@tailor-platform/sdk 2.0.0-next.0 → 2.0.0-next.2

package/dist/types-BX4q6Mo6.d.mts

@@ -0,0 +1,339 @@
+import { a as TailorEnv } from "./types-BZ7QKVE8.mjs";
+import { C as FieldMetadata, D as TailorField, F as output, O as TailorFieldType, m as TailorDBInstance, x as DefinedFieldMetadata } from "./types-CdcQh4Z2.mjs";
+import { IsAny, JsonObject, JsonValue } from "type-fest";
+
+//#region src/types/auth-connection.generated.d.ts
+type AuthConnectionOAuth2Config = {
+  /** OAuth2 provider URL */providerUrl: string; /** OAuth2 issuer URL */
+  issuerUrl: string; /** OAuth2 client ID */
+  clientId: string; /** OAuth2 client secret */
+  clientSecret: string; /** OAuth2 authorization endpoint override */
+  authUrl?: string | undefined; /** OAuth2 token endpoint override */
+  tokenUrl?: string | undefined;
+};
+type AuthConnectionConfig = {
+  type: "oauth2";
+  providerUrl: string;
+  issuerUrl: string;
+  clientId: string;
+  clientSecret: string;
+  authUrl?: string | undefined;
+  tokenUrl?: string | undefined;
+};
+//#endregion
+//#region src/types/auth.generated.d.ts
+type OIDC = {
+  /** Identity provider name */name: string;
+  kind: "OIDC"; /** OAuth2 client ID */
+  clientID: string; /** OAuth2 client secret */
+  clientSecret: {
+    vaultName: string;
+    secretKey: string;
+  }; /** OIDC provider URL */
+  providerURL: string; /** OIDC issuer URL (defaults to providerURL) */
+  issuerURL?: string | undefined; /** JWT claim to use as username */
+  usernameClaim?: string | undefined;
+};
+type SAML = {
+  /** Identity provider name */name: string;
+  kind: "SAML"; /** Enable signing of SAML requests */
+  enableSignRequest: boolean; /** URL to fetch SAML metadata (mutually exclusive with rawMetadata) */
+  metadataURL?: string | undefined; /** Raw SAML metadata XML (mutually exclusive with metadataURL) */
+  rawMetadata?: string | undefined; /** URL to redirect to when SAML ACS receives a response with an empty RelayState. */
+  defaultRedirectURL?: string | undefined;
+};
+type IDToken = {
+  /** Identity provider name */name: string;
+  kind: "IDToken"; /** ID token provider URL */
+  providerURL: string; /** Client ID for ID token validation */
+  clientID: string; /** ID token issuer URL */
+  issuerURL?: string | undefined; /** JWT claim to use as username */
+  usernameClaim?: string | undefined;
+};
+type BuiltinIdP = {
+  /** Identity provider name */name: string;
+  kind: "BuiltInIdP"; /** IdP namespace */
+  namespace: string; /** OAuth2 client name in the IdP */
+  clientName: string;
+};
+type IdProvider = OIDC | SAML | IDToken | BuiltinIdP;
+type OAuth2ClientInput = {
+  /** Allowed redirect URIs */redirectURIs: (`https://${string}` | `http://${string}` | `${string}:url` | `${string}:url/${string}`)[]; /** Client description */
+  description?: string | undefined; /** Allowed OAuth2 grant types */
+  grantTypes?: ("authorization_code" | "refresh_token")[] | undefined; /** OAuth2 client type */
+  clientType?: "confidential" | "public" | "browser" | undefined; /** Access token lifetime in seconds (60-86400) */
+  accessTokenLifetimeSeconds?: number | undefined; /** Refresh token lifetime in seconds (60-604800) */
+  refreshTokenLifetimeSeconds?: number | undefined; /** Require DPoP (Demonstrating Proof-of-Possession) for token requests */
+  requireDpop?: boolean | undefined;
+};
+type OAuth2Client = {
+  /** Allowed OAuth2 grant types */grantTypes: ("authorization_code" | "refresh_token")[]; /** Allowed redirect URIs */
+  redirectURIs: (`https://${string}` | `http://${string}` | `${string}:url` | `${string}:url/${string}`)[]; /** Access token lifetime in seconds (60-86400) */
+  accessTokenLifetimeSeconds: {
+    seconds: bigint;
+    nanos: number;
+  } | undefined; /** Refresh token lifetime in seconds (60-604800) */
+  refreshTokenLifetimeSeconds: {
+    seconds: bigint;
+    nanos: number;
+  } | undefined; /** Client description */
+  description?: string | undefined; /** OAuth2 client type */
+  clientType?: "confidential" | "public" | "browser" | undefined; /** Require DPoP (Demonstrating Proof-of-Possession) for token requests */
+  requireDpop?: boolean | undefined;
+};
+type SCIMAuthorization = {
+  /** SCIM authorization type */type: "oauth2" | "bearer"; /** Bearer token secret (required for bearer type) */
+  bearerSecret?: {
+    vaultName: string;
+    secretKey: string;
+  } | undefined;
+};
+type SCIMAttribute = {
+  /** Attribute data type */type: "string" | "number" | "boolean" | "datetime" | "complex"; /** Attribute name */
+  name: string; /** Attribute description */
+  description?: string | undefined; /** Attribute mutability */
+  mutability?: "readOnly" | "readWrite" | "writeOnly" | undefined; /** Whether the attribute is required */
+  required?: boolean | undefined; /** Whether the attribute can have multiple values */
+  multiValued?: boolean | undefined; /** Uniqueness constraint */
+  uniqueness?: "none" | "server" | "global" | undefined; /** List of canonical values */
+  canonicalValues?: string[] | null | undefined;
+  subAttributes?: SCIMAttribute[] | null | undefined;
+};
+type SCIMAttributeMapping = {
+  /** TailorDB field name to map to */tailorDBField: string; /** SCIM attribute path */
+  scimPath: string;
+};
+type SCIMResource = {
+  /** SCIM resource name */name: string; /** TailorDB namespace for the resource */
+  tailorDBNamespace: string; /** TailorDB type name for the resource */
+  tailorDBType: string; /** Core SCIM schema definition */
+  coreSchema: {
+    /** SCIM resource name */name: string;
+    attributes: {
+      type: "string" | "number" | "boolean" | "datetime" | "complex"; /** SCIM resource name */
+      name: string;
+      description?: string | undefined;
+      mutability?: "readOnly" | "readWrite" | "writeOnly" | undefined;
+      required?: boolean | undefined;
+      multiValued?: boolean | undefined;
+      uniqueness?: "none" | "server" | "global" | undefined;
+      canonicalValues?: string[] | null | undefined;
+      subAttributes?: any[] | null | undefined;
+    }[];
+  }; /** Attribute mapping configuration */
+  attributeMapping: {
+    tailorDBField: string;
+    scimPath: string;
+  }[];
+};
+type SCIMConfig = {
+  /** Machine user name for SCIM operations */machineUserName: string; /** SCIM authorization configuration */
+  authorization: {
+    type: "oauth2" | "bearer";
+    bearerSecret?: {
+      vaultName: string;
+      secretKey: string;
+    } | undefined;
+  }; /** SCIM resource definitions */
+  resources: {
+    name: string;
+    tailorDBNamespace: string;
+    tailorDBType: string;
+    coreSchema: {
+      name: string;
+      attributes: {
+        type: "string" | "number" | "boolean" | "datetime" | "complex";
+        name: string;
+        description?: string | undefined;
+        mutability?: "readOnly" | "readWrite" | "writeOnly" | undefined;
+        required?: boolean | undefined;
+        multiValued?: boolean | undefined;
+        uniqueness?: "none" | "server" | "global" | undefined;
+        canonicalValues?: string[] | null | undefined;
+        subAttributes?: any[] | null | undefined;
+      }[];
+    };
+    attributeMapping: {
+      tailorDBField: string;
+      scimPath: string;
+    }[];
+  }[];
+};
+type TenantProvider = {
+  /** TailorDB namespace for the tenant type */namespace: string; /** TailorDB type name for tenants */
+  type: string; /** Field used as the tenant signature */
+  signatureField: string;
+};
+//#endregion
+//#region src/configure/services/auth/types.d.ts
+type OAuth2ClientGrantType = OAuth2Client["grantTypes"][number];
+type SCIMAttributeType = SCIMAttribute["type"];
+interface MachineUserNameRegistry {}
+/**
+ * Machine user name.
+ *
+ * When `tailor.d.ts` is generated (via `tailor-sdk deploy`/`generate`), this is narrowed
+ * to the union of defined machine user names. When no machine users are registered yet,
+ * falls back to `string` to avoid blocking editing before the first generate run.
+ */
+type MachineUserName = keyof MachineUserNameRegistry extends never ? string : keyof MachineUserNameRegistry & string;
+/** Result of retrieving a connection token at runtime. */
+type AuthConnectionTokenResult = {
+  access_token: string;
+  refresh_token?: string;
+  token_type?: string;
+  expiry?: string;
+};
+type ValueOperand = string | boolean | string[] | boolean[];
+type AuthAttributeValue = ValueOperand | null | undefined;
+type UserFieldKeys<User extends TailorDBInstance> = keyof output<User> & string;
+type FieldDefined<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = User["fields"][Key] extends {
+  _defined: infer Defined;
+} ? Defined : never;
+type FieldOutput<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = output<User>[Key];
+type FieldIsRequired<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = undefined extends FieldOutput<User, Key> ? false : true;
+type FieldIsOfType<User extends TailorDBInstance, Key extends UserFieldKeys<User>, Type extends string> = FieldDefined<User, Key> extends {
+  type: Type;
+} ? true : false;
+type FieldIsArray<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = FieldDefined<User, Key> extends {
+  array: true;
+} ? true : false;
+type FieldIsUnique<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = FieldDefined<User, Key> extends {
+  unique: true;
+} ? true : false;
+type FieldSupportsValueOperand<User extends TailorDBInstance, Key extends UserFieldKeys<User>> = FieldOutput<User, Key> extends ValueOperand | null | undefined ? true : false;
+type UsernameFieldKey<User extends TailorDBInstance> = IsAny<User> extends true ? string : { [K in UserFieldKeys<User>]: FieldIsRequired<User, K> extends true ? FieldIsOfType<User, K, "string"> extends true ? FieldIsArray<User, K> extends true ? never : FieldIsUnique<User, K> extends true ? K : never : never : never }[UserFieldKeys<User>];
+type UserAttributeKey<User extends TailorDBInstance> = { [K in UserFieldKeys<User>]: K extends "id" ? never : FieldSupportsValueOperand<User, K> extends true ? FieldIsOfType<User, K, "datetime" | "date" | "time"> extends true ? never : K : never }[UserFieldKeys<User>];
+type UserAttributeListKey<User extends TailorDBInstance> = { [K in UserFieldKeys<User>]: K extends "id" ? never : FieldIsOfType<User, K, "uuid"> extends true ? FieldIsArray<User, K> extends true ? never : K : never }[UserFieldKeys<User>];
+type UserAttributeMap<User extends TailorDBInstance> = { [K in UserAttributeKey<User>]?: true };
+type DisallowExtraKeys<T, Allowed extends PropertyKey> = T & { [K in Exclude<keyof T, Allowed>]: never };
+type AttributeListValue<User extends TailorDBInstance, Key extends UserAttributeListKey<User>> = Key extends keyof output<User> ? output<User>[Key] : never;
+type AttributeListToTuple<User extends TailorDBInstance, AttributeList extends readonly UserAttributeListKey<User>[]> = { [Index in keyof AttributeList]: AttributeList[Index] extends UserAttributeListKey<User> ? AttributeListValue<User, AttributeList[Index]> : never };
+type AttributeMapSelectedKeys<User extends TailorDBInstance, AttributeMap extends UserAttributeMap<User>> = Extract<{ [K in keyof AttributeMap]-?: undefined extends AttributeMap[K] ? never : K }[keyof AttributeMap], UserAttributeKey<User>>;
+type UserProfile<User extends TailorDBInstance, AttributeMap extends UserAttributeMap<User>, AttributeList extends UserAttributeListKey<User>[]> = {
+  /**
+   * TailorDB namespace where the user type is defined.
+   *
+   * Usually auto-resolved, so you don't need to specify this.
+   * Required only when multiple TailorDBs exist and the type is in an external TailorDB.
+   */
+  namespace?: string;
+  type: User;
+  usernameField: UsernameFieldKey<User>;
+  attributes?: DisallowExtraKeys<AttributeMap, UserAttributeKey<User>>;
+  attributeList?: AttributeList;
+};
+type MachineUserAttributeFields = Record<string, TailorField<DefinedFieldMetadata, unknown, FieldMetadata, TailorFieldType>>;
+type TailorFieldOutputValue<Field> = Field extends TailorField<DefinedFieldMetadata, infer Output, FieldMetadata, TailorFieldType> ? Output : never;
+type MachineUserAttributeValues<Fields extends MachineUserAttributeFields> = { [K in keyof Fields]: TailorFieldOutputValue<Fields[K]> extends ValueOperand | null | undefined ? TailorFieldOutputValue<Fields[K]> : never };
+type MachineUserFromAttributes<Fields extends MachineUserAttributeFields> = (keyof Fields extends never ? {
+  attributes?: never;
+} : {
+  attributes: DisallowExtraKeys<MachineUserAttributeValues<Fields>, keyof Fields>;
+}) & {
+  attributeList?: string[];
+};
+type MachineUser<User extends TailorDBInstance, AttributeMap extends UserAttributeMap<User> = UserAttributeMap<User>, AttributeList extends UserAttributeListKey<User>[] = [], MachineUserAttributes extends MachineUserAttributeFields | undefined = undefined> = IsAny<MachineUserAttributes> extends true ? IsAny<User> extends true ? {
+  attributes: Record<string, AuthAttributeValue>;
+  attributeList?: string[];
+} : (AttributeMapSelectedKeys<User, AttributeMap> extends never ? {
+  attributes?: never;
+} : {
+  attributes: { [K in AttributeMapSelectedKeys<User, AttributeMap>]: K extends keyof output<User> ? output<User>[K] : never } & { [K in Exclude<keyof output<User>, AttributeMapSelectedKeys<User, AttributeMap>>]?: never };
+}) & ([] extends AttributeList ? {
+  attributeList?: never;
+} : {
+  attributeList: AttributeListToTuple<User, AttributeList>;
+}) : [MachineUserAttributes] extends [MachineUserAttributeFields] ? MachineUserFromAttributes<MachineUserAttributes> : IsAny<User> extends true ? {
+  attributes: Record<string, AuthAttributeValue>;
+  attributeList?: string[];
+} : (AttributeMapSelectedKeys<User, AttributeMap> extends never ? {
+  attributes?: never;
+} : {
+  attributes: { [K in AttributeMapSelectedKeys<User, AttributeMap>]: K extends keyof output<User> ? output<User>[K] : never } & { [K in Exclude<keyof output<User>, AttributeMapSelectedKeys<User, AttributeMap>>]?: never };
+}) & ([] extends AttributeList ? {
+  attributeList?: never;
+} : {
+  attributeList: AttributeListToTuple<User, AttributeList>;
+});
+/** Upstream OAuth provider that federated a login through the Built-in IdP. */
+type FederatedIdentityProvider = "google" | "microsoft";
+/**
+ * Profile claims forwarded from the upstream OAuth provider's ID token.
+ *
+ * Commonly present claims are typed; any other claim the provider issues is
+ * forwarded as-is and reachable through the index signature. Availability
+ * varies by provider (e.g. Microsoft does not issue `picture`).
+ */
+type FederatedIdentityClaims = {
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+  picture?: string;
+  locale?: string;
+  [claim: string]: JsonValue | undefined;
+};
+/**
+ * The upstream identity that federated this login, populated when a user signs
+ * in through a Built-in IdP OAuth provider (Google or Microsoft).
+ *
+ * Available on {@link BeforeLoginClaims.federated_identity}; `undefined` for
+ * password logins.
+ */
+type FederatedIdentity = {
+  provider: FederatedIdentityProvider;
+  claims: FederatedIdentityClaims;
+};
+/**
+ * Token claims passed to the {@link BeforeLoginHook} handler. Carries the IdP's
+ * own claims (e.g. `sub`, `email`) plus, for federated logins, the upstream
+ * provider's profile under {@link BeforeLoginClaims.federated_identity}.
+ */
+type BeforeLoginClaims = JsonObject & {
+  /** Present only for federated (Google/Microsoft) logins; `undefined` for password logins. */federated_identity?: FederatedIdentity;
+};
+type BeforeLoginHookArgs = {
+  claims: BeforeLoginClaims;
+  idpConfigName: string; /** Environment variables defined in `defineConfig({ env })`. */
+  env: TailorEnv;
+};
+type BeforeLoginHook<MachineUserNames extends string> = {
+  handler(args: BeforeLoginHookArgs): Promise<void>;
+  invoker: NoInfer<MachineUserNames>;
+};
+type AuthHooks<MachineUserNames extends string> = {
+  beforeLogin?: BeforeLoginHook<MachineUserNames>;
+};
+type AuthServiceInput<User extends TailorDBInstance, AttributeMap extends UserAttributeMap<User>, AttributeList extends UserAttributeListKey<User>[], MachineUserNames extends string, MachineUserAttributes extends MachineUserAttributeFields | undefined = MachineUserAttributeFields | undefined, ConnectionNames extends string = string> = {
+  hooks?: AuthHooks<MachineUserNames>;
+  userProfile?: UserProfile<User, AttributeMap, AttributeList>;
+  machineUserAttributes?: MachineUserAttributes;
+  machineUsers?: Record<MachineUserNames, MachineUser<User, AttributeMap, AttributeList, MachineUserAttributes>>;
+  oauth2Clients?: Record<string, OAuth2ClientInput>;
+  idProvider?: IdProvider;
+  scim?: SCIMConfig;
+  tenantProvider?: TenantProvider;
+  connections?: Record<ConnectionNames, AuthConnectionConfig>;
+  publishSessionEvents?: boolean;
+};
+declare const authDefinitionBrand: unique symbol;
+type AuthDefinitionBrand = {
+  readonly [authDefinitionBrand]: true;
+};
+type ConnectionNames<Config> = Config extends {
+  connections?: Record<infer K, unknown>;
+} ? K & string : string;
+type DefinedAuth<Name extends string, Config> = Config & {
+  name: Name;
+  getConnectionToken<C extends ConnectionNames<Config>>(connectionName: C): Promise<AuthConnectionTokenResult>;
+} & AuthDefinitionBrand;
+type AuthExternalConfig = {
+  name: string;
+  external: true;
+};
+type AuthServiceInputLoose = AuthServiceInput<any, any, any, string, any>;
+type AuthOwnConfig = DefinedAuth<string, AuthServiceInputLoose>;
+type AuthConfig = AuthOwnConfig | AuthExternalConfig;
+//#endregion
+export { SCIMAuthorization as A, IdProvider as C, SAML as D, OIDC as E, AuthConnectionOAuth2Config as F, SCIMResource as M, TenantProvider as N, SCIMAttribute as O, AuthConnectionConfig as P, IDToken as S, OAuth2ClientInput as T, UserAttributeListKey as _, AuthServiceInput as a, ValueOperand as b, DefinedAuth as c, FederatedIdentityProvider as d, MachineUserName as f, UserAttributeKey as g, SCIMAttributeType as h, AuthOwnConfig as i, SCIMConfig as j, SCIMAttributeMapping as k, FederatedIdentity as l, OAuth2ClientGrantType as m, AuthConnectionTokenResult as n, BeforeLoginClaims as o, MachineUserNameRegistry as p, AuthExternalConfig as r, BeforeLoginHookArgs as s, AuthConfig as t, FederatedIdentityClaims as u, UserAttributeMap as v, OAuth2Client as w, BuiltinIdP as x, UsernameFieldKey as y };
+//# sourceMappingURL=types-BX4q6Mo6.d.mts.map

package/dist/types-BZ7QKVE8.d.mts

@@ -0,0 +1,21 @@
+//#region src/runtime/types.d.ts
+interface AttributeMap {}
+interface AttributeList {
+  __tuple?: [];
+}
+type InferredAttributeMap = keyof AttributeMap extends never ? Record<string, string | string[] | boolean | boolean[] | undefined> : AttributeMap;
+type InferredAttributeList = AttributeList["__tuple"] extends [] ? string[] : AttributeList["__tuple"];
+/** Represents a user or machine user principal in the Tailor Platform. */
+type TailorPrincipal = {
+  /** The ID of the principal. */id: string; /** The type of the principal. */
+  type: "user" | "machine_user"; /** The ID of the workspace the principal belongs to. */
+  workspaceId: string; /** A map of the principal's attributes. */
+  attributes: InferredAttributeMap; /** A list of the principal's attribute IDs. */
+  attributeList: InferredAttributeList;
+};
+interface Env {}
+/** Represents environment variables in the Tailor platform. */
+type TailorEnv = keyof Env extends never ? Record<string, string | number | boolean> : Env;
+//#endregion
+export { TailorEnv as a, InferredAttributeMap as i, AttributeMap as n, TailorPrincipal as o, Env as r, AttributeList as t };
+//# sourceMappingURL=types-BZ7QKVE8.d.mts.map