feat(opsserver): add admin user create/delete management and default hosted idp.global auth support

ts_interfaces/requests/users.ts

@@ -2,8 +2,10 @@ import * as plugins from '../plugins.js';
 import * as authInterfaces from '../data/auth.js';
 import type { IAdminUserProjection } from './admin.js';
 
+export type TUserManagementRole = 'admin' | 'user';
+
 /**
- * List all OpsServer users (admin-only, read-only).
+ * List all OpsServer users (admin-only).
  * Deliberately omits password/secret fields from the response.
  */
 export interface IReq_ListUsers extends plugins.typedrequestInterfaces.implementsTR<
@@ -18,3 +20,44 @@ export interface IReq_ListUsers extends plugins.typedrequestInterfaces.implement
     users: IAdminUserProjection[];
   };
 }
+
+/**
+ * Create a persisted OpsServer user account (admin-only).
+ */
+export interface IReq_CreateUser extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_CreateUser
+> {
+  method: 'createUser';
+  request: {
+    identity: authInterfaces.IIdentity;
+    email: string;
+    name?: string;
+    role: TUserManagementRole;
+    password: string;
+    enableIdpGlobalAuth?: boolean;
+  };
+  response: {
+    success: boolean;
+    user?: IAdminUserProjection;
+    message?: string;
+  };
+}
+
+/**
+ * Delete a persisted OpsServer user account (admin-only).
+ */
+export interface IReq_DeleteUser extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_DeleteUser
+> {
+  method: 'deleteUser';
+  request: {
+    identity: authInterfaces.IIdentity;
+    id: string;
+  };
+  response: {
+    success: boolean;
+    message?: string;
+  };
+}