@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

package/dist/component/public/groups/invites.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"invites.d.ts","names":[],"sources":["../../../../src/component/public/groups/invites.ts"],"mappings":";;;;;;;;;;;;;;;AA8CA;;;;;AAiGA;;;;;AA6BA;;;;;AA+CA;;;;;AAmJA;;;;;AAkFA;;;;cAlZa,YAAA;AAohBb;;;;;;;;;;;;;;;;;;;AAAA,cAnba,SAAA;;;;;;;;;;;;;;;;;;;;;;cA6BA,oBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA+CA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmJA,YAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAkFA,mBAAA;;;;;;;;;;;;;;;;;;;;;cAkIA,YAAA"}
+{"version":3,"file":"invites.d.ts","names":[],"sources":["../../../../src/component/public/groups/invites.ts"],"mappings":";;;;;;;;;;;;;;;AAoDA;;;;;AAiGA;;;;;AA6BA;;;;;AA+CA;;;;;AAmJA;;;;;AAkFA;;;;cAlZa,YAAA;AAohBb;;;;;;;;;;;;;;;;;;;AAAA,cAnba,SAAA;;;;;;;;;;;;;;;;;;;;;;cA6BA,oBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA+CA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmJA,YAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAkFA,mBAAA;;;;;;;;;;;;;;;;;;;;;cAkIA,YAAA"}

package/dist/component/public/groups/invites.js.map

@@ -1 +1 @@
-{"version":3,"file":"invites.js","names":[],"sources":["../../../../src/component/public/groups/invites.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\nimport type { Id } from \"../../_generated/dataModel\";\nimport { mutation, query } from \"../../functions\";\nimport { vGroupInviteDoc, vInviteAcceptByTokenResult, vInviteStatus, vPaginated } from \"../../model\";\n\n/**\n * Create a new platform-level invitation. Optionally set `groupId` to tie\n * the invite to a specific group. The invitation is sent to an email address\n * and includes a hashed token for secure acceptance.\n *\n * Throws `ConvexError` with code `DUPLICATE_INVITE` when a pending invite\n * already exists for the same email and scope:\n * - group invite: same `email` + same `groupId`\n * - platform invite: same `email` with no `groupId`\n *\n * When a duplicate check finds an existing invite that has passed its\n * `expiresTime`, that invite is automatically marked as `\"expired\"` and the\n * new invite is allowed through. CLI-generated invites (no email) skip\n * duplicate detection entirely.\n *\n * @param args.groupId - Optional `Id<\"Group\">` to scope this invite to a specific group. Omit for a platform-wide invite.\n * @param args.invitedByUserId - Optional `Id<\"User\">` of the user who issued the invitation.\n * @param args.email - Optional email address of the invitee. When provided, duplicate detection is enforced.\n * @param args.tokenHash - A pre-hashed token string used for secure, URL-safe invite acceptance.\n * @param args.roleIds - Optional array of application-defined role identifiers to assign upon acceptance.\n * @param args.status - The initial status of the invite (typically `\"pending\"`).\n * @param args.expiresTime - Optional Unix timestamp (ms) after which the invite is considered expired.\n * @param args.extend - Optional arbitrary payload for application-specific metadata.\n * @returns The `Id<\"GroupInvite\">` of the newly created invite document.\n *\n * @example\n * ```ts\n * const inviteId = await ctx.runMutation(\n *   components.auth.groups.inviteCreate,\n *   {\n *     groupId: teamGroupId,\n *     invitedByUserId: currentUserId,\n *     email: \"alice@example.com\",\n *     tokenHash: hashedToken,\n *     roleIds: [\"editor\"],\n *     status: \"pending\",\n *     expiresTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n *   },\n * );\n * ```\n */\nexport const inviteCreate = mutation({\n  args: {\n    groupId: v.optional(v.id(\"Group\")),\n    invitedByUserId: v.optional(v.id(\"User\")),\n    email: v.optional(v.string()),\n    tokenHash: v.string(),\n    roleIds: v.optional(v.array(v.string())),\n    status: vInviteStatus,\n    expiresTime: v.optional(v.number()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"GroupInvite\"),\n  handler: async (ctx, args) => {\n    const now = Date.now();\n\n    // Only check for duplicates when an email is provided.\n    // CLI-generated invites (no email) are always allowed.\n    if (args.email !== undefined) {\n      if (args.groupId !== undefined) {\n        const existingGroupInvites = await ctx.db\n          .query(\"GroupInvite\")\n          .withIndex(\"group_id_status\", (q) =>\n            q.eq(\"groupId\", args.groupId).eq(\"status\", \"pending\"),\n          )\n          .filter((q) => q.eq(q.field(\"email\"), args.email))\n          .collect();\n\n        for (const existingGroupInvite of existingGroupInvites) {\n          const isExpired =\n            existingGroupInvite.expiresTime !== undefined &&\n            existingGroupInvite.expiresTime <= now;\n          if (isExpired) {\n            await ctx.db.patch(\"GroupInvite\", existingGroupInvite._id, {\n              status: \"expired\",\n            });\n            continue;\n          }\n          throw new ConvexError({\n            code: \"DUPLICATE_INVITE\",\n            message:\n              \"A pending invite already exists for this email in this group\",\n            email: args.email,\n            groupId: args.groupId,\n            existingInviteId: existingGroupInvite._id,\n          });\n        }\n      } else {\n        const existingPlatformInvites = await ctx.db\n          .query(\"GroupInvite\")\n          .withIndex(\"email_status\", (q) =>\n            q.eq(\"email\", args.email).eq(\"status\", \"pending\"),\n          )\n          .filter((q) => q.eq(q.field(\"groupId\"), undefined))\n          .collect();\n\n        for (const existingPlatformInvite of existingPlatformInvites) {\n          const isExpired =\n            existingPlatformInvite.expiresTime !== undefined &&\n            existingPlatformInvite.expiresTime <= now;\n          if (isExpired) {\n            await ctx.db.patch(\"GroupInvite\", existingPlatformInvite._id, {\n              status: \"expired\",\n            });\n            continue;\n          }\n          throw new ConvexError({\n            code: \"DUPLICATE_INVITE\",\n            message: \"A pending platform invite already exists for this email\",\n            email: args.email,\n            existingInviteId: existingPlatformInvite._id,\n          });\n        }\n      }\n    }\n    return await ctx.db.insert(\"GroupInvite\", args);\n  },\n});\n\n/**\n * Retrieve an invite by its document ID.\n *\n * Performs a direct lookup in the `GroupInvite` table and returns the full\n * invite document, or `null` if no invite exists with the given ID.\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to retrieve.\n * @returns The invite document (including `email`, `status`, `groupId`, `tokenHash`, etc.) or `null` if not found.\n *\n * @example\n * ```ts\n * const invite = await ctx.runQuery(components.auth.groups.inviteGet, {\n *   inviteId: existingInviteId,\n * });\n * if (invite !== null) {\n *   console.log(invite.email, invite.status);\n * }\n * ```\n */\nexport const inviteGet = query({\n  args: { inviteId: v.id(\"GroupInvite\") },\n  returns: v.union(vGroupInviteDoc, v.null()),\n  handler: async (ctx, { inviteId }) => {\n    return await ctx.db.get(\"GroupInvite\", inviteId);\n  },\n});\n\n/**\n * Retrieve an invite by its hashed token.\n *\n * Looks up the `GroupInvite` table using the `token_hash` index. This is\n * the primary mechanism for resolving an invite from a URL-embedded token.\n * Returns `null` if no invite matches the given hash.\n *\n * @param args.tokenHash - The hashed token string to look up (must match the value stored at creation time).\n * @returns The invite document or `null` if no invite exists with the given token hash.\n *\n * @example\n * ```ts\n * const invite = await ctx.runQuery(\n *   components.auth.groups.inviteGetByTokenHash,\n *   { tokenHash: \"sha256_abc123...\" },\n * );\n * if (invite !== null && invite.status === \"pending\") {\n *   // proceed with acceptance flow\n * }\n * ```\n */\nexport const inviteGetByTokenHash = query({\n  args: { tokenHash: v.string() },\n  returns: v.union(vGroupInviteDoc, v.null()),\n  handler: async (ctx, { tokenHash }) => {\n    return await ctx.db\n      .query(\"GroupInvite\")\n      .withIndex(\"token_hash\", (q) => q.eq(\"tokenHash\", tokenHash))\n      .first();\n  },\n});\n\n/**\n * List invites with optional filtering, sorting, and pagination.\n *\n * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,\n * `status`, `email`, `invitedByUserId`, `roleId`, `acceptedByUserId`, and\n * `tokenHash`. The query engine automatically selects the best compound\n * index based on the combination of filter fields provided. The `roleId`\n * filter is applied in-memory after the index scan because role IDs are\n * stored as an array.\n *\n * @param args.where - Optional filter criteria for narrowing results.\n * @param args.where.tokenHash - Match invites with this exact hashed token.\n * @param args.where.groupId - Match invites scoped to this group.\n * @param args.where.status - Match invites with this status (e.g. `\"pending\"`, `\"accepted\"`, `\"revoked\"`).\n * @param args.where.email - Match invites sent to this email address.\n * @param args.where.invitedByUserId - Match invites created by this user.\n * @param args.where.roleId - Match invites that include this role identifier in their `roleIds` array.\n * @param args.where.acceptedByUserId - Match invites accepted by this specific user.\n * @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.\n * @param args.orderBy - The field to sort by: `\"_creationTime\"`, `\"status\"`, `\"email\"`, `\"expiresTime\"`, or `\"acceptedTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (defaults to `\"desc\"`).\n * @returns An object `{ items, nextCursor }` where `items` is an array of invite documents and `nextCursor` is `null` when there are no more pages.\n *\n * @example\n * ```ts\n * const { items, nextCursor } = await ctx.runQuery(\n *   components.auth.groups.inviteList,\n *   {\n *     where: { groupId: teamGroupId, status: \"pending\" },\n *     limit: 25,\n *     order: \"desc\",\n *   },\n * );\n * ```\n */\nexport const inviteList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        tokenHash: v.optional(v.string()),\n        groupId: v.optional(v.id(\"Group\")),\n        status: v.optional(vInviteStatus),\n        email: v.optional(v.string()),\n        invitedByUserId: v.optional(v.id(\"User\")),\n        roleId: v.optional(v.string()),\n        acceptedByUserId: v.optional(v.id(\"User\")),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(\n        v.literal(\"_creationTime\"),\n        v.literal(\"status\"),\n        v.literal(\"email\"),\n        v.literal(\"expiresTime\"),\n        v.literal(\"acceptedTime\"),\n      ),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vGroupInviteDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    // Pick best index\n    let q;\n    if (where.tokenHash !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"token_hash\", (idx) =>\n          idx.eq(\"tokenHash\", where.tokenHash!),\n        );\n    } else if (where.groupId !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"group_id_status\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"status\", where.status!),\n        );\n    } else if (where.email !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"email_status\", (idx) =>\n          idx.eq(\"email\", where.email!).eq(\"status\", where.status!),\n        );\n    } else if (\n      where.invitedByUserId !== undefined &&\n      where.status !== undefined\n    ) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"invited_by_user_id_status\", (idx) =>\n          idx\n            .eq(\"invitedByUserId\", where.invitedByUserId!)\n            .eq(\"status\", where.status!),\n        );\n    } else if (where.groupId !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", where.groupId!));\n    } else if (where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"status\", (idx) => idx.eq(\"status\", where.status!));\n    } else {\n      q = ctx.db.query(\"GroupInvite\");\n    }\n\n    // Apply remaining filters\n    if (where.groupId !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"groupId\"), where.groupId!));\n    }\n    if (where.status !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n    }\n    if (where.email !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"email\"), where.email!));\n    }\n    if (where.invitedByUserId !== undefined) {\n      q = q.filter((f) =>\n        f.eq(f.field(\"invitedByUserId\"), where.invitedByUserId!),\n      );\n    }\n    if (where.acceptedByUserId !== undefined) {\n      q = q.filter((f) =>\n        f.eq(f.field(\"acceptedByUserId\"), where.acceptedByUserId!),\n      );\n    }\n    if (where.tokenHash !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"tokenHash\"), where.tokenHash!));\n    }\n\n    q = q.order(order);\n\n    let all = await q.collect();\n    if (where.roleId !== undefined) {\n      all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));\n    }\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Accept a pending invitation.\n *\n * Marks the invite as `\"accepted\"` and records the acceptance timestamp.\n * Throws a structured `ConvexError` when the invite doesn't exist or is not\n * currently pending. If the invite has passed its `expiresTime`, it is\n * automatically transitioned to `\"expired\"` and the acceptance is rejected.\n *\n * The caller is responsible for creating the corresponding member record\n * (see {@link inviteAcceptByToken} for an all-in-one alternative that also\n * handles membership).\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to accept.\n * @param args.acceptedByUserId - Optional `Id<\"User\">` of the user accepting the invite. Stored on the invite for audit purposes.\n * @returns `null` on success.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if the invite does not exist.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has already been accepted, revoked, or otherwise finalized.\n * @throws `ConvexError` with code `INVITE_EXPIRED` if the invite's `expiresTime` has passed.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.inviteAccept, {\n *   inviteId: pendingInviteId,\n *   acceptedByUserId: currentUserId,\n * });\n * ```\n */\nexport const inviteAccept = mutation({\n  args: {\n    inviteId: v.id(\"GroupInvite\"),\n    acceptedByUserId: v.optional(v.id(\"User\")),\n  },\n  returns: v.null(),\n  handler: async (ctx, { inviteId, acceptedByUserId }) => {\n    const invite = await ctx.db.get(\"GroupInvite\", inviteId);\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n        inviteId,\n      });\n    }\n    if (invite.status !== \"pending\") {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot accept invite with status \"${invite.status}\"`,\n        inviteId,\n        currentStatus: invite.status,\n      });\n    }\n    if (invite.expiresTime !== undefined && invite.expiresTime <= Date.now()) {\n      await ctx.db.patch(\"GroupInvite\", inviteId, {\n        status: \"expired\",\n      });\n      throw new ConvexError({\n        code: \"INVITE_EXPIRED\",\n        message: \"Invite has expired\",\n        inviteId,\n      });\n    }\n    await ctx.db.patch(\"GroupInvite\", inviteId, {\n      status: \"accepted\",\n      acceptedTime: Date.now(),\n      ...(acceptedByUserId ? { acceptedByUserId } : {}),\n    });\n    return null;\n  },\n});\n\n/**\n * Accept an invitation by raw token hash and atomically join group membership.\n *\n * This is the primary token-based acceptance flow. It looks up the invite by\n * `tokenHash`, validates status and expiry, verifies the accepting user's\n * email matches the invite email (when set), and — if the invite is scoped\n * to a group — creates a `GroupMember` record in the same transaction.\n *\n * The operation is idempotent: if the invite was already accepted by the\n * same user, it returns a result with `inviteStatus: \"already_accepted\"`\n * and the existing membership information.\n *\n * @param args.tokenHash - The hashed token string that identifies the invite (typically extracted from an invite URL).\n * @param args.acceptedByUserId - The `Id<\"User\">` of the user accepting the invitation. Their email must match the invite's email when one was specified.\n * @returns An object describing the outcome:\n *   - `inviteId` — the ID of the accepted invite.\n *   - `groupId` — the group the invite targets, or `null` for platform invites.\n *   - `memberId` — the ID of the created (or existing) member record, or `undefined` for platform invites.\n *   - `inviteStatus` — `\"accepted\"` for a fresh acceptance, `\"already_accepted\"` for idempotent replays.\n *   - `membershipStatus` — `\"joined\"`, `\"already_joined\"`, or `\"not_applicable\"`.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if no invite matches the token hash.\n * @throws `ConvexError` with code `INVITE_EXPIRED` if the invite's `expiresTime` has passed.\n * @throws `ConvexError` with code `INVITE_ALREADY_ACCEPTED` if the invite was accepted by a different user.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has been revoked or is in another non-pending state.\n * @throws `ConvexError` with code `INVITE_EMAIL_MISMATCH` if the accepting user's email does not match the invite's email.\n *\n * @example\n * ```ts\n * const result = await ctx.runMutation(\n *   components.auth.groups.inviteAcceptByToken,\n *   {\n *     tokenHash: \"sha256_abc123...\",\n *     acceptedByUserId: currentUserId,\n *   },\n * );\n * if (result.membershipStatus === \"joined\") {\n *   console.log(\"Joined group\", result.groupId, \"as member\", result.memberId);\n * }\n * ```\n */\nexport const inviteAcceptByToken = mutation({\n  args: {\n    tokenHash: v.string(),\n    acceptedByUserId: v.id(\"User\"),\n  },\n  returns: vInviteAcceptByTokenResult,\n  handler: async (ctx, { tokenHash, acceptedByUserId }) => {\n    const invite = await ctx.db\n      .query(\"GroupInvite\")\n      .withIndex(\"token_hash\", (q) => q.eq(\"tokenHash\", tokenHash))\n      .first();\n\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n      });\n    }\n\n    const now = Date.now();\n    if (invite.status === \"pending\") {\n      if (invite.expiresTime !== undefined && invite.expiresTime <= now) {\n        await ctx.db.patch(\"GroupInvite\", invite._id, { status: \"expired\" });\n        throw new ConvexError({\n          code: \"INVITE_EXPIRED\",\n          message: \"Invite has expired\",\n          inviteId: invite._id,\n        });\n      }\n    } else if (invite.status === \"accepted\") {\n      if (invite.acceptedByUserId !== acceptedByUserId) {\n        throw new ConvexError({\n          code: \"INVITE_ALREADY_ACCEPTED\",\n          message: \"Invite already accepted by another user\",\n          inviteId: invite._id,\n        });\n      }\n    } else {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot accept invite with status \"${invite.status}\"`,\n        inviteId: invite._id,\n        currentStatus: invite.status,\n      });\n    }\n\n    if (invite.email !== undefined) {\n      const user = await ctx.db.get(\"User\", acceptedByUserId);\n      const normalizedInviteEmail = invite.email.trim().toLowerCase();\n      const normalizedUserEmail = user?.email?.trim().toLowerCase();\n\n      if (\n        normalizedUserEmail === undefined ||\n        normalizedUserEmail !== normalizedInviteEmail\n      ) {\n        throw new ConvexError({\n          code: \"INVITE_EMAIL_MISMATCH\",\n          message: \"Invite email does not match accepting user's email\",\n          inviteId: invite._id,\n        });\n      }\n    }\n\n    let membershipStatus: \"joined\" | \"already_joined\" | \"not_applicable\" =\n      \"not_applicable\";\n    let memberId: Id<\"GroupMember\"> | undefined;\n\n    if (invite.groupId !== undefined) {\n      const existingMembership = await ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (q) =>\n          q.eq(\"groupId\", invite.groupId!).eq(\"userId\", acceptedByUserId),\n        )\n        .unique();\n\n      if (existingMembership !== null) {\n        membershipStatus = \"already_joined\";\n        memberId = existingMembership._id;\n      } else {\n        memberId = await ctx.db.insert(\"GroupMember\", {\n          groupId: invite.groupId,\n          userId: acceptedByUserId,\n          roleIds: invite.roleIds,\n          status: \"active\",\n        });\n        membershipStatus = \"joined\";\n      }\n    }\n\n    if (invite.status === \"pending\") {\n      await ctx.db.patch(\"GroupInvite\", invite._id, {\n        status: \"accepted\",\n        acceptedByUserId,\n        acceptedTime: now,\n      });\n    }\n\n    const inviteStatus: \"accepted\" | \"already_accepted\" =\n      invite.status === \"accepted\" ? \"already_accepted\" : \"accepted\";\n\n    return {\n      inviteId: invite._id,\n      groupId: invite.groupId ?? null,\n      memberId,\n      inviteStatus,\n      membershipStatus,\n    };\n  },\n});\n\n/**\n * Revoke a pending invitation.\n *\n * Marks the invite as `\"revoked\"`. Only invites with status `\"pending\"` can\n * be revoked. Throws a structured `ConvexError` when the invite doesn't\n * exist or is not currently pending. Once revoked, the invite's token can\n * no longer be used for acceptance.\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to revoke.\n * @returns `null` on success.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if the invite does not exist.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has already been accepted, revoked, or expired.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.inviteRevoke, {\n *   inviteId: pendingInviteId,\n * });\n * ```\n */\nexport const inviteRevoke = mutation({\n  args: { inviteId: v.id(\"GroupInvite\") },\n  returns: v.null(),\n  handler: async (ctx, { inviteId }) => {\n    const invite = await ctx.db.get(\"GroupInvite\", inviteId);\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n        inviteId,\n      });\n    }\n    if (invite.status !== \"pending\") {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot revoke invite with status \"${invite.status}\"`,\n        inviteId,\n        currentStatus: invite.status,\n      });\n    }\n    await ctx.db.patch(\"GroupInvite\", inviteId, { status: \"revoked\" });\n    return null;\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ;EACR,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,cAAc;CAC5B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,MAAM,KAAK,KAAK;AAItB,MAAI,KAAK,UAAU,OACjB,KAAI,KAAK,YAAY,QAAW;GAC9B,MAAM,uBAAuB,MAAM,IAAI,GACpC,MAAM,cAAc,CACpB,UAAU,oBAAoB,MAC7B,EAAE,GAAG,WAAW,KAAK,QAAQ,CAAC,GAAG,UAAU,UAAU,CACtD,CACA,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,KAAK,MAAM,CAAC,CACjD,SAAS;AAEZ,QAAK,MAAM,uBAAuB,sBAAsB;AAItD,QAFE,oBAAoB,gBAAgB,UACpC,oBAAoB,eAAe,KACtB;AACb,WAAM,IAAI,GAAG,MAAM,eAAe,oBAAoB,KAAK,EACzD,QAAQ,WACT,CAAC;AACF;;AAEF,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SACE;KACF,OAAO,KAAK;KACZ,SAAS,KAAK;KACd,kBAAkB,oBAAoB;KACvC,CAAC;;SAEC;GACL,MAAM,0BAA0B,MAAM,IAAI,GACvC,MAAM,cAAc,CACpB,UAAU,iBAAiB,MAC1B,EAAE,GAAG,SAAS,KAAK,MAAM,CAAC,GAAG,UAAU,UAAU,CAClD,CACA,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,OAAU,CAAC,CAClD,SAAS;AAEZ,QAAK,MAAM,0BAA0B,yBAAyB;AAI5D,QAFE,uBAAuB,gBAAgB,UACvC,uBAAuB,eAAe,KACzB;AACb,WAAM,IAAI,GAAG,MAAM,eAAe,uBAAuB,KAAK,EAC5D,QAAQ,WACT,CAAC;AACF;;AAEF,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SAAS;KACT,OAAO,KAAK;KACZ,kBAAkB,uBAAuB;KAC1C,CAAC;;;AAIR,SAAO,MAAM,IAAI,GAAG,OAAO,eAAe,KAAK;;CAElD,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,MAAM;CAC7B,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;;CAEnD,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,uBAAuB,MAAM;CACxC,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,cAAc,CACpB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;;CAEb,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCF,MAAa,aAAa,MAAM;CAC9B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;GACjC,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GAClC,QAAQ,EAAE,SAAS,cAAc;GACjC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GACzC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC9B,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAC3C,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,cAAc,EACxB,EAAE,QAAQ,eAAe,CAC1B,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,gBAAgB;CACpC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,cAAc,OACtB,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,eAAe,QACxB,IAAI,GAAG,aAAa,MAAM,UAAW,CACtC;WACM,MAAM,YAAY,UAAa,MAAM,WAAW,OACzD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,oBAAoB,QAC7B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;WACM,MAAM,UAAU,UAAa,MAAM,WAAW,OACvD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,iBAAiB,QAC1B,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC1D;WAEH,MAAM,oBAAoB,UAC1B,MAAM,WAAW,OAEjB,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,8BAA8B,QACvC,IACG,GAAG,mBAAmB,MAAM,gBAAiB,CAC7C,GAAG,UAAU,MAAM,OAAQ,CAC/B;WACM,MAAM,YAAY,OAC3B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC;WAC3D,MAAM,WAAW,OAC1B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,WAAW,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEhE,KAAI,IAAI,GAAG,MAAM,cAAc;AAIjC,MAAI,MAAM,YAAY,OACpB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,MAAM,QAAS,CAAC;AAE/D,MAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAE7D,MAAI,MAAM,UAAU,OAClB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAE3D,MAAI,MAAM,oBAAoB,OAC5B,KAAI,EAAE,QAAQ,MACZ,EAAE,GAAG,EAAE,MAAM,kBAAkB,EAAE,MAAM,gBAAiB,CACzD;AAEH,MAAI,MAAM,qBAAqB,OAC7B,KAAI,EAAE,QAAQ,MACZ,EAAE,GAAG,EAAE,MAAM,mBAAmB,EAAE,MAAM,iBAAkB,CAC3D;AAEH,MAAI,MAAM,cAAc,OACtB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,YAAY,EAAE,MAAM,UAAW,CAAC;AAGnE,MAAI,EAAE,MAAM,MAAM;EAElB,IAAI,MAAM,MAAM,EAAE,SAAS;AAC3B,MAAI,MAAM,WAAW,OACnB,OAAM,IAAI,QAAQ,SAAS,IAAI,WAAW,EAAE,EAAE,SAAS,MAAM,OAAQ,CAAC;EAExE,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,UAAU,EAAE,GAAG,cAAc;EAC7B,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAC3C;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,uBAAuB;EACtD,MAAM,SAAS,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;AACxD,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D;GACA,eAAe,OAAO;GACvB,CAAC;AAEJ,MAAI,OAAO,gBAAgB,UAAa,OAAO,eAAe,KAAK,KAAK,EAAE;AACxE,SAAM,IAAI,GAAG,MAAM,eAAe,UAAU,EAC1C,QAAQ,WACT,CAAC;AACF,SAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT;IACD,CAAC;;AAEJ,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU;GAC1C,QAAQ;GACR,cAAc,KAAK,KAAK;GACxB,GAAI,mBAAmB,EAAE,kBAAkB,GAAG,EAAE;GACjD,CAAC;AACF,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CF,MAAa,sBAAsB,SAAS;CAC1C,MAAM;EACJ,WAAW,EAAE,QAAQ;EACrB,kBAAkB,EAAE,GAAG,OAAO;EAC/B;CACD,SAAS;CACT,SAAS,OAAO,KAAK,EAAE,WAAW,uBAAuB;EACvD,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,cAAc,CACpB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;AAEV,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;EAGJ,MAAM,MAAM,KAAK,KAAK;AACtB,MAAI,OAAO,WAAW,WACpB;OAAI,OAAO,gBAAgB,UAAa,OAAO,eAAe,KAAK;AACjE,UAAM,IAAI,GAAG,MAAM,eAAe,OAAO,KAAK,EAAE,QAAQ,WAAW,CAAC;AACpE,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SAAS;KACT,UAAU,OAAO;KAClB,CAAC;;aAEK,OAAO,WAAW,YAC3B;OAAI,OAAO,qBAAqB,iBAC9B,OAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT,UAAU,OAAO;IAClB,CAAC;QAGJ,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D,UAAU,OAAO;GACjB,eAAe,OAAO;GACvB,CAAC;AAGJ,MAAI,OAAO,UAAU,QAAW;GAC9B,MAAM,OAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,iBAAiB;GACvD,MAAM,wBAAwB,OAAO,MAAM,MAAM,CAAC,aAAa;GAC/D,MAAM,sBAAsB,MAAM,OAAO,MAAM,CAAC,aAAa;AAE7D,OACE,wBAAwB,UACxB,wBAAwB,sBAExB,OAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT,UAAU,OAAO;IAClB,CAAC;;EAIN,IAAI,mBACF;EACF,IAAI;AAEJ,MAAI,OAAO,YAAY,QAAW;GAChC,MAAM,qBAAqB,MAAM,IAAI,GAClC,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,OAAO,QAAS,CAAC,GAAG,UAAU,iBAAiB,CAChE,CACA,QAAQ;AAEX,OAAI,uBAAuB,MAAM;AAC/B,uBAAmB;AACnB,eAAW,mBAAmB;UACzB;AACL,eAAW,MAAM,IAAI,GAAG,OAAO,eAAe;KAC5C,SAAS,OAAO;KAChB,QAAQ;KACR,SAAS,OAAO;KAChB,QAAQ;KACT,CAAC;AACF,uBAAmB;;;AAIvB,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,GAAG,MAAM,eAAe,OAAO,KAAK;GAC5C,QAAQ;GACR;GACA,cAAc;GACf,CAAC;EAGJ,MAAM,eACJ,OAAO,WAAW,aAAa,qBAAqB;AAEtD,SAAO;GACL,UAAU,OAAO;GACjB,SAAS,OAAO,WAAW;GAC3B;GACA;GACA;GACD;;CAEJ,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;EACpC,MAAM,SAAS,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;AACxD,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D;GACA,eAAe,OAAO;GACvB,CAAC;AAEJ,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU,EAAE,QAAQ,WAAW,CAAC;AAClE,SAAO;;CAEV,CAAC"}
+{"version":3,"file":"invites.js","names":[],"sources":["../../../../src/component/public/groups/invites.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\n\nimport type { Id } from \"../../_generated/dataModel\";\nimport { mutation, query } from \"../../functions\";\nimport {\n  vGroupInviteDoc,\n  vInviteAcceptByTokenResult,\n  vInviteStatus,\n  vPaginated,\n} from \"../../model\";\n\n/**\n * Create a new platform-level invitation. Optionally set `groupId` to tie\n * the invite to a specific group. The invitation is sent to an email address\n * and includes a hashed token for secure acceptance.\n *\n * Throws `ConvexError` with code `DUPLICATE_INVITE` when a pending invite\n * already exists for the same email and scope:\n * - group invite: same `email` + same `groupId`\n * - platform invite: same `email` with no `groupId`\n *\n * When a duplicate check finds an existing invite that has passed its\n * `expiresTime`, that invite is automatically marked as `\"expired\"` and the\n * new invite is allowed through. CLI-generated invites (no email) skip\n * duplicate detection entirely.\n *\n * @param args.groupId - Optional `Id<\"Group\">` to scope this invite to a specific group. Omit for a platform-wide invite.\n * @param args.invitedByUserId - Optional `Id<\"User\">` of the user who issued the invitation.\n * @param args.email - Optional email address of the invitee. When provided, duplicate detection is enforced.\n * @param args.tokenHash - A pre-hashed token string used for secure, URL-safe invite acceptance.\n * @param args.roleIds - Optional array of application-defined role identifiers to assign upon acceptance.\n * @param args.status - The initial status of the invite (typically `\"pending\"`).\n * @param args.expiresTime - Optional Unix timestamp (ms) after which the invite is considered expired.\n * @param args.extend - Optional arbitrary payload for application-specific metadata.\n * @returns The `Id<\"GroupInvite\">` of the newly created invite document.\n *\n * @example\n * ```ts\n * const inviteId = await ctx.runMutation(\n *   components.auth.groups.inviteCreate,\n *   {\n *     groupId: teamGroupId,\n *     invitedByUserId: currentUserId,\n *     email: \"alice@example.com\",\n *     tokenHash: hashedToken,\n *     roleIds: [\"editor\"],\n *     status: \"pending\",\n *     expiresTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n *   },\n * );\n * ```\n */\nexport const inviteCreate = mutation({\n  args: {\n    groupId: v.optional(v.id(\"Group\")),\n    invitedByUserId: v.optional(v.id(\"User\")),\n    email: v.optional(v.string()),\n    tokenHash: v.string(),\n    roleIds: v.optional(v.array(v.string())),\n    status: vInviteStatus,\n    expiresTime: v.optional(v.number()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"GroupInvite\"),\n  handler: async (ctx, args) => {\n    const now = Date.now();\n\n    // Only check for duplicates when an email is provided.\n    // CLI-generated invites (no email) are always allowed.\n    if (args.email !== undefined) {\n      if (args.groupId !== undefined) {\n        const existingGroupInvites = await ctx.db\n          .query(\"GroupInvite\")\n          .withIndex(\"group_id_status\", (q) =>\n            q.eq(\"groupId\", args.groupId).eq(\"status\", \"pending\"),\n          )\n          .filter((q) => q.eq(q.field(\"email\"), args.email))\n          .collect();\n\n        for (const existingGroupInvite of existingGroupInvites) {\n          const isExpired =\n            existingGroupInvite.expiresTime !== undefined &&\n            existingGroupInvite.expiresTime <= now;\n          if (isExpired) {\n            await ctx.db.patch(\"GroupInvite\", existingGroupInvite._id, {\n              status: \"expired\",\n            });\n            continue;\n          }\n          throw new ConvexError({\n            code: \"DUPLICATE_INVITE\",\n            message:\n              \"A pending invite already exists for this email in this group\",\n            email: args.email,\n            groupId: args.groupId,\n            existingInviteId: existingGroupInvite._id,\n          });\n        }\n      } else {\n        const existingPlatformInvites = await ctx.db\n          .query(\"GroupInvite\")\n          .withIndex(\"email_status\", (q) =>\n            q.eq(\"email\", args.email).eq(\"status\", \"pending\"),\n          )\n          .filter((q) => q.eq(q.field(\"groupId\"), undefined))\n          .collect();\n\n        for (const existingPlatformInvite of existingPlatformInvites) {\n          const isExpired =\n            existingPlatformInvite.expiresTime !== undefined &&\n            existingPlatformInvite.expiresTime <= now;\n          if (isExpired) {\n            await ctx.db.patch(\"GroupInvite\", existingPlatformInvite._id, {\n              status: \"expired\",\n            });\n            continue;\n          }\n          throw new ConvexError({\n            code: \"DUPLICATE_INVITE\",\n            message: \"A pending platform invite already exists for this email\",\n            email: args.email,\n            existingInviteId: existingPlatformInvite._id,\n          });\n        }\n      }\n    }\n    return await ctx.db.insert(\"GroupInvite\", args);\n  },\n});\n\n/**\n * Retrieve an invite by its document ID.\n *\n * Performs a direct lookup in the `GroupInvite` table and returns the full\n * invite document, or `null` if no invite exists with the given ID.\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to retrieve.\n * @returns The invite document (including `email`, `status`, `groupId`, `tokenHash`, etc.) or `null` if not found.\n *\n * @example\n * ```ts\n * const invite = await ctx.runQuery(components.auth.groups.inviteGet, {\n *   inviteId: existingInviteId,\n * });\n * if (invite !== null) {\n *   console.log(invite.email, invite.status);\n * }\n * ```\n */\nexport const inviteGet = query({\n  args: { inviteId: v.id(\"GroupInvite\") },\n  returns: v.union(vGroupInviteDoc, v.null()),\n  handler: async (ctx, { inviteId }) => {\n    return await ctx.db.get(\"GroupInvite\", inviteId);\n  },\n});\n\n/**\n * Retrieve an invite by its hashed token.\n *\n * Looks up the `GroupInvite` table using the `token_hash` index. This is\n * the primary mechanism for resolving an invite from a URL-embedded token.\n * Returns `null` if no invite matches the given hash.\n *\n * @param args.tokenHash - The hashed token string to look up (must match the value stored at creation time).\n * @returns The invite document or `null` if no invite exists with the given token hash.\n *\n * @example\n * ```ts\n * const invite = await ctx.runQuery(\n *   components.auth.groups.inviteGetByTokenHash,\n *   { tokenHash: \"sha256_abc123...\" },\n * );\n * if (invite !== null && invite.status === \"pending\") {\n *   // proceed with acceptance flow\n * }\n * ```\n */\nexport const inviteGetByTokenHash = query({\n  args: { tokenHash: v.string() },\n  returns: v.union(vGroupInviteDoc, v.null()),\n  handler: async (ctx, { tokenHash }) => {\n    return await ctx.db\n      .query(\"GroupInvite\")\n      .withIndex(\"token_hash\", (q) => q.eq(\"tokenHash\", tokenHash))\n      .first();\n  },\n});\n\n/**\n * List invites with optional filtering, sorting, and pagination.\n *\n * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,\n * `status`, `email`, `invitedByUserId`, `roleId`, `acceptedByUserId`, and\n * `tokenHash`. The query engine automatically selects the best compound\n * index based on the combination of filter fields provided. The `roleId`\n * filter is applied in-memory after the index scan because role IDs are\n * stored as an array.\n *\n * @param args.where - Optional filter criteria for narrowing results.\n * @param args.where.tokenHash - Match invites with this exact hashed token.\n * @param args.where.groupId - Match invites scoped to this group.\n * @param args.where.status - Match invites with this status (e.g. `\"pending\"`, `\"accepted\"`, `\"revoked\"`).\n * @param args.where.email - Match invites sent to this email address.\n * @param args.where.invitedByUserId - Match invites created by this user.\n * @param args.where.roleId - Match invites that include this role identifier in their `roleIds` array.\n * @param args.where.acceptedByUserId - Match invites accepted by this specific user.\n * @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.\n * @param args.orderBy - The field to sort by: `\"_creationTime\"`, `\"status\"`, `\"email\"`, `\"expiresTime\"`, or `\"acceptedTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (defaults to `\"desc\"`).\n * @returns An object `{ items, nextCursor }` where `items` is an array of invite documents and `nextCursor` is `null` when there are no more pages.\n *\n * @example\n * ```ts\n * const { items, nextCursor } = await ctx.runQuery(\n *   components.auth.groups.inviteList,\n *   {\n *     where: { groupId: teamGroupId, status: \"pending\" },\n *     limit: 25,\n *     order: \"desc\",\n *   },\n * );\n * ```\n */\nexport const inviteList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        tokenHash: v.optional(v.string()),\n        groupId: v.optional(v.id(\"Group\")),\n        status: v.optional(vInviteStatus),\n        email: v.optional(v.string()),\n        invitedByUserId: v.optional(v.id(\"User\")),\n        roleId: v.optional(v.string()),\n        acceptedByUserId: v.optional(v.id(\"User\")),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(\n        v.literal(\"_creationTime\"),\n        v.literal(\"status\"),\n        v.literal(\"email\"),\n        v.literal(\"expiresTime\"),\n        v.literal(\"acceptedTime\"),\n      ),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vGroupInviteDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    // Pick best index\n    let q;\n    if (where.tokenHash !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"token_hash\", (idx) =>\n          idx.eq(\"tokenHash\", where.tokenHash!),\n        );\n    } else if (where.groupId !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"group_id_status\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"status\", where.status!),\n        );\n    } else if (where.email !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"email_status\", (idx) =>\n          idx.eq(\"email\", where.email!).eq(\"status\", where.status!),\n        );\n    } else if (\n      where.invitedByUserId !== undefined &&\n      where.status !== undefined\n    ) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"invited_by_user_id_status\", (idx) =>\n          idx\n            .eq(\"invitedByUserId\", where.invitedByUserId!)\n            .eq(\"status\", where.status!),\n        );\n    } else if (where.groupId !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", where.groupId!));\n    } else if (where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupInvite\")\n        .withIndex(\"status\", (idx) => idx.eq(\"status\", where.status!));\n    } else {\n      q = ctx.db.query(\"GroupInvite\");\n    }\n\n    // Apply remaining filters\n    if (where.groupId !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"groupId\"), where.groupId!));\n    }\n    if (where.status !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n    }\n    if (where.email !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"email\"), where.email!));\n    }\n    if (where.invitedByUserId !== undefined) {\n      q = q.filter((f) =>\n        f.eq(f.field(\"invitedByUserId\"), where.invitedByUserId!),\n      );\n    }\n    if (where.acceptedByUserId !== undefined) {\n      q = q.filter((f) =>\n        f.eq(f.field(\"acceptedByUserId\"), where.acceptedByUserId!),\n      );\n    }\n    if (where.tokenHash !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"tokenHash\"), where.tokenHash!));\n    }\n\n    q = q.order(order);\n\n    let all = await q.collect();\n    if (where.roleId !== undefined) {\n      all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));\n    }\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Accept a pending invitation.\n *\n * Marks the invite as `\"accepted\"` and records the acceptance timestamp.\n * Throws a structured `ConvexError` when the invite doesn't exist or is not\n * currently pending. If the invite has passed its `expiresTime`, it is\n * automatically transitioned to `\"expired\"` and the acceptance is rejected.\n *\n * The caller is responsible for creating the corresponding member record\n * (see {@link inviteAcceptByToken} for an all-in-one alternative that also\n * handles membership).\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to accept.\n * @param args.acceptedByUserId - Optional `Id<\"User\">` of the user accepting the invite. Stored on the invite for audit purposes.\n * @returns `null` on success.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if the invite does not exist.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has already been accepted, revoked, or otherwise finalized.\n * @throws `ConvexError` with code `INVITE_EXPIRED` if the invite's `expiresTime` has passed.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.inviteAccept, {\n *   inviteId: pendingInviteId,\n *   acceptedByUserId: currentUserId,\n * });\n * ```\n */\nexport const inviteAccept = mutation({\n  args: {\n    inviteId: v.id(\"GroupInvite\"),\n    acceptedByUserId: v.optional(v.id(\"User\")),\n  },\n  returns: v.null(),\n  handler: async (ctx, { inviteId, acceptedByUserId }) => {\n    const invite = await ctx.db.get(\"GroupInvite\", inviteId);\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n        inviteId,\n      });\n    }\n    if (invite.status !== \"pending\") {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot accept invite with status \"${invite.status}\"`,\n        inviteId,\n        currentStatus: invite.status,\n      });\n    }\n    if (invite.expiresTime !== undefined && invite.expiresTime <= Date.now()) {\n      await ctx.db.patch(\"GroupInvite\", inviteId, {\n        status: \"expired\",\n      });\n      throw new ConvexError({\n        code: \"INVITE_EXPIRED\",\n        message: \"Invite has expired\",\n        inviteId,\n      });\n    }\n    await ctx.db.patch(\"GroupInvite\", inviteId, {\n      status: \"accepted\",\n      acceptedTime: Date.now(),\n      ...(acceptedByUserId ? { acceptedByUserId } : {}),\n    });\n    return null;\n  },\n});\n\n/**\n * Accept an invitation by raw token hash and atomically join group membership.\n *\n * This is the primary token-based acceptance flow. It looks up the invite by\n * `tokenHash`, validates status and expiry, verifies the accepting user's\n * email matches the invite email (when set), and — if the invite is scoped\n * to a group — creates a `GroupMember` record in the same transaction.\n *\n * The operation is idempotent: if the invite was already accepted by the\n * same user, it returns a result with `inviteStatus: \"already_accepted\"`\n * and the existing membership information.\n *\n * @param args.tokenHash - The hashed token string that identifies the invite (typically extracted from an invite URL).\n * @param args.acceptedByUserId - The `Id<\"User\">` of the user accepting the invitation. Their email must match the invite's email when one was specified.\n * @returns An object describing the outcome:\n *   - `inviteId` — the ID of the accepted invite.\n *   - `groupId` — the group the invite targets, or `null` for platform invites.\n *   - `memberId` — the ID of the created (or existing) member record, or `undefined` for platform invites.\n *   - `inviteStatus` — `\"accepted\"` for a fresh acceptance, `\"already_accepted\"` for idempotent replays.\n *   - `membershipStatus` — `\"joined\"`, `\"already_joined\"`, or `\"not_applicable\"`.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if no invite matches the token hash.\n * @throws `ConvexError` with code `INVITE_EXPIRED` if the invite's `expiresTime` has passed.\n * @throws `ConvexError` with code `INVITE_ALREADY_ACCEPTED` if the invite was accepted by a different user.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has been revoked or is in another non-pending state.\n * @throws `ConvexError` with code `INVITE_EMAIL_MISMATCH` if the accepting user's email does not match the invite's email.\n *\n * @example\n * ```ts\n * const result = await ctx.runMutation(\n *   components.auth.groups.inviteAcceptByToken,\n *   {\n *     tokenHash: \"sha256_abc123...\",\n *     acceptedByUserId: currentUserId,\n *   },\n * );\n * if (result.membershipStatus === \"joined\") {\n *   console.log(\"Joined group\", result.groupId, \"as member\", result.memberId);\n * }\n * ```\n */\nexport const inviteAcceptByToken = mutation({\n  args: {\n    tokenHash: v.string(),\n    acceptedByUserId: v.id(\"User\"),\n  },\n  returns: vInviteAcceptByTokenResult,\n  handler: async (ctx, { tokenHash, acceptedByUserId }) => {\n    const invite = await ctx.db\n      .query(\"GroupInvite\")\n      .withIndex(\"token_hash\", (q) => q.eq(\"tokenHash\", tokenHash))\n      .first();\n\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n      });\n    }\n\n    const now = Date.now();\n    if (invite.status === \"pending\") {\n      if (invite.expiresTime !== undefined && invite.expiresTime <= now) {\n        await ctx.db.patch(\"GroupInvite\", invite._id, { status: \"expired\" });\n        throw new ConvexError({\n          code: \"INVITE_EXPIRED\",\n          message: \"Invite has expired\",\n          inviteId: invite._id,\n        });\n      }\n    } else if (invite.status === \"accepted\") {\n      if (invite.acceptedByUserId !== acceptedByUserId) {\n        throw new ConvexError({\n          code: \"INVITE_ALREADY_ACCEPTED\",\n          message: \"Invite already accepted by another user\",\n          inviteId: invite._id,\n        });\n      }\n    } else {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot accept invite with status \"${invite.status}\"`,\n        inviteId: invite._id,\n        currentStatus: invite.status,\n      });\n    }\n\n    if (invite.email !== undefined) {\n      const user = await ctx.db.get(\"User\", acceptedByUserId);\n      const normalizedInviteEmail = invite.email.trim().toLowerCase();\n      const normalizedUserEmail = user?.email?.trim().toLowerCase();\n\n      if (\n        normalizedUserEmail === undefined ||\n        normalizedUserEmail !== normalizedInviteEmail\n      ) {\n        throw new ConvexError({\n          code: \"INVITE_EMAIL_MISMATCH\",\n          message: \"Invite email does not match accepting user's email\",\n          inviteId: invite._id,\n        });\n      }\n    }\n\n    let membershipStatus: \"joined\" | \"already_joined\" | \"not_applicable\" =\n      \"not_applicable\";\n    let memberId: Id<\"GroupMember\"> | undefined;\n\n    if (invite.groupId !== undefined) {\n      const existingMembership = await ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (q) =>\n          q.eq(\"groupId\", invite.groupId!).eq(\"userId\", acceptedByUserId),\n        )\n        .unique();\n\n      if (existingMembership !== null) {\n        membershipStatus = \"already_joined\";\n        memberId = existingMembership._id;\n      } else {\n        memberId = await ctx.db.insert(\"GroupMember\", {\n          groupId: invite.groupId,\n          userId: acceptedByUserId,\n          roleIds: invite.roleIds,\n          status: \"active\",\n        });\n        membershipStatus = \"joined\";\n      }\n    }\n\n    if (invite.status === \"pending\") {\n      await ctx.db.patch(\"GroupInvite\", invite._id, {\n        status: \"accepted\",\n        acceptedByUserId,\n        acceptedTime: now,\n      });\n    }\n\n    const inviteStatus: \"accepted\" | \"already_accepted\" =\n      invite.status === \"accepted\" ? \"already_accepted\" : \"accepted\";\n\n    return {\n      inviteId: invite._id,\n      groupId: invite.groupId ?? null,\n      memberId,\n      inviteStatus,\n      membershipStatus,\n    };\n  },\n});\n\n/**\n * Revoke a pending invitation.\n *\n * Marks the invite as `\"revoked\"`. Only invites with status `\"pending\"` can\n * be revoked. Throws a structured `ConvexError` when the invite doesn't\n * exist or is not currently pending. Once revoked, the invite's token can\n * no longer be used for acceptance.\n *\n * @param args.inviteId - The `Id<\"GroupInvite\">` of the invite to revoke.\n * @returns `null` on success.\n * @throws `ConvexError` with code `INVITE_NOT_FOUND` if the invite does not exist.\n * @throws `ConvexError` with code `INVITE_NOT_PENDING` if the invite has already been accepted, revoked, or expired.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.inviteRevoke, {\n *   inviteId: pendingInviteId,\n * });\n * ```\n */\nexport const inviteRevoke = mutation({\n  args: { inviteId: v.id(\"GroupInvite\") },\n  returns: v.null(),\n  handler: async (ctx, { inviteId }) => {\n    const invite = await ctx.db.get(\"GroupInvite\", inviteId);\n    if (invite === null) {\n      throw new ConvexError({\n        code: \"INVITE_NOT_FOUND\",\n        message: \"Invite not found\",\n        inviteId,\n      });\n    }\n    if (invite.status !== \"pending\") {\n      throw new ConvexError({\n        code: \"INVITE_NOT_PENDING\",\n        message: `Cannot revoke invite with status \"${invite.status}\"`,\n        inviteId,\n        currentStatus: invite.status,\n      });\n    }\n    await ctx.db.patch(\"GroupInvite\", inviteId, { status: \"revoked\" });\n    return null;\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoDA,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ;EACR,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,cAAc;CAC5B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,MAAM,KAAK,KAAK;AAItB,MAAI,KAAK,UAAU,OACjB,KAAI,KAAK,YAAY,QAAW;GAC9B,MAAM,uBAAuB,MAAM,IAAI,GACpC,MAAM,cAAc,CACpB,UAAU,oBAAoB,MAC7B,EAAE,GAAG,WAAW,KAAK,QAAQ,CAAC,GAAG,UAAU,UAAU,CACtD,CACA,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,KAAK,MAAM,CAAC,CACjD,SAAS;AAEZ,QAAK,MAAM,uBAAuB,sBAAsB;AAItD,QAFE,oBAAoB,gBAAgB,UACpC,oBAAoB,eAAe,KACtB;AACb,WAAM,IAAI,GAAG,MAAM,eAAe,oBAAoB,KAAK,EACzD,QAAQ,WACT,CAAC;AACF;;AAEF,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SACE;KACF,OAAO,KAAK;KACZ,SAAS,KAAK;KACd,kBAAkB,oBAAoB;KACvC,CAAC;;SAEC;GACL,MAAM,0BAA0B,MAAM,IAAI,GACvC,MAAM,cAAc,CACpB,UAAU,iBAAiB,MAC1B,EAAE,GAAG,SAAS,KAAK,MAAM,CAAC,GAAG,UAAU,UAAU,CAClD,CACA,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,OAAU,CAAC,CAClD,SAAS;AAEZ,QAAK,MAAM,0BAA0B,yBAAyB;AAI5D,QAFE,uBAAuB,gBAAgB,UACvC,uBAAuB,eAAe,KACzB;AACb,WAAM,IAAI,GAAG,MAAM,eAAe,uBAAuB,KAAK,EAC5D,QAAQ,WACT,CAAC;AACF;;AAEF,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SAAS;KACT,OAAO,KAAK;KACZ,kBAAkB,uBAAuB;KAC1C,CAAC;;;AAIR,SAAO,MAAM,IAAI,GAAG,OAAO,eAAe,KAAK;;CAElD,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,MAAM;CAC7B,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;;CAEnD,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,uBAAuB,MAAM;CACxC,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,cAAc,CACpB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;;CAEb,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCF,MAAa,aAAa,MAAM;CAC9B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;GACjC,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GAClC,QAAQ,EAAE,SAAS,cAAc;GACjC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GACzC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC9B,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAC3C,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,SAAS,EACnB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,cAAc,EACxB,EAAE,QAAQ,eAAe,CAC1B,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,gBAAgB;CACpC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,cAAc,OACtB,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,eAAe,QACxB,IAAI,GAAG,aAAa,MAAM,UAAW,CACtC;WACM,MAAM,YAAY,UAAa,MAAM,WAAW,OACzD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,oBAAoB,QAC7B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;WACM,MAAM,UAAU,UAAa,MAAM,WAAW,OACvD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,iBAAiB,QAC1B,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC1D;WAEH,MAAM,oBAAoB,UAC1B,MAAM,WAAW,OAEjB,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,8BAA8B,QACvC,IACG,GAAG,mBAAmB,MAAM,gBAAiB,CAC7C,GAAG,UAAU,MAAM,OAAQ,CAC/B;WACM,MAAM,YAAY,OAC3B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC;WAC3D,MAAM,WAAW,OAC1B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,WAAW,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEhE,KAAI,IAAI,GAAG,MAAM,cAAc;AAIjC,MAAI,MAAM,YAAY,OACpB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,MAAM,QAAS,CAAC;AAE/D,MAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAE7D,MAAI,MAAM,UAAU,OAClB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAE3D,MAAI,MAAM,oBAAoB,OAC5B,KAAI,EAAE,QAAQ,MACZ,EAAE,GAAG,EAAE,MAAM,kBAAkB,EAAE,MAAM,gBAAiB,CACzD;AAEH,MAAI,MAAM,qBAAqB,OAC7B,KAAI,EAAE,QAAQ,MACZ,EAAE,GAAG,EAAE,MAAM,mBAAmB,EAAE,MAAM,iBAAkB,CAC3D;AAEH,MAAI,MAAM,cAAc,OACtB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,YAAY,EAAE,MAAM,UAAW,CAAC;AAGnE,MAAI,EAAE,MAAM,MAAM;EAElB,IAAI,MAAM,MAAM,EAAE,SAAS;AAC3B,MAAI,MAAM,WAAW,OACnB,OAAM,IAAI,QAAQ,SAAS,IAAI,WAAW,EAAE,EAAE,SAAS,MAAM,OAAQ,CAAC;EAExE,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,eAAe,SAAS;CACnC,MAAM;EACJ,UAAU,EAAE,GAAG,cAAc;EAC7B,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAC3C;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,uBAAuB;EACtD,MAAM,SAAS,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;AACxD,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D;GACA,eAAe,OAAO;GACvB,CAAC;AAEJ,MAAI,OAAO,gBAAgB,UAAa,OAAO,eAAe,KAAK,KAAK,EAAE;AACxE,SAAM,IAAI,GAAG,MAAM,eAAe,UAAU,EAC1C,QAAQ,WACT,CAAC;AACF,SAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT;IACD,CAAC;;AAEJ,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU;GAC1C,QAAQ;GACR,cAAc,KAAK,KAAK;GACxB,GAAI,mBAAmB,EAAE,kBAAkB,GAAG,EAAE;GACjD,CAAC;AACF,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CF,MAAa,sBAAsB,SAAS;CAC1C,MAAM;EACJ,WAAW,EAAE,QAAQ;EACrB,kBAAkB,EAAE,GAAG,OAAO;EAC/B;CACD,SAAS;CACT,SAAS,OAAO,KAAK,EAAE,WAAW,uBAAuB;EACvD,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,cAAc,CACpB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;AAEV,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;EAGJ,MAAM,MAAM,KAAK,KAAK;AACtB,MAAI,OAAO,WAAW,WACpB;OAAI,OAAO,gBAAgB,UAAa,OAAO,eAAe,KAAK;AACjE,UAAM,IAAI,GAAG,MAAM,eAAe,OAAO,KAAK,EAAE,QAAQ,WAAW,CAAC;AACpE,UAAM,IAAI,YAAY;KACpB,MAAM;KACN,SAAS;KACT,UAAU,OAAO;KAClB,CAAC;;aAEK,OAAO,WAAW,YAC3B;OAAI,OAAO,qBAAqB,iBAC9B,OAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT,UAAU,OAAO;IAClB,CAAC;QAGJ,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D,UAAU,OAAO;GACjB,eAAe,OAAO;GACvB,CAAC;AAGJ,MAAI,OAAO,UAAU,QAAW;GAC9B,MAAM,OAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,iBAAiB;GACvD,MAAM,wBAAwB,OAAO,MAAM,MAAM,CAAC,aAAa;GAC/D,MAAM,sBAAsB,MAAM,OAAO,MAAM,CAAC,aAAa;AAE7D,OACE,wBAAwB,UACxB,wBAAwB,sBAExB,OAAM,IAAI,YAAY;IACpB,MAAM;IACN,SAAS;IACT,UAAU,OAAO;IAClB,CAAC;;EAIN,IAAI,mBACF;EACF,IAAI;AAEJ,MAAI,OAAO,YAAY,QAAW;GAChC,MAAM,qBAAqB,MAAM,IAAI,GAClC,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,OAAO,QAAS,CAAC,GAAG,UAAU,iBAAiB,CAChE,CACA,QAAQ;AAEX,OAAI,uBAAuB,MAAM;AAC/B,uBAAmB;AACnB,eAAW,mBAAmB;UACzB;AACL,eAAW,MAAM,IAAI,GAAG,OAAO,eAAe;KAC5C,SAAS,OAAO;KAChB,QAAQ;KACR,SAAS,OAAO;KAChB,QAAQ;KACT,CAAC;AACF,uBAAmB;;;AAIvB,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,GAAG,MAAM,eAAe,OAAO,KAAK;GAC5C,QAAQ;GACR;GACA,cAAc;GACf,CAAC;EAGJ,MAAM,eACJ,OAAO,WAAW,aAAa,qBAAqB;AAEtD,SAAO;GACL,UAAU,OAAO;GACjB,SAAS,OAAO,WAAW;GAC3B;GACA;GACA;GACD;;CAEJ,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;EACpC,MAAM,SAAS,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;AACxD,MAAI,WAAW,KACb,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,MAAI,OAAO,WAAW,UACpB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS,qCAAqC,OAAO,OAAO;GAC5D;GACA,eAAe,OAAO;GACvB,CAAC;AAEJ,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU,EAAE,QAAQ,WAAW,CAAC;AAClE,SAAO;;CAEV,CAAC"}

package/dist/component/public/groups/members.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"members.d.ts","names":[],"sources":["../../../../src/component/public/groups/members.ts"],"mappings":";;;;;;;;;;;;;;;AAqCA;;;;;AAgDA;;;;;AAwCA;;;;;AAqGA;;;;;cA7La,SAAA;;;;;AAyUb;;;;;AA+BA;;;;;;;;;;cAxTa,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqGA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2DA,aAAA;;;;;;;;;;;;;;;;;;cAiFA,YAAA;;;;;;;;;;;;;;;;;;;;;;;cA+BA,YAAA"}
+{"version":3,"file":"members.d.ts","names":[],"sources":["../../../../src/component/public/groups/members.ts"],"mappings":";;;;;;;;;;;;;;;AAsCA;;;;;AAgDA;;;;;AAwCA;;;;;AAqGA;;;;;cA7La,SAAA;;;;;AAyUb;;;;;AA+BA;;;;;;;;;;cAxTa,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqGA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2DA,aAAA;;;;;;;;;;;;;;;;;;cAiFA,YAAA;;;;;;;;;;;;;;;;;;;;;;;cA+BA,YAAA"}

package/dist/component/public/groups/members.js.map

@@ -1 +1 @@
-{"version":3,"file":"members.js","names":[],"sources":["../../../../src/component/public/groups/members.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\nimport type { Id } from \"../../_generated/dataModel\";\nimport { mutation, query } from \"../../functions\";\nimport { vGroupMemberDoc, vPaginated } from \"../../model\";\n\n/**\n * Add a user as a member of a group.\n *\n * The `roleIds` field stores application-defined role identifiers. The auth\n * component stores assignments but does not enforce access control — your\n * application defines what each role means.\n *\n * Throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` when the user is\n * already a member of the target group. The duplicate check uses the\n * `group_id_user_id` compound index for an exact match.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to add the user to.\n * @param args.userId - The `Id<\"User\">` of the user to add as a member.\n * @param args.roleIds - Optional array of application-defined role identifiers (e.g. `[\"admin\", \"editor\"]`).\n * @param args.status - Optional membership status string (e.g. `\"active\"`, `\"suspended\"`). Defaults to whatever your application convention is.\n * @param args.extend - Optional arbitrary payload for application-specific metadata on the membership.\n * @returns The `Id<\"GroupMember\">` of the newly created member document.\n * @throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` if the user is already a member of this group.\n *\n * @example\n * ```ts\n * const memberId = await ctx.runMutation(\n *   components.auth.groups.memberAdd,\n *   {\n *     groupId: teamGroupId,\n *     userId: newUserId,\n *     roleIds: [\"viewer\"],\n *     status: \"active\",\n *   },\n * );\n * ```\n */\nexport const memberAdd = mutation({\n  args: {\n    groupId: v.id(\"Group\"),\n    userId: v.id(\"User\"),\n    roleIds: v.optional(v.array(v.string())),\n    status: v.optional(v.string()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"GroupMember\"),\n  handler: async (ctx, args) => {\n    const existingMembership = await ctx.db\n      .query(\"GroupMember\")\n      .withIndex(\"group_id_user_id\", (q) =>\n        q.eq(\"groupId\", args.groupId).eq(\"userId\", args.userId),\n      )\n      .unique();\n    if (existingMembership !== null) {\n      throw new ConvexError({\n        code: \"DUPLICATE_MEMBERSHIP\",\n        message: \"User is already a member of this group\",\n        groupId: args.groupId,\n        userId: args.userId,\n        existingMemberId: existingMembership._id,\n      });\n    }\n    return await ctx.db.insert(\"GroupMember\", args);\n  },\n});\n\n/**\n * Retrieve a member record by its document ID.\n *\n * Performs a direct lookup in the `GroupMember` table and returns the full\n * member document, or `null` if no member exists with the given ID.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to retrieve.\n * @returns The member document (including `groupId`, `userId`, `roleIds`, `status`, etc.) or `null` if not found.\n *\n * @example\n * ```ts\n * const member = await ctx.runQuery(components.auth.groups.memberGet, {\n *   memberId: existingMemberId,\n * });\n * if (member !== null) {\n *   console.log(member.userId, member.roleIds);\n * }\n * ```\n */\nexport const memberGet = query({\n  args: { memberId: v.id(\"GroupMember\") },\n  returns: v.union(vGroupMemberDoc, v.null()),\n  handler: async (ctx, { memberId }) => {\n    return await ctx.db.get(\"GroupMember\", memberId);\n  },\n});\n\n/**\n * List members with optional filtering, sorting, and pagination.\n *\n * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,\n * `userId`, `roleId`, and `status`. The query engine automatically selects\n * the best compound index based on the combination of filter fields\n * provided. The `roleId` filter is applied in-memory after the index scan\n * because role IDs are stored as an array.\n *\n * @param args.where - Optional filter criteria for narrowing results.\n * @param args.where.groupId - Match members belonging to this group.\n * @param args.where.userId - Match members for this specific user.\n * @param args.where.roleId - Match members whose `roleIds` array includes this role identifier.\n * @param args.where.status - Match members with this exact status string (e.g. `\"active\"`).\n * @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.\n * @param args.orderBy - The field to sort by: `\"_creationTime\"` or `\"status\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (defaults to `\"desc\"`).\n * @returns An object `{ items, nextCursor }` where `items` is an array of member documents and `nextCursor` is `null` when there are no more pages.\n *\n * @example\n * ```ts\n * const { items, nextCursor } = await ctx.runQuery(\n *   components.auth.groups.memberList,\n *   {\n *     where: { groupId: teamGroupId, status: \"active\" },\n *     limit: 30,\n *     order: \"asc\",\n *   },\n * );\n * ```\n */\nexport const memberList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        groupId: v.optional(v.id(\"Group\")),\n        userId: v.optional(v.id(\"User\")),\n        roleId: v.optional(v.string()),\n        status: v.optional(v.string()),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(v.literal(\"_creationTime\"), v.literal(\"status\")),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vGroupMemberDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    let q;\n    if (where.groupId !== undefined && where.userId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"userId\", where.userId!),\n        );\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    } else if (where.groupId !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_status\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"status\", where.status!),\n        );\n    } else if (where.groupId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", where.groupId!));\n    } else if (where.userId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    } else {\n      q = ctx.db.query(\"GroupMember\");\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    }\n\n    q = q.order(order);\n\n    let all = await q.collect();\n    if (where.roleId !== undefined) {\n      all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));\n    }\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Look up a specific user's membership in a specific group.\n *\n * Uses the `group_id_user_id` compound index for an efficient exact-match\n * lookup. Returns `null` if the user is not a member of the group. Unlike\n * {@link memberResolve}, this does **not** walk the group hierarchy — it\n * checks only the specified group.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to check.\n * @param args.userId - The `Id<\"User\">` of the user whose membership to look up.\n * @returns The member document or `null` if the user is not a direct member of the group.\n *\n * @example\n * ```ts\n * const member = await ctx.runQuery(\n *   components.auth.groups.memberGetByGroupAndUser,\n *   { groupId: teamGroupId, userId: currentUserId },\n * );\n * if (member !== null) {\n *   console.log(\"User has roles:\", member.roleIds);\n * }\n * ```\n */\nexport const memberGetByGroupAndUser = query({\n  args: { groupId: v.id(\"Group\"), userId: v.id(\"User\") },\n  returns: v.union(vGroupMemberDoc, v.null()),\n  handler: async (ctx, { groupId, userId }) => {\n    return await ctx.db\n      .query(\"GroupMember\")\n      .withIndex(\"group_id_user_id\", (q) =>\n        q.eq(\"groupId\", groupId).eq(\"userId\", userId),\n      )\n      .unique();\n  },\n});\n\n/**\n * Resolve a user's membership by walking the group hierarchy from the\n * requested group up to the root. Returns the first matching membership\n * found, enabling inherited (ancestor-level) access checks.\n *\n * The traversal walks from `groupId` to its `parentGroupId`, then to the\n * parent's parent, and so on, up to `maxDepth` levels (default 32). It\n * stops at the first group where the user has a membership record. Cycle\n * detection prevents infinite loops if the hierarchy is malformed.\n *\n * When `ancestry` is `true`, the response includes a `traversedGroupIds`\n * array showing the full path that was walked (useful for debugging or\n * audit trails).\n *\n * This runs entirely inside the component (no cross-component RPCs per level).\n *\n * @param args.userId - The `Id<\"User\">` of the user whose membership to resolve.\n * @param args.groupId - The `Id<\"Group\">` to start the upward traversal from.\n * @param args.maxDepth - Optional maximum number of parent levels to traverse (defaults to 32). Set to `0` to check only the exact group.\n * @param args.ancestry - When `true`, the response includes the `traversedGroupIds` array showing all group IDs visited during the walk.\n * @returns An object with:\n *   - `membership` — the member document at the matched group, or `null` if none was found.\n *   - `matchedGroupId` — the ID of the group where membership was found, or `null`.\n *   - `depth` — how many levels above `groupId` the match was found (0 = direct), or `null` if not found.\n *   - `isDirect` — `true` when `depth === 0`.\n *   - `isInherited` — `true` when `depth > 0`.\n *   - `traversedGroupIds` — (only when `ancestry` is `true`) array of group IDs visited.\n *\n * @example\n * ```ts\n * const result = await ctx.runQuery(\n *   components.auth.groups.memberResolve,\n *   {\n *     userId: currentUserId,\n *     groupId: subTeamGroupId,\n *     maxDepth: 5,\n *     ancestry: true,\n *   },\n * );\n * if (result.membership !== null) {\n *   console.log(\n *     result.isDirect ? \"Direct member\" : `Inherited from depth ${result.depth}`,\n *   );\n * }\n * ```\n */\nexport const memberResolve = query({\n  args: {\n    userId: v.id(\"User\"),\n    groupId: v.id(\"Group\"),\n    maxDepth: v.optional(v.number()),\n    ancestry: v.optional(v.boolean()),\n  },\n  returns: v.object({\n    membership: v.union(vGroupMemberDoc, v.null()),\n    matchedGroupId: v.union(v.id(\"Group\"), v.null()),\n    depth: v.union(v.number(), v.null()),\n    isDirect: v.boolean(),\n    isInherited: v.boolean(),\n    traversedGroupIds: v.optional(v.array(v.id(\"Group\"))),\n  }),\n  handler: async (ctx, args) => {\n    const maxDepth = Math.max(0, Math.floor(args.maxDepth ?? 32));\n    const includeAncestry = args.ancestry ?? false;\n    const visited = new Set<string>();\n    const traversedGroupIds: Id<\"Group\">[] = [];\n    let currentGroupId: Id<\"Group\"> | undefined = args.groupId;\n    let depth = 0;\n\n    while (currentGroupId !== undefined && depth <= maxDepth) {\n      if (visited.has(currentGroupId)) break;\n      visited.add(currentGroupId);\n      if (includeAncestry) traversedGroupIds.push(currentGroupId);\n\n      const membership = await ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (q) =>\n          q.eq(\"groupId\", currentGroupId!).eq(\"userId\", args.userId),\n        )\n        .unique();\n\n      if (membership !== null) {\n        return {\n          membership,\n          matchedGroupId: currentGroupId,\n          depth,\n          isDirect: depth === 0,\n          isInherited: depth > 0,\n          ...(includeAncestry ? { traversedGroupIds } : {}),\n        };\n      }\n\n      const groupDoc: { parentGroupId?: Id<\"Group\"> } | null =\n        await ctx.db.get(currentGroupId);\n      if (!groupDoc?.parentGroupId) break;\n      currentGroupId = groupDoc.parentGroupId;\n      depth++;\n    }\n\n    return {\n      membership: null,\n      matchedGroupId: null,\n      depth: null,\n      isDirect: false,\n      isInherited: false,\n      ...(includeAncestry ? { traversedGroupIds } : {}),\n    };\n  },\n});\n\n/**\n * Remove a member from a group by permanently deleting the member record.\n *\n * This is a hard delete — the `GroupMember` document is removed from the\n * database entirely. If you need soft-delete semantics, use\n * {@link memberUpdate} to set the `status` field instead.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.memberRemove, {\n *   memberId: memberToRemoveId,\n * });\n * ```\n */\nexport const memberRemove = mutation({\n  args: { memberId: v.id(\"GroupMember\") },\n  returns: v.null(),\n  handler: async (ctx, { memberId }) => {\n    await ctx.db.delete(\"GroupMember\", memberId);\n    return null;\n  },\n});\n\n/**\n * Update a member record's mutable fields such as `roleIds`, `status`, and\n * `extend`.\n *\n * Uses `db.patch` under the hood, so only the fields present in `data` are\n * modified — all other fields on the member document are left unchanged.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to update.\n * @param args.data - A partial object of fields to patch. Supported keys include `roleIds`, `status`, and `extend`.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.memberUpdate, {\n *   memberId: existingMemberId,\n *   data: {\n *     roleIds: [\"admin\", \"editor\"],\n *     status: \"active\",\n *   },\n * });\n * ```\n */\nexport const memberUpdate = mutation({\n  args: { memberId: v.id(\"GroupMember\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { memberId, data }) => {\n    await ctx.db.patch(\"GroupMember\", memberId, data);\n    return null;\n  },\n});\n\n// ============================================================================\n// Invites\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,MAAa,YAAY,SAAS;CAChC,MAAM;EACJ,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ,EAAE,GAAG,OAAO;EACpB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,cAAc;CAC5B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,qBAAqB,MAAM,IAAI,GAClC,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,KAAK,QAAQ,CAAC,GAAG,UAAU,KAAK,OAAO,CACxD,CACA,QAAQ;AACX,MAAI,uBAAuB,KACzB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT,SAAS,KAAK;GACd,QAAQ,KAAK;GACb,kBAAkB,mBAAmB;GACtC,CAAC;AAEJ,SAAO,MAAM,IAAI,GAAG,OAAO,eAAe,KAAK;;CAElD,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,MAAM;CAC7B,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;;CAEnD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCF,MAAa,aAAa,MAAM;CAC9B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GAClC,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAChC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC9B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC/B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MAAM,EAAE,QAAQ,gBAAgB,EAAE,EAAE,QAAQ,SAAS,CAAC,CACzD;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,gBAAgB;CACpC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,YAAY,UAAa,MAAM,WAAW,QAAW;AAC7D,OAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,qBAAqB,QAC9B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;AACH,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;aAEpD,MAAM,YAAY,UAAa,MAAM,WAAW,OACzD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,oBAAoB,QAC7B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;WACM,MAAM,YAAY,OAC3B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC;WAC3D,MAAM,WAAW,QAAW;AACrC,OAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;AACjE,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;SAExD;AACL,OAAI,IAAI,GAAG,MAAM,cAAc;AAC/B,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;;AAI/D,MAAI,EAAE,MAAM,MAAM;EAElB,IAAI,MAAM,MAAM,EAAE,SAAS;AAC3B,MAAI,MAAM,WAAW,OACnB,OAAM,IAAI,QAAQ,SAAS,IAAI,WAAW,EAAE,EAAE,SAAS,MAAM,OAAQ,CAAC;EAExE,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EAAE,SAAS,EAAE,GAAG,QAAQ;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE;CACtD,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,SAAS,aAAa;AAC3C,SAAO,MAAM,IAAI,GACd,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,QAAQ,CAAC,GAAG,UAAU,OAAO,CAC9C,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,gBAAgB,MAAM;CACjC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,SAAS,EAAE,GAAG,QAAQ;EACtB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC;EAClC;CACD,SAAS,EAAE,OAAO;EAChB,YAAY,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;EAC9C,gBAAgB,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,EAAE,MAAM,CAAC;EAChD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC;EACpC,UAAU,EAAE,SAAS;EACrB,aAAa,EAAE,SAAS;EACxB,mBAAmB,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC;EACtD,CAAC;CACF,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;EAC7D,MAAM,kBAAkB,KAAK,YAAY;EACzC,MAAM,0BAAU,IAAI,KAAa;EACjC,MAAM,oBAAmC,EAAE;EAC3C,IAAI,iBAA0C,KAAK;EACnD,IAAI,QAAQ;AAEZ,SAAO,mBAAmB,UAAa,SAAS,UAAU;AACxD,OAAI,QAAQ,IAAI,eAAe,CAAE;AACjC,WAAQ,IAAI,eAAe;AAC3B,OAAI,gBAAiB,mBAAkB,KAAK,eAAe;GAE3D,MAAM,aAAa,MAAM,IAAI,GAC1B,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,eAAgB,CAAC,GAAG,UAAU,KAAK,OAAO,CAC3D,CACA,QAAQ;AAEX,OAAI,eAAe,KACjB,QAAO;IACL;IACA,gBAAgB;IAChB;IACA,UAAU,UAAU;IACpB,aAAa,QAAQ;IACrB,GAAI,kBAAkB,EAAE,mBAAmB,GAAG,EAAE;IACjD;GAGH,MAAM,WACJ,MAAM,IAAI,GAAG,IAAI,eAAe;AAClC,OAAI,CAAC,UAAU,cAAe;AAC9B,oBAAiB,SAAS;AAC1B;;AAGF,SAAO;GACL,YAAY;GACZ,gBAAgB;GAChB,OAAO;GACP,UAAU;GACV,aAAa;GACb,GAAI,kBAAkB,EAAE,mBAAmB,GAAG,EAAE;GACjD;;CAEJ,CAAC;;;;;;;;;;;;;;;;;;AAmBF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,QAAM,IAAI,GAAG,OAAO,eAAe,SAAS;AAC5C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,UAAU,EAAE,GAAG,cAAc;EAAE,MAAM,EAAE,KAAK;EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,WAAW;AAC1C,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU,KAAK;AACjD,SAAO;;CAEV,CAAC"}
+{"version":3,"file":"members.js","names":[],"sources":["../../../../src/component/public/groups/members.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\n\nimport type { Id } from \"../../_generated/dataModel\";\nimport { mutation, query } from \"../../functions\";\nimport { vGroupMemberDoc, vPaginated } from \"../../model\";\n\n/**\n * Add a user as a member of a group.\n *\n * The `roleIds` field stores application-defined role identifiers. The auth\n * component stores assignments but does not enforce access control — your\n * application defines what each role means.\n *\n * Throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` when the user is\n * already a member of the target group. The duplicate check uses the\n * `group_id_user_id` compound index for an exact match.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to add the user to.\n * @param args.userId - The `Id<\"User\">` of the user to add as a member.\n * @param args.roleIds - Optional array of application-defined role identifiers (e.g. `[\"admin\", \"editor\"]`).\n * @param args.status - Optional membership status string (e.g. `\"active\"`, `\"suspended\"`). Defaults to whatever your application convention is.\n * @param args.extend - Optional arbitrary payload for application-specific metadata on the membership.\n * @returns The `Id<\"GroupMember\">` of the newly created member document.\n * @throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` if the user is already a member of this group.\n *\n * @example\n * ```ts\n * const memberId = await ctx.runMutation(\n *   components.auth.groups.memberAdd,\n *   {\n *     groupId: teamGroupId,\n *     userId: newUserId,\n *     roleIds: [\"viewer\"],\n *     status: \"active\",\n *   },\n * );\n * ```\n */\nexport const memberAdd = mutation({\n  args: {\n    groupId: v.id(\"Group\"),\n    userId: v.id(\"User\"),\n    roleIds: v.optional(v.array(v.string())),\n    status: v.optional(v.string()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"GroupMember\"),\n  handler: async (ctx, args) => {\n    const existingMembership = await ctx.db\n      .query(\"GroupMember\")\n      .withIndex(\"group_id_user_id\", (q) =>\n        q.eq(\"groupId\", args.groupId).eq(\"userId\", args.userId),\n      )\n      .unique();\n    if (existingMembership !== null) {\n      throw new ConvexError({\n        code: \"DUPLICATE_MEMBERSHIP\",\n        message: \"User is already a member of this group\",\n        groupId: args.groupId,\n        userId: args.userId,\n        existingMemberId: existingMembership._id,\n      });\n    }\n    return await ctx.db.insert(\"GroupMember\", args);\n  },\n});\n\n/**\n * Retrieve a member record by its document ID.\n *\n * Performs a direct lookup in the `GroupMember` table and returns the full\n * member document, or `null` if no member exists with the given ID.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to retrieve.\n * @returns The member document (including `groupId`, `userId`, `roleIds`, `status`, etc.) or `null` if not found.\n *\n * @example\n * ```ts\n * const member = await ctx.runQuery(components.auth.groups.memberGet, {\n *   memberId: existingMemberId,\n * });\n * if (member !== null) {\n *   console.log(member.userId, member.roleIds);\n * }\n * ```\n */\nexport const memberGet = query({\n  args: { memberId: v.id(\"GroupMember\") },\n  returns: v.union(vGroupMemberDoc, v.null()),\n  handler: async (ctx, { memberId }) => {\n    return await ctx.db.get(\"GroupMember\", memberId);\n  },\n});\n\n/**\n * List members with optional filtering, sorting, and pagination.\n *\n * Returns `{ items, nextCursor }`. Supports filtering by `groupId`,\n * `userId`, `roleId`, and `status`. The query engine automatically selects\n * the best compound index based on the combination of filter fields\n * provided. The `roleId` filter is applied in-memory after the index scan\n * because role IDs are stored as an array.\n *\n * @param args.where - Optional filter criteria for narrowing results.\n * @param args.where.groupId - Match members belonging to this group.\n * @param args.where.userId - Match members for this specific user.\n * @param args.where.roleId - Match members whose `roleIds` array includes this role identifier.\n * @param args.where.status - Match members with this exact status string (e.g. `\"active\"`).\n * @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.\n * @param args.orderBy - The field to sort by: `\"_creationTime\"` or `\"status\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (defaults to `\"desc\"`).\n * @returns An object `{ items, nextCursor }` where `items` is an array of member documents and `nextCursor` is `null` when there are no more pages.\n *\n * @example\n * ```ts\n * const { items, nextCursor } = await ctx.runQuery(\n *   components.auth.groups.memberList,\n *   {\n *     where: { groupId: teamGroupId, status: \"active\" },\n *     limit: 30,\n *     order: \"asc\",\n *   },\n * );\n * ```\n */\nexport const memberList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        groupId: v.optional(v.id(\"Group\")),\n        userId: v.optional(v.id(\"User\")),\n        roleId: v.optional(v.string()),\n        status: v.optional(v.string()),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(v.literal(\"_creationTime\"), v.literal(\"status\")),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vGroupMemberDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    let q;\n    if (where.groupId !== undefined && where.userId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"userId\", where.userId!),\n        );\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    } else if (where.groupId !== undefined && where.status !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_status\", (idx) =>\n          idx.eq(\"groupId\", where.groupId!).eq(\"status\", where.status!),\n        );\n    } else if (where.groupId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id\", (idx) => idx.eq(\"groupId\", where.groupId!));\n    } else if (where.userId !== undefined) {\n      q = ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    } else {\n      q = ctx.db.query(\"GroupMember\");\n      if (where.status !== undefined) {\n        q = q.filter((f) => f.eq(f.field(\"status\"), where.status!));\n      }\n    }\n\n    q = q.order(order);\n\n    let all = await q.collect();\n    if (where.roleId !== undefined) {\n      all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));\n    }\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Look up a specific user's membership in a specific group.\n *\n * Uses the `group_id_user_id` compound index for an efficient exact-match\n * lookup. Returns `null` if the user is not a member of the group. Unlike\n * {@link memberResolve}, this does **not** walk the group hierarchy — it\n * checks only the specified group.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to check.\n * @param args.userId - The `Id<\"User\">` of the user whose membership to look up.\n * @returns The member document or `null` if the user is not a direct member of the group.\n *\n * @example\n * ```ts\n * const member = await ctx.runQuery(\n *   components.auth.groups.memberGetByGroupAndUser,\n *   { groupId: teamGroupId, userId: currentUserId },\n * );\n * if (member !== null) {\n *   console.log(\"User has roles:\", member.roleIds);\n * }\n * ```\n */\nexport const memberGetByGroupAndUser = query({\n  args: { groupId: v.id(\"Group\"), userId: v.id(\"User\") },\n  returns: v.union(vGroupMemberDoc, v.null()),\n  handler: async (ctx, { groupId, userId }) => {\n    return await ctx.db\n      .query(\"GroupMember\")\n      .withIndex(\"group_id_user_id\", (q) =>\n        q.eq(\"groupId\", groupId).eq(\"userId\", userId),\n      )\n      .unique();\n  },\n});\n\n/**\n * Resolve a user's membership by walking the group hierarchy from the\n * requested group up to the root. Returns the first matching membership\n * found, enabling inherited (ancestor-level) access checks.\n *\n * The traversal walks from `groupId` to its `parentGroupId`, then to the\n * parent's parent, and so on, up to `maxDepth` levels (default 32). It\n * stops at the first group where the user has a membership record. Cycle\n * detection prevents infinite loops if the hierarchy is malformed.\n *\n * When `ancestry` is `true`, the response includes a `traversedGroupIds`\n * array showing the full path that was walked (useful for debugging or\n * audit trails).\n *\n * This runs entirely inside the component (no cross-component RPCs per level).\n *\n * @param args.userId - The `Id<\"User\">` of the user whose membership to resolve.\n * @param args.groupId - The `Id<\"Group\">` to start the upward traversal from.\n * @param args.maxDepth - Optional maximum number of parent levels to traverse (defaults to 32). Set to `0` to check only the exact group.\n * @param args.ancestry - When `true`, the response includes the `traversedGroupIds` array showing all group IDs visited during the walk.\n * @returns An object with:\n *   - `membership` — the member document at the matched group, or `null` if none was found.\n *   - `matchedGroupId` — the ID of the group where membership was found, or `null`.\n *   - `depth` — how many levels above `groupId` the match was found (0 = direct), or `null` if not found.\n *   - `isDirect` — `true` when `depth === 0`.\n *   - `isInherited` — `true` when `depth > 0`.\n *   - `traversedGroupIds` — (only when `ancestry` is `true`) array of group IDs visited.\n *\n * @example\n * ```ts\n * const result = await ctx.runQuery(\n *   components.auth.groups.memberResolve,\n *   {\n *     userId: currentUserId,\n *     groupId: subTeamGroupId,\n *     maxDepth: 5,\n *     ancestry: true,\n *   },\n * );\n * if (result.membership !== null) {\n *   console.log(\n *     result.isDirect ? \"Direct member\" : `Inherited from depth ${result.depth}`,\n *   );\n * }\n * ```\n */\nexport const memberResolve = query({\n  args: {\n    userId: v.id(\"User\"),\n    groupId: v.id(\"Group\"),\n    maxDepth: v.optional(v.number()),\n    ancestry: v.optional(v.boolean()),\n  },\n  returns: v.object({\n    membership: v.union(vGroupMemberDoc, v.null()),\n    matchedGroupId: v.union(v.id(\"Group\"), v.null()),\n    depth: v.union(v.number(), v.null()),\n    isDirect: v.boolean(),\n    isInherited: v.boolean(),\n    traversedGroupIds: v.optional(v.array(v.id(\"Group\"))),\n  }),\n  handler: async (ctx, args) => {\n    const maxDepth = Math.max(0, Math.floor(args.maxDepth ?? 32));\n    const includeAncestry = args.ancestry ?? false;\n    const visited = new Set<string>();\n    const traversedGroupIds: Id<\"Group\">[] = [];\n    let currentGroupId: Id<\"Group\"> | undefined = args.groupId;\n    let depth = 0;\n\n    while (currentGroupId !== undefined && depth <= maxDepth) {\n      if (visited.has(currentGroupId)) break;\n      visited.add(currentGroupId);\n      if (includeAncestry) traversedGroupIds.push(currentGroupId);\n\n      const membership = await ctx.db\n        .query(\"GroupMember\")\n        .withIndex(\"group_id_user_id\", (q) =>\n          q.eq(\"groupId\", currentGroupId!).eq(\"userId\", args.userId),\n        )\n        .unique();\n\n      if (membership !== null) {\n        return {\n          membership,\n          matchedGroupId: currentGroupId,\n          depth,\n          isDirect: depth === 0,\n          isInherited: depth > 0,\n          ...(includeAncestry ? { traversedGroupIds } : {}),\n        };\n      }\n\n      const groupDoc: { parentGroupId?: Id<\"Group\"> } | null =\n        await ctx.db.get(currentGroupId);\n      if (!groupDoc?.parentGroupId) break;\n      currentGroupId = groupDoc.parentGroupId;\n      depth++;\n    }\n\n    return {\n      membership: null,\n      matchedGroupId: null,\n      depth: null,\n      isDirect: false,\n      isInherited: false,\n      ...(includeAncestry ? { traversedGroupIds } : {}),\n    };\n  },\n});\n\n/**\n * Remove a member from a group by permanently deleting the member record.\n *\n * This is a hard delete — the `GroupMember` document is removed from the\n * database entirely. If you need soft-delete semantics, use\n * {@link memberUpdate} to set the `status` field instead.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.memberRemove, {\n *   memberId: memberToRemoveId,\n * });\n * ```\n */\nexport const memberRemove = mutation({\n  args: { memberId: v.id(\"GroupMember\") },\n  returns: v.null(),\n  handler: async (ctx, { memberId }) => {\n    await ctx.db.delete(\"GroupMember\", memberId);\n    return null;\n  },\n});\n\n/**\n * Update a member record's mutable fields such as `roleIds`, `status`, and\n * `extend`.\n *\n * Uses `db.patch` under the hood, so only the fields present in `data` are\n * modified — all other fields on the member document are left unchanged.\n *\n * @param args.memberId - The `Id<\"GroupMember\">` of the member record to update.\n * @param args.data - A partial object of fields to patch. Supported keys include `roleIds`, `status`, and `extend`.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.memberUpdate, {\n *   memberId: existingMemberId,\n *   data: {\n *     roleIds: [\"admin\", \"editor\"],\n *     status: \"active\",\n *   },\n * });\n * ```\n */\nexport const memberUpdate = mutation({\n  args: { memberId: v.id(\"GroupMember\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { memberId, data }) => {\n    await ctx.db.patch(\"GroupMember\", memberId, data);\n    return null;\n  },\n});\n\n// ============================================================================\n// Invites\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCA,MAAa,YAAY,SAAS;CAChC,MAAM;EACJ,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ,EAAE,GAAG,OAAO;EACpB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,cAAc;CAC5B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,qBAAqB,MAAM,IAAI,GAClC,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,KAAK,QAAQ,CAAC,GAAG,UAAU,KAAK,OAAO,CACxD,CACA,QAAQ;AACX,MAAI,uBAAuB,KACzB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT,SAAS,KAAK;GACd,QAAQ,KAAK;GACb,kBAAkB,mBAAmB;GACtC,CAAC;AAEJ,SAAO,MAAM,IAAI,GAAG,OAAO,eAAe,KAAK;;CAElD,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,MAAM;CAC7B,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,SAAO,MAAM,IAAI,GAAG,IAAI,eAAe,SAAS;;CAEnD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCF,MAAa,aAAa,MAAM;CAC9B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GAClC,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAChC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC9B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC/B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MAAM,EAAE,QAAQ,gBAAgB,EAAE,EAAE,QAAQ,SAAS,CAAC,CACzD;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,gBAAgB;CACpC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,YAAY,UAAa,MAAM,WAAW,QAAW;AAC7D,OAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,qBAAqB,QAC9B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;AACH,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;aAEpD,MAAM,YAAY,UAAa,MAAM,WAAW,OACzD,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,oBAAoB,QAC7B,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC,GAAG,UAAU,MAAM,OAAQ,CAC9D;WACM,MAAM,YAAY,OAC3B,KAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,aAAa,QAAQ,IAAI,GAAG,WAAW,MAAM,QAAS,CAAC;WAC3D,MAAM,WAAW,QAAW;AACrC,OAAI,IAAI,GACL,MAAM,cAAc,CACpB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;AACjE,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;SAExD;AACL,OAAI,IAAI,GAAG,MAAM,cAAc;AAC/B,OAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;;AAI/D,MAAI,EAAE,MAAM,MAAM;EAElB,IAAI,MAAM,MAAM,EAAE,SAAS;AAC3B,MAAI,MAAM,WAAW,OACnB,OAAM,IAAI,QAAQ,SAAS,IAAI,WAAW,EAAE,EAAE,SAAS,MAAM,OAAQ,CAAC;EAExE,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EAAE,SAAS,EAAE,GAAG,QAAQ;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE;CACtD,SAAS,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;CAC3C,SAAS,OAAO,KAAK,EAAE,SAAS,aAAa;AAC3C,SAAO,MAAM,IAAI,GACd,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,QAAQ,CAAC,GAAG,UAAU,OAAO,CAC9C,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,gBAAgB,MAAM;CACjC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,SAAS,EAAE,GAAG,QAAQ;EACtB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC;EAClC;CACD,SAAS,EAAE,OAAO;EAChB,YAAY,EAAE,MAAM,iBAAiB,EAAE,MAAM,CAAC;EAC9C,gBAAgB,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,EAAE,MAAM,CAAC;EAChD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC;EACpC,UAAU,EAAE,SAAS;EACrB,aAAa,EAAE,SAAS;EACxB,mBAAmB,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC;EACtD,CAAC;CACF,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;EAC7D,MAAM,kBAAkB,KAAK,YAAY;EACzC,MAAM,0BAAU,IAAI,KAAa;EACjC,MAAM,oBAAmC,EAAE;EAC3C,IAAI,iBAA0C,KAAK;EACnD,IAAI,QAAQ;AAEZ,SAAO,mBAAmB,UAAa,SAAS,UAAU;AACxD,OAAI,QAAQ,IAAI,eAAe,CAAE;AACjC,WAAQ,IAAI,eAAe;AAC3B,OAAI,gBAAiB,mBAAkB,KAAK,eAAe;GAE3D,MAAM,aAAa,MAAM,IAAI,GAC1B,MAAM,cAAc,CACpB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,WAAW,eAAgB,CAAC,GAAG,UAAU,KAAK,OAAO,CAC3D,CACA,QAAQ;AAEX,OAAI,eAAe,KACjB,QAAO;IACL;IACA,gBAAgB;IAChB;IACA,UAAU,UAAU;IACpB,aAAa,QAAQ;IACrB,GAAI,kBAAkB,EAAE,mBAAmB,GAAG,EAAE;IACjD;GAGH,MAAM,WACJ,MAAM,IAAI,GAAG,IAAI,eAAe;AAClC,OAAI,CAAC,UAAU,cAAe;AAC9B,oBAAiB,SAAS;AAC1B;;AAGF,SAAO;GACL,YAAY;GACZ,gBAAgB;GAChB,OAAO;GACP,UAAU;GACV,aAAa;GACb,GAAI,kBAAkB,EAAE,mBAAmB,GAAG,EAAE;GACjD;;CAEJ,CAAC;;;;;;;;;;;;;;;;;;AAmBF,MAAa,eAAe,SAAS;CACnC,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,EAAE;CACvC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,eAAe;AACpC,QAAM,IAAI,GAAG,OAAO,eAAe,SAAS;AAC5C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,UAAU,EAAE,GAAG,cAAc;EAAE,MAAM,EAAE,KAAK;EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,UAAU,WAAW;AAC1C,QAAM,IAAI,GAAG,MAAM,eAAe,UAAU,KAAK;AACjD,SAAO;;CAEV,CAAC"}

package/dist/component/public/identity/accounts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"accounts.d.ts","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"mappings":";;;;;;;;;;;;;;AA0BA;;;;;AAmCA;;;;;AAiCA;cApEa,iBAAA;;;;AAwGb;;;;;AAoCA;;;;;AA4BA;;;;;;;;;;;cArIa,UAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAoCA,YAAA;;;;;;;;;;;;;;;;;;;;cA4BA,aAAA"}
+{"version":3,"file":"accounts.d.ts","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"mappings":";;;;;;;;;;;;;;AA2BA;;;;;AAmCA;;;;;AAiCA;cApEa,iBAAA;;;;AAwGb;;;;;AAoCA;;;;;AA4BA;;;;;;;;;;;cArIa,UAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAoCA,YAAA;;;;;;;;;;;;;;;;;;;;cA4BA,aAAA"}

package/dist/component/public/identity/accounts.js.map

@@ -1 +1 @@
-{"version":3,"file":"accounts.js","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"sourcesContent":["import { v } from \"convex/values\";\nimport { mutation, query } from \"../../functions\";\nimport { vAccountDoc } from \"../../model\";\n\n/**\n * List all accounts linked to a specific user.\n *\n * Queries the `Account` table using the `user_id_provider` index to efficiently\n * retrieve every authentication account (e.g. OAuth, credentials, email) that\n * belongs to the given user.\n *\n * @param args.userId - The document ID of the user whose accounts should be retrieved.\n * @returns An array of account documents associated with the user. Each document\n *   includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.\n *\n * @example\n * ```ts\n * const accounts = await ctx.runQuery(\n *   component.identity.accounts.accountListByUser,\n *   { userId: user._id },\n * );\n * for (const account of accounts) {\n *   console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);\n * }\n * ```\n */\nexport const accountListByUser = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vAccountDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Account\")\n      .withIndex(\"user_id_provider\", (q) => q.eq(\"userId\", userId as any))\n      .collect();\n  },\n});\n\n/**\n * Look up an account by its provider name and provider-specific account ID.\n *\n * Uses the `provider_account_id` index to find the unique account that matches\n * the given provider and external account identifier. This is the primary way\n * to resolve an incoming authentication event (e.g. an OAuth callback) to an\n * existing account in the system.\n *\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"github\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier assigned to the user by the external provider.\n * @returns The matching account document, or `null` if no account exists for the\n *   given provider and provider account ID combination.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n *   component.identity.accounts.accountGet,\n *   { provider: \"google\", providerAccountId: \"1184210396400123\" },\n * );\n * if (account !== null) {\n *   console.log(`Found account for user: ${account.userId}`);\n * }\n * ```\n */\nexport const accountGet = query({\n  args: { provider: v.string(), providerAccountId: v.string() },\n  returns: v.union(vAccountDoc, v.null()),\n  handler: async (ctx, { provider, providerAccountId }) => {\n    return await ctx.db\n      .query(\"Account\")\n      .withIndex(\"provider_account_id\", (q) =>\n        q.eq(\"provider\", provider).eq(\"providerAccountId\", providerAccountId),\n      )\n      .unique();\n  },\n});\n\n/**\n * Retrieve a single account by its Convex document ID.\n *\n * Performs a direct point lookup on the `Account` table. Returns `null` if the\n * document has been deleted or never existed.\n *\n * @param args.accountId - The Convex document ID (`Id<\"Account\">`) of the account to retrieve.\n * @returns The account document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n *   component.identity.accounts.accountGetById,\n *   { accountId: existingAccountId },\n * );\n * if (account !== null) {\n *   console.log(`Provider: ${account.provider}`);\n * }\n * ```\n */\nexport const accountGetById = query({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.union(vAccountDoc, v.null()),\n  handler: async (ctx, { accountId }) => {\n    return await ctx.db.get(\"Account\", accountId);\n  },\n});\n\n/**\n * Create a new account that links a user to an authentication provider.\n *\n * Inserts a row into the `Account` table, establishing the relationship between\n * a user document and an external authentication provider (OAuth, credentials,\n * email/phone OTP, etc.). A single user may have multiple accounts for different\n * providers.\n *\n * @param args.userId - The document ID of the user to link this account to.\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier for this user within the external provider.\n * @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.\n * @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.\n * @returns The document ID of the newly created account.\n *\n * @example\n * ```ts\n * const accountId = await ctx.runMutation(\n *   component.identity.accounts.accountInsert,\n *   {\n *     userId: user._id,\n *     provider: \"credentials\",\n *     providerAccountId: \"user@example.com\",\n *     secret: hashedPassword,\n *   },\n * );\n * ```\n */\nexport const accountInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    provider: v.string(),\n    providerAccountId: v.string(),\n    secret: v.optional(v.string()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"Account\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"Account\", args as any);\n  },\n});\n\n/**\n * Patch an existing account document with partial data.\n *\n * Merges the provided fields into the existing account document. Fields not\n * included in `data` are left unchanged. This is useful for updating a stored\n * secret (e.g. after a password change) or modifying extended metadata.\n *\n * @param args.accountId - The document ID of the account to update.\n * @param args.data - A partial object containing the fields to merge into the account document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.accounts.accountPatch,\n *   {\n *     accountId: account._id,\n *     data: { secret: newHashedPassword },\n *   },\n * );\n * ```\n */\nexport const accountPatch = mutation({\n  args: { accountId: v.id(\"Account\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { accountId, data }) => {\n    await ctx.db.patch(\"Account\", accountId, data);\n    return null;\n  },\n});\n\n/**\n * Delete an account document permanently.\n *\n * Removes the account from the `Account` table. This effectively unlinks the\n * user from the corresponding authentication provider. Callers should ensure\n * that related resources (verification codes, sessions, etc.) are cleaned up\n * separately if needed.\n *\n * @param args.accountId - The document ID of the account to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.accounts.accountDelete,\n *   { accountId: account._id },\n * );\n * ```\n */\nexport const accountDelete = mutation({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.null(),\n  handler: async (ctx, { accountId }) => {\n    await ctx.db.delete(\"Account\", accountId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Sessions\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,qBAAqB,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CACnE,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,aAAa,MAAM;CAC9B,MAAM;EAAE,UAAU,EAAE,QAAQ;EAAE,mBAAmB,EAAE,QAAQ;EAAE;CAC7D,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,UAAU,wBAAwB;AACvD,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,wBAAwB,MACjC,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,qBAAqB,kBAAkB,CACtE,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,UAAU,EAAE,QAAQ;EACpB,mBAAmB,EAAE,QAAQ;EAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAY;;CAErD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC"}
+{"version":3,"file":"accounts.js","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vAccountDoc } from \"../../model\";\n\n/**\n * List all accounts linked to a specific user.\n *\n * Queries the `Account` table using the `user_id_provider` index to efficiently\n * retrieve every authentication account (e.g. OAuth, credentials, email) that\n * belongs to the given user.\n *\n * @param args.userId - The document ID of the user whose accounts should be retrieved.\n * @returns An array of account documents associated with the user. Each document\n *   includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.\n *\n * @example\n * ```ts\n * const accounts = await ctx.runQuery(\n *   component.identity.accounts.accountListByUser,\n *   { userId: user._id },\n * );\n * for (const account of accounts) {\n *   console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);\n * }\n * ```\n */\nexport const accountListByUser = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vAccountDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Account\")\n      .withIndex(\"user_id_provider\", (q) => q.eq(\"userId\", userId as any))\n      .collect();\n  },\n});\n\n/**\n * Look up an account by its provider name and provider-specific account ID.\n *\n * Uses the `provider_account_id` index to find the unique account that matches\n * the given provider and external account identifier. This is the primary way\n * to resolve an incoming authentication event (e.g. an OAuth callback) to an\n * existing account in the system.\n *\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"github\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier assigned to the user by the external provider.\n * @returns The matching account document, or `null` if no account exists for the\n *   given provider and provider account ID combination.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n *   component.identity.accounts.accountGet,\n *   { provider: \"google\", providerAccountId: \"1184210396400123\" },\n * );\n * if (account !== null) {\n *   console.log(`Found account for user: ${account.userId}`);\n * }\n * ```\n */\nexport const accountGet = query({\n  args: { provider: v.string(), providerAccountId: v.string() },\n  returns: v.union(vAccountDoc, v.null()),\n  handler: async (ctx, { provider, providerAccountId }) => {\n    return await ctx.db\n      .query(\"Account\")\n      .withIndex(\"provider_account_id\", (q) =>\n        q.eq(\"provider\", provider).eq(\"providerAccountId\", providerAccountId),\n      )\n      .unique();\n  },\n});\n\n/**\n * Retrieve a single account by its Convex document ID.\n *\n * Performs a direct point lookup on the `Account` table. Returns `null` if the\n * document has been deleted or never existed.\n *\n * @param args.accountId - The Convex document ID (`Id<\"Account\">`) of the account to retrieve.\n * @returns The account document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n *   component.identity.accounts.accountGetById,\n *   { accountId: existingAccountId },\n * );\n * if (account !== null) {\n *   console.log(`Provider: ${account.provider}`);\n * }\n * ```\n */\nexport const accountGetById = query({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.union(vAccountDoc, v.null()),\n  handler: async (ctx, { accountId }) => {\n    return await ctx.db.get(\"Account\", accountId);\n  },\n});\n\n/**\n * Create a new account that links a user to an authentication provider.\n *\n * Inserts a row into the `Account` table, establishing the relationship between\n * a user document and an external authentication provider (OAuth, credentials,\n * email/phone OTP, etc.). A single user may have multiple accounts for different\n * providers.\n *\n * @param args.userId - The document ID of the user to link this account to.\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier for this user within the external provider.\n * @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.\n * @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.\n * @returns The document ID of the newly created account.\n *\n * @example\n * ```ts\n * const accountId = await ctx.runMutation(\n *   component.identity.accounts.accountInsert,\n *   {\n *     userId: user._id,\n *     provider: \"credentials\",\n *     providerAccountId: \"user@example.com\",\n *     secret: hashedPassword,\n *   },\n * );\n * ```\n */\nexport const accountInsert = mutation({\n  args: {\n    userId: v.id(\"User\"),\n    provider: v.string(),\n    providerAccountId: v.string(),\n    secret: v.optional(v.string()),\n    extend: v.optional(v.any()),\n  },\n  returns: v.id(\"Account\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"Account\", args as any);\n  },\n});\n\n/**\n * Patch an existing account document with partial data.\n *\n * Merges the provided fields into the existing account document. Fields not\n * included in `data` are left unchanged. This is useful for updating a stored\n * secret (e.g. after a password change) or modifying extended metadata.\n *\n * @param args.accountId - The document ID of the account to update.\n * @param args.data - A partial object containing the fields to merge into the account document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.accounts.accountPatch,\n *   {\n *     accountId: account._id,\n *     data: { secret: newHashedPassword },\n *   },\n * );\n * ```\n */\nexport const accountPatch = mutation({\n  args: { accountId: v.id(\"Account\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { accountId, data }) => {\n    await ctx.db.patch(\"Account\", accountId, data);\n    return null;\n  },\n});\n\n/**\n * Delete an account document permanently.\n *\n * Removes the account from the `Account` table. This effectively unlinks the\n * user from the corresponding authentication provider. Callers should ensure\n * that related resources (verification codes, sessions, etc.) are cleaned up\n * separately if needed.\n *\n * @param args.accountId - The document ID of the account to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.accounts.accountDelete,\n *   { accountId: account._id },\n * );\n * ```\n */\nexport const accountDelete = mutation({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.null(),\n  handler: async (ctx, { accountId }) => {\n    await ctx.db.delete(\"Account\", accountId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Sessions\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,qBAAqB,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CACnE,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,aAAa,MAAM;CAC9B,MAAM;EAAE,UAAU,EAAE,QAAQ;EAAE,mBAAmB,EAAE,QAAQ;EAAE;CAC7D,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,UAAU,wBAAwB;AACvD,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,wBAAwB,MACjC,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,qBAAqB,kBAAkB,CACtE,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,UAAU,EAAE,QAAQ;EACpB,mBAAmB,EAAE,QAAQ;EAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAY;;CAErD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC"}

package/dist/component/public/identity/codes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"codes.d.ts","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"mappings":";;;;;;;;;;;;AAyBA;;;;;AAgCA;;;;;AA4CA;;cA5Ea,8BAAA;;;AA+Gb;;;;;;;;;;;;;;;;;;;cA/Ea,yBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA4CA,sBAAA;;;;;;;;;;;;;;;;;;;;cAmCA,sBAAA"}
+{"version":3,"file":"codes.d.ts","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"mappings":";;;;;;;;;;;;AA0BA;;;;;AAgCA;;;;;AA4CA;;cA5Ea,8BAAA;;;AA+Gb;;;;;;;;;;;;;;;;;;;cA/Ea,yBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA4CA,sBAAA;;;;;;;;;;;;;;;;;;;;cAmCA,sBAAA"}

package/dist/component/public/identity/codes.js.map

@@ -1 +1 @@
-{"version":3,"file":"codes.js","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"sourcesContent":["import { v } from \"convex/values\";\nimport { mutation, query } from \"../../functions\";\nimport { vVerificationCodeDoc } from \"../../model\";\n\n/**\n * Find a verification code by its associated account ID.\n *\n * Queries the `VerificationCode` table using the `account_id` index to locate\n * the unique verification code linked to the given account. Each account has at\n * most one active verification code at a time.\n *\n * @param args.accountId - The document ID of the account whose verification code should be retrieved.\n * @returns The verification code document if one exists for the account, or `null` otherwise.\n *\n * @example\n * ```ts\n * const code = await ctx.runQuery(\n *   component.identity.codes.verificationCodeGetByAccountId,\n *   { accountId: account._id },\n * );\n * if (code !== null && code.expirationTime > Date.now()) {\n *   console.log(\"Active verification code exists\");\n * }\n * ```\n */\nexport const verificationCodeGetByAccountId = query({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.union(vVerificationCodeDoc, v.null()),\n  handler: async (ctx, { accountId }) => {\n    return await ctx.db\n      .query(\"VerificationCode\")\n      .withIndex(\"account_id\", (q) => q.eq(\"accountId\", accountId as any))\n      .unique();\n  },\n});\n\n/**\n * Find a verification code by its code string value.\n *\n * Queries the `VerificationCode` table using the `code` index to locate the\n * unique verification code document matching the given code string. This is\n * the primary lookup used when a user submits an OTP or clicks a magic link.\n *\n * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).\n * @returns The verification code document if a match is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const codeDoc = await ctx.runQuery(\n *   component.identity.codes.verificationCodeGetByCode,\n *   { code: \"482910\" },\n * );\n * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {\n *   console.log(`Code is valid for account: ${codeDoc.accountId}`);\n * }\n * ```\n */\nexport const verificationCodeGetByCode = query({\n  args: { code: v.string() },\n  returns: v.union(vVerificationCodeDoc, v.null()),\n  handler: async (ctx, { code }) => {\n    return await ctx.db\n      .query(\"VerificationCode\")\n      .withIndex(\"code\", (q) => q.eq(\"code\", code))\n      .unique();\n  },\n});\n\n/**\n * Create a new verification code for OTP, magic link, or OAuth flows.\n *\n * Inserts a document into the `VerificationCode` table that ties a short-lived\n * code to a specific account and provider. The code can be used for email OTP,\n * phone OTP, magic link, or OAuth state verification depending on the flow.\n *\n * @param args.accountId - The document ID of the account this verification code is associated with.\n * @param args.provider - The name of the authentication provider initiating the verification\n *   (e.g. `\"resend-otp\"`, `\"twilio-otp\"`, `\"google\"`).\n * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.\n * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.\n * @param args.emailVerified - An optional email address that will be marked as verified upon successful\n *   code redemption.\n * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful\n *   code redemption.\n * @returns The document ID of the newly created verification code.\n *\n * @example\n * ```ts\n * const codeId = await ctx.runMutation(\n *   component.identity.codes.verificationCodeCreate,\n *   {\n *     accountId: account._id,\n *     provider: \"resend-otp\",\n *     code: \"482910\",\n *     expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes\n *     emailVerified: \"alice@example.com\",\n *   },\n * );\n * ```\n */\nexport const verificationCodeCreate = mutation({\n  args: {\n    accountId: v.id(\"Account\"),\n    provider: v.string(),\n    code: v.string(),\n    expirationTime: v.number(),\n    verifier: v.optional(v.string()),\n    emailVerified: v.optional(v.string()),\n    phoneVerified: v.optional(v.string()),\n  },\n  returns: v.id(\"VerificationCode\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"VerificationCode\", args as any);\n  },\n});\n\n/**\n * Delete a verification code document permanently.\n *\n * Removes the verification code from the `VerificationCode` table. This is\n * typically called after the code has been successfully redeemed or when it\n * needs to be invalidated (e.g. replaced by a new code).\n *\n * @param args.verificationCodeId - The document ID of the verification code to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Delete the code after successful verification\n * await ctx.runMutation(\n *   component.identity.codes.verificationCodeDelete,\n *   { verificationCodeId: codeDoc._id },\n * );\n * ```\n */\nexport const verificationCodeDelete = mutation({\n  args: { verificationCodeId: v.id(\"VerificationCode\") },\n  returns: v.null(),\n  handler: async (ctx, { verificationCodeId }) => {\n    await ctx.db.delete(\"VerificationCode\", verificationCodeId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Refresh Tokens\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,MAAa,iCAAiC,MAAM;CAClD,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAiB,CAAC,CACnE,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;CAC1B,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,SAAS,MAAM,EAAE,GAAG,QAAQ,KAAK,CAAC,CAC5C,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,QAAQ;EAChB,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACtC;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB,KAAY;;CAE9D,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,yBAAyB,SAAS;CAC7C,MAAM,EAAE,oBAAoB,EAAE,GAAG,mBAAmB,EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,yBAAyB;AAC9C,QAAM,IAAI,GAAG,OAAO,oBAAoB,mBAAmB;AAC3D,SAAO;;CAEV,CAAC"}
+{"version":3,"file":"codes.js","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vVerificationCodeDoc } from \"../../model\";\n\n/**\n * Find a verification code by its associated account ID.\n *\n * Queries the `VerificationCode` table using the `account_id` index to locate\n * the unique verification code linked to the given account. Each account has at\n * most one active verification code at a time.\n *\n * @param args.accountId - The document ID of the account whose verification code should be retrieved.\n * @returns The verification code document if one exists for the account, or `null` otherwise.\n *\n * @example\n * ```ts\n * const code = await ctx.runQuery(\n *   component.identity.codes.verificationCodeGetByAccountId,\n *   { accountId: account._id },\n * );\n * if (code !== null && code.expirationTime > Date.now()) {\n *   console.log(\"Active verification code exists\");\n * }\n * ```\n */\nexport const verificationCodeGetByAccountId = query({\n  args: { accountId: v.id(\"Account\") },\n  returns: v.union(vVerificationCodeDoc, v.null()),\n  handler: async (ctx, { accountId }) => {\n    return await ctx.db\n      .query(\"VerificationCode\")\n      .withIndex(\"account_id\", (q) => q.eq(\"accountId\", accountId as any))\n      .unique();\n  },\n});\n\n/**\n * Find a verification code by its code string value.\n *\n * Queries the `VerificationCode` table using the `code` index to locate the\n * unique verification code document matching the given code string. This is\n * the primary lookup used when a user submits an OTP or clicks a magic link.\n *\n * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).\n * @returns The verification code document if a match is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const codeDoc = await ctx.runQuery(\n *   component.identity.codes.verificationCodeGetByCode,\n *   { code: \"482910\" },\n * );\n * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {\n *   console.log(`Code is valid for account: ${codeDoc.accountId}`);\n * }\n * ```\n */\nexport const verificationCodeGetByCode = query({\n  args: { code: v.string() },\n  returns: v.union(vVerificationCodeDoc, v.null()),\n  handler: async (ctx, { code }) => {\n    return await ctx.db\n      .query(\"VerificationCode\")\n      .withIndex(\"code\", (q) => q.eq(\"code\", code))\n      .unique();\n  },\n});\n\n/**\n * Create a new verification code for OTP, magic link, or OAuth flows.\n *\n * Inserts a document into the `VerificationCode` table that ties a short-lived\n * code to a specific account and provider. The code can be used for email OTP,\n * phone OTP, magic link, or OAuth state verification depending on the flow.\n *\n * @param args.accountId - The document ID of the account this verification code is associated with.\n * @param args.provider - The name of the authentication provider initiating the verification\n *   (e.g. `\"resend-otp\"`, `\"twilio-otp\"`, `\"google\"`).\n * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.\n * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.\n * @param args.emailVerified - An optional email address that will be marked as verified upon successful\n *   code redemption.\n * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful\n *   code redemption.\n * @returns The document ID of the newly created verification code.\n *\n * @example\n * ```ts\n * const codeId = await ctx.runMutation(\n *   component.identity.codes.verificationCodeCreate,\n *   {\n *     accountId: account._id,\n *     provider: \"resend-otp\",\n *     code: \"482910\",\n *     expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes\n *     emailVerified: \"alice@example.com\",\n *   },\n * );\n * ```\n */\nexport const verificationCodeCreate = mutation({\n  args: {\n    accountId: v.id(\"Account\"),\n    provider: v.string(),\n    code: v.string(),\n    expirationTime: v.number(),\n    verifier: v.optional(v.string()),\n    emailVerified: v.optional(v.string()),\n    phoneVerified: v.optional(v.string()),\n  },\n  returns: v.id(\"VerificationCode\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"VerificationCode\", args as any);\n  },\n});\n\n/**\n * Delete a verification code document permanently.\n *\n * Removes the verification code from the `VerificationCode` table. This is\n * typically called after the code has been successfully redeemed or when it\n * needs to be invalidated (e.g. replaced by a new code).\n *\n * @param args.verificationCodeId - The document ID of the verification code to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Delete the code after successful verification\n * await ctx.runMutation(\n *   component.identity.codes.verificationCodeDelete,\n *   { verificationCodeId: codeDoc._id },\n * );\n * ```\n */\nexport const verificationCodeDelete = mutation({\n  args: { verificationCodeId: v.id(\"VerificationCode\") },\n  returns: v.null(),\n  handler: async (ctx, { verificationCodeId }) => {\n    await ctx.db.delete(\"VerificationCode\", verificationCodeId);\n    return null;\n  },\n});\n\n// ============================================================================\n// Refresh Tokens\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAa,iCAAiC,MAAM;CAClD,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAiB,CAAC,CACnE,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;CAC1B,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,SAAS,MAAM,EAAE,GAAG,QAAQ,KAAK,CAAC,CAC5C,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,QAAQ;EAChB,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACtC;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB,KAAY;;CAE9D,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,yBAAyB,SAAS;CAC7C,MAAM,EAAE,oBAAoB,EAAE,GAAG,mBAAmB,EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,yBAAyB;AAC9C,QAAM,IAAI,GAAG,OAAO,oBAAoB,mBAAmB;AAC3D,SAAO;;CAEV,CAAC"}

package/dist/component/public/identity/sessions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessions.d.ts","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"mappings":";;;;;;;;;;;;;AAkCA;;;;;AAkEA;;;;;AAiCA;;;;;AAgCA;;;;;cAnIa,WAAA;;;;;;;;;;;;;;;;;;;;;;;cAkEA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAgCA,aAAA;;;;;;;;;;;;;;;;;;;;cA8BA,iBAAA"}
+{"version":3,"file":"sessions.d.ts","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"mappings":";;;;;;;;;;;;;AAmCA;;;;;AAkEA;;;;;AAiCA;;;;;AAgCA;;;;;cAnIa,WAAA;;;;;;;;;;;;;;;;;;;;;;;cAkEA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAgCA,aAAA;;;;;;;;;;;;;;;;;;;;cA8BA,iBAAA"}

package/dist/component/public/identity/sessions.js.map

@@ -1 +1 @@
-{"version":3,"file":"sessions.js","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"sourcesContent":["import { v } from \"convex/values\";\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vSessionDoc } from \"../../model\";\n\n/**\n * List sessions with optional filtering and cursor-based pagination.\n *\n * Supports filtering by `userId` to retrieve only sessions belonging to a\n * specific user. When a `userId` filter is provided, the `user_id` index is\n * used for efficient lookup. Results are returned as a paginated response\n * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the\n * next page, or receive `null` when all results have been exhausted.\n *\n * @param args.where - Optional filter object. Currently supports `userId` to\n *   restrict results to sessions for a specific user.\n * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n *   to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of session documents) and `nextCursor`\n *   (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // List the 10 most recent sessions for a user\n * const page = await ctx.runQuery(\n *   component.identity.sessions.sessionList,\n *   { where: { userId: user._id }, limit: 10, order: \"desc\" },\n * );\n * for (const session of page.items) {\n *   console.log(`Session ${session._id} expires at ${session.expirationTime}`);\n * }\n * ```\n */\nexport const sessionList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        userId: v.optional(v.id(\"User\")),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vSessionDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    let q;\n    if (where.userId !== undefined) {\n      q = ctx.db\n        .query(\"Session\")\n        .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n    } else {\n      q = ctx.db.query(\"Session\");\n    }\n\n    q = q.order(order);\n\n    const all = await q.collect();\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Create a new session for a user with a specified expiration time.\n *\n * Inserts a new document into the `Session` table, linking it to the given user.\n * The session represents an active authenticated context and is typically created\n * after a successful sign-in or token refresh.\n *\n * @param args.userId - The document ID of the user this session belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.\n * @returns The document ID of the newly created session.\n *\n * @example\n * ```ts\n * const sessionId = await ctx.runMutation(\n *   component.identity.sessions.sessionCreate,\n *   {\n *     userId: user._id,\n *     expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days\n *   },\n * );\n * ```\n */\nexport const sessionCreate = mutation({\n  args: { userId: v.id(\"User\"), expirationTime: v.number() },\n  returns: v.id(\"Session\"),\n  handler: async (ctx, { userId, expirationTime }) => {\n    return await ctx.db.insert(\"Session\", {\n      userId: userId as any,\n      expirationTime,\n    });\n  },\n});\n\n/**\n * Retrieve a single session by its Convex document ID.\n *\n * Performs a direct point lookup on the `Session` table. Returns `null` if the\n * session has been deleted or never existed. This does not check whether the\n * session has expired -- callers should compare `expirationTime` to the current\n * time if needed.\n *\n * @param args.sessionId - The Convex document ID (`Id<\"Session\">`) of the session to retrieve.\n * @returns The session document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const session = await ctx.runQuery(\n *   component.identity.sessions.sessionGetById,\n *   { sessionId: refreshToken.sessionId },\n * );\n * if (session !== null && session.expirationTime > Date.now()) {\n *   console.log(\"Session is still active\");\n * }\n * ```\n */\nexport const sessionGetById = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.union(vSessionDoc, v.null()),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db.get(\"Session\", sessionId);\n  },\n});\n\n/**\n * Delete a session document.\n *\n * Removes the session from the `Session` table. This is a no-op if the session\n * does not exist (i.e. was already deleted). Callers should also clean up\n * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the\n * session.\n *\n * @param args.sessionId - The document ID of the session to delete.\n * @returns `null` on success (including when the session was already absent).\n *\n * @example\n * ```ts\n * // Revoke a session and its tokens\n * await ctx.runMutation(\n *   component.identity.sessions.sessionDelete,\n *   { sessionId: session._id },\n * );\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenDeleteAll,\n *   { sessionId: session._id },\n * );\n * ```\n */\nexport const sessionDelete = mutation({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.null(),\n  handler: async (ctx, { sessionId }) => {\n    if ((await ctx.db.get(\"Session\", sessionId)) !== null) {\n      await ctx.db.delete(\"Session\", sessionId);\n    }\n    return null;\n  },\n});\n\n/**\n * List all sessions belonging to a specific user.\n *\n * Queries the `Session` table using the `user_id` index to efficiently retrieve\n * every session document for the given user. Unlike `sessionList`, this returns\n * all matching sessions without pagination.\n *\n * @param args.userId - The document ID of the user whose sessions should be retrieved.\n * @returns An array of session documents for the specified user.\n *\n * @example\n * ```ts\n * const sessions = await ctx.runQuery(\n *   component.identity.sessions.sessionListByUser,\n *   { userId: user._id },\n * );\n * console.log(`User has ${sessions.length} active session(s)`);\n * ```\n */\nexport const sessionListByUser = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vSessionDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Session\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId as any))\n      .collect();\n  },\n});\n\n// ============================================================================\n// Verifiers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCA,MAAa,cAAc,MAAM;CAC/B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO,EACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,EACjC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,YAAY;CAChC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,UAAU,CAChB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,UAAU;AAG7B,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,gBAAgB,EAAE,QAAQ;EAAE;CAC1D,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,EAAE,QAAQ,qBAAqB;AAClD,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW;GAC5B;GACR;GACD,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,MAAK,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU,KAAM,KAC/C,OAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AAE3C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CAC1D,SAAS;;CAEf,CAAC"}
+{"version":3,"file":"sessions.js","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vSessionDoc } from \"../../model\";\n\n/**\n * List sessions with optional filtering and cursor-based pagination.\n *\n * Supports filtering by `userId` to retrieve only sessions belonging to a\n * specific user. When a `userId` filter is provided, the `user_id` index is\n * used for efficient lookup. Results are returned as a paginated response\n * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the\n * next page, or receive `null` when all results have been exhausted.\n *\n * @param args.where - Optional filter object. Currently supports `userId` to\n *   restrict results to sessions for a specific user.\n * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n *   to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of session documents) and `nextCursor`\n *   (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // List the 10 most recent sessions for a user\n * const page = await ctx.runQuery(\n *   component.identity.sessions.sessionList,\n *   { where: { userId: user._id }, limit: 10, order: \"desc\" },\n * );\n * for (const session of page.items) {\n *   console.log(`Session ${session._id} expires at ${session.expirationTime}`);\n * }\n * ```\n */\nexport const sessionList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        userId: v.optional(v.id(\"User\")),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vSessionDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    let q;\n    if (where.userId !== undefined) {\n      q = ctx.db\n        .query(\"Session\")\n        .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n    } else {\n      q = ctx.db.query(\"Session\");\n    }\n\n    q = q.order(order);\n\n    const all = await q.collect();\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Create a new session for a user with a specified expiration time.\n *\n * Inserts a new document into the `Session` table, linking it to the given user.\n * The session represents an active authenticated context and is typically created\n * after a successful sign-in or token refresh.\n *\n * @param args.userId - The document ID of the user this session belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.\n * @returns The document ID of the newly created session.\n *\n * @example\n * ```ts\n * const sessionId = await ctx.runMutation(\n *   component.identity.sessions.sessionCreate,\n *   {\n *     userId: user._id,\n *     expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days\n *   },\n * );\n * ```\n */\nexport const sessionCreate = mutation({\n  args: { userId: v.id(\"User\"), expirationTime: v.number() },\n  returns: v.id(\"Session\"),\n  handler: async (ctx, { userId, expirationTime }) => {\n    return await ctx.db.insert(\"Session\", {\n      userId: userId as any,\n      expirationTime,\n    });\n  },\n});\n\n/**\n * Retrieve a single session by its Convex document ID.\n *\n * Performs a direct point lookup on the `Session` table. Returns `null` if the\n * session has been deleted or never existed. This does not check whether the\n * session has expired -- callers should compare `expirationTime` to the current\n * time if needed.\n *\n * @param args.sessionId - The Convex document ID (`Id<\"Session\">`) of the session to retrieve.\n * @returns The session document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const session = await ctx.runQuery(\n *   component.identity.sessions.sessionGetById,\n *   { sessionId: refreshToken.sessionId },\n * );\n * if (session !== null && session.expirationTime > Date.now()) {\n *   console.log(\"Session is still active\");\n * }\n * ```\n */\nexport const sessionGetById = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.union(vSessionDoc, v.null()),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db.get(\"Session\", sessionId);\n  },\n});\n\n/**\n * Delete a session document.\n *\n * Removes the session from the `Session` table. This is a no-op if the session\n * does not exist (i.e. was already deleted). Callers should also clean up\n * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the\n * session.\n *\n * @param args.sessionId - The document ID of the session to delete.\n * @returns `null` on success (including when the session was already absent).\n *\n * @example\n * ```ts\n * // Revoke a session and its tokens\n * await ctx.runMutation(\n *   component.identity.sessions.sessionDelete,\n *   { sessionId: session._id },\n * );\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenDeleteAll,\n *   { sessionId: session._id },\n * );\n * ```\n */\nexport const sessionDelete = mutation({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.null(),\n  handler: async (ctx, { sessionId }) => {\n    if ((await ctx.db.get(\"Session\", sessionId)) !== null) {\n      await ctx.db.delete(\"Session\", sessionId);\n    }\n    return null;\n  },\n});\n\n/**\n * List all sessions belonging to a specific user.\n *\n * Queries the `Session` table using the `user_id` index to efficiently retrieve\n * every session document for the given user. Unlike `sessionList`, this returns\n * all matching sessions without pagination.\n *\n * @param args.userId - The document ID of the user whose sessions should be retrieved.\n * @returns An array of session documents for the specified user.\n *\n * @example\n * ```ts\n * const sessions = await ctx.runQuery(\n *   component.identity.sessions.sessionListByUser,\n *   { userId: user._id },\n * );\n * console.log(`User has ${sessions.length} active session(s)`);\n * ```\n */\nexport const sessionListByUser = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.array(vSessionDoc),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db\n      .query(\"Session\")\n      .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId as any))\n      .collect();\n  },\n});\n\n// ============================================================================\n// Verifiers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCA,MAAa,cAAc,MAAM;CAC/B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO,EACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,EACjC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,YAAY;CAChC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,UAAU,CAChB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,UAAU;AAG7B,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,gBAAgB,EAAE,QAAQ;EAAE;CAC1D,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,EAAE,QAAQ,qBAAqB;AAClD,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW;GAC5B;GACR;GACD,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,MAAK,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU,KAAM,KAC/C,OAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AAE3C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CAC1D,SAAS;;CAEf,CAAC"}

package/dist/component/public/identity/tokens.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokens.d.ts","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"mappings":";;;;;;;;;;;;;;;AA6BA;;;;;AAgCA;;;;;AA+BA;;;cA/Da,kBAAA;;AAkGb;;;;;AAqCA;;;;;AAiCA;;;;;AAwCA;;;;cAhLa,mBAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,uBAAA;;;;;;;;;;;;;;;;;;;;cAqCA,yBAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,qBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,qBAAA"}
+{"version":3,"file":"tokens.d.ts","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"mappings":";;;;;;;;;;;;;;;AA8BA;;;;;AAgCA;;;;;AA+BA;;;cA/Da,kBAAA;;AAkGb;;;;;AAqCA;;;;;AAiCA;;;;;AAwCA;;;;cAhLa,mBAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,uBAAA;;;;;;;;;;;;;;;;;;;;cAqCA,yBAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,qBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,qBAAA"}

package/dist/component/public/identity/tokens.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokens.js","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"sourcesContent":["import { v } from \"convex/values\";\nimport { mutation, query } from \"../../functions\";\nimport { vRefreshTokenDoc } from \"../../model\";\n\n/**\n * Create a new refresh token for a session.\n *\n * Inserts a document into the `RefreshToken` table. Refresh tokens are used to\n * obtain new access tokens without requiring the user to re-authenticate. When\n * a refresh token is rotated, the new token references the old one via\n * `parentRefreshTokenId` to form a token chain for replay detection.\n *\n * @param args.sessionId - The document ID of the session this refresh token belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was\n *   exchanged to create this one. Omitted for the initial token in a session.\n * @returns The document ID of the newly created refresh token.\n *\n * @example\n * ```ts\n * const tokenId = await ctx.runMutation(\n *   component.identity.tokens.refreshTokenCreate,\n *   {\n *     sessionId: session._id,\n *     expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n *   },\n * );\n * ```\n */\nexport const refreshTokenCreate = mutation({\n  args: {\n    sessionId: v.id(\"Session\"),\n    expirationTime: v.number(),\n    parentRefreshTokenId: v.optional(v.id(\"RefreshToken\")),\n  },\n  returns: v.id(\"RefreshToken\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"RefreshToken\", args as any);\n  },\n});\n\n/**\n * Retrieve a single refresh token by its Convex document ID.\n *\n * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if\n * the token has been deleted or never existed.\n *\n * @param args.refreshTokenId - The Convex document ID (`Id<\"RefreshToken\">`) of the token to retrieve.\n * @returns The refresh token document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const token = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetById,\n *   { refreshTokenId: storedTokenId },\n * );\n * if (token !== null && token.expirationTime > Date.now()) {\n *   console.log(\"Refresh token is still valid\");\n * }\n * ```\n */\nexport const refreshTokenGetById = query({\n  args: { refreshTokenId: v.id(\"RefreshToken\") },\n  returns: v.union(vRefreshTokenDoc, v.null()),\n  handler: async (ctx, { refreshTokenId }) => {\n    return await ctx.db.get(\"RefreshToken\", refreshTokenId);\n  },\n});\n\n/**\n * Patch a refresh token document with partial data.\n *\n * Merges the provided fields into the existing refresh token document. This is\n * primarily used to record `firstUsedTime` when a refresh token is first\n * exchanged, marking it as consumed for replay detection.\n *\n * @param args.refreshTokenId - The document ID of the refresh token to update.\n * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Mark the refresh token as used\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenPatch,\n *   {\n *     refreshTokenId: token._id,\n *     data: { firstUsedTime: Date.now() },\n *   },\n * );\n * ```\n */\nexport const refreshTokenPatch = mutation({\n  args: { refreshTokenId: v.id(\"RefreshToken\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { refreshTokenId, data }) => {\n    await ctx.db.patch(\"RefreshToken\", refreshTokenId, data);\n    return null;\n  },\n});\n\n/**\n * Get child tokens that were created by exchanging a specific parent token.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to find all tokens whose `parentRefreshTokenId` matches the provided\n * parent. This is used for replay detection: if a parent token has more than\n * one child, it indicates a potential token reuse attack.\n *\n * @param args.sessionId - The document ID of the session the tokens belong to.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.\n * @returns An array of refresh token documents that were derived from the specified parent token.\n *\n * @example\n * ```ts\n * const children = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetChildren,\n *   {\n *     sessionId: session._id,\n *     parentRefreshTokenId: parentToken._id,\n *   },\n * );\n * if (children.length > 1) {\n *   console.warn(\"Possible token reuse detected!\");\n * }\n * ```\n */\nexport const refreshTokenGetChildren = query({\n  args: {\n    sessionId: v.id(\"Session\"),\n    parentRefreshTokenId: v.id(\"RefreshToken\"),\n  },\n  returns: v.array(vRefreshTokenDoc),\n  handler: async (ctx, { sessionId, parentRefreshTokenId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q\n          .eq(\"sessionId\", sessionId as any)\n          .eq(\"parentRefreshTokenId\", parentRefreshTokenId as any),\n      )\n      .collect();\n  },\n});\n\n/**\n * List all refresh tokens belonging to a specific session.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to efficiently retrieve every refresh token associated with the given\n * session, including both active and consumed tokens.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.\n * @returns An array of all refresh token documents for the specified session.\n *\n * @example\n * ```ts\n * const tokens = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenListBySession,\n *   { sessionId: session._id },\n * );\n * console.log(`Session has ${tokens.length} refresh token(s)`);\n * ```\n */\nexport const refreshTokenListBySession = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.array(vRefreshTokenDoc),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q.eq(\"sessionId\", sessionId as any),\n      )\n      .collect();\n  },\n});\n\n/**\n * Delete all refresh tokens for a session.\n *\n * Queries the `RefreshToken` table for all tokens belonging to the given session\n * and deletes them in parallel. This is typically called when a session is\n * revoked or when token reuse is detected, effectively invalidating the entire\n * token chain for that session.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Invalidate all tokens for a compromised session\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenDeleteAll,\n *   { sessionId: session._id },\n * );\n * ```\n */\nexport const refreshTokenDeleteAll = mutation({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.null(),\n  handler: async (ctx, { sessionId }) => {\n    const tokens = await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q.eq(\"sessionId\", sessionId as any),\n      )\n      .collect();\n    await Promise.all(\n      tokens.map((token) => ctx.db.delete(\"RefreshToken\", token._id)),\n    );\n    return null;\n  },\n});\n\n/**\n * Get the active (unused) refresh token for a session.\n *\n * Queries the `RefreshToken` table using the `session_id_first_used` index to\n * find the most recently created token for the session that has not yet been\n * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current\n * valid refresh token the client should be holding.\n *\n * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.\n * @returns The most recent unused refresh token document, or `null` if no active token exists\n *   (e.g. all tokens have been consumed or the session has no tokens).\n *\n * @example\n * ```ts\n * const activeToken = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetActive,\n *   { sessionId: session._id },\n * );\n * if (activeToken !== null) {\n *   console.log(`Active token expires at: ${activeToken.expirationTime}`);\n * }\n * ```\n */\nexport const refreshTokenGetActive = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.union(vRefreshTokenDoc, v.null()),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_first_used\", (q) =>\n        q.eq(\"sessionId\", sessionId as any).eq(\"firstUsedTime\", undefined),\n      )\n      .order(\"desc\")\n      .first();\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BA,MAAa,qBAAqB,SAAS;CACzC,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,gBAAgB,EAAE,QAAQ;EAC1B,sBAAsB,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;EACvD;CACD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,KAAY;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,eAAe,EAAE;CAC9C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,eAAe;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,gBAAgB,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB,WAAW;AAChD,QAAM,IAAI,GAAG,MAAM,gBAAgB,gBAAgB,KAAK;AACxD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,sBAAsB,EAAE,GAAG,eAAe;EAC3C;CACD,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,WAAW,2BAA2B;AAC3D,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EACG,GAAG,aAAa,UAAiB,CACjC,GAAG,wBAAwB,qBAA4B,CAC3D,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,wBAAwB,SAAS;CAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;EACrC,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;AACZ,QAAM,QAAQ,IACZ,OAAO,KAAK,UAAU,IAAI,GAAG,OAAO,gBAAgB,MAAM,IAAI,CAAC,CAChE;AACD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,wBAAwB,MAAM;CACzC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,0BAA0B,MACnC,EAAE,GAAG,aAAa,UAAiB,CAAC,GAAG,iBAAiB,OAAU,CACnE,CACA,MAAM,OAAO,CACb,OAAO;;CAEb,CAAC"}
+{"version":3,"file":"tokens.js","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vRefreshTokenDoc } from \"../../model\";\n\n/**\n * Create a new refresh token for a session.\n *\n * Inserts a document into the `RefreshToken` table. Refresh tokens are used to\n * obtain new access tokens without requiring the user to re-authenticate. When\n * a refresh token is rotated, the new token references the old one via\n * `parentRefreshTokenId` to form a token chain for replay detection.\n *\n * @param args.sessionId - The document ID of the session this refresh token belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was\n *   exchanged to create this one. Omitted for the initial token in a session.\n * @returns The document ID of the newly created refresh token.\n *\n * @example\n * ```ts\n * const tokenId = await ctx.runMutation(\n *   component.identity.tokens.refreshTokenCreate,\n *   {\n *     sessionId: session._id,\n *     expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n *   },\n * );\n * ```\n */\nexport const refreshTokenCreate = mutation({\n  args: {\n    sessionId: v.id(\"Session\"),\n    expirationTime: v.number(),\n    parentRefreshTokenId: v.optional(v.id(\"RefreshToken\")),\n  },\n  returns: v.id(\"RefreshToken\"),\n  handler: async (ctx, args) => {\n    return await ctx.db.insert(\"RefreshToken\", args as any);\n  },\n});\n\n/**\n * Retrieve a single refresh token by its Convex document ID.\n *\n * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if\n * the token has been deleted or never existed.\n *\n * @param args.refreshTokenId - The Convex document ID (`Id<\"RefreshToken\">`) of the token to retrieve.\n * @returns The refresh token document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const token = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetById,\n *   { refreshTokenId: storedTokenId },\n * );\n * if (token !== null && token.expirationTime > Date.now()) {\n *   console.log(\"Refresh token is still valid\");\n * }\n * ```\n */\nexport const refreshTokenGetById = query({\n  args: { refreshTokenId: v.id(\"RefreshToken\") },\n  returns: v.union(vRefreshTokenDoc, v.null()),\n  handler: async (ctx, { refreshTokenId }) => {\n    return await ctx.db.get(\"RefreshToken\", refreshTokenId);\n  },\n});\n\n/**\n * Patch a refresh token document with partial data.\n *\n * Merges the provided fields into the existing refresh token document. This is\n * primarily used to record `firstUsedTime` when a refresh token is first\n * exchanged, marking it as consumed for replay detection.\n *\n * @param args.refreshTokenId - The document ID of the refresh token to update.\n * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Mark the refresh token as used\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenPatch,\n *   {\n *     refreshTokenId: token._id,\n *     data: { firstUsedTime: Date.now() },\n *   },\n * );\n * ```\n */\nexport const refreshTokenPatch = mutation({\n  args: { refreshTokenId: v.id(\"RefreshToken\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { refreshTokenId, data }) => {\n    await ctx.db.patch(\"RefreshToken\", refreshTokenId, data);\n    return null;\n  },\n});\n\n/**\n * Get child tokens that were created by exchanging a specific parent token.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to find all tokens whose `parentRefreshTokenId` matches the provided\n * parent. This is used for replay detection: if a parent token has more than\n * one child, it indicates a potential token reuse attack.\n *\n * @param args.sessionId - The document ID of the session the tokens belong to.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.\n * @returns An array of refresh token documents that were derived from the specified parent token.\n *\n * @example\n * ```ts\n * const children = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetChildren,\n *   {\n *     sessionId: session._id,\n *     parentRefreshTokenId: parentToken._id,\n *   },\n * );\n * if (children.length > 1) {\n *   console.warn(\"Possible token reuse detected!\");\n * }\n * ```\n */\nexport const refreshTokenGetChildren = query({\n  args: {\n    sessionId: v.id(\"Session\"),\n    parentRefreshTokenId: v.id(\"RefreshToken\"),\n  },\n  returns: v.array(vRefreshTokenDoc),\n  handler: async (ctx, { sessionId, parentRefreshTokenId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q\n          .eq(\"sessionId\", sessionId as any)\n          .eq(\"parentRefreshTokenId\", parentRefreshTokenId as any),\n      )\n      .collect();\n  },\n});\n\n/**\n * List all refresh tokens belonging to a specific session.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to efficiently retrieve every refresh token associated with the given\n * session, including both active and consumed tokens.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.\n * @returns An array of all refresh token documents for the specified session.\n *\n * @example\n * ```ts\n * const tokens = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenListBySession,\n *   { sessionId: session._id },\n * );\n * console.log(`Session has ${tokens.length} refresh token(s)`);\n * ```\n */\nexport const refreshTokenListBySession = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.array(vRefreshTokenDoc),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q.eq(\"sessionId\", sessionId as any),\n      )\n      .collect();\n  },\n});\n\n/**\n * Delete all refresh tokens for a session.\n *\n * Queries the `RefreshToken` table for all tokens belonging to the given session\n * and deletes them in parallel. This is typically called when a session is\n * revoked or when token reuse is detected, effectively invalidating the entire\n * token chain for that session.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Invalidate all tokens for a compromised session\n * await ctx.runMutation(\n *   component.identity.tokens.refreshTokenDeleteAll,\n *   { sessionId: session._id },\n * );\n * ```\n */\nexport const refreshTokenDeleteAll = mutation({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.null(),\n  handler: async (ctx, { sessionId }) => {\n    const tokens = await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n        q.eq(\"sessionId\", sessionId as any),\n      )\n      .collect();\n    await Promise.all(\n      tokens.map((token) => ctx.db.delete(\"RefreshToken\", token._id)),\n    );\n    return null;\n  },\n});\n\n/**\n * Get the active (unused) refresh token for a session.\n *\n * Queries the `RefreshToken` table using the `session_id_first_used` index to\n * find the most recently created token for the session that has not yet been\n * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current\n * valid refresh token the client should be holding.\n *\n * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.\n * @returns The most recent unused refresh token document, or `null` if no active token exists\n *   (e.g. all tokens have been consumed or the session has no tokens).\n *\n * @example\n * ```ts\n * const activeToken = await ctx.runQuery(\n *   component.identity.tokens.refreshTokenGetActive,\n *   { sessionId: session._id },\n * );\n * if (activeToken !== null) {\n *   console.log(`Active token expires at: ${activeToken.expirationTime}`);\n * }\n * ```\n */\nexport const refreshTokenGetActive = query({\n  args: { sessionId: v.id(\"Session\") },\n  returns: v.union(vRefreshTokenDoc, v.null()),\n  handler: async (ctx, { sessionId }) => {\n    return await ctx.db\n      .query(\"RefreshToken\")\n      .withIndex(\"session_id_first_used\", (q) =>\n        q.eq(\"sessionId\", sessionId as any).eq(\"firstUsedTime\", undefined),\n      )\n      .order(\"desc\")\n      .first();\n  },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,MAAa,qBAAqB,SAAS;CACzC,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,gBAAgB,EAAE,QAAQ;EAC1B,sBAAsB,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;EACvD;CACD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,KAAY;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,eAAe,EAAE;CAC9C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,eAAe;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,gBAAgB,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB,WAAW;AAChD,QAAM,IAAI,GAAG,MAAM,gBAAgB,gBAAgB,KAAK;AACxD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,sBAAsB,EAAE,GAAG,eAAe;EAC3C;CACD,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,WAAW,2BAA2B;AAC3D,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EACG,GAAG,aAAa,UAAiB,CACjC,GAAG,wBAAwB,qBAA4B,CAC3D,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,wBAAwB,SAAS;CAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;EACrC,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;AACZ,QAAM,QAAQ,IACZ,OAAO,KAAK,UAAU,IAAI,GAAG,OAAO,gBAAgB,MAAM,IAAI,CAAC,CAChE;AACD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,wBAAwB,MAAM;CACzC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,0BAA0B,MACnC,EAAE,GAAG,aAAa,UAAiB,CAAC,GAAG,iBAAiB,OAAU,CACnE,CACA,MAAM,OAAO,CACb,OAAO;;CAEb,CAAC"}

package/dist/component/public/identity/users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"users.d.ts","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"mappings":";;;;;;;;;;;;;;;;AA2CA;;;;;AA6FA;;;;;AA+BA;;;;;AAqCA;;;;;AAuCA;;;;;AAmCA;cA3Oa,QAAA;;;;AA8Qb;;;;;AA2BA;;;;;;;;;;;;cA5Ma,WAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqCA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAuCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,SAAA;;;;;;;;;;;;;;;;;;;cA2BA,UAAA"}
+{"version":3,"file":"users.d.ts","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"mappings":";;;;;;;;;;;;;;;;AA4CA;;;;;AA6FA;;;;;AA+BA;;;;;AAqCA;;;;;AAuCA;;;;;AAmCA;cA3Oa,QAAA;;;;AA8Qb;;;;;AA2BA;;;;;;;;;;;;cA5Ma,WAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqCA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAuCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,SAAA;;;;;;;;;;;;;;;;;;;cA2BA,UAAA"}

package/dist/component/public/identity/users.js.map

@@ -1 +1 @@
-{"version":3,"file":"users.js","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"sourcesContent":["import { v } from \"convex/values\";\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vUserDoc } from \"../../model\";\n\n/**\n * List users with optional filtering, sorting, and cursor-based pagination.\n *\n * Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an\n * `email` or `phone` filter is provided, the corresponding database index is\n * used for efficient lookup; other filters are applied in-memory. Results are\n * returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`\n * back as `cursor` to fetch the next page, or receive `null` when all results\n * have been exhausted.\n *\n * @param args.where - Optional filter object. Fields: `email` (exact match),\n *   `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).\n * @param args.limit - Maximum number of users to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n *   to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.orderBy - The field to sort results by. One of `\"_creationTime\"`,\n *   `\"name\"`, `\"email\"`, or `\"phone\"`. Defaults to `\"_creationTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of user documents) and `nextCursor`\n *   (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // Fetch the first page of non-anonymous users\n * const page1 = await ctx.runQuery(\n *   component.identity.users.userList,\n *   { where: { isAnonymous: false }, limit: 20 },\n * );\n * console.log(page1.items);\n *\n * // Fetch the next page\n * if (page1.nextCursor !== null) {\n *   const page2 = await ctx.runQuery(\n *     component.identity.users.userList,\n *     { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },\n *   );\n * }\n * ```\n */\nexport const userList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        email: v.optional(v.string()),\n        phone: v.optional(v.string()),\n        isAnonymous: v.optional(v.boolean()),\n        name: v.optional(v.string()),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(\n        v.literal(\"_creationTime\"),\n        v.literal(\"name\"),\n        v.literal(\"email\"),\n        v.literal(\"phone\"),\n      ),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vUserDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    // Pick index based on where fields\n    let q;\n    if (where.email !== undefined) {\n      q = ctx.db\n        .query(\"User\")\n        .withIndex(\"email\", (idx) => idx.eq(\"email\", where.email!));\n    } else if (where.phone !== undefined) {\n      q = ctx.db\n        .query(\"User\")\n        .withIndex(\"phone\", (idx) => idx.eq(\"phone\", where.phone!));\n    } else {\n      q = ctx.db.query(\"User\");\n    }\n\n    // Apply remaining filters\n    if (where.isAnonymous !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"isAnonymous\"), where.isAnonymous!));\n    }\n    if (where.name !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n    }\n    // email/phone filters when not used as index\n    if (where.email !== undefined && where.phone !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"phone\"), where.phone!));\n    }\n\n    q = q.order(order);\n\n    // Cursor-based pagination: skip past the cursor ID\n    const all = await q.collect();\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Retrieve a single user by their Convex document ID.\n *\n * Performs a direct point lookup on the `User` table. Returns `null` if the\n * user has been deleted or never existed.\n *\n * @param args.userId - The Convex document ID (`Id<\"User\">`) of the user to retrieve.\n * @returns The user document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userGetById,\n *   { userId: session.userId },\n * );\n * if (user !== null) {\n *   console.log(`Name: ${user.name}, Email: ${user.email}`);\n * }\n * ```\n */\nexport const userGetById = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db.get(\"User\", userId);\n  },\n});\n\n/**\n * Find a user by their verified email address.\n *\n * Queries the `User` table using the `email_verified` index to locate users\n * whose `email` matches and whose `emailVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this email verified or if multiple users share the same verified email\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.email - The verified email address to search for (case-sensitive, exact match).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userFindByVerifiedEmail,\n *   { email: \"alice@example.com\" },\n * );\n * if (user !== null) {\n *   console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedEmail = query({\n  args: { email: v.string() },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { email }) => {\n    const users = await ctx.db\n      .query(\"User\")\n      .withIndex(\"email_verified\", (q) =>\n        q.eq(\"email\", email).gt(\"emailVerificationTime\", undefined),\n      )\n      .take(2);\n    return users.length === 1 ? users[0] : null;\n  },\n});\n\n/**\n * Find a user by their verified phone number.\n *\n * Queries the `User` table using the `phone_verified` index to locate users\n * whose `phone` matches and whose `phoneVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this phone verified or if multiple users share the same verified phone\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.phone - The verified phone number to search for (exact match, e.g. `\"+15551234567\"`).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userFindByVerifiedPhone,\n *   { phone: \"+15551234567\" },\n * );\n * if (user !== null) {\n *   console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedPhone = query({\n  args: { phone: v.string() },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { phone }) => {\n    const users = await ctx.db\n      .query(\"User\")\n      .withIndex(\"phone_verified\", (q) =>\n        q.eq(\"phone\", phone).gt(\"phoneVerificationTime\", undefined),\n      )\n      .take(2);\n    return users.length === 1 ? users[0] : null;\n  },\n});\n\n/**\n * Insert a new user document into the `User` table.\n *\n * Creates a brand-new user record. The `data` argument should conform to the\n * User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,\n * `extend`), but is typed as `any` to allow flexible extension.\n *\n * @param args.data - The user document fields to insert. Typically includes `name`,\n *   `email`, `isAnonymous`, and any custom fields under `extend`.\n * @returns The document ID of the newly created user.\n *\n * @example\n * ```ts\n * const userId = await ctx.runMutation(\n *   component.identity.users.userInsert,\n *   {\n *     data: {\n *       name: \"Alice\",\n *       email: \"alice@example.com\",\n *       isAnonymous: false,\n *     },\n *   },\n * );\n * ```\n */\nexport const userInsert = mutation({\n  args: { data: v.any() },\n  returns: v.id(\"User\"),\n  handler: async (ctx, { data }) => {\n    return await ctx.db.insert(\"User\", data);\n  },\n});\n\n/**\n * Insert a new user or update an existing one (upsert).\n *\n * When `userId` is provided and refers to an existing user, the document is\n * patched with the supplied `data` and the same `userId` is returned. When\n * `userId` is omitted or `undefined`, a new user document is inserted and its\n * generated ID is returned. This is the primary mechanism used during sign-in\n * flows to either create or refresh user profile data.\n *\n * @param args.userId - The document ID of an existing user to update. If `undefined`,\n *   a new user is created instead.\n * @param args.data - The user document fields to insert or merge. Accepts the same\n *   shape as the User table schema.\n * @returns The document ID of the created or updated user.\n *\n * @example\n * ```ts\n * // Create a new user if none exists, or update the existing one\n * const userId = await ctx.runMutation(\n *   component.identity.users.userUpsert,\n *   {\n *     userId: existingUserId ?? undefined,\n *     data: { name: \"Alice\", email: \"alice@example.com\" },\n *   },\n * );\n * ```\n */\nexport const userUpsert = mutation({\n  args: { userId: v.optional(v.id(\"User\")), data: v.any() },\n  returns: v.id(\"User\"),\n  handler: async (ctx, { userId, data }) => {\n    if (userId !== undefined) {\n      await ctx.db.patch(\"User\", userId, data);\n      return userId;\n    }\n    return await ctx.db.insert(\"User\", data);\n  },\n});\n\n/**\n * Patch an existing user document with partial data.\n *\n * Merges the provided fields into the existing user document. Fields not\n * included in `data` are left unchanged. Useful for updating profile\n * information such as `name`, `email`, or custom `extend` fields without\n * overwriting the entire document.\n *\n * @param args.userId - The document ID of the user to update.\n * @param args.data - A partial object containing the fields to merge into the user document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.users.userPatch,\n *   {\n *     userId: user._id,\n *     data: { name: \"Alice Smith\", image: \"https://example.com/avatar.png\" },\n *   },\n * );\n * ```\n */\nexport const userPatch = mutation({\n  args: { userId: v.id(\"User\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { userId, data }) => {\n    await ctx.db.patch(\"User\", userId, data);\n    return null;\n  },\n});\n\n/**\n * Delete a user document by ID.\n *\n * Removes the user from the `User` table. This is a no-op if the user does not\n * exist (i.e. was already deleted). Callers should ensure that related resources\n * such as accounts, sessions, and refresh tokens are cleaned up separately.\n *\n * @param args.userId - The document ID of the user to delete.\n * @returns `null` on success (including when the user was already absent).\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.users.userDelete,\n *   { userId: user._id },\n * );\n * ```\n */\nexport const userDelete = mutation({\n  args: { userId: v.id(\"User\") },\n  returns: v.null(),\n  handler: async (ctx, { userId }) => {\n    if ((await ctx.db.get(\"User\", userId)) !== null) {\n      await ctx.db.delete(\"User\", userId);\n    }\n    return null;\n  },\n});\n\n// ============================================================================\n// Accounts\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CA,MAAa,WAAW,MAAM;CAC5B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;GACpC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,QAAQ,CACnB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,SAAS;CAC7B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,UAAU,OAClB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;WACpD,MAAM,UAAU,OACzB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;MAE7D,KAAI,IAAI,GAAG,MAAM,OAAO;AAI1B,MAAI,MAAM,gBAAgB,OACxB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,EAAE,MAAM,YAAa,CAAC;AAEvE,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MAAI,MAAM,UAAU,UAAa,MAAM,UAAU,OAC/C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAG3D,MAAI,EAAE,MAAM,MAAM;EAGlB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;CACvB,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,aAAa,SAAS;CACjC,MAAM;EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,MAAI,WAAW,QAAW;AACxB,SAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,UAAO;;AAET,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,YAAY,SAAS;CAChC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,QAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,MAAK,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO,KAAM,KACzC,OAAM,IAAI,GAAG,OAAO,QAAQ,OAAO;AAErC,SAAO;;CAEV,CAAC"}
+{"version":3,"file":"users.js","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vUserDoc } from \"../../model\";\n\n/**\n * List users with optional filtering, sorting, and cursor-based pagination.\n *\n * Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an\n * `email` or `phone` filter is provided, the corresponding database index is\n * used for efficient lookup; other filters are applied in-memory. Results are\n * returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`\n * back as `cursor` to fetch the next page, or receive `null` when all results\n * have been exhausted.\n *\n * @param args.where - Optional filter object. Fields: `email` (exact match),\n *   `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).\n * @param args.limit - Maximum number of users to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n *   to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.orderBy - The field to sort results by. One of `\"_creationTime\"`,\n *   `\"name\"`, `\"email\"`, or `\"phone\"`. Defaults to `\"_creationTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of user documents) and `nextCursor`\n *   (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // Fetch the first page of non-anonymous users\n * const page1 = await ctx.runQuery(\n *   component.identity.users.userList,\n *   { where: { isAnonymous: false }, limit: 20 },\n * );\n * console.log(page1.items);\n *\n * // Fetch the next page\n * if (page1.nextCursor !== null) {\n *   const page2 = await ctx.runQuery(\n *     component.identity.users.userList,\n *     { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },\n *   );\n * }\n * ```\n */\nexport const userList = query({\n  args: {\n    where: v.optional(\n      v.object({\n        email: v.optional(v.string()),\n        phone: v.optional(v.string()),\n        isAnonymous: v.optional(v.boolean()),\n        name: v.optional(v.string()),\n      }),\n    ),\n    limit: v.optional(v.number()),\n    cursor: v.optional(v.union(v.string(), v.null())),\n    orderBy: v.optional(\n      v.union(\n        v.literal(\"_creationTime\"),\n        v.literal(\"name\"),\n        v.literal(\"email\"),\n        v.literal(\"phone\"),\n      ),\n    ),\n    order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n  },\n  returns: vPaginated(vUserDoc),\n  handler: async (ctx, args) => {\n    const where = args.where ?? {};\n    const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n    const order = args.order ?? \"desc\";\n\n    // Pick index based on where fields\n    let q;\n    if (where.email !== undefined) {\n      q = ctx.db\n        .query(\"User\")\n        .withIndex(\"email\", (idx) => idx.eq(\"email\", where.email!));\n    } else if (where.phone !== undefined) {\n      q = ctx.db\n        .query(\"User\")\n        .withIndex(\"phone\", (idx) => idx.eq(\"phone\", where.phone!));\n    } else {\n      q = ctx.db.query(\"User\");\n    }\n\n    // Apply remaining filters\n    if (where.isAnonymous !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"isAnonymous\"), where.isAnonymous!));\n    }\n    if (where.name !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n    }\n    // email/phone filters when not used as index\n    if (where.email !== undefined && where.phone !== undefined) {\n      q = q.filter((f) => f.eq(f.field(\"phone\"), where.phone!));\n    }\n\n    q = q.order(order);\n\n    // Cursor-based pagination: skip past the cursor ID\n    const all = await q.collect();\n    let startIdx = 0;\n    if (args.cursor) {\n      const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n      if (cursorIdx !== -1) {\n        startIdx = cursorIdx + 1;\n      }\n    }\n    const page = all.slice(startIdx, startIdx + limit + 1);\n    const hasMore = page.length > limit;\n    const items = hasMore ? page.slice(0, limit) : page;\n    const nextCursor = hasMore ? items[items.length - 1]._id : null;\n    return { items, nextCursor };\n  },\n});\n\n/**\n * Retrieve a single user by their Convex document ID.\n *\n * Performs a direct point lookup on the `User` table. Returns `null` if the\n * user has been deleted or never existed.\n *\n * @param args.userId - The Convex document ID (`Id<\"User\">`) of the user to retrieve.\n * @returns The user document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userGetById,\n *   { userId: session.userId },\n * );\n * if (user !== null) {\n *   console.log(`Name: ${user.name}, Email: ${user.email}`);\n * }\n * ```\n */\nexport const userGetById = query({\n  args: { userId: v.id(\"User\") },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { userId }) => {\n    return await ctx.db.get(\"User\", userId);\n  },\n});\n\n/**\n * Find a user by their verified email address.\n *\n * Queries the `User` table using the `email_verified` index to locate users\n * whose `email` matches and whose `emailVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this email verified or if multiple users share the same verified email\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.email - The verified email address to search for (case-sensitive, exact match).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userFindByVerifiedEmail,\n *   { email: \"alice@example.com\" },\n * );\n * if (user !== null) {\n *   console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedEmail = query({\n  args: { email: v.string() },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { email }) => {\n    const users = await ctx.db\n      .query(\"User\")\n      .withIndex(\"email_verified\", (q) =>\n        q.eq(\"email\", email).gt(\"emailVerificationTime\", undefined),\n      )\n      .take(2);\n    return users.length === 1 ? users[0] : null;\n  },\n});\n\n/**\n * Find a user by their verified phone number.\n *\n * Queries the `User` table using the `phone_verified` index to locate users\n * whose `phone` matches and whose `phoneVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this phone verified or if multiple users share the same verified phone\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.phone - The verified phone number to search for (exact match, e.g. `\"+15551234567\"`).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n *   component.identity.users.userFindByVerifiedPhone,\n *   { phone: \"+15551234567\" },\n * );\n * if (user !== null) {\n *   console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedPhone = query({\n  args: { phone: v.string() },\n  returns: v.union(vUserDoc, v.null()),\n  handler: async (ctx, { phone }) => {\n    const users = await ctx.db\n      .query(\"User\")\n      .withIndex(\"phone_verified\", (q) =>\n        q.eq(\"phone\", phone).gt(\"phoneVerificationTime\", undefined),\n      )\n      .take(2);\n    return users.length === 1 ? users[0] : null;\n  },\n});\n\n/**\n * Insert a new user document into the `User` table.\n *\n * Creates a brand-new user record. The `data` argument should conform to the\n * User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,\n * `extend`), but is typed as `any` to allow flexible extension.\n *\n * @param args.data - The user document fields to insert. Typically includes `name`,\n *   `email`, `isAnonymous`, and any custom fields under `extend`.\n * @returns The document ID of the newly created user.\n *\n * @example\n * ```ts\n * const userId = await ctx.runMutation(\n *   component.identity.users.userInsert,\n *   {\n *     data: {\n *       name: \"Alice\",\n *       email: \"alice@example.com\",\n *       isAnonymous: false,\n *     },\n *   },\n * );\n * ```\n */\nexport const userInsert = mutation({\n  args: { data: v.any() },\n  returns: v.id(\"User\"),\n  handler: async (ctx, { data }) => {\n    return await ctx.db.insert(\"User\", data);\n  },\n});\n\n/**\n * Insert a new user or update an existing one (upsert).\n *\n * When `userId` is provided and refers to an existing user, the document is\n * patched with the supplied `data` and the same `userId` is returned. When\n * `userId` is omitted or `undefined`, a new user document is inserted and its\n * generated ID is returned. This is the primary mechanism used during sign-in\n * flows to either create or refresh user profile data.\n *\n * @param args.userId - The document ID of an existing user to update. If `undefined`,\n *   a new user is created instead.\n * @param args.data - The user document fields to insert or merge. Accepts the same\n *   shape as the User table schema.\n * @returns The document ID of the created or updated user.\n *\n * @example\n * ```ts\n * // Create a new user if none exists, or update the existing one\n * const userId = await ctx.runMutation(\n *   component.identity.users.userUpsert,\n *   {\n *     userId: existingUserId ?? undefined,\n *     data: { name: \"Alice\", email: \"alice@example.com\" },\n *   },\n * );\n * ```\n */\nexport const userUpsert = mutation({\n  args: { userId: v.optional(v.id(\"User\")), data: v.any() },\n  returns: v.id(\"User\"),\n  handler: async (ctx, { userId, data }) => {\n    if (userId !== undefined) {\n      await ctx.db.patch(\"User\", userId, data);\n      return userId;\n    }\n    return await ctx.db.insert(\"User\", data);\n  },\n});\n\n/**\n * Patch an existing user document with partial data.\n *\n * Merges the provided fields into the existing user document. Fields not\n * included in `data` are left unchanged. Useful for updating profile\n * information such as `name`, `email`, or custom `extend` fields without\n * overwriting the entire document.\n *\n * @param args.userId - The document ID of the user to update.\n * @param args.data - A partial object containing the fields to merge into the user document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.users.userPatch,\n *   {\n *     userId: user._id,\n *     data: { name: \"Alice Smith\", image: \"https://example.com/avatar.png\" },\n *   },\n * );\n * ```\n */\nexport const userPatch = mutation({\n  args: { userId: v.id(\"User\"), data: v.any() },\n  returns: v.null(),\n  handler: async (ctx, { userId, data }) => {\n    await ctx.db.patch(\"User\", userId, data);\n    return null;\n  },\n});\n\n/**\n * Delete a user document by ID.\n *\n * Removes the user from the `User` table. This is a no-op if the user does not\n * exist (i.e. was already deleted). Callers should ensure that related resources\n * such as accounts, sessions, and refresh tokens are cleaned up separately.\n *\n * @param args.userId - The document ID of the user to delete.\n * @returns `null` on success (including when the user was already absent).\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n *   component.identity.users.userDelete,\n *   { userId: user._id },\n * );\n * ```\n */\nexport const userDelete = mutation({\n  args: { userId: v.id(\"User\") },\n  returns: v.null(),\n  handler: async (ctx, { userId }) => {\n    if ((await ctx.db.get(\"User\", userId)) !== null) {\n      await ctx.db.delete(\"User\", userId);\n    }\n    return null;\n  },\n});\n\n// ============================================================================\n// Accounts\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CA,MAAa,WAAW,MAAM;CAC5B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;GACpC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,QAAQ,CACnB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,SAAS;CAC7B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,UAAU,OAClB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;WACpD,MAAM,UAAU,OACzB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;MAE7D,KAAI,IAAI,GAAG,MAAM,OAAO;AAI1B,MAAI,MAAM,gBAAgB,OACxB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,EAAE,MAAM,YAAa,CAAC;AAEvE,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MAAI,MAAM,UAAU,UAAa,MAAM,UAAU,OAC/C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAG3D,MAAI,EAAE,MAAM,MAAM;EAGlB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;CACvB,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,aAAa,SAAS;CACjC,MAAM;EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,MAAI,WAAW,QAAW;AACxB,SAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,UAAO;;AAET,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,YAAY,SAAS;CAChC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,QAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,MAAK,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO,KAAM,KACzC,OAAM,IAAI,GAAG,OAAO,QAAQ,OAAO;AAErC,SAAO;;CAEV,CAAC"}

package/dist/component/public/identity/verifiers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifiers.d.ts","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"mappings":";;;;;;;;;;;;;AAwBA;;;;;AA4BA;;;;;cA5Ba,cAAA;;;;;AA6Fb;;;;;AA4BA;;;;;;;;;;;cA7Fa,eAAA;;;;;;;;;;;;;;;;;;;;;;;cA8BA,sBAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,aAAA;;;;;;;;;;;;;;;;;;;;cA4BA,cAAA"}
+{"version":3,"file":"verifiers.d.ts","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"mappings":";;;;;;;;;;;;;AAyBA;;;;;AA4BA;;;;;cA5Ba,cAAA;;;;;AA6Fb;;;;;AA4BA;;;;;;;;;;;cA7Fa,eAAA;;;;;;;;;;;;;;;;;;;;;;;cA8BA,sBAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,aAAA;;;;;;;;;;;;;;;;;;;;cA4BA,cAAA"}