@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,114 +0,0 @@
1
- declare namespace limits_d_exports {
2
- export { rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch };
3
- }
4
- /**
5
- * Look up a rate limit entry by its string identifier.
6
- *
7
- * Queries the `RateLimit` table using the `by_identifier` unique index.
8
- * Returns the rate limit state with camelCase field names (`attemptsLeft`,
9
- * `lastAttemptTime`) mapped from the snake_case storage format. Used to
10
- * check whether an action should be allowed or throttled.
11
- *
12
- * @param identifier - Unique string identifying the rate limit bucket
13
- * (e.g. `"login:user@example.com"` or `"api:sk_live_abc123"`).
14
- * @returns The rate limit state object (including `attemptsLeft` and
15
- * `lastAttemptTime`), or `null` if no entry exists for the identifier.
16
- *
17
- * @example
18
- * ```ts
19
- * const limit = await ctx.runQuery(
20
- * components.auth.security.limits.rateLimitGet,
21
- * { identifier: `login:${email}` },
22
- * );
23
- * if (limit !== null && limit.attemptsLeft <= 0) {
24
- * throw new Error("Too many login attempts. Please try again later.");
25
- * }
26
- * ```
27
- */
28
- declare const rateLimitGet: any;
29
- /**
30
- * Create a new rate limit entry in the `RateLimit` table.
31
- *
32
- * Initializes a rate limit bucket for a given identifier. The entry
33
- * tracks remaining attempts and the timestamp of the last attempt,
34
- * storing them in snake_case format internally. Call this when the
35
- * first rate-limited action occurs for an identifier that does not
36
- * yet have an entry.
37
- *
38
- * @param identifier - Unique string identifying the rate limit bucket
39
- * (e.g. `"login:user@example.com"` or `"otp:+15551234567"`).
40
- * @param attemptsLeft - Number of remaining attempts before the action
41
- * is throttled.
42
- * @param lastAttemptTime - Unix timestamp (in milliseconds) of the
43
- * initial attempt.
44
- * @returns The `_id` of the newly created `RateLimit` document.
45
- *
46
- * @example
47
- * ```ts
48
- * const rateLimitId = await ctx.runMutation(
49
- * components.auth.security.limits.rateLimitCreate,
50
- * {
51
- * identifier: `login:${email}`,
52
- * attemptsLeft: 4, // 5 max minus this attempt
53
- * lastAttemptTime: Date.now(),
54
- * },
55
- * );
56
- * ```
57
- */
58
- declare const rateLimitCreate: any;
59
- /**
60
- * Patch a rate limit entry with partial data.
61
- *
62
- * Updates an existing `RateLimit` document with the provided fields.
63
- * Automatically maps camelCase field names (`attemptsLeft`,
64
- * `lastAttemptTime`) to the snake_case storage format before writing.
65
- * Typically called to decrement remaining attempts or to reset the
66
- * bucket after a cooldown window has elapsed.
67
- *
68
- * @param rateLimitId - The `_id` of the `RateLimit` document to update.
69
- * @param data - An object containing the fields to patch. Supports
70
- * camelCase names which are transparently converted:
71
- * - `attemptsLeft` -- Updated number of remaining attempts.
72
- * - `lastAttemptTime` -- Updated timestamp of the most recent attempt.
73
- * @returns `null` on success.
74
- *
75
- * @example
76
- * ```ts
77
- * // Decrement attempts after a failed login
78
- * await ctx.runMutation(
79
- * components.auth.security.limits.rateLimitPatch,
80
- * {
81
- * rateLimitId: limit._id,
82
- * data: {
83
- * attemptsLeft: limit.attemptsLeft - 1,
84
- * lastAttemptTime: Date.now(),
85
- * },
86
- * },
87
- * );
88
- * ```
89
- */
90
- declare const rateLimitPatch: any;
91
- /**
92
- * Delete a rate limit entry from the `RateLimit` table.
93
- *
94
- * Permanently removes the rate limit bucket. This effectively resets
95
- * rate limiting for the associated identifier, allowing the next
96
- * action to proceed without throttling. Useful for administrative
97
- * resets or cleanup of expired buckets.
98
- *
99
- * @param rateLimitId - The `_id` of the `RateLimit` document to delete.
100
- * @returns `null` on success.
101
- *
102
- * @example
103
- * ```ts
104
- * // Admin resets a user's login rate limit
105
- * await ctx.runMutation(
106
- * components.auth.security.limits.rateLimitDelete,
107
- * { rateLimitId: limit._id },
108
- * );
109
- * ```
110
- */
111
- declare const rateLimitDelete: any;
112
- //#endregion
113
- export { limits_d_exports, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch };
114
- //# sourceMappingURL=limits.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"limits.d.ts","names":[],"sources":["../../../../src/component/public/security/limits.ts"],"mappings":";;;;;;;;;;;;AA6BA;;;;;AAgDA;;;;;AA+CA;;;;;cA/Fa,YAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAgDA,eAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA+CA,cAAA;;;;;;;;;;;;;;;;;;;;;cAsCA,eAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"limits.js","names":[],"sources":["../../../../src/component/public/security/limits.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vRateLimitResult } from \"../../model\";\n\n/**\n * Look up a rate limit entry by its string identifier.\n *\n * Queries the `RateLimit` table using the `by_identifier` unique index.\n * Returns the rate limit state with camelCase field names (`attemptsLeft`,\n * `lastAttemptTime`) mapped from the snake_case storage format. Used to\n * check whether an action should be allowed or throttled.\n *\n * @param identifier - Unique string identifying the rate limit bucket\n * (e.g. `\"login:user@example.com\"` or `\"api:sk_live_abc123\"`).\n * @returns The rate limit state object (including `attemptsLeft` and\n * `lastAttemptTime`), or `null` if no entry exists for the identifier.\n *\n * @example\n * ```ts\n * const limit = await ctx.runQuery(\n * components.auth.security.limits.rateLimitGet,\n * { identifier: `login:${email}` },\n * );\n * if (limit !== null && limit.attemptsLeft <= 0) {\n * throw new Error(\"Too many login attempts. Please try again later.\");\n * }\n * ```\n */\nexport const rateLimitGet = query({\n args: { identifier: v.string() },\n returns: v.union(vRateLimitResult, v.null()),\n handler: async (ctx, { identifier }) => {\n const row = await ctx.db\n .query(\"RateLimit\")\n .withIndex(\"by_identifier\", (q) => q.eq(\"identifier\", identifier))\n .unique();\n if (row === null) {\n return null;\n }\n return {\n ...row,\n attemptsLeft: row.attempts_left,\n lastAttemptTime: row.last_attempt_time,\n };\n },\n});\n\n/**\n * Create a new rate limit entry in the `RateLimit` table.\n *\n * Initializes a rate limit bucket for a given identifier. The entry\n * tracks remaining attempts and the timestamp of the last attempt,\n * storing them in snake_case format internally. Call this when the\n * first rate-limited action occurs for an identifier that does not\n * yet have an entry.\n *\n * @param identifier - Unique string identifying the rate limit bucket\n * (e.g. `\"login:user@example.com\"` or `\"otp:+15551234567\"`).\n * @param attemptsLeft - Number of remaining attempts before the action\n * is throttled.\n * @param lastAttemptTime - Unix timestamp (in milliseconds) of the\n * initial attempt.\n * @returns The `_id` of the newly created `RateLimit` document.\n *\n * @example\n * ```ts\n * const rateLimitId = await ctx.runMutation(\n * components.auth.security.limits.rateLimitCreate,\n * {\n * identifier: `login:${email}`,\n * attemptsLeft: 4, // 5 max minus this attempt\n * lastAttemptTime: Date.now(),\n * },\n * );\n * ```\n */\nexport const rateLimitCreate = mutation({\n args: {\n identifier: v.string(),\n attemptsLeft: v.number(),\n lastAttemptTime: v.number(),\n },\n returns: v.id(\"RateLimit\"),\n handler: async (ctx, { identifier, attemptsLeft, lastAttemptTime }) => {\n return await ctx.db.insert(\"RateLimit\", {\n identifier,\n attempts_left: attemptsLeft,\n last_attempt_time: lastAttemptTime,\n });\n },\n});\n\n/**\n * Patch a rate limit entry with partial data.\n *\n * Updates an existing `RateLimit` document with the provided fields.\n * Automatically maps camelCase field names (`attemptsLeft`,\n * `lastAttemptTime`) to the snake_case storage format before writing.\n * Typically called to decrement remaining attempts or to reset the\n * bucket after a cooldown window has elapsed.\n *\n * @param rateLimitId - The `_id` of the `RateLimit` document to update.\n * @param data - An object containing the fields to patch. Supports\n * camelCase names which are transparently converted:\n * - `attemptsLeft` -- Updated number of remaining attempts.\n * - `lastAttemptTime` -- Updated timestamp of the most recent attempt.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Decrement attempts after a failed login\n * await ctx.runMutation(\n * components.auth.security.limits.rateLimitPatch,\n * {\n * rateLimitId: limit._id,\n * data: {\n * attemptsLeft: limit.attemptsLeft - 1,\n * lastAttemptTime: Date.now(),\n * },\n * },\n * );\n * ```\n */\nexport const rateLimitPatch = mutation({\n args: { rateLimitId: v.id(\"RateLimit\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { rateLimitId, data }) => {\n const nextData: Record<string, unknown> = { ...data };\n if (nextData.attemptsLeft !== undefined) {\n nextData.attempts_left = nextData.attemptsLeft;\n delete nextData.attemptsLeft;\n }\n if (nextData.lastAttemptTime !== undefined) {\n nextData.last_attempt_time = nextData.lastAttemptTime;\n delete nextData.lastAttemptTime;\n }\n await ctx.db.patch(\"RateLimit\", rateLimitId, nextData);\n return null;\n },\n});\n\n/**\n * Delete a rate limit entry from the `RateLimit` table.\n *\n * Permanently removes the rate limit bucket. This effectively resets\n * rate limiting for the associated identifier, allowing the next\n * action to proceed without throttling. Useful for administrative\n * resets or cleanup of expired buckets.\n *\n * @param rateLimitId - The `_id` of the `RateLimit` document to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Admin resets a user's login rate limit\n * await ctx.runMutation(\n * components.auth.security.limits.rateLimitDelete,\n * { rateLimitId: limit._id },\n * );\n * ```\n */\nexport const rateLimitDelete = mutation({\n args: { rateLimitId: v.id(\"RateLimit\") },\n returns: v.null(),\n handler: async (ctx, { rateLimitId }) => {\n await ctx.db.delete(\"RateLimit\", rateLimitId);\n return null;\n },\n});\n\n// ============================================================================\n// Device Authorization (RFC 8628)\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BA,MAAa,eAAe,MAAM;CAChC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,iBAAiB;EACtC,MAAM,MAAM,MAAM,IAAI,GACnB,MAAM,YAAY,CAClB,UAAU,kBAAkB,MAAM,EAAE,GAAG,cAAc,WAAW,CAAC,CACjE,QAAQ;AACX,MAAI,QAAQ,KACV,QAAO;AAET,SAAO;GACL,GAAG;GACH,cAAc,IAAI;GAClB,iBAAiB,IAAI;GACtB;;CAEJ,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BF,MAAa,kBAAkB,SAAS;CACtC,MAAM;EACJ,YAAY,EAAE,QAAQ;EACtB,cAAc,EAAE,QAAQ;EACxB,iBAAiB,EAAE,QAAQ;EAC5B;CACD,SAAS,EAAE,GAAG,YAAY;CAC1B,SAAS,OAAO,KAAK,EAAE,YAAY,cAAc,sBAAsB;AACrE,SAAO,MAAM,IAAI,GAAG,OAAO,aAAa;GACtC;GACA,eAAe;GACf,mBAAmB;GACpB,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiCF,MAAa,iBAAiB,SAAS;CACrC,MAAM;EAAE,aAAa,EAAE,GAAG,YAAY;EAAE,MAAM,EAAE,KAAK;EAAE;CACvD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa,WAAW;EAC7C,MAAM,WAAoC,EAAE,GAAG,MAAM;AACrD,MAAI,SAAS,iBAAiB,QAAW;AACvC,YAAS,gBAAgB,SAAS;AAClC,UAAO,SAAS;;AAElB,MAAI,SAAS,oBAAoB,QAAW;AAC1C,YAAS,oBAAoB,SAAS;AACtC,UAAO,SAAS;;AAElB,QAAM,IAAI,GAAG,MAAM,aAAa,aAAa,SAAS;AACtD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,kBAAkB,SAAS;CACtC,MAAM,EAAE,aAAa,EAAE,GAAG,YAAY,EAAE;CACxC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,kBAAkB;AACvC,QAAM,IAAI,GAAG,OAAO,aAAa,YAAY;AAC7C,SAAO;;CAEV,CAAC"}
@@ -1,28 +0,0 @@
1
- import { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch } from "./public/identity/accounts.js";
2
- import { deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled } from "./public/factors/devices.js";
3
- import { enterpriseAuditEventCreate, enterpriseAuditEventList } from "./public/enterprise/audit.js";
4
- import { enterpriseCreate, enterpriseDelete, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseUpdate } from "./public/enterprise/core.js";
5
- import { enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify } from "./public/enterprise/domains.js";
6
- import { enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert } from "./public/enterprise/scim.js";
7
- import { enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert } from "./public/enterprise/secrets.js";
8
- import { enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate } from "./public/enterprise/webhooks.js";
9
- import { groupCreate, groupDelete, groupGet, groupList, groupUpdate } from "./public/groups/core.js";
10
- import { inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke } from "./public/groups/invites.js";
11
- import { memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberRemove, memberResolve, memberUpdate } from "./public/groups/members.js";
12
- import { keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch } from "./public/security/keys.js";
13
- import { passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta } from "./public/factors/passkeys.js";
14
- import { rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch } from "./public/security/limits.js";
15
- import { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch } from "./public/identity/tokens.js";
16
- import { sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser } from "./public/identity/sessions.js";
17
- import { totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed } from "./public/factors/totp.js";
18
- import { userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert } from "./public/identity/users.js";
19
- import { verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode } from "./public/identity/codes.js";
20
- import { verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch } from "./public/identity/verifiers.js";
21
-
22
- //#region src/component/public.d.ts
23
- declare namespace public_d_exports {
24
- export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch, deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, enterpriseAuditEventCreate, enterpriseAuditEventList, enterpriseCreate, enterpriseDelete, enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert, enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert, enterpriseUpdate, enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate, groupCreate, groupDelete, groupGet, groupList, groupUpdate, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberRemove, memberResolve, memberUpdate, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch, sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed, userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert, verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode, verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch };
25
- }
26
- //#endregion
27
- export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch, deviceAuthorize, deviceDelete, deviceGetByCodeHash, deviceGetByUserCode, deviceInsert, deviceUpdateLastPolled, enterpriseAuditEventCreate, enterpriseAuditEventList, enterpriseCreate, enterpriseDelete, enterpriseDomainAdd, enterpriseDomainDelete, enterpriseDomainList, enterpriseDomainVerificationDelete, enterpriseDomainVerificationGet, enterpriseDomainVerificationUpsert, enterpriseDomainVerify, enterpriseGet, enterpriseGetByDomain, enterpriseGetByGroup, enterpriseList, enterpriseScimConfigGetByEnterprise, enterpriseScimConfigGetByTokenHash, enterpriseScimConfigUpsert, enterpriseScimIdentityDelete, enterpriseScimIdentityGet, enterpriseScimIdentityGetByEnterpriseAndUser, enterpriseScimIdentityGetByMappedGroup, enterpriseScimIdentityGetByUser, enterpriseScimIdentityListByEnterprise, enterpriseScimIdentityUpsert, enterpriseSecretDelete, enterpriseSecretGet, enterpriseSecretUpsert, enterpriseUpdate, enterpriseWebhookDeliveryEnqueue, enterpriseWebhookDeliveryList, enterpriseWebhookDeliveryListReady, enterpriseWebhookDeliveryPatch, enterpriseWebhookEndpointCreate, enterpriseWebhookEndpointGet, enterpriseWebhookEndpointList, enterpriseWebhookEndpointUpdate, groupCreate, groupDelete, groupGet, groupList, groupUpdate, inviteAccept, inviteAcceptByToken, inviteCreate, inviteGet, inviteGetByTokenHash, inviteList, inviteRevoke, keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch, memberAdd, memberGet, memberGetByGroupAndUser, memberList, memberRemove, memberResolve, memberUpdate, passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, public_d_exports, rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch, refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch, sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser, totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed, userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert, verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode, verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch };
28
- //# sourceMappingURL=public.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"public.d.ts","names":[],"sources":["../../src/component/public.ts"],"mappings":""}
@@ -1 +0,0 @@
1
- {"version":3,"file":"schema.d.ts","names":[],"sources":["../../src/component/schema.ts"],"mappings":""}
@@ -1 +0,0 @@
1
- {"version":3,"file":"schema.js","names":[],"sources":["../../src/component/schema.ts"],"sourcesContent":["import { defineSchema, defineTable } from \"convex/server\";\nimport { v } from \"convex/values\";\n\nimport {\n vApiKeyRateLimit,\n vApiKeyRateLimitState,\n vApiKeyScope,\n vAuditActorType,\n vAuditStatus,\n vDeviceStatus,\n vEnterprisePolicy,\n vEnterpriseSecretKind,\n vEnterpriseStatus,\n vInviteStatus,\n vScimResourceType,\n vScimStatus,\n vTag,\n vWebhookDeliveryStatus,\n vWebhookEndpointStatus,\n} from \"./model\";\n\n/**\n * Schema for the auth component.\n *\n * Contains tables for core authentication (users, sessions, accounts, tokens,\n * verification codes, PKCE verifiers, rate limits) and hierarchical group\n * management (groups, members, invites).\n */\nexport default defineSchema({\n /**\n * Authenticated users. A user may have multiple linked accounts\n * and multiple concurrent sessions.\n */\n User: defineTable({\n name: v.optional(v.string()),\n image: v.optional(v.string()),\n email: v.optional(v.string()),\n emailVerificationTime: v.optional(v.number()),\n phone: v.optional(v.string()),\n phoneVerificationTime: v.optional(v.number()),\n isAnonymous: v.optional(v.boolean()),\n extend: v.optional(v.any()),\n })\n .index(\"email\", [\"email\"])\n .index(\"email_verified\", [\"email\", \"emailVerificationTime\"])\n .index(\"phone\", [\"phone\"])\n .index(\"phone_verified\", [\"phone\", \"phoneVerificationTime\"]),\n\n /**\n * Active sessions. A single user can have multiple concurrent sessions\n * across different devices or browsers. Sessions expire after a\n * configurable duration.\n */\n Session: defineTable({\n userId: v.id(\"User\"),\n expirationTime: v.number(),\n }).index(\"user_id\", [\"userId\"]),\n\n /**\n * Authentication accounts. Each account links a user to a single\n * authentication provider (e.g. Google OAuth, email/password).\n * A user can have multiple accounts linked.\n */\n Account: defineTable({\n userId: v.id(\"User\"),\n provider: v.string(),\n providerAccountId: v.string(),\n secret: v.optional(v.string()),\n emailVerified: v.optional(v.string()),\n phoneVerified: v.optional(v.string()),\n extend: v.optional(v.any()),\n })\n .index(\"user_id_provider\", [\"userId\", \"provider\"])\n .index(\"provider_account_id\", [\"provider\", \"providerAccountId\"]),\n\n /**\n * Refresh tokens for session continuity. Tokens are single-use and form\n * a chain — each token references the one it was exchanged from.\n *\n * The active refresh token is the most recently created token that has not\n * been used yet. A 10-second reuse window allows for concurrent requests.\n * Any invalid use of a token invalidates the entire chain.\n */\n RefreshToken: defineTable({\n sessionId: v.id(\"Session\"),\n expirationTime: v.number(),\n firstUsedTime: v.optional(v.number()),\n parentRefreshTokenId: v.optional(v.id(\"RefreshToken\")),\n })\n .index(\"session_id\", [\"sessionId\"])\n .index(\"session_id_first_used\", [\"sessionId\", \"firstUsedTime\"])\n .index(\"session_id_parent_refresh_token_id\", [\n \"sessionId\",\n \"parentRefreshTokenId\",\n ]),\n\n /**\n * Verification codes for OTP tokens, magic link tokens, and OAuth codes.\n */\n VerificationCode: defineTable({\n accountId: v.id(\"Account\"),\n provider: v.string(),\n code: v.string(),\n expirationTime: v.number(),\n verifier: v.optional(v.string()),\n emailVerified: v.optional(v.string()),\n phoneVerified: v.optional(v.string()),\n })\n .index(\"account_id\", [\"accountId\"])\n .index(\"code\", [\"code\"]),\n\n /**\n * PKCE verifiers for OAuth flows. Stores the cryptographic verifier\n * used to prove the authorization request originated from this client.\n */\n AuthVerifier: defineTable({\n sessionId: v.optional(v.id(\"Session\")),\n signature: v.optional(v.string()),\n }).index(\"signature\", [\"signature\"]),\n\n /**\n * WebAuthn passkey credentials. Each credential links a user to a\n * registered authenticator (Touch ID, Face ID, security key, etc.).\n * A user can have multiple passkeys across different devices.\n */\n Passkey: defineTable({\n userId: v.id(\"User\"),\n /** Base64url-encoded credential ID from the authenticator. */\n credentialId: v.string(),\n /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */\n publicKey: v.bytes(),\n /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */\n algorithm: v.number(),\n /** Signature counter for clone detection. Many authenticators return 0. */\n counter: v.number(),\n /** Authenticator transport hints (e.g. \"internal\", \"hybrid\", \"usb\", \"ble\", \"nfc\"). */\n transports: v.optional(v.array(v.string())),\n /** Whether this is a single-device or multi-device (synced) credential. */\n deviceType: v.string(),\n /** Whether the credential is backed up (synced passkey). */\n backedUp: v.boolean(),\n /** User-assigned friendly name (e.g. \"MacBook Touch ID\"). */\n name: v.optional(v.string()),\n createdAt: v.number(),\n lastUsedAt: v.optional(v.number()),\n })\n .index(\"user_id\", [\"userId\"])\n .index(\"credential_id\", [\"credentialId\"]),\n\n /**\n * TOTP two-factor authentication secrets. Each record links a user to\n * an authenticator app. A user can have multiple TOTP enrollments\n * (e.g. different authenticator apps) but typically has one.\n *\n * The `verified` flag indicates whether the user has completed setup\n * by successfully entering a code from their authenticator app.\n * Unverified enrollments are in-progress setup that can be discarded.\n */\n TotpFactor: defineTable({\n userId: v.id(\"User\"),\n /** Raw TOTP secret key bytes. */\n secret: v.bytes(),\n /** Number of digits in each code (typically 6). */\n digits: v.number(),\n /** Time period in seconds for code rotation (typically 30). */\n period: v.number(),\n /** Whether setup has been confirmed with a valid code. */\n verified: v.boolean(),\n /** User-assigned friendly name (e.g. \"Google Authenticator\"). */\n name: v.optional(v.string()),\n createdAt: v.number(),\n lastUsedAt: v.optional(v.number()),\n })\n .index(\"user_id\", [\"userId\"])\n .index(\"user_id_verified\", [\"userId\", \"verified\"]),\n\n /**\n * Device authorization codes (RFC 8628). Each record tracks a pending\n * device auth session — the device polls with `deviceCode` while the\n * user authorizes via `userCode` on a secondary device.\n */\n DeviceCode: defineTable({\n /** High-entropy code used by the device for polling. Stored as SHA-256 hash. */\n deviceCodeHash: v.string(),\n /** Short human-readable code the user enters (e.g. \"WDJB-MJHT\"). */\n userCode: v.string(),\n /** Expiration timestamp (ms since epoch). */\n expiresAt: v.number(),\n /** Minimum polling interval in seconds. */\n interval: v.number(),\n /** Current status of this device authorization session. */\n status: vDeviceStatus,\n /** Set when the user authorizes — links to the authorizing user. */\n userId: v.optional(v.id(\"User\")),\n /** Set when the user authorizes — the session created for the device. */\n sessionId: v.optional(v.id(\"Session\")),\n /** Timestamp of the last poll request (for slow_down enforcement). */\n lastPolledAt: v.optional(v.number()),\n })\n .index(\"device_code_hash\", [\"deviceCodeHash\"])\n .index(\"user_code_status\", [\"userCode\", \"status\"]),\n\n /**\n * Rate limit tracking for OTP and password sign-in attempts.\n */\n RateLimit: defineTable({\n identifier: v.string(),\n last_attempt_time: v.number(),\n attempts_left: v.number(),\n }).index(\"by_identifier\", [\"identifier\"]),\n\n /**\n * Hierarchical groups. A group with no `parentGroupId` is a root group.\n * Groups can nest arbitrarily deep via `parentGroupId` for modeling\n * organizations, teams, departments, or any tree structure.\n */\n Group: defineTable({\n name: v.string(),\n slug: v.optional(v.string()),\n type: v.optional(v.string()),\n parentGroupId: v.optional(v.id(\"Group\")),\n /** Denormalized root group ID. Self-referencing for root groups. */\n rootGroupId: v.optional(v.id(\"Group\")),\n /** Denormalized flag: `true` when `parentGroupId` is absent. */\n isRoot: v.optional(v.boolean()),\n /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */\n tags: v.optional(v.array(vTag)),\n extend: v.optional(v.any()),\n })\n .index(\"slug\", [\"slug\"])\n .index(\"parent_group_id\", [\"parentGroupId\"])\n .index(\"root_group_id\", [\"rootGroupId\"])\n .index(\"is_root\", [\"isRoot\"])\n .index(\"type\", [\"type\"])\n .index(\"type_parent_group_id\", [\"type\", \"parentGroupId\"]),\n\n /**\n * Denormalized group-tag index table for efficient tag-based filtering.\n * Each row maps one `(key, value)` pair to a group. Kept in sync by\n * `groupCreate`, `groupUpdate`, and `groupDelete`.\n */\n GroupTag: defineTable({\n group_id: v.id(\"Group\"),\n key: v.string(),\n value: v.string(),\n })\n .index(\"by_group\", [\"group_id\"])\n .index(\"by_key_value\", [\"key\", \"value\"])\n .index(\"by_key\", [\"key\"]),\n\n /**\n * Group membership. Links a user to a group with an application-defined\n * role (e.g. \"owner\", \"admin\", \"member\", \"viewer\"). A user can be a\n * member of multiple groups with different roles in each.\n */\n GroupMember: defineTable({\n groupId: v.id(\"Group\"),\n userId: v.id(\"User\"),\n role: v.optional(v.string()),\n roleIds: v.optional(v.array(v.string())),\n status: v.optional(v.string()),\n extend: v.optional(v.any()),\n })\n .index(\"group_id\", [\"groupId\"])\n .index(\"group_id_user_id\", [\"groupId\", \"userId\"])\n .index(\"group_id_status\", [\"groupId\", \"status\"])\n .index(\"user_id\", [\"userId\"]),\n\n /**\n * Invitations. Tracks pending, accepted, revoked, and expired\n * invitations. Optionally scoped to a group via `groupId`, or\n * platform-level when `groupId` is omitted.\n *\n * `email` and `invitedByUserId` are optional to support CLI-generated\n * invite links where neither is known upfront.\n */\n GroupInvite: defineTable({\n groupId: v.optional(v.id(\"Group\")),\n invitedByUserId: v.optional(v.id(\"User\")),\n email: v.optional(v.string()),\n tokenHash: v.string(),\n role: v.optional(v.string()),\n roleIds: v.optional(v.array(v.string())),\n status: vInviteStatus,\n expiresTime: v.optional(v.number()),\n acceptedByUserId: v.optional(v.id(\"User\")),\n acceptedTime: v.optional(v.number()),\n extend: v.optional(v.any()),\n })\n .index(\"token_hash\", [\"tokenHash\"])\n .index(\"status\", [\"status\"])\n .index(\"email_status\", [\"email\", \"status\"])\n .index(\"invited_by_user_id_status\", [\"invitedByUserId\", \"status\"])\n .index(\"group_id\", [\"groupId\"])\n .index(\"group_id_status\", [\"groupId\", \"status\"]),\n\n /**\n * Enterprise configuration attached to a root group/organization.\n *\n * The `config` payload intentionally stays flexible so the headless enterprise\n * SDK can evolve without forcing schema churn for every protocol-specific\n * field addition.\n */\n Enterprise: defineTable({\n groupId: v.id(\"Group\"),\n slug: v.optional(v.string()),\n name: v.optional(v.string()),\n status: vEnterpriseStatus,\n policy: v.optional(vEnterprisePolicy),\n config: v.optional(v.any()),\n extend: v.optional(v.any()),\n })\n .index(\"group_id\", [\"groupId\"])\n .index(\"slug\", [\"slug\"])\n .index(\"status\", [\"status\"]),\n\n /**\n * Verified or pending domains linked to an enterprise record.\n */\n EnterpriseDomain: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n domain: v.string(),\n isPrimary: v.boolean(),\n verifiedAt: v.optional(v.number()),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"group_id\", [\"groupId\"])\n .index(\"domain\", [\"domain\"]),\n\n /**\n * Pending DNS TXT verification challenges for enterprise domains.\n */\n EnterpriseDomainVerification: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n domainId: v.id(\"EnterpriseDomain\"),\n domain: v.string(),\n recordName: v.string(),\n token: v.string(),\n tokenHash: v.string(),\n requestedAt: v.number(),\n expiresAt: v.number(),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"domain_id\", [\"domainId\"])\n .index(\"token_hash\", [\"tokenHash\"]),\n\n /**\n * Encrypted enterprise secrets stored separately from protocol config.\n */\n EnterpriseSecret: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n kind: vEnterpriseSecretKind,\n ciphertext: v.string(),\n updatedAt: v.number(),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"enterprise_id_kind\", [\"enterpriseId\", \"kind\"])\n .index(\"group_id\", [\"groupId\"]),\n\n /**\n * SCIM configuration for an enterprise tenant.\n */\n EnterpriseScimConfig: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n status: vScimStatus,\n basePath: v.string(),\n tokenHash: v.string(),\n lastRotatedAt: v.optional(v.number()),\n extend: v.optional(v.any()),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"group_id\", [\"groupId\"])\n .index(\"token_hash\", [\"tokenHash\"])\n .index(\"status\", [\"status\"]),\n\n /**\n * External SCIM identities mapped into local users/groups.\n */\n EnterpriseScimIdentity: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n resourceType: vScimResourceType,\n externalId: v.string(),\n userId: v.optional(v.id(\"User\")),\n mappedGroupId: v.optional(v.id(\"Group\")),\n lastProvisionedAt: v.optional(v.number()),\n active: v.optional(v.boolean()),\n raw: v.optional(v.any()),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"group_id\", [\"groupId\"])\n .index(\"enterprise_id_resource_type_external_id\", [\n \"enterpriseId\",\n \"resourceType\",\n \"externalId\",\n ])\n .index(\"enterprise_id_user_id\", [\"enterpriseId\", \"userId\"])\n .index(\"user_id\", [\"userId\"])\n .index(\"mapped_group_id\", [\"mappedGroupId\"]),\n\n /**\n * Immutable audit trail for enterprise operations.\n */\n EnterpriseAuditEvent: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n eventType: v.string(),\n actorType: vAuditActorType,\n actorId: v.optional(v.string()),\n subjectType: v.string(),\n subjectId: v.optional(v.string()),\n status: vAuditStatus,\n occurredAt: v.number(),\n requestId: v.optional(v.string()),\n ip: v.optional(v.string()),\n metadata: v.optional(v.any()),\n })\n .index(\"enterprise_id_occurred_at\", [\"enterpriseId\", \"occurredAt\"])\n .index(\"group_id_occurred_at\", [\"groupId\", \"occurredAt\"])\n .index(\"event_type_occurred_at\", [\"eventType\", \"occurredAt\"]),\n\n /**\n * Webhook endpoints subscribed to enterprise audit and lifecycle events.\n */\n EnterpriseWebhookEndpoint: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n groupId: v.id(\"Group\"),\n url: v.string(),\n status: vWebhookEndpointStatus,\n secretHash: v.string(),\n subscriptions: v.array(v.string()),\n createdByUserId: v.optional(v.id(\"User\")),\n lastSuccessAt: v.optional(v.number()),\n lastFailureAt: v.optional(v.number()),\n failureCount: v.number(),\n extend: v.optional(v.any()),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"group_id\", [\"groupId\"])\n .index(\"status\", [\"status\"]),\n\n /**\n * Delivery queue for outbound enterprise webhooks.\n */\n EnterpriseWebhookDelivery: defineTable({\n enterpriseId: v.id(\"Enterprise\"),\n endpointId: v.id(\"EnterpriseWebhookEndpoint\"),\n auditEventId: v.optional(v.id(\"EnterpriseAuditEvent\")),\n eventType: v.string(),\n status: vWebhookDeliveryStatus,\n attemptCount: v.number(),\n nextAttemptAt: v.number(),\n lastAttemptAt: v.optional(v.number()),\n lastResponseStatus: v.optional(v.number()),\n lastError: v.optional(v.string()),\n payload: v.any(),\n })\n .index(\"enterprise_id\", [\"enterpriseId\"])\n .index(\"status_next_attempt_at\", [\"status\", \"nextAttemptAt\"])\n .index(\"endpoint_id_status\", [\"endpointId\", \"status\"])\n .index(\"audit_event_id\", [\"auditEventId\"]),\n\n /**\n * API keys for programmatic access. Each key links a user to a set of\n * scoped permissions and optional per-key rate limiting.\n *\n * The raw key is never stored — only a SHA-256 hash. A short prefix\n * (e.g. \"sk_abc1...\") is kept for display in admin interfaces.\n *\n * Keys support:\n * - **Scoped permissions**: resource:action pairs (e.g. users:read)\n * - **Per-key rate limiting**: token-bucket with configurable window\n * - **Expiration**: optional TTL\n * - **Soft revocation**: `revoked` flag preserves audit trail\n */\n ApiKey: defineTable({\n userId: v.id(\"User\"),\n /** First chars of the key for display (e.g. \"sk_abc1...\"). */\n prefix: v.string(),\n /** SHA-256 hex hash of the full raw key. */\n hashedKey: v.string(),\n /** User-assigned name (e.g. \"CI Pipeline\", \"Production API\"). */\n name: v.string(),\n /** Scoped permissions: [{ resource: \"users\", actions: [\"read\", \"list\"] }]. */\n scopes: v.array(vApiKeyScope),\n /** Optional per-key rate limit configuration. */\n rateLimit: v.optional(vApiKeyRateLimit),\n /** Rate limit state tracking (token-bucket). */\n rateLimitState: v.optional(vApiKeyRateLimitState),\n /** Expiration timestamp. Null/undefined = never expires. */\n expiresAt: v.optional(v.number()),\n lastUsedAt: v.optional(v.number()),\n createdAt: v.number(),\n /** Soft-revoke flag. Revoked keys are kept for audit trail. */\n revoked: v.boolean(),\n /** Arbitrary app-specific metadata attached to the key. */\n metadata: v.optional(v.any()),\n })\n .index(\"user_id\", [\"userId\"])\n .index(\"hashed_key\", [\"hashedKey\"]),\n});\n"],"mappings":";;;;;;;;;;;;AA4BA,qBAAe,aAAa;CAK1B,MAAM,YAAY;EAChB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7C,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7C,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;EACpC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,SAAS,CAAC,QAAQ,CAAC,CACzB,MAAM,kBAAkB,CAAC,SAAS,wBAAwB,CAAC,CAC3D,MAAM,SAAS,CAAC,QAAQ,CAAC,CACzB,MAAM,kBAAkB,CAAC,SAAS,wBAAwB,CAAC;CAO9D,SAAS,YAAY;EACnB,QAAQ,EAAE,GAAG,OAAO;EACpB,gBAAgB,EAAE,QAAQ;EAC3B,CAAC,CAAC,MAAM,WAAW,CAAC,SAAS,CAAC;CAO/B,SAAS,YAAY;EACnB,QAAQ,EAAE,GAAG,OAAO;EACpB,UAAU,EAAE,QAAQ;EACpB,mBAAmB,EAAE,QAAQ;EAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,oBAAoB,CAAC,UAAU,WAAW,CAAC,CACjD,MAAM,uBAAuB,CAAC,YAAY,oBAAoB,CAAC;CAUlE,cAAc,YAAY;EACxB,WAAW,EAAE,GAAG,UAAU;EAC1B,gBAAgB,EAAE,QAAQ;EAC1B,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,sBAAsB,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;EACvD,CAAC,CACC,MAAM,cAAc,CAAC,YAAY,CAAC,CAClC,MAAM,yBAAyB,CAAC,aAAa,gBAAgB,CAAC,CAC9D,MAAM,sCAAsC,CAC3C,aACA,uBACD,CAAC;CAKJ,kBAAkB,YAAY;EAC5B,WAAW,EAAE,GAAG,UAAU;EAC1B,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,QAAQ;EAChB,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACtC,CAAC,CACC,MAAM,cAAc,CAAC,YAAY,CAAC,CAClC,MAAM,QAAQ,CAAC,OAAO,CAAC;CAM1B,cAAc,YAAY;EACxB,WAAW,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC;EACtC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EAClC,CAAC,CAAC,MAAM,aAAa,CAAC,YAAY,CAAC;CAOpC,SAAS,YAAY;EACnB,QAAQ,EAAE,GAAG,OAAO;EAEpB,cAAc,EAAE,QAAQ;EAExB,WAAW,EAAE,OAAO;EAEpB,WAAW,EAAE,QAAQ;EAErB,SAAS,EAAE,QAAQ;EAEnB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EAE3C,YAAY,EAAE,QAAQ;EAEtB,UAAU,EAAE,SAAS;EAErB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACrB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,CAAC,CACC,MAAM,WAAW,CAAC,SAAS,CAAC,CAC5B,MAAM,iBAAiB,CAAC,eAAe,CAAC;CAW3C,YAAY,YAAY;EACtB,QAAQ,EAAE,GAAG,OAAO;EAEpB,QAAQ,EAAE,OAAO;EAEjB,QAAQ,EAAE,QAAQ;EAElB,QAAQ,EAAE,QAAQ;EAElB,UAAU,EAAE,SAAS;EAErB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACrB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,CAAC,CACC,MAAM,WAAW,CAAC,SAAS,CAAC,CAC5B,MAAM,oBAAoB,CAAC,UAAU,WAAW,CAAC;CAOpD,YAAY,YAAY;EAEtB,gBAAgB,EAAE,QAAQ;EAE1B,UAAU,EAAE,QAAQ;EAEpB,WAAW,EAAE,QAAQ;EAErB,UAAU,EAAE,QAAQ;EAEpB,QAAQ;EAER,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAEhC,WAAW,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC;EAEtC,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,CAAC,CACC,MAAM,oBAAoB,CAAC,iBAAiB,CAAC,CAC7C,MAAM,oBAAoB,CAAC,YAAY,SAAS,CAAC;CAKpD,WAAW,YAAY;EACrB,YAAY,EAAE,QAAQ;EACtB,mBAAmB,EAAE,QAAQ;EAC7B,eAAe,EAAE,QAAQ;EAC1B,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC;CAOzC,OAAO,YAAY;EACjB,MAAM,EAAE,QAAQ;EAChB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,eAAe,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAExC,aAAa,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAEtC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;EAE/B,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;EAC/B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,QAAQ,CAAC,OAAO,CAAC,CACvB,MAAM,mBAAmB,CAAC,gBAAgB,CAAC,CAC3C,MAAM,iBAAiB,CAAC,cAAc,CAAC,CACvC,MAAM,WAAW,CAAC,SAAS,CAAC,CAC5B,MAAM,QAAQ,CAAC,OAAO,CAAC,CACvB,MAAM,wBAAwB,CAAC,QAAQ,gBAAgB,CAAC;CAO3D,UAAU,YAAY;EACpB,UAAU,EAAE,GAAG,QAAQ;EACvB,KAAK,EAAE,QAAQ;EACf,OAAO,EAAE,QAAQ;EAClB,CAAC,CACC,MAAM,YAAY,CAAC,WAAW,CAAC,CAC/B,MAAM,gBAAgB,CAAC,OAAO,QAAQ,CAAC,CACvC,MAAM,UAAU,CAAC,MAAM,CAAC;CAO3B,aAAa,YAAY;EACvB,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ,EAAE,GAAG,OAAO;EACpB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,oBAAoB,CAAC,WAAW,SAAS,CAAC,CAChD,MAAM,mBAAmB,CAAC,WAAW,SAAS,CAAC,CAC/C,MAAM,WAAW,CAAC,SAAS,CAAC;CAU/B,aAAa,YAAY;EACvB,SAAS,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,WAAW,EAAE,QAAQ;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EACxC,QAAQ;EACR,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,kBAAkB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAC1C,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,cAAc,CAAC,YAAY,CAAC,CAClC,MAAM,UAAU,CAAC,SAAS,CAAC,CAC3B,MAAM,gBAAgB,CAAC,SAAS,SAAS,CAAC,CAC1C,MAAM,6BAA6B,CAAC,mBAAmB,SAAS,CAAC,CACjE,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,mBAAmB,CAAC,WAAW,SAAS,CAAC;CASlD,YAAY,YAAY;EACtB,SAAS,EAAE,GAAG,QAAQ;EACtB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,QAAQ;EACR,QAAQ,EAAE,SAAS,kBAAkB;EACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC3B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,QAAQ,CAAC,OAAO,CAAC,CACvB,MAAM,UAAU,CAAC,SAAS,CAAC;CAK9B,kBAAkB,YAAY;EAC5B,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ,EAAE,QAAQ;EAClB,WAAW,EAAE,SAAS;EACtB,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,UAAU,CAAC,SAAS,CAAC;CAK9B,8BAA8B,YAAY;EACxC,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,UAAU,EAAE,GAAG,mBAAmB;EAClC,QAAQ,EAAE,QAAQ;EAClB,YAAY,EAAE,QAAQ;EACtB,OAAO,EAAE,QAAQ;EACjB,WAAW,EAAE,QAAQ;EACrB,aAAa,EAAE,QAAQ;EACvB,WAAW,EAAE,QAAQ;EACtB,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,aAAa,CAAC,WAAW,CAAC,CAChC,MAAM,cAAc,CAAC,YAAY,CAAC;CAKrC,kBAAkB,YAAY;EAC5B,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,MAAM;EACN,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,QAAQ;EACtB,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,sBAAsB,CAAC,gBAAgB,OAAO,CAAC,CACrD,MAAM,YAAY,CAAC,UAAU,CAAC;CAKjC,sBAAsB,YAAY;EAChC,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,QAAQ;EACR,UAAU,EAAE,QAAQ;EACpB,WAAW,EAAE,QAAQ;EACrB,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,cAAc,CAAC,YAAY,CAAC,CAClC,MAAM,UAAU,CAAC,SAAS,CAAC;CAK9B,wBAAwB,YAAY;EAClC,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,cAAc;EACd,YAAY,EAAE,QAAQ;EACtB,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EACxC,mBAAmB,EAAE,SAAS,EAAE,QAAQ,CAAC;EACzC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;EAC/B,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC;EACzB,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,2CAA2C;EAChD;EACA;EACA;EACD,CAAC,CACD,MAAM,yBAAyB,CAAC,gBAAgB,SAAS,CAAC,CAC1D,MAAM,WAAW,CAAC,SAAS,CAAC,CAC5B,MAAM,mBAAmB,CAAC,gBAAgB,CAAC;CAK9C,sBAAsB,YAAY;EAChC,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,WAAW,EAAE,QAAQ;EACrB,WAAW;EACX,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC/B,aAAa,EAAE,QAAQ;EACvB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,QAAQ;EACR,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC1B,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;EAC9B,CAAC,CACC,MAAM,6BAA6B,CAAC,gBAAgB,aAAa,CAAC,CAClE,MAAM,wBAAwB,CAAC,WAAW,aAAa,CAAC,CACxD,MAAM,0BAA0B,CAAC,aAAa,aAAa,CAAC;CAK/D,2BAA2B,YAAY;EACrC,cAAc,EAAE,GAAG,aAAa;EAChC,SAAS,EAAE,GAAG,QAAQ;EACtB,KAAK,EAAE,QAAQ;EACf,QAAQ;EACR,YAAY,EAAE,QAAQ;EACtB,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC;EAClC,iBAAiB,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EACzC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,cAAc,EAAE,QAAQ;EACxB,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,YAAY,CAAC,UAAU,CAAC,CAC9B,MAAM,UAAU,CAAC,SAAS,CAAC;CAK9B,2BAA2B,YAAY;EACrC,cAAc,EAAE,GAAG,aAAa;EAChC,YAAY,EAAE,GAAG,4BAA4B;EAC7C,cAAc,EAAE,SAAS,EAAE,GAAG,uBAAuB,CAAC;EACtD,WAAW,EAAE,QAAQ;EACrB,QAAQ;EACR,cAAc,EAAE,QAAQ;EACxB,eAAe,EAAE,QAAQ;EACzB,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,oBAAoB,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC1C,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,SAAS,EAAE,KAAK;EACjB,CAAC,CACC,MAAM,iBAAiB,CAAC,eAAe,CAAC,CACxC,MAAM,0BAA0B,CAAC,UAAU,gBAAgB,CAAC,CAC5D,MAAM,sBAAsB,CAAC,cAAc,SAAS,CAAC,CACrD,MAAM,kBAAkB,CAAC,eAAe,CAAC;CAe5C,QAAQ,YAAY;EAClB,QAAQ,EAAE,GAAG,OAAO;EAEpB,QAAQ,EAAE,QAAQ;EAElB,WAAW,EAAE,QAAQ;EAErB,MAAM,EAAE,QAAQ;EAEhB,QAAQ,EAAE,MAAM,aAAa;EAE7B,WAAW,EAAE,SAAS,iBAAiB;EAEvC,gBAAgB,EAAE,SAAS,sBAAsB;EAEjD,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;EAClC,WAAW,EAAE,QAAQ;EAErB,SAAS,EAAE,SAAS;EAEpB,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;EAC9B,CAAC,CACC,MAAM,WAAW,CAAC,SAAS,CAAC,CAC5B,MAAM,cAAc,CAAC,YAAY,CAAC;CACtC,CAAC"}