permissions-contractx 1.0.0

package/dist/constants/contractx-roles.constants.d.ts

@@ -0,0 +1,295 @@
+/**
+ * ContractX Role Constants
+ * Based on the ODS permissions matrix and auth-service-contract structure
+ */
+export declare enum ContractXRoleType {
+    ADMIN = "admin",
+    MANAGER = "manager",
+    OPERATOR = "operator",
+    VIEWER = "viewer",
+    CUSTOM = "custom",
+    SYSTEM = "system"
+}
+export declare enum ContractXRoleScope {
+    GLOBAL = "global",
+    ORGANIZATION = "organization",
+    PROJECT = "project",
+    DEPARTMENT = "department",
+    TEAM = "team"
+}
+export declare const CONTRACTX_ROLES: {
+    readonly SUPERADMIN: "superadmin";
+    readonly SUPPORT: "support";
+    readonly CLIENT_CONTRACT_ADMIN: "client_contract_admin";
+    readonly CLIENT_PERFORMANCE_MANAGER: "client_performance_manager";
+    readonly CLIENT_FINANCE_MANAGER: "client_finance_manager";
+    readonly CLIENT_REPORTS_MANAGER: "client_reports_manager";
+    readonly CLIENT_RELATIONSHIP_MANAGER: "client_relationship_manager";
+    readonly CLIENT_RISK_MANAGER: "client_risk_manager";
+    readonly PROVIDER_CONTRACT_ADMIN: "provider_contract_admin";
+    readonly PROVIDER_PERFORMANCE_MANAGER: "provider_performance_manager";
+    readonly PROVIDER_FINANCE_MANAGER: "provider_finance_manager";
+    readonly PROVIDER_REPORTS_MANAGER: "provider_reports_manager";
+    readonly PROVIDER_RELATIONSHIP_MANAGER: "provider_relationship_manager";
+    readonly PROVIDER_RISK_MANAGER: "provider_risk_manager";
+};
+export declare const CONTRACTX_ROLE_DEFINITIONS: {
+    readonly superadmin: {
+        readonly name: "Super Administrator";
+        readonly description: "Full system access with all permissions";
+        readonly type: ContractXRoleType.ADMIN;
+        readonly scope: ContractXRoleScope.GLOBAL;
+        readonly level: 10;
+        readonly isSystem: true;
+        readonly tenant: "system";
+    };
+    readonly support: {
+        readonly name: "Support";
+        readonly description: "Technical support with broad system access";
+        readonly type: ContractXRoleType.ADMIN;
+        readonly scope: ContractXRoleScope.GLOBAL;
+        readonly level: 9;
+        readonly isSystem: true;
+        readonly tenant: "system";
+    };
+    readonly client_contract_admin: {
+        readonly name: "Client Contract Administrator";
+        readonly description: "Full contract management for client organization";
+        readonly type: ContractXRoleType.MANAGER;
+        readonly scope: ContractXRoleScope.ORGANIZATION;
+        readonly level: 8;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly client_performance_manager: {
+        readonly name: "Client Performance Manager";
+        readonly description: "Performance monitoring and SLA management";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 6;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly client_finance_manager: {
+        readonly name: "Client Finance Manager";
+        readonly description: "Financial management and invoice oversight";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 6;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly client_reports_manager: {
+        readonly name: "Client Reports Manager";
+        readonly description: "Reporting and analytics access";
+        readonly type: ContractXRoleType.VIEWER;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 4;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly client_relationship_manager: {
+        readonly name: "Client Relationship Manager";
+        readonly description: "Relationship management and meeting coordination";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 5;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly client_risk_manager: {
+        readonly name: "Client Risk Manager";
+        readonly description: "Risk assessment and escalation management";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 5;
+        readonly isSystem: false;
+        readonly tenant: "client";
+    };
+    readonly provider_contract_admin: {
+        readonly name: "Provider Contract Administrator";
+        readonly description: "Contract management from provider perspective";
+        readonly type: ContractXRoleType.MANAGER;
+        readonly scope: ContractXRoleScope.ORGANIZATION;
+        readonly level: 7;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+    readonly provider_performance_manager: {
+        readonly name: "Provider Performance Manager";
+        readonly description: "Performance delivery and SLA compliance";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 6;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+    readonly provider_finance_manager: {
+        readonly name: "Provider Finance Manager";
+        readonly description: "Financial management from provider side";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 5;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+    readonly provider_reports_manager: {
+        readonly name: "Provider Reports Manager";
+        readonly description: "Provider reporting capabilities";
+        readonly type: ContractXRoleType.VIEWER;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 4;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+    readonly provider_relationship_manager: {
+        readonly name: "Provider Relationship Manager";
+        readonly description: "Client relationship management from provider side";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 5;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+    readonly provider_risk_manager: {
+        readonly name: "Provider Risk Manager";
+        readonly description: "Risk management from provider perspective";
+        readonly type: ContractXRoleType.OPERATOR;
+        readonly scope: ContractXRoleScope.PROJECT;
+        readonly level: 5;
+        readonly isSystem: false;
+        readonly tenant: "provider";
+    };
+};
+export declare const VALID_CONTRACTX_ROLES: ("superadmin" | "client_contract_admin" | "provider_contract_admin" | "client_performance_manager" | "client_finance_manager" | "client_reports_manager" | "client_relationship_manager" | "client_risk_manager" | "provider_performance_manager" | "provider_finance_manager" | "provider_reports_manager" | "provider_relationship_manager" | "provider_risk_manager" | "support")[];
+export declare const CONTRACTX_ROLE_GROUPS: {
+    readonly SYSTEM_ROLES: readonly ["superadmin", "support"];
+    readonly CLIENT_ROLES: readonly ["client_contract_admin", "client_performance_manager", "client_finance_manager", "client_reports_manager", "client_relationship_manager", "client_risk_manager"];
+    readonly PROVIDER_ROLES: readonly ["provider_contract_admin", "provider_performance_manager", "provider_finance_manager", "provider_reports_manager", "provider_relationship_manager", "provider_risk_manager"];
+    readonly ADMIN_ROLES: readonly ["superadmin", "support", "client_contract_admin", "provider_contract_admin"];
+    readonly MANAGER_ROLES: readonly ["client_contract_admin", "provider_contract_admin", "client_performance_manager", "provider_performance_manager", "client_finance_manager", "provider_finance_manager"];
+};
+export declare const isSystemRole: (role: string) => boolean;
+export declare const isClientRole: (role: string) => boolean;
+export declare const isProviderRole: (role: string) => boolean;
+export declare const isAdminRole: (role: string) => boolean;
+export declare const getRoleMetadata: (role: string) => {
+    readonly name: "Super Administrator";
+    readonly description: "Full system access with all permissions";
+    readonly type: ContractXRoleType.ADMIN;
+    readonly scope: ContractXRoleScope.GLOBAL;
+    readonly level: 10;
+    readonly isSystem: true;
+    readonly tenant: "system";
+} | {
+    readonly name: "Support";
+    readonly description: "Technical support with broad system access";
+    readonly type: ContractXRoleType.ADMIN;
+    readonly scope: ContractXRoleScope.GLOBAL;
+    readonly level: 9;
+    readonly isSystem: true;
+    readonly tenant: "system";
+} | {
+    readonly name: "Client Contract Administrator";
+    readonly description: "Full contract management for client organization";
+    readonly type: ContractXRoleType.MANAGER;
+    readonly scope: ContractXRoleScope.ORGANIZATION;
+    readonly level: 8;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Client Performance Manager";
+    readonly description: "Performance monitoring and SLA management";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 6;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Client Finance Manager";
+    readonly description: "Financial management and invoice oversight";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 6;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Client Reports Manager";
+    readonly description: "Reporting and analytics access";
+    readonly type: ContractXRoleType.VIEWER;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 4;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Client Relationship Manager";
+    readonly description: "Relationship management and meeting coordination";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 5;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Client Risk Manager";
+    readonly description: "Risk assessment and escalation management";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 5;
+    readonly isSystem: false;
+    readonly tenant: "client";
+} | {
+    readonly name: "Provider Contract Administrator";
+    readonly description: "Contract management from provider perspective";
+    readonly type: ContractXRoleType.MANAGER;
+    readonly scope: ContractXRoleScope.ORGANIZATION;
+    readonly level: 7;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+} | {
+    readonly name: "Provider Performance Manager";
+    readonly description: "Performance delivery and SLA compliance";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 6;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+} | {
+    readonly name: "Provider Finance Manager";
+    readonly description: "Financial management from provider side";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 5;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+} | {
+    readonly name: "Provider Reports Manager";
+    readonly description: "Provider reporting capabilities";
+    readonly type: ContractXRoleType.VIEWER;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 4;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+} | {
+    readonly name: "Provider Relationship Manager";
+    readonly description: "Client relationship management from provider side";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 5;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+} | {
+    readonly name: "Provider Risk Manager";
+    readonly description: "Risk management from provider perspective";
+    readonly type: ContractXRoleType.OPERATOR;
+    readonly scope: ContractXRoleScope.PROJECT;
+    readonly level: 5;
+    readonly isSystem: false;
+    readonly tenant: "provider";
+};
+export declare const validateRole: (role: string) => boolean;
+export type ContractXRole = typeof CONTRACTX_ROLES[keyof typeof CONTRACTX_ROLES];
+export type ContractXSystemRole = typeof CONTRACTX_ROLE_GROUPS.SYSTEM_ROLES[number];
+export type ContractXClientRole = typeof CONTRACTX_ROLE_GROUPS.CLIENT_ROLES[number];
+export type ContractXProviderRole = typeof CONTRACTX_ROLE_GROUPS.PROVIDER_ROLES[number];
+export type ContractXAdminRole = typeof CONTRACTX_ROLE_GROUPS.ADMIN_ROLES[number];
+//# sourceMappingURL=contractx-roles.constants.d.ts.map

package/dist/constants/contractx-roles.constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contractx-roles.constants.d.ts","sourceRoot":"","sources":["../../src/constants/contractx-roles.constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,oBAAY,iBAAiB;IAC3B,KAAK,UAAU;IACf,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;CAClB;AAGD,oBAAY,kBAAkB;IAC5B,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAC7B,OAAO,YAAY;IACnB,UAAU,eAAe;IACzB,IAAI,SAAS;CACd;AAGD,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAoBlB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8I7B,CAAC;AAGX,eAAO,MAAM,qBAAqB,wXAAiC,CAAC;AAGpE,eAAO,MAAM,qBAAqB;;;;;;CAgCxB,CAAC;AAGX,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,KAAG,OAE3C,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,KAAG,OAE3C,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,MAAM,MAAM,KAAG,OAE7C,CAAC;AAEF,eAAO,MAAM,WAAW,GAAI,MAAM,MAAM,KAAG,OAE1C,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAE3C,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,KAAG,OAE3C,CAAC;AAGF,MAAM,MAAM,aAAa,GAAG,OAAO,eAAe,CAAC,MAAM,OAAO,eAAe,CAAC,CAAC;AACjF,MAAM,MAAM,mBAAmB,GAAG,OAAO,qBAAqB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;AACpF,MAAM,MAAM,mBAAmB,GAAG,OAAO,qBAAqB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;AACpF,MAAM,MAAM,qBAAqB,GAAG,OAAO,qBAAqB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;AACxF,MAAM,MAAM,kBAAkB,GAAG,OAAO,qBAAqB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC"}

package/dist/constants/contractx-roles.constants.js

@@ -0,0 +1,238 @@
+"use strict";
+/**
+ * ContractX Role Constants
+ * Based on the ODS permissions matrix and auth-service-contract structure
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateRole = exports.getRoleMetadata = exports.isAdminRole = exports.isProviderRole = exports.isClientRole = exports.isSystemRole = exports.CONTRACTX_ROLE_GROUPS = exports.VALID_CONTRACTX_ROLES = exports.CONTRACTX_ROLE_DEFINITIONS = exports.CONTRACTX_ROLES = exports.ContractXRoleScope = exports.ContractXRoleType = void 0;
+// Role Types from auth-service
+var ContractXRoleType;
+(function (ContractXRoleType) {
+    ContractXRoleType["ADMIN"] = "admin";
+    ContractXRoleType["MANAGER"] = "manager";
+    ContractXRoleType["OPERATOR"] = "operator";
+    ContractXRoleType["VIEWER"] = "viewer";
+    ContractXRoleType["CUSTOM"] = "custom";
+    ContractXRoleType["SYSTEM"] = "system";
+})(ContractXRoleType || (exports.ContractXRoleType = ContractXRoleType = {}));
+// Role Scopes
+var ContractXRoleScope;
+(function (ContractXRoleScope) {
+    ContractXRoleScope["GLOBAL"] = "global";
+    ContractXRoleScope["ORGANIZATION"] = "organization";
+    ContractXRoleScope["PROJECT"] = "project";
+    ContractXRoleScope["DEPARTMENT"] = "department";
+    ContractXRoleScope["TEAM"] = "team";
+})(ContractXRoleScope || (exports.ContractXRoleScope = ContractXRoleScope = {}));
+// Standard ContractX Roles (based on ODS matrix)
+exports.CONTRACTX_ROLES = {
+    // System Roles
+    SUPERADMIN: 'superadmin',
+    SUPPORT: 'support',
+    // Client-Side Roles
+    CLIENT_CONTRACT_ADMIN: 'client_contract_admin',
+    CLIENT_PERFORMANCE_MANAGER: 'client_performance_manager',
+    CLIENT_FINANCE_MANAGER: 'client_finance_manager',
+    CLIENT_REPORTS_MANAGER: 'client_reports_manager',
+    CLIENT_RELATIONSHIP_MANAGER: 'client_relationship_manager',
+    CLIENT_RISK_MANAGER: 'client_risk_manager',
+    // Provider-Side Roles
+    PROVIDER_CONTRACT_ADMIN: 'provider_contract_admin',
+    PROVIDER_PERFORMANCE_MANAGER: 'provider_performance_manager',
+    PROVIDER_FINANCE_MANAGER: 'provider_finance_manager',
+    PROVIDER_REPORTS_MANAGER: 'provider_reports_manager',
+    PROVIDER_RELATIONSHIP_MANAGER: 'provider_relationship_manager',
+    PROVIDER_RISK_MANAGER: 'provider_risk_manager',
+};
+// Role Definitions with metadata
+exports.CONTRACTX_ROLE_DEFINITIONS = {
+    [exports.CONTRACTX_ROLES.SUPERADMIN]: {
+        name: 'Super Administrator',
+        description: 'Full system access with all permissions',
+        type: ContractXRoleType.ADMIN,
+        scope: ContractXRoleScope.GLOBAL,
+        level: 10,
+        isSystem: true,
+        tenant: 'system'
+    },
+    [exports.CONTRACTX_ROLES.SUPPORT]: {
+        name: 'Support',
+        description: 'Technical support with broad system access',
+        type: ContractXRoleType.ADMIN,
+        scope: ContractXRoleScope.GLOBAL,
+        level: 9,
+        isSystem: true,
+        tenant: 'system'
+    },
+    // Client Roles
+    [exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN]: {
+        name: 'Client Contract Administrator',
+        description: 'Full contract management for client organization',
+        type: ContractXRoleType.MANAGER,
+        scope: ContractXRoleScope.ORGANIZATION,
+        level: 8,
+        isSystem: false,
+        tenant: 'client'
+    },
+    [exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_MANAGER]: {
+        name: 'Client Performance Manager',
+        description: 'Performance monitoring and SLA management',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 6,
+        isSystem: false,
+        tenant: 'client'
+    },
+    [exports.CONTRACTX_ROLES.CLIENT_FINANCE_MANAGER]: {
+        name: 'Client Finance Manager',
+        description: 'Financial management and invoice oversight',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 6,
+        isSystem: false,
+        tenant: 'client'
+    },
+    [exports.CONTRACTX_ROLES.CLIENT_REPORTS_MANAGER]: {
+        name: 'Client Reports Manager',
+        description: 'Reporting and analytics access',
+        type: ContractXRoleType.VIEWER,
+        scope: ContractXRoleScope.PROJECT,
+        level: 4,
+        isSystem: false,
+        tenant: 'client'
+    },
+    [exports.CONTRACTX_ROLES.CLIENT_RELATIONSHIP_MANAGER]: {
+        name: 'Client Relationship Manager',
+        description: 'Relationship management and meeting coordination',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 5,
+        isSystem: false,
+        tenant: 'client'
+    },
+    [exports.CONTRACTX_ROLES.CLIENT_RISK_MANAGER]: {
+        name: 'Client Risk Manager',
+        description: 'Risk assessment and escalation management',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 5,
+        isSystem: false,
+        tenant: 'client'
+    },
+    // Provider Roles
+    [exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN]: {
+        name: 'Provider Contract Administrator',
+        description: 'Contract management from provider perspective',
+        type: ContractXRoleType.MANAGER,
+        scope: ContractXRoleScope.ORGANIZATION,
+        level: 7,
+        isSystem: false,
+        tenant: 'provider'
+    },
+    [exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_MANAGER]: {
+        name: 'Provider Performance Manager',
+        description: 'Performance delivery and SLA compliance',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 6,
+        isSystem: false,
+        tenant: 'provider'
+    },
+    [exports.CONTRACTX_ROLES.PROVIDER_FINANCE_MANAGER]: {
+        name: 'Provider Finance Manager',
+        description: 'Financial management from provider side',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 5,
+        isSystem: false,
+        tenant: 'provider'
+    },
+    [exports.CONTRACTX_ROLES.PROVIDER_REPORTS_MANAGER]: {
+        name: 'Provider Reports Manager',
+        description: 'Provider reporting capabilities',
+        type: ContractXRoleType.VIEWER,
+        scope: ContractXRoleScope.PROJECT,
+        level: 4,
+        isSystem: false,
+        tenant: 'provider'
+    },
+    [exports.CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_MANAGER]: {
+        name: 'Provider Relationship Manager',
+        description: 'Client relationship management from provider side',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 5,
+        isSystem: false,
+        tenant: 'provider'
+    },
+    [exports.CONTRACTX_ROLES.PROVIDER_RISK_MANAGER]: {
+        name: 'Provider Risk Manager',
+        description: 'Risk management from provider perspective',
+        type: ContractXRoleType.OPERATOR,
+        scope: ContractXRoleScope.PROJECT,
+        level: 5,
+        isSystem: false,
+        tenant: 'provider'
+    },
+};
+// Valid role arrays for validation
+exports.VALID_CONTRACTX_ROLES = Object.values(exports.CONTRACTX_ROLES);
+// Role groups for easier management
+exports.CONTRACTX_ROLE_GROUPS = {
+    SYSTEM_ROLES: [exports.CONTRACTX_ROLES.SUPERADMIN, exports.CONTRACTX_ROLES.SUPPORT],
+    CLIENT_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_MANAGER,
+        exports.CONTRACTX_ROLES.CLIENT_FINANCE_MANAGER,
+        exports.CONTRACTX_ROLES.CLIENT_REPORTS_MANAGER,
+        exports.CONTRACTX_ROLES.CLIENT_RELATIONSHIP_MANAGER,
+        exports.CONTRACTX_ROLES.CLIENT_RISK_MANAGER,
+    ],
+    PROVIDER_ROLES: [
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_FINANCE_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_REPORTS_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_RISK_MANAGER,
+    ],
+    ADMIN_ROLES: [
+        exports.CONTRACTX_ROLES.SUPERADMIN,
+        exports.CONTRACTX_ROLES.SUPPORT,
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+    ],
+    MANAGER_ROLES: [
+        exports.CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN,
+        exports.CONTRACTX_ROLES.CLIENT_PERFORMANCE_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_PERFORMANCE_MANAGER,
+        exports.CONTRACTX_ROLES.CLIENT_FINANCE_MANAGER,
+        exports.CONTRACTX_ROLES.PROVIDER_FINANCE_MANAGER,
+    ],
+};
+// Helper functions
+const isSystemRole = (role) => {
+    return exports.CONTRACTX_ROLE_GROUPS.SYSTEM_ROLES.includes(role);
+};
+exports.isSystemRole = isSystemRole;
+const isClientRole = (role) => {
+    return exports.CONTRACTX_ROLE_GROUPS.CLIENT_ROLES.includes(role);
+};
+exports.isClientRole = isClientRole;
+const isProviderRole = (role) => {
+    return exports.CONTRACTX_ROLE_GROUPS.PROVIDER_ROLES.includes(role);
+};
+exports.isProviderRole = isProviderRole;
+const isAdminRole = (role) => {
+    return exports.CONTRACTX_ROLE_GROUPS.ADMIN_ROLES.includes(role);
+};
+exports.isAdminRole = isAdminRole;
+const getRoleMetadata = (role) => {
+    return exports.CONTRACTX_ROLE_DEFINITIONS[role];
+};
+exports.getRoleMetadata = getRoleMetadata;
+const validateRole = (role) => {
+    return exports.VALID_CONTRACTX_ROLES.includes(role);
+};
+exports.validateRole = validateRole;

package/dist/constants/index.d.ts

@@ -0,0 +1,3 @@
+export * from './security.constants';
+export * from './contractx-permissions.constants';
+//# sourceMappingURL=index.d.ts.map

package/dist/constants/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/constants/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC;AACrC,cAAc,mCAAmC,CAAC"}

package/dist/constants/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./security.constants"), exports);
+__exportStar(require("./contractx-permissions.constants"), exports);

package/dist/constants/security.constants.d.ts

@@ -0,0 +1,77 @@
+/**
+ * ODS Roles - Exact 16 roles from Excel specification
+ * Implements complete role hierarchy for client/provider contract management
+ */
+export declare const CONTRACTX_ROLES: {
+    readonly SUPERADMIN: "superadmin";
+    readonly CLIENT_CONTRACT_ADMIN: "client_contract_admin";
+    readonly CLIENT_PERFORMANCE_RESP: "client_performance_resp";
+    readonly CLIENT_FINANCE_RESP: "client_finance_resp";
+    readonly CLIENT_REPORTS_RESP: "client_reports_resp";
+    readonly CLIENT_RELATIONSHIP_RESP: "client_relationship_resp";
+    readonly CLIENT_RISK_RESP: "client_risk_resp";
+    readonly PROVIDER_CONTRACT_ADMIN: "provider_contract_admin";
+    readonly PROVIDER_PERFORMANCE_RESP: "provider_performance_resp";
+    readonly PROVIDER_FINANCE_RESP: "provider_finance_resp";
+    readonly PROVIDER_REPORTS_RESP: "provider_reports_resp";
+    readonly PROVIDER_RELATIONSHIP_RESP: "provider_relationship_resp";
+    readonly PROVIDER_RISK_RESP: "provider_risk_resp";
+    readonly SUPPORT: "support";
+};
+/**
+ * ODS Role Hierarchy Levels - Exact hierarchy from Excel specification
+ * Higher numbers indicate higher privileges
+ */
+export declare const ROLE_HIERARCHY: {
+    readonly superadmin: 100;
+    readonly support: 85;
+    readonly client_contract_admin: 80;
+    readonly client_performance_resp: 70;
+    readonly client_finance_resp: 70;
+    readonly client_reports_resp: 65;
+    readonly client_relationship_resp: 65;
+    readonly client_risk_resp: 65;
+    readonly provider_contract_admin: 80;
+    readonly provider_performance_resp: 70;
+    readonly provider_finance_resp: 70;
+    readonly provider_reports_resp: 65;
+    readonly provider_relationship_resp: 65;
+    readonly provider_risk_resp: 65;
+};
+/**
+ * Permission Categories for organization
+ */
+export declare const PERMISSION_CATEGORIES: {
+    readonly USER_MANAGEMENT: "User Management";
+    readonly ROLE_MANAGEMENT: "Role Management";
+    readonly PERMISSION_MANAGEMENT: "Permission Management";
+    readonly CLIENT_MANAGEMENT: "Client Management";
+    readonly PROVIDER_MANAGEMENT: "Provider Management";
+    readonly CONTRACT_MANAGEMENT: "Contract Management";
+    readonly DOCUMENT_MANAGEMENT: "Document Management";
+    readonly DELIVERABLE_MANAGEMENT: "Deliverable Management";
+    readonly PERFORMANCE_MANAGEMENT: "Performance Management";
+    readonly FINANCIAL_MANAGEMENT: "Financial Management";
+    readonly COMMUNICATION_MANAGEMENT: "Communication Management";
+    readonly SYSTEM_ADMINISTRATION: "System Administration";
+};
+/**
+ * ODS Role Groups for easy assignment and management
+ */
+export declare const ROLE_GROUPS: {
+    readonly ADMIN_ROLES: readonly ["superadmin", "client_contract_admin", "provider_contract_admin"];
+    readonly CLIENT_ROLES: readonly ["client_contract_admin", "client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp"];
+    readonly PROVIDER_ROLES: readonly ["provider_contract_admin", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
+    readonly MANAGER_ROLES: readonly ["client_contract_admin", "provider_contract_admin", "client_performance_resp", "provider_performance_resp", "client_finance_resp", "provider_finance_resp"];
+    readonly VIEWER_ROLES: readonly ["client_reports_resp", "provider_reports_resp"];
+    readonly RESPONSIBILITY_ROLES: readonly ["client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
+    readonly SYSTEM_ROLES: readonly ["superadmin", "support"];
+};
+/**
+ * Module constants for metadata
+ */
+export declare const MODULE_CONSTANTS: {
+    readonly MODULE_OPTIONS_TOKEN: "PERMISSIONS_CONTRACTX_MODULE_OPTIONS";
+    readonly JWT_CONFIG_TOKEN: "PERMISSIONS_CONTRACTX_JWT_CONFIG";
+};
+//# sourceMappingURL=security.constants.d.ts.map

package/dist/constants/security.constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.constants.d.ts","sourceRoot":"","sources":["../../src/constants/security.constants.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAsBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;CAmBjB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;CAaxB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;CAwDd,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;CAGnB,CAAC"}