@ax-hub/sdk 0.0.6 → 0.1.1

package/dist/index.d.cts

@@ -493,8 +493,11 @@ declare class AuthzClient {
     scoped(tenantSlug: string): TenantAuthzClient;
 }
 declare class TenantAuthzClient {
+    /** @adminOnly Tag governance. `list()` requires tenant_admin (v0.1, SPEC 307) — member callers get ForbiddenError (no auto-retry; permission, not transient). Members browse the data catalog via `gateway.catalog`. */
     readonly tags: Crud<AuthzTag>;
+    /** @adminOnly Subject governance. `list()` requires tenant_admin (v0.1) — member callers get ForbiddenError. */
     readonly subjects: Crud<AuthzSubject>;
+    /** @adminOnly Grant governance. `list()` requires tenant_admin (v0.1) — member callers get ForbiddenError. */
     readonly grants: Crud<AuthzGrant>;
     readonly evaluator: AuthzEvaluatorClient;
     constructor(http: HttpClient, tenantSlug: string);
@@ -1962,16 +1965,121 @@ interface GatewayQueryResult<Row = Record<string, unknown>> {
     rowCount: number;
     matchedPolicies?: string[];
 }
+interface CatalogKindAction {
+    allowedEffects: string[];
+    inputSchema?: unknown;
+    resultSchema?: unknown;
+}
+interface CatalogKind {
+    kind: string;
+    engine: string;
+    displayName: string;
+    invokable: boolean;
+    actions: Record<string, CatalogKindAction>;
+}
+interface CatalogConnector {
+    id: string;
+    name: string;
+    engine: string;
+    description?: string;
+    url: string;
+}
+interface CatalogTag {
+    id: string;
+    name: string;
+}
+/** permissions.read on a catalog list item. `allowedColumns`/`columnMasks` are detail-only. */
+interface CatalogPermissionsReadList {
+    allowed: boolean;
+    denyReason?: string;
+    rowFilter?: string;
+    mask?: string;
+    inputSchema?: unknown;
+    resultSchema?: unknown;
+}
+/** permissions.read on a catalog detail (table) — adds the SQL-authoring reference fields. */
+interface CatalogPermissionsReadDetail extends CatalogPermissionsReadList {
+    /** Columns the caller may SELECT. Present on table detail only — the 1st reference for SQL authoring. */
+    allowedColumns?: string[];
+    /** Per-column mask algorithm (redact/null/hash/partial/last4). */
+    columnMasks?: Record<string, string>;
+}
+interface CatalogResourceView {
+    id: string;
+    connector: string;
+    connectorId: string;
+    path: string;
+    url: string;
+    kind?: string;
+    type: string;
+    name: string;
+    attributes: Record<string, unknown>;
+    tags: CatalogTag[];
+    permissions: {
+        read: CatalogPermissionsReadList;
+    };
+}
+interface CatalogAncestor {
+    id: string;
+    name: string;
+    type: string;
+    path: string;
+}
+interface CatalogResourceDetail {
+    id: string;
+    connector: string;
+    connectorId: string;
+    path: string;
+    url: string;
+    kind?: string;
+    type: string;
+    name: string;
+    attributes: Record<string, unknown>;
+    tags: CatalogTag[];
+    ancestors: CatalogAncestor[];
+    children: CatalogResourceView[];
+    permissions: {
+        read: CatalogPermissionsReadDetail;
+    };
+}
+interface CatalogResourceFilter {
+    search?: string;
+    kind?: string;
+    connector?: string;
+    connectorId?: string;
+    limit?: number;
+}
+interface InvokeInput {
+    sql: string;
+    params?: unknown[];
+    rowLimit?: number;
+}
+/** invoke(...) result. Mirrors GatewayQueryResult + the resolved `action`. Rows are zipped to objects. */
+interface InvokeResult<Row = Record<string, unknown>> {
+    allowed: boolean;
+    action: string;
+    denyReason?: string;
+    columns: GatewayQueryColumn[];
+    rows: Row[];
+    rowCount: number;
+    matchedPolicies?: string[];
+}
 declare class GatewayClient {
     private readonly http;
     constructor(http: HttpClient);
     scoped(tenantSlug: string): TenantGatewayClient;
 }
 declare class TenantGatewayClient {
+    /** @adminOnly Global engine catalog. Governance read — requires tenant_admin (v0.1, SPEC 307). */
     readonly engines: GatewayEnginesClient;
+    /** @adminOnly Connector governance (list/create/update/...). Member callers get ForbiddenError (v0.1). Members use `catalog.listConnectors()`. */
     readonly connectors: GatewayConnectorsClient;
+    /** @adminOnly Raw resource governance. Member callers get ForbiddenError (v0.1). Members use `catalog.listResources()`. */
     readonly resources: GatewayResourcesClient;
+    /** Run a parameterized read query. Member OK. See also `catalog.invoke()`. */
     readonly query: GatewayQueryClient;
+    /** Member-facing catalog: discover connectors/resources you can read + invoke. */
+    readonly catalog: GatewayCatalogClient;
     constructor(http: HttpClient, tenantSlug: string);
 }
 declare class GatewayEnginesClient {
@@ -2000,8 +2108,78 @@ declare class GatewayQueryClient {
     private readonly http;
     private readonly base;
     constructor(http: HttpClient, base: string);
+    /**
+     * Run a parameterized read query against a connector resource.
+     *
+     * Policy deny is a normal HTTP 200 response, NOT a throw: branch on `result.allowed`.
+     * When denied, `matchedPolicies` is empty/absent and `denyReason` is generic
+     * ("policy deny") or a `safesql:`-prefixed SQL-format message — use `isPolicyDeny()` /
+     * `isSqlFormatError()` to tell them apart.
+     *
+     * @throws InternalServerError v0.1 — referencing a column outside the catalog's
+     *   `allowedColumns` lets the SQL reach the external DB, which answers column-not-found;
+     *   the backend surfaces that as 500. Do NOT auto-retry — guide the user to the
+     *   resource detail's `allowedColumns` (see `getAccessibleColumns`).
+     * @throws PoolStaleError 401 after a credential refresh retry.
+     */
     run<Row extends Record<string, unknown> = Record<string, unknown>>(input: GatewayQueryInput, opts?: RequestOptions): Promise<GatewayQueryResult<Row>>;
 }
+/**
+ * Member-facing gateway catalog: connectors/resources the caller can read, plus `invoke`.
+ * Distinct from the `@adminOnly` governance clients (`connectors`/`resources`/`engines`).
+ */
+declare class GatewayCatalogClient {
+    private readonly http;
+    private readonly base;
+    constructor(http: HttpClient, tenantBase: string);
+    /** ResourceKind capability catalog (global, tenant-independent). Member OK. */
+    listKinds(opts?: RequestOptions): Promise<CatalogKind[]>;
+    /** Connectors the caller has read access to (1+ readable resource). Member OK. */
+    listConnectors(opts?: RequestOptions): Promise<CatalogConnector[]>;
+    /** Search resources the caller can read (across connectors). Member OK. */
+    listResources(filter?: CatalogResourceFilter, opts?: RequestOptions): Promise<CatalogResourceView[]>;
+    /**
+     * Single resource detail (with `allowedColumns` for SQL authoring). Member OK.
+     *
+     * @throws NotFoundError when the caller has no read access to `path` — denied and
+     *   non-existent are intentionally indistinguishable (strict zero-trust, v0.1).
+     *   Use `hasAccess()` for a boolean check that does not throw.
+     */
+    getResource(connector: string, path: string, opts?: RequestOptions): Promise<CatalogResourceDetail>;
+    /**
+     * Invoke an action on a resource (v1: `read`). Member OK.
+     *
+     * Policy deny is a normal HTTP 200 (`allowed: false`), NOT a throw — branch on the result.
+     * @throws InternalServerError referencing a column outside `allowedColumns` (no auto-retry).
+     */
+    invoke<Row extends Record<string, unknown> = Record<string, unknown>>(connector: string, path: string, input: InvokeInput, opts?: RequestOptions): Promise<InvokeResult<Row>>;
+    /** True if the caller can read `path` (getResource without throwing on denial). Member OK. */
+    hasAccess(connector: string, path: string, opts?: RequestOptions): Promise<boolean>;
+    /**
+     * Catalog list + each resource's detail (with `allowedColumns`) in one call. Member OK.
+     * Issues one detail request per resource (N+1) — avoid over large catalogs / in tight loops.
+     */
+    listResourcesWithDetail(filter?: CatalogResourceFilter, opts?: RequestOptions): Promise<CatalogResourceDetail[]>;
+}
+/** True when the response is allowed (typed narrowing convenience). */
+declare function isAllowed(r: GatewayQueryResult | InvokeResult): boolean;
+/**
+ * True when a deny is an SQL-format rejection the caller can fix by editing the SQL.
+ *
+ * The live backend wraps these as `"SQL 형식 오류: safesql: only SELECT or WITH allowed
+ * (got \"delete\")"` — a Korean prefix plus the inner `safesql:` marker. Matches either so
+ * it survives wording shifts in the wrapper. String matching is brittle by construction;
+ * branch on this for UX hints only, not control flow that must be exact.
+ */
+declare function isSqlFormatError(r: GatewayQueryResult | InvokeResult): boolean;
+/** True when a deny is a policy denial (not an SQL-format error). Editing SQL will not help. */
+declare function isPolicyDeny(r: GatewayQueryResult | InvokeResult): boolean;
+/** Columns the caller may SELECT from a resource detail (empty if none/denied). */
+declare function getAccessibleColumns(detail: CatalogResourceDetail): string[];
+/** Mask algorithm applied to a column (redact/null/hash/partial/last4), or null if unmasked. */
+declare function getMaskHint(detail: CatalogResourceDetail, columnName: string): string | null;
+/** Last path segment for a SQL `FROM` clause ("axhub-qa-mysql/employees" → "employees"). */
+declare function tableFromPath(path: string): string;
 
 interface IssuePersonalAccessTokenInput {
     name: string;
@@ -2402,4 +2580,4 @@ interface VerifyWebhookResult {
 declare function signWebhook(rawBody: Buffer | Uint8Array | string, secret: string, timestamp?: string): string;
 declare function verifyWebhook(input: VerifyWebhookInput): VerifyWebhookResult;
 
-export { AbortError, AccessDeniedError, type AddColumnInput, type AddCommentInput, type AddGrantInput, AlreadyAccessedError, AlreadyActiveError, AlreadyDeletedError, AlreadyInactiveError, AlreadyMemberError, AlreadyRevokedError, AlreadySettledError, type AnonymizeInput, type AppAccess, type AppCategory, type AppID, type AppId, type AppResponse, AppScopedClient, AppScopedDataClient, type AppSlug, type AppTable, type AppTemplate, AppUnavailableError, AppsClient, AuditClient, type AuditEvent, type AuditEventID, type AuthProvider, type AuthRing, AuthorizationPendingError, AuthzClient, type AuthzGrant, type AuthzSubject, type AuthzTag, AxHubClient, type AxHubClientOptions, AxHubError, type AxHubErrorInit, BadRequestError, type Branded, type BuildLogEvent, type BulkInviteResult, type ColumnType, type Comment, ConfigurationError, ConflictError, type ConnectGitInput, type ConnectorID, type CreateAppInput, type CreateCategoryInput, type CreateDeploymentInput, type CreateOAuthClientInput, type CreateTableInput, type CreateTenantInput, type CursorDirection, DEFAULT_BASE_URL, type DataBulkResult, DataClient, type DataCountOptions, type DataGetOptions, type DataListOptions, type DataOrderBy, DataTableClient, type DataTableSchema, type DecideInput, type DecideResult, DecodeError, type DeploymentID, type DeploymentId, type DeploymentResponse, type DeploymentStatus, DeploymentsClient, type DeviceAuthorizationResponse, DeviceFlowDeniedError, DeviceFlowTimeoutError, type DiscoverAppsOptions, type DiscoverOptions, type DispatchContext, DomainTakenError, DuplicateError, type EmailDomain, type EmitAuditEventInput, EmptyError, type EnvVar, ExpiredTokenError, type FetchLike, type FieldError, ForbiddenError, GatewayClient, type GatewayConnector, type GatewayEngine, type GatewayQueryColumn, type GatewayQueryInput, type GatewayQueryResult, type GatewayResource, type GitConnection, type GitConnectionSetup, type GitConnectionStatus, type GithubInstallStart, type GrantID, type GrantPrincipalType, type GrantScope, IdentityClient, IdentityDeviceCodeClient, IdentityMeClient, IdentityOAuthClient, IdentityOIDCClient, IdentityPATClient, type IdentityProvider, IdentityProviderClient, IdentitySystemOAuthClientsClient, type InferRow, type InstallStartInput, type IntegrityCheckResult, InternalServerError, IntrospectFailedError, InvalidCursorError, InvalidGrantError, InvalidPathError, InvalidStateTransitionError, InvalidValueError, InvitationExpiredError, type InviteTenantMemberInput, type IssuePersonalAccessTokenInput, type IssuePersonalAccessTokenResult, type KeysetCursor, LastAdminError, LegacyCursorError, type LikeResult, type LikeStatus, type ListAllItem, type ListAllOptions, type ListOptions, type Logger, type MeResponse, type MockClientOptions, type MockFixtures, MockInProductionError, type MockRow, type MockSchemas, MockStore, NetworkError, NoAuth, NotAdminError, NotAllowedError, NotDeletedError, NotFoundError, NotMemberError, type OAuthClient, type OAuthClientWithSecret, OAuthError, type OAuthErrorInit, type OAuthTokenResponse, type OrderByField, type PATID, type PATSummary, type PaginatedList, type ParsedFrame, type PatId, PendingExistsError, PermanentlyDeletedError, PermissionDeniedError, type PodEventEvent, type PodLogEvent, PoolStaleError, PreconditionFailedError, type PublicationRequest, type PublicationRequestStatus, PublicationRequestsClient, type QueryExpr, type RateLimitStrategy, RateLimitedError, type RequestId, RequiredError, type ResourceID, type RetryInfo, type SSEStream, ScanLimitExceededError, SchemaCache, type SchemaCacheOptions, SchemaNameTakenError, type SchemaShapeFromRow, type SelectColumns, type SettlePublicationInput, type SignIconUploadInput, type SignIconUploadResult, SlowDownError, SlugTakenError, StaticTokenAuth, StreamConsumedError, type StreamItem, type SubjectID, type SubmitPublicationInput, type SystemOAuthClient, type TableColumn, type TableConstraint, type TableGrant, type TableID, type TableIndex, TableNotFoundError, type TableSchema, type TagID, type Tenant, TenantGatewayClient, type TenantID, type TenantId, type TenantInvitation, type TenantMember, TenantScopedAppsClient, TenantScopedClient, type TenantSlug, TenantSlugRequiredError, TenantsClient, TimeoutError, TokenExpiredError, TokenInvalidError, TokenMissingError, type TokenType, UnauthenticatedError, UnavailableError, type UnlikeResult, type UnpublishInput, type UpdateAppInput, type UpdateGitConnectionInput, type UpdateTenantInput, type UserID, type UserId, ValidationError, type VerifyWebhookInput, type VerifyWebhookResult, WebhookVerificationError, type WebhookVerifyReason, and, asAppId, asAppSlug, asDeploymentId, asPatId, asRequestId, asTenantId, asTenantSlug, asUserId, assertMockModeAllowed, createMockStore, cursorFromRow, decodeCursor, defineSchema, dispatch, encodeCursor, escapeLike, formatErrorMessage, id, isOAuthPath, not, or, orderByFingerprint, parseRetryAfter, raw, schemaCacheKey, signWebhook, verifyWebhook, where };
+export { AbortError, AccessDeniedError, type AddColumnInput, type AddCommentInput, type AddGrantInput, AlreadyAccessedError, AlreadyActiveError, AlreadyDeletedError, AlreadyInactiveError, AlreadyMemberError, AlreadyRevokedError, AlreadySettledError, type AnonymizeInput, type AppAccess, type AppCategory, type AppID, type AppId, type AppResponse, AppScopedClient, AppScopedDataClient, type AppSlug, type AppTable, type AppTemplate, AppUnavailableError, AppsClient, AuditClient, type AuditEvent, type AuditEventID, type AuthProvider, type AuthRing, AuthorizationPendingError, AuthzClient, type AuthzGrant, type AuthzSubject, type AuthzTag, AxHubClient, type AxHubClientOptions, AxHubError, type AxHubErrorInit, BadRequestError, type Branded, type BuildLogEvent, type BulkInviteResult, type CatalogAncestor, type CatalogConnector, type CatalogKind, type CatalogKindAction, type CatalogPermissionsReadDetail, type CatalogPermissionsReadList, type CatalogResourceDetail, type CatalogResourceFilter, type CatalogResourceView, type CatalogTag, type ColumnType, type Comment, ConfigurationError, ConflictError, type ConnectGitInput, type ConnectorID, type CreateAppInput, type CreateCategoryInput, type CreateDeploymentInput, type CreateOAuthClientInput, type CreateTableInput, type CreateTenantInput, type CursorDirection, DEFAULT_BASE_URL, type DataBulkResult, DataClient, type DataCountOptions, type DataGetOptions, type DataListOptions, type DataOrderBy, DataTableClient, type DataTableSchema, type DecideInput, type DecideResult, DecodeError, type DeploymentID, type DeploymentId, type DeploymentResponse, type DeploymentStatus, DeploymentsClient, type DeviceAuthorizationResponse, DeviceFlowDeniedError, DeviceFlowTimeoutError, type DiscoverAppsOptions, type DiscoverOptions, type DispatchContext, DomainTakenError, DuplicateError, type EmailDomain, type EmitAuditEventInput, EmptyError, type EnvVar, ExpiredTokenError, type FetchLike, type FieldError, ForbiddenError, GatewayCatalogClient, GatewayClient, type GatewayConnector, type GatewayEngine, type GatewayQueryColumn, type GatewayQueryInput, type GatewayQueryResult, type GatewayResource, type GitConnection, type GitConnectionSetup, type GitConnectionStatus, type GithubInstallStart, type GrantID, type GrantPrincipalType, type GrantScope, IdentityClient, IdentityDeviceCodeClient, IdentityMeClient, IdentityOAuthClient, IdentityOIDCClient, IdentityPATClient, type IdentityProvider, IdentityProviderClient, IdentitySystemOAuthClientsClient, type InferRow, type InstallStartInput, type IntegrityCheckResult, InternalServerError, IntrospectFailedError, InvalidCursorError, InvalidGrantError, InvalidPathError, InvalidStateTransitionError, InvalidValueError, InvitationExpiredError, type InviteTenantMemberInput, type InvokeInput, type InvokeResult, type IssuePersonalAccessTokenInput, type IssuePersonalAccessTokenResult, type KeysetCursor, LastAdminError, LegacyCursorError, type LikeResult, type LikeStatus, type ListAllItem, type ListAllOptions, type ListOptions, type Logger, type MeResponse, type MockClientOptions, type MockFixtures, MockInProductionError, type MockRow, type MockSchemas, MockStore, NetworkError, NoAuth, NotAdminError, NotAllowedError, NotDeletedError, NotFoundError, NotMemberError, type OAuthClient, type OAuthClientWithSecret, OAuthError, type OAuthErrorInit, type OAuthTokenResponse, type OrderByField, type PATID, type PATSummary, type PaginatedList, type ParsedFrame, type PatId, PendingExistsError, PermanentlyDeletedError, PermissionDeniedError, type PodEventEvent, type PodLogEvent, PoolStaleError, PreconditionFailedError, type PublicationRequest, type PublicationRequestStatus, PublicationRequestsClient, type QueryExpr, type RateLimitStrategy, RateLimitedError, type RequestId, RequiredError, type ResourceID, type RetryInfo, type SSEStream, ScanLimitExceededError, SchemaCache, type SchemaCacheOptions, SchemaNameTakenError, type SchemaShapeFromRow, type SelectColumns, type SettlePublicationInput, type SignIconUploadInput, type SignIconUploadResult, SlowDownError, SlugTakenError, StaticTokenAuth, StreamConsumedError, type StreamItem, type SubjectID, type SubmitPublicationInput, type SystemOAuthClient, type TableColumn, type TableConstraint, type TableGrant, type TableID, type TableIndex, TableNotFoundError, type TableSchema, type TagID, type Tenant, TenantGatewayClient, type TenantID, type TenantId, type TenantInvitation, type TenantMember, TenantScopedAppsClient, TenantScopedClient, type TenantSlug, TenantSlugRequiredError, TenantsClient, TimeoutError, TokenExpiredError, TokenInvalidError, TokenMissingError, type TokenType, UnauthenticatedError, UnavailableError, type UnlikeResult, type UnpublishInput, type UpdateAppInput, type UpdateGitConnectionInput, type UpdateTenantInput, type UserID, type UserId, ValidationError, type VerifyWebhookInput, type VerifyWebhookResult, WebhookVerificationError, type WebhookVerifyReason, and, asAppId, asAppSlug, asDeploymentId, asPatId, asRequestId, asTenantId, asTenantSlug, asUserId, assertMockModeAllowed, createMockStore, cursorFromRow, decodeCursor, defineSchema, dispatch, encodeCursor, escapeLike, formatErrorMessage, getAccessibleColumns, getMaskHint, id, isAllowed, isOAuthPath, isPolicyDeny, isSqlFormatError, not, or, orderByFingerprint, parseRetryAfter, raw, schemaCacheKey, signWebhook, tableFromPath, verifyWebhook, where };

package/dist/index.d.ts

@@ -493,8 +493,11 @@ declare class AuthzClient {
     scoped(tenantSlug: string): TenantAuthzClient;
 }
 declare class TenantAuthzClient {
+    /** @adminOnly Tag governance. `list()` requires tenant_admin (v0.1, SPEC 307) — member callers get ForbiddenError (no auto-retry; permission, not transient). Members browse the data catalog via `gateway.catalog`. */
     readonly tags: Crud<AuthzTag>;
+    /** @adminOnly Subject governance. `list()` requires tenant_admin (v0.1) — member callers get ForbiddenError. */
     readonly subjects: Crud<AuthzSubject>;
+    /** @adminOnly Grant governance. `list()` requires tenant_admin (v0.1) — member callers get ForbiddenError. */
     readonly grants: Crud<AuthzGrant>;
     readonly evaluator: AuthzEvaluatorClient;
     constructor(http: HttpClient, tenantSlug: string);
@@ -1962,16 +1965,121 @@ interface GatewayQueryResult<Row = Record<string, unknown>> {
     rowCount: number;
     matchedPolicies?: string[];
 }
+interface CatalogKindAction {
+    allowedEffects: string[];
+    inputSchema?: unknown;
+    resultSchema?: unknown;
+}
+interface CatalogKind {
+    kind: string;
+    engine: string;
+    displayName: string;
+    invokable: boolean;
+    actions: Record<string, CatalogKindAction>;
+}
+interface CatalogConnector {
+    id: string;
+    name: string;
+    engine: string;
+    description?: string;
+    url: string;
+}
+interface CatalogTag {
+    id: string;
+    name: string;
+}
+/** permissions.read on a catalog list item. `allowedColumns`/`columnMasks` are detail-only. */
+interface CatalogPermissionsReadList {
+    allowed: boolean;
+    denyReason?: string;
+    rowFilter?: string;
+    mask?: string;
+    inputSchema?: unknown;
+    resultSchema?: unknown;
+}
+/** permissions.read on a catalog detail (table) — adds the SQL-authoring reference fields. */
+interface CatalogPermissionsReadDetail extends CatalogPermissionsReadList {
+    /** Columns the caller may SELECT. Present on table detail only — the 1st reference for SQL authoring. */
+    allowedColumns?: string[];
+    /** Per-column mask algorithm (redact/null/hash/partial/last4). */
+    columnMasks?: Record<string, string>;
+}
+interface CatalogResourceView {
+    id: string;
+    connector: string;
+    connectorId: string;
+    path: string;
+    url: string;
+    kind?: string;
+    type: string;
+    name: string;
+    attributes: Record<string, unknown>;
+    tags: CatalogTag[];
+    permissions: {
+        read: CatalogPermissionsReadList;
+    };
+}
+interface CatalogAncestor {
+    id: string;
+    name: string;
+    type: string;
+    path: string;
+}
+interface CatalogResourceDetail {
+    id: string;
+    connector: string;
+    connectorId: string;
+    path: string;
+    url: string;
+    kind?: string;
+    type: string;
+    name: string;
+    attributes: Record<string, unknown>;
+    tags: CatalogTag[];
+    ancestors: CatalogAncestor[];
+    children: CatalogResourceView[];
+    permissions: {
+        read: CatalogPermissionsReadDetail;
+    };
+}
+interface CatalogResourceFilter {
+    search?: string;
+    kind?: string;
+    connector?: string;
+    connectorId?: string;
+    limit?: number;
+}
+interface InvokeInput {
+    sql: string;
+    params?: unknown[];
+    rowLimit?: number;
+}
+/** invoke(...) result. Mirrors GatewayQueryResult + the resolved `action`. Rows are zipped to objects. */
+interface InvokeResult<Row = Record<string, unknown>> {
+    allowed: boolean;
+    action: string;
+    denyReason?: string;
+    columns: GatewayQueryColumn[];
+    rows: Row[];
+    rowCount: number;
+    matchedPolicies?: string[];
+}
 declare class GatewayClient {
     private readonly http;
     constructor(http: HttpClient);
     scoped(tenantSlug: string): TenantGatewayClient;
 }
 declare class TenantGatewayClient {
+    /** @adminOnly Global engine catalog. Governance read — requires tenant_admin (v0.1, SPEC 307). */
     readonly engines: GatewayEnginesClient;
+    /** @adminOnly Connector governance (list/create/update/...). Member callers get ForbiddenError (v0.1). Members use `catalog.listConnectors()`. */
     readonly connectors: GatewayConnectorsClient;
+    /** @adminOnly Raw resource governance. Member callers get ForbiddenError (v0.1). Members use `catalog.listResources()`. */
     readonly resources: GatewayResourcesClient;
+    /** Run a parameterized read query. Member OK. See also `catalog.invoke()`. */
     readonly query: GatewayQueryClient;
+    /** Member-facing catalog: discover connectors/resources you can read + invoke. */
+    readonly catalog: GatewayCatalogClient;
     constructor(http: HttpClient, tenantSlug: string);
 }
 declare class GatewayEnginesClient {
@@ -2000,8 +2108,78 @@ declare class GatewayQueryClient {
     private readonly http;
     private readonly base;
     constructor(http: HttpClient, base: string);
+    /**
+     * Run a parameterized read query against a connector resource.
+     *
+     * Policy deny is a normal HTTP 200 response, NOT a throw: branch on `result.allowed`.
+     * When denied, `matchedPolicies` is empty/absent and `denyReason` is generic
+     * ("policy deny") or a `safesql:`-prefixed SQL-format message — use `isPolicyDeny()` /
+     * `isSqlFormatError()` to tell them apart.
+     *
+     * @throws InternalServerError v0.1 — referencing a column outside the catalog's
+     *   `allowedColumns` lets the SQL reach the external DB, which answers column-not-found;
+     *   the backend surfaces that as 500. Do NOT auto-retry — guide the user to the
+     *   resource detail's `allowedColumns` (see `getAccessibleColumns`).
+     * @throws PoolStaleError 401 after a credential refresh retry.
+     */
     run<Row extends Record<string, unknown> = Record<string, unknown>>(input: GatewayQueryInput, opts?: RequestOptions): Promise<GatewayQueryResult<Row>>;
 }
+/**
+ * Member-facing gateway catalog: connectors/resources the caller can read, plus `invoke`.
+ * Distinct from the `@adminOnly` governance clients (`connectors`/`resources`/`engines`).
+ */
+declare class GatewayCatalogClient {
+    private readonly http;
+    private readonly base;
+    constructor(http: HttpClient, tenantBase: string);
+    /** ResourceKind capability catalog (global, tenant-independent). Member OK. */
+    listKinds(opts?: RequestOptions): Promise<CatalogKind[]>;
+    /** Connectors the caller has read access to (1+ readable resource). Member OK. */
+    listConnectors(opts?: RequestOptions): Promise<CatalogConnector[]>;
+    /** Search resources the caller can read (across connectors). Member OK. */
+    listResources(filter?: CatalogResourceFilter, opts?: RequestOptions): Promise<CatalogResourceView[]>;
+    /**
+     * Single resource detail (with `allowedColumns` for SQL authoring). Member OK.
+     *
+     * @throws NotFoundError when the caller has no read access to `path` — denied and
+     *   non-existent are intentionally indistinguishable (strict zero-trust, v0.1).
+     *   Use `hasAccess()` for a boolean check that does not throw.
+     */
+    getResource(connector: string, path: string, opts?: RequestOptions): Promise<CatalogResourceDetail>;
+    /**
+     * Invoke an action on a resource (v1: `read`). Member OK.
+     *
+     * Policy deny is a normal HTTP 200 (`allowed: false`), NOT a throw — branch on the result.
+     * @throws InternalServerError referencing a column outside `allowedColumns` (no auto-retry).
+     */
+    invoke<Row extends Record<string, unknown> = Record<string, unknown>>(connector: string, path: string, input: InvokeInput, opts?: RequestOptions): Promise<InvokeResult<Row>>;
+    /** True if the caller can read `path` (getResource without throwing on denial). Member OK. */
+    hasAccess(connector: string, path: string, opts?: RequestOptions): Promise<boolean>;
+    /**
+     * Catalog list + each resource's detail (with `allowedColumns`) in one call. Member OK.
+     * Issues one detail request per resource (N+1) — avoid over large catalogs / in tight loops.
+     */
+    listResourcesWithDetail(filter?: CatalogResourceFilter, opts?: RequestOptions): Promise<CatalogResourceDetail[]>;
+}
+/** True when the response is allowed (typed narrowing convenience). */
+declare function isAllowed(r: GatewayQueryResult | InvokeResult): boolean;
+/**
+ * True when a deny is an SQL-format rejection the caller can fix by editing the SQL.
+ *
+ * The live backend wraps these as `"SQL 형식 오류: safesql: only SELECT or WITH allowed
+ * (got \"delete\")"` — a Korean prefix plus the inner `safesql:` marker. Matches either so
+ * it survives wording shifts in the wrapper. String matching is brittle by construction;
+ * branch on this for UX hints only, not control flow that must be exact.
+ */
+declare function isSqlFormatError(r: GatewayQueryResult | InvokeResult): boolean;
+/** True when a deny is a policy denial (not an SQL-format error). Editing SQL will not help. */
+declare function isPolicyDeny(r: GatewayQueryResult | InvokeResult): boolean;
+/** Columns the caller may SELECT from a resource detail (empty if none/denied). */
+declare function getAccessibleColumns(detail: CatalogResourceDetail): string[];
+/** Mask algorithm applied to a column (redact/null/hash/partial/last4), or null if unmasked. */
+declare function getMaskHint(detail: CatalogResourceDetail, columnName: string): string | null;
+/** Last path segment for a SQL `FROM` clause ("axhub-qa-mysql/employees" → "employees"). */
+declare function tableFromPath(path: string): string;
 
 interface IssuePersonalAccessTokenInput {
     name: string;
@@ -2402,4 +2580,4 @@ interface VerifyWebhookResult {
 declare function signWebhook(rawBody: Buffer | Uint8Array | string, secret: string, timestamp?: string): string;
 declare function verifyWebhook(input: VerifyWebhookInput): VerifyWebhookResult;
 
-export { AbortError, AccessDeniedError, type AddColumnInput, type AddCommentInput, type AddGrantInput, AlreadyAccessedError, AlreadyActiveError, AlreadyDeletedError, AlreadyInactiveError, AlreadyMemberError, AlreadyRevokedError, AlreadySettledError, type AnonymizeInput, type AppAccess, type AppCategory, type AppID, type AppId, type AppResponse, AppScopedClient, AppScopedDataClient, type AppSlug, type AppTable, type AppTemplate, AppUnavailableError, AppsClient, AuditClient, type AuditEvent, type AuditEventID, type AuthProvider, type AuthRing, AuthorizationPendingError, AuthzClient, type AuthzGrant, type AuthzSubject, type AuthzTag, AxHubClient, type AxHubClientOptions, AxHubError, type AxHubErrorInit, BadRequestError, type Branded, type BuildLogEvent, type BulkInviteResult, type ColumnType, type Comment, ConfigurationError, ConflictError, type ConnectGitInput, type ConnectorID, type CreateAppInput, type CreateCategoryInput, type CreateDeploymentInput, type CreateOAuthClientInput, type CreateTableInput, type CreateTenantInput, type CursorDirection, DEFAULT_BASE_URL, type DataBulkResult, DataClient, type DataCountOptions, type DataGetOptions, type DataListOptions, type DataOrderBy, DataTableClient, type DataTableSchema, type DecideInput, type DecideResult, DecodeError, type DeploymentID, type DeploymentId, type DeploymentResponse, type DeploymentStatus, DeploymentsClient, type DeviceAuthorizationResponse, DeviceFlowDeniedError, DeviceFlowTimeoutError, type DiscoverAppsOptions, type DiscoverOptions, type DispatchContext, DomainTakenError, DuplicateError, type EmailDomain, type EmitAuditEventInput, EmptyError, type EnvVar, ExpiredTokenError, type FetchLike, type FieldError, ForbiddenError, GatewayClient, type GatewayConnector, type GatewayEngine, type GatewayQueryColumn, type GatewayQueryInput, type GatewayQueryResult, type GatewayResource, type GitConnection, type GitConnectionSetup, type GitConnectionStatus, type GithubInstallStart, type GrantID, type GrantPrincipalType, type GrantScope, IdentityClient, IdentityDeviceCodeClient, IdentityMeClient, IdentityOAuthClient, IdentityOIDCClient, IdentityPATClient, type IdentityProvider, IdentityProviderClient, IdentitySystemOAuthClientsClient, type InferRow, type InstallStartInput, type IntegrityCheckResult, InternalServerError, IntrospectFailedError, InvalidCursorError, InvalidGrantError, InvalidPathError, InvalidStateTransitionError, InvalidValueError, InvitationExpiredError, type InviteTenantMemberInput, type IssuePersonalAccessTokenInput, type IssuePersonalAccessTokenResult, type KeysetCursor, LastAdminError, LegacyCursorError, type LikeResult, type LikeStatus, type ListAllItem, type ListAllOptions, type ListOptions, type Logger, type MeResponse, type MockClientOptions, type MockFixtures, MockInProductionError, type MockRow, type MockSchemas, MockStore, NetworkError, NoAuth, NotAdminError, NotAllowedError, NotDeletedError, NotFoundError, NotMemberError, type OAuthClient, type OAuthClientWithSecret, OAuthError, type OAuthErrorInit, type OAuthTokenResponse, type OrderByField, type PATID, type PATSummary, type PaginatedList, type ParsedFrame, type PatId, PendingExistsError, PermanentlyDeletedError, PermissionDeniedError, type PodEventEvent, type PodLogEvent, PoolStaleError, PreconditionFailedError, type PublicationRequest, type PublicationRequestStatus, PublicationRequestsClient, type QueryExpr, type RateLimitStrategy, RateLimitedError, type RequestId, RequiredError, type ResourceID, type RetryInfo, type SSEStream, ScanLimitExceededError, SchemaCache, type SchemaCacheOptions, SchemaNameTakenError, type SchemaShapeFromRow, type SelectColumns, type SettlePublicationInput, type SignIconUploadInput, type SignIconUploadResult, SlowDownError, SlugTakenError, StaticTokenAuth, StreamConsumedError, type StreamItem, type SubjectID, type SubmitPublicationInput, type SystemOAuthClient, type TableColumn, type TableConstraint, type TableGrant, type TableID, type TableIndex, TableNotFoundError, type TableSchema, type TagID, type Tenant, TenantGatewayClient, type TenantID, type TenantId, type TenantInvitation, type TenantMember, TenantScopedAppsClient, TenantScopedClient, type TenantSlug, TenantSlugRequiredError, TenantsClient, TimeoutError, TokenExpiredError, TokenInvalidError, TokenMissingError, type TokenType, UnauthenticatedError, UnavailableError, type UnlikeResult, type UnpublishInput, type UpdateAppInput, type UpdateGitConnectionInput, type UpdateTenantInput, type UserID, type UserId, ValidationError, type VerifyWebhookInput, type VerifyWebhookResult, WebhookVerificationError, type WebhookVerifyReason, and, asAppId, asAppSlug, asDeploymentId, asPatId, asRequestId, asTenantId, asTenantSlug, asUserId, assertMockModeAllowed, createMockStore, cursorFromRow, decodeCursor, defineSchema, dispatch, encodeCursor, escapeLike, formatErrorMessage, id, isOAuthPath, not, or, orderByFingerprint, parseRetryAfter, raw, schemaCacheKey, signWebhook, verifyWebhook, where };
+export { AbortError, AccessDeniedError, type AddColumnInput, type AddCommentInput, type AddGrantInput, AlreadyAccessedError, AlreadyActiveError, AlreadyDeletedError, AlreadyInactiveError, AlreadyMemberError, AlreadyRevokedError, AlreadySettledError, type AnonymizeInput, type AppAccess, type AppCategory, type AppID, type AppId, type AppResponse, AppScopedClient, AppScopedDataClient, type AppSlug, type AppTable, type AppTemplate, AppUnavailableError, AppsClient, AuditClient, type AuditEvent, type AuditEventID, type AuthProvider, type AuthRing, AuthorizationPendingError, AuthzClient, type AuthzGrant, type AuthzSubject, type AuthzTag, AxHubClient, type AxHubClientOptions, AxHubError, type AxHubErrorInit, BadRequestError, type Branded, type BuildLogEvent, type BulkInviteResult, type CatalogAncestor, type CatalogConnector, type CatalogKind, type CatalogKindAction, type CatalogPermissionsReadDetail, type CatalogPermissionsReadList, type CatalogResourceDetail, type CatalogResourceFilter, type CatalogResourceView, type CatalogTag, type ColumnType, type Comment, ConfigurationError, ConflictError, type ConnectGitInput, type ConnectorID, type CreateAppInput, type CreateCategoryInput, type CreateDeploymentInput, type CreateOAuthClientInput, type CreateTableInput, type CreateTenantInput, type CursorDirection, DEFAULT_BASE_URL, type DataBulkResult, DataClient, type DataCountOptions, type DataGetOptions, type DataListOptions, type DataOrderBy, DataTableClient, type DataTableSchema, type DecideInput, type DecideResult, DecodeError, type DeploymentID, type DeploymentId, type DeploymentResponse, type DeploymentStatus, DeploymentsClient, type DeviceAuthorizationResponse, DeviceFlowDeniedError, DeviceFlowTimeoutError, type DiscoverAppsOptions, type DiscoverOptions, type DispatchContext, DomainTakenError, DuplicateError, type EmailDomain, type EmitAuditEventInput, EmptyError, type EnvVar, ExpiredTokenError, type FetchLike, type FieldError, ForbiddenError, GatewayCatalogClient, GatewayClient, type GatewayConnector, type GatewayEngine, type GatewayQueryColumn, type GatewayQueryInput, type GatewayQueryResult, type GatewayResource, type GitConnection, type GitConnectionSetup, type GitConnectionStatus, type GithubInstallStart, type GrantID, type GrantPrincipalType, type GrantScope, IdentityClient, IdentityDeviceCodeClient, IdentityMeClient, IdentityOAuthClient, IdentityOIDCClient, IdentityPATClient, type IdentityProvider, IdentityProviderClient, IdentitySystemOAuthClientsClient, type InferRow, type InstallStartInput, type IntegrityCheckResult, InternalServerError, IntrospectFailedError, InvalidCursorError, InvalidGrantError, InvalidPathError, InvalidStateTransitionError, InvalidValueError, InvitationExpiredError, type InviteTenantMemberInput, type InvokeInput, type InvokeResult, type IssuePersonalAccessTokenInput, type IssuePersonalAccessTokenResult, type KeysetCursor, LastAdminError, LegacyCursorError, type LikeResult, type LikeStatus, type ListAllItem, type ListAllOptions, type ListOptions, type Logger, type MeResponse, type MockClientOptions, type MockFixtures, MockInProductionError, type MockRow, type MockSchemas, MockStore, NetworkError, NoAuth, NotAdminError, NotAllowedError, NotDeletedError, NotFoundError, NotMemberError, type OAuthClient, type OAuthClientWithSecret, OAuthError, type OAuthErrorInit, type OAuthTokenResponse, type OrderByField, type PATID, type PATSummary, type PaginatedList, type ParsedFrame, type PatId, PendingExistsError, PermanentlyDeletedError, PermissionDeniedError, type PodEventEvent, type PodLogEvent, PoolStaleError, PreconditionFailedError, type PublicationRequest, type PublicationRequestStatus, PublicationRequestsClient, type QueryExpr, type RateLimitStrategy, RateLimitedError, type RequestId, RequiredError, type ResourceID, type RetryInfo, type SSEStream, ScanLimitExceededError, SchemaCache, type SchemaCacheOptions, SchemaNameTakenError, type SchemaShapeFromRow, type SelectColumns, type SettlePublicationInput, type SignIconUploadInput, type SignIconUploadResult, SlowDownError, SlugTakenError, StaticTokenAuth, StreamConsumedError, type StreamItem, type SubjectID, type SubmitPublicationInput, type SystemOAuthClient, type TableColumn, type TableConstraint, type TableGrant, type TableID, type TableIndex, TableNotFoundError, type TableSchema, type TagID, type Tenant, TenantGatewayClient, type TenantID, type TenantId, type TenantInvitation, type TenantMember, TenantScopedAppsClient, TenantScopedClient, type TenantSlug, TenantSlugRequiredError, TenantsClient, TimeoutError, TokenExpiredError, TokenInvalidError, TokenMissingError, type TokenType, UnauthenticatedError, UnavailableError, type UnlikeResult, type UnpublishInput, type UpdateAppInput, type UpdateGitConnectionInput, type UpdateTenantInput, type UserID, type UserId, ValidationError, type VerifyWebhookInput, type VerifyWebhookResult, WebhookVerificationError, type WebhookVerifyReason, and, asAppId, asAppSlug, asDeploymentId, asPatId, asRequestId, asTenantId, asTenantSlug, asUserId, assertMockModeAllowed, createMockStore, cursorFromRow, decodeCursor, defineSchema, dispatch, encodeCursor, escapeLike, formatErrorMessage, getAccessibleColumns, getMaskHint, id, isAllowed, isOAuthPath, isPolicyDeny, isSqlFormatError, not, or, orderByFingerprint, parseRetryAfter, raw, schemaCacheKey, signWebhook, tableFromPath, verifyWebhook, where };