feat: add UserInviteToTenantCommand for inviting users to a tenant

[odinellefsen]

Summary by CodeRabbit

• New Features

  • Invite existing users to a tenant via API.
  • Delete the currently authenticated user via API.

• Bug Fixes

  • Fixed user deletion endpoint path (removed trailing slash).

• Tests

  • Added tests covering user invite and user delete flows.

• Chores

  • Updated release version and changelog.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds two user-facing commands: UserDeleteCommand (DELETE /api/users) and UserInviteToTenantCommand (POST /api/users/invitations), exports them from the public commands index, and adds tests plus release/version metadata updates.

Changes

Cohort / File(s)	Summary
Public exports src/commands/index.ts	Exported newly added commands: user.user.delete.ts, user.user.invite-to-tenant.ts to the public API surface.
Command implementations src/commands/user/user.delete.ts, src/commands/user/user.invite-to-tenant.ts	Added UserDeleteCommand (DELETE /api/users, bearer auth, response schema id:string) and UserInviteToTenantCommand (POST /api/users/invitations, bearer auth, input/output types, response schema). Both parse responses via helper.
Tests test/tests/commands/user.test.ts	Added tests covering UserDeleteCommand and UserInviteToTenantCommand request/response behavior and headers.
Release / version files .github/workflows/.release-please-manifest.json, deno.json, CHANGELOG.md	Bumped manifest and deno.json versions to 1.66.0 and added changelog entry for 1.66.0 (includes UserDelete entries).

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Auth as Authenticator
  participant UserAPI as User API
  participant Parser as Response Parser

  Client->>Auth: Attach bearer token
  Client->>UserAPI: POST /api/users/invitations (invite payload)
  UserAPI-->>Client: 200 { success, tenantName, invitedEmail }
  Client->>Parser: parseResponseHelper(response, responseSchema)
  Parser-->>Client: Typed UserInviteToTenantOutput

Loading

sequenceDiagram
  participant Client
  participant Auth as Authenticator
  participant UserAPI as User API
  participant Parser as Response Parser

  Client->>Auth: Attach bearer token
  Client->>UserAPI: DELETE /api/users
  UserAPI-->>Client: 200 { id }
  Client->>Parser: parseResponseHelper(response, responseSchema)
  Parser-->>Client: Typed UserDeleteOutput

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: add UserDeleteCommand to handle deletion of the authenticated user #179: Related changes to src/commands/user/user.delete.ts implementing user deletion.
• chore(main): release 1.66.0 #180: Release PR that publishes the UserDeleteCommand additions included here.

Suggested reviewers

• suuunly
• jbiskur

Poem

🐰 I hopped in with a cheer,

A DELETE and POST appear,
Invites and exits in flight,
Tests snugly hold them tight,
Cheers — the rabbit signs it here 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the primary feature added (UserInviteToTenantCommand), though it omits the secondary UserDeleteCommand addition.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Around line 3-17: Add a missing changelog entry for the new
UserInviteToTenantCommand by adding a bullet under the "Features" section
describing the addition (e.g., "add UserInviteToTenantCommand and corresponding
tests for inviting users to a tenant") and reference the commit/PR that
introduced it (use the commit hash or PR link for the change), ensuring the
symbol name UserInviteToTenantCommand appears exactly as in the codebase so the
release notes accurately reflect the new feature.

In `@test/tests/commands/user.test.ts`:
- Around line 82-88: The mock path used in the test doesn't match the path
produced by UserDeleteCommand.getPath(): the test registers DELETE "/api/users/"
(trailing slash) while the command returns "/api/users" (no trailing slash);
update the test to mock DELETE "/api/users" (remove the trailing slash) so the
fetchMockerBuilder.delete call matches UserDeleteCommand.getPath(), and ensure
matchHeaders and matchBody remain unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Changelog is missing UserInviteToTenantCommand entry.

The PR title indicates this PR adds UserInviteToTenantCommand, but the changelog only documents UserDeleteCommand. The UserInviteToTenantCommand should be documented as a new feature in this release.

🤖 Prompt for AI Agents

In `@CHANGELOG.md` around lines 3 - 17, Add a missing changelog entry for the new
UserInviteToTenantCommand by adding a bullet under the "Features" section
describing the addition (e.g., "add UserInviteToTenantCommand and corresponding
tests for inviting users to a tenant") and reference the commit/PR that
introduced it (use the commit hash or PR link for the change), ensuring the
symbol name UserInviteToTenantCommand appears exactly as in the codebase so the
release notes accurately reflect the new feature.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Path mismatch causes test failure.

The test mocks DELETE /api/users/ (with trailing slash), but the UserDeleteCommand.getPath() returns /api/users (without trailing slash). This mismatch is the cause of the pipeline failure: "Mocked requests not called: DELETE https://user-2.api.flowcore.io/api/users/".

🐛 Proposed fix

-      fetchMockerBuilder.delete("/api/users/")
+      fetchMockerBuilder.delete("/api/users")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	fetchMockerBuilder.delete("/api/users/")
	.matchHeaders({
	Authorization: "Bearer BEARER_TOKEN",
	"Content-Type": "application/json",
	})
	.matchBody({})
	.respondWith(200, responseData)
	fetchMockerBuilder.delete("/api/users")
	.matchHeaders({
	Authorization: "Bearer BEARER_TOKEN",
	"Content-Type": "application/json",
	})
	.matchBody({})
	.respondWith(200, responseData)

🤖 Prompt for AI Agents

In `@test/tests/commands/user.test.ts` around lines 82 - 88, The mock path used in
the test doesn't match the path produced by UserDeleteCommand.getPath(): the
test registers DELETE "/api/users/" (trailing slash) while the command returns
"/api/users" (no trailing slash); update the test to mock DELETE "/api/users"
(remove the trailing slash) so the fetchMockerBuilder.delete call matches
UserDeleteCommand.getPath(), and ensure matchHeaders and matchBody remain
unchanged.