weave-typescript 0.30.0 → 0.32.0

package/dist/weavesql/weavedb/auth_identity_sql.js

@@ -0,0 +1,1233 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deleteExpiredApplicationSessionsQuery = exports.markApplicationSessionOrganizationSessionStateQuery = exports.listApplicationSessionOrganizationSessionStatesQuery = exports.getApplicationSessionOrganizationSessionQuery = exports.upsertApplicationSessionOrganizationSessionQuery = exports.revokeApplicationSessionQuery = exports.setApplicationSessionActiveOrganizationQuery = exports.getApplicationSessionQuery = exports.createApplicationSessionQuery = exports.insertAuthAuditEventQuery = exports.endSupportAccessSessionQuery = exports.createSupportAccessSessionQuery = exports.createPlatformAdminGrantQuery = exports.listActivePlatformAdminGrantsForUserQuery = exports.listOrganizationMembersQuery = exports.listOrganizationMembershipsForUserQuery = exports.getOrganizationMembershipQuery = exports.upsertOrganizationMembershipQuery = exports.upsertOrganizationAuthLinkQuery = exports.getOrganizationAuthLinkByOrganizationIDQuery = exports.getOrganizationAuthLinkByStytchIDQuery = exports.upsertIdentityLinkQuery = exports.getIdentityLinkByStytchMemberQuery = exports.getUserProfileQuery = exports.upsertUserProfileQuery = exports.deleteOrganizationAuthDomainQuery = exports.listOrganizationAuthDomainsQuery = exports.upsertOrganizationAuthDomainQuery = exports.resolvePrimaryOrganizationAuthLinkByDomainQuery = exports.getUserPrimaryOrganizationAuthLinkQuery = exports.setUserPrimaryOrganizationQuery = exports.getUserByIDQuery = exports.createUserQuery = void 0;
+exports.createUser = createUser;
+exports.getUserByID = getUserByID;
+exports.setUserPrimaryOrganization = setUserPrimaryOrganization;
+exports.getUserPrimaryOrganizationAuthLink = getUserPrimaryOrganizationAuthLink;
+exports.resolvePrimaryOrganizationAuthLinkByDomain = resolvePrimaryOrganizationAuthLinkByDomain;
+exports.upsertOrganizationAuthDomain = upsertOrganizationAuthDomain;
+exports.listOrganizationAuthDomains = listOrganizationAuthDomains;
+exports.upsertUserProfile = upsertUserProfile;
+exports.getUserProfile = getUserProfile;
+exports.getIdentityLinkByStytchMember = getIdentityLinkByStytchMember;
+exports.upsertIdentityLink = upsertIdentityLink;
+exports.getOrganizationAuthLinkByStytchID = getOrganizationAuthLinkByStytchID;
+exports.getOrganizationAuthLinkByOrganizationID = getOrganizationAuthLinkByOrganizationID;
+exports.upsertOrganizationAuthLink = upsertOrganizationAuthLink;
+exports.upsertOrganizationMembership = upsertOrganizationMembership;
+exports.getOrganizationMembership = getOrganizationMembership;
+exports.listOrganizationMembershipsForUser = listOrganizationMembershipsForUser;
+exports.listOrganizationMembers = listOrganizationMembers;
+exports.listActivePlatformAdminGrantsForUser = listActivePlatformAdminGrantsForUser;
+exports.createPlatformAdminGrant = createPlatformAdminGrant;
+exports.createSupportAccessSession = createSupportAccessSession;
+exports.insertAuthAuditEvent = insertAuthAuditEvent;
+exports.createApplicationSession = createApplicationSession;
+exports.getApplicationSession = getApplicationSession;
+exports.setApplicationSessionActiveOrganization = setApplicationSessionActiveOrganization;
+exports.upsertApplicationSessionOrganizationSession = upsertApplicationSessionOrganizationSession;
+exports.getApplicationSessionOrganizationSession = getApplicationSessionOrganizationSession;
+exports.listApplicationSessionOrganizationSessionStates = listApplicationSessionOrganizationSessionStates;
+exports.markApplicationSessionOrganizationSessionState = markApplicationSessionOrganizationSessionState;
+exports.createUserQuery = `-- name: CreateUser :one
+INSERT INTO weave.users (status)
+VALUES ($1)
+RETURNING id, status, created_at, updated_at`;
+async function createUser(client, args) {
+    const result = await client.query({
+        text: exports.createUserQuery,
+        values: [args.status],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        status: row[1],
+        createdAt: row[2],
+        updatedAt: row[3]
+    };
+}
+exports.getUserByIDQuery = `-- name: GetUserByID :one
+SELECT id, status, created_at, updated_at
+FROM weave.users
+WHERE id = $1`;
+async function getUserByID(client, args) {
+    const result = await client.query({
+        text: exports.getUserByIDQuery,
+        values: [args.id],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        status: row[1],
+        createdAt: row[2],
+        updatedAt: row[3]
+    };
+}
+exports.setUserPrimaryOrganizationQuery = `-- name: SetUserPrimaryOrganization :one
+UPDATE weave.users
+SET
+    primary_organization_id = $1,
+    updated_at = now()
+WHERE id = $2
+RETURNING
+    id,
+    primary_organization_id,
+    status,
+    created_at,
+    updated_at`;
+async function setUserPrimaryOrganization(client, args) {
+    const result = await client.query({
+        text: exports.setUserPrimaryOrganizationQuery,
+        values: [args.organizationId, args.userId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        primaryOrganizationId: row[1],
+        status: row[2],
+        createdAt: row[3],
+        updatedAt: row[4]
+    };
+}
+exports.getUserPrimaryOrganizationAuthLinkQuery = `-- name: GetUserPrimaryOrganizationAuthLink :one
+SELECT
+    o.id AS organization_id,
+    o.slug AS organization_slug,
+    o.name AS organization_name,
+    l.stytch_organization_id,
+    l.stytch_organization_slug,
+    l.stytch_organization_kind,
+    l.allowed_domains,
+    l.auth_policy_summary,
+    l.created_at,
+    l.updated_at
+FROM weave.users AS u
+JOIN weave.organizations AS o
+  ON o.id = u.primary_organization_id
+JOIN weave.organization_auth_links AS l
+  ON l.organization_id = o.id
+WHERE u.id = $1
+  AND u.status = 'active'`;
+async function getUserPrimaryOrganizationAuthLink(client, args) {
+    const result = await client.query({
+        text: exports.getUserPrimaryOrganizationAuthLinkQuery,
+        values: [args.userId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        organizationSlug: row[1],
+        organizationName: row[2],
+        stytchOrganizationId: row[3],
+        stytchOrganizationSlug: row[4],
+        stytchOrganizationKind: row[5],
+        allowedDomains: row[6],
+        authPolicySummary: row[7],
+        createdAt: row[8],
+        updatedAt: row[9]
+    };
+}
+exports.resolvePrimaryOrganizationAuthLinkByDomainQuery = `-- name: ResolvePrimaryOrganizationAuthLinkByDomain :one
+SELECT
+    o.id AS organization_id,
+    o.slug AS organization_slug,
+    o.name AS organization_name,
+    l.stytch_organization_id,
+    l.stytch_organization_slug,
+    l.stytch_organization_kind,
+    d.domain,
+    l.allowed_domains,
+    l.auth_policy_summary,
+    l.created_at,
+    l.updated_at
+FROM weave.organization_auth_domains AS d
+JOIN weave.organization_auth_links AS l
+  ON l.organization_id = d.organization_id
+JOIN weave.organizations AS o
+  ON o.id = d.organization_id
+WHERE d.domain = lower($1)
+  AND d.is_primary_login
+  AND d.status = 'active'`;
+async function resolvePrimaryOrganizationAuthLinkByDomain(client, args) {
+    const result = await client.query({
+        text: exports.resolvePrimaryOrganizationAuthLinkByDomainQuery,
+        values: [args.domain],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        organizationSlug: row[1],
+        organizationName: row[2],
+        stytchOrganizationId: row[3],
+        stytchOrganizationSlug: row[4],
+        stytchOrganizationKind: row[5],
+        domain: row[6],
+        allowedDomains: row[7],
+        authPolicySummary: row[8],
+        createdAt: row[9],
+        updatedAt: row[10]
+    };
+}
+exports.upsertOrganizationAuthDomainQuery = `-- name: UpsertOrganizationAuthDomain :one
+INSERT INTO weave.organization_auth_domains (
+    organization_id,
+    domain,
+    is_primary_login,
+    status
+) VALUES (
+    $1,
+    lower($2),
+    $3,
+    $4
+)
+ON CONFLICT (organization_id, domain) DO UPDATE
+SET
+    is_primary_login = EXCLUDED.is_primary_login,
+    status = EXCLUDED.status,
+    updated_at = now()
+RETURNING
+    id,
+    organization_id,
+    domain,
+    is_primary_login,
+    status,
+    created_at,
+    updated_at`;
+async function upsertOrganizationAuthDomain(client, args) {
+    const result = await client.query({
+        text: exports.upsertOrganizationAuthDomainQuery,
+        values: [args.organizationId, args.domain, args.isPrimaryLogin, args.status],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        organizationId: row[1],
+        domain: row[2],
+        isPrimaryLogin: row[3],
+        status: row[4],
+        createdAt: row[5],
+        updatedAt: row[6]
+    };
+}
+exports.listOrganizationAuthDomainsQuery = `-- name: ListOrganizationAuthDomains :many
+SELECT
+    id,
+    organization_id,
+    domain,
+    is_primary_login,
+    status,
+    created_at,
+    updated_at
+FROM weave.organization_auth_domains
+WHERE organization_id = $1
+ORDER BY is_primary_login DESC, domain ASC`;
+async function listOrganizationAuthDomains(client, args) {
+    const result = await client.query({
+        text: exports.listOrganizationAuthDomainsQuery,
+        values: [args.organizationId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            organizationId: row[1],
+            domain: row[2],
+            isPrimaryLogin: row[3],
+            status: row[4],
+            createdAt: row[5],
+            updatedAt: row[6]
+        };
+    });
+}
+exports.deleteOrganizationAuthDomainQuery = `-- name: DeleteOrganizationAuthDomain :execrows
+DELETE FROM weave.organization_auth_domains
+WHERE organization_id = $1
+  AND domain = lower($2)`;
+exports.upsertUserProfileQuery = `-- name: UpsertUserProfile :one
+INSERT INTO weave.user_profiles (
+    user_id,
+    display_name,
+    job_title,
+    email,
+    avatar_url,
+    theme
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6
+)
+ON CONFLICT (user_id) DO UPDATE
+SET
+    display_name = EXCLUDED.display_name,
+    job_title = EXCLUDED.job_title,
+    email = EXCLUDED.email,
+    avatar_url = EXCLUDED.avatar_url,
+    theme = EXCLUDED.theme,
+    updated_at = now()
+RETURNING
+    user_id,
+    display_name,
+    job_title,
+    email,
+    avatar_url,
+    theme,
+    created_at,
+    updated_at`;
+async function upsertUserProfile(client, args) {
+    const result = await client.query({
+        text: exports.upsertUserProfileQuery,
+        values: [args.userId, args.displayName, args.jobTitle, args.email, args.avatarUrl, args.theme],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        userId: row[0],
+        displayName: row[1],
+        jobTitle: row[2],
+        email: row[3],
+        avatarUrl: row[4],
+        theme: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getUserProfileQuery = `-- name: GetUserProfile :one
+SELECT
+    user_id,
+    display_name,
+    job_title,
+    email,
+    avatar_url,
+    theme,
+    created_at,
+    updated_at
+FROM weave.user_profiles
+WHERE user_id = $1`;
+async function getUserProfile(client, args) {
+    const result = await client.query({
+        text: exports.getUserProfileQuery,
+        values: [args.userId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        userId: row[0],
+        displayName: row[1],
+        jobTitle: row[2],
+        email: row[3],
+        avatarUrl: row[4],
+        theme: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getIdentityLinkByStytchMemberQuery = `-- name: GetIdentityLinkByStytchMember :one
+SELECT
+    id,
+    user_id,
+    organization_id,
+    provider,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_email,
+    last_seen_at,
+    created_at,
+    updated_at
+FROM weave.identity_links
+WHERE provider = 'stytch_b2b'
+  AND stytch_organization_id = $1
+  AND stytch_member_id = $2`;
+async function getIdentityLinkByStytchMember(client, args) {
+    const result = await client.query({
+        text: exports.getIdentityLinkByStytchMemberQuery,
+        values: [args.stytchOrganizationId, args.stytchMemberId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        organizationId: row[2],
+        provider: row[3],
+        stytchOrganizationId: row[4],
+        stytchMemberId: row[5],
+        stytchMemberEmail: row[6],
+        lastSeenAt: row[7],
+        createdAt: row[8],
+        updatedAt: row[9]
+    };
+}
+exports.upsertIdentityLinkQuery = `-- name: UpsertIdentityLink :one
+INSERT INTO weave.identity_links (
+    user_id,
+    organization_id,
+    provider,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_email,
+    last_seen_at
+) VALUES (
+    $1,
+    $2,
+    'stytch_b2b',
+    $3,
+    $4,
+    $5,
+    now()
+)
+ON CONFLICT (provider, stytch_organization_id, stytch_member_id) DO UPDATE
+SET
+    user_id = EXCLUDED.user_id,
+    organization_id = EXCLUDED.organization_id,
+    stytch_member_email = EXCLUDED.stytch_member_email,
+    last_seen_at = now(),
+    updated_at = now()
+RETURNING
+    id,
+    user_id,
+    organization_id,
+    provider,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_email,
+    last_seen_at,
+    created_at,
+    updated_at`;
+async function upsertIdentityLink(client, args) {
+    const result = await client.query({
+        text: exports.upsertIdentityLinkQuery,
+        values: [args.userId, args.organizationId, args.stytchOrganizationId, args.stytchMemberId, args.stytchMemberEmail],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        organizationId: row[2],
+        provider: row[3],
+        stytchOrganizationId: row[4],
+        stytchMemberId: row[5],
+        stytchMemberEmail: row[6],
+        lastSeenAt: row[7],
+        createdAt: row[8],
+        updatedAt: row[9]
+    };
+}
+exports.getOrganizationAuthLinkByStytchIDQuery = `-- name: GetOrganizationAuthLinkByStytchID :one
+SELECT
+    organization_id,
+    stytch_organization_id,
+    stytch_organization_slug,
+    stytch_organization_kind,
+    allowed_domains,
+    auth_policy_summary,
+    created_at,
+    updated_at
+FROM weave.organization_auth_links
+WHERE stytch_organization_id = $1`;
+async function getOrganizationAuthLinkByStytchID(client, args) {
+    const result = await client.query({
+        text: exports.getOrganizationAuthLinkByStytchIDQuery,
+        values: [args.stytchOrganizationId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        stytchOrganizationId: row[1],
+        stytchOrganizationSlug: row[2],
+        stytchOrganizationKind: row[3],
+        allowedDomains: row[4],
+        authPolicySummary: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getOrganizationAuthLinkByOrganizationIDQuery = `-- name: GetOrganizationAuthLinkByOrganizationID :one
+SELECT
+    organization_id,
+    stytch_organization_id,
+    stytch_organization_slug,
+    stytch_organization_kind,
+    allowed_domains,
+    auth_policy_summary,
+    created_at,
+    updated_at
+FROM weave.organization_auth_links
+WHERE organization_id = $1`;
+async function getOrganizationAuthLinkByOrganizationID(client, args) {
+    const result = await client.query({
+        text: exports.getOrganizationAuthLinkByOrganizationIDQuery,
+        values: [args.organizationId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        stytchOrganizationId: row[1],
+        stytchOrganizationSlug: row[2],
+        stytchOrganizationKind: row[3],
+        allowedDomains: row[4],
+        authPolicySummary: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.upsertOrganizationAuthLinkQuery = `-- name: UpsertOrganizationAuthLink :one
+INSERT INTO weave.organization_auth_links (
+    organization_id,
+    stytch_organization_id,
+    stytch_organization_slug,
+    stytch_organization_kind,
+    allowed_domains,
+    auth_policy_summary
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6
+)
+ON CONFLICT (organization_id) DO UPDATE
+SET
+    stytch_organization_id = EXCLUDED.stytch_organization_id,
+    stytch_organization_slug = EXCLUDED.stytch_organization_slug,
+    stytch_organization_kind = EXCLUDED.stytch_organization_kind,
+    allowed_domains = EXCLUDED.allowed_domains,
+    auth_policy_summary = EXCLUDED.auth_policy_summary,
+    updated_at = now()
+RETURNING
+    organization_id,
+    stytch_organization_id,
+    stytch_organization_slug,
+    stytch_organization_kind,
+    allowed_domains,
+    auth_policy_summary,
+    created_at,
+    updated_at`;
+async function upsertOrganizationAuthLink(client, args) {
+    const result = await client.query({
+        text: exports.upsertOrganizationAuthLinkQuery,
+        values: [args.organizationId, args.stytchOrganizationId, args.stytchOrganizationSlug, args.stytchOrganizationKind, args.allowedDomains, args.authPolicySummary],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        stytchOrganizationId: row[1],
+        stytchOrganizationSlug: row[2],
+        stytchOrganizationKind: row[3],
+        allowedDomains: row[4],
+        authPolicySummary: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.upsertOrganizationMembershipQuery = `-- name: UpsertOrganizationMembership :one
+INSERT INTO weave.organization_memberships (
+    user_id,
+    organization_id,
+    identity_link_id,
+    status,
+    role_ids
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5
+)
+ON CONFLICT (user_id, organization_id) DO UPDATE
+SET
+    identity_link_id = EXCLUDED.identity_link_id,
+    status = EXCLUDED.status,
+    role_ids = EXCLUDED.role_ids,
+    updated_at = now()
+RETURNING
+    id,
+    user_id,
+    organization_id,
+    identity_link_id,
+    status,
+    role_ids,
+    created_at,
+    updated_at`;
+async function upsertOrganizationMembership(client, args) {
+    const result = await client.query({
+        text: exports.upsertOrganizationMembershipQuery,
+        values: [args.userId, args.organizationId, args.identityLinkId, args.status, args.roleIds],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        organizationId: row[2],
+        identityLinkId: row[3],
+        status: row[4],
+        roleIds: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getOrganizationMembershipQuery = `-- name: GetOrganizationMembership :one
+SELECT
+    id,
+    user_id,
+    organization_id,
+    identity_link_id,
+    status,
+    role_ids,
+    created_at,
+    updated_at
+FROM weave.organization_memberships
+WHERE user_id = $1
+  AND organization_id = $2`;
+async function getOrganizationMembership(client, args) {
+    const result = await client.query({
+        text: exports.getOrganizationMembershipQuery,
+        values: [args.userId, args.organizationId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        organizationId: row[2],
+        identityLinkId: row[3],
+        status: row[4],
+        roleIds: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.listOrganizationMembershipsForUserQuery = `-- name: ListOrganizationMembershipsForUser :many
+SELECT
+    id,
+    user_id,
+    organization_id,
+    identity_link_id,
+    status,
+    role_ids,
+    created_at,
+    updated_at
+FROM weave.organization_memberships
+WHERE user_id = $1
+ORDER BY created_at ASC`;
+async function listOrganizationMembershipsForUser(client, args) {
+    const result = await client.query({
+        text: exports.listOrganizationMembershipsForUserQuery,
+        values: [args.userId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            userId: row[1],
+            organizationId: row[2],
+            identityLinkId: row[3],
+            status: row[4],
+            roleIds: row[5],
+            createdAt: row[6],
+            updatedAt: row[7]
+        };
+    });
+}
+exports.listOrganizationMembersQuery = `-- name: ListOrganizationMembers :many
+SELECT
+    m.id,
+    m.user_id,
+    m.organization_id,
+    m.identity_link_id,
+    m.status,
+    m.role_ids,
+    p.display_name,
+    p.email,
+    p.avatar_url,
+    m.created_at,
+    m.updated_at
+FROM weave.organization_memberships AS m
+JOIN weave.user_profiles AS p
+  ON p.user_id = m.user_id
+WHERE m.organization_id = $1
+ORDER BY p.display_name ASC, p.email ASC`;
+async function listOrganizationMembers(client, args) {
+    const result = await client.query({
+        text: exports.listOrganizationMembersQuery,
+        values: [args.organizationId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            userId: row[1],
+            organizationId: row[2],
+            identityLinkId: row[3],
+            status: row[4],
+            roleIds: row[5],
+            displayName: row[6],
+            email: row[7],
+            avatarUrl: row[8],
+            createdAt: row[9],
+            updatedAt: row[10]
+        };
+    });
+}
+exports.listActivePlatformAdminGrantsForUserQuery = `-- name: ListActivePlatformAdminGrantsForUser :many
+SELECT
+    id,
+    user_id,
+    platform_role,
+    organization_id,
+    all_organizations,
+    allowed_actions,
+    expires_at,
+    status,
+    created_at,
+    updated_at
+FROM weave.platform_admin_grants
+WHERE user_id = $1
+  AND status = 'active'
+  AND (expires_at IS NULL OR expires_at > now())`;
+async function listActivePlatformAdminGrantsForUser(client, args) {
+    const result = await client.query({
+        text: exports.listActivePlatformAdminGrantsForUserQuery,
+        values: [args.userId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            userId: row[1],
+            platformRole: row[2],
+            organizationId: row[3],
+            allOrganizations: row[4],
+            allowedActions: row[5],
+            expiresAt: row[6],
+            status: row[7],
+            createdAt: row[8],
+            updatedAt: row[9]
+        };
+    });
+}
+exports.createPlatformAdminGrantQuery = `-- name: CreatePlatformAdminGrant :one
+INSERT INTO weave.platform_admin_grants (
+    user_id,
+    platform_role,
+    organization_id,
+    all_organizations,
+    allowed_actions,
+    expires_at,
+    status
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6,
+    $7
+)
+RETURNING
+    id,
+    user_id,
+    platform_role,
+    organization_id,
+    all_organizations,
+    allowed_actions,
+    expires_at,
+    status,
+    created_at,
+    updated_at`;
+async function createPlatformAdminGrant(client, args) {
+    const result = await client.query({
+        text: exports.createPlatformAdminGrantQuery,
+        values: [args.userId, args.platformRole, args.organizationId, args.allOrganizations, args.allowedActions, args.expiresAt, args.status],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        platformRole: row[2],
+        organizationId: row[3],
+        allOrganizations: row[4],
+        allowedActions: row[5],
+        expiresAt: row[6],
+        status: row[7],
+        createdAt: row[8],
+        updatedAt: row[9]
+    };
+}
+exports.createSupportAccessSessionQuery = `-- name: CreateSupportAccessSession :one
+INSERT INTO weave.support_access_sessions (
+    acting_user_id,
+    target_organization_id,
+    reason,
+    allowed_actions
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4
+)
+RETURNING
+    id,
+    acting_user_id,
+    target_organization_id,
+    reason,
+    allowed_actions,
+    started_at,
+    ended_at,
+    created_at`;
+async function createSupportAccessSession(client, args) {
+    const result = await client.query({
+        text: exports.createSupportAccessSessionQuery,
+        values: [args.actingUserId, args.targetOrganizationId, args.reason, args.allowedActions],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        actingUserId: row[1],
+        targetOrganizationId: row[2],
+        reason: row[3],
+        allowedActions: row[4],
+        startedAt: row[5],
+        endedAt: row[6],
+        createdAt: row[7]
+    };
+}
+exports.endSupportAccessSessionQuery = `-- name: EndSupportAccessSession :execrows
+UPDATE weave.support_access_sessions
+SET ended_at = now()
+WHERE id = $1
+  AND ended_at IS NULL`;
+exports.insertAuthAuditEventQuery = `-- name: InsertAuthAuditEvent :exec
+INSERT INTO weave.auth_audit_events (
+    organization_id,
+    acting_user_id,
+    target_user_id,
+    event_type,
+    auth_method,
+    stytch_request_id,
+    stytch_organization_id,
+    stytch_member_id,
+    support_access_session_id,
+    metadata
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6,
+    $7,
+    $8,
+    $9,
+    $10
+)`;
+async function insertAuthAuditEvent(client, args) {
+    await client.query({
+        text: exports.insertAuthAuditEventQuery,
+        values: [args.organizationId, args.actingUserId, args.targetUserId, args.eventType, args.authMethod, args.stytchRequestId, args.stytchOrganizationId, args.stytchMemberId, args.supportAccessSessionId, args.metadata],
+        rowMode: "array"
+    });
+}
+exports.createApplicationSessionQuery = `-- name: CreateApplicationSession :one
+INSERT INTO weave.application_sessions (
+    user_id,
+    active_organization_id,
+    expires_at
+) VALUES (
+    $1,
+    $2,
+    $3
+)
+RETURNING
+    id,
+    user_id,
+    active_organization_id,
+    status,
+    expires_at,
+    revoked_at,
+    created_at,
+    updated_at`;
+async function createApplicationSession(client, args) {
+    const result = await client.query({
+        text: exports.createApplicationSessionQuery,
+        values: [args.userId, args.activeOrganizationId, args.expiresAt],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        activeOrganizationId: row[2],
+        status: row[3],
+        expiresAt: row[4],
+        revokedAt: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getApplicationSessionQuery = `-- name: GetApplicationSession :one
+SELECT
+    id,
+    user_id,
+    active_organization_id,
+    status,
+    expires_at,
+    revoked_at,
+    created_at,
+    updated_at
+FROM weave.application_sessions
+WHERE id = $1`;
+async function getApplicationSession(client, args) {
+    const result = await client.query({
+        text: exports.getApplicationSessionQuery,
+        values: [args.id],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        activeOrganizationId: row[2],
+        status: row[3],
+        expiresAt: row[4],
+        revokedAt: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.setApplicationSessionActiveOrganizationQuery = `-- name: SetApplicationSessionActiveOrganization :one
+UPDATE weave.application_sessions
+SET
+    active_organization_id = $1,
+    updated_at = now()
+WHERE id = $2
+  AND status = 'active'
+RETURNING
+    id,
+    user_id,
+    active_organization_id,
+    status,
+    expires_at,
+    revoked_at,
+    created_at,
+    updated_at`;
+async function setApplicationSessionActiveOrganization(client, args) {
+    const result = await client.query({
+        text: exports.setApplicationSessionActiveOrganizationQuery,
+        values: [args.organizationId, args.id],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        userId: row[1],
+        activeOrganizationId: row[2],
+        status: row[3],
+        expiresAt: row[4],
+        revokedAt: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.revokeApplicationSessionQuery = `-- name: RevokeApplicationSession :execrows
+UPDATE weave.application_sessions
+SET
+    status = 'revoked',
+    revoked_at = now(),
+    updated_at = now()
+WHERE id = $1
+  AND status = 'active'`;
+exports.upsertApplicationSessionOrganizationSessionQuery = `-- name: UpsertApplicationSessionOrganizationSession :one
+INSERT INTO weave.application_session_organization_sessions (
+    application_session_id,
+    organization_id,
+    identity_link_id,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_session_id,
+    stytch_session_token_ciphertext,
+    auth_state,
+    expires_at,
+    last_validated_at
+) VALUES (
+    $1,
+    $2,
+    $3,
+    $4,
+    $5,
+    $6,
+    $7,
+    $8,
+    $9,
+    $10
+)
+ON CONFLICT (application_session_id, organization_id) DO UPDATE
+SET
+    identity_link_id = EXCLUDED.identity_link_id,
+    stytch_organization_id = EXCLUDED.stytch_organization_id,
+    stytch_member_id = EXCLUDED.stytch_member_id,
+    stytch_member_session_id = EXCLUDED.stytch_member_session_id,
+    stytch_session_token_ciphertext = EXCLUDED.stytch_session_token_ciphertext,
+    auth_state = EXCLUDED.auth_state,
+    expires_at = EXCLUDED.expires_at,
+    last_validated_at = EXCLUDED.last_validated_at,
+    updated_at = now()
+RETURNING
+    id,
+    application_session_id,
+    organization_id,
+    identity_link_id,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_session_id,
+    stytch_session_token_ciphertext,
+    auth_state,
+    expires_at,
+    last_validated_at,
+    created_at,
+    updated_at`;
+async function upsertApplicationSessionOrganizationSession(client, args) {
+    const result = await client.query({
+        text: exports.upsertApplicationSessionOrganizationSessionQuery,
+        values: [args.applicationSessionId, args.organizationId, args.identityLinkId, args.stytchOrganizationId, args.stytchMemberId, args.stytchMemberSessionId, args.stytchSessionTokenCiphertext, args.authState, args.expiresAt, args.lastValidatedAt],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        applicationSessionId: row[1],
+        organizationId: row[2],
+        identityLinkId: row[3],
+        stytchOrganizationId: row[4],
+        stytchMemberId: row[5],
+        stytchMemberSessionId: row[6],
+        stytchSessionTokenCiphertext: row[7],
+        authState: row[8],
+        expiresAt: row[9],
+        lastValidatedAt: row[10],
+        createdAt: row[11],
+        updatedAt: row[12]
+    };
+}
+exports.getApplicationSessionOrganizationSessionQuery = `-- name: GetApplicationSessionOrganizationSession :one
+SELECT
+    id,
+    application_session_id,
+    organization_id,
+    identity_link_id,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_session_id,
+    stytch_session_token_ciphertext,
+    auth_state,
+    expires_at,
+    last_validated_at,
+    created_at,
+    updated_at
+FROM weave.application_session_organization_sessions
+WHERE application_session_id = $1
+  AND organization_id = $2`;
+async function getApplicationSessionOrganizationSession(client, args) {
+    const result = await client.query({
+        text: exports.getApplicationSessionOrganizationSessionQuery,
+        values: [args.applicationSessionId, args.organizationId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        applicationSessionId: row[1],
+        organizationId: row[2],
+        identityLinkId: row[3],
+        stytchOrganizationId: row[4],
+        stytchMemberId: row[5],
+        stytchMemberSessionId: row[6],
+        stytchSessionTokenCiphertext: row[7],
+        authState: row[8],
+        expiresAt: row[9],
+        lastValidatedAt: row[10],
+        createdAt: row[11],
+        updatedAt: row[12]
+    };
+}
+exports.listApplicationSessionOrganizationSessionStatesQuery = `-- name: ListApplicationSessionOrganizationSessionStates :many
+SELECT
+    s.id,
+    s.application_session_id,
+    s.organization_id,
+    o.slug AS organization_slug,
+    o.name AS organization_name,
+    s.identity_link_id,
+    s.stytch_organization_id,
+    s.stytch_member_id,
+    s.stytch_member_session_id,
+    s.auth_state,
+    s.expires_at,
+    s.last_validated_at,
+    s.created_at,
+    s.updated_at
+FROM weave.application_session_organization_sessions AS s
+JOIN weave.organizations AS o
+  ON o.id = s.organization_id
+WHERE s.application_session_id = $1
+ORDER BY o.slug ASC`;
+async function listApplicationSessionOrganizationSessionStates(client, args) {
+    const result = await client.query({
+        text: exports.listApplicationSessionOrganizationSessionStatesQuery,
+        values: [args.applicationSessionId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            applicationSessionId: row[1],
+            organizationId: row[2],
+            organizationSlug: row[3],
+            organizationName: row[4],
+            identityLinkId: row[5],
+            stytchOrganizationId: row[6],
+            stytchMemberId: row[7],
+            stytchMemberSessionId: row[8],
+            authState: row[9],
+            expiresAt: row[10],
+            lastValidatedAt: row[11],
+            createdAt: row[12],
+            updatedAt: row[13]
+        };
+    });
+}
+exports.markApplicationSessionOrganizationSessionStateQuery = `-- name: MarkApplicationSessionOrganizationSessionState :one
+UPDATE weave.application_session_organization_sessions
+SET
+    auth_state = $1,
+    last_validated_at = now(),
+    updated_at = now()
+WHERE application_session_id = $2
+  AND organization_id = $3
+RETURNING
+    id,
+    application_session_id,
+    organization_id,
+    identity_link_id,
+    stytch_organization_id,
+    stytch_member_id,
+    stytch_member_session_id,
+    stytch_session_token_ciphertext,
+    auth_state,
+    expires_at,
+    last_validated_at,
+    created_at,
+    updated_at`;
+async function markApplicationSessionOrganizationSessionState(client, args) {
+    const result = await client.query({
+        text: exports.markApplicationSessionOrganizationSessionStateQuery,
+        values: [args.authState, args.applicationSessionId, args.organizationId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        applicationSessionId: row[1],
+        organizationId: row[2],
+        identityLinkId: row[3],
+        stytchOrganizationId: row[4],
+        stytchMemberId: row[5],
+        stytchMemberSessionId: row[6],
+        stytchSessionTokenCiphertext: row[7],
+        authState: row[8],
+        expiresAt: row[9],
+        lastValidatedAt: row[10],
+        createdAt: row[11],
+        updatedAt: row[12]
+    };
+}
+exports.deleteExpiredApplicationSessionsQuery = `-- name: DeleteExpiredApplicationSessions :execrows
+DELETE FROM weave.application_sessions
+WHERE expires_at <= now()
+   OR status IN ('revoked', 'expired')`;