@spfn/auth 0.2.0-beta.41 → 0.2.0-beta.42

package/README.md

@@ -1092,6 +1092,8 @@ Update authenticated user's username. Validates uniqueness before updating.
 |-------|-------------|---------|
 | `auth.login` | 로그인 성공 | 이메일/전화 로그인, OAuth 기존 사용자 |
 | `auth.register` | 회원가입 성공 | 이메일/전화 회원가입, OAuth 신규 사용자 |
+| `auth.invitation.created` | 초대 생성/재발송 | createInvitation, resendInvitation |
+| `auth.invitation.accepted` | 초대 수락 | acceptInvitation |
 
 ---
 
@@ -1123,6 +1125,34 @@ Update authenticated user's username. Validates uniqueness before updating.
 `metadata`는 클라이언트가 register/OAuth 요청 body에 포함한 값이 그대로 전달됩니다.
 레퍼럴 코드, UTM 파라미터 등 앱 고유 데이터를 이벤트 구독자에게 전달할 때 사용합니다.
 
+#### `auth.invitation.created`
+
+```typescript
+{
+  invitationId: string;
+  email: string;
+  token: string;
+  roleId: number;
+  invitedBy: string;
+  expiresAt: string;           // ISO 8601
+  isResend: boolean;           // true면 재발송
+  metadata?: Record<string, unknown>;
+}
+```
+
+#### `auth.invitation.accepted`
+
+```typescript
+{
+  invitationId: string;
+  email: string;
+  userId: string;              // 생성된 사용자 ID
+  roleId: number;
+  invitedBy: string;
+  metadata?: Record<string, unknown>;
+}
+```
+
 ---
 
 ### Subscribing to Events
@@ -1165,6 +1195,51 @@ authApi.oauthStart.call({
 });
 ```
 
+#### 초대 이벤트 구독 (이메일 발송 연동)
+
+```typescript
+import { invitationCreatedEvent, invitationAcceptedEvent } from '@spfn/auth/server';
+
+// 초대 생성 시 이메일 발송
+invitationCreatedEvent.subscribe(async (payload) => {
+    const inviteUrl = `${APP_URL}/invite/${payload.token}`;
+
+    await notificationService.send({
+        channel: 'email',
+        to: payload.email,
+        subject: payload.isResend ? '초대가 재발송되었습니다' : '초대장이 도착했습니다',
+        html: renderInviteEmail({
+            inviteUrl,
+            inviterName: payload.metadata?.inviterName,
+            message: payload.metadata?.message,
+        }),
+        tracking: {
+            category: 'invitation',
+            metadata: { invitationId: payload.invitationId },
+        },
+    });
+});
+
+// 초대 수락 시 온보딩 처리
+invitationAcceptedEvent.subscribe(async (payload) => {
+    await onboardingService.start(payload.userId);
+});
+```
+
+초대 생성 시 커스텀 만료 시간 지정:
+
+```typescript
+// expiresAt이 expiresInDays보다 우선
+authApi.createInvitation.call({
+    body: {
+        email: 'user@example.com',
+        roleId: 2,
+        expiresAt: '2026-03-20T00:00:00Z',
+        metadata: { inviterName: '홍길동', message: '함께 일해요!' },
+    }
+});
+```
+
 ---
 
 ### Job Integration

package/dist/{authenticate-2953PCm8.d.ts → authenticate-gnTzrnU-.d.ts}

@@ -633,6 +633,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             email: _sinclair_typebox.TString;
             roleId: _sinclair_typebox.TNumber;
             expiresInDays: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
+            expiresAt: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
         }>;
     }, {}, {

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-2953PCm8.js';
-export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-2953PCm8.js';
+import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-gnTzrnU-.js';
+export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-gnTzrnU-.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import { HttpMethod } from '@spfn/core/route';
 import * as _sinclair_typebox from '@sinclair/typebox';
@@ -257,6 +257,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             email: _sinclair_typebox.TString;
             roleId: _sinclair_typebox.TNumber;
             expiresInDays: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
+            expiresAt: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
         }>;
     }, {}, {

package/dist/server.d.ts

@@ -1,5 +1,5 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-2953PCm8.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-2953PCm8.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-gnTzrnU-.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-gnTzrnU-.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -1082,6 +1082,7 @@ declare function createInvitation(params: {
     roleId: number;
     invitedBy: number;
     expiresInDays?: number;
+    expiresAt?: Date;
     metadata?: Record<string, any>;
 }): Promise<Invitation>;
 /**
@@ -2942,10 +2943,10 @@ declare class UsersRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUser): Promise<{
+        username: string | null;
+        status: "active" | "inactive" | "suspended";
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
-        username: string | null;
         id: number;
         createdAt: Date;
         updatedAt: Date;
@@ -3018,10 +3019,10 @@ declare class UsersRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteById(id: number): Promise<{
+        username: string | null;
+        status: "active" | "inactive" | "suspended";
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
-        username: string | null;
         id: number;
         createdAt: Date;
         updatedAt: Date;
@@ -4093,8 +4094,8 @@ declare class InvitationsRepository extends BaseRepository {
      * 초대 생성
      */
     create(data: NewInvitation): Promise<{
-        email: string;
         status: "pending" | "accepted" | "expired" | "cancelled";
+        email: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
@@ -4127,8 +4128,8 @@ declare class InvitationsRepository extends BaseRepository {
      * 초대 삭제
      */
     deleteById(id: number): Promise<{
-        email: string;
         status: "pending" | "accepted" | "expired" | "cancelled";
+        email: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
@@ -4801,10 +4802,10 @@ declare function getOptionalAuth(c: Context | {
 declare function getUser(c: Context | {
     raw: Context;
 }): {
+    username: string | null;
+    status: "active" | "inactive" | "suspended";
     email: string | null;
     phone: string | null;
-    status: "active" | "inactive" | "suspended";
-    username: string | null;
     id: number;
     createdAt: Date;
     updatedAt: Date;
@@ -5314,10 +5315,67 @@ declare const authRegisterEvent: _spfn_core_event.EventDef<{
     userId: string;
     provider: "email" | "phone" | "google";
 }>;
+/**
+ * auth.invitation.created - 초대 생성 이벤트
+ *
+ * 발행 시점:
+ * - createInvitation() 성공 시
+ * - resendInvitation() 성공 시
+ *
+ * @example
+ * ```typescript
+ * invitationCreatedEvent.subscribe(async (payload) => {
+ *     const inviteUrl = `${APP_URL}/invite/${payload.token}`;
+ *     await notificationService.send({
+ *         channel: 'email',
+ *         to: payload.email,
+ *         subject: 'You are invited!',
+ *         html: renderInviteEmail({ inviteUrl, ...payload.metadata }),
+ *     });
+ * });
+ * ```
+ */
+declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
+    metadata?: {
+        [x: string]: unknown;
+    } | undefined;
+    email: string;
+    roleId: number;
+    expiresAt: string;
+    token: string;
+    invitedBy: string;
+    invitationId: string;
+    isResend: boolean;
+}>;
+/**
+ * auth.invitation.accepted - 초대 수락 이벤트
+ *
+ * 발행 시점:
+ * - acceptInvitation() 성공 시
+ *
+ * @example
+ * ```typescript
+ * invitationAcceptedEvent.subscribe(async (payload) => {
+ *     await onboardingService.start(payload.userId);
+ * });
+ * ```
+ */
+declare const invitationAcceptedEvent: _spfn_core_event.EventDef<{
+    metadata?: {
+        [x: string]: unknown;
+    } | undefined;
+    email: string;
+    userId: string;
+    roleId: number;
+    invitedBy: string;
+    invitationId: string;
+}>;
 /**
  * Auth event payload types
  */
 type AuthLoginPayload = typeof authLoginEvent._payload;
 type AuthRegisterPayload = typeof authRegisterEvent._payload;
+type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
+type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
 
-export { type AuthConfig, AuthContext, type AuthLoginPayload, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
+export { type AuthConfig, AuthContext, type AuthLoginPayload, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };

package/dist/server.js

@@ -7153,6 +7153,30 @@ var authRegisterEvent = defineEvent(
     metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
   })
 );
+var invitationCreatedEvent = defineEvent(
+  "auth.invitation.created",
+  Type.Object({
+    invitationId: Type.String(),
+    email: Type.String(),
+    token: Type.String(),
+    roleId: Type.Number(),
+    invitedBy: Type.String(),
+    expiresAt: Type.String(),
+    isResend: Type.Boolean(),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
+  })
+);
+var invitationAcceptedEvent = defineEvent(
+  "auth.invitation.accepted",
+  Type.Object({
+    invitationId: Type.String(),
+    email: Type.String(),
+    userId: Type.String(),
+    roleId: Type.Number(),
+    invitedBy: Type.String(),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
+  })
+);
 
 // src/server/services/auth.service.ts
 async function checkAccountExistsService(params) {
@@ -7566,7 +7590,7 @@ function calculateExpiresAt(days = 7) {
   return expiresAt;
 }
 async function createInvitation(params) {
-  const { email, roleId, invitedBy, expiresInDays = 7, metadata } = params;
+  const { email, roleId, invitedBy, expiresInDays = 7, expiresAt: expiresAtParam, metadata } = params;
   const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
   if (!emailRegex.test(email)) {
     throw new Error("Invalid email format");
@@ -7588,7 +7612,7 @@ async function createInvitation(params) {
     throw new Error(`User with id ${invitedBy} not found`);
   }
   const token = generateInvitationToken();
-  const expiresAt = calculateExpiresAt(expiresInDays);
+  const expiresAt = expiresAtParam ?? calculateExpiresAt(expiresInDays);
   const invitation = await invitationsRepository.create({
     email,
     token,
@@ -7598,7 +7622,16 @@ async function createInvitation(params) {
     expiresAt,
     metadata: metadata || null
   });
-  console.log(`[Auth] \u2705 Created invitation: ${email} as ${role.name} (expires: ${expiresAt.toISOString()})`);
+  await invitationCreatedEvent.emit({
+    invitationId: String(invitation.id),
+    email,
+    token,
+    roleId,
+    invitedBy: String(invitedBy),
+    expiresAt: expiresAt.toISOString(),
+    isResend: false,
+    metadata
+  });
   return invitation;
 }
 async function getInvitationByToken(token) {
@@ -7662,7 +7695,14 @@ async function acceptInvitation(params) {
     "accepted",
     /* @__PURE__ */ new Date()
   );
-  console.log(`[Auth] \u2705 Invitation accepted: ${invitation.email} as ${role.name}`);
+  await invitationAcceptedEvent.emit({
+    invitationId: String(invitation.id),
+    email: invitation.email,
+    userId: String(newUser.id),
+    roleId: Number(invitation.roleId),
+    invitedBy: String(invitation.invitedBy),
+    metadata: invitation.metadata
+  });
   return {
     userId: newUser.id,
     email: newUser.email,
@@ -7707,7 +7747,16 @@ async function resendInvitation(id11, expiresInDays = 7) {
   if (!updated) {
     throw new Error("Failed to update invitation");
   }
-  console.log(`[Auth] \u{1F4E7} Invitation resent: ${invitation.email} (new expiry: ${newExpiresAt.toISOString()})`);
+  await invitationCreatedEvent.emit({
+    invitationId: String(invitation.id),
+    email: invitation.email,
+    token: invitation.token,
+    roleId: Number(invitation.roleId),
+    invitedBy: String(invitation.invitedBy),
+    expiresAt: newExpiresAt.toISOString(),
+    isResend: true,
+    metadata: invitation.metadata
+  });
   return updated;
 }
 
@@ -8675,6 +8724,10 @@ var createInvitation2 = route2.post("/_auth/invitations").input({
       maximum: 30,
       description: "Days until invitation expires (default: 7)"
     })),
+    expiresAt: Type.Optional(Type.String({
+      format: "date-time",
+      description: "Exact expiration timestamp (ISO 8601). Takes precedence over expiresInDays."
+    })),
     metadata: Type.Optional(Type.Any({
       description: "Custom metadata (welcome message, department, etc.)"
     }))
@@ -8687,6 +8740,7 @@ var createInvitation2 = route2.post("/_auth/invitations").input({
     roleId: body.roleId,
     invitedBy: Number(userId),
     expiresInDays: body.expiresInDays,
+    expiresAt: body.expiresAt ? new Date(body.expiresAt) : void 0,
     metadata: body.metadata
   });
   const baseUrl = process.env.SPFN_API_URL || "http://localhost:8790";
@@ -9507,6 +9561,8 @@ export {
   hasRole,
   hashPassword,
   initializeAuth,
+  invitationAcceptedEvent,
+  invitationCreatedEvent,
   invitationsRepository,
   isGoogleOAuthEnabled,
   isOAuthProviderEnabled,