@caracalai/admin 0.1.6-rc.2 → 0.2.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { AgentListQuery, AgentSession, Application, ApplicationInput, ApplicationPatchInput, AdminAuditEvent, AdminAuditQuery, AuditDetail, AuditEvent, AuditQuery, DCRInput, DecisionTrace, DelegationEdge, DelegationImpact, EffectiveAuthority, Grant, GrantInput, GrantQuery, Policy, PolicyInput, PolicySet, PolicySetSimulation, PolicySetVersion, PolicyTemplate, PolicyValidation, PolicyVersion, Provider, ProviderGrant, ProviderGrantInput, ProviderGrantOAuthAuthorize, ProviderGrantOAuthAuthorizeInput, ProviderGrantRevokeInput, ProviderInput, ProviderPatchInput, Resource, ResourceInput, Session, SessionQuery, AgentSessionRow, AgentSessionQuery, StepUpChallenge, StepUpChallengeSatisfaction, TraverseNode, Zone, ZoneDcrStatus, ZoneInput, ZonePatchInput } from './types.js';
1
+ import type { AuthorityRecord, AuthorityRecordQuery, Application, ApplicationInput, ApplicationPatchInput, AdminAuditEvent, AdminAuditQuery, AuditDetail, AuditEvent, AuditQuery, DCRInput, DecisionTrace, Delegation, DelegationImpact, DelegationTraversal, EffectiveAuthority, Grant, GrantInput, GrantQuery, SubjectIssuer, SubjectIssuerInput, SubjectIssuerPatch, Policy, PolicyInput, PolicySet, PolicySetActivationStatus, PolicySetSimulation, PolicySetVersion, PolicyTemplate, PolicyValidation, PolicyVersion, Provider, ProviderConnection, ProviderConnectionAuthorize, ProviderConnectionAuthorizeInput, ProviderConnectionInput, ProviderConnectionRevokeInput, ProviderInput, ProviderPatchInput, Resource, ResourceInput, Session, SessionQuery, SubjectRevokeInput, SubjectRevokeResult, StepUpChallenge, StepUpDecision, Workload, WorkloadUpdateInput, Zone, ZoneDcrStatus, ZoneInput, ZonePatchInput } from './types.js';
2
2
  export interface AdminClientOptions {
3
3
  apiUrl: string;
4
4
  coordinatorUrl?: string;
@@ -8,6 +8,7 @@ export interface AdminClientOptions {
8
8
  timeoutMs?: number;
9
9
  retries?: number;
10
10
  signal?: AbortSignal;
11
+ headers?: Record<string, string>;
11
12
  }
12
13
  export declare class AdminClient {
13
14
  private readonly apiUrl;
@@ -18,8 +19,11 @@ export declare class AdminClient {
18
19
  private readonly timeoutMs;
19
20
  private readonly retries;
20
21
  private readonly callerSignal;
22
+ private readonly defaultHeaders;
21
23
  constructor(opts: AdminClientOptions);
24
+ withDefaultHeaders(headers: Record<string, string>): AdminClient;
22
25
  private request;
26
+ private listAll;
23
27
  zones: {
24
28
  list: () => Promise<Zone[]>;
25
29
  get: (id: string) => Promise<Zone>;
@@ -33,6 +37,10 @@ export declare class AdminClient {
33
37
  get: (zoneId: string, id: string) => Promise<Application>;
34
38
  create: (zoneId: string, input: ApplicationInput) => Promise<Application>;
35
39
  patch: (zoneId: string, id: string, input: ApplicationPatchInput) => Promise<Application>;
40
+ rotateSecret: (zoneId: string, id: string) => Promise<Application>;
41
+ getClientSecret: (zoneId: string, id: string) => Promise<{
42
+ client_secret: string;
43
+ }>;
36
44
  delete: (zoneId: string, id: string) => Promise<void>;
37
45
  dcr: (zoneId: string, input: DCRInput) => Promise<Application>;
38
46
  };
@@ -59,8 +67,8 @@ export declare class AdminClient {
59
67
  version_id: string;
60
68
  version: PolicyVersion;
61
69
  }>;
62
- validate: (content: string, schemaVersion?: string) => Promise<PolicyValidation>;
63
- addVersion: (zoneId: string, id: string, content: string, schemaVersion?: string) => Promise<PolicyVersion & {
70
+ validate: (content: string) => Promise<PolicyValidation>;
71
+ addVersion: (zoneId: string, id: string, content: string) => Promise<PolicyVersion & {
64
72
  version_id: string;
65
73
  }>;
66
74
  delete: (zoneId: string, id: string) => Promise<void>;
@@ -75,15 +83,18 @@ export declare class AdminClient {
75
83
  create: (zoneId: string, name: string, description?: string) => Promise<PolicySet>;
76
84
  addVersion: (zoneId: string, id: string, manifest: {
77
85
  policy_version_id: string;
78
- }[], schemaVersion?: string) => Promise<PolicySetVersion & {
86
+ }[]) => Promise<PolicySetVersion & {
79
87
  version_id: string;
80
88
  }>;
89
+ listVersions: (zoneId: string, id: string) => Promise<PolicySetVersion[]>;
81
90
  simulate: (zoneId: string, id: string, versionId: string, input?: Record<string, unknown>) => Promise<PolicySetSimulation>;
82
- activate: (zoneId: string, id: string, versionId: string, shadowVersionId?: string) => Promise<{
91
+ activate: (zoneId: string, id: string, versionId: string) => Promise<{
83
92
  activated: boolean;
84
93
  version_id: string;
85
- shadow_version_id: string | null;
94
+ outbox_id: string;
95
+ status_url: string;
86
96
  }>;
97
+ activationStatus: (zoneId: string, id: string, versionId?: string, outboxId?: string) => Promise<PolicySetActivationStatus>;
87
98
  delete: (zoneId: string, id: string) => Promise<void>;
88
99
  };
89
100
  grants: {
@@ -92,16 +103,53 @@ export declare class AdminClient {
92
103
  create: (zoneId: string, input: GrantInput) => Promise<Grant>;
93
104
  revoke: (zoneId: string, id: string) => Promise<void>;
94
105
  };
95
- providerGrants: {
96
- create: (zoneId: string, input: ProviderGrantInput) => Promise<ProviderGrant>;
97
- authorizeOAuth: (zoneId: string, input: ProviderGrantOAuthAuthorizeInput) => Promise<ProviderGrantOAuthAuthorize>;
98
- revoke: (zoneId: string, input: ProviderGrantRevokeInput) => Promise<ProviderGrant>;
106
+ subjectIssuers: {
107
+ list: (zoneId: string) => Promise<SubjectIssuer[]>;
108
+ get: (zoneId: string, id: string) => Promise<SubjectIssuer>;
109
+ create: (zoneId: string, input: SubjectIssuerInput) => Promise<SubjectIssuer>;
110
+ patch: (zoneId: string, id: string, input: SubjectIssuerPatch) => Promise<SubjectIssuer>;
111
+ delete: (zoneId: string, id: string) => Promise<void>;
112
+ };
113
+ providerConnections: {
114
+ create: (zoneId: string, input: ProviderConnectionInput) => Promise<ProviderConnection>;
115
+ authorizeOAuth: (zoneId: string, input: ProviderConnectionAuthorizeInput) => Promise<ProviderConnectionAuthorize>;
116
+ revoke: (zoneId: string, input: ProviderConnectionRevokeInput) => Promise<ProviderConnection>;
117
+ };
118
+ workloads: {
119
+ list: (zoneId: string) => Promise<Workload[]>;
120
+ get: (zoneId: string, id: string) => Promise<Workload>;
121
+ create: (zoneId: string, input: {
122
+ name: string;
123
+ }) => Promise<Workload & {
124
+ secret: string;
125
+ }>;
126
+ update: (zoneId: string, id: string, input: WorkloadUpdateInput) => Promise<Workload>;
127
+ rotateSecret: (zoneId: string, id: string) => Promise<Workload & {
128
+ secret: string;
129
+ }>;
130
+ getSecret: (zoneId: string, id: string) => Promise<{
131
+ secret: string;
132
+ }>;
133
+ delete: (zoneId: string, id: string) => Promise<void>;
134
+ };
135
+ authorityRecords: {
136
+ list: (zoneId: string, query?: AuthorityRecordQuery) => Promise<AuthorityRecord[]>;
137
+ };
138
+ subjects: {
139
+ revoke: (zoneId: string, input: SubjectRevokeInput) => Promise<SubjectRevokeResult>;
99
140
  };
100
141
  sessions: {
101
142
  list: (zoneId: string, query?: SessionQuery) => Promise<Session[]>;
102
- };
103
- agentSessions: {
104
- list: (zoneId: string, query?: AgentSessionQuery) => Promise<AgentSessionRow[]>;
143
+ get: (zoneId: string, sessionId: string) => Promise<Session>;
144
+ children: (zoneId: string, sessionId: string, query?: SessionQuery) => Promise<Session[]>;
145
+ suspend: (zoneId: string, sessionId: string) => Promise<{
146
+ suspended: true;
147
+ }>;
148
+ resume: (zoneId: string, sessionId: string) => Promise<{
149
+ resumed: true;
150
+ }>;
151
+ terminate: (zoneId: string, sessionId: string) => Promise<void>;
152
+ effectiveAuthority: (zoneId: string, sessionId: string) => Promise<EffectiveAuthority>;
105
153
  };
106
154
  audit: {
107
155
  list: (zoneId: string, query?: AuditQuery) => Promise<AuditEvent[]>;
@@ -114,32 +162,20 @@ export declare class AdminClient {
114
162
  stepUpChallenges: {
115
163
  list: (zoneId: string) => Promise<StepUpChallenge[]>;
116
164
  get: (zoneId: string, id: string) => Promise<StepUpChallenge>;
117
- satisfy: (zoneId: string, id: string) => Promise<StepUpChallengeSatisfaction>;
118
- };
119
- agents: {
120
- list: (zoneId: string, query?: AgentListQuery) => Promise<AgentSession[]>;
121
- get: (zoneId: string, id: string) => Promise<AgentSession>;
122
- children: (zoneId: string, id: string) => Promise<AgentSession[]>;
123
- suspend: (zoneId: string, id: string) => Promise<{
124
- suspended: true;
125
- }>;
126
- resume: (zoneId: string, id: string) => Promise<{
127
- resumed: true;
128
- }>;
129
- terminate: (zoneId: string, id: string) => Promise<void>;
130
- effectiveAuthority: (zoneId: string, id: string) => Promise<EffectiveAuthority>;
165
+ approve: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
166
+ reject: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
131
167
  };
132
168
  delegations: {
133
169
  active: (zoneId: string) => Promise<{
134
- items: DelegationEdge[];
170
+ items: Delegation[];
135
171
  next_cursor: string | null;
136
172
  }>;
137
- inbound: (zoneId: string, sessionId: string) => Promise<DelegationEdge[]>;
138
- outbound: (zoneId: string, sessionId: string) => Promise<DelegationEdge[]>;
139
- traverse: (zoneId: string, id: string) => Promise<TraverseNode[]>;
140
- impact: (zoneId: string, id: string) => Promise<DelegationImpact>;
141
- revoke: (zoneId: string, id: string) => Promise<{
142
- revoked_edges: number;
173
+ inbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
174
+ outbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
175
+ traverse: (zoneId: string, delegationId: string) => Promise<DelegationTraversal[]>;
176
+ impact: (zoneId: string, delegationId: string) => Promise<DelegationImpact>;
177
+ revoke: (zoneId: string, delegationId: string) => Promise<{
178
+ revoked_delegations: number;
143
179
  affected_sessions: number;
144
180
  }>;
145
181
  };
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,cAAc,EACd,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,WAAW,EACX,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,EACL,UAAU,EACV,UAAU,EACV,MAAM,EACN,WAAW,EACX,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,gCAAgC,EAChC,wBAAwB,EACxB,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,2BAA2B,EAC3B,YAAY,EACZ,IAAI,EACJ,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AA2DD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;gBAE1C,IAAI,EAAE,kBAAkB;YAWtB,OAAO;IAuErB,KAAK;;kBAEO,MAAM;wBACA,MAAM;wBACN,SAAS;oBACb,MAAM,SAAS,cAAc;qBAC5B,MAAM;MACpB;IAGD,YAAY;uBACK,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,gBAAgB;wBAEhC,MAAM,MAAM,MAAM,SAAS,qBAAqB;yBAE/C,MAAM,MAAM,MAAM;sBAOrB,MAAM,SAAS,QAAQ;MAEtC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAK7B,MAAM,MAAM,MAAM,SAAS,OAAO,CAAC,aAAa,CAAC;yBAKhD,MAAM,MAAM,MAAM;MAEpC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAE7B,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAGD,QAAQ;uBACS,MAAM;sBACP,MAAM,MAAM,MAAM;sBAAuC,aAAa,EAAE;;yBACrE,MAAM,SAAS,WAAW;wBACL,MAAM;qBAAW,aAAa;;4BAIhD,MAAM,kBAAkB,MAAM;6BAK7B,MAAM,MAAM,MAAM,WAAW,MAAM,kBAAkB,MAAM;wBACnC,MAAM;;yBAIlC,MAAM,MAAM,MAAM;MAEpC;IAED,eAAe;;kBAEG,MAAM;MAMvB;IAGD,UAAU;uBACO,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,QAAQ,MAAM,gBAAgB,MAAM;6BAKtC,MAAM,MAAM,MAAM,YAAY;YAAE,iBAAiB,EAAE,MAAM,CAAA;SAAE,EAAE,kBAAkB,MAAM;wBAC1D,MAAM;;2BAInC,MAAM,MAAM,MAAM,aAAa,MAAM,UAAU,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;2BAKtE,MAAM,MAAM,MAAM,aAAa,MAAM,oBAAoB,MAAM;uBACtD,OAAO;wBAAc,MAAM;+BAAqB,MAAM,GAAG,IAAI;;yBAIxE,MAAM,MAAM,MAAM;MAEpC;IAGD,MAAM;uBACW,MAAM,UAAU,UAAU;sBAC3B,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,UAAU;yBACzB,MAAM,MAAM,MAAM;MACpC;IAED,cAAc;yBACK,MAAM,SAAS,kBAAkB;iCAEzB,MAAM,SAAS,gCAAgC;yBAEvD,MAAM,SAAS,wBAAwB;MAEzD;IAGD,QAAQ;uBACe,MAAM,UAAU,YAAY;MAKlD;IAID,aAAa;uBACU,MAAM,UAAU,iBAAiB;MAKvD;IAGD,KAAK;uBACkB,MAAM,UAAU,UAAU;4BAK3B,MAAM,aAAa,MAAM;0BAC3B,MAAM,aAAa,MAAM;MAE5C;IAED,UAAU;uBACa,MAAM,UAAU,eAAe;MAKrD;IAED,gBAAgB;uBACC,MAAM;sBACP,MAAM,MAAM,MAAM;0BACd,MAAM,MAAM,MAAM;MAErC;IAGD,MAAM;uBACiB,MAAM,UAAU,cAAc;sBAKrC,MAAM,MAAM,MAAM;2BACb,MAAM,MAAM,MAAM;0BAEnB,MAAM,MAAM,MAAM;uBACR,IAAI;;yBACf,MAAM,MAAM,MAAM;qBACT,IAAI;;4BACV,MAAM,MAAM,MAAM;qCAET,MAAM,MAAM,MAAM;MAEhD;IAGD,WAAW;yBACQ,MAAM;mBACC,cAAc,EAAE;yBAAe,MAAM,GAAG,IAAI;;0BAClD,MAAM,aAAa,MAAM;2BAExB,MAAM,aAAa,MAAM;2BAEzB,MAAM,MAAM,MAAM;yBAEpB,MAAM,MAAM,MAAM;yBAElB,MAAM,MAAM,MAAM;2BACH,MAAM;+BAAqB,MAAM;;MAIlE;CACF"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,WAAW,EACX,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACL,UAAU,EACV,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,kBAAkB,EAClB,MAAM,EACN,WAAW,EACX,SAAS,EACT,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,2BAA2B,EAC3B,gCAAgC,EAChC,uBAAuB,EACvB,6BAA6B,EAC7B,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,QAAQ,EACR,mBAAmB,EACnB,IAAI,EACJ,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC;AAkGD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;gBAEvD,IAAI,EAAE,kBAAkB;IAepC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,WAAW;YAclD,OAAO;YAyEP,OAAO;IAcrB,KAAK;;kBAEO,MAAM;wBACA,MAAM;wBACN,SAAS;oBACb,MAAM,SAAS,cAAc;qBAC5B,MAAM;MACpB;IAGD,YAAY;uBACK,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,gBAAgB;wBAEhC,MAAM,MAAM,MAAM,SAAS,qBAAqB;+BAIzC,MAAM,MAAM,MAAM;kCAIf,MAAM,MAAM,MAAM;2BACZ,MAAM;;yBACrB,MAAM,MAAM,MAAM;sBAOrB,MAAM,SAAS,QAAQ;MAEtC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAK7B,MAAM,MAAM,MAAM,SAAS,OAAO,CAAC,aAAa,CAAC;yBAKhD,MAAM,MAAM,MAAM;MAEpC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAE7B,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAGD,QAAQ;uBACS,MAAM;sBACP,MAAM,MAAM,MAAM;sBAAuC,aAAa,EAAE;;yBACrE,MAAM,SAAS,WAAW;wBACL,MAAM;qBAAW,aAAa;;4BAIhD,MAAM;6BAKL,MAAM,MAAM,MAAM,WAAW,MAAM;wBACX,MAAM;;yBAIlC,MAAM,MAAM,MAAM;MAEpC;IAED,eAAe;;kBAEG,MAAM;MAMvB;IAGD,UAAU;uBACO,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,QAAQ,MAAM,gBAAgB,MAAM;6BAKtC,MAAM,MAAM,MAAM,YAAY;YAAE,iBAAiB,EAAE,MAAM,CAAA;SAAE,EAAE;wBAClC,MAAM;;+BAI/B,MAAM,MAAM,MAAM;2BAEtB,MAAM,MAAM,MAAM,aAAa,MAAM,UAAU,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;2BAKtE,MAAM,MAAM,MAAM,aAAa,MAAM;uBAC5B,OAAO;wBAAc,MAAM;uBAAa,MAAM;wBAAc,MAAM;;mCAInE,MAAM,MAAM,MAAM,cAAc,MAAM,aAAa,MAAM;yBAOnE,MAAM,MAAM,MAAM;MAEpC;IAGD,MAAM;uBACW,MAAM,UAAU,UAAU;sBAC3B,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,UAAU;yBACzB,MAAM,MAAM,MAAM;MACpC;IAED,cAAc;uBACG,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,kBAAkB;wBAElC,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAED,mBAAmB;yBACA,MAAM,SAAS,uBAAuB;iCAE9B,MAAM,SAAS,gCAAgC;yBAKvD,MAAM,SAAS,6BAA6B;MAE9D;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBAGf,MAAM,SAAS;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE;oBACZ,MAAM;;yBACzB,MAAM,MAAM,MAAM,SAAS,mBAAmB;+BAIxC,MAAM,MAAM,MAAM;oBACL,MAAM;;4BAGtB,MAAM,MAAM,MAAM;oBAA4B,MAAM;;yBACvD,MAAM,MAAM,MAAM;MAEpC;IAGD,gBAAgB;uBACO,MAAM,UAAU,oBAAoB;MAK1D;IAMD,QAAQ;yBACW,MAAM,SAAS,kBAAkB;MAEnD;IAGD,QAAQ;uBACe,MAAM,UAAU,YAAY;sBAK7B,MAAM,aAAa,MAAM;2BAEpB,MAAM,aAAa,MAAM,UAAU,YAAY;0BAQtD,MAAM,aAAa,MAAM;uBACf,IAAI;;yBACf,MAAM,aAAa,MAAM;qBAChB,IAAI;;4BACV,MAAM,aAAa,MAAM;qCAEV,MAAM,aAAa,MAAM;MAI7D;IAGD,KAAK;uBACkB,MAAM,UAAU,UAAU;4BAK3B,MAAM,aAAa,MAAM;0BAC3B,MAAM,aAAa,MAAM;MAE5C;IAED,UAAU;uBACa,MAAM,UAAU,eAAe;MAKrD;IAED,gBAAgB;uBACC,MAAM;sBACP,MAAM,MAAM,MAAM;0BACd,MAAM,MAAM,MAAM,WAAW,MAAM;yBAKpC,MAAM,MAAM,MAAM,WAAW,MAAM;MAKrD;IAGD,WAAW;yBACc,MAAM;;yBAnelB,MAAM,GAAG,IAAI;;0BAyeA,MAAM,aAAa,MAAM;2BAIxB,MAAM,aAAa,MAAM;2BAIzB,MAAM,gBAAgB,MAAM;yBAI9B,MAAM,gBAAgB,MAAM;yBAI5B,MAAM,gBAAgB,MAAM;;;;MAOpD;CACF"}
package/dist/client.js CHANGED
@@ -1,11 +1,50 @@
1
1
  // Copyright (C) 2026 Garudex Labs. All Rights Reserved.
2
2
  // Caracal, a product of Garudex Labs
3
3
  //
4
- // AdminClient: typed wrapper over the Caracal admin API and agent coordinator.
4
+ // AdminClient: typed wrapper over the Caracal Admin API and Coordinator.
5
5
  import { AdminApiError } from './errors.js';
6
6
  const DEFAULT_TIMEOUT_MS = 30_000;
7
7
  const DEFAULT_RETRIES = 3;
8
8
  const MAX_RETRY_AFTER_MS = 30_000;
9
+ const MAX_LIST_PAGES = 50;
10
+ function mapSession(row) {
11
+ const { agent_session_id, parent_id, subject_authority_record_id, ...rest } = row;
12
+ return {
13
+ ...rest,
14
+ session_id: String(agent_session_id),
15
+ parent_session_id: parent_id === null ? null : String(parent_id),
16
+ authority_record_id: String(subject_authority_record_id),
17
+ };
18
+ }
19
+ function mapEffectiveAuthority(row) {
20
+ const { agent_session_id, inbound_edges, ...rest } = row;
21
+ return {
22
+ ...rest,
23
+ session_id: String(agent_session_id),
24
+ inbound_delegations: Array.isArray(inbound_edges) ? inbound_edges : [],
25
+ };
26
+ }
27
+ function mapDelegationImpact(row) {
28
+ const { edge_id, affected_edges, affected_agents, ...rest } = row;
29
+ return {
30
+ ...rest,
31
+ delegation_id: String(edge_id),
32
+ affected_delegations: Array.isArray(affected_edges) ? affected_edges.map(mapDelegationTraversal) : [],
33
+ affected_sessions: Array.isArray(affected_agents) ? affected_agents : [],
34
+ };
35
+ }
36
+ function mapDelegation(row) {
37
+ const { id, parent_edge_id, ...rest } = row;
38
+ return {
39
+ ...rest,
40
+ delegation_id: String(id),
41
+ parent_delegation_id: parent_edge_id === null ? null : String(parent_edge_id),
42
+ };
43
+ }
44
+ function mapDelegationTraversal(row) {
45
+ const { id, ...rest } = row;
46
+ return { ...rest, delegation_id: String(id) };
47
+ }
9
48
  function grantListQuery(query) {
10
49
  if (!query)
11
50
  return undefined;
@@ -47,6 +86,7 @@ export class AdminClient {
47
86
  timeoutMs;
48
87
  retries;
49
88
  callerSignal;
89
+ defaultHeaders;
50
90
  constructor(opts) {
51
91
  this.apiUrl = opts.apiUrl.replace(/\/$/, '');
52
92
  this.coordinatorUrl = opts.coordinatorUrl?.replace(/\/$/, '');
@@ -56,6 +96,23 @@ export class AdminClient {
56
96
  this.timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
57
97
  this.retries = opts.retries ?? DEFAULT_RETRIES;
58
98
  this.callerSignal = opts.signal;
99
+ this.defaultHeaders = opts.headers;
100
+ }
101
+ // Derives a client that shares this one's configuration but sends the given headers on every
102
+ // request, merged under any existing default headers. Used to attach request-scoped attribution
103
+ // to the control plane's in-process admin hop without mutating the shared client.
104
+ withDefaultHeaders(headers) {
105
+ return new AdminClient({
106
+ apiUrl: this.apiUrl,
107
+ coordinatorUrl: this.coordinatorUrl,
108
+ adminToken: this.adminToken,
109
+ coordinatorToken: this.coordinatorToken,
110
+ fetchImpl: this.doFetch,
111
+ timeoutMs: this.timeoutMs,
112
+ retries: this.retries,
113
+ signal: this.callerSignal,
114
+ headers: { ...this.defaultHeaders, ...headers },
115
+ });
59
116
  }
60
117
  async request(path, opts = {}) {
61
118
  const base = opts.base === 'coordinator' ? this.coordinatorUrl : this.apiUrl;
@@ -71,7 +128,7 @@ export class AdminClient {
71
128
  : [];
72
129
  const qs = pairs.length ? '?' + pairs.join('&') : '';
73
130
  const url = `${base}${path}${qs}`;
74
- const headers = { Authorization: `Bearer ${token}`, ...opts.headers };
131
+ const headers = { Authorization: `Bearer ${token}`, ...this.defaultHeaders, ...opts.headers };
75
132
  let body;
76
133
  if (opts.body !== undefined) {
77
134
  headers['Content-Type'] = 'application/json';
@@ -132,9 +189,26 @@ export class AdminClient {
132
189
  }
133
190
  throw lastErr ?? new Error('admin_request_exhausted');
134
191
  }
192
+ // Drains a keyset-paginated collection by following next_cursor until exhausted, so a
193
+ // list is the complete collection rather than a silently truncated first page. The page
194
+ // cap bounds the walk against a server bug that never terminates the cursor chain.
195
+ async listAll(path, label, query) {
196
+ const items = [];
197
+ let cursor;
198
+ for (let page = 0; page < MAX_LIST_PAGES; page++) {
199
+ const response = await this.request(path, { query: { ...query, cursor } });
200
+ if (!Array.isArray(response.items))
201
+ throw new Error(`${label} response missing items`);
202
+ items.push(...response.items);
203
+ if (!response.next_cursor)
204
+ return items;
205
+ cursor = response.next_cursor;
206
+ }
207
+ throw new Error(`${label} pagination did not terminate`);
208
+ }
135
209
  // Zones
136
210
  zones = {
137
- list: () => this.request('/v1/zones'),
211
+ list: () => this.listAll('/v1/zones', 'zones'),
138
212
  get: (id) => this.request(`/v1/zones/${id}`),
139
213
  dcrStatus: (id) => this.request(`/v1/zones/${id}/dcr-status`),
140
214
  create: (input) => this.request('/v1/zones', { method: 'POST', body: input }),
@@ -143,10 +217,16 @@ export class AdminClient {
143
217
  };
144
218
  // Applications
145
219
  applications = {
146
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/applications`),
220
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/applications`, 'applications'),
147
221
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`),
148
222
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/applications`, { method: 'POST', body: input }),
149
223
  patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'PATCH', body: input }),
224
+ // Rotates the credential server-side; the response carries the plaintext secret and
225
+ // the sealed custody copy in the Secret Store is replaced with it.
226
+ rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/rotate-secret`, { method: 'POST' }),
227
+ // Retrieves the client secret from Secret Store custody. Every call is recorded
228
+ // in the zone audit timeline as a credential reveal.
229
+ getClientSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/client-secret`),
150
230
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'DELETE', expectEmpty: true }),
151
231
  // DCR (Dynamic Client Registration) is the sole programmatic path for minting
152
232
  // short-lived self-registering client identities. Caracal does not create DCR
@@ -157,7 +237,7 @@ export class AdminClient {
157
237
  };
158
238
  // Resources
159
239
  resources = {
160
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/resources`),
240
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/resources`, 'resources'),
161
241
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/resources/${id}`),
162
242
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/resources`, {
163
243
  method: 'POST',
@@ -171,7 +251,7 @@ export class AdminClient {
171
251
  };
172
252
  // Providers
173
253
  providers = {
174
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/providers`),
254
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/providers`, 'providers'),
175
255
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/providers/${id}`),
176
256
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/providers`, { method: 'POST', body: input }),
177
257
  patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/providers/${id}`, { method: 'PATCH', body: input }),
@@ -179,19 +259,19 @@ export class AdminClient {
179
259
  };
180
260
  // Policies (immutable Rego versions)
181
261
  policies = {
182
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/policies`),
262
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policies`, 'policies'),
183
263
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`),
184
264
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/policies`, {
185
265
  method: 'POST',
186
266
  body: input,
187
267
  }),
188
- validate: (content, schemaVersion) => this.request('/v1/policies/validate', {
268
+ validate: (content) => this.request('/v1/policies/validate', {
189
269
  method: 'POST',
190
- body: { content, schema_version: schemaVersion },
270
+ body: { content },
191
271
  }),
192
- addVersion: (zoneId, id, content, schemaVersion) => this.request(`/v1/zones/${zoneId}/policies/${id}/versions`, {
272
+ addVersion: (zoneId, id, content) => this.request(`/v1/zones/${zoneId}/policies/${id}/versions`, {
193
273
  method: 'POST',
194
- body: { content, schema_version: schemaVersion ?? '2026-05-20' },
274
+ body: { content },
195
275
  }),
196
276
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`, { method: 'DELETE', expectEmpty: true }),
197
277
  };
@@ -207,61 +287,114 @@ export class AdminClient {
207
287
  };
208
288
  // Policy sets
209
289
  policySets = {
210
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/policy-sets`),
290
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policy-sets`, 'policy sets'),
211
291
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`),
212
292
  create: (zoneId, name, description) => this.request(`/v1/zones/${zoneId}/policy-sets`, {
213
293
  method: 'POST',
214
294
  body: { name, description },
215
295
  }),
216
- addVersion: (zoneId, id, manifest, schemaVersion) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, {
296
+ addVersion: (zoneId, id, manifest) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, {
217
297
  method: 'POST',
218
- body: { manifest, schema_version: schemaVersion },
298
+ body: { manifest },
219
299
  }),
300
+ listVersions: (zoneId, id) => this.listAll(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, 'policy set versions'),
220
301
  simulate: (zoneId, id, versionId, input) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/simulate`, {
221
302
  method: 'POST',
222
303
  body: { version_id: versionId, input },
223
304
  }),
224
- activate: (zoneId, id, versionId, shadowVersionId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activate`, { method: 'POST', body: { version_id: versionId, shadow_version_id: shadowVersionId } }),
305
+ activate: (zoneId, id, versionId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activate`, { method: 'POST', body: { version_id: versionId } }),
306
+ activationStatus: (zoneId, id, versionId, outboxId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activation-status`, {
307
+ query: {
308
+ ...(versionId ? { version_id: versionId } : {}),
309
+ ...(outboxId ? { outbox_id: outboxId } : {}),
310
+ },
311
+ }),
225
312
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`, { method: 'DELETE', expectEmpty: true }),
226
313
  };
227
314
  // Grants
228
315
  grants = {
229
- list: (zoneId, query) => this.request(`/v1/zones/${zoneId}/grants`, { query: grantListQuery(query) }),
316
+ list: (zoneId, query) => this.listAll(`/v1/zones/${zoneId}/grants`, 'grants', grantListQuery(query)),
230
317
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`),
231
318
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/grants`, { method: 'POST', body: input }),
232
319
  revoke: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`, { method: 'DELETE', expectEmpty: true }),
233
320
  };
234
- providerGrants = {
235
- create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants`, { method: 'POST', body: input }),
236
- authorizeOAuth: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants/oauth/authorize`, { method: 'POST', body: input }),
237
- revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants/revoke`, { method: 'POST', body: input }),
321
+ subjectIssuers = {
322
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/subject-issuers`, 'subject issuers'),
323
+ get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`),
324
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subject-issuers`, { method: 'POST', body: input }),
325
+ patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'PATCH', body: input }),
326
+ delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'DELETE', expectEmpty: true }),
238
327
  };
239
- // Sessions (read; revocation is a side effect of grant.revoke or agent.terminate)
240
- sessions = {
328
+ providerConnections = {
329
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections`, { method: 'POST', body: input }),
330
+ authorizeOAuth: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/oauth/authorize`, {
331
+ method: 'POST',
332
+ body: input,
333
+ }),
334
+ revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/revoke`, { method: 'POST', body: input }),
335
+ };
336
+ // Workloads (launcher identities and their credential bindings for caracal run)
337
+ workloads = {
338
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/workloads`, 'workloads'),
339
+ get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`),
340
+ // The response carries the plaintext workload secret; a sealed custody copy stays
341
+ // retrievable through getSecret.
342
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/workloads`, { method: 'POST', body: input }),
343
+ update: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'PUT', body: input }),
344
+ // Rotates the credential server-side; the response carries the plaintext secret and
345
+ // the sealed custody copy in the Secret Store is replaced with it.
346
+ rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/rotate-secret`, { method: 'POST' }),
347
+ // Retrieves the workload secret from Secret Store custody. Every call is recorded
348
+ // in the zone audit timeline as a credential reveal.
349
+ getSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/secret`),
350
+ delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'DELETE', expectEmpty: true }),
351
+ };
352
+ // Authority records issued by STS. Revocation is performed through the owning authority operation.
353
+ authorityRecords = {
241
354
  list: async (zoneId, query) => {
242
- const response = await this.request(`/v1/zones/${zoneId}/sessions`, { query: { ...query } });
243
- if (!Array.isArray(response.rows))
244
- throw new Error('sessions response missing rows');
245
- return response.rows;
355
+ const response = await this.request(`/v1/zones/${zoneId}/authority-records`, { query: { ...query } });
356
+ if (!Array.isArray(response.items))
357
+ throw new Error('authority-records response missing items');
358
+ return response.items;
246
359
  },
247
360
  };
248
- // Agent sessions (read; status filtering for active/suspended/terminated). CSV export is
249
- // available directly from the API endpoint with format=csv.
250
- agentSessions = {
361
+ // Subjects: the kill switch. One call cuts every authority path a subject
362
+ // holds - session records, governed sessions riding them, delegations, and
363
+ // provider connections - and feeds the revocation stream so in-flight
364
+ // mandates die before their exp. Idempotent.
365
+ subjects = {
366
+ revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subjects/revoke`, { method: 'POST', body: input }),
367
+ };
368
+ // Governed sessions. Reads use the Admin API; lifecycle operations map to Coordinator wire routes.
369
+ sessions = {
251
370
  list: async (zoneId, query) => {
252
- const response = await this.request(`/v1/zones/${zoneId}/agent-sessions`, { query: { ...query } });
253
- if (!Array.isArray(response.rows))
254
- throw new Error('agent-sessions response missing rows');
255
- return response.rows;
371
+ const response = await this.request(`/v1/zones/${zoneId}/sessions`, { query: { ...query } });
372
+ if (!Array.isArray(response.items))
373
+ throw new Error('sessions response missing items');
374
+ return response.items;
375
+ },
376
+ get: async (zoneId, sessionId) => mapSession(await this.request(`/zones/${zoneId}/agents/${sessionId}`, { base: 'coordinator' })),
377
+ children: async (zoneId, sessionId, query) => {
378
+ const response = await this.request(`/zones/${zoneId}/agents/${sessionId}/children`, {
379
+ base: 'coordinator',
380
+ query: { ...query },
381
+ });
382
+ if (!Array.isArray(response.items))
383
+ throw new Error('session children response missing items');
384
+ return response.items.map(mapSession);
256
385
  },
386
+ suspend: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/suspend`, { method: 'PATCH', base: 'coordinator' }),
387
+ resume: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/resume`, { method: 'PATCH', base: 'coordinator' }),
388
+ terminate: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
389
+ effectiveAuthority: async (zoneId, sessionId) => mapEffectiveAuthority(await this.request(`/zones/${zoneId}/agents/${sessionId}/effective-authority`, { base: 'coordinator' })),
257
390
  };
258
391
  // Audit
259
392
  audit = {
260
393
  list: async (zoneId, query) => {
261
394
  const response = await this.request(`/v1/zones/${zoneId}/audit`, { query: { ...query } });
262
- if (!Array.isArray(response.rows))
263
- throw new Error('audit response missing rows');
264
- return response.rows;
395
+ if (!Array.isArray(response.items))
396
+ throw new Error('audit response missing items');
397
+ return response.items;
265
398
  },
266
399
  byRequest: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}`),
267
400
  explain: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}/explain`),
@@ -269,42 +402,39 @@ export class AdminClient {
269
402
  adminAudit = {
270
403
  list: async (zoneId, query) => {
271
404
  const response = await this.request(`/v1/zones/${zoneId}/admin-audit`, { query: { ...query } });
272
- if (!Array.isArray(response.rows))
273
- throw new Error('admin audit response missing rows');
274
- return response.rows;
405
+ if (!Array.isArray(response.items))
406
+ throw new Error('admin audit response missing items');
407
+ return response.items;
275
408
  },
276
409
  };
277
410
  stepUpChallenges = {
278
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/step-up-challenges`),
411
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/step-up-challenges`, 'step-up challenges'),
279
412
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}`),
280
- satisfy: (zoneId, id) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/satisfy`, { method: 'POST', body: {} }),
281
- };
282
- // Agents (coordinator)
283
- agents = {
284
- list: async (zoneId, query) => {
285
- const response = await this.request(`/zones/${zoneId}/agents`, { base: 'coordinator', query: { ...query } });
286
- if (!Array.isArray(response.items))
287
- throw new Error('agents response missing items');
288
- return response.items;
289
- },
290
- get: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { base: 'coordinator' }),
291
- children: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/children`, { base: 'coordinator' }),
292
- suspend: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/suspend`, { method: 'PATCH', base: 'coordinator' }),
293
- resume: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/resume`, { method: 'PATCH', base: 'coordinator' }),
294
- terminate: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
295
- effectiveAuthority: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/effective-authority`, { base: 'coordinator' }),
413
+ approve: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/approve`, {
414
+ method: 'POST',
415
+ body: reason ? { reason } : {},
416
+ }),
417
+ reject: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/reject`, {
418
+ method: 'POST',
419
+ body: reason ? { reason } : {},
420
+ }),
296
421
  };
297
422
  // Delegations (coordinator)
298
423
  delegations = {
299
- active: (zoneId) => this.request(`/zones/${zoneId}/delegations/active`, { base: 'coordinator' }),
300
- inbound: (zoneId, sessionId) => this.request(`/zones/${zoneId}/delegations/inbound/${sessionId}`, { base: 'coordinator' }),
301
- outbound: (zoneId, sessionId) => this.request(`/zones/${zoneId}/delegations/outbound/${sessionId}`, { base: 'coordinator' }),
302
- traverse: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/traverse`, { base: 'coordinator' }),
303
- impact: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/impact`, { base: 'coordinator' }),
304
- revoke: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/revoke`, {
305
- method: 'PATCH',
306
- base: 'coordinator',
307
- }),
424
+ active: async (zoneId) => {
425
+ const response = await this.request(`/zones/${zoneId}/delegations/active`, {
426
+ base: 'coordinator',
427
+ });
428
+ return { ...response, items: response.items.map(mapDelegation) };
429
+ },
430
+ inbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/inbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
431
+ outbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/outbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
432
+ traverse: async (zoneId, delegationId) => (await this.request(`/zones/${zoneId}/delegations/${delegationId}/traverse`, { base: 'coordinator' })).map(mapDelegationTraversal),
433
+ impact: async (zoneId, delegationId) => mapDelegationImpact(await this.request(`/zones/${zoneId}/delegations/${delegationId}/impact`, { base: 'coordinator' })),
434
+ revoke: async (zoneId, delegationId) => {
435
+ const response = await this.request(`/zones/${zoneId}/delegations/${delegationId}/revoke`, { method: 'PATCH', base: 'coordinator' });
436
+ return { revoked_delegations: response.revoked_edges, affected_sessions: response.affected_sessions };
437
+ },
308
438
  };
309
439
  }
310
440
  //# sourceMappingURL=client.js.map