@stigmer/protos 0.0.71 → 0.0.73

package/ai/stigmer/iam/invitation/v1/query_connect.js

@@ -0,0 +1,74 @@
+// @generated by protoc-gen-connect-es v1.6.1 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/query.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+import { MethodKind } from "@bufbuild/protobuf";
+/**
+ * InvitationQueryController handles read operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationQueryController
+ */
+export const InvitationQueryController = {
+    typeName: "ai.stigmer.iam.invitation.v1.InvitationQueryController",
+    methods: {
+        /**
+         * Get an invitation by its unique identifier.
+         *
+         * @internal
+         * Authorization: Requires can_view permission on the invitation resource.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.get
+         */
+        get: {
+            name: "get",
+            I: InvitationId,
+            O: Invitation,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * List all invitations belonging to an organization.
+         *
+         * Returns invitations ordered by creation time (newest first).
+         *
+         * @internal
+         * Authorization: Requires can_view_access permission on the organization.
+         * This is intentionally stricter than can_view — only users who can
+         * manage org access (admins and owners) should see invitation links.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.listByOrg
+         */
+        listByOrg: {
+            name: "listByOrg",
+            I: ListInvitationsByOrgInput,
+            O: Invitations,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Get a preview of an invitation by its shareable token.
+         *
+         * Returns a safe projection (InvitationPreview) containing only the
+         * information needed to render the invite acceptance page: organization
+         * name, logo, the role being offered, and whether the invitation is
+         * still valid.
+         *
+         * This endpoint is called by the web app's invite page before the user
+         * has authenticated, so it requires no authorization. The response
+         * intentionally omits the token value, redemption history, and internal
+         * invitation metadata.
+         *
+         * @internal
+         * Authorization: none — unauthenticated, public endpoint for rendering
+         * the invite acceptance page. Uses is_skip_authorization following the
+         * getSsoProvider precedent.
+         *
+         * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.getByToken
+         */
+        getByToken: {
+            name: "getByToken",
+            I: InvitationTokenInput,
+            O: InvitationPreview,
+            kind: MethodKind.Unary,
+        },
+    }
+};
+//# sourceMappingURL=query_connect.js.map

package/ai/stigmer/iam/invitation/v1/query_connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query_connect.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/query_connect.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,sHAAsH;AACtH,oBAAoB;AACpB,cAAc;AAId,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,QAAQ,EAAE,wDAAwD;IAClE,OAAO,EAAE;QACP;;;;;;;WAOG;QACH,GAAG,EAAE;YACH,IAAI,EAAE,KAAK;YACX,CAAC,EAAE,YAAY;YACf,CAAC,EAAE,UAAU;YACb,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;WAWG;QACH,SAAS,EAAE;YACT,IAAI,EAAE,WAAW;YACjB,CAAC,EAAE,yBAAyB;YAC5B,CAAC,EAAE,WAAW;YACd,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;;;;;;;WAmBG;QACH,UAAU,EAAE;YACV,IAAI,EAAE,YAAY;YAClB,CAAC,EAAE,oBAAoB;YACvB,CAAC,EAAE,iBAAiB;YACpB,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;KACF;CACO,CAAC"}

package/ai/stigmer/iam/invitation/v1/query_pb.d.ts

@@ -0,0 +1,69 @@
+import type { GenFile, GenService } from "@bufbuild/protobuf/codegenv1";
+import type { InvitationSchema } from "./api_pb";
+import type { InvitationIdSchema, InvitationPreviewSchema, InvitationsSchema, InvitationTokenInputSchema, ListInvitationsByOrgInputSchema } from "./io_pb";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/query.proto.
+ */
+export declare const file_ai_stigmer_iam_invitation_v1_query: GenFile;
+/**
+ * InvitationQueryController handles read operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationQueryController
+ */
+export declare const InvitationQueryController: GenService<{
+    /**
+     * Get an invitation by its unique identifier.
+     *
+     * @internal
+     * Authorization: Requires can_view permission on the invitation resource.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.get
+     */
+    get: {
+        methodKind: "unary";
+        input: typeof InvitationIdSchema;
+        output: typeof InvitationSchema;
+    };
+    /**
+     * List all invitations belonging to an organization.
+     *
+     * Returns invitations ordered by creation time (newest first).
+     *
+     * @internal
+     * Authorization: Requires can_view_access permission on the organization.
+     * This is intentionally stricter than can_view — only users who can
+     * manage org access (admins and owners) should see invitation links.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.listByOrg
+     */
+    listByOrg: {
+        methodKind: "unary";
+        input: typeof ListInvitationsByOrgInputSchema;
+        output: typeof InvitationsSchema;
+    };
+    /**
+     * Get a preview of an invitation by its shareable token.
+     *
+     * Returns a safe projection (InvitationPreview) containing only the
+     * information needed to render the invite acceptance page: organization
+     * name, logo, the role being offered, and whether the invitation is
+     * still valid.
+     *
+     * This endpoint is called by the web app's invite page before the user
+     * has authenticated, so it requires no authorization. The response
+     * intentionally omits the token value, redemption history, and internal
+     * invitation metadata.
+     *
+     * @internal
+     * Authorization: none — unauthenticated, public endpoint for rendering
+     * the invite acceptance page. Uses is_skip_authorization following the
+     * getSsoProvider precedent.
+     *
+     * @generated from rpc ai.stigmer.iam.invitation.v1.InvitationQueryController.getByToken
+     */
+    getByToken: {
+        methodKind: "unary";
+        input: typeof InvitationTokenInputSchema;
+        output: typeof InvitationPreviewSchema;
+    };
+}>;

package/ai/stigmer/iam/invitation/v1/query_pb.js

@@ -0,0 +1,19 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/query.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_commons_apiresource_rpc_service_options } from "../../../commons/apiresource/rpc_service_options_pb";
+import { file_ai_stigmer_commons_rpc_method_options } from "../../../commons/rpc/method_options_pb";
+import { file_ai_stigmer_iam_invitation_v1_api } from "./api_pb";
+import { file_ai_stigmer_iam_invitation_v1_io } from "./io_pb";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/query.proto.
+ */
+export const file_ai_stigmer_iam_invitation_v1_query = /*@__PURE__*/ fileDesc("CihhaS9zdGlnbWVyL2lhbS9pbnZpdGF0aW9uL3YxL3F1ZXJ5LnByb3RvEhxhaS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxMuIDChlJbnZpdGF0aW9uUXVlcnlDb250cm9sbGVyEo0BCgNnZXQSKi5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkludml0YXRpb25JZBooLmFpLnN0aWdtZXIuaWFtLmludml0YXRpb24udjEuSW52aXRhdGlvbiIwwrgYLAgBEBQiBXZhbHVlKh91bmF1dGhvcml6ZWQgdG8gdmlldyBpbnZpdGF0aW9uErUBCglsaXN0QnlPcmcSNy5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkxpc3RJbnZpdGF0aW9uc0J5T3JnSW5wdXQaKS5haS5zdGlnbWVyLmlhbS5pbnZpdGF0aW9uLnYxLkludml0YXRpb25zIkTCuBhACAUQHiIDb3JnKjV1bmF1dGhvcml6ZWQgdG8gbGlzdCBpbnZpdGF0aW9ucyBpbiB0aGlzIG9yZ2FuaXphdGlvbhJ3CgpnZXRCeVRva2VuEjIuYWkuc3RpZ21lci5pYW0uaW52aXRhdGlvbi52MS5JbnZpdGF0aW9uVG9rZW5JbnB1dBovLmFpLnN0aWdtZXIuaWFtLmludml0YXRpb24udjEuSW52aXRhdGlvblByZXZpZXciBNC4GAEaBKD/KxRiBnByb3RvMw", [file_ai_stigmer_commons_apiresource_rpc_service_options, file_ai_stigmer_commons_rpc_method_options, file_ai_stigmer_iam_invitation_v1_api, file_ai_stigmer_iam_invitation_v1_io]);
+/**
+ * InvitationQueryController handles read operations for invitations.
+ *
+ * @generated from service ai.stigmer.iam.invitation.v1.InvitationQueryController
+ */
+export const InvitationQueryController = /*@__PURE__*/ serviceDesc(file_ai_stigmer_iam_invitation_v1_query, 0);
+//# sourceMappingURL=query_pb.js.map

package/ai/stigmer/iam/invitation/v1/query_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/query_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,sHAAsH;AACtH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,uDAAuD,EAAE,MAAM,qDAAqD,CAAC;AAC9H,OAAO,EAAE,0CAA0C,EAAE,MAAM,wCAAwC,CAAC;AAEpG,OAAO,EAAE,qCAAqC,EAAE,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAE,oCAAoC,EAAE,MAAM,SAAS,CAAC;AAE/D;;GAEG;AACH,MAAM,CAAC,MAAM,uCAAuC,GAAY,aAAa,CAC3E,QAAQ,CAAC,ovBAAovB,EAAE,CAAC,uDAAuD,EAAE,0CAA0C,EAAE,qCAAqC,EAAE,oCAAoC,CAAC,CAAC,CAAC;AAEr7B;;;;GAIG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAwDjC,aAAa,CAChB,WAAW,CAAC,uCAAuC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/invitation/v1/spec_pb.d.ts

@@ -0,0 +1,77 @@
+import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv1";
+import type { IamRole } from "../../v1/enum_pb";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/spec.proto.
+ */
+export declare const file_ai_stigmer_iam_invitation_v1_spec: GenFile;
+/**
+ * InvitationSpec defines the user-provided configuration for an invitation.
+ *
+ * An invitation is a shareable link that grants a specific role to anyone
+ * who redeems it. Invitations can be multi-use (persistent org invite link)
+ * or single-use (targeted invitation for a specific person).
+ *
+ * Example YAML (persistent org invite link):
+ *   apiVersion: iam.stigmer.ai/v1
+ *   kind: Invitation
+ *   metadata:
+ *     name: engineering-team-link
+ *     org: acme
+ *   spec:
+ *     role: viewer
+ *     max_redemptions: 0
+ *     expires_at: "2026-05-06T00:00:00Z"
+ *     label: "Engineering team invite"
+ *
+ * Example YAML (single-use targeted invite):
+ *   apiVersion: iam.stigmer.ai/v1
+ *   kind: Invitation
+ *   metadata:
+ *     name: contractor-invite
+ *     org: acme
+ *   spec:
+ *     role: member
+ *     max_redemptions: 1
+ *     expires_at: "2026-04-13T00:00:00Z"
+ *     label: "Contractor onboarding"
+ *
+ * @generated from message ai.stigmer.iam.invitation.v1.InvitationSpec
+ */
+export type InvitationSpec = Message<"ai.stigmer.iam.invitation.v1.InvitationSpec"> & {
+    /**
+     * The role granted to the identity account upon redemption.
+     * Must be a role listed in the organization's grantable_roles.
+     *
+     * @generated from field: ai.stigmer.iam.v1.IamRole role = 1;
+     */
+    role: IamRole;
+    /**
+     * Maximum number of times this invitation can be redeemed.
+     * 0 means unlimited (use for persistent org invite links).
+     * 1 means single-use (use for targeted invitations).
+     *
+     * @generated from field: int32 max_redemptions = 2;
+     */
+    maxRedemptions: number;
+    /**
+     * When this invitation expires. Required.
+     * The backend enforces a maximum expiration window (configurable per org).
+     *
+     * @generated from field: google.protobuf.Timestamp expires_at = 3;
+     */
+    expiresAt?: Timestamp;
+    /**
+     * Human-readable label for organizational purposes.
+     * Helps admins distinguish between multiple active invitations.
+     *
+     * @generated from field: string label = 4;
+     */
+    label: string;
+};
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationSpec.
+ * Use `create(InvitationSpecSchema)` to create a new message.
+ */
+export declare const InvitationSpecSchema: GenMessage<InvitationSpec>;

package/ai/stigmer/iam/invitation/v1/spec_pb.js

@@ -0,0 +1,17 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/invitation/v1/spec.proto (package ai.stigmer.iam.invitation.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_iam_v1_enum } from "../../v1/enum_pb";
+import { file_buf_validate_validate } from "../../../../../buf/validate/validate_pb";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+/**
+ * Describes the file ai/stigmer/iam/invitation/v1/spec.proto.
+ */
+export const file_ai_stigmer_iam_invitation_v1_spec = /*@__PURE__*/ fileDesc("CidhaS9zdGlnbWVyL2lhbS9pbnZpdGF0aW9uL3YxL3NwZWMucHJvdG8SHGFpLnN0aWdtZXIuaWFtLmludml0YXRpb24udjEirAEKDkludml0YXRpb25TcGVjEjAKBHJvbGUYASABKA4yGi5haS5zdGlnbWVyLmlhbS52MS5JYW1Sb2xlQga6SAPIAQESFwoPbWF4X3JlZGVtcHRpb25zGAIgASgFEjYKCmV4cGlyZXNfYXQYAyABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wQga6SAPIAQESFwoFbGFiZWwYBCABKAlCCLpIBXIDGMgBYgZwcm90bzM", [file_ai_stigmer_iam_v1_enum, file_buf_validate_validate, file_google_protobuf_timestamp]);
+/**
+ * Describes the message ai.stigmer.iam.invitation.v1.InvitationSpec.
+ * Use `create(InvitationSpecSchema)` to create a new message.
+ */
+export const InvitationSpecSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_invitation_v1_spec, 0);
+//# sourceMappingURL=spec_pb.js.map

package/ai/stigmer/iam/invitation/v1/spec_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"spec_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/invitation/v1/spec_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,qHAAqH;AACrH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAErF,OAAO,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC;AAGxE;;GAEG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAY,aAAa,CAC1E,QAAQ,CAAC,qVAAqV,EAAE,CAAC,2BAA2B,EAAE,0BAA0B,EAAE,8BAA8B,CAAC,CAAC,CAAC;AAsE7b;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAA+B,aAAa,CAC3E,WAAW,CAAC,sCAAsC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/v1/enum_pb.d.ts

@@ -0,0 +1,177 @@
+import type { GenEnum, GenFile } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/v1/enum.proto.
+ */
+export declare const file_ai_stigmer_iam_v1_enum: GenFile;
+/**
+ * IamPermission defines the permissions checked by the authorization
+ * interceptor before an RPC handler executes.
+ *
+ * Each value maps to an FGA permission name (a computed relation derived
+ * from roles). Permissions are never directly assigned to principals —
+ * they are granted implicitly through role assignments.
+ *
+ * For assignable roles, see IamRole below.
+ * For structural FGA relations (organization, session, agent, etc.),
+ * those are internal wiring and not represented in this enum.
+ *
+ * @generated from enum ai.stigmer.iam.v1.IamPermission
+ */
+export declare enum IamPermission {
+    /**
+     * @generated from enum value: unspecified = 0;
+     */
+    unspecified = 0,
+    /**
+     * Standard CRUD permissions.
+     *
+     * @generated from enum value: can_view = 1;
+     */
+    can_view = 1,
+    /**
+     * @generated from enum value: can_edit = 2;
+     */
+    can_edit = 2,
+    /**
+     * @generated from enum value: can_delete = 3;
+     */
+    can_delete = 3,
+    /**
+     * Access management permissions.
+     *
+     * @generated from enum value: can_grant_access = 4;
+     */
+    can_grant_access = 4,
+    /**
+     * @generated from enum value: can_view_access = 5;
+     */
+    can_view_access = 5,
+    /**
+     * Organization-level create permissions.
+     *
+     * @generated from enum value: can_create_agent = 6;
+     */
+    can_create_agent = 6,
+    /**
+     * @generated from enum value: can_create_workflow = 7;
+     */
+    can_create_workflow = 7,
+    /**
+     * @generated from enum value: can_create_session = 8;
+     */
+    can_create_session = 8,
+    /**
+     * @generated from enum value: can_create_skill = 9;
+     */
+    can_create_skill = 9,
+    /**
+     * @generated from enum value: can_create_project = 10;
+     */
+    can_create_project = 10,
+    /**
+     * @generated from enum value: can_create_idp = 11;
+     */
+    can_create_idp = 11,
+    /**
+     * @generated from enum value: can_create_environment = 12;
+     */
+    can_create_environment = 12,
+    /**
+     * @generated from enum value: can_create_identity_account = 21;
+     */
+    can_create_identity_account = 21,
+    /**
+     * Resource-level create permissions.
+     *
+     * @generated from enum value: can_create_execution_in = 13;
+     */
+    can_create_execution_in = 13,
+    /**
+     * @generated from enum value: can_create_instance = 14;
+     */
+    can_create_instance = 14,
+    /**
+     * Execution permission.
+     *
+     * @generated from enum value: can_execute = 15;
+     */
+    can_execute = 15,
+    /**
+     * Secret access permission.
+     *
+     * @generated from enum value: can_read_secrets = 16;
+     */
+    can_read_secrets = 16,
+    /**
+     * Platform-level permissions.
+     *
+     * @generated from enum value: can_bootstrap_iam = 17;
+     */
+    can_bootstrap_iam = 17,
+    /**
+     * @generated from enum value: can_manage_identity_accounts = 18;
+     */
+    can_manage_identity_accounts = 18,
+    /**
+     * @generated from enum value: can_update_execution_status = 19;
+     */
+    can_update_execution_status = 19,
+    /**
+     * Back-office access permission.
+     *
+     * @generated from enum value: login_to_back_office = 20;
+     */
+    login_to_back_office = 20
+}
+/**
+ * Describes the enum ai.stigmer.iam.v1.IamPermission.
+ */
+export declare const IamPermissionSchema: GenEnum<IamPermission>;
+/**
+ * IamRole defines the roles that can be assigned to principals on resources
+ * via IAM policies.
+ *
+ * Roles are human-assigned and represent a principal's relationship to a
+ * resource. They are distinct from permissions (which are computed from roles
+ * and checked by the authorization interceptor) and structural relations
+ * (which are internal FGA wiring like organization or session links).
+ *
+ * Each ApiResourceKind declares which of these roles are grantable via
+ * the grantable_roles field in its AuthorizationConfig.
+ *
+ * @generated from enum ai.stigmer.iam.v1.IamRole
+ */
+export declare enum IamRole {
+    /**
+     * @generated from enum value: iam_role_unspecified = 0;
+     */
+    iam_role_unspecified = 0,
+    /**
+     * Full control of the resource. Typically assigned to the creator.
+     *
+     * @generated from enum value: owner = 1;
+     */
+    owner = 1,
+    /**
+     * Administrative access. Grants most permissions except ownership transfer.
+     *
+     * @generated from enum value: admin = 2;
+     */
+    admin = 2,
+    /**
+     * Membership-level access. Grants read and limited write permissions.
+     *
+     * @generated from enum value: member = 3;
+     */
+    member = 3,
+    /**
+     * Read-only access to the resource.
+     *
+     * @generated from enum value: viewer = 4;
+     */
+    viewer = 4
+}
+/**
+ * Describes the enum ai.stigmer.iam.v1.IamRole.
+ */
+export declare const IamRoleSchema: GenEnum<IamRole>;

package/ai/stigmer/iam/v1/enum_pb.js

@@ -0,0 +1,183 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/v1/enum.proto (package ai.stigmer.iam.v1, syntax proto3)
+/* eslint-disable */
+import { enumDesc, fileDesc } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/v1/enum.proto.
+ */
+export const file_ai_stigmer_iam_v1_enum = /*@__PURE__*/ fileDesc("ChxhaS9zdGlnbWVyL2lhbS92MS9lbnVtLnByb3RvEhFhaS5zdGlnbWVyLmlhbS52MSqOBAoNSWFtUGVybWlzc2lvbhIPCgt1bnNwZWNpZmllZBAAEgwKCGNhbl92aWV3EAESDAoIY2FuX2VkaXQQAhIOCgpjYW5fZGVsZXRlEAMSFAoQY2FuX2dyYW50X2FjY2VzcxAEEhMKD2Nhbl92aWV3X2FjY2VzcxAFEhQKEGNhbl9jcmVhdGVfYWdlbnQQBhIXChNjYW5fY3JlYXRlX3dvcmtmbG93EAcSFgoSY2FuX2NyZWF0ZV9zZXNzaW9uEAgSFAoQY2FuX2NyZWF0ZV9za2lsbBAJEhYKEmNhbl9jcmVhdGVfcHJvamVjdBAKEhIKDmNhbl9jcmVhdGVfaWRwEAsSGgoWY2FuX2NyZWF0ZV9lbnZpcm9ubWVudBAMEh8KG2Nhbl9jcmVhdGVfaWRlbnRpdHlfYWNjb3VudBAVEhsKF2Nhbl9jcmVhdGVfZXhlY3V0aW9uX2luEA0SFwoTY2FuX2NyZWF0ZV9pbnN0YW5jZRAOEg8KC2Nhbl9leGVjdXRlEA8SFAoQY2FuX3JlYWRfc2VjcmV0cxAQEhUKEWNhbl9ib290c3RyYXBfaWFtEBESIAocY2FuX21hbmFnZV9pZGVudGl0eV9hY2NvdW50cxASEh8KG2Nhbl91cGRhdGVfZXhlY3V0aW9uX3N0YXR1cxATEhgKFGxvZ2luX3RvX2JhY2tfb2ZmaWNlEBQqUQoHSWFtUm9sZRIYChRpYW1fcm9sZV91bnNwZWNpZmllZBAAEgkKBW93bmVyEAESCQoFYWRtaW4QAhIKCgZtZW1iZXIQAxIKCgZ2aWV3ZXIQBGIGcHJvdG8z");
+/**
+ * IamPermission defines the permissions checked by the authorization
+ * interceptor before an RPC handler executes.
+ *
+ * Each value maps to an FGA permission name (a computed relation derived
+ * from roles). Permissions are never directly assigned to principals —
+ * they are granted implicitly through role assignments.
+ *
+ * For assignable roles, see IamRole below.
+ * For structural FGA relations (organization, session, agent, etc.),
+ * those are internal wiring and not represented in this enum.
+ *
+ * @generated from enum ai.stigmer.iam.v1.IamPermission
+ */
+export var IamPermission;
+(function (IamPermission) {
+    /**
+     * @generated from enum value: unspecified = 0;
+     */
+    IamPermission[IamPermission["unspecified"] = 0] = "unspecified";
+    /**
+     * Standard CRUD permissions.
+     *
+     * @generated from enum value: can_view = 1;
+     */
+    IamPermission[IamPermission["can_view"] = 1] = "can_view";
+    /**
+     * @generated from enum value: can_edit = 2;
+     */
+    IamPermission[IamPermission["can_edit"] = 2] = "can_edit";
+    /**
+     * @generated from enum value: can_delete = 3;
+     */
+    IamPermission[IamPermission["can_delete"] = 3] = "can_delete";
+    /**
+     * Access management permissions.
+     *
+     * @generated from enum value: can_grant_access = 4;
+     */
+    IamPermission[IamPermission["can_grant_access"] = 4] = "can_grant_access";
+    /**
+     * @generated from enum value: can_view_access = 5;
+     */
+    IamPermission[IamPermission["can_view_access"] = 5] = "can_view_access";
+    /**
+     * Organization-level create permissions.
+     *
+     * @generated from enum value: can_create_agent = 6;
+     */
+    IamPermission[IamPermission["can_create_agent"] = 6] = "can_create_agent";
+    /**
+     * @generated from enum value: can_create_workflow = 7;
+     */
+    IamPermission[IamPermission["can_create_workflow"] = 7] = "can_create_workflow";
+    /**
+     * @generated from enum value: can_create_session = 8;
+     */
+    IamPermission[IamPermission["can_create_session"] = 8] = "can_create_session";
+    /**
+     * @generated from enum value: can_create_skill = 9;
+     */
+    IamPermission[IamPermission["can_create_skill"] = 9] = "can_create_skill";
+    /**
+     * @generated from enum value: can_create_project = 10;
+     */
+    IamPermission[IamPermission["can_create_project"] = 10] = "can_create_project";
+    /**
+     * @generated from enum value: can_create_idp = 11;
+     */
+    IamPermission[IamPermission["can_create_idp"] = 11] = "can_create_idp";
+    /**
+     * @generated from enum value: can_create_environment = 12;
+     */
+    IamPermission[IamPermission["can_create_environment"] = 12] = "can_create_environment";
+    /**
+     * @generated from enum value: can_create_identity_account = 21;
+     */
+    IamPermission[IamPermission["can_create_identity_account"] = 21] = "can_create_identity_account";
+    /**
+     * Resource-level create permissions.
+     *
+     * @generated from enum value: can_create_execution_in = 13;
+     */
+    IamPermission[IamPermission["can_create_execution_in"] = 13] = "can_create_execution_in";
+    /**
+     * @generated from enum value: can_create_instance = 14;
+     */
+    IamPermission[IamPermission["can_create_instance"] = 14] = "can_create_instance";
+    /**
+     * Execution permission.
+     *
+     * @generated from enum value: can_execute = 15;
+     */
+    IamPermission[IamPermission["can_execute"] = 15] = "can_execute";
+    /**
+     * Secret access permission.
+     *
+     * @generated from enum value: can_read_secrets = 16;
+     */
+    IamPermission[IamPermission["can_read_secrets"] = 16] = "can_read_secrets";
+    /**
+     * Platform-level permissions.
+     *
+     * @generated from enum value: can_bootstrap_iam = 17;
+     */
+    IamPermission[IamPermission["can_bootstrap_iam"] = 17] = "can_bootstrap_iam";
+    /**
+     * @generated from enum value: can_manage_identity_accounts = 18;
+     */
+    IamPermission[IamPermission["can_manage_identity_accounts"] = 18] = "can_manage_identity_accounts";
+    /**
+     * @generated from enum value: can_update_execution_status = 19;
+     */
+    IamPermission[IamPermission["can_update_execution_status"] = 19] = "can_update_execution_status";
+    /**
+     * Back-office access permission.
+     *
+     * @generated from enum value: login_to_back_office = 20;
+     */
+    IamPermission[IamPermission["login_to_back_office"] = 20] = "login_to_back_office";
+})(IamPermission || (IamPermission = {}));
+/**
+ * Describes the enum ai.stigmer.iam.v1.IamPermission.
+ */
+export const IamPermissionSchema = /*@__PURE__*/ enumDesc(file_ai_stigmer_iam_v1_enum, 0);
+/**
+ * IamRole defines the roles that can be assigned to principals on resources
+ * via IAM policies.
+ *
+ * Roles are human-assigned and represent a principal's relationship to a
+ * resource. They are distinct from permissions (which are computed from roles
+ * and checked by the authorization interceptor) and structural relations
+ * (which are internal FGA wiring like organization or session links).
+ *
+ * Each ApiResourceKind declares which of these roles are grantable via
+ * the grantable_roles field in its AuthorizationConfig.
+ *
+ * @generated from enum ai.stigmer.iam.v1.IamRole
+ */
+export var IamRole;
+(function (IamRole) {
+    /**
+     * @generated from enum value: iam_role_unspecified = 0;
+     */
+    IamRole[IamRole["iam_role_unspecified"] = 0] = "iam_role_unspecified";
+    /**
+     * Full control of the resource. Typically assigned to the creator.
+     *
+     * @generated from enum value: owner = 1;
+     */
+    IamRole[IamRole["owner"] = 1] = "owner";
+    /**
+     * Administrative access. Grants most permissions except ownership transfer.
+     *
+     * @generated from enum value: admin = 2;
+     */
+    IamRole[IamRole["admin"] = 2] = "admin";
+    /**
+     * Membership-level access. Grants read and limited write permissions.
+     *
+     * @generated from enum value: member = 3;
+     */
+    IamRole[IamRole["member"] = 3] = "member";
+    /**
+     * Read-only access to the resource.
+     *
+     * @generated from enum value: viewer = 4;
+     */
+    IamRole[IamRole["viewer"] = 4] = "viewer";
+})(IamRole || (IamRole = {}));
+/**
+ * Describes the enum ai.stigmer.iam.v1.IamRole.
+ */
+export const IamRoleSchema = /*@__PURE__*/ enumDesc(file_ai_stigmer_iam_v1_enum, 1);
+//# sourceMappingURL=enum_pb.js.map

package/ai/stigmer/iam/v1/enum_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enum_pb.js","sourceRoot":"","sources":["../../../../../ai/stigmer/iam/v1/enum_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,+FAA+F;AAC/F,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAElE;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAY,aAAa,CAC/D,QAAQ,CAAC,83BAA83B,CAAC,CAAC;AAE34B;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAN,IAAY,aA8HX;AA9HD,WAAY,aAAa;IACvB;;OAEG;IACH,+DAAe,CAAA;IAEf;;;;OAIG;IACH,yDAAY,CAAA;IAEZ;;OAEG;IACH,yDAAY,CAAA;IAEZ;;OAEG;IACH,6DAAc,CAAA;IAEd;;;;OAIG;IACH,yEAAoB,CAAA;IAEpB;;OAEG;IACH,uEAAmB,CAAA;IAEnB;;;;OAIG;IACH,yEAAoB,CAAA;IAEpB;;OAEG;IACH,+EAAuB,CAAA;IAEvB;;OAEG;IACH,6EAAsB,CAAA;IAEtB;;OAEG;IACH,yEAAoB,CAAA;IAEpB;;OAEG;IACH,8EAAuB,CAAA;IAEvB;;OAEG;IACH,sEAAmB,CAAA;IAEnB;;OAEG;IACH,sFAA2B,CAAA;IAE3B;;OAEG;IACH,gGAAgC,CAAA;IAEhC;;;;OAIG;IACH,wFAA4B,CAAA;IAE5B;;OAEG;IACH,gFAAwB,CAAA;IAExB;;;;OAIG;IACH,gEAAgB,CAAA;IAEhB;;;;OAIG;IACH,0EAAqB,CAAA;IAErB;;;;OAIG;IACH,4EAAsB,CAAA;IAEtB;;OAEG;IACH,kGAAiC,CAAA;IAEjC;;OAEG;IACH,gGAAgC,CAAA;IAEhC;;;;OAIG;IACH,kFAAyB,CAAA;AAC3B,CAAC,EA9HW,aAAa,KAAb,aAAa,QA8HxB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA2B,aAAa,CACtE,QAAQ,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC;AAE3C;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAN,IAAY,OAiCX;AAjCD,WAAY,OAAO;IACjB;;OAEG;IACH,qEAAwB,CAAA;IAExB;;;;OAIG;IACH,uCAAS,CAAA;IAET;;;;OAIG;IACH,uCAAS,CAAA;IAET;;;;OAIG;IACH,yCAAU,CAAA;IAEV;;;;OAIG;IACH,yCAAU,CAAA;AACZ,CAAC,EAjCW,OAAO,KAAP,OAAO,QAiClB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAqB,aAAa,CAC1D,QAAQ,CAAC,2BAA2B,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/platform/github/v1/service_pb.js

@@ -2,12 +2,12 @@
 // @generated from file ai/stigmer/platform/github/v1/service.proto (package ai.stigmer.platform.github.v1, syntax proto3)
 /* eslint-disable */
 import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
-import { file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_method_options } from "../../../iam/iampolicy/v1/rpcauthorization/method_options_pb";
+import { file_ai_stigmer_commons_rpc_method_options } from "../../../commons/rpc/method_options_pb";
 import { file_buf_validate_validate } from "../../../../../buf/validate/validate_pb";
 /**
  * Describes the file ai/stigmer/platform/github/v1/service.proto.
  */
-export const file_ai_stigmer_platform_github_v1_service = /*@__PURE__*/ fileDesc("CithaS9zdGlnbWVyL3BsYXRmb3JtL2dpdGh1Yi92MS9zZXJ2aWNlLnByb3RvEh1haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MSI8ChtHZXRPQXV0aEF1dGhvcml6ZVVybFJlcXVlc3QSHQoMcmVkaXJlY3RfdXJpGAEgASgJQge6SARyAhABIkQKHEdldE9BdXRoQXV0aG9yaXplVXJsUmVzcG9uc2USFQoNYXV0aG9yaXplX3VybBgBIAEoCRINCgVzdGF0ZRgCIAEoCSJoChhFeGNoYW5nZU9BdXRoQ29kZVJlcXVlc3QSFQoEY29kZRgBIAEoCUIHukgEcgIQARIWCgVzdGF0ZRgCIAEoCUIHukgEcgIQARIdCgxyZWRpcmVjdF91cmkYAyABKAlCB7pIBHICEAEiVAoZRXhjaGFuZ2VPQXV0aENvZGVSZXNwb25zZRIUCgxhY2Nlc3NfdG9rZW4YASABKAkSEgoKdG9rZW5fdHlwZRgCIAEoCRINCgVzY29wZRgDIAEoCTK2AgoNR2l0SHViU2VydmljZRKVAQoUZ2V0T0F1dGhBdXRob3JpemVVcmwSOi5haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MS5HZXRPQXV0aEF1dGhvcml6ZVVybFJlcXVlc3QaOy5haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MS5HZXRPQXV0aEF1dGhvcml6ZVVybFJlc3BvbnNlIgTQuBgBEowBChFleGNoYW5nZU9BdXRoQ29kZRI3LmFpLnN0aWdtZXIucGxhdGZvcm0uZ2l0aHViLnYxLkV4Y2hhbmdlT0F1dGhDb2RlUmVxdWVzdBo4LmFpLnN0aWdtZXIucGxhdGZvcm0uZ2l0aHViLnYxLkV4Y2hhbmdlT0F1dGhDb2RlUmVzcG9uc2UiBNC4GAFiBnByb3RvMw", [file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_method_options, file_buf_validate_validate]);
+export const file_ai_stigmer_platform_github_v1_service = /*@__PURE__*/ fileDesc("CithaS9zdGlnbWVyL3BsYXRmb3JtL2dpdGh1Yi92MS9zZXJ2aWNlLnByb3RvEh1haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MSI8ChtHZXRPQXV0aEF1dGhvcml6ZVVybFJlcXVlc3QSHQoMcmVkaXJlY3RfdXJpGAEgASgJQge6SARyAhABIkQKHEdldE9BdXRoQXV0aG9yaXplVXJsUmVzcG9uc2USFQoNYXV0aG9yaXplX3VybBgBIAEoCRINCgVzdGF0ZRgCIAEoCSJoChhFeGNoYW5nZU9BdXRoQ29kZVJlcXVlc3QSFQoEY29kZRgBIAEoCUIHukgEcgIQARIWCgVzdGF0ZRgCIAEoCUIHukgEcgIQARIdCgxyZWRpcmVjdF91cmkYAyABKAlCB7pIBHICEAEiVAoZRXhjaGFuZ2VPQXV0aENvZGVSZXNwb25zZRIUCgxhY2Nlc3NfdG9rZW4YASABKAkSEgoKdG9rZW5fdHlwZRgCIAEoCRINCgVzY29wZRgDIAEoCTK2AgoNR2l0SHViU2VydmljZRKVAQoUZ2V0T0F1dGhBdXRob3JpemVVcmwSOi5haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MS5HZXRPQXV0aEF1dGhvcml6ZVVybFJlcXVlc3QaOy5haS5zdGlnbWVyLnBsYXRmb3JtLmdpdGh1Yi52MS5HZXRPQXV0aEF1dGhvcml6ZVVybFJlc3BvbnNlIgTQuBgBEowBChFleGNoYW5nZU9BdXRoQ29kZRI3LmFpLnN0aWdtZXIucGxhdGZvcm0uZ2l0aHViLnYxLkV4Y2hhbmdlT0F1dGhDb2RlUmVxdWVzdBo4LmFpLnN0aWdtZXIucGxhdGZvcm0uZ2l0aHViLnYxLkV4Y2hhbmdlT0F1dGhDb2RlUmVzcG9uc2UiBNC4GAFiBnByb3RvMw", [file_ai_stigmer_commons_rpc_method_options, file_buf_validate_validate]);
 /**
  * Describes the message ai.stigmer.platform.github.v1.GetOAuthAuthorizeUrlRequest.
  * Use `create(GetOAuthAuthorizeUrlRequestSchema)` to create a new message.

package/ai/stigmer/platform/github/v1/service_pb.js.map

@@ -1 +1 @@
-{"version":3,"file":"service_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/platform/github/v1/service_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,0HAA0H;AAC1H,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,gEAAgE,EAAE,MAAM,8DAA8D,CAAC;AAChJ,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAGrF;;GAEG;AACH,MAAM,CAAC,MAAM,0CAA0C,GAAY,aAAa,CAC9E,QAAQ,CAAC,o8BAAo8B,EAAE,CAAC,gEAAgE,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAmBjjC;;;GAGG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAA4C,aAAa,CACrG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAwB7D;;;GAGG;AACH,MAAM,CAAC,MAAM,kCAAkC,GAA6C,aAAa,CACvG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAiC7D;;;GAGG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAyC,aAAa,CAC/F,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AA8B7D;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA0C,aAAa,CACjG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAE7D;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,aAAa,GAwCrB,aAAa,CAChB,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"service_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/platform/github/v1/service_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,0HAA0H;AAC1H,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAClF,OAAO,EAAE,0CAA0C,EAAE,MAAM,wCAAwC,CAAC;AACpG,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAGrF;;GAEG;AACH,MAAM,CAAC,MAAM,0CAA0C,GAAY,aAAa,CAC9E,QAAQ,CAAC,o8BAAo8B,EAAE,CAAC,0CAA0C,EAAE,0BAA0B,CAAC,CAAC,CAAC;AAmB3hC;;;GAGG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAA4C,aAAa,CACrG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAwB7D;;;GAGG;AACH,MAAM,CAAC,MAAM,kCAAkC,GAA6C,aAAa,CACvG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAiC7D;;;GAGG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAyC,aAAa,CAC/F,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AA8B7D;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAA0C,aAAa,CACjG,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC;AAE7D;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,aAAa,GAwCrB,aAAa,CAChB,WAAW,CAAC,0CAA0C,EAAE,CAAC,CAAC,CAAC"}