@wopr-network/platform-core 1.16.0 → 1.17.0

package/dist/auth/tenant-access.test.js

@@ -15,6 +15,8 @@ function mockOrgMemberRepo(overrides = {}) {
         deleteInvite: vi.fn().mockResolvedValue(undefined),
         deleteAllMembers: vi.fn().mockResolvedValue(undefined),
         deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+        listOrgsByUser: vi.fn().mockResolvedValue([]),
+        markInviteAccepted: vi.fn().mockResolvedValue(undefined),
         ...overrides,
     };
 }

package/dist/db/schema/organization-members.d.ts

@@ -230,6 +230,40 @@ export declare const organizationInvites: import("drizzle-orm/pg-core").PgTableW
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        acceptedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "accepted_at";
+            tableName: "organization_invites";
+            dataType: "number";
+            columnType: "PgBigInt53";
+            data: number;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        revokedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "revoked_at";
+            tableName: "organization_invites";
+            dataType: "number";
+            columnType: "PgBigInt53";
+            data: number;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
     };
     dialect: "pg";
 }>;

package/dist/db/schema/organization-members.js

@@ -24,4 +24,6 @@ export const organizationInvites = pgTable("organization_invites", {
     createdAt: bigint("created_at", { mode: "number" })
         .notNull()
         .default(sql `(extract(epoch from now()) * 1000)::bigint`),
+    acceptedAt: bigint("accepted_at", { mode: "number" }),
+    revokedAt: bigint("revoked_at", { mode: "number" }),
 }, (table) => [index("idx_org_invites_org_id").on(table.orgId), index("idx_org_invites_token").on(table.token)]);

package/dist/tenancy/org-member-repository.d.ts

@@ -22,6 +22,8 @@ export interface OrgInviteRow {
     token: string;
     expiresAt: number;
     createdAt: number;
+    acceptedAt: number | null;
+    revokedAt: number | null;
 }
 export interface IOrgMemberRepository {
     listMembers(orgId: string): Promise<OrgMemberRow[]>;
@@ -37,6 +39,11 @@ export interface IOrgMemberRepository {
     deleteInvite(inviteId: string): Promise<void>;
     deleteAllMembers(orgId: string): Promise<void>;
     deleteAllInvites(orgId: string): Promise<void>;
+    listOrgsByUser(userId: string): Promise<Array<{
+        orgId: string;
+        role: string;
+    }>>;
+    markInviteAccepted(inviteId: string): Promise<void>;
 }
 export declare class DrizzleOrgMemberRepository implements IOrgMemberRepository {
     private readonly db;
@@ -54,4 +61,9 @@ export declare class DrizzleOrgMemberRepository implements IOrgMemberRepository
     deleteInvite(inviteId: string): Promise<void>;
     deleteAllMembers(orgId: string): Promise<void>;
     deleteAllInvites(orgId: string): Promise<void>;
+    listOrgsByUser(userId: string): Promise<Array<{
+        orgId: string;
+        role: string;
+    }>>;
+    markInviteAccepted(inviteId: string): Promise<void>;
 }

package/dist/tenancy/org-member-repository.js

@@ -29,6 +29,8 @@ function toInvite(row) {
         token: row.token,
         expiresAt: row.expiresAt,
         createdAt: row.createdAt,
+        acceptedAt: row.acceptedAt ?? null,
+        revokedAt: row.revokedAt ?? null,
     };
 }
 export class DrizzleOrgMemberRepository {
@@ -96,4 +98,16 @@ export class DrizzleOrgMemberRepository {
     async deleteAllInvites(orgId) {
         await this.db.delete(organizationInvites).where(eq(organizationInvites.orgId, orgId));
     }
+    async listOrgsByUser(userId) {
+        return this.db
+            .select({ orgId: organizationMembers.orgId, role: organizationMembers.role })
+            .from(organizationMembers)
+            .where(eq(organizationMembers.userId, userId));
+    }
+    async markInviteAccepted(inviteId) {
+        await this.db
+            .update(organizationInvites)
+            .set({ acceptedAt: Date.now() })
+            .where(eq(organizationInvites.id, inviteId));
+    }
 }

package/dist/tenancy/org-service.d.ts

@@ -67,8 +67,17 @@ export declare class OrgService {
     changeRole(orgId: string, actorUserId: string, targetUserId: string, newRole: "admin" | "member"): Promise<void>;
     removeMember(orgId: string, actorUserId: string, targetUserId: string): Promise<void>;
     transferOwnership(orgId: string, actorUserId: string, targetUserId: string): Promise<void>;
+    acceptInvite(token: string, userId: string): Promise<{
+        orgId: string;
+        role: string;
+    }>;
+    listOrgsForUser(userId: string): Promise<Array<{
+        orgId: string;
+        role: string;
+    }>>;
     validateSlug(slug: string): void;
     private buildOrgWithMembers;
     private requireOrg;
-    private requireAdminOrOwner;
+    requireAdminOrOwner(orgId: string, userId: string): Promise<void>;
+    requireOwner(orgId: string, userId: string): Promise<void>;
 }

package/dist/tenancy/org-service.js

@@ -121,6 +121,8 @@ export class OrgService {
             token,
             expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
             createdAt: Date.now(),
+            acceptedAt: null,
+            revokedAt: null,
         };
         await this.memberRepo.createInvite(invite);
         return invite;
@@ -179,6 +181,37 @@ export class OrgService {
         await this.memberRepo.updateMemberRole(orgId, actorUserId, "admin");
         await this.orgRepo.updateOwner(orgId, targetUserId);
     }
+    async acceptInvite(token, userId) {
+        const invite = await this.memberRepo.findInviteByToken(token);
+        if (!invite)
+            throw new TRPCError({ code: "NOT_FOUND", message: "Invite not found" });
+        if (invite.acceptedAt)
+            throw new TRPCError({ code: "BAD_REQUEST", message: "Invite already accepted" });
+        // revokedAt guard — currently no UI sets this field, but the schema supports it
+        // for future use (e.g., admin revokes an outstanding invite).
+        if (invite.revokedAt)
+            throw new TRPCError({ code: "BAD_REQUEST", message: "Invite has been revoked" });
+        if (invite.expiresAt && new Date(invite.expiresAt) < new Date()) {
+            throw new TRPCError({ code: "BAD_REQUEST", message: "Invite has expired" });
+        }
+        // Guard: reject if user is already a member (prevents consuming the invite silently)
+        const existing = await this.memberRepo.findMember(invite.orgId, userId);
+        if (existing) {
+            throw new TRPCError({ code: "CONFLICT", message: "User is already a member of this organization" });
+        }
+        await this.memberRepo.addMember({
+            id: crypto.randomUUID(),
+            orgId: invite.orgId,
+            userId,
+            role: invite.role ?? "member",
+            joinedAt: Date.now(),
+        });
+        await this.memberRepo.markInviteAccepted(invite.id);
+        return { orgId: invite.orgId, role: invite.role ?? "member" };
+    }
+    async listOrgsForUser(userId) {
+        return this.memberRepo.listOrgsByUser(userId);
+    }
     validateSlug(slug) {
         if (!/^[a-z0-9][a-z0-9-]{1,46}[a-z0-9]$/.test(slug)) {
             throw new TRPCError({
@@ -238,4 +271,10 @@ export class OrgService {
             throw new TRPCError({ code: "FORBIDDEN", message: "Admin or owner role required" });
         }
     }
+    async requireOwner(orgId, userId) {
+        const member = await this.memberRepo.findMember(orgId, userId);
+        if (!member || member.role !== "owner") {
+            throw new TRPCError({ code: "FORBIDDEN", message: "Owner role required" });
+        }
+    }
 }

package/dist/tenancy/org-service.test.js

@@ -325,6 +325,8 @@ describe("OrgService", () => {
                 token: "tok-d3",
                 expiresAt: Date.now() + 86400000,
                 createdAt: Date.now(),
+                acceptedAt: null,
+                revokedAt: null,
             });
             await svc.deleteOrg(org.id, owner);
             expect(await orgRepo.getById(org.id)).toBeNull();
@@ -547,6 +549,223 @@ describe("OrgService", () => {
             await expect(svc.removeMember(org.id, owner, admin)).resolves.not.toThrow();
         });
     });
+    describe("listOrgsForUser", () => {
+        it("returns orgs the user is a member of", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-lof1";
+            const org1 = await orgRepo.createOrg(owner, "List Org 1", "list-org-1");
+            await memberRepo.addMember({
+                id: "mlof1",
+                orgId: org1.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            const org2 = await orgRepo.createOrg(owner, "List Org 2", "list-org-2");
+            await memberRepo.addMember({
+                id: "mlof2",
+                orgId: org2.id,
+                userId: owner,
+                role: "admin",
+                joinedAt: Date.now(),
+            });
+            const result = await svc.listOrgsForUser(owner);
+            expect(result).toHaveLength(2);
+            expect(result.map((r) => r.orgId).sort()).toEqual([org1.id, org2.id].sort());
+        });
+        it("returns empty array for unknown user", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const result = await svc.listOrgsForUser("totally-unknown-user");
+            expect(result).toEqual([]);
+        });
+    });
+    describe("acceptInvite", () => {
+        it("accepts a valid invite and creates membership", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-ai1";
+            const org = await orgRepo.createOrg(owner, "Accept Org", "accept-org");
+            await memberRepo.addMember({
+                id: "mai1",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            const invite = await svc.inviteMember(org.id, owner, "new@example.com", "admin");
+            const result = await svc.acceptInvite(invite.token, "new-user-ai1");
+            expect(result).toEqual({ orgId: org.id, role: "admin" });
+            // Verify membership was created
+            const member = await memberRepo.findMember(org.id, "new-user-ai1");
+            expect(member).not.toBeNull();
+            expect(member?.role).toBe("admin");
+            // Verify invite was marked accepted
+            const updatedInvite = await memberRepo.findInviteByToken(invite.token);
+            expect(updatedInvite?.acceptedAt).not.toBeNull();
+        });
+        it("throws NOT_FOUND for unknown token", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            await expect(svc.acceptInvite("bad-token", "user-1")).rejects.toThrow(expect.objectContaining({ code: "NOT_FOUND" }));
+        });
+        it("throws BAD_REQUEST for already-accepted invite", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-ai2";
+            const org = await orgRepo.createOrg(owner, "Accept Org 2", "accept-org-2");
+            await memberRepo.addMember({
+                id: "mai2",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            const invite = await svc.inviteMember(org.id, owner, "dup@example.com", "member");
+            await svc.acceptInvite(invite.token, "first-user");
+            await expect(svc.acceptInvite(invite.token, "second-user")).rejects.toThrow(expect.objectContaining({ code: "BAD_REQUEST", message: "Invite already accepted" }));
+        });
+        it("throws BAD_REQUEST for expired invite", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-ai3";
+            const org = await orgRepo.createOrg(owner, "Accept Org 3", "accept-org-3");
+            await memberRepo.addMember({
+                id: "mai3",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            // Create an expired invite directly
+            await memberRepo.createInvite({
+                id: "inv-expired",
+                orgId: org.id,
+                email: "expired@example.com",
+                role: "member",
+                invitedBy: owner,
+                token: "tok-expired",
+                expiresAt: Date.now() - 1000, // already expired
+                createdAt: Date.now() - 86400000,
+                acceptedAt: null,
+                revokedAt: null,
+            });
+            await expect(svc.acceptInvite("tok-expired", "late-user")).rejects.toThrow(expect.objectContaining({ code: "BAD_REQUEST", message: "Invite has expired" }));
+        });
+    });
+    describe("requireAdminOrOwner", () => {
+        it("passes for admin", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-rao1";
+            const admin = "admin-rao1";
+            const org = await orgRepo.createOrg(owner, "RAO Org", "rao-org");
+            await memberRepo.addMember({
+                id: "mrao1",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await memberRepo.addMember({
+                id: "mrao2",
+                orgId: org.id,
+                userId: admin,
+                role: "admin",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireAdminOrOwner(org.id, admin)).resolves.toBeUndefined();
+        });
+        it("passes for owner", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-rao2";
+            const org = await orgRepo.createOrg(owner, "RAO Org 2", "rao-org-2");
+            await memberRepo.addMember({
+                id: "mrao3",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireAdminOrOwner(org.id, owner)).resolves.toBeUndefined();
+        });
+        it("throws FORBIDDEN for regular member", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-rao3";
+            const member = "member-rao3";
+            const org = await orgRepo.createOrg(owner, "RAO Org 3", "rao-org-3");
+            await memberRepo.addMember({
+                id: "mrao4",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await memberRepo.addMember({
+                id: "mrao5",
+                orgId: org.id,
+                userId: member,
+                role: "member",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireAdminOrOwner(org.id, member)).rejects.toThrow(expect.objectContaining({ code: "FORBIDDEN" }));
+        });
+        it("throws FORBIDDEN for non-member", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-rao4";
+            const org = await orgRepo.createOrg(owner, "RAO Org 4", "rao-org-4");
+            await memberRepo.addMember({
+                id: "mrao6",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireAdminOrOwner(org.id, "stranger")).rejects.toThrow(expect.objectContaining({ code: "FORBIDDEN" }));
+        });
+    });
+    describe("requireOwner", () => {
+        it("passes for owner", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-ro1";
+            const org = await orgRepo.createOrg(owner, "RO Org", "ro-org");
+            await memberRepo.addMember({
+                id: "mro1",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireOwner(org.id, owner)).resolves.toBeUndefined();
+        });
+        it("throws FORBIDDEN for admin", async () => {
+            const { orgRepo, memberRepo } = await setup(db);
+            const svc = new OrgService(orgRepo, memberRepo, db);
+            const owner = "owner-ro2";
+            const admin = "admin-ro2";
+            const org = await orgRepo.createOrg(owner, "RO Org 2", "ro-org-2");
+            await memberRepo.addMember({
+                id: "mro2",
+                orgId: org.id,
+                userId: owner,
+                role: "owner",
+                joinedAt: Date.now(),
+            });
+            await memberRepo.addMember({
+                id: "mro3",
+                orgId: org.id,
+                userId: admin,
+                role: "admin",
+                joinedAt: Date.now(),
+            });
+            await expect(svc.requireOwner(org.id, admin)).rejects.toThrow(expect.objectContaining({ code: "FORBIDDEN" }));
+        });
+    });
     describe("buildOrgWithMembers member resolution", () => {
         it("resolves member name and email from userRepo when provided", async () => {
             await pool.query(`CREATE TABLE IF NOT EXISTS "user" (id TEXT PRIMARY KEY, name TEXT, email TEXT, image TEXT, "twoFactorEnabled" BOOLEAN DEFAULT false)`);

package/dist/trpc/index.d.ts

@@ -1 +1 @@
-export { adminProcedure, createCallerFactory, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, type TRPCContext, tenantProcedure, } from "./init.js";
+export { adminProcedure, createCallerFactory, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, type TRPCContext, tenantProcedure, } from "./init.js";

package/dist/trpc/index.js

@@ -1 +1 @@
-export { adminProcedure, createCallerFactory, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";
+export { adminProcedure, createCallerFactory, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";

package/dist/trpc/init.d.ts

@@ -46,4 +46,11 @@ export declare const tenantProcedure: import("@trpc/server").TRPCProcedureBuilde
 export declare const orgMemberProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
     tenantId: string | undefined;
     user: AuthUser;
+    orgRole: "member" | "admin" | "owner";
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/** Procedure that requires authentication + org admin/owner role (orgId must be in input). */
+export declare const orgAdminProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
+    tenantId: string | undefined;
+    user: AuthUser | undefined;
+    orgRole: "member" | "admin" | "owner";
 }, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;

package/dist/trpc/init.js

@@ -120,7 +120,22 @@ const isOrgMember = t.middleware(async ({ ctx, next, getRawInput }) => {
     if (!member) {
         throw new TRPCError({ code: "FORBIDDEN", message: "Not a member of this organization" });
     }
-    return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+    return next({
+        ctx: { user: ctx.user, tenantId: ctx.tenantId, orgRole: member.role },
+    });
 });
 /** Procedure that requires authentication + org membership (orgId must be in input). */
 export const orgMemberProcedure = t.procedure.use(isAuthed).use(isOrgMember);
+/**
+ * Middleware that enforces admin or owner role within an org.
+ * Must be chained after isOrgMember so ctx.orgRole is guaranteed.
+ */
+const isOrgAdmin = t.middleware(async ({ ctx, next }) => {
+    const role = ctx.orgRole;
+    if (role === "member") {
+        throw new TRPCError({ code: "FORBIDDEN", message: "Admin or owner role required" });
+    }
+    return next({ ctx });
+});
+/** Procedure that requires authentication + org admin/owner role (orgId must be in input). */
+export const orgAdminProcedure = orgMemberProcedure.use(isOrgAdmin);

package/dist/trpc/init.test.js

@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { adminProcedure, createCallerFactory, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";
+import { adminProcedure, createCallerFactory, orgAdminProcedure, orgMemberProcedure, protectedProcedure, publicProcedure, router, setTrpcOrgMemberRepo, tenantProcedure, } from "./init.js";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -19,6 +19,8 @@ function makeMockRepo(overrides) {
         deleteInvite: vi.fn().mockResolvedValue(undefined),
         deleteAllMembers: vi.fn().mockResolvedValue(undefined),
         deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+        listOrgsByUser: vi.fn().mockResolvedValue([]),
+        markInviteAccepted: vi.fn().mockResolvedValue(undefined),
         ...overrides,
     };
 }
@@ -29,6 +31,7 @@ const appRouter = router({
     adminHello: adminProcedure.query(() => "admin-ok"),
     tenantHello: tenantProcedure.query(() => "tenant-ok"),
     orgAction: orgMemberProcedure.input((v) => v).mutation(() => "org-ok"),
+    orgAdminAction: orgAdminProcedure.input((v) => v).mutation(() => "org-admin-ok"),
 });
 const createCaller = createCallerFactory(appRouter);
 // ---------------------------------------------------------------------------
@@ -187,4 +190,39 @@ describe("tRPC procedure builders", () => {
             expect(await caller.orgAction({ orgId: "org-1" })).toBe("org-ok");
         });
     });
+    // -----------------------------------------------------------------------
+    // orgAdminProcedure
+    // -----------------------------------------------------------------------
+    describe("orgAdminProcedure", () => {
+        it("rejects regular members", async () => {
+            const repo = makeMockRepo({
+                findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "member", joinedAt: 0 }),
+            });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.orgAdminAction({ orgId: "org-1" })).rejects.toThrow("Admin or owner role required");
+        });
+        it("allows admin members", async () => {
+            const repo = makeMockRepo({
+                findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "admin", joinedAt: 0 }),
+            });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            expect(await caller.orgAdminAction({ orgId: "org-1" })).toBe("org-admin-ok");
+        });
+        it("allows owner members", async () => {
+            const repo = makeMockRepo({
+                findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "owner", joinedAt: 0 }),
+            });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            expect(await caller.orgAdminAction({ orgId: "org-1" })).toBe("org-admin-ok");
+        });
+        it("rejects non-members", async () => {
+            const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.orgAdminAction({ orgId: "org-1" })).rejects.toThrow("Not a member of this organization");
+        });
+    });
 });

package/drizzle/migrations/0006_invite_acceptance.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "organization_invites" ADD COLUMN "accepted_at" bigint;--> statement-breakpoint
+ALTER TABLE "organization_invites" ADD COLUMN "revoked_at" bigint;

package/drizzle/migrations/meta/_journal.json

@@ -43,6 +43,13 @@
       "when": 1742054400000,
       "tag": "0005_stablecoin_columns",
       "breakpoints": true
+    },
+    {
+      "idx": 6,
+      "version": "7",
+      "when": 1742140800000,
+      "tag": "0006_invite_acceptance",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/tenant-access.test.ts

@@ -17,6 +17,8 @@ function mockOrgMemberRepo(overrides: Partial<IOrgMemberRepository> = {}): IOrgM
     deleteInvite: vi.fn().mockResolvedValue(undefined),
     deleteAllMembers: vi.fn().mockResolvedValue(undefined),
     deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+    listOrgsByUser: vi.fn().mockResolvedValue([]),
+    markInviteAccepted: vi.fn().mockResolvedValue(undefined),
     ...overrides,
   };
 }

package/src/db/schema/organization-members.ts

@@ -32,6 +32,8 @@ export const organizationInvites = pgTable(
     createdAt: bigint("created_at", { mode: "number" })
       .notNull()
       .default(sql`(extract(epoch from now()) * 1000)::bigint`),
+    acceptedAt: bigint("accepted_at", { mode: "number" }),
+    revokedAt: bigint("revoked_at", { mode: "number" }),
   },
   (table) => [index("idx_org_invites_org_id").on(table.orgId), index("idx_org_invites_token").on(table.token)],
 );

package/src/tenancy/org-member-repository.ts

@@ -31,6 +31,8 @@ export interface OrgInviteRow {
   token: string;
   expiresAt: number;
   createdAt: number;
+  acceptedAt: number | null;
+  revokedAt: number | null;
 }
 
 // ---------------------------------------------------------------------------
@@ -52,6 +54,8 @@ export interface IOrgMemberRepository {
   deleteInvite(inviteId: string): Promise<void>;
   deleteAllMembers(orgId: string): Promise<void>;
   deleteAllInvites(orgId: string): Promise<void>;
+  listOrgsByUser(userId: string): Promise<Array<{ orgId: string; role: string }>>;
+  markInviteAccepted(inviteId: string): Promise<void>;
 }
 
 // ---------------------------------------------------------------------------
@@ -78,6 +82,8 @@ function toInvite(row: typeof organizationInvites.$inferSelect): OrgInviteRow {
     token: row.token,
     expiresAt: row.expiresAt,
     createdAt: row.createdAt,
+    acceptedAt: row.acceptedAt ?? null,
+    revokedAt: row.revokedAt ?? null,
   };
 }
 
@@ -156,4 +162,18 @@ export class DrizzleOrgMemberRepository implements IOrgMemberRepository {
   async deleteAllInvites(orgId: string): Promise<void> {
     await this.db.delete(organizationInvites).where(eq(organizationInvites.orgId, orgId));
   }
+
+  async listOrgsByUser(userId: string): Promise<Array<{ orgId: string; role: string }>> {
+    return this.db
+      .select({ orgId: organizationMembers.orgId, role: organizationMembers.role })
+      .from(organizationMembers)
+      .where(eq(organizationMembers.userId, userId));
+  }
+
+  async markInviteAccepted(inviteId: string): Promise<void> {
+    await this.db
+      .update(organizationInvites)
+      .set({ acceptedAt: Date.now() })
+      .where(eq(organizationInvites.id, inviteId));
+  }
 }

package/src/tenancy/org-service.test.ts

@@ -382,6 +382,8 @@ describe("OrgService", () => {
         token: "tok-d3",
         expiresAt: Date.now() + 86400000,
         createdAt: Date.now(),
+        acceptedAt: null,
+        revokedAt: null,
       });
 
       await svc.deleteOrg(org.id, owner);
@@ -632,6 +634,264 @@ describe("OrgService", () => {
     });
   });
 
+  describe("listOrgsForUser", () => {
+    it("returns orgs the user is a member of", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-lof1";
+
+      const org1 = await orgRepo.createOrg(owner, "List Org 1", "list-org-1");
+      await memberRepo.addMember({
+        id: "mlof1",
+        orgId: org1.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      const org2 = await orgRepo.createOrg(owner, "List Org 2", "list-org-2");
+      await memberRepo.addMember({
+        id: "mlof2",
+        orgId: org2.id,
+        userId: owner,
+        role: "admin",
+        joinedAt: Date.now(),
+      });
+
+      const result = await svc.listOrgsForUser(owner);
+      expect(result).toHaveLength(2);
+      expect(result.map((r) => r.orgId).sort()).toEqual([org1.id, org2.id].sort());
+    });
+
+    it("returns empty array for unknown user", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+
+      const result = await svc.listOrgsForUser("totally-unknown-user");
+      expect(result).toEqual([]);
+    });
+  });
+
+  describe("acceptInvite", () => {
+    it("accepts a valid invite and creates membership", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-ai1";
+      const org = await orgRepo.createOrg(owner, "Accept Org", "accept-org");
+      await memberRepo.addMember({
+        id: "mai1",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      const invite = await svc.inviteMember(org.id, owner, "new@example.com", "admin");
+      const result = await svc.acceptInvite(invite.token, "new-user-ai1");
+
+      expect(result).toEqual({ orgId: org.id, role: "admin" });
+
+      // Verify membership was created
+      const member = await memberRepo.findMember(org.id, "new-user-ai1");
+      expect(member).not.toBeNull();
+      expect(member?.role).toBe("admin");
+
+      // Verify invite was marked accepted
+      const updatedInvite = await memberRepo.findInviteByToken(invite.token);
+      expect(updatedInvite?.acceptedAt).not.toBeNull();
+    });
+
+    it("throws NOT_FOUND for unknown token", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+
+      await expect(svc.acceptInvite("bad-token", "user-1")).rejects.toThrow(
+        expect.objectContaining({ code: "NOT_FOUND" }),
+      );
+    });
+
+    it("throws BAD_REQUEST for already-accepted invite", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-ai2";
+      const org = await orgRepo.createOrg(owner, "Accept Org 2", "accept-org-2");
+      await memberRepo.addMember({
+        id: "mai2",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      const invite = await svc.inviteMember(org.id, owner, "dup@example.com", "member");
+      await svc.acceptInvite(invite.token, "first-user");
+
+      await expect(svc.acceptInvite(invite.token, "second-user")).rejects.toThrow(
+        expect.objectContaining({ code: "BAD_REQUEST", message: "Invite already accepted" }),
+      );
+    });
+
+    it("throws BAD_REQUEST for expired invite", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-ai3";
+      const org = await orgRepo.createOrg(owner, "Accept Org 3", "accept-org-3");
+      await memberRepo.addMember({
+        id: "mai3",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      // Create an expired invite directly
+      await memberRepo.createInvite({
+        id: "inv-expired",
+        orgId: org.id,
+        email: "expired@example.com",
+        role: "member",
+        invitedBy: owner,
+        token: "tok-expired",
+        expiresAt: Date.now() - 1000, // already expired
+        createdAt: Date.now() - 86400000,
+        acceptedAt: null,
+        revokedAt: null,
+      });
+
+      await expect(svc.acceptInvite("tok-expired", "late-user")).rejects.toThrow(
+        expect.objectContaining({ code: "BAD_REQUEST", message: "Invite has expired" }),
+      );
+    });
+  });
+
+  describe("requireAdminOrOwner", () => {
+    it("passes for admin", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-rao1";
+      const admin = "admin-rao1";
+      const org = await orgRepo.createOrg(owner, "RAO Org", "rao-org");
+      await memberRepo.addMember({
+        id: "mrao1",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+      await memberRepo.addMember({
+        id: "mrao2",
+        orgId: org.id,
+        userId: admin,
+        role: "admin",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireAdminOrOwner(org.id, admin)).resolves.toBeUndefined();
+    });
+
+    it("passes for owner", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-rao2";
+      const org = await orgRepo.createOrg(owner, "RAO Org 2", "rao-org-2");
+      await memberRepo.addMember({
+        id: "mrao3",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireAdminOrOwner(org.id, owner)).resolves.toBeUndefined();
+    });
+
+    it("throws FORBIDDEN for regular member", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-rao3";
+      const member = "member-rao3";
+      const org = await orgRepo.createOrg(owner, "RAO Org 3", "rao-org-3");
+      await memberRepo.addMember({
+        id: "mrao4",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+      await memberRepo.addMember({
+        id: "mrao5",
+        orgId: org.id,
+        userId: member,
+        role: "member",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireAdminOrOwner(org.id, member)).rejects.toThrow(
+        expect.objectContaining({ code: "FORBIDDEN" }),
+      );
+    });
+
+    it("throws FORBIDDEN for non-member", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-rao4";
+      const org = await orgRepo.createOrg(owner, "RAO Org 4", "rao-org-4");
+      await memberRepo.addMember({
+        id: "mrao6",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireAdminOrOwner(org.id, "stranger")).rejects.toThrow(
+        expect.objectContaining({ code: "FORBIDDEN" }),
+      );
+    });
+  });
+
+  describe("requireOwner", () => {
+    it("passes for owner", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-ro1";
+      const org = await orgRepo.createOrg(owner, "RO Org", "ro-org");
+      await memberRepo.addMember({
+        id: "mro1",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireOwner(org.id, owner)).resolves.toBeUndefined();
+    });
+
+    it("throws FORBIDDEN for admin", async () => {
+      const { orgRepo, memberRepo } = await setup(db);
+      const svc = new OrgService(orgRepo, memberRepo, db);
+      const owner = "owner-ro2";
+      const admin = "admin-ro2";
+      const org = await orgRepo.createOrg(owner, "RO Org 2", "ro-org-2");
+      await memberRepo.addMember({
+        id: "mro2",
+        orgId: org.id,
+        userId: owner,
+        role: "owner",
+        joinedAt: Date.now(),
+      });
+      await memberRepo.addMember({
+        id: "mro3",
+        orgId: org.id,
+        userId: admin,
+        role: "admin",
+        joinedAt: Date.now(),
+      });
+
+      await expect(svc.requireOwner(org.id, admin)).rejects.toThrow(expect.objectContaining({ code: "FORBIDDEN" }));
+    });
+  });
+
   describe("buildOrgWithMembers member resolution", () => {
     it("resolves member name and email from userRepo when provided", async () => {
       await pool.query(

package/src/tenancy/org-service.ts

@@ -179,6 +179,8 @@ export class OrgService {
       token,
       expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
       createdAt: Date.now(),
+      acceptedAt: null,
+      revokedAt: null,
     };
     await this.memberRepo.createInvite(invite);
     return invite;
@@ -247,6 +249,38 @@ export class OrgService {
     await this.orgRepo.updateOwner(orgId, targetUserId);
   }
 
+  async acceptInvite(token: string, userId: string): Promise<{ orgId: string; role: string }> {
+    const invite = await this.memberRepo.findInviteByToken(token);
+    if (!invite) throw new TRPCError({ code: "NOT_FOUND", message: "Invite not found" });
+    if (invite.acceptedAt) throw new TRPCError({ code: "BAD_REQUEST", message: "Invite already accepted" });
+    // revokedAt guard — currently no UI sets this field, but the schema supports it
+    // for future use (e.g., admin revokes an outstanding invite).
+    if (invite.revokedAt) throw new TRPCError({ code: "BAD_REQUEST", message: "Invite has been revoked" });
+    if (invite.expiresAt && new Date(invite.expiresAt) < new Date()) {
+      throw new TRPCError({ code: "BAD_REQUEST", message: "Invite has expired" });
+    }
+
+    // Guard: reject if user is already a member (prevents consuming the invite silently)
+    const existing = await this.memberRepo.findMember(invite.orgId, userId);
+    if (existing) {
+      throw new TRPCError({ code: "CONFLICT", message: "User is already a member of this organization" });
+    }
+
+    await this.memberRepo.addMember({
+      id: crypto.randomUUID(),
+      orgId: invite.orgId,
+      userId,
+      role: invite.role ?? "member",
+      joinedAt: Date.now(),
+    });
+    await this.memberRepo.markInviteAccepted(invite.id);
+    return { orgId: invite.orgId, role: invite.role ?? "member" };
+  }
+
+  async listOrgsForUser(userId: string): Promise<Array<{ orgId: string; role: string }>> {
+    return this.memberRepo.listOrgsByUser(userId);
+  }
+
   validateSlug(slug: string): void {
     if (!/^[a-z0-9][a-z0-9-]{1,46}[a-z0-9]$/.test(slug)) {
       throw new TRPCError({
@@ -304,10 +338,17 @@ export class OrgService {
     return org;
   }
 
-  private async requireAdminOrOwner(orgId: string, userId: string): Promise<void> {
+  async requireAdminOrOwner(orgId: string, userId: string): Promise<void> {
     const member = await this.memberRepo.findMember(orgId, userId);
     if (!member || (member.role !== "admin" && member.role !== "owner")) {
       throw new TRPCError({ code: "FORBIDDEN", message: "Admin or owner role required" });
     }
   }
+
+  async requireOwner(orgId: string, userId: string): Promise<void> {
+    const member = await this.memberRepo.findMember(orgId, userId);
+    if (!member || member.role !== "owner") {
+      throw new TRPCError({ code: "FORBIDDEN", message: "Owner role required" });
+    }
+  }
 }

package/src/trpc/index.ts

@@ -1,6 +1,7 @@
 export {
   adminProcedure,
   createCallerFactory,
+  orgAdminProcedure,
   orgMemberProcedure,
   protectedProcedure,
   publicProcedure,

package/src/trpc/init.test.ts

@@ -3,6 +3,7 @@ import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
 import {
   adminProcedure,
   createCallerFactory,
+  orgAdminProcedure,
   orgMemberProcedure,
   protectedProcedure,
   publicProcedure,
@@ -31,6 +32,8 @@ function makeMockRepo(overrides?: Partial<IOrgMemberRepository>): IOrgMemberRepo
     deleteInvite: vi.fn().mockResolvedValue(undefined),
     deleteAllMembers: vi.fn().mockResolvedValue(undefined),
     deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+    listOrgsByUser: vi.fn().mockResolvedValue([]),
+    markInviteAccepted: vi.fn().mockResolvedValue(undefined),
     ...overrides,
   };
 }
@@ -42,6 +45,7 @@ const appRouter = router({
   adminHello: adminProcedure.query(() => "admin-ok"),
   tenantHello: tenantProcedure.query(() => "tenant-ok"),
   orgAction: orgMemberProcedure.input((v: unknown) => v as { orgId: string }).mutation(() => "org-ok"),
+  orgAdminAction: orgAdminProcedure.input((v: unknown) => v as { orgId: string }).mutation(() => "org-admin-ok"),
 });
 
 const createCaller = createCallerFactory(appRouter);
@@ -240,4 +244,48 @@ describe("tRPC procedure builders", () => {
       expect(await caller.orgAction({ orgId: "org-1" })).toBe("org-ok");
     });
   });
+
+  // -----------------------------------------------------------------------
+  // orgAdminProcedure
+  // -----------------------------------------------------------------------
+
+  describe("orgAdminProcedure", () => {
+    it("rejects regular members", async () => {
+      const repo = makeMockRepo({
+        findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "member", joinedAt: 0 }),
+      });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.orgAdminAction({ orgId: "org-1" })).rejects.toThrow("Admin or owner role required");
+    });
+
+    it("allows admin members", async () => {
+      const repo = makeMockRepo({
+        findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "admin", joinedAt: 0 }),
+      });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      expect(await caller.orgAdminAction({ orgId: "org-1" })).toBe("org-admin-ok");
+    });
+
+    it("allows owner members", async () => {
+      const repo = makeMockRepo({
+        findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "owner", joinedAt: 0 }),
+      });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      expect(await caller.orgAdminAction({ orgId: "org-1" })).toBe("org-admin-ok");
+    });
+
+    it("rejects non-members", async () => {
+      const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+      setTrpcOrgMemberRepo(repo);
+
+      const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+      await expect(caller.orgAdminAction({ orgId: "org-1" })).rejects.toThrow("Not a member of this organization");
+    });
+  });
 });

package/src/trpc/init.ts

@@ -152,8 +152,25 @@ const isOrgMember = t.middleware(async ({ ctx, next, getRawInput }) => {
   if (!member) {
     throw new TRPCError({ code: "FORBIDDEN", message: "Not a member of this organization" });
   }
-  return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+  return next({
+    ctx: { user: ctx.user, tenantId: ctx.tenantId, orgRole: member.role as "owner" | "admin" | "member" },
+  });
 });
 
 /** Procedure that requires authentication + org membership (orgId must be in input). */
 export const orgMemberProcedure = t.procedure.use(isAuthed).use(isOrgMember);
+
+/**
+ * Middleware that enforces admin or owner role within an org.
+ * Must be chained after isOrgMember so ctx.orgRole is guaranteed.
+ */
+const isOrgAdmin = t.middleware(async ({ ctx, next }) => {
+  const role = (ctx as Record<string, unknown>).orgRole as string | undefined;
+  if (role === "member") {
+    throw new TRPCError({ code: "FORBIDDEN", message: "Admin or owner role required" });
+  }
+  return next({ ctx });
+});
+
+/** Procedure that requires authentication + org admin/owner role (orgId must be in input). */
+export const orgAdminProcedure = orgMemberProcedure.use(isOrgAdmin);