@vocoweb/tenant 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 VocoWeb
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,181 @@
+# @vocoweb/tenant
+
+[![npm version](https://badge.fury.io/js/%40vocoweb%2Ftenant.svg)](https://www.npmjs.com/package/@vocoweb/tenant)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+Production-ready multi-tenancy and RBAC for B2B SaaS applications.
+
+## Overview
+
+`@vocoweb/tenant` is the "Tenant Guard" module that solves the nightmare of building Teams, Invites, Roles, Permissions, and Data Isolation for B2B SaaS. It provides automatic tenant_id injection, pre-built components, and complete organization management.
+
+**Key Features:**
+- 🏢 **Organization Management** - Create and manage teams/workspaces
+- 👥 **Role-Based Access Control** - Admin, Member, Viewer roles with custom permissions
+- 📧 **Invite System** - Email-based team invitations
+- 🔒 **Data Isolation** - Automatic tenant_id injection in all queries
+- ⚛️ **Pre-built Components** - Team switcher, invite UI, settings
+
+## Installation
+
+```bash
+npm install @vocoweb/tenant
+```
+
+## Quick Start
+
+### Server-Side (API Routes)
+
+```typescript
+import { tenant } from '@vocoweb/tenant';
+
+// Create organization
+export async function POST(request: Request) {
+  const { name } = await request.json();
+  const user = await auth.requireUser(request);
+  
+  const org = await tenant.createOrganization({
+    name,
+    ownerId: user.id,
+  });
+  
+  return Response.json({ organization: org });
+}
+
+// Invite member
+export async function POST(request: Request) {
+  const { email, role, organizationId } = await request.json();
+  
+  await tenant.inviteMember({
+    organizationId,
+    email,
+    role: 'member', // or 'admin', 'viewer'
+  });
+  
+  return Response.json({ success: true });
+}
+```
+
+### Client-Side (React Components)
+
+```tsx
+import { VocoTeamSwitcher, VocoInviteMember } from '@vocoweb/tenant/react';
+
+// Navbar with team switcher
+export default function Navbar() {
+  return (
+    <nav>
+      <VocoTeamSwitcher />
+    </nav>
+  );
+}
+
+// Settings page with invite UI
+export default function TeamSettings() {
+  return (
+    <div>
+      <h1>Team Settings</h1>
+      <VocoInviteMember role="admin" />
+    </div>
+  );
+}
+```
+
+### Middleware (Automatic Tenant Injection)
+
+```typescript
+// middleware.ts
+import { createTenantMiddleware } from '@vocoweb/tenant';
+
+export const middleware = createTenantMiddleware({
+  // All database queries automatically include tenant_id
+  enforceIsolation: true,
+});
+
+export const config = {
+  matcher: ['/api/:path*', '/dashboard/:path*'],
+};
+```
+
+## API Reference
+
+### Server Methods
+
+- `createOrganization(options)` - Create new organization
+- `inviteMember(options)` - Send organization invite
+- `acceptInvite(token)` - Accept organization invite
+- `setMemberRole(options)` - Update member role
+- `removeMember(options)` - Remove member from organization
+- `getOrganizationMembers(orgId)` - List all members
+- `getUserOrganizations(userId)` - Get user's organizations
+
+### Client Methods
+
+- `switchOrganization(orgId)` - Switch active organization
+- `getCurrentOrganization()` - Get current active organization
+
+### React Components
+
+- `<VocoTeamSwitcher />` - Notion-style workspace switcher
+- `<VocoInviteMember role="admin" />` - Invite member UI
+
+## Environment Variables
+
+```bash
+# Supabase (Required)
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
+SUPABASE_SERVICE_ROLE_KEY=your_service_role_key
+
+# App Configuration
+NEXT_PUBLIC_APP_URL=https://yourapp.com
+SUPPORT_EMAIL=support@yourapp.com
+```
+
+## Database Schema
+
+The package expects the following tables:
+
+```sql
+-- Organizations
+CREATE TABLE organizations (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  name TEXT NOT NULL,
+  owner_id UUID NOT NULL REFERENCES auth.users(id),
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Organization Members
+CREATE TABLE organization_members (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE,
+  role TEXT NOT NULL CHECK (role IN ('admin', 'member', 'viewer')),
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  UNIQUE(organization_id, user_id)
+);
+
+-- Invites
+CREATE TABLE organization_invites (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  email TEXT NOT NULL,
+  role TEXT NOT NULL,
+  token TEXT UNIQUE NOT NULL,
+  expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+```
+
+## License
+
+MIT © VocoWeb
+
+## Support
+
+- Email: legal@vocoweb.in
+- Documentation: [GitHub Wiki](https://github.com/vocoweb/vocoweb-tenant/wiki)
+
+---
+
+**Built with care by [VocoWeb](https://vocoweb.in)**

package/dist/index.d.mts

@@ -0,0 +1,86 @@
+import { A as AcceptInviteOptions, O as OrganizationMember, C as CreateOrganizationOptions, a as Organization, I as InviteMemberOptions, b as OrganizationInvite, R as RemoveMemberOptions, S as SetMemberRoleOptions } from './types-BX4GZa4r.mjs';
+export { T as TenantContext, c as TenantMiddlewareOptions, U as UserRole } from './types-BX4GZa4r.mjs';
+
+/**
+ * Client-side functions for @vocoweb/tenant
+ */
+/**
+ * Switch active organization
+ */
+declare function switchOrganization(organizationId: string): Promise<void>;
+/**
+ * Get current active organization
+ */
+declare function getCurrentOrganization(): string | null;
+/**
+ * Listen to organization changes
+ */
+declare function onOrganizationChange(callback: (organizationId: string | null) => void): () => void;
+
+/**
+ * Server-side functions for @vocoweb/tenant
+ */
+
+/**
+ * Create a new organization
+ */
+declare function createOrganization(options: CreateOrganizationOptions): Promise<Organization>;
+/**
+ * Invite a member to an organization
+ */
+declare function inviteMember(options: InviteMemberOptions): Promise<OrganizationInvite>;
+/**
+ * Accept an organization invite
+ */
+declare function acceptInvite(options: AcceptInviteOptions): Promise<OrganizationMember>;
+/**
+ * Set member role
+ */
+declare function setMemberRole(options: SetMemberRoleOptions): Promise<void>;
+/**
+ * Remove member from organization
+ */
+declare function removeMember(options: RemoveMemberOptions): Promise<void>;
+/**
+ * Get organization members
+ */
+declare function getOrganizationMembers(organizationId: string): Promise<OrganizationMember[]>;
+/**
+ * Get user's organizations
+ */
+declare function getUserOrganizations(userId: string): Promise<Organization[]>;
+
+/**
+ * @vocoweb/tenant
+ * Production-ready multi-tenancy and RBAC for B2B SaaS
+ */
+
+/**
+ * Main tenant API
+ *
+ * @example
+ * import { tenant } from '@vocoweb/tenant';
+ *
+ * // Server-side
+ * const org = await tenant.createOrganization({ name: 'Acme Inc', ownerId: userId });
+ * await tenant.inviteMember({ organizationId, email, role: 'member' });
+ *
+ * // Client-side
+ * await tenant.switchOrganization(orgId);
+ */
+declare const tenant: {
+    switchOrganization: typeof switchOrganization;
+    getCurrentOrganization: typeof getCurrentOrganization;
+    onOrganizationChange: typeof onOrganizationChange;
+    createOrganization: typeof createOrganization;
+    inviteMember: typeof inviteMember;
+    acceptInvite: typeof acceptInvite;
+    setMemberRole: typeof setMemberRole;
+    removeMember: typeof removeMember;
+    getOrganizationMembers: typeof getOrganizationMembers;
+    getUserOrganizations: typeof getUserOrganizations;
+};
+
+declare const VERSION = "1.0.0";
+
+export { AcceptInviteOptions, CreateOrganizationOptions, InviteMemberOptions, Organization, OrganizationInvite, OrganizationMember, RemoveMemberOptions, SetMemberRoleOptions, VERSION, acceptInvite, createOrganization, getCurrentOrganization, getOrganizationMembers, getUserOrganizations, inviteMember, onOrganizationChange, removeMember, setMemberRole, switchOrganization, tenant };

package/dist/index.d.ts

@@ -0,0 +1,86 @@
+import { A as AcceptInviteOptions, O as OrganizationMember, C as CreateOrganizationOptions, a as Organization, I as InviteMemberOptions, b as OrganizationInvite, R as RemoveMemberOptions, S as SetMemberRoleOptions } from './types-BX4GZa4r.js';
+export { T as TenantContext, c as TenantMiddlewareOptions, U as UserRole } from './types-BX4GZa4r.js';
+
+/**
+ * Client-side functions for @vocoweb/tenant
+ */
+/**
+ * Switch active organization
+ */
+declare function switchOrganization(organizationId: string): Promise<void>;
+/**
+ * Get current active organization
+ */
+declare function getCurrentOrganization(): string | null;
+/**
+ * Listen to organization changes
+ */
+declare function onOrganizationChange(callback: (organizationId: string | null) => void): () => void;
+
+/**
+ * Server-side functions for @vocoweb/tenant
+ */
+
+/**
+ * Create a new organization
+ */
+declare function createOrganization(options: CreateOrganizationOptions): Promise<Organization>;
+/**
+ * Invite a member to an organization
+ */
+declare function inviteMember(options: InviteMemberOptions): Promise<OrganizationInvite>;
+/**
+ * Accept an organization invite
+ */
+declare function acceptInvite(options: AcceptInviteOptions): Promise<OrganizationMember>;
+/**
+ * Set member role
+ */
+declare function setMemberRole(options: SetMemberRoleOptions): Promise<void>;
+/**
+ * Remove member from organization
+ */
+declare function removeMember(options: RemoveMemberOptions): Promise<void>;
+/**
+ * Get organization members
+ */
+declare function getOrganizationMembers(organizationId: string): Promise<OrganizationMember[]>;
+/**
+ * Get user's organizations
+ */
+declare function getUserOrganizations(userId: string): Promise<Organization[]>;
+
+/**
+ * @vocoweb/tenant
+ * Production-ready multi-tenancy and RBAC for B2B SaaS
+ */
+
+/**
+ * Main tenant API
+ *
+ * @example
+ * import { tenant } from '@vocoweb/tenant';
+ *
+ * // Server-side
+ * const org = await tenant.createOrganization({ name: 'Acme Inc', ownerId: userId });
+ * await tenant.inviteMember({ organizationId, email, role: 'member' });
+ *
+ * // Client-side
+ * await tenant.switchOrganization(orgId);
+ */
+declare const tenant: {
+    switchOrganization: typeof switchOrganization;
+    getCurrentOrganization: typeof getCurrentOrganization;
+    onOrganizationChange: typeof onOrganizationChange;
+    createOrganization: typeof createOrganization;
+    inviteMember: typeof inviteMember;
+    acceptInvite: typeof acceptInvite;
+    setMemberRole: typeof setMemberRole;
+    removeMember: typeof removeMember;
+    getOrganizationMembers: typeof getOrganizationMembers;
+    getUserOrganizations: typeof getUserOrganizations;
+};
+
+declare const VERSION = "1.0.0";
+
+export { AcceptInviteOptions, CreateOrganizationOptions, InviteMemberOptions, Organization, OrganizationInvite, OrganizationMember, RemoveMemberOptions, SetMemberRoleOptions, VERSION, acceptInvite, createOrganization, getCurrentOrganization, getOrganizationMembers, getUserOrganizations, inviteMember, onOrganizationChange, removeMember, setMemberRole, switchOrganization, tenant };

package/dist/index.js

@@ -0,0 +1,192 @@
+'use strict';
+
+var supabaseJs = require('@supabase/supabase-js');
+
+// src/client.ts
+var CURRENT_ORG_KEY = "voco_current_organization";
+async function switchOrganization(organizationId) {
+  if (typeof window === "undefined") {
+    throw new Error("switchOrganization can only be called client-side");
+  }
+  localStorage.setItem(CURRENT_ORG_KEY, organizationId);
+  window.dispatchEvent(
+    new StorageEvent("storage", {
+      key: CURRENT_ORG_KEY,
+      newValue: organizationId
+    })
+  );
+}
+function getCurrentOrganization() {
+  if (typeof window === "undefined") {
+    return null;
+  }
+  return localStorage.getItem(CURRENT_ORG_KEY);
+}
+function onOrganizationChange(callback) {
+  if (typeof window === "undefined") {
+    return () => {
+    };
+  }
+  const handler = (e) => {
+    if (e.key === CURRENT_ORG_KEY) {
+      callback(e.newValue);
+    }
+  };
+  window.addEventListener("storage", handler);
+  return () => {
+    window.removeEventListener("storage", handler);
+  };
+}
+var getSupabaseClient = () => {
+  const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+  const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
+  if (!supabaseUrl || !supabaseKey) {
+    throw new Error("Supabase credentials not configured");
+  }
+  return supabaseJs.createClient(supabaseUrl, supabaseKey);
+};
+async function createOrganization(options) {
+  const supabase = getSupabaseClient();
+  const { data, error } = await supabase.from("organizations").insert({
+    name: options.name,
+    owner_id: options.ownerId
+  }).select().single();
+  if (error) {
+    throw new Error(`Failed to create organization: ${error.message}`);
+  }
+  await supabase.from("organization_members").insert({
+    organization_id: data.id,
+    user_id: options.ownerId,
+    role: "owner"
+  });
+  return {
+    id: data.id,
+    name: data.name,
+    ownerId: data.owner_id,
+    createdAt: new Date(data.created_at)
+  };
+}
+async function inviteMember(options) {
+  const supabase = getSupabaseClient();
+  const token = crypto.randomUUID();
+  const expiresAt = /* @__PURE__ */ new Date();
+  expiresAt.setDate(expiresAt.getDate() + 7);
+  const { data, error } = await supabase.from("organization_invites").insert({
+    organization_id: options.organizationId,
+    email: options.email,
+    role: options.role,
+    token,
+    expires_at: expiresAt.toISOString()
+  }).select().single();
+  if (error) {
+    throw new Error(`Failed to create invite: ${error.message}`);
+  }
+  return {
+    id: data.id,
+    organizationId: data.organization_id,
+    email: data.email,
+    role: data.role,
+    token: data.token,
+    expiresAt: new Date(data.expires_at),
+    createdAt: new Date(data.created_at)
+  };
+}
+async function acceptInvite(options) {
+  const supabase = getSupabaseClient();
+  const { data: invite, error: inviteError } = await supabase.from("organization_invites").select("*").eq("token", options.token).single();
+  if (inviteError || !invite) {
+    throw new Error("Invalid or expired invite");
+  }
+  if (new Date(invite.expires_at) < /* @__PURE__ */ new Date()) {
+    throw new Error("Invite has expired");
+  }
+  const { data, error } = await supabase.from("organization_members").insert({
+    organization_id: invite.organization_id,
+    user_id: options.userId,
+    role: invite.role
+  }).select().single();
+  if (error) {
+    throw new Error(`Failed to add member: ${error.message}`);
+  }
+  await supabase.from("organization_invites").delete().eq("id", invite.id);
+  return {
+    id: data.id,
+    organizationId: data.organization_id,
+    userId: data.user_id,
+    role: data.role,
+    createdAt: new Date(data.created_at)
+  };
+}
+async function setMemberRole(options) {
+  const supabase = getSupabaseClient();
+  const { error } = await supabase.from("organization_members").update({ role: options.role }).eq("organization_id", options.organizationId).eq("user_id", options.userId);
+  if (error) {
+    throw new Error(`Failed to update role: ${error.message}`);
+  }
+}
+async function removeMember(options) {
+  const supabase = getSupabaseClient();
+  const { error } = await supabase.from("organization_members").delete().eq("organization_id", options.organizationId).eq("user_id", options.userId);
+  if (error) {
+    throw new Error(`Failed to remove member: ${error.message}`);
+  }
+}
+async function getOrganizationMembers(organizationId) {
+  const supabase = getSupabaseClient();
+  const { data, error } = await supabase.from("organization_members").select("*").eq("organization_id", organizationId);
+  if (error) {
+    throw new Error(`Failed to get members: ${error.message}`);
+  }
+  return data.map((row) => ({
+    id: row.id,
+    organizationId: row.organization_id,
+    userId: row.user_id,
+    role: row.role,
+    createdAt: new Date(row.created_at)
+  }));
+}
+async function getUserOrganizations(userId) {
+  const supabase = getSupabaseClient();
+  const { data, error } = await supabase.from("organization_members").select("organizations(*)").eq("user_id", userId);
+  if (error) {
+    throw new Error(`Failed to get organizations: ${error.message}`);
+  }
+  return data.map((row) => ({
+    id: row.organizations.id,
+    name: row.organizations.name,
+    ownerId: row.organizations.owner_id,
+    createdAt: new Date(row.organizations.created_at)
+  }));
+}
+
+// src/index.ts
+var tenant = {
+  // Client methods
+  switchOrganization,
+  getCurrentOrganization,
+  onOrganizationChange,
+  // Server methods
+  createOrganization,
+  inviteMember,
+  acceptInvite,
+  setMemberRole,
+  removeMember,
+  getOrganizationMembers,
+  getUserOrganizations
+};
+var VERSION = "1.0.0";
+
+exports.VERSION = VERSION;
+exports.acceptInvite = acceptInvite;
+exports.createOrganization = createOrganization;
+exports.getCurrentOrganization = getCurrentOrganization;
+exports.getOrganizationMembers = getOrganizationMembers;
+exports.getUserOrganizations = getUserOrganizations;
+exports.inviteMember = inviteMember;
+exports.onOrganizationChange = onOrganizationChange;
+exports.removeMember = removeMember;
+exports.setMemberRole = setMemberRole;
+exports.switchOrganization = switchOrganization;
+exports.tenant = tenant;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/client.ts","../src/server.ts","../src/index.ts"],"names":["createClient"],"mappings":";;;;;AAMA,IAAM,eAAA,GAAkB,2BAAA;AAKxB,eAAsB,mBAAmB,cAAA,EAAuC;AAC5E,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACvE;AAEA,EAAA,YAAA,CAAa,OAAA,CAAQ,iBAAiB,cAAc,CAAA;AAGpD,EAAA,MAAA,CAAO,aAAA;AAAA,IACH,IAAI,aAAa,SAAA,EAAW;AAAA,MACxB,GAAA,EAAK,eAAA;AAAA,MACL,QAAA,EAAU;AAAA,KACb;AAAA,GACL;AACJ;AAKO,SAAS,sBAAA,GAAwC;AACpD,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,OAAO,YAAA,CAAa,QAAQ,eAAe,CAAA;AAC/C;AAKO,SAAS,qBACZ,QAAA,EACU;AACV,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,OAAO,MAAM;AAAA,IAAE,CAAA;AAAA,EACnB;AAEA,EAAA,MAAM,OAAA,GAAU,CAAC,CAAA,KAAoB;AACjC,IAAA,IAAI,CAAA,CAAE,QAAQ,eAAA,EAAiB;AAC3B,MAAA,QAAA,CAAS,EAAE,QAAQ,CAAA;AAAA,IACvB;AAAA,EACJ,CAAA;AAEA,EAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,OAAO,CAAA;AAE1C,EAAA,OAAO,MAAM;AACT,IAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,OAAO,CAAA;AAAA,EACjD,CAAA;AACJ;AC3CA,IAAM,oBAAoB,MAAM;AAC5B,EAAA,MAAM,WAAA,GAAc,QAAQ,GAAA,CAAI,wBAAA;AAChC,EAAA,MAAM,WAAA,GAAc,QAAQ,GAAA,CAAI,yBAAA;AAEhC,EAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,EAAa;AAC9B,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACzD;AAEA,EAAA,OAAOA,uBAAA,CAAa,aAAa,WAAW,CAAA;AAChD,CAAA;AAKA,eAAsB,mBAClB,OAAA,EACqB;AACrB,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAEnC,EAAA,MAAM,EAAE,MAAM,KAAA,EAAM,GAAI,MAAM,QAAA,CACzB,IAAA,CAAK,eAAe,CAAA,CACpB,MAAA,CAAO;AAAA,IACJ,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACrB,CAAA,CACA,MAAA,EAAO,CACP,MAAA,EAAO;AAEZ,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+BAAA,EAAkC,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACrE;AAGA,EAAA,MAAM,QAAA,CAAS,IAAA,CAAK,sBAAsB,CAAA,CAAE,MAAA,CAAO;AAAA,IAC/C,iBAAiB,IAAA,CAAK,EAAA;AAAA,IACtB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,IAAA,EAAM;AAAA,GACT,CAAA;AAED,EAAA,OAAO;AAAA,IACH,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,SAAS,IAAA,CAAK,QAAA;AAAA,IACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,UAAU;AAAA,GACvC;AACJ;AAKA,eAAsB,aAClB,OAAA,EAC2B;AAC3B,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAGnC,EAAA,MAAM,KAAA,GAAQ,OAAO,UAAA,EAAW;AAChC,EAAA,MAAM,SAAA,uBAAgB,IAAA,EAAK;AAC3B,EAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,CAAC,CAAA;AAEzC,EAAA,MAAM,EAAE,MAAM,KAAA,EAAM,GAAI,MAAM,QAAA,CACzB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO;AAAA,IACJ,iBAAiB,OAAA,CAAQ,cAAA;AAAA,IACzB,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,KAAA;AAAA,IACA,UAAA,EAAY,UAAU,WAAA;AAAY,GACrC,CAAA,CACA,MAAA,EAAO,CACP,MAAA,EAAO;AAEZ,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EAC/D;AASA,EAAA,OAAO;AAAA,IACH,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,gBAAgB,IAAA,CAAK,eAAA;AAAA,IACrB,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,UAAU,CAAA;AAAA,IACnC,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,UAAU;AAAA,GACvC;AACJ;AAKA,eAAsB,aAClB,OAAA,EAC2B;AAC3B,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAGnC,EAAA,MAAM,EAAE,IAAA,EAAM,MAAA,EAAQ,OAAO,WAAA,EAAY,GAAI,MAAM,QAAA,CAC9C,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO,GAAG,CAAA,CACV,EAAA,CAAG,SAAS,OAAA,CAAQ,KAAK,EACzB,MAAA,EAAO;AAEZ,EAAA,IAAI,WAAA,IAAe,CAAC,MAAA,EAAQ;AACxB,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC/C;AAGA,EAAA,IAAI,IAAI,IAAA,CAAK,MAAA,CAAO,UAAU,CAAA,mBAAI,IAAI,MAAK,EAAG;AAC1C,IAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,EACxC;AAGA,EAAA,MAAM,EAAE,MAAM,KAAA,EAAM,GAAI,MAAM,QAAA,CACzB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO;AAAA,IACJ,iBAAiB,MAAA,CAAO,eAAA;AAAA,IACxB,SAAS,OAAA,CAAQ,MAAA;AAAA,IACjB,MAAM,MAAA,CAAO;AAAA,GAChB,CAAA,CACA,MAAA,EAAO,CACP,MAAA,EAAO;AAEZ,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EAC5D;AAGA,EAAA,MAAM,QAAA,CAAS,KAAK,sBAAsB,CAAA,CAAE,QAAO,CAAE,EAAA,CAAG,IAAA,EAAM,MAAA,CAAO,EAAE,CAAA;AAEvE,EAAA,OAAO;AAAA,IACH,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,gBAAgB,IAAA,CAAK,eAAA;AAAA,IACrB,QAAQ,IAAA,CAAK,OAAA;AAAA,IACb,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,UAAU;AAAA,GACvC;AACJ;AAKA,eAAsB,cAClB,OAAA,EACa;AACb,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAEnC,EAAA,MAAM,EAAE,OAAM,GAAI,MAAM,SACnB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO,EAAE,IAAA,EAAM,QAAQ,IAAA,EAAM,CAAA,CAC7B,EAAA,CAAG,iBAAA,EAAmB,OAAA,CAAQ,cAAc,CAAA,CAC5C,EAAA,CAAG,SAAA,EAAW,OAAA,CAAQ,MAAM,CAAA;AAEjC,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EAC7D;AACJ;AAKA,eAAsB,aAClB,OAAA,EACa;AACb,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAEnC,EAAA,MAAM,EAAE,KAAA,EAAM,GAAI,MAAM,QAAA,CACnB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,EAAO,CACP,EAAA,CAAG,mBAAmB,OAAA,CAAQ,cAAc,EAC5C,EAAA,CAAG,SAAA,EAAW,QAAQ,MAAM,CAAA;AAEjC,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EAC/D;AACJ;AAKA,eAAsB,uBAClB,cAAA,EAC6B;AAC7B,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAEnC,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,QAAA,CACzB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO,GAAG,CAAA,CACV,EAAA,CAAG,mBAAmB,cAAc,CAAA;AAEzC,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EAC7D;AAEA,EAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAS;AAAA,IACtB,IAAI,GAAA,CAAI,EAAA;AAAA,IACR,gBAAgB,GAAA,CAAI,eAAA;AAAA,IACpB,QAAQ,GAAA,CAAI,OAAA;AAAA,IACZ,MAAM,GAAA,CAAI,IAAA;AAAA,IACV,SAAA,EAAW,IAAI,IAAA,CAAK,GAAA,CAAI,UAAU;AAAA,GACtC,CAAE,CAAA;AACN;AAKA,eAAsB,qBAClB,MAAA,EACuB;AACvB,EAAA,MAAM,WAAW,iBAAA,EAAkB;AAEnC,EAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,QAAA,CACzB,IAAA,CAAK,sBAAsB,CAAA,CAC3B,MAAA,CAAO,kBAAkB,CAAA,CACzB,EAAA,CAAG,WAAW,MAAM,CAAA;AAEzB,EAAA,IAAI,KAAA,EAAO;AACP,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,EACnE;AAEA,EAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAc;AAAA,IAC3B,EAAA,EAAI,IAAI,aAAA,CAAc,EAAA;AAAA,IACtB,IAAA,EAAM,IAAI,aAAA,CAAc,IAAA;AAAA,IACxB,OAAA,EAAS,IAAI,aAAA,CAAc,QAAA;AAAA,IAC3B,SAAA,EAAW,IAAI,IAAA,CAAK,GAAA,CAAI,cAAc,UAAU;AAAA,GACpD,CAAE,CAAA;AACN;;;AC7MO,IAAM,MAAA,GAAS;AAAA;AAAA,EAElB,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EAGA,kBAAA;AAAA,EACA,YAAA;AAAA,EACA,YAAA;AAAA,EACA,aAAA;AAAA,EACA,YAAA;AAAA,EACA,sBAAA;AAAA,EACA;AACJ;AAgBO,IAAM,OAAA,GAAU","file":"index.js","sourcesContent":["/**\n * Client-side functions for @vocoweb/tenant\n */\n\n\n\nconst CURRENT_ORG_KEY = 'voco_current_organization';\n\n/**\n * Switch active organization\n */\nexport async function switchOrganization(organizationId: string): Promise<void> {\n    if (typeof window === 'undefined') {\n        throw new Error('switchOrganization can only be called client-side');\n    }\n\n    localStorage.setItem(CURRENT_ORG_KEY, organizationId);\n\n    // Trigger storage event for cross-tab synchronization\n    window.dispatchEvent(\n        new StorageEvent('storage', {\n            key: CURRENT_ORG_KEY,\n            newValue: organizationId,\n        })\n    );\n}\n\n/**\n * Get current active organization\n */\nexport function getCurrentOrganization(): string | null {\n    if (typeof window === 'undefined') {\n        return null;\n    }\n\n    return localStorage.getItem(CURRENT_ORG_KEY);\n}\n\n/**\n * Listen to organization changes\n */\nexport function onOrganizationChange(\n    callback: (organizationId: string | null) => void\n): () => void {\n    if (typeof window === 'undefined') {\n        return () => { };\n    }\n\n    const handler = (e: StorageEvent) => {\n        if (e.key === CURRENT_ORG_KEY) {\n            callback(e.newValue);\n        }\n    };\n\n    window.addEventListener('storage', handler);\n\n    return () => {\n        window.removeEventListener('storage', handler);\n    };\n}\n","/**\n * Server-side functions for @vocoweb/tenant\n */\n\nimport { createClient } from '@supabase/supabase-js';\nimport type {\n    Organization,\n    OrganizationMember,\n    OrganizationInvite,\n    CreateOrganizationOptions,\n    InviteMemberOptions,\n    AcceptInviteOptions,\n    SetMemberRoleOptions,\n    RemoveMemberOptions,\n} from './types';\n\nconst getSupabaseClient = () => {\n    const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;\n    const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY;\n\n    if (!supabaseUrl || !supabaseKey) {\n        throw new Error('Supabase credentials not configured');\n    }\n\n    return createClient(supabaseUrl, supabaseKey);\n};\n\n/**\n * Create a new organization\n */\nexport async function createOrganization(\n    options: CreateOrganizationOptions\n): Promise<Organization> {\n    const supabase = getSupabaseClient();\n\n    const { data, error } = await supabase\n        .from('organizations')\n        .insert({\n            name: options.name,\n            owner_id: options.ownerId,\n        })\n        .select()\n        .single();\n\n    if (error) {\n        throw new Error(`Failed to create organization: ${error.message}`);\n    }\n\n    // Add owner as admin member\n    await supabase.from('organization_members').insert({\n        organization_id: data.id,\n        user_id: options.ownerId,\n        role: 'owner',\n    });\n\n    return {\n        id: data.id,\n        name: data.name,\n        ownerId: data.owner_id,\n        createdAt: new Date(data.created_at),\n    };\n}\n\n/**\n * Invite a member to an organization\n */\nexport async function inviteMember(\n    options: InviteMemberOptions\n): Promise<OrganizationInvite> {\n    const supabase = getSupabaseClient();\n\n    // Generate unique token\n    const token = crypto.randomUUID();\n    const expiresAt = new Date();\n    expiresAt.setDate(expiresAt.getDate() + 7); // 7 days expiry\n\n    const { data, error } = await supabase\n        .from('organization_invites')\n        .insert({\n            organization_id: options.organizationId,\n            email: options.email,\n            role: options.role,\n            token,\n            expires_at: expiresAt.toISOString(),\n        })\n        .select()\n        .single();\n\n    if (error) {\n        throw new Error(`Failed to create invite: ${error.message}`);\n    }\n\n    // TODO: Send email notification\n    // await notify.sendEmail({\n    //   to: options.email,\n    //   template: 'organization-invite',\n    //   data: { organizationId: options.organizationId, token }\n    // });\n\n    return {\n        id: data.id,\n        organizationId: data.organization_id,\n        email: data.email,\n        role: data.role,\n        token: data.token,\n        expiresAt: new Date(data.expires_at),\n        createdAt: new Date(data.created_at),\n    };\n}\n\n/**\n * Accept an organization invite\n */\nexport async function acceptInvite(\n    options: AcceptInviteOptions\n): Promise<OrganizationMember> {\n    const supabase = getSupabaseClient();\n\n    // Get invite\n    const { data: invite, error: inviteError } = await supabase\n        .from('organization_invites')\n        .select('*')\n        .eq('token', options.token)\n        .single();\n\n    if (inviteError || !invite) {\n        throw new Error('Invalid or expired invite');\n    }\n\n    // Check expiry\n    if (new Date(invite.expires_at) < new Date()) {\n        throw new Error('Invite has expired');\n    }\n\n    // Add member\n    const { data, error } = await supabase\n        .from('organization_members')\n        .insert({\n            organization_id: invite.organization_id,\n            user_id: options.userId,\n            role: invite.role,\n        })\n        .select()\n        .single();\n\n    if (error) {\n        throw new Error(`Failed to add member: ${error.message}`);\n    }\n\n    // Delete invite\n    await supabase.from('organization_invites').delete().eq('id', invite.id);\n\n    return {\n        id: data.id,\n        organizationId: data.organization_id,\n        userId: data.user_id,\n        role: data.role,\n        createdAt: new Date(data.created_at),\n    };\n}\n\n/**\n * Set member role\n */\nexport async function setMemberRole(\n    options: SetMemberRoleOptions\n): Promise<void> {\n    const supabase = getSupabaseClient();\n\n    const { error } = await supabase\n        .from('organization_members')\n        .update({ role: options.role })\n        .eq('organization_id', options.organizationId)\n        .eq('user_id', options.userId);\n\n    if (error) {\n        throw new Error(`Failed to update role: ${error.message}`);\n    }\n}\n\n/**\n * Remove member from organization\n */\nexport async function removeMember(\n    options: RemoveMemberOptions\n): Promise<void> {\n    const supabase = getSupabaseClient();\n\n    const { error } = await supabase\n        .from('organization_members')\n        .delete()\n        .eq('organization_id', options.organizationId)\n        .eq('user_id', options.userId);\n\n    if (error) {\n        throw new Error(`Failed to remove member: ${error.message}`);\n    }\n}\n\n/**\n * Get organization members\n */\nexport async function getOrganizationMembers(\n    organizationId: string\n): Promise<OrganizationMember[]> {\n    const supabase = getSupabaseClient();\n\n    const { data, error } = await supabase\n        .from('organization_members')\n        .select('*')\n        .eq('organization_id', organizationId);\n\n    if (error) {\n        throw new Error(`Failed to get members: ${error.message}`);\n    }\n\n    return data.map((row) => ({\n        id: row.id,\n        organizationId: row.organization_id,\n        userId: row.user_id,\n        role: row.role,\n        createdAt: new Date(row.created_at),\n    }));\n}\n\n/**\n * Get user's organizations\n */\nexport async function getUserOrganizations(\n    userId: string\n): Promise<Organization[]> {\n    const supabase = getSupabaseClient();\n\n    const { data, error } = await supabase\n        .from('organization_members')\n        .select('organizations(*)')\n        .eq('user_id', userId);\n\n    if (error) {\n        throw new Error(`Failed to get organizations: ${error.message}`);\n    }\n\n    return data.map((row: any) => ({\n        id: row.organizations.id,\n        name: row.organizations.name,\n        ownerId: row.organizations.owner_id,\n        createdAt: new Date(row.organizations.created_at),\n    }));\n}\n","/**\n * @vocoweb/tenant\n * Production-ready multi-tenancy and RBAC for B2B SaaS\n */\n\n// Types\nexport * from './types';\n\n// Client-side\nexport * from './client';\n\n// Server-side\nexport * from './server';\n\n// Import for unified API\nimport * as clientTenant from './client';\nimport * as serverTenant from './server';\n\nimport type {\n    Organization,\n    OrganizationMember,\n    OrganizationInvite,\n    CreateOrganizationOptions,\n    InviteMemberOptions,\n    AcceptInviteOptions,\n    SetMemberRoleOptions,\n    RemoveMemberOptions,\n    UserRole,\n} from './types';\n\n/**\n * Main tenant API\n *\n * @example\n * import { tenant } from '@vocoweb/tenant';\n *\n * // Server-side\n * const org = await tenant.createOrganization({ name: 'Acme Inc', ownerId: userId });\n * await tenant.inviteMember({ organizationId, email, role: 'member' });\n *\n * // Client-side\n * await tenant.switchOrganization(orgId);\n */\nexport const tenant = {\n    // Client methods\n    switchOrganization: clientTenant.switchOrganization,\n    getCurrentOrganization: clientTenant.getCurrentOrganization,\n    onOrganizationChange: clientTenant.onOrganizationChange,\n\n    // Server methods\n    createOrganization: serverTenant.createOrganization,\n    inviteMember: serverTenant.inviteMember,\n    acceptInvite: serverTenant.acceptInvite,\n    setMemberRole: serverTenant.setMemberRole,\n    removeMember: serverTenant.removeMember,\n    getOrganizationMembers: serverTenant.getOrganizationMembers,\n    getUserOrganizations: serverTenant.getUserOrganizations,\n};\n\n// Re-export types\nexport type {\n    Organization,\n    OrganizationMember,\n    OrganizationInvite,\n    CreateOrganizationOptions,\n    InviteMemberOptions,\n    AcceptInviteOptions,\n    SetMemberRoleOptions,\n    RemoveMemberOptions,\n    UserRole,\n};\n\n// Version\nexport const VERSION = '1.0.0';\n"]}