workos 0.11.2 → 0.12.0

package/dist/emulate/workos/routes/authorization-org-roles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-org-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-org-roles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,0BAA0B,CAAC,GAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAE3D,6DAA6D;IAC7D,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAiB,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,eAAe,CAAC,wBAAwB,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;QAED,8CAA8C;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QACxG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI;gBAAE,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK;aACrB,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YAC7B,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrF,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC;QACtE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,kBAAkB;QACrG,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAClE,gBAAgB,EAAE,yDAAyD;QAC3E,oBAAoB,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YAC9B,MAAM,GAAG,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,IAAI,CAAC,GAAG;gBAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC3C,CAAC;KACF,CAAC,CAAC;IAEH,mDAAmD;IACnD,GAAG,CAAC,MAAM,CAAC,GAAG,MAAM,oCAAoC,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QAE3E,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAExC,MAAM,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;QACpG,IAAI,CAAC,EAAE;YAAE,MAAM,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QAE1C,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRole } from '../helpers.js';\nimport { findOrgRole, requireOrgRole, registerRoleRoutes } from '../role-helpers.js';\n\nexport function authorizationOrgRoleRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n  const prefix = '/authorization/organizations/:orgId/roles';\n\n  // Priority ordering — must be registered before :slug routes\n  app.put(`${prefix}/priority`, async (c) => {\n    const orgId = c.req.param('orgId');\n    const body = await parseJsonBody(c);\n    const slugs = body.slugs as string[];\n\n    if (!Array.isArray(slugs)) {\n      throw validationError('slugs must be an array', [{ field: 'slugs', code: 'invalid' }]);\n    }\n\n    // Fetch once, build slug map for O(1) lookups\n    const orgRoles = ws.roles.findBy('organization_id', orgId).filter((r) => r.type === 'OrganizationRole');\n    const rolesBySlug = new Map(orgRoles.map((r) => [r.slug, r]));\n\n    for (let i = 0; i < slugs.length; i++) {\n      const role = rolesBySlug.get(slugs[i]!);\n      if (!role) throw notFound('Role');\n      ws.roles.update(role.id, { priority: i });\n    }\n\n    // Re-fetch for updated priority values\n    const updated = ws.roles\n      .findBy('organization_id', orgId)\n      .filter((r) => r.type === 'OrganizationRole')\n      .sort((a, b) => a.priority - b.priority);\n\n    return c.json({\n      object: 'list',\n      data: updated.map(formatRole),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  registerRoleRoutes(ctx, {\n    pathPrefix: prefix,\n    roleType: 'OrganizationRole',\n    requireRole: (ws, c) => requireOrgRole(ws, c.req.param('orgId'), c.req.param('slug')),\n    findRole: (ws, c, slug) => findOrgRole(ws, c.req.param('orgId'), slug),\n    listFilter: (c) => (r) => r.organization_id === c.req.param('orgId') && r.type === 'OrganizationRole',\n    insertDefaults: (c) => ({ organization_id: c.req.param('orgId') }),\n    duplicateMessage: 'Role with this slug already exists in this organization',\n    validateBeforeCreate: (ws, c) => {\n      const org = ws.organizations.get(c.req.param('orgId'));\n      if (!org) throw notFound('Organization');\n    },\n  });\n\n  // Org-specific: delete single permission from role\n  app.delete(`${prefix}/:slug/permissions/:permissionSlug`, (c) => {\n    const role = requireOrgRole(ws, c.req.param('orgId'), c.req.param('slug'));\n\n    const perm = ws.permissions.findOneBy('slug', c.req.param('permissionSlug'));\n    if (!perm) throw notFound('Permission');\n\n    const rp = ws.rolePermissions.findBy('role_id', role.id).find((rp) => rp.permission_id === perm.id);\n    if (!rp) throw notFound('RolePermission');\n\n    ws.rolePermissions.delete(rp.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-permissions.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationPermissionRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-permissions.js

@@ -0,0 +1,67 @@
+import { notFound, validationError, parseJsonBody, parseListParams } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatPermission, formatListResponse } from '../helpers.js';
+export function authorizationPermissionRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.post('/authorization/permissions', async (c) => {
+        const body = await parseJsonBody(c);
+        const slug = body.slug;
+        const name = body.name;
+        if (!slug || typeof slug !== 'string') {
+            throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);
+        }
+        if (!name || typeof name !== 'string') {
+            throw validationError('name is required', [{ field: 'name', code: 'required' }]);
+        }
+        const existing = ws.permissions.findOneBy('slug', slug);
+        if (existing) {
+            throw validationError('Permission with this slug already exists', [{ field: 'slug', code: 'duplicate' }]);
+        }
+        const permission = ws.permissions.insert({
+            object: 'permission',
+            slug,
+            name,
+            description: body.description ?? null,
+        });
+        return c.json(formatPermission(permission), 201);
+    });
+    app.get('/authorization/permissions', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const result = ws.permissions.list(params);
+        return c.json(formatListResponse(result, formatPermission));
+    });
+    app.get('/authorization/permissions/:slug', (c) => {
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        return c.json(formatPermission(permission));
+    });
+    app.put('/authorization/permissions/:slug', async (c) => {
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        const body = await parseJsonBody(c);
+        const updates = {};
+        if ('name' in body)
+            updates.name = body.name;
+        if ('description' in body)
+            updates.description = body.description ?? null;
+        const updated = ws.permissions.update(permission.id, updates);
+        return c.json(formatPermission(updated));
+    });
+    app.delete('/authorization/permissions/:slug', (c) => {
+        const slug = c.req.param('slug');
+        const permission = ws.permissions.findOneBy('slug', slug);
+        if (!permission)
+            throw notFound('Permission');
+        // Cascade: remove from all role-permission joins
+        ws.rolePermissions.deleteBy('permission_id', permission.id);
+        ws.permissions.delete(permission.id);
+        return c.body(null, 204);
+    });
+}
+//# sourceMappingURL=authorization-permissions.js.map

package/dist/emulate/workos/routes/authorization-permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-permissions.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACnH,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAErE,MAAM,UAAU,6BAA6B,CAAC,GAAiB;IAC7D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QAEjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,eAAe,CAAC,0CAA0C,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QAC5G,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;YACvC,MAAM,EAAE,YAAY;YACpB,IAAI;YACJ,IAAI;YACJ,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAI,IAAI;SAClD,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,4BAA4B,EAAE,CAAC,CAAC,EAAE,EAAE;QAC1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEpC,MAAM,MAAM,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,kCAAkC,EAAE,CAAC,CAAC,EAAE,EAAE;QAChD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC9C,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,kCAAkC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,MAAM,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAC7C,IAAI,aAAa,IAAI,IAAI;YAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;QAE1E,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAQ,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,kCAAkC,EAAE,CAAC,CAAC,EAAE,EAAE;QACnD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAE9C,iDAAiD;QACjD,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAE5D,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody, parseListParams } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatPermission, formatListResponse } from '../helpers.js';\n\nexport function authorizationPermissionRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.post('/authorization/permissions', async (c) => {\n    const body = await parseJsonBody(c);\n    const slug = body.slug as string;\n    const name = body.name as string;\n\n    if (!slug || typeof slug !== 'string') {\n      throw validationError('slug is required', [{ field: 'slug', code: 'required' }]);\n    }\n    if (!name || typeof name !== 'string') {\n      throw validationError('name is required', [{ field: 'name', code: 'required' }]);\n    }\n\n    const existing = ws.permissions.findOneBy('slug', slug);\n    if (existing) {\n      throw validationError('Permission with this slug already exists', [{ field: 'slug', code: 'duplicate' }]);\n    }\n\n    const permission = ws.permissions.insert({\n      object: 'permission',\n      slug,\n      name,\n      description: (body.description as string) ?? null,\n    });\n\n    return c.json(formatPermission(permission), 201);\n  });\n\n  app.get('/authorization/permissions', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n\n    const result = ws.permissions.list(params);\n    return c.json(formatListResponse(result, formatPermission));\n  });\n\n  app.get('/authorization/permissions/:slug', (c) => {\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n    return c.json(formatPermission(permission));\n  });\n\n  app.put('/authorization/permissions/:slug', async (c) => {\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n\n    const body = await parseJsonBody(c);\n    const updates: Record<string, unknown> = {};\n    if ('name' in body) updates.name = body.name;\n    if ('description' in body) updates.description = body.description ?? null;\n\n    const updated = ws.permissions.update(permission.id, updates);\n    return c.json(formatPermission(updated!));\n  });\n\n  app.delete('/authorization/permissions/:slug', (c) => {\n    const slug = c.req.param('slug');\n    const permission = ws.permissions.findOneBy('slug', slug);\n    if (!permission) throw notFound('Permission');\n\n    // Cascade: remove from all role-permission joins\n    ws.rolePermissions.deleteBy('permission_id', permission.id);\n\n    ws.permissions.delete(permission.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-resources.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function authorizationResourceRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-resources.js

@@ -0,0 +1,117 @@
+import { notFound, validationError, parseJsonBody, parseListParams } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatAuthorizationResource, formatMembership, formatListResponse } from '../helpers.js';
+export function authorizationResourceRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.post('/authorization/resources', async (c) => {
+        const body = await parseJsonBody(c);
+        const resourceTypeSlug = body.resource_type_slug;
+        const externalId = body.external_id;
+        const organizationId = body.organization_id;
+        if (!resourceTypeSlug) {
+            throw validationError('resource_type_slug is required', [{ field: 'resource_type_slug', code: 'required' }]);
+        }
+        if (!externalId) {
+            throw validationError('external_id is required', [{ field: 'external_id', code: 'required' }]);
+        }
+        if (!organizationId) {
+            throw validationError('organization_id is required', [{ field: 'organization_id', code: 'required' }]);
+        }
+        const resource = ws.authorizationResources.insert({
+            object: 'authorization_resource',
+            resource_type_slug: resourceTypeSlug,
+            external_id: externalId,
+            organization_id: organizationId,
+            metadata: body.metadata ?? {},
+        });
+        return c.json(formatAuthorizationResource(resource), 201);
+    });
+    app.get('/authorization/resources', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const organizationId = url.searchParams.get('organization_id') ?? undefined;
+        const resourceTypeSlug = url.searchParams.get('resource_type_slug') ?? undefined;
+        const result = ws.authorizationResources.list({
+            ...params,
+            filter: (r) => {
+                if (organizationId && r.organization_id !== organizationId)
+                    return false;
+                if (resourceTypeSlug && r.resource_type_slug !== resourceTypeSlug)
+                    return false;
+                return true;
+            },
+        });
+        return c.json(formatListResponse(result, formatAuthorizationResource));
+    });
+    app.get('/authorization/resources/:resource_id', (c) => {
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        return c.json(formatAuthorizationResource(resource));
+    });
+    app.put('/authorization/resources/:resource_id', async (c) => {
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const body = await parseJsonBody(c);
+        const updates = {};
+        if ('metadata' in body)
+            updates.metadata = body.metadata;
+        const updated = ws.authorizationResources.update(resourceId, updates);
+        return c.json(formatAuthorizationResource(updated));
+    });
+    app.delete('/authorization/resources/:resource_id', (c) => {
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        ws.authorizationResources.delete(resourceId);
+        return c.body(null, 204);
+    });
+    // Memberships with access to a resource (by resource ID)
+    app.get('/authorization/resources/:resource_id/organization_memberships', (c) => {
+        const resourceId = c.req.param('resource_id');
+        const resource = ws.authorizationResources.get(resourceId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);
+        return c.json({
+            object: 'list',
+            data: memberships.map(formatMembership),
+            list_metadata: { before: null, after: null },
+        });
+    });
+    // Get resource by type + external ID within an org
+    app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id', (c) => {
+        const orgId = c.req.param('orgId');
+        const typeSlug = c.req.param('type_slug');
+        const externalId = c.req.param('external_id');
+        const resource = ws.authorizationResources
+            .findBy('organization_id', orgId)
+            .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        return c.json(formatAuthorizationResource(resource));
+    });
+    // Memberships for resource by type + external ID within an org
+    app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id/organization_memberships', (c) => {
+        const orgId = c.req.param('orgId');
+        const typeSlug = c.req.param('type_slug');
+        const externalId = c.req.param('external_id');
+        const resource = ws.authorizationResources
+            .findBy('organization_id', orgId)
+            .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);
+        if (!resource)
+            throw notFound('AuthorizationResource');
+        const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);
+        return c.json({
+            object: 'list',
+            data: memberships.map(formatMembership),
+            list_metadata: { before: null, after: null },
+        });
+    });
+}
+//# sourceMappingURL=authorization-resources.js.map

package/dist/emulate/workos/routes/authorization-resources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-resources.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-resources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACnH,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAElG,MAAM,UAAU,2BAA2B,CAAC,GAAiB;IAC3D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QAEpC,MAAM,gBAAgB,GAAG,IAAI,CAAC,kBAA4B,CAAC;QAC3D,MAAM,UAAU,GAAG,IAAI,CAAC,WAAqB,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAI,CAAC,eAAyB,CAAC;QAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,eAAe,CAAC,gCAAgC,EAAE,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,eAAe,CAAC,yBAAyB,EAAE,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACjG,CAAC;QACD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,eAAe,CAAC,6BAA6B,EAAE,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC;YAChD,MAAM,EAAE,wBAAwB;YAChC,kBAAkB,EAAE,gBAAgB;YACpC,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;YAC/B,QAAQ,EAAG,IAAI,CAAC,QAAmC,IAAI,EAAE;SAC1D,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,CAAC,CAAC,EAAE,EAAE;QACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAC5E,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,SAAS,CAAC;QAEjF,MAAM,MAAM,GAAG,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC;YAC5C,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;gBACZ,IAAI,cAAc,IAAI,CAAC,CAAC,eAAe,KAAK,cAAc;oBAAE,OAAO,KAAK,CAAC;gBACzE,IAAI,gBAAgB,IAAI,CAAC,CAAC,kBAAkB,KAAK,gBAAgB;oBAAE,OAAO,KAAK,CAAC;gBAChF,OAAO,IAAI,CAAC;YACd,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE;QACrD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,UAAU,IAAI,IAAI;YAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEzD,MAAM,OAAO,GAAG,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,OAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE;QACxD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,EAAE,CAAC,sBAAsB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,yDAAyD;IACzD,GAAG,CAAC,GAAG,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9E,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,WAAW,GAAG,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;QACnG,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;YACvC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,mDAAmD;IACnD,GAAG,CAAC,GAAG,CAAC,uEAAuE,EAAE,CAAC,CAAC,EAAE,EAAE;QACrF,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB;aACvC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,GAAG,CAAC,GAAG,CAAC,gGAAgG,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9G,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,EAAE,CAAC,sBAAsB;aACvC,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,QAAQ;YAAE,MAAM,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEvD,MAAM,WAAW,GAAG,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;QACnG,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;YACvC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, validationError, parseJsonBody, parseListParams } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatAuthorizationResource, formatMembership, formatListResponse } from '../helpers.js';\n\nexport function authorizationResourceRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.post('/authorization/resources', async (c) => {\n    const body = await parseJsonBody(c);\n\n    const resourceTypeSlug = body.resource_type_slug as string;\n    const externalId = body.external_id as string;\n    const organizationId = body.organization_id as string;\n\n    if (!resourceTypeSlug) {\n      throw validationError('resource_type_slug is required', [{ field: 'resource_type_slug', code: 'required' }]);\n    }\n    if (!externalId) {\n      throw validationError('external_id is required', [{ field: 'external_id', code: 'required' }]);\n    }\n    if (!organizationId) {\n      throw validationError('organization_id is required', [{ field: 'organization_id', code: 'required' }]);\n    }\n\n    const resource = ws.authorizationResources.insert({\n      object: 'authorization_resource',\n      resource_type_slug: resourceTypeSlug,\n      external_id: externalId,\n      organization_id: organizationId,\n      metadata: (body.metadata as Record<string, string>) ?? {},\n    });\n\n    return c.json(formatAuthorizationResource(resource), 201);\n  });\n\n  app.get('/authorization/resources', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const organizationId = url.searchParams.get('organization_id') ?? undefined;\n    const resourceTypeSlug = url.searchParams.get('resource_type_slug') ?? undefined;\n\n    const result = ws.authorizationResources.list({\n      ...params,\n      filter: (r) => {\n        if (organizationId && r.organization_id !== organizationId) return false;\n        if (resourceTypeSlug && r.resource_type_slug !== resourceTypeSlug) return false;\n        return true;\n      },\n    });\n\n    return c.json(formatListResponse(result, formatAuthorizationResource));\n  });\n\n  app.get('/authorization/resources/:resource_id', (c) => {\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n    return c.json(formatAuthorizationResource(resource));\n  });\n\n  app.put('/authorization/resources/:resource_id', async (c) => {\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const body = await parseJsonBody(c);\n    const updates: Record<string, unknown> = {};\n    if ('metadata' in body) updates.metadata = body.metadata;\n\n    const updated = ws.authorizationResources.update(resourceId, updates);\n    return c.json(formatAuthorizationResource(updated!));\n  });\n\n  app.delete('/authorization/resources/:resource_id', (c) => {\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    ws.authorizationResources.delete(resourceId);\n    return c.body(null, 204);\n  });\n\n  // Memberships with access to a resource (by resource ID)\n  app.get('/authorization/resources/:resource_id/organization_memberships', (c) => {\n    const resourceId = c.req.param('resource_id');\n    const resource = ws.authorizationResources.get(resourceId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);\n    return c.json({\n      object: 'list',\n      data: memberships.map(formatMembership),\n      list_metadata: { before: null, after: null },\n    });\n  });\n\n  // Get resource by type + external ID within an org\n  app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id', (c) => {\n    const orgId = c.req.param('orgId');\n    const typeSlug = c.req.param('type_slug');\n    const externalId = c.req.param('external_id');\n\n    const resource = ws.authorizationResources\n      .findBy('organization_id', orgId)\n      .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);\n    if (!resource) throw notFound('AuthorizationResource');\n    return c.json(formatAuthorizationResource(resource));\n  });\n\n  // Memberships for resource by type + external ID within an org\n  app.get('/authorization/organizations/:orgId/resources/:type_slug/:external_id/organization_memberships', (c) => {\n    const orgId = c.req.param('orgId');\n    const typeSlug = c.req.param('type_slug');\n    const externalId = c.req.param('external_id');\n\n    const resource = ws.authorizationResources\n      .findBy('organization_id', orgId)\n      .find((r) => r.resource_type_slug === typeSlug && r.external_id === externalId);\n    if (!resource) throw notFound('AuthorizationResource');\n\n    const memberships = ws.organizationMemberships.findBy('organization_id', resource.organization_id);\n    return c.json({\n      object: 'list',\n      data: memberships.map(formatMembership),\n      list_metadata: { before: null, after: null },\n    });\n  });\n}\n"]}

package/dist/emulate/workos/routes/authorization-roles.d.ts

@@ -0,0 +1,2 @@
+import type { RouteContext } from '../../core/index.js';
+export declare function authorizationRoleRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/authorization-roles.js

@@ -0,0 +1,13 @@
+import { findEnvRole, requireEnvRole, registerRoleRoutes } from '../role-helpers.js';
+export function authorizationRoleRoutes(ctx) {
+    registerRoleRoutes(ctx, {
+        pathPrefix: '/authorization/roles',
+        roleType: 'EnvironmentRole',
+        requireRole: (ws, c) => requireEnvRole(ws, c.req.param('slug')),
+        findRole: (ws, _c, slug) => findEnvRole(ws, slug),
+        listFilter: () => (r) => r.type === 'EnvironmentRole',
+        insertDefaults: () => ({ organization_id: null }),
+        duplicateMessage: 'Role with this slug already exists',
+    });
+}
+//# sourceMappingURL=authorization-roles.js.map

package/dist/emulate/workos/routes/authorization-roles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-roles.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/authorization-roles.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAErF,MAAM,UAAU,uBAAuB,CAAC,GAAiB;IACvD,kBAAkB,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,sBAAsB;QAClC,QAAQ,EAAE,iBAAiB;QAC3B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/D,QAAQ,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC;QACjD,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB;QACrD,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QACjD,gBAAgB,EAAE,oCAAoC;KACvD,CAAC,CAAC;AACL,CAAC","sourcesContent":["import type { RouteContext } from '../../core/index.js';\nimport { findEnvRole, requireEnvRole, registerRoleRoutes } from '../role-helpers.js';\n\nexport function authorizationRoleRoutes(ctx: RouteContext): void {\n  registerRoleRoutes(ctx, {\n    pathPrefix: '/authorization/roles',\n    roleType: 'EnvironmentRole',\n    requireRole: (ws, c) => requireEnvRole(ws, c.req.param('slug')),\n    findRole: (ws, _c, slug) => findEnvRole(ws, slug),\n    listFilter: () => (r) => r.type === 'EnvironmentRole',\n    insertDefaults: () => ({ organization_id: null }),\n    duplicateMessage: 'Role with this slug already exists',\n  });\n}\n"]}

package/dist/emulate/workos/routes/config.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function configRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/config.js

@@ -0,0 +1,57 @@
+import { parseJsonBody, WorkOSApiError, validationError } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatRedirectUri, formatCorsOrigin } from '../helpers.js';
+import { STORE_KEYS } from '../constants.js';
+export function configRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.post('/user_management/redirect_uris', async (c) => {
+        const body = await parseJsonBody(c);
+        const uri = body.uri;
+        if (!uri) {
+            throw validationError('uri is required', [{ field: 'uri', code: 'required' }]);
+        }
+        const existing = ws.redirectUris.findOneBy('uri', uri);
+        if (existing) {
+            throw new WorkOSApiError(422, 'Redirect URI already exists', 'redirect_uri_already_exists');
+        }
+        const redirectUri = ws.redirectUris.insert({
+            object: 'redirect_uri',
+            uri,
+        });
+        return c.json(formatRedirectUri(redirectUri), 201);
+    });
+    app.post('/user_management/cors_origins', async (c) => {
+        const body = await parseJsonBody(c);
+        const origin = body.origin;
+        if (!origin) {
+            throw validationError('origin is required', [{ field: 'origin', code: 'required' }]);
+        }
+        const existing = ws.corsOrigins.findOneBy('origin', origin);
+        if (existing) {
+            throw new WorkOSApiError(422, 'CORS origin already exists', 'cors_origin_already_exists');
+        }
+        const corsOrigin = ws.corsOrigins.insert({
+            object: 'cors_origin',
+            origin,
+        });
+        return c.json(formatCorsOrigin(corsOrigin), 201);
+    });
+    app.get('/user_management/jwt_template', (c) => {
+        const template = store.getData(STORE_KEYS.jwtTemplate) ?? {
+            object: 'jwt_template',
+            custom_claims: {},
+        };
+        return c.json(template);
+    });
+    app.put('/user_management/jwt_template', async (c) => {
+        const body = await parseJsonBody(c);
+        const template = {
+            object: 'jwt_template',
+            custom_claims: body.custom_claims ?? {},
+        };
+        store.setData(STORE_KEYS.jwtTemplate, template);
+        return c.json(template);
+    });
+}
+//# sourceMappingURL=config.js.map

package/dist/emulate/workos/routes/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,aAAa,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACxG,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,UAAU,YAAY,CAAC,GAAiB;IAC5C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,IAAI,CAAC,gCAAgC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAyB,CAAC;QAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,eAAe,CAAC,iBAAiB,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,6BAA6B,EAAE,6BAA6B,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YACzC,MAAM,EAAE,cAAc;YACtB,GAAG;SACJ,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,+BAA+B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAA4B,CAAC;QACjD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,eAAe,CAAC,oBAAoB,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,QAAQ,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE,4BAA4B,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;YACvC,MAAM,EAAE,aAAa;YACrB,MAAM;SACP,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,+BAA+B,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7C,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAA0B,UAAU,CAAC,WAAW,CAAC,IAAI;YACjF,MAAM,EAAE,cAAc;YACtB,aAAa,EAAE,EAAE;SAClB,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG;YACf,MAAM,EAAE,cAAc;YACtB,aAAa,EAAG,IAAI,CAAC,aAAyC,IAAI,EAAE;SACrE,CAAC;QACF,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, parseJsonBody, WorkOSApiError, validationError } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatRedirectUri, formatCorsOrigin } from '../helpers.js';\nimport { STORE_KEYS } from '../constants.js';\n\nexport function configRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.post('/user_management/redirect_uris', async (c) => {\n    const body = await parseJsonBody(c);\n    const uri = body.uri as string | undefined;\n    if (!uri) {\n      throw validationError('uri is required', [{ field: 'uri', code: 'required' }]);\n    }\n\n    const existing = ws.redirectUris.findOneBy('uri', uri);\n    if (existing) {\n      throw new WorkOSApiError(422, 'Redirect URI already exists', 'redirect_uri_already_exists');\n    }\n\n    const redirectUri = ws.redirectUris.insert({\n      object: 'redirect_uri',\n      uri,\n    });\n\n    return c.json(formatRedirectUri(redirectUri), 201);\n  });\n\n  app.post('/user_management/cors_origins', async (c) => {\n    const body = await parseJsonBody(c);\n    const origin = body.origin as string | undefined;\n    if (!origin) {\n      throw validationError('origin is required', [{ field: 'origin', code: 'required' }]);\n    }\n\n    const existing = ws.corsOrigins.findOneBy('origin', origin);\n    if (existing) {\n      throw new WorkOSApiError(422, 'CORS origin already exists', 'cors_origin_already_exists');\n    }\n\n    const corsOrigin = ws.corsOrigins.insert({\n      object: 'cors_origin',\n      origin,\n    });\n\n    return c.json(formatCorsOrigin(corsOrigin), 201);\n  });\n\n  app.get('/user_management/jwt_template', (c) => {\n    const template = store.getData<Record<string, unknown>>(STORE_KEYS.jwtTemplate) ?? {\n      object: 'jwt_template',\n      custom_claims: {},\n    };\n    return c.json(template);\n  });\n\n  app.put('/user_management/jwt_template', async (c) => {\n    const body = await parseJsonBody(c);\n    const template = {\n      object: 'jwt_template',\n      custom_claims: (body.custom_claims as Record<string, unknown>) ?? {},\n    };\n    store.setData(STORE_KEYS.jwtTemplate, template);\n    return c.json(template);\n  });\n}\n"]}

package/dist/emulate/workos/routes/connect.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function connectRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/connect.js

@@ -0,0 +1,65 @@
+import { notFound, parseJsonBody, validationError, parseListParams } from '../../core/index.js';
+import { generateId } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatConnectApplication, formatClientSecret, generateVerificationToken, formatListResponse, } from '../helpers.js';
+export function connectRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    // List applications
+    app.get('/connect/applications', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const result = ws.connectApplications.list({ ...params });
+        return c.json(formatListResponse(result, formatConnectApplication));
+    });
+    // Create application
+    app.post('/connect/applications', async (c) => {
+        const body = await parseJsonBody(c);
+        const name = body.name;
+        if (!name || typeof name !== 'string' || name.trim().length === 0) {
+            throw validationError('name is required', [{ field: 'name', code: 'required' }]);
+        }
+        const application = ws.connectApplications.insert({
+            object: 'connect_application',
+            name: name.trim(),
+            redirect_uris: body.redirect_uris ?? [],
+            client_id: `client_${generateId('connect')}`,
+            logo_url: body.logo_url ?? null,
+        });
+        return c.json(formatConnectApplication(application), 201);
+    });
+    // Get application
+    app.get('/connect/applications/:id', (c) => {
+        const application = ws.connectApplications.get(c.req.param('id'));
+        if (!application)
+            throw notFound('ConnectApplication');
+        return c.json(formatConnectApplication(application));
+    });
+    // Create client secret
+    app.post('/connect/applications/:id/client_secrets', (c) => {
+        const application = ws.connectApplications.get(c.req.param('id'));
+        if (!application)
+            throw notFound('ConnectApplication');
+        const value = `secret_${generateVerificationToken()}`;
+        const secret = ws.clientSecrets.insert({
+            object: 'client_secret',
+            application_id: application.id,
+            value,
+            last_four: value.slice(-4),
+        });
+        // Return full value only on creation
+        return c.json({
+            ...formatClientSecret(secret),
+            value: secret.value,
+        }, 201);
+    });
+    // Revoke client secret
+    app.delete('/connect/client_secrets/:id', (c) => {
+        const secret = ws.clientSecrets.get(c.req.param('id'));
+        if (!secret)
+            throw notFound('ClientSecret');
+        ws.clientSecrets.delete(secret.id);
+        return c.body(null, 204);
+    });
+}
+//# sourceMappingURL=connect.js.map

package/dist/emulate/workos/routes/connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/connect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACnH,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAEvB,MAAM,UAAU,aAAa,CAAC,GAAiB;IAC7C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,oBAAoB;IACpB,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,qBAAqB;IACrB,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAA0B,CAAC;QAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClE,MAAM,eAAe,CAAC,kBAAkB,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC;YAChD,MAAM,EAAE,qBAAqB;YAC7B,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YACjB,aAAa,EAAG,IAAI,CAAC,aAA0B,IAAI,EAAE;YACrD,SAAS,EAAE,UAAU,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5C,QAAQ,EAAG,IAAI,CAAC,QAAmB,IAAI,IAAI;SAC5C,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,kBAAkB;IAClB,GAAG,CAAC,GAAG,CAAC,2BAA2B,EAAE,CAAC,CAAC,EAAE,EAAE;QACzC,MAAM,WAAW,GAAG,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW;YAAE,MAAM,QAAQ,CAAC,oBAAoB,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,WAAW,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,GAAG,CAAC,IAAI,CAAC,0CAA0C,EAAE,CAAC,CAAC,EAAE,EAAE;QACzD,MAAM,WAAW,GAAG,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW;YAAE,MAAM,QAAQ,CAAC,oBAAoB,CAAC,CAAC;QAEvD,MAAM,KAAK,GAAG,UAAU,yBAAyB,EAAE,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACrC,MAAM,EAAE,eAAe;YACvB,cAAc,EAAE,WAAW,CAAC,EAAE;YAC9B,KAAK;YACL,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC3B,CAAC,CAAC;QAEH,qCAAqC;QACrC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,GAAG,kBAAkB,CAAC,MAAM,CAAC;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC,CAAC,EAAE,EAAE;QAC9C,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC5C,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, parseJsonBody, validationError, parseListParams } from '../../core/index.js';\nimport { generateId } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport {\n  formatConnectApplication,\n  formatClientSecret,\n  generateVerificationToken,\n  formatListResponse,\n} from '../helpers.js';\n\nexport function connectRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  // List applications\n  app.get('/connect/applications', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const result = ws.connectApplications.list({ ...params });\n    return c.json(formatListResponse(result, formatConnectApplication));\n  });\n\n  // Create application\n  app.post('/connect/applications', async (c) => {\n    const body = await parseJsonBody(c);\n    const name = body.name as string | undefined;\n    if (!name || typeof name !== 'string' || name.trim().length === 0) {\n      throw validationError('name is required', [{ field: 'name', code: 'required' }]);\n    }\n\n    const application = ws.connectApplications.insert({\n      object: 'connect_application',\n      name: name.trim(),\n      redirect_uris: (body.redirect_uris as string[]) ?? [],\n      client_id: `client_${generateId('connect')}`,\n      logo_url: (body.logo_url as string) ?? null,\n    });\n\n    return c.json(formatConnectApplication(application), 201);\n  });\n\n  // Get application\n  app.get('/connect/applications/:id', (c) => {\n    const application = ws.connectApplications.get(c.req.param('id'));\n    if (!application) throw notFound('ConnectApplication');\n    return c.json(formatConnectApplication(application));\n  });\n\n  // Create client secret\n  app.post('/connect/applications/:id/client_secrets', (c) => {\n    const application = ws.connectApplications.get(c.req.param('id'));\n    if (!application) throw notFound('ConnectApplication');\n\n    const value = `secret_${generateVerificationToken()}`;\n    const secret = ws.clientSecrets.insert({\n      object: 'client_secret',\n      application_id: application.id,\n      value,\n      last_four: value.slice(-4),\n    });\n\n    // Return full value only on creation\n    return c.json(\n      {\n        ...formatClientSecret(secret),\n        value: secret.value,\n      },\n      201,\n    );\n  });\n\n  // Revoke client secret\n  app.delete('/connect/client_secrets/:id', (c) => {\n    const secret = ws.clientSecrets.get(c.req.param('id'));\n    if (!secret) throw notFound('ClientSecret');\n    ws.clientSecrets.delete(secret.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/connections.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function connectionRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/connections.js

@@ -0,0 +1,73 @@
+import { notFound, parseJsonBody, generateId, parseListParams } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { formatConnection, formatListResponse } from '../helpers.js';
+export function connectionRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    app.post('/connections', async (c) => {
+        const body = await parseJsonBody(c);
+        const name = body.name;
+        const organizationId = body.organization_id;
+        const connectionType = body.connection_type ?? 'GenericSAML';
+        const domainsList = body.domains ?? [];
+        if (!organizationId) {
+            throw notFound('Organization');
+        }
+        const org = ws.organizations.get(organizationId);
+        if (!org)
+            throw notFound('Organization');
+        const domains = domainsList.map((d) => ({
+            object: 'connection_domain',
+            id: generateId('conn_domain'),
+            domain: d,
+        }));
+        const conn = ws.connections.insert({
+            object: 'connection',
+            organization_id: organizationId,
+            connection_type: connectionType,
+            name: name ?? `${org.name} SSO`,
+            state: 'active',
+            domains,
+        });
+        return c.json(formatConnection(conn), 201);
+    });
+    app.get('/connections', (c) => {
+        const url = new URL(c.req.url);
+        const params = parseListParams(url);
+        const orgFilter = url.searchParams.get('organization_id') ?? undefined;
+        const typeFilter = url.searchParams.get('connection_type') ?? undefined;
+        const domainFilter = url.searchParams.get('domain') ?? undefined;
+        const result = ws.connections.list({
+            ...params,
+            filter: (conn) => {
+                if (orgFilter && conn.organization_id !== orgFilter)
+                    return false;
+                if (typeFilter && conn.connection_type !== typeFilter)
+                    return false;
+                if (domainFilter && !conn.domains.some((d) => d.domain === domainFilter))
+                    return false;
+                return true;
+            },
+        });
+        return c.json(formatListResponse(result, formatConnection));
+    });
+    app.get('/connections/:id', (c) => {
+        const conn = ws.connections.get(c.req.param('id'));
+        if (!conn)
+            throw notFound('Connection');
+        return c.json(formatConnection(conn));
+    });
+    app.delete('/connections/:id', (c) => {
+        const conn = ws.connections.get(c.req.param('id'));
+        if (!conn)
+            throw notFound('Connection');
+        for (const auth of ws.ssoAuthorizations.all()) {
+            if (auth.connection_id === conn.id) {
+                ws.ssoAuthorizations.delete(auth.id);
+            }
+        }
+        ws.connections.delete(conn.id);
+        return c.body(null, 204);
+    });
+}
+//# sourceMappingURL=connections.js.map

package/dist/emulate/workos/routes/connections.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connections.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/connections.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC9G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGrE,MAAM,UAAU,gBAAgB,CAAC,GAAiB;IAChD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAc,CAAC;QACjC,MAAM,cAAc,GAAG,IAAI,CAAC,eAAyB,CAAC;QACtD,MAAM,cAAc,GAAI,IAAI,CAAC,eAAwC,IAAI,aAAa,CAAC;QACvF,MAAM,WAAW,GAAI,IAAI,CAAC,OAAoB,IAAI,EAAE,CAAC;QAErD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,GAAG,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtC,MAAM,EAAE,mBAA4B;YACpC,EAAE,EAAE,UAAU,CAAC,aAAa,CAAC;YAC7B,MAAM,EAAE,CAAC;SACV,CAAC,CAAC,CAAC;QAEJ,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC;YACjC,MAAM,EAAE,YAAY;YACpB,eAAe,EAAE,cAAc;YAC/B,eAAe,EAAE,cAAc;YAC/B,IAAI,EAAE,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,MAAM;YAC/B,KAAK,EAAE,QAAQ;YACf,OAAO;SACR,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QACvE,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QACxE,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;QAEjE,MAAM,MAAM,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC;YACjC,GAAG,MAAM;YACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACf,IAAI,SAAS,IAAI,IAAI,CAAC,eAAe,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBAClE,IAAI,UAAU,IAAI,IAAI,CAAC,eAAe,KAAK,UAAU;oBAAE,OAAO,KAAK,CAAC;gBACpE,IAAI,YAAY,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACvF,OAAO,IAAI,CAAC;YACd,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;QAChC,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;QACnC,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI;YAAE,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;QAExC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAED,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, notFound, parseJsonBody, generateId, parseListParams } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { formatConnection, formatListResponse } from '../helpers.js';\nimport type { WorkOSConnectionType } from '../entities.js';\n\nexport function connectionRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  app.post('/connections', async (c) => {\n    const body = await parseJsonBody(c);\n    const name = body.name as string;\n    const organizationId = body.organization_id as string;\n    const connectionType = (body.connection_type as WorkOSConnectionType) ?? 'GenericSAML';\n    const domainsList = (body.domains as string[]) ?? [];\n\n    if (!organizationId) {\n      throw notFound('Organization');\n    }\n    const org = ws.organizations.get(organizationId);\n    if (!org) throw notFound('Organization');\n\n    const domains = domainsList.map((d) => ({\n      object: 'connection_domain' as const,\n      id: generateId('conn_domain'),\n      domain: d,\n    }));\n\n    const conn = ws.connections.insert({\n      object: 'connection',\n      organization_id: organizationId,\n      connection_type: connectionType,\n      name: name ?? `${org.name} SSO`,\n      state: 'active',\n      domains,\n    });\n\n    return c.json(formatConnection(conn), 201);\n  });\n\n  app.get('/connections', (c) => {\n    const url = new URL(c.req.url);\n    const params = parseListParams(url);\n    const orgFilter = url.searchParams.get('organization_id') ?? undefined;\n    const typeFilter = url.searchParams.get('connection_type') ?? undefined;\n    const domainFilter = url.searchParams.get('domain') ?? undefined;\n\n    const result = ws.connections.list({\n      ...params,\n      filter: (conn) => {\n        if (orgFilter && conn.organization_id !== orgFilter) return false;\n        if (typeFilter && conn.connection_type !== typeFilter) return false;\n        if (domainFilter && !conn.domains.some((d) => d.domain === domainFilter)) return false;\n        return true;\n      },\n    });\n\n    return c.json(formatListResponse(result, formatConnection));\n  });\n\n  app.get('/connections/:id', (c) => {\n    const conn = ws.connections.get(c.req.param('id'));\n    if (!conn) throw notFound('Connection');\n    return c.json(formatConnection(conn));\n  });\n\n  app.delete('/connections/:id', (c) => {\n    const conn = ws.connections.get(c.req.param('id'));\n    if (!conn) throw notFound('Connection');\n\n    for (const auth of ws.ssoAuthorizations.all()) {\n      if (auth.connection_id === conn.id) {\n        ws.ssoAuthorizations.delete(auth.id);\n      }\n    }\n\n    ws.connections.delete(conn.id);\n    return c.body(null, 204);\n  });\n}\n"]}

package/dist/emulate/workos/routes/data-integrations.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function dataIntegrationRoutes(ctx: RouteContext): void;

package/dist/emulate/workos/routes/data-integrations.js

@@ -0,0 +1,55 @@
+import { parseJsonBody, WorkOSApiError } from '../../core/index.js';
+import { getWorkOSStore } from '../store.js';
+import { assertLocalRedirectUri, generateVerificationToken, expiresIn, isExpired } from '../helpers.js';
+export function dataIntegrationRoutes(ctx) {
+    const { app, store } = ctx;
+    const ws = getWorkOSStore(store);
+    // Authorize (public endpoint — no auth required)
+    app.get('/data-integrations/:slug/authorize', (c) => {
+        const slug = c.req.param('slug');
+        const url = new URL(c.req.url);
+        const redirectUri = url.searchParams.get('redirect_uri');
+        const state = url.searchParams.get('state') ?? null;
+        if (!redirectUri) {
+            throw new WorkOSApiError(400, 'redirect_uri is required', 'invalid_request');
+        }
+        assertLocalRedirectUri(redirectUri);
+        const code = generateVerificationToken();
+        ws.dataIntegrationAuths.insert({
+            slug,
+            code,
+            redirect_uri: redirectUri,
+            state,
+            expires_at: expiresIn(10),
+        });
+        const redirect = new URL(redirectUri);
+        redirect.searchParams.set('code', code);
+        if (state)
+            redirect.searchParams.set('state', state);
+        return c.redirect(redirect.toString(), 302);
+    });
+    // Exchange code for token
+    app.post('/data-integrations/:slug/token', async (c) => {
+        const slug = c.req.param('slug');
+        const body = await parseJsonBody(c);
+        const code = body.code;
+        if (!code) {
+            throw new WorkOSApiError(400, 'code is required', 'invalid_request');
+        }
+        const auth = ws.dataIntegrationAuths.findOneBy('code', code);
+        if (!auth || auth.slug !== slug) {
+            throw new WorkOSApiError(400, 'Invalid authorization code', 'invalid_grant');
+        }
+        if (isExpired(auth.expires_at)) {
+            ws.dataIntegrationAuths.delete(auth.id);
+            throw new WorkOSApiError(400, 'Authorization code has expired', 'invalid_grant');
+        }
+        ws.dataIntegrationAuths.delete(auth.id);
+        return c.json({
+            access_token: `di_mock_${slug}_${generateVerificationToken().slice(0, 8)}`,
+            token_type: 'bearer',
+            expires_in: 3600,
+        });
+    });
+}
+//# sourceMappingURL=data-integrations.js.map

package/dist/emulate/workos/routes/data-integrations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-integrations.js","sourceRoot":"","sources":["../../../../src/emulate/workos/routes/data-integrations.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACvF,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAExG,MAAM,UAAU,qBAAqB,CAAC,GAAiB;IACrD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEjC,iDAAiD;IACjD,GAAG,CAAC,GAAG,CAAC,oCAAoC,EAAE,CAAC,CAAC,EAAE,EAAE;QAClD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;QAEpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,0BAA0B,EAAE,iBAAiB,CAAC,CAAC;QAC/E,CAAC;QACD,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAEpC,MAAM,IAAI,GAAG,yBAAyB,EAAE,CAAC;QACzC,EAAE,CAAC,oBAAoB,CAAC,MAAM,CAAC;YAC7B,IAAI;YACJ,IAAI;YACJ,YAAY,EAAE,WAAW;YACzB,KAAK;YACL,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC;SAC1B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK;YAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErD,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,GAAG,CAAC,IAAI,CAAC,gCAAgC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAA0B,CAAC;QAE7C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,IAAI,GAAG,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,4BAA4B,EAAE,eAAe,CAAC,CAAC;QAC/E,CAAC;QAED,IAAI,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,EAAE,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxC,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,gCAAgC,EAAE,eAAe,CAAC,CAAC;QACnF,CAAC;QAED,EAAE,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAExC,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,YAAY,EAAE,WAAW,IAAI,IAAI,yBAAyB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC1E,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import { type RouteContext, parseJsonBody, WorkOSApiError } from '../../core/index.js';\nimport { getWorkOSStore } from '../store.js';\nimport { assertLocalRedirectUri, generateVerificationToken, expiresIn, isExpired } from '../helpers.js';\n\nexport function dataIntegrationRoutes(ctx: RouteContext): void {\n  const { app, store } = ctx;\n  const ws = getWorkOSStore(store);\n\n  // Authorize (public endpoint — no auth required)\n  app.get('/data-integrations/:slug/authorize', (c) => {\n    const slug = c.req.param('slug');\n    const url = new URL(c.req.url);\n    const redirectUri = url.searchParams.get('redirect_uri');\n    const state = url.searchParams.get('state') ?? null;\n\n    if (!redirectUri) {\n      throw new WorkOSApiError(400, 'redirect_uri is required', 'invalid_request');\n    }\n    assertLocalRedirectUri(redirectUri);\n\n    const code = generateVerificationToken();\n    ws.dataIntegrationAuths.insert({\n      slug,\n      code,\n      redirect_uri: redirectUri,\n      state,\n      expires_at: expiresIn(10),\n    });\n\n    const redirect = new URL(redirectUri);\n    redirect.searchParams.set('code', code);\n    if (state) redirect.searchParams.set('state', state);\n\n    return c.redirect(redirect.toString(), 302);\n  });\n\n  // Exchange code for token\n  app.post('/data-integrations/:slug/token', async (c) => {\n    const slug = c.req.param('slug');\n    const body = await parseJsonBody(c);\n    const code = body.code as string | undefined;\n\n    if (!code) {\n      throw new WorkOSApiError(400, 'code is required', 'invalid_request');\n    }\n\n    const auth = ws.dataIntegrationAuths.findOneBy('code', code);\n    if (!auth || auth.slug !== slug) {\n      throw new WorkOSApiError(400, 'Invalid authorization code', 'invalid_grant');\n    }\n\n    if (isExpired(auth.expires_at)) {\n      ws.dataIntegrationAuths.delete(auth.id);\n      throw new WorkOSApiError(400, 'Authorization code has expired', 'invalid_grant');\n    }\n\n    ws.dataIntegrationAuths.delete(auth.id);\n\n    return c.json({\n      access_token: `di_mock_${slug}_${generateVerificationToken().slice(0, 8)}`,\n      token_type: 'bearer',\n      expires_in: 3600,\n    });\n  });\n}\n"]}

package/dist/emulate/workos/routes/directories.d.ts

@@ -0,0 +1,2 @@
+import { type RouteContext } from '../../core/index.js';
+export declare function directoryRoutes(ctx: RouteContext): void;