@cyber-eco/types • Docs
@cyber-eco/types¶
Interfaces¶
SharedActivity¶
Generic activity that can be used across apps
Properties¶
id¶
id:
string
Defined in¶
name¶
name:
string
Defined in¶
description?¶
optionaldescription:string
Defined in¶
type¶
type:
string
Defined in¶
appId¶
appId:
string
Defined in¶
participants¶
participants:
string[]
Defined in¶
startDate¶
startDate:
string
Defined in¶
endDate?¶
optionalendDate:string
Defined in¶
location?¶
optionallocation:object
name?¶
optionalname:string
address?¶
optionaladdress:string
coordinates?¶
optionalcoordinates:object
coordinates.lat¶
lat:
number
coordinates.lng¶
lng:
number
Defined in¶
tags?¶
optionaltags:string[]
Defined in¶
visibility¶
visibility:
"public"|"private"|"group"
Defined in¶
groupId?¶
optionalgroupId:string
Defined in¶
metadata?¶
optionalmetadata:Record\<string,any>
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
createdBy¶
createdBy:
string
Defined in¶
ActivitySummary¶
User activity summary across apps
Properties¶
userId¶
userId:
string
Defined in¶
period¶
period:
object
start¶
start:
string
end¶
end:
string
Defined in¶
totalActivities¶
totalActivities:
number
Defined in¶
byApp¶
byApp:
object[]
Defined in¶
mostActiveGroups¶
mostActiveGroups:
string[]
Defined in¶
lastUpdated¶
lastUpdated:
string
Defined in¶
App¶
Application definition in the CyberEco ecosystem
Properties¶
id¶
id:
string
Defined in¶
name¶
name:
string
Defined in¶
description¶
description:
string
Defined in¶
icon¶
icon:
string
Defined in¶
url¶
url:
string
Defined in¶
proxyPath?¶
optionalproxyPath:string
Defined in¶
category¶
category:
"finance"|"productivity"|"social"|"utility"|"info"
Defined in¶
status¶
status:
"active"|"beta"|"maintenance"|"deprecated"
Defined in¶
requiresAuth¶
requiresAuth:
boolean
Defined in¶
minRole?¶
optionalminRole:"user"|"admin"
Defined in¶
features¶
features:
string[]
Defined in¶
clientId?¶
optionalclientId:string
OAuth client ID (set when app is registered via Developer Portal)
Defined in¶
developerId?¶
optionaldeveloperId:string
Developer who registered this app
Defined in¶
requestedScopes?¶
optionalrequestedScopes:string[]
Scopes requested by this app
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt¶
updatedAt:
string
Defined in¶
AppConfig¶
Application configuration for navigation and theming
Properties¶
name¶
name:
string
Defined in¶
navigation¶
navigation:
object
links¶
links:
object[]
showConfig?¶
optionalshowConfig:boolean
mobileMenuStorageKey?¶
optionalmobileMenuStorageKey:string
Defined in¶
theme?¶
optionaltheme:object
primaryColor?¶
optionalprimaryColor:string
accentColor?¶
optionalaccentColor:string
Defined in¶
features?¶
optionalfeatures:object
auth?¶
optionalauth:boolean
notifications?¶
optionalnotifications:boolean
search?¶
optionalsearch:boolean
Defined in¶
AuditLogEntry¶
Audit log entry for tracking user actions
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
action¶
action:
string
Defined in¶
resourceType¶
resourceType:
string
Defined in¶
resourceId¶
resourceId:
string
Defined in¶
details?¶
optionaldetails:Record\<string,unknown>
Defined in¶
ipAddress?¶
optionalipAddress:string
Defined in¶
timestamp¶
timestamp:
string
Defined in¶
AuthAdapter¶
The identity operations an auth backend must provide. Everything is expressed
in terms of the normalized AuthUser — no backend-specific user type leaks
through this interface.
Methods¶
signIn()¶
signIn(
password):Promise\<AuthUser>
Sign in with email + password. Resolves to the normalized user.
Parameters¶
• email: string
• password: string
Returns¶
Promise\<AuthUser>
Defined in¶
signUp()¶
signUp(
password,displayName):Promise\<AuthUser>
Create an account with email + password and set the display name.
Parameters¶
• email: string
• password: string
• displayName: string
Returns¶
Promise\<AuthUser>
Defined in¶
signOut()¶
signOut():
Promise\<void>
Sign the current user out.
Returns¶
Promise\<void>
Defined in¶
signInWithProvider()¶
signInWithProvider(
provider):Promise\<AuthUser>
Sign in via a social provider (popup/redirect handled by the adapter).
Parameters¶
• provider: AuthProviderName
Returns¶
Promise\<AuthUser>
Defined in¶
linkProvider()?¶
optionallinkProvider(provider):Promise\<void>
Link a social provider to the currently signed-in account.
Parameters¶
• provider: AuthProviderName
Returns¶
Promise\<void>
Defined in¶
resetPassword()¶
resetPassword(
Promise\<void>
Send a password-reset email.
Parameters¶
• email: string
Returns¶
Promise\<void>
Defined in¶
updateDisplayProfile()¶
updateDisplayProfile(
update):Promise\<void>
Update the signed-in user's display name and/or photo.
Parameters¶
• update
• update.displayName?: string
• update.photoURL?: string
Returns¶
Promise\<void>
Defined in¶
getCurrentUser()¶
getCurrentUser():
null|AuthUser
Current user synchronously if known, else null.
Returns¶
null | AuthUser
Defined in¶
getIdToken()¶
getIdToken():
Promise\<null|string>
A fresh ID/access token for the signed-in user, or null.
Returns¶
Promise\<null | string>
Defined in¶
onAuthStateChanged()¶
onAuthStateChanged(
callback): () =>void
Subscribe to auth-state changes. Returns an unsubscribe function.
Parameters¶
• callback
Returns¶
Function
Returns¶
void
Defined in¶
setPersistence()?¶
optionalsetPersistence(persistence):Promise\<void>
Configure where the session is persisted (optional; adapters may no-op).
Parameters¶
• persistence: AuthPersistence
Returns¶
Promise\<void>
Defined in¶
ProfileStore\<T>¶
Persists the user PROFILE document (application data, not identity). Kept
separate from AuthAdapter so the auth layer never imports a database SDK —
the profile lives in the data layer. Injected alongside the auth adapter.
Type Parameters¶
• T = Record\<string, unknown>
Methods¶
get()¶
get(
uid):Promise\<null|T>
Read a profile by user id, or null if none exists.
Parameters¶
• uid: string
Returns¶
Promise\<null | T>
Defined in¶
set()¶
set(
uid,profile):Promise\<void>
Create or overwrite a profile.
Parameters¶
• uid: string
• profile: T
Returns¶
Promise\<void>
Defined in¶
update()¶
update(
uid,partial):Promise\<void>
Merge a partial update into an existing profile.
Parameters¶
• uid: string
• partial: Partial\<T>
Returns¶
Promise\<void>
Defined in¶
TokenVerifier¶
Server-side verification of an auth token's signature and claims. The concrete
implementation (e.g. FirebaseTokenVerifier verifying against Google's JWKS)
is injected wherever a token must be trusted (e.g. the set-cookie endpoint).
Methods¶
verify()¶
verify(
token):Promise\<object>
Verify the token and return the authenticated identity.
Parameters¶
• token: string
Returns¶
Promise\<object>
uid¶
uid:
string
email?¶
optionalemail:string
Throws¶
if the signature/claims are invalid or the token is expired.
Defined in¶
AuthUser¶
Authentication user from Firebase Auth or similar providers
Properties¶
uid¶
uid:
string
Defined in¶
email¶
email:
null|string
Defined in¶
displayName¶
displayName:
null|string
Defined in¶
photoURL¶
photoURL:
null|string
Defined in¶
emailVerified¶
emailVerified:
boolean
Defined in¶
AuthToken¶
Decoded authentication token
Properties¶
uid¶
uid:
string
Defined in¶
email?¶
optionalemail:string
Defined in¶
email_verified?¶
optionalemail_verified:boolean
Defined in¶
name?¶
optionalname:string
Defined in¶
picture?¶
optionalpicture:string
Defined in¶
exp?¶
optionalexp:number
Defined in¶
BillingRecord¶
User billing/subscription record
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
plan¶
plan:
"family"|"organization"|"free"|"personal"
Defined in¶
status¶
status:
"active"|"past_due"|"canceled"|"trial"
Defined in¶
startDate¶
startDate:
string
Defined in¶
endDate?¶
optionalendDate:string
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
paymentMethod?¶
optionalpaymentMethod:string
Defined in¶
Invoice¶
Invoice for billing
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
billingRecordId¶
billingRecordId:
string
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
status¶
status:
"draft"|"sent"|"paid"|"overdue"|"void"
Defined in¶
issuedAt¶
issuedAt:
string
Defined in¶
dueAt¶
dueAt:
string
Defined in¶
paidAt?¶
optionalpaidAt:string
Defined in¶
CacheBackend¶
Cache backend interface for L2 caching
Methods¶
get()¶
get\<
T>(key):Promise\<null|T>
Type Parameters¶
• T
Parameters¶
• key: string
Returns¶
Promise\<null | T>
Defined in¶
set()¶
set\<
T>(key,value,ttlMs?):Promise\<void>
Type Parameters¶
• T
Parameters¶
• key: string
• value: T
• ttlMs?: number
Returns¶
Promise\<void>
Defined in¶
delete()¶
delete(
key):Promise\<void>
Parameters¶
• key: string
Returns¶
Promise\<void>
Defined in¶
deletePattern()¶
deletePattern(
pattern):Promise\<void>
Parameters¶
• pattern: string
Returns¶
Promise\<void>
Defined in¶
clear()¶
clear():
Promise\<void>
Returns¶
Promise\<void>
Defined in¶
CacheStrategy¶
Cache strategy configuration
Properties¶
staleWhileRevalidate?¶
optionalstaleWhileRevalidate:boolean
Defined in¶
maxAge?¶
optionalmaxAge:number
Defined in¶
CacheConfig¶
Cache configuration for data layer
Properties¶
l1?¶
optionall1:object
maxEntries?¶
optionalmaxEntries:number
Defined in¶
l2?¶
optionall2:CacheBackend
Defined in¶
strategy?¶
optionalstrategy:CacheStrategy
Defined in¶
ttls?¶
optionalttls:Record\<string,number>
Defined in¶
AppUsageStats¶
Daily API usage statistics per client app.
Properties¶
id¶
id:
string
Defined in¶
clientId¶
clientId:
string
Defined in¶
date¶
date:
string
Defined in¶
apiCalls¶
apiCalls:
number
Defined in¶
uniqueUsers¶
uniqueUsers:
number
Defined in¶
errorCount¶
errorCount:
number
Defined in¶
WebhookDelivery¶
Record of a webhook delivery attempt.
Properties¶
id¶
id:
string
Defined in¶
webhookId¶
webhookId:
string
Defined in¶
clientId¶
clientId:
string
Defined in¶
eventType¶
eventType:
string
Defined in¶
payload¶
payload:
Record\<string,unknown>
Defined in¶
responseStatus?¶
optionalresponseStatus:number
Defined in¶
retryCount¶
retryCount:
number
Defined in¶
deliveredAt?¶
optionaldeliveredAt:string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
ExpenseSplit¶
A single participant's share of an expense
Properties¶
userId¶
userId:
string
Defined in¶
amount¶
amount:
number
Defined in¶
percentage?¶
optionalpercentage:number
Defined in¶
Expense¶
A shared expense record — universal across all CyberEco apps
Properties¶
id¶
id:
string
Defined in¶
groupId¶
groupId:
string
Defined in¶
description¶
description:
string
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
paidBy¶
paidBy:
string
Defined in¶
splitType¶
splitType:
SplitType
Defined in¶
splits¶
splits:
ExpenseSplit[]
Defined in¶
date¶
date:
string
Defined in¶
category?¶
optionalcategory:string
Defined in¶
tags?¶
optionaltags:string[]
Defined in¶
notes?¶
optionalnotes:string
Defined in¶
images?¶
optionalimages:string[]
Defined in¶
source?¶
optionalsource:string
Origin of this expense (e.g. "manual", "import", app name)
Defined in¶
transactionId?¶
optionaltransactionId:string
Optional bridge to shared Transaction record
Defined in¶
memberIds?¶
optionalmemberIds:string[]
Denormalized group member IDs for Firestore security rule checks. Copied from the parent ExpenseGroup.memberIds on creation. MUST be kept in sync when group membership changes.
Defined in¶
createdBy¶
createdBy:
string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
Settlement¶
A debt settlement between two users
Properties¶
id¶
id:
string
Defined in¶
groupId¶
groupId:
string
Defined in¶
fromUserId¶
fromUserId:
string
Defined in¶
toUserId¶
toUserId:
string
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
date¶
date:
string
Defined in¶
method?¶
optionalmethod:string
Defined in¶
notes?¶
optionalnotes:string
Defined in¶
transactionId?¶
optionaltransactionId:string
Optional bridge to shared Transaction record
Defined in¶
memberIds?¶
optionalmemberIds:string[]
Denormalized group member IDs for Firestore security rule checks. Copied from the parent ExpenseGroup.memberIds on creation. MUST be kept in sync when group membership changes.
Defined in¶
createdBy¶
createdBy:
string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
Balance¶
A derived balance between two users (computed, not stored)
Properties¶
fromUserId¶
fromUserId:
string
Defined in¶
toUserId¶
toUserId:
string
Defined in¶
amount¶
amount:
number
Defined in¶
ExpenseGroupSettings¶
Configuration for an expense group
Properties¶
defaultSplitType¶
defaultSplitType:
SplitType
Defined in¶
simplifyDebts¶
simplifyDebts:
boolean
Defined in¶
maxMembers¶
maxMembers:
number
Defined in¶
ExpenseGroupMember¶
A member of an expense group
Properties¶
userId¶
userId:
string
Defined in¶
displayName¶
displayName:
string
Defined in¶
role¶
role:
AppRole
Defined in¶
joinedAt¶
joinedAt:
string
Defined in¶
invitedBy?¶
optionalinvitedBy:string
Defined in¶
ExpenseGroup¶
A group for tracking shared expenses.
Does NOT extend SharedGroup because: - members[] use ExpenseGroupMember (has displayName, not in GroupMember) - settings use ExpenseGroupSettings (different structure from SharedGroup.settings) - expense-specific fields (currency, totalExpenses) make it domain-specific
Apps can bridge via SharedGroup.metadata.expenseGroupId reference.
Properties¶
id¶
id:
string
Defined in¶
name¶
name:
string
Defined in¶
description?¶
optionaldescription:string
Defined in¶
type¶
type:
"family"|"friends"|"community"|"organization"|"other"
Defined in¶
currency¶
currency:
string
Defined in¶
members¶
members:
ExpenseGroupMember[]
Defined in¶
settings¶
settings:
ExpenseGroupSettings
Defined in¶
totalExpenses¶
totalExpenses:
number
Defined in¶
memberIds¶
memberIds:
string[]
Denormalized list of member user IDs for Firestore security rule checks. MUST be kept in sync with the members array. Derived: members.map(m => m.userId)
Defined in¶
adminIds¶
adminIds:
string[]
Denormalized list of admin/owner user IDs for write permission checks. Derived: members.filter(m => hasMinimumRole(m.role, 'admin')).map(m => m.userId)
Defined in¶
createdBy¶
createdBy:
string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
ExpenseGroupExport¶
GDPR-compliant export payload for an expense group
Properties¶
group¶
group:
ExpenseGroup
Defined in¶
expenses¶
expenses:
Expense[]
Defined in¶
settlements¶
settlements:
Settlement[]
Defined in¶
balances¶
balances:
Balance[]
Defined in¶
exportedAt¶
exportedAt:
string
Defined in¶
exportedBy¶
exportedBy:
string
Defined in¶
FinancialProfile¶
Stored in financialProfiles collection. Doc ID = userId.
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
persona1¶
persona1:
PersonaProfileData
Defined in¶
persona2?¶
optionalpersona2:PersonaProfileData
Defined in¶
rentaActual¶
rentaActual:
number
Defined in¶
fondoEmergencia¶
fondoEmergencia:
number
Defined in¶
ahorroLiquidoDisponible¶
ahorroLiquidoDisponible:
number
Defined in¶
gastosTemporales¶
gastosTemporales:
TemporaryExpenseData[]
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
PropertyRecord¶
Stored in propertyRecords collection.
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
nombre¶
nombre:
string
Defined in¶
tipo¶
tipo:
string
Defined in¶
uso¶
uso:
string
Defined in¶
valor¶
valor:
number
Defined in¶
ubicacion¶
ubicacion:
LocationData
Defined in¶
enganchePorcentaje?¶
optionalenganchePorcentaje:number
Defined in¶
tasaAnual?¶
optionaltasaAnual:number
Defined in¶
plazoAnios?¶
optionalplazoAnios:number
Defined in¶
ingresoRentaEstimado?¶
optionalingresoRentaEstimado:number
Defined in¶
mantenimientoMensual?¶
optionalmantenimientoMensual:number
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
ScenarioRecord¶
Stored in scenarios collection.
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
nombre¶
nombre:
string
Defined in¶
descripcion¶
descripcion:
string
Defined in¶
propiedades¶
propiedades:
string[]
Defined in¶
horizonte¶
horizonte:
number
Defined in¶
tasaInflacion¶
tasaInflacion:
number
Defined in¶
rendimientoInversiones¶
rendimientoInversiones:
number
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
CreditCardRecord¶
Stored in creditCards collection.
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
nombre¶
nombre:
string
Defined in¶
banco¶
banco:
string
Defined in¶
anualidad¶
anualidad:
number
Defined in¶
tasas¶
tasas:
Record\<string,number>
Defined in¶
topeMensual?¶
optionaltopeMensual:number
Defined in¶
topeAnual?¶
optionaltopeAnual:number
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
BankAccount¶
Bank account information for payments and settlements
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
nickname¶
nickname:
string
Defined in¶
accountType¶
accountType:
"checking"|"savings"
Defined in¶
lastFourDigits¶
lastFourDigits:
string
Defined in¶
bankName?¶
optionalbankName:string
Defined in¶
isDefault¶
isDefault:
boolean
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
verifiedAt?¶
optionalverifiedAt:string
Defined in¶
Transaction¶
Transaction record that can be used across financial apps
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
type¶
type:
"expense"|"income"|"transfer"|"settlement"
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
description¶
description:
string
Defined in¶
date¶
date:
string
Defined in¶
category?¶
optionalcategory:string
Defined in¶
tags?¶
optionaltags:string[]
Defined in¶
source?¶
optionalsource:string
Origin of this transaction (e.g. "manual", "import", app name)
Defined in¶
appId?¶
optionalappId:string
Deprecated¶
Use source instead. App attribution violates Tenet #1.
Defined in¶
appSpecificId?¶
optionalappSpecificId:string
Defined in¶
metadata?¶
optionalmetadata:Record\<string,unknown>
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
Budget¶
Budget that can be shared across financial apps
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
name¶
name:
string
Defined in¶
amount¶
amount:
number
Defined in¶
currency¶
currency:
string
Defined in¶
period¶
period:
"daily"|"weekly"|"monthly"|"yearly"
Defined in¶
categories?¶
optionalcategories:string[]
Defined in¶
startDate¶
startDate:
string
Defined in¶
endDate?¶
optionalendDate:string
Defined in¶
appIds?¶
optionalappIds:string[]
Deprecated¶
Use categories instead. App attribution violates Tenet #1.
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
FinancialSummary¶
Aggregated financial summary across apps
Properties¶
userId¶
userId:
string
Defined in¶
period¶
period:
object
start¶
start:
string
end¶
end:
string
Defined in¶
totalIncome¶
totalIncome:
number
Defined in¶
totalExpenses¶
totalExpenses:
number
Defined in¶
netAmount¶
netAmount:
number
Defined in¶
byCategory¶
byCategory:
object[]
Defined in¶
bySource?¶
optionalbySource:object[]
Defined in¶
byApp?¶
optionalbyApp:object[]
Deprecated¶
Use bySource instead. App-keyed axis violates Tenet #1.
Defined in¶
currency¶
currency:
string
Defined in¶
lastUpdated¶
lastUpdated:
string
Defined in¶
Friendship¶
Friendship connection between users Promoted from JustSplit to shared types for ecosystem-wide use
Properties¶
id¶
id:
string
Defined in¶
users¶
users:
string[]
Defined in¶
status¶
status:
"pending"|"accepted"|"rejected"
Defined in¶
requestedBy¶
requestedBy:
string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt¶
updatedAt:
string
Defined in¶
GroupMember¶
Group member with 4-tier role hierarchy
Properties¶
userId¶
userId:
string
Defined in¶
role¶
role:
AppRole
Defined in¶
joinedAt¶
joinedAt:
string
Defined in¶
invitedBy?¶
optionalinvitedBy:string
Defined in¶
permissions?¶
optionalpermissions:string[]
Defined in¶
SharedGroup¶
Generic group that can be used across apps
Properties¶
id¶
id:
string
Defined in¶
name¶
name:
string
Defined in¶
description?¶
optionaldescription:string
Defined in¶
type¶
type:
"family"|"friends"|"community"|"organization"|"other"
Defined in¶
createdBy¶
createdBy:
string
User ID of the group creator
Defined in¶
members¶
members:
GroupMember[]
Defined in¶
memberIds¶
memberIds:
string[]
Denormalized member UIDs, required by the groups Firestore rules for
read access checks. MUST be kept in sync with members.
Derived: members.map(m => m.userId)
Defined in¶
adminIds¶
adminIds:
string[]
Denormalized admin UIDs (owner + admins), required by the groups
Firestore rules for write access checks. MUST be kept in sync with members.
Derived: members.filter(m => hasMinimumRole(m.role, 'admin')).map(m => m.userId)
Defined in¶
settings¶
settings:
object
isPrivate¶
isPrivate:
boolean
requireApproval¶
requireApproval:
boolean
allowInvites¶
allowInvites:
boolean
Defined in¶
metadata?¶
optionalmetadata:Record\<string,unknown>
User-controlled metadata for this group
Defined in¶
appContexts?¶
optionalappContexts:object
Index Signature¶
[appId: string]: object
Deprecated¶
Violates Tenet #1 (Digital Sovereignty). App-specific state
should not be embedded in shared group documents. Apps that need group
association should store a groupId reference in their own collection.
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
UserRelationship¶
Relationship between users for family trees, social graphs
Properties¶
id¶
id:
string
Defined in¶
user1Id¶
user1Id:
string
Defined in¶
user2Id¶
user2Id:
string
Defined in¶
type¶
type:
"family"|"other"|"friend"|"colleague"|"partner"
Defined in¶
subtype?¶
optionalsubtype:string
Defined in¶
startDate?¶
optionalstartDate:string
Defined in¶
endDate?¶
optionalendDate:string
Defined in¶
isActive¶
isActive:
boolean
Defined in¶
metadata?¶
optionalmetadata:Record\<string,any>
Defined in¶
NavigationLink¶
Navigation link definition
Properties¶
href¶
href:
string
Defined in¶
label¶
label:
string
Defined in¶
external?¶
optionalexternal:boolean
Defined in¶
NavigationActionButton¶
Navigation action button configuration
Properties¶
href?¶
optionalhref:string
Defined in¶
label?¶
optionallabel:string
Defined in¶
onClick()?¶
optionalonClick: () =>void
Returns¶
void
Defined in¶
element?¶
optionalelement:unknown
Defined in¶
className?¶
optionalclassName:string
Defined in¶
icon?¶
optionalicon:unknown
Defined in¶
external?¶
optionalexternal:boolean
Defined in¶
NavigationProps¶
Navigation component props
Properties¶
links¶
links:
NavigationLink[]
Defined in¶
actionButton?¶
optionalactionButton:NavigationActionButton
Defined in¶
showConfig?¶
optionalshowConfig:boolean
Defined in¶
mobileMenuStorageKey?¶
optionalmobileMenuStorageKey:string
Defined in¶
className?¶
optionalclassName:string
Defined in¶
LinkComponent?¶
optionalLinkComponent:any
Defined in¶
usePathname()?¶
optionalusePathname: () =>string
Returns¶
string
Defined in¶
Notification¶
Cross-app notification
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
type¶
type:
"info"|"success"|"warning"|"error"
Defined in¶
title¶
title:
string
Defined in¶
message¶
message:
string
Defined in¶
appId¶
appId:
string
Defined in¶
actionUrl?¶
optionalactionUrl:string
Defined in¶
actionLabel?¶
optionalactionLabel:string
Defined in¶
read¶
read:
boolean
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
expiresAt?¶
optionalexpiresAt:string
Defined in¶
OAuthApp¶
Registered OAuth application.
Developers register apps via the Developer Portal (/developer). The clientSecret is shown once at registration; only the SHA-256 hash (clientSecretHash) is stored.
Properties¶
id¶
id:
string
Defined in¶
clientId¶
clientId:
string
Defined in¶
clientSecretHash¶
clientSecretHash:
string
Defined in¶
developerId¶
developerId:
string
Defined in¶
name¶
name:
string
Defined in¶
description¶
description:
string
Defined in¶
redirectUris¶
redirectUris:
string[]
Defined in¶
requestedScopes¶
requestedScopes:
OAuthScope[]
Defined in¶
approvedScopes¶
approvedScopes:
OAuthScope[]
Defined in¶
status¶
status:
OAuthAppStatus
Defined in¶
iconUrl?¶
optionaliconUrl:string
Defined in¶
homepageUrl?¶
optionalhomepageUrl:string
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt¶
updatedAt:
string
Defined in¶
OAuthAuthorizationCode¶
OAuth authorization code (Phase 2).
Short-lived code (10 min) exchanged for access + refresh tokens via the Authorization Code flow with PKCE. PKCE is required: codeChallenge and codeChallengeMethod are mandatory.
Properties¶
id¶
id:
string
Defined in¶
code¶
code:
string
Opaque code string returned to the client
Defined in¶
clientId¶
clientId:
string
Defined in¶
userId¶
userId:
string
Defined in¶
scopes¶
scopes:
OAuthScope[]
Defined in¶
codeChallenge¶
codeChallenge:
string
SHA-256 hash of the PKCE code verifier (required)
Defined in¶
codeChallengeMethod¶
codeChallengeMethod:
"S256"
Always S256 — plain method is not supported
Defined in¶
redirectUri¶
redirectUri:
string
Defined in¶
state?¶
optionalstate:string
Client-provided state for CSRF protection
Defined in¶
expiresAt¶
expiresAt:
string
Defined in¶
used¶
used:
boolean
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
OAuthToken¶
OAuth token record.
Tokens are stored as SHA-256 hashes; the plaintext is only returned to the client at issuance time.
Refresh tokens use familyId to support token rotation:
when a refresh token is used, the old one is revoked and a new one
is issued with the same familyId. If a revoked refresh token is
reused (replay attack), ALL tokens in the family are revoked.
Properties¶
id¶
id:
string
Defined in¶
tokenHash¶
tokenHash:
string
SHA-256 hash of the token value
Defined in¶
type¶
type:
OAuthTokenType
Defined in¶
clientId¶
clientId:
string
Defined in¶
userId¶
userId:
string
Defined in¶
scopes¶
scopes:
OAuthScope[]
Defined in¶
expiresAt¶
expiresAt:
string
Defined in¶
revoked¶
revoked:
boolean
Defined in¶
revokedAt?¶
optionalrevokedAt:string
ISO timestamp when the token was revoked (null if active)
Defined in¶
familyId?¶
optionalfamilyId:string
Token family ID for refresh token rotation tracking
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
OAuthConsent¶
User consent record for an OAuth app.
Consent records are immutable (GDPR) — revokedAt is set but the document is never deleted.
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
clientId¶
clientId:
string
Defined in¶
appName¶
appName:
string
Defined in¶
scopes¶
scopes:
OAuthScope[]
Defined in¶
grantedAt¶
grantedAt:
string
Defined in¶
revokedAt?¶
optionalrevokedAt:string
Defined in¶
lastUsedAt?¶
optionallastUsedAt:string
Defined in¶
JwksKey¶
JSON Web Key for OIDC discovery. Phase 2 uses HMAC-SHA256 (symmetric); Phase 3 migrates to RS256 (asymmetric).
Properties¶
kid¶
kid:
string
Defined in¶
kty¶
kty:
string
Defined in¶
alg¶
alg:
string
Defined in¶
use¶
use:
"sig"
Defined in¶
n?¶
optionaln:string
RSA public key modulus (only for RS256)
Defined in¶
e?¶
optionale:string
RSA public key exponent (only for RS256)
Defined in¶
TokenIntrospectionResponse¶
Response from the token introspection endpoint (RFC 7662).
Properties¶
active¶
active:
boolean
Whether the token is currently active
Defined in¶
scope?¶
optionalscope:string
The scopes associated with the token
Defined in¶
client_id?¶
optionalclient_id:string
Client ID the token was issued for
Defined in¶
sub?¶
optionalsub:string
User ID the token was issued for
Defined in¶
token_type?¶
optionaltoken_type:string
Token type: access or refresh
Defined in¶
exp?¶
optionalexp:number
Expiration time (unix timestamp)
Defined in¶
iat?¶
optionaliat:number
Issued at time (unix timestamp)
Defined in¶
OAuthTokenPair¶
Token pair returned from token exchange and refresh operations.
Properties¶
access_token¶
access_token:
string
Defined in¶
token_type¶
token_type:
"Bearer"
Defined in¶
expires_in¶
expires_in:
number
Defined in¶
refresh_token¶
refresh_token:
string
Defined in¶
scope¶
scope:
string
Defined in¶
PermissionCondition¶
Conditional access constraints evaluated at permission check time
Properties¶
type¶
type:
"time"|"ip"|"mfa"|"custom"
Defined in¶
config¶
config:
Record\<string,unknown>
Defined in¶
AppPermission¶
Enhanced app permission with audit trail and conditions
Properties¶
appId¶
appId:
string
Defined in¶
roles¶
roles:
AppRole[]
Defined in¶
features¶
features:
string[]
Defined in¶
grantedAt¶
grantedAt:
string
Defined in¶
grantedBy¶
grantedBy:
string
Defined in¶
conditions?¶
optionalconditions:PermissionCondition[]
Defined in¶
ResourcePermission¶
Resource-level permission for fine-grained access control
Properties¶
id¶
id:
string
Defined in¶
resourceType¶
resourceType:
string
Defined in¶
resourceId¶
resourceId:
string
Defined in¶
userId¶
userId:
string
Defined in¶
permissions¶
permissions:
string[]
Defined in¶
grantedBy¶
grantedBy:
string
Defined in¶
grantedAt¶
grantedAt:
string
Defined in¶
expiresAt?¶
optionalexpiresAt:string
Defined in¶
PrivacySettings¶
Privacy settings for a user's data controls
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
dataRetentionDays¶
dataRetentionDays:
number
Defined in¶
analyticsOptIn¶
analyticsOptIn:
boolean
Defined in¶
thirdPartySharing¶
thirdPartySharing:
boolean
Defined in¶
profileVisibility¶
profileVisibility:
"friends"|"public"|"private"
Defined in¶
updatedAt¶
updatedAt:
string
Defined in¶
ConsentRecord¶
GDPR consent record tracking user agreements
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
consentType¶
consentType:
"terms"|"privacy"|"cookies"|"marketing"|"data-processing"
Defined in¶
version¶
version:
string
Defined in¶
granted¶
granted:
boolean
Defined in¶
grantedAt¶
grantedAt:
string
Defined in¶
revokedAt?¶
optionalrevokedAt:string
Defined in¶
ipAddress?¶
optionalipAddress:string
Defined in¶
QueryFilter¶
Query filter for database operations
Properties¶
field¶
field:
string
Defined in¶
operator¶
operator:
QueryOperator
Defined in¶
value¶
value:
unknown
Defined in¶
QuerySort¶
Sort configuration for queries
Properties¶
field¶
field:
string
Defined in¶
direction¶
direction:
"asc"|"desc"
Defined in¶
QueryOptions¶
Query options for pagination and sorting
Properties¶
sort?¶
optionalsort:QuerySort[]
Defined in¶
limit?¶
optionallimit:number
Defined in¶
offset?¶
optionaloffset:number
Defined in¶
cursor?¶
optionalcursor:string
Defined in¶
PaginatedResult\<T>¶
Paginated result set
Type Parameters¶
• T
Properties¶
data¶
data:
T[]
Defined in¶
total?¶
optionaltotal:number
Defined in¶
hasMore¶
hasMore:
boolean
Defined in¶
cursor?¶
optionalcursor:string
Defined in¶
TwoFactorConfig¶
Two-factor authentication configuration (stored server-side).
secret and backupCodes are secrets — never expose them to the client.
Properties¶
userId¶
userId:
string
Defined in¶
enabled¶
enabled:
boolean
Defined in¶
method¶
method:
"totp"|"sms"|"email"
Defined in¶
secret?¶
optionalsecret:string
TOTP shared secret (base32). Server-only — never returned to the client.
Defined in¶
verifiedAt?¶
optionalverifiedAt:string
Defined in¶
backupCodes?¶
optionalbackupCodes:string[]
Hashed, single-use recovery codes. Server-only.
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
MfaSetup¶
One-time result of starting MFA enrollment (shown to the user once).
Properties¶
secret¶
secret:
string
Base32 secret for manual entry into an authenticator app.
Defined in¶
otpauthUri¶
otpauthUri:
string
otpauth:// URI to render as a QR code.
Defined in¶
backupCodes¶
backupCodes:
string[]
Plaintext backup codes — shown once, then only their hashes are stored.
Defined in¶
MfaStatus¶
Client-safe MFA status (no secrets).
Properties¶
enabled¶
enabled:
boolean
Defined in¶
method¶
method:
"totp"|"sms"|"email"
Defined in¶
verifiedAt?¶
optionalverifiedAt:string
Defined in¶
backupCodesRemaining¶
backupCodesRemaining:
number
Defined in¶
MfaProvider¶
Backend-agnostic multi-factor / one-time-password contract. Optional on the
AuthAdapter: a backend that offers native MFA (Supabase, Firebase Identity
Platform) implements it; the app-layer TOTP MfaService provides the same
capability over any backend via the data layer.
Methods¶
setupTotp()¶
setupTotp(
userId,accountLabel):Promise\<MfaSetup>
Begin TOTP enrollment: returns secret + otpauth URI + backup codes.
Parameters¶
• userId: string
• accountLabel: string
Returns¶
Promise\<MfaSetup>
Defined in¶
verifyAndEnable()¶
verifyAndEnable(
userId,code):Promise\<boolean>
Verify a code and enable MFA for the user.
Parameters¶
• userId: string
• code: string
Returns¶
Promise\<boolean>
Defined in¶
verify()¶
verify(
userId,code):Promise\<boolean>
Verify a TOTP code or consume a backup code (used at the login challenge).
Parameters¶
• userId: string
• code: string
Returns¶
Promise\<boolean>
Defined in¶
disable()¶
disable(
userId):Promise\<void>
Disable MFA and clear the stored secret/backup codes.
Parameters¶
• userId: string
Returns¶
Promise\<void>
Defined in¶
getStatus()¶
getStatus(
userId):Promise\<MfaStatus>
Client-safe status.
Parameters¶
• userId: string
Returns¶
Promise\<MfaStatus>
Defined in¶
regenerateBackupCodes()¶
regenerateBackupCodes(
userId):Promise\<string[]>
Regenerate backup codes; returns the new plaintext codes once.
Parameters¶
• userId: string
Returns¶
Promise\<string[]>
Defined in¶
SecurityEvent¶
Security event for monitoring account activity
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
eventType¶
eventType:
"login"|"logout"|"password_change"|"mfa_enabled"|"mfa_disabled"|"suspicious_activity"
Defined in¶
ipAddress?¶
optionalipAddress:string
Defined in¶
deviceInfo?¶
optionaldeviceInfo:string
Defined in¶
timestamp¶
timestamp:
string
Defined in¶
metadata?¶
optionalmetadata:Record\<string,unknown>
Defined in¶
PermissionChecker()¶
Permission checker function type
PermissionChecker(
userId,collection,action,documentId?):Promise\<boolean>
Permission checker function type
Parameters¶
• userId: string
• collection: string
• action: "delete" | "read" | "write"
• documentId?: string
Returns¶
Promise\<boolean>
Defined in¶
DataLayerConfig¶
Data layer configuration
Properties¶
adapter¶
adapter:
StorageAdapter
Defined in¶
cache?¶
optionalcache:CacheConfig
Defined in¶
sync?¶
optionalsync:object
enabled¶
enabled:
boolean
Defined in¶
webhooks?¶
optionalwebhooks:object
enabled¶
enabled:
boolean
Defined in¶
permissions?¶
optionalpermissions:object
enabled¶
enabled:
boolean
Defined in¶
IDataLayerService¶
Main data layer service interface
Methods¶
get()¶
get\<
T>(userId,collection,id):Promise\<null|T>
Type Parameters¶
• T
Parameters¶
• userId: string
• collection: string
• id: string
Returns¶
Promise\<null | T>
Defined in¶
create()¶
create\<
T>(userId,collection,data):Promise\<string>
Type Parameters¶
• T extends Record\<string, unknown>
Parameters¶
• userId: string
• collection: string
• data: T
Returns¶
Promise\<string>
Defined in¶
update()¶
update(
userId,collection,id,data):Promise\<void>
Parameters¶
• userId: string
• collection: string
• id: string
• data: Record\<string, unknown>
Returns¶
Promise\<void>
Defined in¶
delete()¶
delete(
userId,collection,id):Promise\<void>
Parameters¶
• userId: string
• collection: string
• id: string
Returns¶
Promise\<void>
Defined in¶
query()¶
query\<
T>(userId,collection,filters,options?):Promise\<PaginatedResult\<T>>
Type Parameters¶
• T
Parameters¶
• userId: string
• collection: string
• filters: QueryFilter[]
• options?: QueryOptions
Returns¶
Promise\<PaginatedResult\<T>>
Defined in¶
subscribe()¶
subscribe\<
T>(userId,collection,id,callback):Unsubscribe
Type Parameters¶
• T
Parameters¶
• userId: string
• collection: string
• id: string
• callback
Returns¶
Defined in¶
batchWrite()¶
batchWrite(
userId,operations):Promise\<void>
Parameters¶
• userId: string
• operations: object[]
Returns¶
Promise\<void>
Defined in¶
setPermissionChecker()¶
setPermissionChecker(
checker):void
Parameters¶
• checker: PermissionChecker
Returns¶
void
Defined in¶
UserSession¶
Active user session tracking
Properties¶
id¶
id:
string
Defined in¶
userId¶
userId:
string
Defined in¶
deviceInfo¶
deviceInfo:
object
type¶
type:
"mobile"|"tablet"|"desktop"
os?¶
optionalos:string
browser?¶
optionalbrowser:string
Defined in¶
ipAddress?¶
optionalipAddress:string
Defined in¶
startedAt¶
startedAt:
string
Defined in¶
lastActiveAt¶
lastActiveAt:
string
Defined in¶
expiresAt¶
expiresAt:
string
Defined in¶
isActive¶
isActive:
boolean
Defined in¶
WriteOptions¶
Options for write operations
Properties¶
merge?¶
optionalmerge:boolean
Defined in¶
WriteResult¶
Result of a write operation
Properties¶
id¶
id:
string
Defined in¶
success¶
success:
boolean
Defined in¶
BatchOperation¶
Batch operation definition
Properties¶
type¶
type:
"set"|"update"|"delete"
Defined in¶
collection¶
collection:
string
Defined in¶
id¶
id:
string
Defined in¶
data?¶
optionaldata:Record\<string,unknown>
Defined in¶
options?¶
optionaloptions:WriteOptions
Defined in¶
BatchResult¶
Result of a batch operation
Properties¶
success¶
success:
boolean
Defined in¶
count¶
count:
number
Defined in¶
errors?¶
optionalerrors:object[]
Defined in¶
StorageAdapter¶
Core storage adapter interface for database abstraction
Methods¶
getDocument()¶
getDocument\<
T>(collection,id):Promise\<null|T>
Type Parameters¶
• T
Parameters¶
• collection: string
• id: string
Returns¶
Promise\<null | T>
Defined in¶
setDocument()¶
setDocument\<
T>(collection,id,data,options?):Promise\<WriteResult>
Type Parameters¶
• T
Parameters¶
• collection: string
• id: string
• data: T
• options?: WriteOptions
Returns¶
Promise\<WriteResult>
Defined in¶
updateDocument()¶
updateDocument(
collection,id,data):Promise\<WriteResult>
Parameters¶
• collection: string
• id: string
• data: Record\<string, unknown>
Returns¶
Promise\<WriteResult>
Defined in¶
deleteDocument()¶
deleteDocument(
collection,id):Promise\<WriteResult>
Parameters¶
• collection: string
• id: string
Returns¶
Promise\<WriteResult>
Defined in¶
query()¶
query\<
T>(collection,filters,options?):Promise\<PaginatedResult\<T>>
Type Parameters¶
• T
Parameters¶
• collection: string
• filters: QueryFilter[]
• options?: QueryOptions
Returns¶
Promise\<PaginatedResult\<T>>
Defined in¶
batchWrite()¶
batchWrite(
operations):Promise\<BatchResult>
Parameters¶
• operations: BatchOperation[]
Returns¶
Promise\<BatchResult>
Defined in¶
subscribe()¶
subscribe\<
T>(collection,id,callback):Unsubscribe
Type Parameters¶
• T
Parameters¶
• collection: string
• id: string
• callback
Returns¶
Defined in¶
subscribeToQuery()¶
subscribeToQuery\<
T>(collection,filters,callback):Unsubscribe
Type Parameters¶
• T
Parameters¶
• collection: string
• filters: QueryFilter[]
• callback
Returns¶
Defined in¶
serverTimestamp()¶
serverTimestamp():
unknown
Returns¶
unknown
Defined in¶
generateId()¶
generateId(
collection):string
Parameters¶
• collection: string
Returns¶
string
Defined in¶
SyncEvent¶
Sync event for real-time data updates
Properties¶
type¶
type:
SyncEventType
Defined in¶
collection¶
collection:
string
Defined in¶
documentId¶
documentId:
string
Defined in¶
data?¶
optionaldata:unknown
Defined in¶
timestamp¶
timestamp:
string
Defined in¶
source?¶
optionalsource:string
Defined in¶
SyncConflict¶
Sync conflict representation
Properties¶
collection¶
collection:
string
Defined in¶
documentId¶
documentId:
string
Defined in¶
localData¶
localData:
unknown
Defined in¶
remoteData¶
remoteData:
unknown
Defined in¶
timestamp¶
timestamp:
string
Defined in¶
DataSyncStatus¶
Data sync status tracking
Properties¶
userId¶
userId:
string
Defined in¶
appId¶
appId:
string
Defined in¶
lastSyncAt¶
lastSyncAt:
string
Defined in¶
syncStatus¶
syncStatus:
"pending"|"error"|"synced"
Defined in¶
pendingChanges¶
pendingChanges:
number
Defined in¶
errorMessage?¶
optionalerrorMessage:string
Defined in¶
UserPreferences¶
Extended user preferences stored in the userPreferences collection.
This is the source of truth for user settings. The embedded
users.preferences field is a denormalized subset (theme, language,
notifications) kept for fast reads on the user document.
When updating preferences, write to this collection first and
then sync the subset back to the user document.
Properties¶
userId¶
userId:
string
Defined in¶
theme¶
theme:
"light"|"dark"|"system"
Defined in¶
language¶
language:
string
Defined in¶
notifications¶
notifications:
boolean
Defined in¶
emailDigest¶
emailDigest:
"daily"|"weekly"|"never"
Defined in¶
privacyLevel¶
privacyLevel:
"friends"|"public"|"private"
Defined in¶
updatedAt¶
updatedAt:
string
Defined in¶
BaseUser¶
Base user interface that apps can extend
Extended by¶
Properties¶
id¶
id:
string
Defined in¶
name¶
name:
string
Defined in¶
email?¶
optionalemail:string
Defined in¶
avatarUrl?¶
optionalavatarUrl:string
Defined in¶
createdAt?¶
optionalcreatedAt:string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
User¶
Unified CyberEco user profile — the canonical user record for the ecosystem.
Merges the former HubUser (app access, admin flags) with the former
SharedUserProfile (demographics, social profiles, per-app data) into a
single source of truth stored in the users collection.
Extends¶
Properties¶
id¶
id:
string
Inherited from¶
Defined in¶
name¶
name:
string
Inherited from¶
Defined in¶
email?¶
optionalemail:string
Inherited from¶
Defined in¶
avatarUrl?¶
optionalavatarUrl:string
Inherited from¶
Defined in¶
createdAt?¶
optionalcreatedAt:string
Inherited from¶
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Inherited from¶
Defined in¶
apps¶
apps:
string[]
IDs of apps this user has access to
Defined in¶
permissions¶
permissions:
AppPermission[]
App-level permission grants
Defined in¶
lastLoginAt?¶
optionallastLoginAt:string
Last successful login timestamp (ISO 8601)
Defined in¶
isAdmin?¶
optionalisAdmin:boolean
Platform-level admin flag
Defined in¶
phoneNumber?¶
optionalphoneNumber:string
Defined in¶
dateOfBirth?¶
optionaldateOfBirth:string
Defined in¶
nationality?¶
optionalnationality:string
Defined in¶
languages¶
languages:
string[]
Defined in¶
location?¶
optionallocation:object
city?¶
optionalcity:string
state?¶
optionalstate:string
country?¶
optionalcountry:string
timezone?¶
optionaltimezone:string
Defined in¶
preferences¶
preferences:
object
Unified user preferences (richer version with nested notifications)
theme¶
theme:
"light"|"dark"|"system"
language¶
language:
string
currency¶
currency:
string
dateFormat¶
dateFormat:
string
timeFormat¶
timeFormat:
"12h"|"24h"
notifications¶
notifications:
object
notifications.email¶
email:
boolean
notifications.push¶
push:
boolean
notifications.sms¶
sms:
boolean
Defined in¶
socialProfiles?¶
optionalsocialProfiles:object
Index Signature¶
[key: string]: string | undefined
linkedin?¶
optionallinkedin:string
twitter?¶
optionaltwitter:string
github?¶
optionalgithub:string
Defined in¶
appData?¶
optionalappData:object
Index Signature¶
[appId: string]: object
Deprecated¶
Violates Tenet #1 (Digital Sovereignty). App state should not
be embedded in the user's canonical record. Use the apps field for
connected app IDs. Apps that need per-user state should store it in their
own collection with a userId reference.
Defined in¶
WebhookEvent¶
Webhook event payload
Properties¶
type¶
type:
string
Defined in¶
payload¶
payload:
unknown
Defined in¶
timestamp¶
timestamp:
string
Defined in¶
source¶
source:
string
Defined in¶
WebhookRegistration¶
Webhook registration configuration
Properties¶
id¶
id:
string
Defined in¶
url¶
url:
string
Defined in¶
events¶
events:
string[]
Defined in¶
secret?¶
optionalsecret:string
Defined in¶
active¶
active:
boolean
Defined in¶
clientId?¶
optionalclientId:string
OAuth client that owns this webhook
Defined in¶
developerId?¶
optionaldeveloperId:string
Developer who registered this webhook
Defined in¶
secretHash?¶
optionalsecretHash:string
SHA-256 hash of the webhook signing secret
Defined in¶
failureCount?¶
optionalfailureCount:number
Consecutive delivery failure count
Defined in¶
createdAt¶
createdAt:
string
Defined in¶
updatedAt?¶
optionalupdatedAt:string
Defined in¶
Type Aliases¶
AuthProviderName¶
AuthProviderName:
"google"|"facebook"|"twitter"
Social sign-in providers supported across backends.
Defined in¶
AuthPersistence¶
AuthPersistence:
"local"|"session"
Where the session is persisted after sign-in.
Defined in¶
BreakpointKey¶
BreakpointKey: keyof typeof
BREAKPOINTS
Defined in¶
BreakpointValue¶
BreakpointValue: typeof
BREAKPOINTS[BreakpointKey]
Defined in¶
SplitType¶
SplitType:
"equal"|"percentage"|"exact"
How an expense is divided among participants
Defined in¶
OAuthScope¶
OAuthScope:
"profile:read"|"profile:write"|"groups:read"|"groups:write"|"expenses:read"|"expenses:write"|"notifications:read"|"notifications:write"
Resource scopes for API access control
Defined in¶
OAuthAppStatus¶
OAuthAppStatus:
"pending"|"active"|"suspended"|"deleted"
Status lifecycle for registered OAuth apps
Defined in¶
OAuthTokenType¶
OAuthTokenType:
"access"|"refresh"
Token type discriminator
Defined in¶
AppRole¶
AppRole:
"owner"|"admin"|"moderator"|"member"
4-tier role hierarchy for group and app permissions
Defined in¶
QueryOperator¶
QueryOperator:
"=="|"!="|"<"|"<="|">"|">="|"in"|"array-contains"|"array-contains-any"
Query operator types
Defined in¶
Unsubscribe()¶
Unsubscribe: () =>
void
Unsubscribe function for real-time listeners
Returns¶
void
Defined in¶
SyncEventType¶
SyncEventType:
"created"|"updated"|"deleted"
Sync event types
Defined in¶
ConflictResolution¶
ConflictResolution:
"remote-wins"|"local-wins"|"merge"|"manual"
Conflict resolution strategies
Defined in¶
HubUser¶
HubUser:
User
Deprecated¶
Use User instead
Defined in¶
SharedUserProfile¶
SharedUserProfile:
User
Deprecated¶
Use User instead
Defined in¶
Variables¶
DEFAULT_CACHE_TTLS¶
constDEFAULT_CACHE_TTLS:Record\<string,number>
Default cache TTLs by collection type (in milliseconds)
Defined in¶
BREAKPOINTS¶
constBREAKPOINTS:object
Shared breakpoint constants for consistent responsive design across the platform
Type declaration¶
mobileSmall¶
readonlymobileSmall:360=360
mobile¶
readonlymobile:480=480
mobileLarge¶
readonlymobileLarge:640=640
tablet¶
readonlytablet:768=768
tabletLarge¶
readonlytabletLarge:900=900
desktop¶
readonlydesktop:1024=1024
desktopMedium¶
readonlydesktopMedium:1200=1200
desktopLarge¶
readonlydesktopLarge:1360=1360
desktopXL¶
readonlydesktopXL:1440=1440
ultraWide¶
readonlyultraWide:1920=1920
navigationMobile¶
readonlynavigationMobile:820=820
containerMax¶
readonlycontainerMax:1200=1200
Defined in¶
mediaQuery¶
constmediaQuery:object
Type declaration¶
up()¶
up: (
breakpoint) =>string
Parameters¶
• breakpoint: "mobileSmall" | "mobile" | "mobileLarge" | "tablet" | "tabletLarge" | "desktop" | "desktopMedium" | "desktopLarge" | "desktopXL" | "ultraWide" | "navigationMobile" | "containerMax"
Returns¶
string
down()¶
down: (
breakpoint) =>string
Parameters¶
• breakpoint: "mobileSmall" | "mobile" | "mobileLarge" | "tablet" | "tabletLarge" | "desktop" | "desktopMedium" | "desktopLarge" | "desktopXL" | "ultraWide" | "navigationMobile" | "containerMax"
Returns¶
string
between()¶
between: (
min,max) =>string
Parameters¶
• min: "mobileSmall" | "mobile" | "mobileLarge" | "tablet" | "tabletLarge" | "desktop" | "desktopMedium" | "desktopLarge" | "desktopXL" | "ultraWide" | "navigationMobile" | "containerMax"
• max: "mobileSmall" | "mobile" | "mobileLarge" | "tablet" | "tabletLarge" | "desktop" | "desktopMedium" | "desktopLarge" | "desktopXL" | "ultraWide" | "navigationMobile" | "containerMax"
Returns¶
string
only()¶
only: (
breakpoint) =>string
Parameters¶
• breakpoint: "mobileSmall" | "mobile" | "mobileLarge" | "tablet" | "tabletLarge" | "desktop" | "desktopMedium" | "desktopLarge" | "desktopXL" | "ultraWide" | "navigationMobile" | "containerMax"
Returns¶
string
Defined in¶
breakpointCssVars¶
constbreakpointCssVars:Record\<string,string>
Defined in¶
COLLECTIONS¶
constCOLLECTIONS:object
Firestore collection names used across the CyberEco ecosystem.
Organized by domain: core platform, permissions, privacy/security, billing, financial, expenses, sync/webhooks. All collections are universal — data belongs to users, not apps (Tenet #1: Digital Sovereignty).
Type declaration¶
USERS¶
readonlyUSERS:"users"='users'
User profiles (stores User docs)
TRANSACTIONS¶
readonlyTRANSACTIONS:"transactions"='transactions'
Cross-app financial transactions (stores Transaction docs)
GROUPS¶
readonlyGROUPS:"groups"='groups'
Shared groups across apps (stores SharedGroup docs)
NOTIFICATIONS¶
readonlyNOTIFICATIONS:"notifications"='notifications'
User notifications (stores Notification docs)
ACTIVITIES¶
readonlyACTIVITIES:"activities"='activities'
User activity feed (stores SharedActivity docs)
APPS¶
readonlyAPPS:"apps"='apps'
Registered CyberEco applications (stores App docs)
FRIENDSHIPS¶
readonlyFRIENDSHIPS:"friendships"='friendships'
Social connections between users (stores Friendship docs)
USER_PREFERENCES¶
readonlyUSER_PREFERENCES:"userPreferences"='userPreferences'
User display/locale preferences (stores UserPreferences docs)
APP_PERMISSIONS¶
readonlyAPP_PERMISSIONS:"appPermissions"='appPermissions'
App-level role grants per user (stores AppPermission docs)
RESOURCE_PERMISSIONS¶
readonlyRESOURCE_PERMISSIONS:"resourcePermissions"='resourcePermissions'
Fine-grained resource access control (stores ResourcePermission docs)
PERMISSION_LOGS¶
readonlyPERMISSION_LOGS:"permissionLogs"='permissionLogs'
Audit trail for permission changes
PRIVACY_SETTINGS¶
readonlyPRIVACY_SETTINGS:"privacySettings"='privacySettings'
User privacy controls (stores PrivacySettings docs)
CONSENT_RECORDS¶
readonlyCONSENT_RECORDS:"consentRecords"='consentRecords'
GDPR consent records (stores ConsentRecord docs)
SESSIONS¶
readonlySESSIONS:"sessions"='sessions'
Active user sessions (stores UserSession docs)
AUDIT_LOGS¶
readonlyAUDIT_LOGS:"auditLogs"='auditLogs'
Action audit trail (stores AuditLogEntry docs)
SECURITY_EVENTS¶
readonlySECURITY_EVENTS:"securityEvents"='securityEvents'
Account security events (stores SecurityEvent docs)
TWO_FACTOR_CONFIGS¶
readonlyTWO_FACTOR_CONFIGS:"twoFactorConfigs"='twoFactorConfigs'
Per-user MFA/2FA configuration (stores TwoFactorConfig docs; server-only secrets)
BILLING_RECORDS¶
readonlyBILLING_RECORDS:"billingRecords"='billingRecords'
Subscription records (stores BillingRecord docs)
INVOICES¶
readonlyINVOICES:"invoices"='invoices'
Billing invoices (stores Invoice docs)
BUDGETS¶
readonlyBUDGETS:"budgets"='budgets'
User budgets across apps (stores Budget docs)
BANK_ACCOUNTS¶
readonlyBANK_ACCOUNTS:"bankAccounts"='bankAccounts'
Bank account references (stores BankAccount docs)
DATA_SYNC_STATUS¶
readonlyDATA_SYNC_STATUS:"dataSyncStatus"='dataSyncStatus'
Real-time sync status (stores DataSyncStatus docs)
WEBHOOK_REGISTRATIONS¶
readonlyWEBHOOK_REGISTRATIONS:"webhookRegistrations"='webhookRegistrations'
Webhook endpoint registrations (stores WebhookRegistration docs)
EXPENSES¶
readonlyEXPENSES:"expenses"='expenses'
Shared expense records (stores Expense docs)
SETTLEMENTS¶
readonlySETTLEMENTS:"settlements"='settlements'
Debt settlement records (stores Settlement docs)
EVENTS¶
readonlyEVENTS:"events"='events'
Event/trip records for group contexts
EXPENSE_GROUPS¶
readonlyEXPENSE_GROUPS:"expenseGroups"='expenseGroups'
Expense tracking groups (stores ExpenseGroup docs)
OAUTH_APPS¶
readonlyOAUTH_APPS:"oauthApps"='oauthApps'
Registered OAuth applications (stores OAuthApp docs)
OAUTH_AUTHORIZATION_CODES¶
readonlyOAUTH_AUTHORIZATION_CODES:"oauthAuthorizationCodes"='oauthAuthorizationCodes'
OAuth authorization codes — Phase 2 (stores OAuthAuthorizationCode docs)
OAUTH_TOKENS¶
readonlyOAUTH_TOKENS:"oauthTokens"='oauthTokens'
OAuth access/refresh tokens (stores OAuthToken docs)
OAUTH_CONSENTS¶
readonlyOAUTH_CONSENTS:"oauthConsents"='oauthConsents'
User consent records for OAuth apps (stores OAuthConsent docs)
APP_USAGE_STATS¶
readonlyAPP_USAGE_STATS:"appUsageStats"='appUsageStats'
Daily API usage stats per client (stores AppUsageStats docs)
WEBHOOK_DELIVERIES¶
readonlyWEBHOOK_DELIVERIES:"webhookDeliveries"='webhookDeliveries'
Webhook delivery attempt records (stores WebhookDelivery docs)
FINANCIAL_PROFILES¶
readonlyFINANCIAL_PROFILES:"financialProfiles"='financialProfiles'
Mexican financial profile (stores FinancialProfile docs)
PROPERTY_RECORDS¶
readonlyPROPERTY_RECORDS:"propertyRecords"='propertyRecords'
Real estate / property records (stores PropertyRecord docs)
SCENARIOS¶
readonlySCENARIOS:"scenarios"='scenarios'
Wealth projection scenarios (stores ScenarioRecord docs)
CREDIT_CARDS¶
readonlyCREDIT_CARDS:"creditCards"='creditCards'
Cashback credit card configs (stores CreditCardRecord docs)
JUSTSPLIT_EXPENSES¶
readonlyJUSTSPLIT_EXPENSES:"expenses"='expenses'
Deprecated¶
Use EXPENSES instead
JUSTSPLIT_SETTLEMENTS¶
readonlyJUSTSPLIT_SETTLEMENTS:"settlements"='settlements'
Deprecated¶
Use SETTLEMENTS instead
JUSTSPLIT_EVENTS¶
readonlyJUSTSPLIT_EVENTS:"events"='events'
Deprecated¶
Use EVENTS instead
JUSTSPLIT_GROUPS¶
readonlyJUSTSPLIT_GROUPS:"expenseGroups"='expenseGroups'
Deprecated¶
Use EXPENSE_GROUPS instead
Defined in¶
websiteNavLinks¶
constwebsiteNavLinks:NavigationLink[]
Website navigation configuration
Defined in¶
websiteHubButton¶
constwebsiteHubButton:NavigationActionButton
Defined in¶
websiteNavConfig¶
constwebsiteNavConfig:Partial\<NavigationProps>
Defined in¶
hubNavLinks¶
consthubNavLinks:NavigationLink[]
Hub navigation configuration
Defined in¶
hubNavConfig¶
consthubNavConfig:Partial\<NavigationProps>
Defined in¶
justSplitNavLinks¶
constjustSplitNavLinks:NavigationLink[]
JustSplit navigation configuration
Defined in¶
justSplitNavConfig¶
constjustSplitNavConfig:Partial\<NavigationProps>
Defined in¶
ROLE_HIERARCHY¶
constROLE_HIERARCHY:Record\<AppRole,number>
Role hierarchy values for comparison
Defined in¶
Functions¶
hasMinimumRole()¶
hasMinimumRole(
userRole,requiredRole):boolean
Check if user role meets minimum requirement
Parameters¶
• userRole: AppRole
• requiredRole: AppRole
Returns¶
boolean