eggi-ai-db-schema-2 12.54.2

package/dist/utils/invitation-operations.js

@@ -0,0 +1,749 @@
+"use strict";
+/**
+ * =============================================================================
+ * INVITATION OPERATIONS - Database Operations for User Invitations
+ * =============================================================================
+ * Helper functions for managing user invitations to organizations
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateInvitationEligibility = validateInvitationEligibility;
+exports.hasActiveInvitationByEmail = hasActiveInvitationByEmail;
+exports.hasActiveInvitationByEmailForOrg = hasActiveInvitationByEmailForOrg;
+exports.isEmailUsedByAuthenticatedUser = isEmailUsedByAuthenticatedUser;
+exports.isEmailReservedByContactInfo = isEmailReservedByContactInfo;
+exports.generateInvitationToken = generateInvitationToken;
+exports.createInvitation = createInvitation;
+exports.validateInvitationToken = validateInvitationToken;
+exports.markInvitationAsUsed = markInvitationAsUsed;
+exports.revokeInvitation = revokeInvitation;
+exports.getInvitationById = getInvitationById;
+exports.getInvitationByToken = getInvitationByToken;
+exports.getPendingInvitationsByOrganization = getPendingInvitationsByOrganization;
+exports.getAllInvitationsByOrganization = getAllInvitationsByOrganization;
+exports.hasPendingInvitation = hasPendingInvitation;
+exports.hasActiveInvitationForShadowUser = hasActiveInvitationForShadowUser;
+exports.getInvitationsSentByUser = getInvitationsSentByUser;
+exports.getPendingInvitationsSentByUser = getPendingInvitationsSentByUser;
+exports.cleanupExpiredInvitations = cleanupExpiredInvitations;
+const pg_client_1 = require("../lib/pg-client");
+const crypto_1 = __importDefault(require("crypto"));
+// =============================================================================
+// ELIGIBILITY CHECKS
+// =============================================================================
+/**
+ * Comprehensive validation for invitation eligibility
+ * Checks all three scenarios:
+ * a) No active invitation exists for this email
+ * b) Email is not already used by an authenticated user
+ * c) Email is not reserved by contact_info
+ */
+async function validateInvitationEligibility(db, email) {
+    const normalizedEmail = email.toLowerCase().trim();
+    // Check a) No active invitation exists for this email
+    const hasActiveInvitation = await hasActiveInvitationByEmail(db, normalizedEmail);
+    if (hasActiveInvitation) {
+        return { eligible: false, reason: "active_invitation" };
+    }
+    // Check b) Email is not already used by an authenticated user
+    const isEmailUsed = await isEmailUsedByAuthenticatedUser(db, normalizedEmail);
+    if (isEmailUsed) {
+        return { eligible: false, reason: "email_registered" };
+    }
+    // Check c) Email is not reserved by contact_info
+    const isEmailReserved = await isEmailReservedByContactInfo(db, normalizedEmail);
+    if (isEmailReserved) {
+        return { eligible: false, reason: "email_reserved" };
+    }
+    return { eligible: true };
+}
+/**
+ * Returns true if there is a still-active (pending) invitation for this email anywhere
+ * Active means: not used, not revoked, and not expired
+ */
+async function hasActiveInvitationByEmail(db, email) {
+    const normalized = email.toLowerCase().trim();
+    const sql = `
+    SELECT id FROM authentication.invitations
+    WHERE email = $1
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    LIMIT 1
+  `;
+    const row = await (0, pg_client_1.queryOne)(db, sql, [normalized]);
+    return !!row;
+}
+/**
+ * Returns true if there is a still-active (pending) invitation for this email in the given organization
+ */
+async function hasActiveInvitationByEmailForOrg(db, email, organizationId) {
+    const normalized = email.toLowerCase().trim();
+    const sql = `
+    SELECT id FROM authentication.invitations
+    WHERE email = $1
+      AND organization_id = $2
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    LIMIT 1
+  `;
+    const row = await (0, pg_client_1.queryOne)(db, sql, [normalized, organizationId]);
+    return !!row;
+}
+/**
+ * Email is already used by an authenticated user if there exists authentication.users → contact_infos value match (case-insensitive)
+ */
+async function isEmailUsedByAuthenticatedUser(db, email) {
+    const normalized = email.toLowerCase().trim();
+    const sql = `
+    SELECT 1 FROM authentication.users au
+    JOIN public.contact_infos ci ON ci.id = au.contact_info_id
+    WHERE LOWER(ci.value) = $1
+    LIMIT 1
+  `;
+    const row = await (0, pg_client_1.queryOne)(db, sql, [normalized]);
+    return !!row;
+}
+/**
+ * Returns true if any contact_info indicates the email is reserved/owned and should not be invited again.
+ * Criteria: ci.type = 'EMAIL' OR ci.source IN ('MANUAL', 'INVITATION') for the same email value.
+ */
+async function isEmailReservedByContactInfo(db, email) {
+    const normalized = email.toLowerCase().trim();
+    const sql = `
+    SELECT 1 FROM public.contact_infos ci
+    LEFT JOIN authentication.users au ON au.contact_info_id = ci.id
+    WHERE LOWER(ci.value) = $1
+      AND (
+        (ci.type = 'EMAIL' AND au.id IS NOT NULL)
+        OR (ci.source IN ('MANUAL', 'INVITATION') AND au.id IS NOT NULL)
+      )
+    LIMIT 1
+  `;
+    const row = await (0, pg_client_1.queryOne)(db, sql, [normalized]);
+    return !!row;
+}
+// =============================================================================
+// TOKEN GENERATION
+// =============================================================================
+/**
+ * Generate a cryptographically secure invitation token
+ * @returns 32-character hex string
+ */
+function generateInvitationToken() {
+    return crypto_1.default.randomBytes(16).toString("hex");
+}
+/**
+ * Helper function to fetch shadow user details with profile picture
+ */
+async function fetchShadowUserWithProfilePicture(db, shadowUserId) {
+    const userSql = `
+    SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1
+  `;
+    const shadowUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [shadowUserId]);
+    if (!shadowUserRecord) {
+        throw new Error(`Shadow user with ID ${shadowUserId} not found`);
+    }
+    // Get LinkedIn profile picture if available (prefer CDN URL over regular LinkedIn URL)
+    const linkedinSql = `
+    SELECT 
+      profile_picture_url,
+      profile_image_cloudfront_url
+    FROM linkedin.accounts
+    WHERE user_id = $1
+    LIMIT 1
+  `;
+    const linkedinAccount = await (0, pg_client_1.queryOne)(db, linkedinSql, [shadowUserId]);
+    // Prefer CDN URL over regular LinkedIn URL
+    const profilePictureUrl = linkedinAccount?.profile_image_cloudfront_url || linkedinAccount?.profile_picture_url || null;
+    return {
+        id: shadowUserRecord.id,
+        givenName: shadowUserRecord.given_name,
+        familyName: shadowUserRecord.family_name,
+        profilePictureUrl: profilePictureUrl,
+    };
+}
+// =============================================================================
+// CREATE INVITATION
+// =============================================================================
+/**
+ * Create a new invitation
+ */
+async function createInvitation(db, input) {
+    const token = generateInvitationToken();
+    const expiresInDays = input.expiresInDays ?? 7;
+    const normalizedEmail = input.email.toLowerCase().trim();
+    // Comprehensive validation: Check all three scenarios
+    const eligibilityCheck = await validateInvitationEligibility(db, normalizedEmail);
+    if (!eligibilityCheck.eligible) {
+        switch (eligibilityCheck.reason) {
+            case "active_invitation":
+                throw new Error("DUPLICATE_ACTIVE_INVITATION");
+            case "email_registered":
+                throw new Error("EMAIL_ALREADY_REGISTERED");
+            case "email_reserved":
+                throw new Error("EMAIL_ALREADY_RESERVED");
+            default:
+                throw new Error("INVITATION_NOT_ELIGIBLE");
+        }
+    }
+    // Handle contact info creation/retrieval for invitation
+    const contactInfoId = await ensureContactInfoForInvitation(db, normalizedEmail, input.shadowUserId);
+    const sql = `
+    INSERT INTO authentication.invitations (
+      email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id, contact_info_id,
+      expires_at, created_at
+    )
+    VALUES ($1, $2, $3, $4, $5, $6, $7, $8, NOW() + ($9 * INTERVAL '1 day'), NOW())
+    RETURNING 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+  `;
+    const invitation = await (0, pg_client_1.queryOne)(db, sql, [
+        normalizedEmail,
+        token,
+        input.invitationMessage || null,
+        input.invitedUserPermissionsRole || "REGULAR",
+        input.invitedByUserId,
+        input.shadowUserId,
+        input.organizationId,
+        contactInfoId,
+        expiresInDays
+    ]);
+    if (!invitation) {
+        throw new Error("Failed to create invitation");
+    }
+    return {
+        id: invitation.id,
+        email: invitation.email,
+        token: invitation.token,
+        invitationMessage: invitation.invitation_message,
+        invitedUserPermissionsRole: invitation.invited_user_permissions_role,
+        invitedByUserId: invitation.invited_by_user_id,
+        shadowUserId: invitation.shadow_user_id,
+        organizationId: invitation.organization_id,
+        createdAt: invitation.created_at,
+        expiresAt: invitation.expires_at,
+        usedAt: invitation.used_at,
+        revokedAt: invitation.revoked_at,
+    };
+}
+// =============================================================================
+// VALIDATE TOKEN
+// =============================================================================
+/**
+ * Validate an invitation token and return invitation details
+ */
+async function validateInvitationToken(db, token) {
+    // First get the invitation
+    const invitationSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE token = $1
+    LIMIT 1
+  `;
+    const invitationRecord = await (0, pg_client_1.queryOne)(db, invitationSql, [token]);
+    if (!invitationRecord) {
+        return { valid: false, reason: "not_found" };
+    }
+    // Check if already used
+    if (invitationRecord.used_at) {
+        return { valid: false, reason: "already_used" };
+    }
+    // Check if revoked
+    if (invitationRecord.revoked_at) {
+        return { valid: false, reason: "revoked" };
+    }
+    // Check if expired
+    if (new Date() > new Date(invitationRecord.expires_at)) {
+        return { valid: false, reason: "expired" };
+    }
+    // Get inviter user details with LinkedIn profile picture
+    const invitedByUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.invited_by_user_id);
+    // Get shadow user details with LinkedIn profile picture
+    const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+    const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+    const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+    if (!organizationRecord) {
+        throw new Error(`Organization ${invitationRecord.organization_id} not found`);
+    }
+    const invitation = {
+        id: invitationRecord.id,
+        email: invitationRecord.email,
+        token: invitationRecord.token,
+        invitationMessage: invitationRecord.invitation_message,
+        invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+        invitedByUserId: invitationRecord.invited_by_user_id,
+        shadowUserId: invitationRecord.shadow_user_id,
+        organizationId: invitationRecord.organization_id,
+        createdAt: invitationRecord.created_at,
+        expiresAt: invitationRecord.expires_at,
+        usedAt: invitationRecord.used_at,
+        revokedAt: invitationRecord.revoked_at,
+        invitedByUser: invitedByUserRecord,
+        shadowUser: shadowUserRecord,
+        organization: organizationRecord,
+    };
+    return {
+        valid: true,
+        invitation,
+    };
+}
+// =============================================================================
+// MARK AS USED
+// =============================================================================
+/**
+ * Mark an invitation as used
+ */
+async function markInvitationAsUsed(db, token) {
+    const sql = `
+    UPDATE authentication.invitations
+    SET used_at = NOW()
+    WHERE token = $1
+    RETURNING 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+  `;
+    const invitation = await (0, pg_client_1.queryOne)(db, sql, [token]);
+    if (!invitation)
+        return null;
+    return {
+        id: invitation.id,
+        email: invitation.email,
+        token: invitation.token,
+        invitationMessage: invitation.invitation_message,
+        invitedUserPermissionsRole: invitation.invited_user_permissions_role,
+        invitedByUserId: invitation.invited_by_user_id,
+        shadowUserId: invitation.shadow_user_id,
+        organizationId: invitation.organization_id,
+        createdAt: invitation.created_at,
+        expiresAt: invitation.expires_at,
+        usedAt: invitation.used_at,
+        revokedAt: invitation.revoked_at,
+    };
+}
+// =============================================================================
+// REVOKE INVITATION
+// =============================================================================
+/**
+ * Revoke an invitation
+ */
+async function revokeInvitation(db, invitationId) {
+    const sql = `
+    UPDATE authentication.invitations
+    SET revoked_at = NOW()
+    WHERE id = $1
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+    RETURNING 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+  `;
+    const invitation = await (0, pg_client_1.queryOne)(db, sql, [invitationId]);
+    if (!invitation)
+        return null;
+    return {
+        id: invitation.id,
+        email: invitation.email,
+        token: invitation.token,
+        invitationMessage: invitation.invitation_message,
+        invitedUserPermissionsRole: invitation.invited_user_permissions_role,
+        invitedByUserId: invitation.invited_by_user_id,
+        shadowUserId: invitation.shadow_user_id,
+        organizationId: invitation.organization_id,
+        createdAt: invitation.created_at,
+        expiresAt: invitation.expires_at,
+        usedAt: invitation.used_at,
+        revokedAt: invitation.revoked_at,
+    };
+}
+// =============================================================================
+// GET INVITATION
+// =============================================================================
+/**
+ * Get invitation by ID
+ */
+async function getInvitationById(db, invitationId) {
+    const invitationSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE id = $1
+    LIMIT 1
+  `;
+    const invitationRecord = await (0, pg_client_1.queryOne)(db, invitationSql, [invitationId]);
+    if (!invitationRecord) {
+        return null;
+    }
+    const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+    const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+    const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+    const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+    const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+    if (!invitedByUserRecord || !organizationRecord) {
+        throw new Error("Missing related records for invitation");
+    }
+    return {
+        id: invitationRecord.id,
+        email: invitationRecord.email,
+        token: invitationRecord.token,
+        invitationMessage: invitationRecord.invitation_message,
+        invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+        invitedByUserId: invitationRecord.invited_by_user_id,
+        shadowUserId: invitationRecord.shadow_user_id,
+        organizationId: invitationRecord.organization_id,
+        createdAt: invitationRecord.created_at,
+        expiresAt: invitationRecord.expires_at,
+        usedAt: invitationRecord.used_at,
+        revokedAt: invitationRecord.revoked_at,
+        invitedByUser: {
+            id: invitedByUserRecord.id,
+            givenName: invitedByUserRecord.given_name,
+            familyName: invitedByUserRecord.family_name,
+        },
+        shadowUser: shadowUserRecord,
+        organization: organizationRecord,
+    };
+}
+/**
+ * Get invitation by token
+ */
+async function getInvitationByToken(db, token) {
+    const invitationSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE token = $1
+    LIMIT 1
+  `;
+    const invitationRecord = await (0, pg_client_1.queryOne)(db, invitationSql, [token]);
+    if (!invitationRecord) {
+        return null;
+    }
+    const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+    const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+    // Get shadow user details with LinkedIn profile picture
+    const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+    const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+    const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+    if (!invitedByUserRecord || !organizationRecord) {
+        throw new Error("Missing related records for invitation");
+    }
+    return {
+        id: invitationRecord.id,
+        email: invitationRecord.email,
+        token: invitationRecord.token,
+        invitationMessage: invitationRecord.invitation_message,
+        invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+        invitedByUserId: invitationRecord.invited_by_user_id,
+        shadowUserId: invitationRecord.shadow_user_id,
+        organizationId: invitationRecord.organization_id,
+        createdAt: invitationRecord.created_at,
+        expiresAt: invitationRecord.expires_at,
+        usedAt: invitationRecord.used_at,
+        revokedAt: invitationRecord.revoked_at,
+        invitedByUser: {
+            id: invitedByUserRecord.id,
+            givenName: invitedByUserRecord.given_name,
+            familyName: invitedByUserRecord.family_name,
+        },
+        shadowUser: shadowUserRecord,
+        organization: organizationRecord,
+    };
+}
+// =============================================================================
+// LIST INVITATIONS
+// =============================================================================
+/**
+ * Get all pending invitations for an organization
+ */
+async function getPendingInvitationsByOrganization(db, organizationId) {
+    const invitationsSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE organization_id = $1
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    ORDER BY created_at DESC
+  `;
+    const invitationRecords = await (0, pg_client_1.query)(db, invitationsSql, [organizationId]);
+    // Get all related users and organizations
+    const result = [];
+    for (const invitationRecord of invitationRecords) {
+        const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+        const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+        const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+        const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+        const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+        if (!invitedByUserRecord || !organizationRecord)
+            continue;
+        result.push({
+            id: invitationRecord.id,
+            email: invitationRecord.email,
+            token: invitationRecord.token,
+            invitationMessage: invitationRecord.invitation_message,
+            invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+            invitedByUserId: invitationRecord.invited_by_user_id,
+            shadowUserId: invitationRecord.shadow_user_id,
+            organizationId: invitationRecord.organization_id,
+            createdAt: invitationRecord.created_at,
+            expiresAt: invitationRecord.expires_at,
+            usedAt: invitationRecord.used_at,
+            revokedAt: invitationRecord.revoked_at,
+            invitedByUser: {
+                id: invitedByUserRecord.id,
+                givenName: invitedByUserRecord.given_name,
+                familyName: invitedByUserRecord.family_name,
+            },
+            shadowUser: shadowUserRecord,
+            organization: organizationRecord,
+        });
+    }
+    return result;
+}
+/**
+ * Get all invitations (pending, used, expired, revoked) for an organization
+ */
+async function getAllInvitationsByOrganization(db, organizationId) {
+    const invitationsSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE organization_id = $1
+    ORDER BY created_at DESC
+  `;
+    const invitationRecords = await (0, pg_client_1.query)(db, invitationsSql, [organizationId]);
+    // Get all related users and organizations
+    const result = [];
+    for (const invitationRecord of invitationRecords) {
+        const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+        const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+        const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+        const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+        const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+        if (!invitedByUserRecord || !organizationRecord)
+            continue;
+        result.push({
+            id: invitationRecord.id,
+            email: invitationRecord.email,
+            token: invitationRecord.token,
+            invitationMessage: invitationRecord.invitation_message,
+            invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+            invitedByUserId: invitationRecord.invited_by_user_id,
+            shadowUserId: invitationRecord.shadow_user_id,
+            organizationId: invitationRecord.organization_id,
+            createdAt: invitationRecord.created_at,
+            expiresAt: invitationRecord.expires_at,
+            usedAt: invitationRecord.used_at,
+            revokedAt: invitationRecord.revoked_at,
+            invitedByUser: {
+                id: invitedByUserRecord.id,
+                givenName: invitedByUserRecord.given_name,
+                familyName: invitedByUserRecord.family_name,
+            },
+            shadowUser: shadowUserRecord,
+            organization: organizationRecord,
+        });
+    }
+    return result;
+}
+/**
+ * Check if a pending invitation exists for an email in an organization
+ */
+async function hasPendingInvitation(db, email, organizationId) {
+    const sql = `
+    SELECT id FROM authentication.invitations
+    WHERE email = $1
+      AND organization_id = $2
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    LIMIT 1
+  `;
+    const invitation = await (0, pg_client_1.queryOne)(db, sql, [email.toLowerCase().trim(), organizationId]);
+    return !!invitation;
+}
+/**
+ * Check if a shadow user has an active invitation for an organization
+ */
+async function hasActiveInvitationForShadowUser(db, shadowUserId, organizationId) {
+    const sql = `
+    SELECT id FROM authentication.invitations
+    WHERE shadow_user_id = $1
+      AND organization_id = $2
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    LIMIT 1
+  `;
+    const invitation = await (0, pg_client_1.queryOne)(db, sql, [shadowUserId, organizationId]);
+    return !!invitation;
+}
+/**
+ * Get all invitations sent by a specific user
+ */
+async function getInvitationsSentByUser(db, invitedByUserId) {
+    const invitationsSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE invited_by_user_id = $1
+    ORDER BY created_at DESC
+  `;
+    const invitationRecords = await (0, pg_client_1.query)(db, invitationsSql, [invitedByUserId]);
+    // Get all related users and organizations
+    const result = [];
+    for (const invitationRecord of invitationRecords) {
+        const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+        const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+        // Get shadow user details with LinkedIn profile picture
+        const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+        const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+        const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+        if (!invitedByUserRecord || !organizationRecord)
+            continue;
+        result.push({
+            id: invitationRecord.id,
+            email: invitationRecord.email,
+            token: invitationRecord.token,
+            invitationMessage: invitationRecord.invitation_message,
+            invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+            invitedByUserId: invitationRecord.invited_by_user_id,
+            shadowUserId: invitationRecord.shadow_user_id,
+            organizationId: invitationRecord.organization_id,
+            createdAt: invitationRecord.created_at,
+            expiresAt: invitationRecord.expires_at,
+            usedAt: invitationRecord.used_at,
+            revokedAt: invitationRecord.revoked_at,
+            invitedByUser: {
+                id: invitedByUserRecord.id,
+                givenName: invitedByUserRecord.given_name,
+                familyName: invitedByUserRecord.family_name,
+            },
+            shadowUser: shadowUserRecord,
+            organization: organizationRecord,
+        });
+    }
+    return result;
+}
+/**
+ * Get all pending invitations sent by a specific user
+ */
+async function getPendingInvitationsSentByUser(db, invitedByUserId) {
+    const invitationsSql = `
+    SELECT 
+      id, email, token, invitation_message, invited_user_permissions_role,
+      invited_by_user_id, shadow_user_id, organization_id,
+      created_at, expires_at, used_at, revoked_at
+    FROM authentication.invitations
+    WHERE invited_by_user_id = $1
+      AND used_at IS NULL
+      AND revoked_at IS NULL
+      AND expires_at > NOW()
+    ORDER BY created_at DESC
+  `;
+    const invitationRecords = await (0, pg_client_1.query)(db, invitationsSql, [invitedByUserId]);
+    // Get all related users and organizations
+    const result = [];
+    for (const invitationRecord of invitationRecords) {
+        const userSql = `SELECT id, given_name, family_name FROM public.users WHERE id = $1 LIMIT 1`;
+        const invitedByUserRecord = await (0, pg_client_1.queryOne)(db, userSql, [invitationRecord.invited_by_user_id]);
+        const orgSql = `SELECT id, name FROM public.organizations WHERE id = $1 LIMIT 1`;
+        const organizationRecord = await (0, pg_client_1.queryOne)(db, orgSql, [invitationRecord.organization_id]);
+        const shadowUserRecord = await fetchShadowUserWithProfilePicture(db, invitationRecord.shadow_user_id);
+        if (!invitedByUserRecord || !organizationRecord)
+            continue;
+        result.push({
+            id: invitationRecord.id,
+            email: invitationRecord.email,
+            token: invitationRecord.token,
+            invitationMessage: invitationRecord.invitation_message,
+            invitedUserPermissionsRole: invitationRecord.invited_user_permissions_role,
+            invitedByUserId: invitationRecord.invited_by_user_id,
+            shadowUserId: invitationRecord.shadow_user_id,
+            organizationId: invitationRecord.organization_id,
+            createdAt: invitationRecord.created_at,
+            expiresAt: invitationRecord.expires_at,
+            usedAt: invitationRecord.used_at,
+            revokedAt: invitationRecord.revoked_at,
+            invitedByUser: {
+                id: invitedByUserRecord.id,
+                givenName: invitedByUserRecord.given_name,
+                familyName: invitedByUserRecord.family_name,
+            },
+            shadowUser: shadowUserRecord,
+            organization: organizationRecord,
+        });
+    }
+    return result;
+}
+// =============================================================================
+// CLEANUP
+// =============================================================================
+/**
+ * Delete expired invitations older than specified days
+ */
+async function cleanupExpiredInvitations(db, olderThanDays = 30) {
+    const sql = `
+    DELETE FROM authentication.invitations
+    WHERE (NOW() - expires_at) > INTERVAL '${olderThanDays} days'
+      AND used_at IS NULL
+    RETURNING id
+  `;
+    const result = await (0, pg_client_1.query)(db, sql, []);
+    return result.length;
+}
+// =============================================================================
+// HELPER FUNCTIONS
+// =============================================================================
+/**
+ * Ensure contact info exists for invitation email
+ */
+async function ensureContactInfoForInvitation(db, email, shadowUserId) {
+    // Try to find existing contact info for this email with INVITATION source
+    const existingSql = `
+    SELECT id FROM public.contact_infos
+    WHERE value = $1
+      AND type = 'EMAIL'
+      AND source = 'INVITATION'
+    LIMIT 1
+  `;
+    const existingContactInfo = await (0, pg_client_1.queryOne)(db, existingSql, [email]);
+    if (existingContactInfo) {
+        return existingContactInfo.id;
+    }
+    // Create new contact info record
+    const insertSql = `
+    INSERT INTO public.contact_infos (user_id, value, type, source, created_at)
+    VALUES ($1, $2, 'EMAIL', 'INVITATION', NOW())
+    RETURNING id
+  `;
+    const contactInfoResult = await (0, pg_client_1.queryOne)(db, insertSql, [shadowUserId, email]);
+    if (!contactInfoResult?.id) {
+        throw new Error("CONTACT_INFO_NOT_FOUND_FOR_EMAIL");
+    }
+    return contactInfoResult.id;
+}
+//# sourceMappingURL=invitation-operations.js.map