@bunbase-ae/js 2.15.1-next.353.f61db4f → 2.16.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bunbase-ae/js",
-  "version": "2.15.1-next.353.f61db4f",
+  "version": "2.16.0",
   "type": "module",
   "description": "TypeScript/JavaScript SDK for BunBase",
   "license": "UNLICENSED",

package/src/admin.ts

@@ -14,7 +14,7 @@
 //   client.admin.system      — health + stats
 
 import type { HttpClient } from "./http";
-import { BunBaseError, type Filter } from "./types";
+import { BunBaseError, type Filter, type SequenceAccessRule, type SequenceMeta } from "./types";
 
 // ─── Shared admin types ───────────────────────────────────────────────────────
 
@@ -182,6 +182,12 @@ export interface AdminStoredFile {
   record_id: string | null;
   owner_id: string | null;
   owner_email?: string | null;
+  /**
+   * Tenant the file was uploaded under. `null` for admin uploads and
+   * pre-#536 rows; operators can attach a legacy null row to a tenant via
+   * `client.admin.storage.assignTenant(id, tenantId)`.
+   */
+  tenant_id: string | null;
   size: number;
   mime_type: string;
   is_public: boolean;
@@ -831,17 +837,53 @@ class AdminRelationsClient {
   }
 }
 
+/**
+ * Sentinel querystring value for the `?tenant_id=` admin storage filter that
+ * matches `_files.tenant_id IS NULL` — the bucket of admin uploads and
+ * pre-#536 rows. Mirrors `_global` from the sequences admin routes (#537).
+ */
+const STORAGE_GLOBAL_TENANT_SENTINEL = "_global";
+
 class AdminStorageClient {
   constructor(private readonly http: HttpClient) {}
 
-  async listFiles(): Promise<AdminStoredFile[]> {
+  /**
+   * List admin-visible files, optionally scoped to a tenant.
+   *
+   * - omit `tenantId` → all files (no tenant filter, the legacy behavior).
+   * - pass a tenant id string → only that tenant's files.
+   * - pass `null` → only global / pre-#536 rows (the rows operators need to
+   *   migrate when upgrading past v2.14.3).
+   */
+  async listFiles(opts: { tenantId?: string | null } = {}): Promise<AdminStoredFile[]> {
+    const query: Record<string, string> = {};
+    if (opts.tenantId === null) {
+      query.tenant_id = STORAGE_GLOBAL_TENANT_SENTINEL;
+    } else if (typeof opts.tenantId === "string" && opts.tenantId !== "") {
+      query.tenant_id = opts.tenantId;
+    }
     const res = await this.http.request<{ items: AdminStoredFile[] }>(
       "GET",
       "/api/v1/admin/storage",
+      Object.keys(query).length ? { query } : undefined,
     );
     return res.items;
   }
 
+  /**
+   * Attach a file to a tenant (or unscope it). Used to migrate legacy
+   * admin uploads (pre-#536, `tenant_id IS NULL`) into a tenant context so
+   * tenant members can list/download/delete them under the post-#528 rules.
+   * Pass `null` to clear the assignment.
+   */
+  async assignTenant(id: string, tenantId: string | null): Promise<AdminStoredFile> {
+    return this.http.request<AdminStoredFile>(
+      "PATCH",
+      `/api/v1/admin/storage/${encodeURIComponent(id)}/tenant`,
+      { body: { tenant_id: tenantId } },
+    );
+  }
+
   async uploadFile(params: {
     file: File | Blob;
     filename?: string;
@@ -1327,6 +1369,111 @@ class AdminTenantsClient {
   }
 }
 
+// ─── Sequences ────────────────────────────────────────────────────────────────
+
+export interface CreateSequenceInput {
+  name: string;
+  /** Initial value. Defaults to 1 server-side. */
+  start_value?: number;
+  /** Access rule for runtime `/next` and `/peek`. Defaults to "authenticated". */
+  access_next?: SequenceAccessRule;
+  /**
+   * When set, the sequence is scoped to that tenant — only callers whose JWT
+   * carries a matching tenantId claim may call /next or /peek. When omitted
+   * (or null), the sequence is global / admin-only.
+   */
+  tenant_id?: string | null;
+}
+
+/**
+ * Tenant scope for an admin mutation. The server permits multiple sequences
+ * per name (one per tenant plus an optional global row); `tenant_id`
+ * disambiguates which row the mutation targets.
+ *
+ * `tenant_id` is **omitted** by default — that targets the global row (the
+ * server treats a missing `tenant_id` querystring as the `_global` sentinel,
+ * the safer default established by #537). Pass a real tenant id to target
+ * that tenant's row.
+ */
+export interface SequenceTenantOptions {
+  tenant_id?: string;
+}
+
+// Sequence administration — surfaces the /api/v1/admin/sequences/* endpoints
+// added in v2.14.0 (#424/#429 family + tenant-scoping in #537/#556) so
+// operators don't need to hand-roll fetch calls to provision per-tenant
+// counters or reset them on yearly rollovers.
+class AdminSequencesClient {
+  constructor(private readonly http: HttpClient) {}
+
+  async list(): Promise<SequenceMeta[]> {
+    const res = await this.http.request<{ items: SequenceMeta[] }>(
+      "GET",
+      "/api/v1/admin/sequences",
+    );
+    return res.items;
+  }
+
+  async create(input: CreateSequenceInput): Promise<SequenceMeta> {
+    return this.http.request<SequenceMeta>("POST", "/api/v1/admin/sequences", {
+      body: input,
+    });
+  }
+
+  async get(name: string, opts: SequenceTenantOptions = {}): Promise<SequenceMeta | null> {
+    try {
+      return await this.http.request<SequenceMeta>(
+        "GET",
+        `/api/v1/admin/sequences/${encodeURIComponent(name)}`,
+        { query: tenantQuery(opts) },
+      );
+    } catch (err) {
+      if (err instanceof BunBaseError && err.status === 404) return null;
+      throw err;
+    }
+  }
+
+  async reset(
+    name: string,
+    value: number,
+    opts: SequenceTenantOptions = {},
+  ): Promise<SequenceMeta> {
+    return this.http.request<SequenceMeta>(
+      "PATCH",
+      `/api/v1/admin/sequences/${encodeURIComponent(name)}`,
+      { body: { value }, query: tenantQuery(opts) },
+    );
+  }
+
+  async setAccessRule(
+    name: string,
+    access_next: SequenceAccessRule,
+    opts: SequenceTenantOptions = {},
+  ): Promise<SequenceMeta> {
+    return this.http.request<SequenceMeta>(
+      "PATCH",
+      `/api/v1/admin/sequences/${encodeURIComponent(name)}`,
+      { body: { access_next }, query: tenantQuery(opts) },
+    );
+  }
+
+  async delete(name: string, opts: SequenceTenantOptions = {}): Promise<void> {
+    await this.http.request("DELETE", `/api/v1/admin/sequences/${encodeURIComponent(name)}`, {
+      query: tenantQuery(opts),
+    });
+  }
+}
+
+// Build the tenant_id querystring for an admin sequence call.
+//
+// Omitting tenant_id from the request entirely makes the server target the
+// global row (the post-#537 default). We preserve that behavior — a missing
+// `tenant_id` option means no `?tenant_id=…` on the wire. Callers who want
+// a tenant-scoped row must explicitly pass `tenant_id: "<id>"`.
+function tenantQuery(opts: SequenceTenantOptions): Record<string, string> {
+  return opts.tenant_id !== undefined ? { tenant_id: opts.tenant_id } : {};
+}
+
 // ─── Main AdminClient ─────────────────────────────────────────────────────────
 
 export class AdminClient {
@@ -1343,6 +1490,7 @@ export class AdminClient {
   readonly logs: AdminLogsClient;
   readonly system: AdminSystemClient;
   readonly tenants: AdminTenantsClient;
+  readonly sequences: AdminSequencesClient;
 
   constructor(http: HttpClient) {
     this.users = new AdminUsersClient(http);
@@ -1358,5 +1506,6 @@ export class AdminClient {
     this.logs = new AdminLogsClient(http);
     this.system = new AdminSystemClient(http);
     this.tenants = new AdminTenantsClient(http);
+    this.sequences = new AdminSequencesClient(http);
   }
 }

package/src/index.ts

@@ -22,6 +22,7 @@ export {
   type CreateHookInput,
   type CreateNamedQueryInput,
   type CreateRelationParams,
+  type CreateSequenceInput,
   type EmailTemplate,
   type HealthResponse,
   type HookConfig,
@@ -37,6 +38,7 @@ export {
   type Relation,
   type RelationOnDelete,
   type RelationType,
+  type SequenceTenantOptions,
   type ServerSettings,
   type SettingsAuditEntry,
   type StatsResponse,
@@ -90,6 +92,8 @@ export {
   type RealtimeCallback,
   type RealtimeEvent,
   type RealtimeEventType,
+  type SequenceAccessRule,
+  type SequenceMeta,
   type StorageAdapter,
   type SwitchTenantResult,
   type TenantMembership,

package/src/types.ts

@@ -370,6 +370,38 @@ export interface ApiKey {
   created_at: number;
 }
 
+// ─── Sequences ────────────────────────────────────────────────────────────────
+
+/**
+ * Access rule controlling who may call the runtime `next`/`peek` endpoints
+ * for a sequence.
+ *
+ * Mirrors the server's AccessRule shape:
+ *   - "public" — anyone (no auth required)
+ *   - "authenticated" — any logged-in user (default)
+ *   - "disabled" — runtime calls always denied (admin-only sequence)
+ *   - { role: "..." } — only users with that role
+ */
+export type SequenceAccessRule = "public" | "authenticated" | "disabled" | { role: string };
+
+/**
+ * A sequence row as returned by the admin API. The wire shape exactly matches
+ * `SequenceMeta` exported from `@bunbase/core`.
+ *
+ * `tenant_id === null` is the global row (admin-only). A non-null `tenant_id`
+ * scopes the sequence to that tenant — only callers whose JWT carries a
+ * matching `tenantId` claim can call `/next` or `/peek` on it.
+ */
+export interface SequenceMeta {
+  name: string;
+  tenant_id: string | null;
+  value: number;
+  start_value: number;
+  access_next: SequenceAccessRule;
+  created_at: number;
+  updated_at: number;
+}
+
 // ─── Multi-tenancy ────────────────────────────────────────────────────────────
 
 /** A single tenant membership for the authenticated user. Returned by `AuthClient.listTenants()`. */