or3-provider-sqlite 0.0.1

package/README.md

@@ -0,0 +1,109 @@
+# or3-provider-sqlite
+
+SQLite sync and workspace store provider for OR3 Chat. Provides a lightweight, self-hosted alternative to Convex for SSR cloud mode.
+
+## What it provides
+
+- **AuthWorkspaceStore** (`sqlite`) — user identity mapping, workspace CRUD, role resolution
+- **SyncGatewayAdapter** (`sqlite`) — push/pull sync with LWW conflict resolution, cursor tracking, GC
+
+## Install
+
+```bash
+bun add or3-provider-sqlite
+```
+
+Add to your provider module list (e.g. `or3.providers.generated.ts`):
+
+```ts
+export default ['or3-provider-sqlite/nuxt'];
+```
+
+## Configuration
+
+### Environment Variables
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `OR3_SQLITE_DB_PATH` | Yes (non-test) | None | Path to SQLite database file |
+| `OR3_SQLITE_PRAGMA_JOURNAL_MODE` | No | `WAL` | SQLite journal mode |
+| `OR3_SQLITE_PRAGMA_SYNCHRONOUS` | No | `NORMAL` | SQLite synchronous pragma |
+| `OR3_SQLITE_ALLOW_IN_MEMORY` | No | `false` | Allow `:memory:` in non-test environments (ephemeral data) |
+| `OR3_SQLITE_STRICT` | No | `false` | Fail startup if `:memory:` is used |
+
+### Production example
+
+```bash
+OR3_SQLITE_DB_PATH=/data/or3-sync.db
+OR3_SQLITE_PRAGMA_JOURNAL_MODE=WAL
+OR3_SQLITE_PRAGMA_SYNCHRONOUS=NORMAL
+```
+
+## How it works
+
+### Registration
+
+On server startup, the Nitro plugin:
+
+1. Initializes the SQLite database (creates file if needed)
+2. Runs schema migrations automatically
+3. Registers `AuthWorkspaceStore` with ID `sqlite`
+4. Registers `SyncGatewayAdapter` with ID `sqlite`
+
+Registration is skipped when `auth.enabled` is `false` (local-only mode).
+
+### Schema
+
+Two migrations create all tables:
+
+- **001_init**: `users`, `auth_accounts`, `workspaces`, `workspace_members`
+- **002_sync_tables**: `server_version_counter`, `change_log`, `device_cursors`, `tombstones`, plus materialized entity tables (`s_threads`, `s_messages`, etc.)
+
+All tables use snake_case aligned with the sync wire format.
+
+### Sync semantics
+
+- **Push**: validates ops → checks `op_id` idempotency → allocates contiguous `server_version` block → applies LWW to materialized tables → writes change_log → upserts tombstones for deletes
+- **Pull**: returns ordered changes for `server_version > cursor` with limit/pagination and optional table filtering
+- **Cursor**: forward-only per-device cursor tracking
+- **GC**: tombstone and change_log cleanup respects min device cursor + retention window
+
+LWW conflict resolution: incoming wins when `clock` is higher, or when clocks are equal and `hlc` is lexicographically greater.
+
+Push uses `BEGIN IMMEDIATE` transactions to prevent concurrent server_version races.
+
+### Workspace store
+
+- `getOrCreateUser` — maps `(provider, provider_user_id)` to internal user (idempotent)
+- `getOrCreateDefaultWorkspace` — creates first workspace + owner membership on initial login
+- Full workspace CRUD with role-based access checks
+
+## Backup
+
+Since everything lives in a single SQLite file:
+
+```bash
+# While the app is running (WAL mode supports this)
+sqlite3 /data/or3-sync.db ".backup /backup/or3-sync-$(date +%s).db"
+```
+
+## Development
+
+```bash
+bun install
+bun run test        # run unit tests
+bun run type-check  # TypeScript validation
+bun run build       # build for distribution
+```
+
+## Compatibility
+
+- Works with multiple auth providers (`basic-auth`, `clerk`, or custom)
+- Replaces `or3-provider-convex` for sync + workspace store functionality
+- Does NOT provide storage — pair with `or3-provider-fs` for file storage
+
+### Known differences vs Convex
+
+- Single-process SQLite vs distributed Convex backend
+- No real-time subscriptions (gateway polling only)
+- Migrations run on boot; schema changes require restart

package/dist/module.d.mts

@@ -0,0 +1,5 @@
+import * as _nuxt_schema from '@nuxt/schema';
+
+declare const _default: _nuxt_schema.NuxtModule<Record<string, unknown>, Record<string, unknown>, false>;
+
+export { _default as default };

package/dist/module.json

@@ -0,0 +1,9 @@
+{
+  "name": "or3-provider-sqlite",
+  "configKey": "or3-provider-sqlite",
+  "version": "0.0.1",
+  "builder": {
+    "@nuxt/module-builder": "1.0.2",
+    "unbuild": "3.6.1"
+  }
+}

package/dist/module.mjs

@@ -0,0 +1,11 @@
+import { defineNuxtModule, createResolver, addServerPlugin } from '@nuxt/kit';
+
+const module$1 = defineNuxtModule({
+  meta: { name: "or3-provider-sqlite" },
+  setup(_options, _nuxt) {
+    const { resolve } = createResolver(import.meta.url);
+    addServerPlugin(resolve("runtime/server/plugins/register"));
+  }
+});
+
+export { module$1 as default };

package/dist/runtime/server/admin/adapters/sync-sqlite.d.ts

@@ -0,0 +1,2 @@
+import type { ProviderAdminAdapter } from '~~/server/admin/providers/types';
+export declare const sqliteSyncAdminAdapter: ProviderAdminAdapter;

package/dist/runtime/server/admin/adapters/sync-sqlite.js

@@ -0,0 +1,72 @@
+import { createError } from "h3";
+import { createSqliteSyncGatewayAdapter } from "../../sync/sqlite-sync-gateway-adapter.js";
+const SQLITE_PROVIDER_ID = "sqlite";
+const DEFAULT_RETENTION_SECONDS = 30 * 24 * 3600;
+function resolveRetentionSeconds(payload) {
+  const days = typeof payload?.retentionDays === "number" ? payload.retentionDays : null;
+  const seconds = typeof payload?.retentionSeconds === "number" ? payload.retentionSeconds : null;
+  if (seconds && Number.isFinite(seconds) && seconds > 0) return Math.floor(seconds);
+  if (days && Number.isFinite(days) && days > 0) return Math.floor(days * 24 * 3600);
+  return DEFAULT_RETENTION_SECONDS;
+}
+export const sqliteSyncAdminAdapter = {
+  id: SQLITE_PROVIDER_ID,
+  kind: "sync",
+  async getStatus(_event, _ctx) {
+    const dbPath = process.env.OR3_SQLITE_DB_PATH;
+    const warnings = [];
+    if (!dbPath) {
+      warnings.push({
+        level: "warning",
+        message: "OR3_SQLITE_DB_PATH is not set. SQLite may run in ephemeral mode."
+      });
+    } else if (dbPath === ":memory:") {
+      warnings.push({
+        level: "warning",
+        message: "SQLite is configured with :memory:. Data will not persist across restarts."
+      });
+    }
+    return {
+      details: {
+        dbPath: dbPath ?? ":memory:",
+        journalMode: process.env.OR3_SQLITE_PRAGMA_JOURNAL_MODE ?? "WAL",
+        synchronous: process.env.OR3_SQLITE_PRAGMA_SYNCHRONOUS ?? "NORMAL"
+      },
+      warnings,
+      actions: [
+        {
+          id: "sync.gc-change-log",
+          label: "Run Sync Change Log GC",
+          description: "Purge old change_log entries after retention and device cursor checks.",
+          danger: true
+        },
+        {
+          id: "sync.gc-tombstones",
+          label: "Run Sync Tombstone GC",
+          description: "Purge old tombstones after retention and device cursor checks.",
+          danger: true
+        }
+      ]
+    };
+  },
+  async runAction(event, actionId, payload, ctx) {
+    if (!ctx.session.workspace?.id) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Workspace not resolved"
+      });
+    }
+    const adapter = createSqliteSyncGatewayAdapter();
+    const retentionSeconds = resolveRetentionSeconds(payload);
+    const scope = { workspaceId: ctx.session.workspace.id };
+    if (actionId === "sync.gc-change-log") {
+      await adapter.gcChangeLog?.(event, { scope, retentionSeconds });
+      return { ok: true, action: actionId, retentionSeconds };
+    }
+    if (actionId === "sync.gc-tombstones") {
+      await adapter.gcTombstones?.(event, { scope, retentionSeconds });
+      return { ok: true, action: actionId, retentionSeconds };
+    }
+    throw createError({ statusCode: 400, statusMessage: "Unknown action" });
+  }
+};

package/dist/runtime/server/admin/stores/sqlite-store.d.ts

@@ -0,0 +1,4 @@
+import type { AdminUserStore, WorkspaceAccessStore, WorkspaceSettingsStore } from '~~/server/admin/stores/types';
+export declare function createSqliteWorkspaceAccessStore(): WorkspaceAccessStore;
+export declare function createSqliteWorkspaceSettingsStore(): WorkspaceSettingsStore;
+export declare function createSqliteAdminUserStore(): AdminUserStore;

package/dist/runtime/server/admin/stores/sqlite-store.js

@@ -0,0 +1,336 @@
+import { randomUUID } from "node:crypto";
+import { getSqliteDb } from "../../db/kysely.js";
+function nowEpoch() {
+  return Math.floor(Date.now() / 1e3);
+}
+function normalizeEmail(value) {
+  return value.trim().toLowerCase();
+}
+function isEmail(value) {
+  return value.includes("@");
+}
+class SqliteWorkspaceAccessStore {
+  get db() {
+    return getSqliteDb();
+  }
+  async listMembers(input) {
+    const rows = await this.db.selectFrom("workspace_members").innerJoin("users", "users.id", "workspace_members.user_id").select([
+      "workspace_members.user_id as user_id",
+      "workspace_members.role as role",
+      "users.email as email"
+    ]).where("workspace_members.workspace_id", "=", input.workspaceId).orderBy("workspace_members.created_at", "asc").execute();
+    return rows.map((row) => ({
+      userId: row.user_id,
+      email: row.email ?? void 0,
+      role: row.role
+    }));
+  }
+  async upsertMember(input) {
+    const workspace = await this.db.selectFrom("workspaces").select(["id", "deleted"]).where("id", "=", input.workspaceId).executeTakeFirst();
+    if (!workspace || workspace.deleted === 1) {
+      throw new Error("Workspace not found");
+    }
+    const lookup = input.emailOrProviderId.trim();
+    const provider = input.provider?.trim();
+    const now = nowEpoch();
+    let userId = null;
+    if (isEmail(lookup)) {
+      const normalized = normalizeEmail(lookup);
+      const existing = await this.db.selectFrom("users").select("id").where("email", "=", normalized).executeTakeFirst();
+      if (existing) {
+        userId = existing.id;
+      } else {
+        userId = randomUUID();
+        await this.db.insertInto("users").values({
+          id: userId,
+          email: normalized,
+          display_name: null,
+          active_workspace_id: null,
+          created_at: now
+        }).execute();
+      }
+    } else {
+      const account = provider ? await this.db.selectFrom("auth_accounts").select("user_id").where("provider", "=", provider).where("provider_user_id", "=", lookup).executeTakeFirst() : await this.db.selectFrom("auth_accounts").select("user_id").where("provider_user_id", "=", lookup).executeTakeFirst();
+      if (account) {
+        userId = account.user_id;
+      } else {
+        const byUserId = await this.db.selectFrom("users").select("id").where("id", "=", lookup).executeTakeFirst();
+        if (byUserId) {
+          userId = byUserId.id;
+        }
+      }
+      if (!userId) {
+        userId = randomUUID();
+        await this.db.insertInto("users").values({
+          id: userId,
+          email: null,
+          display_name: null,
+          active_workspace_id: null,
+          created_at: now
+        }).execute();
+        await this.db.insertInto("auth_accounts").values({
+          id: randomUUID(),
+          user_id: userId,
+          provider: provider || "custom",
+          provider_user_id: lookup,
+          created_at: now
+        }).onConflict(
+          (oc) => oc.columns(["provider", "provider_user_id"]).doNothing()
+        ).execute();
+      }
+    }
+    await this.db.insertInto("workspace_members").values({
+      id: randomUUID(),
+      workspace_id: input.workspaceId,
+      user_id: userId,
+      role: input.role,
+      created_at: now
+    }).onConflict(
+      (oc) => oc.columns(["workspace_id", "user_id"]).doUpdateSet({ role: input.role })
+    ).execute();
+  }
+  async setMemberRole(input) {
+    const result = await this.db.updateTable("workspace_members").set({ role: input.role }).where("workspace_id", "=", input.workspaceId).where("user_id", "=", input.userId).executeTakeFirst();
+    const updated = Number(result.numUpdatedRows ?? 0);
+    if (updated === 0) {
+      throw new Error("Workspace member not found");
+    }
+  }
+  async removeMember(input) {
+    await this.db.deleteFrom("workspace_members").where("workspace_id", "=", input.workspaceId).where("user_id", "=", input.userId).execute();
+  }
+  async listWorkspaces(input) {
+    const includeDeleted = input.includeDeleted === true;
+    const search = input.search?.trim();
+    let totalQuery = this.db.selectFrom("workspaces").select((eb) => eb.fn.countAll().as("count"));
+    let itemsQuery = this.db.selectFrom("workspaces").leftJoin("users as owners", "owners.id", "workspaces.owner_user_id").select([
+      "workspaces.id as id",
+      "workspaces.name as name",
+      "workspaces.description as description",
+      "workspaces.created_at as created_at",
+      "workspaces.deleted as deleted",
+      "workspaces.deleted_at as deleted_at",
+      "workspaces.owner_user_id as owner_user_id",
+      "owners.email as owner_email"
+    ]);
+    if (!includeDeleted) {
+      totalQuery = totalQuery.where("workspaces.deleted", "=", 0);
+      itemsQuery = itemsQuery.where("workspaces.deleted", "=", 0);
+    }
+    if (search) {
+      const pattern = `%${search}%`;
+      totalQuery = totalQuery.where(
+        (eb) => eb.or([
+          eb("workspaces.name", "like", pattern),
+          eb("workspaces.description", "like", pattern)
+        ])
+      );
+      itemsQuery = itemsQuery.where(
+        (eb) => eb.or([
+          eb("workspaces.name", "like", pattern),
+          eb("workspaces.description", "like", pattern)
+        ])
+      );
+    }
+    const totalRow = await totalQuery.executeTakeFirstOrThrow();
+    const total = Number(totalRow.count ?? 0);
+    const page = Math.max(1, input.page);
+    const perPage = Math.max(1, Math.min(input.perPage, 100));
+    const offset = (page - 1) * perPage;
+    const rows = await itemsQuery.orderBy("workspaces.created_at", "desc").limit(perPage).offset(offset).execute();
+    if (rows.length === 0) {
+      return { items: [], total };
+    }
+    const workspaceIds = rows.map((row) => row.id);
+    const counts = await this.db.selectFrom("workspace_members").select([
+      "workspace_id",
+      (eb) => eb.fn.countAll().as("member_count")
+    ]).where("workspace_id", "in", workspaceIds).groupBy("workspace_id").execute();
+    const countMap = new Map(
+      counts.map((row) => [row.workspace_id, Number(row.member_count ?? 0)])
+    );
+    return {
+      total,
+      items: rows.map((row) => ({
+        id: row.id,
+        name: row.name,
+        description: row.description ?? void 0,
+        createdAt: row.created_at,
+        deleted: row.deleted === 1,
+        deletedAt: row.deleted_at ?? void 0,
+        ownerUserId: row.owner_user_id ?? void 0,
+        ownerEmail: row.owner_email ?? void 0,
+        memberCount: countMap.get(row.id) ?? 0
+      }))
+    };
+  }
+  async getWorkspace(input) {
+    const row = await this.db.selectFrom("workspaces").leftJoin("users as owners", "owners.id", "workspaces.owner_user_id").select([
+      "workspaces.id as id",
+      "workspaces.name as name",
+      "workspaces.description as description",
+      "workspaces.created_at as created_at",
+      "workspaces.deleted as deleted",
+      "workspaces.deleted_at as deleted_at",
+      "workspaces.owner_user_id as owner_user_id",
+      "owners.email as owner_email"
+    ]).where("workspaces.id", "=", input.workspaceId).executeTakeFirst();
+    if (!row) return null;
+    const memberCountRow = await this.db.selectFrom("workspace_members").select((eb) => eb.fn.countAll().as("count")).where("workspace_id", "=", input.workspaceId).executeTakeFirstOrThrow();
+    return {
+      id: row.id,
+      name: row.name,
+      description: row.description ?? void 0,
+      createdAt: row.created_at,
+      deleted: row.deleted === 1,
+      deletedAt: row.deleted_at ?? void 0,
+      ownerUserId: row.owner_user_id ?? void 0,
+      ownerEmail: row.owner_email ?? void 0,
+      memberCount: Number(memberCountRow.count ?? 0)
+    };
+  }
+  async createWorkspace(input) {
+    const owner = await this.db.selectFrom("users").select("id").where("id", "=", input.ownerUserId).executeTakeFirst();
+    if (!owner) {
+      throw new Error("Owner user not found");
+    }
+    const workspaceId = randomUUID();
+    const now = nowEpoch();
+    await this.db.transaction().execute(async (tx) => {
+      await tx.insertInto("workspaces").values({
+        id: workspaceId,
+        name: input.name,
+        description: input.description ?? null,
+        owner_user_id: input.ownerUserId,
+        created_at: now,
+        deleted: 0,
+        deleted_at: null
+      }).execute();
+      await tx.insertInto("workspace_members").values({
+        id: randomUUID(),
+        workspace_id: workspaceId,
+        user_id: input.ownerUserId,
+        role: "owner",
+        created_at: now
+      }).execute();
+    });
+    return { workspaceId };
+  }
+  async softDeleteWorkspace(input) {
+    await this.db.updateTable("workspaces").set({
+      deleted: 1,
+      deleted_at: input.deletedAt
+    }).where("id", "=", input.workspaceId).execute();
+  }
+  async restoreWorkspace(input) {
+    await this.db.updateTable("workspaces").set({
+      deleted: 0,
+      deleted_at: null
+    }).where("id", "=", input.workspaceId).execute();
+  }
+  async searchUsers(input) {
+    const query = input.query.trim();
+    const limit = Math.max(1, Math.min(input.limit ?? 20, 100));
+    if (!query) return [];
+    const pattern = `%${query}%`;
+    const rows = await this.db.selectFrom("users").select(["id", "email", "display_name"]).where(
+      (eb) => eb.or([
+        eb("email", "like", pattern),
+        eb("display_name", "like", pattern),
+        eb("id", "like", pattern)
+      ])
+    ).limit(limit).execute();
+    return rows.map((row) => ({
+      userId: row.id,
+      email: row.email ?? void 0,
+      displayName: row.display_name ?? void 0
+    }));
+  }
+}
+class SqliteWorkspaceSettingsStore {
+  get db() {
+    return getSqliteDb();
+  }
+  async get(workspaceId, key) {
+    const row = await this.db.selectFrom("admin_workspace_settings").select("value").where("workspace_id", "=", workspaceId).where("key", "=", key).executeTakeFirst();
+    return row?.value ?? null;
+  }
+  async set(workspaceId, key, value) {
+    await this.db.insertInto("admin_workspace_settings").values({
+      id: randomUUID(),
+      workspace_id: workspaceId,
+      key,
+      value,
+      updated_at: nowEpoch()
+    }).onConflict(
+      (oc) => oc.columns(["workspace_id", "key"]).doUpdateSet({
+        value,
+        updated_at: nowEpoch()
+      })
+    ).execute();
+  }
+}
+class SqliteAdminUserStore {
+  get db() {
+    return getSqliteDb();
+  }
+  async listAdmins() {
+    const rows = await this.db.selectFrom("admin_users").innerJoin("users", "users.id", "admin_users.user_id").select([
+      "admin_users.user_id as user_id",
+      "users.email as email",
+      "users.display_name as display_name",
+      "admin_users.created_at as created_at"
+    ]).orderBy("admin_users.created_at", "desc").execute();
+    return rows.map((row) => ({
+      userId: row.user_id,
+      email: row.email ?? void 0,
+      displayName: row.display_name ?? void 0,
+      createdAt: row.created_at
+    }));
+  }
+  async grantAdmin(input) {
+    const user = await this.db.selectFrom("users").select("id").where("id", "=", input.userId).executeTakeFirst();
+    if (!user) {
+      throw new Error("User not found");
+    }
+    await this.db.insertInto("admin_users").values({
+      user_id: input.userId,
+      created_at: nowEpoch(),
+      created_by_user_id: input.createdByUserId ?? null
+    }).onConflict((oc) => oc.column("user_id").doNothing()).execute();
+  }
+  async revokeAdmin(input) {
+    await this.db.deleteFrom("admin_users").where("user_id", "=", input.userId).execute();
+  }
+  async isAdmin(input) {
+    const row = await this.db.selectFrom("admin_users").select("user_id").where("user_id", "=", input.userId).executeTakeFirst();
+    return Boolean(row);
+  }
+  async searchUsers(input) {
+    const query = input.query.trim();
+    const limit = Math.max(1, Math.min(input.limit ?? 20, 100));
+    if (!query) return [];
+    const pattern = `%${query}%`;
+    const rows = await this.db.selectFrom("users").select(["id", "email", "display_name"]).where(
+      (eb) => eb.or([
+        eb("email", "like", pattern),
+        eb("display_name", "like", pattern),
+        eb("id", "like", pattern)
+      ])
+    ).limit(limit).execute();
+    return rows.map((row) => ({
+      userId: row.id,
+      email: row.email ?? void 0,
+      displayName: row.display_name ?? void 0
+    }));
+  }
+}
+export function createSqliteWorkspaceAccessStore() {
+  return new SqliteWorkspaceAccessStore();
+}
+export function createSqliteWorkspaceSettingsStore() {
+  return new SqliteWorkspaceSettingsStore();
+}
+export function createSqliteAdminUserStore() {
+  return new SqliteAdminUserStore();
+}

package/dist/runtime/server/auth/sqlite-auth-workspace-store.d.ts

@@ -0,0 +1,111 @@
+/**
+ * SQLite implementation of AuthWorkspaceStore.
+ *
+ * Maps provider identity -> internal user and manages workspace CRUD.
+ * Uses Kysely for all queries. No Convex or Clerk SDK imports.
+ */
+import type { AuthWorkspaceStore } from '~~/server/auth/store/types';
+import type { WorkspaceRole } from '~~/app/core/hooks/hook-types';
+export declare class SqliteAuthWorkspaceStore implements AuthWorkspaceStore {
+    private get db();
+    getOrCreateUser(input: {
+        provider: string;
+        providerUserId: string;
+        email?: string;
+        displayName?: string;
+    }): Promise<{
+        userId: string;
+    }>;
+    getUser(input: {
+        provider: string;
+        providerUserId: string;
+    }): Promise<{
+        userId: string;
+        email?: string;
+        displayName?: string;
+    } | null>;
+    getOrCreateDefaultWorkspace(userId: string): Promise<{
+        workspaceId: string;
+        workspaceName: string;
+    }>;
+    getWorkspaceRole(input: {
+        userId: string;
+        workspaceId: string;
+    }): Promise<WorkspaceRole | null>;
+    listUserWorkspaces(userId: string): Promise<Array<{
+        id: string;
+        name: string;
+        description?: string | null;
+        role: WorkspaceRole;
+        createdAt?: number;
+        isActive?: boolean;
+    }>>;
+    createWorkspace(input: {
+        userId: string;
+        name: string;
+        description?: string | null;
+    }): Promise<{
+        workspaceId: string;
+    }>;
+    updateWorkspace(input: {
+        userId: string;
+        workspaceId: string;
+        name: string;
+        description?: string | null;
+    }): Promise<void>;
+    removeWorkspace(input: {
+        userId: string;
+        workspaceId: string;
+    }): Promise<void>;
+    setActiveWorkspace(input: {
+        userId: string;
+        workspaceId: string;
+    }): Promise<void>;
+    createInvite(input: {
+        workspaceId: string;
+        email: string;
+        role: WorkspaceRole;
+        invitedByUserId: string;
+        expiresAt: number;
+        tokenHash: string;
+    }): Promise<{
+        inviteId: string;
+    }>;
+    listInvites(input: {
+        workspaceId: string;
+        status?: 'pending' | 'accepted' | 'revoked' | 'expired';
+        limit?: number;
+    }): Promise<{
+        id: string;
+        workspaceId: string;
+        email: string;
+        role: WorkspaceRole;
+        status: "pending" | "accepted" | "revoked" | "expired";
+        invitedByUserId: string;
+        expiresAt: number;
+        tokenHash: string;
+        acceptedAt: number | null;
+        acceptedUserId: string | null;
+        revokedAt: number | null;
+        createdAt: number;
+        updatedAt: number;
+    }[]>;
+    revokeInvite(input: {
+        workspaceId: string;
+        inviteId: string;
+        revokedByUserId: string;
+    }): Promise<void>;
+    consumeInvite(input: {
+        workspaceId: string;
+        email: string;
+        tokenHash: string;
+        acceptedUserId: string;
+    }): Promise<{
+        ok: true;
+        role: WorkspaceRole;
+    } | {
+        ok: false;
+        reason: 'not_found' | 'expired' | 'revoked' | 'already_used' | 'token_mismatch';
+    }>;
+}
+export declare function createSqliteAuthWorkspaceStore(): AuthWorkspaceStore;