workos 0.11.2 → 0.12.0

package/dist/emulate/workos/entities.d.ts

@@ -0,0 +1,360 @@
+import type { Entity } from '../core/index.js';
+export interface WorkOSOrganization extends Entity {
+    object: 'organization';
+    name: string;
+    external_id: string | null;
+    metadata: Record<string, string>;
+    stripe_customer_id: string | null;
+}
+export interface WorkOSOrganizationDomain extends Entity {
+    object: 'organization_domain';
+    organization_id: string;
+    domain: string;
+    state: 'verified' | 'pending';
+    verification_strategy: 'manual' | 'dns';
+    verification_token: string;
+    verification_prefix: string;
+}
+export interface WorkOSOrganizationMembership extends Entity {
+    object: 'organization_membership';
+    organization_id: string;
+    user_id: string;
+    role: {
+        slug: string;
+    };
+    status: 'active' | 'inactive' | 'pending';
+    external_id: string | null;
+    metadata: Record<string, string>;
+}
+export interface WorkOSUser extends Entity {
+    object: 'user';
+    email: string;
+    first_name: string | null;
+    last_name: string | null;
+    email_verified: boolean;
+    profile_picture_url: string | null;
+    last_sign_in_at: string | null;
+    external_id: string | null;
+    metadata: Record<string, string>;
+    locale: string | null;
+    password_hash: string | null;
+    impersonator: {
+        email: string;
+        reason: string;
+    } | null;
+}
+export interface WorkOSSession extends Entity {
+    object: 'session';
+    user_id: string;
+    organization_id: string | null;
+    ip_address: string | null;
+    user_agent: string | null;
+}
+export interface WorkOSEmailVerification extends Entity {
+    object: 'email_verification';
+    user_id: string;
+    email: string;
+    code: string;
+    expires_at: string;
+}
+export interface WorkOSPasswordReset extends Entity {
+    object: 'password_reset';
+    user_id: string;
+    email: string;
+    token: string;
+    expires_at: string;
+}
+export interface WorkOSMagicAuth extends Entity {
+    object: 'magic_auth';
+    user_id: string;
+    email: string;
+    code: string;
+    expires_at: string;
+}
+export interface WorkOSAuthenticationFactor extends Entity {
+    object: 'authentication_factor';
+    user_id: string;
+    type: 'totp';
+    totp: {
+        issuer: string;
+        user: string;
+        uri: string;
+    };
+}
+export interface WorkOSAuthorizationCode extends Entity {
+    user_id: string;
+    organization_id: string | null;
+    code: string;
+    redirect_uri: string;
+    expires_at: string;
+    code_challenge: string | null;
+    code_challenge_method: string | null;
+}
+export interface WorkOSIdentity extends Entity {
+    object: 'identity';
+    user_id: string;
+    provider: string;
+    provider_id: string;
+    type: 'OAuth';
+}
+export type WorkOSConnectionType = 'ADFSSAML' | 'AzureSAML' | 'GenericOIDC' | 'GenericSAML' | 'GoogleOAuth' | 'GoogleSAML' | 'OktaSAML' | 'OneLoginSAML' | 'PingFederateSAML' | 'PingOneSAML' | 'GitHubOAuth' | 'MicrosoftOAuth' | 'AppleOAuth';
+export interface WorkOSConnectionDomain {
+    object: 'connection_domain';
+    id: string;
+    domain: string;
+}
+export interface WorkOSConnection extends Entity {
+    object: 'connection';
+    organization_id: string;
+    connection_type: WorkOSConnectionType;
+    name: string;
+    state: 'active' | 'inactive' | 'validating';
+    domains: WorkOSConnectionDomain[];
+}
+export interface WorkOSSSOProfile extends Entity {
+    object: 'profile';
+    connection_id: string;
+    connection_type: WorkOSConnectionType;
+    organization_id: string;
+    idp_id: string;
+    email: string;
+    first_name: string | null;
+    last_name: string | null;
+    groups: string[];
+    raw_attributes: Record<string, unknown>;
+}
+export interface WorkOSSSOAuthorization extends Entity {
+    code: string;
+    connection_id: string;
+    organization_id: string;
+    profile_id: string;
+    redirect_uri: string;
+    state: string | null;
+    expires_at: string;
+}
+export interface WorkOSInvitation extends Entity {
+    object: 'invitation';
+    email: string;
+    state: 'pending' | 'accepted' | 'expired' | 'revoked';
+    token: string;
+    accept_invitation_url: string;
+    organization_id: string | null;
+    inviter_user_id: string | null;
+    role_slug: string | null;
+    expires_at: string;
+}
+export interface WorkOSRedirectUri extends Entity {
+    object: 'redirect_uri';
+    uri: string;
+}
+export interface WorkOSCorsOrigin extends Entity {
+    object: 'cors_origin';
+    origin: string;
+}
+export interface WorkOSAuthorizedApplication extends Entity {
+    object: 'authorized_application';
+    user_id: string;
+    name: string;
+    redirect_uri: string;
+}
+export interface WorkOSConnectedAccount extends Entity {
+    object: 'connected_account';
+    user_id: string;
+    provider: string;
+    provider_id: string;
+}
+export type PipeProvider = 'github' | 'slack' | 'google' | 'salesforce';
+export type PipeConnectionStatus = 'connected' | 'disconnected' | 'requires_reauth';
+export interface WorkOSPipeConnection extends Entity {
+    object: 'pipe_connection';
+    user_id: string;
+    provider: PipeProvider;
+    scopes: string[];
+    status: PipeConnectionStatus;
+    external_account_id: string | null;
+}
+export interface WorkOSRefreshToken extends Entity {
+    token: string;
+    user_id: string;
+    organization_id: string | null;
+    session_id: string;
+    expires_at: string;
+}
+export interface WorkOSAuthenticationChallenge extends Entity {
+    object: 'authentication_challenge';
+    user_id: string;
+    factor_id: string;
+    expires_at: string;
+    code: string | null;
+}
+export interface WorkOSDeviceAuthorization extends Entity {
+    device_code: string;
+    user_code: string;
+    user_id: string | null;
+    client_id: string;
+    expires_at: string;
+    interval: number;
+}
+export interface WorkOSRole extends Entity {
+    object: 'role';
+    slug: string;
+    name: string;
+    description: string | null;
+    type: 'EnvironmentRole' | 'OrganizationRole';
+    organization_id: string | null;
+    is_default_role: boolean;
+    priority: number;
+}
+export interface WorkOSPermission extends Entity {
+    object: 'permission';
+    slug: string;
+    name: string;
+    description: string | null;
+}
+export interface WorkOSRolePermission extends Entity {
+    role_id: string;
+    permission_id: string;
+}
+export interface WorkOSAuthorizationResource extends Entity {
+    object: 'authorization_resource';
+    resource_type_slug: string;
+    external_id: string;
+    organization_id: string;
+    metadata: Record<string, string>;
+}
+export interface WorkOSRoleAssignment extends Entity {
+    object: 'role_assignment';
+    organization_membership_id: string;
+    role_id: string;
+}
+export interface WorkOSDirectory extends Entity {
+    object: 'directory';
+    name: string;
+    organization_id: string | null;
+    domain: string | null;
+    type: string;
+    state: 'linked' | 'unlinked' | 'deleting' | 'invalid_credentials';
+    external_key: string | null;
+}
+export interface WorkOSDirectoryUser extends Entity {
+    object: 'directory_user';
+    directory_id: string;
+    organization_id: string | null;
+    idp_id: string;
+    first_name: string | null;
+    last_name: string | null;
+    email: string | null;
+    username: string | null;
+    state: 'active' | 'inactive';
+    role: {
+        slug: string;
+    } | null;
+    custom_attributes: Record<string, unknown>;
+    raw_attributes: Record<string, unknown>;
+    groups: Array<{
+        object: 'directory_group';
+        id: string;
+        name: string;
+    }>;
+}
+export interface WorkOSDirectoryGroup extends Entity {
+    object: 'directory_group';
+    directory_id: string;
+    organization_id: string | null;
+    idp_id: string;
+    name: string;
+    raw_attributes: Record<string, unknown>;
+}
+export interface WorkOSAuditLogAction extends Entity {
+    object: 'audit_log_action';
+    name: string;
+    description: string | null;
+    condition: string | null;
+}
+export interface WorkOSAuditLogEvent extends Entity {
+    object: 'audit_log_event';
+    organization_id: string;
+    action: {
+        name: string;
+        type: string;
+        id: string;
+    };
+    actor: Record<string, unknown>;
+    targets: Array<Record<string, unknown>>;
+    metadata: Record<string, unknown> | null;
+    occurred_at: string;
+}
+export interface WorkOSAuditLogExport extends Entity {
+    object: 'audit_log_export';
+    organization_id: string;
+    state: 'pending' | 'ready' | 'error';
+    url: string | null;
+    filters: Record<string, unknown>;
+}
+export interface WorkOSFeatureFlag extends Entity {
+    object: 'feature_flag';
+    slug: string;
+    name: string;
+    description: string | null;
+    type: 'boolean' | 'string' | 'number';
+    default_value: unknown;
+    enabled: boolean;
+}
+export interface WorkOSFlagTarget extends Entity {
+    object: 'flag_target';
+    flag_slug: string;
+    resource_id: string;
+    resource_type: string;
+    value: unknown;
+}
+export interface WorkOSConnectApplication extends Entity {
+    object: 'connect_application';
+    name: string;
+    redirect_uris: string[];
+    client_id: string;
+    logo_url: string | null;
+}
+export interface WorkOSClientSecret extends Entity {
+    object: 'client_secret';
+    application_id: string;
+    value: string;
+    last_four: string;
+}
+export interface WorkOSDataIntegrationAuth extends Entity {
+    slug: string;
+    code: string;
+    redirect_uri: string;
+    state: string | null;
+    expires_at: string;
+}
+export interface WorkOSRadarAttempt extends Entity {
+    object: 'radar_attempt';
+    user_id: string | null;
+    ip_address: string;
+    user_agent: string | null;
+    verdict: 'allow' | 'deny' | 'challenge';
+    signals: Array<{
+        type: string;
+        confidence: number;
+    }>;
+}
+export interface WorkOSApiKey extends Entity {
+    object: 'api_key';
+    name: string;
+    key: string;
+    environment: string;
+}
+export interface WorkOSEvent extends Entity {
+    object: 'event';
+    event: string;
+    data: Record<string, unknown>;
+    environment_id: string | null;
+}
+export interface WorkOSWebhookEndpoint extends Entity {
+    object: 'webhook_endpoint';
+    url: string;
+    secret: string;
+    enabled: boolean;
+    events: string[];
+    description: string | null;
+}

package/dist/emulate/workos/entities.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=entities.js.map

package/dist/emulate/workos/entities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/emulate/workos/entities.ts"],"names":[],"mappings":"","sourcesContent":["import type { Entity } from '../core/index.js';\n\nexport interface WorkOSOrganization extends Entity {\n  object: 'organization';\n  name: string;\n  external_id: string | null;\n  metadata: Record<string, string>;\n  stripe_customer_id: string | null;\n}\n\nexport interface WorkOSOrganizationDomain extends Entity {\n  object: 'organization_domain';\n  organization_id: string;\n  domain: string;\n  state: 'verified' | 'pending';\n  verification_strategy: 'manual' | 'dns';\n  verification_token: string;\n  verification_prefix: string;\n}\n\nexport interface WorkOSOrganizationMembership extends Entity {\n  object: 'organization_membership';\n  organization_id: string;\n  user_id: string;\n  role: { slug: string };\n  status: 'active' | 'inactive' | 'pending';\n  external_id: string | null;\n  metadata: Record<string, string>;\n}\n\nexport interface WorkOSUser extends Entity {\n  object: 'user';\n  email: string;\n  first_name: string | null;\n  last_name: string | null;\n  email_verified: boolean;\n  profile_picture_url: string | null;\n  last_sign_in_at: string | null;\n  external_id: string | null;\n  metadata: Record<string, string>;\n  locale: string | null;\n  password_hash: string | null;\n  impersonator: { email: string; reason: string } | null;\n}\n\nexport interface WorkOSSession extends Entity {\n  object: 'session';\n  user_id: string;\n  organization_id: string | null;\n  ip_address: string | null;\n  user_agent: string | null;\n}\n\nexport interface WorkOSEmailVerification extends Entity {\n  object: 'email_verification';\n  user_id: string;\n  email: string;\n  code: string;\n  expires_at: string;\n}\n\nexport interface WorkOSPasswordReset extends Entity {\n  object: 'password_reset';\n  user_id: string;\n  email: string;\n  token: string;\n  expires_at: string;\n}\n\nexport interface WorkOSMagicAuth extends Entity {\n  object: 'magic_auth';\n  user_id: string;\n  email: string;\n  code: string;\n  expires_at: string;\n}\n\nexport interface WorkOSAuthenticationFactor extends Entity {\n  object: 'authentication_factor';\n  user_id: string;\n  type: 'totp';\n  totp: {\n    issuer: string;\n    user: string;\n    uri: string;\n  };\n}\n\nexport interface WorkOSAuthorizationCode extends Entity {\n  user_id: string;\n  organization_id: string | null;\n  code: string;\n  redirect_uri: string;\n  expires_at: string;\n  code_challenge: string | null;\n  code_challenge_method: string | null;\n}\n\nexport interface WorkOSIdentity extends Entity {\n  object: 'identity';\n  user_id: string;\n  provider: string;\n  provider_id: string;\n  type: 'OAuth';\n}\n\nexport type WorkOSConnectionType =\n  | 'ADFSSAML'\n  | 'AzureSAML'\n  | 'GenericOIDC'\n  | 'GenericSAML'\n  | 'GoogleOAuth'\n  | 'GoogleSAML'\n  | 'OktaSAML'\n  | 'OneLoginSAML'\n  | 'PingFederateSAML'\n  | 'PingOneSAML'\n  | 'GitHubOAuth'\n  | 'MicrosoftOAuth'\n  | 'AppleOAuth';\n\nexport interface WorkOSConnectionDomain {\n  object: 'connection_domain';\n  id: string;\n  domain: string;\n}\n\nexport interface WorkOSConnection extends Entity {\n  object: 'connection';\n  organization_id: string;\n  connection_type: WorkOSConnectionType;\n  name: string;\n  state: 'active' | 'inactive' | 'validating';\n  domains: WorkOSConnectionDomain[];\n}\n\nexport interface WorkOSSSOProfile extends Entity {\n  object: 'profile';\n  connection_id: string;\n  connection_type: WorkOSConnectionType;\n  organization_id: string;\n  idp_id: string;\n  email: string;\n  first_name: string | null;\n  last_name: string | null;\n  groups: string[];\n  raw_attributes: Record<string, unknown>;\n}\n\nexport interface WorkOSSSOAuthorization extends Entity {\n  code: string;\n  connection_id: string;\n  organization_id: string;\n  profile_id: string;\n  redirect_uri: string;\n  state: string | null;\n  expires_at: string;\n}\n\nexport interface WorkOSInvitation extends Entity {\n  object: 'invitation';\n  email: string;\n  state: 'pending' | 'accepted' | 'expired' | 'revoked';\n  token: string;\n  accept_invitation_url: string;\n  organization_id: string | null;\n  inviter_user_id: string | null;\n  role_slug: string | null;\n  expires_at: string;\n}\n\nexport interface WorkOSRedirectUri extends Entity {\n  object: 'redirect_uri';\n  uri: string;\n}\n\nexport interface WorkOSCorsOrigin extends Entity {\n  object: 'cors_origin';\n  origin: string;\n}\n\nexport interface WorkOSAuthorizedApplication extends Entity {\n  object: 'authorized_application';\n  user_id: string;\n  name: string;\n  redirect_uri: string;\n}\n\nexport interface WorkOSConnectedAccount extends Entity {\n  object: 'connected_account';\n  user_id: string;\n  provider: string;\n  provider_id: string;\n}\n\nexport type PipeProvider = 'github' | 'slack' | 'google' | 'salesforce';\nexport type PipeConnectionStatus = 'connected' | 'disconnected' | 'requires_reauth';\n\nexport interface WorkOSPipeConnection extends Entity {\n  object: 'pipe_connection';\n  user_id: string;\n  provider: PipeProvider;\n  scopes: string[];\n  status: PipeConnectionStatus;\n  external_account_id: string | null;\n}\n\nexport interface WorkOSRefreshToken extends Entity {\n  token: string;\n  user_id: string;\n  organization_id: string | null;\n  session_id: string;\n  expires_at: string;\n}\n\nexport interface WorkOSAuthenticationChallenge extends Entity {\n  object: 'authentication_challenge';\n  user_id: string;\n  factor_id: string;\n  expires_at: string;\n  code: string | null;\n}\n\nexport interface WorkOSDeviceAuthorization extends Entity {\n  device_code: string;\n  user_code: string;\n  user_id: string | null;\n  client_id: string;\n  expires_at: string;\n  interval: number;\n}\n\nexport interface WorkOSRole extends Entity {\n  object: 'role';\n  slug: string;\n  name: string;\n  description: string | null;\n  type: 'EnvironmentRole' | 'OrganizationRole';\n  organization_id: string | null;\n  is_default_role: boolean;\n  priority: number;\n}\n\nexport interface WorkOSPermission extends Entity {\n  object: 'permission';\n  slug: string;\n  name: string;\n  description: string | null;\n}\n\nexport interface WorkOSRolePermission extends Entity {\n  role_id: string;\n  permission_id: string;\n}\n\nexport interface WorkOSAuthorizationResource extends Entity {\n  object: 'authorization_resource';\n  resource_type_slug: string;\n  external_id: string;\n  organization_id: string;\n  metadata: Record<string, string>;\n}\n\nexport interface WorkOSRoleAssignment extends Entity {\n  object: 'role_assignment';\n  organization_membership_id: string;\n  role_id: string;\n}\n\nexport interface WorkOSDirectory extends Entity {\n  object: 'directory';\n  name: string;\n  organization_id: string | null;\n  domain: string | null;\n  type: string;\n  state: 'linked' | 'unlinked' | 'deleting' | 'invalid_credentials';\n  external_key: string | null;\n}\n\nexport interface WorkOSDirectoryUser extends Entity {\n  object: 'directory_user';\n  directory_id: string;\n  organization_id: string | null;\n  idp_id: string;\n  first_name: string | null;\n  last_name: string | null;\n  email: string | null;\n  username: string | null;\n  state: 'active' | 'inactive';\n  role: { slug: string } | null;\n  custom_attributes: Record<string, unknown>;\n  raw_attributes: Record<string, unknown>;\n  groups: Array<{ object: 'directory_group'; id: string; name: string }>;\n}\n\nexport interface WorkOSDirectoryGroup extends Entity {\n  object: 'directory_group';\n  directory_id: string;\n  organization_id: string | null;\n  idp_id: string;\n  name: string;\n  raw_attributes: Record<string, unknown>;\n}\n\nexport interface WorkOSAuditLogAction extends Entity {\n  object: 'audit_log_action';\n  name: string;\n  description: string | null;\n  condition: string | null;\n}\n\nexport interface WorkOSAuditLogEvent extends Entity {\n  object: 'audit_log_event';\n  organization_id: string;\n  action: { name: string; type: string; id: string };\n  actor: Record<string, unknown>;\n  targets: Array<Record<string, unknown>>;\n  metadata: Record<string, unknown> | null;\n  occurred_at: string;\n}\n\nexport interface WorkOSAuditLogExport extends Entity {\n  object: 'audit_log_export';\n  organization_id: string;\n  state: 'pending' | 'ready' | 'error';\n  url: string | null;\n  filters: Record<string, unknown>;\n}\n\nexport interface WorkOSFeatureFlag extends Entity {\n  object: 'feature_flag';\n  slug: string;\n  name: string;\n  description: string | null;\n  type: 'boolean' | 'string' | 'number';\n  default_value: unknown;\n  enabled: boolean;\n}\n\nexport interface WorkOSFlagTarget extends Entity {\n  object: 'flag_target';\n  flag_slug: string;\n  resource_id: string;\n  resource_type: string;\n  value: unknown;\n}\n\nexport interface WorkOSConnectApplication extends Entity {\n  object: 'connect_application';\n  name: string;\n  redirect_uris: string[];\n  client_id: string;\n  logo_url: string | null;\n}\n\nexport interface WorkOSClientSecret extends Entity {\n  object: 'client_secret';\n  application_id: string;\n  value: string;\n  last_four: string;\n}\n\nexport interface WorkOSDataIntegrationAuth extends Entity {\n  slug: string;\n  code: string;\n  redirect_uri: string;\n  state: string | null;\n  expires_at: string;\n}\n\nexport interface WorkOSRadarAttempt extends Entity {\n  object: 'radar_attempt';\n  user_id: string | null;\n  ip_address: string;\n  user_agent: string | null;\n  verdict: 'allow' | 'deny' | 'challenge';\n  signals: Array<{ type: string; confidence: number }>;\n}\n\nexport interface WorkOSApiKey extends Entity {\n  object: 'api_key';\n  name: string;\n  key: string;\n  environment: string;\n}\n\nexport interface WorkOSEvent extends Entity {\n  object: 'event';\n  event: string;\n  data: Record<string, unknown>;\n  environment_id: string | null;\n}\n\nexport interface WorkOSWebhookEndpoint extends Entity {\n  object: 'webhook_endpoint';\n  url: string;\n  secret: string;\n  enabled: boolean;\n  events: string[];\n  description: string | null;\n}\n"]}

package/dist/emulate/workos/event-bus.d.ts

@@ -0,0 +1,17 @@
+import type { Store } from '../core/index.js';
+import type { WorkOSEventName } from './constants.js';
+export interface EventPayload {
+    event: WorkOSEventName | string;
+    data: Record<string, unknown>;
+    environment_id?: string;
+}
+export declare class EventBus {
+    private store;
+    private endpointsByEvent;
+    private catchAllEndpoints;
+    constructor(store: Store);
+    /** Rebuild the event-type index.  Auto-called via collection hooks; call manually only in tests. */
+    rebuildIndex(): void;
+    emit(payload: EventPayload): void;
+    private deliver;
+}

package/dist/emulate/workos/event-bus.js

@@ -0,0 +1,70 @@
+import { getWorkOSStore } from './store.js';
+import { signWebhookPayload } from './webhook-signer.js';
+export class EventBus {
+    store;
+    endpointsByEvent = new Map();
+    catchAllEndpoints = new Set();
+    constructor(store) {
+        this.store = store;
+    }
+    /** Rebuild the event-type index.  Auto-called via collection hooks; call manually only in tests. */
+    rebuildIndex() {
+        this.endpointsByEvent.clear();
+        this.catchAllEndpoints.clear();
+        const ws = getWorkOSStore(this.store);
+        for (const ep of ws.webhookEndpoints.all()) {
+            if (!ep.enabled)
+                continue;
+            if (ep.events.length === 0) {
+                this.catchAllEndpoints.add(ep.id);
+            }
+            else {
+                for (const evt of ep.events) {
+                    const set = this.endpointsByEvent.get(evt) ?? new Set();
+                    set.add(ep.id);
+                    this.endpointsByEvent.set(evt, set);
+                }
+            }
+        }
+    }
+    emit(payload) {
+        const ws = getWorkOSStore(this.store);
+        const event = ws.events.insert({
+            object: 'event',
+            event: payload.event,
+            data: payload.data,
+            environment_id: payload.environment_id ?? null,
+        });
+        // Pre-filtered: only endpoints that care about this event
+        const targetIds = new Set(this.catchAllEndpoints);
+        const eventSpecific = this.endpointsByEvent.get(payload.event);
+        if (eventSpecific) {
+            for (const id of eventSpecific)
+                targetIds.add(id);
+        }
+        for (const id of targetIds) {
+            const endpoint = ws.webhookEndpoints.get(id);
+            if (endpoint)
+                this.deliver(endpoint, event).catch(() => { });
+        }
+    }
+    async deliver(endpoint, event) {
+        const body = JSON.stringify({
+            id: event.id,
+            event: event.event,
+            data: event.data,
+            created_at: event.created_at,
+        });
+        const signature = signWebhookPayload(body, endpoint.secret);
+        await fetch(endpoint.url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'WorkOS-Signature': signature,
+            },
+            body,
+            signal: AbortSignal.timeout(5000),
+        });
+    }
+}
+//# sourceMappingURL=event-bus.js.map

package/dist/emulate/workos/event-bus.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"event-bus.js","sourceRoot":"","sources":["../../../src/emulate/workos/event-bus.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AASzD,MAAM,OAAO,QAAQ;IAIC;IAHZ,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IAClD,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAE9C,YAAoB,KAAY;QAAZ,UAAK,GAAL,KAAK,CAAO;IAAG,CAAC;IAEpC,oGAAoG;IACpG,YAAY;QACV,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,EAAE,CAAC,OAAO;gBAAE,SAAS;YAC1B,IAAI,EAAE,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,MAAM,EAAE,CAAC;oBAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;oBACxD,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;oBACf,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAqB;QACxB,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEtC,MAAM,KAAK,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC7B,MAAM,EAAE,OAAO;YACf,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,IAAI;SAC/C,CAAC,CAAC;QAEH,0DAA0D;QAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAClD,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC/D,IAAI,aAAa,EAAE,CAAC;YAClB,KAAK,MAAM,EAAE,IAAI,aAAa;gBAAE,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,QAAQ;gBAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,QAA+B,EAAE,KAAkB;QACvE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE5D,MAAM,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE;YACxB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,kBAAkB,EAAE,SAAS;aAC9B;YACD,IAAI;YACJ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["import type { Store } from '../core/index.js';\nimport { getWorkOSStore } from './store.js';\nimport type { WorkOSWebhookEndpoint, WorkOSEvent } from './entities.js';\nimport { signWebhookPayload } from './webhook-signer.js';\nimport type { WorkOSEventName } from './constants.js';\n\nexport interface EventPayload {\n  event: WorkOSEventName | string;\n  data: Record<string, unknown>;\n  environment_id?: string;\n}\n\nexport class EventBus {\n  private endpointsByEvent = new Map<string, Set<string>>();\n  private catchAllEndpoints = new Set<string>();\n\n  constructor(private store: Store) {}\n\n  /** Rebuild the event-type index.  Auto-called via collection hooks; call manually only in tests. */\n  rebuildIndex(): void {\n    this.endpointsByEvent.clear();\n    this.catchAllEndpoints.clear();\n    const ws = getWorkOSStore(this.store);\n    for (const ep of ws.webhookEndpoints.all()) {\n      if (!ep.enabled) continue;\n      if (ep.events.length === 0) {\n        this.catchAllEndpoints.add(ep.id);\n      } else {\n        for (const evt of ep.events) {\n          const set = this.endpointsByEvent.get(evt) ?? new Set();\n          set.add(ep.id);\n          this.endpointsByEvent.set(evt, set);\n        }\n      }\n    }\n  }\n\n  emit(payload: EventPayload): void {\n    const ws = getWorkOSStore(this.store);\n\n    const event = ws.events.insert({\n      object: 'event',\n      event: payload.event,\n      data: payload.data,\n      environment_id: payload.environment_id ?? null,\n    });\n\n    // Pre-filtered: only endpoints that care about this event\n    const targetIds = new Set(this.catchAllEndpoints);\n    const eventSpecific = this.endpointsByEvent.get(payload.event);\n    if (eventSpecific) {\n      for (const id of eventSpecific) targetIds.add(id);\n    }\n\n    for (const id of targetIds) {\n      const endpoint = ws.webhookEndpoints.get(id);\n      if (endpoint) this.deliver(endpoint, event).catch(() => {});\n    }\n  }\n\n  private async deliver(endpoint: WorkOSWebhookEndpoint, event: WorkOSEvent): Promise<void> {\n    const body = JSON.stringify({\n      id: event.id,\n      event: event.event,\n      data: event.data,\n      created_at: event.created_at,\n    });\n\n    const signature = signWebhookPayload(body, endpoint.secret);\n\n    await fetch(endpoint.url, {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/json',\n        'WorkOS-Signature': signature,\n      },\n      body,\n      signal: AbortSignal.timeout(5000),\n    });\n  }\n}\n"]}

package/dist/emulate/workos/helpers.d.ts

@@ -0,0 +1,72 @@
+import { type CursorPaginatedResult, type Entity } from '../core/index.js';
+import type { WorkOSStore } from './store.js';
+import type { WorkOSOrganization, WorkOSOrganizationDomain, WorkOSOrganizationMembership, WorkOSUser, WorkOSSession, WorkOSEmailVerification, WorkOSPasswordReset, WorkOSMagicAuth, WorkOSAuthenticationFactor, WorkOSIdentity, WorkOSConnection, WorkOSSSOProfile, WorkOSPipeConnection, WorkOSInvitation, WorkOSRedirectUri, WorkOSCorsOrigin, WorkOSAuthorizedApplication, WorkOSConnectedAccount, WorkOSAuthenticationChallenge, WorkOSDeviceAuthorization, WorkOSRole, WorkOSPermission, WorkOSAuthorizationResource, WorkOSRoleAssignment, WorkOSDirectory, WorkOSDirectoryUser, WorkOSDirectoryGroup, WorkOSAuditLogAction, WorkOSAuditLogEvent, WorkOSAuditLogExport, WorkOSFeatureFlag, WorkOSFlagTarget, WorkOSConnectApplication, WorkOSClientSecret, WorkOSRadarAttempt, WorkOSApiKey, WorkOSEvent, WorkOSWebhookEndpoint } from './entities.js';
+export declare function formatEntity<T extends Entity>(entity: T, opts?: {
+    exclude?: Set<string>;
+}): Record<string, unknown>;
+export declare function formatListResponse<T>(result: CursorPaginatedResult<T>, formatter: (item: T) => Record<string, unknown>): {
+    object: 'list';
+    data: Record<string, unknown>[];
+    list_metadata: {
+        before: string | null;
+        after: string | null;
+    };
+};
+export declare function formatOrganization(org: WorkOSOrganization, ws: WorkOSStore, opts?: {
+    domains?: WorkOSOrganizationDomain[];
+}): Record<string, unknown>;
+export declare function formatDomain(domain: WorkOSOrganizationDomain): Record<string, unknown>;
+export declare function formatMembership(m: WorkOSOrganizationMembership): Record<string, unknown>;
+export declare function formatUser(user: WorkOSUser): Record<string, unknown>;
+export declare function formatSession(s: WorkOSSession): Record<string, unknown>;
+export declare function formatEmailVerification(ev: WorkOSEmailVerification): Record<string, unknown>;
+export declare function formatPasswordReset(pr: WorkOSPasswordReset): Record<string, unknown>;
+export declare function formatMagicAuth(ma: WorkOSMagicAuth): Record<string, unknown>;
+export declare function formatAuthFactor(f: WorkOSAuthenticationFactor): Record<string, unknown>;
+export declare function formatIdentity(i: WorkOSIdentity): Record<string, unknown>;
+export declare function generateVerificationToken(): string;
+export declare function generateCode(): string;
+export declare function hashPassword(password: string): string;
+export declare function verifyPassword(password: string, hash: string): boolean;
+export declare function expiresIn(minutes: number): string;
+export declare function isExpired(expiresAt: string): boolean;
+export declare function formatConnection(conn: WorkOSConnection): Record<string, unknown>;
+export declare function formatSSOProfile(p: WorkOSSSOProfile): Record<string, unknown>;
+export declare function formatPipeConnection(pc: WorkOSPipeConnection): Record<string, unknown>;
+export declare function formatInvitation(inv: WorkOSInvitation): Record<string, unknown>;
+export declare function formatRedirectUri(r: WorkOSRedirectUri): Record<string, unknown>;
+export declare function formatCorsOrigin(o: WorkOSCorsOrigin): Record<string, unknown>;
+export declare function formatAuthorizedApplication(a: WorkOSAuthorizedApplication): Record<string, unknown>;
+export declare function formatConnectedAccount(a: WorkOSConnectedAccount): Record<string, unknown>;
+/**
+ * Validate that a redirect_uri points to a localhost origin.
+ * Prevents the emulator from being used as an open redirect.
+ */
+export declare function assertLocalRedirectUri(uri: string): void;
+export declare function formatAuthChallenge(c: WorkOSAuthenticationChallenge): Record<string, unknown>;
+export declare function formatRole(role: WorkOSRole): Record<string, unknown>;
+export declare function formatPermission(p: WorkOSPermission): Record<string, unknown>;
+export declare function formatAuthorizationResource(r: WorkOSAuthorizationResource): Record<string, unknown>;
+export declare function formatRoleAssignment(ra: WorkOSRoleAssignment): Record<string, unknown>;
+export declare function formatDeviceAuthorization(d: WorkOSDeviceAuthorization): Record<string, unknown>;
+export declare function formatDirectory(d: WorkOSDirectory): Record<string, unknown>;
+export declare function formatDirectoryUser(u: WorkOSDirectoryUser): Record<string, unknown>;
+export declare function formatDirectoryGroup(g: WorkOSDirectoryGroup): Record<string, unknown>;
+export declare function formatAuditLogAction(a: WorkOSAuditLogAction): Record<string, unknown>;
+export declare function formatAuditLogEvent(e: WorkOSAuditLogEvent): Record<string, unknown>;
+export declare function formatAuditLogExport(ex: WorkOSAuditLogExport): Record<string, unknown>;
+export declare function formatFeatureFlag(f: WorkOSFeatureFlag): Record<string, unknown>;
+export declare function formatFlagTarget(t: WorkOSFlagTarget): Record<string, unknown>;
+export declare function formatConnectApplication(a: WorkOSConnectApplication): Record<string, unknown>;
+export declare function formatClientSecret(s: WorkOSClientSecret): Record<string, unknown>;
+export declare function formatRadarAttempt(a: WorkOSRadarAttempt): Record<string, unknown>;
+export declare function formatApiKeyRecord(k: WorkOSApiKey): Record<string, unknown>;
+export declare function formatEvent(e: WorkOSEvent): Record<string, unknown>;
+export declare function formatWebhookEndpoint(ep: WorkOSWebhookEndpoint, opts?: {
+    includeSecret?: boolean;
+}): Record<string, unknown>;
+export declare function sealSession(data: {
+    access_token: string;
+    refresh_token: string;
+    session_id: string;
+}, apiKey: string): string;