@urateam/dashboard 0.1.2 → 0.1.5

package/dist/__tests__/sso-middleware.test.js

@@ -0,0 +1,66 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import { Hono } from "hono";
+import { createDb, upsertUser, createSession } from "@urateam/core";
+import { createSsoMiddleware } from "../middleware/sso.js";
+let db;
+let userId;
+const ssoConfig = {
+    enabled: true,
+    workosApiKey: "sk_test",
+    workosClientId: "client_test",
+    redirectUri: "https://x/auth/callback",
+    sessionDurationHours: 24,
+    cookieName: "urateam_session",
+    cookieSecure: false,
+    stateSigningSecret: "0123456789abcdef0123456789abcdef",
+};
+beforeEach(async () => {
+    db = await createDb({ connectionString: ":memory:" });
+    userId = await upsertUser(db, {
+        email: "a@b.com",
+        name: "A",
+        workosUserId: null,
+    });
+});
+function appWithSso() {
+    const app = new Hono();
+    app.use("*", createSsoMiddleware({ db, sso: ssoConfig }));
+    app.get("/runs", (c) => c.text(`hello ${c.get("user").email}`));
+    app.post("/webhooks/linear", (c) => c.text("ok"));
+    app.get("/auth/login", (c) => c.text("login page"));
+    return app;
+}
+describe("ssoMiddleware", () => {
+    it("redirects to /auth/login when no cookie present", async () => {
+        const res = await appWithSso().request("/runs");
+        expect(res.status).toBe(302);
+        expect(res.headers.get("location")).toContain("/auth/login");
+        expect(res.headers.get("location")).toContain("next=%2Fruns");
+    });
+    it("allows /auth/* paths through without a cookie", async () => {
+        const res = await appWithSso().request("/auth/login");
+        expect(res.status).toBe(200);
+    });
+    it("allows /webhooks/* paths through without a cookie", async () => {
+        const res = await appWithSso().request("/webhooks/linear", {
+            method: "POST",
+        });
+        expect(res.status).toBe(200);
+    });
+    it("returns 200 with c.get('user') populated when valid session cookie present", async () => {
+        const sid = await createSession(db, { userId, durationHours: 24 });
+        const res = await appWithSso().request("/runs", {
+            headers: { cookie: `urateam_session=${sid}` },
+        });
+        expect(res.status).toBe(200);
+        expect(await res.text()).toBe("hello a@b.com");
+    });
+    it("clears cookie and redirects when session id is unknown", async () => {
+        const res = await appWithSso().request("/runs", {
+            headers: { cookie: `urateam_session=unknown` },
+        });
+        expect(res.status).toBe(302);
+        expect(res.headers.get("set-cookie")).toContain("urateam_session=;");
+    });
+});
+//# sourceMappingURL=sso-middleware.test.js.map

package/dist/__tests__/sso-middleware.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-middleware.test.js","sourceRoot":"","sources":["../../src/__tests__/sso-middleware.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,IAAI,EAAO,CAAC;AACZ,IAAI,MAAc,CAAC;AAEnB,MAAM,SAAS,GAAG;IAChB,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,SAAS;IACvB,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,yBAAyB;IACtC,oBAAoB,EAAE,EAAE;IACxB,UAAU,EAAE,iBAAiB;IAC7B,YAAY,EAAE,KAAK;IACnB,kBAAkB,EAAE,kCAAkC;CAC9C,CAAC;AAEX,UAAU,CAAC,KAAK,IAAI,EAAE;IACpB,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;IACtD,MAAM,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE;QAC5B,KAAK,EAAE,SAAS;QAChB,IAAI,EAAE,GAAG;QACT,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,UAAU;IACjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,mBAAmB,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,SAAgB,EAAE,CAAC,CAAC,CAAC;IACjE,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAU,CAAC,CAAC,GAAG,CAAC,MAAe,CAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAClF,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7D,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE;YACzD,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;QAC1F,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE;YAC9C,OAAO,EAAE,EAAE,MAAM,EAAE,mBAAmB,GAAG,EAAE,EAAE;SAC9C,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE;YAC9C,OAAO,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE;SAC/C,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/users-routes.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=users-routes.test.d.ts.map

package/dist/__tests__/users-routes.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users-routes.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/users-routes.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/users-routes.test.js

@@ -0,0 +1,127 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { Hono } from "hono";
+import { createDb } from "@urateam/core";
+import { dashboardUsers, auditEvents, } from "@urateam/core/dist/db/schema.js";
+import { createUsersRouter } from "../routes/users.js";
+import { installTestProLicense, restoreLicense } from "./helpers/license.js";
+let db;
+beforeEach(async () => {
+    db = await createDb({ connectionString: ":memory:" });
+    await db.insert(dashboardUsers).values([
+        {
+            id: "u_admin",
+            email: "admin@b.com",
+            name: "Admin",
+            workosUserId: null,
+            role: "admin",
+        },
+        {
+            id: "u_op",
+            email: "op@b.com",
+            name: "Op",
+            workosUserId: null,
+            role: "operator",
+        },
+        {
+            id: "u_view",
+            email: "view@b.com",
+            name: "View",
+            workosUserId: null,
+            role: "viewer",
+        },
+    ]);
+});
+afterEach(async () => {
+    await restoreLicense();
+});
+function appWith(role, userId = "u_admin") {
+    const app = new Hono();
+    app.use("*", async (c, next) => {
+        if (role) {
+            c.set("user", {
+                id: userId,
+                email: `${role}@b.com`,
+                role,
+            });
+        }
+        await next();
+    });
+    app.route("/", createUsersRouter({ db, basePath: "" }));
+    return app;
+}
+describe("/users routes (licensed)", () => {
+    beforeEach(async () => {
+        await installTestProLicense("enterprise");
+    });
+    it("GET /users as admin → 200 with user list", async () => {
+        const res = await appWith("admin").request("/users");
+        expect(res.status).toBe(200);
+        const body = await res.text();
+        expect(body).toContain("admin@b.com");
+        expect(body).toContain("op@b.com");
+        expect(body).toContain("view@b.com");
+    });
+    it("GET /users as operator → 403", async () => {
+        const res = await appWith("operator", "u_op").request("/users");
+        expect(res.status).toBe(403);
+    });
+    it("GET /users as viewer → 403", async () => {
+        const res = await appWith("viewer", "u_view").request("/users");
+        expect(res.status).toBe(403);
+    });
+    it("POST /users/:id/role as admin → 302, role updated, audit event written", async () => {
+        const res = await appWith("admin").request("/users/u_view/role", {
+            method: "POST",
+            headers: {
+                "HX-Request": "true",
+                "content-type": "application/x-www-form-urlencoded",
+            },
+            body: "role=operator",
+        });
+        expect(res.status).toBe(302);
+        const rows = await db.select().from(dashboardUsers);
+        expect(rows.find((u) => u.id === "u_view").role).toBe("operator");
+        const events = await db.select().from(auditEvents);
+        expect(events.some((e) => e.eventType === "dashboard.manual_action")).toBe(true);
+    });
+    it("POST /users/:id/role as operator → 403", async () => {
+        const res = await appWith("operator", "u_op").request("/users/u_view/role", {
+            method: "POST",
+            headers: {
+                "HX-Request": "true",
+                "content-type": "application/x-www-form-urlencoded",
+            },
+            body: "role=admin",
+        });
+        expect(res.status).toBe(403);
+    });
+    it("POST with invalid role → 400", async () => {
+        const res = await appWith("admin").request("/users/u_view/role", {
+            method: "POST",
+            headers: {
+                "HX-Request": "true",
+                "content-type": "application/x-www-form-urlencoded",
+            },
+            body: "role=god",
+        });
+        expect(res.status).toBe(400);
+    });
+    it("POST to demote self → 400", async () => {
+        const res = await appWith("admin", "u_admin").request("/users/u_admin/role", {
+            method: "POST",
+            headers: {
+                "HX-Request": "true",
+                "content-type": "application/x-www-form-urlencoded",
+            },
+            body: "role=viewer",
+        });
+        expect(res.status).toBe(400);
+    });
+});
+describe("/users routes (unlicensed)", () => {
+    it("GET /users → 404", async () => {
+        const res = await appWith("admin").request("/users");
+        expect(res.status).toBe(404);
+    });
+});
+//# sourceMappingURL=users-routes.test.js.map

package/dist/__tests__/users-routes.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users-routes.test.js","sourceRoot":"","sources":["../../src/__tests__/users-routes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EACL,cAAc,EACd,WAAW,GACZ,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE7E,IAAI,EAAO,CAAC;AAEZ,UAAU,CAAC,KAAK,IAAI,EAAE;IACpB,EAAE,GAAG,MAAM,QAAQ,CAAC,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC,CAAC;IACtD,MAAM,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;QACrC;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,aAAa;YACpB,IAAI,EAAE,OAAO;YACb,YAAY,EAAE,IAAI;YAClB,IAAI,EAAE,OAAO;SACd;QACD;YACE,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,UAAU;YACjB,IAAI,EAAE,IAAI;YACV,YAAY,EAAE,IAAI;YAClB,IAAI,EAAE,UAAU;SACjB;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,MAAM;YACZ,YAAY,EAAE,IAAI;YAClB,IAAI,EAAE,QAAQ;SACf;KACF,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,MAAM,cAAc,EAAE,CAAC;AACzB,CAAC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,IAAwB,EAAE,MAAM,GAAG,SAAS;IAC3D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,IAAI,IAAI,EAAE,CAAC;YACT,CAAC,CAAC,GAAG,CAAC,MAAe,EAAE;gBACrB,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,GAAG,IAAI,QAAQ;gBACtB,IAAI;aACE,CAAC,CAAC;QACZ,CAAC;QACD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,iBAAiB,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,oBAAoB,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,YAAY,EAAE,MAAM;gBACpB,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,eAAe;SACtB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,yBAAyB,CAAC,CACnE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,OAAO,CACnD,oBAAoB,EACpB;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,YAAY,EAAE,MAAM;gBACpB,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,YAAY;SACnB,CACF,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,oBAAoB,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,YAAY,EAAE,MAAM;gBACpB,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,OAAO,CACnD,qBAAqB,EACrB;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,YAAY,EAAE,MAAM;gBACpB,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,aAAa;SACpB,CACF,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,kBAAkB,EAAE,KAAK,IAAI,EAAE;QAChC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/middleware/rbac.d.ts

@@ -0,0 +1,4 @@
+import type { MiddlewareHandler } from "hono";
+import { type PermissionKey } from "@urateam/core";
+export declare function requirePermission(action: PermissionKey): MiddlewareHandler;
+//# sourceMappingURL=rbac.d.ts.map

package/dist/middleware/rbac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../src/middleware/rbac.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,EAGL,KAAK,aAAa,EAEnB,MAAM,eAAe,CAAC;AAGvB,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,aAAa,GAAG,iBAAiB,CAsB1E"}

package/dist/middleware/rbac.js

@@ -0,0 +1,21 @@
+import { isFeatureLicensed, canAccess, } from "@urateam/core";
+import { renderForbidden } from "../views/forbidden.js";
+export function requirePermission(action) {
+    return async (c, next) => {
+        if (!isFeatureLicensed("rbac"))
+            return next();
+        const user = c.get("user");
+        if (!user)
+            return c.text("Unauthorized", 401);
+        if (!canAccess(user.role, action)) {
+            return c.html(renderForbidden({
+                email: user.email,
+                role: user.role,
+                action,
+                basePath: "",
+            }), 403);
+        }
+        return next();
+    };
+}
+//# sourceMappingURL=rbac.js.map

package/dist/middleware/rbac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../src/middleware/rbac.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iBAAiB,EACjB,SAAS,GAGV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,MAAM,UAAU,iBAAiB,CAAC,MAAqB;IACrD,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAE9C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAe,CAErB,CAAC;QACd,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAE9C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,CAAC,IAAI,CACX,eAAe,CAAC;gBACd,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM;gBACN,QAAQ,EAAE,EAAE;aACb,CAAC,EACF,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/sso.d.ts

@@ -0,0 +1,9 @@
+import type { MiddlewareHandler } from "hono";
+import type { SsoConfig } from "@urateam/core";
+interface SsoMiddlewareDeps {
+    db: any;
+    sso: SsoConfig;
+}
+export declare function createSsoMiddleware(deps: SsoMiddlewareDeps): MiddlewareHandler;
+export {};
+//# sourceMappingURL=sso.d.ts.map

package/dist/middleware/sso.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.d.ts","sourceRoot":"","sources":["../../src/middleware/sso.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAO9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,UAAU,iBAAiB;IACzB,EAAE,EAAE,GAAG,CAAC;IACR,GAAG,EAAE,SAAS,CAAC;CAChB;AAMD,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,iBAAiB,GACtB,iBAAiB,CA+CnB"}

package/dist/middleware/sso.js

@@ -0,0 +1,47 @@
+import { getCookie, setCookie } from "hono/cookie";
+import { getSession, getUserById, deleteSession, touchSessionLastSeen, } from "@urateam/core";
+// CSRF note: the session cookie uses SameSite=Lax. This prevents
+// cross-origin POST from third-party sites (CSRF), but allows top-level
+// navigations (GET). The dashboard CSRF middleware separately rejects
+// state-changing requests without the HX-Request header.
+export function createSsoMiddleware(deps) {
+    return async (c, next) => {
+        const path = c.req.path;
+        if (path.startsWith("/auth/"))
+            return next();
+        if (path.startsWith("/webhooks/"))
+            return next();
+        const cookie = getCookie(c, deps.sso.cookieName);
+        if (!cookie) {
+            return c.redirect(`/auth/login?next=${encodeURIComponent(path)}`, 302);
+        }
+        const session = await getSession(deps.db, cookie);
+        if (!session) {
+            setCookie(c, deps.sso.cookieName, "", {
+                maxAge: 0,
+                path: "/",
+                httpOnly: true,
+                sameSite: "Lax",
+                secure: deps.sso.cookieSecure,
+            });
+            return c.redirect(`/auth/login?next=${encodeURIComponent(path)}`, 302);
+        }
+        const user = await getUserById(deps.db, session.userId);
+        if (!user) {
+            await deleteSession(deps.db, cookie);
+            setCookie(c, deps.sso.cookieName, "", {
+                maxAge: 0,
+                path: "/",
+                httpOnly: true,
+                sameSite: "Lax",
+                secure: deps.sso.cookieSecure,
+            });
+            return c.redirect(`/auth/login`, 302);
+        }
+        c.set("user", user);
+        c.set("session", session);
+        void touchSessionLastSeen(deps.db, cookie);
+        return next();
+    };
+}
+//# sourceMappingURL=sso.js.map

package/dist/middleware/sso.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../src/middleware/sso.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,EACL,UAAU,EACV,WAAW,EACX,aAAa,EACb,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAQvB,iEAAiE;AACjE,wEAAwE;AACxE,sEAAsE;AACtE,yDAAyD;AACzD,MAAM,UAAU,mBAAmB,CACjC,IAAuB;IAEvB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACxB,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,QAAQ,CACf,oBAAoB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAC9C,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE;gBACpC,MAAM,EAAE,CAAC;gBACT,IAAI,EAAE,GAAG;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;aAC9B,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,QAAQ,CACf,oBAAoB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAC9C,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YACrC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE;gBACpC,MAAM,EAAE,CAAC;gBACT,IAAI,EAAE,GAAG;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;aAC9B,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QACxC,CAAC;QAED,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpB,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC1B,KAAK,oBAAoB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/routes/audit.d.ts

@@ -0,0 +1,4 @@
+import { Hono } from "hono";
+import type { Db } from "@urateam/core";
+export declare function createAuditRouter(db: Db, basePath?: string): Hono;
+//# sourceMappingURL=audit.d.ts.map

package/dist/routes/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/routes/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,EAAE,EAAkB,MAAM,eAAe,CAAC;AA6DxD,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,SAAK,GAAG,IAAI,CA+E7D"}

package/dist/routes/audit.js

@@ -0,0 +1,123 @@
+import { Hono } from "hono";
+import { isFeatureLicensed, listAuditEvents, streamAuditCsv, findAuditEventById, } from "@urateam/core";
+import { layout } from "../views/layout.js";
+import { renderAuditPage, renderEventDetailRow } from "../views/audit.js";
+import { requirePermission } from "../middleware/rbac.js";
+function parseFilters(query) {
+    return {
+        from: query.from || undefined,
+        to: query.to || undefined,
+        scope: query.scope || undefined,
+        eventType: query.eventType || undefined,
+        actor: query.actor || undefined,
+        runId: query.runId || undefined,
+        issueId: query.issueId || undefined,
+        q: query.q || undefined,
+        cursor: query.cursor || undefined,
+    };
+}
+function buildReaderFilters(q) {
+    const f = {};
+    if (q.from) {
+        const d = new Date(q.from);
+        if (!isNaN(d.getTime()))
+            f.from = d;
+    }
+    if (q.to) {
+        const d = new Date(q.to);
+        if (!isNaN(d.getTime()))
+            f.to = d;
+    }
+    if (q.scope)
+        f.scope = q.scope;
+    if (q.eventType)
+        f.eventTypes = [q.eventType];
+    if (q.actor)
+        f.actor = q.actor;
+    if (q.runId)
+        f.runId = q.runId;
+    if (q.issueId)
+        f.issueId = q.issueId;
+    if (q.q)
+        f.q = q.q;
+    if (q.cursor)
+        f.cursor = q.cursor;
+    f.limit = 50;
+    return f;
+}
+export function createAuditRouter(db, basePath = "") {
+    const router = new Hono();
+    // Gate every audit route behind the license feature flag.
+    router.use("/audit", async (c, next) => {
+        if (!isFeatureLicensed("audit-log"))
+            return c.notFound();
+        await next();
+    });
+    router.use("/audit/*", async (c, next) => {
+        if (!isFeatureLicensed("audit-log"))
+            return c.notFound();
+        await next();
+    });
+    router.get("/audit", requirePermission("audit.view"), async (c) => {
+        const query = c.req.query();
+        const filters = parseFilters(query);
+        const readerFilters = buildReaderFilters(query);
+        const { events, nextCursor } = await listAuditEvents(db, readerFilters);
+        const content = renderAuditPage({ events, nextCursor, filters });
+        if (c.req.header("HX-Request"))
+            return c.html(content);
+        const user = c.get("user");
+        return c.html(layout("Audit Log", content, basePath, { userEmail: user?.email }));
+    });
+    // HTMX partial used by the "Load more" link to append rows.
+    router.get("/audit/page", requirePermission("audit.view"), async (c) => {
+        const query = c.req.query();
+        const filters = parseFilters(query);
+        const readerFilters = buildReaderFilters(query);
+        const { events, nextCursor } = await listAuditEvents(db, readerFilters);
+        return c.html(renderAuditPage({ events, nextCursor, filters, partial: true }));
+    });
+    // HTMX detail expansion for a single event (expands the full payload).
+    router.get("/audit/event/:id", requirePermission("audit.view"), async (c) => {
+        const id = c.req.param("id");
+        const event = await findAuditEventById(db, id);
+        // Return 200 for not-found: HTMX 2.x drops 4xx responses by default so a 404
+        // would make the error message invisible to the user.
+        if (!event)
+            return c.html('<tr class="audit-detail-row"><td></td><td colspan="8" style="color:#c33;padding:0.5rem 1rem;background:#fff4f4;">Event not found</td></tr>');
+        return c.html(renderEventDetailRow(event));
+    });
+    router.get("/audit/export.csv", requirePermission("audit.export"), async (c) => {
+        const query = c.req.query();
+        const readerFilters = buildReaderFilters(query);
+        // Export ignores the paginated limit; streamAuditCsv walks its own cursor.
+        delete readerFilters.limit;
+        delete readerFilters.cursor;
+        const iter = streamAuditCsv(db, readerFilters);
+        const encoder = new TextEncoder();
+        const stream = new ReadableStream({
+            async pull(controller) {
+                const { value, done } = await iter.next();
+                if (done) {
+                    controller.close();
+                    return;
+                }
+                controller.enqueue(encoder.encode(value + "\n"));
+            },
+            async cancel() {
+                if (typeof iter.return === "function")
+                    await iter.return();
+            },
+        });
+        return new Response(stream, {
+            status: 200,
+            headers: {
+                "Content-Type": "text/csv; charset=utf-8",
+                "Content-Disposition": 'attachment; filename="audit-export.csv"',
+                "Cache-Control": "no-store",
+            },
+        });
+    });
+    return router;
+}
+//# sourceMappingURL=audit.js.map

package/dist/routes/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/routes/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAqB,MAAM,mBAAmB,CAAC;AAC7F,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,SAAS,YAAY,CAAC,KAAyC;IAK7D,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,SAAS;QAC7B,EAAE,EAAE,KAAK,CAAC,EAAE,IAAI,SAAS;QACzB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;QAC/B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;QACvC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;QAC/B,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;QAC/B,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,SAAS;QACnC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,SAAS;QACvB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,SAAS;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAqC;IAC/D,MAAM,CAAC,GAWH,EAAE,CAAC;IACP,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC;QACT,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,CAAC,KAAK;QAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC/B,IAAI,CAAC,CAAC,SAAS;QAAE,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,SAA2B,CAAC,CAAC;IAChE,IAAI,CAAC,CAAC,KAAK;QAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC/B,IAAI,CAAC,CAAC,KAAK;QAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC/B,IAAI,CAAC,CAAC,OAAO;QAAE,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;IACrC,IAAI,CAAC,CAAC,CAAC;QAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACnB,IAAI,CAAC,CAAC,MAAM;QAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;IACb,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,EAAM,EAAE,QAAQ,GAAG,EAAE;IACrD,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAE1B,0DAA0D;IAC1D,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACrC,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QACzD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvC,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QACzD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAChE,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,EAAS,EAAE,aAAa,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAe,CAAmC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CACX,MAAM,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,EAAS,EAAE,aAAa,CAAC,CAAC;QAC/E,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,uEAAuE;IACvE,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1E,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,EAAS,EAAE,EAAE,CAAC,CAAC;QACtD,6EAA6E;QAC7E,sDAAsD;QACtD,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,4IAA4I,CAAC,CAAC;QACxK,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,cAAc,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC7E,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,aAAa,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAChD,2EAA2E;QAC3E,OAAQ,aAAoC,CAAC,KAAK,CAAC;QACnD,OAAQ,aAAqC,CAAC,MAAM,CAAC;QAErD,MAAM,IAAI,GAAG,cAAc,CAAC,EAAS,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAa;YAC5C,KAAK,CAAC,IAAI,CAAC,UAAU;gBACnB,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,IAAI,IAAI,EAAE,CAAC;oBACT,UAAU,CAAC,KAAK,EAAE,CAAC;oBACnB,OAAO;gBACT,CAAC;gBACD,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC;YACnD,CAAC;YACD,KAAK,CAAC,MAAM;gBACV,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,UAAU;oBAAE,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAC7D,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE;YAC1B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE;gBACP,cAAc,EAAE,yBAAyB;gBACzC,qBAAqB,EAAE,yCAAyC;gBAChE,eAAe,EAAE,UAAU;aAC5B;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/routes/auth.d.ts

@@ -0,0 +1,10 @@
+import { Hono } from "hono";
+import type { SsoConfig, WorkosClient } from "@urateam/core";
+interface AuthRouterDeps {
+    db: any;
+    sso: SsoConfig;
+    workos: WorkosClient;
+}
+export declare function createAuthRouter(deps: AuthRouterDeps): Hono;
+export {};
+//# sourceMappingURL=auth.d.ts.map

package/dist/routes/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAmB5B,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAK7D,UAAU,cAAc;IACtB,EAAE,EAAE,GAAG,CAAC;IACR,GAAG,EAAE,SAAS,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;CACtB;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI,CAiI3D"}

package/dist/routes/auth.js

@@ -0,0 +1,105 @@
+import { Hono } from "hono";
+import { setCookie, getCookie } from "hono/cookie";
+import { randomUUID } from "node:crypto";
+import { signState, verifyState, validateNextPath, upsertUser, applyBootstrapAdmins, isFeatureLicensed, createSession, deleteSession, getSession, getUserById, logAuditEvent, dashboardLoginEvent, dashboardLogoutEvent, dashboardLoginDeniedEvent, } from "@urateam/core";
+import { createLogger } from "@urateam/core";
+const log = createLogger({ component: "dashboard.auth" });
+export function createAuthRouter(deps) {
+    const app = new Hono();
+    app.get("/auth/login", async (c) => {
+        const next = validateNextPath(c.req.query("next"));
+        const state = signState({ next, nonce: randomUUID() }, deps.sso.stateSigningSecret);
+        const url = await deps.workos.getAuthorizationUrl({
+            clientId: deps.sso.workosClientId,
+            redirectUri: deps.sso.redirectUri,
+            state,
+        });
+        return c.redirect(url, 302);
+    });
+    app.get("/auth/callback", async (c) => {
+        const code = c.req.query("code");
+        const stateRaw = c.req.query("state");
+        if (!code || !stateRaw)
+            return c.text("Missing code or state", 400);
+        const state = verifyState(stateRaw, deps.sso.stateSigningSecret);
+        if (!state)
+            return c.text("Invalid login state. Please try again.", 400);
+        let result;
+        try {
+            result = await deps.workos.authenticateWithCode({
+                clientId: deps.sso.workosClientId,
+                code,
+            });
+        }
+        catch (err) {
+            log.warn({ err }, "WorkOS authenticateWithCode failed");
+            return c.text("SSO provider error. Try again or contact your administrator.", 503);
+        }
+        const email = result.user.email.toLowerCase();
+        if (deps.sso.allowedDomain) {
+            const expected = "@" + deps.sso.allowedDomain.toLowerCase();
+            if (!email.endsWith(expected)) {
+                void logAuditEvent(deps.db, dashboardLoginDeniedEvent({ email, reason: "domain-mismatch" }));
+                return c.text(`Access denied. ${email} is not in the allowed domain. Contact your administrator.`, 403);
+            }
+        }
+        const fullName = [result.user.firstName, result.user.lastName]
+            .filter(Boolean)
+            .join(" ")
+            .trim() || null;
+        const userId = await upsertUser(deps.db, {
+            email,
+            name: fullName,
+            workosUserId: result.user.id,
+        });
+        if (isFeatureLicensed("rbac")) {
+            try {
+                await applyBootstrapAdmins(deps.db, email, userId, process.env.URATEAM_ADMIN_EMAILS);
+            }
+            catch (err) {
+                // bootstrap must never block login
+                log.warn({ err }, "bootstrap admin failed");
+            }
+        }
+        const sessionId = await createSession(deps.db, {
+            userId,
+            durationHours: deps.sso.sessionDurationHours,
+        });
+        setCookie(c, deps.sso.cookieName, sessionId, {
+            httpOnly: true,
+            sameSite: "Lax",
+            secure: deps.sso.cookieSecure,
+            path: "/",
+            maxAge: deps.sso.sessionDurationHours * 3600,
+        });
+        void logAuditEvent(deps.db, dashboardLoginEvent({
+            userId,
+            email,
+            workosUserId: result.user.id,
+        }));
+        return c.redirect(validateNextPath(state.next), 302);
+    });
+    app.post("/auth/logout", async (c) => {
+        const sid = getCookie(c, deps.sso.cookieName);
+        if (sid) {
+            const session = await getSession(deps.db, sid);
+            if (session) {
+                const user = await getUserById(deps.db, session.userId);
+                await deleteSession(deps.db, sid);
+                if (user) {
+                    void logAuditEvent(deps.db, dashboardLogoutEvent({ userId: user.id, email: user.email }));
+                }
+            }
+        }
+        setCookie(c, deps.sso.cookieName, "", {
+            maxAge: 0,
+            path: "/",
+            httpOnly: true,
+            sameSite: "Lax",
+            secure: deps.sso.cookieSecure,
+        });
+        return c.redirect("/auth/login", 302);
+    });
+    return app;
+}
+//# sourceMappingURL=auth.js.map

package/dist/routes/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EACL,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,UAAU,EACV,WAAW,EACX,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;AAQ1D,MAAM,UAAU,gBAAgB,CAAC,IAAoB;IACnD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,SAAS,CACrB,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,EAC7B,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAC5B,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YAChD,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc;YACjC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW;YACjC,KAAK;SACN,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACpE,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;QAEzE,IAAI,MAAM,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;gBAC9C,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc;gBACjC,IAAI;aACL,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,oCAAoC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC,IAAI,CACX,8DAA8D,EAC9D,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC;YAC5D,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9B,KAAK,aAAa,CAChB,IAAI,CAAC,EAAE,EACP,yBAAyB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAChE,CAAC;gBACF,OAAO,CAAC,CAAC,IAAI,CACX,kBAAkB,KAAK,4DAA4D,EACnF,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GACZ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;aAC1C,MAAM,CAAC,OAAO,CAAC;aACf,IAAI,CAAC,GAAG,CAAC;aACT,IAAI,EAAE,IAAI,IAAI,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;YACvC,KAAK;YACL,IAAI,EAAE,QAAQ;YACd,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,oBAAoB,CACxB,IAAI,CAAC,EAAE,EACP,KAAK,EACL,MAAM,EACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,CACjC,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,mCAAmC;gBACnC,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,wBAAwB,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE;YAC7C,MAAM;YACN,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,oBAAoB;SAC7C,CAAC,CAAC;QAEH,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE;YAC3C,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;YAC7B,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,oBAAoB,GAAG,IAAI;SAC7C,CAAC,CAAC;QAEH,KAAK,aAAa,CAChB,IAAI,CAAC,EAAE,EACP,mBAAmB,CAAC;YAClB,MAAM;YACN,KAAK;YACL,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;SAC7B,CAAC,CACH,CAAC;QAEF,OAAO,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/C,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;gBACxD,MAAM,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;gBAClC,IAAI,IAAI,EAAE,CAAC;oBACT,KAAK,aAAa,CAChB,IAAI,CAAC,EAAE,EACP,oBAAoB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAC7D,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE;YACpC,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;SAC9B,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/routes/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAIhE,wBAAgB,kBAAkB,CAChC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,EAC/C,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,EACvC,QAAQ,SAAK,GACZ,IAAI,CASN"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAKhE,wBAAgB,kBAAkB,CAChC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,EAC/C,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,EACvC,QAAQ,SAAK,GACZ,IAAI,CAUN"}

package/dist/routes/config.js

@@ -1,11 +1,13 @@
 import { Hono } from "hono";
 import { layout } from "../views/layout.js";
 import { configView } from "../views/config.js";
+import { requirePermission } from "../middleware/rbac.js";
 export function createConfigRouter(pipelineConfigs, repoConfigs, basePath = "") {
     const router = new Hono();
-    router.get("/config", (c) => {
+    router.get("/config", requirePermission("config.view"), (c) => {
         const content = configView(pipelineConfigs, repoConfigs);
-        return c.html(layout("Configuration", content, basePath));
+        const user = c.get("user");
+        return c.html(layout("Configuration", content, basePath, { userEmail: user?.email }));
     });
     return router;
 }

package/dist/routes/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,UAAU,kBAAkB,CAChC,eAA+C,EAC/C,WAAuC,EACvC,QAAQ,GAAG,EAAE;IAEb,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAE1B,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1B,MAAM,OAAO,GAAG,UAAU,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,UAAU,kBAAkB,CAChC,eAA+C,EAC/C,WAAuC,EACvC,QAAQ,GAAG,EAAE;IAEb,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAE1B,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,iBAAiB,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5D,MAAM,OAAO,GAAG,UAAU,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAe,CAAmC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/routes/coordination.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coordination.d.ts","sourceRoot":"","sources":["../../src/routes/coordination.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AAKxC,wBAAgB,wBAAwB,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,SAAK,GAAG,IAAI,CAqBpE"}
+{"version":3,"file":"coordination.d.ts","sourceRoot":"","sources":["../../src/routes/coordination.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,eAAe,CAAC;AAMxC,wBAAgB,wBAAwB,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,SAAK,GAAG,IAAI,CAsBpE"}