tychat-contracts 1.6.81 → 1.6.83

package/.husky/commit-msg

@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+commit_msg=$(cat "$1")
+
+if ! echo "$commit_msg" | grep -Eq '\(TYC-[0-9]+\)$'; then
+  echo ""
+  echo "Commit inválido. Formato esperado: feat: descricao (TYC-123)"
+  exit 1
+fi
+
+exit 0

package/dist/analytics/create-patient-audit-log.dto.d.ts

@@ -0,0 +1,39 @@
+/** Who performed the audited patient mutation. */
+export declare const PATIENT_AUDIT_ACTOR_TYPES: readonly ["user", "system", "patient"];
+export type PatientAuditActorType = (typeof PATIENT_AUDIT_ACTOR_TYPES)[number];
+/** Domain actions persisted in patient_audit_logs. */
+export declare const PATIENT_AUDIT_ACTIONS: readonly ["patient.created", "patient.updated", "patient.deleted"];
+export type PatientAuditAction = (typeof PATIENT_AUDIT_ACTIONS)[number];
+/** Single field change on a patient record. */
+export declare class PatientAuditChangeDto {
+    field: string;
+    previousValue?: unknown;
+    newValue?: unknown;
+}
+/** Caller context propagated over RPC for patient write operations. */
+export declare class PatientAuditContextDto {
+    actorType: PatientAuditActorType;
+    actorId: string;
+    actorIp?: string;
+    actorUserAgent?: string;
+    source: string;
+}
+/**
+ * Payload for persisting a tenant-scoped patient audit row.
+ */
+export declare class CreatePatientAuditLogDto {
+    eventId: string;
+    tenant: string;
+    actorType: PatientAuditActorType;
+    actorId: string;
+    actorIp?: string | null;
+    actorUserAgent?: string | null;
+    action: PatientAuditAction;
+    resourceId: string;
+    source: string;
+    changes: PatientAuditChangeDto[];
+    occurredAt: string;
+}
+/** @deprecated Use CreatePatientAuditLogDto */
+export type CreateTenantAuditLogDto = CreatePatientAuditLogDto;
+//# sourceMappingURL=create-patient-audit-log.dto.d.ts.map

package/dist/analytics/create-patient-audit-log.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-patient-audit-log.dto.d.ts","sourceRoot":"","sources":["../../src/analytics/create-patient-audit-log.dto.ts"],"names":[],"mappings":"AAeA,kDAAkD;AAClD,eAAO,MAAM,yBAAyB,wCAAyC,CAAC;AAChF,MAAM,MAAM,qBAAqB,GAAG,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE/E,sDAAsD;AACtD,eAAO,MAAM,qBAAqB,oEAIxB,CAAC;AACX,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;AAExE,+CAA+C;AAC/C,qBAAa,qBAAqB;IAKhC,KAAK,EAAE,MAAM,CAAC;IAId,aAAa,CAAC,EAAE,OAAO,CAAC;IAIxB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,uEAAuE;AACvE,qBAAa,sBAAsB;IAGjC,SAAS,EAAE,qBAAqB,CAAC;IAMjC,OAAO,EAAE,MAAM,CAAC;IAMhB,OAAO,CAAC,EAAE,MAAM,CAAC;IAMjB,cAAc,CAAC,EAAE,MAAM,CAAC;IASxB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,qBAAa,wBAAwB;IAGnC,OAAO,EAAE,MAAM,CAAC;IAOhB,MAAM,EAAE,MAAM,CAAC;IAIf,SAAS,EAAE,qBAAqB,CAAC;IAMjC,OAAO,EAAE,MAAM,CAAC;IAMhB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAMxB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAI/B,MAAM,EAAE,kBAAkB,CAAC;IAM3B,UAAU,EAAE,MAAM,CAAC;IAMnB,MAAM,EAAE,MAAM,CAAC;IAMf,OAAO,EAAE,qBAAqB,EAAE,CAAC;IAIjC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,+CAA+C;AAC/C,MAAM,MAAM,uBAAuB,GAAG,wBAAwB,CAAC"}

package/dist/analytics/create-patient-audit-log.dto.js

@@ -0,0 +1,179 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CreatePatientAuditLogDto = exports.PatientAuditContextDto = exports.PatientAuditChangeDto = exports.PATIENT_AUDIT_ACTIONS = exports.PATIENT_AUDIT_ACTOR_TYPES = void 0;
+const swagger_1 = require("@nestjs/swagger");
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+/** Who performed the audited patient mutation. */
+exports.PATIENT_AUDIT_ACTOR_TYPES = ['user', 'system', 'patient'];
+/** Domain actions persisted in patient_audit_logs. */
+exports.PATIENT_AUDIT_ACTIONS = [
+    'patient.created',
+    'patient.updated',
+    'patient.deleted',
+];
+/** Single field change on a patient record. */
+class PatientAuditChangeDto {
+    field;
+    previousValue;
+    newValue;
+}
+exports.PatientAuditChangeDto = PatientAuditChangeDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ example: 'name' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(128),
+    __metadata("design:type", String)
+], PatientAuditChangeDto.prototype, "field", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'Previous value (null on create)' }),
+    (0, class_validator_1.IsOptional)(),
+    __metadata("design:type", Object)
+], PatientAuditChangeDto.prototype, "previousValue", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ description: 'New value (null on delete of field)' }),
+    (0, class_validator_1.IsOptional)(),
+    __metadata("design:type", Object)
+], PatientAuditChangeDto.prototype, "newValue", void 0);
+/** Caller context propagated over RPC for patient write operations. */
+class PatientAuditContextDto {
+    actorType;
+    actorId;
+    actorIp;
+    actorUserAgent;
+    source;
+}
+exports.PatientAuditContextDto = PatientAuditContextDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ enum: exports.PATIENT_AUDIT_ACTOR_TYPES }),
+    (0, class_validator_1.IsIn)([...exports.PATIENT_AUDIT_ACTOR_TYPES]),
+    __metadata("design:type", String)
+], PatientAuditContextDto.prototype, "actorType", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'User sub, service name, or patient token id' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], PatientAuditContextDto.prototype, "actorId", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({ example: '203.0.113.10' }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(64),
+    __metadata("design:type", String)
+], PatientAuditContextDto.prototype, "actorIp", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(512),
+    __metadata("design:type", String)
+], PatientAuditContextDto.prototype, "actorUserAgent", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({
+        example: 'patient_service.upsertPatientByPhone',
+        description: 'Deterministic origin of the mutation',
+    }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], PatientAuditContextDto.prototype, "source", void 0);
+/**
+ * Payload for persisting a tenant-scoped patient audit row.
+ */
+class CreatePatientAuditLogDto {
+    eventId;
+    tenant;
+    actorType;
+    actorId;
+    actorIp;
+    actorUserAgent;
+    action;
+    resourceId;
+    source;
+    changes;
+    occurredAt;
+}
+exports.CreatePatientAuditLogDto = CreatePatientAuditLogDto;
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Unique id for idempotent insert', format: 'uuid' }),
+    (0, class_validator_1.IsUUID)(),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "eventId", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Tenant slug' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MinLength)(1),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "tenant", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ enum: exports.PATIENT_AUDIT_ACTOR_TYPES }),
+    (0, class_validator_1.IsIn)([...exports.PATIENT_AUDIT_ACTOR_TYPES]),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "actorType", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Authenticated user id, service name, or token id' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "actorId", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(64),
+    __metadata("design:type", Object)
+], CreatePatientAuditLogDto.prototype, "actorIp", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MaxLength)(512),
+    __metadata("design:type", Object)
+], CreatePatientAuditLogDto.prototype, "actorUserAgent", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ enum: exports.PATIENT_AUDIT_ACTIONS }),
+    (0, class_validator_1.IsIn)([...exports.PATIENT_AUDIT_ACTIONS]),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "action", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'Patient UUID' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "resourceId", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ example: 'patient_service.updatePatient' }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_validator_1.MaxLength)(255),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "source", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ type: [PatientAuditChangeDto] }),
+    (0, class_validator_1.IsArray)(),
+    (0, class_validator_1.ValidateNested)({ each: true }),
+    (0, class_transformer_1.Type)(() => PatientAuditChangeDto),
+    __metadata("design:type", Array)
+], CreatePatientAuditLogDto.prototype, "changes", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ description: 'When the mutation completed (UTC ISO-8601)' }),
+    (0, class_validator_1.IsISO8601)(),
+    __metadata("design:type", String)
+], CreatePatientAuditLogDto.prototype, "occurredAt", void 0);

package/dist/analytics/index.d.ts

@@ -1,7 +1,7 @@
 export * from './event-analytic.enum';
 export * from './followup-analytic-event-type.util';
 export * from './create-analytic-event.dto';
-export * from './create-tenant-audit-log.dto';
+export * from './create-patient-audit-log.dto';
 export * from './list-tenant-audit-logs-query.dto';
 export * from './analytics-query.dto';
 export * from './analytics-kafka-topics';

package/dist/analytics/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analytics/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,oCAAoC,CAAC;AACnD,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analytics/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,qCAAqC,CAAC;AACpD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,oCAAoC,CAAC;AACnD,cAAc,uBAAuB,CAAC;AACtC,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC"}

package/dist/analytics/index.js

@@ -17,7 +17,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./event-analytic.enum"), exports);
 __exportStar(require("./followup-analytic-event-type.util"), exports);
 __exportStar(require("./create-analytic-event.dto"), exports);
-__exportStar(require("./create-tenant-audit-log.dto"), exports);
+__exportStar(require("./create-patient-audit-log.dto"), exports);
 __exportStar(require("./list-tenant-audit-logs-query.dto"), exports);
 __exportStar(require("./analytics-query.dto"), exports);
 __exportStar(require("./analytics-kafka-topics"), exports);

package/dist/analytics/list-tenant-audit-logs-query.dto.d.ts

@@ -1,8 +1,8 @@
 import type { ParsedFilterDto } from '../filters/parsed-filter.dto';
 /**
- * Allowed tenant_audit_logs columns for filtering (camelCase API keys).
+ * Allowed patient_audit_logs columns for filtering (camelCase API keys).
  */
-export declare const TENANT_AUDIT_LIST_FILTER_KEYS: readonly ["actorId", "action", "outcome", "httpMethod", "httpPath", "httpStatus", "occurredAt"];
+export declare const TENANT_AUDIT_LIST_FILTER_KEYS: readonly ["actorId", "action", "resourceId", "source", "occurredAt"];
 export type TenantAuditListFilterKeyDto = (typeof TENANT_AUDIT_LIST_FILTER_KEYS)[number];
 export declare class ListTenantAuditLogsQueryDto {
     page?: number;

package/dist/analytics/list-tenant-audit-logs-query.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"list-tenant-audit-logs-query.dto.d.ts","sourceRoot":"","sources":["../../src/analytics/list-tenant-audit-logs-query.dto.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,6BAA6B,iGAQhC,CAAC;AACX,MAAM,MAAM,2BAA2B,GAAG,CAAC,OAAO,6BAA6B,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzF,qBAAa,2BAA2B;IAMtC,IAAI,CAAC,EAAE,MAAM,CAAC;IAQd,KAAK,CAAC,EAAE,MAAM,CAAC;IAUf,OAAO,CAAC,EAAE,eAAe,EAAE,CAAC;CAC7B"}
+{"version":3,"file":"list-tenant-audit-logs-query.dto.d.ts","sourceRoot":"","sources":["../../src/analytics/list-tenant-audit-logs-query.dto.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,6BAA6B,sEAMhC,CAAC;AACX,MAAM,MAAM,2BAA2B,GAAG,CAAC,OAAO,6BAA6B,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzF,qBAAa,2BAA2B;IAMtC,IAAI,CAAC,EAAE,MAAM,CAAC;IAQd,KAAK,CAAC,EAAE,MAAM,CAAC;IAUf,OAAO,CAAC,EAAE,eAAe,EAAE,CAAC;CAC7B"}

package/dist/analytics/list-tenant-audit-logs-query.dto.js

@@ -14,15 +14,13 @@ const swagger_1 = require("@nestjs/swagger");
 const class_transformer_1 = require("class-transformer");
 const class_validator_1 = require("class-validator");
 /**
- * Allowed tenant_audit_logs columns for filtering (camelCase API keys).
+ * Allowed patient_audit_logs columns for filtering (camelCase API keys).
  */
 exports.TENANT_AUDIT_LIST_FILTER_KEYS = [
     'actorId',
     'action',
-    'outcome',
-    'httpMethod',
-    'httpPath',
-    'httpStatus',
+    'resourceId',
+    'source',
     'occurredAt',
 ];
 class ListTenantAuditLogsQueryDto {
@@ -51,9 +49,9 @@ __decorate([
 __decorate([
     (0, swagger_1.ApiPropertyOptional)({
         description: 'JSON string with an array of filter objects `{ key, op, value }`. ' +
-            'Example: `[{"key":"outcome","op":"==","value":"success"}]`.',
+            'Example: `[{"key":"action","op":"==","value":"patient.updated"}]`.',
         type: String,
-        example: '[{"key":"outcome","op":"==","value":"success"}]',
+        example: '[{"key":"action","op":"==","value":"patient.updated"}]',
     }),
     (0, class_validator_1.IsOptional)(),
     __metadata("design:type", Array)

package/dist/users/create-user.dto.d.ts

@@ -7,6 +7,7 @@ export type CreatableUserRole = (typeof CREATABLE_USER_ROLES)[number];
 export declare class CreateUserDto {
     name: string;
     email: string;
-    role: CreatableUserRole;
+    roles?: CreatableUserRole[];
+    role?: CreatableUserRole;
 }
 //# sourceMappingURL=create-user.dto.d.ts.map

package/dist/users/create-user.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/create-user.dto.ts"],"names":[],"mappings":"AASA;;;GAGG;AACH,eAAO,MAAM,oBAAoB,+CAAgD,CAAC;AAClF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE,qBAAa,aAAa;IASxB,IAAI,EAAE,MAAM,CAAC;IAWb,KAAK,EAAE,MAAM,CAAC;IAWd,IAAI,EAAE,iBAAiB,CAAC;CACzB"}
+{"version":3,"file":"create-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/create-user.dto.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,eAAO,MAAM,oBAAoB,+CAAgD,CAAC;AAClF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE,qBAAa,aAAa;IASxB,IAAI,EAAE,MAAM,CAAC;IAWb,KAAK,EAAE,MAAM,CAAC;IAgBd,KAAK,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAa5B,IAAI,CAAC,EAAE,iBAAiB,CAAC;CAC1B"}

package/dist/users/create-user.dto.js

@@ -20,6 +20,7 @@ exports.CREATABLE_USER_ROLES = ['attendant', 'health_professional'];
 class CreateUserDto {
     name;
     email;
+    roles;
     role;
 }
 exports.CreateUserDto = CreateUserDto;
@@ -48,10 +49,27 @@ __decorate([
 ], CreateUserDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'Papel do usuário. Apenas atendente ou profissional de saúde; administrador não pode criar outros administradores.',
+        description: 'Papéis do usuário. Pelo menos um: atendente e/ou profissional de saúde.',
+        enum: exports.CREATABLE_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    (0, class_validator_1.ValidateIf)((o) => o.role == null),
+    (0, class_validator_1.IsArray)({ message: 'roles deve ser um array' }),
+    (0, class_validator_1.ArrayMinSize)(1, { message: 'roles deve conter ao menos um papel' }),
+    (0, class_validator_1.IsIn)(exports.CREATABLE_USER_ROLES, {
+        each: true,
+        message: 'cada role deve ser attendant ou health_professional',
+    }),
+    __metadata("design:type", Array)
+], CreateUserDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated: use roles[]. Papel único; convertido internamente para roles com um elemento.',
         enum: exports.CREATABLE_USER_ROLES,
         default: 'attendant',
     }),
+    (0, class_validator_1.IsOptional)(),
     (0, class_validator_1.IsString)(),
     (0, class_validator_1.IsIn)(exports.CREATABLE_USER_ROLES, {
         message: 'role deve ser attendant ou health_professional',

package/dist/users/update-user-by-admin.dto.d.ts

@@ -1,10 +1,11 @@
 export declare const ALL_USER_ROLES: readonly ["administrator", "attendant", "health_professional"];
 export type AllUserRole = (typeof ALL_USER_ROLES)[number];
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 export declare class UpdateUserByAdminDto {
     _atLeastOne?: string;
     name?: string;
     email?: string;
+    roles?: AllUserRole[];
     role?: AllUserRole;
 }
 //# sourceMappingURL=update-user-by-admin.dto.d.ts.map

package/dist/users/update-user-by-admin.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"update-user-by-admin.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-user-by-admin.dto.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,cAAc,gEAIjB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,wEAAwE;AACxE,qBAAa,oBAAoB;IAG/B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAWd,KAAK,CAAC,EAAE,MAAM,CAAC;IAYf,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB"}
+{"version":3,"file":"update-user-by-admin.dto.d.ts","sourceRoot":"","sources":["../../src/users/update-user-by-admin.dto.ts"],"names":[],"mappings":"AAaA,eAAO,MAAM,cAAc,gEAIjB,CAAC;AACX,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1D,yEAAyE;AACzE,qBAAa,oBAAoB;IAG/B,WAAW,CAAC,EAAE,MAAM,CAAC;IAWrB,IAAI,CAAC,EAAE,MAAM,CAAC;IAWd,KAAK,CAAC,EAAE,MAAM,CAAC;IAef,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;IAYtB,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB"}

package/dist/users/update-user-by-admin.dto.js

@@ -18,17 +18,18 @@ exports.ALL_USER_ROLES = [
     'attendant',
     'health_professional',
 ];
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 class UpdateUserByAdminDto {
     _atLeastOne;
     name;
     email;
+    roles;
     role;
 }
 exports.UpdateUserByAdminDto = UpdateUserByAdminDto;
 __decorate([
     (0, swagger_1.ApiHideProperty)(),
-    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'role']),
+    (0, at_least_one_of_decorator_1.AtLeastOneOf)(['name', 'email', 'role', 'roles']),
     __metadata("design:type", String)
 ], UpdateUserByAdminDto.prototype, "_atLeastOne", void 0);
 __decorate([
@@ -56,7 +57,23 @@ __decorate([
 ], UpdateUserByAdminDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiPropertyOptional)({
-        description: 'User role',
+        description: 'User roles (replaces the full role set when provided)',
+        enum: exports.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant', 'health_professional'],
+    }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsArray)(),
+    (0, class_validator_1.ArrayMinSize)(1, { message: 'roles must contain at least one role when provided' }),
+    (0, class_validator_1.IsIn)(exports.ALL_USER_ROLES, {
+        each: true,
+        message: 'each role must be administrator, attendant, or health_professional',
+    }),
+    __metadata("design:type", Array)
+], UpdateUserByAdminDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated: use roles[]. Single role replacement.',
         enum: exports.ALL_USER_ROLES,
         example: 'attendant',
     }),

package/dist/users/updated-user.dto.d.ts

@@ -1,9 +1,11 @@
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 /** User payload returned after create or update (no password). */
 export declare class UpdatedUserDto {
     userId: string;
     name: string;
     email: string;
-    role: 'administrator' | 'attendant' | 'health_professional';
+    roles: (typeof ALL_USER_ROLES)[number][];
+    role?: (typeof ALL_USER_ROLES)[number];
     createdAt: Date;
     updatedAt: Date;
 }

package/dist/users/updated-user.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"updated-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/updated-user.dto.ts"],"names":[],"mappings":"AAEA,kEAAkE;AAClE,qBAAa,cAAc;IAMzB,MAAM,EAAE,MAAM,CAAC;IAGf,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAOd,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;IAG5D,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;CACjB"}
+{"version":3,"file":"updated-user.dto.d.ts","sourceRoot":"","sources":["../../src/users/updated-user.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,kEAAkE;AAClE,qBAAa,cAAc;IAMzB,MAAM,EAAE,MAAM,CAAC;IAGf,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAQd,KAAK,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IAOzC,IAAI,CAAC,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;IAGvC,SAAS,EAAE,IAAI,CAAC;IAGhB,SAAS,EAAE,IAAI,CAAC;CACjB"}

package/dist/users/updated-user.dto.js

@@ -11,11 +11,13 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UpdatedUserDto = void 0;
 const swagger_1 = require("@nestjs/swagger");
+const update_user_by_admin_dto_1 = require("./update-user-by-admin.dto");
 /** User payload returned after create or update (no password). */
 class UpdatedUserDto {
     userId;
     name;
     email;
+    roles;
     role;
     createdAt;
     updatedAt;
@@ -39,11 +41,20 @@ __decorate([
 ], UpdatedUserDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'User role',
-        enum: ['administrator', 'attendant', 'health_professional'],
+        description: 'All roles assigned to the user',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    __metadata("design:type", Array)
+], UpdatedUserDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated primary role alias (first role in roles[])',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
         example: 'attendant',
     }),
-    __metadata("design:type", String)
+    __metadata("design:type", Object)
 ], UpdatedUserDto.prototype, "role", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({ description: 'Creation timestamp' }),

package/dist/users/user-list-item.dto.d.ts

@@ -1,8 +1,10 @@
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 /** Public user summary returned when an administrator lists users (no password). */
 export declare class UserListItemDto {
     id: string;
     name: string;
     email: string;
-    role: 'administrator' | 'attendant' | 'health_professional';
+    roles: (typeof ALL_USER_ROLES)[number][];
+    role?: (typeof ALL_USER_ROLES)[number];
 }
 //# sourceMappingURL=user-list-item.dto.d.ts.map

package/dist/users/user-list-item.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-list-item.dto.d.ts","sourceRoot":"","sources":["../../src/users/user-list-item.dto.ts"],"names":[],"mappings":"AAEA,oFAAoF;AACpF,qBAAa,eAAe;IAM1B,EAAE,EAAE,MAAM,CAAC;IAGX,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAOd,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC7D"}
+{"version":3,"file":"user-list-item.dto.d.ts","sourceRoot":"","sources":["../../src/users/user-list-item.dto.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D,oFAAoF;AACpF,qBAAa,eAAe;IAM1B,EAAE,EAAE,MAAM,CAAC;IAGX,IAAI,EAAE,MAAM,CAAC;IAGb,KAAK,EAAE,MAAM,CAAC;IAQd,KAAK,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;IAOzC,IAAI,CAAC,EAAE,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;CACxC"}

package/dist/users/user-list-item.dto.js

@@ -11,11 +11,13 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UserListItemDto = void 0;
 const swagger_1 = require("@nestjs/swagger");
+const update_user_by_admin_dto_1 = require("./update-user-by-admin.dto");
 /** Public user summary returned when an administrator lists users (no password). */
 class UserListItemDto {
     id;
     name;
     email;
+    roles;
     role;
 }
 exports.UserListItemDto = UserListItemDto;
@@ -37,9 +39,18 @@ __decorate([
 ], UserListItemDto.prototype, "email", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)({
-        description: 'User role',
-        enum: ['administrator', 'attendant', 'health_professional'],
+        description: 'All roles assigned to the user',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
+        isArray: true,
+        example: ['attendant'],
+    }),
+    __metadata("design:type", Array)
+], UserListItemDto.prototype, "roles", void 0);
+__decorate([
+    (0, swagger_1.ApiPropertyOptional)({
+        description: 'Deprecated primary role alias (first role in roles[])',
+        enum: update_user_by_admin_dto_1.ALL_USER_ROLES,
         example: 'attendant',
     }),
-    __metadata("design:type", String)
+    __metadata("design:type", Object)
 ], UserListItemDto.prototype, "role", void 0);

package/dist/users/user-update-kafka-payloads.d.ts

@@ -19,6 +19,9 @@ export interface AuthUpdateUserAdminPayload {
     targetUserId: string;
     name?: string;
     email?: string;
+    /** Replaces the full role set when provided. */
+    roles?: ('administrator' | 'attendant' | 'health_professional')[];
+    /** @deprecated Use roles[] */
     role?: 'administrator' | 'attendant' | 'health_professional';
 }
 /**

package/dist/users/user-update-kafka-payloads.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-update-kafka-payloads.d.ts","sourceRoot":"","sources":["../../src/users/user-update-kafka-payloads.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC9D;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB"}
+{"version":3,"file":"user-update-kafka-payloads.d.ts","sourceRoot":"","sources":["../../src/users/user-update-kafka-payloads.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,KAAK,CAAC,EAAE,CAAC,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC,EAAE,CAAC;IAClE,8BAA8B;IAC9B,IAAI,CAAC,EAAE,eAAe,GAAG,WAAW,GAAG,qBAAqB,CAAC;CAC9D;AAED;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB"}

package/package.json

@@ -1,30 +1,32 @@
-{
-  "name": "tychat-contracts",
-  "version": "1.6.81",
-  "description": "DTOs compartilhados com class-validator (API e microserviços)",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "private": false,
-  "scripts": {
-    "build": "tsc",
-    "release": "npm version patch && npm publish",
-    "prepublishOnly": "npm run build"
-  },
-  "dependencies": {
-    "class-transformer": "^0.5.1",
-    "class-validator": "^0.14.1",
-    "ioredis": "^5.10.0",
-    "jest": "^30.3.0",
-    "reflect-metadata": "*"
-  },
-  "devDependencies": {
-    "@nestjs/swagger": "^11.2.6",
-    "@types/jest": "^30.0.0",
-    "ts-jest": "^29.4.9",
-    "typescript": "^5.7.3"
-  },
-  "peerDependencies": {
-    "@nestjs/swagger": "^11.2.6",
-    "reflect-metadata": "*"
-  }
-}
+{
+  "name": "tychat-contracts",
+  "version": "1.6.83",
+  "description": "DTOs compartilhados com class-validator (API e microserviços)",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "private": false,
+  "scripts": {
+    "build": "tsc",
+    "release": "npm version patch && npm publish",
+    "prepublishOnly": "npm run build",
+    "prepare": "husky"
+  },
+  "dependencies": {
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.1",
+    "ioredis": "^5.10.0",
+    "jest": "^30.3.0",
+    "reflect-metadata": "*"
+  },
+  "devDependencies": {
+    "@nestjs/swagger": "^11.2.6",
+    "@types/jest": "^30.0.0",
+    "husky": "^9.1.7",
+    "ts-jest": "^29.4.9",
+    "typescript": "^5.7.3"
+  },
+  "peerDependencies": {
+    "@nestjs/swagger": "^11.2.6",
+    "reflect-metadata": "*"
+  }
+}

package/src/analytics/create-patient-audit-log.dto.ts

@@ -0,0 +1,144 @@
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import {
+  IsArray,
+  IsIn,
+  IsISO8601,
+  IsNotEmpty,
+  IsOptional,
+  IsString,
+  IsUUID,
+  MaxLength,
+  MinLength,
+  ValidateNested,
+} from 'class-validator';
+import { Type } from 'class-transformer';
+
+/** Who performed the audited patient mutation. */
+export const PATIENT_AUDIT_ACTOR_TYPES = ['user', 'system', 'patient'] as const;
+export type PatientAuditActorType = (typeof PATIENT_AUDIT_ACTOR_TYPES)[number];
+
+/** Domain actions persisted in patient_audit_logs. */
+export const PATIENT_AUDIT_ACTIONS = [
+  'patient.created',
+  'patient.updated',
+  'patient.deleted',
+] as const;
+export type PatientAuditAction = (typeof PATIENT_AUDIT_ACTIONS)[number];
+
+/** Single field change on a patient record. */
+export class PatientAuditChangeDto {
+  @ApiProperty({ example: 'name' })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(128)
+  field: string;
+
+  @ApiPropertyOptional({ description: 'Previous value (null on create)' })
+  @IsOptional()
+  previousValue?: unknown;
+
+  @ApiPropertyOptional({ description: 'New value (null on delete of field)' })
+  @IsOptional()
+  newValue?: unknown;
+}
+
+/** Caller context propagated over RPC for patient write operations. */
+export class PatientAuditContextDto {
+  @ApiProperty({ enum: PATIENT_AUDIT_ACTOR_TYPES })
+  @IsIn([...PATIENT_AUDIT_ACTOR_TYPES])
+  actorType: PatientAuditActorType;
+
+  @ApiProperty({ description: 'User sub, service name, or patient token id' })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(255)
+  actorId: string;
+
+  @ApiPropertyOptional({ example: '203.0.113.10' })
+  @IsOptional()
+  @IsString()
+  @MaxLength(64)
+  actorIp?: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @MaxLength(512)
+  actorUserAgent?: string;
+
+  @ApiProperty({
+    example: 'patient_service.upsertPatientByPhone',
+    description: 'Deterministic origin of the mutation',
+  })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(255)
+  source: string;
+}
+
+/**
+ * Payload for persisting a tenant-scoped patient audit row.
+ */
+export class CreatePatientAuditLogDto {
+  @ApiProperty({ description: 'Unique id for idempotent insert', format: 'uuid' })
+  @IsUUID()
+  eventId: string;
+
+  @ApiProperty({ description: 'Tenant slug' })
+  @IsString()
+  @IsNotEmpty()
+  @MinLength(1)
+  @MaxLength(255)
+  tenant: string;
+
+  @ApiProperty({ enum: PATIENT_AUDIT_ACTOR_TYPES })
+  @IsIn([...PATIENT_AUDIT_ACTOR_TYPES])
+  actorType: PatientAuditActorType;
+
+  @ApiProperty({ description: 'Authenticated user id, service name, or token id' })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(255)
+  actorId: string;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @MaxLength(64)
+  actorIp?: string | null;
+
+  @ApiPropertyOptional()
+  @IsOptional()
+  @IsString()
+  @MaxLength(512)
+  actorUserAgent?: string | null;
+
+  @ApiProperty({ enum: PATIENT_AUDIT_ACTIONS })
+  @IsIn([...PATIENT_AUDIT_ACTIONS])
+  action: PatientAuditAction;
+
+  @ApiProperty({ description: 'Patient UUID' })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(255)
+  resourceId: string;
+
+  @ApiProperty({ example: 'patient_service.updatePatient' })
+  @IsString()
+  @IsNotEmpty()
+  @MaxLength(255)
+  source: string;
+
+  @ApiProperty({ type: [PatientAuditChangeDto] })
+  @IsArray()
+  @ValidateNested({ each: true })
+  @Type(() => PatientAuditChangeDto)
+  changes: PatientAuditChangeDto[];
+
+  @ApiProperty({ description: 'When the mutation completed (UTC ISO-8601)' })
+  @IsISO8601()
+  occurredAt: string;
+}
+
+/** @deprecated Use CreatePatientAuditLogDto */
+export type CreateTenantAuditLogDto = CreatePatientAuditLogDto;

package/src/analytics/index.ts

@@ -1,7 +1,7 @@
 export * from './event-analytic.enum';
 export * from './followup-analytic-event-type.util';
 export * from './create-analytic-event.dto';
-export * from './create-tenant-audit-log.dto';
+export * from './create-patient-audit-log.dto';
 export * from './list-tenant-audit-logs-query.dto';
 export * from './analytics-query.dto';
 export * from './analytics-kafka-topics';

package/src/analytics/list-tenant-audit-logs-query.dto.ts

@@ -4,15 +4,13 @@ import { IsInt, IsOptional, Max, Min } from 'class-validator';
 import type { ParsedFilterDto } from '../filters/parsed-filter.dto';
 
 /**
- * Allowed tenant_audit_logs columns for filtering (camelCase API keys).
+ * Allowed patient_audit_logs columns for filtering (camelCase API keys).
  */
 export const TENANT_AUDIT_LIST_FILTER_KEYS = [
   'actorId',
   'action',
-  'outcome',
-  'httpMethod',
-  'httpPath',
-  'httpStatus',
+  'resourceId',
+  'source',
   'occurredAt',
 ] as const;
 export type TenantAuditListFilterKeyDto = (typeof TENANT_AUDIT_LIST_FILTER_KEYS)[number];
@@ -36,9 +34,9 @@ export class ListTenantAuditLogsQueryDto {
   @ApiPropertyOptional({
     description:
       'JSON string with an array of filter objects `{ key, op, value }`. ' +
-      'Example: `[{"key":"outcome","op":"==","value":"success"}]`.',
+      'Example: `[{"key":"action","op":"==","value":"patient.updated"}]`.',
     type: String,
-    example: '[{"key":"outcome","op":"==","value":"success"}]',
+    example: '[{"key":"action","op":"==","value":"patient.updated"}]',
   })
   @IsOptional()
   filters?: ParsedFilterDto[];

package/src/users/create-user.dto.ts

@@ -1,10 +1,14 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import {
   IsEmail,
   IsString,
   IsIn,
   MinLength,
   MaxLength,
+  IsArray,
+  ArrayMinSize,
+  IsOptional,
+  ValidateIf,
 } from 'class-validator';
 
 /**
@@ -37,13 +41,31 @@ export class CreateUserDto {
   email: string;
 
   @ApiProperty({
-    description: 'Papel do usuário. Apenas atendente ou profissional de saúde; administrador não pode criar outros administradores.',
+    description:
+      'Papéis do usuário. Pelo menos um: atendente e/ou profissional de saúde.',
+    enum: CREATABLE_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  @ValidateIf((o: CreateUserDto) => o.role == null)
+  @IsArray({ message: 'roles deve ser um array' })
+  @ArrayMinSize(1, { message: 'roles deve conter ao menos um papel' })
+  @IsIn(CREATABLE_USER_ROLES, {
+    each: true,
+    message: 'cada role deve ser attendant ou health_professional',
+  })
+  roles?: CreatableUserRole[];
+
+  @ApiPropertyOptional({
+    description:
+      'Deprecated: use roles[]. Papel único; convertido internamente para roles com um elemento.',
     enum: CREATABLE_USER_ROLES,
     default: 'attendant',
   })
+  @IsOptional()
   @IsString()
   @IsIn(CREATABLE_USER_ROLES, {
     message: 'role deve ser attendant ou health_professional',
   })
-  role: CreatableUserRole;
+  role?: CreatableUserRole;
 }

package/src/users/update-user-by-admin.dto.ts

@@ -1,5 +1,14 @@
 import { ApiHideProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { IsEmail, IsIn, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
+import {
+  IsEmail,
+  IsIn,
+  IsOptional,
+  IsString,
+  MaxLength,
+  MinLength,
+  IsArray,
+  ArrayMinSize,
+} from 'class-validator';
 import { AtLeastOneOf } from './at-least-one-of.decorator';
 
 export const ALL_USER_ROLES = [
@@ -9,10 +18,10 @@ export const ALL_USER_ROLES = [
 ] as const;
 export type AllUserRole = (typeof ALL_USER_ROLES)[number];
 
-/** Fields an administrator may change for any user (including role). */
+/** Fields an administrator may change for any user (including roles). */
 export class UpdateUserByAdminDto {
   @ApiHideProperty()
-  @AtLeastOneOf(['name', 'email', 'role'])
+  @AtLeastOneOf(['name', 'email', 'role', 'roles'])
   _atLeastOne?: string;
 
   @ApiPropertyOptional({
@@ -38,7 +47,22 @@ export class UpdateUserByAdminDto {
   email?: string;
 
   @ApiPropertyOptional({
-    description: 'User role',
+    description: 'User roles (replaces the full role set when provided)',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant', 'health_professional'],
+  })
+  @IsOptional()
+  @IsArray()
+  @ArrayMinSize(1, { message: 'roles must contain at least one role when provided' })
+  @IsIn(ALL_USER_ROLES, {
+    each: true,
+    message: 'each role must be administrator, attendant, or health_professional',
+  })
+  roles?: AllUserRole[];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated: use roles[]. Single role replacement.',
     enum: ALL_USER_ROLES,
     example: 'attendant',
   })

package/src/users/updated-user.dto.ts

@@ -1,4 +1,5 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 
 /** User payload returned after create or update (no password). */
 export class UpdatedUserDto {
@@ -16,11 +17,19 @@ export class UpdatedUserDto {
   email: string;
 
   @ApiProperty({
-    description: 'User role',
-    enum: ['administrator', 'attendant', 'health_professional'],
+    description: 'All roles assigned to the user',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  roles: (typeof ALL_USER_ROLES)[number][];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated primary role alias (first role in roles[])',
+    enum: ALL_USER_ROLES,
     example: 'attendant',
   })
-  role: 'administrator' | 'attendant' | 'health_professional';
+  role?: (typeof ALL_USER_ROLES)[number];
 
   @ApiProperty({ description: 'Creation timestamp' })
   createdAt: Date;

package/src/users/user-list-item.dto.ts

@@ -1,4 +1,5 @@
-import { ApiProperty } from '@nestjs/swagger';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { ALL_USER_ROLES } from './update-user-by-admin.dto';
 
 /** Public user summary returned when an administrator lists users (no password). */
 export class UserListItemDto {
@@ -16,9 +17,17 @@ export class UserListItemDto {
   email: string;
 
   @ApiProperty({
-    description: 'User role',
-    enum: ['administrator', 'attendant', 'health_professional'],
+    description: 'All roles assigned to the user',
+    enum: ALL_USER_ROLES,
+    isArray: true,
+    example: ['attendant'],
+  })
+  roles: (typeof ALL_USER_ROLES)[number][];
+
+  @ApiPropertyOptional({
+    description: 'Deprecated primary role alias (first role in roles[])',
+    enum: ALL_USER_ROLES,
     example: 'attendant',
   })
-  role: 'administrator' | 'attendant' | 'health_professional';
+  role?: (typeof ALL_USER_ROLES)[number];
 }

package/src/users/user-update-kafka-payloads.ts

@@ -20,6 +20,9 @@ export interface AuthUpdateUserAdminPayload {
   targetUserId: string;
   name?: string;
   email?: string;
+  /** Replaces the full role set when provided. */
+  roles?: ('administrator' | 'attendant' | 'health_professional')[];
+  /** @deprecated Use roles[] */
   role?: 'administrator' | 'attendant' | 'health_professional';
 }
 

package/src/analytics/create-tenant-audit-log.dto.ts

@@ -1,105 +0,0 @@
-import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import {
-  IsIn,
-  IsInt,
-  IsISO8601,
-  IsNotEmpty,
-  IsObject,
-  IsOptional,
-  IsString,
-  IsUUID,
-  Max,
-  MaxLength,
-  Min,
-  MinLength,
-} from 'class-validator';
-
-/** Outcome of the audited HTTP mutation. */
-export const TENANT_AUDIT_OUTCOMES = ['success', 'failure'] as const;
-export type TenantAuditOutcome = (typeof TENANT_AUDIT_OUTCOMES)[number];
-
-/**
- * Payload for persisting a tenant-scoped user action audit row (HTTP mutation).
- */
-export class CreateTenantAuditLogDto {
-  @ApiProperty({ description: 'Unique id for idempotent insert', format: 'uuid' })
-  @IsUUID()
-  eventId: string;
-
-  @ApiProperty({ description: 'Tenant slug' })
-  @IsString()
-  @IsNotEmpty()
-  @MinLength(1)
-  @MaxLength(255)
-  tenant: string;
-
-  @ApiProperty({ example: 'user', description: 'Actor category' })
-  @IsString()
-  @IsNotEmpty()
-  @MaxLength(64)
-  actorType: string;
-
-  @ApiProperty({ description: 'Authenticated user id (sub)' })
-  @IsString()
-  @IsNotEmpty()
-  @MaxLength(255)
-  actorId: string;
-
-  @ApiProperty({
-    example: 'http.mutation',
-    description: 'Deterministic action key (e.g. http.mutation)',
-  })
-  @IsString()
-  @IsNotEmpty()
-  @MaxLength(128)
-  action: string;
-
-  @ApiPropertyOptional({ example: 'http' })
-  @IsOptional()
-  @IsString()
-  @MaxLength(64)
-  targetType?: string | null;
-
-  @ApiPropertyOptional({ description: 'Route param id when present' })
-  @IsOptional()
-  @IsString()
-  @MaxLength(255)
-  targetId?: string | null;
-
-  @ApiProperty({ enum: TENANT_AUDIT_OUTCOMES })
-  @IsIn([...TENANT_AUDIT_OUTCOMES])
-  outcome: TenantAuditOutcome;
-
-  @ApiProperty({ example: 'POST' })
-  @IsString()
-  @IsNotEmpty()
-  @MaxLength(16)
-  httpMethod: string;
-
-  @ApiProperty({ example: '/patients/123' })
-  @IsString()
-  @IsNotEmpty()
-  @MaxLength(2048)
-  httpPath: string;
-
-  @ApiProperty({ example: 201 })
-  @IsInt()
-  @Min(100)
-  @Max(599)
-  httpStatus: number;
-
-  @ApiPropertyOptional({ description: 'On failure, stable error code if available' })
-  @IsOptional()
-  @IsString()
-  @MaxLength(128)
-  errorCode?: string | null;
-
-  @ApiPropertyOptional({ description: 'Minimal non-PII context' })
-  @IsOptional()
-  @IsObject()
-  metadata?: Record<string, unknown> | null;
-
-  @ApiProperty({ description: 'When the action completed (UTC ISO-8601)' })
-  @IsISO8601()
-  occurredAt: string;
-}