@usehercules/convex 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +478 -0
  3. package/dist/_generated/component.d.ts +184 -0
  4. package/dist/_generated/component.d.ts.map +1 -0
  5. package/dist/_generated/component.js +11 -0
  6. package/dist/_generated/component.js.map +1 -0
  7. package/dist/checker/cli.d.ts +3 -0
  8. package/dist/checker/cli.d.ts.map +1 -0
  9. package/dist/checker/cli.js +71 -0
  10. package/dist/checker/cli.js.map +1 -0
  11. package/dist/checker/index.d.ts +28 -0
  12. package/dist/checker/index.d.ts.map +1 -0
  13. package/dist/checker/index.js +1928 -0
  14. package/dist/checker/index.js.map +1 -0
  15. package/dist/client/access-admin.d.ts +818 -0
  16. package/dist/client/access-admin.d.ts.map +1 -0
  17. package/dist/client/access-admin.js +1830 -0
  18. package/dist/client/access-admin.js.map +1 -0
  19. package/dist/client/http.d.ts +19 -0
  20. package/dist/client/http.d.ts.map +1 -0
  21. package/dist/client/http.js +76 -0
  22. package/dist/client/http.js.map +1 -0
  23. package/dist/client/index.d.ts +440 -0
  24. package/dist/client/index.d.ts.map +1 -0
  25. package/dist/client/index.js +654 -0
  26. package/dist/client/index.js.map +1 -0
  27. package/dist/component/authz.d.ts +114 -0
  28. package/dist/component/authz.d.ts.map +1 -0
  29. package/dist/component/authz.js +168 -0
  30. package/dist/component/authz.js.map +1 -0
  31. package/dist/component/checks.d.ts +86 -0
  32. package/dist/component/checks.d.ts.map +1 -0
  33. package/dist/component/checks.js +184 -0
  34. package/dist/component/checks.js.map +1 -0
  35. package/dist/component/convex.config.d.ts +3 -0
  36. package/dist/component/convex.config.d.ts.map +1 -0
  37. package/dist/component/convex.config.js +3 -0
  38. package/dist/component/convex.config.js.map +1 -0
  39. package/dist/component/effective.d.ts +82 -0
  40. package/dist/component/effective.d.ts.map +1 -0
  41. package/dist/component/effective.js +757 -0
  42. package/dist/component/effective.js.map +1 -0
  43. package/dist/component/queries.d.ts +170 -0
  44. package/dist/component/queries.d.ts.map +1 -0
  45. package/dist/component/queries.js +633 -0
  46. package/dist/component/queries.js.map +1 -0
  47. package/dist/component/schema.d.ts +258 -0
  48. package/dist/component/schema.d.ts.map +1 -0
  49. package/dist/component/schema.js +222 -0
  50. package/dist/component/schema.js.map +1 -0
  51. package/dist/component/sync.d.ts +85 -0
  52. package/dist/component/sync.d.ts.map +1 -0
  53. package/dist/component/sync.js +851 -0
  54. package/dist/component/sync.js.map +1 -0
  55. package/dist/shared/projection-protocol.d.ts +1624 -0
  56. package/dist/shared/projection-protocol.d.ts.map +1 -0
  57. package/dist/shared/projection-protocol.js +561 -0
  58. package/dist/shared/projection-protocol.js.map +1 -0
  59. package/dist/shared/sync.d.ts +24 -0
  60. package/dist/shared/sync.d.ts.map +1 -0
  61. package/dist/shared/sync.js +18 -0
  62. package/dist/shared/sync.js.map +1 -0
  63. package/dist/shared/token.d.ts +5 -0
  64. package/dist/shared/token.d.ts.map +1 -0
  65. package/dist/shared/token.js +19 -0
  66. package/dist/shared/token.js.map +1 -0
  67. package/package.json +89 -0
package/dist/shared/projection-protocol.d.ts ADDED
@@ -0,0 +1,1624 @@
1
+ import { z } from "zod";
2
+ export declare const accessProjectionEffectSchema: z.ZodEnum<{
3
+ allow: "allow";
4
+ deny: "deny";
5
+ }>;
6
+ export type AccessProjectionEffect = z.infer<typeof accessProjectionEffectSchema>;
7
+ export declare const accessProjectionApplicabilitySchema: z.ZodEnum<{
8
+ self: "self";
9
+ self_and_descendants: "self_and_descendants";
10
+ }>;
11
+ export type AccessProjectionApplicability = z.infer<typeof accessProjectionApplicabilitySchema>;
12
+ export declare const accessProjectionWildcardModeSchema: z.ZodEnum<{
13
+ none: "none";
14
+ immutable: "immutable";
15
+ default: "default";
16
+ }>;
17
+ export type AccessProjectionWildcardMode = z.infer<typeof accessProjectionWildcardModeSchema>;
18
+ export declare const accessProjectionPermissionClassificationSchema: z.ZodEnum<{
19
+ delegable: "delegable";
20
+ owner_only: "owner_only";
21
+ }>;
22
+ export type AccessProjectionPermissionClassification = z.infer<typeof accessProjectionPermissionClassificationSchema>;
23
+ export declare const accessProjectionScopeKindSchema: z.ZodEnum<{
24
+ default: "default";
25
+ org: "org";
26
+ suite: "suite";
27
+ }>;
28
+ export type AccessProjectionScopeKind = z.infer<typeof accessProjectionScopeKindSchema>;
29
+ export declare const accessProjectionScopeStatusSchema: z.ZodEnum<{
30
+ active: "active";
31
+ disabled: "disabled";
32
+ }>;
33
+ export type AccessProjectionScopeStatus = z.infer<typeof accessProjectionScopeStatusSchema>;
34
+ export declare const accessProjectionAccountEntryModeSchema: z.ZodEnum<{
35
+ open: "open";
36
+ allowlisted_only: "allowlisted_only";
37
+ invite_only: "invite_only";
38
+ approval_required: "approval_required";
39
+ }>;
40
+ export type AccessProjectionAccountEntryMode = z.infer<typeof accessProjectionAccountEntryModeSchema>;
41
+ export declare const accessProjectionPrincipalStatusSchema: z.ZodEnum<{
42
+ active: "active";
43
+ blocked: "blocked";
44
+ suspended: "suspended";
45
+ pending_approval: "pending_approval";
46
+ removed: "removed";
47
+ }>;
48
+ export type AccessProjectionPrincipalStatus = z.infer<typeof accessProjectionPrincipalStatusSchema>;
49
+ export declare const projectionUserSchema: z.ZodObject<{
50
+ herculesAuthUserId: z.ZodString;
51
+ name: z.ZodString;
52
+ email: z.ZodString;
53
+ emailVerified: z.ZodBoolean;
54
+ image: z.ZodOptional<z.ZodString>;
55
+ phone: z.ZodOptional<z.ZodString>;
56
+ phoneVerified: z.ZodBoolean;
57
+ updatedAt: z.ZodNumber;
58
+ }, z.core.$strict>;
59
+ export type ProjectionUser = z.infer<typeof projectionUserSchema>;
60
+ export declare const projectionCatalogRoleSchema: z.ZodObject<{
61
+ roleId: z.ZodString;
62
+ key: z.ZodString;
63
+ source: z.ZodEnum<{
64
+ system: "system";
65
+ iam: "iam";
66
+ }>;
67
+ name: z.ZodString;
68
+ baseWildcard: z.ZodEnum<{
69
+ none: "none";
70
+ immutable: "immutable";
71
+ default: "default";
72
+ }>;
73
+ updatedAt: z.ZodNumber;
74
+ }, z.core.$strict>;
75
+ export type ProjectionCatalogRole = z.infer<typeof projectionCatalogRoleSchema>;
76
+ export declare const projectionCatalogPermissionSchema: z.ZodObject<{
77
+ permissionId: z.ZodString;
78
+ key: z.ZodString;
79
+ resourceType: z.ZodString;
80
+ action: z.ZodString;
81
+ classification: z.ZodEnum<{
82
+ delegable: "delegable";
83
+ owner_only: "owner_only";
84
+ }>;
85
+ tenantAssignable: z.ZodBoolean;
86
+ updatedAt: z.ZodNumber;
87
+ }, z.core.$strict>;
88
+ export type ProjectionCatalogPermission = z.infer<typeof projectionCatalogPermissionSchema>;
89
+ export declare const projectionCatalogRolePermissionSchema: z.ZodObject<{
90
+ roleId: z.ZodString;
91
+ permissionId: z.ZodString;
92
+ effect: z.ZodEnum<{
93
+ allow: "allow";
94
+ deny: "deny";
95
+ }>;
96
+ updatedAt: z.ZodNumber;
97
+ }, z.core.$strict>;
98
+ export type ProjectionCatalogRolePermission = z.infer<typeof projectionCatalogRolePermissionSchema>;
99
+ export declare const projectionCatalogSchema: z.ZodObject<{
100
+ roles: z.ZodArray<z.ZodObject<{
101
+ roleId: z.ZodString;
102
+ key: z.ZodString;
103
+ source: z.ZodEnum<{
104
+ system: "system";
105
+ iam: "iam";
106
+ }>;
107
+ name: z.ZodString;
108
+ baseWildcard: z.ZodEnum<{
109
+ none: "none";
110
+ immutable: "immutable";
111
+ default: "default";
112
+ }>;
113
+ updatedAt: z.ZodNumber;
114
+ }, z.core.$strict>>;
115
+ permissions: z.ZodArray<z.ZodObject<{
116
+ permissionId: z.ZodString;
117
+ key: z.ZodString;
118
+ resourceType: z.ZodString;
119
+ action: z.ZodString;
120
+ classification: z.ZodEnum<{
121
+ delegable: "delegable";
122
+ owner_only: "owner_only";
123
+ }>;
124
+ tenantAssignable: z.ZodBoolean;
125
+ updatedAt: z.ZodNumber;
126
+ }, z.core.$strict>>;
127
+ rolePermissions: z.ZodArray<z.ZodObject<{
128
+ roleId: z.ZodString;
129
+ permissionId: z.ZodString;
130
+ effect: z.ZodEnum<{
131
+ allow: "allow";
132
+ deny: "deny";
133
+ }>;
134
+ updatedAt: z.ZodNumber;
135
+ }, z.core.$strict>>;
136
+ }, z.core.$strict>;
137
+ export type ProjectionCatalog = z.infer<typeof projectionCatalogSchema>;
138
+ export declare const projectionScopeMetadataSchema: z.ZodObject<{
139
+ accessScopeId: z.ZodString;
140
+ name: z.ZodString;
141
+ kind: z.ZodEnum<{
142
+ default: "default";
143
+ org: "org";
144
+ suite: "suite";
145
+ }>;
146
+ status: z.ZodEnum<{
147
+ active: "active";
148
+ disabled: "disabled";
149
+ }>;
150
+ accountEntryMode: z.ZodEnum<{
151
+ open: "open";
152
+ allowlisted_only: "allowlisted_only";
153
+ invite_only: "invite_only";
154
+ approval_required: "approval_required";
155
+ }>;
156
+ defaultRoleId: z.ZodString;
157
+ updatedAt: z.ZodNumber;
158
+ }, z.core.$strict>;
159
+ export type ProjectionScopeMetadata = z.infer<typeof projectionScopeMetadataSchema>;
160
+ export declare const projectionPrincipalSchema: z.ZodObject<{
161
+ principalId: z.ZodString;
162
+ type: z.ZodEnum<{
163
+ user: "user";
164
+ group: "group";
165
+ }>;
166
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
167
+ name: z.ZodOptional<z.ZodString>;
168
+ status: z.ZodEnum<{
169
+ active: "active";
170
+ blocked: "blocked";
171
+ suspended: "suspended";
172
+ pending_approval: "pending_approval";
173
+ removed: "removed";
174
+ }>;
175
+ joinedAt: z.ZodNumber;
176
+ updatedAt: z.ZodNumber;
177
+ }, z.core.$strict>;
178
+ export type ProjectionPrincipal = z.infer<typeof projectionPrincipalSchema>;
179
+ export declare const projectionPrincipalMembershipSchema: z.ZodObject<{
180
+ groupPrincipalId: z.ZodString;
181
+ memberPrincipalId: z.ZodString;
182
+ updatedAt: z.ZodNumber;
183
+ }, z.core.$strict>;
184
+ export type ProjectionPrincipalMembership = z.infer<typeof projectionPrincipalMembershipSchema>;
185
+ export declare const projectionScopeTenantRoleSchema: z.ZodObject<{
186
+ roleId: z.ZodString;
187
+ accessScopeId: z.ZodString;
188
+ key: z.ZodString;
189
+ source: z.ZodLiteral<"tenant">;
190
+ name: z.ZodString;
191
+ baseWildcard: z.ZodLiteral<"none">;
192
+ updatedAt: z.ZodNumber;
193
+ }, z.core.$strict>;
194
+ export type ProjectionScopeTenantRole = z.infer<typeof projectionScopeTenantRoleSchema>;
195
+ export declare const projectionScopeRolePermissionOverrideSchema: z.ZodObject<{
196
+ accessScopeId: z.ZodString;
197
+ roleId: z.ZodString;
198
+ permissionId: z.ZodString;
199
+ effect: z.ZodEnum<{
200
+ allow: "allow";
201
+ deny: "deny";
202
+ }>;
203
+ updatedAt: z.ZodNumber;
204
+ }, z.core.$strict>;
205
+ export type ProjectionScopeRolePermissionOverride = z.infer<typeof projectionScopeRolePermissionOverrideSchema>;
206
+ export declare const projectionScopeRoleBindingSchema: z.ZodObject<{
207
+ bindingId: z.ZodString;
208
+ subjectPrincipalId: z.ZodString;
209
+ roleId: z.ZodString;
210
+ accessScopeId: z.ZodString;
211
+ resourceType: z.ZodOptional<z.ZodString>;
212
+ resourceId: z.ZodOptional<z.ZodString>;
213
+ appliesTo: z.ZodDefault<z.ZodEnum<{
214
+ self: "self";
215
+ self_and_descendants: "self_and_descendants";
216
+ }>>;
217
+ expiresAt: z.ZodOptional<z.ZodNumber>;
218
+ updatedAt: z.ZodNumber;
219
+ }, z.core.$strict>;
220
+ export type ProjectionScopeRoleBinding = z.infer<typeof projectionScopeRoleBindingSchema>;
221
+ export declare const projectionScopePermissionBindingSchema: z.ZodObject<{
222
+ bindingId: z.ZodString;
223
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
224
+ subjectRoleId: z.ZodOptional<z.ZodString>;
225
+ permissionId: z.ZodString;
226
+ effect: z.ZodEnum<{
227
+ allow: "allow";
228
+ deny: "deny";
229
+ }>;
230
+ accessScopeId: z.ZodString;
231
+ resourceType: z.ZodOptional<z.ZodString>;
232
+ resourceId: z.ZodOptional<z.ZodString>;
233
+ appliesTo: z.ZodDefault<z.ZodEnum<{
234
+ self: "self";
235
+ self_and_descendants: "self_and_descendants";
236
+ }>>;
237
+ expiresAt: z.ZodOptional<z.ZodNumber>;
238
+ updatedAt: z.ZodNumber;
239
+ }, z.core.$strict>;
240
+ export type ProjectionScopePermissionBinding = z.infer<typeof projectionScopePermissionBindingSchema>;
241
+ export declare const projectionScopeSchema: z.ZodObject<{
242
+ scope: z.ZodObject<{
243
+ accessScopeId: z.ZodString;
244
+ name: z.ZodString;
245
+ kind: z.ZodEnum<{
246
+ default: "default";
247
+ org: "org";
248
+ suite: "suite";
249
+ }>;
250
+ status: z.ZodEnum<{
251
+ active: "active";
252
+ disabled: "disabled";
253
+ }>;
254
+ accountEntryMode: z.ZodEnum<{
255
+ open: "open";
256
+ allowlisted_only: "allowlisted_only";
257
+ invite_only: "invite_only";
258
+ approval_required: "approval_required";
259
+ }>;
260
+ defaultRoleId: z.ZodString;
261
+ updatedAt: z.ZodNumber;
262
+ }, z.core.$strict>;
263
+ principals: z.ZodArray<z.ZodObject<{
264
+ principalId: z.ZodString;
265
+ type: z.ZodEnum<{
266
+ user: "user";
267
+ group: "group";
268
+ }>;
269
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
270
+ name: z.ZodOptional<z.ZodString>;
271
+ status: z.ZodEnum<{
272
+ active: "active";
273
+ blocked: "blocked";
274
+ suspended: "suspended";
275
+ pending_approval: "pending_approval";
276
+ removed: "removed";
277
+ }>;
278
+ joinedAt: z.ZodNumber;
279
+ updatedAt: z.ZodNumber;
280
+ }, z.core.$strict>>;
281
+ principalMemberships: z.ZodArray<z.ZodObject<{
282
+ groupPrincipalId: z.ZodString;
283
+ memberPrincipalId: z.ZodString;
284
+ updatedAt: z.ZodNumber;
285
+ }, z.core.$strict>>;
286
+ roles: z.ZodArray<z.ZodObject<{
287
+ roleId: z.ZodString;
288
+ accessScopeId: z.ZodString;
289
+ key: z.ZodString;
290
+ source: z.ZodLiteral<"tenant">;
291
+ name: z.ZodString;
292
+ baseWildcard: z.ZodLiteral<"none">;
293
+ updatedAt: z.ZodNumber;
294
+ }, z.core.$strict>>;
295
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
296
+ accessScopeId: z.ZodString;
297
+ roleId: z.ZodString;
298
+ permissionId: z.ZodString;
299
+ effect: z.ZodEnum<{
300
+ allow: "allow";
301
+ deny: "deny";
302
+ }>;
303
+ updatedAt: z.ZodNumber;
304
+ }, z.core.$strict>>;
305
+ roleBindings: z.ZodArray<z.ZodObject<{
306
+ bindingId: z.ZodString;
307
+ subjectPrincipalId: z.ZodString;
308
+ roleId: z.ZodString;
309
+ accessScopeId: z.ZodString;
310
+ resourceType: z.ZodOptional<z.ZodString>;
311
+ resourceId: z.ZodOptional<z.ZodString>;
312
+ appliesTo: z.ZodDefault<z.ZodEnum<{
313
+ self: "self";
314
+ self_and_descendants: "self_and_descendants";
315
+ }>>;
316
+ expiresAt: z.ZodOptional<z.ZodNumber>;
317
+ updatedAt: z.ZodNumber;
318
+ }, z.core.$strict>>;
319
+ permissionBindings: z.ZodArray<z.ZodObject<{
320
+ bindingId: z.ZodString;
321
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
322
+ subjectRoleId: z.ZodOptional<z.ZodString>;
323
+ permissionId: z.ZodString;
324
+ effect: z.ZodEnum<{
325
+ allow: "allow";
326
+ deny: "deny";
327
+ }>;
328
+ accessScopeId: z.ZodString;
329
+ resourceType: z.ZodOptional<z.ZodString>;
330
+ resourceId: z.ZodOptional<z.ZodString>;
331
+ appliesTo: z.ZodDefault<z.ZodEnum<{
332
+ self: "self";
333
+ self_and_descendants: "self_and_descendants";
334
+ }>>;
335
+ expiresAt: z.ZodOptional<z.ZodNumber>;
336
+ updatedAt: z.ZodNumber;
337
+ }, z.core.$strict>>;
338
+ }, z.core.$strict>;
339
+ export type ProjectionScope = z.infer<typeof projectionScopeSchema>;
340
+ export declare const accessProjectionSnapshotSchema: z.ZodObject<{
341
+ type: z.ZodLiteral<"access.projection.snapshot">;
342
+ schemaVersion: z.ZodLiteral<3>;
343
+ eventId: z.ZodString;
344
+ mode: z.ZodEnum<{
345
+ initialize: "initialize";
346
+ reset: "reset";
347
+ }>;
348
+ sourceVersion: z.ZodNumber;
349
+ expectedIssuer: z.ZodString;
350
+ catalog: z.ZodObject<{
351
+ roles: z.ZodArray<z.ZodObject<{
352
+ roleId: z.ZodString;
353
+ key: z.ZodString;
354
+ source: z.ZodEnum<{
355
+ system: "system";
356
+ iam: "iam";
357
+ }>;
358
+ name: z.ZodString;
359
+ baseWildcard: z.ZodEnum<{
360
+ none: "none";
361
+ immutable: "immutable";
362
+ default: "default";
363
+ }>;
364
+ updatedAt: z.ZodNumber;
365
+ }, z.core.$strict>>;
366
+ permissions: z.ZodArray<z.ZodObject<{
367
+ permissionId: z.ZodString;
368
+ key: z.ZodString;
369
+ resourceType: z.ZodString;
370
+ action: z.ZodString;
371
+ classification: z.ZodEnum<{
372
+ delegable: "delegable";
373
+ owner_only: "owner_only";
374
+ }>;
375
+ tenantAssignable: z.ZodBoolean;
376
+ updatedAt: z.ZodNumber;
377
+ }, z.core.$strict>>;
378
+ rolePermissions: z.ZodArray<z.ZodObject<{
379
+ roleId: z.ZodString;
380
+ permissionId: z.ZodString;
381
+ effect: z.ZodEnum<{
382
+ allow: "allow";
383
+ deny: "deny";
384
+ }>;
385
+ updatedAt: z.ZodNumber;
386
+ }, z.core.$strict>>;
387
+ }, z.core.$strict>;
388
+ users: z.ZodArray<z.ZodObject<{
389
+ herculesAuthUserId: z.ZodString;
390
+ name: z.ZodString;
391
+ email: z.ZodString;
392
+ emailVerified: z.ZodBoolean;
393
+ image: z.ZodOptional<z.ZodString>;
394
+ phone: z.ZodOptional<z.ZodString>;
395
+ phoneVerified: z.ZodBoolean;
396
+ updatedAt: z.ZodNumber;
397
+ }, z.core.$strict>>;
398
+ scopes: z.ZodArray<z.ZodObject<{
399
+ scope: z.ZodObject<{
400
+ accessScopeId: z.ZodString;
401
+ name: z.ZodString;
402
+ kind: z.ZodEnum<{
403
+ default: "default";
404
+ org: "org";
405
+ suite: "suite";
406
+ }>;
407
+ status: z.ZodEnum<{
408
+ active: "active";
409
+ disabled: "disabled";
410
+ }>;
411
+ accountEntryMode: z.ZodEnum<{
412
+ open: "open";
413
+ allowlisted_only: "allowlisted_only";
414
+ invite_only: "invite_only";
415
+ approval_required: "approval_required";
416
+ }>;
417
+ defaultRoleId: z.ZodString;
418
+ updatedAt: z.ZodNumber;
419
+ }, z.core.$strict>;
420
+ principals: z.ZodArray<z.ZodObject<{
421
+ principalId: z.ZodString;
422
+ type: z.ZodEnum<{
423
+ user: "user";
424
+ group: "group";
425
+ }>;
426
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
427
+ name: z.ZodOptional<z.ZodString>;
428
+ status: z.ZodEnum<{
429
+ active: "active";
430
+ blocked: "blocked";
431
+ suspended: "suspended";
432
+ pending_approval: "pending_approval";
433
+ removed: "removed";
434
+ }>;
435
+ joinedAt: z.ZodNumber;
436
+ updatedAt: z.ZodNumber;
437
+ }, z.core.$strict>>;
438
+ principalMemberships: z.ZodArray<z.ZodObject<{
439
+ groupPrincipalId: z.ZodString;
440
+ memberPrincipalId: z.ZodString;
441
+ updatedAt: z.ZodNumber;
442
+ }, z.core.$strict>>;
443
+ roles: z.ZodArray<z.ZodObject<{
444
+ roleId: z.ZodString;
445
+ accessScopeId: z.ZodString;
446
+ key: z.ZodString;
447
+ source: z.ZodLiteral<"tenant">;
448
+ name: z.ZodString;
449
+ baseWildcard: z.ZodLiteral<"none">;
450
+ updatedAt: z.ZodNumber;
451
+ }, z.core.$strict>>;
452
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
453
+ accessScopeId: z.ZodString;
454
+ roleId: z.ZodString;
455
+ permissionId: z.ZodString;
456
+ effect: z.ZodEnum<{
457
+ allow: "allow";
458
+ deny: "deny";
459
+ }>;
460
+ updatedAt: z.ZodNumber;
461
+ }, z.core.$strict>>;
462
+ roleBindings: z.ZodArray<z.ZodObject<{
463
+ bindingId: z.ZodString;
464
+ subjectPrincipalId: z.ZodString;
465
+ roleId: z.ZodString;
466
+ accessScopeId: z.ZodString;
467
+ resourceType: z.ZodOptional<z.ZodString>;
468
+ resourceId: z.ZodOptional<z.ZodString>;
469
+ appliesTo: z.ZodDefault<z.ZodEnum<{
470
+ self: "self";
471
+ self_and_descendants: "self_and_descendants";
472
+ }>>;
473
+ expiresAt: z.ZodOptional<z.ZodNumber>;
474
+ updatedAt: z.ZodNumber;
475
+ }, z.core.$strict>>;
476
+ permissionBindings: z.ZodArray<z.ZodObject<{
477
+ bindingId: z.ZodString;
478
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
479
+ subjectRoleId: z.ZodOptional<z.ZodString>;
480
+ permissionId: z.ZodString;
481
+ effect: z.ZodEnum<{
482
+ allow: "allow";
483
+ deny: "deny";
484
+ }>;
485
+ accessScopeId: z.ZodString;
486
+ resourceType: z.ZodOptional<z.ZodString>;
487
+ resourceId: z.ZodOptional<z.ZodString>;
488
+ appliesTo: z.ZodDefault<z.ZodEnum<{
489
+ self: "self";
490
+ self_and_descendants: "self_and_descendants";
491
+ }>>;
492
+ expiresAt: z.ZodOptional<z.ZodNumber>;
493
+ updatedAt: z.ZodNumber;
494
+ }, z.core.$strict>>;
495
+ }, z.core.$strict>>;
496
+ }, z.core.$strict>;
497
+ export type AccessProjectionSnapshot = z.infer<typeof accessProjectionSnapshotSchema>;
498
+ export declare const projectionChangeOperationSchema: z.ZodEnum<{
499
+ upsert: "upsert";
500
+ delete: "delete";
501
+ }>;
502
+ export type ProjectionChangeOperation = z.infer<typeof projectionChangeOperationSchema>;
503
+ export declare const projectionUserChangeSchema: z.ZodObject<{
504
+ entityType: z.ZodLiteral<"user">;
505
+ herculesAuthUserId: z.ZodString;
506
+ operation: z.ZodEnum<{
507
+ upsert: "upsert";
508
+ delete: "delete";
509
+ }>;
510
+ }, z.core.$strict>;
511
+ export type ProjectionUserChange = z.infer<typeof projectionUserChangeSchema>;
512
+ export declare const projectionRoleChangeSchema: z.ZodObject<{
513
+ entityType: z.ZodLiteral<"role">;
514
+ roleId: z.ZodString;
515
+ operation: z.ZodEnum<{
516
+ upsert: "upsert";
517
+ delete: "delete";
518
+ }>;
519
+ }, z.core.$strict>;
520
+ export type ProjectionRoleChange = z.infer<typeof projectionRoleChangeSchema>;
521
+ export declare const projectionPermissionChangeSchema: z.ZodObject<{
522
+ entityType: z.ZodLiteral<"permission">;
523
+ permissionId: z.ZodString;
524
+ operation: z.ZodEnum<{
525
+ upsert: "upsert";
526
+ delete: "delete";
527
+ }>;
528
+ }, z.core.$strict>;
529
+ export type ProjectionPermissionChange = z.infer<typeof projectionPermissionChangeSchema>;
530
+ export declare const projectionRolePermissionChangeSchema: z.ZodObject<{
531
+ entityType: z.ZodLiteral<"role_permission">;
532
+ roleId: z.ZodString;
533
+ permissionId: z.ZodString;
534
+ operation: z.ZodEnum<{
535
+ upsert: "upsert";
536
+ delete: "delete";
537
+ }>;
538
+ }, z.core.$strict>;
539
+ export type ProjectionRolePermissionChange = z.infer<typeof projectionRolePermissionChangeSchema>;
540
+ export declare const projectionScopeMetaChangeSchema: z.ZodObject<{
541
+ entityType: z.ZodLiteral<"scope">;
542
+ accessScopeId: z.ZodString;
543
+ operation: z.ZodEnum<{
544
+ upsert: "upsert";
545
+ delete: "delete";
546
+ }>;
547
+ }, z.core.$strict>;
548
+ export type ProjectionScopeMetaChange = z.infer<typeof projectionScopeMetaChangeSchema>;
549
+ export declare const projectionPrincipalChangeSchema: z.ZodObject<{
550
+ entityType: z.ZodLiteral<"principal">;
551
+ principalId: z.ZodString;
552
+ operation: z.ZodEnum<{
553
+ upsert: "upsert";
554
+ delete: "delete";
555
+ }>;
556
+ }, z.core.$strict>;
557
+ export type ProjectionPrincipalChange = z.infer<typeof projectionPrincipalChangeSchema>;
558
+ export declare const projectionPrincipalMembershipChangeSchema: z.ZodObject<{
559
+ entityType: z.ZodLiteral<"principal_membership">;
560
+ groupPrincipalId: z.ZodString;
561
+ memberPrincipalId: z.ZodString;
562
+ operation: z.ZodEnum<{
563
+ upsert: "upsert";
564
+ delete: "delete";
565
+ }>;
566
+ }, z.core.$strict>;
567
+ export type ProjectionPrincipalMembershipChange = z.infer<typeof projectionPrincipalMembershipChangeSchema>;
568
+ export declare const projectionRolePermissionOverrideChangeSchema: z.ZodObject<{
569
+ entityType: z.ZodLiteral<"role_permission_override">;
570
+ accessScopeId: z.ZodString;
571
+ roleId: z.ZodString;
572
+ permissionId: z.ZodString;
573
+ operation: z.ZodEnum<{
574
+ upsert: "upsert";
575
+ delete: "delete";
576
+ }>;
577
+ }, z.core.$strict>;
578
+ export type ProjectionRolePermissionOverrideChange = z.infer<typeof projectionRolePermissionOverrideChangeSchema>;
579
+ export declare const projectionRoleBindingChangeSchema: z.ZodObject<{
580
+ entityType: z.ZodLiteral<"role_binding">;
581
+ bindingId: z.ZodString;
582
+ operation: z.ZodEnum<{
583
+ upsert: "upsert";
584
+ delete: "delete";
585
+ }>;
586
+ }, z.core.$strict>;
587
+ export type ProjectionRoleBindingChange = z.infer<typeof projectionRoleBindingChangeSchema>;
588
+ export declare const projectionPermissionBindingChangeSchema: z.ZodObject<{
589
+ entityType: z.ZodLiteral<"permission_binding">;
590
+ bindingId: z.ZodString;
591
+ operation: z.ZodEnum<{
592
+ upsert: "upsert";
593
+ delete: "delete";
594
+ }>;
595
+ }, z.core.$strict>;
596
+ export type ProjectionPermissionBindingChange = z.infer<typeof projectionPermissionBindingChangeSchema>;
597
+ export declare const projectionCatalogChangeSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
598
+ entityType: z.ZodLiteral<"role">;
599
+ roleId: z.ZodString;
600
+ operation: z.ZodEnum<{
601
+ upsert: "upsert";
602
+ delete: "delete";
603
+ }>;
604
+ }, z.core.$strict>, z.ZodObject<{
605
+ entityType: z.ZodLiteral<"permission">;
606
+ permissionId: z.ZodString;
607
+ operation: z.ZodEnum<{
608
+ upsert: "upsert";
609
+ delete: "delete";
610
+ }>;
611
+ }, z.core.$strict>, z.ZodObject<{
612
+ entityType: z.ZodLiteral<"role_permission">;
613
+ roleId: z.ZodString;
614
+ permissionId: z.ZodString;
615
+ operation: z.ZodEnum<{
616
+ upsert: "upsert";
617
+ delete: "delete";
618
+ }>;
619
+ }, z.core.$strict>], "entityType">;
620
+ export type ProjectionCatalogChange = z.infer<typeof projectionCatalogChangeSchema>;
621
+ export declare const projectionScopeChangeSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
622
+ entityType: z.ZodLiteral<"scope">;
623
+ accessScopeId: z.ZodString;
624
+ operation: z.ZodEnum<{
625
+ upsert: "upsert";
626
+ delete: "delete";
627
+ }>;
628
+ }, z.core.$strict>, z.ZodObject<{
629
+ entityType: z.ZodLiteral<"principal">;
630
+ principalId: z.ZodString;
631
+ operation: z.ZodEnum<{
632
+ upsert: "upsert";
633
+ delete: "delete";
634
+ }>;
635
+ }, z.core.$strict>, z.ZodObject<{
636
+ entityType: z.ZodLiteral<"principal_membership">;
637
+ groupPrincipalId: z.ZodString;
638
+ memberPrincipalId: z.ZodString;
639
+ operation: z.ZodEnum<{
640
+ upsert: "upsert";
641
+ delete: "delete";
642
+ }>;
643
+ }, z.core.$strict>, z.ZodObject<{
644
+ entityType: z.ZodLiteral<"role">;
645
+ roleId: z.ZodString;
646
+ operation: z.ZodEnum<{
647
+ upsert: "upsert";
648
+ delete: "delete";
649
+ }>;
650
+ }, z.core.$strict>, z.ZodObject<{
651
+ entityType: z.ZodLiteral<"role_permission_override">;
652
+ accessScopeId: z.ZodString;
653
+ roleId: z.ZodString;
654
+ permissionId: z.ZodString;
655
+ operation: z.ZodEnum<{
656
+ upsert: "upsert";
657
+ delete: "delete";
658
+ }>;
659
+ }, z.core.$strict>, z.ZodObject<{
660
+ entityType: z.ZodLiteral<"role_binding">;
661
+ bindingId: z.ZodString;
662
+ operation: z.ZodEnum<{
663
+ upsert: "upsert";
664
+ delete: "delete";
665
+ }>;
666
+ }, z.core.$strict>, z.ZodObject<{
667
+ entityType: z.ZodLiteral<"permission_binding">;
668
+ bindingId: z.ZodString;
669
+ operation: z.ZodEnum<{
670
+ upsert: "upsert";
671
+ delete: "delete";
672
+ }>;
673
+ }, z.core.$strict>], "entityType">;
674
+ export type ProjectionScopeChange = z.infer<typeof projectionScopeChangeSchema>;
675
+ export declare const projectionChangeSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
676
+ entityType: z.ZodLiteral<"user">;
677
+ herculesAuthUserId: z.ZodString;
678
+ operation: z.ZodEnum<{
679
+ upsert: "upsert";
680
+ delete: "delete";
681
+ }>;
682
+ }, z.core.$strict>, z.ZodObject<{
683
+ entityType: z.ZodLiteral<"role">;
684
+ roleId: z.ZodString;
685
+ operation: z.ZodEnum<{
686
+ upsert: "upsert";
687
+ delete: "delete";
688
+ }>;
689
+ }, z.core.$strict>, z.ZodObject<{
690
+ entityType: z.ZodLiteral<"permission">;
691
+ permissionId: z.ZodString;
692
+ operation: z.ZodEnum<{
693
+ upsert: "upsert";
694
+ delete: "delete";
695
+ }>;
696
+ }, z.core.$strict>, z.ZodObject<{
697
+ entityType: z.ZodLiteral<"role_permission">;
698
+ roleId: z.ZodString;
699
+ permissionId: z.ZodString;
700
+ operation: z.ZodEnum<{
701
+ upsert: "upsert";
702
+ delete: "delete";
703
+ }>;
704
+ }, z.core.$strict>, z.ZodObject<{
705
+ entityType: z.ZodLiteral<"scope">;
706
+ accessScopeId: z.ZodString;
707
+ operation: z.ZodEnum<{
708
+ upsert: "upsert";
709
+ delete: "delete";
710
+ }>;
711
+ }, z.core.$strict>, z.ZodObject<{
712
+ entityType: z.ZodLiteral<"principal">;
713
+ principalId: z.ZodString;
714
+ operation: z.ZodEnum<{
715
+ upsert: "upsert";
716
+ delete: "delete";
717
+ }>;
718
+ }, z.core.$strict>, z.ZodObject<{
719
+ entityType: z.ZodLiteral<"principal_membership">;
720
+ groupPrincipalId: z.ZodString;
721
+ memberPrincipalId: z.ZodString;
722
+ operation: z.ZodEnum<{
723
+ upsert: "upsert";
724
+ delete: "delete";
725
+ }>;
726
+ }, z.core.$strict>, z.ZodObject<{
727
+ entityType: z.ZodLiteral<"role_permission_override">;
728
+ accessScopeId: z.ZodString;
729
+ roleId: z.ZodString;
730
+ permissionId: z.ZodString;
731
+ operation: z.ZodEnum<{
732
+ upsert: "upsert";
733
+ delete: "delete";
734
+ }>;
735
+ }, z.core.$strict>, z.ZodObject<{
736
+ entityType: z.ZodLiteral<"role_binding">;
737
+ bindingId: z.ZodString;
738
+ operation: z.ZodEnum<{
739
+ upsert: "upsert";
740
+ delete: "delete";
741
+ }>;
742
+ }, z.core.$strict>, z.ZodObject<{
743
+ entityType: z.ZodLiteral<"permission_binding">;
744
+ bindingId: z.ZodString;
745
+ operation: z.ZodEnum<{
746
+ upsert: "upsert";
747
+ delete: "delete";
748
+ }>;
749
+ }, z.core.$strict>], "entityType">;
750
+ export type ProjectionChange = z.infer<typeof projectionChangeSchema>;
751
+ export type ProjectionEntityType = ProjectionChange["entityType"];
752
+ export declare const projectionCatalogDeltaSchema: z.ZodObject<{
753
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
754
+ entityType: z.ZodLiteral<"role">;
755
+ roleId: z.ZodString;
756
+ operation: z.ZodEnum<{
757
+ upsert: "upsert";
758
+ delete: "delete";
759
+ }>;
760
+ }, z.core.$strict>, z.ZodObject<{
761
+ entityType: z.ZodLiteral<"permission">;
762
+ permissionId: z.ZodString;
763
+ operation: z.ZodEnum<{
764
+ upsert: "upsert";
765
+ delete: "delete";
766
+ }>;
767
+ }, z.core.$strict>, z.ZodObject<{
768
+ entityType: z.ZodLiteral<"role_permission">;
769
+ roleId: z.ZodString;
770
+ permissionId: z.ZodString;
771
+ operation: z.ZodEnum<{
772
+ upsert: "upsert";
773
+ delete: "delete";
774
+ }>;
775
+ }, z.core.$strict>], "entityType">>;
776
+ roles: z.ZodArray<z.ZodObject<{
777
+ roleId: z.ZodString;
778
+ key: z.ZodString;
779
+ source: z.ZodEnum<{
780
+ system: "system";
781
+ iam: "iam";
782
+ }>;
783
+ name: z.ZodString;
784
+ baseWildcard: z.ZodEnum<{
785
+ none: "none";
786
+ immutable: "immutable";
787
+ default: "default";
788
+ }>;
789
+ updatedAt: z.ZodNumber;
790
+ }, z.core.$strict>>;
791
+ permissions: z.ZodArray<z.ZodObject<{
792
+ permissionId: z.ZodString;
793
+ key: z.ZodString;
794
+ resourceType: z.ZodString;
795
+ action: z.ZodString;
796
+ classification: z.ZodEnum<{
797
+ delegable: "delegable";
798
+ owner_only: "owner_only";
799
+ }>;
800
+ tenantAssignable: z.ZodBoolean;
801
+ updatedAt: z.ZodNumber;
802
+ }, z.core.$strict>>;
803
+ rolePermissions: z.ZodArray<z.ZodObject<{
804
+ roleId: z.ZodString;
805
+ permissionId: z.ZodString;
806
+ effect: z.ZodEnum<{
807
+ allow: "allow";
808
+ deny: "deny";
809
+ }>;
810
+ updatedAt: z.ZodNumber;
811
+ }, z.core.$strict>>;
812
+ }, z.core.$strict>;
813
+ export type ProjectionCatalogDelta = z.infer<typeof projectionCatalogDeltaSchema>;
814
+ export declare const projectionUserDeltaSchema: z.ZodObject<{
815
+ changes: z.ZodArray<z.ZodObject<{
816
+ entityType: z.ZodLiteral<"user">;
817
+ herculesAuthUserId: z.ZodString;
818
+ operation: z.ZodEnum<{
819
+ upsert: "upsert";
820
+ delete: "delete";
821
+ }>;
822
+ }, z.core.$strict>>;
823
+ users: z.ZodArray<z.ZodObject<{
824
+ herculesAuthUserId: z.ZodString;
825
+ name: z.ZodString;
826
+ email: z.ZodString;
827
+ emailVerified: z.ZodBoolean;
828
+ image: z.ZodOptional<z.ZodString>;
829
+ phone: z.ZodOptional<z.ZodString>;
830
+ phoneVerified: z.ZodBoolean;
831
+ updatedAt: z.ZodNumber;
832
+ }, z.core.$strict>>;
833
+ }, z.core.$strict>;
834
+ export type ProjectionUserDelta = z.infer<typeof projectionUserDeltaSchema>;
835
+ export declare const projectionScopeDeltaSchema: z.ZodObject<{
836
+ accessScopeId: z.ZodString;
837
+ scope: z.ZodOptional<z.ZodObject<{
838
+ accessScopeId: z.ZodString;
839
+ name: z.ZodString;
840
+ kind: z.ZodEnum<{
841
+ default: "default";
842
+ org: "org";
843
+ suite: "suite";
844
+ }>;
845
+ status: z.ZodEnum<{
846
+ active: "active";
847
+ disabled: "disabled";
848
+ }>;
849
+ accountEntryMode: z.ZodEnum<{
850
+ open: "open";
851
+ allowlisted_only: "allowlisted_only";
852
+ invite_only: "invite_only";
853
+ approval_required: "approval_required";
854
+ }>;
855
+ defaultRoleId: z.ZodString;
856
+ updatedAt: z.ZodNumber;
857
+ }, z.core.$strict>>;
858
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
859
+ entityType: z.ZodLiteral<"scope">;
860
+ accessScopeId: z.ZodString;
861
+ operation: z.ZodEnum<{
862
+ upsert: "upsert";
863
+ delete: "delete";
864
+ }>;
865
+ }, z.core.$strict>, z.ZodObject<{
866
+ entityType: z.ZodLiteral<"principal">;
867
+ principalId: z.ZodString;
868
+ operation: z.ZodEnum<{
869
+ upsert: "upsert";
870
+ delete: "delete";
871
+ }>;
872
+ }, z.core.$strict>, z.ZodObject<{
873
+ entityType: z.ZodLiteral<"principal_membership">;
874
+ groupPrincipalId: z.ZodString;
875
+ memberPrincipalId: z.ZodString;
876
+ operation: z.ZodEnum<{
877
+ upsert: "upsert";
878
+ delete: "delete";
879
+ }>;
880
+ }, z.core.$strict>, z.ZodObject<{
881
+ entityType: z.ZodLiteral<"role">;
882
+ roleId: z.ZodString;
883
+ operation: z.ZodEnum<{
884
+ upsert: "upsert";
885
+ delete: "delete";
886
+ }>;
887
+ }, z.core.$strict>, z.ZodObject<{
888
+ entityType: z.ZodLiteral<"role_permission_override">;
889
+ accessScopeId: z.ZodString;
890
+ roleId: z.ZodString;
891
+ permissionId: z.ZodString;
892
+ operation: z.ZodEnum<{
893
+ upsert: "upsert";
894
+ delete: "delete";
895
+ }>;
896
+ }, z.core.$strict>, z.ZodObject<{
897
+ entityType: z.ZodLiteral<"role_binding">;
898
+ bindingId: z.ZodString;
899
+ operation: z.ZodEnum<{
900
+ upsert: "upsert";
901
+ delete: "delete";
902
+ }>;
903
+ }, z.core.$strict>, z.ZodObject<{
904
+ entityType: z.ZodLiteral<"permission_binding">;
905
+ bindingId: z.ZodString;
906
+ operation: z.ZodEnum<{
907
+ upsert: "upsert";
908
+ delete: "delete";
909
+ }>;
910
+ }, z.core.$strict>], "entityType">>;
911
+ principals: z.ZodArray<z.ZodObject<{
912
+ principalId: z.ZodString;
913
+ type: z.ZodEnum<{
914
+ user: "user";
915
+ group: "group";
916
+ }>;
917
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
918
+ name: z.ZodOptional<z.ZodString>;
919
+ status: z.ZodEnum<{
920
+ active: "active";
921
+ blocked: "blocked";
922
+ suspended: "suspended";
923
+ pending_approval: "pending_approval";
924
+ removed: "removed";
925
+ }>;
926
+ joinedAt: z.ZodNumber;
927
+ updatedAt: z.ZodNumber;
928
+ }, z.core.$strict>>;
929
+ principalMemberships: z.ZodArray<z.ZodObject<{
930
+ groupPrincipalId: z.ZodString;
931
+ memberPrincipalId: z.ZodString;
932
+ updatedAt: z.ZodNumber;
933
+ }, z.core.$strict>>;
934
+ roles: z.ZodArray<z.ZodObject<{
935
+ roleId: z.ZodString;
936
+ accessScopeId: z.ZodString;
937
+ key: z.ZodString;
938
+ source: z.ZodLiteral<"tenant">;
939
+ name: z.ZodString;
940
+ baseWildcard: z.ZodLiteral<"none">;
941
+ updatedAt: z.ZodNumber;
942
+ }, z.core.$strict>>;
943
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
944
+ accessScopeId: z.ZodString;
945
+ roleId: z.ZodString;
946
+ permissionId: z.ZodString;
947
+ effect: z.ZodEnum<{
948
+ allow: "allow";
949
+ deny: "deny";
950
+ }>;
951
+ updatedAt: z.ZodNumber;
952
+ }, z.core.$strict>>;
953
+ roleBindings: z.ZodArray<z.ZodObject<{
954
+ bindingId: z.ZodString;
955
+ subjectPrincipalId: z.ZodString;
956
+ roleId: z.ZodString;
957
+ accessScopeId: z.ZodString;
958
+ resourceType: z.ZodOptional<z.ZodString>;
959
+ resourceId: z.ZodOptional<z.ZodString>;
960
+ appliesTo: z.ZodDefault<z.ZodEnum<{
961
+ self: "self";
962
+ self_and_descendants: "self_and_descendants";
963
+ }>>;
964
+ expiresAt: z.ZodOptional<z.ZodNumber>;
965
+ updatedAt: z.ZodNumber;
966
+ }, z.core.$strict>>;
967
+ permissionBindings: z.ZodArray<z.ZodObject<{
968
+ bindingId: z.ZodString;
969
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
970
+ subjectRoleId: z.ZodOptional<z.ZodString>;
971
+ permissionId: z.ZodString;
972
+ effect: z.ZodEnum<{
973
+ allow: "allow";
974
+ deny: "deny";
975
+ }>;
976
+ accessScopeId: z.ZodString;
977
+ resourceType: z.ZodOptional<z.ZodString>;
978
+ resourceId: z.ZodOptional<z.ZodString>;
979
+ appliesTo: z.ZodDefault<z.ZodEnum<{
980
+ self: "self";
981
+ self_and_descendants: "self_and_descendants";
982
+ }>>;
983
+ expiresAt: z.ZodOptional<z.ZodNumber>;
984
+ updatedAt: z.ZodNumber;
985
+ }, z.core.$strict>>;
986
+ }, z.core.$strict>;
987
+ export type ProjectionScopeDelta = z.infer<typeof projectionScopeDeltaSchema>;
988
+ export declare const accessProjectionEventSchema: z.ZodObject<{
989
+ type: z.ZodLiteral<"access.projection.event">;
990
+ schemaVersion: z.ZodLiteral<3>;
991
+ eventId: z.ZodString;
992
+ sourceVersion: z.ZodNumber;
993
+ catalog: z.ZodOptional<z.ZodObject<{
994
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
995
+ entityType: z.ZodLiteral<"role">;
996
+ roleId: z.ZodString;
997
+ operation: z.ZodEnum<{
998
+ upsert: "upsert";
999
+ delete: "delete";
1000
+ }>;
1001
+ }, z.core.$strict>, z.ZodObject<{
1002
+ entityType: z.ZodLiteral<"permission">;
1003
+ permissionId: z.ZodString;
1004
+ operation: z.ZodEnum<{
1005
+ upsert: "upsert";
1006
+ delete: "delete";
1007
+ }>;
1008
+ }, z.core.$strict>, z.ZodObject<{
1009
+ entityType: z.ZodLiteral<"role_permission">;
1010
+ roleId: z.ZodString;
1011
+ permissionId: z.ZodString;
1012
+ operation: z.ZodEnum<{
1013
+ upsert: "upsert";
1014
+ delete: "delete";
1015
+ }>;
1016
+ }, z.core.$strict>], "entityType">>;
1017
+ roles: z.ZodArray<z.ZodObject<{
1018
+ roleId: z.ZodString;
1019
+ key: z.ZodString;
1020
+ source: z.ZodEnum<{
1021
+ system: "system";
1022
+ iam: "iam";
1023
+ }>;
1024
+ name: z.ZodString;
1025
+ baseWildcard: z.ZodEnum<{
1026
+ none: "none";
1027
+ immutable: "immutable";
1028
+ default: "default";
1029
+ }>;
1030
+ updatedAt: z.ZodNumber;
1031
+ }, z.core.$strict>>;
1032
+ permissions: z.ZodArray<z.ZodObject<{
1033
+ permissionId: z.ZodString;
1034
+ key: z.ZodString;
1035
+ resourceType: z.ZodString;
1036
+ action: z.ZodString;
1037
+ classification: z.ZodEnum<{
1038
+ delegable: "delegable";
1039
+ owner_only: "owner_only";
1040
+ }>;
1041
+ tenantAssignable: z.ZodBoolean;
1042
+ updatedAt: z.ZodNumber;
1043
+ }, z.core.$strict>>;
1044
+ rolePermissions: z.ZodArray<z.ZodObject<{
1045
+ roleId: z.ZodString;
1046
+ permissionId: z.ZodString;
1047
+ effect: z.ZodEnum<{
1048
+ allow: "allow";
1049
+ deny: "deny";
1050
+ }>;
1051
+ updatedAt: z.ZodNumber;
1052
+ }, z.core.$strict>>;
1053
+ }, z.core.$strict>>;
1054
+ users: z.ZodOptional<z.ZodObject<{
1055
+ changes: z.ZodArray<z.ZodObject<{
1056
+ entityType: z.ZodLiteral<"user">;
1057
+ herculesAuthUserId: z.ZodString;
1058
+ operation: z.ZodEnum<{
1059
+ upsert: "upsert";
1060
+ delete: "delete";
1061
+ }>;
1062
+ }, z.core.$strict>>;
1063
+ users: z.ZodArray<z.ZodObject<{
1064
+ herculesAuthUserId: z.ZodString;
1065
+ name: z.ZodString;
1066
+ email: z.ZodString;
1067
+ emailVerified: z.ZodBoolean;
1068
+ image: z.ZodOptional<z.ZodString>;
1069
+ phone: z.ZodOptional<z.ZodString>;
1070
+ phoneVerified: z.ZodBoolean;
1071
+ updatedAt: z.ZodNumber;
1072
+ }, z.core.$strict>>;
1073
+ }, z.core.$strict>>;
1074
+ scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
1075
+ accessScopeId: z.ZodString;
1076
+ scope: z.ZodOptional<z.ZodObject<{
1077
+ accessScopeId: z.ZodString;
1078
+ name: z.ZodString;
1079
+ kind: z.ZodEnum<{
1080
+ default: "default";
1081
+ org: "org";
1082
+ suite: "suite";
1083
+ }>;
1084
+ status: z.ZodEnum<{
1085
+ active: "active";
1086
+ disabled: "disabled";
1087
+ }>;
1088
+ accountEntryMode: z.ZodEnum<{
1089
+ open: "open";
1090
+ allowlisted_only: "allowlisted_only";
1091
+ invite_only: "invite_only";
1092
+ approval_required: "approval_required";
1093
+ }>;
1094
+ defaultRoleId: z.ZodString;
1095
+ updatedAt: z.ZodNumber;
1096
+ }, z.core.$strict>>;
1097
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
1098
+ entityType: z.ZodLiteral<"scope">;
1099
+ accessScopeId: z.ZodString;
1100
+ operation: z.ZodEnum<{
1101
+ upsert: "upsert";
1102
+ delete: "delete";
1103
+ }>;
1104
+ }, z.core.$strict>, z.ZodObject<{
1105
+ entityType: z.ZodLiteral<"principal">;
1106
+ principalId: z.ZodString;
1107
+ operation: z.ZodEnum<{
1108
+ upsert: "upsert";
1109
+ delete: "delete";
1110
+ }>;
1111
+ }, z.core.$strict>, z.ZodObject<{
1112
+ entityType: z.ZodLiteral<"principal_membership">;
1113
+ groupPrincipalId: z.ZodString;
1114
+ memberPrincipalId: z.ZodString;
1115
+ operation: z.ZodEnum<{
1116
+ upsert: "upsert";
1117
+ delete: "delete";
1118
+ }>;
1119
+ }, z.core.$strict>, z.ZodObject<{
1120
+ entityType: z.ZodLiteral<"role">;
1121
+ roleId: z.ZodString;
1122
+ operation: z.ZodEnum<{
1123
+ upsert: "upsert";
1124
+ delete: "delete";
1125
+ }>;
1126
+ }, z.core.$strict>, z.ZodObject<{
1127
+ entityType: z.ZodLiteral<"role_permission_override">;
1128
+ accessScopeId: z.ZodString;
1129
+ roleId: z.ZodString;
1130
+ permissionId: z.ZodString;
1131
+ operation: z.ZodEnum<{
1132
+ upsert: "upsert";
1133
+ delete: "delete";
1134
+ }>;
1135
+ }, z.core.$strict>, z.ZodObject<{
1136
+ entityType: z.ZodLiteral<"role_binding">;
1137
+ bindingId: z.ZodString;
1138
+ operation: z.ZodEnum<{
1139
+ upsert: "upsert";
1140
+ delete: "delete";
1141
+ }>;
1142
+ }, z.core.$strict>, z.ZodObject<{
1143
+ entityType: z.ZodLiteral<"permission_binding">;
1144
+ bindingId: z.ZodString;
1145
+ operation: z.ZodEnum<{
1146
+ upsert: "upsert";
1147
+ delete: "delete";
1148
+ }>;
1149
+ }, z.core.$strict>], "entityType">>;
1150
+ principals: z.ZodArray<z.ZodObject<{
1151
+ principalId: z.ZodString;
1152
+ type: z.ZodEnum<{
1153
+ user: "user";
1154
+ group: "group";
1155
+ }>;
1156
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
1157
+ name: z.ZodOptional<z.ZodString>;
1158
+ status: z.ZodEnum<{
1159
+ active: "active";
1160
+ blocked: "blocked";
1161
+ suspended: "suspended";
1162
+ pending_approval: "pending_approval";
1163
+ removed: "removed";
1164
+ }>;
1165
+ joinedAt: z.ZodNumber;
1166
+ updatedAt: z.ZodNumber;
1167
+ }, z.core.$strict>>;
1168
+ principalMemberships: z.ZodArray<z.ZodObject<{
1169
+ groupPrincipalId: z.ZodString;
1170
+ memberPrincipalId: z.ZodString;
1171
+ updatedAt: z.ZodNumber;
1172
+ }, z.core.$strict>>;
1173
+ roles: z.ZodArray<z.ZodObject<{
1174
+ roleId: z.ZodString;
1175
+ accessScopeId: z.ZodString;
1176
+ key: z.ZodString;
1177
+ source: z.ZodLiteral<"tenant">;
1178
+ name: z.ZodString;
1179
+ baseWildcard: z.ZodLiteral<"none">;
1180
+ updatedAt: z.ZodNumber;
1181
+ }, z.core.$strict>>;
1182
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
1183
+ accessScopeId: z.ZodString;
1184
+ roleId: z.ZodString;
1185
+ permissionId: z.ZodString;
1186
+ effect: z.ZodEnum<{
1187
+ allow: "allow";
1188
+ deny: "deny";
1189
+ }>;
1190
+ updatedAt: z.ZodNumber;
1191
+ }, z.core.$strict>>;
1192
+ roleBindings: z.ZodArray<z.ZodObject<{
1193
+ bindingId: z.ZodString;
1194
+ subjectPrincipalId: z.ZodString;
1195
+ roleId: z.ZodString;
1196
+ accessScopeId: z.ZodString;
1197
+ resourceType: z.ZodOptional<z.ZodString>;
1198
+ resourceId: z.ZodOptional<z.ZodString>;
1199
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1200
+ self: "self";
1201
+ self_and_descendants: "self_and_descendants";
1202
+ }>>;
1203
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1204
+ updatedAt: z.ZodNumber;
1205
+ }, z.core.$strict>>;
1206
+ permissionBindings: z.ZodArray<z.ZodObject<{
1207
+ bindingId: z.ZodString;
1208
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
1209
+ subjectRoleId: z.ZodOptional<z.ZodString>;
1210
+ permissionId: z.ZodString;
1211
+ effect: z.ZodEnum<{
1212
+ allow: "allow";
1213
+ deny: "deny";
1214
+ }>;
1215
+ accessScopeId: z.ZodString;
1216
+ resourceType: z.ZodOptional<z.ZodString>;
1217
+ resourceId: z.ZodOptional<z.ZodString>;
1218
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1219
+ self: "self";
1220
+ self_and_descendants: "self_and_descendants";
1221
+ }>>;
1222
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1223
+ updatedAt: z.ZodNumber;
1224
+ }, z.core.$strict>>;
1225
+ }, z.core.$strict>>>;
1226
+ }, z.core.$strict>;
1227
+ export type AccessProjectionEvent = z.infer<typeof accessProjectionEventSchema>;
1228
+ export declare const accessProjectionSyncPayloadSchema: z.ZodUnion<readonly [z.ZodObject<{
1229
+ type: z.ZodLiteral<"access.projection.snapshot">;
1230
+ schemaVersion: z.ZodLiteral<3>;
1231
+ eventId: z.ZodString;
1232
+ mode: z.ZodEnum<{
1233
+ initialize: "initialize";
1234
+ reset: "reset";
1235
+ }>;
1236
+ sourceVersion: z.ZodNumber;
1237
+ expectedIssuer: z.ZodString;
1238
+ catalog: z.ZodObject<{
1239
+ roles: z.ZodArray<z.ZodObject<{
1240
+ roleId: z.ZodString;
1241
+ key: z.ZodString;
1242
+ source: z.ZodEnum<{
1243
+ system: "system";
1244
+ iam: "iam";
1245
+ }>;
1246
+ name: z.ZodString;
1247
+ baseWildcard: z.ZodEnum<{
1248
+ none: "none";
1249
+ immutable: "immutable";
1250
+ default: "default";
1251
+ }>;
1252
+ updatedAt: z.ZodNumber;
1253
+ }, z.core.$strict>>;
1254
+ permissions: z.ZodArray<z.ZodObject<{
1255
+ permissionId: z.ZodString;
1256
+ key: z.ZodString;
1257
+ resourceType: z.ZodString;
1258
+ action: z.ZodString;
1259
+ classification: z.ZodEnum<{
1260
+ delegable: "delegable";
1261
+ owner_only: "owner_only";
1262
+ }>;
1263
+ tenantAssignable: z.ZodBoolean;
1264
+ updatedAt: z.ZodNumber;
1265
+ }, z.core.$strict>>;
1266
+ rolePermissions: z.ZodArray<z.ZodObject<{
1267
+ roleId: z.ZodString;
1268
+ permissionId: z.ZodString;
1269
+ effect: z.ZodEnum<{
1270
+ allow: "allow";
1271
+ deny: "deny";
1272
+ }>;
1273
+ updatedAt: z.ZodNumber;
1274
+ }, z.core.$strict>>;
1275
+ }, z.core.$strict>;
1276
+ users: z.ZodArray<z.ZodObject<{
1277
+ herculesAuthUserId: z.ZodString;
1278
+ name: z.ZodString;
1279
+ email: z.ZodString;
1280
+ emailVerified: z.ZodBoolean;
1281
+ image: z.ZodOptional<z.ZodString>;
1282
+ phone: z.ZodOptional<z.ZodString>;
1283
+ phoneVerified: z.ZodBoolean;
1284
+ updatedAt: z.ZodNumber;
1285
+ }, z.core.$strict>>;
1286
+ scopes: z.ZodArray<z.ZodObject<{
1287
+ scope: z.ZodObject<{
1288
+ accessScopeId: z.ZodString;
1289
+ name: z.ZodString;
1290
+ kind: z.ZodEnum<{
1291
+ default: "default";
1292
+ org: "org";
1293
+ suite: "suite";
1294
+ }>;
1295
+ status: z.ZodEnum<{
1296
+ active: "active";
1297
+ disabled: "disabled";
1298
+ }>;
1299
+ accountEntryMode: z.ZodEnum<{
1300
+ open: "open";
1301
+ allowlisted_only: "allowlisted_only";
1302
+ invite_only: "invite_only";
1303
+ approval_required: "approval_required";
1304
+ }>;
1305
+ defaultRoleId: z.ZodString;
1306
+ updatedAt: z.ZodNumber;
1307
+ }, z.core.$strict>;
1308
+ principals: z.ZodArray<z.ZodObject<{
1309
+ principalId: z.ZodString;
1310
+ type: z.ZodEnum<{
1311
+ user: "user";
1312
+ group: "group";
1313
+ }>;
1314
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
1315
+ name: z.ZodOptional<z.ZodString>;
1316
+ status: z.ZodEnum<{
1317
+ active: "active";
1318
+ blocked: "blocked";
1319
+ suspended: "suspended";
1320
+ pending_approval: "pending_approval";
1321
+ removed: "removed";
1322
+ }>;
1323
+ joinedAt: z.ZodNumber;
1324
+ updatedAt: z.ZodNumber;
1325
+ }, z.core.$strict>>;
1326
+ principalMemberships: z.ZodArray<z.ZodObject<{
1327
+ groupPrincipalId: z.ZodString;
1328
+ memberPrincipalId: z.ZodString;
1329
+ updatedAt: z.ZodNumber;
1330
+ }, z.core.$strict>>;
1331
+ roles: z.ZodArray<z.ZodObject<{
1332
+ roleId: z.ZodString;
1333
+ accessScopeId: z.ZodString;
1334
+ key: z.ZodString;
1335
+ source: z.ZodLiteral<"tenant">;
1336
+ name: z.ZodString;
1337
+ baseWildcard: z.ZodLiteral<"none">;
1338
+ updatedAt: z.ZodNumber;
1339
+ }, z.core.$strict>>;
1340
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
1341
+ accessScopeId: z.ZodString;
1342
+ roleId: z.ZodString;
1343
+ permissionId: z.ZodString;
1344
+ effect: z.ZodEnum<{
1345
+ allow: "allow";
1346
+ deny: "deny";
1347
+ }>;
1348
+ updatedAt: z.ZodNumber;
1349
+ }, z.core.$strict>>;
1350
+ roleBindings: z.ZodArray<z.ZodObject<{
1351
+ bindingId: z.ZodString;
1352
+ subjectPrincipalId: z.ZodString;
1353
+ roleId: z.ZodString;
1354
+ accessScopeId: z.ZodString;
1355
+ resourceType: z.ZodOptional<z.ZodString>;
1356
+ resourceId: z.ZodOptional<z.ZodString>;
1357
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1358
+ self: "self";
1359
+ self_and_descendants: "self_and_descendants";
1360
+ }>>;
1361
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1362
+ updatedAt: z.ZodNumber;
1363
+ }, z.core.$strict>>;
1364
+ permissionBindings: z.ZodArray<z.ZodObject<{
1365
+ bindingId: z.ZodString;
1366
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
1367
+ subjectRoleId: z.ZodOptional<z.ZodString>;
1368
+ permissionId: z.ZodString;
1369
+ effect: z.ZodEnum<{
1370
+ allow: "allow";
1371
+ deny: "deny";
1372
+ }>;
1373
+ accessScopeId: z.ZodString;
1374
+ resourceType: z.ZodOptional<z.ZodString>;
1375
+ resourceId: z.ZodOptional<z.ZodString>;
1376
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1377
+ self: "self";
1378
+ self_and_descendants: "self_and_descendants";
1379
+ }>>;
1380
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1381
+ updatedAt: z.ZodNumber;
1382
+ }, z.core.$strict>>;
1383
+ }, z.core.$strict>>;
1384
+ }, z.core.$strict>, z.ZodObject<{
1385
+ type: z.ZodLiteral<"access.projection.event">;
1386
+ schemaVersion: z.ZodLiteral<3>;
1387
+ eventId: z.ZodString;
1388
+ sourceVersion: z.ZodNumber;
1389
+ catalog: z.ZodOptional<z.ZodObject<{
1390
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
1391
+ entityType: z.ZodLiteral<"role">;
1392
+ roleId: z.ZodString;
1393
+ operation: z.ZodEnum<{
1394
+ upsert: "upsert";
1395
+ delete: "delete";
1396
+ }>;
1397
+ }, z.core.$strict>, z.ZodObject<{
1398
+ entityType: z.ZodLiteral<"permission">;
1399
+ permissionId: z.ZodString;
1400
+ operation: z.ZodEnum<{
1401
+ upsert: "upsert";
1402
+ delete: "delete";
1403
+ }>;
1404
+ }, z.core.$strict>, z.ZodObject<{
1405
+ entityType: z.ZodLiteral<"role_permission">;
1406
+ roleId: z.ZodString;
1407
+ permissionId: z.ZodString;
1408
+ operation: z.ZodEnum<{
1409
+ upsert: "upsert";
1410
+ delete: "delete";
1411
+ }>;
1412
+ }, z.core.$strict>], "entityType">>;
1413
+ roles: z.ZodArray<z.ZodObject<{
1414
+ roleId: z.ZodString;
1415
+ key: z.ZodString;
1416
+ source: z.ZodEnum<{
1417
+ system: "system";
1418
+ iam: "iam";
1419
+ }>;
1420
+ name: z.ZodString;
1421
+ baseWildcard: z.ZodEnum<{
1422
+ none: "none";
1423
+ immutable: "immutable";
1424
+ default: "default";
1425
+ }>;
1426
+ updatedAt: z.ZodNumber;
1427
+ }, z.core.$strict>>;
1428
+ permissions: z.ZodArray<z.ZodObject<{
1429
+ permissionId: z.ZodString;
1430
+ key: z.ZodString;
1431
+ resourceType: z.ZodString;
1432
+ action: z.ZodString;
1433
+ classification: z.ZodEnum<{
1434
+ delegable: "delegable";
1435
+ owner_only: "owner_only";
1436
+ }>;
1437
+ tenantAssignable: z.ZodBoolean;
1438
+ updatedAt: z.ZodNumber;
1439
+ }, z.core.$strict>>;
1440
+ rolePermissions: z.ZodArray<z.ZodObject<{
1441
+ roleId: z.ZodString;
1442
+ permissionId: z.ZodString;
1443
+ effect: z.ZodEnum<{
1444
+ allow: "allow";
1445
+ deny: "deny";
1446
+ }>;
1447
+ updatedAt: z.ZodNumber;
1448
+ }, z.core.$strict>>;
1449
+ }, z.core.$strict>>;
1450
+ users: z.ZodOptional<z.ZodObject<{
1451
+ changes: z.ZodArray<z.ZodObject<{
1452
+ entityType: z.ZodLiteral<"user">;
1453
+ herculesAuthUserId: z.ZodString;
1454
+ operation: z.ZodEnum<{
1455
+ upsert: "upsert";
1456
+ delete: "delete";
1457
+ }>;
1458
+ }, z.core.$strict>>;
1459
+ users: z.ZodArray<z.ZodObject<{
1460
+ herculesAuthUserId: z.ZodString;
1461
+ name: z.ZodString;
1462
+ email: z.ZodString;
1463
+ emailVerified: z.ZodBoolean;
1464
+ image: z.ZodOptional<z.ZodString>;
1465
+ phone: z.ZodOptional<z.ZodString>;
1466
+ phoneVerified: z.ZodBoolean;
1467
+ updatedAt: z.ZodNumber;
1468
+ }, z.core.$strict>>;
1469
+ }, z.core.$strict>>;
1470
+ scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
1471
+ accessScopeId: z.ZodString;
1472
+ scope: z.ZodOptional<z.ZodObject<{
1473
+ accessScopeId: z.ZodString;
1474
+ name: z.ZodString;
1475
+ kind: z.ZodEnum<{
1476
+ default: "default";
1477
+ org: "org";
1478
+ suite: "suite";
1479
+ }>;
1480
+ status: z.ZodEnum<{
1481
+ active: "active";
1482
+ disabled: "disabled";
1483
+ }>;
1484
+ accountEntryMode: z.ZodEnum<{
1485
+ open: "open";
1486
+ allowlisted_only: "allowlisted_only";
1487
+ invite_only: "invite_only";
1488
+ approval_required: "approval_required";
1489
+ }>;
1490
+ defaultRoleId: z.ZodString;
1491
+ updatedAt: z.ZodNumber;
1492
+ }, z.core.$strict>>;
1493
+ changes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
1494
+ entityType: z.ZodLiteral<"scope">;
1495
+ accessScopeId: z.ZodString;
1496
+ operation: z.ZodEnum<{
1497
+ upsert: "upsert";
1498
+ delete: "delete";
1499
+ }>;
1500
+ }, z.core.$strict>, z.ZodObject<{
1501
+ entityType: z.ZodLiteral<"principal">;
1502
+ principalId: z.ZodString;
1503
+ operation: z.ZodEnum<{
1504
+ upsert: "upsert";
1505
+ delete: "delete";
1506
+ }>;
1507
+ }, z.core.$strict>, z.ZodObject<{
1508
+ entityType: z.ZodLiteral<"principal_membership">;
1509
+ groupPrincipalId: z.ZodString;
1510
+ memberPrincipalId: z.ZodString;
1511
+ operation: z.ZodEnum<{
1512
+ upsert: "upsert";
1513
+ delete: "delete";
1514
+ }>;
1515
+ }, z.core.$strict>, z.ZodObject<{
1516
+ entityType: z.ZodLiteral<"role">;
1517
+ roleId: z.ZodString;
1518
+ operation: z.ZodEnum<{
1519
+ upsert: "upsert";
1520
+ delete: "delete";
1521
+ }>;
1522
+ }, z.core.$strict>, z.ZodObject<{
1523
+ entityType: z.ZodLiteral<"role_permission_override">;
1524
+ accessScopeId: z.ZodString;
1525
+ roleId: z.ZodString;
1526
+ permissionId: z.ZodString;
1527
+ operation: z.ZodEnum<{
1528
+ upsert: "upsert";
1529
+ delete: "delete";
1530
+ }>;
1531
+ }, z.core.$strict>, z.ZodObject<{
1532
+ entityType: z.ZodLiteral<"role_binding">;
1533
+ bindingId: z.ZodString;
1534
+ operation: z.ZodEnum<{
1535
+ upsert: "upsert";
1536
+ delete: "delete";
1537
+ }>;
1538
+ }, z.core.$strict>, z.ZodObject<{
1539
+ entityType: z.ZodLiteral<"permission_binding">;
1540
+ bindingId: z.ZodString;
1541
+ operation: z.ZodEnum<{
1542
+ upsert: "upsert";
1543
+ delete: "delete";
1544
+ }>;
1545
+ }, z.core.$strict>], "entityType">>;
1546
+ principals: z.ZodArray<z.ZodObject<{
1547
+ principalId: z.ZodString;
1548
+ type: z.ZodEnum<{
1549
+ user: "user";
1550
+ group: "group";
1551
+ }>;
1552
+ herculesAuthUserId: z.ZodOptional<z.ZodString>;
1553
+ name: z.ZodOptional<z.ZodString>;
1554
+ status: z.ZodEnum<{
1555
+ active: "active";
1556
+ blocked: "blocked";
1557
+ suspended: "suspended";
1558
+ pending_approval: "pending_approval";
1559
+ removed: "removed";
1560
+ }>;
1561
+ joinedAt: z.ZodNumber;
1562
+ updatedAt: z.ZodNumber;
1563
+ }, z.core.$strict>>;
1564
+ principalMemberships: z.ZodArray<z.ZodObject<{
1565
+ groupPrincipalId: z.ZodString;
1566
+ memberPrincipalId: z.ZodString;
1567
+ updatedAt: z.ZodNumber;
1568
+ }, z.core.$strict>>;
1569
+ roles: z.ZodArray<z.ZodObject<{
1570
+ roleId: z.ZodString;
1571
+ accessScopeId: z.ZodString;
1572
+ key: z.ZodString;
1573
+ source: z.ZodLiteral<"tenant">;
1574
+ name: z.ZodString;
1575
+ baseWildcard: z.ZodLiteral<"none">;
1576
+ updatedAt: z.ZodNumber;
1577
+ }, z.core.$strict>>;
1578
+ rolePermissionOverrides: z.ZodArray<z.ZodObject<{
1579
+ accessScopeId: z.ZodString;
1580
+ roleId: z.ZodString;
1581
+ permissionId: z.ZodString;
1582
+ effect: z.ZodEnum<{
1583
+ allow: "allow";
1584
+ deny: "deny";
1585
+ }>;
1586
+ updatedAt: z.ZodNumber;
1587
+ }, z.core.$strict>>;
1588
+ roleBindings: z.ZodArray<z.ZodObject<{
1589
+ bindingId: z.ZodString;
1590
+ subjectPrincipalId: z.ZodString;
1591
+ roleId: z.ZodString;
1592
+ accessScopeId: z.ZodString;
1593
+ resourceType: z.ZodOptional<z.ZodString>;
1594
+ resourceId: z.ZodOptional<z.ZodString>;
1595
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1596
+ self: "self";
1597
+ self_and_descendants: "self_and_descendants";
1598
+ }>>;
1599
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1600
+ updatedAt: z.ZodNumber;
1601
+ }, z.core.$strict>>;
1602
+ permissionBindings: z.ZodArray<z.ZodObject<{
1603
+ bindingId: z.ZodString;
1604
+ subjectPrincipalId: z.ZodOptional<z.ZodString>;
1605
+ subjectRoleId: z.ZodOptional<z.ZodString>;
1606
+ permissionId: z.ZodString;
1607
+ effect: z.ZodEnum<{
1608
+ allow: "allow";
1609
+ deny: "deny";
1610
+ }>;
1611
+ accessScopeId: z.ZodString;
1612
+ resourceType: z.ZodOptional<z.ZodString>;
1613
+ resourceId: z.ZodOptional<z.ZodString>;
1614
+ appliesTo: z.ZodDefault<z.ZodEnum<{
1615
+ self: "self";
1616
+ self_and_descendants: "self_and_descendants";
1617
+ }>>;
1618
+ expiresAt: z.ZodOptional<z.ZodNumber>;
1619
+ updatedAt: z.ZodNumber;
1620
+ }, z.core.$strict>>;
1621
+ }, z.core.$strict>>>;
1622
+ }, z.core.$strict>]>;
1623
+ export type AccessProjectionSyncPayload = z.infer<typeof accessProjectionSyncPayloadSchema>;
1624
+ //# sourceMappingURL=projection-protocol.d.ts.map