Update pre MFA workflow example

[chris-saunders-rocketlab]

Add missing import;
Define MFAPolicy constant as MFAPolicy and MFAEnforcementPolicy are differing string unions;
Add kinde.mfa binding;

Explain your changes

Simple update primarily to add the kinde.mfa binding which is required to use setEnforcementPolicy.

Also adds a missing import (createKindeAPI) and defines a constant for MFAPolicy since the MFAPolicy and MFAEnforcementPolicy types from the infrastructure library are actually differing string unions which will save time for anyone not too familiar with typescript.

Happy to add a PR in infrastructure for the last one but I figured this would do for an example workflow.

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

Summary by CodeRabbit

• New Features
  • Enhanced MFA policy management with a new configurable "kinde.mfa" setting for administrators and improved policy decision handling that preserves existing grace-period behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds an MFAPolicy mapping for standardized MFA enforcement values, imports createKindeAPI from @kinde/infrastructure, and registers a new public binding "kinde.mfa" in workflowSettings. MFA policy decisions now reference the mapping instead of string literals.

Changes

Cohort / File(s)	Summary
MFA policy, import, and binding preMFA/gracePeriodWorkflow.ts	Introduce MFAPolicy mapping (Required -> "required", Skip -> "skip"), add createKindeAPI import, and add public binding "kinde.mfa" to workflowSettings. MFA logic now uses the mapping for policy selection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 I hopped through code with a twitch and a grin,
Mapped MFA choices so clarity could win,
A new binding placed, tidy and spry,
Policies aligned beneath the sky,
Graceful hops forward—ready to fly! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change in the pull request - updating the pre-MFA workflow example with necessary imports, type mappings, and bindings.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

preMFA/gracePeriodWorkflow.ts (1)

51-55: ⚠️ Potential issue | 🟡 Minor

MFA_GRACE_PERIOD_IN_MS silently becomes NaN when the env var is missing.

If MFA_GRACE_PERIOD_IN_HOURS is not set, getEnvironmentVariable returns undefined, and Number(undefined) is NaN. The grace-period comparison then always evaluates to false, so MFA is always required — a safe default, but this fails silently and could confuse operators debugging why the grace period "isn't working."

Consider adding an early guard with a log to surface the misconfiguration.

🛡️ Proposed guard

- const MFA_GRACE_PERIOD_IN_MS =
-   Number(getEnvironmentVariable("MFA_GRACE_PERIOD_IN_HOURS")?.value) *
-   60 *
-   60 *
-   1000;
+ const gracePeriodHours = Number(
+   getEnvironmentVariable("MFA_GRACE_PERIOD_IN_HOURS")?.value
+ );
+
+ if (isNaN(gracePeriodHours)) {
+   console.log(
+     "MFA_GRACE_PERIOD_IN_HOURS is not set or invalid — MFA will always be required"
+   );
+   setEnforcementPolicy("required");
+   return;
+ }
+
+ const MFA_GRACE_PERIOD_IN_MS = gracePeriodHours * 60 * 60 * 1000;

🧹 Nitpick comments (1)

preMFA/gracePeriodWorkflow.ts (1)

11-14: Tighten the type of MFAPolicy to preserve compile-time key safety.

The {[key: string]: MFAEnforcementPolicy} index signature means MFAPolicy.Typo silently evaluates to undefined at runtime without a TypeScript error. Using as const (with a satisfies check if you want the MFAEnforcementPolicy constraint) retains both literal types and key safety.

♻️ Suggested tighter typing

-const MFAPolicy: {[key: string]: MFAEnforcementPolicy} = {
-  Required: "required",
-  Skip: "skip"
-}
+const MFAPolicy = {
+  Required: "required",
+  Skip: "skip",
+} as const satisfies Record<string, MFAEnforcementPolicy>;