;;cAcA,YAAA;;cAeA,mBAAA;AA5Nb;AAAA,cA0Oa,mBAAA;;cAcA,eAAA;;cAkBA,sBAAA;;cAUA,YAAA"}

package/dist/component/public/factors.js

@@ -0,0 +1,285 @@
+import { mutation, query } from "../functions.js";
+import { vDeviceCodeDoc, vDeviceStatus, vPasskeyDoc, vRateLimitResult, vTotpFactorDoc } from "../model.js";
+import { v } from "./shared.js";
+
+//#region src/component/public/factors.ts
+/** Store a new passkey credential for a user. */
+const passkeyInsert = mutation({
+	args: {
+		userId: v.id("User"),
+		credentialId: v.string(),
+		publicKey: v.bytes(),
+		algorithm: v.number(),
+		counter: v.number(),
+		transports: v.optional(v.array(v.string())),
+		deviceType: v.string(),
+		backedUp: v.boolean(),
+		name: v.optional(v.string()),
+		createdAt: v.number()
+	},
+	returns: v.id("Passkey"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("Passkey", args);
+	}
+});
+/** Look up a passkey by its credential ID. */
+const passkeyGetByCredentialId = query({
+	args: { credentialId: v.string() },
+	returns: v.union(vPasskeyDoc, v.null()),
+	handler: async (ctx, { credentialId }) => {
+		return await ctx.db.query("Passkey").withIndex("credential_id", (q) => q.eq("credentialId", credentialId)).unique();
+	}
+});
+/** List all passkeys for a user. */
+const passkeyListByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.array(vPasskeyDoc),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("Passkey").withIndex("user_id", (q) => q.eq("userId", userId)).collect();
+	}
+});
+/** Update a passkey's counter and last used timestamp after authentication. */
+const passkeyUpdateCounter = mutation({
+	args: {
+		passkeyId: v.id("Passkey"),
+		counter: v.number(),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {
+		await ctx.db.patch("Passkey", passkeyId, {
+			counter,
+			lastUsedAt
+		});
+		return null;
+	}
+});
+/** Update a passkey's metadata (name). */
+const passkeyUpdateMeta = mutation({
+	args: {
+		passkeyId: v.id("Passkey"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { passkeyId, data }) => {
+		await ctx.db.patch("Passkey", passkeyId, data);
+		return null;
+	}
+});
+/** Delete a passkey credential. */
+const passkeyDelete = mutation({
+	args: { passkeyId: v.id("Passkey") },
+	returns: v.null(),
+	handler: async (ctx, { passkeyId }) => {
+		await ctx.db.delete("Passkey", passkeyId);
+		return null;
+	}
+});
+/** Store a new TOTP enrollment for a user. */
+const totpInsert = mutation({
+	args: {
+		userId: v.id("User"),
+		secret: v.bytes(),
+		digits: v.number(),
+		period: v.number(),
+		verified: v.boolean(),
+		name: v.optional(v.string()),
+		createdAt: v.number()
+	},
+	returns: v.id("TotpFactor"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("TotpFactor", args);
+	}
+});
+/** Get a verified TOTP enrollment for a user (returns first match). */
+const totpGetVerifiedByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.union(vTotpFactorDoc, v.null()),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("TotpFactor").withIndex("user_id", (q) => q.eq("userId", userId)).filter((q) => q.eq(q.field("verified"), true)).first();
+	}
+});
+/** List all TOTP enrollments for a user. */
+const totpListByUserId = query({
+	args: { userId: v.id("User") },
+	returns: v.array(vTotpFactorDoc),
+	handler: async (ctx, { userId }) => {
+		return await ctx.db.query("TotpFactor").withIndex("user_id", (q) => q.eq("userId", userId)).collect();
+	}
+});
+/** Get a TOTP enrollment by its ID. */
+const totpGetById = query({
+	args: { totpId: v.id("TotpFactor") },
+	returns: v.union(vTotpFactorDoc, v.null()),
+	handler: async (ctx, { totpId }) => {
+		return await ctx.db.get("TotpFactor", totpId);
+	}
+});
+/** Mark a TOTP enrollment as verified (setup complete). */
+const totpMarkVerified = mutation({
+	args: {
+		totpId: v.id("TotpFactor"),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { totpId, lastUsedAt }) => {
+		await ctx.db.patch("TotpFactor", totpId, {
+			verified: true,
+			lastUsedAt
+		});
+		return null;
+	}
+});
+/** Update a TOTP enrollment's last used timestamp. */
+const totpUpdateLastUsed = mutation({
+	args: {
+		totpId: v.id("TotpFactor"),
+		lastUsedAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { totpId, lastUsedAt }) => {
+		await ctx.db.patch("TotpFactor", totpId, { lastUsedAt });
+		return null;
+	}
+});
+/** Delete a TOTP enrollment. */
+const totpDelete = mutation({
+	args: { totpId: v.id("TotpFactor") },
+	returns: v.null(),
+	handler: async (ctx, { totpId }) => {
+		await ctx.db.delete("TotpFactor", totpId);
+		return null;
+	}
+});
+/** Look up a rate limit entry by its identifier. */
+const rateLimitGet = query({
+	args: { identifier: v.string() },
+	returns: v.union(vRateLimitResult, v.null()),
+	handler: async (ctx, { identifier }) => {
+		const row = await ctx.db.query("RateLimit").withIndex("by_identifier", (q) => q.eq("identifier", identifier)).unique();
+		if (row === null) return null;
+		return {
+			...row,
+			attemptsLeft: row.attempts_left,
+			lastAttemptTime: row.last_attempt_time
+		};
+	}
+});
+/** Create a new rate limit entry. */
+const rateLimitCreate = mutation({
+	args: {
+		identifier: v.string(),
+		attemptsLeft: v.number(),
+		lastAttemptTime: v.number()
+	},
+	returns: v.id("RateLimit"),
+	handler: async (ctx, { identifier, attemptsLeft, lastAttemptTime }) => {
+		return await ctx.db.insert("RateLimit", {
+			identifier,
+			attempts_left: attemptsLeft,
+			last_attempt_time: lastAttemptTime
+		});
+	}
+});
+/** Patch a rate limit entry with partial data. */
+const rateLimitPatch = mutation({
+	args: {
+		rateLimitId: v.id("RateLimit"),
+		data: v.any()
+	},
+	returns: v.null(),
+	handler: async (ctx, { rateLimitId, data }) => {
+		const nextData = { ...data };
+		if (nextData.attemptsLeft !== void 0) {
+			nextData.attempts_left = nextData.attemptsLeft;
+			delete nextData.attemptsLeft;
+		}
+		if (nextData.lastAttemptTime !== void 0) {
+			nextData.last_attempt_time = nextData.lastAttemptTime;
+			delete nextData.lastAttemptTime;
+		}
+		await ctx.db.patch("RateLimit", rateLimitId, nextData);
+		return null;
+	}
+});
+/** Delete a rate limit entry. */
+const rateLimitDelete = mutation({
+	args: { rateLimitId: v.id("RateLimit") },
+	returns: v.null(),
+	handler: async (ctx, { rateLimitId }) => {
+		await ctx.db.delete("RateLimit", rateLimitId);
+		return null;
+	}
+});
+/** Insert a new device authorization record. */
+const deviceInsert = mutation({
+	args: {
+		deviceCodeHash: v.string(),
+		userCode: v.string(),
+		expiresAt: v.number(),
+		interval: v.number(),
+		status: vDeviceStatus
+	},
+	returns: v.id("DeviceCode"),
+	handler: async (ctx, args) => {
+		return await ctx.db.insert("DeviceCode", args);
+	}
+});
+/** Look up a device authorization by its hashed device code. */
+const deviceGetByCodeHash = query({
+	args: { deviceCodeHash: v.string() },
+	returns: v.union(vDeviceCodeDoc, v.null()),
+	handler: async (ctx, { deviceCodeHash }) => {
+		return await ctx.db.query("DeviceCode").withIndex("device_code_hash", (q) => q.eq("deviceCodeHash", deviceCodeHash)).first();
+	}
+});
+/** Look up a pending device authorization by its user code. */
+const deviceGetByUserCode = query({
+	args: { userCode: v.string() },
+	returns: v.union(vDeviceCodeDoc, v.null()),
+	handler: async (ctx, { userCode }) => {
+		return await ctx.db.query("DeviceCode").withIndex("user_code_status", (q) => q.eq("userCode", userCode).eq("status", "pending")).first();
+	}
+});
+/** Authorize a device code — link it to a user and session. */
+const deviceAuthorize = mutation({
+	args: {
+		deviceId: v.id("DeviceCode"),
+		userId: v.id("User"),
+		sessionId: v.id("Session")
+	},
+	returns: v.null(),
+	handler: async (ctx, { deviceId, userId, sessionId }) => {
+		await ctx.db.patch("DeviceCode", deviceId, {
+			status: "authorized",
+			userId,
+			sessionId
+		});
+		return null;
+	}
+});
+/** Update the last-polled timestamp on a device authorization record. */
+const deviceUpdateLastPolled = mutation({
+	args: {
+		deviceId: v.id("DeviceCode"),
+		lastPolledAt: v.number()
+	},
+	returns: v.null(),
+	handler: async (ctx, { deviceId, lastPolledAt }) => {
+		await ctx.db.patch("DeviceCode", deviceId, { lastPolledAt });
+		return null;
+	}
+});
+/** Delete a device authorization record (cleanup after use or expiry). */
+const deviceDelete = mutation({
+	args: { deviceId: v.id("DeviceCode") },
+	returns: v.null(),
+	handler: async (ctx, { deviceId }) => {
+		await ctx.db.delete("DeviceCode", deviceId);
+		return null;
+	}
+});
+
+//#endregion
+export { deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed };
+//# sourceMappingURL=factors.js.map

package/dist/component/public/factors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factors.js","names":[],"sources":["../../../src/component/public/factors.ts"],"sourcesContent":["import {\n  mutation,\n  query,\n  v,\n  vDeviceCodeDoc,\n  vDeviceStatus,\n  vPasskeyDoc,\n  vRateLimitResult,\n  vTotpFactorDoc,\n} from \"./shared\";\n\n// ============================================================================\n// Passkeys\n// ============================================================================\n\n/** Store a new passkey credential for a user. */\nexport const passkeyInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    credentialId: v.string(),\n    publicKey: v.bytes(),\n    algorithm: v.number(),\n    counter: v.number(),\n    transports: v.optional(v.array(v.string())),\n    deviceType: v.string(),\n    backedUp: v.boolean(),\n    name: v.optional(v.string()),\n    createdAt: v.number(),\n  },\n  returns: v.id(\"Passkey\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"Passkey\", args);\n  },\n});\n\n/** Look up a passkey by its credential ID. */\nexport const passkeyGetByCredentialId = query({\n  args: { credentialId: v.string() },\n  returns: v.union(vPasskeyDoc, v.null()),\n  handler: async (ctx, { credentialId }) => {\n    return await ctx.db\n      .query(\"Passkey\")\n      .withIndex(\"credential_id\", (q) => q.eq(\"credentialId\", credentialId))\n      .unique();\n  },\n});\n\n/** List all passkeys for a user. */\nexport const passkeyListByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vPasskeyDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Passkey\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .collect();\n  },\n});\n\n/** Update a passkey's counter and last used timestamp after authentication. */\nexport const passkeyUpdateCounter = mutation({\n  args: {\n    passkeyId: v.id(\"Passkey\"),\n    counter: v.number(),\n    lastUsedAt: v.number(),\n  },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {\n    await ctx.db.patch(\"Passkey\", passkeyId, { counter, lastUsedAt });\n    return null;\n  },\n});\n\n/** Update a passkey's metadata (name). */\nexport const passkeyUpdateMeta = mutation({\n  args: { passkeyId: v.id(\"Passkey\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId, data }) => {\n    await ctx.db.patch(\"Passkey\", passkeyId, data);\n    return null;\n  },\n});\n\n/** Delete a passkey credential. */\nexport const passkeyDelete = mutation({\n  args: { passkeyId: v.id(\"Passkey\") },\n  returns: v.null(),\n  handler: async (ctx, { passkeyId }) => {\n    await ctx.db.delete(\"Passkey\", passkeyId);\n    return null;\n  },\n});\n\n// ============================================================================\n// TOTP Two-Factor Authentication\n// ============================================================================\n\n/** Store a new TOTP enrollment for a user. */\nexport const totpInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    secret: v.bytes(),\n    digits: v.number(),\n    period: v.number(),\n    verified: v.boolean(),\n    name: v.optional(v.string()),\n    createdAt: v.number(),\n  },\n  returns: v.id(\"TotpFactor\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"TotpFactor\", args);\n  },\n});\n\n/** Get a verified TOTP enrollment for a user (returns first match). */\nexport const totpGetVerifiedByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.union(vTotpFactorDoc, v.null()),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"TotpFactor\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .filter((q) => q.eq(q.field(\"verified\"), true))\n      .first();\n  },\n});\n\n/** List all TOTP enrollments for a user. */\nexport const totpListByUserId = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vTotpFactorDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"TotpFactor\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n      .collect();\n  },\n});\n\n/** Get a TOTP enrollment by its ID. */\nexport const totpGetById = query({\n  args: { totpId: v.id(\"TotpFactor\") },\n  returns: v.union(vTotpFactorDoc, v.null()),\n  handler: async (ctx, { totpId }) => {\n    return await ctx.db.get(\"TotpFactor\", totpId);\n  },\n});\n\n/** Mark a TOTP enrollment as verified (setup complete). */\nexport const totpMarkVerified = mutation({\n  args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { totpId, lastUsedAt }) => {\n    await ctx.db.patch(\"TotpFactor\", totpId, { verified: true, lastUsedAt });\n    return null;\n  },\n});\n\n/** Update a TOTP enrollment's last used timestamp. */\nexport const totpUpdateLastUsed = mutation({\n  args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { totpId, lastUsedAt }) => {\n    await ctx.db.patch(\"TotpFactor\", totpId, { lastUsedAt });\n    return null;\n  },\n});\n\n/** Delete a TOTP enrollment. */\nexport const totpDelete = mutation({\n  args: { totpId: v.id(\"TotpFactor\") },\n  returns: v.null(),\n  handler: async (ctx, { totpId }) => {\n    await ctx.db.delete(\"TotpFactor\", totpId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Rate Limits\n// ============================================================================\n\n/** Look up a rate limit entry by its identifier. */\nexport const rateLimitGet = query({\n  args: { identifier: v.string() },\n  returns: v.union(vRateLimitResult, v.null()),\n  handler: async (ctx, { identifier }) => {\n    const row = await ctx.db\n      .query(\"RateLimit\")\n      .withIndex(\"by_identifier\", (q) => q.eq(\"identifier\", identifier))\n      .unique();\n    if (row === null) {\n      return null;\n    }\n    return {\n      ...row,\n      attemptsLeft: row.attempts_left,\n      lastAttemptTime: row.last_attempt_time,\n    };\n  },\n});\n\n/** Create a new rate limit entry. */\nexport const rateLimitCreate = mutation({\n  args: {\n    identifier: v.string(),\n    attemptsLeft: v.number(),\n    lastAttemptTime: v.number(),\n  },\n  returns: v.id(\"RateLimit\"),\n  handler: async (ctx, { identifier, attemptsLeft, lastAttemptTime }) => {\n    return await ctx.db.insert(\"RateLimit\", {\n      identifier,\n      attempts_left: attemptsLeft,\n      last_attempt_time: lastAttemptTime,\n    });\n  },\n});\n\n/** Patch a rate limit entry with partial data. */\nexport const rateLimitPatch = mutation({\n  args: { rateLimitId: v.id(\"RateLimit\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { rateLimitId, data }) => {\n    const nextData: Record<string, unknown> = { ...data };\n    if (nextData.attemptsLeft !== undefined) {\n      nextData.attempts_left = nextData.attemptsLeft;\n      delete nextData.attemptsLeft;\n    }\n    if (nextData.lastAttemptTime !== undefined) {\n      nextData.last_attempt_time = nextData.lastAttemptTime;\n      delete nextData.lastAttemptTime;\n    }\n    await ctx.db.patch(\"RateLimit\", rateLimitId, nextData);\n    return null;\n  },\n});\n\n/** Delete a rate limit entry. */\nexport const rateLimitDelete = mutation({\n  args: { rateLimitId: v.id(\"RateLimit\") },\n  returns: v.null(),\n  handler: async (ctx, { rateLimitId }) => {\n    await ctx.db.delete(\"RateLimit\", rateLimitId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Device Authorization (RFC 8628)\n// ============================================================================\n\n/** Insert a new device authorization record. */\nexport const deviceInsert = mutation({\n  args: {\n    deviceCodeHash: v.string(),\n    userCode: v.string(),\n    expiresAt: v.number(),\n    interval: v.number(),\n    status: vDeviceStatus,\n  },\n  returns: v.id(\"DeviceCode\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"DeviceCode\", args);\n  },\n});\n\n/** Look up a device authorization by its hashed device code. */\nexport const deviceGetByCodeHash = query({\n  args: { deviceCodeHash: v.string() },\n  returns: v.union(vDeviceCodeDoc, v.null()),\n  handler: async (ctx, { deviceCodeHash }) => {\n    return await ctx.db\n      .query(\"DeviceCode\")\n      .withIndex(\"device_code_hash\", (q) =>\n        q.eq(\"deviceCodeHash\", deviceCodeHash),\n      )\n      .first();\n  },\n});\n\n/** Look up a pending device authorization by its user code. */\nexport const deviceGetByUserCode = query({\n  args: { userCode: v.string() },\n  returns: v.union(vDeviceCodeDoc, v.null()),\n  handler: async (ctx, { userCode }) => {\n    return await ctx.db\n      .query(\"DeviceCode\")\n      .withIndex(\"user_code_status\", (q) =>\n        q.eq(\"userCode\", userCode).eq(\"status\", \"pending\"),\n      )\n      .first();\n  },\n});\n\n/** Authorize a device code — link it to a user and session. */\nexport const deviceAuthorize = mutation({\n  args: {\n    deviceId: v.id(\"DeviceCode\"),\n    userId: v.id(\"User\"),\n    sessionId: v.id(\"Session\"),\n  },\n  returns: v.null(),\n  handler: async (ctx, { deviceId, userId, sessionId }) => {\n    await ctx.db.patch(\"DeviceCode\", deviceId, {\n      status: \"authorized\",\n      userId,\n      sessionId,\n    });\n    return null;\n  },\n});\n\n/** Update the last-polled timestamp on a device authorization record. */\nexport const deviceUpdateLastPolled = mutation({\n  args: { deviceId: v.id(\"DeviceCode\"), lastPolledAt: v.number() },\n  returns: v.null(),\n  handler: async (ctx, { deviceId, lastPolledAt }) => {\n    await ctx.db.patch(\"DeviceCode\", deviceId, { lastPolledAt });\n    return null;\n  },\n});\n\n/** Delete a device authorization record (cleanup after use or expiry). */\nexport const deviceDelete = mutation({\n  args: { deviceId: v.id(\"DeviceCode\") },\n  returns: v.null(),\n  handler: async (ctx, { deviceId }) => {\n    await ctx.db.delete(\"DeviceCode\", deviceId);\n    return null;\n  },\n});\n"],"mappings":";;;;;;AAgBA,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,cAAc,EAAE,QAAQ;EACxB,WAAW,EAAE,OAAO;EACpB,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EAC3C,YAAY,EAAE,QAAQ;EACtB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAK;;CAE9C,CAAC;;AAGF,MAAa,2BAA2B,MAAM;CAC5C,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;CAClC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,kBAAkB,MAAM,EAAE,GAAG,gBAAgB,aAAa,CAAC,CACrE,QAAQ;;CAEd,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;AAGF,MAAa,uBAAuB,SAAS;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,QAAQ;EACvB;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,SAAS,iBAAiB;AAC1D,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW;GAAE;GAAS;GAAY,CAAC;AACjE,SAAO;;CAEV,CAAC;;AAGF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;AAGF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC;;AAOF,MAAa,aAAa,SAAS;CACjC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,QAAQ,EAAE,OAAO;EACjB,QAAQ,EAAE,QAAQ;EAClB,QAAQ,EAAE,QAAQ;EAClB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc,KAAK;;CAEjD,CAAC;;AAGF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,WAAW,EAAE,KAAK,CAAC,CAC9C,OAAO;;CAEb,CAAC;;AAGF,MAAa,mBAAmB,MAAM;CACpC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,eAAe;CAChC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;AAGF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,cAAc,OAAO;;CAEhD,CAAC;;AAGF,MAAa,mBAAmB,SAAS;CACvC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ;GAAE,UAAU;GAAM;GAAY,CAAC;AACxE,SAAO;;CAEV,CAAC;;AAGF,MAAa,qBAAqB,SAAS;CACzC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ,EAAE,YAAY,CAAC;AACxD,SAAO;;CAEV,CAAC;;AAGF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,QAAM,IAAI,GAAG,OAAO,cAAc,OAAO;AACzC,SAAO;;CAEV,CAAC;;AAOF,MAAa,eAAe,MAAM;CAChC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,iBAAiB;EACtC,MAAM,MAAM,MAAM,IAAI,GACnB,MAAM,YAAY,CAClB,UAAU,kBAAkB,MAAM,EAAE,GAAG,cAAc,WAAW,CAAC,CACjE,QAAQ;AACX,MAAI,QAAQ,KACV,QAAO;AAET,SAAO;GACL,GAAG;GACH,cAAc,IAAI;GAClB,iBAAiB,IAAI;GACtB;;CAEJ,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM;EACJ,YAAY,EAAE,QAAQ;EACtB,cAAc,EAAE,QAAQ;EACxB,iBAAiB,EAAE,QAAQ;EAC5B;CACD,SAAS,EAAE,GAAG,YAAY;CAC1B,SAAS,OAAO,KAAK,EAAE,YAAY,cAAc,sBAAsB;AACrE,SAAO,MAAM,IAAI,GAAG,OAAO,aAAa;GACtC;GACA,eAAe;GACf,mBAAmB;GACpB,CAAC;;CAEL,CAAC;;AAGF,MAAa,iBAAiB,SAAS;CACrC,MAAM;EAAE,aAAa,EAAE,GAAG,YAAY;EAAE,MAAM,EAAE,KAAK;EAAE;CACvD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa,WAAW;EAC7C,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,MAAI,SAAS,iBAAiB,QAAW;AACvC,YAAS,gBAAgB,SAAS;AAClC,UAAO,SAAS;;AAElB,MAAI,SAAS,oBAAoB,QAAW;AAC1C,YAAS,oBAAoB,SAAS;AACtC,UAAO,SAAS;;AAElB,QAAM,IAAI,GAAG,MAAM,aAAa,aAAa,SAAS;AACtD,SAAO;;CAEV,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM,EAAE,aAAa,EAAE,GAAG,YAAY,EAAE;CACxC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,kBAAkB;AACvC,QAAM,IAAI,GAAG,OAAO,aAAa,YAAY;AAC7C,SAAO;;CAEV,CAAC;;AAOF,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,QAAQ;EACpB,WAAW,EAAE,QAAQ;EACrB,UAAU,EAAE,QAAQ;EACpB,QAAQ;EACT;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc,KAAK;;CAEjD,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE;CACpC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,kBAAkB,eAAe,CACvC,CACA,OAAO;;CAEb,CAAC;;AAGF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE;CAC9B,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,UAAU,UAAU,CACnD,CACA,OAAO;;CAEb,CAAC;;AAGF,MAAa,kBAAkB,SAAS;CACtC,MAAM;EACJ,UAAU,EAAE,GAAG,aAAa;EAC5B,QAAQ,EAAE,GAAG,OAAO;EACpB,WAAW,EAAE,GAAG,UAAU;EAC3B;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,QAAQ,gBAAgB;AACvD,QAAM,IAAI,GAAG,MAAM,cAAc,UAAU;GACzC,QAAQ;GACR;GACA;GACD,CAAC;AACF,SAAO;;CAEV,CAAC;;AAGF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EAAE,UAAU,EAAE,GAAG,aAAa;EAAE,cAAc,EAAE,QAAQ;EAAE;CAChE,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,mBAAmB;AAClD,QAAM,IAAI,GAAG,MAAM,cAAc,UAAU,EAAE,cAAc,CAAC;AAC5D,SAAO;;CAEV,CAAC;;AAGF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,EAAE;CACtC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,QAAM,IAAI,GAAG,OAAO,cAAc,SAAS;AAC3C,SAAO;;CAEV,CAAC"}

package/dist/component/public/groups.d.ts

@@ -0,0 +1,116 @@
+declare namespace groups_d_exports {
+  export { groupCreate, groupDelete, groupGet, groupList, groupUpdate, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberListByUser, memberRemove, memberUpdate };
+}
+/**
+ * Create a new group. Groups are hierarchical — set `parentGroupId` to nest
+ * under an existing group, or omit it to create a root-level group.
+ *
+ * @returns The ID of the newly created group.
+ */
+declare const groupCreate: any;
+/** Retrieve a group by its document ID. Returns `null` if not found. */
+declare const groupGet: any;
+/**
+ * List groups with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Empty `where` returns **all** groups.
+ */
+declare const groupList: any;
+/** Update a group's fields (name, slug, tags, extend, parentGroupId). */
+declare const groupUpdate: any;
+/**
+ * Delete a group and all of its descendants. This cascades to:
+ * - All child groups (recursively)
+ * - All members of this group and its descendants
+ * - All invites for this group and its descendants
+ */
+declare const groupDelete: any;
+/**
+ * Add a user as a member of a group.
+ *
+ * The `roleIds` field stores application-defined role identifiers. The auth
+ * component stores assignments but does not enforce access control — your
+ * application defines what each role means.
+ *
+ * Throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` when the user is
+ * already a member of the target group.
+ *
+ * @returns The ID of the new member record.
+ */
+declare const memberAdd: any;
+/** Retrieve a member record by its document ID. Returns `null` if not found. */
+declare const memberGet: any;
+/**
+ * List members with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
+ * `userId`, `roleId`, and `status`.
+ */
+declare const memberList: any;
+/**
+ * @deprecated Use `memberList` with `where: { userId }` instead.
+ * Kept for backward compatibility with generated component types.
+ */
+declare const memberListByUser: any;
+/**
+ * Look up a specific user's membership in a specific group.
+ * Returns `null` if the user is not a member of the group.
+ */
+declare const memberGetByGroupAndUser: any;
+/** Remove a member from a group by deleting the member record. */
+declare const memberRemove: any;
+/**
+ * Update a member record's fields (roleIds, status, extend).
+ */
+declare const memberUpdate: any;
+/**
+ * Create a new platform-level invitation. Optionally set `groupId` to tie
+ * the invite to a specific group. The invitation is sent to an email address
+ * and includes a hashed token for secure acceptance.
+ *
+ * Throws `ConvexError` with code `DUPLICATE_INVITE` when a pending invite
+ * already exists for the same email and scope:
+ * - group invite: same `email` + same `groupId`
+ * - platform invite: same `email` with no `groupId`
+ *
+ * @returns The ID of the new invite record.
+ */
+declare const inviteCreate: any;
+/** Retrieve an invite by its document ID. Returns `null` if not found. */
+declare const inviteGet: any;
+/** Retrieve an invite by hashed token. Returns `null` if not found. */
+declare const inviteGetByTokenHash: any;
+/**
+ * List invites with optional filtering, sorting, and pagination.
+ *
+ * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
+ * `status`, `email`, `invitedByUserId`, `roleId`, `acceptedByUserId`, and `tokenHash`.
+ */
+declare const inviteList: any;
+/**
+ * Accept a pending invitation.
+ *
+ * Marks the invite as "accepted" and records the acceptance timestamp.
+ * Throws a structured `ConvexError` when the invite doesn't exist or is not
+ * currently pending.
+ *
+ * The caller is responsible for creating the corresponding member record.
+ */
+declare const inviteAccept: any;
+/**
+ * Accept an invitation by raw token hash and atomically join group membership.
+ *
+ * Returns idempotent success when the invite was already accepted by the same
+ * user. If the invite targets a group, this mutation also ensures membership.
+ */
+declare const inviteAcceptByToken: any;
+/**
+ * Revoke a pending invitation.
+ *
+ * Marks the invite as "revoked". Throws a structured `ConvexError` when the
+ * invite doesn't exist or is not currently pending.
+ */
+declare const inviteRevoke: any;
+//#endregion
+export { groupCreate, groupDelete, groupGet, groupList, groupUpdate, groups_d_exports, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberListByUser, memberRemove, memberUpdate };
+//# sourceMappingURL=groups.d.ts.map

package/dist/component/public/groups.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.d.ts","names":[],"sources":["../../../src/component/public/groups.ts"],"mappings":";;;;;;;;;cA4Ba,WAAA;;cAgCA,QAAA;;;;;;cAaA,SAAA;;cAuJA,WAAA;;;;;;;cA2CA,WAAA;AA/Ob;;;;;AAgCA;;;;;AAaA;;AA7CA,cA6Sa,SAAA;;cA8BA,SAAA;AAvIb;;;;;AA2CA;AA3CA,cAqJa,UAAA;;;;AA5Cb;cAmHa,gBAAA;;;;AArFb;cAoGa,uBAAA;;cAcA,YAAA;;AApGb;;cAgHa,YAAA;;;AAzCb;;;;;AAeA;;;;;cAmDa,YAAA;;cA+EA,SAAA;;cASA,oBAAA;AAjHb;;;;;AAyBA;AAzBA,cAkIa,UAAA;;;;AA1Bb;;;;;AASA;cAkJa,YAAA;;;;AAjIb;;;cAiLa,mBAAA;;AAhDb;;;;;cAoKa,YAAA"}