npm - @blimu/backend - Versions diffs - 1.2.1 → 1.2.2 - Mend

@blimu/backend 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/README.md +9 -0
package/dist/client.cjs +43 -0
package/dist/client.cjs.map +1 -1
package/dist/client.d.mts +3 -1
package/dist/client.d.ts +3 -1
package/dist/client.mjs +43 -0
package/dist/client.mjs.map +1 -1
package/dist/index.cjs +101 -92
package/dist/index.cjs.map +1 -1
package/dist/index.d.mts +31 -18
package/dist/index.d.ts +31 -18
package/dist/index.mjs +99 -92
package/dist/index.mjs.map +1 -1
package/dist/{schema-CGYqiv8k.d.mts → schema-CdEZKE7E.d.mts} +17 -2
package/dist/{schema-CGYqiv8k.d.ts → schema-CdEZKE7E.d.ts} +17 -2
package/dist/schema.cjs.map +1 -1
package/dist/schema.d.mts +1 -1
package/dist/schema.d.ts +1 -1
package/dist/services/auth_jwks.cjs +69 -0
package/dist/services/auth_jwks.cjs.map +1 -0
package/dist/services/auth_jwks.d.mts +13 -0
package/dist/services/auth_jwks.d.ts +13 -0
package/dist/services/auth_jwks.mjs +44 -0
package/dist/services/auth_jwks.mjs.map +1 -0
package/dist/services/bulk_resources.d.mts +1 -1
package/dist/services/bulk_resources.d.ts +1 -1
package/dist/services/bulk_roles.d.mts +1 -1
package/dist/services/bulk_roles.d.ts +1 -1
package/dist/services/entitlements.d.mts +1 -1
package/dist/services/entitlements.d.ts +1 -1
package/dist/services/oauth.d.mts +1 -1
package/dist/services/oauth.d.ts +1 -1
package/dist/services/plans.d.mts +1 -1
package/dist/services/plans.d.ts +1 -1
package/dist/services/resource_members.d.mts +1 -1
package/dist/services/resource_members.d.ts +1 -1
package/dist/services/resources.d.mts +1 -1
package/dist/services/resources.d.ts +1 -1
package/dist/services/roles.d.mts +1 -1
package/dist/services/roles.d.ts +1 -1
package/dist/services/usage.d.mts +1 -1
package/dist/services/usage.d.ts +1 -1
package/dist/services/users.d.mts +1 -1
package/dist/services/users.d.ts +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -34,6 +34,14 @@ const client = new BlimuClient({
   ],
 });
+// Example: Get JSON Web Key Set for environment (Public)
+try {
+  const result = await client.authJwks.getJwks();
+  console.log('Result:', result);
+} catch (error) {
+  // FetchError with structured data
+  console.error(error);
+}
 // Example: Bulk create resources
 try {
   const result = await client.bulkResources.create(
@@ -186,6 +194,7 @@ The SDK includes the following TypeScript interfaces:
 - **EntitlementsListResult**
 - **IntrospectionRequest**
 - **IntrospectionResponse**
+- **JWK**
 - **PlanAssignBody**
 - **PlanDeleteResponse**
 - **PlanResponse**

package/dist/client.cjs CHANGED Viewed

@@ -42,6 +42,47 @@ function buildAuthStrategies(cfg) {
   return authStrategies;
 }
+// src/services/auth_jwks.ts
+var AuthJwksService = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * GET /v1/auth/.well-known/jwks.json*
+   * @summary Get JSON Web Key Set for environment (Public)*
+   * @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey).*/
+  getJwks(init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/.well-known/jwks.json`,
+      ...init ?? {}
+    });
+  }
+  /**
+   * GET /v1/auth/.well-known/public-key.pem*
+   * @summary Get environment public key (PEM)*
+   * @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key.*/
+  getPublicKeyPem(init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/.well-known/public-key.pem`,
+      ...init ?? {}
+    });
+  }
+  /**
+   * GET /v1/auth/oauth/.well-known/jwks.json*
+   * @summary Get JSON Web Key Set for OAuth app (Public)*
+   * @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/
+  getOAuthAppJwks(query, init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/oauth/.well-known/jwks.json`,
+      query,
+      ...init ?? {}
+    });
+  }
+};
 // src/services/bulk_resources.ts
 var BulkResourcesService = class {
   constructor(core) {
@@ -549,6 +590,7 @@ var UsersService = class {
 // src/client.ts
 var Blimu = class {
+  authJwks;
   bulkResources;
   bulkRoles;
   entitlements;
@@ -568,6 +610,7 @@ var Blimu = class {
       baseURL: options?.baseURL ?? "https://api.blimu.dev",
       ...authStrategies.length > 0 ? { authStrategies } : {}
     });
+    this.authJwks = new AuthJwksService(core);
     this.bulkResources = new BulkResourcesService(core);
     this.bulkRoles = new BulkRolesService(core);
     this.entitlements = new EntitlementsService(core);

package/dist/client.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/client.ts","../src/auth-strategies.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts"],"sourcesContent":["import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n readonly bulkResources: BulkResourcesService;\n readonly bulkRoles: BulkRolesService;\n readonly entitlements: EntitlementsService;\n readonly oauth: OauthService;\n readonly plans: PlansService;\n readonly resourceMembers: ResourceMembersService;\n readonly resources: ResourcesService;\n readonly roles: RolesService;\n readonly usage: UsageService;\n readonly users: UsersService;\n\n constructor(options?: ClientOption) {\n const restCfg = { ...(options ?? {}) };\n delete restCfg.apiKey;\n\n const authStrategies = buildAuthStrategies(options ?? {});\n\n const core = new FetchClient({\n ...restCfg,\n baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n ...(authStrategies.length > 0 ? { authStrategies } : {}),\n });\n\n this.bulkResources = new BulkResourcesService(core);\n this.bulkRoles = new BulkRolesService(core);\n this.entitlements = new EntitlementsService(core);\n this.oauth = new OauthService(core);\n this.plans = new PlansService(core);\n this.resourceMembers = new ResourceMembersService(core);\n this.resources = new ResourcesService(core);\n this.roles = new RolesService(core);\n this.usage = new UsageService(core);\n this.users = new UsersService(core);\n }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n if (cfg.apiKey) {\n authStrategies.push({\n type: 'apiKey',\n key: cfg.apiKey,\n location: 'header',\n name: 'X-API-KEY',\n });\n }\n return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/resources/{resourceType}/bulk\n @summary Bulk create resources\n @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class BulkRolesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/users/roles/bulk\n @summary Bulk create roles\n @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions./\n create(\n body: Schema.RoleBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/roles/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/entitlements/check\n @summary Check if a user has a specific entitlement on a resource\n @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status./\n checkEntitlement(\n body: Schema.EntitlementCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementCheckResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/entitlements/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}\n @summary List entitlements for a specific resource\n @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance./\n listForResource(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.EntitlementsListForResourceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-tenant/{tenantResourceId}\n @summary List entitlements for a tenant and all its sub-resources\n @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`)./\n listForTenant(\n tenantResourceId: string,\n query?: Schema.EntitlementsListForTenantQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class OauthService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/oauth/authorize\n @summary Check consent requirement\n @description Checks if user consent is required for the OAuth2 app and requested scopes./\n checkConsentRequired(\n query?: Schema.OauthCheckConsentRequiredQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ConsentCheckResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/authorize`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/authorize\n @summary Authorize OAuth2 application\n @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements./\n authorize(\n body: Schema.AuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/authorize\n @summary Authorize or deny device code\n @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session./\n authorizeDeviceCode(\n body: Schema.DeviceAuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceAuthorizeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/code\n @summary Request device authorization codes\n @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry)./\n requestDeviceCode(\n body: Schema.DeviceCodeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/code`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/oauth/device/code/{user_code}\n @summary Get device code information\n @description Returns device code information including app name, scopes, and consent requirement status./\n getDeviceCodeInfo(\n user_code: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeInfoResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/token\n @summary Poll for device authorization tokens\n @description Client polls this endpoint to exchange device_code for tokens once user has authorized./\n exchangeDeviceCode(\n body: Schema.DeviceTokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/token`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/introspect\n @summary Introspect token\n @description Validates a token and returns metadata. Requires client authentication./\n introspect(\n body: Schema.IntrospectionRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.IntrospectionResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/introspect`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/revoke\n @summary Revoke token\n @description Revokes an access or refresh token. Requires client authentication./\n revoke(\n body: Schema.RevocationRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/revoke`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/token\n @summary Token endpoint\n @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec)./\n token(\n body: Schema.TokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/token`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n constructor(private core: FetchClient) {}\n\n /*\n DELETE /v1/resources/{resourceType}/{resourceId}/plan\n @summary Remove plan assignment from a tenant resource\n @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanDeleteResponse> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}/plan\n @summary Get the plan assigned to a tenant resource\n @description Retrieves the billing plan currently assigned to a tenant resource, if any./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}/{resourceId}/plan\n @summary Assign a plan to a tenant resource\n @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions./\n assign(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.PlanAssignBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}/{resourceId}/members\n @summary List members for a resource\n @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name./\n list(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.ResourceMembersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceMemberList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}\n @summary List resources\n @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata./\n list(\n resourceType: ResourceType,\n query?: Schema.ResourcesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}\n @summary Create a resource\n @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/resources/{resourceType}/{resourceId}\n @summary Delete a resource\n @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}\n @summary Read a resource\n @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/resources/{resourceType}/{resourceId}\n @summary Update a resource\n @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist./\n update(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.ResourceUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users/{userId}/roles\n @summary List user roles\n @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles./\n list(\n userId: string,\n query?: Schema.RolesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users/{userId}/roles\n @summary Create a role (assign role to user on resource)\n @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration./\n create(\n userId: string,\n body: Schema.RoleCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Role> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}\n @summary Delete a role\n @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources./\n delete(\n userId: string,\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsageService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}\n @summary Get wallet balance\n @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions./\n getBalance(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetBalanceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.BalanceResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/check\n @summary Check if consumption is allowed\n @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption./\n checkLimit(\n body: Schema.UsageCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.CheckLimitResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/consume\n @summary Record consumption (inserts negative amount)\n @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes./\n consume(\n body: Schema.UsageConsumeBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/consume`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/credit\n @summary Add credits to wallet (inserts positive amount)\n @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes./\n credit(\n body: Schema.UsageCreditBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/credit`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}\n @summary Get transaction history\n @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range./\n getTransactionHistory(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetTransactionHistoryQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TransactionHistoryResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users\n @summary List users\n @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key./\n list(\n query?: Schema.UsersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users\n @summary Create a user\n @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time./\n create(\n body: Schema.UserCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}\n @summary Delete a user\n @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user./\n delete(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}\n @summary Get a user by ID\n @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata./\n read(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.User> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/users/{userId}\n @summary Update a user\n @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable./\n update(\n userId: string,\n body: Schema.UserUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}/effective-user-resources-roles\n @summary List effective user resources roles\n @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n listEffectiveUserResourcesRoles(\n userId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n ...(init ?? {}),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAwC;AACxC,IAAAA,gBAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACXO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AX3EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,yBAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;","names":["import_fetch"]}
1	+ {"version":3,"sources":["../src/client.ts","../src/auth-strategies.ts","../src/services/auth_jwks.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts"],"sourcesContent":["import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n readonly authJwks: AuthJwksService;\n readonly bulkResources: BulkResourcesService;\n readonly bulkRoles: BulkRolesService;\n readonly entitlements: EntitlementsService;\n readonly oauth: OauthService;\n readonly plans: PlansService;\n readonly resourceMembers: ResourceMembersService;\n readonly resources: ResourcesService;\n readonly roles: RolesService;\n readonly usage: UsageService;\n readonly users: UsersService;\n\n constructor(options?: ClientOption) {\n const restCfg = { ...(options ?? {}) };\n delete restCfg.apiKey;\n\n const authStrategies = buildAuthStrategies(options ?? {});\n\n const core = new FetchClient({\n ...restCfg,\n baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n ...(authStrategies.length > 0 ? { authStrategies } : {}),\n });\n\n this.authJwks = new AuthJwksService(core);\n this.bulkResources = new BulkResourcesService(core);\n this.bulkRoles = new BulkRolesService(core);\n this.entitlements = new EntitlementsService(core);\n this.oauth = new OauthService(core);\n this.plans = new PlansService(core);\n this.resourceMembers = new ResourceMembersService(core);\n this.resources = new ResourcesService(core);\n this.roles = new RolesService(core);\n this.usage = new UsageService(core);\n this.users = new UsersService(core);\n }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n if (cfg.apiKey) {\n authStrategies.push({\n type: 'apiKey',\n key: cfg.apiKey,\n location: 'header',\n name: 'X-API-KEY',\n });\n }\n return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class AuthJwksService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/auth/.well-known/jwks.json\n @summary Get JSON Web Key Set for environment (Public)\n @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey)./\n getJwks(init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.JWK> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/.well-known/jwks.json`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/auth/.well-known/public-key.pem\n @summary Get environment public key (PEM)\n @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key./\n getPublicKeyPem(init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/.well-known/public-key.pem`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/auth/oauth/.well-known/jwks.json\n @summary Get JSON Web Key Set for OAuth app (Public)\n @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys./\n getOAuthAppJwks(\n query?: Schema.AuthJwksGetOAuthAppJwksQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.JWK> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/oauth/.well-known/jwks.json`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/resources/{resourceType}/bulk\n @summary Bulk create resources\n @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class BulkRolesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/users/roles/bulk\n @summary Bulk create roles\n @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions./\n create(\n body: Schema.RoleBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/roles/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/entitlements/check\n @summary Check if a user has a specific entitlement on a resource\n @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status./\n checkEntitlement(\n body: Schema.EntitlementCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementCheckResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/entitlements/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}\n @summary List entitlements for a specific resource\n @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance./\n listForResource(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.EntitlementsListForResourceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-tenant/{tenantResourceId}\n @summary List entitlements for a tenant and all its sub-resources\n @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`)./\n listForTenant(\n tenantResourceId: string,\n query?: Schema.EntitlementsListForTenantQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class OauthService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/oauth/authorize\n @summary Check consent requirement\n @description Checks if user consent is required for the OAuth2 app and requested scopes./\n checkConsentRequired(\n query?: Schema.OauthCheckConsentRequiredQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ConsentCheckResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/authorize`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/authorize\n @summary Authorize OAuth2 application\n @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements./\n authorize(\n body: Schema.AuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/authorize\n @summary Authorize or deny device code\n @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session./\n authorizeDeviceCode(\n body: Schema.DeviceAuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceAuthorizeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/code\n @summary Request device authorization codes\n @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry)./\n requestDeviceCode(\n body: Schema.DeviceCodeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/code`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/oauth/device/code/{user_code}\n @summary Get device code information\n @description Returns device code information including app name, scopes, and consent requirement status./\n getDeviceCodeInfo(\n user_code: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeInfoResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/token\n @summary Poll for device authorization tokens\n @description Client polls this endpoint to exchange device_code for tokens once user has authorized./\n exchangeDeviceCode(\n body: Schema.DeviceTokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/token`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/introspect\n @summary Introspect token\n @description Validates a token and returns metadata. Requires client authentication./\n introspect(\n body: Schema.IntrospectionRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.IntrospectionResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/introspect`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/revoke\n @summary Revoke token\n @description Revokes an access or refresh token. Requires client authentication./\n revoke(\n body: Schema.RevocationRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/revoke`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/token\n @summary Token endpoint\n @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec)./\n token(\n body: Schema.TokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/token`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n constructor(private core: FetchClient) {}\n\n /*\n DELETE /v1/resources/{resourceType}/{resourceId}/plan\n @summary Remove plan assignment from a tenant resource\n @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanDeleteResponse> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}/plan\n @summary Get the plan assigned to a tenant resource\n @description Retrieves the billing plan currently assigned to a tenant resource, if any./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}/{resourceId}/plan\n @summary Assign a plan to a tenant resource\n @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions./\n assign(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.PlanAssignBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}/{resourceId}/members\n @summary List members for a resource\n @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name./\n list(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.ResourceMembersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceMemberList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}\n @summary List resources\n @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata./\n list(\n resourceType: ResourceType,\n query?: Schema.ResourcesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}\n @summary Create a resource\n @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/resources/{resourceType}/{resourceId}\n @summary Delete a resource\n @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}\n @summary Read a resource\n @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/resources/{resourceType}/{resourceId}\n @summary Update a resource\n @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist./\n update(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.ResourceUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users/{userId}/roles\n @summary List user roles\n @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles./\n list(\n userId: string,\n query?: Schema.RolesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users/{userId}/roles\n @summary Create a role (assign role to user on resource)\n @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration./\n create(\n userId: string,\n body: Schema.RoleCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Role> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}\n @summary Delete a role\n @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources./\n delete(\n userId: string,\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsageService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}\n @summary Get wallet balance\n @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions./\n getBalance(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetBalanceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.BalanceResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/check\n @summary Check if consumption is allowed\n @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption./\n checkLimit(\n body: Schema.UsageCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.CheckLimitResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/consume\n @summary Record consumption (inserts negative amount)\n @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes./\n consume(\n body: Schema.UsageConsumeBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/consume`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/credit\n @summary Add credits to wallet (inserts positive amount)\n @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes./\n credit(\n body: Schema.UsageCreditBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/credit`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}\n @summary Get transaction history\n @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range./\n getTransactionHistory(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetTransactionHistoryQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TransactionHistoryResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users\n @summary List users\n @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key./\n list(\n query?: Schema.UsersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users\n @summary Create a user\n @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time./\n create(\n body: Schema.UserCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}\n @summary Delete a user\n @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user./\n delete(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}\n @summary Get a user by ID\n @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata./\n read(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.User> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/users/{userId}\n @summary Update a user\n @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable./\n update(\n userId: string,\n body: Schema.UserUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}/effective-user-resources-roles\n @summary List effective user resources roles\n @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n listEffectiveUserResourcesRoles(\n userId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n ...(init ?? {}),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAwC;AACxC,IAAAA,gBAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACZO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,QAAQ,MAAkE;AACxE,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAgB,MAA+D;AAC7E,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,OACA,MACqB;AACrB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACzCO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AZ1EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,yBAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;","names":["import_fetch"]}

package/dist/client.d.mts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { FetchClientConfig, ApiKeyAuthStrategy, FetchError } from '@blimu/fetch';
 export { FetchError } from '@blimu/fetch';
+import { AuthJwksService } from './services/auth_jwks.mjs';
 import { BulkResourcesService } from './services/bulk_resources.mjs';
 import { BulkRolesService } from './services/bulk_roles.mjs';
 import { EntitlementsService } from './services/entitlements.mjs';
@@ -10,13 +11,14 @@ import { ResourcesService } from './services/resources.mjs';
 import { RolesService } from './services/roles.mjs';
 import { UsageService } from './services/usage.mjs';
 import { UsersService } from './services/users.mjs';
-import './schema-CGYqiv8k.mjs';
+import './schema-CdEZKE7E.mjs';
 import '@blimu/types';
 type ClientOption = FetchClientConfig & {
     apiKey?: ApiKeyAuthStrategy['key'];
 };
 declare class Blimu {
+    readonly authJwks: AuthJwksService;
     readonly bulkResources: BulkResourcesService;
     readonly bulkRoles: BulkRolesService;
     readonly entitlements: EntitlementsService;

package/dist/client.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { FetchClientConfig, ApiKeyAuthStrategy, FetchError } from '@blimu/fetch';
 export { FetchError } from '@blimu/fetch';
+import { AuthJwksService } from './services/auth_jwks.js';
 import { BulkResourcesService } from './services/bulk_resources.js';
 import { BulkRolesService } from './services/bulk_roles.js';
 import { EntitlementsService } from './services/entitlements.js';
@@ -10,13 +11,14 @@ import { ResourcesService } from './services/resources.js';
 import { RolesService } from './services/roles.js';
 import { UsageService } from './services/usage.js';
 import { UsersService } from './services/users.js';
-import './schema-CGYqiv8k.js';
+import './schema-CdEZKE7E.js';
 import '@blimu/types';
 type ClientOption = FetchClientConfig & {
     apiKey?: ApiKeyAuthStrategy['key'];
 };
 declare class Blimu {
+    readonly authJwks: AuthJwksService;
     readonly bulkResources: BulkResourcesService;
     readonly bulkRoles: BulkRolesService;
     readonly entitlements: EntitlementsService;

package/dist/client.mjs CHANGED Viewed

@@ -16,6 +16,47 @@ function buildAuthStrategies(cfg) {
   return authStrategies;
 }
+// src/services/auth_jwks.ts
+var AuthJwksService = class {
+  constructor(core) {
+    this.core = core;
+  }
+  /**
+   * GET /v1/auth/.well-known/jwks.json*
+   * @summary Get JSON Web Key Set for environment (Public)*
+   * @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey).*/
+  getJwks(init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/.well-known/jwks.json`,
+      ...init ?? {}
+    });
+  }
+  /**
+   * GET /v1/auth/.well-known/public-key.pem*
+   * @summary Get environment public key (PEM)*
+   * @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key.*/
+  getPublicKeyPem(init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/.well-known/public-key.pem`,
+      ...init ?? {}
+    });
+  }
+  /**
+   * GET /v1/auth/oauth/.well-known/jwks.json*
+   * @summary Get JSON Web Key Set for OAuth app (Public)*
+   * @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/
+  getOAuthAppJwks(query, init) {
+    return this.core.request({
+      method: "GET",
+      path: `/v1/auth/oauth/.well-known/jwks.json`,
+      query,
+      ...init ?? {}
+    });
+  }
+};
 // src/services/bulk_resources.ts
 var BulkResourcesService = class {
   constructor(core) {
@@ -523,6 +564,7 @@ var UsersService = class {
 // src/client.ts
 var Blimu = class {
+  authJwks;
   bulkResources;
   bulkRoles;
   entitlements;
@@ -542,6 +584,7 @@ var Blimu = class {
       baseURL: options?.baseURL ?? "https://api.blimu.dev",
       ...authStrategies.length > 0 ? { authStrategies } : {}
     });
+    this.authJwks = new AuthJwksService(core);
     this.bulkResources = new BulkResourcesService(core);
     this.bulkRoles = new BulkRolesService(core);
     this.entitlements = new EntitlementsService(core);

package/dist/client.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/client.ts","../src/auth-strategies.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts"],"sourcesContent":["import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n readonly bulkResources: BulkResourcesService;\n readonly bulkRoles: BulkRolesService;\n readonly entitlements: EntitlementsService;\n readonly oauth: OauthService;\n readonly plans: PlansService;\n readonly resourceMembers: ResourceMembersService;\n readonly resources: ResourcesService;\n readonly roles: RolesService;\n readonly usage: UsageService;\n readonly users: UsersService;\n\n constructor(options?: ClientOption) {\n const restCfg = { ...(options ?? {}) };\n delete restCfg.apiKey;\n\n const authStrategies = buildAuthStrategies(options ?? {});\n\n const core = new FetchClient({\n ...restCfg,\n baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n ...(authStrategies.length > 0 ? { authStrategies } : {}),\n });\n\n this.bulkResources = new BulkResourcesService(core);\n this.bulkRoles = new BulkRolesService(core);\n this.entitlements = new EntitlementsService(core);\n this.oauth = new OauthService(core);\n this.plans = new PlansService(core);\n this.resourceMembers = new ResourceMembersService(core);\n this.resources = new ResourcesService(core);\n this.roles = new RolesService(core);\n this.usage = new UsageService(core);\n this.users = new UsersService(core);\n }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n if (cfg.apiKey) {\n authStrategies.push({\n type: 'apiKey',\n key: cfg.apiKey,\n location: 'header',\n name: 'X-API-KEY',\n });\n }\n return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/resources/{resourceType}/bulk\n @summary Bulk create resources\n @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class BulkRolesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/users/roles/bulk\n @summary Bulk create roles\n @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions./\n create(\n body: Schema.RoleBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/roles/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/entitlements/check\n @summary Check if a user has a specific entitlement on a resource\n @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status./\n checkEntitlement(\n body: Schema.EntitlementCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementCheckResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/entitlements/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}\n @summary List entitlements for a specific resource\n @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance./\n listForResource(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.EntitlementsListForResourceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-tenant/{tenantResourceId}\n @summary List entitlements for a tenant and all its sub-resources\n @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`)./\n listForTenant(\n tenantResourceId: string,\n query?: Schema.EntitlementsListForTenantQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class OauthService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/oauth/authorize\n @summary Check consent requirement\n @description Checks if user consent is required for the OAuth2 app and requested scopes./\n checkConsentRequired(\n query?: Schema.OauthCheckConsentRequiredQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ConsentCheckResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/authorize`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/authorize\n @summary Authorize OAuth2 application\n @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements./\n authorize(\n body: Schema.AuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/authorize\n @summary Authorize or deny device code\n @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session./\n authorizeDeviceCode(\n body: Schema.DeviceAuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceAuthorizeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/code\n @summary Request device authorization codes\n @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry)./\n requestDeviceCode(\n body: Schema.DeviceCodeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/code`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/oauth/device/code/{user_code}\n @summary Get device code information\n @description Returns device code information including app name, scopes, and consent requirement status./\n getDeviceCodeInfo(\n user_code: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeInfoResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/token\n @summary Poll for device authorization tokens\n @description Client polls this endpoint to exchange device_code for tokens once user has authorized./\n exchangeDeviceCode(\n body: Schema.DeviceTokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/token`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/introspect\n @summary Introspect token\n @description Validates a token and returns metadata. Requires client authentication./\n introspect(\n body: Schema.IntrospectionRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.IntrospectionResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/introspect`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/revoke\n @summary Revoke token\n @description Revokes an access or refresh token. Requires client authentication./\n revoke(\n body: Schema.RevocationRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/revoke`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/token\n @summary Token endpoint\n @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec)./\n token(\n body: Schema.TokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/token`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n constructor(private core: FetchClient) {}\n\n /*\n DELETE /v1/resources/{resourceType}/{resourceId}/plan\n @summary Remove plan assignment from a tenant resource\n @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanDeleteResponse> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}/plan\n @summary Get the plan assigned to a tenant resource\n @description Retrieves the billing plan currently assigned to a tenant resource, if any./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}/{resourceId}/plan\n @summary Assign a plan to a tenant resource\n @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions./\n assign(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.PlanAssignBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}/{resourceId}/members\n @summary List members for a resource\n @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name./\n list(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.ResourceMembersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceMemberList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}\n @summary List resources\n @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata./\n list(\n resourceType: ResourceType,\n query?: Schema.ResourcesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}\n @summary Create a resource\n @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/resources/{resourceType}/{resourceId}\n @summary Delete a resource\n @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}\n @summary Read a resource\n @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/resources/{resourceType}/{resourceId}\n @summary Update a resource\n @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist./\n update(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.ResourceUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users/{userId}/roles\n @summary List user roles\n @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles./\n list(\n userId: string,\n query?: Schema.RolesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users/{userId}/roles\n @summary Create a role (assign role to user on resource)\n @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration./\n create(\n userId: string,\n body: Schema.RoleCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Role> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}\n @summary Delete a role\n @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources./\n delete(\n userId: string,\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsageService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}\n @summary Get wallet balance\n @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions./\n getBalance(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetBalanceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.BalanceResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/check\n @summary Check if consumption is allowed\n @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption./\n checkLimit(\n body: Schema.UsageCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.CheckLimitResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/consume\n @summary Record consumption (inserts negative amount)\n @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes./\n consume(\n body: Schema.UsageConsumeBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/consume`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/credit\n @summary Add credits to wallet (inserts positive amount)\n @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes./\n credit(\n body: Schema.UsageCreditBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/credit`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}\n @summary Get transaction history\n @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range./\n getTransactionHistory(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetTransactionHistoryQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TransactionHistoryResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users\n @summary List users\n @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key./\n list(\n query?: Schema.UsersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users\n @summary Create a user\n @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time./\n create(\n body: Schema.UserCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}\n @summary Delete a user\n @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user./\n delete(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}\n @summary Get a user by ID\n @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata./\n read(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.User> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/users/{userId}\n @summary Update a user\n @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable./\n update(\n userId: string,\n body: Schema.UserUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}/effective-user-resources-roles\n @summary List effective user resources roles\n @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n listEffectiveUserResourcesRoles(\n userId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n ...(init ?? {}),\n });\n }\n}\n"],"mappings":";AAAA,SAAS,aAAa,kBAAkB;AACxC,OAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACXO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AX3EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,YAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;","names":[]}
1	+ {"version":3,"sources":["../src/client.ts","../src/auth-strategies.ts","../src/services/auth_jwks.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts"],"sourcesContent":["import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n readonly authJwks: AuthJwksService;\n readonly bulkResources: BulkResourcesService;\n readonly bulkRoles: BulkRolesService;\n readonly entitlements: EntitlementsService;\n readonly oauth: OauthService;\n readonly plans: PlansService;\n readonly resourceMembers: ResourceMembersService;\n readonly resources: ResourcesService;\n readonly roles: RolesService;\n readonly usage: UsageService;\n readonly users: UsersService;\n\n constructor(options?: ClientOption) {\n const restCfg = { ...(options ?? {}) };\n delete restCfg.apiKey;\n\n const authStrategies = buildAuthStrategies(options ?? {});\n\n const core = new FetchClient({\n ...restCfg,\n baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n ...(authStrategies.length > 0 ? { authStrategies } : {}),\n });\n\n this.authJwks = new AuthJwksService(core);\n this.bulkResources = new BulkResourcesService(core);\n this.bulkRoles = new BulkRolesService(core);\n this.entitlements = new EntitlementsService(core);\n this.oauth = new OauthService(core);\n this.plans = new PlansService(core);\n this.resourceMembers = new ResourceMembersService(core);\n this.resources = new ResourcesService(core);\n this.roles = new RolesService(core);\n this.usage = new UsageService(core);\n this.users = new UsersService(core);\n }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n if (cfg.apiKey) {\n authStrategies.push({\n type: 'apiKey',\n key: cfg.apiKey,\n location: 'header',\n name: 'X-API-KEY',\n });\n }\n return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class AuthJwksService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/auth/.well-known/jwks.json\n @summary Get JSON Web Key Set for environment (Public)\n @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey)./\n getJwks(init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.JWK> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/.well-known/jwks.json`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/auth/.well-known/public-key.pem\n @summary Get environment public key (PEM)\n @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key./\n getPublicKeyPem(init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/.well-known/public-key.pem`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/auth/oauth/.well-known/jwks.json\n @summary Get JSON Web Key Set for OAuth app (Public)\n @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys./\n getOAuthAppJwks(\n query?: Schema.AuthJwksGetOAuthAppJwksQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.JWK> {\n return this.core.request({\n method: 'GET',\n path: `/v1/auth/oauth/.well-known/jwks.json`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/resources/{resourceType}/bulk\n @summary Bulk create resources\n @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class BulkRolesService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/users/roles/bulk\n @summary Bulk create roles\n @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions./\n create(\n body: Schema.RoleBulkCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleBulkResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/roles/bulk`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n constructor(private core: FetchClient) {}\n\n /*\n POST /v1/entitlements/check\n @summary Check if a user has a specific entitlement on a resource\n @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status./\n checkEntitlement(\n body: Schema.EntitlementCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementCheckResult> {\n return this.core.request({\n method: 'POST',\n path: `/v1/entitlements/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}\n @summary List entitlements for a specific resource\n @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance./\n listForResource(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.EntitlementsListForResourceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/entitlements/list-for-tenant/{tenantResourceId}\n @summary List entitlements for a tenant and all its sub-resources\n @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`)./\n listForTenant(\n tenantResourceId: string,\n query?: Schema.EntitlementsListForTenantQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.EntitlementsListResult> {\n return this.core.request({\n method: 'GET',\n path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class OauthService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/oauth/authorize\n @summary Check consent requirement\n @description Checks if user consent is required for the OAuth2 app and requested scopes./\n checkConsentRequired(\n query?: Schema.OauthCheckConsentRequiredQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ConsentCheckResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/authorize`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/authorize\n @summary Authorize OAuth2 application\n @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements./\n authorize(\n body: Schema.AuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/authorize\n @summary Authorize or deny device code\n @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session./\n authorizeDeviceCode(\n body: Schema.DeviceAuthorizeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceAuthorizeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/authorize`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/code\n @summary Request device authorization codes\n @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry)./\n requestDeviceCode(\n body: Schema.DeviceCodeRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/code`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/oauth/device/code/{user_code}\n @summary Get device code information\n @description Returns device code information including app name, scopes, and consent requirement status./\n getDeviceCodeInfo(\n user_code: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.DeviceCodeInfoResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/device/token\n @summary Poll for device authorization tokens\n @description Client polls this endpoint to exchange device_code for tokens once user has authorized./\n exchangeDeviceCode(\n body: Schema.DeviceTokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/device/token`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/introspect\n @summary Introspect token\n @description Validates a token and returns metadata. Requires client authentication./\n introspect(\n body: Schema.IntrospectionRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.IntrospectionResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/introspect`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/revoke\n @summary Revoke token\n @description Revokes an access or refresh token. Requires client authentication./\n revoke(\n body: Schema.RevocationRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/revoke`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/oauth/token\n @summary Token endpoint\n @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec)./\n token(\n body: Schema.TokenRequest,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TokenResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/oauth/token`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n constructor(private core: FetchClient) {}\n\n /*\n DELETE /v1/resources/{resourceType}/{resourceId}/plan\n @summary Remove plan assignment from a tenant resource\n @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanDeleteResponse> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}/plan\n @summary Get the plan assigned to a tenant resource\n @description Retrieves the billing plan currently assigned to a tenant resource, if any./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.PlanResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}/{resourceId}/plan\n @summary Assign a plan to a tenant resource\n @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions./\n assign(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.PlanAssignBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}/{resourceId}/members\n @summary List members for a resource\n @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name./\n list(\n resourceType: ResourceType,\n resourceId: string,\n query?: Schema.ResourceMembersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceMemberList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/resources/{resourceType}\n @summary List resources\n @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata./\n list(\n resourceType: ResourceType,\n query?: Schema.ResourcesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.ResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/resources/{resourceType}\n @summary Create a resource\n @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist./\n create(\n resourceType: ResourceType,\n body: Schema.ResourceCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'POST',\n path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/resources/{resourceType}/{resourceId}\n @summary Delete a resource\n @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it./\n delete(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/resources/{resourceType}/{resourceId}\n @summary Read a resource\n @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata./\n read(\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Resource> {\n return this.core.request({\n method: 'GET',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/resources/{resourceType}/{resourceId}\n @summary Update a resource\n @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist./\n update(\n resourceType: ResourceType,\n resourceId: string,\n body: Schema.ResourceUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n body,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users/{userId}/roles\n @summary List user roles\n @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles./\n list(\n userId: string,\n query?: Schema.RolesListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.RoleList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users/{userId}/roles\n @summary Create a role (assign role to user on resource)\n @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration./\n create(\n userId: string,\n body: Schema.RoleCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.Role> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}\n @summary Delete a role\n @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources./\n delete(\n userId: string,\n resourceType: ResourceType,\n resourceId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsageService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}\n @summary Get wallet balance\n @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions./\n getBalance(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetBalanceQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.BalanceResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/check\n @summary Check if consumption is allowed\n @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption./\n checkLimit(\n body: Schema.UsageCheckBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.CheckLimitResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/check`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/consume\n @summary Record consumption (inserts negative amount)\n @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes./\n consume(\n body: Schema.UsageConsumeBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/consume`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/usage/credit\n @summary Add credits to wallet (inserts positive amount)\n @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes./\n credit(\n body: Schema.UsageCreditBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UsageWalletResponse> {\n return this.core.request({\n method: 'POST',\n path: `/v1/usage/credit`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}\n @summary Get transaction history\n @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range./\n getTransactionHistory(\n resourceType: string,\n resourceId: string,\n limitType: string,\n query?: Schema.UsageGetTransactionHistoryQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.TransactionHistoryResponse> {\n return this.core.request({\n method: 'GET',\n path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n query,\n ...(init ?? {}),\n });\n }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type as Schema from '../schema';\n\nexport class UsersService {\n constructor(private core: FetchClient) {}\n\n /*\n GET /v1/users\n @summary List users\n @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key./\n list(\n query?: Schema.UsersListQuery,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users`,\n query,\n ...(init ?? {}),\n });\n }\n\n /\n POST /v1/users\n @summary Create a user\n @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time./\n create(\n body: Schema.UserCreateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'POST',\n path: `/v1/users`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n DELETE /v1/users/{userId}\n @summary Delete a user\n @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user./\n delete(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<unknown> {\n return this.core.request({\n method: 'DELETE',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}\n @summary Get a user by ID\n @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata./\n read(userId: string, init?: Omit<RequestInit, 'method' \| 'body'>): Promise<Schema.User> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n ...(init ?? {}),\n });\n }\n\n /\n PUT /v1/users/{userId}\n @summary Update a user\n @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable./\n update(\n userId: string,\n body: Schema.UserUpdateBody,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.User> {\n return this.core.request({\n method: 'PUT',\n path: `/v1/users/${encodeURIComponent(userId)}`,\n body,\n ...(init ?? {}),\n });\n }\n\n /\n GET /v1/users/{userId}/effective-user-resources-roles\n @summary List effective user resources roles\n @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n listEffectiveUserResourcesRoles(\n userId: string,\n init?: Omit<RequestInit, 'method' \| 'body'>\n ): Promise<Schema.UserResourceList> {\n return this.core.request({\n method: 'GET',\n path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n ...(init ?? {}),\n });\n }\n}\n"],"mappings":";AAAA,SAAS,aAAa,kBAAkB;AACxC,OAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACZO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,QAAQ,MAAkE;AACxE,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAgB,MAA+D;AAC7E,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,OACA,MACqB;AACrB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACzCO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AZ1EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,YAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;","names":[]}