@robelest/convex-auth 0.0.4-preview.32 → 0.0.4-preview.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/model.d.ts +317 -28
- package/dist/component/schema.d.ts +290 -290
- package/dist/core/index.d.ts +2 -1
- package/dist/model.js +373 -0
- package/dist/server/auth.d.ts +71 -6
- package/dist/server/auth.js +2 -0
- package/dist/server/index.d.ts +5 -3
- package/dist/server/index.js +3 -1
- package/dist/server/mounts.d.ts +79 -79
- package/dist/server/runtime.d.ts +12 -12
- package/dist/server/types.d.ts +1 -1
- package/dist/server/validators.d.ts +722 -0
- package/dist/server/validators.js +59 -0
- package/package.json +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as
|
|
2
|
-
import * as
|
|
1
|
+
import * as convex_values1184 from "convex/values";
|
|
2
|
+
import * as convex_server85 from "convex/server";
|
|
3
3
|
|
|
4
4
|
//#region src/component/schema.d.ts
|
|
5
5
|
/**
|
|
@@ -9,32 +9,32 @@ import * as convex_server80 from "convex/server";
|
|
|
9
9
|
* verification codes, PKCE verifiers, rate limits) and hierarchical group
|
|
10
10
|
* management (groups, members, invites).
|
|
11
11
|
*/
|
|
12
|
-
declare const _default:
|
|
12
|
+
declare const _default: convex_server85.SchemaDefinition<{
|
|
13
13
|
/**
|
|
14
14
|
* Authenticated users. A user may have multiple linked accounts
|
|
15
15
|
* and multiple concurrent sessions.
|
|
16
16
|
*/
|
|
17
|
-
User:
|
|
17
|
+
User: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
18
18
|
name?: string | undefined;
|
|
19
19
|
email?: string | undefined;
|
|
20
|
-
image?: string | undefined;
|
|
21
20
|
phone?: string | undefined;
|
|
22
21
|
extend?: any;
|
|
22
|
+
image?: string | undefined;
|
|
23
23
|
emailVerificationTime?: number | undefined;
|
|
24
24
|
phoneVerificationTime?: number | undefined;
|
|
25
25
|
isAnonymous?: boolean | undefined;
|
|
26
26
|
hasTotp?: boolean | undefined;
|
|
27
27
|
}, {
|
|
28
|
-
name:
|
|
29
|
-
image:
|
|
30
|
-
email:
|
|
31
|
-
emailVerificationTime:
|
|
32
|
-
phone:
|
|
33
|
-
phoneVerificationTime:
|
|
34
|
-
isAnonymous:
|
|
35
|
-
hasTotp:
|
|
36
|
-
extend:
|
|
37
|
-
}, "required", "name" | "email" | "
|
|
28
|
+
name: convex_values1184.VString<string | undefined, "optional">;
|
|
29
|
+
image: convex_values1184.VString<string | undefined, "optional">;
|
|
30
|
+
email: convex_values1184.VString<string | undefined, "optional">;
|
|
31
|
+
emailVerificationTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
32
|
+
phone: convex_values1184.VString<string | undefined, "optional">;
|
|
33
|
+
phoneVerificationTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
34
|
+
isAnonymous: convex_values1184.VBoolean<boolean | undefined, "optional">;
|
|
35
|
+
hasTotp: convex_values1184.VBoolean<boolean | undefined, "optional">;
|
|
36
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
37
|
+
}, "required", "name" | "email" | "phone" | "extend" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | "hasTotp" | `extend.${string}`>, {
|
|
38
38
|
email: ["email", "_creationTime"];
|
|
39
39
|
email_verified: ["email", "emailVerificationTime", "_creationTime"];
|
|
40
40
|
phone: ["phone", "_creationTime"];
|
|
@@ -45,12 +45,12 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
45
45
|
* across different devices or browsers. Sessions expire after a
|
|
46
46
|
* configurable duration.
|
|
47
47
|
*/
|
|
48
|
-
Session:
|
|
49
|
-
userId:
|
|
48
|
+
Session: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
49
|
+
userId: convex_values1184.GenericId<"User">;
|
|
50
50
|
expirationTime: number;
|
|
51
51
|
}, {
|
|
52
|
-
userId:
|
|
53
|
-
expirationTime:
|
|
52
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">;
|
|
53
|
+
expirationTime: convex_values1184.VFloat64<number, "required">;
|
|
54
54
|
}, "required", "userId" | "expirationTime">, {
|
|
55
55
|
user_id: ["userId", "_creationTime"];
|
|
56
56
|
}, {}, {}>;
|
|
@@ -59,23 +59,23 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
59
59
|
* authentication provider (e.g. Google OAuth, email/password).
|
|
60
60
|
* A user can have multiple accounts linked.
|
|
61
61
|
*/
|
|
62
|
-
Account:
|
|
63
|
-
emailVerified?: string | undefined;
|
|
62
|
+
Account: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
64
63
|
extend?: any;
|
|
65
64
|
secret?: string | undefined;
|
|
65
|
+
emailVerified?: string | undefined;
|
|
66
66
|
phoneVerified?: string | undefined;
|
|
67
|
-
userId:
|
|
67
|
+
userId: convex_values1184.GenericId<"User">;
|
|
68
68
|
provider: string;
|
|
69
69
|
providerAccountId: string;
|
|
70
70
|
}, {
|
|
71
|
-
userId:
|
|
72
|
-
provider:
|
|
73
|
-
providerAccountId:
|
|
74
|
-
secret:
|
|
75
|
-
emailVerified:
|
|
76
|
-
phoneVerified:
|
|
77
|
-
extend:
|
|
78
|
-
}, "required", "
|
|
71
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">;
|
|
72
|
+
provider: convex_values1184.VString<string, "required">;
|
|
73
|
+
providerAccountId: convex_values1184.VString<string, "required">;
|
|
74
|
+
secret: convex_values1184.VString<string | undefined, "optional">;
|
|
75
|
+
emailVerified: convex_values1184.VString<string | undefined, "optional">;
|
|
76
|
+
phoneVerified: convex_values1184.VString<string | undefined, "optional">;
|
|
77
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
78
|
+
}, "required", "userId" | "extend" | `extend.${string}` | "provider" | "providerAccountId" | "secret" | "emailVerified" | "phoneVerified">, {
|
|
79
79
|
user_id_provider: ["userId", "provider", "_creationTime"];
|
|
80
80
|
provider_account_id: ["provider", "providerAccountId", "_creationTime"];
|
|
81
81
|
}, {}, {}>;
|
|
@@ -87,16 +87,16 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
87
87
|
* been used yet. A 10-second reuse window allows for concurrent requests.
|
|
88
88
|
* Any invalid use of a token invalidates the entire chain.
|
|
89
89
|
*/
|
|
90
|
-
RefreshToken:
|
|
90
|
+
RefreshToken: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
91
91
|
firstUsedTime?: number | undefined;
|
|
92
|
-
parentRefreshTokenId?:
|
|
92
|
+
parentRefreshTokenId?: convex_values1184.GenericId<"RefreshToken"> | undefined;
|
|
93
93
|
expirationTime: number;
|
|
94
|
-
sessionId:
|
|
94
|
+
sessionId: convex_values1184.GenericId<"Session">;
|
|
95
95
|
}, {
|
|
96
|
-
sessionId:
|
|
97
|
-
expirationTime:
|
|
98
|
-
firstUsedTime:
|
|
99
|
-
parentRefreshTokenId:
|
|
96
|
+
sessionId: convex_values1184.VId<convex_values1184.GenericId<"Session">, "required">;
|
|
97
|
+
expirationTime: convex_values1184.VFloat64<number, "required">;
|
|
98
|
+
firstUsedTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
99
|
+
parentRefreshTokenId: convex_values1184.VId<convex_values1184.GenericId<"RefreshToken"> | undefined, "optional">;
|
|
100
100
|
}, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
|
|
101
101
|
session_id: ["sessionId", "_creationTime"];
|
|
102
102
|
session_id_first_used: ["sessionId", "firstUsedTime", "_creationTime"];
|
|
@@ -105,23 +105,23 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
105
105
|
/**
|
|
106
106
|
* Verification codes for OTP tokens, magic link tokens, and OAuth codes.
|
|
107
107
|
*/
|
|
108
|
-
VerificationCode:
|
|
108
|
+
VerificationCode: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
109
109
|
emailVerified?: string | undefined;
|
|
110
110
|
phoneVerified?: string | undefined;
|
|
111
111
|
verifier?: string | undefined;
|
|
112
112
|
expirationTime: number;
|
|
113
113
|
provider: string;
|
|
114
|
-
accountId:
|
|
114
|
+
accountId: convex_values1184.GenericId<"Account">;
|
|
115
115
|
code: string;
|
|
116
116
|
}, {
|
|
117
|
-
accountId:
|
|
118
|
-
provider:
|
|
119
|
-
code:
|
|
120
|
-
expirationTime:
|
|
121
|
-
verifier:
|
|
122
|
-
emailVerified:
|
|
123
|
-
phoneVerified:
|
|
124
|
-
}, "required", "
|
|
117
|
+
accountId: convex_values1184.VId<convex_values1184.GenericId<"Account">, "required">;
|
|
118
|
+
provider: convex_values1184.VString<string, "required">;
|
|
119
|
+
code: convex_values1184.VString<string, "required">;
|
|
120
|
+
expirationTime: convex_values1184.VFloat64<number, "required">;
|
|
121
|
+
verifier: convex_values1184.VString<string | undefined, "optional">;
|
|
122
|
+
emailVerified: convex_values1184.VString<string | undefined, "optional">;
|
|
123
|
+
phoneVerified: convex_values1184.VString<string | undefined, "optional">;
|
|
124
|
+
}, "required", "expirationTime" | "provider" | "emailVerified" | "phoneVerified" | "accountId" | "code" | "verifier">, {
|
|
125
125
|
account_id: ["accountId", "_creationTime"];
|
|
126
126
|
code: ["code", "_creationTime"];
|
|
127
127
|
}, {}, {}>;
|
|
@@ -129,14 +129,14 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
129
129
|
* PKCE verifiers for OAuth flows. Stores the cryptographic verifier
|
|
130
130
|
* used to prove the authorization request originated from this client.
|
|
131
131
|
*/
|
|
132
|
-
AuthVerifier:
|
|
132
|
+
AuthVerifier: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
133
133
|
expirationTime?: number | undefined;
|
|
134
|
-
sessionId?:
|
|
134
|
+
sessionId?: convex_values1184.GenericId<"Session"> | undefined;
|
|
135
135
|
signature?: string | undefined;
|
|
136
136
|
}, {
|
|
137
|
-
sessionId:
|
|
138
|
-
signature:
|
|
139
|
-
expirationTime:
|
|
137
|
+
sessionId: convex_values1184.VId<convex_values1184.GenericId<"Session"> | undefined, "optional">;
|
|
138
|
+
signature: convex_values1184.VString<string | undefined, "optional">;
|
|
139
|
+
expirationTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
140
140
|
}, "required", "expirationTime" | "sessionId" | "signature">, {
|
|
141
141
|
signature: ["signature", "_creationTime"];
|
|
142
142
|
}, {}, {}>;
|
|
@@ -145,11 +145,11 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
145
145
|
* registered authenticator (Touch ID, Face ID, security key, etc.).
|
|
146
146
|
* A user can have multiple passkeys across different devices.
|
|
147
147
|
*/
|
|
148
|
-
Passkey:
|
|
148
|
+
Passkey: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
149
149
|
name?: string | undefined;
|
|
150
150
|
lastUsedAt?: number | undefined;
|
|
151
151
|
transports?: string[] | undefined;
|
|
152
|
-
userId:
|
|
152
|
+
userId: convex_values1184.GenericId<"User">;
|
|
153
153
|
createdAt: number;
|
|
154
154
|
credentialId: string;
|
|
155
155
|
publicKey: ArrayBuffer;
|
|
@@ -158,17 +158,17 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
158
158
|
deviceType: string;
|
|
159
159
|
backedUp: boolean;
|
|
160
160
|
}, {
|
|
161
|
-
userId:
|
|
162
|
-
credentialId:
|
|
163
|
-
publicKey:
|
|
164
|
-
algorithm:
|
|
165
|
-
counter:
|
|
166
|
-
transports:
|
|
167
|
-
deviceType:
|
|
168
|
-
backedUp:
|
|
169
|
-
name:
|
|
170
|
-
createdAt:
|
|
171
|
-
lastUsedAt:
|
|
161
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
|
|
162
|
+
credentialId: convex_values1184.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
|
|
163
|
+
publicKey: convex_values1184.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
|
|
164
|
+
algorithm: convex_values1184.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
|
|
165
|
+
counter: convex_values1184.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
|
|
166
|
+
transports: convex_values1184.VArray<string[] | undefined, convex_values1184.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
|
|
167
|
+
deviceType: convex_values1184.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
|
|
168
|
+
backedUp: convex_values1184.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
|
|
169
|
+
name: convex_values1184.VString<string | undefined, "optional">;
|
|
170
|
+
createdAt: convex_values1184.VFloat64<number, "required">;
|
|
171
|
+
lastUsedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
172
172
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp">, {
|
|
173
173
|
user_id: ["userId", "_creationTime"];
|
|
174
174
|
credential_id: ["credentialId", "_creationTime"];
|
|
@@ -182,24 +182,24 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
182
182
|
* by successfully entering a code from their authenticator app.
|
|
183
183
|
* Unverified enrollments are in-progress setup that can be discarded.
|
|
184
184
|
*/
|
|
185
|
-
TotpFactor:
|
|
185
|
+
TotpFactor: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
186
186
|
name?: string | undefined;
|
|
187
187
|
lastUsedAt?: number | undefined;
|
|
188
|
-
userId:
|
|
188
|
+
userId: convex_values1184.GenericId<"User">;
|
|
189
189
|
createdAt: number;
|
|
190
190
|
secret: ArrayBuffer;
|
|
191
191
|
digits: number;
|
|
192
192
|
period: number;
|
|
193
193
|
verified: boolean;
|
|
194
194
|
}, {
|
|
195
|
-
userId:
|
|
196
|
-
secret:
|
|
197
|
-
digits:
|
|
198
|
-
period:
|
|
199
|
-
verified:
|
|
200
|
-
name:
|
|
201
|
-
createdAt:
|
|
202
|
-
lastUsedAt:
|
|
195
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
|
|
196
|
+
secret: convex_values1184.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
|
|
197
|
+
digits: convex_values1184.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
|
|
198
|
+
period: convex_values1184.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
|
|
199
|
+
verified: convex_values1184.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
|
|
200
|
+
name: convex_values1184.VString<string | undefined, "optional">;
|
|
201
|
+
createdAt: convex_values1184.VFloat64<number, "required">;
|
|
202
|
+
lastUsedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
203
203
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "secret" | "digits" | "period" | "verified">, {
|
|
204
204
|
user_id: ["userId", "_creationTime"];
|
|
205
205
|
user_id_verified: ["userId", "verified", "_creationTime"];
|
|
@@ -209,9 +209,9 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
209
209
|
* device auth session — the device polls with `deviceCode` while the
|
|
210
210
|
* user authorizes via `userCode` on a secondary device.
|
|
211
211
|
*/
|
|
212
|
-
DeviceCode:
|
|
213
|
-
userId?:
|
|
214
|
-
sessionId?:
|
|
212
|
+
DeviceCode: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
213
|
+
userId?: convex_values1184.GenericId<"User"> | undefined;
|
|
214
|
+
sessionId?: convex_values1184.GenericId<"Session"> | undefined;
|
|
215
215
|
lastPolledAt?: number | undefined;
|
|
216
216
|
status: "pending" | "authorized" | "denied";
|
|
217
217
|
expiresAt: number;
|
|
@@ -219,14 +219,14 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
219
219
|
userCode: string;
|
|
220
220
|
interval: number;
|
|
221
221
|
}, {
|
|
222
|
-
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash:
|
|
223
|
-
userCode:
|
|
224
|
-
expiresAt:
|
|
225
|
-
interval:
|
|
226
|
-
status:
|
|
227
|
-
userId:
|
|
228
|
-
sessionId:
|
|
229
|
-
lastPolledAt:
|
|
222
|
+
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values1184.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
|
|
223
|
+
userCode: convex_values1184.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
|
|
224
|
+
expiresAt: convex_values1184.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
|
|
225
|
+
interval: convex_values1184.VFloat64<number, "required">; /** Current status of this device authorization session. */
|
|
226
|
+
status: convex_values1184.VUnion<"pending" | "authorized" | "denied", [convex_values1184.VLiteral<"pending", "required">, convex_values1184.VLiteral<"authorized", "required">, convex_values1184.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
|
|
227
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
|
|
228
|
+
sessionId: convex_values1184.VId<convex_values1184.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
|
|
229
|
+
lastPolledAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
230
230
|
}, "required", "status" | "expiresAt" | "userId" | "sessionId" | "deviceCodeHash" | "userCode" | "interval" | "lastPolledAt">, {
|
|
231
231
|
device_code_hash: ["deviceCodeHash", "_creationTime"];
|
|
232
232
|
user_code_status: ["userCode", "status", "_creationTime"];
|
|
@@ -234,14 +234,14 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
234
234
|
/**
|
|
235
235
|
* Rate limit tracking for OTP and password sign-in attempts.
|
|
236
236
|
*/
|
|
237
|
-
RateLimit:
|
|
237
|
+
RateLimit: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
238
238
|
identifier: string;
|
|
239
239
|
last_attempt_time: number;
|
|
240
240
|
attempts_left: number;
|
|
241
241
|
}, {
|
|
242
|
-
identifier:
|
|
243
|
-
last_attempt_time:
|
|
244
|
-
attempts_left:
|
|
242
|
+
identifier: convex_values1184.VString<string, "required">;
|
|
243
|
+
last_attempt_time: convex_values1184.VFloat64<number, "required">;
|
|
244
|
+
attempts_left: convex_values1184.VFloat64<number, "required">;
|
|
245
245
|
}, "required", "identifier" | "last_attempt_time" | "attempts_left">, {
|
|
246
246
|
by_identifier: ["identifier", "_creationTime"];
|
|
247
247
|
}, {}, {}>;
|
|
@@ -250,12 +250,12 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
250
250
|
* Groups can nest arbitrarily deep via `parentGroupId` for modeling
|
|
251
251
|
* organizations, teams, departments, or any tree structure.
|
|
252
252
|
*/
|
|
253
|
-
Group:
|
|
253
|
+
Group: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
254
254
|
slug?: string | undefined;
|
|
255
255
|
type?: string | undefined;
|
|
256
256
|
extend?: any;
|
|
257
|
-
parentGroupId?:
|
|
258
|
-
rootGroupId?:
|
|
257
|
+
parentGroupId?: convex_values1184.GenericId<"Group"> | undefined;
|
|
258
|
+
rootGroupId?: convex_values1184.GenericId<"Group"> | undefined;
|
|
259
259
|
isRoot?: boolean | undefined;
|
|
260
260
|
tags?: {
|
|
261
261
|
key: string;
|
|
@@ -302,23 +302,23 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
302
302
|
} | undefined;
|
|
303
303
|
name: string;
|
|
304
304
|
}, {
|
|
305
|
-
name:
|
|
306
|
-
slug:
|
|
307
|
-
type:
|
|
308
|
-
parentGroupId:
|
|
309
|
-
rootGroupId:
|
|
310
|
-
isRoot:
|
|
311
|
-
tags:
|
|
305
|
+
name: convex_values1184.VString<string, "required">;
|
|
306
|
+
slug: convex_values1184.VString<string | undefined, "optional">;
|
|
307
|
+
type: convex_values1184.VString<string | undefined, "optional">;
|
|
308
|
+
parentGroupId: convex_values1184.VId<convex_values1184.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
|
|
309
|
+
rootGroupId: convex_values1184.VId<convex_values1184.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
|
|
310
|
+
isRoot: convex_values1184.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
|
|
311
|
+
tags: convex_values1184.VArray<{
|
|
312
312
|
key: string;
|
|
313
313
|
value: string;
|
|
314
|
-
}[] | undefined,
|
|
314
|
+
}[] | undefined, convex_values1184.VObject<{
|
|
315
315
|
key: string;
|
|
316
316
|
value: string;
|
|
317
317
|
}, {
|
|
318
|
-
key:
|
|
319
|
-
value:
|
|
318
|
+
key: convex_values1184.VString<string, "required">;
|
|
319
|
+
value: convex_values1184.VString<string, "required">;
|
|
320
320
|
}, "required", "key" | "value">, "optional">;
|
|
321
|
-
policy:
|
|
321
|
+
policy: convex_values1184.VObject<{
|
|
322
322
|
extend?: any;
|
|
323
323
|
version: 1;
|
|
324
324
|
identity: {
|
|
@@ -357,22 +357,22 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
357
357
|
};
|
|
358
358
|
};
|
|
359
359
|
} | undefined, {
|
|
360
|
-
version:
|
|
361
|
-
identity:
|
|
360
|
+
version: convex_values1184.VLiteral<1, "required">;
|
|
361
|
+
identity: convex_values1184.VObject<{
|
|
362
362
|
accountLinking: {
|
|
363
363
|
oidc: "verifiedEmail" | "none";
|
|
364
364
|
saml: "verifiedEmail" | "none";
|
|
365
365
|
};
|
|
366
366
|
}, {
|
|
367
|
-
accountLinking:
|
|
367
|
+
accountLinking: convex_values1184.VObject<{
|
|
368
368
|
oidc: "verifiedEmail" | "none";
|
|
369
369
|
saml: "verifiedEmail" | "none";
|
|
370
370
|
}, {
|
|
371
|
-
oidc:
|
|
372
|
-
saml:
|
|
371
|
+
oidc: convex_values1184.VUnion<"verifiedEmail" | "none", [convex_values1184.VLiteral<"verifiedEmail", "required">, convex_values1184.VLiteral<"none", "required">], "required", never>;
|
|
372
|
+
saml: convex_values1184.VUnion<"verifiedEmail" | "none", [convex_values1184.VLiteral<"verifiedEmail", "required">, convex_values1184.VLiteral<"none", "required">], "required", never>;
|
|
373
373
|
}, "required", "oidc" | "saml">;
|
|
374
374
|
}, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
|
|
375
|
-
provisioning:
|
|
375
|
+
provisioning: convex_values1184.VObject<{
|
|
376
376
|
user: {
|
|
377
377
|
createOnSignIn: boolean;
|
|
378
378
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
@@ -401,58 +401,58 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
401
401
|
source: "protocol";
|
|
402
402
|
};
|
|
403
403
|
}, {
|
|
404
|
-
user:
|
|
404
|
+
user: convex_values1184.VObject<{
|
|
405
405
|
createOnSignIn: boolean;
|
|
406
406
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
407
407
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
408
408
|
authority: "app" | "sso" | "scim";
|
|
409
409
|
}, {
|
|
410
|
-
createOnSignIn:
|
|
411
|
-
updateProfileOnLogin:
|
|
412
|
-
updateProfileFromScim:
|
|
413
|
-
authority:
|
|
410
|
+
createOnSignIn: convex_values1184.VBoolean<boolean, "required">;
|
|
411
|
+
updateProfileOnLogin: convex_values1184.VUnion<"never" | "missing" | "always", [convex_values1184.VLiteral<"never", "required">, convex_values1184.VLiteral<"missing", "required">, convex_values1184.VLiteral<"always", "required">], "required", never>;
|
|
412
|
+
updateProfileFromScim: convex_values1184.VUnion<"never" | "missing" | "always", [convex_values1184.VLiteral<"never", "required">, convex_values1184.VLiteral<"missing", "required">, convex_values1184.VLiteral<"always", "required">], "required", never>;
|
|
413
|
+
authority: convex_values1184.VUnion<"app" | "sso" | "scim", [convex_values1184.VLiteral<"app", "required">, convex_values1184.VLiteral<"sso", "required">, convex_values1184.VLiteral<"scim", "required">], "required", never>;
|
|
414
414
|
}, "required", "createOnSignIn" | "updateProfileOnLogin" | "updateProfileFromScim" | "authority">;
|
|
415
|
-
scimReuse:
|
|
415
|
+
scimReuse: convex_values1184.VObject<{
|
|
416
416
|
user: "none" | "externalId";
|
|
417
417
|
}, {
|
|
418
|
-
user:
|
|
418
|
+
user: convex_values1184.VUnion<"none" | "externalId", [convex_values1184.VLiteral<"externalId", "required">, convex_values1184.VLiteral<"none", "required">], "required", never>;
|
|
419
419
|
}, "required", "user">;
|
|
420
|
-
jit:
|
|
420
|
+
jit: convex_values1184.VObject<{
|
|
421
421
|
defaultRole?: string | undefined;
|
|
422
422
|
defaultRoleIds?: string[] | undefined;
|
|
423
423
|
mode: "off" | "createUser" | "createUserAndMembership";
|
|
424
424
|
}, {
|
|
425
|
-
mode:
|
|
426
|
-
defaultRole:
|
|
427
|
-
defaultRoleIds:
|
|
425
|
+
mode: convex_values1184.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values1184.VLiteral<"off", "required">, convex_values1184.VLiteral<"createUser", "required">, convex_values1184.VLiteral<"createUserAndMembership", "required">], "required", never>;
|
|
426
|
+
defaultRole: convex_values1184.VString<string | undefined, "optional">;
|
|
427
|
+
defaultRoleIds: convex_values1184.VArray<string[] | undefined, convex_values1184.VString<string, "required">, "optional">;
|
|
428
428
|
}, "required", "mode" | "defaultRole" | "defaultRoleIds">;
|
|
429
|
-
deprovision:
|
|
429
|
+
deprovision: convex_values1184.VObject<{
|
|
430
430
|
mode: "soft" | "hard";
|
|
431
431
|
}, {
|
|
432
|
-
mode:
|
|
432
|
+
mode: convex_values1184.VUnion<"soft" | "hard", [convex_values1184.VLiteral<"soft", "required">, convex_values1184.VLiteral<"hard", "required">], "required", never>;
|
|
433
433
|
}, "required", "mode">;
|
|
434
|
-
groups:
|
|
434
|
+
groups: convex_values1184.VObject<{
|
|
435
435
|
mapping?: Record<string, string[]> | undefined;
|
|
436
436
|
mode: "ignore" | "sync";
|
|
437
437
|
source: "protocol";
|
|
438
438
|
}, {
|
|
439
|
-
mode:
|
|
440
|
-
source:
|
|
441
|
-
mapping:
|
|
439
|
+
mode: convex_values1184.VUnion<"ignore" | "sync", [convex_values1184.VLiteral<"ignore", "required">, convex_values1184.VLiteral<"sync", "required">], "required", never>;
|
|
440
|
+
source: convex_values1184.VLiteral<"protocol", "required">;
|
|
441
|
+
mapping: convex_values1184.VRecord<Record<string, string[]> | undefined, convex_values1184.VString<string, "required">, convex_values1184.VArray<string[], convex_values1184.VString<string, "required">, "required">, "optional", string>;
|
|
442
442
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
443
|
-
roles:
|
|
443
|
+
roles: convex_values1184.VObject<{
|
|
444
444
|
mapping?: Record<string, string[]> | undefined;
|
|
445
445
|
mode: "map" | "ignore";
|
|
446
446
|
source: "protocol";
|
|
447
447
|
}, {
|
|
448
|
-
mode:
|
|
449
|
-
source:
|
|
450
|
-
mapping:
|
|
448
|
+
mode: convex_values1184.VUnion<"map" | "ignore", [convex_values1184.VLiteral<"ignore", "required">, convex_values1184.VLiteral<"map", "required">], "required", never>;
|
|
449
|
+
source: convex_values1184.VLiteral<"protocol", "required">;
|
|
450
|
+
mapping: convex_values1184.VRecord<Record<string, string[]> | undefined, convex_values1184.VString<string, "required">, convex_values1184.VArray<string[], convex_values1184.VString<string, "required">, "required">, "optional", string>;
|
|
451
451
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
452
452
|
}, "required", "user" | "scimReuse" | "jit" | "deprovision" | "groups" | "roles" | "user.createOnSignIn" | "user.updateProfileOnLogin" | "user.updateProfileFromScim" | "user.authority" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode" | "groups.mode" | "groups.source" | "groups.mapping" | `groups.mapping.${string}` | "roles.mode" | "roles.source" | "roles.mapping" | `roles.mapping.${string}`>;
|
|
453
|
-
extend:
|
|
453
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
454
454
|
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.user" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.groups" | "provisioning.roles" | "provisioning.user.createOnSignIn" | "provisioning.user.updateProfileOnLogin" | "provisioning.user.updateProfileFromScim" | "provisioning.user.authority" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode" | "provisioning.groups.mode" | "provisioning.groups.source" | "provisioning.groups.mapping" | `provisioning.groups.mapping.${string}` | "provisioning.roles.mode" | "provisioning.roles.source" | "provisioning.roles.mapping" | `provisioning.roles.mapping.${string}`>;
|
|
455
|
-
extend:
|
|
455
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
456
456
|
}, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags" | "policy" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.user" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.groups" | "policy.provisioning.roles" | "policy.provisioning.user.createOnSignIn" | "policy.provisioning.user.updateProfileOnLogin" | "policy.provisioning.user.updateProfileFromScim" | "policy.provisioning.user.authority" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | "policy.provisioning.groups.mode" | "policy.provisioning.groups.source" | "policy.provisioning.groups.mapping" | `policy.provisioning.groups.mapping.${string}` | "policy.provisioning.roles.mode" | "policy.provisioning.roles.source" | "policy.provisioning.roles.mapping" | `policy.provisioning.roles.mapping.${string}`>, {
|
|
457
457
|
slug: ["slug", "_creationTime"];
|
|
458
458
|
parent_group_id: ["parentGroupId", "_creationTime"];
|
|
@@ -466,14 +466,14 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
466
466
|
* Each row maps one `(key, value)` pair to a group. Kept in sync by
|
|
467
467
|
* `groupCreate`, `groupUpdate`, and `groupDelete`.
|
|
468
468
|
*/
|
|
469
|
-
GroupTag:
|
|
469
|
+
GroupTag: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
470
470
|
key: string;
|
|
471
471
|
value: string;
|
|
472
|
-
group_id:
|
|
472
|
+
group_id: convex_values1184.GenericId<"Group">;
|
|
473
473
|
}, {
|
|
474
|
-
group_id:
|
|
475
|
-
key:
|
|
476
|
-
value:
|
|
474
|
+
group_id: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
475
|
+
key: convex_values1184.VString<string, "required">;
|
|
476
|
+
value: convex_values1184.VString<string, "required">;
|
|
477
477
|
}, "required", "key" | "value" | "group_id">, {
|
|
478
478
|
by_group: ["group_id", "_creationTime"];
|
|
479
479
|
by_key_value: ["key", "value", "_creationTime"];
|
|
@@ -484,20 +484,20 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
484
484
|
* role (e.g. "owner", "admin", "member", "viewer"). A user can be a
|
|
485
485
|
* member of multiple groups with different roles in each.
|
|
486
486
|
*/
|
|
487
|
-
GroupMember:
|
|
487
|
+
GroupMember: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
488
488
|
status?: string | undefined;
|
|
489
489
|
extend?: any;
|
|
490
490
|
role?: string | undefined;
|
|
491
491
|
roleIds?: string[] | undefined;
|
|
492
|
-
userId:
|
|
493
|
-
groupId:
|
|
492
|
+
userId: convex_values1184.GenericId<"User">;
|
|
493
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
494
494
|
}, {
|
|
495
|
-
groupId:
|
|
496
|
-
userId:
|
|
497
|
-
role:
|
|
498
|
-
roleIds:
|
|
499
|
-
status:
|
|
500
|
-
extend:
|
|
495
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
496
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">;
|
|
497
|
+
role: convex_values1184.VString<string | undefined, "optional">;
|
|
498
|
+
roleIds: convex_values1184.VArray<string[] | undefined, convex_values1184.VString<string, "required">, "optional">;
|
|
499
|
+
status: convex_values1184.VString<string | undefined, "optional">;
|
|
500
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
501
501
|
}, "required", "status" | "userId" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds">, {
|
|
502
502
|
group_id: ["groupId", "_creationTime"];
|
|
503
503
|
group_id_user_id: ["groupId", "userId", "_creationTime"];
|
|
@@ -512,30 +512,30 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
512
512
|
* `email` and `invitedByUserId` are optional to support CLI-generated
|
|
513
513
|
* invite links where neither is known upfront.
|
|
514
514
|
*/
|
|
515
|
-
GroupInvite:
|
|
515
|
+
GroupInvite: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
516
516
|
email?: string | undefined;
|
|
517
517
|
expiresTime?: number | undefined;
|
|
518
518
|
acceptedTime?: number | undefined;
|
|
519
519
|
extend?: any;
|
|
520
|
-
groupId?:
|
|
520
|
+
groupId?: convex_values1184.GenericId<"Group"> | undefined;
|
|
521
521
|
role?: string | undefined;
|
|
522
522
|
roleIds?: string[] | undefined;
|
|
523
|
-
invitedByUserId?:
|
|
524
|
-
acceptedByUserId?:
|
|
523
|
+
invitedByUserId?: convex_values1184.GenericId<"User"> | undefined;
|
|
524
|
+
acceptedByUserId?: convex_values1184.GenericId<"User"> | undefined;
|
|
525
525
|
status: "pending" | "accepted" | "revoked" | "expired";
|
|
526
526
|
tokenHash: string;
|
|
527
527
|
}, {
|
|
528
|
-
groupId:
|
|
529
|
-
invitedByUserId:
|
|
530
|
-
email:
|
|
531
|
-
tokenHash:
|
|
532
|
-
role:
|
|
533
|
-
roleIds:
|
|
534
|
-
status:
|
|
535
|
-
expiresTime:
|
|
536
|
-
acceptedByUserId:
|
|
537
|
-
acceptedTime:
|
|
538
|
-
extend:
|
|
528
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group"> | undefined, "optional">;
|
|
529
|
+
invitedByUserId: convex_values1184.VId<convex_values1184.GenericId<"User"> | undefined, "optional">;
|
|
530
|
+
email: convex_values1184.VString<string | undefined, "optional">;
|
|
531
|
+
tokenHash: convex_values1184.VString<string, "required">;
|
|
532
|
+
role: convex_values1184.VString<string | undefined, "optional">;
|
|
533
|
+
roleIds: convex_values1184.VArray<string[] | undefined, convex_values1184.VString<string, "required">, "optional">;
|
|
534
|
+
status: convex_values1184.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values1184.VLiteral<"pending", "required">, convex_values1184.VLiteral<"accepted", "required">, convex_values1184.VLiteral<"revoked", "required">, convex_values1184.VLiteral<"expired", "required">], "required", never>;
|
|
535
|
+
expiresTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
536
|
+
acceptedByUserId: convex_values1184.VId<convex_values1184.GenericId<"User"> | undefined, "optional">;
|
|
537
|
+
acceptedTime: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
538
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
539
539
|
}, "required", "email" | "status" | "expiresTime" | "acceptedTime" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "acceptedByUserId">, {
|
|
540
540
|
token_hash: ["tokenHash", "_creationTime"];
|
|
541
541
|
status: ["status", "_creationTime"];
|
|
@@ -551,22 +551,22 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
551
551
|
* SDK can evolve without forcing schema churn for every protocol-specific
|
|
552
552
|
* field addition.
|
|
553
553
|
*/
|
|
554
|
-
GroupConnection:
|
|
554
|
+
GroupConnection: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
555
555
|
name?: string | undefined;
|
|
556
556
|
slug?: string | undefined;
|
|
557
557
|
extend?: any;
|
|
558
558
|
config?: any;
|
|
559
559
|
status: "draft" | "active" | "disabled";
|
|
560
560
|
protocol: "oidc" | "saml";
|
|
561
|
-
groupId:
|
|
561
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
562
562
|
}, {
|
|
563
|
-
groupId:
|
|
564
|
-
slug:
|
|
565
|
-
name:
|
|
566
|
-
protocol:
|
|
567
|
-
status:
|
|
568
|
-
config:
|
|
569
|
-
extend:
|
|
563
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
564
|
+
slug: convex_values1184.VString<string | undefined, "optional">;
|
|
565
|
+
name: convex_values1184.VString<string | undefined, "optional">;
|
|
566
|
+
protocol: convex_values1184.VUnion<"oidc" | "saml", [convex_values1184.VLiteral<"oidc", "required">, convex_values1184.VLiteral<"saml", "required">], "required", never>;
|
|
567
|
+
status: convex_values1184.VUnion<"draft" | "active" | "disabled", [convex_values1184.VLiteral<"draft", "required">, convex_values1184.VLiteral<"active", "required">, convex_values1184.VLiteral<"disabled", "required">], "required", never>;
|
|
568
|
+
config: convex_values1184.VAny<any, "optional", string>;
|
|
569
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
570
570
|
}, "required", "name" | "slug" | "status" | "extend" | `extend.${string}` | "protocol" | "groupId" | "config" | `config.${string}`>, {
|
|
571
571
|
group_id: ["groupId", "_creationTime"];
|
|
572
572
|
slug: ["slug", "_creationTime"];
|
|
@@ -577,18 +577,18 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
577
577
|
/**
|
|
578
578
|
* Verified or pending domains linked to an group connection record.
|
|
579
579
|
*/
|
|
580
|
-
GroupConnectionDomain:
|
|
580
|
+
GroupConnectionDomain: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
581
581
|
verifiedAt?: number | undefined;
|
|
582
|
-
groupId:
|
|
583
|
-
connectionId:
|
|
582
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
583
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
584
584
|
domain: string;
|
|
585
585
|
isPrimary: boolean;
|
|
586
586
|
}, {
|
|
587
|
-
connectionId:
|
|
588
|
-
groupId:
|
|
589
|
-
domain:
|
|
590
|
-
isPrimary:
|
|
591
|
-
verifiedAt:
|
|
587
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
588
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
589
|
+
domain: convex_values1184.VString<string, "required">;
|
|
590
|
+
isPrimary: convex_values1184.VBoolean<boolean, "required">;
|
|
591
|
+
verifiedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
592
592
|
}, "required", "groupId" | "connectionId" | "domain" | "isPrimary" | "verifiedAt">, {
|
|
593
593
|
connection_id: ["connectionId", "_creationTime"];
|
|
594
594
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -597,26 +597,26 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
597
597
|
/**
|
|
598
598
|
* Pending DNS TXT verification challenges for group connection domains.
|
|
599
599
|
*/
|
|
600
|
-
GroupConnectionDomainVerification:
|
|
600
|
+
GroupConnectionDomainVerification: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
601
601
|
expiresAt: number;
|
|
602
|
-
groupId:
|
|
602
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
603
603
|
tokenHash: string;
|
|
604
|
-
connectionId:
|
|
604
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
605
605
|
domain: string;
|
|
606
|
-
domainId:
|
|
606
|
+
domainId: convex_values1184.GenericId<"GroupConnectionDomain">;
|
|
607
607
|
recordName: string;
|
|
608
608
|
token: string;
|
|
609
609
|
requestedAt: number;
|
|
610
610
|
}, {
|
|
611
|
-
connectionId:
|
|
612
|
-
groupId:
|
|
613
|
-
domainId:
|
|
614
|
-
domain:
|
|
615
|
-
recordName:
|
|
616
|
-
token:
|
|
617
|
-
tokenHash:
|
|
618
|
-
requestedAt:
|
|
619
|
-
expiresAt:
|
|
611
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
612
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
613
|
+
domainId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnectionDomain">, "required">;
|
|
614
|
+
domain: convex_values1184.VString<string, "required">;
|
|
615
|
+
recordName: convex_values1184.VString<string, "required">;
|
|
616
|
+
token: convex_values1184.VString<string, "required">;
|
|
617
|
+
tokenHash: convex_values1184.VString<string, "required">;
|
|
618
|
+
requestedAt: convex_values1184.VFloat64<number, "required">;
|
|
619
|
+
expiresAt: convex_values1184.VFloat64<number, "required">;
|
|
620
620
|
}, "required", "expiresAt" | "groupId" | "tokenHash" | "connectionId" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
|
|
621
621
|
connection_id: ["connectionId", "_creationTime"];
|
|
622
622
|
domain_id: ["domainId", "_creationTime"];
|
|
@@ -625,18 +625,18 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
625
625
|
/**
|
|
626
626
|
* Encrypted group connection secrets stored separately from protocol config.
|
|
627
627
|
*/
|
|
628
|
-
GroupConnectionSecret:
|
|
629
|
-
groupId:
|
|
630
|
-
connectionId:
|
|
628
|
+
GroupConnectionSecret: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
629
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
630
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
631
631
|
ciphertext: string;
|
|
632
632
|
updatedAt: number;
|
|
633
633
|
kind: "oidc_client_secret";
|
|
634
634
|
}, {
|
|
635
|
-
connectionId:
|
|
636
|
-
groupId:
|
|
637
|
-
kind:
|
|
638
|
-
ciphertext:
|
|
639
|
-
updatedAt:
|
|
635
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
636
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
637
|
+
kind: convex_values1184.VUnion<"oidc_client_secret", [convex_values1184.VLiteral<"oidc_client_secret", "required">], "required", never>;
|
|
638
|
+
ciphertext: convex_values1184.VString<string, "required">;
|
|
639
|
+
updatedAt: convex_values1184.VFloat64<number, "required">;
|
|
640
640
|
}, "required", "groupId" | "connectionId" | "ciphertext" | "updatedAt" | "kind">, {
|
|
641
641
|
connection_id: ["connectionId", "_creationTime"];
|
|
642
642
|
connection_id_kind: ["connectionId", "kind", "_creationTime"];
|
|
@@ -645,22 +645,22 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
645
645
|
/**
|
|
646
646
|
* SCIM configuration for an group connection tenant.
|
|
647
647
|
*/
|
|
648
|
-
GroupConnectionScimConfig:
|
|
648
|
+
GroupConnectionScimConfig: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
649
649
|
extend?: any;
|
|
650
650
|
lastRotatedAt?: number | undefined;
|
|
651
651
|
status: "draft" | "active" | "disabled";
|
|
652
|
-
groupId:
|
|
652
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
653
653
|
tokenHash: string;
|
|
654
|
-
connectionId:
|
|
654
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
655
655
|
basePath: string;
|
|
656
656
|
}, {
|
|
657
|
-
connectionId:
|
|
658
|
-
groupId:
|
|
659
|
-
status:
|
|
660
|
-
basePath:
|
|
661
|
-
tokenHash:
|
|
662
|
-
lastRotatedAt:
|
|
663
|
-
extend:
|
|
657
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
658
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
659
|
+
status: convex_values1184.VUnion<"draft" | "active" | "disabled", [convex_values1184.VLiteral<"draft", "required">, convex_values1184.VLiteral<"active", "required">, convex_values1184.VLiteral<"disabled", "required">], "required", never>;
|
|
660
|
+
basePath: convex_values1184.VString<string, "required">;
|
|
661
|
+
tokenHash: convex_values1184.VString<string, "required">;
|
|
662
|
+
lastRotatedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
663
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
664
664
|
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "tokenHash" | "connectionId" | "basePath" | "lastRotatedAt">, {
|
|
665
665
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
666
666
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -670,26 +670,26 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
670
670
|
/**
|
|
671
671
|
* External SCIM identities mapped into local users/groups.
|
|
672
672
|
*/
|
|
673
|
-
GroupConnectionScimIdentity:
|
|
674
|
-
userId?:
|
|
673
|
+
GroupConnectionScimIdentity: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
674
|
+
userId?: convex_values1184.GenericId<"User"> | undefined;
|
|
675
675
|
active?: boolean | undefined;
|
|
676
|
-
mappedGroupId?:
|
|
676
|
+
mappedGroupId?: convex_values1184.GenericId<"Group"> | undefined;
|
|
677
677
|
lastProvisionedAt?: number | undefined;
|
|
678
678
|
raw?: any;
|
|
679
679
|
externalId: string;
|
|
680
|
-
groupId:
|
|
681
|
-
connectionId:
|
|
680
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
681
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
682
682
|
resourceType: "user" | "group";
|
|
683
683
|
}, {
|
|
684
|
-
connectionId:
|
|
685
|
-
groupId:
|
|
686
|
-
resourceType:
|
|
687
|
-
externalId:
|
|
688
|
-
userId:
|
|
689
|
-
mappedGroupId:
|
|
690
|
-
lastProvisionedAt:
|
|
691
|
-
active:
|
|
692
|
-
raw:
|
|
684
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
685
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
686
|
+
resourceType: convex_values1184.VUnion<"user" | "group", [convex_values1184.VLiteral<"user", "required">, convex_values1184.VLiteral<"group", "required">], "required", never>;
|
|
687
|
+
externalId: convex_values1184.VString<string, "required">;
|
|
688
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User"> | undefined, "optional">;
|
|
689
|
+
mappedGroupId: convex_values1184.VId<convex_values1184.GenericId<"Group"> | undefined, "optional">;
|
|
690
|
+
lastProvisionedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
691
|
+
active: convex_values1184.VBoolean<boolean | undefined, "optional">;
|
|
692
|
+
raw: convex_values1184.VAny<any, "optional", string>;
|
|
693
693
|
}, "required", "userId" | "externalId" | "groupId" | "active" | "connectionId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
|
|
694
694
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
695
695
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -701,32 +701,32 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
701
701
|
/**
|
|
702
702
|
* Immutable audit trail for group connection operations.
|
|
703
703
|
*/
|
|
704
|
-
GroupAuditEvent:
|
|
704
|
+
GroupAuditEvent: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
705
705
|
metadata?: any;
|
|
706
|
-
connectionId?:
|
|
706
|
+
connectionId?: convex_values1184.GenericId<"GroupConnection"> | undefined;
|
|
707
707
|
actorId?: string | undefined;
|
|
708
708
|
subjectId?: string | undefined;
|
|
709
709
|
requestId?: string | undefined;
|
|
710
710
|
ip?: string | undefined;
|
|
711
711
|
status: "success" | "failure";
|
|
712
|
-
groupId:
|
|
712
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
713
713
|
actorType: "user" | "scim" | "system" | "api_key" | "webhook";
|
|
714
714
|
eventType: string;
|
|
715
715
|
subjectType: string;
|
|
716
716
|
occurredAt: number;
|
|
717
717
|
}, {
|
|
718
|
-
connectionId:
|
|
719
|
-
groupId:
|
|
720
|
-
eventType:
|
|
721
|
-
actorType:
|
|
722
|
-
actorId:
|
|
723
|
-
subjectType:
|
|
724
|
-
subjectId:
|
|
725
|
-
status:
|
|
726
|
-
occurredAt:
|
|
727
|
-
requestId:
|
|
728
|
-
ip:
|
|
729
|
-
metadata:
|
|
718
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection"> | undefined, "optional">;
|
|
719
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
720
|
+
eventType: convex_values1184.VString<string, "required">;
|
|
721
|
+
actorType: convex_values1184.VUnion<"user" | "scim" | "system" | "api_key" | "webhook", [convex_values1184.VLiteral<"user", "required">, convex_values1184.VLiteral<"system", "required">, convex_values1184.VLiteral<"scim", "required">, convex_values1184.VLiteral<"api_key", "required">, convex_values1184.VLiteral<"webhook", "required">], "required", never>;
|
|
722
|
+
actorId: convex_values1184.VString<string | undefined, "optional">;
|
|
723
|
+
subjectType: convex_values1184.VString<string, "required">;
|
|
724
|
+
subjectId: convex_values1184.VString<string | undefined, "optional">;
|
|
725
|
+
status: convex_values1184.VUnion<"success" | "failure", [convex_values1184.VLiteral<"success", "required">, convex_values1184.VLiteral<"failure", "required">], "required", never>;
|
|
726
|
+
occurredAt: convex_values1184.VFloat64<number, "required">;
|
|
727
|
+
requestId: convex_values1184.VString<string | undefined, "optional">;
|
|
728
|
+
ip: convex_values1184.VString<string | undefined, "optional">;
|
|
729
|
+
metadata: convex_values1184.VAny<any, "optional", string>;
|
|
730
730
|
}, "required", "status" | "metadata" | `metadata.${string}` | "groupId" | "connectionId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip">, {
|
|
731
731
|
group_connection_id_occurred_at: ["connectionId", "occurredAt", "_creationTime"];
|
|
732
732
|
group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
|
|
@@ -735,30 +735,30 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
735
735
|
/**
|
|
736
736
|
* Webhook endpoints subscribed to group audit and lifecycle events.
|
|
737
737
|
*/
|
|
738
|
-
GroupWebhookEndpoint:
|
|
738
|
+
GroupWebhookEndpoint: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
739
739
|
extend?: any;
|
|
740
|
-
createdByUserId?:
|
|
740
|
+
createdByUserId?: convex_values1184.GenericId<"User"> | undefined;
|
|
741
741
|
lastSuccessAt?: number | undefined;
|
|
742
742
|
lastFailureAt?: number | undefined;
|
|
743
743
|
status: "active" | "disabled";
|
|
744
|
-
groupId:
|
|
745
|
-
connectionId:
|
|
744
|
+
groupId: convex_values1184.GenericId<"Group">;
|
|
745
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
746
746
|
url: string;
|
|
747
747
|
secretHash: string;
|
|
748
748
|
subscriptions: string[];
|
|
749
749
|
failureCount: number;
|
|
750
750
|
}, {
|
|
751
|
-
connectionId:
|
|
752
|
-
groupId:
|
|
753
|
-
url:
|
|
754
|
-
status:
|
|
755
|
-
secretHash:
|
|
756
|
-
subscriptions:
|
|
757
|
-
createdByUserId:
|
|
758
|
-
lastSuccessAt:
|
|
759
|
-
lastFailureAt:
|
|
760
|
-
failureCount:
|
|
761
|
-
extend:
|
|
751
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
752
|
+
groupId: convex_values1184.VId<convex_values1184.GenericId<"Group">, "required">;
|
|
753
|
+
url: convex_values1184.VString<string, "required">;
|
|
754
|
+
status: convex_values1184.VUnion<"active" | "disabled", [convex_values1184.VLiteral<"active", "required">, convex_values1184.VLiteral<"disabled", "required">], "required", never>;
|
|
755
|
+
secretHash: convex_values1184.VString<string, "required">;
|
|
756
|
+
subscriptions: convex_values1184.VArray<string[], convex_values1184.VString<string, "required">, "required">;
|
|
757
|
+
createdByUserId: convex_values1184.VId<convex_values1184.GenericId<"User"> | undefined, "optional">;
|
|
758
|
+
lastSuccessAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
759
|
+
lastFailureAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
760
|
+
failureCount: convex_values1184.VFloat64<number, "required">;
|
|
761
|
+
extend: convex_values1184.VAny<any, "optional", string>;
|
|
762
762
|
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "connectionId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
|
|
763
763
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
764
764
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -767,30 +767,30 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
767
767
|
/**
|
|
768
768
|
* Delivery queue for outbound group webhooks.
|
|
769
769
|
*/
|
|
770
|
-
GroupWebhookDelivery:
|
|
771
|
-
auditEventId?:
|
|
770
|
+
GroupWebhookDelivery: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
771
|
+
auditEventId?: convex_values1184.GenericId<"GroupAuditEvent"> | undefined;
|
|
772
772
|
lastAttemptAt?: number | undefined;
|
|
773
773
|
lastResponseStatus?: number | undefined;
|
|
774
774
|
lastError?: string | undefined;
|
|
775
775
|
status: "pending" | "processing" | "delivered" | "failed";
|
|
776
|
-
connectionId:
|
|
776
|
+
connectionId: convex_values1184.GenericId<"GroupConnection">;
|
|
777
777
|
eventType: string;
|
|
778
|
-
endpointId:
|
|
778
|
+
endpointId: convex_values1184.GenericId<"GroupWebhookEndpoint">;
|
|
779
779
|
attemptCount: number;
|
|
780
780
|
nextAttemptAt: number;
|
|
781
781
|
payload: any;
|
|
782
782
|
}, {
|
|
783
|
-
connectionId:
|
|
784
|
-
endpointId:
|
|
785
|
-
auditEventId:
|
|
786
|
-
eventType:
|
|
787
|
-
status:
|
|
788
|
-
attemptCount:
|
|
789
|
-
nextAttemptAt:
|
|
790
|
-
lastAttemptAt:
|
|
791
|
-
lastResponseStatus:
|
|
792
|
-
lastError:
|
|
793
|
-
payload:
|
|
783
|
+
connectionId: convex_values1184.VId<convex_values1184.GenericId<"GroupConnection">, "required">;
|
|
784
|
+
endpointId: convex_values1184.VId<convex_values1184.GenericId<"GroupWebhookEndpoint">, "required">;
|
|
785
|
+
auditEventId: convex_values1184.VId<convex_values1184.GenericId<"GroupAuditEvent"> | undefined, "optional">;
|
|
786
|
+
eventType: convex_values1184.VString<string, "required">;
|
|
787
|
+
status: convex_values1184.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values1184.VLiteral<"pending", "required">, convex_values1184.VLiteral<"processing", "required">, convex_values1184.VLiteral<"delivered", "required">, convex_values1184.VLiteral<"failed", "required">], "required", never>;
|
|
788
|
+
attemptCount: convex_values1184.VFloat64<number, "required">;
|
|
789
|
+
nextAttemptAt: convex_values1184.VFloat64<number, "required">;
|
|
790
|
+
lastAttemptAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
791
|
+
lastResponseStatus: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
792
|
+
lastError: convex_values1184.VString<string | undefined, "optional">;
|
|
793
|
+
payload: convex_values1184.VAny<any, "required", string>;
|
|
794
794
|
}, "required", "status" | "connectionId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
|
|
795
795
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
796
796
|
status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
|
|
@@ -810,7 +810,7 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
810
810
|
* - **Expiration**: optional TTL
|
|
811
811
|
* - **Soft revocation**: `revoked` flag preserves audit trail
|
|
812
812
|
*/
|
|
813
|
-
ApiKey:
|
|
813
|
+
ApiKey: convex_server85.TableDefinition<convex_values1184.VObject<{
|
|
814
814
|
lastUsedAt?: number | undefined;
|
|
815
815
|
expiresAt?: number | undefined;
|
|
816
816
|
rateLimit?: {
|
|
@@ -824,7 +824,7 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
824
824
|
metadata?: any;
|
|
825
825
|
name: string;
|
|
826
826
|
revoked: boolean;
|
|
827
|
-
userId:
|
|
827
|
+
userId: convex_values1184.GenericId<"User">;
|
|
828
828
|
prefix: string;
|
|
829
829
|
hashedKey: string;
|
|
830
830
|
scopes: {
|
|
@@ -833,39 +833,39 @@ declare const _default: convex_server80.SchemaDefinition<{
|
|
|
833
833
|
}[];
|
|
834
834
|
createdAt: number;
|
|
835
835
|
}, {
|
|
836
|
-
userId:
|
|
837
|
-
prefix:
|
|
838
|
-
hashedKey:
|
|
839
|
-
name:
|
|
840
|
-
scopes:
|
|
836
|
+
userId: convex_values1184.VId<convex_values1184.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
|
|
837
|
+
prefix: convex_values1184.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
|
|
838
|
+
hashedKey: convex_values1184.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
|
|
839
|
+
name: convex_values1184.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
|
|
840
|
+
scopes: convex_values1184.VArray<{
|
|
841
841
|
resource: string;
|
|
842
842
|
actions: string[];
|
|
843
|
-
}[],
|
|
843
|
+
}[], convex_values1184.VObject<{
|
|
844
844
|
resource: string;
|
|
845
845
|
actions: string[];
|
|
846
846
|
}, {
|
|
847
|
-
resource:
|
|
848
|
-
actions:
|
|
847
|
+
resource: convex_values1184.VString<string, "required">;
|
|
848
|
+
actions: convex_values1184.VArray<string[], convex_values1184.VString<string, "required">, "required">;
|
|
849
849
|
}, "required", "resource" | "actions">, "required">; /** Optional per-key rate limit configuration. */
|
|
850
|
-
rateLimit:
|
|
850
|
+
rateLimit: convex_values1184.VObject<{
|
|
851
851
|
maxRequests: number;
|
|
852
852
|
windowMs: number;
|
|
853
853
|
} | undefined, {
|
|
854
|
-
maxRequests:
|
|
855
|
-
windowMs:
|
|
854
|
+
maxRequests: convex_values1184.VFloat64<number, "required">;
|
|
855
|
+
windowMs: convex_values1184.VFloat64<number, "required">;
|
|
856
856
|
}, "optional", "maxRequests" | "windowMs">; /** Rate limit state tracking (token-bucket). */
|
|
857
|
-
rateLimitState:
|
|
857
|
+
rateLimitState: convex_values1184.VObject<{
|
|
858
858
|
attemptsLeft: number;
|
|
859
859
|
lastAttemptTime: number;
|
|
860
860
|
} | undefined, {
|
|
861
|
-
attemptsLeft:
|
|
862
|
-
lastAttemptTime:
|
|
861
|
+
attemptsLeft: convex_values1184.VFloat64<number, "required">;
|
|
862
|
+
lastAttemptTime: convex_values1184.VFloat64<number, "required">;
|
|
863
863
|
}, "optional", "attemptsLeft" | "lastAttemptTime">; /** Expiration timestamp. Null/undefined = never expires. */
|
|
864
|
-
expiresAt:
|
|
865
|
-
lastUsedAt:
|
|
866
|
-
createdAt:
|
|
867
|
-
revoked:
|
|
868
|
-
metadata:
|
|
864
|
+
expiresAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
865
|
+
lastUsedAt: convex_values1184.VFloat64<number | undefined, "optional">;
|
|
866
|
+
createdAt: convex_values1184.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
|
|
867
|
+
revoked: convex_values1184.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
|
|
868
|
+
metadata: convex_values1184.VAny<any, "optional", string>;
|
|
869
869
|
}, "required", "name" | "revoked" | "lastUsedAt" | "expiresAt" | "userId" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "createdAt" | "metadata" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | `metadata.${string}`>, {
|
|
870
870
|
user_id: ["userId", "_creationTime"];
|
|
871
871
|
hashed_key: ["hashedKey", "_creationTime"];
|