@axonflow/sdk 1.13.0 → 2.0.0

package/dist/cjs/client.js

@@ -11,6 +11,7 @@ const helpers_1 = require("./utils/helpers");
 class AxonFlow {
     constructor(config) {
         this.interceptors = [];
+        this.sessionCookie = null;
         // Set defaults first to determine endpoint
         const endpoint = config.endpoint || 'https://staging-eu.getaxonflow.com';
         // Credentials are optional for community/self-hosted deployments
@@ -21,7 +22,6 @@ class AxonFlow {
             apiKey: config.apiKey,
             licenseKey: config.licenseKey,
             endpoint,
-            orchestratorEndpoint: config.orchestratorEndpoint,
             mode: config.mode || (hasCredentials ? 'production' : 'sandbox'),
             tenant: config.tenant || 'default',
             debug: config.debug || false,
@@ -325,7 +325,7 @@ class AxonFlow {
      * ```
      */
     async orchestratorHealthCheck() {
-        const url = `${this.getOrchestratorUrl()}/health`;
+        const url = `${this.config.endpoint}/health`;
         try {
             const response = await fetch(url, {
                 method: 'GET',
@@ -783,6 +783,7 @@ class AxonFlow {
         const result = {
             contextId: data.context_id,
             approved: data.approved,
+            requiresRedaction: data.requires_redaction || false,
             approvedData: data.approved_data || {},
             policies: data.policies || [],
             expiresAt,
@@ -887,6 +888,153 @@ class AxonFlow {
         return result;
     }
     // ============================================================================
+    // Audit Log Read Methods
+    // ============================================================================
+    /**
+     * Search audit logs with optional filters.
+     *
+     * Query the AxonFlow orchestrator for audit logs matching the specified
+     * criteria. Use this for compliance dashboards, security investigations,
+     * and operational monitoring.
+     *
+     * @param request - Search filters and pagination options
+     * @returns Promise resolving to audit search response
+     *
+     * @example
+     * ```typescript
+     * // Search for logs from a specific user in the last 24 hours
+     * const yesterday = new Date(Date.now() - 24 * 60 * 60 * 1000);
+     * const result = await client.searchAuditLogs({
+     *   userEmail: 'analyst@company.com',
+     *   startTime: yesterday,
+     *   limit: 100,
+     * });
+     *
+     * for (const entry of result.entries) {
+     *   console.log(`[${entry.timestamp}] ${entry.userEmail}: ${entry.querySummary}`);
+     * }
+     * ```
+     */
+    async searchAuditLogs(request) {
+        const limit = Math.min(request?.limit ?? 100, 1000);
+        const offset = request?.offset ?? 0;
+        // Build request body with only defined values
+        const body = { limit };
+        if (request?.userEmail)
+            body.user_email = request.userEmail;
+        if (request?.clientId)
+            body.client_id = request.clientId;
+        if (request?.startTime)
+            body.start_time = request.startTime.toISOString();
+        if (request?.endTime)
+            body.end_time = request.endTime.toISOString();
+        if (request?.requestType)
+            body.request_type = request.requestType;
+        if (offset > 0)
+            body.offset = offset;
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Searching audit logs', { limit, offset });
+        }
+        const response = await this.orchestratorRequest('POST', '/api/v1/audit/search', body);
+        // Handle both array and wrapped response formats
+        if (Array.isArray(response)) {
+            const entries = response.map(e => this.parseAuditLogEntry(e));
+            return {
+                entries,
+                total: entries.length,
+                limit,
+                offset,
+            };
+        }
+        const data = response;
+        const entries = (data.entries || []).map(e => this.parseAuditLogEntry(e));
+        return {
+            entries,
+            total: data.total ?? entries.length,
+            limit: data.limit ?? limit,
+            offset: data.offset ?? offset,
+        };
+    }
+    /**
+     * Get recent audit logs for a specific tenant.
+     *
+     * Convenience method for tenant-scoped audit queries. Use this when you
+     * need to view all recent activity for a specific tenant.
+     *
+     * @param tenantId - The tenant identifier to query
+     * @param options - Pagination options (limit, offset)
+     * @returns Promise resolving to audit search response
+     * @throws Error if tenantId is empty
+     *
+     * @example
+     * ```typescript
+     * // Get the last 50 audit logs for a tenant
+     * const result = await client.getAuditLogsByTenant('tenant-abc');
+     * console.log(`Found ${result.entries.length} entries`);
+     *
+     * // With custom options
+     * const result2 = await client.getAuditLogsByTenant('tenant-abc', {
+     *   limit: 100,
+     *   offset: 50,
+     * });
+     * ```
+     */
+    async getAuditLogsByTenant(tenantId, options) {
+        if (!tenantId) {
+            throw new Error('tenantId is required');
+        }
+        const limit = Math.min(options?.limit ?? 50, 1000);
+        const offset = options?.offset ?? 0;
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Getting audit logs for tenant', { tenantId, limit, offset });
+        }
+        const path = `/api/v1/audit/tenant/${encodeURIComponent(tenantId)}?limit=${limit}&offset=${offset}`;
+        const response = await this.orchestratorRequest('GET', path);
+        // Handle both array and wrapped response formats
+        if (Array.isArray(response)) {
+            const entries = response.map(e => this.parseAuditLogEntry(e));
+            return {
+                entries,
+                total: entries.length,
+                limit,
+                offset,
+            };
+        }
+        const data = response;
+        const entries = (data.entries || []).map(e => this.parseAuditLogEntry(e));
+        return {
+            entries,
+            total: data.total ?? entries.length,
+            limit: data.limit ?? limit,
+            offset: data.offset ?? offset,
+        };
+    }
+    /**
+     * Parse a raw audit log entry from the API into the typed interface
+     */
+    parseAuditLogEntry(raw) {
+        const data = raw;
+        return {
+            id: data.id ?? '',
+            requestId: data.request_id ?? '',
+            timestamp: data.timestamp ? new Date(data.timestamp) : new Date(),
+            userEmail: data.user_email ?? '',
+            clientId: data.client_id ?? '',
+            tenantId: data.tenant_id ?? '',
+            requestType: data.request_type ?? '',
+            querySummary: data.query_summary ?? '',
+            success: data.success ?? true,
+            blocked: data.blocked ?? false,
+            riskScore: data.risk_score ?? 0,
+            provider: data.provider ?? '',
+            model: data.model ?? '',
+            tokensUsed: data.tokens_used ?? 0,
+            latencyMs: data.latency_ms ?? 0,
+            policyViolations: data.policy_violations ?? [],
+            metadata: data.metadata ?? {},
+        };
+    }
+    // ============================================================================
     // Policy CRUD Methods - Static Policies
     // ============================================================================
     /**
@@ -1271,7 +1419,7 @@ class AxonFlow {
         if (options?.search)
             params.set('search', options.search);
         const queryString = params.toString();
-        const path = `/api/v1/policies/dynamic${queryString ? `?${queryString}` : ''}`;
+        const path = `/api/v1/dynamic-policies${queryString ? `?${queryString}` : ''}`;
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Listing dynamic policies', { options });
         }
@@ -1287,7 +1435,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Getting dynamic policy', { id });
         }
-        return this.orchestratorRequest('GET', `/api/v1/policies/dynamic/${id}`);
+        return this.orchestratorRequest('GET', `/api/v1/dynamic-policies/${id}`);
     }
     /**
      * Create a new dynamic policy.
@@ -1312,7 +1460,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Creating dynamic policy', { name: policy.name });
         }
-        return this.orchestratorRequest('POST', '/api/v1/policies/dynamic', policy);
+        return this.orchestratorRequest('POST', '/api/v1/dynamic-policies', policy);
     }
     /**
      * Update an existing dynamic policy.
@@ -1325,7 +1473,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Updating dynamic policy', { id, updates: Object.keys(policy) });
         }
-        return this.orchestratorRequest('PUT', `/api/v1/policies/dynamic/${id}`, policy);
+        return this.orchestratorRequest('PUT', `/api/v1/dynamic-policies/${id}`, policy);
     }
     /**
      * Delete a dynamic policy.
@@ -1336,7 +1484,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Deleting dynamic policy', { id });
         }
-        await this.orchestratorRequest('DELETE', `/api/v1/policies/dynamic/${id}`);
+        await this.orchestratorRequest('DELETE', `/api/v1/dynamic-policies/${id}`);
     }
     /**
      * Toggle a dynamic policy's enabled status.
@@ -1349,7 +1497,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Toggling dynamic policy', { id, enabled });
         }
-        return this.orchestratorRequest('PATCH', `/api/v1/policies/dynamic/${id}`, {
+        return this.orchestratorRequest('PATCH', `/api/v1/dynamic-policies/${id}`, {
             enabled,
         });
     }
@@ -1366,13 +1514,97 @@ class AxonFlow {
         if (options?.includeDisabled)
             params.set('include_disabled', 'true');
         const queryString = params.toString();
-        const path = `/api/v1/policies/dynamic/effective${queryString ? `?${queryString}` : ''}`;
+        const path = `/api/v1/dynamic-policies/effective${queryString ? `?${queryString}` : ''}`;
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Getting effective dynamic policies', { options });
         }
         return this.orchestratorRequest('GET', path);
     }
     // ============================================================================
+    // Portal Authentication Methods (Enterprise)
+    // ============================================================================
+    /**
+     * Login to Customer Portal and store session cookie.
+     * Required before using Code Governance methods.
+     *
+     * @param orgId - Organization ID
+     * @param password - Organization password
+     * @returns Login response with session info
+     *
+     * @example
+     * ```typescript
+     * const login = await axonflow.loginToPortal('test-org-001', 'test123');
+     * console.log(`Logged in as ${login.name}`);
+     *
+     * // Now you can use Code Governance methods
+     * const providers = await axonflow.listGitProviders();
+     * ```
+     */
+    async loginToPortal(orgId, password) {
+        const url = `${this.config.endpoint}/api/v1/auth/login`;
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ org_id: orgId, password }),
+            signal: AbortSignal.timeout(this.config.timeout),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new errors_1.AuthenticationError(`Login failed: ${errorText}`);
+        }
+        const result = (await response.json());
+        // Extract session cookie from response
+        const cookies = response.headers.get('set-cookie');
+        if (cookies) {
+            const match = cookies.match(/axonflow_session=([^;]+)/);
+            if (match) {
+                this.sessionCookie = match[1];
+            }
+        }
+        // Fallback to session_id in response body
+        if (!this.sessionCookie && result.session_id) {
+            this.sessionCookie = result.session_id;
+        }
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Portal login successful', { orgId });
+        }
+        return {
+            sessionId: result.session_id,
+            orgId: result.org_id,
+            email: result.email,
+            name: result.name,
+            expiresAt: result.expires_at,
+        };
+    }
+    /**
+     * Logout from Customer Portal and clear session cookie.
+     */
+    async logoutFromPortal() {
+        if (!this.sessionCookie) {
+            return;
+        }
+        try {
+            await fetch(`${this.config.endpoint}/api/v1/auth/logout`, {
+                method: 'POST',
+                headers: { Cookie: `axonflow_session=${this.sessionCookie}` },
+                signal: AbortSignal.timeout(this.config.timeout),
+            });
+        }
+        catch {
+            // Ignore logout errors
+        }
+        this.sessionCookie = null;
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Portal logout successful');
+        }
+    }
+    /**
+     * Check if logged in to Customer Portal.
+     */
+    isLoggedIn() {
+        return this.sessionCookie !== null;
+    }
+    // ============================================================================
     // Code Governance Methods (Enterprise)
     // ============================================================================
     /**
@@ -1414,7 +1646,7 @@ class AxonFlow {
             apiRequest.installation_id = request.installationId;
         if (request.privateKey)
             apiRequest.private_key = request.privateKey;
-        return this.policyRequest('POST', '/api/v1/code-governance/git-providers/validate', apiRequest);
+        return this.portalRequest('POST', '/api/v1/code-governance/git-providers/validate', apiRequest);
     }
     /**
      * Configure a Git provider for code governance.
@@ -1465,7 +1697,7 @@ class AxonFlow {
             apiRequest.installation_id = request.installationId;
         if (request.privateKey)
             apiRequest.private_key = request.privateKey;
-        return this.policyRequest('POST', '/api/v1/code-governance/git-providers', apiRequest);
+        return this.portalRequest('POST', '/api/v1/code-governance/git-providers', apiRequest);
     }
     /**
      * List all configured Git providers for the tenant.
@@ -1483,7 +1715,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Listing Git providers');
         }
-        return this.policyRequest('GET', '/api/v1/code-governance/git-providers');
+        return this.portalRequest('GET', '/api/v1/code-governance/git-providers');
     }
     /**
      * Delete a configured Git provider.
@@ -1499,7 +1731,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Deleting Git provider', { type });
         }
-        await this.policyRequest('DELETE', `/api/v1/code-governance/git-providers/${type}`);
+        await this.portalRequest('DELETE', `/api/v1/code-governance/git-providers/${type}`);
     }
     /**
      * Create a Pull Request from LLM-generated code.
@@ -1567,7 +1799,7 @@ class AxonFlow {
             apiRequest.secrets_detected = request.secretsDetected;
         if (request.unsafePatterns !== undefined)
             apiRequest.unsafe_patterns = request.unsafePatterns;
-        const response = await this.policyRequest('POST', '/api/v1/code-governance/prs', apiRequest);
+        const response = await this.portalRequest('POST', '/api/v1/code-governance/prs', apiRequest);
         // Transform snake_case response to camelCase
         return {
             prId: response.pr_id,
@@ -1612,10 +1844,10 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Listing PRs', { options });
         }
-        const response = await this.policyRequest('GET', path);
+        const response = await this.portalRequest('GET', path);
         // Transform snake_case response to camelCase
         return {
-            prs: response.prs.map(pr => ({
+            prs: (response.prs || []).map(pr => ({
                 id: pr.id,
                 prNumber: pr.pr_number,
                 prUrl: pr.pr_url,
@@ -1651,7 +1883,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Getting PR', { prId });
         }
-        const response = await this.policyRequest('GET', `/api/v1/code-governance/prs/${prId}`);
+        const response = await this.portalRequest('GET', `/api/v1/code-governance/prs/${prId}`);
         // Transform snake_case response to camelCase
         return {
             id: response.id,
@@ -1688,7 +1920,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Syncing PR status', { prId });
         }
-        const response = await this.policyRequest('POST', `/api/v1/code-governance/prs/${prId}/sync`);
+        const response = await this.portalRequest('POST', `/api/v1/code-governance/prs/${prId}/sync`);
         // Transform snake_case response to camelCase
         return {
             id: response.id,
@@ -1728,7 +1960,7 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Getting code governance metrics');
         }
-        const response = await this.policyRequest('GET', '/api/v1/code-governance/metrics');
+        const response = await this.portalRequest('GET', '/api/v1/code-governance/metrics');
         return {
             tenantId: response.tenant_id,
             totalPrs: response.total_prs,
@@ -1776,9 +2008,9 @@ class AxonFlow {
         if (this.config.debug) {
             (0, helpers_1.debugLog)('Exporting code governance data', { path });
         }
-        const response = await this.policyRequest('GET', path);
+        const response = await this.portalRequest('GET', path);
         return {
-            records: response.records.map(r => ({
+            records: (response.records || []).map(r => ({
                 id: r.id,
                 prNumber: r.pr_number,
                 prUrl: r.pr_url,
@@ -1799,33 +2031,93 @@ class AxonFlow {
             exportedAt: response.exported_at,
         };
     }
+    /**
+     * Export code governance data as CSV.
+     *
+     * Returns raw CSV data suitable for saving to file or streaming.
+     *
+     * @param options - Export options (date filters, state filter)
+     * @returns Raw CSV data
+     *
+     * @example
+     * ```typescript
+     * const csvData = await axonflow.exportCodeGovernanceDataCSV();
+     * fs.writeFileSync('pr-audit.csv', csvData);
+     * ```
+     */
+    async exportCodeGovernanceDataCSV(options) {
+        const params = new URLSearchParams();
+        params.set('format', 'csv');
+        if (options?.startDate)
+            params.set('start_date', options.startDate);
+        if (options?.endDate)
+            params.set('end_date', options.endDate);
+        if (options?.state)
+            params.set('state', options.state);
+        const query = params.toString();
+        const path = `/api/v1/code-governance/export${query ? '?' + query : ''}`;
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Exporting code governance data as CSV', { path });
+        }
+        return this.portalRequestText('GET', path);
+    }
     // ============================================================================
     // Execution Replay Methods
     // ============================================================================
     /**
-     * Get the orchestrator URL for Execution Replay API.
-     * Falls back to agent endpoint with port 8081 if not configured.
+     * Get the endpoint URL for API requests.
+     * All routes now go through the single Agent endpoint (ADR-026).
+     */
+    getEndpointUrl() {
+        return this.config.endpoint;
+    }
+    /**
+     * Generic HTTP request helper for APIs (routes through single endpoint per ADR-026)
      */
-    getOrchestratorUrl() {
-        if (this.config.orchestratorEndpoint) {
-            return this.config.orchestratorEndpoint;
+    async orchestratorRequest(method, path, body) {
+        const url = `${this.config.endpoint}${path}`;
+        const headers = this.buildAuthHeaders();
+        const options = {
+            method,
+            headers,
+            signal: AbortSignal.timeout(this.config.timeout),
+        };
+        if (body && (method === 'POST' || method === 'PUT' || method === 'PATCH')) {
+            options.body = JSON.stringify(body);
         }
-        // Default: assume orchestrator is on same host as agent, port 8081
-        try {
-            const url = new URL(this.config.endpoint);
-            url.port = '8081';
-            return url.toString().replace(/\/$/, '');
+        const response = await fetch(url, options);
+        if (!response.ok) {
+            const errorText = await response.text();
+            if (response.status === 401 || response.status === 403) {
+                throw new errors_1.AuthenticationError(`Request failed: ${errorText}`);
+            }
+            if (response.status === 404) {
+                throw new errors_1.APIError(404, 'Not Found', errorText);
+            }
+            throw new errors_1.APIError(response.status, response.statusText, errorText);
         }
-        catch {
-            return 'http://localhost:8081';
+        // Handle DELETE responses with no body
+        if (response.status === 204 || method === 'DELETE') {
+            return undefined;
         }
+        return response.json();
     }
+    // Note: getPortalUrl() was removed in v2.0.0 (ADR-026 Single Entry Point).
+    // All routes now go through the single Agent endpoint (this.config.endpoint).
     /**
-     * Generic HTTP request helper for orchestrator APIs
+     * Generic HTTP request helper for Customer Portal APIs (enterprise features).
+     * Routes through single endpoint per ADR-026.
+     * Requires prior authentication via loginToPortal().
      */
-    async orchestratorRequest(method, path, body) {
-        const url = `${this.getOrchestratorUrl()}${path}`;
-        const headers = this.buildAuthHeaders();
+    async portalRequest(method, path, body) {
+        if (!this.sessionCookie) {
+            throw new errors_1.AuthenticationError('Not logged in to Customer Portal. Call loginToPortal() first.');
+        }
+        const url = `${this.config.endpoint}${path}`;
+        const headers = {
+            'Content-Type': 'application/json',
+            Cookie: `axonflow_session=${this.sessionCookie}`,
+        };
         const options = {
             method,
             headers,
@@ -1834,6 +2126,9 @@ class AxonFlow {
         if (body && (method === 'POST' || method === 'PUT' || method === 'PATCH')) {
             options.body = JSON.stringify(body);
         }
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Portal request', { method, path });
+        }
         const response = await fetch(url, options);
         if (!response.ok) {
             const errorText = await response.text();
@@ -2407,6 +2702,37 @@ class AxonFlow {
             },
         };
     }
+    /**
+     * Generic HTTP request helper for Customer Portal APIs that returns raw text.
+     * Used for CSV exports and other non-JSON responses.
+     * Requires prior authentication via loginToPortal().
+     */
+    async portalRequestText(method, path) {
+        if (!this.sessionCookie) {
+            throw new errors_1.AuthenticationError('Not logged in to Customer Portal. Call loginToPortal() first.');
+        }
+        const url = `${this.config.endpoint}${path}`;
+        const headers = {
+            Cookie: `axonflow_session=${this.sessionCookie}`,
+        };
+        const options = {
+            method,
+            headers,
+            signal: AbortSignal.timeout(this.config.timeout),
+        };
+        if (this.config.debug) {
+            (0, helpers_1.debugLog)('Portal request (text)', { method, path });
+        }
+        const response = await fetch(url, options);
+        if (!response.ok) {
+            const errorText = await response.text();
+            if (response.status === 401 || response.status === 403) {
+                throw new errors_1.AuthenticationError(`Request failed: ${errorText}`);
+            }
+            throw new errors_1.APIError(response.status, response.statusText, errorText);
+        }
+        return response.text();
+    }
 }
 exports.AxonFlow = AxonFlow;
 //# sourceMappingURL=client.js.map