npm - workos - Versions diffs - 0.11.2 → 0.12.0 - Mend

workos 0.11.2 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +165 -6
package/dist/bin.js +22 -1
package/dist/bin.js.map +1 -1
package/dist/check-coverage.ts +237 -0
package/dist/commands/debug.js +0 -1
package/dist/commands/debug.js.map +1 -1
package/dist/commands/dev.d.ts +23 -0
package/dist/commands/dev.js +139 -0
package/dist/commands/dev.js.map +1 -0
package/dist/commands/emulate.d.ts +6 -0
package/dist/commands/emulate.js +64 -0
package/dist/commands/emulate.js.map +1 -0
package/dist/commands/login.js +0 -4
package/dist/commands/login.js.map +1 -1
package/dist/emulate/core/id.d.ts +48 -0
package/dist/emulate/core/id.js +73 -0
package/dist/emulate/core/id.js.map +1 -0
package/dist/emulate/core/index.d.ts +8 -0
package/dist/emulate/core/index.js +8 -0
package/dist/emulate/core/index.js.map +1 -0
package/dist/emulate/core/jwt.d.ts +28 -0
package/dist/emulate/core/jwt.js +78 -0
package/dist/emulate/core/jwt.js.map +1 -0
package/dist/emulate/core/middleware/auth.d.ts +15 -0
package/dist/emulate/core/middleware/auth.js +17 -0
package/dist/emulate/core/middleware/auth.js.map +1 -0
package/dist/emulate/core/middleware/error-handler.d.ts +22 -0
package/dist/emulate/core/middleware/error-handler.js +72 -0
package/dist/emulate/core/middleware/error-handler.js.map +1 -0
package/dist/emulate/core/pagination.d.ts +27 -0
package/dist/emulate/core/pagination.js +43 -0
package/dist/emulate/core/pagination.js.map +1 -0
package/dist/emulate/core/plugin.d.ts +15 -0
package/dist/emulate/core/plugin.js +2 -0
package/dist/emulate/core/plugin.js.map +1 -0
package/dist/emulate/core/server.d.ts +17 -0
package/dist/emulate/core/server.js +90 -0
package/dist/emulate/core/server.js.map +1 -0
package/dist/emulate/core/store.d.ts +44 -0
package/dist/emulate/core/store.js +169 -0
package/dist/emulate/core/store.js.map +1 -0
package/dist/emulate/index.d.ts +25 -0
package/dist/emulate/index.js +47 -0
package/dist/emulate/index.js.map +1 -0
package/dist/emulate/workos/constants.d.ts +56 -0
package/dist/emulate/workos/constants.js +56 -0
package/dist/emulate/workos/constants.js.map +1 -0
package/dist/emulate/workos/entities.d.ts +360 -0
package/dist/emulate/workos/entities.js +2 -0
package/dist/emulate/workos/entities.js.map +1 -0
package/dist/emulate/workos/event-bus.d.ts +17 -0
package/dist/emulate/workos/event-bus.js +70 -0
package/dist/emulate/workos/event-bus.js.map +1 -0
package/dist/emulate/workos/helpers.d.ts +72 -0
package/dist/emulate/workos/helpers.js +211 -0
package/dist/emulate/workos/helpers.js.map +1 -0
package/dist/emulate/workos/index.d.ts +91 -0
package/dist/emulate/workos/index.js +322 -0
package/dist/emulate/workos/index.js.map +1 -0
package/dist/emulate/workos/role-helpers.d.ts +21 -0
package/dist/emulate/workos/role-helpers.js +130 -0
package/dist/emulate/workos/role-helpers.js.map +1 -0
package/dist/emulate/workos/routes/api-keys.d.ts +2 -0
package/dist/emulate/workos/routes/api-keys.js +32 -0
package/dist/emulate/workos/routes/api-keys.js.map +1 -0
package/dist/emulate/workos/routes/audit-logs.d.ts +2 -0
package/dist/emulate/workos/routes/audit-logs.js +104 -0
package/dist/emulate/workos/routes/audit-logs.js.map +1 -0
package/dist/emulate/workos/routes/auth-challenges.d.ts +2 -0
package/dist/emulate/workos/routes/auth-challenges.js +51 -0
package/dist/emulate/workos/routes/auth-challenges.js.map +1 -0
package/dist/emulate/workos/routes/auth-factors.d.ts +2 -0
package/dist/emulate/workos/routes/auth-factors.js +51 -0
package/dist/emulate/workos/routes/auth-factors.js.map +1 -0
package/dist/emulate/workos/routes/auth.d.ts +2 -0
package/dist/emulate/workos/routes/auth.js +350 -0
package/dist/emulate/workos/routes/auth.js.map +1 -0
package/dist/emulate/workos/routes/authorization-checks.d.ts +10 -0
package/dist/emulate/workos/routes/authorization-checks.js +123 -0
package/dist/emulate/workos/routes/authorization-checks.js.map +1 -0
package/dist/emulate/workos/routes/authorization-org-roles.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-org-roles.js +64 -0
package/dist/emulate/workos/routes/authorization-org-roles.js.map +1 -0
package/dist/emulate/workos/routes/authorization-permissions.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-permissions.js +67 -0
package/dist/emulate/workos/routes/authorization-permissions.js.map +1 -0
package/dist/emulate/workos/routes/authorization-resources.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-resources.js +117 -0
package/dist/emulate/workos/routes/authorization-resources.js.map +1 -0
package/dist/emulate/workos/routes/authorization-roles.d.ts +2 -0
package/dist/emulate/workos/routes/authorization-roles.js +13 -0
package/dist/emulate/workos/routes/authorization-roles.js.map +1 -0
package/dist/emulate/workos/routes/config.d.ts +2 -0
package/dist/emulate/workos/routes/config.js +57 -0
package/dist/emulate/workos/routes/config.js.map +1 -0
package/dist/emulate/workos/routes/connect.d.ts +2 -0
package/dist/emulate/workos/routes/connect.js +65 -0
package/dist/emulate/workos/routes/connect.js.map +1 -0
package/dist/emulate/workos/routes/connections.d.ts +2 -0
package/dist/emulate/workos/routes/connections.js +73 -0
package/dist/emulate/workos/routes/connections.js.map +1 -0
package/dist/emulate/workos/routes/data-integrations.d.ts +2 -0
package/dist/emulate/workos/routes/data-integrations.js +55 -0
package/dist/emulate/workos/routes/data-integrations.js.map +1 -0
package/dist/emulate/workos/routes/directories.d.ts +2 -0
package/dist/emulate/workos/routes/directories.js +90 -0
package/dist/emulate/workos/routes/directories.js.map +1 -0
package/dist/emulate/workos/routes/email-verification.d.ts +2 -0
package/dist/emulate/workos/routes/email-verification.js +49 -0
package/dist/emulate/workos/routes/email-verification.js.map +1 -0
package/dist/emulate/workos/routes/events.d.ts +2 -0
package/dist/emulate/workos/routes/events.js +18 -0
package/dist/emulate/workos/routes/events.js.map +1 -0
package/dist/emulate/workos/routes/feature-flags.d.ts +2 -0
package/dist/emulate/workos/routes/feature-flags.js +103 -0
package/dist/emulate/workos/routes/feature-flags.js.map +1 -0
package/dist/emulate/workos/routes/invitations.d.ts +2 -0
package/dist/emulate/workos/routes/invitations.js +122 -0
package/dist/emulate/workos/routes/invitations.js.map +1 -0
package/dist/emulate/workos/routes/legacy-mfa.d.ts +2 -0
package/dist/emulate/workos/routes/legacy-mfa.js +75 -0
package/dist/emulate/workos/routes/legacy-mfa.js.map +1 -0
package/dist/emulate/workos/routes/magic-auth.d.ts +2 -0
package/dist/emulate/workos/routes/magic-auth.js +32 -0
package/dist/emulate/workos/routes/magic-auth.js.map +1 -0
package/dist/emulate/workos/routes/memberships.d.ts +2 -0
package/dist/emulate/workos/routes/memberships.js +114 -0
package/dist/emulate/workos/routes/memberships.js.map +1 -0
package/dist/emulate/workos/routes/organization-domains.d.ts +2 -0
package/dist/emulate/workos/routes/organization-domains.js +58 -0
package/dist/emulate/workos/routes/organization-domains.js.map +1 -0
package/dist/emulate/workos/routes/organizations.d.ts +2 -0
package/dist/emulate/workos/routes/organizations.js +131 -0
package/dist/emulate/workos/routes/organizations.js.map +1 -0
package/dist/emulate/workos/routes/password-reset.d.ts +2 -0
package/dist/emulate/workos/routes/password-reset.js +61 -0
package/dist/emulate/workos/routes/password-reset.js.map +1 -0
package/dist/emulate/workos/routes/pipes.d.ts +2 -0
package/dist/emulate/workos/routes/pipes.js +82 -0
package/dist/emulate/workos/routes/pipes.js.map +1 -0
package/dist/emulate/workos/routes/portal.d.ts +2 -0
package/dist/emulate/workos/routes/portal.js +18 -0
package/dist/emulate/workos/routes/portal.js.map +1 -0
package/dist/emulate/workos/routes/radar.d.ts +2 -0
package/dist/emulate/workos/routes/radar.js +41 -0
package/dist/emulate/workos/routes/radar.js.map +1 -0
package/dist/emulate/workos/routes/sessions.d.ts +2 -0
package/dist/emulate/workos/routes/sessions.js +51 -0
package/dist/emulate/workos/routes/sessions.js.map +1 -0
package/dist/emulate/workos/routes/sso.d.ts +2 -0
package/dist/emulate/workos/routes/sso.js +161 -0
package/dist/emulate/workos/routes/sso.js.map +1 -0
package/dist/emulate/workos/routes/user-features.d.ts +2 -0
package/dist/emulate/workos/routes/user-features.js +50 -0
package/dist/emulate/workos/routes/user-features.js.map +1 -0
package/dist/emulate/workos/routes/users.d.ts +2 -0
package/dist/emulate/workos/routes/users.js +129 -0
package/dist/emulate/workos/routes/users.js.map +1 -0
package/dist/emulate/workos/routes/webhook-endpoints.d.ts +2 -0
package/dist/emulate/workos/routes/webhook-endpoints.js +66 -0
package/dist/emulate/workos/routes/webhook-endpoints.js.map +1 -0
package/dist/emulate/workos/routes/widgets.d.ts +2 -0
package/dist/emulate/workos/routes/widgets.js +27 -0
package/dist/emulate/workos/routes/widgets.js.map +1 -0
package/dist/emulate/workos/store.d.ts +48 -0
package/dist/emulate/workos/store.js +102 -0
package/dist/emulate/workos/store.js.map +1 -0
package/dist/emulate/workos/webhook-signer.d.ts +1 -0
package/dist/emulate/workos/webhook-signer.js +8 -0
package/dist/emulate/workos/webhook-signer.js.map +1 -0
package/dist/gen-routes-lib.spec.ts +659 -0
package/dist/gen-routes-lib.ts +647 -0
package/dist/gen-routes.ts +96 -0
package/dist/lib/dev-command.d.ts +26 -0
package/dist/lib/dev-command.js +122 -0
package/dist/lib/dev-command.js.map +1 -0
package/dist/lib/run-with-core.js +0 -3
package/dist/lib/run-with-core.js.map +1 -1
package/dist/lib/settings.js +1 -1
package/dist/lib/settings.js.map +1 -1
package/dist/utils/help-json.js +1 -0
package/dist/utils/help-json.js.map +1 -1
package/dist/utils/register-subcommand.d.ts +5 -2
package/dist/utils/register-subcommand.js +16 -19
package/dist/utils/register-subcommand.js.map +1 -1
package/package.json +21 -8

package/README.md CHANGED Viewed

@@ -192,6 +192,164 @@ Inspects a directory's sync state, user/group counts, recent events, and detects
 workos debug-sync directory_01ABC123
 ```
+<!-- UNRELEASED: Local Development (emulator) — hidden until beta testing is complete.
+     To restore, uncomment this section and re-enable the `emulate` and `dev` commands
+     in src/bin.ts and src/utils/help-json.ts.
+### Local Development
+Test your WorkOS integration locally without hitting the live API. The emulator provides a full in-memory WorkOS API replacement with all major endpoints.
+#### `workos dev` — One command to start everything
+The fastest way to develop locally. Starts the emulator and your app together, auto-detecting your framework and injecting the right environment variables.
+```bash
+# Auto-detects framework (Next.js, Vite, Remix, SvelteKit, etc.) and dev command
+workos dev
+# Override the dev command
+workos dev -- npx vite --port 5173
+# Custom emulator port and seed data
+workos dev --port 8080 --seed workos-emulate.config.yaml
+```
+Your app receives these environment variables automatically:
+- `WORKOS_API_BASE_URL` — points to the local emulator (e.g. `http://localhost:4100`)
+- `WORKOS_API_KEY` — `sk_test_default`
+- `WORKOS_CLIENT_ID` — `client_emulate`
+#### `workos emulate` — Standalone emulator
+Run the emulator on its own for CI, test suites, or when you want manual control.
+```bash
+# Start with defaults (port 4100)
+workos emulate
+# CI-friendly: JSON output, custom port
+workos emulate --port 9100 --json
+# → {"url":"http://localhost:9100","port":9100,"apiKey":"sk_test_default","health":"http://localhost:9100/health"}
+# Pre-load seed data
+workos emulate --seed workos-emulate.config.yaml
+```
+The emulator supports `GET /health` for readiness polling and shuts down cleanly on Ctrl+C.
+#### Seed configuration
+Create a `workos-emulate.config.yaml` (auto-detected) or pass `--seed <path>`:
+```yaml
+users:
+  - email: alice@acme.com
+    first_name: Alice
+    password: test123
+    email_verified: true
+organizations:
+  - name: Acme Corp
+    domains:
+      - domain: acme.com
+        state: verified
+    memberships:
+      - user_id: <user_id>
+        role: admin
+connections:
+  - name: Acme SSO
+    organization: Acme Corp
+    connection_type: GenericSAML
+    domains: [acme.com]
+roles:
+  - slug: admin
+    name: Admin
+    permissions: [posts:read, posts:write]
+permissions:
+  - slug: posts:read
+    name: Read Posts
+  - slug: posts:write
+    name: Write Posts
+webhookEndpoints:
+  - url: http://localhost:3000/webhooks
+    events: [user.created, organization.updated]
+```
+#### Programmatic API
+Use the emulator directly in test suites without the CLI:
+```typescript
+import { createEmulator } from 'workos/emulate';
+const emulator = await createEmulator({
+  port: 0, // random available port
+  seed: {
+    users: [{ email: 'test@example.com', password: 'secret' }],
+  },
+});
+// Use emulator.url as your WORKOS_API_BASE_URL
+const res = await fetch(`${emulator.url}/user_management/users`, {
+  headers: { Authorization: 'Bearer sk_test_default' },
+});
+// Reset between tests (clears data, re-applies seed)
+emulator.reset();
+// Clean up
+await emulator.close();
+```
+#### Emulated endpoints
+The emulator covers the full WorkOS API surface (~84% of OpenAPI spec endpoints). Run `pnpm check:coverage <openapi-spec>` to see exact coverage.
+| Endpoint Group           | Routes                                                                                                                                                                 |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Organizations            | CRUD, external_id lookup, domain management                                                                                                                            |
+| Users                    | CRUD, email uniqueness, password management                                                                                                                            |
+| Organization memberships | CRUD, role assignment, deactivate/reactivate                                                                                                                           |
+| Organization domains     | CRUD, verification                                                                                                                                                     |
+| SSO connections          | CRUD, domain-based lookup                                                                                                                                              |
+| SSO flow                 | Authorize, token exchange, profile, JWKS, SSO logout                                                                                                                   |
+| AuthKit                  | OAuth authorize (login_hint, multi-user), authenticate (7 grant types incl. refresh_token, MFA TOTP, org selection, device code), PKCE, sealed sessions, impersonation |
+| Sessions                 | List, revoke, logout redirect, JWKS per client                                                                                                                         |
+| Email verification       | Send code, confirm                                                                                                                                                     |
+| Password reset           | Create token, confirm                                                                                                                                                  |
+| Magic auth               | Create code                                                                                                                                                            |
+| Auth factors             | TOTP enrollment, delete                                                                                                                                                |
+| MFA challenges           | Create challenge, verify code                                                                                                                                          |
+| Invitations              | CRUD, accept, revoke, resend, get by token                                                                                                                             |
+| Config                   | Redirect URIs, CORS origins, JWT template                                                                                                                              |
+| User features            | Authorized apps, connected accounts, data providers                                                                                                                    |
+| Widgets                  | Token generation                                                                                                                                                       |
+| Authorization (RBAC)     | Environment roles, org roles (priority ordering), permissions, role-permission management                                                                              |
+| Authorization (FGA)      | Resources CRUD, permission checks, role assignments                                                                                                                    |
+| Directory Sync           | List/get/delete directories, users, groups                                                                                                                             |
+| Audit Logs               | Actions, schemas, events, exports, org config/retention                                                                                                                |
+| Feature Flags            | List/get, enable/disable, targets, org/user evaluations                                                                                                                |
+| Connect                  | Applications CRUD, client secrets                                                                                                                                      |
+| Data Integrations        | OAuth authorize + token exchange                                                                                                                                       |
+| Radar                    | Attempts list/get, allow/deny lists                                                                                                                                    |
+| API Keys                 | Validate, delete, list by org                                                                                                                                          |
+| Portal                   | Generate admin portal links                                                                                                                                            |
+| Legacy MFA               | Enroll/get/delete factors, challenge/verify                                                                                                                            |
+| Webhook Endpoints        | CRUD with auto-generated secrets, secret masking                                                                                                                       |
+| Events                   | Paginated event stream with type filtering                                                                                                                             |
+| Event Bus                | Auto-emits events on entity CRUD via collection hooks, fire-and-forget webhook delivery with HMAC signatures                                                           |
+| Pipes                    | Connection CRUD, mock `getAccessToken()`                                                                                                                               |
+JWT tokens include `role` and `permissions` claims for org-scoped sessions. All list endpoints support cursor pagination (`before`, `after`, `limit`, `order`). Error responses match the WorkOS format (`{ message, code, errors }`).
+END UNRELEASED -->
 ### Environment Management
 ```bash
@@ -466,12 +624,13 @@ workos install --api-key sk_test_xxx --client-id client_xxx --no-commit 2>/dev/n
 ### Environment Variables
-| Variable                 | Effect                                                   |
-| ------------------------ | -------------------------------------------------------- |
-| `WORKOS_API_KEY`         | API key for management commands (bypasses stored config) |
-| `WORKOS_NO_PROMPT=1`     | Force non-interactive mode + JSON output                 |
-| `WORKOS_FORCE_TTY=1`     | Force interactive mode even when piped                   |
-| `WORKOS_TELEMETRY=false` | Disable telemetry                                        |
+| Variable                 | Effect                                                    |
+| ------------------------ | --------------------------------------------------------- |
+| `WORKOS_API_KEY`         | API key for management commands (bypasses stored config)  |
+| `WORKOS_API_BASE_URL`    | Override API base URL (set automatically by `workos dev`) |
+| `WORKOS_NO_PROMPT=1`     | Force non-interactive mode + JSON output                  |
+| `WORKOS_FORCE_TTY=1`     | Force interactive mode even when piped                    |
+| `WORKOS_TELEMETRY=false` | Disable telemetry                                         |
 ### Command Discovery

package/dist/bin.js CHANGED Viewed

@@ -159,6 +159,7 @@ const installerOptions = {
 if (!isJsonMode())
     await checkForUpdates();
 yargs(rawArgs)
+    .parserConfiguration({ 'populate--': true })
     .env('WORKOS_INSTALLER')
     .option('json', {
     type: 'boolean',
@@ -171,7 +172,7 @@ yargs(rawArgs)
     // Excluded: auth/claim/install/dashboard handle their own credential flows;
     // skills/doctor/env/debug are utility commands where the warning is unnecessary.
     const command = String(argv._?.[0] ?? '');
-    if (['auth', 'skills', 'doctor', 'env', 'claim', 'install', 'debug', 'dashboard', ''].includes(command))
+    if (['auth', 'skills', 'doctor', 'env', 'claim', 'install', 'debug', 'dashboard', 'emulate', 'dev', ''].includes(command))
         return;
     await applyInsecureStorage(argv.insecureStorage);
     await maybeWarnUnclaimed();
@@ -1215,6 +1216,26 @@ yargs(rawArgs)
     await resolveInstallCredentials(argv.apiKey, argv.installDir, argv.skipAuth, ensureAuthenticated);
     const { handleInstall } = await import('./commands/install.js');
     await handleInstall(argv);
+})
+    .command('emulate', false, // Hidden: unreleased beta feature
+(yargs) => yargs.options({
+    port: { type: 'number', default: 4100, describe: 'Port to listen on' },
+    seed: { type: 'string', describe: 'Path to seed config file (YAML or JSON)' },
+}), async (argv) => {
+    const { runEmulate } = await import('./commands/emulate.js');
+    await runEmulate({ port: argv.port, seed: argv.seed, json: argv.json });
+})
+    .command('dev', false, // Hidden: unreleased beta feature
+(yargs) => yargs.options({
+    port: { type: 'number', default: 4100, describe: 'Emulator port' },
+    seed: { type: 'string', describe: 'Path to seed config file' },
+}), async (argv) => {
+    const { runDev } = await import('./commands/dev.js');
+    await runDev({
+        port: argv.port,
+        seed: argv.seed,
+        '--': argv['--'],
+    });
 })
     .command('debug', false, (yargs) => {
     yargs.options(insecureStorageOption);