@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

package/dist/server/limits.js

@@ -1,5 +1,3 @@
-import { AuthError } from "./authError.js";
-import { errorMessage } from "./utils.js";
 import { authDb } from "./db.js";
 import { Fx } from "@robelest/fx";
 
@@ -16,45 +14,38 @@ const isSignInRateLimited = (ctx, identifier, config) => getRateLimitState(ctx,
 * If a record exists, decrement; otherwise create.
 */
 /** @internal */
-const recordFailedSignIn = (ctx, identifier, config) => getRateLimitState(ctx, identifier, config).pipe(Fx.chain((state) => state !== null ? Fx.from({
-	ok: () => authDb(ctx, config).rateLimits.patch(state.limit._id, {
+const recordFailedSignIn = (ctx, identifier, config) => Fx.gen(function* () {
+	const state = yield* getRateLimitState(ctx, identifier, config);
+	if (state !== null) yield* Fx.promise(() => authDb(ctx, config).rateLimits.patch(state.limit._id, {
 		attemptsLeft: state.attemptsLeft - 1,
 		lastAttemptTime: Date.now()
-	}),
-	err: (e) => new AuthError("INTERNAL_ERROR", `Failed to patch rate limit: ${errorMessage(e)}`)
-}) : Fx.from({
-	ok: () => authDb(ctx, config).rateLimits.create({
+	}));
+	else yield* Fx.promise(() => authDb(ctx, config).rateLimits.create({
 		identifier,
 		attemptsLeft: (config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,
 		lastAttemptTime: Date.now()
-	}),
-	err: (e) => new AuthError("INTERNAL_ERROR", `Failed to create rate limit: ${errorMessage(e)}`)
-})), Fx.map(() => void 0));
+	}));
+});
 /**
 * Reset the rate limit for the given identifier (e.g. after successful sign-in).
 */
 /** @internal */
-const resetSignInRateLimit = (ctx, identifier, config) => getRateLimitState(ctx, identifier, config).pipe(Fx.chain((state) => state !== null ? Fx.from({
-	ok: () => authDb(ctx, config).rateLimits.delete(state.limit._id),
-	err: (e) => new AuthError("INTERNAL_ERROR", `Failed to delete rate limit: ${errorMessage(e)}`)
-}) : Fx.unit));
-const getRateLimitState = (ctx, identifier, config) => {
+const resetSignInRateLimit = (ctx, identifier, config) => Fx.gen(function* () {
+	const state = yield* getRateLimitState(ctx, identifier, config);
+	if (state !== null) yield* Fx.promise(() => authDb(ctx, config).rateLimits.delete(state.limit._id));
+});
+const getRateLimitState = (ctx, identifier, config) => Fx.gen(function* () {
 	const now = Date.now();
 	const maxAttemptsPerHour = config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR;
-	return Fx.from({
-		ok: () => authDb(ctx, config).rateLimits.get(identifier),
-		err: (e) => new AuthError("INTERNAL_ERROR", `Failed to get rate limit: ${errorMessage(e)}`)
-	}).pipe(Fx.map((raw) => {
-		const limit = raw;
-		if (limit === null) return null;
-		const elapsed = now - limit.lastAttemptTime;
-		const maxAttemptsPerMs = maxAttemptsPerHour / (3600 * 1e3);
-		return {
-			limit,
-			attemptsLeft: Math.min(maxAttemptsPerHour, limit.attemptsLeft + elapsed * maxAttemptsPerMs)
-		};
-	}));
-};
+	const limit = yield* Fx.promise(() => authDb(ctx, config).rateLimits.get(identifier));
+	if (limit === null) return null;
+	const elapsed = now - limit.lastAttemptTime;
+	const maxAttemptsPerMs = maxAttemptsPerHour / (3600 * 1e3);
+	return {
+		limit,
+		attemptsLeft: Math.min(maxAttemptsPerHour, limit.attemptsLeft + elapsed * maxAttemptsPerMs)
+	};
+});
 
 //#endregion
 export { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit };

package/dist/server/limits.js.map

@@ -1 +1 @@
-{"version":3,"file":"limits.js","names":[],"sources":["../../src/server/limits.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\n\nimport { authDb } from \"./db\";\nimport { AuthError } from \"./authError\";\nimport { Doc, MutationCtx } from \"./types\";\nimport { ConvexAuthConfig } from \"./types\";\nimport { errorMessage } from \"./utils\";\n\nconst DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;\n\n/**\n * Check whether the given identifier is currently rate-limited.\n */\n/** @internal */\nexport const isSignInRateLimited = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<boolean, AuthError> =>\n  getRateLimitState(ctx, identifier, config).pipe(\n    Fx.map((state) => state !== null && state.attemptsLeft < 1),\n  );\n\n/**\n * Record a failed sign-in attempt for the given identifier.\n *\n * If a record exists, decrement; otherwise create.\n */\n/** @internal */\nexport const recordFailedSignIn = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<void, AuthError> =>\n  getRateLimitState(ctx, identifier, config).pipe(\n    Fx.chain((state) =>\n      state !== null\n        ? Fx.from({\n            ok: () =>\n              authDb(ctx, config).rateLimits.patch(state.limit._id, {\n                attemptsLeft: state.attemptsLeft - 1,\n                lastAttemptTime: Date.now(),\n              }),\n            err: (e) =>\n              new AuthError(\n                \"INTERNAL_ERROR\",\n                `Failed to patch rate limit: ${errorMessage(e)}`,\n              ),\n          })\n        : Fx.from({\n            ok: () =>\n              authDb(ctx, config).rateLimits.create({\n                identifier,\n                attemptsLeft:\n                  (config.signIn?.maxFailedAttemptsPerHour ??\n                    DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,\n                lastAttemptTime: Date.now(),\n              }),\n            err: (e) =>\n              new AuthError(\n                \"INTERNAL_ERROR\",\n                `Failed to create rate limit: ${errorMessage(e)}`,\n              ),\n          }),\n    ),\n    Fx.map(() => undefined),\n  );\n\n/**\n * Reset the rate limit for the given identifier (e.g. after successful sign-in).\n */\n/** @internal */\nexport const resetSignInRateLimit = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<void, AuthError> =>\n  getRateLimitState(ctx, identifier, config).pipe(\n    Fx.chain((state) =>\n      state !== null\n        ? Fx.from({\n            ok: () => authDb(ctx, config).rateLimits.delete(state.limit._id),\n            err: (e) =>\n              new AuthError(\n                \"INTERNAL_ERROR\",\n                `Failed to delete rate limit: ${errorMessage(e)}`,\n              ),\n          })\n        : Fx.unit,\n    ),\n  );\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\ntype RateLimitState = {\n  limit: Doc<\"RateLimit\"> & { attemptsLeft: number; lastAttemptTime: number };\n  attemptsLeft: number;\n} | null;\n\nconst getRateLimitState = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<RateLimitState, AuthError> => {\n  const now = Date.now();\n  const maxAttemptsPerHour =\n    config.signIn?.maxFailedAttemptsPerHour ??\n    DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR;\n\n  return Fx.from({\n    ok: () => authDb(ctx, config).rateLimits.get(identifier),\n    err: (e) =>\n      new AuthError(\n        \"INTERNAL_ERROR\",\n        `Failed to get rate limit: ${errorMessage(e)}`,\n      ),\n  }).pipe(\n    Fx.map((raw) => {\n      const limit = raw as\n        | (Doc<\"RateLimit\"> & { attemptsLeft: number; lastAttemptTime: number })\n        | null;\n      if (limit === null) return null;\n      const elapsed = now - limit.lastAttemptTime;\n      const maxAttemptsPerMs = maxAttemptsPerHour / (60 * 60 * 1000);\n      const attemptsLeft = Math.min(\n        maxAttemptsPerHour,\n        limit.attemptsLeft + elapsed * maxAttemptsPerMs,\n      );\n      return { limit, attemptsLeft };\n    }),\n  );\n};\n"],"mappings":";;;;;;AAQA,MAAM,wCAAwC;;;;;AAM9C,MAAa,uBACX,KACA,YACA,WAEA,kBAAkB,KAAK,YAAY,OAAO,CAAC,KACzC,GAAG,KAAK,UAAU,UAAU,QAAQ,MAAM,eAAe,EAAE,CAC5D;;;;;;;AAQH,MAAa,sBACX,KACA,YACA,WAEA,kBAAkB,KAAK,YAAY,OAAO,CAAC,KACzC,GAAG,OAAO,UACR,UAAU,OACN,GAAG,KAAK;CACN,UACE,OAAO,KAAK,OAAO,CAAC,WAAW,MAAM,MAAM,MAAM,KAAK;EACpD,cAAc,MAAM,eAAe;EACnC,iBAAiB,KAAK,KAAK;EAC5B,CAAC;CACJ,MAAM,MACJ,IAAI,UACF,kBACA,+BAA+B,aAAa,EAAE,GAC/C;CACJ,CAAC,GACF,GAAG,KAAK;CACN,UACE,OAAO,KAAK,OAAO,CAAC,WAAW,OAAO;EACpC;EACA,eACG,OAAO,QAAQ,4BACd,yCAAyC;EAC7C,iBAAiB,KAAK,KAAK;EAC5B,CAAC;CACJ,MAAM,MACJ,IAAI,UACF,kBACA,gCAAgC,aAAa,EAAE,GAChD;CACJ,CAAC,CACP,EACD,GAAG,UAAU,OAAU,CACxB;;;;;AAMH,MAAa,wBACX,KACA,YACA,WAEA,kBAAkB,KAAK,YAAY,OAAO,CAAC,KACzC,GAAG,OAAO,UACR,UAAU,OACN,GAAG,KAAK;CACN,UAAU,OAAO,KAAK,OAAO,CAAC,WAAW,OAAO,MAAM,MAAM,IAAI;CAChE,MAAM,MACJ,IAAI,UACF,kBACA,gCAAgC,aAAa,EAAE,GAChD;CACJ,CAAC,GACF,GAAG,KACR,CACF;AAWH,MAAM,qBACJ,KACA,YACA,WACkC;CAClC,MAAM,MAAM,KAAK,KAAK;CACtB,MAAM,qBACJ,OAAO,QAAQ,4BACf;AAEF,QAAO,GAAG,KAAK;EACb,UAAU,OAAO,KAAK,OAAO,CAAC,WAAW,IAAI,WAAW;EACxD,MAAM,MACJ,IAAI,UACF,kBACA,6BAA6B,aAAa,EAAE,GAC7C;EACJ,CAAC,CAAC,KACD,GAAG,KAAK,QAAQ;EACd,MAAM,QAAQ;AAGd,MAAI,UAAU,KAAM,QAAO;EAC3B,MAAM,UAAU,MAAM,MAAM;EAC5B,MAAM,mBAAmB,sBAAsB,OAAU;AAKzD,SAAO;GAAE;GAAO,cAJK,KAAK,IACxB,oBACA,MAAM,eAAe,UAAU,iBAChC;GAC6B;GAC9B,CACH"}
+{"version":3,"file":"limits.js","names":[],"sources":["../../src/server/limits.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { ConvexError } from \"convex/values\";\n\nimport { authDb } from \"./db\";\nimport { Doc, MutationCtx } from \"./types\";\nimport { ConvexAuthConfig } from \"./types\";\n\nconst DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;\n\n/**\n * Check whether the given identifier is currently rate-limited.\n */\n/** @internal */\nexport const isSignInRateLimited = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<boolean, ConvexError<any>> =>\n  getRateLimitState(ctx, identifier, config).pipe(\n    Fx.map((state) => state !== null && state.attemptsLeft < 1),\n  );\n\n/**\n * Record a failed sign-in attempt for the given identifier.\n *\n * If a record exists, decrement; otherwise create.\n */\n/** @internal */\nexport const recordFailedSignIn = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<void, ConvexError<any>> =>\n  Fx.gen(function* () {\n    const state = yield* getRateLimitState(ctx, identifier, config);\n    if (state !== null) {\n      yield* Fx.promise(() =>\n        authDb(ctx, config).rateLimits.patch(state.limit._id, {\n          attemptsLeft: state.attemptsLeft - 1,\n          lastAttemptTime: Date.now(),\n        }),\n      );\n    } else {\n      yield* Fx.promise(() =>\n        authDb(ctx, config).rateLimits.create({\n          identifier,\n          attemptsLeft:\n            (config.signIn?.maxFailedAttemptsPerHour ??\n              DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,\n          lastAttemptTime: Date.now(),\n        }),\n      );\n    }\n  });\n\n/**\n * Reset the rate limit for the given identifier (e.g. after successful sign-in).\n */\n/** @internal */\nexport const resetSignInRateLimit = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<void, ConvexError<any>> =>\n  Fx.gen(function* () {\n    const state = yield* getRateLimitState(ctx, identifier, config);\n    if (state !== null) {\n      yield* Fx.promise(() =>\n        authDb(ctx, config).rateLimits.delete(state.limit._id),\n      );\n    }\n  });\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\ntype RateLimitState = {\n  limit: Doc<\"RateLimit\"> & { attemptsLeft: number; lastAttemptTime: number };\n  attemptsLeft: number;\n} | null;\n\nconst getRateLimitState = (\n  ctx: MutationCtx,\n  identifier: string,\n  config: ConvexAuthConfig,\n): Fx<RateLimitState, ConvexError<any>> =>\n  Fx.gen(function* () {\n    const now = Date.now();\n    const maxAttemptsPerHour =\n      config.signIn?.maxFailedAttemptsPerHour ??\n      DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR;\n\n    const limit = (yield* Fx.promise(() =>\n      authDb(ctx, config).rateLimits.get(identifier),\n    )) as\n      | (Doc<\"RateLimit\"> & { attemptsLeft: number; lastAttemptTime: number })\n      | null;\n    if (limit === null) return null;\n    const elapsed = now - limit.lastAttemptTime;\n    const maxAttemptsPerMs = maxAttemptsPerHour / (60 * 60 * 1000);\n    const attemptsLeft = Math.min(\n      maxAttemptsPerHour,\n      limit.attemptsLeft + elapsed * maxAttemptsPerMs,\n    );\n    return { limit, attemptsLeft };\n  });\n"],"mappings":";;;;AAOA,MAAM,wCAAwC;;;;;AAM9C,MAAa,uBACX,KACA,YACA,WAEA,kBAAkB,KAAK,YAAY,OAAO,CAAC,KACzC,GAAG,KAAK,UAAU,UAAU,QAAQ,MAAM,eAAe,EAAE,CAC5D;;;;;;;AAQH,MAAa,sBACX,KACA,YACA,WAEA,GAAG,IAAI,aAAa;CAClB,MAAM,QAAQ,OAAO,kBAAkB,KAAK,YAAY,OAAO;AAC/D,KAAI,UAAU,KACZ,QAAO,GAAG,cACR,OAAO,KAAK,OAAO,CAAC,WAAW,MAAM,MAAM,MAAM,KAAK;EACpD,cAAc,MAAM,eAAe;EACnC,iBAAiB,KAAK,KAAK;EAC5B,CAAC,CACH;KAED,QAAO,GAAG,cACR,OAAO,KAAK,OAAO,CAAC,WAAW,OAAO;EACpC;EACA,eACG,OAAO,QAAQ,4BACd,yCAAyC;EAC7C,iBAAiB,KAAK,KAAK;EAC5B,CAAC,CACH;EAEH;;;;;AAMJ,MAAa,wBACX,KACA,YACA,WAEA,GAAG,IAAI,aAAa;CAClB,MAAM,QAAQ,OAAO,kBAAkB,KAAK,YAAY,OAAO;AAC/D,KAAI,UAAU,KACZ,QAAO,GAAG,cACR,OAAO,KAAK,OAAO,CAAC,WAAW,OAAO,MAAM,MAAM,IAAI,CACvD;EAEH;AAWJ,MAAM,qBACJ,KACA,YACA,WAEA,GAAG,IAAI,aAAa;CAClB,MAAM,MAAM,KAAK,KAAK;CACtB,MAAM,qBACJ,OAAO,QAAQ,4BACf;CAEF,MAAM,QAAS,OAAO,GAAG,cACvB,OAAO,KAAK,OAAO,CAAC,WAAW,IAAI,WAAW,CAC/C;AAGD,KAAI,UAAU,KAAM,QAAO;CAC3B,MAAM,UAAU,MAAM,MAAM;CAC5B,MAAM,mBAAmB,sBAAsB,OAAU;AAKzD,QAAO;EAAE;EAAO,cAJK,KAAK,IACxB,oBACA,MAAM,eAAe,UAAU,iBAChC;EAC6B;EAC9B"}

package/dist/server/mounts.d.ts

@@ -36,11 +36,11 @@ type EnterpriseAdminAuthorizationInput = {
 /**
  * App-defined authorization hook for mounted enterprise admin APIs.
  *
- * Return `void` (or resolve) to allow the operation, or `{ ok: false }` to deny it.
+ * Return `void` (or resolve) to allow the operation, or throw to deny it.
  *
  * @param ctx - Convex context with `ctx.auth` for identity checks.
  * @param input - The {@link EnterpriseAdminAuthorizationInput} describing who is doing what.
- * @returns `void` to allow, `{ ok: false }` to deny.
+ * @returns `void` to allow; throw to deny.
  *
  * @example
  * ```ts
@@ -48,16 +48,14 @@ type EnterpriseAdminAuthorizationInput = {
  *
  * const authorized: EnterpriseAuthorizer = async (ctx, input) => {
  *   const identity = await ctx.auth.getUserIdentity();
- *   if (!identity) return { ok: false };
+ *   if (!identity) throw new Error("Forbidden");
  *   // Allow all admin ops for the org owner
  * };
  * ```
  */
 type EnterpriseAuthorizer = (ctx: {
   auth: convex_server0.Auth;
-}, input: EnterpriseAdminAuthorizationInput) => Promise<void | {
-  ok: false;
-}>;
+}, input: EnterpriseAdminAuthorizationInput) => Promise<void>;
 type RoleRef<TRoleId extends string> = {
   id: TRoleId;
 };
@@ -130,10 +128,10 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
   admin: {
     connection: {
       create: convex_server0.RegisteredMutation<"public", {
-        status?: "draft" | "active" | "disabled" | undefined;
+        groupId?: string | undefined;
         name?: string | undefined;
         slug?: string | undefined;
-        groupId?: string | undefined;
+        status?: "draft" | "active" | "disabled" | undefined;
         domain?: string | undefined;
       }, Promise<any>>;
       get: convex_server0.RegisteredQuery<"public", {
@@ -146,12 +144,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
         domain: string;
       }, Promise<any>>;
       list: convex_server0.RegisteredQuery<"public", {
+        limit?: number | undefined;
         where?: {
-          status?: "draft" | "active" | "disabled" | undefined;
-          slug?: string | undefined;
           groupId?: string | undefined;
+          slug?: string | undefined;
+          status?: "draft" | "active" | "disabled" | undefined;
         } | undefined;
-        limit?: number | undefined;
         cursor?: string | null | undefined;
         orderBy?: string | undefined;
         order?: "asc" | "desc" | undefined;
@@ -159,18 +157,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
       update: convex_server0.RegisteredMutation<"public", {
         enterpriseId: string;
         data: {
-          status?: "draft" | "active" | "disabled" | undefined;
           name?: string | undefined;
           slug?: string | undefined;
+          status?: "draft" | "active" | "disabled" | undefined;
         };
       }, Promise<{
-        ok: false;
-        code: "NOT_SIGNED_IN" | "FORBIDDEN";
-        enterpriseId?: undefined;
-      } | {
-        ok: true;
         enterpriseId: string;
-        code?: undefined;
       }>>;
       delete: convex_server0.RegisteredMutation<"public", {
         enterpriseId: string;
@@ -194,12 +186,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
         }, Promise<any>>;
         verification: {
           request: convex_server0.RegisteredMutation<"public", {
-            enterpriseId: string;
             domain: string;
+            enterpriseId: string;
           }, Promise<any>>;
           confirm: convex_server0.RegisteredAction<"public", {
-            enterpriseId: string;
             domain: string;
+            enterpriseId: string;
           }, Promise<any>>;
         };
       };
@@ -231,8 +223,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
         metadataUrl?: string | undefined;
         signAuthnRequests?: boolean | undefined;
         attributeMapping?: {
-          email?: string | undefined;
           name?: string | undefined;
+          email?: string | undefined;
           subject?: string | undefined;
           firstName?: string | undefined;
           lastName?: string | undefined;
@@ -288,8 +280,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
     audit: {
       list: convex_server0.RegisteredQuery<"public", {
         groupId?: string | undefined;
-        enterpriseId?: string | undefined;
         limit?: number | undefined;
+        enterpriseId?: string | undefined;
       }, Promise<any>>;
     };
     webhook: {
@@ -307,16 +299,6 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
           url: string;
           subscriptions: string[];
         }, Promise<{
-          ok: false;
-          code: "NOT_SIGNED_IN" | "FORBIDDEN";
-          _id?: undefined;
-          enterpriseId?: undefined;
-          url?: undefined;
-          subscriptions?: undefined;
-          createdByUserId?: undefined;
-          status?: undefined;
-          failureCount?: undefined;
-        } | {
           _id: any;
           enterpriseId: string;
           url: string;
@@ -324,8 +306,6 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
           createdByUserId: string;
           status: string;
           failureCount: number;
-          ok?: undefined;
-          code?: undefined;
         }>>;
         list: convex_server0.RegisteredQuery<"public", {
           enterpriseId: string;
@@ -338,9 +318,9 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
   };
   client: {
     signIn: convex_server0.RegisteredQuery<"public", {
+      domain?: string | undefined;
       email?: string | undefined;
       enterpriseId?: string | undefined;
-      domain?: string | undefined;
       redirectTo?: string | undefined;
     }, Promise<any>>;
     metadata: convex_server0.RegisteredQuery<"public", {
@@ -432,10 +412,10 @@ declare function scim<TAuthorization extends AuthAuthorizationConfig | undefined
  */
 declare function enterprise<TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(auth: Pick<AuthApi<TAuthorization>, "group" | "member" | "scim" | "sso" | "user">, options: EnterpriseMountOptions<AuthRoleId<TAuthorization>>): {
   createConnection: convex_server0.RegisteredMutation<"public", {
-    status?: "draft" | "active" | "disabled" | undefined;
+    groupId?: string | undefined;
     name?: string | undefined;
     slug?: string | undefined;
-    groupId?: string | undefined;
+    status?: "draft" | "active" | "disabled" | undefined;
     domain?: string | undefined;
   }, Promise<any>>;
   getConnection: convex_server0.RegisteredQuery<"public", {
@@ -448,12 +428,12 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     domain: string;
   }, Promise<any>>;
   listConnections: convex_server0.RegisteredQuery<"public", {
+    limit?: number | undefined;
     where?: {
-      status?: "draft" | "active" | "disabled" | undefined;
-      slug?: string | undefined;
       groupId?: string | undefined;
+      slug?: string | undefined;
+      status?: "draft" | "active" | "disabled" | undefined;
     } | undefined;
-    limit?: number | undefined;
     cursor?: string | null | undefined;
     orderBy?: string | undefined;
     order?: "asc" | "desc" | undefined;
@@ -461,18 +441,12 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
   updateConnection: convex_server0.RegisteredMutation<"public", {
     enterpriseId: string;
     data: {
-      status?: "draft" | "active" | "disabled" | undefined;
       name?: string | undefined;
       slug?: string | undefined;
+      status?: "draft" | "active" | "disabled" | undefined;
     };
   }, Promise<{
-    ok: false;
-    code: "NOT_SIGNED_IN" | "FORBIDDEN";
-    enterpriseId?: undefined;
-  } | {
-    ok: true;
     enterpriseId: string;
-    code?: undefined;
   }>>;
   deleteConnection: convex_server0.RegisteredMutation<"public", {
     enterpriseId: string;
@@ -494,12 +468,12 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     }[];
   }, Promise<any>>;
   requestDomainVerification: convex_server0.RegisteredMutation<"public", {
-    enterpriseId: string;
     domain: string;
+    enterpriseId: string;
   }, Promise<any>>;
   confirmDomainVerification: convex_server0.RegisteredAction<"public", {
-    enterpriseId: string;
     domain: string;
+    enterpriseId: string;
   }, Promise<any>>;
   configureOidc: convex_server0.RegisteredMutation<"public", {
     scopes?: string[] | undefined;
@@ -525,8 +499,8 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     metadataUrl?: string | undefined;
     signAuthnRequests?: boolean | undefined;
     attributeMapping?: {
-      email?: string | undefined;
       name?: string | undefined;
+      email?: string | undefined;
       subject?: string | undefined;
       firstName?: string | undefined;
       lastName?: string | undefined;
@@ -578,8 +552,8 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
   }, Promise<any>>;
   listAudit: convex_server0.RegisteredQuery<"public", {
     groupId?: string | undefined;
-    enterpriseId?: string | undefined;
     limit?: number | undefined;
+    enterpriseId?: string | undefined;
   }, Promise<any>>;
   createWebhookEndpoint: convex_server0.RegisteredMutation<"public", {
     createdByUserId?: string | undefined;
@@ -588,16 +562,6 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     url: string;
     subscriptions: string[];
   }, Promise<{
-    ok: false;
-    code: "NOT_SIGNED_IN" | "FORBIDDEN";
-    _id?: undefined;
-    enterpriseId?: undefined;
-    url?: undefined;
-    subscriptions?: undefined;
-    createdByUserId?: undefined;
-    status?: undefined;
-    failureCount?: undefined;
-  } | {
     _id: any;
     enterpriseId: string;
     url: string;
@@ -605,8 +569,6 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     createdByUserId: string;
     status: string;
     failureCount: number;
-    ok?: undefined;
-    code?: undefined;
   }>>;
   listWebhookEndpoints: convex_server0.RegisteredQuery<"public", {
     enterpriseId: string;
@@ -630,9 +592,9 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
     enterpriseId: string;
   }, Promise<any>>;
   signIn: convex_server0.RegisteredQuery<"public", {
+    domain?: string | undefined;
     email?: string | undefined;
     enterpriseId?: string | undefined;
-    domain?: string | undefined;
     redirectTo?: string | undefined;
   }, Promise<any>>;
   metadata: convex_server0.RegisteredQuery<"public", {

package/dist/server/mounts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mounts.d.ts","names":[],"sources":["../../src/server/mounts.ts"],"mappings":";;;;;;;;AA+BA;;;;;AAiBA;;;;;;;;KAjBY,yBAAA;;;;AAkDZ;;;KAjCY,iCAAA;EAmCH,2DAjCP,MAAA,UAkCU;EAhCV,UAAA,EAAY,yBAAA,EA8BL;EA5BP,YAAA,WA4BA;EA1BA,OAAA,WA2BA;EAzBA,eAAA;AAAA;;;AA0BiC;;;;;;;;;AAEiB;;;;;;;;;KALxC,oBAAA,IACV,GAAA;EAAO,IAAA,EADuB,cAAA,CACO,IAAA;AAAA,GACrC,KAAA,EAAO,iCAAA,KACJ,OAAA;EAAiB,EAAA;AAAA;AAAA,KAEjB,OAAA;EAAoC,EAAA,EAAI,OAAA;AAAA;AAAA,KAExC,wBAAA;EACH,KAAA;IACE,UAAA,GAAa,oBAAA;IACb,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAA,CAAQ,OAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;AA6KpC;KArJY,sBAAA;EACV,KAAA;IACE,UAAA,EAAY,oBAAA;IACZ,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAA,CAAQ,OAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkJpB,GAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CAAK,OAAA,CAAQ,cAAA,yCACnB,OAAA,GAAU,wBAAA,CAAyB,UAAA,CAAW,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA8hBhC,IAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CAAK,OAAA,CAAQ,cAAA,6BACnB,OAAA,GAAU,wBAAA,CAAyB,UAAA,CAAW,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkFhC,UAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CACJ,OAAA,CAAQ,cAAA,kDAGV,OAAA,EAAS,sBAAA,CAAuB,UAAA,CAAW,cAAA"}
+{"version":3,"file":"mounts.d.ts","names":[],"sources":["../../src/server/mounts.ts"],"mappings":";;;;;;;;AAgCA;;;;;AAiBA;;;;;;;;KAjBY,yBAAA;;;;AAkDZ;;;KAjCY,iCAAA;EAmCH,2DAjCP,MAAA,UAkCU;EAhCV,UAAA,EAAY,yBAAA,EA8BL;EA5BP,YAAA,WA4BA;EA1BA,OAAA,WA2BA;EAzBA,eAAA;AAAA;;AA0BiB;;;;;;;;;AAEiC;;;;;;;;;;KALxC,oBAAA,IACV,GAAA;EAAO,IAAA,EADuB,cAAA,CACO,IAAA;AAAA,GACrC,KAAA,EAAO,iCAAA,KACJ,OAAA;AAAA,KAEA,OAAA;EAAoC,EAAA,EAAI,OAAA;AAAA;AAAA,KAExC,wBAAA;EACH,KAAA;IACE,UAAA,GAAa,oBAAA;IACb,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAA,CAAQ,OAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;KAwBxB,sBAAA;EACV,KAAA;IACE,UAAA,EAAY,oBAAA;IACZ,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAA,CAAQ,OAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAqJpB,GAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CAAK,OAAA,CAAQ,cAAA,yCACnB,OAAA,GAAU,wBAAA,CAAyB,UAAA,CAAW,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkgBhC,IAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CAAK,OAAA,CAAQ,cAAA,6BACnB,OAAA,GAAU,wBAAA,CAAyB,UAAA,CAAW,cAAA;;;;;;;;;;;;;;;;AAJhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAmFgB,UAAA,wBACS,uBAAA,yBAAA,CAEvB,IAAA,EAAM,IAAA,CACJ,OAAA,CAAQ,cAAA,kDAGV,OAAA,EAAS,sBAAA,CAAuB,UAAA,CAAW,cAAA"}