@blimu/backend 1.1.4 → 1.2.1

package/dist/index.mjs

@@ -5,7 +5,7 @@ var __export = (target, all) => {
 };
 
 // src/client.ts
-import { FetchClient as FetchClient10, FetchError } from "@blimu/fetch";
+import { FetchClient, FetchError } from "@blimu/fetch";
 import "@blimu/fetch";
 
 // src/auth-strategies.ts
@@ -22,12 +22,6 @@ function buildAuthStrategies(cfg) {
   return authStrategies;
 }
 
-// src/services/bulk_resources.ts
-import "@blimu/fetch";
-
-// src/schema.ts
-var schema_exports = {};
-
 // src/services/bulk_resources.ts
 var BulkResourcesService = class {
   constructor(core) {
@@ -48,7 +42,6 @@ var BulkResourcesService = class {
 };
 
 // src/services/bulk_roles.ts
-import "@blimu/fetch";
 var BulkRolesService = class {
   constructor(core) {
     this.core = core;
@@ -68,7 +61,6 @@ var BulkRolesService = class {
 };
 
 // src/services/entitlements.ts
-import "@blimu/fetch";
 var EntitlementsService = class {
   constructor(core) {
     this.core = core;
@@ -111,8 +103,121 @@ var EntitlementsService = class {
   }
 };
 
+// src/services/oauth.ts
+var OauthService = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * GET /v1/oauth/authorize*
+   * @summary Check consent requirement*
+   * @description Checks if user consent is required for the OAuth2 app and requested scopes.*/
+  checkConsentRequired(query, init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/oauth/authorize`,
+      query,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/authorize*
+   * @summary Authorize OAuth2 application*
+   * @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements.*/
+  authorize(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/authorize`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/device/authorize*
+   * @summary Authorize or deny device code*
+   * @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session.*/
+  authorizeDeviceCode(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/device/authorize`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/device/code*
+   * @summary Request device authorization codes*
+   * @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry).*/
+  requestDeviceCode(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/device/code`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * GET /v1/oauth/device/code/{user_code}*
+   * @summary Get device code information*
+   * @description Returns device code information including app name, scopes, and consent requirement status.*/
+  getDeviceCodeInfo(user_code, init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/device/token*
+   * @summary Poll for device authorization tokens*
+   * @description Client polls this endpoint to exchange device_code for tokens once user has authorized.*/
+  exchangeDeviceCode(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/device/token`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/introspect*
+   * @summary Introspect token*
+   * @description Validates a token and returns metadata. Requires client authentication.*/
+  introspect(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/introspect`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/revoke*
+   * @summary Revoke token*
+   * @description Revokes an access or refresh token. Requires client authentication.*/
+  revoke(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/revoke`,
+      body,
+      ...init ?? {}
+    });
+  }
+  /**
+   * POST /v1/oauth/token*
+   * @summary Token endpoint*
+   * @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec).*/
+  token(body, init) {
+    return this.core.request({
+      method: "POST",
+      path: `/v1/oauth/token`,
+      body,
+      ...init ?? {}
+    });
+  }
+};
+
 // src/services/plans.ts
-import "@blimu/fetch";
 var PlansService = class {
   constructor(core) {
     this.core = core;
@@ -154,7 +259,6 @@ var PlansService = class {
 };
 
 // src/services/resource_members.ts
-import "@blimu/fetch";
 var ResourceMembersService = class {
   constructor(core) {
     this.core = core;
@@ -174,7 +278,6 @@ var ResourceMembersService = class {
 };
 
 // src/services/resources.ts
-import "@blimu/fetch";
 var ResourcesService = class {
   constructor(core) {
     this.core = core;
@@ -240,7 +343,6 @@ var ResourcesService = class {
 };
 
 // src/services/roles.ts
-import "@blimu/fetch";
 var RolesService = class {
   constructor(core) {
     this.core = core;
@@ -283,7 +385,6 @@ var RolesService = class {
 };
 
 // src/services/usage.ts
-import "@blimu/fetch";
 var UsageService = class {
   constructor(core) {
     this.core = core;
@@ -351,7 +452,6 @@ var UsageService = class {
 };
 
 // src/services/users.ts
-import "@blimu/fetch";
 var UsersService = class {
   constructor(core) {
     this.core = core;
@@ -432,6 +532,7 @@ var Blimu = class {
   bulkResources;
   bulkRoles;
   entitlements;
+  oauth;
   plans;
   resourceMembers;
   resources;
@@ -442,7 +543,7 @@ var Blimu = class {
     const restCfg = { ...options ?? {} };
     delete restCfg.apiKey;
     const authStrategies = buildAuthStrategies(options ?? {});
-    const core = new FetchClient10({
+    const core = new FetchClient({
       ...restCfg,
       baseURL: options?.baseURL ?? "https://api.blimu.dev",
       ...authStrategies.length > 0 ? { authStrategies } : {}
@@ -450,6 +551,7 @@ var Blimu = class {
     this.bulkResources = new BulkResourcesService(core);
     this.bulkRoles = new BulkRolesService(core);
     this.entitlements = new EntitlementsService(core);
+    this.oauth = new OauthService(core);
     this.plans = new PlansService(core);
     this.resourceMembers = new ResourceMembersService(core);
     this.resources = new ResourcesService(core);
@@ -490,19 +592,35 @@ function isNotUndefined(arr) {
   );
 }
 
+// src/schema.ts
+var schema_exports = {};
+
 // src/schema.zod.ts
 var schema_zod_exports = {};
 __export(schema_zod_exports, {
+  AuthorizeRequestSchema: () => AuthorizeRequestSchema,
   BalanceResponseSchema: () => BalanceResponseSchema,
   CheckLimitResponseSchema: () => CheckLimitResponseSchema,
+  ConsentCheckResponseSchema: () => ConsentCheckResponseSchema,
+  DeviceAuthorizeRequestSchema: () => DeviceAuthorizeRequestSchema,
+  DeviceAuthorizeResponseSchema: () => DeviceAuthorizeResponseSchema,
+  DeviceCodeInfoResponseSchema: () => DeviceCodeInfoResponseSchema,
+  DeviceCodeRequestSchema: () => DeviceCodeRequestSchema,
+  DeviceCodeResponseSchema: () => DeviceCodeResponseSchema,
+  DeviceTokenRequestSchema: () => DeviceTokenRequestSchema,
   EntitlementCheckBodySchema: () => EntitlementCheckBodySchema,
   EntitlementCheckResultSchema: () => EntitlementCheckResultSchema,
+  EntitlementTypeSchema: () => EntitlementTypeSchema,
   EntitlementsListForResourceQuerySchema: () => EntitlementsListForResourceQuerySchema,
   EntitlementsListForTenantQuerySchema: () => EntitlementsListForTenantQuerySchema,
   EntitlementsListResultSchema: () => EntitlementsListResultSchema,
+  IntrospectionRequestSchema: () => IntrospectionRequestSchema,
+  IntrospectionResponseSchema: () => IntrospectionResponseSchema,
+  OauthCheckConsentRequiredQuerySchema: () => OauthCheckConsentRequiredQuerySchema,
   PlanAssignBodySchema: () => PlanAssignBodySchema,
   PlanDeleteResponseSchema: () => PlanDeleteResponseSchema,
   PlanResponseSchema: () => PlanResponseSchema,
+  PlanTypeSchema: () => PlanTypeSchema,
   ResourceBulkCreateBodySchema: () => ResourceBulkCreateBodySchema,
   ResourceBulkResultSchema: () => ResourceBulkResultSchema,
   ResourceCreateBodySchema: () => ResourceCreateBodySchema,
@@ -510,20 +628,25 @@ __export(schema_zod_exports, {
   ResourceMemberListSchema: () => ResourceMemberListSchema,
   ResourceMembersListQuerySchema: () => ResourceMembersListQuerySchema,
   ResourceSchema: () => ResourceSchema,
+  ResourceTypeSchema: () => ResourceTypeSchema,
   ResourceUpdateBodySchema: () => ResourceUpdateBodySchema,
   ResourcesListQuerySchema: () => ResourcesListQuerySchema,
+  RevocationRequestSchema: () => RevocationRequestSchema,
   RoleBulkCreateBodySchema: () => RoleBulkCreateBodySchema,
   RoleBulkResultSchema: () => RoleBulkResultSchema,
   RoleCreateBodySchema: () => RoleCreateBodySchema,
   RoleListSchema: () => RoleListSchema,
   RoleSchema: () => RoleSchema,
   RolesListQuerySchema: () => RolesListQuerySchema,
+  TokenRequestSchema: () => TokenRequestSchema,
+  TokenResponseSchema: () => TokenResponseSchema,
   TransactionHistoryResponseSchema: () => TransactionHistoryResponseSchema,
   UsageCheckBodySchema: () => UsageCheckBodySchema,
   UsageConsumeBodySchema: () => UsageConsumeBodySchema,
   UsageCreditBodySchema: () => UsageCreditBodySchema,
   UsageGetBalanceQuerySchema: () => UsageGetBalanceQuerySchema,
   UsageGetTransactionHistoryQuerySchema: () => UsageGetTransactionHistoryQuerySchema,
+  UsageLimitTypeSchema: () => UsageLimitTypeSchema,
   UsageWalletResponseSchema: () => UsageWalletResponseSchema,
   UserCreateBodySchema: () => UserCreateBodySchema,
   UserListSchema: () => UserListSchema,
@@ -533,6 +656,32 @@ __export(schema_zod_exports, {
   UsersListQuerySchema: () => UsersListQuerySchema
 });
 import { z } from "zod";
+var EntitlementTypeSchema = z.string();
+var PlanTypeSchema = z.string();
+var ResourceTypeSchema = z.string();
+var UsageLimitTypeSchema = z.string();
+var AuthorizeRequestSchema = z.object({
+  /** Action to take: allow or deny */
+  action: z.enum(["allow", "deny"]),
+  /** True if consent was auto-approved (not required or previously granted) */
+  auto_approved: z.boolean().optional(),
+  /** OAuth2 client ID */
+  client_id: z.string(),
+  /** PKCE code challenge */
+  code_challenge: z.string().optional(),
+  /** PKCE code challenge method */
+  code_challenge_method: z.string().optional(),
+  /** Redirect URI */
+  redirect_uri: z.string(),
+  /** Response type (typically "code") */
+  response_type: z.string(),
+  /** Space-separated list of scopes */
+  scope: z.string().optional(),
+  /** State parameter for CSRF protection */
+  state: z.string().optional(),
+  /** True if user explicitly clicked Allow, false if auto-approved */
+  user_action: z.boolean().optional()
+});
 var BalanceResponseSchema = z.object({ balance: z.number() });
 var CheckLimitResponseSchema = z.object({
   allowed: z.boolean(),
@@ -540,9 +689,206 @@ var CheckLimitResponseSchema = z.object({
   remaining: z.number().optional(),
   requested: z.number()
 });
+var ConsentCheckResponseSchema = z.object({
+  /** Whether user consent is required */
+  consent_required: z.boolean(),
+  /** Whether consent was previously granted for this app and scopes */
+  previously_granted: z.boolean()
+});
+var DeviceAuthorizeRequestSchema = z.object({
+  /** Action to take: allow or deny */
+  action: z.enum(["allow", "deny"]),
+  /** True if consent was auto-approved (not required or previously granted) */
+  auto_approved: z.boolean().optional(),
+  /** True if user explicitly clicked Allow, false if auto-approved */
+  user_action: z.boolean().optional(),
+  /** The user code displayed to the user */
+  user_code: z.string()
+});
+var DeviceAuthorizeResponseSchema = z.object({
+  /** Whether the authorization was successful */
+  success: z.boolean()
+});
+var DeviceCodeInfoResponseSchema = z.object({
+  /** The name of the OAuth2 application */
+  appName: z.string(),
+  /** Whether the user has already granted consent for this app and scopes */
+  previouslyGranted: z.boolean(),
+  /** Whether the app requires user consent */
+  requireConsent: z.boolean(),
+  /** The scopes requested by the device code */
+  scopes: z.string().array()
+});
+var DeviceCodeRequestSchema = z.object({
+  /** OAuth2 client ID */
+  client_id: z.string(),
+  /** PKCE code challenge (base64url encoded SHA256 hash) */
+  code_challenge: z.string().optional(),
+  /** PKCE code challenge method */
+  code_challenge_method: z.enum(["S256", "plain"]).optional(),
+  /** Space-separated list of scopes */
+  scope: z.string().optional()
+});
+var DeviceCodeResponseSchema = z.object({
+  /** Device verification code (for polling) */
+  device_code: z.string(),
+  /** Device code expiration time in seconds */
+  expires_in: z.number(),
+  /** Minimum polling interval in seconds */
+  interval: z.number(),
+  /** User verification code (short, human-readable) */
+  user_code: z.string(),
+  /** Verification URI for user */
+  verification_uri: z.string(),
+  /** Complete verification URI with user code */
+  verification_uri_complete: z.string()
+});
+var DeviceTokenRequestSchema = z.object({
+  /** OAuth2 client ID */
+  client_id: z.string(),
+  /** PKCE code verifier (if challenge was provided) */
+  code_verifier: z.string().optional(),
+  /** Device code from authorization response */
+  device_code: z.string(),
+  /** Grant type (must be device_code) */
+  grant_type: z.enum([
+    "urn:ietf:params:oauth:grant-type:device_code"
+  ])
+});
+var IntrospectionRequestSchema = z.object({
+  /** The token to introspect */
+  token: z.string(),
+  /** Hint about token type */
+  token_type_hint: z.enum(["access_token", "refresh_token"]).optional()
+});
+var IntrospectionResponseSchema = z.object({
+  /** Whether the token is active */
+  active: z.boolean(),
+  /** Client ID */
+  client_id: z.string().optional(),
+  /** Environment ID */
+  environment_id: z.string().optional(),
+  /** Token expiration timestamp */
+  exp: z.number().optional(),
+  /** Token issued at timestamp */
+  iat: z.number().optional(),
+  /** Space-separated list of scopes */
+  scope: z.string().optional(),
+  /** Subject (user ID) */
+  sub: z.string().optional(),
+  /** Token type */
+  token_type: z.string().optional(),
+  /** Username or user ID */
+  username: z.string().optional()
+});
+var PlanDeleteResponseSchema = z.object({ success: z.boolean() });
+var ResourceMemberListSchema = z.object({
+  items: z.object({
+    inherited: z.boolean(),
+    role: z.string(),
+    user: z.object({
+      avatarUrl: z.string().nullable(),
+      createdAt: z.iso.datetime(),
+      email: z.email(),
+      emailVerified: z.boolean(),
+      firstName: z.string().nullable(),
+      id: z.string(),
+      lastLoginAt: z.iso.datetime().nullable(),
+      lastName: z.string().nullable(),
+      lookupKey: z.string().nullable(),
+      updatedAt: z.iso.datetime()
+    }),
+    userId: z.string()
+  }).array(),
+  limit: z.number(),
+  page: z.number(),
+  total: z.number()
+});
+var RevocationRequestSchema = z.object({
+  /** The token to revoke */
+  token: z.string(),
+  /** Hint about token type */
+  token_type_hint: z.enum(["access_token", "refresh_token"]).optional()
+});
+var TokenRequestSchema = z.object({
+  /** OAuth2 client ID */
+  client_id: z.string(),
+  /** OAuth2 client secret (required for confidential clients) */
+  client_secret: z.string().optional(),
+  /** Authorization code (required for authorization_code grant) */
+  code: z.string().optional(),
+  /** PKCE code verifier (if challenge was provided) */
+  code_verifier: z.string().optional(),
+  /** OAuth2 grant type */
+  grant_type: z.enum(["authorization_code", "refresh_token"]),
+  /** Redirect URI (required for authorization_code grant) */
+  redirect_uri: z.string().optional(),
+  /** Refresh token (required for refresh_token grant) */
+  refresh_token: z.string().optional(),
+  /** Space-separated list of scopes (optional for refresh) */
+  scope: z.string().optional()
+});
+var TokenResponseSchema = z.object({
+  /** Access token (JWT) */
+  access_token: z.string(),
+  /** Access token expiration time in seconds */
+  expires_in: z.number(),
+  /** Refresh token (for obtaining new access tokens) */
+  refresh_token: z.string(),
+  /** Space-separated list of granted scopes */
+  scope: z.string().optional(),
+  /** Token type */
+  token_type: z.string()
+});
+var UserSchema = z.object({
+  avatarUrl: z.string().nullable(),
+  createdAt: z.iso.datetime(),
+  email: z.email(),
+  emailVerified: z.boolean(),
+  firstName: z.string().nullable(),
+  id: z.string(),
+  lastLoginAt: z.iso.datetime().nullable(),
+  lastName: z.string().nullable(),
+  lookupKey: z.string().nullable(),
+  updatedAt: z.iso.datetime()
+});
+var UserCreateBodySchema = z.object({
+  avatarUrl: z.url().optional(),
+  email: z.email(),
+  firstName: z.string().nullable().optional(),
+  lastName: z.string().nullable().optional(),
+  lookupKey: z.string(),
+  newUser: z.boolean().nullable().optional(),
+  password: z.string().nullable().optional()
+});
+var UserListSchema = z.object({
+  items: z.object({
+    avatarUrl: z.string().nullable(),
+    createdAt: z.iso.datetime(),
+    email: z.email(),
+    emailVerified: z.boolean(),
+    firstName: z.string().nullable(),
+    id: z.string(),
+    lastLoginAt: z.iso.datetime().nullable(),
+    lastName: z.string().nullable(),
+    lookupKey: z.string().nullable(),
+    updatedAt: z.iso.datetime()
+  }).array(),
+  limit: z.number(),
+  page: z.number(),
+  total: z.number()
+});
+var UserUpdateBodySchema = z.object({
+  avatarUrl: z.url().nullable().optional(),
+  email: z.email().optional(),
+  firstName: z.string().nullable().optional(),
+  lastName: z.string().nullable().optional(),
+  lookupKey: z.string().optional(),
+  password: z.string().optional()
+});
 var EntitlementCheckBodySchema = z.object({
   amount: z.number().int().optional(),
-  entitlement: z.string(),
+  entitlement: EntitlementTypeSchema,
   resourceId: z.string(),
   userId: z.string()
 });
@@ -552,15 +898,15 @@ var EntitlementCheckResultSchema = z.object({
     allowed: z.boolean(),
     current: z.number().optional(),
     limit: z.number().optional(),
-    plan: z.string().nullable().optional(),
+    plan: PlanTypeSchema.optional(),
     reason: z.string().optional(),
     remaining: z.number().optional(),
     scope: z.string().optional()
   }).nullable().optional(),
   plans: z.object({
     allowed: z.boolean(),
-    allowedPlans: z.string().array().optional(),
-    plan: z.string().nullable().optional(),
+    allowedPlans: PlanTypeSchema.array().optional(),
+    plan: PlanTypeSchema.optional(),
     reason: z.string().optional()
   }).nullable().optional(),
   roles: z.object({
@@ -570,30 +916,29 @@ var EntitlementCheckResultSchema = z.object({
     userRoles: z.string().array().optional()
   }).nullable().optional()
 });
+var PlanAssignBodySchema = z.object({ planKey: PlanTypeSchema });
 var EntitlementsListResultSchema = z.object({
   results: z.object({
     entitlements: z.object({
       allowed: z.boolean(),
       allowedByPlan: z.boolean(),
       allowedByRole: z.boolean(),
-      allowedPlans: z.string().array().optional(),
+      allowedPlans: PlanTypeSchema.array().optional(),
       allowedRoles: z.string().array(),
-      currentPlan: z.string().optional(),
+      currentPlan: PlanTypeSchema.optional(),
       currentRole: z.string().optional(),
-      entitlement: z.string()
+      entitlement: EntitlementTypeSchema
     }).array(),
     resourceId: z.string(),
-    resourceType: z.string()
+    resourceType: ResourceTypeSchema
   }).array()
 });
-var PlanAssignBodySchema = z.object({ planKey: z.string() });
-var PlanDeleteResponseSchema = z.object({ success: z.boolean() });
 var PlanResponseSchema = z.object({
   createdAt: z.iso.datetime(),
   environmentId: z.string(),
-  planKey: z.string(),
+  planKey: PlanTypeSchema,
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   updatedAt: z.iso.datetime()
 });
 var ResourceSchema = z.object({
@@ -602,9 +947,9 @@ var ResourceSchema = z.object({
   name: z.string().nullable(),
   parents: z.object({
     id: z.string(),
-    type: z.string()
+    type: ResourceTypeSchema
   }).array().optional(),
-  type: z.string()
+  type: ResourceTypeSchema
 });
 var ResourceBulkCreateBodySchema = z.object({
   resources: z.object({
@@ -612,7 +957,7 @@ var ResourceBulkCreateBodySchema = z.object({
     name: z.string().optional(),
     parents: z.object({
       id: z.string(),
-      type: z.string()
+      type: ResourceTypeSchema
     }).array().optional(),
     roles: z.object({
       role: z.string(),
@@ -624,7 +969,7 @@ var ResourceBulkResultSchema = z.object({
   created: z.object({
     environmentId: z.string(),
     id: z.string(),
-    type: z.string()
+    type: ResourceTypeSchema
   }).array(),
   errors: z.object({
     error: z.string(),
@@ -634,7 +979,7 @@ var ResourceBulkResultSchema = z.object({
       name: z.string().optional(),
       parents: z.object({
         id: z.string(),
-        type: z.string()
+        type: ResourceTypeSchema
       }).array().optional(),
       roles: z.object({
         role: z.string(),
@@ -654,55 +999,33 @@ var ResourceCreateBodySchema = z.object({
   name: z.string().optional(),
   parents: z.object({
     id: z.string(),
-    type: z.string()
+    type: ResourceTypeSchema
   }).array().optional(),
   roles: z.object({
     role: z.string(),
     userId: z.string()
   }).array().optional()
 });
-var ResourceMemberListSchema = z.object({
-  items: z.object({
-    inherited: z.boolean(),
-    role: z.string(),
-    user: z.object({
-      avatarUrl: z.string().nullable(),
-      createdAt: z.iso.datetime(),
-      email: z.email(),
-      emailVerified: z.boolean(),
-      firstName: z.string().nullable(),
-      id: z.string(),
-      lastLoginAt: z.iso.datetime().nullable(),
-      lastName: z.string().nullable(),
-      lookupKey: z.string().nullable(),
-      updatedAt: z.iso.datetime()
-    }),
-    userId: z.string()
-  }).array(),
-  limit: z.number(),
-  page: z.number(),
-  total: z.number()
-});
 var ResourceUpdateBodySchema = z.object({
   name: z.string().optional(),
   /** Creates relationships with other resources. Parent resources must already exist. */
   parents: z.object({
     id: z.string(),
-    type: z.string()
+    type: ResourceTypeSchema
   }).array().optional()
 });
 var RoleSchema = z.object({
   createdAt: z.string(),
   environmentId: z.string(),
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   role: z.string(),
   userId: z.string()
 });
 var RoleBulkCreateBodySchema = z.object({
   roles: z.object({
     resourceId: z.string(),
-    resourceType: z.string(),
+    resourceType: ResourceTypeSchema,
     role: z.string(),
     userId: z.string()
   }).array()
@@ -712,7 +1035,7 @@ var RoleBulkResultSchema = z.object({
     createdAt: z.string(),
     environmentId: z.string(),
     resourceId: z.string(),
-    resourceType: z.string(),
+    resourceType: ResourceTypeSchema,
     role: z.string(),
     userId: z.string()
   }).array(),
@@ -721,7 +1044,7 @@ var RoleBulkResultSchema = z.object({
     index: z.number(),
     role: z.object({
       resourceId: z.string(),
-      resourceType: z.string(),
+      resourceType: ResourceTypeSchema,
       role: z.string(),
       userId: z.string()
     })
@@ -735,7 +1058,7 @@ var RoleBulkResultSchema = z.object({
 });
 var RoleCreateBodySchema = z.object({
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   role: z.string()
 });
 var RoleListSchema = z.object({
@@ -745,43 +1068,58 @@ var RoleListSchema = z.object({
     createdAt: z.string(),
     environmentId: z.string(),
     resourceId: z.string(),
-    resourceType: z.string(),
+    resourceType: ResourceTypeSchema,
     role: z.string(),
     userId: z.string()
   }).array(),
   total: z.number()
 });
+var UserResourceListSchema = z.array(
+  z.object({
+    inherited: z.boolean(),
+    resource: z.object({
+      id: z.string(),
+      name: z.string(),
+      parents: z.object({
+        id: z.string(),
+        type: ResourceTypeSchema
+      }).array(),
+      type: ResourceTypeSchema
+    }).catchall(z.unknown()),
+    role: z.string()
+  })
+);
 var TransactionHistoryResponseSchema = z.object({
   items: z.object({
     amount: z.number().int(),
     createdAt: z.iso.datetime(),
     environmentId: z.string(),
     id: z.string(),
-    limitType: z.string(),
+    limitType: UsageLimitTypeSchema,
     resourceId: z.string(),
-    resourceType: z.string(),
+    resourceType: ResourceTypeSchema,
     tags: z.record(z.string(), z.unknown()).nullable()
   }).array()
 });
 var UsageCheckBodySchema = z.object({
   amount: z.number().int(),
-  limitType: z.string(),
+  limitType: UsageLimitTypeSchema,
   period: z.enum(["monthly", "yearly", "lifetime"]),
   resourceId: z.string(),
-  resourceType: z.string()
+  resourceType: ResourceTypeSchema
 });
 var UsageConsumeBodySchema = z.object({
   amount: z.number().int(),
-  limitType: z.string(),
+  limitType: UsageLimitTypeSchema,
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   tags: z.record(z.string(), z.unknown()).optional()
 });
 var UsageCreditBodySchema = z.object({
   amount: z.number().int(),
-  limitType: z.string(),
+  limitType: UsageLimitTypeSchema,
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   tags: z.record(z.string(), z.unknown()).optional()
 });
 var UsageWalletResponseSchema = z.object({
@@ -789,72 +1127,11 @@ var UsageWalletResponseSchema = z.object({
   createdAt: z.iso.datetime(),
   environmentId: z.string(),
   id: z.string(),
-  limitType: z.string(),
+  limitType: UsageLimitTypeSchema,
   resourceId: z.string(),
-  resourceType: z.string(),
+  resourceType: ResourceTypeSchema,
   tags: z.record(z.string(), z.unknown()).nullable()
 });
-var UserSchema = z.object({
-  avatarUrl: z.string().nullable(),
-  createdAt: z.iso.datetime(),
-  email: z.email(),
-  emailVerified: z.boolean(),
-  firstName: z.string().nullable(),
-  id: z.string(),
-  lastLoginAt: z.iso.datetime().nullable(),
-  lastName: z.string().nullable(),
-  lookupKey: z.string().nullable(),
-  updatedAt: z.iso.datetime()
-});
-var UserCreateBodySchema = z.object({
-  avatarUrl: z.url().optional(),
-  email: z.email(),
-  firstName: z.string().nullable().optional(),
-  lastName: z.string().nullable().optional(),
-  lookupKey: z.string(),
-  newUser: z.boolean().nullable().optional(),
-  password: z.string().nullable().optional()
-});
-var UserListSchema = z.object({
-  items: z.object({
-    avatarUrl: z.string().nullable(),
-    createdAt: z.iso.datetime(),
-    email: z.email(),
-    emailVerified: z.boolean(),
-    firstName: z.string().nullable(),
-    id: z.string(),
-    lastLoginAt: z.iso.datetime().nullable(),
-    lastName: z.string().nullable(),
-    lookupKey: z.string().nullable(),
-    updatedAt: z.iso.datetime()
-  }).array(),
-  limit: z.number(),
-  page: z.number(),
-  total: z.number()
-});
-var UserResourceListSchema = z.array(
-  z.object({
-    inherited: z.boolean(),
-    resource: z.object({
-      id: z.string(),
-      name: z.string(),
-      parents: z.object({
-        id: z.string(),
-        type: z.string()
-      }).array(),
-      type: z.string()
-    }).catchall(z.unknown()),
-    role: z.string()
-  })
-);
-var UserUpdateBodySchema = z.object({
-  avatarUrl: z.url().nullable().optional(),
-  email: z.email().optional(),
-  firstName: z.string().nullable().optional(),
-  lastName: z.string().nullable().optional(),
-  lookupKey: z.string().optional(),
-  password: z.string().optional()
-});
 var ResourceListSchema = z.object({
   items: ResourceSchema.array(),
   limit: z.number(),
@@ -869,6 +1146,14 @@ var EntitlementsListForTenantQuerySchema = z.object({
   /** The unique identifier of the user */
   userId: z.string()
 });
+var OauthCheckConsentRequiredQuerySchema = z.object({
+  /** OAuth2 client ID */
+  client_id: z.string(),
+  /** Redirect URI */
+  redirect_uri: z.string().optional(),
+  /** Space-separated list of scopes */
+  scope: z.string().optional()
+});
 var ResourceMembersListQuerySchema = z.object({
   /** Number of items per page (minimum: 1, maximum: 100) */
   limit: z.number().optional(),
@@ -893,7 +1178,7 @@ var RolesListQuerySchema = z.object({
   /** Filter roles by specific resource ID */
   resourceId: z.string().optional(),
   /** Filter roles by resource type */
-  resourceType: z.string().optional(),
+  resourceType: ResourceTypeSchema.optional(),
   /** Filter by role name */
   role: z.string().optional()
 });