@robelest/convex-auth 0.0.4-preview.32 → 0.0.4-preview.34

package/dist/component/public/sso/scim.js

@@ -19,20 +19,6 @@ import { v } from "convex/values";
 * @param args.extend - An optional arbitrary extension object for custom SCIM settings.
 * @returns The ID of the created or updated `GroupConnectionScimConfig` document.
 *
-* @example
-* ```ts
-* const configId = await ctx.runMutation(
-*   components.auth.group.sso.groupConnectionScimConfigUpsert,
-*   {
-*     connectionId,
-*     groupId: orgGroupId,
-*     status: "active",
-*     basePath: "/scim/v2",
-*     tokenHash: "sha256:abc123...",
-*     lastRotatedAt: Date.now(),
-*   },
-* );
-* ```
 */
 const groupConnectionScimConfigUpsert = mutation({
 	args: {
@@ -55,212 +41,82 @@ const groupConnectionScimConfigUpsert = mutation({
 	}
 });
 /**
-* Retrieve the SCIM configuration for a specific group.sso.
+* Read a SCIM configuration by identity.
 *
-* Looks up the SCIM config document by group connection ID using the
-* `group_connection_id` index. Returns `null` if SCIM has not been configured.
+* Accepts exactly one selector:
+* - `connectionId` — the SCIM config for a group connection, via the
+*   `group_connection_id` index.
+* - `tokenHash` — resolve which connection a bearer token belongs to,
+*   via the `token_hash` index (used during SCIM request auth).
 *
-* @param args.connectionId - The ID of the group connection whose SCIM config to retrieve.
-* @returns The SCIM configuration document, or `null` if not configured.
+* @param connectionId - Optional `_id` of the `GroupConnection`.
+* @param tokenHash - Optional bearer-token hash from an incoming request.
+* @returns The matching SCIM configuration document, or `null`.
 *
-* @example
-* ```ts
-* const config = await ctx.runQuery(
-*   components.auth.public.groupConnectionScimConfigGetByGroupConnection,
-*   { connectionId },
-* );
-* if (config) {
-*   console.log(config.status, config.basePath);
-* }
-* ```
 */
-const groupConnectionScimConfigGetByGroupConnection = query({
-	args: { connectionId: v.id("GroupConnection") },
-	returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
-	handler: async (ctx, { connectionId }) => {
-		return await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).first();
-	}
-});
-/**
-* Look up a SCIM configuration by its bearer token hash.
-*
-* Used during SCIM request authentication to resolve which group connection a
-* given bearer token belongs to. Returns `null` if no config matches.
-*
-* @param args.tokenHash - The hash of the bearer token from the incoming SCIM request.
-* @returns The matching SCIM configuration document, or `null` if not found.
-*
-* @example
-* ```ts
-* const config = await ctx.runQuery(
-*   components.auth.group.sso.groupConnectionScimConfigGetByTokenHash,
-*   { tokenHash: "sha256:abc123..." },
-* );
-* if (config) {
-*   console.log("Authenticated group:", config.connectionId);
-* }
-* ```
-*/
-const groupConnectionScimConfigGetByTokenHash = query({
-	args: { tokenHash: v.string() },
-	returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
-	handler: async (ctx, { tokenHash }) => {
-		return await ctx.db.query("GroupConnectionScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", tokenHash)).first();
-	}
-});
-/**
-* Retrieve a SCIM identity by group connection, resource type, and external ID.
-*
-* Looks up a SCIM-provisioned identity using the composite index on
-* `(connectionId, resourceType, externalId)`. This is the primary lookup
-* used when processing incoming SCIM user or group operations.
-*
-* @param args.connectionId - The ID of the group connection that owns the SCIM identity.
-* @param args.resourceType - The SCIM resource type: `"user"` or `"group"`.
-* @param args.externalId - The external identifier assigned by the identity provider.
-* @returns The SCIM identity document, or `null` if not found.
-*
-* @example
-* ```ts
-* const identity = await ctx.runQuery(
-*   components.auth.group.sso.groupConnectionScimIdentityGet,
-*   {
-*     connectionId,
-*     resourceType: "user",
-*     externalId: "okta-user-abc123",
-*   },
-* );
-* ```
-*/
-const groupConnectionScimIdentityGet = query({
+const groupConnectionScimConfigGet = query({
 	args: {
-		connectionId: v.id("GroupConnection"),
-		resourceType: vScimResourceType,
-		externalId: v.string()
+		connectionId: v.optional(v.id("GroupConnection")),
+		tokenHash: v.optional(v.string())
 	},
-	returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
+	returns: v.union(vGroupConnectionScimConfigDoc, v.null()),
 	handler: async (ctx, args) => {
-		return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
+		if (args.tokenHash !== void 0) return await ctx.db.query("GroupConnectionScimConfig").withIndex("token_hash", (idx) => idx.eq("tokenHash", args.tokenHash)).first();
+		if (args.connectionId === void 0) return null;
+		return await ctx.db.query("GroupConnectionScimConfig").withIndex("group_connection_id", (idx) => idx.eq("connectionId", args.connectionId)).first();
 	}
 });
 /**
-* Retrieve the SCIM identity linked to a specific user.
-*
-* Looks up the first SCIM identity document associated with the given user ID
-* via the `user_id` index. Useful for checking whether a user was provisioned
-* through SCIM.
+* Read a single SCIM identity by identity.
+*
+* Accepts exactly one selector (checked most-specific first):
+* - `connectionId` + `resourceType` + `externalId` — the composite
+*   `(connectionId, resourceType, externalId)` index. Primary lookup for
+*   incoming SCIM user/group operations.
+* - `connectionId` + `userId` — the `(connectionId, userId)` index, for
+*   a user's identity scoped to one connection.
+* - `userId` — the first identity for a user, via the `user_id` index.
+* - `mappedGroupId` — the identity mapped to an internal group, via the
+*   `mapped_group_id` index.
+* - `connectionId` + `userIds` — batch: resolve each user's identity
+*   under the connection, returning `(Doc | null)[]` aligned to
+*   `userIds` order (duplicates de-duplicated internally). One round-trip
+*   for large SCIM syncs instead of a per-user fan-out.
+*
+* @param connectionId - Optional `_id` of the `GroupConnection`.
+* @param resourceType - Optional SCIM resource type (`"user"` | `"group"`).
+* @param externalId - Optional external identifier from the IdP.
+* @param userId - Optional `_id` of the linked `User`.
+* @param userIds - Optional `_id[]` for a batched per-user lookup.
+* @param mappedGroupId - Optional `_id` of the mapped internal `Group`.
+* @returns The matching SCIM identity document or `null`; for `userIds`,
+*   an aligned `(Doc | null)[]`.
 *
-* @param args.userId - The document ID of the user whose SCIM identity to retrieve.
-* @returns The SCIM identity document, or `null` if the user has no SCIM identity.
-*
-* @example
-* ```ts
-* const scimIdentity = await ctx.runQuery(
-*   components.auth.group.sso.groupConnectionScimIdentityGetByUser,
-*   { userId },
-* );
-* if (scimIdentity) {
-*   console.log("User provisioned via SCIM:", scimIdentity.externalId);
-* }
-* ```
 */
-const groupConnectionScimIdentityGetByUser = query({
-	args: { userId: v.id("User") },
-	returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
-	handler: async (ctx, { userId }) => {
-		return await ctx.db.query("GroupConnectionScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", userId)).first();
-	}
-});
-/**
-* Retrieve the SCIM identity for a specific user within a specific group.sso.
-*
-* Uses the composite `(connectionId, userId)` index to find the SCIM identity
-* that links a user to a particular group.sso. This is useful when a user may
-* belong to multiple group connections.
-*
-* @param args.connectionId - The ID of the group connection to scope the lookup to.
-* @param args.userId - The document ID of the user.
-* @returns The SCIM identity document, or `null` if not found.
-*
-* @example
-* ```ts
-* const identity = await ctx.runQuery(
-*   components.auth.public.groupConnectionScimIdentityGetByGroupConnectionAndUser,
-*   { connectionId, userId },
-* );
-* ```
-*/
-const groupConnectionScimIdentityGetByGroupConnectionAndUser = query({
-	args: {
-		connectionId: v.id("GroupConnection"),
-		userId: v.id("User")
-	},
-	returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
-	handler: async (ctx, { connectionId, userId }) => {
-		return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", connectionId).eq("userId", userId)).first();
-	}
-});
-/**
-* Batched variant of
-* {@link groupConnectionScimIdentityGetByGroupConnectionAndUser}. Resolves
-* SCIM identities for many users under the same connection in a single
-* component round-trip.
-*
-* Used by large SCIM syncs that previously walked the user list one at a
-* time — a 1000-user import was 1000 lookups. With this helper it's one.
-*
-* @param args.connectionId - The ID of the connection to scope to.
-* @param args.userIds - One or more user ids to look up. Duplicates are
-*   tolerated.
-* @returns Array of `{ userId, identity }` pairs in the input order; when
-*   a user has no SCIM identity under this connection, `identity` is `null`.
-*/
-const groupConnectionScimIdentityGetByGroupConnectionAndUsers = query({
+const groupConnectionScimIdentityGet = query({
 	args: {
-		connectionId: v.id("GroupConnection"),
-		userIds: v.array(v.id("User"))
+		connectionId: v.optional(v.id("GroupConnection")),
+		resourceType: v.optional(vScimResourceType),
+		externalId: v.optional(v.string()),
+		userId: v.optional(v.id("User")),
+		userIds: v.optional(v.array(v.id("User"))),
+		mappedGroupId: v.optional(v.id("Group"))
 	},
-	returns: v.array(v.object({
-		userId: v.id("User"),
-		identity: v.union(vGroupConnectionScimIdentityDoc, v.null())
-	})),
-	handler: async (ctx, { connectionId, userIds }) => {
-		if (userIds.length === 0) return [];
-		const unique = Array.from(new Set(userIds));
-		const docs = await Promise.all(unique.map((userId) => ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", connectionId).eq("userId", userId)).first()));
-		const byUserId = new Map(unique.map((id, i) => [id, docs[i] ?? null]));
-		return userIds.map((userId) => ({
-			userId,
-			identity: byUserId.get(userId) ?? null
-		}));
-	}
-});
-/**
-* Retrieve the SCIM identity that is mapped to a specific group.
-*
-* Looks up a SCIM identity by its `mappedGroupId` field. This is used when
-* a SCIM group resource has been mapped to an internal group, and you need
-* to find the corresponding SCIM identity record.
-*
-* @param args.mappedGroupId - The document ID of the internal group that a SCIM group is mapped to.
-* @returns The SCIM identity document, or `null` if no mapping exists.
-*
-* @example
-* ```ts
-* const scimGroup = await ctx.runQuery(
-*   components.auth.public.groupConnectionScimIdentityGetByMappedGroup,
-*   { mappedGroupId: teamGroupId },
-* );
-* if (scimGroup) {
-*   console.log("SCIM external group ID:", scimGroup.externalId);
-* }
-* ```
-*/
-const groupConnectionScimIdentityGetByMappedGroup = query({
-	args: { mappedGroupId: v.id("Group") },
-	returns: v.union(vGroupConnectionScimIdentityDoc, v.null()),
-	handler: async (ctx, { mappedGroupId }) => {
-		return await ctx.db.query("GroupConnectionScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", mappedGroupId)).first();
+	returns: v.union(vGroupConnectionScimIdentityDoc, v.null(), v.array(v.union(vGroupConnectionScimIdentityDoc, v.null()))),
+	handler: async (ctx, args) => {
+		if (args.connectionId !== void 0 && args.userIds !== void 0) {
+			const userIds = args.userIds;
+			if (userIds.length === 0) return [];
+			const unique = Array.from(new Set(userIds));
+			const docs = await Promise.all(unique.map((userId) => ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", args.connectionId).eq("userId", userId)).first()));
+			const byUserId = new Map(unique.map((id, i) => [id, docs[i] ?? null]));
+			return userIds.map((userId) => byUserId.get(userId) ?? null);
+		}
+		if (args.connectionId !== void 0 && args.resourceType !== void 0 && args.externalId !== void 0) return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_resource_type_external_id", (idx) => idx.eq("connectionId", args.connectionId).eq("resourceType", args.resourceType).eq("externalId", args.externalId)).first();
+		if (args.connectionId !== void 0 && args.userId !== void 0) return await ctx.db.query("GroupConnectionScimIdentity").withIndex("group_connection_id_user_id", (idx) => idx.eq("connectionId", args.connectionId).eq("userId", args.userId)).first();
+		if (args.userId !== void 0) return await ctx.db.query("GroupConnectionScimIdentity").withIndex("user_id", (idx) => idx.eq("userId", args.userId)).first();
+		if (args.mappedGroupId !== void 0) return await ctx.db.query("GroupConnectionScimIdentity").withIndex("mapped_group_id", (idx) => idx.eq("mappedGroupId", args.mappedGroupId)).first();
+		return null;
 	}
 });
 /**
@@ -273,15 +129,6 @@ const groupConnectionScimIdentityGetByMappedGroup = query({
 * @param args.connectionId - The ID of the group connection whose SCIM identities to list.
 * @returns An array of SCIM identity documents.
 *
-* @example
-* ```ts
-* const identities = await ctx.runQuery(
-*   components.auth.public.groupConnectionScimIdentityListByGroupConnection,
-*   { connectionId },
-* );
-* const users = identities.filter((i) => i.resourceType === "user");
-* const groups = identities.filter((i) => i.resourceType === "group");
-* ```
 */
 const groupConnectionScimIdentityListByGroupConnection = query({
 	args: { connectionId: v.id("GroupConnection") },
@@ -309,22 +156,6 @@ const groupConnectionScimIdentityListByGroupConnection = query({
 * @param args.raw - An optional raw SCIM payload stored for debugging or re-processing.
 * @returns The ID of the created or updated `GroupConnectionScimIdentity` document.
 *
-* @example
-* ```ts
-* const identityId = await ctx.runMutation(
-*   components.auth.group.sso.groupConnectionScimIdentityUpsert,
-*   {
-*     connectionId,
-*     groupId: orgGroupId,
-*     resourceType: "user",
-*     externalId: "okta-user-abc123",
-*     userId,
-*     active: true,
-*     lastProvisionedAt: Date.now(),
-*     raw: { schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"], userName: "jane@acme.com" },
-*   },
-* );
-* ```
 */
 const groupConnectionScimIdentityUpsert = mutation({
 	args: {
@@ -357,13 +188,6 @@ const groupConnectionScimIdentityUpsert = mutation({
 * @param args.identityId - The document ID of the SCIM identity to delete.
 * @returns `null` on success.
 *
-* @example
-* ```ts
-* await ctx.runMutation(
-*   components.auth.group.sso.groupConnectionScimIdentityDelete,
-*   { identityId: scimIdentity._id },
-* );
-* ```
 */
 const groupConnectionScimIdentityDelete = mutation({
 	args: { identityId: v.id("GroupConnectionScimIdentity") },
@@ -375,5 +199,5 @@ const groupConnectionScimIdentityDelete = mutation({
 });
 
 //#endregion
-export { groupConnectionScimConfigGetByGroupConnection, groupConnectionScimConfigGetByTokenHash, groupConnectionScimConfigUpsert, groupConnectionScimIdentityDelete, groupConnectionScimIdentityGet, groupConnectionScimIdentityGetByGroupConnectionAndUser, groupConnectionScimIdentityGetByGroupConnectionAndUsers, groupConnectionScimIdentityGetByMappedGroup, groupConnectionScimIdentityGetByUser, groupConnectionScimIdentityListByGroupConnection, groupConnectionScimIdentityUpsert };
+export { groupConnectionScimConfigGet, groupConnectionScimConfigUpsert, groupConnectionScimIdentityDelete, groupConnectionScimIdentityGet, groupConnectionScimIdentityListByGroupConnection, groupConnectionScimIdentityUpsert };
 //# sourceMappingURL=scim.js.map

package/dist/component/public/sso/secrets.js

@@ -18,19 +18,6 @@ import { v } from "convex/values";
 * @param args.updatedAt - Epoch timestamp (ms) when the secret was last updated.
 * @returns The ID of the created or updated `GroupConnectionSecret` document.
 *
-* @example
-* ```ts
-* const secretId = await ctx.runMutation(
-*   components.auth.connection.groupConnectionSecretUpsert,
-*   {
-*     connectionId,
-*     groupId: orgGroupId,
-*     kind: "oidc_client_secret",
-*     ciphertext: "encrypted:aes256:...",
-*     updatedAt: Date.now(),
-*   },
-* );
-* ```
 */
 const groupConnectionSecretUpsert = mutation({
 	args: {
@@ -68,16 +55,6 @@ const groupConnectionSecretUpsert = mutation({
 * @param args.kind - The type of secret to look up (e.g. `"oidc_client_secret"`).
 * @returns The connection secret document, or `null` if not found.
 *
-* @example
-* ```ts
-* const secret = await ctx.runQuery(
-*   components.auth.connection.groupConnectionSecretGet,
-*   { connectionId, kind: "oidc_client_secret" },
-* );
-* if (secret) {
-*   const plaintext = decrypt(secret.ciphertext);
-* }
-* ```
 */
 const groupConnectionSecretGet = query({
 	args: {
@@ -99,13 +76,6 @@ const groupConnectionSecretGet = query({
 * @param args.kind - The type of secret to remove (e.g. `"oidc_client_secret"`).
 * @returns `null` on success.
 *
-* @example
-* ```ts
-* await ctx.runMutation(
-*   components.auth.connection.groupConnectionSecretDelete,
-*   { connectionId, kind: "oidc_client_secret" },
-* );
-* ```
 */
 const groupConnectionSecretDelete = mutation({
 	args: {

package/dist/component/public/sso/webhooks.js

@@ -21,19 +21,6 @@ import { v } from "convex/values";
 * @param args.extend - An optional arbitrary extension object for custom endpoint metadata.
 * @returns The ID of the newly created `GroupWebhookEndpoint` document.
 *
-* @example
-* ```ts
-* const endpointId = await ctx.runMutation(
-*   components.auth.group.sso.groupWebhookEndpointCreate,
-*   {
-*     connectionId,
-*     groupId: orgGroupId,
-*     url: "https://acme.com/webhooks/auth",
-*     secretHash: "sha256:whsec_...",
-*     subscriptions: ["user.login", "user.created", "scim.provision"],
-*   },
-* );
-* ```
 */
 const groupWebhookEndpointCreate = mutation({
 	args: {
@@ -64,16 +51,6 @@ const groupWebhookEndpointCreate = mutation({
 * @param args.connectionId - The ID of the group connection whose webhook endpoints to list.
 * @returns An array of webhook endpoint documents.
 *
-* @example
-* ```ts
-* const endpoints = await ctx.runQuery(
-*   components.auth.group.sso.groupWebhookEndpointList,
-*   { connectionId },
-* );
-* for (const ep of endpoints) {
-*   console.log(ep.url, ep.status, ep.subscriptions);
-* }
-* ```
 */
 const groupWebhookEndpointList = query({
 	args: { connectionId: v.id("GroupConnection") },
@@ -91,16 +68,6 @@ const groupWebhookEndpointList = query({
 * @param args.endpointId - The document ID of the webhook endpoint to retrieve.
 * @returns The webhook endpoint document, or `null` if not found.
 *
-* @example
-* ```ts
-* const endpoint = await ctx.runQuery(
-*   components.auth.group.sso.groupWebhookEndpointGet,
-*   { endpointId },
-* );
-* if (endpoint) {
-*   console.log(endpoint.url, endpoint.failureCount);
-* }
-* ```
 */
 const groupWebhookEndpointGet = query({
 	args: { endpointId: v.id("GroupWebhookEndpoint") },
@@ -121,19 +88,6 @@ const groupWebhookEndpointGet = query({
 * @param args.data - An object containing the fields to update (e.g. `{ url, status, subscriptions }`).
 * @returns `null` on success.
 *
-* @example
-* ```ts
-* await ctx.runMutation(
-*   components.auth.group.sso.groupWebhookEndpointUpdate,
-*   {
-*     endpointId,
-*     data: {
-*       status: "paused",
-*       subscriptions: ["user.login"],
-*     },
-*   },
-* );
-* ```
 */
 const groupWebhookEndpointUpdate = mutation({
 	args: {
@@ -147,9 +101,9 @@ const groupWebhookEndpointUpdate = mutation({
 	}
 });
 /**
-* Enqueue a webhook delivery for a specific endpoint.
+* Create a webhook delivery for a specific endpoint.
 *
-* Creates a new `GroupWebhookDelivery` document with an initial status
+* Inserts a new `GroupWebhookDelivery` document with an initial status
 * of `"pending"` and an attempt count of `0`. The delivery will be picked up
 * by the delivery worker once `nextAttemptAt` is reached.
 *
@@ -161,22 +115,8 @@ const groupWebhookEndpointUpdate = mutation({
 * @param args.nextAttemptAt - Epoch timestamp (ms) when the delivery should first be attempted.
 * @returns The ID of the newly created `GroupWebhookDelivery` document.
 *
-* @example
-* ```ts
-* const deliveryId = await ctx.runMutation(
-*   components.auth.group.sso.groupWebhookDeliveryEnqueue,
-*   {
-*     connectionId,
-*     endpointId,
-*     auditEventId,
-*     eventType: "user.created",
-*     payload: { userId, email: "jane@acme.com" },
-*     nextAttemptAt: Date.now(),
-*   },
-* );
-* ```
 */
-const groupWebhookDeliveryEnqueue = mutation({
+const groupWebhookDeliveryCreate = mutation({
 	args: {
 		connectionId: v.id("GroupConnection"),
 		endpointId: v.id("GroupWebhookEndpoint"),
@@ -195,66 +135,34 @@ const groupWebhookDeliveryEnqueue = mutation({
 	}
 });
 /**
-* List pending webhook deliveries that are ready to be attempted.
+* List webhook deliveries.
 *
-* Queries the `status_next_attempt_at` index for deliveries with status
-* `"pending"` whose `nextAttemptAt` is at or before the provided timestamp.
-* This is used by the delivery worker to find deliveries due for processing.
+* Accepts exactly one selector:
+* - `connectionId` — all deliveries for a connection, most recent first
+*   (via `group_connection_id`). Includes every status; useful for an
+*   admin delivery-history view.
+* - `now` — pending deliveries due for dispatch: status `"pending"` with
+*   `nextAttemptAt <= now` (via `status_next_attempt_at`). Used by the
+*   delivery worker to find work.
 *
-* @param args.now - The current epoch timestamp (ms) used as the cutoff for `nextAttemptAt`.
-* @param args.limit - Maximum number of deliveries to return (clamped between 1 and 100, defaults to 50).
-* @returns An array of webhook delivery documents ready for dispatch.
+* @param connectionId - Optional `_id` of the `GroupConnection`.
+* @param now - Optional epoch timestamp (ms) cutoff for `nextAttemptAt`.
+* @param limit - Max deliveries to return (clamped 1–100, default 50).
+* @returns An array of webhook delivery documents.
 *
-* @example
-* ```ts
-* const ready = await ctx.runQuery(
-*   components.auth.group.sso.groupWebhookDeliveryListReady,
-*   { now: Date.now(), limit: 10 },
-* );
-* for (const delivery of ready) {
-*   await dispatchWebhook(delivery);
-* }
-* ```
-*/
-const groupWebhookDeliveryListReady = query({
-	args: {
-		now: v.number(),
-		limit: v.optional(v.number())
-	},
-	returns: v.array(vGroupWebhookDeliveryDoc),
-	handler: async (ctx, { now, limit }) => {
-		return await ctx.db.query("GroupWebhookDelivery").withIndex("status_next_attempt_at", (idx) => idx.eq("status", "pending").lte("nextAttemptAt", now)).take(Math.min(Math.max(limit ?? 50, 1), 100));
-	}
-});
-/**
-* List webhook deliveries for a specific group connection, ordered by most recent first.
-*
-* Returns deliveries in reverse chronological order, useful for displaying
-* delivery history in an admin dashboard. Includes deliveries of all statuses.
-*
-* @param args.connectionId - The ID of the group connection whose deliveries to list.
-* @param args.limit - Maximum number of deliveries to return (clamped between 1 and 100, defaults to 50).
-* @returns An array of webhook delivery documents, most recent first.
-*
-* @example
-* ```ts
-* const deliveries = await ctx.runQuery(
-*   components.auth.group.sso.groupWebhookDeliveryList,
-*   { connectionId, limit: 25 },
-* );
-* for (const d of deliveries) {
-*   console.log(d.eventType, d.status, d.attemptCount);
-* }
-* ```
 */
 const groupWebhookDeliveryList = query({
 	args: {
-		connectionId: v.id("GroupConnection"),
+		connectionId: v.optional(v.id("GroupConnection")),
+		now: v.optional(v.number()),
 		limit: v.optional(v.number())
 	},
 	returns: v.array(vGroupWebhookDeliveryDoc),
-	handler: async (ctx, { connectionId, limit }) => {
-		return await ctx.db.query("GroupWebhookDelivery").withIndex("group_connection_id", (idx) => idx.eq("connectionId", connectionId)).order("desc").take(Math.min(Math.max(limit ?? 50, 1), 100));
+	handler: async (ctx, args) => {
+		const take = Math.min(Math.max(args.limit ?? 50, 1), 100);
+		if (args.now !== void 0) return await ctx.db.query("GroupWebhookDelivery").withIndex("status_next_attempt_at", (idx) => idx.eq("status", "pending").lte("nextAttemptAt", args.now)).take(take);
+		if (args.connectionId === void 0) return [];
+		return await ctx.db.query("GroupWebhookDelivery").withIndex("group_connection_id", (idx) => idx.eq("connectionId", args.connectionId)).order("desc").take(take);
 	}
 });
 /**
@@ -269,19 +177,6 @@ const groupWebhookDeliveryList = query({
 * @param args.data - An object containing the fields to update (e.g. `{ status, attemptCount, nextAttemptAt }`).
 * @returns `null` on success.
 *
-* @example
-* ```ts
-* await ctx.runMutation(
-*   components.auth.group.sso.groupWebhookDeliveryPatch,
-*   {
-*     deliveryId,
-*     data: {
-*       status: "delivered",
-*       attemptCount: 1,
-*     },
-*   },
-* );
-* ```
 */
 const groupWebhookDeliveryPatch = mutation({
 	args: {
@@ -296,5 +191,5 @@ const groupWebhookDeliveryPatch = mutation({
 });
 
 //#endregion
-export { groupWebhookDeliveryEnqueue, groupWebhookDeliveryList, groupWebhookDeliveryListReady, groupWebhookDeliveryPatch, groupWebhookEndpointCreate, groupWebhookEndpointGet, groupWebhookEndpointList, groupWebhookEndpointUpdate };
+export { groupWebhookDeliveryCreate, groupWebhookDeliveryList, groupWebhookDeliveryPatch, groupWebhookEndpointCreate, groupWebhookEndpointGet, groupWebhookEndpointList, groupWebhookEndpointUpdate };
 //# sourceMappingURL=webhooks.js.map

package/dist/component/rateLimit.js

@@ -0,0 +1,3 @@
+import { rateLimitCreate, rateLimitDelete, rateLimitGet, rateLimitPatch } from "./public/security/limits.js";
+
+export { rateLimitCreate as create, rateLimitDelete as delete, rateLimitGet as get, rateLimitPatch as update };