feat: add auth/access foundation - deps, DB schema, shared types, and config

Add Better Auth, drizzle-orm, @dnd-kit, and remark-gfm dependencies. Introduce DB schema for auth tables (user, session, account, verification), company memberships, instance user roles, permission grants, invites, and join requests. Add assigneeUserId to issues. Extend shared config schema with deployment mode/exposure/auth settings, add access types and validators, and wire up new API path constants. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 14:40:16 -06:00
parent 08faeb53b5
commit 60d6122271
23 changed files with 6143 additions and 30 deletions
--- a/packages/shared/src/validators/access.ts
+++ b/packages/shared/src/validators/access.ts
@@ -0,0 +1,49 @@
+import { z } from "zod";
+import {
+  INVITE_JOIN_TYPES,
+  JOIN_REQUEST_STATUSES,
+  JOIN_REQUEST_TYPES,
+  PERMISSION_KEYS,
+} from "../constants.js";
+
+export const createCompanyInviteSchema = z.object({
+  allowedJoinTypes: z.enum(INVITE_JOIN_TYPES).default("both"),
+  expiresInHours: z.number().int().min(1).max(24 * 30).optional().default(72),
+  defaultsPayload: z.record(z.string(), z.unknown()).optional().nullable(),
+});
+
+export type CreateCompanyInvite = z.infer<typeof createCompanyInviteSchema>;
+
+export const acceptInviteSchema = z.object({
+  requestType: z.enum(JOIN_REQUEST_TYPES),
+  agentName: z.string().min(1).max(120).optional(),
+  adapterType: z.string().min(1).max(120).optional(),
+  capabilities: z.string().max(4000).optional().nullable(),
+  agentDefaultsPayload: z.record(z.string(), z.unknown()).optional().nullable(),
+});
+
+export type AcceptInvite = z.infer<typeof acceptInviteSchema>;
+
+export const listJoinRequestsQuerySchema = z.object({
+  status: z.enum(JOIN_REQUEST_STATUSES).optional(),
+  requestType: z.enum(JOIN_REQUEST_TYPES).optional(),
+});
+
+export type ListJoinRequestsQuery = z.infer<typeof listJoinRequestsQuerySchema>;
+
+export const updateMemberPermissionsSchema = z.object({
+  grants: z.array(
+    z.object({
+      permissionKey: z.enum(PERMISSION_KEYS),
+      scope: z.record(z.string(), z.unknown()).optional().nullable(),
+    }),
+  ),
+});
+
+export type UpdateMemberPermissions = z.infer<typeof updateMemberPermissionsSchema>;
+
+export const updateUserCompanyAccessSchema = z.object({
+  companyIds: z.array(z.string().uuid()).default([]),
+});
+
+export type UpdateUserCompanyAccess = z.infer<typeof updateUserCompanyAccessSchema>;