@stackframe/stack 2.4.0 → 2.4.3

package/dist/lib/stack-app.d.ts

@@ -1,7 +1,8 @@
-import { ServerUserJson, ServerUserCustomizableJson, OAuthProviderConfigJson, KnownErrors } from '@stackframe/stack-shared';
-import { ReadonlyTokenStore, UserJson, UserCustomizableJson, ProjectJson, ProductionModeError, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
+import { ServerUserJson, OAuthProviderConfigJson, KnownErrors } from '@stackframe/stack-shared';
+import { ReadonlyTokenStore, UserJson, UserUpdateJson, ProjectJson, ProductionModeError, TeamJson, EmailConfigJson, DomainConfigJson, ClientProjectJson } from '@stackframe/stack-shared/dist/interface/clientInterface';
 import { ReadonlyJson } from '@stackframe/stack-shared/dist/utils/json';
 import { ProjectUpdateOptions, ApiKeySetCreateOptions } from '@stackframe/stack-shared/dist/interface/adminInterface';
+import { ServerUserUpdateJson, ServerTeamCustomizableJson, ServerPermissionDefinitionCustomizableJson, ServerPermissionDefinitionJson } from '@stackframe/stack-shared/dist/interface/serverInterface';
 
 type TokenStoreOptions<HasTokenStore extends boolean = boolean> = HasTokenStore extends true ? "cookie" | "nextjs-cookie" | "memory" : HasTokenStore extends false ? null : TokenStoreOptions<true> | TokenStoreOptions<false>;
 type HandlerUrls = {
@@ -42,7 +43,7 @@ type StackClientAppJson<HasTokenStore extends boolean, ProjectId extends string>
 declare const stackAppInternalsSymbol: unique symbol;
 type Auth<T, C> = {
     readonly tokenStore: ReadonlyTokenStore;
-    update(this: T, user: Partial<C>): Promise<void>;
+    update(this: T, user: C): Promise<void>;
     signOut(this: T): Promise<void>;
     sendVerificationEmail(this: T): Promise<KnownErrors["EmailAlreadyVerified"] | undefined>;
     updatePassword(this: T, options: {
@@ -51,12 +52,14 @@ type Auth<T, C> = {
     }): Promise<KnownErrors["PasswordMismatch"] | KnownErrors["PasswordRequirementsNotMet"] | undefined>;
 };
 type InternalAuth<T> = {
-    createProject(this: T, newProject: Pick<Project, "displayName" | "description">): Promise<Project>;
+    createProject(this: T, newProject: ProjectUpdateOptions & {
+        displayName: string;
+    }): Promise<Project>;
     listOwnedProjects(this: T): Promise<Project[]>;
     useOwnedProjects(this: T): Project[];
     onOwnedProjectsChange(this: T, callback: (projects: Project[]) => void): void;
 };
-type User = {
+type User = ({
     readonly projectId: string;
     readonly id: string;
     readonly displayName: string | null;
@@ -74,25 +77,37 @@ type User = {
     readonly hasPassword: boolean;
     readonly authWithEmail: boolean;
     readonly oauthProviders: readonly string[];
+    hasPermission(this: CurrentUser, scope: Team, permissionId: string): Promise<boolean>;
     toJson(this: CurrentUser): UserJson;
-};
-type CurrentUser = Auth<User, UserCustomizableJson> & User;
+} & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & Omit<AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
+    direct?: boolean;
+}], Permission | null, false>, "onPermissionChange"> & Omit<AsyncStoreProperty<"permissions", [scope: Team, options?: {
+    direct?: boolean;
+}], Permission[], true>, "onPermissionsChange">);
+type CurrentUser = Auth<User, UserUpdateJson> & User;
 type CurrentInternalUser = CurrentUser & InternalAuth<CurrentUser>;
 /**
  * A user including sensitive fields that should only be used on the server, never sent to the client
  * (such as sensitive information and serverMetadata).
  */
-type ServerUser = Omit<User, "toJson"> & {
+type ServerUser = (Omit<User, 'hasPermission' | 'toJson' | keyof AsyncStoreProperty<"team", [], Team | null, false> | keyof AsyncStoreProperty<"teams", [], Team[], true> | keyof AsyncStoreProperty<"permission", [], Permission[], false> | keyof AsyncStoreProperty<"permissions", [], Permission[], true>> & {
     readonly serverMetadata: ReadonlyJson;
     /**
      * Returns a new user object with the sensitive fields removed.
      */
     getClientUser(this: ServerUser): User;
-    toJson(this: ServerUser): ServerUserJson;
-    update(this: ServerUser, user: Partial<ServerUserCustomizableJson>): Promise<void>;
+    update(this: ServerUser, user: Partial<ServerUserUpdateJson>): Promise<void>;
     delete(this: ServerUser): Promise<void>;
-};
-type CurrentServerUser = Auth<ServerUser, ServerUserCustomizableJson> & Omit<ServerUser, "getClientUser"> & {
+    grantPermission(scope: Team, permissionId: string): Promise<void>;
+    revokePermission(scope: Team, permissionId: string): Promise<void>;
+    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    toJson(this: ServerUser): ServerUserJson;
+} & AsyncStoreProperty<"team", [id: string], ServerTeam | null, false> & AsyncStoreProperty<"teams", [], ServerTeam[], true> & Omit<AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
+    direct?: boolean;
+}], ServerPermission | null, false>, "onPermissionChange"> & Omit<AsyncStoreProperty<"permissions", [scope: Team, options?: {
+    direct?: boolean;
+}], ServerPermission[], true>, "onPermissionsChange">);
+type CurrentServerUser = Auth<ServerUser, ServerUserUpdateJson> & Omit<ServerUser, "getClientUser"> & {
     getClientUser(this: CurrentServerUser): CurrentUser;
 };
 type CurrentInternalServerUser = CurrentServerUser & InternalAuth<CurrentServerUser>;
@@ -111,11 +126,47 @@ type Project = {
         readonly oauthProviders: OAuthProviderConfig[];
         readonly emailConfig?: EmailConfig;
         readonly domains: DomainConfig[];
+        readonly createTeamOnSignUp: boolean;
     };
     update(this: Project, update: ProjectUpdateOptions): Promise<void>;
     toJson(this: Project): ProjectJson;
     getProductionModeErrors(this: Project): ProductionModeError[];
 };
+type Team = {
+    id: string;
+    displayName: string;
+    createdAt: Date;
+    toJson(this: Team): TeamJson;
+};
+type ServerTeam = Team & {
+    listMembers(): Promise<ServerTeamMember[]>;
+    useMembers(): ServerTeamMember[];
+    update(update: Partial<ServerTeamCustomizableJson>): Promise<void>;
+    delete(): Promise<void>;
+    addUser(userId: string): Promise<void>;
+    removeUser(userId: string): Promise<void>;
+};
+type TeamMember = {
+    userId: string;
+    teamId: string;
+    displayName: string | null;
+};
+type ServerTeamMember = TeamMember & {
+    getUser(): Promise<ServerUser>;
+};
+type Permission = {
+    id: string;
+} & ({
+    type: "global";
+} | {
+    type: "team";
+    teamId: string;
+});
+type ServerPermission = Permission & {
+    readonly __databaseUniqueId: string;
+    readonly description?: string;
+    readonly containPermissionIds: string[];
+};
 type ApiKeySetBase = {
     id: string;
     description: string;
@@ -148,12 +199,12 @@ type OAuthProviderConfig = OAuthProviderConfigJson;
 type GetUserOptions = {
     or?: 'redirect' | 'throw' | 'return-null';
 };
-type AsyncStoreProperty<Name extends string, Value, IsMultiple extends boolean> = {
-    [key in `${IsMultiple extends true ? "list" : "get"}${Capitalize<Name>}`]: () => Promise<Value>;
+type AsyncStoreProperty<Name extends string, Args extends any[], Value, IsMultiple extends boolean> = {
+    [key in `${IsMultiple extends true ? "list" : "get"}${Capitalize<Name>}`]: (...args: Args) => Promise<Value>;
 } & {
-    [key in `on${Capitalize<Name>}Change`]: (callback: (value: Value) => void) => void;
+    [key in `on${Capitalize<Name>}Change`]: (...tupleArgs: [...args: Args, callback: (value: Value) => void]) => void;
 } & {
-    [key in `use${Capitalize<Name>}`]: () => Value;
+    [key in `use${Capitalize<Name>}`]: (...args: Args) => Value;
 };
 type StackClientAppConstructor = {
     new <TokenStoreType extends string, HasTokenStore extends (TokenStoreType extends {} ? true : boolean), ProjectId extends string>(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>): StackClientApp<HasTokenStore, ProjectId>;
@@ -188,10 +239,10 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         toClientJson(): StackClientAppJson<HasTokenStore, ProjectId>;
         setCurrentUser(userJsonPromise: Promise<UserJson | null>): void;
     };
-} & AsyncStoreProperty<"project", ClientProjectJson, false> & {
-    [K in `redirectTo${Capitalize<keyof Omit<HandlerUrls, 'handler' | 'oauthCallback'>>}`]: () => Promise<never>;
+} & AsyncStoreProperty<"project", [], ClientProjectJson, false> & {
+    [K in `redirectTo${Capitalize<keyof Omit<HandlerUrls, 'handler' | 'oauthCallback'>>}`]: () => Promise<void>;
 } & (HasTokenStore extends false ? {} : {
-    redirectToOAuthCallback(): Promise<never>;
+    redirectToOAuthCallback(): Promise<void>;
     useUser(options: GetUserOptions & {
         or: 'redirect';
     }): ProjectCurrentUser<ProjectId>;
@@ -206,22 +257,29 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
         or: 'throw';
     }): Promise<ProjectCurrentUser<ProjectId>>;
     getUser(options?: GetUserOptions): Promise<ProjectCurrentUser<ProjectId> | null>;
-    onUserChange: AsyncStoreProperty<"user", CurrentUser | null, false>["onUserChange"];
+    onUserChange: AsyncStoreProperty<"user", [], CurrentUser | null, false>["onUserChange"];
 }));
 declare const StackClientApp: StackClientAppConstructor;
 type StackServerAppConstructor = {
     new <TokenStoreType extends string, HasTokenStore extends (TokenStoreType extends {} ? true : boolean), ProjectId extends string>(options: StackServerAppConstructorOptions<HasTokenStore, ProjectId>): StackServerApp<HasTokenStore, ProjectId>;
     new (options: StackServerAppConstructorOptions<boolean, string>): StackServerApp<boolean, string>;
 };
-type StackServerApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (StackClientApp<HasTokenStore, ProjectId> & AsyncStoreProperty<"serverUser", CurrentServerUser | null, false> & AsyncStoreProperty<"serverUsers", ServerUser[], true> & {});
+type StackServerApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (StackClientApp<HasTokenStore, ProjectId> & {
+    createTeam(data: ServerTeamCustomizableJson): Promise<ServerTeam>;
+    createPermissionDefinition(data: ServerPermissionDefinitionCustomizableJson): Promise<ServerPermission>;
+    updatePermissionDefinition(permissionId: string, data: Partial<ServerPermissionDefinitionCustomizableJson>): Promise<void>;
+    deletePermissionDefinition(permissionId: string): Promise<void>;
+    listPermissionDefinitions(): Promise<ServerPermissionDefinitionJson[]>;
+    usePermissionDefinitions(): ServerPermissionDefinitionJson[];
+} & AsyncStoreProperty<"serverUser", [], CurrentServerUser | null, false> & AsyncStoreProperty<"serverUsers", [], ServerUser[], true> & Omit<AsyncStoreProperty<"team", [id: string], ServerTeam | null, false>, "onTeamChange"> & Omit<AsyncStoreProperty<"teams", [], ServerTeam[], true>, "onTeamsChange">);
 declare const StackServerApp: StackServerAppConstructor;
 type StackAdminAppConstructor = {
     new <HasTokenStore extends boolean, ProjectId extends string>(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>): StackAdminApp<HasTokenStore, ProjectId>;
     new (options: StackAdminAppConstructorOptions<boolean, string>): StackAdminApp<boolean, string>;
 };
-type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (StackServerApp<HasTokenStore, ProjectId> & AsyncStoreProperty<"projectAdmin", Project, false> & AsyncStoreProperty<"apiKeySets", ApiKeySet[], true> & {
+type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (StackServerApp<HasTokenStore, ProjectId> & AsyncStoreProperty<"projectAdmin", [], Project, false> & AsyncStoreProperty<"apiKeySets", [], ApiKeySet[], true> & {
     createApiKeySet(options: ApiKeySetCreateOptions): Promise<ApiKeySetFirstView>;
 });
 declare const StackAdminApp: StackAdminAppConstructor;
 
-export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthProviderConfig, type Project, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type TokenStoreOptions, type User, stackAppInternalsSymbol };
+export { type ApiKeySet, type ApiKeySetBase, type ApiKeySetFirstView, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type DomainConfig, type EmailConfig, type GetUserOptions, type HandlerUrls, type OAuthProviderConfig, type Permission, type Project, type ServerPermission, type ServerTeam, type ServerTeamMember, type ServerUser, StackAdminApp, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructorOptions, type Team, type TeamMember, type TokenStoreOptions, type User, stackAppInternalsSymbol };

package/dist/lib/stack-app.js

@@ -53,6 +53,9 @@ var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
 var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
 var import_caches = require("@stackframe/stack-shared/dist/utils/caches");
 var import_react3 = require("@stackframe/stack-shared/dist/utils/react");
+function permissionDefinitionScopeToType(scope) {
+  return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
+}
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   return {
@@ -80,10 +83,10 @@ function getDefaultPublishableClientKey() {
   return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || (0, import_errors.throwErr)("Welcome to Stack! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable.");
 }
 function getDefaultSecretServerKey() {
-  return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)("No secret server key provided. Please copy your publishable client key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable.");
+  return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable.");
 }
 function getDefaultSuperSecretAdminKey() {
-  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || (0, import_errors.throwErr)("No super secret admin key provided. Please copy your publishable client key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable.");
+  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || (0, import_errors.throwErr)("No super secret admin key provided. Please copy your key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable.");
 }
 function getDefaultBaseUrl() {
   return process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
@@ -216,6 +219,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _ownedProjectsCache = createCacheByTokenStore(async (tokenStore) => {
     return await this._interface.listProjects(tokenStore);
   });
+  _currentUserPermissionsCache = createCacheByTokenStore(async (tokenStore, [teamId, type, direct]) => {
+    return await this._interface.listClientUserTeamPermissions({ teamId, type, direct }, tokenStore);
+  });
+  _currentUserTeamsCache = createCacheByTokenStore(async (tokenStore) => {
+    return await this._interface.listClientUserTeams(tokenStore);
+  });
   constructor(options) {
     if ("interface" in options) {
       this._interface = options.interface;
@@ -250,7 +259,33 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       throw new Error("Cannot call this function on a Stack app with a project ID other than 'internal'.");
     }
   }
+  _permissionFromJson(json) {
+    const type = permissionDefinitionScopeToType(json.scope);
+    if (type === "team") {
+      return {
+        id: json.id,
+        type,
+        teamId: json.scope.teamId
+      };
+    } else {
+      return {
+        id: json.id,
+        type
+      };
+    }
+  }
+  _teamFromJson(json) {
+    return {
+      id: json.id,
+      displayName: json.displayName,
+      createdAt: new Date(json.createdAtMillis),
+      toJson() {
+        return json;
+      }
+    };
+  }
   _userFromJson(json) {
+    const app = this;
     return {
       projectId: json.projectId,
       id: json.id,
@@ -264,11 +299,69 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       hasPassword: json.hasPassword,
       authWithEmail: json.authWithEmail,
       oauthProviders: json.oauthProviders,
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      onTeamChange(teamId, callback) {
+        return this.onTeamsChange((teams) => {
+          const team = teams.find((t) => t.id === teamId) ?? null;
+          callback(team);
+        });
+      },
+      async listTeams() {
+        const teams = await app._currentUserTeamsCache.getOrWait([getTokenStore(app._tokenStoreOptions)], "write-only");
+        return teams.map((json2) => app._teamFromJson(json2));
+      },
+      useTeams() {
+        const teams = useCache(app._currentUserTeamsCache, [getTokenStore(app._tokenStoreOptions)], "user.useTeams()");
+        return (0, import_react.useMemo)(() => teams.map((json2) => app._teamFromJson(json2)), [teams]);
+      },
+      onTeamsChange(callback) {
+        return app._currentUserTeamsCache.onChange([getTokenStore(app._tokenStoreOptions)], (value, oldValue) => {
+          callback(value.map((json2) => app._teamFromJson(json2)), oldValue?.map((json2) => app._teamFromJson(json2)));
+        });
+      },
+      async listPermissions(scope, options) {
+        const permissions = await app._currentUserPermissionsCache.getOrWait([getTokenStore(app._tokenStoreOptions), scope.id, "team", !!options?.direct], "write-only");
+        return permissions.map((json2) => app._permissionFromJson(json2));
+      },
+      usePermissions(scope, options) {
+        const permissions = useCache(app._currentUserPermissionsCache, [getTokenStore(app._tokenStoreOptions), scope.id, "team", !!options?.direct], "user.usePermissions()");
+        return (0, import_react.useMemo)(() => permissions.map((json2) => app._permissionFromJson(json2)), [permissions]);
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      async hasPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.some((p) => p.id === permissionId);
+      },
       toJson() {
         return json;
       }
     };
   }
+  _teamMemberFromJson(json) {
+    if (json === null)
+      return null;
+    return {
+      teamId: json.teamId,
+      userId: json.userId,
+      displayName: json.displayName
+    };
+  }
   _currentUserFromJson(json, tokenStore) {
     if (json === null)
       return null;
@@ -346,7 +439,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         allowLocalhost: data.evaluatedConfig.allowLocalhost,
         oauthProviders: data.evaluatedConfig.oauthProviders,
         emailConfig: data.evaluatedConfig.emailConfig,
-        domains: data.evaluatedConfig.domains
+        domains: data.evaluatedConfig.domains,
+        createTeamOnSignUp: data.evaluatedConfig.createTeamOnSignUp
       },
       async update(update) {
         await adminInterface.updateProject(update);
@@ -378,7 +472,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       throw new Error(`No URL for handler name ${handlerName}`);
     }
     window.location.href = this.urls[handlerName];
-    return (0, import_promises.neverResolve)();
+    return (0, import_promises.wait)(2e3);
   }
   async redirectToSignIn() {
     return await this._redirectTo("signIn");
@@ -469,7 +563,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         case "redirect": {
           router.replace(this.urls.signIn);
           (0, import_react3.suspend)();
-          throw new Error("suspend should never return! This is a bug in Stack.");
+          throw new import_errors.StackAssertionError("suspend should never return");
         }
         case "throw": {
           throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
@@ -681,6 +775,22 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
   _serverUsersCache = createCache(async () => {
     return await this._interface.listUsers();
   });
+  _serverUserCache = createCache(async ([userId]) => {
+    const user = await this._interface.getServerUserById(userId);
+    return import_results.Result.or(user, null);
+  });
+  _serverTeamsCache = createCache(async () => {
+    return await this._interface.listTeams();
+  });
+  _serverTeamMembersCache = createCache(async ([teamId]) => {
+    return await this._interface.listTeamMembers(teamId);
+  });
+  _serverTeamPermissionDefinitionsCache = createCache(async () => {
+    return await this._interface.listPermissionDefinitions();
+  });
+  _serverTeamUserPermissionsCache = createCache(async ([teamId, userId, type, direct]) => {
+    return await this._interface.listTeamMemberPermissions({ teamId, userId, type, direct });
+  });
   constructor(options) {
     if ("interface" in options) {
       super({
@@ -721,6 +831,67 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       getClientUser() {
         return app._userFromJson(json);
       },
+      async grantPermission(scope, permissionId) {
+        await app._interface.grantTeamUserPermission(scope.id, json.id, permissionId, "team");
+        for (const direct of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        }
+      },
+      async revokePermission(scope, permissionId) {
+        await app._interface.revokeTeamUserPermission(scope.id, json.id, permissionId, "team");
+        for (const direct of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        }
+      },
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      onTeamChange(teamId, callback) {
+        return this.onTeamsChange((teams) => {
+          const team = teams.find((t) => t.id === teamId) ?? null;
+          callback(team);
+        });
+      },
+      async listTeams() {
+        const teams = await app._serverTeamsCache.getOrWait([getTokenStore(app._tokenStoreOptions)], "write-only");
+        return teams.map((json2) => app._serverTeamFromJson(json2));
+      },
+      useTeams() {
+        const teams = useCache(app._serverTeamsCache, [getTokenStore(app._tokenStoreOptions)], "user.useTeams()");
+        return (0, import_react.useMemo)(() => teams.map((json2) => app._serverTeamFromJson(json2)), [teams]);
+      },
+      onTeamsChange(callback) {
+        return app._serverTeamsCache.onChange([getTokenStore(app._tokenStoreOptions)], (value, oldValue) => {
+          callback(value.map((json2) => app._serverTeamFromJson(json2)), oldValue?.map((json2) => app._serverTeamFromJson(json2)));
+        });
+      },
+      async listPermissions(scope, options) {
+        const permissions = await app._serverTeamUserPermissionsCache.getOrWait([scope.id, json.id, "team", !!options?.direct], "write-only");
+        return permissions.map((json2) => app._serverPermissionFromJson(json2));
+      },
+      usePermissions(scope, options) {
+        const permissions = useCache(app._serverTeamUserPermissionsCache, [scope.id, json.id, "team", !!options?.direct], "user.usePermissions()");
+        return (0, import_react.useMemo)(() => permissions.map((json2) => app._serverPermissionFromJson(json2)), [permissions]);
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      async hasPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.some((p) => p.id === permissionId);
+      },
       toJson() {
         return app._serverUserToJson(this);
       }
@@ -780,6 +951,20 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return currentUser;
     }
   }
+  _serverTeamMemberFromJson(json) {
+    if (json === null)
+      return null;
+    const app = this;
+    return {
+      ...app._teamMemberFromJson(json),
+      async getUser() {
+        const user = app._serverUserFromJson(await app._serverUserCache.getOrWait([json.userId], "write-only"));
+        if (!user)
+          throw new Error(`User ${json.userId} not found`);
+        return user;
+      }
+    };
+  }
   _serverUserToJson(user) {
     return {
       projectId: user.projectId,
@@ -797,12 +982,56 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       oauthProviders: user.oauthProviders
     };
   }
+  _serverTeamFromJson(json) {
+    const app = this;
+    return {
+      id: json.id,
+      displayName: json.displayName,
+      createdAt: new Date(json.createdAtMillis),
+      async listMembers() {
+        return (await app._interface.listTeamMembers(json.id)).map((u) => app._serverTeamMemberFromJson(u));
+      },
+      async update(update) {
+        await app._interface.updateTeam(json.id, update);
+        await app._serverTeamsCache.refresh([]);
+      },
+      async delete() {
+        await app._interface.deleteTeam(json.id);
+        await app._serverTeamsCache.refresh([]);
+      },
+      useMembers() {
+        const result = useCache(app._serverTeamMembersCache, [json.id], "team.useUsers()");
+        return (0, import_react.useMemo)(() => result.map((u) => app._serverTeamMemberFromJson(u)), [result]);
+      },
+      async addUser(userId) {
+        await app._interface.addUserToTeam({
+          teamId: json.id,
+          userId
+        });
+        await app._serverTeamMembersCache.refresh([json.id]);
+      },
+      async removeUser(userId) {
+        await app._interface.removeUserFromTeam({
+          teamId: json.id,
+          userId
+        });
+        await app._serverTeamMembersCache.refresh([json.id]);
+      },
+      toJson() {
+        return json;
+      }
+    };
+  }
   async getServerUser() {
     this._ensurePersistentTokenStore();
     const tokenStore = getTokenStore(this._tokenStoreOptions);
     const userJson = await this._currentServerUserCache.getOrWait([tokenStore], "write-only");
     return this._currentServerUserFromJson(userJson, tokenStore);
   }
+  async getServerUserById(userId) {
+    const json = await this._serverUserCache.getOrWait([userId], "write-only");
+    return this._serverUserFromJson(json);
+  }
   useServerUser(options) {
     this._ensurePersistentTokenStore();
     const tokenStore = getTokenStore(this._tokenStoreOptions);
@@ -836,6 +1065,58 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       callback(users.map((j) => this._serverUserFromJson(j)));
     });
   }
+  async listPermissionDefinitions() {
+    return await this._serverTeamPermissionDefinitionsCache.getOrWait([], "write-only");
+  }
+  usePermissionDefinitions() {
+    return useCache(this._serverTeamPermissionDefinitionsCache, [], "usePermissions()");
+  }
+  _serverPermissionFromJson(json) {
+    return {
+      ...this._permissionFromJson(json),
+      __databaseUniqueId: json.__databaseUniqueId,
+      description: json.description,
+      containPermissionIds: json.containPermissionIds
+    };
+  }
+  async createPermissionDefinition(data) {
+    const permission = await this._serverPermissionFromJson(await this._interface.createPermissionDefinition(data));
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+    return permission;
+  }
+  async updatePermissionDefinition(permissionId, data) {
+    await this._interface.updatePermissionDefinition(permissionId, data);
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async deletePermissionDefinition(permissionId) {
+    await this._interface.deletePermissionDefinition(permissionId);
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async listTeams() {
+    const teams = await this._serverTeamsCache.getOrWait([], "write-only");
+    return teams.map((t) => this._serverTeamFromJson(t));
+  }
+  async createTeam(data) {
+    const team = await this._interface.createTeam(data);
+    await this._serverTeamsCache.refresh([]);
+    return this._serverTeamFromJson(team);
+  }
+  useTeams() {
+    const teams = useCache(this._serverTeamsCache, [], "useServerTeams()");
+    return (0, import_react.useMemo)(() => {
+      return teams.map((t) => this._serverTeamFromJson(t));
+    }, [teams]);
+  }
+  async getTeam(teamId) {
+    const teams = await this.listTeams();
+    return teams.find((t) => t.id === teamId) ?? null;
+  }
+  useTeam(teamId) {
+    const teams = this.useTeams();
+    return (0, import_react.useMemo)(() => {
+      return teams.find((t) => t.id === teamId) ?? null;
+    }, [teams, teamId]);
+  }
   async _refreshUser(tokenStore) {
     await Promise.all([
       super._refreshUser(tokenStore),
@@ -978,3 +1259,4 @@ var StackAdminApp = _StackAdminAppImpl;
   StackServerApp,
   stackAppInternalsSymbol
 });
+//# sourceMappingURL=stack-app.js.map