workos 0.11.1 → 0.12.0-beta.1

package/dist/emulate/workos/routes/authorization-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-checks.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-checks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEnG;;;;GAIG;AACH,SAAS,2BAA2B,CAAC,EAAqC,EAAE,YAAoB;IAC9F,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAChE,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAElC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,iDAAiD;IACjD,MAAM,WAAW,GAAG,EAAE,CAAC,KAAK;SACzB,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,UAAU,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC;IACjG,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;QACjE,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;YAClD,IAAI,IAAI;gBAAE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,WAAW,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,4BAA4B,EAAE,YAAY,CAAC,CAAC;IAC1F,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;YAClD,IAAI,IAAI;gBAAE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAiB;IACxD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAE3B,mBAAmB;IACnB,GAAG,CAAC,IAAI,CAAC,mDAAmD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAoB,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,SAAS,GAAG,2BAA2B,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;QAChE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,oFAAoF;IACpF,GAAG,CAAC,GAAG,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE,EAAE;QACrE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEpC,MAAM,MAAM,GAAG,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC;YAC5C,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,UAAU,CAAC,eAAe;SAChE,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,CAAC;YAClD,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,yCAAyC;IACzC,GAAG,CAAC,GAAG,CAAC,8DAA8D,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5E,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAE1D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEpC,MAAM,MAAM,GAAG,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACrC,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,0BAA0B,KAAK,YAAY;SAC/D,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC;YAC3C,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,yBAAyB;IACzB,GAAG,CAAC,IAAI,CAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnF,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAiB,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,eAAe,CAAC,qBAAqB,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,UAAU,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC;YAC3C,MAAM,EAAE,iBAAiB;YACzB,0BAA0B,EAAE,YAAY;YACxC,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,yBAAyB;IACzB,GAAG,CAAC,MAAM,CAAC,4EAA4E,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7F,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAEjD,MAAM,UAAU,GAAG,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,wBAAwB,CAAC,CAAC;QAE1D,MAAM,UAAU,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,0BAA0B,KAAK,YAAY,EAAE,CAAC;YAC1E,MAAM,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACnC,CAAC;QAED,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,2BAA2B,EAAE,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRoleAssignment, formatAuthorizationResource, parseListParams } from '../helpers.js';\n\n/**\n * Gather all permission slugs for a given membership:\n * 1. From the membership's role (role.slug field)\n * 2. From any additional role assignments\n */\nfunction getPermissionsForMembership(ws: ReturnType<typeof getWorkOSStore>, membershipId: string): Set<string> {\n  const membership = ws.organizationMemberships.get(membershipId);\n  if (!membership) return new Set();\n\n  const permSlugs = new Set<string>();\n\n  // Permissions from the membership's primary role\n  const primaryRole = ws.roles\n    .findBy('slug', membership.role.slug)\n    .find((r) => r.organization_id === membership.organization_id || r.type === 'EnvironmentRole');\n  if (primaryRole) {\n    const rps = ws.rolePermissions.findBy('role_id', primaryRole.id);\n    for (const rp of rps) {\n      const perm = ws.permissions.get(rp.permission_id);\n      if (perm) permSlugs.add(perm.slug);\n    }\n  }\n\n  // Permissions from additional role assignments\n  const assignments = ws.roleAssignments.findBy('organization_membership_id', membershipId);\n  for (const assignment of assignments) {\n    const role = ws.roles.get(assignment.role_id);\n    if (!role) continue;\n    const rps = ws.rolePermissions.findBy('role_id', role.id);\n    for (const rp of rps) {\n      const perm = ws.permissions.get(rp.permission_id);\n      if (perm) permSlugs.add(perm.slug);\n    }\n  }\n\n  return permSlugs;\n}\n\nexport function authorizationCheckRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n\n  // Permission check\n  app.post('/authorization/organization_memberships/:id/check', async (c) => {\n    const ws = getWorkOSStore(store);\n    const membershipId = c.req.param('id');\n    const membership = ws.organizationMemberships.get(membershipId);\n    if (!membership) throw notFound('OrganizationMembership');\n\n    const body = await parseJsonBody(c);\n    const permission = body.permission as string;\n    if (!permission) {\n      throw validationError('permission is required', [{ field: 'permission', code: 'required' }]);\n    }\n\n    const permSlugs = getPermissionsForMembership(ws, membershipId);\n    return c.json({ authorized: permSlugs.has(permission) });\n  });\n\n  // List resources accessible to a membership (all resources in the membership's org)\n  app.get('/authorization/organization_memberships/:id/resources', (c) => {\n    const ws = getWorkOSStore(store);\n    const membershipId = c.req.param('id');\n    const membership = ws.organizationMemberships.get(membershipId);\n    if (!membership) throw notFound('OrganizationMembership');\n\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n\n    const result = ws.authorizationResources.list({\n      ...params,\n      filter: (r) => r.organization_id === membership.organization_id,\n    });\n\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatAuthorizationResource),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  // List role assignments for a membership\n  app.get('/authorization/organization_memberships/:id/role_assignments', (c) => {\n    const ws = getWorkOSStore(store);\n    const membershipId = c.req.param('id');\n    const membership = ws.organizationMemberships.get(membershipId);\n    if (!membership) throw notFound('OrganizationMembership');\n\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n\n    const result = ws.roleAssignments.list({\n      ...params,\n      filter: (ra) => ra.organization_membership_id === membershipId,\n    });\n\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatRoleAssignment),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  // Create role assignment\n  app.post('/authorization/organization_memberships/:id/role_assignments', async (c) => {\n    const ws = getWorkOSStore(store);\n    const membershipId = c.req.param('id');\n    const membership = ws.organizationMemberships.get(membershipId);\n    if (!membership) throw notFound('OrganizationMembership');\n\n    const body = await parseJsonBody(c);\n    const roleId = body.role_id as string;\n    if (!roleId) {\n      throw validationError('role_id is required', [{ field: 'role_id', code: 'required' }]);\n    }\n\n    const role = ws.roles.get(roleId);\n    if (!role) throw notFound('Role');\n\n    const assignment = ws.roleAssignments.insert({\n      object: 'role_assignment',\n      organization_membership_id: membershipId,\n      role_id: roleId,\n    });\n\n    return c.json(formatRoleAssignment(assignment), 201);\n  });\n\n  // Delete role assignment\n  app.delete('/authorization/organization_memberships/:id/role_assignments/:assignmentId', (c) => {\n    const ws = getWorkOSStore(store);\n    const membershipId = c.req.param('id');\n    const assignmentId = c.req.param('assignmentId');\n\n    const membership = ws.organizationMemberships.get(membershipId);\n    if (!membership) throw notFound('OrganizationMembership');\n\n    const assignment = ws.roleAssignments.get(assignmentId);\n    if (!assignment || assignment.organization_membership_id !== membershipId) {\n      throw notFound('RoleAssignment');\n    }\n\n    ws.roleAssignments.delete(assignmentId);\n    return c.body(null, 204);\n  });\n}\n\nexport { getPermissionsForMembership };\n"]}

package/dist/emulate/workos/routes/authorization-org-roles.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationOrgRoleRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-org-roles.js

@@ -0,0 +1,206 @@
+import { notFound, validationError, parseJsonBody } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatRole, formatPermission, parseListParams } from '../helpers.js';
+export function authorizationOrgRoleRoutes(ctx) {
+    const { app, store } = ctx;
+    app.post('/authorization/organizations/:orgId/roles', async (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const org = ws.organizations.get(orgId);
+        if (!org)
+            throw notFound('Organization');
+        const body = await parseJsonBody(c);
+        const slug = body.slug;
+        const name = body.name;
+        if (!slug || typeof slug !== 'string') {
+            throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);
+        }
+        if (!name || typeof name !== 'string') {
+            throw validationError('name is required', [{ field: 'name', code: 'required' }]);
+        }
+        // Check uniqueness within this org
+        const existing = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (existing) {
+            throw validationError('Role with this slug already exists in this organization', [
+                { field: 'slug', code: 'duplicate' },
+            ]);
+        }
+        const role = ws.roles.insert({
+            object: 'role',
+            slug,
+            name,
+            description: body.description ?? null,
+            type: 'OrganizationRole',
+            organization_id: orgId,
+            is_default_role: Boolean(body.is_default_role),
+            priority: typeof body.priority === 'number' ? body.priority : 0,
+        });
+        return c.json(formatRole(role), 201);
+    });
+    app.get('/authorization/organizations/:orgId/roles', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const result = ws.roles.list({
+            ...params,
+            filter: (r) => r.organization_id === orgId && r.type === 'OrganizationRole',
+        });
+        return c.json({
+            object: 'list',
+            data: result.data.map(formatRole),
+            list_metadata: result.list_metadata,
+        });
+    });
+    // Priority ordering — must be registered before :slug routes
+    app.put('/authorization/organizations/:orgId/roles/priority', async (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const body = await parseJsonBody(c);
+        const slugs = body.slugs;
+        if (!Array.isArray(slugs)) {
+            throw validationError('slugs must be an array', [{ field: 'slugs', code: 'invalid' }]);
+        }
+        for (let i = 0; i < slugs.length; i++) {
+            const role = ws.roles
+                .findBy('organization_id', orgId)
+                .find((r) => r.slug === slugs[i] && r.type === 'OrganizationRole');
+            if (!role)
+                throw notFound('Role');
+            ws.roles.update(role.id, { priority: i });
+        }
+        const roles = ws.roles
+            .findBy('organization_id', orgId)
+            .filter((r) => r.type === 'OrganizationRole')
+            .sort((a, b) => a.priority - b.priority);
+        return c.json({
+            object: 'list',
+            data: roles.map(formatRole),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    app.get('/authorization/organizations/:orgId/roles/:slug', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        return c.json(formatRole(role));
+    });
+    app.put('/authorization/organizations/:orgId/roles/:slug', async (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        const body = await parseJsonBody(c);
+        const updates = {};
+        if ('name' in body)
+            updates.name = body.name;
+        if ('description' in body)
+            updates.description = body.description ?? null;
+        if ('is_default_role' in body)
+            updates.is_default_role = Boolean(body.is_default_role);
+        if ('priority' in body)
+            updates.priority = body.priority;
+        const updated = ws.roles.update(role.id, updates);
+        return c.json(formatRole(updated));
+    });
+    app.delete('/authorization/organizations/:orgId/roles/:slug', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        // Cascade: remove role-permission joins and role assignments
+        const rps = ws.rolePermissions.findBy('role_id', role.id);
+        for (const rp of rps)
+            ws.rolePermissions.delete(rp.id);
+        const ras = ws.roleAssignments.findBy('role_id', role.id);
+        for (const ra of ras)
+            ws.roleAssignments.delete(ra.id);
+        ws.roles.delete(role.id);
+        return c.body(null, 204);
+    });
+    // Org role permissions
+    app.get('/authorization/organizations/:orgId/roles/:slug/permissions', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        const rps = ws.rolePermissions.findBy('role_id', role.id);
+        const permissions = rps.map((rp) => ws.permissions.get(rp.permission_id)).filter(Boolean);
+        return c.json({
+            object: 'list',
+            data: permissions.map((p) => formatPermission(p)),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    app.post('/authorization/organizations/:orgId/roles/:slug/permissions', async (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        const body = await parseJsonBody(c);
+        const permissionSlugs = body.permissions;
+        if (!Array.isArray(permissionSlugs)) {
+            throw validationError('permissions must be an array of slugs', [{ field: 'permissions', code: 'invalid' }]);
+        }
+        // Replace all
+        const existing = ws.rolePermissions.findBy('role_id', role.id);
+        for (const rp of existing)
+            ws.rolePermissions.delete(rp.id);
+        for (const permSlug of permissionSlugs) {
+            const perm = ws.permissions.findOneBy('slug', permSlug);
+            if (!perm)
+                throw notFound('Permission');
+            ws.rolePermissions.insert({ role_id: role.id, permission_id: perm.id });
+        }
+        const rps = ws.rolePermissions.findBy('role_id', role.id);
+        const permissions = rps.map((rp) => ws.permissions.get(rp.permission_id)).filter(Boolean);
+        return c.json({
+            object: 'list',
+            data: permissions.map((p) => formatPermission(p)),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    app.delete('/authorization/organizations/:orgId/roles/:slug/permissions/:permissionSlug', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const slug = c.req.param('slug');
+        const permissionSlug = c.req.param('permissionSlug');
+        const role = ws.roles
+            .findBy('organization_id', orgId)
+            .find((r) => r.slug === slug && r.type === 'OrganizationRole');
+        if (!role)
+            throw notFound('Role');
+        const perm = ws.permissions.findOneBy('slug', permissionSlug);
+        if (!perm)
+            throw notFound('Permission');
+        const rp = ws.rolePermissions.findBy('role_id', role.id).find((rp) => rp.permission_id === perm.id);
+        if (!rp)
+            throw notFound('RolePermission');
+        ws.rolePermissions.delete(rp.id);
+        return c.body(null, 204);
+    });
+}
+//# sourceMappingURL=authorization-org-roles.js.map

package/dist/emulate/workos/routes/authorization-org-roles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-org-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-org-roles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAE9E,MAAM,UAAU,0BAA0B,CAAC,GAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAE3B,GAAG,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAChE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QAEjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK;aACtB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,eAAe,CAAC,yDAAyD,EAAE;gBAC/E,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE;aACrC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;YAC3B,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,IAAI;YACJ,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAI,IAAI;YACjD,IAAI,EAAE,kBAAkB;YACxB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC;YAC9C,QAAQ,EAAE,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAChE,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,2CAA2C,EAAE,CAAC,CAAC,EAAE,EAAE;QACzD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEpC,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;YAC3B,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB;SAC5E,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,oDAAoD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAiB,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;iBAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;iBAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;YACrE,IAAI,CAAC,IAAI;gBAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK;aACnB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC;YAC3B,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,iDAAiD,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/D,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,iDAAiD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAC7C,IAAI,aAAa,IAAI,IAAI;YAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;QAC1E,IAAI,iBAAiB,IAAI,IAAI;YAAE,OAAO,CAAC,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvF,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEzD,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAQ,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,iDAAiD,EAAE,CAAC,CAAC,EAAE,EAAE;QAClE,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,6DAA6D;QAC7D,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,EAAE,IAAI,GAAG;YAAE,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,EAAE,IAAI,GAAG;YAAE,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAEvD,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzB,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,GAAG,CAAC,GAAG,CAAC,6DAA6D,EAAE,CAAC,CAAC,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE1F,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAE,CAAC,CAAC;YAClD,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClF,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,eAAe,GAAG,IAAI,CAAC,WAAuB,CAAC;QACrD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,MAAM,eAAe,CAAC,uCAAuC,EAAE,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9G,CAAC;QAED,cAAc;QACd,MAAM,QAAQ,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/D,KAAK,MAAM,EAAE,IAAI,QAAQ;YAAE,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAE5D,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,IAAI;gBAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;YACxC,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE1F,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAE,CAAC,CAAC;YAClD,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,6EAA6E,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9F,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAErD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK;aAClB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAExC,MAAM,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;QACpG,IAAI,CAAC,EAAE;YAAE,MAAM,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QAE1C,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRole, formatPermission, parseListParams } from '../helpers.js';\n\nexport function authorizationOrgRoleRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n\n  app.post('/authorization/organizations/:orgId/roles', async (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const org = ws.organizations.get(orgId);\n    if (!org) throw notFound('Organization');\n\n    const body = await parseJsonBody(c);\n    const slug = body.slug as string;\n    const name = body.name as string;\n\n    if (!slug || typeof slug !== 'string') {\n      throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);\n    }\n    if (!name || typeof name !== 'string') {\n      throw validationError('name is required', [{ field: 'name', code: 'required' }]);\n    }\n\n    // Check uniqueness within this org\n    const existing = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (existing) {\n      throw validationError('Role with this slug already exists in this organization', [\n        { field: 'slug', code: 'duplicate' },\n      ]);\n    }\n\n    const role = ws.roles.insert({\n      object: 'role',\n      slug,\n      name,\n      description: (body.description as string) ?? null,\n      type: 'OrganizationRole',\n      organization_id: orgId,\n      is_default_role: Boolean(body.is_default_role),\n      priority: typeof body.priority === 'number' ? body.priority : 0,\n    });\n\n    return c.json(formatRole(role), 201);\n  });\n\n  app.get('/authorization/organizations/:orgId/roles', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n\n    const result = ws.roles.list({\n      ...params,\n      filter: (r) => r.organization_id === orgId && r.type === 'OrganizationRole',\n    });\n\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatRole),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  // Priority ordering — must be registered before :slug routes\n  app.put('/authorization/organizations/:orgId/roles/priority', async (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const body = await parseJsonBody(c);\n    const slugs = body.slugs as string[];\n\n    if (!Array.isArray(slugs)) {\n      throw validationError('slugs must be an array', [{ field: 'slugs', code: 'invalid' }]);\n    }\n\n    for (let i = 0; i < slugs.length; i++) {\n      const role = ws.roles\n        .findBy('organization_id', orgId)\n        .find((r) => r.slug === slugs[i] && r.type === 'OrganizationRole');\n      if (!role) throw notFound('Role');\n      ws.roles.update(role.id, { priority: i });\n    }\n\n    const roles = ws.roles\n      .findBy('organization_id', orgId)\n      .filter((r) => r.type === 'OrganizationRole')\n      .sort((a, b) => a.priority - b.priority);\n\n    return c.json({\n      object: 'list',\n      data: roles.map(formatRole),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  app.get('/authorization/organizations/:orgId/roles/:slug', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n    return c.json(formatRole(role));\n  });\n\n  app.put('/authorization/organizations/:orgId/roles/:slug', async (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n\n    const body = await parseJsonBody(c);\n    const updates: Record<string, unknown> = {};\n    if ('name' in body) updates.name = body.name;\n    if ('description' in body) updates.description = body.description ?? null;\n    if ('is_default_role' in body) updates.is_default_role = Boolean(body.is_default_role);\n    if ('priority' in body) updates.priority = body.priority;\n\n    const updated = ws.roles.update(role.id, updates);\n    return c.json(formatRole(updated!));\n  });\n\n  app.delete('/authorization/organizations/:orgId/roles/:slug', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n\n    // Cascade: remove role-permission joins and role assignments\n    const rps = ws.rolePermissions.findBy('role_id', role.id);\n    for (const rp of rps) ws.rolePermissions.delete(rp.id);\n    const ras = ws.roleAssignments.findBy('role_id', role.id);\n    for (const ra of ras) ws.roleAssignments.delete(ra.id);\n\n    ws.roles.delete(role.id);\n    return c.body(null, 204);\n  });\n\n  // Org role permissions\n  app.get('/authorization/organizations/:orgId/roles/:slug/permissions', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n\n    const rps = ws.rolePermissions.findBy('role_id', role.id);\n    const permissions = rps.map((rp) => ws.permissions.get(rp.permission_id)).filter(Boolean);\n\n    return c.json({\n      object: 'list',\n      data: permissions.map((p) => formatPermission(p!)),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  app.post('/authorization/organizations/:orgId/roles/:slug/permissions', async (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n\n    const body = await parseJsonBody(c);\n    const permissionSlugs = body.permissions as string[];\n    if (!Array.isArray(permissionSlugs)) {\n      throw validationError('permissions must be an array of slugs', [{ field: 'permissions', code: 'invalid' }]);\n    }\n\n    // Replace all\n    const existing = ws.rolePermissions.findBy('role_id', role.id);\n    for (const rp of existing) ws.rolePermissions.delete(rp.id);\n\n    for (const permSlug of permissionSlugs) {\n      const perm = ws.permissions.findOneBy('slug', permSlug);\n      if (!perm) throw notFound('Permission');\n      ws.rolePermissions.insert({ role_id: role.id, permission_id: perm.id });\n    }\n\n    const rps = ws.rolePermissions.findBy('role_id', role.id);\n    const permissions = rps.map((rp) => ws.permissions.get(rp.permission_id)).filter(Boolean);\n\n    return c.json({\n      object: 'list',\n      data: permissions.map((p) => formatPermission(p!)),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  app.delete('/authorization/organizations/:orgId/roles/:slug/permissions/:permissionSlug', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const slug = c.req.param('slug');\n    const permissionSlug = c.req.param('permissionSlug');\n\n    const role = ws.roles\n      .findBy('organization_id', orgId)\n      .find((r) => r.slug === slug && r.type === 'OrganizationRole');\n    if (!role) throw notFound('Role');\n\n    const perm = ws.permissions.findOneBy('slug', permissionSlug);\n    if (!perm) throw notFound('Permission');\n\n    const rp = ws.rolePermissions.findBy('role_id', role.id).find((rp) => rp.permission_id === perm.id);\n    if (!rp) throw notFound('RolePermission');\n\n    ws.rolePermissions.delete(rp.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-permissions.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationPermissionRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-permissions.js

@@ -0,0 +1,78 @@
+import { notFound, validationError, parseJsonBody } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatPermission, parseListParams } from '../helpers.js';
+export function authorizationPermissionRoutes(ctx) {
+    const { app, store } = ctx;
+    app.post('/authorization/permissions', async (c) => {
+        const ws = getWorkOSStore(store);
+        const body = await parseJsonBody(c);
+        const slug = body.slug;
+        const name = body.name;
+        if (!slug || typeof slug !== 'string') {
+            throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);
+        }
+        if (!name || typeof name !== 'string') {
+            throw validationError('name is required', [{ field: 'name', code: 'required' }]);
+        }
+        const existing = ws.permissions.findOneBy('slug', slug);
+        if (existing) {
+            throw validationError('Permission with this slug already exists', [{ field: 'slug', code: 'duplicate' }]);
+        }
+        const permission = ws.permissions.insert({
+            object: 'permission',
+            slug,
+            name,
+            description: body.description ?? null,
+        });
+        return c.json(formatPermission(permission), 201);
+    });
+    app.get('/authorization/permissions', (c) => {
+        const ws = getWorkOSStore(store);
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const result = ws.permissions.list(params);
+        return c.json({
+            object: 'list',
+            data: result.data.map(formatPermission),
+            list_metadata: result.list_metadata,
+        });
+    });
+    app.get('/authorization/permissions/:slug', (c) => {
+        const ws = getWorkOSStore(store);
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        return c.json(formatPermission(permission));
+    });
+    app.put('/authorization/permissions/:slug', async (c) => {
+        const ws = getWorkOSStore(store);
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        const body = await parseJsonBody(c);
+        const updates = {};
+        if ('name' in body)
+            updates.name = body.name;
+        if ('description' in body)
+            updates.description = body.description ?? null;
+        const updated = ws.permissions.update(permission.id, updates);
+        return c.json(formatPermission(updated));
+    });
+    app.delete('/authorization/permissions/:slug', (c) => {
+        const ws = getWorkOSStore(store);
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        // Cascade: remove from all role-permission joins
+        const rps = ws.rolePermissions.findBy('permission_id', permission.id);
+        for (const rp of rps) {
+            ws.rolePermissions.delete(rp.id);
+        }
+        ws.permissions.delete(permission.id);
+        return c.body(null, 204);
+    });
+}
+//# sourceMappingURL=authorization-permissions.js.map

package/dist/emulate/workos/routes/authorization-permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-permissions.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAElE,MAAM,UAAU,6BAA6B,CAAC,GAAiB;IAC7D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAE3B,GAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QAEjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,eAAe,CAAC,0CAA0C,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QAC5G,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;YACvC,MAAM,EAAE,YAAY;YACpB,IAAI;YACJ,IAAI;YACJ,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAI,IAAI;SAClD,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,4BAA4B,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1C,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEpC,MAAM,MAAM,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC;YACvC,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,kCAAkC,EAAE,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC9C,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,kCAAkC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAC7C,IAAI,aAAa,IAAI,IAAI;YAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;QAE1E,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAQ,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,kCAAkC,EAAE,CAAC,CAAC,EAAE,EAAE;QACnD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE9C,iDAAiD;QACjD,MAAM,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QACtE,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatPermission, parseListParams } from '../helpers.js';\n\nexport function authorizationPermissionRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n\n  app.post('/authorization/permissions', async (c) => {\n    const ws = getWorkOSStore(store);\n    const body = await parseJsonBody(c);\n    const slug = body.slug as string;\n    const name = body.name as string;\n\n    if (!slug || typeof slug !== 'string') {\n      throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);\n    }\n    if (!name || typeof name !== 'string') {\n      throw validationError('name is required', [{ field: 'name', code: 'required' }]);\n    }\n\n    const existing = ws.permissions.findOneBy('slug', slug);\n    if (existing) {\n      throw validationError('Permission with this slug already exists', [{ field: 'slug', code: 'duplicate' }]);\n    }\n\n    const permission = ws.permissions.insert({\n      object: 'permission',\n      slug,\n      name,\n      description: (body.description as string) ?? null,\n    });\n\n    return c.json(formatPermission(permission), 201);\n  });\n\n  app.get('/authorization/permissions', (c) => {\n    const ws = getWorkOSStore(store);\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n\n    const result = ws.permissions.list(params);\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatPermission),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  app.get('/authorization/permissions/:slug', (c) => {\n    const ws = getWorkOSStore(store);\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n    return c.json(formatPermission(permission));\n  });\n\n  app.put('/authorization/permissions/:slug', async (c) => {\n    const ws = getWorkOSStore(store);\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n\n    const body = await parseJsonBody(c);\n    const updates: Record<string, unknown> = {};\n    if ('name' in body) updates.name = body.name;\n    if ('description' in body) updates.description = body.description ?? null;\n\n    const updated = ws.permissions.update(permission.id, updates);\n    return c.json(formatPermission(updated!));\n  });\n\n  app.delete('/authorization/permissions/:slug', (c) => {\n    const ws = getWorkOSStore(store);\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n\n    // Cascade: remove from all role-permission joins\n    const rps = ws.rolePermissions.findBy('permission_id', permission.id);\n    for (const rp of rps) {\n      ws.rolePermissions.delete(rp.id);\n    }\n\n    ws.permissions.delete(permission.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-resources.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationResourceRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-resources.js

@@ -0,0 +1,128 @@
+import { notFound, validationError, parseJsonBody } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatAuthorizationResource, formatMembership, parseListParams } from '../helpers.js';
+export function authorizationResourceRoutes(ctx) {
+    const { app, store } = ctx;
+    app.post('/authorization/resources', async (c) => {
+        const ws = getWorkOSStore(store);
+        const body = await parseJsonBody(c);
+        const resourceTypeSlug = body.resource_type_slug;
+        const externalId = body.external_id;
+        const organizationId = body.organization_id;
+        if (!resourceTypeSlug) {
+            throw validationError('resource_type_slug is required', [{ field: 'resource_type_slug', code: 'required' }]);
+        }
+        if (!externalId) {
+            throw validationError('external_id is required', [{ field: 'external_id', code: 'required' }]);
+        }
+        if (!organizationId) {
+            throw validationError('organization_id is required', [{ field: 'organization_id', code: 'required' }]);
+        }
+        const resource = ws.authorizationResources.insert({
+            object: 'authorization_resource',
+            resource_type_slug: resourceTypeSlug,
+            external_id: externalId,
+            organization_id: organizationId,
+            metadata: body.metadata ?? {},
+        });
+        return c.json(formatAuthorizationResource(resource), 201);
+    });
+    app.get('/authorization/resources', (c) => {
+        const ws = getWorkOSStore(store);
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const organizationId = url.searchParams.get('organization_id') ?? undefined;
+        const resourceTypeSlug = url.searchParams.get('resource_type_slug') ?? undefined;
+        const result = ws.authorizationResources.list({
+            ...params,
+            filter: (r) => {
+                if (organizationId && r.organization_id !== organizationId)
+                    return false;
+                if (resourceTypeSlug && r.resource_type_slug !== resourceTypeSlug)
+                    return false;
+                return true;
+            },
+        });
+        return c.json({
+            object: 'list',
+            data: result.data.map(formatAuthorizationResource),
+            list_metadata: result.list_metadata,
+        });
+    });
+    app.get('/authorization/resources/:resource_id', (c) => {
+        const ws = getWorkOSStore(store);
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        return c.json(formatAuthorizationResource(resource));
+    });
+    app.put('/authorization/resources/:resource_id', async (c) => {
+        const ws = getWorkOSStore(store);
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const body = await parseJsonBody(c);
+        const updates = {};
+        if ('metadata' in body)
+            updates.metadata = body.metadata;
+        const updated = ws.authorizationResources.update(resourceId, updates);
+        return c.json(formatAuthorizationResource(updated));
+    });
+    app.delete('/authorization/resources/:resource_id', (c) => {
+        const ws = getWorkOSStore(store);
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        ws.authorizationResources.delete(resourceId);
+        return c.body(null, 204);
+    });
+    // Memberships with access to a resource (by resource ID)
+    app.get('/authorization/resources/:resource_id/organization_memberships', (c) => {
+        const ws = getWorkOSStore(store);
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);
+        return c.json({
+            object: 'list',
+            data: memberships.map(formatMembership),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    // Get resource by type + external ID within an org
+    app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const typeSlug = c.req.param('type_slug');
+        const externalId = c.req.param('external_id');
+        const resource = ws.authorizationResources
+            .findBy('organization_id', orgId)
+            .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        return c.json(formatAuthorizationResource(resource));
+    });
+    // Memberships for resource by type + external ID within an org
+    app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id/organization_memberships', (c) => {
+        const ws = getWorkOSStore(store);
+        const orgId = c.req.param('orgId');
+        const typeSlug = c.req.param('type_slug');
+        const externalId = c.req.param('external_id');
+        const resource = ws.authorizationResources
+            .findBy('organization_id', orgId)
+            .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);
+        return c.json({
+            object: 'list',
+            data: memberships.map(formatMembership),
+            list_metadata: { before: null, after: null },
+        });
+    });
+}
+//# sourceMappingURL=authorization-resources.js.map

package/dist/emulate/workos/routes/authorization-resources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-resources.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-resources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAE/F,MAAM,UAAU,2BAA2B,CAAC,GAAiB;IAC3D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAE3B,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/C,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QAEpC,MAAM,gBAAgB,GAAG,IAAI,CAAC,kBAA4B,CAAC;QAC3D,MAAM,UAAU,GAAG,IAAI,CAAC,WAAqB,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAI,CAAC,eAAyB,CAAC;QAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,eAAe,CAAC,gCAAgC,EAAE,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,eAAe,CAAC,yBAAyB,EAAE,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACjG,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,eAAe,CAAC,6BAA6B,EAAE,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC;YAChD,MAAM,EAAE,wBAAwB;YAChC,kBAAkB,EAAE,gBAAgB;YACpC,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;YAC/B,QAAQ,EAAG,IAAI,CAAC,QAAmC,IAAI,EAAE;SAC1D,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,CAAC,CAAC,EAAE,EAAE;QACxC,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAC5E,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,SAAS,CAAC;QAEjF,MAAM,MAAM,GAAG,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC;YAC5C,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;gBACZ,IAAI,cAAc,IAAI,CAAC,CAAC,eAAe,KAAK,cAAc;oBAAE,OAAO,KAAK,CAAC;gBACzE,IAAI,gBAAgB,IAAI,CAAC,CAAC,kBAAkB,KAAK,gBAAgB;oBAAE,OAAO,KAAK,CAAC;gBAChF,OAAO,IAAI,CAAC;YACd,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,CAAC;YAClD,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE;QACrD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEzD,MAAM,OAAO,GAAG,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,OAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE;QACxD,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,yDAAyD;IACzD,GAAG,CAAC,GAAG,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9E,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,WAAW,GAAG,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;QACnG,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;YACvC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,mDAAmD;IACnD,GAAG,CAAC,GAAG,CAAC,uEAAuE,EAAE,CAAC,CAAC,EAAE,EAAE;QACrF,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB;aACvC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,GAAG,CAAC,GAAG,CAAC,gGAAgG,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9G,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB;aACvC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,WAAW,GAAG,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;QACnG,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;YACvC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatAuthorizationResource, formatMembership, parseListParams } from '../helpers.js';\n\nexport function authorizationResourceRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n\n  app.post('/authorization/resources', async (c) => {\n    const ws = getWorkOSStore(store);\n    const body = await parseJsonBody(c);\n\n    const resourceTypeSlug = body.resource_type_slug as string;\n    const externalId = body.external_id as string;\n    const organizationId = body.organization_id as string;\n\n    if (!resourceTypeSlug) {\n      throw validationError('resource_type_slug is required', [{ field: 'resource_type_slug', code: 'required' }]);\n    }\n    if (!externalId) {\n      throw validationError('external_id is required', [{ field: 'external_id', code: 'required' }]);\n    }\n    if (!organizationId) {\n      throw validationError('organization_id is required', [{ field: 'organization_id', code: 'required' }]);\n    }\n\n    const resource = ws.authorizationResources.insert({\n      object: 'authorization_resource',\n      resource_type_slug: resourceTypeSlug,\n      external_id: externalId,\n      organization_id: organizationId,\n      metadata: (body.metadata as Record<string, string>) ?? {},\n    });\n\n    return c.json(formatAuthorizationResource(resource), 201);\n  });\n\n  app.get('/authorization/resources', (c) => {\n    const ws = getWorkOSStore(store);\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const organizationId = url.searchParams.get('organization_id') ?? undefined;\n    const resourceTypeSlug = url.searchParams.get('resource_type_slug') ?? undefined;\n\n    const result = ws.authorizationResources.list({\n      ...params,\n      filter: (r) => {\n        if (organizationId && r.organization_id !== organizationId) return false;\n        if (resourceTypeSlug && r.resource_type_slug !== resourceTypeSlug) return false;\n        return true;\n      },\n    });\n\n    return c.json({\n      object: 'list',\n      data: result.data.map(formatAuthorizationResource),\n      list_metadata: result.list_metadata,\n    });\n  });\n\n  app.get('/authorization/resources/:resource_id', (c) => {\n    const ws = getWorkOSStore(store);\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n    return c.json(formatAuthorizationResource(resource));\n  });\n\n  app.put('/authorization/resources/:resource_id', async (c) => {\n    const ws = getWorkOSStore(store);\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const body = await parseJsonBody(c);\n    const updates: Record<string, unknown> = {};\n    if ('metadata' in body) updates.metadata = body.metadata;\n\n    const updated = ws.authorizationResources.update(resourceId, updates);\n    return c.json(formatAuthorizationResource(updated!));\n  });\n\n  app.delete('/authorization/resources/:resource_id', (c) => {\n    const ws = getWorkOSStore(store);\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    ws.authorizationResources.delete(resourceId);\n    return c.body(null, 204);\n  });\n\n  // Memberships with access to a resource (by resource ID)\n  app.get('/authorization/resources/:resource_id/organization_memberships', (c) => {\n    const ws = getWorkOSStore(store);\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);\n    return c.json({\n      object: 'list',\n      data: memberships.map(formatMembership),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  // Get resource by type + external ID within an org\n  app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const typeSlug = c.req.param('type_slug');\n    const externalId = c.req.param('external_id');\n\n    const resource = ws.authorizationResources\n      .findBy('organization_id', orgId)\n      .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);\n    if (!resource) throw notFound('AuthorizationResource');\n    return c.json(formatAuthorizationResource(resource));\n  });\n\n  // Memberships for resource by type + external ID within an org\n  app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id/organization_memberships', (c) => {\n    const ws = getWorkOSStore(store);\n    const orgId = c.req.param('orgId');\n    const typeSlug = c.req.param('type_slug');\n    const externalId = c.req.param('external_id');\n\n    const resource = ws.authorizationResources\n      .findBy('organization_id', orgId)\n      .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);\n    return c.json({\n      object: 'list',\n      data: memberships.map(formatMembership),\n      list_metadata: { before: null, after: null },\n    });\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-roles.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationRoleRoutes(ctx: RouteContext): void;