alepha 0.19.3 → 0.19.5

package/dist/api/invitations/index.d.ts

@@ -0,0 +1,790 @@
+import * as _$alepha from "alepha";
+import { Alepha, Static, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
+import * as _$alepha_server0 from "alepha/server";
+import * as _$alepha_orm0 from "alepha/orm";
+import { Page } from "alepha/orm";
+import { UserEntity } from "alepha/api/users";
+import { CryptoProvider } from "alepha/crypto";
+import { DateTimeProvider } from "alepha/datetime";
+import * as _$alepha_logger0 from "alepha/logger";
+import * as _$alepha_api_jobs0 from "alepha/api/jobs";
+import { BuildExtraConfigColumns, SQL } from "drizzle-orm";
+import { PgColumnBuilderBase, PgSequenceOptions, PgTableExtraConfigValue, UpdateDeleteAction } from "drizzle-orm/pg-core";
+//#region ../../src/api/invitations/entities/invitations.d.ts
+declare const invitations: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
+  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+  version: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TInteger, typeof _$alepha_orm0.PG_VERSION>, typeof _$alepha_orm0.PG_DEFAULT>;
+  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+  updatedAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_UPDATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+  invitedBy: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
+  email: _$alepha.TString;
+  resourceType: _$alepha.TString;
+  resourceId: _$alepha.TString;
+  status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+  token: _$alepha.TString;
+  expiresAt: _$alepha.TString;
+  resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+  resolvedBy: _$alepha.TOptional<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>>;
+}>>;
+type InvitationEntity = Static<typeof invitations.schema>;
+//#endregion
+//#region ../../src/orm/core/schemas/insertSchema.d.ts
+/**
+ * Transforms a TObject schema for insert operations.
+ * All default properties at the root level are made optional.
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name: string; age: number(default=0); fullName: generated }
+ * After:  { name: string; age?: number; }
+ */
+type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends {
+  [PG_DEFAULT]: any;
+} | {
+  "~optional": true;
+} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/schemas/updateSchema.d.ts
+/**
+ * Transforms a TObject schema for update operations.
+ * All optional properties at the root level are made nullable (i.e., `T | null`).
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name?: string; age: number; fullName: generated }
+ * After:  { name?: string | null; age: number; }
+ */
+type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/primitives/$entity.d.ts
+interface EntityPrimitiveOptions<T extends TObject, Keys = keyof Static<T>> {
+  /**
+   * The database table name that will be created for this entity.
+   * If not provided, name will be inferred from the $repository variable name.
+   */
+  name: string;
+  /**
+   * TypeBox schema defining the table structure and column types.
+   */
+  schema: T;
+  /**
+   * Database indexes to create for query optimization.
+   */
+  indexes?: (Keys | {
+    /**
+     * Single column to index.
+     */
+    column: Keys;
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * Multiple columns for composite index (order matters for query optimization).
+     */
+    columns: Keys[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * SQL expressions for expression-based indexes.
+     *
+     * Can include column references and SQL functions like `LOWER()`, `UPPER()`, etc.
+     * Columns and expressions can be mixed together.
+     *
+     * @example
+     * ```ts
+     * // Case-insensitive unique username per realm
+     * indexes: [{
+     *   expressions: (self) => [self.realm, sql`LOWER(${self.username})`],
+     *   unique: true,
+     *   name: "users_realm_username_lower_idx",
+     * }]
+     * ```
+     */
+    expressions: (self: Record<Keys & string, any>) => (SQL | any)[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  })[];
+  /**
+   * Foreign key constraints to maintain referential integrity.
+   */
+  foreignKeys?: Array<{
+    /**
+     * Optional name for the foreign key constraint.
+     */
+    name?: string;
+    /**
+     * Local columns that reference the foreign table.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Referenced columns in the foreign table.
+     * Must be EntityColumn references from other entities.
+     */
+    foreignColumns: Array<() => EntityColumn<any>>;
+  }>;
+  /**
+   * Additional table constraints for data validation.
+   *
+   * Constraints enforce business rules at the database level, providing
+   * an additional layer of data integrity beyond application validation.
+   *
+   * **Constraint Types**:
+   * - **Unique constraints**: Prevent duplicate values across columns
+   * - **Check constraints**: Enforce custom validation rules with SQL expressions
+   *
+   * @example
+   * ```ts
+   * constraints: [
+   *   {
+   *     name: "unique_user_email",
+   *     columns: ["email"],
+   *     unique: true
+   *   },
+   *   {
+   *     name: "valid_age_range",
+   *     columns: ["age"],
+   *     check: sql`age >= 0 AND age <= 150`
+   *   },
+   *   {
+   *     name: "unique_user_username_per_tenant",
+   *     columns: ["tenantId", "username"],
+   *     unique: true
+   *   }
+   * ]
+   * ```
+   */
+  constraints?: Array<{
+    /**
+     * Columns involved in this constraint.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Optional name for the constraint.
+     */
+    name?: string;
+    /**
+     * Whether this is a unique constraint.
+     */
+    unique?: boolean | {};
+    /**
+     * SQL expression for check constraint validation.
+     */
+    check?: SQL;
+  }>;
+  /**
+   * Advanced Drizzle ORM configuration for complex table setups.
+   */
+  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
+}
+declare class EntityPrimitive<T extends TObject = TObject> {
+  readonly options: EntityPrimitiveOptions<T>;
+  constructor(options: EntityPrimitiveOptions<T>);
+  alias(alias: string): this;
+  get cols(): EntityColumns<T>;
+  get name(): string;
+  get schema(): T;
+  get insertSchema(): TObjectInsert<T>;
+  get updateSchema(): TObjectUpdate<T>;
+}
+/**
+ * Convert a schema to columns.
+ */
+type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
+type EntityColumn<T extends TObject> = {
+  name: string;
+  entity: EntityPrimitive<T>;
+};
+type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
+//#endregion
+//#region ../../src/orm/core/constants/PG_SYMBOLS.d.ts
+declare const PG_DEFAULT: unique symbol;
+declare const PG_PRIMARY_KEY: unique symbol;
+declare const PG_CREATED_AT: unique symbol;
+declare const PG_UPDATED_AT: unique symbol;
+declare const PG_DELETED_AT: unique symbol;
+declare const PG_VERSION: unique symbol;
+declare const PG_IDENTITY: unique symbol;
+declare const PG_ENUM: unique symbol;
+declare const PG_REF: unique symbol;
+declare const PG_GENERATED: unique symbol;
+declare const PG_ORGANIZATION: unique symbol;
+/**
+ * @deprecated Use `PG_IDENTITY` instead.
+ */
+declare const PG_SERIAL: unique symbol;
+type PgSymbols = {
+  [PG_DEFAULT]: {};
+  [PG_PRIMARY_KEY]: {};
+  [PG_CREATED_AT]: {};
+  [PG_UPDATED_AT]: {};
+  [PG_DELETED_AT]: {};
+  [PG_VERSION]: {};
+  [PG_IDENTITY]: PgIdentityOptions;
+  [PG_REF]: PgRefOptions;
+  [PG_ENUM]: PgEnumOptions;
+  [PG_GENERATED]: PgGeneratedOptions;
+  [PG_ORGANIZATION]: {};
+  /**
+   * @deprecated Use `PG_IDENTITY` instead.
+   */
+  [PG_SERIAL]: {};
+};
+type PgSymbolKeys = keyof PgSymbols;
+type PgIdentityOptions = {
+  mode: "always" | "byDefault";
+} & PgSequenceOptions & {
+  name?: string;
+};
+interface PgEnumOptions {
+  name?: string;
+  description?: string;
+}
+interface PgGeneratedOptions {
+  /**
+   * SQL expression for the generated column.
+   */
+  expression: SQL;
+  /**
+   * Storage mode for the generated column.
+   * - `"stored"` — value is computed on write and stored on disk (default for PostgreSQL).
+   * - `"virtual"` — value is computed on read (default for SQLite).
+   */
+  mode?: "stored" | "virtual";
+}
+interface PgRefOptions {
+  ref: () => {
+    name: string;
+    entity: EntityPrimitive;
+  };
+  actions?: {
+    onUpdate?: UpdateDeleteAction;
+    onDelete?: UpdateDeleteAction;
+  };
+}
+//#endregion
+//#region ../../src/orm/core/helpers/pgAttr.d.ts
+/**
+ * Type representation.
+ */
+type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
+//#endregion
+//#region ../../src/orm/core/schemas/databaseEnvSchema.d.ts
+/**
+ * Base database environment schema.
+ *
+ * Defines the `DATABASE_URL` connection string used by all ORM providers
+ * to determine the database driver and connection target.
+ *
+ * Supported URL formats:
+ * - `sqlite://:memory:` or `sqlite://./path/to/db` — SQLite (Node.js or Bun)
+ * - `postgres://user:password@host:port/database` — PostgreSQL (Node.js or Bun)
+ * - `pglite://:memory:` or `pglite://./path` — PGlite (embedded Postgres)
+ * - `d1://BINDING_NAME` — Cloudflare D1
+ * - `hyperdrive://BINDING_NAME` — Cloudflare Hyperdrive
+ */
+declare const databaseEnvSchema: _$alepha.TObject<{
+  DATABASE_URL: _$alepha.TOptional<_$alepha.TString>;
+  /**
+   * Enable or disable push-based schema synchronization (drizzle-kit push).
+   *
+   * Defaults to `true` in development and test, `false` in production.
+   * Set to `false` in development to skip automatic schema sync
+   * (e.g. when managing migrations manually).
+   */
+  DATABASE_SYNC: _$alepha.TOptional<_$alepha.TBoolean>;
+}>;
+declare module "alepha" {
+  interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
+} //# sourceMappingURL=databaseEnvSchema.d.ts.map
+//#endregion
+//#region ../../src/api/invitations/providers/InvitationProvider.d.ts
+/**
+ * Abstract provider that apps implement to customize invitation behavior
+ * per resource type.
+ */
+declare abstract class InvitationProvider {
+  /**
+   * Validate that the resource exists and the inviter has permission to invite.
+   * Throw BadRequestError/ForbiddenError to reject.
+   */
+  abstract validateResource(resourceType: string, resourceId: string, inviter: {
+    id: string;
+    email?: string;
+  }): Promise<void>;
+  /**
+   * Check if the email is already a member of the resource.
+   * Return true to reject the invitation as duplicate membership.
+   */
+  abstract isMember(resourceType: string, resourceId: string, email: string, userId?: string): Promise<boolean>;
+  /**
+   * Called when an invitation is accepted.
+   * Create membership records, assign roles, etc.
+   */
+  abstract onAccept(invitation: InvitationEntity, acceptedBy: {
+    id: string;
+    email?: string;
+  }): Promise<void>;
+  /**
+   * Return display info for the resource (used in API responses).
+   */
+  abstract getResourceInfo(resourceType: string, resourceId: string): Promise<{
+    name: string;
+    description?: string;
+    url?: string;
+  }>;
+}
+//#endregion
+//#region ../../src/api/invitations/schemas/createInvitationSchema.d.ts
+declare const createInvitationSchema: _$alepha.TObject<{
+  email: _$alepha.TString;
+  resourceType: _$alepha.TString;
+  resourceId: _$alepha.TString;
+  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+}>;
+type CreateInvitation = Static<typeof createInvitationSchema>;
+//#endregion
+//#region ../../src/api/invitations/schemas/invitationQuerySchema.d.ts
+declare const invitationQuerySchema: _$alepha.TObject<{
+  page: _$alepha.TOptional<_$alepha.TInteger>;
+  size: _$alepha.TOptional<_$alepha.TInteger>;
+  sort: _$alepha.TOptional<_$alepha.TString>;
+  email: _$alepha.TOptional<_$alepha.TString>;
+  resourceType: _$alepha.TOptional<_$alepha.TString>;
+  resourceId: _$alepha.TOptional<_$alepha.TString>;
+  status: _$alepha.TOptional<_$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">>;
+  invitedBy: _$alepha.TOptional<_$alepha.TString>;
+}>;
+type InvitationQuery = Static<typeof invitationQuerySchema>;
+//#endregion
+//#region ../../src/api/invitations/schemas/invitationWithResourceInfoSchema.d.ts
+declare const invitationWithResourceInfoSchema: _$alepha.TObject<{
+  id: _$alepha.TString;
+  email: _$alepha.TString;
+  resourceType: _$alepha.TString;
+  resourceId: _$alepha.TString;
+  resourceName: _$alepha.TString;
+  resourceUrl: _$alepha.TOptional<_$alepha.TString>;
+  invitedBy: _$alepha.TString;
+  inviterName: _$alepha.TOptional<_$alepha.TString>;
+  inviterEmail: _$alepha.TOptional<_$alepha.TString>;
+  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+  createdAt: _$alepha.TString;
+  expiresAt: _$alepha.TString;
+}>;
+type InvitationWithResourceInfo = Static<typeof invitationWithResourceInfoSchema>;
+//#endregion
+//#region ../../src/api/invitations/schemas/myInvitationsQuerySchema.d.ts
+declare const myInvitationsQuerySchema: _$alepha.TObject<{
+  status: _$alepha.TOptional<_$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">>;
+}>;
+type MyInvitationsQuery = Static<typeof myInvitationsQuerySchema>;
+//#endregion
+//#region ../../src/api/invitations/services/InvitationService.d.ts
+declare class InvitationService {
+  protected readonly alepha: Alepha;
+  protected readonly log: _$alepha_logger0.Logger;
+  protected readonly repo: _$alepha_orm0.Repository<_$alepha.TObject<{
+    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+    version: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TInteger, typeof _$alepha_orm0.PG_VERSION>, typeof _$alepha_orm0.PG_DEFAULT>;
+    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    updatedAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_UPDATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    invitedBy: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
+    email: _$alepha.TString;
+    resourceType: _$alepha.TString;
+    resourceId: _$alepha.TString;
+    status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+    roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+    metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+    token: _$alepha.TString;
+    expiresAt: _$alepha.TString;
+    resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+    resolvedBy: _$alepha.TOptional<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>>;
+  }>>;
+  protected readonly users: _$alepha_orm0.Repository<_$alepha.TObject<{
+    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+    version: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TInteger, typeof _$alepha_orm0.PG_VERSION>, typeof _$alepha_orm0.PG_DEFAULT>;
+    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    updatedAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_UPDATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    realm: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_DEFAULT>;
+    username: _$alepha.TOptional<_$alepha.TString>;
+    email: _$alepha.TOptional<_$alepha.TString>;
+    phoneNumber: _$alepha.TOptional<_$alepha.TString>;
+    roles: _$alepha_orm0.PgAttr<_$alepha.TArray<_$alepha.TString>, typeof _$alepha_orm0.PG_DEFAULT>;
+    firstName: _$alepha.TOptional<_$alepha.TString>;
+    lastName: _$alepha.TOptional<_$alepha.TString>;
+    picture: _$alepha.TOptional<_$alepha.TString>;
+    enabled: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+    emailVerified: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+    organizationId: _$alepha_orm0.PgAttr<_$alepha.TOptional<_$alepha.TString>, typeof _$alepha_orm0.PG_ORGANIZATION>;
+  }>>;
+  protected readonly crypto: CryptoProvider;
+  protected readonly dateTime: DateTimeProvider;
+  protected readonly provider: InvitationProvider;
+  /**
+   * Get an invitation by ID.
+   */
+  getById(id: string): Promise<InvitationEntity>;
+  /**
+   * Create a new invitation.
+   */
+  create(data: CreateInvitation, inviter: {
+    id: string;
+    email?: string;
+  }): Promise<InvitationEntity>;
+  /**
+   * Accept a pending invitation.
+   */
+  accept(invitationId: string, acceptedBy: {
+    id: string;
+    email?: string;
+  }): Promise<void>;
+  /**
+   * Decline a pending invitation.
+   */
+  decline(invitationId: string, declinedBy: {
+    id: string;
+    email?: string;
+  }): Promise<void>;
+  /**
+   * Revoke a pending invitation (by the inviter or admin).
+   */
+  revoke(invitationId: string, revokedBy: {
+    id: string;
+  }): Promise<void>;
+  /**
+   * Find invitations for a given email with resource info enrichment.
+   */
+  findByEmail(email: string, query?: MyInvitationsQuery): Promise<InvitationWithResourceInfo[]>;
+  /**
+   * Find invitations for a specific resource.
+   */
+  findByResource(resourceType: string, resourceId: string, status?: string): Promise<InvitationEntity[]>;
+  /**
+   * Find invitations with pagination and filtering (admin).
+   */
+  findInvitations(query?: InvitationQuery): Promise<Page<InvitationEntity>>;
+  /**
+   * Delete an invitation (admin). Only non-pending invitations can be deleted.
+   */
+  deleteInvitation(id: string): Promise<void>;
+  /**
+   * Expire all pending invitations that have passed their expiration date.
+   * Returns the number of expired invitations.
+   */
+  expirePending(): Promise<number>;
+  /**
+   * Purge resolved invitations older than the configured purge days.
+   * Returns the number of purged invitations.
+   */
+  purgeResolved(): Promise<number>;
+  /**
+   * Load user records for a list of inviter IDs.
+   */
+  protected loadInviters(ids: string[]): Promise<Map<string, UserEntity>>;
+  /**
+   * Format inviter display name from user entity.
+   */
+  protected formatInviterName(user?: UserEntity): string | undefined;
+}
+//#endregion
+//#region ../../src/api/invitations/controllers/AdminInvitationController.d.ts
+declare class AdminInvitationController {
+  protected readonly url = "/invitations";
+  protected readonly group = "admin:invitations";
+  protected readonly invitationService: InvitationService;
+  /**
+   * Find invitations with pagination and filtering.
+   */
+  readonly findInvitations: _$alepha_server0.ActionPrimitiveFn<{
+    query: _$alepha.TObject<{
+      page: _$alepha.TOptional<_$alepha.TInteger>;
+      size: _$alepha.TOptional<_$alepha.TInteger>;
+      sort: _$alepha.TOptional<_$alepha.TString>;
+      email: _$alepha.TOptional<_$alepha.TString>;
+      resourceType: _$alepha.TOptional<_$alepha.TString>;
+      resourceId: _$alepha.TOptional<_$alepha.TString>;
+      status: _$alepha.TOptional<_$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">>;
+      invitedBy: _$alepha.TOptional<_$alepha.TString>;
+    }>;
+    response: _$alepha.TPage<_$alepha.TObject<{
+      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      version: PgAttr<PgAttr<_$alepha.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      updatedAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
+      invitedBy: PgAttr<_$alepha.TString, typeof PG_REF>;
+      email: _$alepha.TString;
+      resourceType: _$alepha.TString;
+      resourceId: _$alepha.TString;
+      status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+      token: _$alepha.TString;
+      expiresAt: _$alepha.TString;
+      resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+      resolvedBy: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_REF>>;
+    }>>;
+  }>;
+  /**
+   * Get an invitation by ID.
+   */
+  readonly getInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$alepha.TObject<{
+      id: _$alepha.TString;
+    }>;
+    response: _$alepha.TObject<{
+      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      version: PgAttr<PgAttr<_$alepha.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      updatedAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
+      invitedBy: PgAttr<_$alepha.TString, typeof PG_REF>;
+      email: _$alepha.TString;
+      resourceType: _$alepha.TString;
+      resourceId: _$alepha.TString;
+      status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+      token: _$alepha.TString;
+      expiresAt: _$alepha.TString;
+      resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+      resolvedBy: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_REF>>;
+    }>;
+  }>;
+  /**
+   * Revoke a pending invitation.
+   */
+  readonly revokeInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$alepha.TObject<{
+      id: _$alepha.TString;
+    }>;
+    response: _$alepha.TObject<{
+      ok: _$alepha.TBoolean;
+      id: _$alepha.TOptional<_$alepha.TUnion<[_$alepha.TString, _$alepha.TInteger]>>;
+      count: _$alepha.TOptional<_$alepha.TNumber>;
+    }>;
+  }>;
+  /**
+   * Delete an invitation.
+   */
+  readonly deleteInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$alepha.TObject<{
+      id: _$alepha.TString;
+    }>;
+    response: _$alepha.TObject<{
+      ok: _$alepha.TBoolean;
+      id: _$alepha.TOptional<_$alepha.TUnion<[_$alepha.TString, _$alepha.TInteger]>>;
+      count: _$alepha.TOptional<_$alepha.TNumber>;
+    }>;
+  }>;
+}
+//#endregion
+//#region ../../src/api/invitations/controllers/InvitationController.d.ts
+declare class InvitationController {
+  protected readonly url = "/invitations";
+  protected readonly group = "invitations";
+  protected readonly invitationService: InvitationService;
+  /**
+   * Create a new invitation.
+   */
+  readonly createInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    body: _$alepha.TObject<{
+      email: _$alepha.TString;
+      resourceType: _$alepha.TString;
+      resourceId: _$alepha.TString;
+      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+    }>;
+    response: _$alepha.TObject<{
+      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      version: PgAttr<PgAttr<_$alepha.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      updatedAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
+      invitedBy: PgAttr<_$alepha.TString, typeof PG_REF>;
+      email: _$alepha.TString;
+      resourceType: _$alepha.TString;
+      resourceId: _$alepha.TString;
+      status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+      token: _$alepha.TString;
+      expiresAt: _$alepha.TString;
+      resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+      resolvedBy: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_REF>>;
+    }>;
+  }>;
+  /**
+   * List invitations for the current user.
+   */
+  readonly getMyInvitations: _$alepha_server0.ActionPrimitiveFn<{
+    query: _$alepha.TObject<{
+      status: _$alepha.TOptional<_$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">>;
+    }>;
+    response: _$alepha.TArray<_$alepha.TObject<{
+      id: _$alepha.TString;
+      email: _$alepha.TString;
+      resourceType: _$alepha.TString;
+      resourceId: _$alepha.TString;
+      resourceName: _$alepha.TString;
+      resourceUrl: _$alepha.TOptional<_$alepha.TString>;
+      invitedBy: _$alepha.TString;
+      inviterName: _$alepha.TOptional<_$alepha.TString>;
+      inviterEmail: _$alepha.TOptional<_$alepha.TString>;
+      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+      createdAt: _$alepha.TString;
+      expiresAt: _$alepha.TString;
+    }>>;
+  }>;
+  /**
+   * Accept an invitation.
+   */
+  readonly acceptInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$alepha.TObject<{
+      id: _$alepha.TString;
+    }>;
+    response: _$alepha.TObject<{
+      ok: _$alepha.TBoolean;
+      id: _$alepha.TOptional<_$alepha.TUnion<[_$alepha.TString, _$alepha.TInteger]>>;
+      count: _$alepha.TOptional<_$alepha.TNumber>;
+    }>;
+  }>;
+  /**
+   * Decline an invitation.
+   */
+  readonly declineInvitation: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$alepha.TObject<{
+      id: _$alepha.TString;
+    }>;
+    response: _$alepha.TObject<{
+      ok: _$alepha.TBoolean;
+      id: _$alepha.TOptional<_$alepha.TUnion<[_$alepha.TString, _$alepha.TInteger]>>;
+      count: _$alepha.TOptional<_$alepha.TNumber>;
+    }>;
+  }>;
+}
+//#endregion
+//#region ../../src/api/invitations/jobs/InvitationJobs.d.ts
+declare class InvitationJobs {
+  protected readonly log: _$alepha_logger0.Logger;
+  protected readonly invitationService: InvitationService;
+  /**
+   * Expire pending invitations that have passed their expiration date.
+   */
+  readonly expireInvitations: _$alepha_api_jobs0.JobPrimitive<_$alepha.TSchema>;
+  /**
+   * Purge old resolved invitations.
+   */
+  readonly purgeInvitations: _$alepha_api_jobs0.JobPrimitive<_$alepha.TSchema>;
+}
+//#endregion
+//#region ../../src/api/invitations/schemas/invitationConfigAtom.d.ts
+declare const invitationConfigAtom: _$alepha.Atom<_$alepha.TObject<{
+  expirationDays: _$alepha.TInteger;
+  maxPendingPerResource: _$alepha.TInteger;
+  maxPendingPerInviter: _$alepha.TInteger;
+  purgeDays: _$alepha.TInteger;
+}>, "alepha.api.invitations.config">;
+//#endregion
+//#region ../../src/api/invitations/schemas/invitationResourceSchema.d.ts
+declare const invitationResourceSchema: _$alepha.TObject<{
+  id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+  version: PgAttr<PgAttr<_$alepha.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
+  createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+  updatedAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
+  invitedBy: PgAttr<_$alepha.TString, typeof PG_REF>;
+  email: _$alepha.TString;
+  resourceType: _$alepha.TString;
+  resourceId: _$alepha.TString;
+  status: _$alepha.TUnsafe<"pending" | "accepted" | "declined" | "expired" | "revoked">;
+  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  metadata: _$alepha.TOptional<_$alepha.TRecord<"^.*$", _$alepha.TAny>>;
+  token: _$alepha.TString;
+  expiresAt: _$alepha.TString;
+  resolvedAt: _$alepha.TOptional<_$alepha.TString>;
+  resolvedBy: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_REF>>;
+}>;
+type InvitationResource = Static<typeof invitationResourceSchema>;
+//#endregion
+//#region ../../src/api/invitations/index.d.ts
+declare module "alepha" {
+  interface Hooks {
+    "invitation:created": {
+      invitation: InvitationEntity;
+      token: string;
+      inviter: {
+        id: string;
+        email?: string;
+      };
+    };
+    "invitation:accepted": {
+      invitation: InvitationEntity;
+      acceptedBy: {
+        id: string;
+        email?: string;
+      };
+    };
+    "invitation:declined": {
+      invitation: InvitationEntity;
+      declinedBy: {
+        id: string;
+        email?: string;
+      };
+    };
+    "invitation:expired": {
+      invitation: InvitationEntity;
+    };
+    "invitation:revoked": {
+      invitation: InvitationEntity;
+      revokedBy: {
+        id: string;
+      };
+    };
+  }
+}
+/**
+ * Invitation management module — create, accept, decline, revoke, and expire invitations.
+ *
+ * @module alepha.api.invitations
+ */
+declare const AlephaApiInvitations: _$alepha.Service<_$alepha.Module>;
+//#endregion
+export { AdminInvitationController, AlephaApiInvitations, CreateInvitation, InvitationController, InvitationEntity, InvitationJobs, InvitationProvider, InvitationQuery, InvitationResource, InvitationService, InvitationWithResourceInfo, MyInvitationsQuery, createInvitationSchema, invitationConfigAtom, invitationQuerySchema, invitationResourceSchema, invitationWithResourceInfoSchema, invitations, myInvitationsQuerySchema };
+//# sourceMappingURL=index.d.ts.map