workos 0.11.1 → 0.12.0-beta.1

package/dist/emulate/workos/helpers.js

@@ -0,0 +1,518 @@
+import { randomBytes, createHash, createCipheriv } from 'node:crypto';
+import { WorkOSApiError } from '../core/index.js';
+export function formatOrganization(org, ws) {
+    const domains = ws.organizationDomains.findBy('organization_id', org.id).map(formatDomain);
+    return {
+        object: 'organization',
+        id: org.id,
+        name: org.name,
+        external_id: org.external_id,
+        metadata: org.metadata,
+        domains,
+        stripe_customer_id: org.stripe_customer_id,
+        created_at: org.created_at,
+        updated_at: org.updated_at,
+    };
+}
+export function formatDomain(domain) {
+    return {
+        object: 'organization_domain',
+        id: domain.id,
+        organization_id: domain.organization_id,
+        domain: domain.domain,
+        state: domain.state,
+        verification_strategy: domain.verification_strategy,
+        verification_token: domain.verification_token,
+        verification_prefix: domain.verification_prefix,
+        created_at: domain.created_at,
+        updated_at: domain.updated_at,
+    };
+}
+export function formatMembership(m) {
+    return {
+        object: 'organization_membership',
+        id: m.id,
+        organization_id: m.organization_id,
+        user_id: m.user_id,
+        role: m.role,
+        status: m.status,
+        external_id: m.external_id,
+        metadata: m.metadata,
+        created_at: m.created_at,
+        updated_at: m.updated_at,
+    };
+}
+export function formatUser(user) {
+    return {
+        object: 'user',
+        id: user.id,
+        email: user.email,
+        first_name: user.first_name,
+        last_name: user.last_name,
+        email_verified: user.email_verified,
+        profile_picture_url: user.profile_picture_url,
+        last_sign_in_at: user.last_sign_in_at,
+        external_id: user.external_id,
+        metadata: user.metadata,
+        locale: user.locale,
+        created_at: user.created_at,
+        updated_at: user.updated_at,
+    };
+}
+export function formatSession(s) {
+    return {
+        object: 'session',
+        id: s.id,
+        user_id: s.user_id,
+        organization_id: s.organization_id,
+        ip_address: s.ip_address,
+        user_agent: s.user_agent,
+        created_at: s.created_at,
+        updated_at: s.updated_at,
+    };
+}
+export function formatEmailVerification(ev) {
+    return {
+        object: 'email_verification',
+        id: ev.id,
+        user_id: ev.user_id,
+        email: ev.email,
+        code: ev.code,
+        expires_at: ev.expires_at,
+        created_at: ev.created_at,
+        updated_at: ev.updated_at,
+    };
+}
+export function formatPasswordReset(pr) {
+    return {
+        object: 'password_reset',
+        id: pr.id,
+        user_id: pr.user_id,
+        email: pr.email,
+        token: pr.token,
+        expires_at: pr.expires_at,
+        created_at: pr.created_at,
+        updated_at: pr.updated_at,
+    };
+}
+export function formatMagicAuth(ma) {
+    return {
+        object: 'magic_auth',
+        id: ma.id,
+        user_id: ma.user_id,
+        email: ma.email,
+        code: ma.code,
+        expires_at: ma.expires_at,
+        created_at: ma.created_at,
+        updated_at: ma.updated_at,
+    };
+}
+export function formatAuthFactor(f) {
+    return {
+        object: 'authentication_factor',
+        id: f.id,
+        user_id: f.user_id,
+        type: f.type,
+        totp: f.totp,
+        created_at: f.created_at,
+        updated_at: f.updated_at,
+    };
+}
+export function formatIdentity(i) {
+    return {
+        object: 'identity',
+        id: i.id,
+        user_id: i.user_id,
+        provider: i.provider,
+        provider_id: i.provider_id,
+        type: i.type,
+        created_at: i.created_at,
+        updated_at: i.updated_at,
+    };
+}
+export function generateVerificationToken() {
+    return randomBytes(16).toString('hex');
+}
+export function generateCode() {
+    return String(Math.floor(100000 + Math.random() * 900000));
+}
+export function hashPassword(password) {
+    return createHash('sha256').update(password).digest('hex');
+}
+export function verifyPassword(password, hash) {
+    return hashPassword(password) === hash;
+}
+export function expiresIn(minutes) {
+    return new Date(Date.now() + minutes * 60 * 1000).toISOString();
+}
+export function isExpired(expiresAt) {
+    return new Date(expiresAt).getTime() < Date.now();
+}
+export function formatConnection(conn) {
+    return {
+        object: 'connection',
+        id: conn.id,
+        organization_id: conn.organization_id,
+        connection_type: conn.connection_type,
+        name: conn.name,
+        state: conn.state,
+        domains: conn.domains,
+        created_at: conn.created_at,
+        updated_at: conn.updated_at,
+    };
+}
+export function formatSSOProfile(p) {
+    return {
+        object: 'profile',
+        id: p.id,
+        connection_id: p.connection_id,
+        connection_type: p.connection_type,
+        organization_id: p.organization_id,
+        idp_id: p.idp_id,
+        email: p.email,
+        first_name: p.first_name,
+        last_name: p.last_name,
+        groups: p.groups,
+        raw_attributes: p.raw_attributes,
+        created_at: p.created_at,
+        updated_at: p.updated_at,
+    };
+}
+export function formatPipeConnection(pc) {
+    return {
+        object: 'pipe_connection',
+        id: pc.id,
+        user_id: pc.user_id,
+        provider: pc.provider,
+        scopes: pc.scopes,
+        status: pc.status,
+        external_account_id: pc.external_account_id,
+        created_at: pc.created_at,
+        updated_at: pc.updated_at,
+    };
+}
+export function formatInvitation(inv) {
+    return {
+        object: 'invitation',
+        id: inv.id,
+        email: inv.email,
+        state: inv.state,
+        token: inv.token,
+        accept_invitation_url: inv.accept_invitation_url,
+        organization_id: inv.organization_id,
+        inviter_user_id: inv.inviter_user_id,
+        role_slug: inv.role_slug,
+        expires_at: inv.expires_at,
+        created_at: inv.created_at,
+        updated_at: inv.updated_at,
+    };
+}
+export function formatRedirectUri(r) {
+    return {
+        object: 'redirect_uri',
+        id: r.id,
+        uri: r.uri,
+        created_at: r.created_at,
+        updated_at: r.updated_at,
+    };
+}
+export function formatCorsOrigin(o) {
+    return {
+        object: 'cors_origin',
+        id: o.id,
+        origin: o.origin,
+        created_at: o.created_at,
+        updated_at: o.updated_at,
+    };
+}
+export function formatAuthorizedApplication(a) {
+    return {
+        object: 'authorized_application',
+        id: a.id,
+        user_id: a.user_id,
+        name: a.name,
+        redirect_uri: a.redirect_uri,
+        created_at: a.created_at,
+        updated_at: a.updated_at,
+    };
+}
+export function formatConnectedAccount(a) {
+    return {
+        object: 'connected_account',
+        id: a.id,
+        user_id: a.user_id,
+        provider: a.provider,
+        provider_id: a.provider_id,
+        created_at: a.created_at,
+        updated_at: a.updated_at,
+    };
+}
+export function parseListParams(url) {
+    const limit = Math.max(1, Math.min(parseInt(url.searchParams.get('limit') ?? '10'), 100));
+    const order = url.searchParams.get('order') ?? 'desc';
+    const before = url.searchParams.get('before') ?? undefined;
+    const after = url.searchParams.get('after') ?? undefined;
+    return { limit, order, before, after };
+}
+/** Allowed redirect URI hosts for the emulator's authorize endpoints. */
+const ALLOWED_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);
+/**
+ * Validate that a redirect_uri points to a localhost origin.
+ * Prevents the emulator from being used as an open redirect.
+ */
+export function assertLocalRedirectUri(uri) {
+    let parsed;
+    try {
+        parsed = new URL(uri);
+    }
+    catch {
+        throw new WorkOSApiError(400, 'Invalid redirect_uri', 'invalid_redirect_uri');
+    }
+    if (!ALLOWED_REDIRECT_HOSTS.has(parsed.hostname)) {
+        throw new WorkOSApiError(400, `redirect_uri must point to localhost, got ${parsed.hostname}`, 'invalid_redirect_uri');
+    }
+}
+export function formatAuthChallenge(c) {
+    return {
+        object: 'authentication_challenge',
+        id: c.id,
+        user_id: c.user_id,
+        factor_id: c.factor_id,
+        expires_at: c.expires_at,
+        created_at: c.created_at,
+        updated_at: c.updated_at,
+    };
+}
+export function formatRole(role) {
+    return {
+        object: 'role',
+        id: role.id,
+        slug: role.slug,
+        name: role.name,
+        description: role.description,
+        type: role.type,
+        organization_id: role.organization_id,
+        is_default_role: role.is_default_role,
+        priority: role.priority,
+        created_at: role.created_at,
+        updated_at: role.updated_at,
+    };
+}
+export function formatPermission(p) {
+    return {
+        object: 'permission',
+        id: p.id,
+        slug: p.slug,
+        name: p.name,
+        description: p.description,
+        created_at: p.created_at,
+        updated_at: p.updated_at,
+    };
+}
+export function formatAuthorizationResource(r) {
+    return {
+        object: 'authorization_resource',
+        id: r.id,
+        resource_type_slug: r.resource_type_slug,
+        external_id: r.external_id,
+        organization_id: r.organization_id,
+        metadata: r.metadata,
+        created_at: r.created_at,
+        updated_at: r.updated_at,
+    };
+}
+export function formatRoleAssignment(ra) {
+    return {
+        object: 'role_assignment',
+        id: ra.id,
+        organization_membership_id: ra.organization_membership_id,
+        role_id: ra.role_id,
+        created_at: ra.created_at,
+        updated_at: ra.updated_at,
+    };
+}
+export function formatDeviceAuthorization(d) {
+    return {
+        device_code: d.device_code,
+        user_code: d.user_code,
+        verification_uri: 'http://localhost:0/user_management/authorize/device/verify',
+        expires_in: Math.max(0, Math.floor((new Date(d.expires_at).getTime() - Date.now()) / 1000)),
+        interval: d.interval,
+    };
+}
+// --- Phase 4: CRUD Domain formatters ---
+export function formatDirectory(d) {
+    return {
+        object: 'directory',
+        id: d.id,
+        name: d.name,
+        organization_id: d.organization_id,
+        domain: d.domain,
+        type: d.type,
+        state: d.state,
+        external_key: d.external_key,
+        created_at: d.created_at,
+        updated_at: d.updated_at,
+    };
+}
+export function formatDirectoryUser(u) {
+    return {
+        object: 'directory_user',
+        id: u.id,
+        directory_id: u.directory_id,
+        organization_id: u.organization_id,
+        idp_id: u.idp_id,
+        first_name: u.first_name,
+        last_name: u.last_name,
+        email: u.email,
+        username: u.username,
+        state: u.state,
+        role: u.role,
+        custom_attributes: u.custom_attributes,
+        raw_attributes: u.raw_attributes,
+        groups: u.groups,
+        created_at: u.created_at,
+        updated_at: u.updated_at,
+    };
+}
+export function formatDirectoryGroup(g) {
+    return {
+        object: 'directory_group',
+        id: g.id,
+        directory_id: g.directory_id,
+        organization_id: g.organization_id,
+        idp_id: g.idp_id,
+        name: g.name,
+        raw_attributes: g.raw_attributes,
+        created_at: g.created_at,
+        updated_at: g.updated_at,
+    };
+}
+export function formatAuditLogAction(a) {
+    return {
+        object: 'audit_log_action',
+        id: a.id,
+        name: a.name,
+        description: a.description,
+        condition: a.condition,
+        created_at: a.created_at,
+        updated_at: a.updated_at,
+    };
+}
+export function formatAuditLogEvent(e) {
+    return {
+        object: 'audit_log_event',
+        id: e.id,
+        organization_id: e.organization_id,
+        action: e.action,
+        actor: e.actor,
+        targets: e.targets,
+        metadata: e.metadata,
+        occurred_at: e.occurred_at,
+        created_at: e.created_at,
+        updated_at: e.updated_at,
+    };
+}
+export function formatAuditLogExport(ex) {
+    return {
+        object: 'audit_log_export',
+        id: ex.id,
+        organization_id: ex.organization_id,
+        state: ex.state,
+        url: ex.url,
+        filters: ex.filters,
+        created_at: ex.created_at,
+        updated_at: ex.updated_at,
+    };
+}
+export function formatFeatureFlag(f) {
+    return {
+        object: 'feature_flag',
+        id: f.id,
+        slug: f.slug,
+        name: f.name,
+        description: f.description,
+        type: f.type,
+        default_value: f.default_value,
+        enabled: f.enabled,
+        created_at: f.created_at,
+        updated_at: f.updated_at,
+    };
+}
+export function formatConnectApplication(a) {
+    return {
+        object: 'connect_application',
+        id: a.id,
+        name: a.name,
+        redirect_uris: a.redirect_uris,
+        client_id: a.client_id,
+        logo_url: a.logo_url,
+        created_at: a.created_at,
+        updated_at: a.updated_at,
+    };
+}
+export function formatClientSecret(s) {
+    return {
+        object: 'client_secret',
+        id: s.id,
+        application_id: s.application_id,
+        last_four: s.last_four,
+        created_at: s.created_at,
+        updated_at: s.updated_at,
+    };
+}
+export function formatRadarAttempt(a) {
+    return {
+        object: 'radar_attempt',
+        id: a.id,
+        user_id: a.user_id,
+        ip_address: a.ip_address,
+        user_agent: a.user_agent,
+        verdict: a.verdict,
+        signals: a.signals,
+        created_at: a.created_at,
+        updated_at: a.updated_at,
+    };
+}
+export function formatApiKeyRecord(k) {
+    return {
+        object: 'api_key',
+        id: k.id,
+        name: k.name,
+        created_at: k.created_at,
+        updated_at: k.updated_at,
+    };
+}
+export function formatEvent(e) {
+    return {
+        object: 'event',
+        id: e.id,
+        event: e.event,
+        data: e.data,
+        environment_id: e.environment_id,
+        created_at: e.created_at,
+    };
+}
+export function formatWebhookEndpoint(ep, opts) {
+    return {
+        object: 'webhook_endpoint',
+        id: ep.id,
+        url: ep.url,
+        secret: opts?.includeSecret ? ep.secret : `${ep.secret.slice(0, 8)}****`,
+        enabled: ep.enabled,
+        events: ep.events,
+        description: ep.description,
+        created_at: ep.created_at,
+        updated_at: ep.updated_at,
+    };
+}
+export function sealSession(data, apiKey) {
+    const key = createHash('sha256').update(apiKey).digest();
+    const iv = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    const plaintext = JSON.stringify(data);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([iv, tag, encrypted]).toString('base64');
+}
+//# sourceMappingURL=helpers.js.map

package/dist/emulate/workos/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/emulate/workos/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AA0ClD,MAAM,UAAU,kBAAkB,CAAC,GAAuB,EAAE,EAAe;IACzE,MAAM,OAAO,GAAG,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,iBAAiB,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAE3F,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,OAAO;QACP,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;QAC1C,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAgC;IAC3D,OAAO;QACL,MAAM,EAAE,qBAAqB;QAC7B,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;QACnD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;QAC7C,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA+B;IAC9D,OAAO;QACL,MAAM,EAAE,yBAAyB;QACjC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;QAC7C,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,CAAgB;IAC5C,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,EAA2B;IACjE,OAAO;QACL,MAAM,EAAE,oBAAoB;QAC5B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,EAAuB;IACzD,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,EAAmB;IACjD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,IAAI,EAAE,EAAE,CAAC,IAAI;QACb,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAA6B;IAC5D,OAAO;QACL,MAAM,EAAE,uBAAuB;QAC/B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,CAAiB;IAC9C,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IAC3D,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAe;IACvC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,SAAiB;IACzC,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAsB;IACrD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,QAAQ,EAAE,EAAE,CAAC,QAAQ;QACrB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,mBAAmB,EAAE,EAAE,CAAC,mBAAmB;QAC3C,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,GAAqB;IACpD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;QAChD,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,aAAa;QACrB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO;QACL,MAAM,EAAE,wBAAwB;QAChC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,CAAyB;IAC9D,OAAO;QACL,MAAM,EAAE,mBAAmB;QAC3B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAQ;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAoB,IAAI,MAAM,CAAC;IAC1E,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACzD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,yEAAyE;AACzE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAE5E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,cAAc,CACtB,GAAG,EACH,6CAA6C,MAAM,CAAC,QAAQ,EAAE,EAC9D,sBAAsB,CACvB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAgC;IAClE,OAAO;QACL,MAAM,EAAE,0BAA0B;QAClC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO;QACL,MAAM,EAAE,MAAM;QACd,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,CAAmB;IAClD,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,CAA8B;IACxE,OAAO;QACL,MAAM,EAAE,wBAAwB;QAChC,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,kBAAkB,EAAE,CAAC,CAAC,kBAAkB;QACxC,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,0BAA0B,EAAE,EAAE,CAAC,0BAA0B;QACzD,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,CAA4B;IACpE,OAAO;QACL,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,gBAAgB,EAAE,4DAA4D;QAC9E,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC3F,QAAQ,EAAE,CAAC,CAAC,QAAQ;KACrB,CAAC;AACJ,CAAC;AAED,0CAA0C;AAE1C,MAAM,UAAU,eAAe,CAAC,CAAkB;IAChD,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;QACtC,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,CAAuB;IAC1D,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,CAAsB;IACxD,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAwB;IAC3D,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,eAAe,EAAE,EAAE,CAAC,eAAe;QACnC,KAAK,EAAE,EAAE,CAAC,KAAK;QACf,GAAG,EAAE,EAAE,CAAC,GAAG;QACX,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,CAAoB;IACpD,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,CAA2B;IAClE,OAAO;QACL,MAAM,EAAE,qBAAqB;QAC7B,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,aAAa,EAAE,CAAC,CAAC,aAAa;QAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO;QACL,MAAM,EAAE,eAAe;QACvB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAqB;IACtD,OAAO;QACL,MAAM,EAAE,eAAe;QACvB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAe;IAChD,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAc;IACxC,OAAO;QACL,MAAM,EAAE,OAAO;QACf,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,UAAU,EAAE,CAAC,CAAC,UAAU;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,EAAyB,EACzB,IAAkC;IAElC,OAAO;QACL,MAAM,EAAE,kBAAkB;QAC1B,EAAE,EAAE,EAAE,CAAC,EAAE;QACT,GAAG,EAAE,EAAE,CAAC,GAAG;QACX,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM;QACxE,OAAO,EAAE,EAAE,CAAC,OAAO;QACnB,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,WAAW,EAAE,EAAE,CAAC,WAAW;QAC3B,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU,EAAE,EAAE,CAAC,UAAU;KAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAyE,EACzE,MAAc;IAEd,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IACzD,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAChE,CAAC","sourcesContent":["import { randomBytes, createHash, createCipheriv } from 'node:crypto';\nimport { WorkOSApiError } from '../core/index.js';\nimport type { WorkOSStore } from './store.js';\nimport type {\n  WorkOSOrganization,\n  WorkOSOrganizationDomain,\n  WorkOSOrganizationMembership,\n  WorkOSUser,\n  WorkOSSession,\n  WorkOSEmailVerification,\n  WorkOSPasswordReset,\n  WorkOSMagicAuth,\n  WorkOSAuthenticationFactor,\n  WorkOSIdentity,\n  WorkOSConnection,\n  WorkOSSSOProfile,\n  WorkOSPipeConnection,\n  WorkOSInvitation,\n  WorkOSRedirectUri,\n  WorkOSCorsOrigin,\n  WorkOSAuthorizedApplication,\n  WorkOSConnectedAccount,\n  WorkOSAuthenticationChallenge,\n  WorkOSDeviceAuthorization,\n  WorkOSRole,\n  WorkOSPermission,\n  WorkOSAuthorizationResource,\n  WorkOSRoleAssignment,\n  WorkOSDirectory,\n  WorkOSDirectoryUser,\n  WorkOSDirectoryGroup,\n  WorkOSAuditLogAction,\n  WorkOSAuditLogEvent,\n  WorkOSAuditLogExport,\n  WorkOSFeatureFlag,\n  WorkOSConnectApplication,\n  WorkOSClientSecret,\n  WorkOSRadarAttempt,\n  WorkOSApiKey,\n  WorkOSEvent,\n  WorkOSWebhookEndpoint,\n} from './entities.js';\n\nexport function formatOrganization(org: WorkOSOrganization, ws: WorkOSStore): Record<string, unknown> {\n  const domains = ws.organizationDomains.findBy('organization_id', org.id).map(formatDomain);\n\n  return {\n    object: 'organization',\n    id: org.id,\n    name: org.name,\n    external_id: org.external_id,\n    metadata: org.metadata,\n    domains,\n    stripe_customer_id: org.stripe_customer_id,\n    created_at: org.created_at,\n    updated_at: org.updated_at,\n  };\n}\n\nexport function formatDomain(domain: WorkOSOrganizationDomain): Record<string, unknown> {\n  return {\n    object: 'organization_domain',\n    id: domain.id,\n    organization_id: domain.organization_id,\n    domain: domain.domain,\n    state: domain.state,\n    verification_strategy: domain.verification_strategy,\n    verification_token: domain.verification_token,\n    verification_prefix: domain.verification_prefix,\n    created_at: domain.created_at,\n    updated_at: domain.updated_at,\n  };\n}\n\nexport function formatMembership(m: WorkOSOrganizationMembership): Record<string, unknown> {\n  return {\n    object: 'organization_membership',\n    id: m.id,\n    organization_id: m.organization_id,\n    user_id: m.user_id,\n    role: m.role,\n    status: m.status,\n    external_id: m.external_id,\n    metadata: m.metadata,\n    created_at: m.created_at,\n    updated_at: m.updated_at,\n  };\n}\n\nexport function formatUser(user: WorkOSUser): Record<string, unknown> {\n  return {\n    object: 'user',\n    id: user.id,\n    email: user.email,\n    first_name: user.first_name,\n    last_name: user.last_name,\n    email_verified: user.email_verified,\n    profile_picture_url: user.profile_picture_url,\n    last_sign_in_at: user.last_sign_in_at,\n    external_id: user.external_id,\n    metadata: user.metadata,\n    locale: user.locale,\n    created_at: user.created_at,\n    updated_at: user.updated_at,\n  };\n}\n\nexport function formatSession(s: WorkOSSession): Record<string, unknown> {\n  return {\n    object: 'session',\n    id: s.id,\n    user_id: s.user_id,\n    organization_id: s.organization_id,\n    ip_address: s.ip_address,\n    user_agent: s.user_agent,\n    created_at: s.created_at,\n    updated_at: s.updated_at,\n  };\n}\n\nexport function formatEmailVerification(ev: WorkOSEmailVerification): Record<string, unknown> {\n  return {\n    object: 'email_verification',\n    id: ev.id,\n    user_id: ev.user_id,\n    email: ev.email,\n    code: ev.code,\n    expires_at: ev.expires_at,\n    created_at: ev.created_at,\n    updated_at: ev.updated_at,\n  };\n}\n\nexport function formatPasswordReset(pr: WorkOSPasswordReset): Record<string, unknown> {\n  return {\n    object: 'password_reset',\n    id: pr.id,\n    user_id: pr.user_id,\n    email: pr.email,\n    token: pr.token,\n    expires_at: pr.expires_at,\n    created_at: pr.created_at,\n    updated_at: pr.updated_at,\n  };\n}\n\nexport function formatMagicAuth(ma: WorkOSMagicAuth): Record<string, unknown> {\n  return {\n    object: 'magic_auth',\n    id: ma.id,\n    user_id: ma.user_id,\n    email: ma.email,\n    code: ma.code,\n    expires_at: ma.expires_at,\n    created_at: ma.created_at,\n    updated_at: ma.updated_at,\n  };\n}\n\nexport function formatAuthFactor(f: WorkOSAuthenticationFactor): Record<string, unknown> {\n  return {\n    object: 'authentication_factor',\n    id: f.id,\n    user_id: f.user_id,\n    type: f.type,\n    totp: f.totp,\n    created_at: f.created_at,\n    updated_at: f.updated_at,\n  };\n}\n\nexport function formatIdentity(i: WorkOSIdentity): Record<string, unknown> {\n  return {\n    object: 'identity',\n    id: i.id,\n    user_id: i.user_id,\n    provider: i.provider,\n    provider_id: i.provider_id,\n    type: i.type,\n    created_at: i.created_at,\n    updated_at: i.updated_at,\n  };\n}\n\nexport function generateVerificationToken(): string {\n  return randomBytes(16).toString('hex');\n}\n\nexport function generateCode(): string {\n  return String(Math.floor(100000 + Math.random() * 900000));\n}\n\nexport function hashPassword(password: string): string {\n  return createHash('sha256').update(password).digest('hex');\n}\n\nexport function verifyPassword(password: string, hash: string): boolean {\n  return hashPassword(password) === hash;\n}\n\nexport function expiresIn(minutes: number): string {\n  return new Date(Date.now() + minutes * 60 * 1000).toISOString();\n}\n\nexport function isExpired(expiresAt: string): boolean {\n  return new Date(expiresAt).getTime() < Date.now();\n}\n\nexport function formatConnection(conn: WorkOSConnection): Record<string, unknown> {\n  return {\n    object: 'connection',\n    id: conn.id,\n    organization_id: conn.organization_id,\n    connection_type: conn.connection_type,\n    name: conn.name,\n    state: conn.state,\n    domains: conn.domains,\n    created_at: conn.created_at,\n    updated_at: conn.updated_at,\n  };\n}\n\nexport function formatSSOProfile(p: WorkOSSSOProfile): Record<string, unknown> {\n  return {\n    object: 'profile',\n    id: p.id,\n    connection_id: p.connection_id,\n    connection_type: p.connection_type,\n    organization_id: p.organization_id,\n    idp_id: p.idp_id,\n    email: p.email,\n    first_name: p.first_name,\n    last_name: p.last_name,\n    groups: p.groups,\n    raw_attributes: p.raw_attributes,\n    created_at: p.created_at,\n    updated_at: p.updated_at,\n  };\n}\n\nexport function formatPipeConnection(pc: WorkOSPipeConnection): Record<string, unknown> {\n  return {\n    object: 'pipe_connection',\n    id: pc.id,\n    user_id: pc.user_id,\n    provider: pc.provider,\n    scopes: pc.scopes,\n    status: pc.status,\n    external_account_id: pc.external_account_id,\n    created_at: pc.created_at,\n    updated_at: pc.updated_at,\n  };\n}\n\nexport function formatInvitation(inv: WorkOSInvitation): Record<string, unknown> {\n  return {\n    object: 'invitation',\n    id: inv.id,\n    email: inv.email,\n    state: inv.state,\n    token: inv.token,\n    accept_invitation_url: inv.accept_invitation_url,\n    organization_id: inv.organization_id,\n    inviter_user_id: inv.inviter_user_id,\n    role_slug: inv.role_slug,\n    expires_at: inv.expires_at,\n    created_at: inv.created_at,\n    updated_at: inv.updated_at,\n  };\n}\n\nexport function formatRedirectUri(r: WorkOSRedirectUri): Record<string, unknown> {\n  return {\n    object: 'redirect_uri',\n    id: r.id,\n    uri: r.uri,\n    created_at: r.created_at,\n    updated_at: r.updated_at,\n  };\n}\n\nexport function formatCorsOrigin(o: WorkOSCorsOrigin): Record<string, unknown> {\n  return {\n    object: 'cors_origin',\n    id: o.id,\n    origin: o.origin,\n    created_at: o.created_at,\n    updated_at: o.updated_at,\n  };\n}\n\nexport function formatAuthorizedApplication(a: WorkOSAuthorizedApplication): Record<string, unknown> {\n  return {\n    object: 'authorized_application',\n    id: a.id,\n    user_id: a.user_id,\n    name: a.name,\n    redirect_uri: a.redirect_uri,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatConnectedAccount(a: WorkOSConnectedAccount): Record<string, unknown> {\n  return {\n    object: 'connected_account',\n    id: a.id,\n    user_id: a.user_id,\n    provider: a.provider,\n    provider_id: a.provider_id,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function parseListParams(url: URL) {\n  const limit = Math.max(1, Math.min(parseInt(url.searchParams.get('limit') ?? '10'), 100));\n  const order = (url.searchParams.get('order') as 'asc' | 'desc') ?? 'desc';\n  const before = url.searchParams.get('before') ?? undefined;\n  const after = url.searchParams.get('after') ?? undefined;\n  return { limit, order, before, after };\n}\n\n/** Allowed redirect URI hosts for the emulator's authorize endpoints. */\nconst ALLOWED_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]']);\n\n/**\n * Validate that a redirect_uri points to a localhost origin.\n * Prevents the emulator from being used as an open redirect.\n */\nexport function assertLocalRedirectUri(uri: string): void {\n  let parsed: URL;\n  try {\n    parsed = new URL(uri);\n  } catch {\n    throw new WorkOSApiError(400, 'Invalid redirect_uri', 'invalid_redirect_uri');\n  }\n  if (!ALLOWED_REDIRECT_HOSTS.has(parsed.hostname)) {\n    throw new WorkOSApiError(\n      400,\n      `redirect_uri must point to localhost, got ${parsed.hostname}`,\n      'invalid_redirect_uri',\n    );\n  }\n}\n\nexport function formatAuthChallenge(c: WorkOSAuthenticationChallenge): Record<string, unknown> {\n  return {\n    object: 'authentication_challenge',\n    id: c.id,\n    user_id: c.user_id,\n    factor_id: c.factor_id,\n    expires_at: c.expires_at,\n    created_at: c.created_at,\n    updated_at: c.updated_at,\n  };\n}\n\nexport function formatRole(role: WorkOSRole): Record<string, unknown> {\n  return {\n    object: 'role',\n    id: role.id,\n    slug: role.slug,\n    name: role.name,\n    description: role.description,\n    type: role.type,\n    organization_id: role.organization_id,\n    is_default_role: role.is_default_role,\n    priority: role.priority,\n    created_at: role.created_at,\n    updated_at: role.updated_at,\n  };\n}\n\nexport function formatPermission(p: WorkOSPermission): Record<string, unknown> {\n  return {\n    object: 'permission',\n    id: p.id,\n    slug: p.slug,\n    name: p.name,\n    description: p.description,\n    created_at: p.created_at,\n    updated_at: p.updated_at,\n  };\n}\n\nexport function formatAuthorizationResource(r: WorkOSAuthorizationResource): Record<string, unknown> {\n  return {\n    object: 'authorization_resource',\n    id: r.id,\n    resource_type_slug: r.resource_type_slug,\n    external_id: r.external_id,\n    organization_id: r.organization_id,\n    metadata: r.metadata,\n    created_at: r.created_at,\n    updated_at: r.updated_at,\n  };\n}\n\nexport function formatRoleAssignment(ra: WorkOSRoleAssignment): Record<string, unknown> {\n  return {\n    object: 'role_assignment',\n    id: ra.id,\n    organization_membership_id: ra.organization_membership_id,\n    role_id: ra.role_id,\n    created_at: ra.created_at,\n    updated_at: ra.updated_at,\n  };\n}\n\nexport function formatDeviceAuthorization(d: WorkOSDeviceAuthorization): Record<string, unknown> {\n  return {\n    device_code: d.device_code,\n    user_code: d.user_code,\n    verification_uri: 'http://localhost:0/user_management/authorize/device/verify',\n    expires_in: Math.max(0, Math.floor((new Date(d.expires_at).getTime() - Date.now()) / 1000)),\n    interval: d.interval,\n  };\n}\n\n// --- Phase 4: CRUD Domain formatters ---\n\nexport function formatDirectory(d: WorkOSDirectory): Record<string, unknown> {\n  return {\n    object: 'directory',\n    id: d.id,\n    name: d.name,\n    organization_id: d.organization_id,\n    domain: d.domain,\n    type: d.type,\n    state: d.state,\n    external_key: d.external_key,\n    created_at: d.created_at,\n    updated_at: d.updated_at,\n  };\n}\n\nexport function formatDirectoryUser(u: WorkOSDirectoryUser): Record<string, unknown> {\n  return {\n    object: 'directory_user',\n    id: u.id,\n    directory_id: u.directory_id,\n    organization_id: u.organization_id,\n    idp_id: u.idp_id,\n    first_name: u.first_name,\n    last_name: u.last_name,\n    email: u.email,\n    username: u.username,\n    state: u.state,\n    role: u.role,\n    custom_attributes: u.custom_attributes,\n    raw_attributes: u.raw_attributes,\n    groups: u.groups,\n    created_at: u.created_at,\n    updated_at: u.updated_at,\n  };\n}\n\nexport function formatDirectoryGroup(g: WorkOSDirectoryGroup): Record<string, unknown> {\n  return {\n    object: 'directory_group',\n    id: g.id,\n    directory_id: g.directory_id,\n    organization_id: g.organization_id,\n    idp_id: g.idp_id,\n    name: g.name,\n    raw_attributes: g.raw_attributes,\n    created_at: g.created_at,\n    updated_at: g.updated_at,\n  };\n}\n\nexport function formatAuditLogAction(a: WorkOSAuditLogAction): Record<string, unknown> {\n  return {\n    object: 'audit_log_action',\n    id: a.id,\n    name: a.name,\n    description: a.description,\n    condition: a.condition,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatAuditLogEvent(e: WorkOSAuditLogEvent): Record<string, unknown> {\n  return {\n    object: 'audit_log_event',\n    id: e.id,\n    organization_id: e.organization_id,\n    action: e.action,\n    actor: e.actor,\n    targets: e.targets,\n    metadata: e.metadata,\n    occurred_at: e.occurred_at,\n    created_at: e.created_at,\n    updated_at: e.updated_at,\n  };\n}\n\nexport function formatAuditLogExport(ex: WorkOSAuditLogExport): Record<string, unknown> {\n  return {\n    object: 'audit_log_export',\n    id: ex.id,\n    organization_id: ex.organization_id,\n    state: ex.state,\n    url: ex.url,\n    filters: ex.filters,\n    created_at: ex.created_at,\n    updated_at: ex.updated_at,\n  };\n}\n\nexport function formatFeatureFlag(f: WorkOSFeatureFlag): Record<string, unknown> {\n  return {\n    object: 'feature_flag',\n    id: f.id,\n    slug: f.slug,\n    name: f.name,\n    description: f.description,\n    type: f.type,\n    default_value: f.default_value,\n    enabled: f.enabled,\n    created_at: f.created_at,\n    updated_at: f.updated_at,\n  };\n}\n\nexport function formatConnectApplication(a: WorkOSConnectApplication): Record<string, unknown> {\n  return {\n    object: 'connect_application',\n    id: a.id,\n    name: a.name,\n    redirect_uris: a.redirect_uris,\n    client_id: a.client_id,\n    logo_url: a.logo_url,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatClientSecret(s: WorkOSClientSecret): Record<string, unknown> {\n  return {\n    object: 'client_secret',\n    id: s.id,\n    application_id: s.application_id,\n    last_four: s.last_four,\n    created_at: s.created_at,\n    updated_at: s.updated_at,\n  };\n}\n\nexport function formatRadarAttempt(a: WorkOSRadarAttempt): Record<string, unknown> {\n  return {\n    object: 'radar_attempt',\n    id: a.id,\n    user_id: a.user_id,\n    ip_address: a.ip_address,\n    user_agent: a.user_agent,\n    verdict: a.verdict,\n    signals: a.signals,\n    created_at: a.created_at,\n    updated_at: a.updated_at,\n  };\n}\n\nexport function formatApiKeyRecord(k: WorkOSApiKey): Record<string, unknown> {\n  return {\n    object: 'api_key',\n    id: k.id,\n    name: k.name,\n    created_at: k.created_at,\n    updated_at: k.updated_at,\n  };\n}\n\nexport function formatEvent(e: WorkOSEvent): Record<string, unknown> {\n  return {\n    object: 'event',\n    id: e.id,\n    event: e.event,\n    data: e.data,\n    environment_id: e.environment_id,\n    created_at: e.created_at,\n  };\n}\n\nexport function formatWebhookEndpoint(\n  ep: WorkOSWebhookEndpoint,\n  opts?: { includeSecret?: boolean },\n): Record<string, unknown> {\n  return {\n    object: 'webhook_endpoint',\n    id: ep.id,\n    url: ep.url,\n    secret: opts?.includeSecret ? ep.secret : `${ep.secret.slice(0, 8)}****`,\n    enabled: ep.enabled,\n    events: ep.events,\n    description: ep.description,\n    created_at: ep.created_at,\n    updated_at: ep.updated_at,\n  };\n}\n\nexport function sealSession(\n  data: { access_token: string; refresh_token: string; session_id: string },\n  apiKey: string,\n): string {\n  const key = createHash('sha256').update(apiKey).digest();\n  const iv = randomBytes(12);\n  const cipher = createCipheriv('aes-256-gcm', key, iv);\n  const plaintext = JSON.stringify(data);\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);\n  const tag = cipher.getAuthTag();\n  return Buffer.concat([iv, tag, encrypted]).toString('base64');\n}\n"]}

package/dist/emulate/workos/index.d.ts

@@ -0,0 +1,91 @@
+import type { ServicePlugin, Store } from '../core/index.js';
+import type { WorkOSConnectionType, PipeProvider, PipeConnectionStatus } from './entities.js';
+export { getWorkOSStore, type WorkOSStore } from './store.js';
+export * from './entities.js';
+export interface WorkOSSeedOrganization {
+    name: string;
+    external_id?: string;
+    metadata?: Record<string, string>;
+    domains?: Array<{
+        domain: string;
+        state?: 'verified' | 'pending';
+    }>;
+    memberships?: Array<{
+        user_id: string;
+        role?: string;
+        status?: 'active' | 'inactive' | 'pending';
+    }>;
+}
+export interface WorkOSSeedUser {
+    email: string;
+    first_name?: string;
+    last_name?: string;
+    password?: string;
+    email_verified?: boolean;
+    external_id?: string;
+    metadata?: Record<string, string>;
+    impersonator?: {
+        email: string;
+        reason: string;
+    };
+}
+export interface WorkOSSeedConnection {
+    name: string;
+    connection_type?: WorkOSConnectionType;
+    organization: string;
+    state?: 'active' | 'inactive' | 'validating';
+    domains?: string[];
+    profiles?: Array<{
+        email: string;
+        first_name?: string;
+        last_name?: string;
+        idp_id?: string;
+        groups?: string[];
+    }>;
+}
+export interface WorkOSSeedPipeConnection {
+    user_id: string;
+    provider: PipeProvider;
+    scopes: string[];
+    status?: PipeConnectionStatus;
+    external_account_id?: string;
+}
+export interface WorkOSSeedInvitation {
+    email: string;
+    organization_id?: string;
+    inviter_user_id?: string;
+    role_slug?: string;
+}
+export interface WorkOSSeedRole {
+    slug: string;
+    name: string;
+    description?: string;
+    type?: 'EnvironmentRole' | 'OrganizationRole';
+    organization_id?: string;
+    is_default_role?: boolean;
+    priority?: number;
+    permissions?: string[];
+}
+export interface WorkOSSeedPermission {
+    slug: string;
+    name: string;
+    description?: string;
+}
+export interface WorkOSSeedWebhookEndpoint {
+    url: string;
+    events?: string[];
+    enabled?: boolean;
+}
+export interface WorkOSSeedConfig {
+    organizations?: WorkOSSeedOrganization[];
+    users?: WorkOSSeedUser[];
+    connections?: WorkOSSeedConnection[];
+    pipeConnections?: WorkOSSeedPipeConnection[];
+    invitations?: WorkOSSeedInvitation[];
+    roles?: WorkOSSeedRole[];
+    permissions?: WorkOSSeedPermission[];
+    webhookEndpoints?: WorkOSSeedWebhookEndpoint[];
+}
+export declare function seedFromConfig(store: Store, _baseUrl: string, config: WorkOSSeedConfig): void;
+export declare const workosPlugin: ServicePlugin;
+export default workosPlugin;