@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,5 +1,5 @@
1
- import * as convex_server66 from "convex/server";
2
- import * as convex_values695 from "convex/values";
1
+ import * as convex_values87 from "convex/values";
2
+ import * as convex_server81 from "convex/server";
3
3
 
4
4
  //#region src/component/schema.d.ts
5
5
  /**
@@ -9,30 +9,30 @@ import * as convex_values695 from "convex/values";
9
9
  * verification codes, PKCE verifiers, rate limits) and hierarchical group
10
10
  * management (groups, members, invites).
11
11
  */
12
- declare const _default: convex_server66.SchemaDefinition<{
12
+ declare const _default: convex_server81.SchemaDefinition<{
13
13
  /**
14
14
  * Authenticated users. A user may have multiple linked accounts
15
15
  * and multiple concurrent sessions.
16
16
  */
17
- User: convex_server66.TableDefinition<convex_values695.VObject<{
18
- phone?: string | undefined;
19
- name?: string | undefined;
17
+ User: convex_server81.TableDefinition<convex_values87.VObject<{
20
18
  email?: string | undefined;
21
- extend?: any;
19
+ name?: string | undefined;
22
20
  image?: string | undefined;
21
+ phone?: string | undefined;
22
+ extend?: any;
23
23
  emailVerificationTime?: number | undefined;
24
24
  phoneVerificationTime?: number | undefined;
25
25
  isAnonymous?: boolean | undefined;
26
26
  }, {
27
- name: convex_values695.VString<string | undefined, "optional">;
28
- image: convex_values695.VString<string | undefined, "optional">;
29
- email: convex_values695.VString<string | undefined, "optional">;
30
- emailVerificationTime: convex_values695.VFloat64<number | undefined, "optional">;
31
- phone: convex_values695.VString<string | undefined, "optional">;
32
- phoneVerificationTime: convex_values695.VFloat64<number | undefined, "optional">;
33
- isAnonymous: convex_values695.VBoolean<boolean | undefined, "optional">;
34
- extend: convex_values695.VAny<any, "optional", string>;
35
- }, "required", "phone" | "name" | "email" | "extend" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
27
+ name: convex_values87.VString<string | undefined, "optional">;
28
+ image: convex_values87.VString<string | undefined, "optional">;
29
+ email: convex_values87.VString<string | undefined, "optional">;
30
+ emailVerificationTime: convex_values87.VFloat64<number | undefined, "optional">;
31
+ phone: convex_values87.VString<string | undefined, "optional">;
32
+ phoneVerificationTime: convex_values87.VFloat64<number | undefined, "optional">;
33
+ isAnonymous: convex_values87.VBoolean<boolean | undefined, "optional">;
34
+ extend: convex_values87.VAny<any, "optional", string>;
35
+ }, "required", "email" | "name" | "image" | "phone" | "extend" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
36
36
  email: ["email", "_creationTime"];
37
37
  email_verified: ["email", "emailVerificationTime", "_creationTime"];
38
38
  phone: ["phone", "_creationTime"];
@@ -43,12 +43,12 @@ declare const _default: convex_server66.SchemaDefinition<{
43
43
  * across different devices or browsers. Sessions expire after a
44
44
  * configurable duration.
45
45
  */
46
- Session: convex_server66.TableDefinition<convex_values695.VObject<{
47
- userId: convex_values695.GenericId<"User">;
46
+ Session: convex_server81.TableDefinition<convex_values87.VObject<{
47
+ userId: convex_values87.GenericId<"User">;
48
48
  expirationTime: number;
49
49
  }, {
50
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">;
51
- expirationTime: convex_values695.VFloat64<number, "required">;
50
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
51
+ expirationTime: convex_values87.VFloat64<number, "required">;
52
52
  }, "required", "userId" | "expirationTime">, {
53
53
  user_id: ["userId", "_creationTime"];
54
54
  }, {}, {}>;
@@ -57,23 +57,23 @@ declare const _default: convex_server66.SchemaDefinition<{
57
57
  * authentication provider (e.g. Google OAuth, email/password).
58
58
  * A user can have multiple accounts linked.
59
59
  */
60
- Account: convex_server66.TableDefinition<convex_values695.VObject<{
60
+ Account: convex_server81.TableDefinition<convex_values87.VObject<{
61
+ emailVerified?: string | undefined;
61
62
  extend?: any;
62
63
  secret?: string | undefined;
63
- emailVerified?: string | undefined;
64
64
  phoneVerified?: string | undefined;
65
- userId: convex_values695.GenericId<"User">;
65
+ userId: convex_values87.GenericId<"User">;
66
66
  provider: string;
67
67
  providerAccountId: string;
68
68
  }, {
69
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">;
70
- provider: convex_values695.VString<string, "required">;
71
- providerAccountId: convex_values695.VString<string, "required">;
72
- secret: convex_values695.VString<string | undefined, "optional">;
73
- emailVerified: convex_values695.VString<string | undefined, "optional">;
74
- phoneVerified: convex_values695.VString<string | undefined, "optional">;
75
- extend: convex_values695.VAny<any, "optional", string>;
76
- }, "required", "userId" | "extend" | "provider" | "providerAccountId" | "secret" | `extend.${string}` | "emailVerified" | "phoneVerified">, {
69
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
70
+ provider: convex_values87.VString<string, "required">;
71
+ providerAccountId: convex_values87.VString<string, "required">;
72
+ secret: convex_values87.VString<string | undefined, "optional">;
73
+ emailVerified: convex_values87.VString<string | undefined, "optional">;
74
+ phoneVerified: convex_values87.VString<string | undefined, "optional">;
75
+ extend: convex_values87.VAny<any, "optional", string>;
76
+ }, "required", "emailVerified" | "userId" | "extend" | `extend.${string}` | "provider" | "providerAccountId" | "secret" | "phoneVerified">, {
77
77
  user_id_provider: ["userId", "provider", "_creationTime"];
78
78
  provider_account_id: ["provider", "providerAccountId", "_creationTime"];
79
79
  }, {}, {}>;
@@ -85,17 +85,17 @@ declare const _default: convex_server66.SchemaDefinition<{
85
85
  * been used yet. A 10-second reuse window allows for concurrent requests.
86
86
  * Any invalid use of a token invalidates the entire chain.
87
87
  */
88
- RefreshToken: convex_server66.TableDefinition<convex_values695.VObject<{
88
+ RefreshToken: convex_server81.TableDefinition<convex_values87.VObject<{
89
89
  firstUsedTime?: number | undefined;
90
- parentRefreshTokenId?: convex_values695.GenericId<"RefreshToken"> | undefined;
91
- sessionId: convex_values695.GenericId<"Session">;
90
+ parentRefreshTokenId?: convex_values87.GenericId<"RefreshToken"> | undefined;
92
91
  expirationTime: number;
92
+ sessionId: convex_values87.GenericId<"Session">;
93
93
  }, {
94
- sessionId: convex_values695.VId<convex_values695.GenericId<"Session">, "required">;
95
- expirationTime: convex_values695.VFloat64<number, "required">;
96
- firstUsedTime: convex_values695.VFloat64<number | undefined, "optional">;
97
- parentRefreshTokenId: convex_values695.VId<convex_values695.GenericId<"RefreshToken"> | undefined, "optional">;
98
- }, "required", "sessionId" | "expirationTime" | "firstUsedTime" | "parentRefreshTokenId">, {
94
+ sessionId: convex_values87.VId<convex_values87.GenericId<"Session">, "required">;
95
+ expirationTime: convex_values87.VFloat64<number, "required">;
96
+ firstUsedTime: convex_values87.VFloat64<number | undefined, "optional">;
97
+ parentRefreshTokenId: convex_values87.VId<convex_values87.GenericId<"RefreshToken"> | undefined, "optional">;
98
+ }, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
99
99
  session_id: ["sessionId", "_creationTime"];
100
100
  session_id_first_used: ["sessionId", "firstUsedTime", "_creationTime"];
101
101
  session_id_parent_refresh_token_id: ["sessionId", "parentRefreshTokenId", "_creationTime"];
@@ -103,23 +103,23 @@ declare const _default: convex_server66.SchemaDefinition<{
103
103
  /**
104
104
  * Verification codes for OTP tokens, magic link tokens, and OAuth codes.
105
105
  */
106
- VerificationCode: convex_server66.TableDefinition<convex_values695.VObject<{
107
- verifier?: string | undefined;
106
+ VerificationCode: convex_server81.TableDefinition<convex_values87.VObject<{
108
107
  emailVerified?: string | undefined;
109
108
  phoneVerified?: string | undefined;
109
+ verifier?: string | undefined;
110
+ expirationTime: number;
110
111
  provider: string;
111
- accountId: convex_values695.GenericId<"Account">;
112
+ accountId: convex_values87.GenericId<"Account">;
112
113
  code: string;
113
- expirationTime: number;
114
114
  }, {
115
- accountId: convex_values695.VId<convex_values695.GenericId<"Account">, "required">;
116
- provider: convex_values695.VString<string, "required">;
117
- code: convex_values695.VString<string, "required">;
118
- expirationTime: convex_values695.VFloat64<number, "required">;
119
- verifier: convex_values695.VString<string | undefined, "optional">;
120
- emailVerified: convex_values695.VString<string | undefined, "optional">;
121
- phoneVerified: convex_values695.VString<string | undefined, "optional">;
122
- }, "required", "provider" | "verifier" | "accountId" | "code" | "expirationTime" | "emailVerified" | "phoneVerified">, {
115
+ accountId: convex_values87.VId<convex_values87.GenericId<"Account">, "required">;
116
+ provider: convex_values87.VString<string, "required">;
117
+ code: convex_values87.VString<string, "required">;
118
+ expirationTime: convex_values87.VFloat64<number, "required">;
119
+ verifier: convex_values87.VString<string | undefined, "optional">;
120
+ emailVerified: convex_values87.VString<string | undefined, "optional">;
121
+ phoneVerified: convex_values87.VString<string | undefined, "optional">;
122
+ }, "required", "emailVerified" | "expirationTime" | "provider" | "phoneVerified" | "accountId" | "code" | "verifier">, {
123
123
  account_id: ["accountId", "_creationTime"];
124
124
  code: ["code", "_creationTime"];
125
125
  }, {}, {}>;
@@ -127,12 +127,12 @@ declare const _default: convex_server66.SchemaDefinition<{
127
127
  * PKCE verifiers for OAuth flows. Stores the cryptographic verifier
128
128
  * used to prove the authorization request originated from this client.
129
129
  */
130
- AuthVerifier: convex_server66.TableDefinition<convex_values695.VObject<{
131
- sessionId?: convex_values695.GenericId<"Session"> | undefined;
130
+ AuthVerifier: convex_server81.TableDefinition<convex_values87.VObject<{
131
+ sessionId?: convex_values87.GenericId<"Session"> | undefined;
132
132
  signature?: string | undefined;
133
133
  }, {
134
- sessionId: convex_values695.VId<convex_values695.GenericId<"Session"> | undefined, "optional">;
135
- signature: convex_values695.VString<string | undefined, "optional">;
134
+ sessionId: convex_values87.VId<convex_values87.GenericId<"Session"> | undefined, "optional">;
135
+ signature: convex_values87.VString<string | undefined, "optional">;
136
136
  }, "required", "sessionId" | "signature">, {
137
137
  signature: ["signature", "_creationTime"];
138
138
  }, {}, {}>;
@@ -141,11 +141,11 @@ declare const _default: convex_server66.SchemaDefinition<{
141
141
  * registered authenticator (Touch ID, Face ID, security key, etc.).
142
142
  * A user can have multiple passkeys across different devices.
143
143
  */
144
- Passkey: convex_server66.TableDefinition<convex_values695.VObject<{
144
+ Passkey: convex_server81.TableDefinition<convex_values87.VObject<{
145
145
  name?: string | undefined;
146
146
  lastUsedAt?: number | undefined;
147
147
  transports?: string[] | undefined;
148
- userId: convex_values695.GenericId<"User">;
148
+ userId: convex_values87.GenericId<"User">;
149
149
  createdAt: number;
150
150
  credentialId: string;
151
151
  publicKey: ArrayBuffer;
@@ -154,17 +154,17 @@ declare const _default: convex_server66.SchemaDefinition<{
154
154
  deviceType: string;
155
155
  backedUp: boolean;
156
156
  }, {
157
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
158
- credentialId: convex_values695.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
159
- publicKey: convex_values695.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
160
- algorithm: convex_values695.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
161
- counter: convex_values695.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
162
- transports: convex_values695.VArray<string[] | undefined, convex_values695.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
163
- deviceType: convex_values695.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
164
- backedUp: convex_values695.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
165
- name: convex_values695.VString<string | undefined, "optional">;
166
- createdAt: convex_values695.VFloat64<number, "required">;
167
- lastUsedAt: convex_values695.VFloat64<number | undefined, "optional">;
157
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
158
+ credentialId: convex_values87.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
159
+ publicKey: convex_values87.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
160
+ algorithm: convex_values87.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
161
+ counter: convex_values87.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
162
+ transports: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
163
+ deviceType: convex_values87.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
164
+ backedUp: convex_values87.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
165
+ name: convex_values87.VString<string | undefined, "optional">;
166
+ createdAt: convex_values87.VFloat64<number, "required">;
167
+ lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
168
168
  }, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp">, {
169
169
  user_id: ["userId", "_creationTime"];
170
170
  credential_id: ["credentialId", "_creationTime"];
@@ -178,24 +178,24 @@ declare const _default: convex_server66.SchemaDefinition<{
178
178
  * by successfully entering a code from their authenticator app.
179
179
  * Unverified enrollments are in-progress setup that can be discarded.
180
180
  */
181
- TotpFactor: convex_server66.TableDefinition<convex_values695.VObject<{
181
+ TotpFactor: convex_server81.TableDefinition<convex_values87.VObject<{
182
182
  name?: string | undefined;
183
183
  lastUsedAt?: number | undefined;
184
- userId: convex_values695.GenericId<"User">;
184
+ userId: convex_values87.GenericId<"User">;
185
185
  createdAt: number;
186
186
  secret: ArrayBuffer;
187
187
  digits: number;
188
188
  period: number;
189
189
  verified: boolean;
190
190
  }, {
191
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
192
- secret: convex_values695.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
193
- digits: convex_values695.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
194
- period: convex_values695.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
195
- verified: convex_values695.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
196
- name: convex_values695.VString<string | undefined, "optional">;
197
- createdAt: convex_values695.VFloat64<number, "required">;
198
- lastUsedAt: convex_values695.VFloat64<number | undefined, "optional">;
191
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
192
+ secret: convex_values87.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
193
+ digits: convex_values87.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
194
+ period: convex_values87.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
195
+ verified: convex_values87.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
196
+ name: convex_values87.VString<string | undefined, "optional">;
197
+ createdAt: convex_values87.VFloat64<number, "required">;
198
+ lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
199
199
  }, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "secret" | "digits" | "period" | "verified">, {
200
200
  user_id: ["userId", "_creationTime"];
201
201
  user_id_verified: ["userId", "verified", "_creationTime"];
@@ -205,9 +205,9 @@ declare const _default: convex_server66.SchemaDefinition<{
205
205
  * device auth session — the device polls with `deviceCode` while the
206
206
  * user authorizes via `userCode` on a secondary device.
207
207
  */
208
- DeviceCode: convex_server66.TableDefinition<convex_values695.VObject<{
209
- userId?: convex_values695.GenericId<"User"> | undefined;
210
- sessionId?: convex_values695.GenericId<"Session"> | undefined;
208
+ DeviceCode: convex_server81.TableDefinition<convex_values87.VObject<{
209
+ userId?: convex_values87.GenericId<"User"> | undefined;
210
+ sessionId?: convex_values87.GenericId<"Session"> | undefined;
211
211
  lastPolledAt?: number | undefined;
212
212
  status: "pending" | "authorized" | "denied";
213
213
  expiresAt: number;
@@ -215,14 +215,14 @@ declare const _default: convex_server66.SchemaDefinition<{
215
215
  userCode: string;
216
216
  interval: number;
217
217
  }, {
218
- /** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values695.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
219
- userCode: convex_values695.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
220
- expiresAt: convex_values695.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
221
- interval: convex_values695.VFloat64<number, "required">; /** Current status of this device authorization session. */
222
- status: convex_values695.VUnion<"pending" | "authorized" | "denied", [convex_values695.VLiteral<"pending", "required">, convex_values695.VLiteral<"authorized", "required">, convex_values695.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
223
- userId: convex_values695.VId<convex_values695.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
224
- sessionId: convex_values695.VId<convex_values695.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
225
- lastPolledAt: convex_values695.VFloat64<number | undefined, "optional">;
218
+ /** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values87.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
219
+ userCode: convex_values87.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
220
+ expiresAt: convex_values87.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
221
+ interval: convex_values87.VFloat64<number, "required">; /** Current status of this device authorization session. */
222
+ status: convex_values87.VUnion<"pending" | "authorized" | "denied", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"authorized", "required">, convex_values87.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
223
+ userId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
224
+ sessionId: convex_values87.VId<convex_values87.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
225
+ lastPolledAt: convex_values87.VFloat64<number | undefined, "optional">;
226
226
  }, "required", "status" | "expiresAt" | "userId" | "sessionId" | "deviceCodeHash" | "userCode" | "interval" | "lastPolledAt">, {
227
227
  device_code_hash: ["deviceCodeHash", "_creationTime"];
228
228
  user_code_status: ["userCode", "status", "_creationTime"];
@@ -230,14 +230,14 @@ declare const _default: convex_server66.SchemaDefinition<{
230
230
  /**
231
231
  * Rate limit tracking for OTP and password sign-in attempts.
232
232
  */
233
- RateLimit: convex_server66.TableDefinition<convex_values695.VObject<{
233
+ RateLimit: convex_server81.TableDefinition<convex_values87.VObject<{
234
234
  identifier: string;
235
235
  last_attempt_time: number;
236
236
  attempts_left: number;
237
237
  }, {
238
- identifier: convex_values695.VString<string, "required">;
239
- last_attempt_time: convex_values695.VFloat64<number, "required">;
240
- attempts_left: convex_values695.VFloat64<number, "required">;
238
+ identifier: convex_values87.VString<string, "required">;
239
+ last_attempt_time: convex_values87.VFloat64<number, "required">;
240
+ attempts_left: convex_values87.VFloat64<number, "required">;
241
241
  }, "required", "identifier" | "last_attempt_time" | "attempts_left">, {
242
242
  by_identifier: ["identifier", "_creationTime"];
243
243
  }, {}, {}>;
@@ -246,139 +246,17 @@ declare const _default: convex_server66.SchemaDefinition<{
246
246
  * Groups can nest arbitrarily deep via `parentGroupId` for modeling
247
247
  * organizations, teams, departments, or any tree structure.
248
248
  */
249
- Group: convex_server66.TableDefinition<convex_values695.VObject<{
249
+ Group: convex_server81.TableDefinition<convex_values87.VObject<{
250
250
  slug?: string | undefined;
251
251
  type?: string | undefined;
252
252
  extend?: any;
253
- parentGroupId?: convex_values695.GenericId<"Group"> | undefined;
254
- rootGroupId?: convex_values695.GenericId<"Group"> | undefined;
253
+ parentGroupId?: convex_values87.GenericId<"Group"> | undefined;
254
+ rootGroupId?: convex_values87.GenericId<"Group"> | undefined;
255
255
  isRoot?: boolean | undefined;
256
256
  tags?: {
257
- value: string;
258
- key: string;
259
- }[] | undefined;
260
- name: string;
261
- }, {
262
- name: convex_values695.VString<string, "required">;
263
- slug: convex_values695.VString<string | undefined, "optional">;
264
- type: convex_values695.VString<string | undefined, "optional">;
265
- parentGroupId: convex_values695.VId<convex_values695.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
266
- rootGroupId: convex_values695.VId<convex_values695.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
267
- isRoot: convex_values695.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
268
- tags: convex_values695.VArray<{
269
- value: string;
270
257
  key: string;
271
- }[] | undefined, convex_values695.VObject<{
272
258
  value: string;
273
- key: string;
274
- }, {
275
- key: convex_values695.VString<string, "required">;
276
- value: convex_values695.VString<string, "required">;
277
- }, "required", "value" | "key">, "optional">;
278
- extend: convex_values695.VAny<any, "optional", string>;
279
- }, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags">, {
280
- slug: ["slug", "_creationTime"];
281
- parent_group_id: ["parentGroupId", "_creationTime"];
282
- root_group_id: ["rootGroupId", "_creationTime"];
283
- is_root: ["isRoot", "_creationTime"];
284
- type: ["type", "_creationTime"];
285
- type_parent_group_id: ["type", "parentGroupId", "_creationTime"];
286
- }, {}, {}>;
287
- /**
288
- * Denormalized group-tag index table for efficient tag-based filtering.
289
- * Each row maps one `(key, value)` pair to a group. Kept in sync by
290
- * `groupCreate`, `groupUpdate`, and `groupDelete`.
291
- */
292
- GroupTag: convex_server66.TableDefinition<convex_values695.VObject<{
293
- value: string;
294
- key: string;
295
- group_id: convex_values695.GenericId<"Group">;
296
- }, {
297
- group_id: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
298
- key: convex_values695.VString<string, "required">;
299
- value: convex_values695.VString<string, "required">;
300
- }, "required", "value" | "key" | "group_id">, {
301
- by_group: ["group_id", "_creationTime"];
302
- by_key_value: ["key", "value", "_creationTime"];
303
- by_key: ["key", "_creationTime"];
304
- }, {}, {}>;
305
- /**
306
- * Group membership. Links a user to a group with an application-defined
307
- * role (e.g. "owner", "admin", "member", "viewer"). A user can be a
308
- * member of multiple groups with different roles in each.
309
- */
310
- GroupMember: convex_server66.TableDefinition<convex_values695.VObject<{
311
- status?: string | undefined;
312
- extend?: any;
313
- role?: string | undefined;
314
- roleIds?: string[] | undefined;
315
- userId: convex_values695.GenericId<"User">;
316
- groupId: convex_values695.GenericId<"Group">;
317
- }, {
318
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
319
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">;
320
- role: convex_values695.VString<string | undefined, "optional">;
321
- roleIds: convex_values695.VArray<string[] | undefined, convex_values695.VString<string, "required">, "optional">;
322
- status: convex_values695.VString<string | undefined, "optional">;
323
- extend: convex_values695.VAny<any, "optional", string>;
324
- }, "required", "status" | "userId" | "extend" | "groupId" | `extend.${string}` | "role" | "roleIds">, {
325
- group_id: ["groupId", "_creationTime"];
326
- group_id_user_id: ["groupId", "userId", "_creationTime"];
327
- group_id_status: ["groupId", "status", "_creationTime"];
328
- user_id: ["userId", "_creationTime"];
329
- }, {}, {}>;
330
- /**
331
- * Invitations. Tracks pending, accepted, revoked, and expired
332
- * invitations. Optionally scoped to a group via `groupId`, or
333
- * platform-level when `groupId` is omitted.
334
- *
335
- * `email` and `invitedByUserId` are optional to support CLI-generated
336
- * invite links where neither is known upfront.
337
- */
338
- GroupInvite: convex_server66.TableDefinition<convex_values695.VObject<{
339
- email?: string | undefined;
340
- expiresTime?: number | undefined;
341
- acceptedTime?: number | undefined;
342
- extend?: any;
343
- groupId?: convex_values695.GenericId<"Group"> | undefined;
344
- acceptedByUserId?: convex_values695.GenericId<"User"> | undefined;
345
- role?: string | undefined;
346
- roleIds?: string[] | undefined;
347
- invitedByUserId?: convex_values695.GenericId<"User"> | undefined;
348
- status: "pending" | "accepted" | "revoked" | "expired";
349
- tokenHash: string;
350
- }, {
351
- groupId: convex_values695.VId<convex_values695.GenericId<"Group"> | undefined, "optional">;
352
- invitedByUserId: convex_values695.VId<convex_values695.GenericId<"User"> | undefined, "optional">;
353
- email: convex_values695.VString<string | undefined, "optional">;
354
- tokenHash: convex_values695.VString<string, "required">;
355
- role: convex_values695.VString<string | undefined, "optional">;
356
- roleIds: convex_values695.VArray<string[] | undefined, convex_values695.VString<string, "required">, "optional">;
357
- status: convex_values695.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values695.VLiteral<"pending", "required">, convex_values695.VLiteral<"accepted", "required">, convex_values695.VLiteral<"revoked", "required">, convex_values695.VLiteral<"expired", "required">], "required", never>;
358
- expiresTime: convex_values695.VFloat64<number | undefined, "optional">;
359
- acceptedByUserId: convex_values695.VId<convex_values695.GenericId<"User"> | undefined, "optional">;
360
- acceptedTime: convex_values695.VFloat64<number | undefined, "optional">;
361
- extend: convex_values695.VAny<any, "optional", string>;
362
- }, "required", "email" | "status" | "expiresTime" | "acceptedTime" | "extend" | "groupId" | "tokenHash" | "acceptedByUserId" | `extend.${string}` | "role" | "roleIds" | "invitedByUserId">, {
363
- token_hash: ["tokenHash", "_creationTime"];
364
- status: ["status", "_creationTime"];
365
- email_status: ["email", "status", "_creationTime"];
366
- invited_by_user_id_status: ["invitedByUserId", "status", "_creationTime"];
367
- group_id: ["groupId", "_creationTime"];
368
- group_id_status: ["groupId", "status", "_creationTime"];
369
- }, {}, {}>;
370
- /**
371
- * Enterprise configuration attached to a root group/organization.
372
- *
373
- * The `config` payload intentionally stays flexible so the headless enterprise
374
- * SDK can evolve without forcing schema churn for every protocol-specific
375
- * field addition.
376
- */
377
- Enterprise: convex_server66.TableDefinition<convex_values695.VObject<{
378
- name?: string | undefined;
379
- slug?: string | undefined;
380
- extend?: any;
381
- config?: any;
259
+ }[] | undefined;
382
260
  policy?: {
383
261
  extend?: any;
384
262
  version: 1;
@@ -389,6 +267,12 @@ declare const _default: convex_server66.SchemaDefinition<{
389
267
  };
390
268
  };
391
269
  provisioning: {
270
+ user: {
271
+ createOnSignIn: boolean;
272
+ updateProfileOnLogin: "never" | "missing" | "always";
273
+ updateProfileFromScim: "never" | "missing" | "always";
274
+ authority: "app" | "sso" | "scim";
275
+ };
392
276
  scimReuse: {
393
277
  user: "none" | "externalId";
394
278
  };
@@ -400,16 +284,37 @@ declare const _default: convex_server66.SchemaDefinition<{
400
284
  deprovision: {
401
285
  mode: "soft" | "hard";
402
286
  };
287
+ groups: {
288
+ mapping?: Record<string, string[]> | undefined;
289
+ mode: "ignore" | "sync";
290
+ source: "protocol";
291
+ };
292
+ roles: {
293
+ mapping?: Record<string, string[]> | undefined;
294
+ mode: "map" | "ignore";
295
+ source: "protocol";
296
+ };
403
297
  };
404
298
  } | undefined;
405
- status: "draft" | "active" | "disabled";
406
- groupId: convex_values695.GenericId<"Group">;
299
+ name: string;
407
300
  }, {
408
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
409
- slug: convex_values695.VString<string | undefined, "optional">;
410
- name: convex_values695.VString<string | undefined, "optional">;
411
- status: convex_values695.VUnion<"draft" | "active" | "disabled", [convex_values695.VLiteral<"draft", "required">, convex_values695.VLiteral<"active", "required">, convex_values695.VLiteral<"disabled", "required">], "required", never>;
412
- policy: convex_values695.VObject<{
301
+ name: convex_values87.VString<string, "required">;
302
+ slug: convex_values87.VString<string | undefined, "optional">;
303
+ type: convex_values87.VString<string | undefined, "optional">;
304
+ parentGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
305
+ rootGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
306
+ isRoot: convex_values87.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
307
+ tags: convex_values87.VArray<{
308
+ key: string;
309
+ value: string;
310
+ }[] | undefined, convex_values87.VObject<{
311
+ key: string;
312
+ value: string;
313
+ }, {
314
+ key: convex_values87.VString<string, "required">;
315
+ value: convex_values87.VString<string, "required">;
316
+ }, "required", "key" | "value">, "optional">;
317
+ policy: convex_values87.VObject<{
413
318
  extend?: any;
414
319
  version: 1;
415
320
  identity: {
@@ -419,6 +324,12 @@ declare const _default: convex_server66.SchemaDefinition<{
419
324
  };
420
325
  };
421
326
  provisioning: {
327
+ user: {
328
+ createOnSignIn: boolean;
329
+ updateProfileOnLogin: "never" | "missing" | "always";
330
+ updateProfileFromScim: "never" | "missing" | "always";
331
+ authority: "app" | "sso" | "scim";
332
+ };
422
333
  scimReuse: {
423
334
  user: "none" | "externalId";
424
335
  };
@@ -430,24 +341,40 @@ declare const _default: convex_server66.SchemaDefinition<{
430
341
  deprovision: {
431
342
  mode: "soft" | "hard";
432
343
  };
344
+ groups: {
345
+ mapping?: Record<string, string[]> | undefined;
346
+ mode: "ignore" | "sync";
347
+ source: "protocol";
348
+ };
349
+ roles: {
350
+ mapping?: Record<string, string[]> | undefined;
351
+ mode: "map" | "ignore";
352
+ source: "protocol";
353
+ };
433
354
  };
434
355
  } | undefined, {
435
- version: convex_values695.VLiteral<1, "required">;
436
- identity: convex_values695.VObject<{
356
+ version: convex_values87.VLiteral<1, "required">;
357
+ identity: convex_values87.VObject<{
437
358
  accountLinking: {
438
359
  oidc: "verifiedEmail" | "none";
439
360
  saml: "verifiedEmail" | "none";
440
361
  };
441
362
  }, {
442
- accountLinking: convex_values695.VObject<{
363
+ accountLinking: convex_values87.VObject<{
443
364
  oidc: "verifiedEmail" | "none";
444
365
  saml: "verifiedEmail" | "none";
445
366
  }, {
446
- oidc: convex_values695.VUnion<"verifiedEmail" | "none", [convex_values695.VLiteral<"verifiedEmail", "required">, convex_values695.VLiteral<"none", "required">], "required", never>;
447
- saml: convex_values695.VUnion<"verifiedEmail" | "none", [convex_values695.VLiteral<"verifiedEmail", "required">, convex_values695.VLiteral<"none", "required">], "required", never>;
367
+ oidc: convex_values87.VUnion<"verifiedEmail" | "none", [convex_values87.VLiteral<"verifiedEmail", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
368
+ saml: convex_values87.VUnion<"verifiedEmail" | "none", [convex_values87.VLiteral<"verifiedEmail", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
448
369
  }, "required", "oidc" | "saml">;
449
370
  }, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
450
- provisioning: convex_values695.VObject<{
371
+ provisioning: convex_values87.VObject<{
372
+ user: {
373
+ createOnSignIn: boolean;
374
+ updateProfileOnLogin: "never" | "missing" | "always";
375
+ updateProfileFromScim: "never" | "missing" | "always";
376
+ authority: "app" | "sso" | "scim";
377
+ };
451
378
  scimReuse: {
452
379
  user: "none" | "externalId";
453
380
  };
@@ -459,125 +386,277 @@ declare const _default: convex_server66.SchemaDefinition<{
459
386
  deprovision: {
460
387
  mode: "soft" | "hard";
461
388
  };
389
+ groups: {
390
+ mapping?: Record<string, string[]> | undefined;
391
+ mode: "ignore" | "sync";
392
+ source: "protocol";
393
+ };
394
+ roles: {
395
+ mapping?: Record<string, string[]> | undefined;
396
+ mode: "map" | "ignore";
397
+ source: "protocol";
398
+ };
462
399
  }, {
463
- scimReuse: convex_values695.VObject<{
400
+ user: convex_values87.VObject<{
401
+ createOnSignIn: boolean;
402
+ updateProfileOnLogin: "never" | "missing" | "always";
403
+ updateProfileFromScim: "never" | "missing" | "always";
404
+ authority: "app" | "sso" | "scim";
405
+ }, {
406
+ createOnSignIn: convex_values87.VBoolean<boolean, "required">;
407
+ updateProfileOnLogin: convex_values87.VUnion<"never" | "missing" | "always", [convex_values87.VLiteral<"never", "required">, convex_values87.VLiteral<"missing", "required">, convex_values87.VLiteral<"always", "required">], "required", never>;
408
+ updateProfileFromScim: convex_values87.VUnion<"never" | "missing" | "always", [convex_values87.VLiteral<"never", "required">, convex_values87.VLiteral<"missing", "required">, convex_values87.VLiteral<"always", "required">], "required", never>;
409
+ authority: convex_values87.VUnion<"app" | "sso" | "scim", [convex_values87.VLiteral<"app", "required">, convex_values87.VLiteral<"sso", "required">, convex_values87.VLiteral<"scim", "required">], "required", never>;
410
+ }, "required", "createOnSignIn" | "updateProfileOnLogin" | "updateProfileFromScim" | "authority">;
411
+ scimReuse: convex_values87.VObject<{
464
412
  user: "none" | "externalId";
465
413
  }, {
466
- user: convex_values695.VUnion<"none" | "externalId", [convex_values695.VLiteral<"externalId", "required">, convex_values695.VLiteral<"none", "required">], "required", never>;
414
+ user: convex_values87.VUnion<"none" | "externalId", [convex_values87.VLiteral<"externalId", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
467
415
  }, "required", "user">;
468
- jit: convex_values695.VObject<{
416
+ jit: convex_values87.VObject<{
469
417
  defaultRole?: string | undefined;
470
418
  defaultRoleIds?: string[] | undefined;
471
419
  mode: "off" | "createUser" | "createUserAndMembership";
472
420
  }, {
473
- mode: convex_values695.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values695.VLiteral<"off", "required">, convex_values695.VLiteral<"createUser", "required">, convex_values695.VLiteral<"createUserAndMembership", "required">], "required", never>;
474
- defaultRole: convex_values695.VString<string | undefined, "optional">;
475
- defaultRoleIds: convex_values695.VArray<string[] | undefined, convex_values695.VString<string, "required">, "optional">;
421
+ mode: convex_values87.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values87.VLiteral<"off", "required">, convex_values87.VLiteral<"createUser", "required">, convex_values87.VLiteral<"createUserAndMembership", "required">], "required", never>;
422
+ defaultRole: convex_values87.VString<string | undefined, "optional">;
423
+ defaultRoleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
476
424
  }, "required", "mode" | "defaultRole" | "defaultRoleIds">;
477
- deprovision: convex_values695.VObject<{
425
+ deprovision: convex_values87.VObject<{
478
426
  mode: "soft" | "hard";
479
427
  }, {
480
- mode: convex_values695.VUnion<"soft" | "hard", [convex_values695.VLiteral<"soft", "required">, convex_values695.VLiteral<"hard", "required">], "required", never>;
428
+ mode: convex_values87.VUnion<"soft" | "hard", [convex_values87.VLiteral<"soft", "required">, convex_values87.VLiteral<"hard", "required">], "required", never>;
481
429
  }, "required", "mode">;
482
- }, "required", "scimReuse" | "jit" | "deprovision" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode">;
483
- extend: convex_values695.VAny<any, "optional", string>;
484
- }, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode">;
485
- config: convex_values695.VAny<any, "optional", string>;
486
- extend: convex_values695.VAny<any, "optional", string>;
487
- }, "required", "name" | "slug" | "status" | "extend" | "config" | "groupId" | `extend.${string}` | "policy" | `config.${string}` | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode">, {
430
+ groups: convex_values87.VObject<{
431
+ mapping?: Record<string, string[]> | undefined;
432
+ mode: "ignore" | "sync";
433
+ source: "protocol";
434
+ }, {
435
+ mode: convex_values87.VUnion<"ignore" | "sync", [convex_values87.VLiteral<"ignore", "required">, convex_values87.VLiteral<"sync", "required">], "required", never>;
436
+ source: convex_values87.VLiteral<"protocol", "required">;
437
+ mapping: convex_values87.VRecord<Record<string, string[]> | undefined, convex_values87.VString<string, "required">, convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">, "optional", string>;
438
+ }, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
439
+ roles: convex_values87.VObject<{
440
+ mapping?: Record<string, string[]> | undefined;
441
+ mode: "map" | "ignore";
442
+ source: "protocol";
443
+ }, {
444
+ mode: convex_values87.VUnion<"map" | "ignore", [convex_values87.VLiteral<"ignore", "required">, convex_values87.VLiteral<"map", "required">], "required", never>;
445
+ source: convex_values87.VLiteral<"protocol", "required">;
446
+ mapping: convex_values87.VRecord<Record<string, string[]> | undefined, convex_values87.VString<string, "required">, convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">, "optional", string>;
447
+ }, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
448
+ }, "required", "user" | "scimReuse" | "jit" | "deprovision" | "groups" | "roles" | "user.createOnSignIn" | "user.updateProfileOnLogin" | "user.updateProfileFromScim" | "user.authority" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode" | "groups.mode" | "groups.source" | "groups.mapping" | `groups.mapping.${string}` | "roles.mode" | "roles.source" | "roles.mapping" | `roles.mapping.${string}`>;
449
+ extend: convex_values87.VAny<any, "optional", string>;
450
+ }, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.user" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.groups" | "provisioning.roles" | "provisioning.user.createOnSignIn" | "provisioning.user.updateProfileOnLogin" | "provisioning.user.updateProfileFromScim" | "provisioning.user.authority" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode" | "provisioning.groups.mode" | "provisioning.groups.source" | "provisioning.groups.mapping" | `provisioning.groups.mapping.${string}` | "provisioning.roles.mode" | "provisioning.roles.source" | "provisioning.roles.mapping" | `provisioning.roles.mapping.${string}`>;
451
+ extend: convex_values87.VAny<any, "optional", string>;
452
+ }, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags" | "policy" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.user" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.groups" | "policy.provisioning.roles" | "policy.provisioning.user.createOnSignIn" | "policy.provisioning.user.updateProfileOnLogin" | "policy.provisioning.user.updateProfileFromScim" | "policy.provisioning.user.authority" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | "policy.provisioning.groups.mode" | "policy.provisioning.groups.source" | "policy.provisioning.groups.mapping" | `policy.provisioning.groups.mapping.${string}` | "policy.provisioning.roles.mode" | "policy.provisioning.roles.source" | "policy.provisioning.roles.mapping" | `policy.provisioning.roles.mapping.${string}`>, {
453
+ slug: ["slug", "_creationTime"];
454
+ parent_group_id: ["parentGroupId", "_creationTime"];
455
+ root_group_id: ["rootGroupId", "_creationTime"];
456
+ is_root: ["isRoot", "_creationTime"];
457
+ type: ["type", "_creationTime"];
458
+ type_parent_group_id: ["type", "parentGroupId", "_creationTime"];
459
+ }, {}, {}>;
460
+ /**
461
+ * Denormalized group-tag index table for efficient tag-based filtering.
462
+ * Each row maps one `(key, value)` pair to a group. Kept in sync by
463
+ * `groupCreate`, `groupUpdate`, and `groupDelete`.
464
+ */
465
+ GroupTag: convex_server81.TableDefinition<convex_values87.VObject<{
466
+ key: string;
467
+ value: string;
468
+ group_id: convex_values87.GenericId<"Group">;
469
+ }, {
470
+ group_id: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
471
+ key: convex_values87.VString<string, "required">;
472
+ value: convex_values87.VString<string, "required">;
473
+ }, "required", "key" | "value" | "group_id">, {
474
+ by_group: ["group_id", "_creationTime"];
475
+ by_key_value: ["key", "value", "_creationTime"];
476
+ by_key: ["key", "_creationTime"];
477
+ }, {}, {}>;
478
+ /**
479
+ * Group membership. Links a user to a group with an application-defined
480
+ * role (e.g. "owner", "admin", "member", "viewer"). A user can be a
481
+ * member of multiple groups with different roles in each.
482
+ */
483
+ GroupMember: convex_server81.TableDefinition<convex_values87.VObject<{
484
+ status?: string | undefined;
485
+ extend?: any;
486
+ role?: string | undefined;
487
+ roleIds?: string[] | undefined;
488
+ userId: convex_values87.GenericId<"User">;
489
+ groupId: convex_values87.GenericId<"Group">;
490
+ }, {
491
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
492
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
493
+ role: convex_values87.VString<string | undefined, "optional">;
494
+ roleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
495
+ status: convex_values87.VString<string | undefined, "optional">;
496
+ extend: convex_values87.VAny<any, "optional", string>;
497
+ }, "required", "status" | "userId" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds">, {
498
+ group_id: ["groupId", "_creationTime"];
499
+ group_id_user_id: ["groupId", "userId", "_creationTime"];
500
+ group_id_status: ["groupId", "status", "_creationTime"];
501
+ user_id: ["userId", "_creationTime"];
502
+ }, {}, {}>;
503
+ /**
504
+ * Invitations. Tracks pending, accepted, revoked, and expired
505
+ * invitations. Optionally scoped to a group via `groupId`, or
506
+ * platform-level when `groupId` is omitted.
507
+ *
508
+ * `email` and `invitedByUserId` are optional to support CLI-generated
509
+ * invite links where neither is known upfront.
510
+ */
511
+ GroupInvite: convex_server81.TableDefinition<convex_values87.VObject<{
512
+ email?: string | undefined;
513
+ expiresTime?: number | undefined;
514
+ acceptedTime?: number | undefined;
515
+ extend?: any;
516
+ groupId?: convex_values87.GenericId<"Group"> | undefined;
517
+ role?: string | undefined;
518
+ roleIds?: string[] | undefined;
519
+ invitedByUserId?: convex_values87.GenericId<"User"> | undefined;
520
+ acceptedByUserId?: convex_values87.GenericId<"User"> | undefined;
521
+ status: "pending" | "accepted" | "revoked" | "expired";
522
+ tokenHash: string;
523
+ }, {
524
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">;
525
+ invitedByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
526
+ email: convex_values87.VString<string | undefined, "optional">;
527
+ tokenHash: convex_values87.VString<string, "required">;
528
+ role: convex_values87.VString<string | undefined, "optional">;
529
+ roleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
530
+ status: convex_values87.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"accepted", "required">, convex_values87.VLiteral<"revoked", "required">, convex_values87.VLiteral<"expired", "required">], "required", never>;
531
+ expiresTime: convex_values87.VFloat64<number | undefined, "optional">;
532
+ acceptedByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
533
+ acceptedTime: convex_values87.VFloat64<number | undefined, "optional">;
534
+ extend: convex_values87.VAny<any, "optional", string>;
535
+ }, "required", "email" | "status" | "expiresTime" | "acceptedTime" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "acceptedByUserId">, {
536
+ token_hash: ["tokenHash", "_creationTime"];
537
+ status: ["status", "_creationTime"];
538
+ email_status: ["email", "status", "_creationTime"];
539
+ invited_by_user_id_status: ["invitedByUserId", "status", "_creationTime"];
540
+ group_id: ["groupId", "_creationTime"];
541
+ group_id_status: ["groupId", "status", "_creationTime"];
542
+ }, {}, {}>;
543
+ /**
544
+ * Group Connection configuration attached to a root group/organization.
545
+ *
546
+ * The `config` payload intentionally stays flexible so the headless group connection
547
+ * SDK can evolve without forcing schema churn for every protocol-specific
548
+ * field addition.
549
+ */
550
+ GroupConnection: convex_server81.TableDefinition<convex_values87.VObject<{
551
+ name?: string | undefined;
552
+ slug?: string | undefined;
553
+ extend?: any;
554
+ config?: any;
555
+ status: "draft" | "active" | "disabled";
556
+ protocol: "oidc" | "saml";
557
+ groupId: convex_values87.GenericId<"Group">;
558
+ }, {
559
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
560
+ slug: convex_values87.VString<string | undefined, "optional">;
561
+ name: convex_values87.VString<string | undefined, "optional">;
562
+ protocol: convex_values87.VUnion<"oidc" | "saml", [convex_values87.VLiteral<"oidc", "required">, convex_values87.VLiteral<"saml", "required">], "required", never>;
563
+ status: convex_values87.VUnion<"draft" | "active" | "disabled", [convex_values87.VLiteral<"draft", "required">, convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
564
+ config: convex_values87.VAny<any, "optional", string>;
565
+ extend: convex_values87.VAny<any, "optional", string>;
566
+ }, "required", "name" | "slug" | "status" | "extend" | `extend.${string}` | "protocol" | "groupId" | "config" | `config.${string}`>, {
488
567
  group_id: ["groupId", "_creationTime"];
489
568
  slug: ["slug", "_creationTime"];
490
569
  status: ["status", "_creationTime"];
491
570
  }, {}, {}>;
492
571
  /**
493
- * Verified or pending domains linked to an enterprise record.
572
+ * Verified or pending domains linked to an group connection record.
494
573
  */
495
- EnterpriseDomain: convex_server66.TableDefinition<convex_values695.VObject<{
574
+ GroupConnectionDomain: convex_server81.TableDefinition<convex_values87.VObject<{
496
575
  verifiedAt?: number | undefined;
497
- groupId: convex_values695.GenericId<"Group">;
498
- enterpriseId: convex_values695.GenericId<"Enterprise">;
576
+ groupId: convex_values87.GenericId<"Group">;
577
+ connectionId: convex_values87.GenericId<"GroupConnection">;
499
578
  domain: string;
500
579
  isPrimary: boolean;
501
580
  }, {
502
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
503
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
504
- domain: convex_values695.VString<string, "required">;
505
- isPrimary: convex_values695.VBoolean<boolean, "required">;
506
- verifiedAt: convex_values695.VFloat64<number | undefined, "optional">;
507
- }, "required", "groupId" | "enterpriseId" | "domain" | "isPrimary" | "verifiedAt">, {
508
- enterprise_id: ["enterpriseId", "_creationTime"];
581
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
582
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
583
+ domain: convex_values87.VString<string, "required">;
584
+ isPrimary: convex_values87.VBoolean<boolean, "required">;
585
+ verifiedAt: convex_values87.VFloat64<number | undefined, "optional">;
586
+ }, "required", "groupId" | "connectionId" | "domain" | "isPrimary" | "verifiedAt">, {
587
+ connection_id: ["connectionId", "_creationTime"];
509
588
  group_id: ["groupId", "_creationTime"];
510
589
  domain: ["domain", "_creationTime"];
511
590
  }, {}, {}>;
512
591
  /**
513
- * Pending DNS TXT verification challenges for enterprise domains.
592
+ * Pending DNS TXT verification challenges for group connection domains.
514
593
  */
515
- EnterpriseDomainVerification: convex_server66.TableDefinition<convex_values695.VObject<{
594
+ GroupConnectionDomainVerification: convex_server81.TableDefinition<convex_values87.VObject<{
516
595
  expiresAt: number;
517
- groupId: convex_values695.GenericId<"Group">;
596
+ groupId: convex_values87.GenericId<"Group">;
518
597
  tokenHash: string;
519
- enterpriseId: convex_values695.GenericId<"Enterprise">;
598
+ connectionId: convex_values87.GenericId<"GroupConnection">;
520
599
  domain: string;
521
- domainId: convex_values695.GenericId<"EnterpriseDomain">;
600
+ domainId: convex_values87.GenericId<"GroupConnectionDomain">;
522
601
  recordName: string;
523
602
  token: string;
524
603
  requestedAt: number;
525
604
  }, {
526
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
527
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
528
- domainId: convex_values695.VId<convex_values695.GenericId<"EnterpriseDomain">, "required">;
529
- domain: convex_values695.VString<string, "required">;
530
- recordName: convex_values695.VString<string, "required">;
531
- token: convex_values695.VString<string, "required">;
532
- tokenHash: convex_values695.VString<string, "required">;
533
- requestedAt: convex_values695.VFloat64<number, "required">;
534
- expiresAt: convex_values695.VFloat64<number, "required">;
535
- }, "required", "expiresAt" | "groupId" | "tokenHash" | "enterpriseId" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
536
- enterprise_id: ["enterpriseId", "_creationTime"];
605
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
606
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
607
+ domainId: convex_values87.VId<convex_values87.GenericId<"GroupConnectionDomain">, "required">;
608
+ domain: convex_values87.VString<string, "required">;
609
+ recordName: convex_values87.VString<string, "required">;
610
+ token: convex_values87.VString<string, "required">;
611
+ tokenHash: convex_values87.VString<string, "required">;
612
+ requestedAt: convex_values87.VFloat64<number, "required">;
613
+ expiresAt: convex_values87.VFloat64<number, "required">;
614
+ }, "required", "expiresAt" | "groupId" | "tokenHash" | "connectionId" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
615
+ connection_id: ["connectionId", "_creationTime"];
537
616
  domain_id: ["domainId", "_creationTime"];
538
617
  token_hash: ["tokenHash", "_creationTime"];
539
618
  }, {}, {}>;
540
619
  /**
541
- * Encrypted enterprise secrets stored separately from protocol config.
620
+ * Encrypted group connection secrets stored separately from protocol config.
542
621
  */
543
- EnterpriseSecret: convex_server66.TableDefinition<convex_values695.VObject<{
544
- groupId: convex_values695.GenericId<"Group">;
545
- kind: "oidc_client_secret";
546
- enterpriseId: convex_values695.GenericId<"Enterprise">;
622
+ GroupConnectionSecret: convex_server81.TableDefinition<convex_values87.VObject<{
623
+ groupId: convex_values87.GenericId<"Group">;
624
+ connectionId: convex_values87.GenericId<"GroupConnection">;
547
625
  ciphertext: string;
548
626
  updatedAt: number;
627
+ kind: "oidc_client_secret";
549
628
  }, {
550
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
551
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
552
- kind: convex_values695.VUnion<"oidc_client_secret", [convex_values695.VLiteral<"oidc_client_secret", "required">], "required", never>;
553
- ciphertext: convex_values695.VString<string, "required">;
554
- updatedAt: convex_values695.VFloat64<number, "required">;
555
- }, "required", "groupId" | "kind" | "enterpriseId" | "ciphertext" | "updatedAt">, {
556
- enterprise_id: ["enterpriseId", "_creationTime"];
557
- enterprise_id_kind: ["enterpriseId", "kind", "_creationTime"];
629
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
630
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
631
+ kind: convex_values87.VUnion<"oidc_client_secret", [convex_values87.VLiteral<"oidc_client_secret", "required">], "required", never>;
632
+ ciphertext: convex_values87.VString<string, "required">;
633
+ updatedAt: convex_values87.VFloat64<number, "required">;
634
+ }, "required", "groupId" | "connectionId" | "ciphertext" | "updatedAt" | "kind">, {
635
+ connection_id: ["connectionId", "_creationTime"];
636
+ connection_id_kind: ["connectionId", "kind", "_creationTime"];
558
637
  group_id: ["groupId", "_creationTime"];
559
638
  }, {}, {}>;
560
639
  /**
561
- * SCIM configuration for an enterprise tenant.
640
+ * SCIM configuration for an group connection tenant.
562
641
  */
563
- EnterpriseScimConfig: convex_server66.TableDefinition<convex_values695.VObject<{
642
+ GroupConnectionScimConfig: convex_server81.TableDefinition<convex_values87.VObject<{
564
643
  extend?: any;
565
644
  lastRotatedAt?: number | undefined;
566
645
  status: "draft" | "active" | "disabled";
567
- groupId: convex_values695.GenericId<"Group">;
646
+ groupId: convex_values87.GenericId<"Group">;
568
647
  tokenHash: string;
569
- enterpriseId: convex_values695.GenericId<"Enterprise">;
648
+ connectionId: convex_values87.GenericId<"GroupConnection">;
570
649
  basePath: string;
571
650
  }, {
572
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
573
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
574
- status: convex_values695.VUnion<"draft" | "active" | "disabled", [convex_values695.VLiteral<"draft", "required">, convex_values695.VLiteral<"active", "required">, convex_values695.VLiteral<"disabled", "required">], "required", never>;
575
- basePath: convex_values695.VString<string, "required">;
576
- tokenHash: convex_values695.VString<string, "required">;
577
- lastRotatedAt: convex_values695.VFloat64<number | undefined, "optional">;
578
- extend: convex_values695.VAny<any, "optional", string>;
579
- }, "required", "status" | "extend" | "groupId" | "tokenHash" | `extend.${string}` | "enterpriseId" | "basePath" | "lastRotatedAt">, {
580
- enterprise_id: ["enterpriseId", "_creationTime"];
651
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
652
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
653
+ status: convex_values87.VUnion<"draft" | "active" | "disabled", [convex_values87.VLiteral<"draft", "required">, convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
654
+ basePath: convex_values87.VString<string, "required">;
655
+ tokenHash: convex_values87.VString<string, "required">;
656
+ lastRotatedAt: convex_values87.VFloat64<number | undefined, "optional">;
657
+ extend: convex_values87.VAny<any, "optional", string>;
658
+ }, "required", "status" | "extend" | `extend.${string}` | "groupId" | "tokenHash" | "connectionId" | "basePath" | "lastRotatedAt">, {
659
+ group_connection_id: ["connectionId", "_creationTime"];
581
660
  group_id: ["groupId", "_creationTime"];
582
661
  token_hash: ["tokenHash", "_creationTime"];
583
662
  status: ["status", "_creationTime"];
@@ -585,129 +664,129 @@ declare const _default: convex_server66.SchemaDefinition<{
585
664
  /**
586
665
  * External SCIM identities mapped into local users/groups.
587
666
  */
588
- EnterpriseScimIdentity: convex_server66.TableDefinition<convex_values695.VObject<{
589
- userId?: convex_values695.GenericId<"User"> | undefined;
667
+ GroupConnectionScimIdentity: convex_server81.TableDefinition<convex_values87.VObject<{
668
+ userId?: convex_values87.GenericId<"User"> | undefined;
590
669
  active?: boolean | undefined;
591
- mappedGroupId?: convex_values695.GenericId<"Group"> | undefined;
670
+ mappedGroupId?: convex_values87.GenericId<"Group"> | undefined;
592
671
  lastProvisionedAt?: number | undefined;
593
672
  raw?: any;
594
- groupId: convex_values695.GenericId<"Group">;
595
673
  externalId: string;
596
- enterpriseId: convex_values695.GenericId<"Enterprise">;
674
+ groupId: convex_values87.GenericId<"Group">;
675
+ connectionId: convex_values87.GenericId<"GroupConnection">;
597
676
  resourceType: "user" | "group";
598
677
  }, {
599
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
600
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
601
- resourceType: convex_values695.VUnion<"user" | "group", [convex_values695.VLiteral<"user", "required">, convex_values695.VLiteral<"group", "required">], "required", never>;
602
- externalId: convex_values695.VString<string, "required">;
603
- userId: convex_values695.VId<convex_values695.GenericId<"User"> | undefined, "optional">;
604
- mappedGroupId: convex_values695.VId<convex_values695.GenericId<"Group"> | undefined, "optional">;
605
- lastProvisionedAt: convex_values695.VFloat64<number | undefined, "optional">;
606
- active: convex_values695.VBoolean<boolean | undefined, "optional">;
607
- raw: convex_values695.VAny<any, "optional", string>;
608
- }, "required", "userId" | "groupId" | "active" | "externalId" | "enterpriseId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
609
- enterprise_id: ["enterpriseId", "_creationTime"];
678
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
679
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
680
+ resourceType: convex_values87.VUnion<"user" | "group", [convex_values87.VLiteral<"user", "required">, convex_values87.VLiteral<"group", "required">], "required", never>;
681
+ externalId: convex_values87.VString<string, "required">;
682
+ userId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
683
+ mappedGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">;
684
+ lastProvisionedAt: convex_values87.VFloat64<number | undefined, "optional">;
685
+ active: convex_values87.VBoolean<boolean | undefined, "optional">;
686
+ raw: convex_values87.VAny<any, "optional", string>;
687
+ }, "required", "userId" | "externalId" | "groupId" | "active" | "connectionId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
688
+ group_connection_id: ["connectionId", "_creationTime"];
610
689
  group_id: ["groupId", "_creationTime"];
611
- enterprise_id_resource_type_external_id: ["enterpriseId", "resourceType", "externalId", "_creationTime"];
612
- enterprise_id_user_id: ["enterpriseId", "userId", "_creationTime"];
690
+ group_connection_id_resource_type_external_id: ["connectionId", "resourceType", "externalId", "_creationTime"];
691
+ group_connection_id_user_id: ["connectionId", "userId", "_creationTime"];
613
692
  user_id: ["userId", "_creationTime"];
614
693
  mapped_group_id: ["mappedGroupId", "_creationTime"];
615
694
  }, {}, {}>;
616
695
  /**
617
- * Immutable audit trail for enterprise operations.
696
+ * Immutable audit trail for group connection operations.
618
697
  */
619
- EnterpriseAuditEvent: convex_server66.TableDefinition<convex_values695.VObject<{
698
+ GroupAuditEvent: convex_server81.TableDefinition<convex_values87.VObject<{
620
699
  metadata?: any;
700
+ connectionId?: convex_values87.GenericId<"GroupConnection"> | undefined;
621
701
  actorId?: string | undefined;
622
702
  subjectId?: string | undefined;
623
703
  requestId?: string | undefined;
624
704
  ip?: string | undefined;
625
705
  status: "success" | "failure";
626
- groupId: convex_values695.GenericId<"Group">;
627
- enterpriseId: convex_values695.GenericId<"Enterprise">;
628
- actorType: "user" | "system" | "scim" | "api_key" | "webhook";
706
+ groupId: convex_values87.GenericId<"Group">;
707
+ actorType: "user" | "scim" | "system" | "api_key" | "webhook";
629
708
  eventType: string;
630
709
  subjectType: string;
631
710
  occurredAt: number;
632
711
  }, {
633
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
634
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
635
- eventType: convex_values695.VString<string, "required">;
636
- actorType: convex_values695.VUnion<"user" | "system" | "scim" | "api_key" | "webhook", [convex_values695.VLiteral<"user", "required">, convex_values695.VLiteral<"system", "required">, convex_values695.VLiteral<"scim", "required">, convex_values695.VLiteral<"api_key", "required">, convex_values695.VLiteral<"webhook", "required">], "required", never>;
637
- actorId: convex_values695.VString<string | undefined, "optional">;
638
- subjectType: convex_values695.VString<string, "required">;
639
- subjectId: convex_values695.VString<string | undefined, "optional">;
640
- status: convex_values695.VUnion<"success" | "failure", [convex_values695.VLiteral<"success", "required">, convex_values695.VLiteral<"failure", "required">], "required", never>;
641
- occurredAt: convex_values695.VFloat64<number, "required">;
642
- requestId: convex_values695.VString<string | undefined, "optional">;
643
- ip: convex_values695.VString<string | undefined, "optional">;
644
- metadata: convex_values695.VAny<any, "optional", string>;
645
- }, "required", "status" | "metadata" | `metadata.${string}` | "groupId" | "enterpriseId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip">, {
646
- enterprise_id_occurred_at: ["enterpriseId", "occurredAt", "_creationTime"];
712
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection"> | undefined, "optional">;
713
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
714
+ eventType: convex_values87.VString<string, "required">;
715
+ actorType: convex_values87.VUnion<"user" | "scim" | "system" | "api_key" | "webhook", [convex_values87.VLiteral<"user", "required">, convex_values87.VLiteral<"system", "required">, convex_values87.VLiteral<"scim", "required">, convex_values87.VLiteral<"api_key", "required">, convex_values87.VLiteral<"webhook", "required">], "required", never>;
716
+ actorId: convex_values87.VString<string | undefined, "optional">;
717
+ subjectType: convex_values87.VString<string, "required">;
718
+ subjectId: convex_values87.VString<string | undefined, "optional">;
719
+ status: convex_values87.VUnion<"success" | "failure", [convex_values87.VLiteral<"success", "required">, convex_values87.VLiteral<"failure", "required">], "required", never>;
720
+ occurredAt: convex_values87.VFloat64<number, "required">;
721
+ requestId: convex_values87.VString<string | undefined, "optional">;
722
+ ip: convex_values87.VString<string | undefined, "optional">;
723
+ metadata: convex_values87.VAny<any, "optional", string>;
724
+ }, "required", "status" | "metadata" | `metadata.${string}` | "groupId" | "connectionId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip">, {
725
+ group_connection_id_occurred_at: ["connectionId", "occurredAt", "_creationTime"];
647
726
  group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
648
727
  event_type_occurred_at: ["eventType", "occurredAt", "_creationTime"];
649
728
  }, {}, {}>;
650
729
  /**
651
- * Webhook endpoints subscribed to enterprise audit and lifecycle events.
730
+ * Webhook endpoints subscribed to group audit and lifecycle events.
652
731
  */
653
- EnterpriseWebhookEndpoint: convex_server66.TableDefinition<convex_values695.VObject<{
732
+ GroupWebhookEndpoint: convex_server81.TableDefinition<convex_values87.VObject<{
654
733
  extend?: any;
655
- createdByUserId?: convex_values695.GenericId<"User"> | undefined;
734
+ createdByUserId?: convex_values87.GenericId<"User"> | undefined;
656
735
  lastSuccessAt?: number | undefined;
657
736
  lastFailureAt?: number | undefined;
658
737
  status: "active" | "disabled";
659
- groupId: convex_values695.GenericId<"Group">;
660
- enterpriseId: convex_values695.GenericId<"Enterprise">;
738
+ groupId: convex_values87.GenericId<"Group">;
739
+ connectionId: convex_values87.GenericId<"GroupConnection">;
661
740
  url: string;
662
741
  secretHash: string;
663
742
  subscriptions: string[];
664
743
  failureCount: number;
665
744
  }, {
666
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
667
- groupId: convex_values695.VId<convex_values695.GenericId<"Group">, "required">;
668
- url: convex_values695.VString<string, "required">;
669
- status: convex_values695.VUnion<"active" | "disabled", [convex_values695.VLiteral<"active", "required">, convex_values695.VLiteral<"disabled", "required">], "required", never>;
670
- secretHash: convex_values695.VString<string, "required">;
671
- subscriptions: convex_values695.VArray<string[], convex_values695.VString<string, "required">, "required">;
672
- createdByUserId: convex_values695.VId<convex_values695.GenericId<"User"> | undefined, "optional">;
673
- lastSuccessAt: convex_values695.VFloat64<number | undefined, "optional">;
674
- lastFailureAt: convex_values695.VFloat64<number | undefined, "optional">;
675
- failureCount: convex_values695.VFloat64<number, "required">;
676
- extend: convex_values695.VAny<any, "optional", string>;
677
- }, "required", "status" | "extend" | "groupId" | `extend.${string}` | "enterpriseId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
678
- enterprise_id: ["enterpriseId", "_creationTime"];
745
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
746
+ groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
747
+ url: convex_values87.VString<string, "required">;
748
+ status: convex_values87.VUnion<"active" | "disabled", [convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
749
+ secretHash: convex_values87.VString<string, "required">;
750
+ subscriptions: convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">;
751
+ createdByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
752
+ lastSuccessAt: convex_values87.VFloat64<number | undefined, "optional">;
753
+ lastFailureAt: convex_values87.VFloat64<number | undefined, "optional">;
754
+ failureCount: convex_values87.VFloat64<number, "required">;
755
+ extend: convex_values87.VAny<any, "optional", string>;
756
+ }, "required", "status" | "extend" | `extend.${string}` | "groupId" | "connectionId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
757
+ group_connection_id: ["connectionId", "_creationTime"];
679
758
  group_id: ["groupId", "_creationTime"];
680
759
  status: ["status", "_creationTime"];
681
760
  }, {}, {}>;
682
761
  /**
683
- * Delivery queue for outbound enterprise webhooks.
762
+ * Delivery queue for outbound group webhooks.
684
763
  */
685
- EnterpriseWebhookDelivery: convex_server66.TableDefinition<convex_values695.VObject<{
686
- auditEventId?: convex_values695.GenericId<"EnterpriseAuditEvent"> | undefined;
764
+ GroupWebhookDelivery: convex_server81.TableDefinition<convex_values87.VObject<{
765
+ auditEventId?: convex_values87.GenericId<"GroupAuditEvent"> | undefined;
687
766
  lastAttemptAt?: number | undefined;
688
767
  lastResponseStatus?: number | undefined;
689
768
  lastError?: string | undefined;
690
769
  status: "pending" | "processing" | "delivered" | "failed";
691
- enterpriseId: convex_values695.GenericId<"Enterprise">;
770
+ connectionId: convex_values87.GenericId<"GroupConnection">;
692
771
  eventType: string;
693
- endpointId: convex_values695.GenericId<"EnterpriseWebhookEndpoint">;
772
+ endpointId: convex_values87.GenericId<"GroupWebhookEndpoint">;
694
773
  attemptCount: number;
695
774
  nextAttemptAt: number;
696
775
  payload: any;
697
776
  }, {
698
- enterpriseId: convex_values695.VId<convex_values695.GenericId<"Enterprise">, "required">;
699
- endpointId: convex_values695.VId<convex_values695.GenericId<"EnterpriseWebhookEndpoint">, "required">;
700
- auditEventId: convex_values695.VId<convex_values695.GenericId<"EnterpriseAuditEvent"> | undefined, "optional">;
701
- eventType: convex_values695.VString<string, "required">;
702
- status: convex_values695.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values695.VLiteral<"pending", "required">, convex_values695.VLiteral<"processing", "required">, convex_values695.VLiteral<"delivered", "required">, convex_values695.VLiteral<"failed", "required">], "required", never>;
703
- attemptCount: convex_values695.VFloat64<number, "required">;
704
- nextAttemptAt: convex_values695.VFloat64<number, "required">;
705
- lastAttemptAt: convex_values695.VFloat64<number | undefined, "optional">;
706
- lastResponseStatus: convex_values695.VFloat64<number | undefined, "optional">;
707
- lastError: convex_values695.VString<string | undefined, "optional">;
708
- payload: convex_values695.VAny<any, "required", string>;
709
- }, "required", "status" | "enterpriseId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
710
- enterprise_id: ["enterpriseId", "_creationTime"];
777
+ connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
778
+ endpointId: convex_values87.VId<convex_values87.GenericId<"GroupWebhookEndpoint">, "required">;
779
+ auditEventId: convex_values87.VId<convex_values87.GenericId<"GroupAuditEvent"> | undefined, "optional">;
780
+ eventType: convex_values87.VString<string, "required">;
781
+ status: convex_values87.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"processing", "required">, convex_values87.VLiteral<"delivered", "required">, convex_values87.VLiteral<"failed", "required">], "required", never>;
782
+ attemptCount: convex_values87.VFloat64<number, "required">;
783
+ nextAttemptAt: convex_values87.VFloat64<number, "required">;
784
+ lastAttemptAt: convex_values87.VFloat64<number | undefined, "optional">;
785
+ lastResponseStatus: convex_values87.VFloat64<number | undefined, "optional">;
786
+ lastError: convex_values87.VString<string | undefined, "optional">;
787
+ payload: convex_values87.VAny<any, "required", string>;
788
+ }, "required", "status" | "connectionId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
789
+ group_connection_id: ["connectionId", "_creationTime"];
711
790
  status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
712
791
  endpoint_id_status: ["endpointId", "status", "_creationTime"];
713
792
  audit_event_id: ["auditEventId", "_creationTime"];
@@ -725,7 +804,7 @@ declare const _default: convex_server66.SchemaDefinition<{
725
804
  * - **Expiration**: optional TTL
726
805
  * - **Soft revocation**: `revoked` flag preserves audit trail
727
806
  */
728
- ApiKey: convex_server66.TableDefinition<convex_values695.VObject<{
807
+ ApiKey: convex_server81.TableDefinition<convex_values87.VObject<{
729
808
  lastUsedAt?: number | undefined;
730
809
  expiresAt?: number | undefined;
731
810
  rateLimit?: {
@@ -739,7 +818,7 @@ declare const _default: convex_server66.SchemaDefinition<{
739
818
  metadata?: any;
740
819
  name: string;
741
820
  revoked: boolean;
742
- userId: convex_values695.GenericId<"User">;
821
+ userId: convex_values87.GenericId<"User">;
743
822
  prefix: string;
744
823
  hashedKey: string;
745
824
  scopes: {
@@ -748,39 +827,39 @@ declare const _default: convex_server66.SchemaDefinition<{
748
827
  }[];
749
828
  createdAt: number;
750
829
  }, {
751
- userId: convex_values695.VId<convex_values695.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
752
- prefix: convex_values695.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
753
- hashedKey: convex_values695.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
754
- name: convex_values695.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
755
- scopes: convex_values695.VArray<{
830
+ userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
831
+ prefix: convex_values87.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
832
+ hashedKey: convex_values87.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
833
+ name: convex_values87.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
834
+ scopes: convex_values87.VArray<{
756
835
  resource: string;
757
836
  actions: string[];
758
- }[], convex_values695.VObject<{
837
+ }[], convex_values87.VObject<{
759
838
  resource: string;
760
839
  actions: string[];
761
840
  }, {
762
- resource: convex_values695.VString<string, "required">;
763
- actions: convex_values695.VArray<string[], convex_values695.VString<string, "required">, "required">;
841
+ resource: convex_values87.VString<string, "required">;
842
+ actions: convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">;
764
843
  }, "required", "resource" | "actions">, "required">; /** Optional per-key rate limit configuration. */
765
- rateLimit: convex_values695.VObject<{
844
+ rateLimit: convex_values87.VObject<{
766
845
  maxRequests: number;
767
846
  windowMs: number;
768
847
  } | undefined, {
769
- maxRequests: convex_values695.VFloat64<number, "required">;
770
- windowMs: convex_values695.VFloat64<number, "required">;
848
+ maxRequests: convex_values87.VFloat64<number, "required">;
849
+ windowMs: convex_values87.VFloat64<number, "required">;
771
850
  }, "optional", "maxRequests" | "windowMs">; /** Rate limit state tracking (token-bucket). */
772
- rateLimitState: convex_values695.VObject<{
851
+ rateLimitState: convex_values87.VObject<{
773
852
  attemptsLeft: number;
774
853
  lastAttemptTime: number;
775
854
  } | undefined, {
776
- attemptsLeft: convex_values695.VFloat64<number, "required">;
777
- lastAttemptTime: convex_values695.VFloat64<number, "required">;
855
+ attemptsLeft: convex_values87.VFloat64<number, "required">;
856
+ lastAttemptTime: convex_values87.VFloat64<number, "required">;
778
857
  }, "optional", "attemptsLeft" | "lastAttemptTime">; /** Expiration timestamp. Null/undefined = never expires. */
779
- expiresAt: convex_values695.VFloat64<number | undefined, "optional">;
780
- lastUsedAt: convex_values695.VFloat64<number | undefined, "optional">;
781
- createdAt: convex_values695.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
782
- revoked: convex_values695.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
783
- metadata: convex_values695.VAny<any, "optional", string>;
858
+ expiresAt: convex_values87.VFloat64<number | undefined, "optional">;
859
+ lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
860
+ createdAt: convex_values87.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
861
+ revoked: convex_values87.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
862
+ metadata: convex_values87.VAny<any, "optional", string>;
784
863
  }, "required", "name" | "revoked" | "lastUsedAt" | "expiresAt" | "userId" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "createdAt" | "metadata" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | `metadata.${string}`>, {
785
864
  user_id: ["userId", "_creationTime"];
786
865
  hashed_key: ["hashedKey", "_creationTime"];