@stigmer/protos 0.0.71 → 0.0.73

package/ai/stigmer/iam/invitation/v1/command_connect.d.ts

@@ -0,0 +1,79 @@
+/**
+ * InvitationCommandController handles write operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationCommandController
+ */
+export declare const InvitationCommandController: {
+    readonly typeName: "ai.stigmer.iam.invitation.v1.InvitationCommandController";
+    readonly methods: {
+        /**
+         * Create an invitation link for an organization.
+         *
+         * Generates a cryptographically random token and returns the full
+         * invitation resource including the token. The invite URL is
+         * constructed as: https://<host>/invite/<token>
+         *
+         * The specified role must be in the organization's grantable_roles.
+         * Platform-managed organizations cannot create invitations.
+         *
+         * @internal
+         * Authorization: Requires can_grant_access permission on the organization.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.create
+         */
+        readonly create: {
+            readonly name: "create";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Revoke an active invitation, preventing further redemptions.
+         *
+         * Sets the invitation state to revoked. Idempotent — revoking an
+         * already-revoked invitation is a no-op.
+         *
+         * @internal
+         * Authorization is handled in the handler: loads the invitation,
+         * resolves its organization, and checks can_grant_access on the org.
+         * Proto-level auth is skipped because the input (InvitationId) does
+         * not directly identify the org.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.revoke
+         */
+        readonly revoke: {
+            readonly name: "revoke";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Redeem an invitation to join an organization.
+         *
+         * Creates an IAM policy granting the invitation's configured role to
+         * the authenticated user on the invitation's organization. The
+         * redemption is atomic: the IAM policy is created and the redemption
+         * count is incremented in a single operation.
+         *
+         * Validation:
+         * - Invitation must be in active state
+         * - Invitation must not be expired
+         * - Invitation must not have reached max_redemptions (if > 0)
+         * - Redeemer must not already be a member of the organization
+         *
+         * @internal
+         * Authorization: The token itself is the authorization mechanism.
+         * The redeemer's identity is resolved from the authentication header.
+         * FGA authorization is skipped — any authenticated user with a valid
+         * token can redeem.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.redeem
+         */
+        readonly redeem: {
+            readonly name: "redeem";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+    };
+};

package/ai/stigmer/iam/invitation/v1/command_connect.js

@@ -0,0 +1,85 @@
+// @generated by protoc-gen-connect-es v1.6.1 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/command.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+import { MethodKind } from "@bufbuild/protobuf";
+/**
+ * InvitationCommandController handles write operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationCommandController
+ */
+export const InvitationCommandController = {
+    typeName: "ai.stigmer.iam.invitation.v1.InvitationCommandController",
+    methods: {
+        /**
+         * Create an invitation link for an organization.
+         *
+         * Generates a cryptographically random token and returns the full
+         * invitation resource including the token. The invite URL is
+         * constructed as: https://<host>/invite/<token>
+         *
+         * The specified role must be in the organization's grantable_roles.
+         * Platform-managed organizations cannot create invitations.
+         *
+         * @internal
+         * Authorization: Requires can_grant_access permission on the organization.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.create
+         */
+        create: {
+            name: "create",
+            I: Invitation,
+            O: Invitation,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Revoke an active invitation, preventing further redemptions.
+         *
+         * Sets the invitation state to revoked. Idempotent — revoking an
+         * already-revoked invitation is a no-op.
+         *
+         * @internal
+         * Authorization is handled in the handler: loads the invitation,
+         * resolves its organization, and checks can_grant_access on the org.
+         * Proto-level auth is skipped because the input (InvitationId) does
+         * not directly identify the org.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.revoke
+         */
+        revoke: {
+            name: "revoke",
+            I: InvitationId,
+            O: Invitation,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Redeem an invitation to join an organization.
+         *
+         * Creates an IAM policy granting the invitation's configured role to
+         * the authenticated user on the invitation's organization. The
+         * redemption is atomic: the IAM policy is created and the redemption
+         * count is incremented in a single operation.
+         *
+         * Validation:
+         * - Invitation must be in active state
+         * - Invitation must not be expired
+         * - Invitation must not have reached max_redemptions (if > 0)
+         * - Redeemer must not already be a member of the organization
+         *
+         * @internal
+         * Authorization: The token itself is the authorization mechanism.
+         * The redeemer's identity is resolved from the authentication header.
+         * FGA authorization is skipped — any authenticated user with a valid
+         * token can redeem.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.redeem
+         */
+        redeem: {
+            name: "redeem",
+            I: RedeemInvitationInput,
+            O: Invitation,
+            kind: MethodKind.Unary,
+        },
+    }
+};
+//# sourceMappingURL=command_connect.js.map

package/ai/stigmer/iam/invitation/v1/command_connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command_connect.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/command_connect.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,wHAAwH;AACxH,oBAAoB;AACpB,cAAc;AAGd,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,QAAQ,EAAE,0DAA0D;IACpE,OAAO,EAAE;QACP;;;;;;;;;;;;;;WAcG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,UAAU;YACb,CAAC,EAAE,UAAU;YACb,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;WAaG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,YAAY;YACf,CAAC,EAAE,UAAU;YACb,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;;;;;;;;;WAqBG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,qBAAqB;YACxB,CAAC,EAAE,UAAU;YACb,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;KACF;CACO,CAAC"}

package/ai/stigmer/iam/invitation/v1/command_pb.d.ts

@@ -0,0 +1,80 @@
+import type { GenFile, GenService } from "@bufbuild/protobuf/codegenv1";
+import type { InvitationSchema } from "./api_pb";
+import type { InvitationIdSchema, RedeemInvitationInputSchema } from "./io_pb";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/command.proto.
+ */
+export declare const file_ai_stigmer_iam_invitation_v1_command: GenFile;
+/**
+ * InvitationCommandController handles write operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationCommandController
+ */
+export declare const InvitationCommandController: GenService<{
+    /**
+     * Create an invitation link for an organization.
+     *
+     * Generates a cryptographically random token and returns the full
+     * invitation resource including the token. The invite URL is
+     * constructed as: https://<host>/invite/<token>
+     *
+     * The specified role must be in the organization's grantable_roles.
+     * Platform-managed organizations cannot create invitations.
+     *
+     * @internal
+     * Authorization: Requires can_grant_access permission on the organization.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.create
+     */
+    create: {
+        methodKind: "unary";
+        input: typeof InvitationSchema;
+        output: typeof InvitationSchema;
+    };
+    /**
+     * Revoke an active invitation, preventing further redemptions.
+     *
+     * Sets the invitation state to revoked. Idempotent — revoking an
+     * already-revoked invitation is a no-op.
+     *
+     * @internal
+     * Authorization is handled in the handler: loads the invitation,
+     * resolves its organization, and checks can_grant_access on the org.
+     * Proto-level auth is skipped because the input (InvitationId) does
+     * not directly identify the org.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.revoke
+     */
+    revoke: {
+        methodKind: "unary";
+        input: typeof InvitationIdSchema;
+        output: typeof InvitationSchema;
+    };
+    /**
+     * Redeem an invitation to join an organization.
+     *
+     * Creates an IAM policy granting the invitation's configured role to
+     * the authenticated user on the invitation's organization. The
+     * redemption is atomic: the IAM policy is created and the redemption
+     * count is incremented in a single operation.
+     *
+     * Validation:
+     * - Invitation must be in active state
+     * - Invitation must not be expired
+     * - Invitation must not have reached max_redemptions (if > 0)
+     * - Redeemer must not already be a member of the organization
+     *
+     * @internal
+     * Authorization: The token itself is the authorization mechanism.
+     * The redeemer's identity is resolved from the authentication header.
+     * FGA authorization is skipped — any authenticated user with a valid
+     * token can redeem.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationCommandController.redeem
+     */
+    redeem: {
+        methodKind: "unary";
+        input: typeof RedeemInvitationInputSchema;
+        output: typeof InvitationSchema;
+    };
+}>;

package/ai/stigmer/iam/invitation/v1/command_pb.js

@@ -0,0 +1,19 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/command.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_commons_apiresource_rpc_service_options } from "../../../commons/apiresource/rpc_service_options_pb";
+import { file_ai_stigmer_commons_rpc_method_options } from "../../../commons/rpc/method_options_pb";
+import { file_ai_stigmer_iam_invitation_v1_api } from "./api_pb";
+import { file_ai_stigmer_iam_invitation_v1_io } from "./io_pb";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/command.proto.
+ */
+export const file_ai_stigmer_iam_invitation_v1_command = /*@__PURE__*/ fileDesc("CiphaS9zdGlnbWVyL2lhbS9pbnZpdGF0aW9uL3YxL2NvbW1hbmQucHJvdG8SHGFpLnN0aWdtZXIuaWFtLmludml0YXRpb24udjEypwMKG0ludml0YXRpb25Db21tYW5kQ29udHJvbGxlchKsAQoGY3JlYXRlEiguYWkuc3RpZ21lci5pYW0uaW52aXRhdGlvbi52MS5JbnZpdGF0aW9uGiguYWkuc3RpZ21lci5pYW0uaW52aXRhdGlvbi52MS5JbnZpdGF0aW9uIk7CuBhKCAQQHiIMbWV0YWRhdGEub3JnKjZ1bmF1dGhvcml6ZWQgdG8gY3JlYXRlIGludml0YXRpb24gaW4gdGhpcyBvcmdhbml6YXRpb24SZAoGcmV2b2tlEiouYWkuc3RpZ21lci5pYW0uaW52aXRhdGlvbi52MS5JbnZpdGF0aW9uSWQaKC5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkludml0YXRpb24iBNC4GAESbQoGcmVkZWVtEjMuYWkuc3RpZ21lci5pYW0uaW52aXRhdGlvbi52MS5SZWRlZW1JbnZpdGF0aW9uSW5wdXQaKC5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkludml0YXRpb24iBNC4GAEaBKD/KxRiBnByb3RvMw", [file_ai_stigmer_commons_apiresource_rpc_service_options, file_ai_stigmer_commons_rpc_method_options, file_ai_stigmer_iam_invitation_v1_api, file_ai_stigmer_iam_invitation_v1_io]);
+/**
+ * InvitationCommandController handles write operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationCommandController
+ */
+export const InvitationCommandController = /*@__PURE__*/ serviceDesc(file_ai_stigmer_iam_invitation_v1_command, 0);
+//# sourceMappingURL=command_pb.js.map

package/ai/stigmer/iam/invitation/v1/command_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/command_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,wHAAwH;AACxH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,uDAAuD,EAAE,MAAM,qDAAqD,CAAC;AAC9H,OAAO,EAAE,0CAA0C,EAAE,MAAM,wCAAwC,CAAC;AAEpG,OAAO,EAAE,qCAAqC,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAE,oCAAoC,EAAE,MAAM,SAAS,CAAC;AAE/D;;GAEG;AACH,MAAM,CAAC,MAAM,yCAAyC,GAAY,aAAa,CAC7E,QAAQ,CAAC,wqBAAwqB,EAAE,CAAC,uDAAuD,EAAE,0CAA0C,EAAE,qCAAqC,EAAE,oCAAoC,CAAC,CAAC,CAAC;AAEz2B;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAmEnC,aAAa,CAChB,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/invitation/v1/enum_pb.d.ts

@@ -0,0 +1,49 @@
+import type { GenEnum, GenFile } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/enum.proto.
+ */
+export declare const file_ai_stigmer_iam_invitation_v1_enum: GenFile;
+/**
+ * InvitationState tracks the lifecycle of an invitation link.
+ *
+ * State transitions:
+ *   active -> expired       (system: past expires_at)
+ *   active -> revoked       (admin: explicit revocation)
+ *   active -> fully_redeemed (system: redemption_count >= max_redemptions)
+ *
+ * @generated from enum ai.stigmer.iam.invitation.v1.InvitationState
+ */
+export declare enum InvitationState {
+    /**
+     * @generated from enum value: invitation_state_unspecified = 0;
+     */
+    invitation_state_unspecified = 0,
+    /**
+     * The invitation is valid and can be redeemed.
+     *
+     * @generated from enum value: active = 1;
+     */
+    active = 1,
+    /**
+     * The invitation has passed its expires_at timestamp.
+     *
+     * @generated from enum value: expired = 2;
+     */
+    expired = 2,
+    /**
+     * An org admin explicitly revoked the invitation.
+     *
+     * @generated from enum value: revoked = 3;
+     */
+    revoked = 3,
+    /**
+     * The invitation reached its max_redemptions limit.
+     *
+     * @generated from enum value: fully_redeemed = 4;
+     */
+    fully_redeemed = 4
+}
+/**
+ * Describes the enum ai.stigmer.iam.invitation.v1.InvitationState.
+ */
+export declare const InvitationStateSchema: GenEnum<InvitationState>;

package/ai/stigmer/iam/invitation/v1/enum_pb.js

@@ -0,0 +1,54 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/enum.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+import { enumDesc, fileDesc } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/enum.proto.
+ */
+export const file_ai_stigmer_iam_invitation_v1_enum = /*@__PURE__*/ fileDesc("CidhaS9zdGlnbWVyL2lhbS9pbnZpdGF0aW9uL3YxL2VudW0ucHJvdG8SHGFpLnN0aWdtZXIuaWFtLmludml0YXRpb24udjEqbQoPSW52aXRhdGlvblN0YXRlEiAKHGludml0YXRpb25fc3RhdGVfdW5zcGVjaWZpZWQQABIKCgZhY3RpdmUQARILCgdleHBpcmVkEAISCwoHcmV2b2tlZBADEhIKDmZ1bGx5X3JlZGVlbWVkEARiBnByb3RvMw");
+/**
+ * InvitationState tracks the lifecycle of an invitation link.
+ *
+ * State transitions:
+ *   active -> expired       (system: past expires_at)
+ *   active -> revoked       (admin: explicit revocation)
+ *   active -> fully_redeemed (system: redemption_count >= max_redemptions)
+ *
+ * @generated from enum ai.stigmer.iam.invitation.v1.InvitationState
+ */
+export var InvitationState;
+(function (InvitationState) {
+    /**
+     * @generated from enum value: invitation_state_unspecified = 0;
+     */
+    InvitationState[InvitationState["invitation_state_unspecified"] = 0] = "invitation_state_unspecified";
+    /**
+     * The invitation is valid and can be redeemed.
+     *
+     * @generated from enum value: active = 1;
+     */
+    InvitationState[InvitationState["active"] = 1] = "active";
+    /**
+     * The invitation has passed its expires_at timestamp.
+     *
+     * @generated from enum value: expired = 2;
+     */
+    InvitationState[InvitationState["expired"] = 2] = "expired";
+    /**
+     * An org admin explicitly revoked the invitation.
+     *
+     * @generated from enum value: revoked = 3;
+     */
+    InvitationState[InvitationState["revoked"] = 3] = "revoked";
+    /**
+     * The invitation reached its max_redemptions limit.
+     *
+     * @generated from enum value: fully_redeemed = 4;
+     */
+    InvitationState[InvitationState["fully_redeemed"] = 4] = "fully_redeemed";
+})(InvitationState || (InvitationState = {}));
+/**
+ * Describes the enum ai.stigmer.iam.invitation.v1.InvitationState.
+ */
+export const InvitationStateSchema = /*@__PURE__*/ enumDesc(file_ai_stigmer_iam_invitation_v1_enum, 0);
+//# sourceMappingURL=enum_pb.js.map

package/ai/stigmer/iam/invitation/v1/enum_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enum_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/enum_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,qHAAqH;AACrH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAElE;;GAEG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAY,aAAa,CAC1E,QAAQ,CAAC,gQAAgQ,CAAC,CAAC;AAE7Q;;;;;;;;;GASG;AACH,MAAM,CAAN,IAAY,eAiCX;AAjCD,WAAY,eAAe;IACzB;;OAEG;IACH,qGAAgC,CAAA;IAEhC;;;;OAIG;IACH,yDAAU,CAAA;IAEV;;;;OAIG;IACH,2DAAW,CAAA;IAEX;;;;OAIG;IACH,2DAAW,CAAA;IAEX;;;;OAIG;IACH,yEAAkB,CAAA;AACpB,CAAC,EAjCW,eAAe,KAAf,eAAe,QAiC1B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6B,aAAa,CAC1E,QAAQ,CAAC,sCAAsC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/invitation/v1/io_pb.d.ts

@@ -0,0 +1,173 @@
+import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv1";
+import type { Invitation } from "./api_pb";
+import type { IamRole } from "../../v1/enum_pb";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/io.proto.
+ */
+export declare const file_ai_stigmer_iam_invitation_v1_io: GenFile;
+/**
+ * InvitationId identifies an invitation by its unique identifier.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.InvitationId
+ */
+export type InvitationId = Message<"ai.stigmer.iam.invitation.v1.InvitationId"> & {
+    /**
+     * Unique identifier of the invitation resource.
+     *
+     * @generated from field: string value = 1;
+     */
+    value: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationId.
+ * Use `create(InvitationIdSchema)` to create a new message.
+ */
+export declare const InvitationIdSchema: GenMessage<InvitationId>;
+/**
+ * Invitations contains a list of invitation resources.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.Invitations
+ */
+export type Invitations = Message<"ai.stigmer.iam.invitation.v1.Invitations"> & {
+    /**
+     * Invitation entries.
+     *
+     * @generated from field: repeated ai.stigmer.iam.invitation.v1.Invitation entries = 1;
+     */
+    entries: Invitation[];
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.Invitations.
+ * Use `create(InvitationsSchema)` to create a new message.
+ */
+export declare const InvitationsSchema: GenMessage<Invitations>;
+/**
+ * ListInvitationsByOrgInput specifies the organization whose invitations
+ * should be returned.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.ListInvitationsByOrgInput
+ */
+export type ListInvitationsByOrgInput = Message<"ai.stigmer.iam.invitation.v1.ListInvitationsByOrgInput"> & {
+    /**
+     * Organization slug to list invitations for.
+     *
+     * @generated from field: string org = 1;
+     */
+    org: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.ListInvitationsByOrgInput.
+ * Use `create(ListInvitationsByOrgInputSchema)` to create a new message.
+ */
+export declare const ListInvitationsByOrgInputSchema: GenMessage<ListInvitationsByOrgInput>;
+/**
+ * InvitationTokenInput identifies an invitation by its shareable token.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.InvitationTokenInput
+ */
+export type InvitationTokenInput = Message<"ai.stigmer.iam.invitation.v1.InvitationTokenInput"> & {
+    /**
+     * The cryptographically random token from the invite URL.
+     *
+     * @generated from field: string token = 1;
+     */
+    token: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationTokenInput.
+ * Use `create(InvitationTokenInputSchema)` to create a new message.
+ */
+export declare const InvitationTokenInputSchema: GenMessage<InvitationTokenInput>;
+/**
+ * RedeemInvitationInput is the request to redeem an invitation.
+ * The redeemer's identity is resolved from the authentication header.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.RedeemInvitationInput
+ */
+export type RedeemInvitationInput = Message<"ai.stigmer.iam.invitation.v1.RedeemInvitationInput"> & {
+    /**
+     * The cryptographically random token from the invite URL.
+     *
+     * @generated from field: string token = 1;
+     */
+    token: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.RedeemInvitationInput.
+ * Use `create(RedeemInvitationInputSchema)` to create a new message.
+ */
+export declare const RedeemInvitationInputSchema: GenMessage<RedeemInvitationInput>;
+/**
+ * InvitationPreview is a safe projection of an invitation for unauthenticated
+ * users viewing an invite link.
+ *
+ * This message is returned by the getByToken query, which requires no
+ * authentication. It intentionally omits sensitive fields (token value,
+ * redemption history) and includes only the information needed to render
+ * the "You've been invited to join [org]" page.
+ *
+ * Information disclosure is acceptable here because the token is already
+ * a shared secret — knowing the org name is necessary to render the
+ * invitation acceptance page.
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.InvitationPreview
+ */
+export type InvitationPreview = Message<"ai.stigmer.iam.invitation.v1.InvitationPreview"> & {
+    /**
+     * Display name of the organization.
+     *
+     * @generated from field: string organization_name = 1;
+     */
+    organizationName: string;
+    /**
+     * URL-friendly identifier of the organization.
+     *
+     * @generated from field: string organization_slug = 2;
+     */
+    organizationSlug: string;
+    /**
+     * URL to the organization's logo image.
+     *
+     * @generated from field: string organization_logo_url = 3;
+     */
+    organizationLogoUrl: string;
+    /**
+     * The role that will be granted upon redemption.
+     *
+     * @generated from field: ai.stigmer.iam.v1.IamRole role = 4;
+     */
+    role: IamRole;
+    /**
+     * When this invitation expires.
+     *
+     * @generated from field: google.protobuf.Timestamp expires_at = 5;
+     */
+    expiresAt?: Timestamp;
+    /**
+     * Human-readable label describing the invitation's purpose.
+     *
+     * @generated from field: string label = 6;
+     */
+    label: string;
+    /**
+     * Whether this invitation can currently be redeemed.
+     * False if expired, revoked, or fully redeemed.
+     *
+     * @generated from field: bool is_valid = 7;
+     */
+    isValid: boolean;
+    /**
+     * Human-readable reason when is_valid is false.
+     * Empty when the invitation is valid.
+     *
+     * @generated from field: string invalid_reason = 8;
+     */
+    invalidReason: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationPreview.
+ * Use `create(InvitationPreviewSchema)` to create a new message.
+ */
+export declare const InvitationPreviewSchema: GenMessage<InvitationPreview>;

package/ai/stigmer/iam/invitation/v1/io_pb.js

@@ -0,0 +1,43 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/io.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_iam_invitation_v1_api } from "./api_pb";
+import { file_ai_stigmer_iam_v1_enum } from "../../v1/enum_pb";
+import { file_buf_validate_validate } from "../../../../../buf/validate/validate_pb";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/io.proto.
+ */
+export const file_ai_stigmer_iam_invitation_v1_io = /*@__PURE__*/ fileDesc("CiVhaS9zdGlnbWVyL2lhbS9pbnZpdGF0aW9uL3YxL2lvLnByb3RvEhxhaS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxIiUKDEludml0YXRpb25JZBIVCgV2YWx1ZRgBIAEoCUIGukgDyAEBIkgKC0ludml0YXRpb25zEjkKB2VudHJpZXMYASADKAsyKC5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkludml0YXRpb24iMQoZTGlzdEludml0YXRpb25zQnlPcmdJbnB1dBIUCgNvcmcYASABKAlCB7pIBHICEAEiLgoUSW52aXRhdGlvblRva2VuSW5wdXQSFgoFdG9rZW4YASABKAlCB7pIBHICEAEiLwoVUmVkZWVtSW52aXRhdGlvbklucHV0EhYKBXRva2VuGAEgASgJQge6SARyAhABIvsBChFJbnZpdGF0aW9uUHJldmlldxIZChFvcmdhbml6YXRpb25fbmFtZRgBIAEoCRIZChFvcmdhbml6YXRpb25fc2x1ZxgCIAEoCRIdChVvcmdhbml6YXRpb25fbG9nb191cmwYAyABKAkSKAoEcm9sZRgEIAEoDjIaLmFpLnN0aWdtZXIuaWFtLnYxLklhbVJvbGUSLgoKZXhwaXJlc19hdBgFIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASDQoFbGFiZWwYBiABKAkSEAoIaXNfdmFsaWQYByABKAgSFgoOaW52YWxpZF9yZWFzb24YCCABKAliBnByb3RvMw", [file_ai_stigmer_iam_invitation_v1_api, file_ai_stigmer_iam_v1_enum, file_buf_validate_validate, file_google_protobuf_timestamp]);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationId.
+ * Use `create(InvitationIdSchema)` to create a new message.
+ */
+export const InvitationIdSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 0);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.Invitations.
+ * Use `create(InvitationsSchema)` to create a new message.
+ */
+export const InvitationsSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 1);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.ListInvitationsByOrgInput.
+ * Use `create(ListInvitationsByOrgInputSchema)` to create a new message.
+ */
+export const ListInvitationsByOrgInputSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 2);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationTokenInput.
+ * Use `create(InvitationTokenInputSchema)` to create a new message.
+ */
+export const InvitationTokenInputSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 3);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.RedeemInvitationInput.
+ * Use `create(RedeemInvitationInputSchema)` to create a new message.
+ */
+export const RedeemInvitationInputSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 4);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationPreview.
+ * Use `create(InvitationPreviewSchema)` to create a new message.
+ */
+export const InvitationPreviewSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_io, 5);
+//# sourceMappingURL=io_pb.js.map

package/ai/stigmer/iam/invitation/v1/io_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"io_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/io_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,mHAAmH;AACnH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,EAAE,qCAAqC,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAErF,OAAO,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC;AAGxE;;GAEG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAY,aAAa,CACxE,QAAQ,CAAC,wxBAAwxB,EAAE,CAAC,qCAAqC,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,8BAA8B,CAAC,CAAC,CAAC;AAgBv6B;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA6B,aAAa,CACvE,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;AAgBvD;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA4B,aAAa,CACrE,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;AAiBvD;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA0C,aAAa,CACjG,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;AAgBvD;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAqC,aAAa,CACvF,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;AAiBvD;;;GAGG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAsC,aAAa,CACzF,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;AA6EvD;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAkC,aAAa,CACjF,WAAW,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/invitation/v1/query_connect.d.ts

@@ -0,0 +1,68 @@
+/**
+ * InvitationQueryController handles read operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationQueryController
+ */
+export declare const InvitationQueryController: {
+    readonly typeName: "ai.stigmer.iam.invitation.v1.InvitationQueryController";
+    readonly methods: {
+        /**
+         * Get an invitation by its unique identifier.
+         *
+         * @internal
+         * Authorization: Requires can_view permission on the invitation resource.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.get
+         */
+        readonly get: {
+            readonly name: "get";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * List all invitations belonging to an organization.
+         *
+         * Returns invitations ordered by creation time (newest first).
+         *
+         * @internal
+         * Authorization: Requires can_view_access permission on the organization.
+         * This is intentionally stricter than can_view — only users who can
+         * manage org access (admins and owners) should see invitation links.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.listByOrg
+         */
+        readonly listByOrg: {
+            readonly name: "listByOrg";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Get a preview of an invitation by its shareable token.
+         *
+         * Returns a safe projection (InvitationPreview) containing only the
+         * information needed to render the invite acceptance page: organization
+         * name, logo, the role being offered, and whether the invitation is
+         * still valid.
+         *
+         * This endpoint is called by the web app's invite page before the user
+         * has authenticated, so it requires no authorization. The response
+         * intentionally omits the token value, redemption history, and internal
+         * invitation metadata.
+         *
+         * @internal
+         * Authorization: none — unauthenticated, public endpoint for rendering
+         * the invite acceptance page. Uses is_skip_authorization following the
+         * getSsoProvider precedent.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.getByToken
+         */
+        readonly getByToken: {
+            readonly name: "getByToken";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+    };
+};